Community discussions

MikroTik App

Search found 295 matches

by ik3umt
Fri Jul 01, 2022 6:15 pm
Forum: General
Topic: How to flush connection in a failover route change ?
Replies: 15
Views: 2046

Re: How to flush connection in a failover route change ?

Well...I'm actually starting from scratch with the lab routerboard ad two WANs When the first route fails I can use the failover one within few seconds (and few page refresh on various browser) , acceptable at all :shock: I came to ask this thread because I experienced systems in which was impossibl...
by ik3umt
Fri Jul 01, 2022 8:44 am
Forum: General
Topic: How to flush connection in a failover route change ?
Replies: 15
Views: 2046

Re: How to flush connection in a failover route change ?

at this time ,better wait @ik3umt reply, assuming he answers.... Thanks for replies, Not sure what reply you're expecting from me..... :o Just as said, that failover technique works fine, connection on failover route is immediately available but (tcp,udp, etc) old connections are stuck on waiting/s...
by ik3umt
Tue Jun 28, 2022 6:52 pm
Forum: General
Topic: How to flush connection in a failover route change ?
Replies: 15
Views: 2046

How to flush connection in a failover route change ?

Main 0.0.0.0/0 route points to a virtual GW checking (ping) recursively two internet hosts. Secondary 0.0.0.0/0 route (distance 2) becomes active when the first one fails, but active connections are still hung on primary route , preventing navigation. Of course manual connections flush does the tric...
by ik3umt
Wed Jun 08, 2022 11:58 am
Forum: General
Topic: No more mail with google
Replies: 11
Views: 7367

Re: No more mail with google

i had to activate second factor auth in google account and then enable application password on google account

now i use that password for email tool on routeros
That’s what I’ve done….
But I get the shown error.
by ik3umt
Tue Jun 07, 2022 7:14 pm
Forum: General
Topic: No more mail with google
Replies: 11
Views: 7367

No more mail with google

As we already know, Google has disabled these days the simple user-pass email authentication. Workaround with i.e. Outlook is to enable 2 factor authentication into google account and create a app-specific password. I tried the same with routerboard with no success : 18:02:02 e-mail,debug recv: 250-...
by ik3umt
Wed May 18, 2022 12:11 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 90
Views: 122506

Re: hardware idea for a multiport switch

Or at least 5 rows in 2U
120 ports are not bad for 2U
I suppose 19" can fits 30 ports on a single row (total 150 ports in 2U).
by ik3umt
Tue Apr 19, 2022 7:04 pm
Forum: Scripting
Topic: delete file syntax
Replies: 1
Views: 568

delete file syntax

Noob question:

need to remove all files /myfolder/myfile*.* by script

what syntax ?

Thanks
by ik3umt
Fri Apr 08, 2022 10:33 am
Forum: General
Topic: CRS328 shortage
Replies: 2
Views: 458

CRS328 shortage

CRS328-24P
Impossible to find anywhere here in Italy, what's the continental situation ?
by ik3umt
Thu Apr 07, 2022 6:16 pm
Forum: General
Topic: Routing issue
Replies: 4
Views: 535

Re: Routing issue

Good explanations both, Thank you
by ik3umt
Thu Mar 31, 2022 11:49 am
Forum: General
Topic: Where do i see mikrotik public WAN ip?
Replies: 56
Views: 13693

Re: Where do i see mikrotik public WAN ip?

Gurus are at knowledge level 100 Experienced are at level 50 Noobs are at level 5 Veterans (like me) can be honestly at level 20 as well at level 90 (I'm at 20 indeed :( ) It doesn't matter how long you're involved in... Your setup is not an easy one, it depends from WHICH point of view..... Elmers ...
by ik3umt
Thu Mar 31, 2022 11:09 am
Forum: General
Topic: Routing issue
Replies: 4
Views: 535

Re: Routing issue

Yes, you're correct. It's an issue I never dealt with, I thought it was straightforward I can tell 192.168.2.10 "route packets to 1.2.3.4 via 192.168.1.100" because you're able to reach 192.168.1.100 despite which routing path is used. On the other way, just for information, entering from ...
by ik3umt
Wed Mar 30, 2022 6:01 pm
Forum: General
Topic: Routing issue
Replies: 4
Views: 535

Routing issue

Scenario : https://ibin.co/6c2DQb7gHojT.jpg 192.168.1.1 and 192.168.2.1 are gateways for own subnets they are off-limits (third-party configuration). 192.168.2.10 linux device can reach the whole 192.168.1.0 network. Is there a way to make a static route into 192.168.2.10 to reach 1.2.3.4 via 192.16...
by ik3umt
Tue Mar 08, 2022 6:49 pm
Forum: Beginner Basics
Topic: what is out:(unknown 0) ?
Replies: 3
Views: 3962

Re: what is out:(unknown 0) ?

Thank you !
by ik3umt
Mon Feb 28, 2022 6:15 pm
Forum: Beginner Basics
Topic: what is out:(unknown 0) ?
Replies: 3
Views: 3962

what is out:(unknown 0) ?

What does it mean out:(unknown 0) in logging ? There are multiple (a lot) lines like : input: in:ether10 out:(unknown 0), src-mac [isp_router_mac], proto UDP, 82.117.218.102:6889->[routerboard_wan_interface_address]:6889, len 129 Are the packets dropped by firewall filter rule ?? ( action=drop chain...
by ik3umt
Thu Feb 03, 2022 12:22 pm
Forum: Beginner Basics
Topic: Winbox save/export
Replies: 1
Views: 1076

Winbox save/export

What's the difference between File=>new/open/save and Tools=>import/export in winbox window ?
Thanks
by ik3umt
Tue Dec 14, 2021 9:12 am
Forum: RouterBOARD hardware
Topic: What speed of uSD card reader is used in the RouterBoard products?
Replies: 12
Views: 7136

Re: What speed of uSD card reader is used in the RouterBoard products?

If reliability is needed other than write/read speed (not a must) I will go for industrial grade uSD.
by ik3umt
Tue Jul 27, 2021 8:11 am
Forum: General
Topic: iPhone not resolving static dns entries [SOLVED]
Replies: 10
Views: 3403

Re: iPhone not resolving static dns entries [SOLVED]

Do you happen to use the .local domain for your static entries? I saw someone mentioned in another thread that Apple only uses mDNS (but not "regular" DNS) to resolve names ending in .local . Good catch ! My fault in not being specific (thinking .local was a private domain like any "...
by ik3umt
Tue Jul 20, 2021 5:02 pm
Forum: General
Topic: iPhone not resolving static dns entries [SOLVED]
Replies: 10
Views: 3403

iPhone not resolving static dns entries [SOLVED]

My RB acts as DNS server for my LAN
It has few static entries like

/ip dns static
add address=192.168.1.100 name=myhost.mydomain

Name is resolvable by local machines but NOT by wifi-connected iPhones (that say DNS server is RB address)

Why is this ? Another Apple complication ? Any workaround ?
by ik3umt
Thu Jul 15, 2021 11:43 pm
Forum: Beginner Basics
Topic: need to assign vlan to a bridge
Replies: 2
Views: 676

need to assign vlan to a bridge

I have two bridges : bridge1 (ether1 and ether2) for data bridge2 (ether3 and ether4) for voice NO vlans I have to add a switch connected by a SINGLE ethernet cable and replicate distinct data and voice ethernet ports on it. On switch side it can be easily done with untagged vlans ethernets facing d...
by ik3umt
Wed Jul 14, 2021 7:57 am
Forum: Wireless Networking
Topic: Dual radio, same ssid , preferred 5GHz band
Replies: 17
Views: 10200

Re: Dual radio, same ssid , preferred 5GHz band

The question is : does a dual band capable client performs better when it choose to use 2,4 GHz band (i.e. due to lack of 5GHz signal) ?
We know a poor RSSI-S/N on 5GHz leads to a drastic throughput drop.

The problem I experienced is the missed switch-back to 5GHz once signal reach better levels....
by ik3umt
Wed Jul 07, 2021 7:16 pm
Forum: Wireless Networking
Topic: Dual radio, same ssid , preferred 5GHz band
Replies: 17
Views: 10200

Re: Dual radio, same ssid , preferred 5GHz band

At last .... can be 2,4 GHz band considered deprecated with modern wifi devices nowaday ? I could keep the main SSID for 5GHz band and add a new i.e. "ssid-2_4" for customers complaining about no desired SSID shown (or with older 2.4GHz devices they would only see "ssid-2_4" wifi...
by ik3umt
Tue Jul 06, 2021 7:50 pm
Forum: Wireless Networking
Topic: Dual radio, same ssid , preferred 5GHz band
Replies: 17
Views: 10200

Re: Dual radio, same ssid , preferred 5GHz band

Well... that particular scenario is a hotel with single SSID using capsman managing wapACs I was doing a speed test , no more than 50/60 Mbps downstream (with a 200Mbps capable wan) , I quickly realized my smartphone was using 2,4GHz band and yes, probably due to signal strength, but once moved clos...
by ik3umt
Fri Jul 02, 2021 8:52 am
Forum: Wireless Networking
Topic: Dual radio, same ssid , preferred 5GHz band
Replies: 17
Views: 10200

Dual radio, same ssid , preferred 5GHz band

Using wap AC with same SSID , I find dual band capable clients using 2,4 or 5 GHz apparently with random behavior. What's the reason a device choose a band instead of the other one ? It would be preferable the 5GHz-AC would be used, and 2,4GHz one left for non-5GHz capable devices, which way can I a...
by ik3umt
Mon May 25, 2020 11:26 am
Forum: General
Topic: Whitelisting whole domain
Replies: 12
Views: 6994

Re: Whitelisting whole domain

Despite script suggested by WeWiNet works fine enough, I found however some entries like youtube.com resolve in dns entries that once entered as blacklisted IP they affects negatively other services like google classroom, google meet etc. Is it possible that so different web services go to use same ...
by ik3umt
Tue Mar 24, 2020 7:51 pm
Forum: General
Topic: Whitelisting whole domain
Replies: 12
Views: 6994

Re: Whitelisting whole domain

Sob, do you mean that current socks isn't capable of ? Meanwhile, it's interesting to see how , with just three domains, filrewall list becomes populated with 180 items, mostly google.... Of course I need to run script frequently to hit new DNS cache entries. It's not perfect but not too bad.... The...
by ik3umt
Tue Mar 24, 2020 1:38 pm
Forum: General
Topic: Whitelisting whole domain
Replies: 12
Views: 6994

Re: Whitelisting whole domain

Thank you for script !

Yes, usually little local sites/services has one or very few subdomains, but there is the need to use gmail as well as google meet or other world-wide services , I'll try script as soon as possible .
by ik3umt
Tue Mar 24, 2020 10:19 am
Forum: General
Topic: Whitelisting whole domain
Replies: 12
Views: 6994

Re: Whitelisting whole domain

You can screen by script DNS cache for "*.mydomain.com" and add all corresponding IP addresses to address list... Do you mean that, despite all hidden redirections, all the "anysubdomain.domain.com" entries (or CNAME entries resolutions) are enough for website services to be all...
by ik3umt
Tue Mar 24, 2020 9:58 am
Forum: General
Topic: Whitelisting whole domain
Replies: 12
Views: 6994

Re: Whitelisting whole domain

Yes, unfortunately when you try to use a website or a service inside a website, you are hiddenly redirected to a lot of subdomains and different ip addresses . Address lists resolve dynamically just few entries related to that subdomain.... Looking at DNS cache then, many entries are associated to C...
by ik3umt
Mon Mar 23, 2020 1:23 pm
Forum: General
Topic: Whitelisting whole domain
Replies: 12
Views: 6994

Whitelisting whole domain

How to allow all forward traffic to *.mydomain.com ?

