Community discussions

MikroTik App

Search found 66 matches

by howdey57
Sat Aug 29, 2020 12:10 pm
Forum: General
Topic: Is there a website where I can put my example configs?
Replies: 3
Views: 245

Is there a website where I can put my example configs?

Over the few years I've been using Mikrotik products at home, I have written some scripts and built configs with help from this forum. I would like to share them so that other home users can copy what I have done. Is there a site I can put these things on? Could that be the wiki? Could it be the new...
by howdey57
Sun Aug 09, 2020 12:53 pm
Forum: General
Topic: Unresolving pages via IPsec VPN
Replies: 5
Views: 1397

Re: Unresolving pages via IPsec VPN

Sindy, Good to see you have replied! I first tried putting that rule in the France router (ie the sub-office), but it killed the VPN so I presumed I put the rule on the wrong end. I then put the rule on the London end (ie main office) but that killed the VPN too As you will see, I only send the rang...
by howdey57
Sat Aug 08, 2020 11:38 am
Forum: General
Topic: Unresolving pages via IPsec VPN
Replies: 5
Views: 1397

Re: Unresolving pages via IPsec VPN

Any pointers as to what I can do?

Charles
by howdey57
Sat Aug 08, 2020 11:24 am
Forum: General
Topic: DNS and VPN after 6.47 - the "L7 Hack"
Replies: 2
Views: 773

Re: DNS and VPN after 6.47 - the "L7 Hack"

Thanks.

I suspect I asked the wrong question. I had a go at the answer (thinking the L7 Hack would help) but it didn't solve by pages not resolving issue. I have redone the question here. viewtopic.php?f=2&t=164704
by howdey57
Sat Aug 08, 2020 11:21 am
Forum: General
Topic: Unresolving pages via IPsec VPN
Replies: 5
Views: 1397

Unresolving pages via IPsec VPN

I thought I had the answer to my VPN issue with my question https://forum.mikrotik.com/viewtopic.php?f=2&t=164604 about the L7 Hack a few days ago, but I was wrong. That deals with when you want to intercept DNS requests. My issue is that, when I connect my IPsec VPN from the remote office and direc...
by howdey57
Thu Aug 06, 2020 12:56 pm
Forum: General
Topic: DNS and VPN after 6.47 - the "L7 Hack"
Replies: 2
Views: 773

DNS and VPN after 6.47 - the "L7 Hack"

DNS does not work well for me over my IPsec VPN between two offices. When I put all traffic through the main office, DNS does not work in the remote office. I read that the L7 Hack, that seems to address this, has been formalised in 6.47beta60 but I cannot find instructions on where that config is o...
by howdey57
Tue May 05, 2020 2:18 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

So, I am connected!! Brilliant!!!! In France and London - I used the fqdn in the Peer address and left the local-address blank - Disabled the scripts that previously update them (or not, in France!!!) In France: - I updated the Policy to use the right Peer I have learned: 1. I now have a back door v...
by howdey57
Tue May 05, 2020 11:54 am
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

Ah, never heard them called dwarfs before. I did wait overnight, but no change. I then ssh'd into the french router and found the Peer ip for London had not been updated (so I changed it). I also stopped London initiating the link because France is doing that. Now, the "FRANCELondon-Laptop" link has...
by howdey57
Mon May 04, 2020 9:30 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

If you mean DDNS (not dwarfs ;-) ), quite a while. I checked the DNS using mxtoolbox and it found the same IP address. Also, I have left the RB4011 in for hours and it still doesn't connect. Do you think it could be something about not setting the Policy sa-src-address or the Peer local-address?. I ...
by howdey57
Mon May 04, 2020 9:20 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

No, I checked that for both the UK and France. I look on Winbox quick set and it says the wan address.
by howdey57
Mon May 04, 2020 8:43 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

That's a good thought, but I use the DDNS from my Synology box behind the router so I don't have to change the DDNS name in France if I change the router (ie the dedicated DDNS name would change when I changed the router). This is what I see in the RB4011 lg file 18:34:31 ipsec ike2 starting for: FR...
by howdey57
Mon May 04, 2020 5:10 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

Hopefully all here! Here is the London RB4011 - This is the one that does not connect to France. # may/04/2020 11:54:59 by RouterOS 6.46.6 # software id = YCNI-BQ6N # # model = RB4011iGS+5HacQ2HnD # serial number = /caps-man channel add band=2ghz-g/n control-channel-width=20mhz extension-channel=dis...
by howdey57
Mon May 04, 2020 9:32 am
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

