Community discussions

Search found 241 matches

by flynno
Sat Oct 12, 2019 1:54 pm
Forum: Wireless Networking
Topic: Audience vs Eero?
Replies: 27
Views: 3786

Re: Audience vs Eero?

What is Eero? :shock: mesh WiFi https://eero.com/ I have 2 in bridge mode. Excellent wireless coverage. I did order Audience to give it a try. Eero is what the guy who has NO BUSINESS AT ALL TOUCHING A NETWORK, is bringing into a commercial install. Sparky, "I use this all the time." Me, "YEAH IN H...
by flynno
Thu Sep 19, 2019 10:09 am
Forum: Wireless Networking
Topic: Buying new Routerboard - need your recommendations
Replies: 14
Views: 1415

Re: Buying new Routerboard - need your recommendations

What are you trying to do that needs wifi?
by flynno
Sun Sep 15, 2019 8:17 pm
Forum: Beginner Basics
Topic: Not working. What am i missing!?
Replies: 7
Views: 964

Re: Not working. What am i missing!?

/ip address
add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0

Try make the change above
by flynno
Fri Aug 16, 2019 2:47 pm
Forum: Beginner Basics
Topic: No internet access
Replies: 6
Views: 561

Re: No internet access

what vlan does your ISP use for fibre?
by flynno
Sun Aug 11, 2019 3:34 pm
Forum: Wireless Networking
Topic: Signals BAD after latest upgrade
Replies: 5
Views: 777

Re: Signals BAD after latest upgrade

It's possible that the antenna gain has changed on the radio to contry regulations reducing the power causing the signal to change. Did you upgrade both radios or just one?
by flynno
Mon Aug 05, 2019 9:53 pm
Forum: Scripting
Topic: api login issues 6.46beta16
Replies: 2
Views: 799

api login issues 6.46beta16

6.46beta16 installed on hap mini (smips) using PEAR2\Net\RouterOS; api no longer works to login. PEAR2\Net\RouterOS\DataFlowException: Invalid username or password supplied. in /var/www/html/PEAR2/Net/RouterOS/Client.php:175 Stack trace: #0 /var/www/html/index.php(71):PEAR2\Net\RouterOS\Client->__co...
by flynno
Mon Aug 05, 2019 9:47 pm
Forum: Beginner Basics
Topic: PLEASE HELP - no luck getting it to work / CCR1009-7G-1C-1S+ [SOLVED]
Replies: 24
Views: 1503

Re: 10 hours - no luck getting WAN/INET to work (CCR1009-7G-1C-1S+) [SOLVED]

In DHCP Client have you set 'Add Default Route:' to yes along with use peer dns
by flynno
Mon Aug 05, 2019 9:33 pm
Forum: Beginner Basics
Topic: PLEASE HELP - no luck getting it to work / CCR1009-7G-1C-1S+ [SOLVED]
Replies: 24
Views: 1503

Re: 10 hours - no luck getting WAN/INET to work (CCR1009-7G-1C-1S+) [SOLVED]

Add a dhcp client on ether1 in IP >DHCP Client


/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN


/ip dns
set servers=8.8.8.8,8.8.4.4
by flynno
Sat Aug 03, 2019 3:24 pm
Forum: Forwarding Protocols
Topic: why the ip can pass through all mikrotik firewall...
Replies: 3
Views: 640

Re: why the ip can pass through all mikrotik firewall...

Set PPPOE to WAN interface and ether1 to LAN if it's an SXT device you are using /ip firewall address-list add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet add add...
by flynno
Wed Jul 10, 2019 12:22 pm
Forum: RouterBOARD hardware
Topic: R11e-LTE PAcket Loss
Replies: 13
Views: 1173

Re: R11e-LTE PAcket Loss

You should get somebody to hold it in the direction of the tower outside the house, then run your tests.
by flynno
Tue Jun 18, 2019 7:51 pm
Forum: General
Topic: PPPOE Not working
Replies: 2
Views: 253

Re: PPPOE Not working

Have you tried removing the src-address=102.177.16X.X from /radius
add address=102.177.160.3 secret=XXXXXXXXXXXX service=ppp,login src-address=102.177.16X.X
by flynno
Mon Jun 10, 2019 6:13 pm
Forum: Wireless Networking
Topic: PPPOE User client problem
Replies: 2
Views: 334

Re: PPPOE User client problem

Is the TP link in bridge mode or router mode?
by flynno
Mon Jun 10, 2019 6:11 pm
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 1188

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

Why don't you put routers at the towers and terminate the pppoe connections on the tower that the clients are connected to?
Are the VPLS tunnels back to the core with one PPPoE server and all your clients are terminating at the core?
by flynno
Sun Jun 09, 2019 3:34 pm
Forum: General
Topic: [solved] wAP LTE kit, LAN connection
Replies: 6
Views: 743

Re: wAP LTE kit, LAN connection

That's great glad you got it sorted
by flynno
Sat Jun 08, 2019 8:36 pm
Forum: General
Topic: [solved] wAP LTE kit, LAN connection
Replies: 6
Views: 743

Re: wAP LTE kit, LAN connection - no internet on LAN on default configuration = bug or feature?

Are you using the dns provided by the sim? try add 8.8.8.8 and 8.8.4.4 as the dns servers
You can remove the LTE dns from the LTE APNs menu untick Use Peer DNS and default route distance to 1

Or in the DHCP add dns servers into the network
by flynno
Sun May 05, 2019 8:05 pm
Forum: Beginner Basics
Topic: HELP: Access Mikrotik Router Externally
Replies: 13
Views: 924

Re: HELP: Access Mikrotik Router Externally

When you say "Access Mikrotik Router Externally" do you mean access from devices that are connected to the modem or from anywhere in the world? I use below rules on my Tik device along with port knocking and VPN In terminal copy paste below, It disables services except for winbox and www /ip service...
by flynno
Sat May 04, 2019 9:09 pm
Forum: Wireless Networking
Topic: Sxt lite 5 Bad Signal
Replies: 1
Views: 308

Re: Sxt lite 5 Bad Signal

Check antenna gain on SXT
by flynno
Sat May 04, 2019 9:04 pm
Forum: Beginner Basics
Topic: HELP: Access Mikrotik Router Externally
Replies: 13
Views: 924

Re: HELP: Access Mikrotik Router Externally

add rule
/ip firewall filter add chain=input action=accept protocol=tcp dst-port=8291
move rule to just below the first input drop rule
by flynno
Sat Apr 20, 2019 4:29 pm
Forum: Beginner Basics
Topic: Need quick and east non-payment redirect for a single customer
Replies: 6
Views: 481

Re: Need quick and east non-payment redirect for a single customer

You should just email or text the client and tell her that the internet will end on such a date unless payment is received and reconnection fee will incurr if payment is not made nake the text look automatic and robotic like
by flynno
Thu Mar 21, 2019 3:39 pm
Forum: General
Topic: Need Some Help with Firewall
Replies: 3
Views: 341

Re: Need Some Help with Firewall

Open Terminal on router and paste firewall rules below /ip firewall address-list add list=Nextiva address=208.73.144.0/21 comment="Nextiva IP Range 208.73.144.0/21" /ip firewall address-list add list=Nextiva address=208.89.108.0/22 comment="Nextiva IP Range 208.89.108.0/22" /ip firewall filter add c...
by flynno
Sat Mar 16, 2019 11:22 pm
Forum: General
Topic: Mikrotik - Double-mac address
Replies: 10
Views: 495

Re: Mikrotik - Double-mac address

You must be suffering from some kind of mac spoofing, if the clients are connecting to the hotspot from AP's, turn off default forward on the AP's If you try connect to the hotspot using your device and see if you can ping other devices connected to the hotspot, if you can ping the devices you will ...
by flynno
Sat Mar 16, 2019 11:05 pm
Forum: General
Topic: Mikrotik - Double-mac address
Replies: 10
Views: 495

Re: Mikrotik - Double-mac address

When did this start to happen?
How are your clients connecting to the hotspot? wireless / wired
Is your hotspot running on a bridge?
What is the IP pool of the hotspot?
by flynno
Sat Mar 16, 2019 7:51 pm
Forum: General
Topic: Mikrotik - Double-mac address
Replies: 10
Views: 495

Re: Mikrotik - Double-mac address

Ok try set it to 2 and see if that helps you out
by flynno
Sat Mar 16, 2019 7:47 pm
Forum: General
Topic: Mikrotik - Double-mac address
Replies: 10
Views: 495

Re: Mikrotik - Double-mac address

Is Addresses Per Mac = 2
by flynno
Sat Mar 16, 2019 7:41 pm
Forum: General
Topic: Mikrotik - Double-mac address
Replies: 10
Views: 495

Re: Mikrotik - Double-mac address

Hotspot Server
Addresses Per Mac ?
by flynno
Tue Feb 05, 2019 9:58 pm
Forum: Beginner Basics
Topic: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!
Replies: 13
Views: 839

Re: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!

Ok I taught you had FTTB. Might be best to give your ISP a call and see what is going on. It could be something at there end
by flynno
Tue Feb 05, 2019 4:45 pm
Forum: Wireless Networking
Topic: Boosting LTE and WIFI on a boat [SOLVED]
Replies: 9
Views: 852

Re: Boosting LTE and WIFI on a boat [SOLVED]

Ah ok now I understand your design, the SXT LTE kit has LEDS on it for alignment so you can just adjust it each time you dock. Why dont you try build a custom solution using below; mANT LTE 5o (LTE ANTENNA) 5dBi LTE antenna with 2 x SMA connectors x1 RBM33G Powerful OEM board with three Gigabit LAN ...
by flynno
Tue Feb 05, 2019 2:55 pm
Forum: Wireless Networking
Topic: Boosting LTE and WIFI on a boat [SOLVED]
Replies: 9
Views: 852

Re: Boosting LTE and WIFI on a boat [SOLVED]

The WAP AC is an access point only, so you connect devices to it. SXT LTE is for internet, you could power up the WAP AC on the second POE port and put the WAP AC outside maybe setup a hotspot on a vlan for other dock users. You could put another indoor Tik device inside the cabin, if you need hardw...
by flynno
Tue Feb 05, 2019 12:47 pm
Forum: Beginner Basics
Topic: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!
Replies: 13
Views: 839

Re: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!