As far as I know , I can't

/ip firewall address-list
add address=*.mydomain.com list=allowed

Any other workaround ?
by ik3umt
Mon Mar 23, 2020 11:52 am
Forum: Scripting
Topic: Enable a rule just for specific time
Replies: 6
Views: 7418

Re: Enable a rule just for specific time

Thanks,
What about to simply enable the rule and disable it after x minutes ?
/ip firewall filter enable <rule>
delay 3600;
/ip firewall filter disable <rule>
any issue in leaving script hung for a long time ?
by ik3umt
Sun Mar 22, 2020 6:26 pm
Forum: Scripting
Topic: Enable a rule just for specific time
Replies: 6
Views: 7418

Enable a rule just for specific time

How can I set a timer to trigger a firewall rule enabling and automatically disabling after X minutes ?
Not a scheduled rule (made by schedule or rule "time" option) , a "one shot" rule to be triggered when needed.

Thanks
by ik3umt
Tue Jan 28, 2020 11:20 pm
Forum: Beginner Basics
Topic: Deny winbox access via mac address on a port
Replies: 3
Views: 1690

Re: Deny winbox access via mac address on a port

Just seen......thank you.
by ik3umt
Tue Jan 28, 2020 4:58 pm
Forum: Beginner Basics
Topic: Deny winbox access via mac address on a port
Replies: 3
Views: 1690

Deny winbox access via mac address on a port

How can I deny winbox access via MAC (also MAC telnet) in a defined ethernet port (enabled on other ethernets) ?
by ik3umt
Fri Dec 20, 2019 4:43 pm
Forum: General
Topic: Simple QOS for VOIP
Replies: 3
Views: 22604

Re: Simple QOS for VOIP

Question: If a whole /24 subnet on a dedicated interface is reserved for IP Phones, can I avoid use of packets marking / mangle rules and manage the voip traffic just using queue target ? Can just this work ? : /queue simple add name=Internet queue=default/default target="" add max-limit=1...
by ik3umt
Fri Dec 20, 2019 12:06 pm
Forum: Wireless Networking
Topic: Multi SSID repeater
Replies: 6
Views: 3270

Re: Multi SSID repeater

So I can add multiple virtual wireless interface as slave of master interface, then add them to the same pertinent bridge.....good What about master and slave wireless interface having the same mac address , but when adding a second virtual with the same mac address it says me "mac-address alre...
by ik3umt
Fri Dec 20, 2019 11:10 am
Forum: Wireless Networking
Topic: Multi SSID repeater
Replies: 6
Views: 3270

Re: Multi SSID repeater

When I go to Wireless -> Setup Repeater it asks me for wlan, SSID and phassphrase,
If I repeat this procedure for a different SSID on the same wlan it overwrites the previous one (id doesn't create a further virtual wlan) that's why I'm asking if it is really possible...
by ik3umt
Fri Dec 20, 2019 10:53 am
Forum: Wireless Networking
Topic: Multi SSID repeater
Replies: 6
Views: 3270

Multi SSID repeater

Using AP in repeater mode , is Multi-SSID repeating allowed ?
by ik3umt
Wed Dec 11, 2019 5:46 pm
Forum: General
Topic: Simple queue question
Replies: 1
Views: 788

Simple queue question

I set two different /24 LAN subnets as target into a 50MB/s simple queue.

Those 50Mb are shared totally between all hosts of two subnets or 50Mb is the limit for each subnet (100Mb/s total) ??
by ik3umt
Wed Dec 11, 2019 5:34 pm
Forum: General
Topic: Basic firewall forwarding allow rule question
Replies: 5
Views: 1748

Re: Basic firewall forwarding allow rule question

Let's start from a fresh default config, forward chain ends with add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked" add chain=forward action=drop connection-state=invalid comment="defconf: drop invali...
by ik3umt
Wed Dec 11, 2019 12:17 pm
Forum: General
Topic: Basic firewall forwarding allow rule question
Replies: 5
Views: 1748

Basic firewall forwarding allow rule question

Default filter rules include this one:

add action=accept chain=forward comment="accept established,related,untracked" connection-state=established,related,untracked

If placed before a forward "drop-all" rule, does it still allow two lan subnets to talk each other ??
by ik3umt
Fri Nov 29, 2019 12:37 am
Forum: General
Topic: One public address per LAN
Replies: 16
Views: 3480

Re: One public address per LAN

I need just two ip addresses from /29 subnet to my wan interface, so I'll go for it and still use your src-nat rules with no proxy-arp , it seems to be more reliable than the ip route one ( that sometimes works and sometimes not...)
Thanks
by ik3umt
Fri Nov 29, 2019 12:25 am
Forum: General
Topic: Drop unwanted port-forwarding connections
Replies: 6
Views: 3466

Re: Drop unwanted port-forwarding connections

Nice, so allow the desired addresses into the nat rule rather than drop it with filters.......
by ik3umt
Fri Nov 29, 2019 12:03 am
Forum: General
Topic: Drop unwanted port-forwarding connections
Replies: 6
Views: 3466

Drop unwanted port-forwarding connections

I have these forward filters as per default firewall config: add action=accept chain=forward comment="accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=forward comment="drop invalid forward" connection-state=invalid add act...
by ik3umt
Thu Nov 28, 2019 11:31 pm
Forum: General
Topic: One public address per LAN
Replies: 16
Views: 3480

Re: One public address per LAN

I've tried
/ip firewall nat add chain=srcnat action=src-nat src-address-type=local dst-address=x.x.x.x to-addresses=y.y.y.y.
It doesn't work unless y.y.y.y is assigned to RB wan....
by ik3umt
Thu Nov 28, 2019 10:37 am
Forum: General
Topic: One public address per LAN
Replies: 16
Views: 3480

Re: One public address per LAN

Ok , so the masquerade one could be considered the global one to be placed at the end, where other src-nat rules are not matched, as the masquerade cannot specify a "to-addresses" From what I undersood, if more LAN subnet have to be used , just the interested ones can match src-nat rules w...
by ik3umt
Thu Nov 28, 2019 9:40 am
Forum: General
Topic: One public address per LAN
Replies: 16
Views: 3480

Re: One public address per LAN

And what about existing masquerade rule ?
by ik3umt
Tue Nov 26, 2019 10:32 pm
Forum: General
Topic: One public address per LAN
Replies: 16
Views: 3480

Re: One public address per LAN

Thank you for example,
This is for Lan forwarded packets , what if the routerboard itself need to use different wan address ?
Should I use an ip route for specific target, selecting the wan address by mean of “Pref.Source” field ?
by ik3umt
Wed Oct 30, 2019 7:20 pm
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 23
Views: 10170

Re: GPeR question

Who is lying to whom?

Passive means it is without configuration interface, just plug in and use it. There is no GUI to control it, it just works.
I think the misunderstanding is because "Passive" is referred usually to a device that DOESN'T require power to be supplied....
by ik3umt
Mon Sep 30, 2019 10:57 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Re: Remote update hAP lite

The issue with not enough space has been fixed in newer versions, but to get to the new version, you will have to use Netinstall
Well, I love this clear answers ! :D
So on-site trip is scheduled !
Thank you Normis.
by ik3umt
Mon Sep 30, 2019 9:17 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Re: Remote update hAP lite

Ok , tedious thread...
anyway, is it possible to erase config , and automatically restore config via script after reboot AND update has been done ?
but probably script takes disk space, so.....
by ik3umt
Fri Sep 27, 2019 11:22 pm
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Re: Remote update hAP lite

22:16:20 system,info installed routeros-smips-6.45.6 
22:16:20 system,error not enough space for upgrade 
22:16:21 system,info router rebooted 
:(
by ik3umt
Thu Sep 26, 2019 9:36 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Re: Remote update hAP lite

I was able to update a pair of hap-lite by connecting to local remote desktop and run the save-clear-restore cfg tasks. There are a pair more that have no pc on their lan and worse, they are routers managing internet connection, so configuration cannot be erased. latest .npk file can be succesfully ...
by ik3umt
Thu Sep 19, 2019 7:26 pm
Forum: General
Topic: One public address per LAN
Replies: 16
Views: 3480

Re: One public address per LAN

Nick, any practical example of rule ?

i.e. :
192.168.1.0/24 (ether4) will use 10.20.30.1/29 on ether1
192.168.2.0/24 (ether5) will use 10.20.30.2/29 on ether1
and so on...

Still masquerade rule needed ?

Thank you
by ik3umt
Wed Sep 18, 2019 3:39 pm
Forum: General
Topic: One public address per LAN
Replies: 16
Views: 3480

One public address per LAN

A /29 public addresses subnet is available to one RB ethernet port.
How can each single LAN subnet use a specific WAN IP address ?
by ik3umt
Mon Sep 16, 2019 5:53 pm
Forum: Beginner Basics
Topic: Difference in setting dhcp options
Replies: 1
Views: 1089

Difference in setting dhcp options

One can set dhcp server options by specifying a dhcp option set into dhcp server settings as well as single options into dhcp networks settings
What is the difference ?
by ik3umt
Thu Sep 12, 2019 9:21 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Re: Remote update hAP lite

OK understood.
Meanwhile, I have it updated to latest 6.45.6.npk whithout space issues, fingers crossed.....
by ik3umt
Wed Sep 11, 2019 5:18 pm
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Re: Remote update hAP lite

Please explain : should I disable (I cannot uninstall) all packages and copy only desired ones and reboot to have just the copied one filling hdd space ? What happens to old disabled ones ? Would they becomes available to uninstall ? Goal is obviously to have more free space (hdd not ram , this is a...
by ik3umt
Wed Sep 11, 2019 4:32 pm
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Re: Remote update hAP lite

As main package is a bundled package, I cannot unnstall single unneeded package so kristsd solution #2 worked for me, but: cannot remove directly entire configuration as hap lite is connected via l2tp/ipsec tunnel generated by itself. I had to connect to a local PC winbox via teamviewer or similar, ...
by ik3umt
Wed Sep 11, 2019 9:10 am
Forum: Beginner Basics
Topic: Remote update hAP lite
Replies: 14
Views: 4077

Remote update hAP lite

Is there a way to update hAP lite (regular update failed because of known memory space issue) without on-site netinstall ?
Thanks.
by ik3umt
Sat Aug 10, 2019 6:33 pm
Forum: General
Topic: Flooding a cascade css326 , an issue ?
Replies: 2
Views: 1114

Re: Flooding a cascade css326 , an issue ?

Found flood ping increases quickly SFP+ Rx MAC and RX FCS errors counters on switch target devices are connected to.....
Opened a request @support.....

No one with CSS326 10Gbps issues ???
by ik3umt
Fri Aug 09, 2019 9:06 pm
Forum: General
Topic: Flooding a cascade css326 , an issue ?
Replies: 2
Views: 1114

Re: Flooding a cascade css326 , an issue ?

Further tests: a linux machine with ping -f to machines at the other switch ends gives : ping -f 192.168.1.253 PING 192.168.1.253 (192.168.1.253) 56(84) bytes of data. .......................................................................................................................................
by ik3umt
Tue Aug 06, 2019 6:13 pm
Forum: General
Topic: hAP lite update
Replies: 0
Views: 818

hAP lite update

still on 6.45.1 with few hAP lite

6.45.3 : *) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);

Should I netinstall them anyway to fix failing updates (thus on-site operation) ?
by ik3umt
Fri Aug 02, 2019 5:21 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 60845

Re: v6.45.3 [stable] is released!

UMarcus: are you sure Hap lite has been updated ??

