Community discussions

Search found 88 matches

  • 1
  • 2
by Exiver
Mon Aug 12, 2019 7:32 pm
Forum: General
Topic: Backup config for bulk deployment
Replies: 2
Views: 292

Re: Backup config for bulk deployment

How do these Backups look like? If you have set mac addresses on bridges or interfaces manually these will be exported (and imported) as well. You could either remove those entries (/interface ethernet ...) from your backups or reset the ports automatically after you have imported the backup via a s...
by Exiver
Mon Aug 12, 2019 7:27 pm
Forum: General
Topic: Allow traffic between isolated subnets? [SOLVED]
Replies: 8
Views: 582

Re: Allow traffic between isolated subnets? [SOLVED]

Depends on your other firewall configuration but most likely you are missing the return path - means right now you are allowing ips from 10.8.0.0/23 to send packets to 10.6.0.151. But if 10.6.0.151 wants to answer any packet it will be dropped by your deny-rule. Setup a second rule with something li...
by Exiver
Mon Aug 12, 2019 7:22 pm
Forum: Beginner Basics
Topic: Port Group Isolation [SOLVED]
Replies: 5
Views: 574

Re: Port Group Isolation [SOLVED]

Yes your configuration is logically correct. You may need to check whether the Switch allows you to use Hardware Offloading ( https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Hardware_Offloading ) on two different bridges on the same switch chipset. If it does not you may see performanc...
by Exiver
Mon Aug 12, 2019 4:40 pm
Forum: Beginner Basics
Topic: vpn between 2 sites for printers
Replies: 1
Views: 188

Re: vpn between 2 sites for printers

The good news is: Every MikroTik device running RouterOS is able to make use of different VPN-methods (IPSEC, Openvpn[tcp only], SSTP, L2TP and so on). If your only purpose is to connect multiple printers together you wont need that much speed going over your VPN - but if you are unsure what your de...
by Exiver
Mon Aug 12, 2019 4:36 pm
Forum: Beginner Basics
Topic: Using VPN for only RDP (3389)
Replies: 1
Views: 149

Re: Using VPN for only RDP (3389)

You should go with the ip-firewall configuration under /ip firewall filter. Best way is to block everything and allow only protocols and ports you want to be accessed. That means you can filter everything except clients source-address to your RDP servers destination address and port (as well as the ...
by Exiver
Mon Aug 12, 2019 2:04 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 73
Views: 16773

Re: v6.45.3 [stable] is released!

Can't login via linux MAC-Telnet 0.4.4. after update to this version. Connecting to.......done Login failed, incorrect username or password ROS log: echo: system,error,critical login failure for user admin from XX:XX:XX:XX:XX:XX via mac-telnet. The password is correct. Seems like you did not read t...
by Exiver
Thu Aug 08, 2019 8:07 pm
Forum: Wireless Networking
Topic: MAP2n as Travel Router Configuration Assistance
Replies: 15
Views: 1088

Re: MAP2n as Travel Router Configuration Assistance

We do provide LAN based access in at least one hotel here in Germany (additional to wifi) ;o) But you are right this is not really common i guess. You can give it a try - even in your home network. Set the SSID on wlan1 to your private SSID at home, change the psk-passphrase and check whether it wor...
by Exiver
Thu Aug 08, 2019 7:55 pm
Forum: Wireless Networking
Topic: MAP2n as Travel Router Configuration Assistance
Replies: 15
Views: 1088

Re: MAP2n as Travel Router Configuration Assistance

You could definitely do that. But there are a few things that need to be changed: -> Add a second bridge called something like "external" and change the name of the existing bridge from "bridge" to something more intuitive like "internal" -> Remove "ether1" from the first bridge and add "ether1" and...
by Exiver
Thu Aug 08, 2019 6:20 pm
Forum: Beginner Basics
Topic: Mikrotik Router Management via Web App
Replies: 2
Views: 327

Re: Mikrotik Router Management via Web App

You could check if Mikrotik API is suitable for the commands you want to execute on the router (https://wiki.mikrotik.com/wiki/Manual:API). API implementations are out there for at least PHP, Pearl and Python (most likely for more programming languages, just google it). If that does not fit your nee...
by Exiver
Thu Aug 08, 2019 6:11 pm
Forum: Wireless Networking
Topic: MAP2n as Travel Router Configuration Assistance
Replies: 15
Views: 1088