Do you have a fibre terminal ont with fibre in and ethernet cable out to run to ISP modem? Can you remove the ISP modem and just have the mikrotik device? Alot of fibre connections run on vlan10 so it would just be a matter of you creating a vlan10 on ether1 and request dhcp client using vlan10. You...
by flynno
Mon Feb 04, 2019 10:57 pm
Forum: Wireless Networking
Topic: Boosting LTE and WIFI on a boat [SOLVED]
Replies: 9
Views: 852

Re: Boosting LTE and WIFI on a boat [SOLVED]

Hey Patrick,

The Groove 52 ac has only single chain and is L3 device, L3 meaning you can only connect one device to it.
If you need the access point to be outside and waterproof you would be best off going for
The SXT 4G kit and a wAP ac (wAP ac duel band 2.4 - 5ghz outdoor or indoor device)
by flynno
Mon Feb 04, 2019 10:42 pm
Forum: Beginner Basics
Topic: Total Noob's Guide?
Replies: 2
Views: 313

Re: Total Noob's Guide?

Is the Tik device to be used as a bridge or main router?
by flynno
Sun Feb 03, 2019 9:17 pm
Forum: Beginner Basics
Topic: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!
Replies: 13
Views: 839

Re: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!

Disable "allow remote requests" on DNS unless you add a firewall input rule to drop port 53 from wan side You have a vlan 10 on bridge, what is this vlan to be used for? /interface vlan add interface=bridge name=vlan10 vlan-id=10 What type of internet connection do you have i.e. FFTH. FTTC or Wirele...
by flynno
Sun Feb 03, 2019 3:23 pm
Forum: Beginner Basics
Topic: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!
Replies: 13
Views: 839

Re: Ping 8.8.8.8 ko but ping 8.8.4.4 ok...!

It's possible that you have an ip conflict, check for the mikrotik for duplicate IP's
by flynno
Fri Feb 01, 2019 1:41 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 999

Re: Network speed issues

PTP link
R2 - R4

R2 side UltraDishTM TP 550 with MikroTik RouterBOARD RB922UAGS 5HPacD 802.11ac 866Mbps
R4 side UltraDishTM TP 400 with MikroTik RouterBOARD RB911G 5HPacD 802.11ac 866Mbps
AP on R4 is QRT AC L4


Detect Radar is causing a lot of issues with frequency selection
by flynno
Thu Jan 31, 2019 8:54 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 999

Re: Network speed issues

5785/20/an(33dBm) is R2-R4 PTP link 5745/20-Ceee/ac(33dBm) is an AP on R4 facing opposite direction to the PTP R2-R4 link R4 AP was set to AUTO frequency and it set itself to 5745/20-Ceee/ac(33dBm) The AP is running routeros-mipsbe-6.42.11, do I need to change installation is set to "Outdoor" and ne...
by flynno
Thu Jan 31, 2019 6:42 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 999

Re: Network speed issues

PPPoE server on R4 see image attached I left MTU blank on the pppoe server. The client cpe I have it set it to 1480 The client is having the traffic shaping done on R4 and I see very few packet drops in the queue tab, its set to wireless default queue type. The connection to the client cpe is a qrt ...
by flynno
Thu Jan 31, 2019 3:29 am
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 999

Re: Network speed issues

R1-R2 5805 5Ghz only AC 5805/20-Ceee/ac(33dBm) Tx / Rx Signal Strenght -29/-28 dBm distance is set to dynamic but the link is 1KM in distance TX fluctuates up and down between 50 to 80% and the RX is fairly consistent between 80% to 90% there is always traffic going through the link Signal to noise...
by flynno
Tue Jan 29, 2019 8:37 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 999

Re: Network speed issues

Hey Petrb, R1 - R2: 802.11 ac wireless R2 - R4 is set to NV2 as I was creating self interference on the R1 - R2 link NV2 is all I can use on R2 - R4 as nstreme drops to many times due to interference. The link is passing over a small town and is picking up alot of access points in the 5ghz band. I c...
by flynno
Sat Jan 26, 2019 11:31 pm
Forum: General
Topic: Clients CPE Firewall
Replies: 0
Views: 339

Clients CPE Firewall

Hey guys, I'm using this firewall on wireless clients CPE's, anyone have anything else that I should include into it? /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=accept chain=input...
by flynno
Fri Jan 25, 2019 2:34 pm
Forum: General
Topic: CCR1016-12S-1S+ PSU for DC Redundant Supply
Replies: 0
Views: 290

CCR1016-12S-1S+ PSU for DC Redundant Supply

Hey guys, Just a question in relation to the CCR1016-12S-1S+ PSU. Is it possible to remove the second power supply and connect the pins to a din rail DC 24v 4A output supply? I have the option of battery supply and would like to be able to use it with the CCR1016-12S-1S+ in case of mains power suppl...
by flynno
Thu Jan 24, 2019 3:40 pm
Forum: Wireless Networking
Topic: Network speed issues
Replies: 11
Views: 999

Network speed issues

Hey guys, I'm having issues with my network, if anyone can take a look at the design layout and may be able to help with below issues. Bandwidth tests between routers R2-R1 Download speed 100M + (R2 - R1 is over wireless) R4-R2 Download speed 100M + (R4 - R2 is over wireless) R4-R1 Fluctuates betwee...
by flynno
Wed Jan 23, 2019 12:46 am
Forum: Wireless Networking
Topic: PPPoE Possible MTU Issues
Replies: 5
Views: 459

Re: PPPoE Possible MTU Issues

Ok see image of network, R4 is router that client is connected to that is having the speed issues
by flynno
Tue Jan 22, 2019 10:33 pm
Forum: Wireless Networking
Topic: PPPoE Possible MTU Issues
Replies: 5
Views: 459

Re: PPPoE Possible MTU Issues

Hey CZFan,

I forgot to mention that it also goes lower than 10MB also, so it's a high 10M - 11M or can be as low as 3M etc... but never higher than 12M
by flynno
Tue Jan 22, 2019 9:50 pm
Forum: Wireless Networking
Topic: PPPoE Possible MTU Issues
Replies: 5
Views: 459

PPPoE Possible MTU Issues

Hey guys, I have a LHG XL 5 ac with ROS package v6.42.11 on clients premises. LHG XL 5 ac upgraded with v6.42.11 Client speed is set to 20M download 5M upload download but cannot pass 10MB on the speedtest.net app or website. Bandwidth tests from CPE to Main router show 20M download 5 Upload, so no ...
by flynno
Thu Jan 17, 2019 5:52 pm
Forum: Beginner Basics
Topic: Can't login to newly configured router
Replies: 10
Views: 1313

Re: Can't login to newly configured router

The SXT you are using is has a licensed 3 so the wireless will be set to "bridge" mode for one only one wireless device to connect which is the workshop device. The script below has set the wireless security to workshopconnect so on the TP device in the work shop you will need to search for SSID PTP...
by flynno
Wed Jan 16, 2019 5:49 pm
Forum: Beginner Basics
Topic: Can't login to newly configured router
Replies: 10
Views: 1313

Re: Can't login to newly configured router

Ok, what is it you are trying to do with the SXTsq Lite2?
Is it possible for you to reset the device and remove the default setup script.
I can assist you to setup the device without the help of quickset.
by flynno
Wed Jan 16, 2019 12:46 pm
Forum: Beginner Basics
Topic: Can't login to newly configured router
Replies: 10
Views: 1313

Re: Can't login to newly configured router

Hi Derek,

Can you do a command export file=PTP-AC hide-sensitive in the terminal of the SXT
Open the file with notepad++ and copy paste contents here or attach the file.
by flynno
Wed Jan 16, 2019 2:06 am
Forum: Beginner Basics
Topic: Can't login to newly configured router
Replies: 10
Views: 1313

Re: Can't login to newly configured router

Can you post the config you are running on it?

Could be something to do with the interface lists and winbox access set to the wlan
by flynno
Tue Jan 15, 2019 5:43 pm
Forum: Wireless Networking
Topic: ARM devices and NV2 protocol
Replies: 596
Views: 61619

Re: ARM devices and NV2 protocol

if the sale bad product goberment punish them.
Pure quality stuff right here
by flynno
Wed Jan 02, 2019 7:11 pm
Forum: General
Topic: Public IP Address to Clients
Replies: 7
Views: 514

Re: Public IP Address to Clients

Have you added the nat rule and place it above the current nat rule on your CCR

/ip firewall nat
add action=accept chain=srcnat comment="Client Static IP" src-address=111.111.111.111

111.111.111.111 been the public ip you want to assign to the client
by flynno
Wed Jan 02, 2019 7:02 pm
Forum: General
Topic: Public IP Address to Clients
Replies: 7
Views: 514

Re: Public IP Address to Clients

DHCP. Don't want anything to do with PPPoE.
Have you tried assigning the IP via DHCP leases to the MAC of the clients CPE?
by flynno
Wed Jan 02, 2019 6:21 pm
Forum: General
Topic: Public IP Address to Clients
Replies: 7
Views: 514

Re: Public IP Address to Clients

Are you using PPPoE or DHCP?
by flynno
Tue Jan 01, 2019 4:12 pm
Forum: Beginner Basics
Topic: Warning Noob Ahead
Replies: 1
Views: 229

Re: Warning Noob Ahead

Do you mean setup a nat rule?
/ip firewall nat add action=src-nat chain=srcnat out-interface-list=WAN to-addresses=YOUR PUBLIC IP
by flynno
Thu Dec 27, 2018 10:04 pm
Forum: General
Topic: YouTube Thumbnails problem. (not loading)
Replies: 1
Views: 271

Re: YouTube Thumbnails problem. (not loading)

Have you tried using a mangle rule for MTU /ip firewall mangle add chain=forward out-interface= pppoe-out1 protocol=tcp tcp-mss=1440-65535 tcp-flags=syn action=change-mss new-mss=1440 passthrough=yes /ip firewall mangle add chain=forward in-interface= pppoe-out1 protocol=tcp tcp-mss=1440-65535 tcp-f...
by flynno
Sun Dec 09, 2018 11:30 pm
Forum: Scripting
Topic: Kid Control [SOLVED]
Replies: 3
Views: 726