I've tried also to update via /system packages and manually via file upload, it seems it still fails....

npk file is displayed on files section , winbox reports 16MB of16MB used, maybe no more space allowed for updating process....
by ik3umt
Fri Aug 02, 2019 5:06 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 3406

Re: Again on Hotspot HTTPS redirection

Yes, testing deeper (for what my knowledge permits) I've found iphone looking for captive.apple.com once new wifi network has been connected, while windows10 machines trigger msftconnecttest.com/redirect, both probably http sites as they make hotspot login page to appear. Older devices/OS would prob...
by ik3umt
Fri Aug 02, 2019 12:52 pm
Forum: Wireless Networking
Topic: Automatic login to HotSpot in Trial mode
Replies: 3
Views: 7306

Re: Automatic login to HotSpot in Trial mode

For me it works this way: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="refresh" content="0; url=http://10.0.0.1/login?username=T-$(mac-esc)" /> </head>...
by ik3umt
Fri Aug 02, 2019 12:11 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 3406

Re: Again on Hotspot HTTPS redirection

Ok, it is something the user's browser should do, but we are not sure any device does , or does it the right way.
Do you mean they should already behave this way , or is it just a plan about the way all devices should work in future as a standard ?
by ik3umt
Fri Aug 02, 2019 10:42 am
Forum: General
Topic: Flooding a cascade css326 , an issue ?
Replies: 2
Views: 1114

Flooding a cascade css326 , an issue ?

RB3011---1G_eth----CSS326_1------10G_fiber------CSS326_2 from rb3011: /tool flood-ping <CSS326_1 address> sent: 500 received: 500 min-rtt: 0 avg-rtt: 0 max-rtt: 1 (it takes two seconds to finish operation) /tool flood-ping <CSS326_2 address> sent: 500 received: 467 min-rtt: 0 avg-rtt: 0 max-rtt: 2 (...
by ik3umt
Fri Aug 02, 2019 10:22 am
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 3406

Re: Again on Hotspot HTTPS redirection

Not really sure about this "fetching random URLs over http" thing.... can you explain ?
by ik3umt
Thu Aug 01, 2019 6:33 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 3406

Re: Again on Hotspot HTTPS redirection

Just tried https auth with an apple device, it warnings me twice (two web pages sequentially) before to access hotspot , then twice for hotspot authentication , a bit tedious... Will try to teach users to browse www.mysite.web (http) to gain access to login, at least for now... One could even ignore...
by ik3umt
Thu Aug 01, 2019 5:23 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 3406

Re: Again on Hotspot HTTPS redirection

Thanks, pretty clearer now, it's really a browser (security) issue then... So what's our kindest solutions from user point of view, when he accesses our hotspot and something bans https sites from being visited ? It wouldn't be a great thing to teach them "please type this url in order to login...
by ik3umt
Thu Aug 01, 2019 4:25 pm
Forum: General
Topic: Need a clarification on hotspot trial user
Replies: 7
Views: 4489

Re: Need a clarification on hotspot trial user

So , we agree about kicking them off sometimes, to "refresh" all things.
Then what are the suggested combined values in: Http Cookie Lifetime, Trial Uptime Limit, Trial Uptime Reset and eventually dhcp lease time for a "pseudo-no-time-limit" user ?
by ik3umt
Thu Aug 01, 2019 4:07 pm
Forum: General
Topic: Again on Hotspot HTTPS redirection
Replies: 18
Views: 3406

Again on Hotspot HTTPS redirection

The user hitting hotspot for the first time with an https request will fail and receive the well known warning. Installing self-signed certificate , enabling www-ssl service and https login , redirection is possible with some warnings. When login by HTTP to an HTTP site is done without all the above...
by ik3umt
Thu Aug 01, 2019 11:13 am
Forum: General
Topic: CRS328-24P-4S+RM as wifi allinone
Replies: 3
Views: 1222

Re: CRS328-24P-4S+RM as wifi allinone

CRS328 works perfectly as switch
But it has only 16MB storage :shock:
Any possible issue running in routerOS with next package updates if growing in size ?
by ik3umt
Fri Jul 26, 2019 5:09 pm
Forum: Beginner Basics
Topic: Per host queue
Replies: 2
Views: 1345

Re: Per host queue

That was enough, single queue with pcq definition,quite easy !
Searching in my place would be greatly appreciated, I did it myself for now.... :lol:
by ik3umt
Fri Jul 26, 2019 11:24 am
Forum: Beginner Basics
Topic: Per host queue
Replies: 2
Views: 1345

Per host queue

New to queues...

From what I understood, putting my lan subnet into a simple queue target with 10M, it allows 10M total to be shared between N lan users (i.e. 5M each between 2 users)
How instead allow i.e. 1M each user of the whole subnet without to create 254 queue entries ?
by ik3umt
Fri Jul 26, 2019 9:10 am
Forum: Wireless Networking
Topic: WiFi4EU
Replies: 13
Views: 7953

Re: WiFi4EU

I think MT has lost its train.......
Or it's not in their plans, maybe.
by ik3umt
Thu Jul 11, 2019 12:23 pm
Forum: Beginner Basics
Topic: Cloning device using backup and restore
Replies: 9
Views: 7961

Re: Cloning device using backup and restore

It would be pretty nice if someone explains where and why restoring a backup to same model unit fails...
Is definitely "backup" intended to be restored on the same piece of hardware from where it has been generated ?
by ik3umt
Thu Jun 27, 2019 9:40 am
Forum: Wireless Networking
Topic: Running RDP over capsman system , connections hang
Replies: 5
Views: 1700

Re: Running RDP over capsman system , connections hang

I'll try local forwarding.... Question: I'm using the same datapath for two different SSIDs in two different capsman configurations, can I use localforwarding YES and NO for the same datapath ? /caps-man configuration datapath=Office_Bridge mode=ap name=OfficeCfg security=security1 ssid=OfficeWIFI d...
by ik3umt
Wed Jun 26, 2019 5:17 pm
Forum: Wireless Networking
Topic: Running RDP over capsman system , connections hang
Replies: 5
Views: 1700

Re: Running RDP over capsman system , connections hang

Just wondering why they don't hang while under ping from routerboard.....
something kept alive ? disconnect timing ?
why it doesn't happen when linked to a common AP wired to the switch ?
by ik3umt
Wed Jun 26, 2019 3:30 pm
Forum: Wireless Networking
Topic: Running RDP over capsman system , connections hang
Replies: 5
Views: 1700

Running RDP over capsman system , connections hang

Samsung wifi tablets running RDP session to a microsoft server in local LAN by mean of capsman system. Capsman running in cap forwarding mode , chosen datapath is the same bridge LAN switch is connected to (thus MS server connected to same switch). I'm experiencing RDP session hangs (need to re-logi...
by ik3umt
Wed Jun 26, 2019 12:45 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 10918

Re: single IP constantly trying to log to my Mikrotik

Imagine....if this wasn't the "Beginner Basics" section.......
by ik3umt
Fri Jun 21, 2019 11:06 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

In the meanwhile, I got it working with two separated routerboards each dst-natted from in-interface to the address of router behind it

Image

It works totally transparent, but the goal is to use , if possible, a single routerboard in the middle....
by ik3umt
Fri Jun 21, 2019 10:24 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

Thank you for patience, Arp table of firewall (actually a RB) sees both <ISP router ip address> and 10.10.10.10 with MT ether2 mac address Arp table of MT sees <firewall ip address> with <firewall mac address> on ether2 and <ISP router ip address> with <ISP router mac address> on ether1 If I ping <I...
by ik3umt
Tue Jun 18, 2019 4:43 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

Noob question.... Is it possible a different approach, something like a double routing/nat inside the same RB ??

Image
by ik3umt
Tue Jun 18, 2019 9:20 am
Forum: Scripting
Topic: Perform an action after X times link loss
Replies: 1
Views: 1232

Perform an action after X times link loss

How can I perform an action (an e-mail, a reboot etc.) after i.e. an ethernet link goes down for an amount of times ?
by ik3umt
Mon Jun 17, 2019 4:53 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

Unfortunately on the real test it fails: ether1 facing dsl router ether2 facing firewall /interface ethernet set [ find default-name=ether1 ] arp=proxy-arp set [ find default-name=ether2 ] arp=proxy-arp /ip address add address=10.10.10.10 interface=ether1 network=<dslrouter_ip_address> /ip route add...
by ik3umt
Mon Jun 03, 2019 9:41 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

Ok, It works , connection from firewall to internet are ok, I haven't yet checked in real environment if a.b.c.6 (firewall public ip) is reachable transparently from internet , I'll keep you updated...
by ik3umt
Thu May 30, 2019 3:43 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

Problem is missing default route on RB. You can try: /ip route add dst-address=0.0.0.0/0 gateway=10.0.0.1 Already tried, 10.0.0.1 gateway is "unreachable", also tried gateway=ether2 , same issue. About other dsls, i want to tie them together with working one to achieve more bandwidth and ...
by ik3umt
Thu May 30, 2019 12:53 pm
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 2887

Re: Managing two separate subnet with same class addresses

No, wait, I haven't undesrtood if two eth with the same ip address and class on the same routerboard is IMPOSSIBLE (don't work) or is WRONG (but works because of using interface names and routing marks).

Each LAN has it own gateway (not the routerboard).
by ik3umt
Thu May 30, 2019 12:25 pm
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

I've tested it with a PC instead of firewall: https://ibin.co/4irKWZWiSd0N.jpg I can ping 10.0.0.1 from 10.0.0.9 and vice-versa PC arp table says 10.0.0.1 is B8:69:F4:BC:BB:32 (routerboard ether3) Dsl router arp table says 10.0.0.9 is B8:69:F4:BC:BB:31 (routerboard ether2) On PC , default gateway an...
by ik3umt
Thu May 30, 2019 9:59 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

Yes, firewall already does srcnat so routerboar would see all traffic coming only from a.b.c.6 address. Some incoming services hitting a.b.c.6 are dst-natted by firewall to some lan machines Maybe a vpn can be established from internet client to a.b.c.6 No need for incoming services on other two rou...
by ik3umt
Thu May 30, 2019 2:31 am
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 2887

Re: Managing two separate subnet with same class addresses

I didn't know more interfaces can be configured with the same ip address and subnet , I thought this would mess up things. It happens, rarely, but happens, you find a place having the same addressing i.e. for PC and for ip cameras or ip telephony, completely separated , each with its own switch (som...
by ik3umt
Thu May 30, 2019 2:15 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

Nice to know.... with PCC I let firewall (thus machines behind it) to use all three DSL line to achieve more bandwidth and failover like I'm actually doing in few systems (but without firewall in the middle). Honestly, I don't know if : lan_machines----routerboard_pcc------three_wans lan_machines---...
by ik3umt
Thu May 30, 2019 1:06 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

Re: connecting firewall through routerboard keeping public ip address

But , from firewall point of view, is it like routerboard didn't exist ??
I would have to set up pcc/loadbalancing like eth facing wirewall was LAN and other eth as WANs.
Would any internet packet destinated to a.b.c.6 hit the firewall ?
by ik3umt
Wed May 29, 2019 11:43 am
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 2887

Re: Managing two separate subnet with same class addresses

Sob, How can I define a virtual subnet to the real one and routing through the right interface ?
I suppose each ethernet has not to be configured with an ip address...
by ik3umt
Wed May 29, 2019 10:56 am
Forum: General
Topic: connecting firewall through routerboard keeping public ip address
Replies: 17
Views: 3005

connecting firewall through routerboard keeping public ip address

An existing firewall is directly connected to a dsl router with a /29 subnet public ip address
I have to interpose a routerboard used as a loadbalancer/failover with other two dsl routers.
Is there a way to keep the public ip address coming from original router ?

Image
by ik3umt
Wed May 29, 2019 10:12 am
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 2887

Managing two separate subnet with same class addresses

Is it possible to manage two LAN having each the same IP subnet both containing machines with same ip address ? https://ibin.co/4ijhOkZ00Avj.jpg I would say NO, but I'm not aware if Ros has some obscure feature...... I could use netmap to addressing two different subnet , but how to know on wich tar...
by ik3umt
Wed May 15, 2019 9:25 am
Forum: General
Topic: hotspot + userman : how avoid to reach webfig ?
Replies: 5
Views: 1554

Re: hotspot + userman : how avoid to reach webfig ?

Already tried, changing www port affects both userman and webfig, it would be easy if a port could be set for separate www services.