I haven't tried it yet. I was not sure about Safe Mode. If I make the change in France, I imagine the VPN will go down and (hopefully) reconnects. However, Safe Mode recognises that the connection has been lost and undoes my changes!! Therefore I never know if my change will work. Is that how Safe M...
by howdey57
Sun May 03, 2020 6:53 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

Sindy, you helped me before. You may remember I have the router in France. I think it may be because I am not setting the sa-src-address (via the Peer local address). I think I must have set it up before v6.44. It seems to continue to work on the old pairing (RB951 - France) but not on the new pairi...
by howdey57
Sun May 03, 2020 1:14 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Re: Moving config from RB951G-2HnD to RB4011

Thanks for your responses, very helpful. I went back to basics for the new RB4011. I used the default config and then added in the things I need. The CAPSMAN now works. I suspect it was a firewall rule issue. The IPSec VPN doesn't work. I have copied the exact VPN config and I think I've got the Fir...
by howdey57
Fri May 01, 2020 1:07 am
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 2825

Moving config from RB951G-2HnD to RB4011

I've just bought an RB4011 to replace my RB951G-2HnD. The RB951G has firewall, CAPSMAN, IPSec VPN etc all working well - I have 2 APs in my house too. I exported the config from the RB951G and carefully duplicated it on the RB4011 through the Winbox terminal bit by bit, getting rid of errors as I we...
by howdey57
Fri Apr 12, 2019 8:36 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Sindy, Sorry for the delay in responding. This now works. Thanks for your help and spending so much time on this. You are very generous with your time and knowledge. The things I had to do were: In the UK, put ipsec-policy=in,ipsec in all rules that might stop the French traffic. Stop traffic from t...
by howdey57
Mon Apr 08, 2019 11:30 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

I did a tracert with the NAT rule turned on. Looks like you are correct: The tracert seems REALLY slow - not just the 51ms below. Tracing route to 8.8.8.8 over a maximum of 30 hops 1 3 ms 1 ms 1 ms 192.168.65.1 2 51 ms 49 ms 56 ms 192.168.64.1 3 * * * Request timed out. 4 * * * Request timed out. 5 ...
by howdey57
Mon Apr 08, 2019 8:46 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

I added ipsec-policy=in,none to the UK rule. I then enabled the chain=srcnat action=accept src-address=192.168.65.79 rule in France but the laptop still can't get to the internet (via the UK?) Do I need to disable the Raw rules as well? My firewall rules have built up over a number of years and may ...
by howdey57
Sun Apr 07, 2019 11:05 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Complicated! I've exported both sides, /ip only. Hopefully that is enough. And hopefully, nothing sensitive! And thanks for your help! Charles France # apr/07/2019 19:36:45 by RouterOS 6.44.2 # software id = 65FW-3KRA # # model = 2011UiAS-2HnD /ip ipsec profile add dh-group=modp4096 enc-algorithm=ae...
by howdey57
Sun Apr 07, 2019 9:18 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

The suggested NAT Rule seems to kill the connection from the laptop. I do already have exceptions for the existing 64.0 to 65.0 VPN so perhaps that's ok. However that doesn't explain my French external IP address. Any other ideas? DNS perhaps? I added the exception to the fast-track firewall rule - ...
by howdey57
Sun Apr 07, 2019 7:14 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Sindy, Sorry, I should have put the print in my response. Here it is: [admin@Red MikroTik] > /ip ipsec installed-sa print Flags: H - hw-aead, A - AH, E - ESP 0 E spi=0x6F3F16 src-address=x.x.x.x:4500 dst-address=192.168.1.38:4500 state=mature auth-algorithm=sha512 enc-algorithm=aes-cbc enc-key-size=...
by howdey57
Sun Apr 07, 2019 5:58 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Sindy, Thanks for the prompt reply. There are two pairs. The first has a large number of packets (current-packets=148443) whilst the other has much less (current-packets=796). I know I'm not going through the VPN because bbc.co.uk gets redirected to bbc.com (the BBC only serves .co.uk if you are in ...
by howdey57
Sun Apr 07, 2019 5:29 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Sindy, I'm having a go with this. I thought I'd try with just one IP address (192.168.65.79). I have put in the following Policies. The second Policy is the existing VPN. Branch Office /ip ipsec policy add comment="FranceLondon-Laptop " dst-address=0.0.0.0/0 sa-dst-address=\ x.x.x.x sa-src-address=0...
by howdey57
Thu Mar 28, 2019 8:50 pm
Forum: General
Topic: L2TP Dynamic Peer not appearing
Replies: 2
Views: 995

Re: L2TP Dynamic Peer not appearing

OK. Tried that and it worked.