Re: Kid Control [SOLVED]

Solution // Receiving variables @$device_name = addslashes($_POST['device_name']); @$profile_select = addslashes($_POST['profile_select']); use PEAR2\Net\RouterOS; require_once 'PEAR2/Autoload.php'; try { $util = new RouterOS\Util( $client = new RouterOS\Client($_SESSION['user']['remoteadd'],$_SESSI...
by flynno
Sat Dec 08, 2018 5:27 pm
Forum: Scripting
Topic: Kid Control [SOLVED]
Replies: 3
Views: 726

Re: Kid Control [SOLVED]

Anyone have the correct API to update a current profile to another profile without deleting the existing one. Here is what I have so far; <?php // Receiving variables from filled form @$device_name = addslashes($_POST['device_name']); @$profile_select = addslashes($_POST['profile_select']); use PEAR...
by flynno
Fri Dec 07, 2018 5:57 pm
Forum: Scripting
Topic: Kid Control [SOLVED]
Replies: 3
Views: 726

Re: Kid Control [SOLVED]

$util->setMenu('/ip/kid-control/device');
$util->remove(($_POST['device_remove']));

Solved using util
by flynno
Thu Dec 06, 2018 11:14 pm
Forum: Scripting
Topic: Kid Control [SOLVED]
Replies: 3
Views: 726

Kid Control [SOLVED]

Hey guys, i require help removing a device using the Pear2 api Two lines of code below that I am using to remove the device. I have a form created to get the name of the device to be removed that passes the variable $device_remove $addRequest = new RouterOS\Request('/ip kid-control device remove'); ...
by flynno
Thu Dec 06, 2018 10:11 pm
Forum: General
Topic: PPPoE Problems
Replies: 4
Views: 492

Re: Urgent help required

Did you try adding the ether port that the ubnt device is connected to the pppoe server bridge
by flynno
Sun Dec 02, 2018 11:07 pm
Forum: General
Topic: PPPoE Problems
Replies: 4
Views: 492

Re: Urgent help required

Is the UBNT connected to the RB750 in the same bridge with the PPPoE server?
by flynno
Mon Sep 10, 2018 5:26 pm
Forum: Beginner Basics
Topic: Got hacked, think I need help with configuring routerOS
Replies: 17
Views: 2762

Re: Got hacked, think I need help with configuring routerOS

Hi Johannes33, pub and skins are OK in the files, just look out for the mikrotik.php file, also any scripts or schedulers you did not add yourself. Go to IP > SOCK and disable if active. Go to Users and delete any user you did not add, make a new user in a different name other than "admin" create a ...
by flynno
Mon Sep 03, 2018 5:33 pm
Forum: RouterBOARD hardware
Topic: RB3011 - SFP not working - hardware defect?
Replies: 8
Views: 1253

Re: RB3011 - SFP not working - hardware defect?

Have you correct SFP modules for send and receive? normally blue and yellow bars on them
by flynno
Mon Sep 03, 2018 5:23 pm
Forum: Beginner Basics
Topic: VoIP issues [SOLVED]
Replies: 5
Views: 839

Re: VoIP issues [SOLVED]

Have you tried disable the SIP in ip firewall service ports?
by flynno
Wed Aug 29, 2018 12:46 am
Forum: General
Topic: New wave of Winbox vuln. attacks
Replies: 20
Views: 3602

Re: New wave of Winbox vuln. attacks

Hey Mistry7, have you any rules that I can use to prevent this from happening?
by flynno
Tue Aug 28, 2018 3:12 pm
Forum: General
Topic: New wave of Winbox vuln. attacks
Replies: 20
Views: 3602

Re: New wave of Winbox vuln. attacks

I think I fell victim to this attack yesterday, my clients had problems watching netflix and appeared to have two IP addresses. One IP was fake and one was the real IP address. Netflix reported the IP as using a proxy or VPN and denied the clients access. My main router was breached before because o...
by flynno
Tue Aug 28, 2018 12:28 pm
Forum: General
Topic: Neflix IP ban
Replies: 4
Views: 931

Re: Neflix IP ban

Good morning Normis, I amended the Nat rules on the main router to /ip firewall nat add action=src-nat chain=srcnat out-interface=<Public> to-addresses=<Public_IP> on the clients cpe's I have chain=srcnat action=masquerade out-interface=pppoe-out1 log=no log-prefix="" unless they have a static IP ad...
by flynno
Tue Aug 28, 2018 12:17 am
Forum: General
Topic: Neflix IP ban
Replies: 4
Views: 931

Re: Neflix IP ban

Clients are showing they have two IP addresses instead of one on whatsmyip.net, one real IP and the other IP's are fake here is three IPs that showed up 66.249.81.232, 66.249.81.228, 66.249.81.234. They are not using VPN;s or proxies. I changed the IP of the main router for now and added firewall ru...
by flynno
Mon Aug 27, 2018 10:04 pm
Forum: General
Topic: Neflix IP ban
Replies: 4
Views: 931

Neflix IP ban

Hey guys,

I masquerade my clients out behind one IP and for some reason Netflix has banned that IP now.

error message
Whoops, something went wrong.Streaming error.You seem to be using an unblocker or proxy. Please turn off any of these services and try again.”

Anyone else having the same problem?
by flynno
Sun Aug 26, 2018 10:07 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Ok not sure if it's a bug but when I check "add default route" it auto adds route with the office public IP into route list as dst.address x.x.x.x and as gateway x.x.x.x and is unreachable. I have to add static route 0.0.0.0/0 gateway l2tp-out1 which is reachable, now the vpn is working correctly. T...
by flynno
Sun Aug 26, 2018 12:34 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

The issue I'm having is that LTE device is using its own public IP instead of the public IP of the remote office when browsing the internet. When I visit whatsmyip.net when the vpn is active on the LTE device, the IP is not the IP of the remote office. 0.0.0.0/0 via L2TP gateway or 0.0.0.0/0 via 172...
by flynno
Sat Aug 25, 2018 11:30 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 25
Views: 5394

Re: RB3011 no more POE on port eth10

The SPF port failed on my RB3011 today, it was working for about 6 months straight. The setup was SC fibre with opton 125G SM WDM31 S3D modules. The RB3011 was connected to a mikrotik powerbox by fibre, I had the sfp port bonded with an ether port but no Ethernet cable connected to that ether port. ...
by flynno
Fri Aug 24, 2018 7:34 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

see image
by flynno
Fri Aug 24, 2018 3:17 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Strange thing happens when I try to use the add default route with the ppp dial out add default route. The office public ip is added to the ip routes but is unreachable. It adds a route Dst gateway x.x.x.x Gateway x.x.x.x which is unreachable so the public ip is been used as the dst address and the ...
by flynno
Fri Aug 24, 2018 1:38 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Hi Bram, What kind of dns settings do you use? /ppp secret print Flags: X - disabled # NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS LOCAL-ADDRESS ROUTES 0 test l2tp 1234 default 172.16.0.10 172.16.0.1 172.16.0.0/12 LTE reachable now via 172.16.0.10 LTE local network 192.168.1.0/24 Office r...
by flynno
Thu Aug 23, 2018 11:22 am
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Office Router DNS /ip dns print servers: 172.16.0.1 dynamic-servers: 89.101.160.5,89.101.160.4 allow-remote-requests: yes max-udp-packet-size: 4096 query-server-timeout: 2s query-total-timeout: 10s max-concurrent-queries: 100 max-concurrent-tcp-sessions: 20 cache-size: 2048KiB cache-max-ttl: 1w cach...
by flynno
Thu Aug 23, 2018 12:01 am
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

LTE Device Office Public IP = X.X.X.X /interface ethernet set [ find default-name=ether1 ] arp=proxy-arp /ip neighbor discovery set lte1 discover=no /interface list add name=discover add name=mactel add name=mac-winbox /interface wireless security-profiles set [ find default=yes ] supplicant-identit...
by flynno
Wed Aug 22, 2018 8:42 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Still no luck with the nat rules. When I enable mangle on the LTE device for the private network, I cannot access websites but I can see dns requests populating on the office router
by flynno
Wed Aug 22, 2018 2:58 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Hi Chris,

Remote office router nat

/firewall filter nat
srcnat scr address 172.168.1.0/24 action masquerade

New below;

I modified pool to 172.16.0.0/12

/firewall filter nat
srcnat scr address 172.16.0.0/12 action masquerade
by flynno
Wed Aug 22, 2018 12:28 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

I can reach all devices on the remote office network. I want the LTE device to have its public IP address cloaked as the office network public IP and use the office router as the main gateway for all internet traffic
by flynno
Tue Aug 21, 2018 11:00 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

I can see the dns populating in the remote office router cache but the websites won't load, I have remote requests turned on for both routers, and the dns on the LTE is 172.168.1.1 which is the private ip of the remote office router
by flynno
Tue Aug 21, 2018 9:28 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Hi Bram,

LTE Device Route
/ip route
add distance=1 dst-address=0.0.0.0/0 gateway=172.168.1.1 reachable l2tp-out1 routing-mark= PPTP

172.168.1.1 is the address of remote office mikrotik device, it's the private address of the device
by flynno
Tue Aug 21, 2018 7:36 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

Is it possible to do this, I must be missing something
by flynno
Mon Aug 20, 2018 5:21 pm
Forum: Forwarding Protocols
Topic: Multicast Help
Replies: 1
Views: 516

Re: Multicast Help

Have you created a loopback bridge with a /32 IP address on it and add the IP address to the PIM RP
On the PIM interfaces you can change the interface IGMP version to the version you need.
by flynno
Mon Aug 20, 2018 1:40 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

I can winbox into both routers from each end, Remote office side and LTE side.
When I enable the mangle rule on the LTE device the only thing that I cant do is browse a website or ping 8.8.8.8 from the lan PC
Winbox still works from each side
by flynno
Mon Aug 20, 2018 12:41 pm
Forum: RouterBOARD hardware
Topic: RB951ui-2HnD was dead ? [SOLVED]
Replies: 5
Views: 715

Re: RB951ui-2HnD was dead ? [SOLVED]

Have you tried another power supply?
by flynno
Sun Aug 19, 2018 11:09 pm
Forum: Wireless Networking
Topic: wAP LTE Kit EU - Slow LTE speed
Replies: 68
Views: 12462

Re: wAP LTE Kit EU - Slow LTE speed

I bought two of these units, they are now in a landfill :)
by flynno
Sun Aug 19, 2018 10:18 pm
Forum: Beginner Basics
Topic: IPTV stuttering issue on HAP AC
Replies: 2
Views: 365

Re: IPTV stuttering issue on HAP AC

Turn on multicast helper on the wireless of the hap device, that should fix it
by flynno
Sun Aug 19, 2018 8:54 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

Re: L2TP to remote office

I can see the traffic going out the L2TP gateway with torch, when the mangle rule is enabled on the LTE device.
On the remote office router dns cache I can see the LTE devices requests in the cache.