Re: MAP2n as Travel Router Configuration Assistance

There are a few things to mention here: -> It doesnt matter if the router has two or one radio - but it looks like you have already configured a slave wifi interface (wlan2). -> Set the mode for wlan1 to "station" -> Set the mode for wlan2 to "ap-bridge" and delete entries "wds-default-bridge" and "...
by Exiver
Thu Aug 08, 2019 5:48 pm
Forum: Wireless Networking
Topic: CapsMan with two SSID and two Bridge
Replies: 1
Views: 199

Re: CapsMan with two SSID and two Bridge

As always: post your configuration. Otherwise people can just guess and that wont help you that much ;-)
by Exiver
Thu Aug 08, 2019 5:45 pm
Forum: General
Topic: Migrating self signed CA
Replies: 7
Views: 921

Re: Migrating self signed CA

@wolfktl pls post your whole configuration (Original Router, Backup Router and Client) - otherwise its just a guess into the blue..

-> /export hide-sensitive
by Exiver
Mon Jul 15, 2019 7:25 pm
Forum: Wireless Networking
Topic: how to send AT commands to EC25 LTE modem in LTAP Mini
Replies: 6
Views: 458

Re: how to send AT commands to EC25 LTE modem in LTAP Mini

In RouterOS v6.39 and newer the EC25-MiniPCIe module can be configured as a LTE Interface which can support local IP address from modem. Use this AT command to enable it and after that reset the module: at+qcfg="usbnet",1 Source: https://wiki.mikrotik.com/wiki/Cellular_Quectel_modems_01#Summary It ...
by Exiver
Sat Jun 22, 2019 3:28 pm
Forum: Wireless Networking
Topic: CAPsMAN 5GHz wireless channel problems
Replies: 11
Views: 10443

Re: CAPsMAN 5GHz wireless channel problems

@Kampfwurst:
Please open a new thread with your hardware details and configuration. A few things have changed between 6.34 and 6.44
by Exiver
Fri Jun 07, 2019 12:20 pm
Forum: General
Topic: OpenVPN GUI 2.4.7 can't connect openvpn server
Replies: 6
Views: 473

Re: OpenVPN GUI 2.4.7 can't connect openvpn server

Did you read your Clients log file? Fri Jun 07 10:10:59 2019 VERIFY ERROR: depth=0, error=self signed certificate: CN=myCa Fri Jun 07 10:10:59 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed You have set myCa as server certificate on your mikrotik i...
by Exiver
Fri Jun 07, 2019 12:30 am
Forum: General
Topic: Pfsense to Mikrotik ipsec tunnel one way traffic
Replies: 1
Views: 206

Re: Pfsense to Mikrotik ipsec tunnel one way traffic

Post your configs. Everything else will only lead to guessing and that does not really help ;-) There are a few things you could check with that error but they all depend on configurations of your routerboard and pfsense.
by Exiver
Tue Jun 04, 2019 12:07 am
Forum: Beginner Basics
Topic: NAT problem?
Replies: 12
Views: 654

Re: NAT problem?

Perhaps there is a Router God, that can see configurations over long distances?? haha nice jok, you are all right but i think at end i will solve it by putting new wifi router behind mikrotik and disable wifi from ISP thank you all for patience and understanding You could have posted your configura...
by Exiver
Mon Jun 03, 2019 7:37 pm
Forum: RouterBOARD hardware
Topic: hAP ac bricked
Replies: 3
Views: 422

Re: hAP ac bricked

We had several problems with hap ac lites (RB952Ui-5ac2nD) and some of them bootlooping after software upgrades. We normally do have protected-routerboot activated to avoid erased devices when customers really like to press reset buttons. We have learned a few things from this, since hap ac lite and...
by Exiver
Mon Jun 03, 2019 6:23 pm
Forum: General
Topic: Bonding 2 WANs problem
Replies: 2
Views: 164

Re: Bonding 2 WANs problem

Just a little bit more input after @IPATEAM has posted the correct link to give you more information about bonding. It looks like you would not really want bonded interfaces but some kind of loadbalancing. First: There is a little misunderstanding out there about having multiple uplinks on one route...
by Exiver
Mon Jun 03, 2019 4:53 pm
Forum: General
Topic: user ttl after vpn stop
Replies: 2
Views: 181