Thanks.
by howdey57
Sun Mar 24, 2019 8:58 pm
Forum: General
Topic: L2TP Dynamic Peer not appearing
Replies: 2
Views: 995

L2TP Dynamic Peer not appearing

Is this one for Sindy? I have just swapped the config from a HAP AC2 to a HAP AC. I exported from one and ran the script on the second. On the AC2, I've been using L2TP successfully for a year but am having difficulty getting the AC to work. The thing I've noticed is that the Dynamic Peer, created w...
by howdey57
Sun Dec 09, 2018 11:52 am
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Sindy, I was about to do this but then had a further thought. Is there a way to use address lists to say which specific machines should go via the head office VPN, rather than them all? If that is possible, then all i need to do is add or take off ip addresses from that address list. The use case is...
by howdey57
Sun Nov 04, 2018 10:54 pm
Forum: General
Topic: L2TP IPSec PSK VPN and Pixel 3 dropping after a minute
Replies: 0
Views: 441

L2TP IPSec PSK VPN and Pixel 3 dropping after a minute

I've just got a new Pixel 3 and am having difficulty keeping a VPN connected to my MK router. The VPN does after about a minute. Very frustrating. I don't have the same problem with a Pixel 2 which has been working will for ages.

Is anyone else having the same problem?

Charles
by howdey57
Sat Oct 20, 2018 2:45 pm
Forum: Scripting
Topic: Log Monitoring Script
Replies: 2
Views: 5301

Log Monitoring Script

I wanted a way to monitor log files for certain entries. I have created a script based on the various log monitoring scripts I have found. I thought I might share this in case others wanted an alternative. The only challenge is that, due to an issue with how ROS displays time in log files around mid...
by howdey57
Mon Oct 08, 2018 5:46 pm
Forum: Scripting
Topic: Built in function library
Replies: 82
Views: 32148

Re: Built in function library

Chupaka

You are correct about log entries not directly being about functions but the flip side is that you need lots of other functions to be built to manipulate the inconsistent log date formats.

I'll try support@.

Thanks

Charles
by howdey57
Mon Oct 08, 2018 5:06 pm
Forum: Scripting
Topic: Built in function library
Replies: 82
Views: 32148

Re: Built in function library

Thanks. Commas it will be! The date challenge is twofold: 1. Dates in the log file are not consistent. The date is excluded from entries for today and the year is missed out for entries this year. Ideally there would be a switch to set all log date/times to YYYYMMDDHHMMSS format. Machine readable an...
by howdey57
Mon Oct 08, 2018 11:48 am
Forum: Scripting
Topic: Built in function library
Replies: 82
Views: 32148

Re: Built in function library

Thanks. I'll try those. Are they mentioned in the wiki?

Any thoughts on the dates?
by howdey57
Mon Oct 08, 2018 11:23 am
Forum: Scripting
Topic: Built in function library
Replies: 82
Views: 32148

Re: Built in function library

I'd like to have a debug function that helped with basic syntax. When writing code I spend most of my time getting the basics in place. I write my logic then comment most of it out then uncomment line by line to make sure each line is working. With ros code, if it doesn't work, you get nothing to sa...
by howdey57
Tue Sep 25, 2018 12:36 am
Forum: General
Topic: Log File Dates & Times seem to be incorrect
Replies: 8
Views: 1680

Re: Log File Dates & Times seem to be incorrect

Does anyone from MikroTik have anything to say about this? It looks to me like a software error.

Charles
by howdey57
Sun Sep 23, 2018 11:01 pm
Forum: General
Topic: Log File Dates & Times seem to be incorrect
Replies: 8
Views: 1680

Re: Log File Dates & Times seem to be incorrect

Any views on why the log is so weird around midnight?

It looks like the internal date processor doesn't work. Could it be to do with the time zone?

The log file produced at 02:05:00 behaves properly.

Charles
by howdey57
Sun Sep 23, 2018 6:59 pm
Forum: General
Topic: Log File Dates & Times seem to be incorrect
Replies: 8
Views: 1680

Re: Log File Dates & Times seem to be incorrect

Mkx

I've never seen your first point. When you access the log programmatically, the datetimes come in the 3 flavours.