Anyone have any input as to how I can get this working?
by flynno
Sun Aug 19, 2018 2:04 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 2684

L2TP to remote office

I setup a L2TP VPN on a mikrotik LTE device to access my office router Lan. The tunnel is established and I can ping both sides of the tunnel and reach the office router via the LTE device. I want to be able to use the office connection as the main internet connect for the mikrotik LTE device, send ...
by flynno
Fri Aug 17, 2018 1:30 pm
Forum: General
Topic: PowerBox PoE power problem
Replies: 6
Views: 741

Re: PowerBox PoE power problem

I think you need to check setting poe in long cable, turn it on if it's off
by flynno
Tue Aug 07, 2018 3:07 pm
Forum: General
Topic: Hotspot problem
Replies: 1
Views: 394

Re: Hotspot problem

Hotspot server profiles

Login via Mac, Cookie, Mac Cookie are these ticked?
by flynno
Mon Aug 06, 2018 3:39 pm
Forum: General
Topic: L2TP VPN
Replies: 0
Views: 251

L2TP VPN

Hey guys, I'm having difficulty setting up a VPN between two mikrotik routers. /ip firewall address-list add address=192.168.88.10 list=OutVpn /ip firewall mangle add chain=prerouting action=mark-routing new-routing-mark=VpnRoute passthrough=yes src-address-list=OutVpn log=no log-prefix="" dst-addre...
by flynno
Fri Aug 03, 2018 2:25 pm
Forum: General
Topic: Installer Hand Tool
Replies: 1
Views: 350

Installer Hand Tool

Has anyone developed any kind of handheld tool to meter align up CPE's? This could be something similar to a Satellite Meter or CCTV Meter with an LCD touch screen, with Android OS with the Tik App / other network tools, speedtest etc.. running on it. If a company hires staff to do installs, maybe c...
by flynno
Tue Jul 31, 2018 9:17 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

I supposed im just happy to have it working, would it take much extra configuration to have internet aswel?
by flynno
Sun Jul 29, 2018 7:41 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Sindy, I disabled all configuration to do with pppoe-out2. Current Setup IP Route 0.0.0.0/0 pppoe-out1 Gateway Distance 1 Gateway pppoe-out1 for below Rules dst-address=a.a.a.a-IPSEC-Gateway/32 action=lookup-only-in-table table=via-wan-2 dst-address=b.b.b.b-Webserver/32 action=lookup-only-in-table t...
by flynno
Sun Jul 29, 2018 6:14 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

That's done but still same results with command

/put [resolve the-name-of-b.b.b.b-server]
failure: dns server failure

Id say all solution's must be exhausted by now :D
by flynno
Sun Jul 29, 2018 5:52 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Mikrotik version 6.42.6 (stable) When I enable the pppoe-out1 and run command /put [resolve cloud.mikrotik.com] failure: dns name does not exist When I disable the pppoe-out1, VPN IPSEC PEER and all Policies /put [resolve cloud.mikrotik.com] 81.198.87.240 /put [resolve webserver.domain.com] b.b.b.b ...
by flynno
Sun Jul 29, 2018 5:20 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

/ip dns print servers: 8.8.8.8,8.8.4.4 dynamic-servers: allow-remote-requests: yes max-udp-packet-size: 4096 query-server-timeout: 2s query-total-timeout: 10s max-concurrent-queries: 100 max-concurrent-tcp-sessions: 20 cache-size: 2048KiB cache-max-ttl: 1w cache-used: 22KiB /ip settings print ip-for...
by flynno
Sun Jul 29, 2018 4:55 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Ok Sindy,

When Peer is disabled and I run the three commands I get "failure: dns server failure" on both
/put [resolve cloud.mikrotik.com]
/put [resolve the-name-of-b.b.b.b-server]

Same results when the Peer is enabled and tunnel is established
by flynno
Sun Jul 29, 2018 4:37 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

z.z.z.z is Public IP 1 m.m.m.m is Public IP 2 b.b.b.b Webserver a.a.a.a IPSEC Gateway Results of /ip route print detail /ip route rule print /ip firewall nat print /ip ipsec policy print /ip route print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o...
by flynno
Sun Jul 29, 2018 3:14 pm
Forum: The User Manager
Topic: hotspot social login
Replies: 1
Views: 894

Re: hotspot social login

Have you tried adding trial to the hotspot profile on the mikrotik hotspot device, if you are using a custom login page you will have to add the trial code to a login but in the code of the page
by flynno
Sun Jul 29, 2018 3:07 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Good morning Sindy :) Below are the results; z.z.z.z is Public IP 1 m.m.m.m is Public IP 2 b.b.b.b Webserver a.a.a.a IPSEC Gateway 0.0.0.0/0 pppoe-out1 Gateway Distance 2 0.0.0.0/0 pppoe-out2 Gateway Distance 1 Route to both are disabled in IP routes b.b.b.b Webserver a.a.a.a IPSEC Gateway Once Pref...
by flynno
Sun Jul 29, 2018 1:51 am
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Still no joy with that change, thanks for your help today Sindy. I get "no phase 2" but the admin requested my static IP for his end to create the VPN, the m.m.m.m (of pppoe-out2) is showing up in the "Installed SAs" this couldn't be right as it would have to be the Public IP 1 for that what the adm...
by flynno
Sun Jul 29, 2018 1:30 am
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

/ip route print detail /ip route rule print /ip firewall nat print /ip ipsec policy print /ip route print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 0 A S dst-address=0.0.0.0/0 gatewa...
by flynno
Sun Jul 29, 2018 1:16 am
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

z.z.z.z is Public IP 1 m.m.m.m is Public IP 2 b.b.b.b Webserver a.a.a.a IPSEC Gateway The nat rule was set to translate the 192.168.0.0/24 to Public IP 1 , which is static ip. add action=src-nat chain=srcnat comment="Public-Ip-1 Src-Nat" src-address=192.168.0.0/24 to-addresses=z.z.z.z The outcome is...
by flynno
Sat Jul 28, 2018 11:20 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

The ip addresses are both static IP's
by flynno
Sat Jul 28, 2018 11:01 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

z.z.z.z is Public IP 1 m.m.m.m is Public IP 2 b.b.b.b Webserver a.a.a.a IPSEC Gateway[/b] /ip route rule print 0 dst-address=a.a.a.a/32 action=lookup-only-in-table table=via-wan-2 1 dst-address=b.b.b.b/32 action=lookup-only-in-table table=via-wan-2 /ip firewall nat print 0 ;;; Wan Src-Nat Public IP ...
by flynno
Sat Jul 28, 2018 9:17 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

I could try the two public addresses active route first and if that fails, I will try the calculate 32 subnet prefixes solution. if all fails then it's at there end
by flynno
Sat Jul 28, 2018 8:42 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

0 ;;; allow l2tp chain=input action=accept protocol=udp dst-port=1701 log=no log-prefix="" 1 ;;; allow pptp chain=input action=accept protocol=tcp dst-port=1723 log=no log-prefix="" 2 ;;; allow sstp chain=input action=accept protocol=tcp dst-port=443 log=no log-prefix="" 3 ;;; ipsec-ah chain=input a...
by flynno
Sat Jul 28, 2018 8:15 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

z.z.z.z is Public IP 1 m.m.m.m is Public IP 2 b.b.b.b Webserver a.a.a.a IPSEC Gateway No default route for Public IP 2 Default route for Public IP 1 is 0.0.0.0/0 gateway pppoe-out1 /ip ipsec installed-sa from your z.z.z.z to their a.a.a.a to count packets and bytes but the one for the opposite dire...
by flynno
Sat Jul 28, 2018 7:12 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Default Route 0.0.0.0/0 Gatway pppoe-out1 /interface pppoe-client add disabled=no interface=wlan2 keepalive-timeout=60 name=pppoe-out1 use-peer-dns=yes user=*******1 add disabled=no interface=wlan2 name=pppoe-out2 user=*******2 /ip firewall nat add action=src-nat chain=srcnat comment="Public-Ip-2 to...
by flynno
Sat Jul 28, 2018 6:46 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

IPSEC Gateway a.a.a.a Webserver b.b.b.b 0 ;;; VPN src-address=0.0.0.0/0 src-port=any dst-address=192.168.0.0/24 dst-port=any protocol=all action=none 1 ;;; VPN src-address=My-Public-IP/32 src-port=any dst-address=0.0.0.0/0 dst-port=any protocol=all action=none 2 A ;;; VPN src-address=0.0.0.0/0 src-...
by flynno
Sat Jul 28, 2018 4:21 pm
Forum: General
Topic: Rackable Kit for CRS CRS125-24G-1S-2HnD-IN
Replies: 0
Views: 261

Rackable Kit for CRS CRS125-24G-1S-2HnD-IN

Can anyone tell me where to get a kit to made MikroTik Cloud Router Switch CRS125-24G-1S-2HnD-IN rackable?
by flynno
Sat Jul 28, 2018 4:00 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

/ip ipsec policy print Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 0 ;;; VPN src-address=0.0.0.0/0 src-port=any dst-address=192.168.0.0/24 dst-port=any protocol=all action=none 1 A ;;; VPN src-address=0.0.0.0/0 src-port=any dst-address=b.b.b.b/32 dst-port=any...
by flynno
Sat Jul 28, 2018 3:03 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