Re: user ttl after vpn stop

You should consider that you have posted as little information about your setup / configuration as possible. Others, who have not been involved with your setup may only guess right now since it could be everything or nothing. So please make sure you post everything which is needed (network diagram, ...
by Exiver
Wed May 22, 2019 7:58 pm
Forum: Wireless Networking
Topic: Trouble updating cAP version
Replies: 5
Views: 351

Re: Trouble updating cAP version

Please check whether Capsman or the Client has something about the upgrade in the systems log. Sometimes we have seen a message stating that upgrade was not possible.
by Exiver
Tue May 07, 2019 9:58 pm
Forum: Beginner Basics
Topic: Bridge interface not showing traffic [SOLVED]
Replies: 18
Views: 1174

Re: Bridge interface not showing traffic [SOLVED]

I think there is an error in your configuration. The external ip address of your router is bound to the physical interface "combo1" but this port is member of the bridge "bridge-wan". Can you please try to fix this (if you are remote you should consider doing that with safe mode). Additionally your ...
by Exiver
Tue May 07, 2019 9:19 pm
Forum: Beginner Basics
Topic: Port forwarding: in-interface (not working) vs in-interface-list/dst-address (working)?
Replies: 3
Views: 231

Re: Port forwarding: in-interface (not working) vs in-interface-list/dst-address (working)?

It looks like you are using a pppoe-connection. That means the active pppoe-connection is an additional "interface" on your router. ether1 is only the physical link but not the interface where your router receives the traffic coming from the internet. Thats why your interface-list works (ether1 AND ...
by Exiver
Tue May 07, 2019 9:14 pm
Forum: Beginner Basics
Topic: [Help] Probably Loop
Replies: 2
Views: 266

Re: [Help] Probably Loop

The error is written right there ;-) Loop means that your network has two or more ways to reach the destination. Normally you would use something like spanning-tree-protocol (or the faster version rstp) so that your switches or bridges know where to send the packages. That requires your network equi...
by Exiver
Tue May 07, 2019 8:59 pm
Forum: Wireless Networking
Topic: virtual wlan capsmanager
Replies: 5
Views: 380

Re: virtual wlan capsmanager

I was asking for the output of capsmanager because my guess is that the old "wlan2" interface is still listed there (but not visible on the cap since it is not active anymore). That means if capsman still knows about "wlan2" he will increment this number for your newly created interface and name it ...
by Exiver
Tue May 07, 2019 8:56 pm
Forum: Wireless Networking
Topic: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message
Replies: 23
Views: 1708

Re: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message

I think that looks good. Are you able to add the debug-cap rule on that cap which isnt working? We most likely need the part when it stops working so you could maybe log to a file and upload it after you see that its not working anymore?

debug-log rule would be topics=caps,debug
by Exiver
Tue May 07, 2019 8:52 pm
Forum: Wireless Networking
Topic: Requests wrong RSN group cipher
Replies: 10
Views: 1130

Re: Requests wrong RSN group cipher

Does the actual-interface-configuration show the applied changes? Can you please try to remove the network from one of these wifi-client-devices (for example the apple device 30:35:AD:AC:28:08) and readd it? Just to make sure we are not running after a ghost :)
by Exiver
Tue May 07, 2019 8:50 pm
Forum: General
Topic: L2TP + IPSec -> policy not found [SOLVED]
Replies: 5
Views: 327

Re: L2TP + IPSec -> policy not found [SOLVED]

0.0.0.0/1 or 128.0.0.0/1 is not working. To be honest i have never seen anyone using a netmask of 1. Why did you do that? dst-address should be 0.0.0.0/0 .... This is not the root cause of the issue. 0.0.0.0/1 covers "the lower half of the IPv4 internet", i.e. IP addresses from 0.0.0.0 to 127.255.2...
by Exiver
Tue May 07, 2019 12:19 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Channel advise
Replies: 9
Views: 512

Re: [CAPsMAN] Channel advise

There are some things you can try to make your setup better. But that mostly relies on some kind of experience. I have learned much just from testing it out in our small lab and getting overwhelmed how difficult it can be in the real world ;-) What has really helped me are the presentations of MUMs ...
by Exiver
Tue May 07, 2019 12:27 am
Forum: Wireless Networking
Topic: [CAPsMAN] Channel advise
Replies: 9
Views: 512