Any other idea to allow/deny userman rather than webfig at firewall level ?
by ik3umt
Tue May 14, 2019 5:44 pm
Forum: General
Topic: hotspot + userman : how avoid to reach webfig ?
Replies: 5
Views: 1554

Re: hotspot + userman : how avoid to reach webfig ?

The problem is if any user try to access http://10.50.50.50 he goes straight into webfig page without being asked for credentials ! In laboratory test environment I forgot to set the admin password ......... :? :? Anyway, the real question could be: once an interface (i.e. bridge) is created, is it...
by ik3umt
Tue May 14, 2019 4:24 pm
Forum: General
Topic: hotspot + userman : how avoid to reach webfig ?
Replies: 5
Views: 1554

hotspot + userman : how avoid to reach webfig ?

I have set up hotspot together with userman to allow auto-signup this way: hotspot running in a 10.0.0.0/24 subnet made a new bridge with address 10.50.50.50/32 enabled radius for hotspot service on this address added a router with same ip and credentials to user manager edited hotspot login.html wi...
by ik3umt
Fri Apr 19, 2019 6:14 pm
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 3111

Re: HotSpot with userman as login page

I'll take a look....
It seems , however, once signup is done, you are immediately redirected to http://routerip/user that is a page you cannot find (to be edited) among files .... (am I wrong ?)
by ik3umt
Thu Apr 18, 2019 4:53 pm
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 3111

Re: HotSpot with userman as login page

Not so important to manage user input data for now, self-signup is enough, so: Hotspot first login obviously works, I've added a link to userman self-signup page (signup enabled on userman settings) then self-signup of users via userman works. Entering credentials generated by userman into hotspot p...
by ik3umt
Thu Apr 18, 2019 10:43 am
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 3111

Re: HotSpot with userman as login page

Ok, but it would be nice to do it all inside the same routerboard machine. Perhaps a possible workaround: Add to hotspot login page a "click here to signup" link to /routerip/user/signup (easy) Redirect user (I don't know if possible, and how) after signup form is filled, back to hotspot l...
by ik3umt
Thu Apr 18, 2019 10:36 am
Forum: General
Topic: Capturing email address in Hotspot login
Replies: 8
Views: 7590

Re: Capturing email address in Hotspot login

Funny, 2009, 2013, 2016, 2017 Now I have this need in 2019 :? :? No answers yet, I can't believe there isn't a solution in such a powerful OS Just a trial login after email field is filled and email value saved somewhere ..... Any suggestion for the inexperienced people ?? Thanks a lot !!!
by ik3umt
Wed Apr 17, 2019 9:37 am
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 3111

Re: HotSpot with userman as login page

Too difficult or too stupid question ? :shock:
by ik3umt
Tue Apr 16, 2019 5:35 pm
Forum: Beginner Basics
Topic: HotSpot with userman as login page
Replies: 9
Views: 3111

HotSpot with userman as login page

What I'm trying to do: give a wireless user a HotSpot login page that is http://routerboard_ip/user/signup , allowing user to self-register to system once signup form is filled with e-mail, phone, user, pass etc. How to achieve this ? Hotspot automatically bring you to /hotspot/login.html Any hint p...
by ik3umt
Mon Apr 01, 2019 11:51 am
Forum: General
Topic: Windows 10 and netinstall
Replies: 20
Views: 29580

Re: Windows 10 and netinstall

I found that I had to run it under Windows 7 compatibility mode.
Me too, same issue, had it work selecting "run as administrator" and " run compatibility mode win7"
by ik3umt
Mon Apr 01, 2019 10:41 am
Forum: General
Topic: ROS into watchguard XTM5, what performance ?
Replies: 0
Views: 829

ROS into watchguard XTM5, what performance ?

Planning to install licensed routerOS into a watchguard XTM5 hardware (celeron400 or core2 duo E8500 / 2Gb RAM)
What performance comparision should be expected with Hardware Routerboards ? What model could be comparable with such a system ?
Thanks
by ik3umt
Fri Mar 22, 2019 9:34 am
Forum: General
Topic: What tunnel method for dynamic ip wan ?
Replies: 1
Views: 697

What tunnel method for dynamic ip wan ?

Both VPN server and client are MT machines. Client side have a dynamic public ip address and is behind ISP router NAT (MT and ISP router connected together with 192.168 class, public IP transparently natted) What's the method for site to site VPN , giving less headache as possible because of NAT pre...
by ik3umt
Fri Mar 22, 2019 9:26 am
Forum: General
Topic: One of 30 working l2tp/ipsec tunnels suddenly stops !
Replies: 1
Views: 880

Re: One of 30 working l2tp/ipsec tunnels suddenly stops !

For ones who are experiencing such an issue... It seems related to ISP router, the problem disappeared once ISP router was rebooted. Despite both MT wan have a public IP address, the connection is not so "transparent" as it should expected to be..... It would be nice to know where ip packe...
by ik3umt
Thu Mar 07, 2019 5:03 pm
Forum: General
Topic: One of 30 working l2tp/ipsec tunnels suddenly stops !
Replies: 1
Views: 880

One of 30 working l2tp/ipsec tunnels suddenly stops !

30 working l2tp/ipsec tunnels into a RB3011 server One of them suddenly stops working: client (a 3011 too) starts and complete phase1 and phase2 (a pair SA installed on both machines) , then it sends control message (three times) to server but this one doesn't receive anything. Then, client drops th...
by ik3umt
Wed Mar 06, 2019 10:02 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 90
Views: 122506

Re: hardware idea for a multiport switch

how about... vertical switch >_> like only 5cm deep so that you could mount it behind normal equipment (especially shorter ones), somewhat like giant rackmount PDU. Not a bad idea, but if mounted IN FRONT of other equipment. Cable management must be in front side of rack to avoid headaches when mai...
by ik3umt
Wed Feb 27, 2019 12:21 pm
Forum: Beginner Basics
Topic: ip neighbor 6.41, interface, discover-interface-list
Replies: 6
Views: 11304

Re: ip neighbor 6.41, interface, discover-interface-list

I noticed that there is a big error in "export compact file=XXXX" , in the "ip neighbor discovery-settings" field. In order to not activate discovery only on a few interface, I create a list named "no-discovery" and i set ip neighbor discovery-settings to " discov...
by ik3umt
Wed Feb 27, 2019 10:20 am
Forum: General
Topic: Firewall in Access Points
Replies: 8
Views: 2387

Firewall in Access Points

Should one configure firewall filter input rules in LAN access points (WLANs and eth bridged) ?
by ik3umt
Mon Feb 25, 2019 6:11 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 90
Views: 122506

Re: hardware idea for a multiport switch

Standard 1U 48 ports are already a mess when cable arrangement is not managed
That layout would be a pain in the.......rack....
A front-side high density would be ok for a 3 or 4 rack units, but a lot of space wasted in depht.
by ik3umt
Thu Feb 21, 2019 9:25 am
Forum: RouterBOARD hardware
Topic: Bricked mAP lite ?
Replies: 5
Views: 5316

Re: Bricked mAP lite ?

Sorry I've written net boot , I mean netinstall ..... No way to put it in netinstall mode , or better, Netinstall software (I use succesfully with other RB) doesn't see the device , no matter which button reset timing. mAPlite ethernet is directly connected to PC ethernet I think all is happened wit...
by ik3umt
Tue Feb 19, 2019 12:31 pm
Forum: RouterBOARD hardware
Topic: Bricked mAP lite ?
Replies: 5
Views: 5316

Bricked mAP lite ?

mAP lite in endless loop boot
No way to enter any config mode , net boot neither
Tried all reset button timings
https://youtu.be/rTW3B6RjiIY

Any idea other than waste bin ?
by ik3umt
Tue Nov 06, 2018 5:07 pm
Forum: RouterBOARD hardware
Topic: Desired switch
Replies: 7
Views: 2187

Re: Desired switch

Unfortunately 112 has no 10Gb SFP+
And yes 328 is a beast....
by ik3umt
Fri Nov 02, 2018 6:11 pm
Forum: RouterBOARD hardware
Topic: Desired switch
Replies: 7
Views: 2187

Desired switch

MT staff :
It would be nice to have a 8PoE + 8non-PoE Gb eth + 2/4 SFP+ cages switch in the 200 to 300 euro range.
Something to be placed between CRS112-8P-4S-IN and CRS328-24P-4S+RM
Any thought ?
by ik3umt
Fri Oct 26, 2018 5:10 pm
Forum: SwOS
Topic: css326 vlan question
Replies: 1
Views: 2876

css326 vlan question

New to SwitchOS
I taken a read to https://wiki.mikrotik.com/wiki/SWOS/CSS326-VLAN-Example
Why is there no need (at least I haven't seen) to declare TAGGED vlan on ether2 ??

Thank you
by ik3umt
Fri Oct 19, 2018 11:12 pm
Forum: RouterBOARD hardware
Topic: Cisco SFP-H10GB-CU3M DAC support
Replies: 1
Views: 2149

Cisco SFP-H10GB-CU3M DAC support

Do routers and switches equipped with SFP+ cages support SFP-H10GB-CU3M DAC cable/modules ??
I would use it to connect a CCR1009-7G-1C-1S+PC with a CSS326-24G-2S+RM
by ik3umt
Tue Oct 09, 2018 6:31 pm
Forum: General
Topic: L2TP/ipsec client not able to use encryption
Replies: 1
Views: 2898

Re: L2TP/ipsec client not able to use encryption

Suddenly, now I have three of my 10 l2tp incoming connections not working for the same reason. using the profile (server side) with encryption=yes they come up with no encryption, using encryption=required, no way ! All clients are configured identically !! All connecting to the same server What els...
by ik3umt
Thu Sep 27, 2018 6:03 pm
Forum: Scripting
Topic: deleting files with the sam extension
Replies: 2
Views: 4456

Re: deleting files with the sam extension

janisk :

/file remove [find type=".rif file"] is OK

But what if I have to delete all .rif files that are into a directory ? Which syntax ?

P:S: I mean ONLY the .rif files that are inside a particular directory, not other .rif files
by ik3umt
Mon Sep 24, 2018 10:45 am
Forum: General
Topic: L2TP & Unsafe Config
Replies: 3
Views: 5300

Re: L2TP & Unsafe Config

Any detailed wiki page on how to use certificates on ipsec please ?
by ik3umt
Mon Aug 06, 2018 11:41 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 6582

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Thanks for infos, If a fan is down as spare,and cooling is an issue, I'm wondering about to connect both in parallel to achieve a better CFM rate (despite slightly more noise, not so much anyway) It would be interesting to find a point where a single fan@Xrpm equals two fans@Yrpm and evaluate noise ...
by ik3umt
Mon Aug 06, 2018 10:15 am
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 6582

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

Are original fans tachometric anyway ?
as MikroTik does'n support PWM
Do MT actually uses speed monitoring and voltage-controlled speed ?
by ik3umt
Mon Aug 06, 2018 9:31 am
Forum: General
Topic: L2TP "road warriors" and security issue
Replies: 2
Views: 797

L2TP "road warriors" and security issue

Would a set of rules allowing L2TP from any public ip addrss represent a security issue ? i.e. add comment="IPSEC input" in-interface-list=WANs chain=input action=accept protocol=udp dst-port=500 add comment="IPSEC input" in-interface-list=WANs chain=input action=accept protocol=...
by ik3umt
Fri Aug 03, 2018 5:01 pm
Forum: Beginner Basics
Topic: Very noob security question
Replies: 2
Views: 1027

Very noob security question

Should a routerboard device NOT directly exposed to internet (i.e. a LAN access point without any port forwarding from main router) be protected with a basic firewall set of rules , at least on input chain ?
by ik3umt
Thu Aug 02, 2018 6:33 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

...........you will will be using the old firewall config, as is aptly shown above where user Samot pasts his default firewall which is the old vulnerable type. That was the basic firewall : add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain...
by ik3umt
Tue Jul 31, 2018 3:46 pm
Forum: General
Topic: Hex S SFP no link
Replies: 22
Views: 17266

Re: Hex S SFP no link

So definitely an hardware problem ?
Just a defective part or newer/upgraded hardware ?
by ik3umt
Tue Jul 31, 2018 1:06 pm
Forum: General
Topic: Vlan speed and inter-vlan routing killing cpu
Replies: 2
Views: 1785

Re: Vlan speed and inter-vlan routing killing cpu

Oops.. Image should be ok

Please note that PC5 and VM4 reside on the same Vlan and routing doesn't take part (as cpu load tells)
That sounds strange to me...