IPSEC Gateway a.a.a.a Webserver b.b.b.b /ip ipsec policy print Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 0 ;;; VPN src-address=0.0.0.0/0 src-port=any dst-address= b.b.b.b dst-port=any protocol=all action=none 1 A ;;; VPN src-address=0.0.0.0/0 src-port=any ...
by flynno
Fri Jul 27, 2018 10:32 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

I have an IP address that is for the VPN use only and not to browse the internet. The IPSEC VPN is used to access the remote webserver login portal page securely, not to browse the internet under the VPN. But when I use the IP of the webserver it will show that I can reach webserver and I can ping i...
by flynno
Fri Jul 27, 2018 7:59 pm
Forum: General
Topic: PowerBox PoE power problem
Replies: 6
Views: 741

Re: PowerBox PoE power problem

You are correct, you need higher power supply
by flynno
Fri Jul 27, 2018 7:12 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

So to recap: With tunnel down, you can access web pages by name and ping the servers by name, except the server for which you needed the IPsec, yes With tunnel up, you can access web pages and ping the servers by address, including the server for which you needed the IPsec, yes/no? no, I cannot acce...
by flynno
Fri Jul 27, 2018 5:45 pm
Forum: General
Topic: PowerBox PoE power problem
Replies: 6
Views: 741

Re: PowerBox PoE power problem

It might be possible to do with the ether1-poe-in-long-cable, but I dont think you can power a device out ether1, think only 2-5 ports
Good idea about the media convertor, I never taught of that before :D
by flynno
Fri Jul 27, 2018 5:41 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Hi Sindy, I am able to ping the webserver domain name and it translated the domain to the IP address. The dns server settings are auto giving to my via PPPoE on the mikrotik and I have remote requests on with the router IP 192.168.0.1 added to the dns list. If I turn off PPPoE "Use Peer DNS" I can i...
by flynno
Fri Jul 27, 2018 2:03 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Hi Sindy, Thank you for your very helpful detailed reply, I added /ip ipsec policy add place-before=0 action=none src-address=0.0.0.0/0 dst-address=192.168.0.0/24 place-before=0 I can now open up webserver in browser with the IP of the webserver, but when I try to go to the actually webserver domain...
by flynno
Sun Jul 01, 2018 4:18 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

Re: IPSEC to Fortigate

Hey Sindy,

/ip firewall nat print
0 ;;; Wan Src-Nat
chain=srcnat action=src-nat to-addresses=my-public-ip src-address=192.168.0.0/24 log=no log-prefix=""
by flynno
Sun Jul 01, 2018 3:17 pm
Forum: General
Topic: IPSEC to Fortigate
Replies: 51
Views: 6344

IPSEC to Fortigate

Hey guys, I'm currently having major issues setting up an IPSEC vpn to remote Fortigate router. My setup SXT Lite5 ac cpe running pppoe on wlan for internet Lan is on ether1 with dhcp 192.168.0.0/24 IPSEC Configuration SRC. Address 0.0.0.0/0 DST. Address 0.0.0.0/0 SA SRC. Address my-public-ip SA DST...
by flynno
Sat Jun 30, 2018 7:29 pm
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

Re: IPSEC Issues

Anyone have any experience with solving this problem, the remote ends equipment used is Fortigate.

Is Mikrotik compatible with Fortigate?
by flynno
Sat Jun 30, 2018 3:43 am
Forum: Beginner Basics
Topic: Two mikrotik devices
Replies: 8
Views: 673

Re: Two mikrotik devices

Your printer is on a different network to your PC? Printer IP 10.31.10.10. PC IP 10.31.0.101
Why don't you just use the RB692 as a wifi-switch and let the CCR do the routing?

Remove IP address from Bridge and DHCP server with IP pool along with firewall rules.
by flynno
Sat Jun 30, 2018 12:38 am
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

Re: IPSEC Issues

Is it correct to have 0.0.0.0/0 in Src. Address and 0.0.0.0/0 in Dst. Address, looking at the wiki guides local private network address and remote private network should be used. I wasn't given a remote private network address to use and the tunnel wont establish unless 0.0.0.0/0 in Src. Address and...
by flynno
Fri Jun 29, 2018 11:46 pm
Forum: Beginner Basics
Topic: Two mikrotik devices
Replies: 8
Views: 673

Re: Two mikrotik devices

change the bridge address, it should be 10.31.10.1/24 not 10.31.10.0/24
by flynno
Fri Jun 29, 2018 11:00 pm
Forum: Beginner Basics
Topic: Two mikrotik devices
Replies: 8
Views: 673

Re: Two mikrotik devices

Router 2
/Ip route 0.0.0.0/0
10.31.0.1 gateway = router1

Try above and see if that sorts it
by flynno
Fri Jun 29, 2018 4:19 pm
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

Re: IPSEC Issues

I managed L2TP/IPsec server, so there is not need in accept NAT rule. Just try to ping Tik IPsec gateway from remote server and then try to ping your PC behind Tik in LAN. Also you have to be sure that remote server have a static route to your LAN via ipsec gateway IP. Hi Anumrak, When IPSEC is ena...
by flynno
Fri Jun 29, 2018 1:14 am
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

Re: IPSEC Issues

Note: It is recommend that the IPSEC address is NATed to public IP addressing. My nat rules /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=src-nat to-addresses=x.x.x.x out-interface=pppoe-out1 /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 action=src-nat to-address...
by flynno
Thu Jun 28, 2018 6:56 pm
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

Re: IPSEC Issues

When the IPSEC tunnel is established, I have no internet on PC that I am trying to ping from, so I cant actually ping anything I guess or even browse to the remote webserver.

When I disabled the IPSEC tunnel internet returns to normal.
by flynno
Thu Jun 28, 2018 3:32 am
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

Re: IPSEC Issues

The admin said everything is in order at there end and can see my pings hitting the webserver from the mikrotik router, but I cant ping from my PC or reach the webserver via browser. VPN requirements; Route Based VPN's are the standard VPN build i.e not Policy Based VPN's. VPN selectors should be 0....
by flynno
Wed Jun 27, 2018 3:48 pm
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

Re: IPSEC Issues

Hi Anumrak,

Remote side admin told me that an extra firewall policy or route might be needed so traffic from PCs on the LAN can pass through the IPSEC


Thanks
by flynno
Wed Jun 27, 2018 1:53 pm
Forum: Beginner Basics
Topic: IPSEC Issues
Replies: 11
Views: 846

IPSEC Issues

Hey guys, I have been having trouble the past few days trying to setup an ipsec vpn to a remote location, somebody might be able to point me in the right direction. I can get the ipsec connection to establish on phase2 and can ping the remote server from the mikrotik device itself but not from my pc...
by flynno
Sun Apr 22, 2018 6:57 pm
Forum: Beginner Basics
Topic: Getting Plex to play nice with firewall rules
Replies: 19
Views: 2343

Re: Getting Plex to play nice with firewall rules

You need to open and forward the public port plex listens on, default port is 32400, it can be changed in the server settings on plex.
by flynno
Sun Apr 15, 2018 10:25 pm
Forum: Wireless Networking
Topic: Routed Network
Replies: 1
Views: 321

Routed Network

Hi Guys, I have a question regarding setting up a routed network using two SXTs and two Routers. Do I have to bridge both ether1 and wlan together or is there another way without bridging interfaces using IP routes? SXT1 Wireless bridge mode IP on Lan interface is 10.0.0.2/29 IP on Wlan interface is...
by flynno
Fri Apr 13, 2018 1:25 am
Forum: Beginner Basics
Topic: Static IP to Client over PPPOE
Replies: 7
Views: 1452

Re: Static IP to Client over PPPOE

Ok to bypass the Nat rule on R1.
I added an accept rule above the nat on sfp1 with the client static IP

Nat rule below
action accept
chain srcnat
Src. Address add client static IP here
by flynno
Thu Apr 12, 2018 11:38 pm
Forum: Beginner Basics
Topic: Static IP to Client over PPPOE
Replies: 7
Views: 1452

Re: Static IP to Client over PPPOE

I enabled proxy arp on interface sfp1 on R1 and proxy arp on interface sfp1 on R2 Then on R2 in /ip arp menu, I added the static address I wanted to give to the client on interface sfp1 Then added the static route to PPP remote address and now the client gets a static IP The client is now reachable ...
by flynno
Thu Apr 12, 2018 4:51 pm
Forum: Beginner Basics
Topic: Static IP to Client over PPPOE
Replies: 7
Views: 1452

Re: Static IP to Client over PPPOE

Default routes used on both routers Note: Isp gateway is 100.0.0.169 R1 IP 100.0.0.170 sfp1 Default Gateway 0.0.0.0/0 Gateway 100.0.0.169 reachable sfp1 Dst address 100.0.0.168/29 sfp1 reachable Pref. Source 100.0.0.170 <<< R1 IP reachable via internet Dst. Address 10.0.0.0/21 <<< Network Address sf...
by flynno
Thu Apr 12, 2018 2:52 pm
Forum: Beginner Basics
Topic: Static IP to Client over PPPOE
Replies: 7
Views: 1452

Re: Static IP to Client over PPPOE

Maybe you should assign this address in ppp secret user profile as remote address? Hi Anumrak, Thank you for your reply, it was late last night when I wrote this post so I left out the stuff that I did try to solve this. I added the static IP to the ppp secret as remote address and in gives the sta...
by flynno
Thu Apr 12, 2018 4:32 am
Forum: Beginner Basics
Topic: Static IP to Client over PPPOE
Replies: 7
Views: 1452

Static IP to Client over PPPOE

Hello Guys, I require some help. I've received a /29 allocation of IPv4 addresses from my ISP. For sake of discussion, I will call this the 100.0.0.168/29 network. This IP space is divided as follows: 100.0.0.168/29: Subnet 100.0.0.170-174: Give out to customers 100.0.0.169: Gateway 8.8.8.8 DNS 8.8....
by flynno
Fri Mar 30, 2018 7:48 pm
Forum: Forwarding Protocols
Topic: WISP with PPPoE and VLANs
Replies: 5
Views: 1326

Re: WISP with PPPoE and VLANs

PPPoE termination on tower router would be the way to go imo
by flynno
Fri Mar 30, 2018 4:27 pm
Forum: RouterBOARD hardware
Topic: How to upgrade/update Woobm? [SOLVED]
Replies: 9
Views: 1783