Re: [CAPsMAN] Channel advise

Totally depends on the location of the caps. If they are all in the same room you wont have much fun. If you need a high density setup you could consider lowering the tx-power. But im not sure where this goes. If you have a specific question for a setup why dont you just ask it completly (for exampl...
by Exiver
Tue May 07, 2019 12:23 am
Forum: General
Topic: L2TP + IPSec -> policy not found [SOLVED]
Replies: 5
Views: 327

Re: L2TP + IPSec -> policy not found [SOLVED]

How is your router connected to the internet? Is it behind NAT? Is your IP a public or a private one? This is wrong: /ip ipsec policy set 0 dst-address=0.0.0.0/1 proposal=L2TP src-address=0.0.0.0/0 add dst-address=128.0.0.0/1 proposal=L2TP src-address=0.0.0.0/0 template=yes 0.0.0.0/1 or 128.0.0.0/1 ...
by Exiver
Tue May 07, 2019 12:13 am
Forum: Wireless Networking
Topic: [CAPsMAN] Channel advise
Replies: 9
Views: 512

Re: [CAPsMAN] Channel advise

As far as i know it will use the same algorithm to chose a channel like using the option "auto" for channel-frequency. If you set a list it will only chose from those entries but always chose the one capsman founds looking best suitable. It depends on the amount of other devices on these channels (m...
by Exiver
Mon May 06, 2019 11:46 pm
Forum: Wireless Networking
Topic: Requests wrong RSN group cipher
Replies: 10
Views: 1130

Re: Requests wrong RSN group cipher

I dont think this will be necessary on your client-devices (smartphones, tablets, computers and so on) but on your mikrotik cap-clients. Restarting the caps should be enough. You can always check if the changes have applied on your capsman with the command
/caps-man actual print detail
by Exiver
Mon May 06, 2019 11:40 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Channel advise
Replies: 9
Views: 512

Re: [CAPsMAN] Channel advise

No. You should set a channel-list for your caps and not a single channel ;-) The capsman will decide which client uses which frequency. If you have a small amount of caps and you know the location you could maybe set the channels each for every access point. But as i said earlier i think its better ...
by Exiver
Mon May 06, 2019 11:38 pm
Forum: Wireless Networking
Topic: Requests wrong RSN group cipher
Replies: 10
Views: 1130

Re: Requests wrong RSN group cipher

As far as i can say: yes. You most likely need to re-provision the clients.

Ps.: Your wpa-passphrase is visible in both of your posts. You maybe want to remove it.
by Exiver
Mon May 06, 2019 11:20 pm
Forum: Wireless Networking
Topic: [CAPsMAN] Channel advise
Replies: 9
Views: 512

Re: [CAPsMAN] Channel advise

Its up to you. You can either set every channel for every access point by hand - or let capsman decide. If you decide to let capsman do the decision you could either set a channel-list (example 2,4ghz: 1,7,13 or 1,5,9,13 or whatevery you like) or just dont set any channels. For us the channel-lists ...
by Exiver
Mon May 06, 2019 11:15 pm
Forum: Wireless Networking
Topic: Requests wrong RSN group cipher
Replies: 10
Views: 1130

Re: Requests wrong RSN group cipher

@planetcaravan: Please dont use tkip as cipher if you are using only wpa/wpa2. Set encryption=aes-ccm and group-encryption=aes-ccm and check if that solves your problem. @others: We need to see your configuration. Otherwise we are just guessing into the blue which doesnt help you and just wastes eve...
by Exiver
Mon May 06, 2019 5:43 pm
Forum: General
Topic: Problem with certificate backup for SSTP
Replies: 21
Views: 1176

Re: Problem with certificate backup for SSTP

Glad to hear that it worked for you!
by Exiver
Mon May 06, 2019 5:14 pm
Forum: Beginner Basics
Topic: ROS Level 4 hotspot active user
Replies: 3
Views: 207

Re: ROS Level 4 hotspot active user

Im really sure (1) will happen - but as i said i never tried this ;-) But option (2) and (3) would use a different logic behind this check. Its more easy for the Router to check whether there are already 200 connections and just dont accept the next one until that number is < 200.
by Exiver
Mon May 06, 2019 4:55 pm
Forum: Beginner Basics
Topic: ROS Level 4 hotspot active user
Replies: 3
Views: 207