All ports (VMs, ESXi host SW and HW, Routerboard, PCs) status show 1GB
Test to VM4 never exceeds 96-98Mbps.
by ik3umt
Tue Jul 31, 2018 10:54 am
Forum: General
Topic: Vlan speed and inter-vlan routing killing cpu
Replies: 2
Views: 1785

Vlan speed and inter-vlan routing killing cpu

SCENARIO: https://ibin.co/4AZF5WiTSZSg.jpg Problem: All connections in diagram (included VMware virtual switching system) are 1Gbps, iperf3 server mode running on each Virtual Machine inside ESXi, iperf3 client mode running on PC1 PC1 to VM1-3 reports almost 1Gb bandwidth PC1 to VM4 (vlan10 to vlan1...
by ik3umt
Thu Jul 26, 2018 7:03 pm
Forum: General
Topic: L2TP/ipsec client not able to use encryption
Replies: 1
Views: 2898

L2TP/ipsec client not able to use encryption

I have one out of 10 L2TP/ipsec clients configured the same identical way to connect to same server , not able to encrypt when /ppp profile is set to use-encryption=required All other clients have not any problem Only this one gets an active connection if "use-encryption=yes" is set: this ...
by ik3umt
Thu Jul 26, 2018 3:37 pm
Forum: General
Topic: Bridge as part of VLAN or VLAN as part of bridge ??
Replies: 0
Views: 673

Bridge as part of VLAN or VLAN as part of bridge ??

This is confusing me.... On a CRS125 , all LAN ports are part of VLAN10 : /interface ethernet switch vlan add ports="ether1,ether2,ether3,ether4,ether5,etc,etc" vlan-id=10 I have to add a capsman bridge for datapath , talking to VLAN10 I cannot add a bridge into "add ports=" comm...
by ik3umt
Thu Jul 19, 2018 12:11 pm
Forum: General
Topic: CRS328-24P-4S+RM as wifi allinone
Replies: 3
Views: 1222

Re: CRS328-24P-4S+RM as wifi allinone

Thanks,
how compared to a RB3011 + PoE switch solution (very simple firewall anyway) ?
by ik3umt
Thu Jul 19, 2018 11:56 am
Forum: General
Topic: CRS328-24P-4S+RM as wifi allinone
Replies: 3
Views: 1222

CRS328-24P-4S+RM as wifi allinone

Would you use a CRS328-24P-4S+RM as all in one solution for wifi environment up to 20 access points and up to 100Mps ISP WAN bandwidth ?
so RouterOS mode + CAPsMAN +(eventually hotspot) + routing/firewall, )
Any thougth ?
by ik3umt
Thu Jul 12, 2018 12:27 pm
Forum: General
Topic: Traffic generator settings for test against iperf3
Replies: 0
Views: 694

Traffic generator settings for test against iperf3

Noob question:

Since I have never used traffic generator, and it has a lot of settings , is there a basic, standard config/template i can use to tes against a PC running iperf3 in server mode ?

Thank you
by ik3umt
Tue Jul 10, 2018 12:52 pm
Forum: Wireless Networking
Topic: Display all current channels
Replies: 0
Views: 769

Display all current channels

CAPsMAN: Is there a way to display globally all CURRENT channels used by all radios in a single screenshot ?

Enter a single interface to display its status is very annoying.....
by ik3umt
Tue Jul 10, 2018 12:39 pm
Forum: Wireless Networking
Topic: Reselect interval in crowded bands CAPsMAN
Replies: 0
Views: 1504

Reselect interval in crowded bands CAPsMAN

Could it be of any benefit to set a "reselect interval" in a crowded band environment with 20-30 AP controlled by manager, both 2.4 and 5 GHz with some AP stuck on same frequency ?? If yes, actually I'm using default radio settings (no channels defined in CAPsMAN configuration): can I setu...
by ik3umt
Tue Apr 24, 2018 6:55 pm
Forum: Wireless Networking
Topic: CAPsMAN upgrade fails because no file
Replies: 8
Views: 12378

Re: CAPsMAN upgrade fails because no file

I'm resuming this post because I need to update whole capsman system in one shot (last manager update causes to lose wifi , as upgrade policy was set as "require same version" and I want to keep this but do not upgrade by hand) Manager is Arm , ap are mipsbe I think the fastest solution is...
by ik3umt
Mon Apr 23, 2018 3:54 pm
Forum: General
Topic: Btest.exe
Replies: 3
Views: 7265

Btest.exe

I cannot find btest.exe in website downloads
Has it been removed ?
Problems with that software ?
by ik3umt
Mon Apr 23, 2018 3:21 pm
Forum: General
Topic: Need help with VLANs on crs125
Replies: 2
Views: 890

Re: Need help with VLANs on crs125

Thank you for reply, What could it happen if invalid VLAN filtering is not applied ? You said " Before you enable invalid VLAN filtering, make sure a management port is set up." I'm managing CRS from one of untagged ports (3-24) (pc is not aware of any tagging) As I created switch vlans, I...
by ik3umt
Mon Apr 23, 2018 12:55 pm
Forum: General
Topic: Need help with VLANs on crs125
Replies: 2
Views: 890

Need help with VLANs on crs125

I need to setup inter-vlan routing with a CRS125, I'm following this guide : https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#InterVLAN_Routing Well , eth1 and eth2 are VLAN100 and VLAN200 tagged (trunk) connecting to other switches eth3 to eth4 are VLAN100 untagged (access)...
by ik3umt
Thu Feb 15, 2018 3:18 pm
Forum: Beginner Basics
Topic: Booting with own basic config
Replies: 1
Views: 663

Booting with own basic config

Is there a way to perform a routerboard device boot sequence in order to :

1: reset configuration without default configuration
2: load a custom configuration with just few lines

all at same time with no operator ineraction ?

Thanks
by ik3umt
Fri Feb 09, 2018 5:03 pm
Forum: Wireless Networking
Topic: CAPsMAN over DSL
Replies: 3
Views: 1125

Re: CAPsMAN over DSL

Thank you,

Should I configure a tunnel for CAP purpose , or manager can be reachable with a simple port-forwarding ?
by ik3umt
Tue Feb 06, 2018 5:35 pm
Forum: Wireless Networking
Topic: CAPsMAN over DSL
Replies: 3
Views: 1125

CAPsMAN over DSL

Is it possible to manage two AP that reside geographically away from CAP manager by a DSL line ?

Image

Each location wifi user must use the related DSL line to surf the web. (no clients traffic managed by CAPsMAN)

Thanks
by ik3umt
Wed Oct 11, 2017 10:40 am
Forum: Beginner Basics
Topic: RB3011 how to bind all port together ?
Replies: 1
Views: 854

RB3011 how to bind all port together ?

I need all ten RB3011 ports to act as a single switch

I can set port 2 to 5 as slave of port 1 and port 7 to 10 as slave of port 6 and create a bridge between port 1 and 6
Also I can assign each single port (with no master) to a single bridge.

What is the best ? other better solutions ?

Thanks
by ik3umt
Wed Jun 28, 2017 6:41 pm
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 6880

Re: L2TP Status: terminating - config error ? bug ?

Thank you,
I supposed that, but why it still does not connect if L2TP client has "use ipsec" flag checked with the correct ipsec passphrase ?? (like all other clients with same configuration do)
by ik3umt
Wed Jun 28, 2017 4:36 pm
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 6880

Re: L2TP Status: terminating - config error ? bug ?

Sorry for up, but, really , what's the difference between use ip sec= yes and required ??

Manual (wiki ) doesn't have an answer......
by ik3umt
Tue Jun 27, 2017 10:35 am
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 6880

Re: L2TP Status: terminating - config error ? bug ?

Investigating furher : The issue was on SEVER side : for disconnected clients there was an error : l2tp connection rejected no IPsec encryption while it was required despite the fact "Use IPSEC" flag is present on client configuration with correct passphrase.(please note all MT client mach...
by ik3umt
Tue Jun 27, 2017 9:21 am
Forum: General
Topic: L2TP Status: terminating - config error ? bug ?
Replies: 4
Views: 6880

L2TP Status: terminating - config error ? bug ?

I have some MT machines configured as L2TP client connecting the same RB3011 L2TP server Clients configuration is the same except user/pass Some of them lose connection and hang in "Status: terminating... - session closed" state. No way to make them connected again, (disabled/enabled inter...
by ik3umt
Tue Jun 06, 2017 5:59 pm
Forum: General
Topic: Event webpage injection to hotspot user
Replies: 3
Views: 1490

Event webpage injection to hotspot user

Is there a way to pop up a webpage to hotspot free user browsing web in order to advise i.e. restaurant "today's menu" or "today's events" ?

Not into login page but arbitrarily with content and time chosen by hotspot manager
by ik3umt
Fri May 26, 2017 5:33 pm
Forum: General
Topic: Can skins be saved ?
Replies: 1
Views: 754

Can skins be saved ?

Can I save skins to be restored as a backup ?
by ik3umt
Fri May 26, 2017 5:31 pm
Forum: General
Topic: Looking for hotspot feature
Replies: 0
Views: 618

Looking for hotspot feature

It would be nice if in IP>Hotspot>Hosts/Active the client ActiveHostName derived from DHCP server lease was displayed. A nice look at a glance to recognize the "known" hosts , just to avoid to look at dhcp server , remember mac address and go to hotspot section.... Is there already somethi...
by ik3umt
Fri May 26, 2017 4:27 pm
Forum: Wireless Networking
Topic: CAPsMAN 2.4GHz defined, 5GHz auto
Replies: 1
Views: 904

CAPsMAN 2.4GHz defined, 5GHz auto

In CAPsMAN environment, how can i set a channel configuration to obtain choosen channels for 2.4GHZ radios and auto channels for 5GHZ ones ??
If I configure a set of 2.4 channels only, automatically 5GHz radios end in "Band not supported"....

Thank you
by ik3umt
Mon May 15, 2017 10:53 pm
Forum: Beginner Basics
Topic: dhcp leases and hotspot users
Replies: 0
Views: 605

dhcp leases and hotspot users

I have deleted all dhcp server leases as well as all hotspot users. When they try to reconnect I've noted a strange thing : there are more hotspot user appeared with their own ip address than the active dhcp leases....... Each hotspot user shouldn't get a dhcp lease before to become a part of hotspo...
by ik3umt
Thu May 04, 2017 6:15 pm
Forum: General
Topic: l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]
Replies: 5
Views: 2118

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik

It works !!!

Thank you !

Briefly for who needs:

regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
add new DWORD (32-bit) value named AssumeUDPEncapsulationContextOnSendRule
give it a value of 2
reboot
by ik3umt
Thu May 04, 2017 3:35 pm
Forum: General
Topic: l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]
Replies: 5
Views: 2118

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik

Same issue : Connecting a remote routerboard in L2TP/IPSEC works from a 3g/4g client as well a windows10 client with a comon DSL router Whe the client is behind a MT device the L2TP connection to a remote mikrotik L2TP/IPSEC server fails Phase 1 and 2 seems to be completed but L2TP is not even start...
by ik3umt
Thu Apr 13, 2017 4:45 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 2045

Re: How to ban an hotspot trial user ??