Re: How to upgrade/update Woobm? [SOLVED]

Is it possible to paste in the terminal of woobm, control+V is not working?
by flynno
Tue Aug 29, 2017 10:51 pm
Forum: Beginner Basics
Topic: Mikrotik router with ubiquity access points
Replies: 2
Views: 544

Re: Mikrotik router with ubiquity access points

You need to install the UniFi controller software on your laptop / PC
see link
https://dl.ubnt.com/guides/UniFi/UniFi_ ... _V3_UG.pdf
by flynno
Thu Aug 24, 2017 4:51 pm
Forum: General
Topic: ddns through dsl modem
Replies: 10
Views: 1418

Re: ddns through dsl modem

Can you buy a static IP from your ISP or get them to open / forward ports you need open.
by flynno
Wed Aug 23, 2017 2:30 pm
Forum: General
Topic: Hopspot User Expiry
Replies: 6
Views: 667

Re: Hopspot User Expiry

Create Hotspot user profile called 1hr

Hotspot user profile > Session Timeout > 01:00:00

Check "Add Mac Cookie"
Mac Cookie Timeout > 01:00:00
by flynno
Wed Aug 23, 2017 2:24 pm
Forum: Wireless Networking
Topic: CAPsMAN and guestwifi, no internet on guestwifi
Replies: 20
Views: 1961

Re: CAPsMAN and guestwifi, no internet on guestwifi

Is the master interface of the guest network set to the main in capsman see image
by flynno
Wed Aug 23, 2017 12:31 pm
Forum: Wireless Networking
Topic: CAPsMAN and guestwifi, no internet on guestwifi
Replies: 20
Views: 1961

Re: CAPsMAN and guestwifi, no internet on guestwifi

I had issues before with the router not picking up dns settings from ISP Check to see if the input fields are empty or contain DNS IP's Go to IP > DNS You should have DNS IP addresses in the dynamic input fields, maybe update the router to the lastest bugfix if the inputs are empty System > Packages...
by flynno
Wed Aug 23, 2017 2:27 am
Forum: General
Topic: Hopspot User Expiry
Replies: 6
Views: 667

Re: Hopspot User Expiry

Hotspot > Users

Select the User you want to limit to 1hr by double click they name

Go to "limits" tab

Select "Limit Uptime" and type in 01:00:00
by flynno
Wed Aug 23, 2017 2:11 am
Forum: Wireless Networking
Topic: CAPsMAN and guestwifi, no internet on guestwifi
Replies: 20
Views: 1961

Re: CAPsMAN and guestwifi, no internet on guestwifi

Did you check your IP > Router List

guests route should look like

Dst. Address 10.10.20.1/24
Gateway guests reachable
Pref. Source 10.10.20.1
by flynno
Tue Aug 22, 2017 10:05 pm
Forum: General
Topic: Sharing Bandwidth between 2 locations
Replies: 5
Views: 666

Re: Sharing Bandwidth between 2 locations

Sounds like some kind of OSPF setup maybe
by flynno
Tue Aug 22, 2017 9:59 pm
Forum: Wireless Networking
Topic: CAPsMAN and guestwifi, no internet on guestwifi
Replies: 20
Views: 1961

Re: CAPsMAN and guestwifi, no internet on guestwifi

IP > Addresses
10.10.10.1/24
10.10.20.1/24

Instead of 10.10.20.0/24 and 10.10.10.0/24
by flynno
Tue Aug 22, 2017 2:16 pm
Forum: Wireless Networking
Topic: CAPsMAN and guestwifi, no internet on guestwifi
Replies: 20
Views: 1961

Re: CAPsMAN and guestwifi, no internet on guestwifi

Try these rules

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
add action=masquerade chain=srcnat out-interface=main
add action=masquerade chain=srcnat out-interface=guest
by flynno
Tue Aug 22, 2017 12:03 pm
Forum: Wireless Networking
Topic: CAPsMAN and guestwifi, no internet on guestwifi
Replies: 20
Views: 1961

Re: CAPsMAN and guestwifi, no internet on guestwifi

Try below rule

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN src-address=10.10.10.0/24
by flynno
Thu Aug 10, 2017 7:55 pm
Forum: Scripting
Topic: API to increase Hotspot http-cookie-lifetime
Replies: 2
Views: 446

Re: API to increase Hotspot http-cookie-lifetime

Hi boen_robot,

That worked like a charm, thank you!
by flynno
Thu Aug 10, 2017 7:14 pm
Forum: Scripting
Topic: API to increase Hotspot http-cookie-lifetime
Replies: 2
Views: 446

API to increase Hotspot http-cookie-lifetime

Hi guys, Just wondering is it possible to use a form to increase the Hotspot http-cookie-lifetime via input field I am using below code but no joy with it. ===Form Code=== <form id="cookie" class="form-horizontal" action="cookie.php" method="post"> <input type="text" class="form-control" name="login...
by flynno
Thu Aug 10, 2017 7:07 pm
Forum: Beginner Basics
Topic: RB1100AH with local webserver
Replies: 9
Views: 1535

Re: RB1100AH with local webserver

If you put the web server IP address into the browser address bar on your device does it not bring you to the web-server? Are you looking to give your web-server an address like mywebserver.dns.com or something like that? if so you need to put the IP address into the STATIC DNS settings of the mikr...
by flynno
Mon Jul 24, 2017 7:29 pm
Forum: General
Topic: Facebook Login on Captive Portal
Replies: 3
Views: 1524

Re: Facebook Login on Captive Portal

Have you tried removing facebook login and see if that works?
by flynno
Mon Jul 24, 2017 7:18 pm
Forum: Beginner Basics
Topic: RB1100AH with local webserver
Replies: 9
Views: 1535

Re: RB1100AH with local webserver

If you put the web server IP address into the browser address bar on your device does it not bring you to the web-server? Are you looking to give your web-server an address like mywebserver.dns.com or something like that? if so you need to put the IP address into the STATIC DNS settings of the mikro...
by flynno
Mon Apr 24, 2017 1:10 pm
Forum: Beginner Basics
Topic: just a guy with mikrotik haplite
Replies: 19
Views: 8437

Re: just a guy with mikrotik haplite

You would want to get onto the "guy" and get login details for the router.
by flynno
Sun Apr 09, 2017 4:41 pm
Forum: Forwarding Protocols
Topic: OSPF, MLPS/VPLS, PPPoE
Replies: 2
Views: 682

OSPF, MLPS/VPLS, PPPoE

Hey guys, I need some advise on a new network design, I'm currently going with OSPF, MLPS/VPLS, and a PPPoE server on CCR router, Clients use PPPoE client to get IP address when connected to AP's and radius server to manage queues, bandwidth and accounts etc... I was told by an advisor that PPPoE is...
by flynno
Mon Oct 24, 2016 5:00 pm
Forum: General
Topic: 2 families, 2 ISPs and a shared network printer
Replies: 10
Views: 1539

Re: 2 families, 2 ISPs and a shared network printer

Printers are cheap these days, just buy another one :)
by flynno
Mon Oct 24, 2016 4:45 pm
Forum: General
Topic: Managing Appartment Block Internet
Replies: 6
Views: 1023

Re: Managing Appartment Block Internet

Connect the fibre to your core router then connect the switches to router with cable and connect the APs to your switch, bridge the Aps and get the same SSID for all of them In router run a pppoe server and make a account for client or you can other config that you like for your network My only iss...
by flynno
Wed Sep 14, 2016 6:18 pm
Forum: RouterBOARD hardware
Topic: PTP: QRT2=>SXT or QRT2<=SXT ?
Replies: 4
Views: 772

Re: PTP: QRT2=>SXT or QRT2<=SXT ?

Why not use 2 x QRT2 ?
by flynno
Fri Sep 09, 2016 9:01 pm
Forum: Wireless Networking
Topic: Help with Optimizing local WISP
Replies: 14
Views: 1725

Re: Help with Optimizing local WISP

How many customers does he have on the network?
by flynno
Tue Sep 06, 2016 5:53 pm
Forum: Wireless Networking
Topic: How to get Internet to the 2nd floor using WiFi with Mikrotik
Replies: 22
Views: 3004

Re: How to get Internet to the 2nd floor using WiFi with Mikrotik

I guess you could try using the new REP wireless package, an extend the signal from one room to another using 2 hAP lites, that way you will have wireless and ethernet in the desired room
by flynno
Tue Sep 06, 2016 1:07 pm
Forum: Wireless Networking
Topic: How to get Internet to the 2nd floor using WiFi with Mikrotik
Replies: 22
Views: 3004

Re: How to get Internet to the 2nd floor using WiFi with Mikrotik

Have you tried to use ethernet power plug, something like "Powerline (One Tenda PA202 + One Tenda P202) Wireless Power line Adapter Extender WiFi hotspot 200Mbps Ethernet Network Adaptor" this might be an option
by flynno
Mon Aug 22, 2016 8:23 pm
Forum: Wireless Networking
Topic: iPhones dropping wifi (CAPsMAN)
Replies: 30
Views: 8893

Re: iPhones dropping wifi (CAPsMAN)

Have you tried turning off "TKIP" on the wireless "Secruity Profiles"?
by flynno
Sat Jun 18, 2016 8:20 pm
Forum: Beginner Basics
Topic: Router can't access internet/PING/DNS - Clients are able to connect!
Replies: 8
Views: 3778

Re: Router can't access internet/PING/DNS - Clients are able to connect!

/ip firewall nat
add action=masquerade chain=srcnat comment="bridge configuration" \
    out-interface=bridge-local
by flynno
Fri Jun 03, 2016 1:20 pm
Forum: Wireless Networking
Topic: Wirelless repeater + gopro
Replies: 4
Views: 1070

Re: Wirelless repeater + gopro

Can you put the Gopro in AP Bridge?

