Community discussions

Search found 42 matches

by craigreilly
Tue Jul 09, 2019 11:24 pm
Forum: Beginner Basics
Topic: Two IPs each on separate port
Replies: 10
Views: 937

Re: Two IPs each on separate port

viewtopic.php?f=13&t=149603&p=738962#p738500 is the way to go...

Or - protect the server by using NAT and only allow the ports that should be passed thru (ie: 80)
by craigreilly
Tue Jun 18, 2019 1:27 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request Are you sure Button when disabling interface
Replies: 4
Views: 518

Re: Feature Request Are you sure Button when disabling interface

I like this idea - perhaps could be set in the User Setup.
This way those techs "don't forget"... but Admin can select it if need be.


"anyway is it possible to have safe mode enable by default? some of our tech had always forget to enable it before work on it."
by craigreilly
Mon Jun 17, 2019 9:16 pm
Forum: General
Topic: Problem after switching on SSTP
Replies: 2
Views: 226

Re: Problem after switching on SSTP

On remote end, have you looked at whatsmyip to ensure they are not using VPN as Internet Access?
by craigreilly
Fri Jun 14, 2019 10:19 pm
Forum: Beginner Basics
Topic: Firewall Filter Rule before NAT rule
Replies: 12
Views: 14343

Re: Firewall Filter Rule before NAT rule

How about this:

/ip firewall filter
add action=drop chain=forward comment="Drop new connections from internet which are not dst-natted" connection-nat-state=!dstnat connection-state=new in-interface=WAN
by craigreilly
Fri Jun 14, 2019 9:58 pm
Forum: General
Topic: Web Proxy Restrict
Replies: 3
Views: 256

Re: Web Proxy Restrict

Phone Server...
Web Server that feeds data from our Oracle Server...
-- client connections to check our live inventory

And yep - thats it.

So - I have these in NAT rules - but I should put in Filter Rules as well?
Sorry - I did not configure this initially and not well versed in Mikrotik.
by craigreilly
Thu Jun 13, 2019 8:30 pm
Forum: General
Topic: Web Proxy Restrict
Replies: 3
Views: 256

Web Proxy Restrict

I have Web Proxy enabled. src address is simply :: (as defaulted) I have a NAT rule to redirect outbound 80 to 8080 for transparent. When I goto a device not on the network and open browser address <external ip>:8080 it opens a proxy page saying error. Is adding a filter rule the proper way here? Or...
by craigreilly
Wed Jun 12, 2019 8:37 pm
Forum: Beginner Basics
Topic: Hacked recently [SOLVED]
Replies: 7
Views: 895

Re: Hacked recently [SOLVED]

change the username too...
by craigreilly
Wed Jun 12, 2019 7:10 pm
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 516

Re: set up second WAN/ISP temporarily

So I shouldn't use those 6 lines of code?
Perhaps I should hire someone.
by craigreilly
Wed Jun 12, 2019 1:49 am
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 516

Re: set up second WAN/ISP temporarily

"At this point, I can surf the webs and whatsmyip shows the new ISP IP Address" So the outbound mark is working as intended... So When I mark the traffic coming from ISP2 - it only works on ISP2. So, for example 70.1.1.1 (ISP1) inbound goes to port 80 to server 192.168.3.20 When I add the NAT rule ...
by craigreilly
Tue Jun 11, 2019 9:02 pm
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 516

set up second WAN/ISP temporarily

We are transitioning to a new ISP. I want to setup the second ISP while the first is still in place - until we can test everything, and get DNS resolution using the new host names. So far: 1-Added IP Addresses of new ISP and selected interface of ISP2 2-Created a Mangle prerouting for Routing Mark f...
by craigreilly
Wed Oct 25, 2017 6:43 pm
Forum: Beginner Basics
Topic: Routing on same Interface for VPN Concentrator
Replies: 0
Views: 227

Routing on same Interface for VPN Concentrator

Using a Meraki VPN Concentrator. It is within my network using the same LAN port. It is working as far as connecting to it. It dishes out 192.168.7.0/24 addresses. My network is on 192.168.2.0/23. What information do I need to put into the router so users on the VPN 192.168.7.0 can access the resour...
by craigreilly
Thu Oct 19, 2017 11:52 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 34753