Just in case some non-occasional user (i.e. my neighbor's house) gets my wpa key and use hotspot as his own gateway.....
by ik3umt
Mon Apr 10, 2017 6:16 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 2045

Re: How to ban an hotspot trial user ??

The problem is how you identify "rouge" client and normal users ? Not so easy..... i.e. a permanently "active" hotspot user or a known "active host name" in a dhcp lease.... I mean the maintainer has to identify MAC address to be banned, not routerboard automatically i...
by ik3umt
Mon Apr 10, 2017 4:39 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 2045

Re: How to ban an hotspot trial user ??

But I also need he cannot re-login as trial (i.e. a "rogue" client)

Any way ?

Thank you
by ik3umt
Fri Apr 07, 2017 8:13 pm
Forum: Beginner Basics
Topic: Firewall Filter Restriction
Replies: 15
Views: 3765

Re: Firewall Filter Restriction

using regexp instead ?
/ip dns static add regexp=.facebook.com address=127.0.0.1
by ik3umt
Fri Apr 07, 2017 8:00 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 2940

Re: HotSpot Trial user pre-login https server error

No doubt on getting back warnings, already proved....
I just want to understand where is the problem, if it is intrinsic in the browser then....yes, there is not so much to do....
by ik3umt
Fri Apr 07, 2017 5:07 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 2045

How to ban an hotspot trial user ??

Once hotspot trial authentication is enabled , each connecting user is created with T-<MAC address> username

How can I disable unwanted user(s) ??

The dynamically created users can't be disabled by ip->hotspot->user section.....
by ik3umt
Fri Apr 07, 2017 5:00 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 2940

Re: HotSpot Trial user pre-login https server error

I'm not experienced but, once an HTTPS request from a not yet authenticated user comes to hotspot , is it still not possible to answer back and tell the browser "reload this HTTP page" ?? Is the problem related to web browser itself when it asks for HTTPS but it receives back something dif...
by ik3umt
Fri Mar 31, 2017 2:23 pm
Forum: General
Topic: Maintenance Level
Replies: 2
Views: 1174

Maintenance Level

Is it possible to configure a user with less privilege in winbox or web configuration ?
I.e. decide what settings can a user go to modify ??
Thanks
by ik3umt
Tue Mar 28, 2017 6:46 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 2940

Re: HotSpot Trial user pre-login https server error

There's no solution. Hotspot uses a man-in-the-middle scheme to catch and redirect http requests. Https protocol is designed to avoid this from happening, the device will get a warning about potential security breach. Anyway, from what I saw, once authenticated (user/pass or trial) the user is able...
by ik3umt
Tue Mar 28, 2017 3:54 pm
Forum: Beginner Basics
Topic: HotSpot Trial user pre-login https server error
Replies: 9
Views: 2940

HotSpot Trial user pre-login https server error

I have enabled trial user on the hotspot If the user try to browse HTTP sites , the hotspot welcome page appears It he try to browse an HTTPS site , browser says it cannot open the page because of server connection has failed. After a regular trial login (by choosing HTTP site) then also HTTPS sites...
by ik3umt
Fri Mar 24, 2017 5:02 pm
Forum: General
Topic: PCC when multiple LANs
Replies: 3
Views: 1453

Re: PCC when multiple LANs

or summary entire subnet in one.
What do you mean with this ?
by ik3umt
Fri Mar 24, 2017 3:49 pm
Forum: General
Topic: PCC when multiple LANs
Replies: 3
Views: 1453

PCC when multiple LANs

I'm using succesfully the following rules for PCC dual-wan : add chain=prerouting action=mark-connection new-connection-mark=WAN1_conn passthrough=yes connection-state=new protocol=tcp dst-address-type=!local in-interface=ether1 dst-port=!443 per-connection-classifier=both-addresses-and-ports:2/0 ad...
by ik3umt
Tue Mar 21, 2017 4:26 pm
Forum: General
Topic: how to fasten fiber cable to netmetal
Replies: 4
Views: 1447

Re: how to fasten fiber cable to netmetal

44.x.x.x ip "A" class (ampr net)

From what I understand is a outdoor fiber suitable for aerial stretched span with no support, so it is tough enough for simple tie-wrap on the mast itself....
by ik3umt
Tue Mar 21, 2017 3:44 pm
Forum: General
Topic: how to fasten fiber cable to netmetal
Replies: 4
Views: 1447

Re: how to fasten fiber cable to netmetal

Hi, What type of fiber are you using ?? A "dead loop" would prevent stretch, I usually slide heat-shrink tube (the thick glue-compound one is better) along the fiber then you can clamp it with light hose clamps or cable clamps. Friction between heat-shrink tube and mast is enough to preven...
by ik3umt
Tue Mar 14, 2017 5:05 pm
Forum: Wireless Networking
Topic: CAPsMAN tx and rx chains
Replies: 4
Views: 3567

CAPsMAN tx and rx chains

What's the difference between all HT rx and tx chains selected or leave them hidden in "CAPs Configurations" window ??

Thanks
by ik3umt
Tue Mar 14, 2017 11:25 am
Forum: Wireless Networking
Topic: CAPsMAN upgrade fails because no file
Replies: 8
Views: 12378

CAPsMAN upgrade fails because no file

My ap cannot get upgraded by CAPsMAN because of "failed to download file "routeros-mipsbe-6.xx.xx.npk" , no such file" That file doesn't exist into RB indeed As I upgrade CAPs Manager online , how can I get that file to be downloaded and saved into manager other than automaticall...
by ik3umt
Thu Mar 09, 2017 10:23 am
Forum: General
Topic: Switching with RouterOS / CRS Questions
Replies: 81
Views: 53419

Re: Switching with RouterOS / CRS Questions

I join this post as I'm trying to setup Vlans on CRS125 Summarizing. if I'm right there are these steps to follow: 1: declare untagged (access) ports , I've seen three methods to do it : /interface ethernet switch ingress-vlan-translation add ports=ether6 customer-vid=0 new-customer-vid=200 sa-learn...
by ik3umt
Wed Mar 08, 2017 9:26 am
Forum: Beginner Basics
Topic: First VLAN attempt
Replies: 2
Views: 1046

Re: First VLAN attempt

I have understood there are three type of hardware with different behaviour about vlan CCR, CRS and Atheros-based switch-chip For now, i'm testing a spare RB3011 this way : interface ethernet switch vlan print terse 0 switch=switch1 vlan-id=10 ports=ether1,ether2,ether3,ether4,ether5, switch1-cpu in...
by ik3umt
Fri Mar 03, 2017 6:18 pm
Forum: Beginner Basics
Topic: First VLAN attempt
Replies: 2
Views: 1046

First VLAN attempt

I need to do this in CRS125 : http://www.digiteltlc.com/public/vlanmk.jpg Eth22 is the trunk with a third party switch Eth 1 to 21 are VLAN200 untagged Practically, vlan access ports are on the remote switch while CRS is the gateway for each of those single vlans (and it is the gateway for local vla...
by ik3umt
Fri Feb 10, 2017 5:34 pm
Forum: General
Topic: 2011 & 3011 config
Replies: 2
Views: 1255

Re: 2011 & 3011 config

I've experienced malfunctioning while restoring backup between different hardware AP With same model I have always restored backups that way (i.e. replacing a faulty RB2011 with another RB2011), Was I wrong ?? I asked now because of great similarity of 2011 and 3011 , so I'll go for export >>>>> imp...
by ik3umt
Fri Feb 10, 2017 2:34 pm
Forum: General
Topic: 2011 & 3011 config
Replies: 2
Views: 1255

2011 & 3011 config

Can I load a rb2011uias backup file into a rb3011uias without loosing anything ??
(Same ros release)
by ik3umt
Tue Jan 31, 2017 9:22 am
Forum: Beginner Basics
Topic: Bridge and L2
Replies: 2
Views: 914

Re: Bridge and L2

Thank you
by ik3umt
Mon Jan 30, 2017 6:31 pm
Forum: Beginner Basics
Topic: Bridge and L2
Replies: 2
Views: 914

Bridge and L2

When two interfaces are attached together by a bridge , is it intended to be Layer2 capable ?
by ik3umt
Mon Jan 23, 2017 10:15 am
Forum: Beginner Basics
Topic: Need a clarification on capsman local forwarding
Replies: 4
Views: 2579

Need a clarification on capsman local forwarding

From a little I've understood, to enable local forwarding I have to check "local forwarding" flag on capsman datapath config, and bind wlan and eth together with a bridge on each AP Otherwise all traffic is controlled by manager Am I right ? What's the benefit in using a config rather than...
by ik3umt
Fri Jan 20, 2017 2:59 pm
Forum: General
Topic: CAPsMAN what if....
Replies: 5
Views: 1580

Re: CAPsMAN what if....

So....it seems NOT working on wAP-ac 2.4GHz radio, I thougth it was a CAPsMAN issue but tried to run wAP-ac as normal AP : SSID is not seen by my 2.4GHz devices. Band : 2GHz b/g/n Channel Width: 20MHz Frequency: Auto SSID sometimes pops-up for few seconds and disappears If i set frequency, it appear...
by ik3umt
Fri Jan 20, 2017 11:11 am
Forum: General
Topic: CAPsMAN what if....
Replies: 5
Views: 1580

CAPsMAN what if....

What if I install more wAP-ac controlled by CAPsMAN without any channel configuration ??

Do they place themselves in a random channel each ?

Thank you
by ik3umt
Thu Nov 03, 2016 5:59 pm
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 59430

Re: wAP AC (General questions and experience)

/system reset-configuration no-defaults=yes
to get no config.
Fine, Thank you
Is there a "system reset-configuration" argument to get the CAP mode ??
by ik3umt
Thu Nov 03, 2016 4:17 pm
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 59430

Re: wAP AC (General questions and experience)

Just arrived three today From what I've understood, they come with a default AP configuration with firewalled ethernet (no management) and no encryption on wireless. If powered-up with reset button pressed they boot in CAP mode with management capability on ethernet. If I want a zero-configuration r...
by ik3umt
Wed Nov 02, 2016 5:30 pm
Forum: Beginner Basics
Topic: VLAN routing
Replies: 1
Views: 764

VLAN routing

New to VLANs :

How can I keep VLAN functionality over geographic routes ?
I.E. vlan 100 and 200 on Rome office have to be present on the Paris and London offices ??
How to manage vlan trunks over routing without to know (or don't care to know) what there is in the middle ?

Thank you
by ik3umt
Thu Oct 27, 2016 3:43 pm
Forum: Beginner Basics
Topic: Port forwarding not working and I can't see why
Replies: 15
Views: 3377

Re: Port forwarding not working and I can't see why

Are you sure is a port forwarding issue ?
Have you tried to enable STUN and see how it goes ?
Or simply a codec issue ?
by ik3umt
Mon Oct 24, 2016 9:39 am
Forum: Beginner Basics
Topic: Question about hairpin nat
Replies: 1
Views: 1129

Question about hairpin nat

As per wiki : http://wiki.mikrotik.com/images/2/2e/Hairpin_nat_1.png Basic config : /ip firewall nat add chain=dstnat dst-address=1.1.1.1 protocol=tcp dst-port=80 action=dst-nat to-address=192.168.1.2 add chain=srcnat out-interface=WAN action=masquerade Hairpin NAT: /ip firewall nat add chain=srcnat...
by ik3umt
Fri Oct 21, 2016 3:48 pm
Forum: General
Topic: Console print command column layout
Replies: 3
Views: 3054

Re: Console print command column layout

/ip nei print terse ????