Your ISP Router main DHCP
>
Repeater - RBMetal2SHPn
>
AP - Gopro Hero 3 black
>
Client - Android 6 phone
by flynno
Wed Jun 01, 2016 3:51 am
Forum: Beginner Basics
Topic: RB951G + Omnitik + adsl modem router
Replies: 18
Views: 1766

Re: RB951G + Omnitik + adsl modem router

Ok that's great, looking forward to hearing your progress, remember to backup all your scripts when you have your network complete using the /export file and save on your comp :)
by flynno
Wed Jun 01, 2016 3:32 am
Forum: Beginner Basics
Topic: RB951G + Omnitik + adsl modem router
Replies: 18
Views: 1766

Re: RB951G + Omnitik + adsl modem router

Ok glad you sorted it,

The Omnitik is used as an AP so no dhcp is needed :)
you can use the Quickset to config it, Wisp AP
Don't forget to "Set your country"

Bridge > Automatic
Address Source > Any
by flynno
Wed Jun 01, 2016 2:40 am
Forum: Beginner Basics
Topic: RB951G + Omnitik + adsl modem router
Replies: 18
Views: 1766

Re: RB951G + Omnitik + adsl modem router

Here is a new script, I need you to reset your config on the RB951G without a default config System > Reset Configuration Tick "No Default Configuration" Press "Reset Configuration Button" When that is all done, winbox back into the RB951G New terminal and paste below script /interface bridge add na...
by flynno
Tue May 31, 2016 9:09 pm
Forum: Beginner Basics
Topic: RB951G + Omnitik + adsl modem router
Replies: 18
Views: 1766

Re: RB951G + Omnitik + adsl modem router

Ok I need you to reset your config on the RB951G without a default config System > Reset Configuration Tick "No Default Configuration" Press "Reset Configuration Button" When that is all done, winbox back into the RB951G New terminal and paste below script /interface bridge add admin-mac=E4:8D:8C:8C...
by flynno
Tue May 31, 2016 8:36 pm
Forum: Beginner Basics
Topic: RB951G + Omnitik + adsl modem router
Replies: 18
Views: 1766

Re: RB951G + Omnitik + adsl modem router

Ya looks to be a bit of a mess, I try clear it up for you
by flynno
Tue May 31, 2016 12:10 pm
Forum: Beginner Basics
Topic: RB951G + Omnitik + adsl modem router
Replies: 18
Views: 1766

Re: RB951G + Omnitik + adsl modem router

You are using the whole RB951G router as a hotspot, all ports bridged with wlan. Run the hotspot setup on bridge instead of the wlan. If you can post the RB951G config here, go to terminal /export file = hotspot Drag file from router to your desktop Open the file using notepad++ or sublime text edit...
by flynno
Mon May 30, 2016 7:33 pm
Forum: Beginner Basics
Topic: RB951G + Omnitik + adsl modem router
Replies: 18
Views: 1766

Re: RB951G + Omnitik + adsl modem router

What is the purpose of the Omnitik?

Is it to transmit the hotspot to surrounding areas or for private clients to connect without having to go through the hotspot?
by flynno
Sun May 29, 2016 10:56 pm
Forum: General
Topic: Hotspot doesn't open if the internet is down
Replies: 10
Views: 884

Re: Hotspot doesn't open if the internet is down

try add your router ip address to the dns settings
by flynno
Wed May 25, 2016 11:15 pm
Forum: Wireless Networking
Topic: Outdoor Wireless device
Replies: 4
Views: 772

Re: Outdoor Wireless device

Maybe the Metal 52 ac (RBMetalG52SHPacn) be the best option for you
by flynno
Sun May 01, 2016 2:32 am
Forum: Beginner Basics
Topic: Basic Groove wifi problem
Replies: 4
Views: 1087

Re: Basic Groove wifi problem

Add a wirless router to the second GrooveA-52HPn
by flynno
Sun May 01, 2016 2:29 am
Forum: Wireless Networking
Topic: which is the coverage RBSXTG-5HPnD-SAR2?
Replies: 2
Views: 595

Re: which is the coverage RBSXTG-5HPnD-SAR2?

Why dont you try and see
by flynno
Fri Apr 29, 2016 3:56 pm
Forum: Wireless Networking
Topic: Wireless clients disconnect
Replies: 2
Views: 734

Re: Wireless clients disconnect

OmniTik might be on the way out
by flynno
Fri Apr 29, 2016 3:50 pm
Forum: Beginner Basics
Topic: Custom Hotspot landing page
Replies: 1
Views: 755

Re: Custom Hotspot landing page

It might be easier to put prices on login page maybe on the right or bottom of the page,
by flynno
Fri Apr 29, 2016 3:03 pm
Forum: Beginner Basics
Topic: First to own mikrotik hap lite but i encounter a problem
Replies: 5
Views: 890

Re: First to own mikrotik hap lite but i encounter a problem

Are you using the HAP as a wireless extender?
by flynno
Sun Apr 24, 2016 1:27 am
Forum: General
Topic: FastTrack Rule and Hotspot
Replies: 5
Views: 1299

Re: FastTrack Rule and Hotspot

I guess leave it disabled if it's causing problems
by flynno
Tue Apr 19, 2016 2:22 am
Forum: Beginner Basics
Topic: error 404: not found problem!!!
Replies: 1
Views: 1087

Re: error 404: not found problem!!!

Is it in the hotspot folder on the router?

Can you see it if you type the hotspot address into your browser

Example
Http://192.168.88.1/reminder.html
by flynno
Tue Apr 19, 2016 2:11 am
Forum: General
Topic: How to know if hotspot customers suffer from slow internet using winbox
Replies: 6
Views: 639

Re: How to know if hotspot customers suffer from slow internet using winbox

rx-rate/tx-rate means respectively upload/download
by flynno
Mon Apr 18, 2016 11:36 pm
Forum: Wireless Networking
Topic: RBMetal problems- fried unit?
Replies: 3
Views: 930

Re: RBMetal problems- fried unit?

Try use a lower power supply to the unit, I had same problem with a router before and that sorted it for me
by flynno
Mon Apr 18, 2016 11:23 pm
Forum: General
Topic: How to know if hotspot customers suffer from slow internet using winbox
Replies: 6
Views: 639

Re: How to know if hotspot customers suffer from slow internet using winbox

Are your customers complaining about a slow connection?
by flynno
Sun Apr 17, 2016 10:33 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

You need to make sure your facing your Groove at the Harbour AP, adjust it until you get optimal signal using the scanner on the wireless card to search, maybe buy a mesh dish and stick the Groove onto instead of an Omni for better results
by flynno
Sun Apr 17, 2016 5:51 pm
Forum: Beginner Basics
Topic: Data usage limit for dummies
Replies: 1
Views: 1043

Re: Data usage limit for dummies

You can setup a VirtualAP running hotspot for customers
by flynno
Sun Apr 17, 2016 5:38 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ah cool, glad its sorted for you now, enjoy :D
by flynno
Sun Apr 17, 2016 4:00 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

If the interface is called "ether1-local" /ip firewall nat add action=masquerade chain=srcnat comment="default configuration" \ out-interface=ether1-local if you still dont have connection try disable the "drop" firewall rules Use tools ping to test internet connection 8.8.8.8 also note you may need...
by flynno
Sun Apr 17, 2016 3:33 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

paste this instead, I had type mistake /ip dhcp-client add comment="default configuration" dhcp-options=hostname,clientid disabled=\ no interface=wlan1 /ip dhcp-server network add address=192.168.88.0/24 comment="default configuration" gateway=\ 192.168.88.1 /ip dhcp-client add comment="default conf...
by flynno
Sun Apr 17, 2016 3:16 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ok now I need you to winbox in and reset device and tick no default configuration Now edit this script and add in the ssid and password in the slots to match the Harbour When edits are complete, I need you to copy and paste script back into the new terminal on winbox /interface wireless set [ find d...
by flynno
Sun Apr 17, 2016 3:03 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ok there seems to be a few lines missing from the script, like firewall rules and nat
by flynno
Sun Apr 17, 2016 1:26 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ok If you can winbox in and go to terminal and type in

export file= harbour-script

Drag the harbour-script from files in winbox onto you desktop and open it with notepad++ or sublime text editor, copy and paste the content here, hide any passwords and any other private info you want to
by flynno
Sat Apr 16, 2016 1:03 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Picture Guide
by flynno
Sat Apr 16, 2016 12:39 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ok, you need to reset the Groove using the reset button, When it reboots keep using the default config script, Go to Wireless on left navigation bar Find security tab and add a new profile call it harbour, Add the Harbour wifi password into the profile. Interface tab Select the wireless card Use the...
by flynno
Sat Apr 16, 2016 2:22 am
Forum: Beginner Basics
Topic: question for hotspot!
Replies: 2
Views: 490

Re: question for hotspot!

Can you export configuration here :)
by flynno
Fri Apr 15, 2016 8:26 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Nope ignore everything I said before, follow below only Open Winbox System > Reset Configuration Tick "No Default Configuration" Now press "Reset Configuration" Winbox back in when GrooveA 52HPn reloads Select Quickset CPE > SSID OF HARBOUR AP Enter Password Configuration Tick Router Mode Internet T...
by flynno
Fri Apr 15, 2016 8:16 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ok now you should be able to winbox into the GrooveA 52HPn with the address 192.168.88.1
by flynno
Fri Apr 15, 2016 8:05 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ok might be best to ignore Quickset for now Open Winbox System > Reset Configuration Tick "No Default Configuration" Now press "Reset Configuration" Winbox back in when GrooveA 52HPn reloads Select Quickset CPE > SSID OF HARBOUR AP Enter Password Configuration Tick Router Mode Internet Tick Automati...
by flynno
Fri Apr 15, 2016 7:27 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Ok can you go into Winbox Left Navigation Menu ----------------------------- IP > Firewall Filter Rules Tab ------------------------ Disable all Rules Go to Nat Tab and check you have rules ----------------------------- General = chain srcnat Out. Interface Wlan1 Action = Masquerade ----------------...
by flynno
Fri Apr 15, 2016 7:14 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Cool, so if you connect the GrooveA 52HPn via ethernet cable to your desktop you have internet access but if you connect the GrooveA 52HPn to another Router/AP your wireless devices have no internet access? What is the Router/AP you are using and do you know if its in Bridge mode or Router mode and ...
by flynno
Fri Apr 15, 2016 6:58 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

No problem :D

Ok what you need to do now is go into "Bridge" on left navi bar in winbox
Select "Ports" tab
Remove Wlan1 from the list

Winbox will probably kick you now so reload it again if it does


IP > DHCP CLIENT
DHCP CLIENT > Interface Wan1
by flynno
Fri Apr 15, 2016 6:53 pm
Forum: Beginner Basics
Topic: MikroTik RB750 Setup/Advice
Replies: 2
Views: 572

Re: MikroTik RB750 Setup/Advice

Hey JanDam

Only thing I can help you with is MikroTek = Mikrotik


:lol: :lol:
by flynno
Fri Apr 15, 2016 6:38 pm
Forum: Beginner Basics
Topic: Setup GrooveA 52HPn wireless in cable out
Replies: 33
Views: 2326

Re: Setup GrooveA 52HPn wireless in cable out

Hi, Do you know the password of the AP on the harbour you want to connect your GrooveA 52HPn to? If answer is yes, you need to winbox into the GrooveA 52HPn Reset the GrooveA 52HPn to default again with the reset button or via Winbox, Use default setup config Now Select on the left navigation menu Q...
by flynno
Sun Apr 10, 2016 10:08 pm
Forum: General
Topic: Comment from users to active in hotspot
Replies: 1
Views: 420

Re: Comment from users to active in hotspot

K...
by flynno
Sun Apr 10, 2016 8:11 pm
Forum: Beginner Basics
Topic: Mikrotik 6.34.1 Check updates fail
Replies: 44
Views: 39385

Re: Mikrotik 6.34.1 Check updates fail

Download package and upload to router solves the problem.