+1 for your second point.

Charles
by howdey57
Sun Sep 23, 2018 6:10 pm
Forum: General
Topic: Log File Dates & Times seem to be incorrect
Replies: 8
Views: 1680

Log File Dates & Times seem to be incorrect

I am trying to track new log entries. I have a script that works except around midnight. Overarching Issue: Ideally log entries would have Date Time written consistently as YYYY-MM-DD HH:M:SS. I cannot understand why it is done in a way that is not machine readable (and in US format too). Is there a...
by howdey57
Sat Sep 01, 2018 9:45 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Sindy Thanks for this and sorry for the delay in letting you know how I am getting on. 1. Worked. Thanks. 2. Still plucking up the courage to do this. Just don't want to cut myself off from the remote office. I'll let you know. I'm currently battling with chatty Chinese security cameras that want to...
by howdey57
Mon Aug 27, 2018 1:39 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Re: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Sindy, and I thought this would be easy!! Thanks for looking. There are two problems: 1. How to ping from one router to another - The ping says "Host Unreachable" and names the WAN address 2. How to default the Sub Office so all internet traffic goes though the main office. The two router configs ha...
by howdey57
Sun Aug 19, 2018 1:49 pm
Forum: General
Topic: Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?
Replies: 22
Views: 2787

Is there a definitive guide showing how to force all traffic through IPSec tunnel and out through Head Office ?

Newbie Question (perhaps I will always be a newbie with Mikrotik!!). I have two mikrotik routers connected via IPSec. I want to force all traffic from the remote site to go through the VPN and out of the Head Office WAN connection. There are lots of long posts that offer lots of ways, all of which s...
by howdey57
Mon Aug 13, 2018 1:11 am
Forum: General
Topic: How do I: Route with ipsec and L2TP?
Replies: 2
Views: 489

Re: How do I: Route with ipsec and L2TP?

Thank you sindy. That worked. I changed the pool to the same subnet and changed the profile to proxy-arp on the bridge only and things seem to work now.

Charles
by howdey57
Sun Aug 12, 2018 9:13 pm
Forum: General
Topic: How do I: Route with ipsec and L2TP?
Replies: 2
Views: 489

How do I: Route with ipsec and L2TP?

Noobie question: I don't yet have a config problem. I just don't know where to start. I have 2 networks with different subnets joined by a new IPsec VPN. When away from the network, i connect using my laptop using a L2TP VPN. My question is: what do I need to use to be able to get to the "far" netwo...
by howdey57
Tue Apr 10, 2018 11:28 am
Forum: RouterBOARD hardware
Topic: SFP dsl modem compatibility list
Replies: 0
Views: 1541

SFP dsl modem compatibility list

There is an active discussion https://forum.mikrotik.com/viewtopic.php?f=3&t=104109&e=1 here but no summary list of compatible SFP modules that allow MT kit to connect to ADSL/VDSL. It should be here https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table but has yet to be done. Pleas...
by howdey57
Mon Apr 09, 2018 11:51 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 366
Views: 122419

Re: Mikrotik VDSL / DSL Modem?

This is a very long thread now. Is there a summary in the Mikrotik documentation that describes the SFP dsl hardware that works with Mikrotik routers (with settings)?

Charles
by howdey57
Tue Sep 26, 2017 2:21 pm
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 31757

Re: v6.40.3 [current]

I know. I originally put it as a question that i could find the answer to myself, then thought better of it but couldn't delete it. I then changed it to the anodyne response above!

My bad.

-end-
by howdey57
Tue Sep 26, 2017 8:40 am
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 31757

Re: v6.40.3 [current]

Thanks for the response.

Maybe I have. I will investigate.
by howdey57
Mon Sep 25, 2017 11:56 pm
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 31757

Re: v6.40.3 [current]

Hi All, I installed 6.40.3 over the weekend and seem to have a problem. I use passthrough firewall rules to track Bytes used by IP addresses in an Address List. Before the update I was using about 2 GB per day, but since the upgrade that has fallen to approx 10MB. I know I am using more! Has anyone ...
by howdey57
Sat Aug 26, 2017 8:15 pm
Forum: Beginner Basics
Topic: Firewall rule for L2TP/IPSec access to router
Replies: 3
Views: 9877