Yes, a lot of perhaps unwanted infos but.....at least not truncated....
by ik3umt
Thu Oct 20, 2016 11:33 am
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 1383

Re: Arrange two subnets lan

Nice idea....
by ik3umt
Thu Oct 20, 2016 10:07 am
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 1383

Re: Arrange two subnets lan

Yes, the problem is those four PC havin both subnets configured in their NIC... how should I manage this issue ?
Should I move those PC to a single subnet and allow routing to other subnet via routerboard ? (or switch itself ?)
by ik3umt
Thu Oct 20, 2016 9:36 am
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 1383

Re: Arrange two subnets lan

What about Vlan for pc having both subnets configured in their NIC ?? (I'm a newbie about Vlan - time to study now- ) can I configure some switch ports who belong to two Vlan simultaneously ? The switch itself has Vlan routing capability if needed, and traffic between two subnet is very low anyway.....
by ik3umt
Wed Oct 19, 2016 6:01 pm
Forum: Beginner Basics
Topic: Arrange two subnets lan
Replies: 6
Views: 1383

Arrange two subnets lan

Newbie question: I have two LAN subnets : 192.168.0.0/24 and 10.0.0.0/24 There are 20 pc: 10 pc with nic configured on 192.168.0.0 work with a 192.168.0.100 server 6 pc with nic configured on 10.0.0.0 work with a 10.0.0.100 server 4 pc with nic configured on 192.168.0.0 plus 10.0.0.0 as secondary ip...
by ik3umt
Wed Oct 12, 2016 10:01 am
Forum: Beginner Basics
Topic: How to disable a non working NATted route ?
Replies: 4
Views: 1224

Re: How to disable a non working NATted route ?

I've found http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting very useful, expecially second example : /ip route add dst-address=Host1A gateway=GW1 scope=10 add dst-address=Host1B gateway=GW1 scope=10 add dst-address=Host2A gateway=GW2 scope=10 add dst-address=Host2B gateway=G...
by ik3umt
Fri Oct 07, 2016 6:06 pm
Forum: General
Topic: PCC routing-mark and failover
Replies: 0
Views: 650

PCC routing-mark and failover

With two WAN and PCC routing mark like this: add dst-address=0.0.0.0/0 gateway=192.168.10.1 routing-mark=to_WAN1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.20.1 routing-mark=to_WAN2 check-gateway=ping add dst-address=0.0.0.0/0 gateway=192.168.10.1 distance=1 check-gateway=ping add ...
by ik3umt
Thu Oct 06, 2016 9:01 am
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 143
Views: 59326

Re: v6.37.1 [current] is released!

I know there could be more things involved, but 6.37 to 6.37.1 update has broken my two wan PCC environment (the classic one as per many examples) I have to shut down one or the other interface to avoid web browsing stall Anyone with same issue ?? [EDIT] Sorry , Update and reboot has re-enabled a di...
by ik3umt
Mon Oct 03, 2016 10:05 am
Forum: Beginner Basics
Topic: How to disable a non working NATted route ?
Replies: 4
Views: 1224

Re: How to disable a non working NATted route ?

I'll give it a try,
thank you
by ik3umt
Mon Oct 03, 2016 9:59 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 59430

Re: wAP AC (General questions and experience)

So, is Wap AC 802.3af compliant ??
by ik3umt
Fri Sep 30, 2016 5:12 pm
Forum: Beginner Basics
Topic: How to disable a non working NATted route ?
Replies: 4
Views: 1224

How to disable a non working NATted route ?

PCC environment: I have four DSL routers natted to four routerboard WAN ethernet Each DSL router LAN ip address is configured as gateway in routerboard if a DSL line fails routerboard is not aware of, so that gateway is still considered valid How can it automatically disable that route when DSL fail...
by ik3umt
Wed Sep 21, 2016 6:39 pm
Forum: Beginner Basics
Topic: Iphone and L2TP + mikrotik in
Replies: 2
Views: 1536

Re: Iphone and L2TP + mikrotik in

Is the MikroTik machine behind NAT or your provider supplies a pure public IP address to your MikroTik WAN interface ??

Anyway, start to play here

https://www.nasa-security.net/mikrotik/ ... ith-ipsec/

http://www.firstdigest.com/2015/01/mikr ... e-clients/
by ik3umt
Tue Sep 20, 2016 1:11 pm
Forum: Beginner Basics
Topic: Change destination port
Replies: 2
Views: 2076

Re: Change destination port

Thank you

I usually do it in wan to lan port forwarding
I need to do it for outgoing packets ( lan to wan) and the translation has to be valid for only a single machine on lan
What should be the right syntax and interfaces involved/ applied to ??
by ik3umt
Tue Sep 20, 2016 11:50 am
Forum: Beginner Basics
Topic: Change destination port
Replies: 2
Views: 2076

Change destination port

A lan machine behind MT nat tries to connect an internet address in a particular port (let's say 8000)

Can MT change the outgoing packet destination port from 8000 to i.e. 9000 with lan machine being unaware of ???

Thanks
by ik3umt
Mon Jul 25, 2016 7:59 pm
Forum: Beginner Basics
Topic: Navigation issue with Fasttrack in conjunction with pcc
Replies: 6
Views: 4420

Navigation issue with Fasttrack in conjunction with pcc

I'm experiencing some navigation issues (website latency or hung, timeout during web bandwidth tests etc.) that disappear once fasttrack rules are disabled on ip firewall filter. I'm using two wan PCC as per  http://mum.mikrotik.com/presentations/US12/steve.pdf  instructions. What can I check and wh...
by ik3umt
Sun Jul 17, 2016 3:12 am
Forum: General
Topic: Mikrotik L2TP/IPSEC server nat behind Ubuntu
Replies: 3
Views: 1864

Re: Mikrotik L2TP/IPSEC server nat behind Ubuntu

Take a look at  http://forum.mikrotik.com/viewtopic.php?f=2&t=72198 http://forum.mikrotik.com/viewtopic.php?f=2&t=105910 Mikrotik L2TP/IPSEC server behind nat (mikrotik wan interface without public IP address) doesn't work or, at least, nobody suggest me how to make it work. There is a misma...
by ik3umt
Thu Jun 02, 2016 8:14 pm
Forum: General
Topic: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN
Replies: 32
Views: 36110

Re: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN

Is it an xDSL connection ? I have no experience but I don't think PPPoE client inside MT machine takes so much resources once PPPoE connection is established..... In one of my installations I have to do so, configure a cisco router as a straigth dsl modem (ATM and ethernet bridged together) and leav...
by ik3umt
Thu May 12, 2016 11:24 am
Forum: General
Topic: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN
Replies: 32
Views: 36110

Re: IPSec/L2TP VPN on Mikrotik behind NAT but with FQDN

Quite old discussion , but I had the same problem , no way to make MT L2TP/IPSEC AC behind a nat , because the policy is created using public ip addresses, while SA are installed using MT AC WAN IP (but it is a private one anyway behind a NAT) If you manually create a policy with MT WAN IP as source...
by ik3umt
Tue May 10, 2016 9:14 am
Forum: Beginner Basics
Topic: Is SFP port part of first switch ?
Replies: 2
Views: 960

Re: Is SFP port part of first switch ?

Clear, thanks.
by ik3umt
Mon May 09, 2016 11:01 pm
Forum: Beginner Basics
Topic: Is SFP port part of first switch ?
Replies: 2
Views: 960

Is SFP port part of first switch ?

RB2001uias :

Is SFP port connected to the gigabit switch ??

I have eth1 as master port for eth 2 to 5
eth5 is connected to an ethernet to optical transceiver, but now I can connect that fiber to SFP port:
Can I just set eth1 as master port for SFP interface ??

Thank you
by ik3umt
Tue May 03, 2016 10:59 am
Forum: General
Topic: Keep incoming connection on right WAN
Replies: 0
Views: 652

Keep incoming connection on right WAN

In a system with multiple WAN interfaces, what rule should I add to make sure an incoming connection is replied on the same wan interface ??

Thank you
by ik3umt
Thu Apr 07, 2016 5:39 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 3407

Re: L2tp/IPsec is driving me crazy !!!!

No further test are done....... However , it seems there is not a src/dst issue The only way to make the system work is creating manually a policy with MT wan as source (10.0.0.2) and iphone ip as destination (5.6.7.8 ) but this last one is dynamic, obviously.... This when a dynamic policy 1.2.3.4 =...
by ik3umt
Fri Apr 01, 2016 4:19 pm
Forum: General
Topic: No luck with L2TP IPsec but same issue with GRE IPsec
Replies: 3
Views: 1321

Re: No luck with L2TP IPsec but same issue with GRE IPsec

I was thinking about a script to generate a second dynamic policy once the first one has taken place. Do you think it is possible ?? ( I'm absolutely a noob in scripting...) Or.....adding the DSL line public ip address as secondary in MT wan interface to fool some way the policy generation process ?...
by ik3umt
Fri Mar 25, 2016 4:43 pm
Forum: General
Topic: No luck with L2TP IPsec but same issue with GRE IPsec
Replies: 3
Views: 1321

Re: No luck with L2TP IPsec but same issue with GRE IPsec

That's the answer i was waiting for...... If one know a "roadwarrior" cannot establish an IPsec connection with a MT behind any type of nat, one can avoid to waste its time in useless tests....... Anyway, MT knows the initiator IP address, the responder IPaddress (DSL line) and its WAN IP ...
by ik3umt
Wed Mar 23, 2016 1:13 pm
Forum: General
Topic: No luck with L2TP IPsec but same issue with GRE IPsec
Replies: 3
Views: 1321

No luck with L2TP IPsec but same issue with GRE IPsec

I'm giving up with my issue about L2TP/IPsec as per my previous post : http://forum.mikrotik.com/viewtopic.php?f=2&t=105910 Anyway , I have the same issue securing GRE tunnel using IPsec (as per native IPsec section in GRE configuration) : The connecting peers have DYNAMIC ip adresses that chang...
by ik3umt
Tue Mar 22, 2016 9:25 am
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 3407

Re: L2tp/IPsec is driving me crazy !!!!

Thank you for interesting
I think , having a private subnet as MT wan to connect to transparently nat-ted ISP router is not uncommon, so my problem should't be so uncommon also
Probably there are some usual workarounds I'm not aware of.....
by ik3umt
Mon Mar 21, 2016 5:11 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 3407

Re: L2tp/IPsec is driving me crazy !!!!

http://www.digiteltlc.com/public/iphone.jpg A step further.... looking at diagram above : an ipsec policy is generated automatically src=1.2.3.4 dst=5.6.7.8 it works IF i manually add a second policy src=10.0.0.2 dst=5.6.7.8 NO template obviously , iphone address 5.6.7.8 is dynamic so in real life ...
by ik3umt
Mon Mar 21, 2016 3:12 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 3407

Re: L2tp/IPsec is driving me crazy !!!!

Still one of hardest issue for me to solve..... When a pair of SA are installed, i suppose Phase1 and Phase2 are correctly passed, isn't it ?? in fact, after this, the L2TP server builds a tunnel and starts to send multiple retry control messages from WAN 10.0.0.2 to iPhone ip address (as seen in lo...
by ik3umt
Sat Mar 19, 2016 8:24 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 3407

Re: L2tp/IPsec is driving me crazy !!!!

Thank you for reply
Your configuration is like mine....
Or at least like one of many I have tried
I suppose there are no nat or firewall/ports issues as for testing purpose only the masquerade rule is present, nothing blocked......

Any other idea ???
by ik3umt
Fri Mar 18, 2016 6:10 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 3407

Re: L2tp/IPsec is driving me crazy !!!!

Sorry for tedious requests.... Something is still not clear.... I don't understand why no traffic is passed back to initiator : Scenario : http://www.digiteltlc.com/public/iphone.jpg On iPhone connection a dynamic policy is created : http://www.digiteltlc.com/public/policy.jpg as well as a pair of S...
by ik3umt
Wed Mar 16, 2016 5:38 pm
Forum: General
Topic: L2tp/IPsec is driving me crazy !!!!
Replies: 10
Views: 3407

L2tp/IPsec is driving me crazy !!!!