Add google dns 8.8.8.8 & 8.8.4.4
by flynno
Fri Apr 08, 2016 1:22 pm
Forum: Beginner Basics
Topic: Hotspot setup is not working!!!
Replies: 2
Views: 552

Re: Hotspot setup is not working!!!

Post your current config here by using below command in terminal of routerboard

/export file=hotspot-problem
by flynno
Tue Apr 05, 2016 3:42 pm
Forum: Beginner Basics
Topic: Mikrotik Hotspot configuration only for guest wifi network not for Office wifi network
Replies: 2
Views: 1505

Re: Mikrotik Hotspot configuration only for guest wifi network not for Office wifi network

Create a VirtualAP on wireless interface with SSID for Hotspot
Run hotspot setup to setup hotspot on that VirtualAP
by flynno
Thu Mar 24, 2016 7:33 pm
Forum: General
Topic: Facebook Wifi
Replies: 38
Views: 16396

Re: Facebook Wifi

:lol:
by flynno
Sat Mar 19, 2016 3:13 pm
Forum: Beginner Basics
Topic: TrueCafe with HapLite.
Replies: 5
Views: 997

Re: TrueCafe with HapLite.

Try Add

====Firewall NAT===
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge2
by flynno
Sat Mar 12, 2016 10:15 pm
Forum: Wireless Networking
Topic: Mikrotik Hotspot Config
Replies: 2
Views: 730

Re: Mikrotik Hotspot Config

Reset the RB951G with no default config, then put it in AP Bridge mode
by flynno
Fri Mar 11, 2016 9:30 pm
Forum: Beginner Basics
Topic: Hotspot Rate Limit
Replies: 1
Views: 672

Re: Hotspot Rate Limit

Each user has 5M/2M
by flynno
Fri Mar 11, 2016 9:25 pm
Forum: Beginner Basics
Topic: Begginer How to setup 2 SXT Station and Access Point
Replies: 4
Views: 5923

Re: Begginer How to setup 2 SXT Station and Access Point

What is the problem you're having?
by flynno
Fri Mar 11, 2016 9:21 pm
Forum: General
Topic: Sample Installations - Sticky Please
Replies: 230
Views: 136753

Re: Sample Installations - Sticky Please

Two recent installations completed
2.jpg
by flynno
Sat Feb 20, 2016 10:35 pm
Forum: General
Topic: Queue Not Limiting Download
Replies: 10
Views: 2587

Re: Queue Not Limiting Download

Disable Bridge

Interfaces> "Select Ether Port" >General
Master Port > "Select Port to make master" to bridge ports you want to bridge this way

That's how I sorted the Queue problem on my metal
by flynno
Fri Feb 19, 2016 4:35 pm
Forum: General
Topic: Queue Not Limiting Download
Replies: 10
Views: 2587

Re: Queue Not Limiting Download

Have you tried to remove the port from the bridge?

I use a simple que

/queue simple
add max-limit=1M/5M name=queue1 target=ether1-gateway
by flynno
Wed Feb 17, 2016 10:43 pm
Forum: Wireless Networking
Topic: Configuration Groove a-52HPn
Replies: 4
Views: 3686

Re: Configuration Groove a-52HPn

Hello can you post the configuration you're running at presen
by flynno
Wed Feb 17, 2016 9:29 pm
Forum: General
Topic: Queue Not Limiting Download
Replies: 10
Views: 2587

Re: Queue Not Limiting Download

Have you tried with bridge ip firewall disabled?
by flynno
Wed Feb 17, 2016 1:19 am
Forum: General
Topic: HotSpot + freeRadius
Replies: 2
Views: 1491

Re: HotSpot + freeRadius

Check out Daloradius to manage your hotspot
by flynno
Tue Feb 16, 2016 10:58 pm
Forum: Wireless Networking
Topic: HOTSPOT: not working as it should
Replies: 5
Views: 1213

Re: HOTSPOT: not working as it should

You are using dns servers 8.8.8.8 you need to remove that and let the router use the dns of your ISP and all you are running a script to disable and enable the wifi at a certain time this could be causing a problem if you don't have the NTP servers setup
by flynno
Tue Feb 16, 2016 12:56 am
Forum: Wireless Networking
Topic: Hotspot doesn't redirect to external login page
Replies: 2
Views: 669

Re: Hotspot doesn't redirect to external login page

Did you add the ip address of the external login page to the walled garden of the hotpot?
by flynno
Tue Feb 16, 2016 12:50 am
Forum: Wireless Networking
Topic: HOTSPOT: not working as it should
Replies: 5
Views: 1213

Re: HOTSPOT: not working as it should

Just had a look at the script, since this is a free hotpot for guests, you might be better of letting the guest login via trial profile, also you have radius enabled
by flynno
Sun May 31, 2015 12:33 am
Forum: Beginner Basics
Topic: Do I need RADIUS server ?
Replies: 3
Views: 923

Re: Do I need RADIUS server ?

I setup freeradius along with daloradius to manage users on my Hotspot network, it allowed new users to make a payment and create their own accounts then login into the network. Made life alot easier for me as all I had to do was make sure the internet stayed working. New user scans and finds Wi-Fi ...
by flynno
Sun May 31, 2015 12:10 am
Forum: Wireless Networking
Topic: Apple devices won't connect
Replies: 49
Views: 32097

Re: Apple devices won't connect

Turn off TKIP
by flynno
Sun May 31, 2015 12:01 am
Forum: General
Topic: Sample Hotspot Page - Sticky Please
Replies: 438
Views: 307801

Re: Sample Hotspot Page - Sticky Please

Login screen Wifi Hotspot including signup
login.jpg
by flynno
Sat Sep 13, 2014 6:45 pm
Forum: General
Topic: Integrating Facebook Connect with Hotspot Login / Authent ..
Replies: 132
Views: 275428

Re: Integrating Facebook Connect with Hotspot Login / Authen

Ok guys I think I got the login to work for facebook but the page needs styling, add code to your current login page and it should work. It also posts to facebook aswel see attached file, Edit the index.html with Notepad++ or dreamweaver Look for the below lines and change the appid to yours ======...
by flynno
Sat Sep 13, 2014 2:56 pm
Forum: General
Topic: Integrating Facebook Connect with Hotspot Login / Authent ..
Replies: 132
Views: 275428

Re: Integrating Facebook Connect with Hotspot Login / Authen

Preview for wifi login page for Cafe also make one for a bar,

Put a slot for name of cafe/bar up top left corner or something

anyone interested, pm me
by flynno
Fri Sep 12, 2014 4:02 pm
Forum: General
Topic: Integrating Facebook Connect with Hotspot Login / Authent ..
Replies: 132
Views: 275428

Re: Integrating Facebook Connect with Hotspot Login / Authen

Ok guys I think I got the login to work for facebook but the page needs styling, add code to your current login page and it should work. It also posts to facebook aswel see attached file, Edit the index.html with Notepad++ or dreamweaver Look for the below lines and change the appid to yours =======...
by flynno
Fri Sep 12, 2014 2:43 pm
Forum: General
Topic: Sample Installations - Sticky Please
Replies: 230
Views: 136753

Re: Sample Installations - Sticky Please

My two installs, can someone give me some instructions on how to make off my own pigtails with coaxial cable?
by flynno
Mon Sep 01, 2014 5:13 am
Forum: Scripting
Topic: Hotspot User API
Replies: 4
Views: 1401

Re: Hotspot User API

====================================== `radcheck` ====================================== username attribute op value test Cleartext-Password := test ====================================== `radgroupreply` ====================================== groupname attribute op value 1mb Mikrotik-Rate-Limit := 5...
by flynno
Fri Aug 29, 2014 11:14 pm
Forum: Scripting
Topic: Hotspot User API
Replies: 4
Views: 1401

Re: Hotspot User API

Hi boen_robot Ya I think freeradius is the best option but im having difficulty with new user hotspot profiles, I cant seem to create custom porfiles, the users seem to just be using the 'default' profile. I have this setup: Radusergroup = username groupname priority test 1mb 0 Radgroupreply = group...
by flynno
Thu Aug 28, 2014 9:09 pm
Forum: Scripting
Topic: Hotspot User API
Replies: 4
Views: 1401

Re: Hotspot User API

I decided to use freeradius on a DigitalOcean to manage 'New Wifi Users'. New users can now create their own username and passwords after making a payment by paypal. When payment is made the new users get redirected to a form on my webserver to collect customer details, upon completion the required ...
by flynno
Wed Aug 27, 2014 8:23 pm
Forum: Scripting
Topic: Hotspot User API
Replies: 4
Views: 1401

Hotspot User API

Hi Guys, I'm new to the forums only joined today but I have been reading them with quiet some time now. I got a hotspot running with a while, customers pay by paypal and then get redirected to a php form I have hosted on my web server to collect the username and passwords they create, but I have to ...