Re: Firewall rule for L2TP/IPSec access to router

pukkita, Thanks for the response. Your guesses were correct. I added the /interface L2TP server binding and the static interface to the Interface List and, after a delay, saw the L2TP connections using those rather than dynamic ones. The only issue is that I need to add a L2TP Server binding and a n...
by howdey57
Thu Aug 24, 2017 11:15 am
Forum: Beginner Basics
Topic: Firewall rule for L2TP/IPSec access to router
Replies: 3
Views: 9877

Firewall rule for L2TP/IPSec access to router

I had success to connect "L2TP/IPSec VPN Remote Worker Access" https://forum.mikrotik.com/viewtopic.php?f=13&t=124618 but had a problem connecting Windows 10 machines through the Virgin Media router so I've put that router in modem mode and put the 2011 as router behind it. I've configured the VPN e...
by howdey57
Fri Aug 18, 2017 12:22 am
Forum: Beginner Basics
Topic: L2TP/IPSec VPN Remote Worker Access
Replies: 11
Views: 12090

Re: L2TP/IPSec VPN Remote Worker Access

doneware, Brilliant, thanks. Both suggestions worked. Adding dns-server=8.8.8.8 to the /ppp profile meant I could access the internet. So the vpn client doesn't know where to go without the DNS address and changing to local-address=192.168.1.203 meant I could see all local addresses. I presume this ...
by howdey57
Thu Aug 17, 2017 10:41 am
Forum: Beginner Basics
Topic: L2TP/IPSec VPN Remote Worker Access
Replies: 11
Views: 12090

Re: L2TP/IPSec VPN Remote Worker Access

doneware, Thanks for the suggestion. The rule sounds complicated! I thought that if I changed the vpn-pool to 192.168.1.100-110 then I'd be in the same range as the Virgin router (i put proxy-arp on the bridge). That didn't give me access to the internet but when I put in 192.168.1.1 I get to the 20...
by howdey57
Wed Aug 16, 2017 5:28 pm
Forum: Beginner Basics
Topic: L2TP/IPSec VPN Remote Worker Access
Replies: 11
Views: 12090

Re: L2TP/IPSec VPN Remote Worker Access

Thanks for the responses. I agree with pe1chl. Proxy-Arp is not required if on a different subnet. The Virgin Media Router is set up correctly as connections are being made. One other thing I've noticed is that the Windows machine I connect with does not have a "Gateway" for the VPN connection (when...
by howdey57
Wed Aug 16, 2017 9:36 am
Forum: Beginner Basics
Topic: L2TP/IPSec VPN Remote Worker Access
Replies: 11
Views: 12090

L2TP/IPSec VPN Remote Worker Access

I've used this set of instructions https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP#L2TP.2FIpSec_setup to create a L2TP/IPSec VPN, I can connect successfully to the VPN and can get to the Webfig of the 2011. The network looks like this. The 2011 is in bridge mode behind a cable router. The cable...
by howdey57
Sun Mar 15, 2015 12:29 pm
Forum: General
Topic: Routing through an IPSec VPN
Replies: 7
Views: 2280

Re: Routing through an IPSec VPN

Thanks very much troffasky and ZeroByte for the response. #4 sounds complicated, so I will have a think and a try. #5. The NAT rules in my Office 1 Mikrotik are: add chain=srcnat comment="Office 2 to Office 1" dst-address=192.168.0.0/24 out-interface=ether1-gateway src-address=192.168.1.0/24 add act...
by howdey57
Sat Mar 07, 2015 10:59 am
Forum: General
Topic: Routing through an IPSec VPN
Replies: 7
Views: 2280

Routing through an IPSec VPN

I am having difficulty accessing a RaspberryPi on a remote network. I don't know what I need to do next; is it a route, and address, a mangle?? I have the following network. I have 3 successful things and 2 unsuccessful things and any help to fix these would be gratefully received. Network Diagram v...
by howdey57
Sun Jan 18, 2015 5:57 pm
Forum: Beginner Basics
Topic: Newbie routing question.
Replies: 1
Views: 724

Newbie routing question.

I am new to the sophisticated world of Mikrotik Routers. Previously, I used a standard Draytek that didn't allow me to do too much. I don't know if I am going to ask this question using the right words, but it would be great if someone could point me in the right direction. I have created an IPSec V...
by howdey57
Sun Jan 18, 2015 5:47 pm
Forum: Beginner Basics
Topic: Why is it so hard to set up internet access to Webfig?
Replies: 10
Views: 3205

Re: Why is it so hard to set up internet access to Webfig?