Re: ROS Level 4 hotspot active user

I have never tried but from logical side i would say no users can be logged in if there are already 200 active users in /ip hotspot active That means you could help yourself with a script which checks on a regularly basis if there are more than (just an example) 175 users connected. If its true you ...
by Exiver
Mon May 06, 2019 4:44 pm
Forum: Beginner Basics
Topic: Seeking Help for setting up Load Balancing for 2 WANS dynamic IPs
Replies: 2
Views: 211

Re: Seeking Help for setting up Load Balancing for 2 WANS dynamic IPs

You can use whatever ports you like. Since you are using the option to have master- and slave-ports you are most likely not on a newer firmware ( i guess they made the changes to the bridge somewhere on 6.40.xx or 6.42.xx) Maybe you should upgrade to the latest long-term (or stable?) software releas...
by Exiver
Mon May 06, 2019 4:37 pm
Forum: Wireless Networking
Topic: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message
Replies: 23
Views: 1708

Re: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message

Without giving us more input all we can do is just guessing what maybe could be wrong...

Please post the output of

-> on capsmanager:
/caps-man interface print detail

-> on cap-client
/int wire print detail
by Exiver
Mon May 06, 2019 3:24 pm
Forum: Wireless Networking
Topic: virtual wlan capsmanager
Replies: 5
Views: 380

Re: virtual wlan capsmanager

If i understand correctly your cap-client shows you the interface names under /interface wireless print ? I guess that happens when you change the configuration / provisioning rule on your capsman but you didnt delete the old interfaces. Can you check whether there are still "older" interfaces liste...
by Exiver
Mon May 06, 2019 3:20 pm
Forum: Wireless Networking
Topic: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message
Replies: 23
Views: 1708

Re: CAPsMAN and CAP AC2 - 5Ghz stops working without any log message

Can you please check the "current-state" listed on interface-list printable with "/caps-man interfaces print detail" ? It should show you whether the access point is in state "running-ap" (thats the status you would want) or in some other status like radar-detection and so on..
by Exiver
Mon May 06, 2019 3:18 pm
Forum: Wireless Networking
Topic: Hotspot+dynamic vlanned Capsman
Replies: 3
Views: 337

Re: Hotspot+dynamic vlanned Capsman

Since it looks like your setup is a little bit more complex i would go with the "easy" way. Add a second virtual configuration to your access points either with or without passphrase (WPA-Personal AND/OR WPA2-Personal) and setup access lists with mac-address matching rules. https://wiki.mikrotik.com...
by Exiver
Fri May 03, 2019 6:39 pm
Forum: General
Topic: Configuration Reset - CAPS Mode
Replies: 2
Views: 317

Re: Configuration Reset - CAPS Mode

To be honest i have never tried this. But the caps mode should just have the advantage that the router is directly searching for a capsman server. Which firewall rules are applied needs to be tested tho. Do you need the caps mode or did you just ask because you have seen that option?
by Exiver
Fri May 03, 2019 5:45 pm
Forum: Beginner Basics
Topic: Reset Factory Default without pressing Reset button [SOLVED]
Replies: 4
Views: 375

Re: Reset Factory Default without pressing Reset button [SOLVED]

If you have phisical access and you dont want to use the reset button there is most likely no option to do that. Is there any reason you are not allowed to press the reset button? Netinstall would be one option - but that only works with pressing the button as well so..
by Exiver
Fri May 03, 2019 1:24 pm
Forum: Forwarding Protocols
Topic: vpn
Replies: 4
Views: 601

Re: vpn

You should just add the specific routes for both other networks. Example: Network #1: 192.168.0.0/24 (Router 192.168.0.1 has route to 192.168.1.0/24 via <l2tp-interface>) Network #2: 192.168.1.0/24 (Router 192.168.1.1 has route to 192.168.0.0/24 via <l2tp-interface>) Each VPN endpoints should have a...
by Exiver
Fri May 03, 2019 12:56 pm
Forum: General
Topic: Problem with certificate backup for SSTP
Replies: 21
Views: 1176

Re: Problem with certificate backup for SSTP

Thank you for your input, i think everything looks good here.

The following link is interesting for you:

viewtopic.php?t=88372

Did you set a CRL while creating these certificates? If yes, can you try it without CRL?
  • 1
  • 2