I'm trying to setup an L2TP/IPsec connection from IPhone to RouterOS device RouterOS device connectivity was done this way : dsl_line-----------[public_static_IP ISP_ROUTER 10.0.0.1]----------[10.0.0.2(WAN) RouterOS_device 192.168.0.1/24(LAN) ] all dsl traffic is NATted transparently to RouterOS WAN...
by ik3umt
Tue Mar 15, 2016 6:31 pm
Forum: General
Topic: IPsec tunnel between Apple iOS and RouterOS
Replies: 1
Views: 1147

Re: IPsec tunnel between Apple iOS and RouterOS

Briefly, what I don't understand is the corresponding configuration part named "group" in cisco: crypto isakmp client configuration group MYVPNGROUPNAME key 123456 dns 192.168.0.1 pool VPN-Pool acl 120 max-users 5 is this something cisco-proprietary i cannot reproduce in RouterOS ?? Thank ...
by ik3umt
Tue Mar 15, 2016 1:23 pm
Forum: General
Topic: IPsec tunnel between Apple iOS and RouterOS
Replies: 1
Views: 1147

IPsec tunnel between Apple iOS and RouterOS

I have few Apple iOS devices configured using the native Cisco VPN client to establish a IPsec tunnel with a Cisco router This Cisco router has been replaced with a RouterOS device Can I setup this last one to bring up IPsec tunnel again without change iOS devices settings or VPN mode ? PPTP native ...
by ik3umt
Fri Mar 04, 2016 4:50 pm
Forum: Beginner Basics
Topic: Routing performances comparison
Replies: 7
Views: 3633

Re: Routing performances comparison

Nice to hear it from you... :D

Thank you
by ik3umt
Fri Mar 04, 2016 9:52 am
Forum: Beginner Basics
Topic: Routing performances comparison
Replies: 7
Views: 3633

Re: Routing performances comparison

Thank you for answers I've compared side by side those machines on routerboard.com Cpu, cpu speed, ram size, storage size are the same I have a little experience with 2011 and three to five dsl lines pcc/routing mark managed and a little firewall config They all work flawlessly So I suppose CRS mach...
by ik3umt
Thu Mar 03, 2016 6:50 pm
Forum: Beginner Basics
Topic: Routing performances comparison
Replies: 7
Views: 3633

Routing performances comparison

Briefly, what is the routing performance capability of RB2011UiAS (with external switch) VS a CRS125-24G-1S-IN , both with a pair of ports connected to dsl router (10Mb/s dwn - 1Mb/sup dsl bandwidth) ??

Thank you
by ik3umt
Tue Mar 01, 2016 9:27 am
Forum: General
Topic: CRS port trunking
Replies: 3
Views: 949

Re: CRS port trunking

It is however possible between routeros devices, isn't it ??
by ik3umt
Mon Feb 29, 2016 4:38 pm
Forum: General
Topic: CRS port trunking
Replies: 3
Views: 949

CRS port trunking

Is there any port trunking available in Cloud Router Switches to enhance bandwithd in conjunction with other switches brands (non proprietary system) ??
I have two gigabit ports available between a CRS125-24 and a HP1700-24

Thank you
by ik3umt
Wed Feb 10, 2016 6:22 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 6888

Re: Routing to multiple same-subnet VPNs

Then, checked , it works like a charm.....
Thank you
by ik3umt
Wed Feb 10, 2016 9:29 am
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 6888

Re: Routing to multiple same-subnet VPNs

Thank you for your note However , knowing customers , I'm almost sure they have their lan subnets other than mine. I noted instead , I have to insert a routing rule at customer side pointing to my lan subnet using my side gre ip address as gateway , otherwise it doesn't work. Am I wrong with somethi...
by ik3umt
Thu Feb 04, 2016 10:03 am
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 6888

Re: Routing to multiple same-subnet VPNs

Clear now
Thank you , I'm givin it a try ....
by ik3umt
Wed Feb 03, 2016 6:06 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 6888

Re: Routing to multiple same-subnet VPNs

Thank you for information, I never had the need to use netmap , time to learn. I'm a little confused about which side to configure with your example, Take a look at the diagram with only two customers involved and their interfaces name: http://www.digiteltlc.com/public/MULTI.jpg What NAT configurati...
by ik3umt
Mon Feb 01, 2016 5:59 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 6888

Re: Routing to multiple same-subnet VPNs

The purpose could be of remote managing devices that reside on different customers LANs I cannot ask a customer to change an already working subnet just to satisfy my needs. The customer instead allow me to install a VPN for that particular need. I'm already using PPTP calls to bring up the tunnel w...
by ik3umt
Mon Feb 01, 2016 4:34 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 6888

Re: Routing to multiple same-subnet VPNs

Remote LAN subnets cannot be modified at all,
suggestions ?
by ik3umt
Mon Feb 01, 2016 4:15 pm
Forum: General
Topic: Routing to multiple same-subnet VPNs
Replies: 16
Views: 6888

Routing to multiple same-subnet VPNs

Probably a confusing title (and a bit off-topic argument ?).... Let's assume I build a number of tunnels between my own site and remote sites. Each remote LAN has the same subnet (i.e. 192.168.1.0/24) so there will be many machines , each on its own LAN , with the same ip address. Can I create virtu...
by ik3umt
Mon Feb 01, 2016 9:23 am
Forum: General
Topic: Can I open a .backup file locally ??
Replies: 3
Views: 3886

Re: Can I open a .backup file locally ??

So,
I will try to restore it into a p.c. routerOs

thank you
by ik3umt
Fri Jan 29, 2016 5:32 pm
Forum: General
Topic: Can I open a .backup file locally ??
Replies: 3
Views: 3886

Can I open a .backup file locally ??

I need to view a configuration saved in a .backup file
It is not a running configuration and i can't restore it into a running device as it would break connections.
I've stored this file in a windows machine : can i read its content some way ??

Thank you
by ik3umt
Thu Nov 19, 2015 6:01 pm
Forum: Beginner Basics
Topic: Mangle rules counters
Replies: 1
Views: 716

Mangle rules counters

When the traffic counter increase in a mangle rule, does it necessary mean that packets are filtered by that rule and they leave the chain ??? Or do they continue the chain if passthrough=yes is set ?? I have some accept rules on first positions , their counter have never increased (0) , does it mea...
by ik3umt
Thu Nov 19, 2015 4:03 pm
Forum: General
Topic: step by step tutorial on wan load balancing
Replies: 6
Views: 2547

Re: step by step tutorial on wan load balancing

Glad to know you've found it helpful. I'm learning too so probably I'm not the right person to ask for detailed explanations, however , those lines are used to manage a connection coming from WAN to be answered out on the same WAN First the incoming connection from a specific WAN with no marks is ma...
by ik3umt
Wed Nov 11, 2015 10:49 am
Forum: General
Topic: step by step tutorial on wan load balancing
Replies: 6
Views: 2547

Re: step by step tutorial on wan load balancing

I've followed these ones to play with loadbalancing :

http://mum.mikrotik.com/presentations/US12/steve.pdf

http://mum.mikrotik.com/presentations/US12/tomas.pdf

There are a lot of docs on the net...
by ik3umt
Wed Nov 11, 2015 10:14 am
Forum: General
Topic: Should I bypass tunnels connections in mangle ?
Replies: 0
Views: 698

Should I bypass tunnels connections in mangle ?

I have a gre tunnel up and running Since I started to insert some mangle rules for routing mark purpose I've seen no more packets flowing through tunnel I have inserted first an Accept rule with local Lan as source and remote Lan as destination but with no results. So I had to insert an Accept rule ...
by ik3umt
Thu Nov 05, 2015 11:46 am
Forum: General
Topic: PCC load balancing : rules order and passtrough
Replies: 0
Views: 766

PCC load balancing : rules order and passtrough

I'm using fine this mangle set for PCC loadbalancing But "fine" doesn't always mean "the best way" I was ask you about the rules sequence and the passthrough= statement are OK or not (there is some confusion in the moltitude of resources available on the net....) ether1= LAN ethe...
by ik3umt
Wed Nov 04, 2015 5:07 pm
Forum: General
Topic: Broadcast and multicast from different networks
Replies: 1
Views: 651

Re: Broadcast and multicast from different networks

I.e. I've inserted these two rules : chain=input action=drop src-address=!10.0.1.0/0 in-interface=ether1 chain=input action=drop src-address=!10.0.2.0/0 in-interface=ether2 (where eth has 10.0.1.1 and eth2 has 10.0.2.1 ) I noted a lot of packet rejected on firewall rules winbox window (Bytes-Packets...
by ik3umt
Wed Nov 04, 2015 4:57 pm
Forum: General
Topic: Broadcast and multicast from different networks
Replies: 1
Views: 651

Broadcast and multicast from different networks

Scenario : Few pc on a LAN subnet and few others on a different LAN subnet All are tepmorarily connected to a single ethernet switch (no VLAN capable) waiting for a second dedicated switch to arrive. Two ports of this single switch are connected to eth1 and eth2 of a routerboard, these ports have di...
by ik3umt
Mon Nov 02, 2015 3:08 pm
Forum: General
Topic: Re-route a port to router.....
Replies: 5
Views: 1313

Re: Re-route a port to router.....

I've solved this issue by adding a masquerade rule to my srcnat chain. That way, my Mikrotik replaces my LAN ip address with the IP address of the interface facing the DSL modem. That way my DSL modem just has to deal with the subnet between the modem and the Mikrotik. /ip firewall nat add chain=sr...
by ik3umt
Mon Nov 02, 2015 1:03 pm
Forum: General
Topic: Re-route a port to router.....
Replies: 5
Views: 1313

Re: Re-route a port to router.....

It doesn't work.... probably it doesn't know where to route traffic back..... My office ip address is aaa.bbb.ccc.ddd ISP router lan is 10.0.0.1/30 routerboard wan is 10.0.0.2/30 on eth1 chain=dstnat action=dst-nat to-addresses=10.0.0.1 to-ports=80 protocol=tcp src-address=aaa.bbb.ccc.ddd in-interfa...
by ik3umt
Fri Oct 30, 2015 6:04 pm
Forum: General
Topic: Re-route a port to router.....
Replies: 5
Views: 1313

Re-route a port to router.....

My dsl router has all incoming traffic forwarded transparently to my routerboard wan interface
How can I re-route an incoming tcp connection (let's say port 8080) back to my router lan in port 80 for maintenance purpose ??
Dsl router doesn't allow mainenance from dsl line.
by ik3umt
Thu Oct 29, 2015 2:36 pm
Forum: General
Topic: Dynamic load balancing without PCC
Replies: 3
Views: 1175

Re: Dynamic load balancing without PCC

Nice to hear it from you both
There are two scenarios I can apply to :

A company with 10-15 pc sharing three equal bandwidth dsl lines
A home network with a pair of pc and a pair of adsl lines

Which solution (PCC or traffic monitor) should I choose for each environment ??
by ik3umt
Thu Oct 29, 2015 12:29 pm
Forum: General
Topic: Dynamic load balancing without PCC
Replies: 3
Views: 1175

Dynamic load balancing without PCC

Has anyone tried this ?

http://mum.mikrotik.com/presentations/US12/tomas.pdf

It uses traffic monitor to check used bandwidth and modify routing mark dynamically.

Any thought ??
by ik3umt
Wed Oct 28, 2015 4:04 pm
Forum: General
Topic: Static route over gre tunnel : interface vs ipaddress
Replies: 4
Views: 1501

Re: Static route over gre tunnel : interface vs ipaddress

Ok
I thought using gw=tunnel all packets addressed to that network would be routed through tunnel to the remote site.....

Thank you
by ik3umt
Wed Oct 28, 2015 10:13 am
Forum: General
Topic: Static route over gre tunnel : interface vs ipaddress
Replies: 4
Views: 1501

Static route over gre tunnel : interface vs ipaddress

When adding a static route for a remote network over a gre tunnel, what should i use as gateway ? the remote tunnel endpoint ip address or the tunnel interface name itself ?
What's the difference ?

Thank you