For access to the Router itself from the Internet, I use this firewall rule. For my simple mind, this works because it opens up port 80 on the first thing the internet hits. chain=input action=accept protocol=tcp dst-port=80 log=no log-prefix="" For access to my fileserver from the Internet, I use t...
by howdey57
Sat Jan 10, 2015 7:18 pm
Forum: Beginner Basics
Topic: IPSec VPN behind 3G private network (Draytek to Mikrotik)
Replies: 3
Views: 2024

Re: IPSec VPN behind 3G private network (Draytek to Mikrotik

After a VERY long time trying to make this work, I have found the solution. In the end, to connect from a Draytek (2830) to a Mikrotik( RB2011) when the Draytek is NATed behind an IP address provided by a 3G mobile operator I had to do the following: 1. On the Draytek, in the IPSec settings, make su...
by howdey57
Thu Jan 08, 2015 11:57 pm
Forum: Beginner Basics
Topic: Why is it so hard to set up internet access to Webfig?
Replies: 10
Views: 3205

Re: Why is it so hard to set up internet access to Webfig?

So I managed to figure this out. To access a server within the internal network from outside, you need to set up a NAT rule. To access the router itself from outside, you need to set up a Firewall rule to open up the port you want to use. Perhaps that is obvious to some, but it confused me a lot whe...
by howdey57
Thu Jan 08, 2015 11:50 pm
Forum: Beginner Basics
Topic: IPSec VPN behind 3G private network (Draytek to Mikrotik)
Replies: 3
Views: 2024

Re: IPSec VPN behind 3G private network (Draytek to Mikrotik

I have managed to get a request from the Draytek to the Mikrotik by finding the IP address the Draytek is using (by seeing the UDP traffic on Port 500 on the Mikrotik firewall). The problem is that the connection is not made even though I have an identical set up between another Draytek to the Mikro...
by howdey57
Mon Jan 05, 2015 10:25 pm
Forum: Beginner Basics
Topic: Why is it so hard to set up internet access to Webfig?
Replies: 10
Views: 3205

Re: Why is it so hard to set up internet access to Webfig?

OK. I found the "Firewall Router" tick box. It was on the "Home AP" Quick set, not the default "WISP AP". As indicated by some posts, I have added a NAT rule on port 443 to get through to my Fileserver and that works whether I have the "Firewall Router" ticked or nor. However, if I create a NAT rule...
by howdey57
Mon Jan 05, 2015 3:11 pm
Forum: Beginner Basics
Topic: Why is it so hard to set up internet access to Webfig?
Replies: 10
Views: 3205

Re: Why is it so hard to set up internet access to Webfig?

Will do.

Please could you also point me at the wiki page that describes how to do it.

Thanks
by howdey57
Mon Jan 05, 2015 9:21 am
Forum: Beginner Basics
Topic: Why is it so hard to set up internet access to Webfig?
Replies: 10
Views: 3205

Re: Why is it so hard to set up internet access to Webfig?

Thanks for the response. I don't have that setting on Quick Set. I have a new RB2011 with V6.24.

Where next?

Charles
by howdey57
Sun Jan 04, 2015 10:49 pm
Forum: Beginner Basics
Topic: Why is it so hard to set up internet access to Webfig?
Replies: 10
Views: 3205

Why is it so hard to set up internet access to Webfig?

There does not seem to be a definitive method to access Webfig on my RB2011 router from the internet. Is it actually possible? I have tried lots of different ways from many sites but none work (NAT, Firewall etc).

Can someone provide a working example?

Thanks

Charles
by howdey57
Sun Jan 04, 2015 7:52 pm
Forum: Beginner Basics
Topic: IPSec VPN behind 3G private network (Draytek to Mikrotik)
Replies: 3
Views: 2024

IPSec VPN behind 3G private network (Draytek to Mikrotik)

I am trying to create a VPN from a Draytek router (2830) to a Mikrotik router (RB2011), but cannot . I have previously done this between two Drayteks (one connecting using 3G), so I know it is possible. I also know my VPN settings should work because I have created an identical VPN between another ...
by howdey57
Wed Dec 31, 2014 2:38 pm
Forum: General
Topic: VPN site-to-site IPSec tunnel
Replies: 11
Views: 2746

Re: VPN site-to-site IPSec tunnel

Can you tell me how I put in the dynamic address (eg xxx.dyndns.org) into the VPN setup rather than the IP address?

Thanks