Re: L2TP/IPSec for Road Warrior

Are you saying this setup should work for multiple road warriors behind the same NAT using a mix of Windows/Apple devices?
Currently we have ipSec disabled to accomodate our Mac users to overcome this issue on the Mikrotik.
by craigreilly
Thu May 04, 2017 10:47 pm
Forum: General
Topic: Enable Multicast Internally
Replies: 4
Views: 3139

Re: Enable Multicast Internally

so after more support from Acronis - we determined that the Windows 10 Anniversary yupdate which we just deployed on 1 machine and created new master image - did not use a network driver in the Snap Deploy Server library. So, I had to create a WinPE image for the machine to use. I am not back to 90m...
by craigreilly
Thu May 04, 2017 8:25 pm
Forum: General
Topic: Enable Multicast Internally
Replies: 4
Views: 3139

Re: Enable Multicast Internally

So since all devices are on the same subnet 10.0.1.0/24 then I'm fine. Mikrotik doesn't block Multicast internally.
Tried different routers, switches, host computer.
Nothing I do gets this back to 90mb when deploying multiple devices.
Argh!

Thanks for your response.
by craigreilly
Thu May 04, 2017 7:03 pm
Forum: General
Topic: Enable Multicast Internally
Replies: 4
Views: 3139

Enable Multicast Internally

I have a small network consists of a Windows 7 Pro machine as a Acronis Snap Deploy Host and I connect up to 4 laptops to deploy images to. Recently speed went from 90mb on 4 machines to 11mb when imaging. I am not using any other swithches. Just an RB2011. Acronis is telling me I need to enable Mul...
by craigreilly
Sat Nov 12, 2016 12:03 am
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 74055

Re: v6.38rc [release candidate] is released

How do I go about setting up L2TP with ipSEC now that we can have multiple peers behind same NAT.
√ I see it is via CLI only. I really need to get this going since Apple dropped support for PPTP.
by craigreilly
Sat Nov 12, 2016 12:00 am
Forum: General
Topic: Using L2TP/IPSec VPN with iOS 10
Replies: 30
Views: 71054

Re: Using L2TP/IPSec VPN with iOS 10

So I see in 6.38 rc29 that "ipsec - added support unique policy generation which will allow multiple peers behind same NAT (cli only)"
So it seems ipSEC will not work properly - but must be configured from CLI?

Any info on this?
by craigreilly
Fri Nov 11, 2016 11:52 pm
Forum: General
Topic: PPTP iOS10
Replies: 59
Views: 23187

Re: PPTP iOS10

I can confirm I can not use iPhone to tether for connections to L2TP with ipSEC.
Once I turned off ipSEC on the client - the tether connection allowed the VPN.

I can not say wether or not iOS 10 VPN has issues with L2TP with ipSEC or not.

Apple is aware of the first issue and working on it.
by craigreilly
Fri Nov 11, 2016 11:45 pm
Forum: General
Topic: Using L2TP/IPSec VPN with iOS 10
Replies: 30
Views: 71054

Re: Using L2TP/IPSec VPN with iOS 10

For those of you having issues connecting to local network - The interfaces must be set to Proxy-ARP on the LAN Side. Also - there does seem to be an issue with PPTP and L2TP/ipSEC when using the iPhone to tether. Yes - Apple pulled PPTP from supported VPN's - but that does not mean you should not b...
by craigreilly
Wed Oct 05, 2016 6:00 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 34753

Re: L2TP/IPSec for Road Warrior

Hi Jan89 - welcome to our nightmare.

So we should all email John Tully and ask him when they are going to release v7. These forums show that this release is sorely needed and should be top of mind for them.
I'm about to jump ship and find a new partner.
by craigreilly
Wed Oct 05, 2016 5:36 pm
Forum: General
Topic: PPTP iOS10
Replies: 59
Views: 23187

Re: PPTP iOS10

Still... sounds like v7 is the ultimate answer - just no timeline in sight.
by craigreilly
Tue Oct 04, 2016 7:05 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: V7 ALPHA/BETA Testers needed?
Replies: 45
Views: 10367

Re: V7 ALPHA/BETA Testers needed?

So when can we get v7? With Apples removal of PPTP from macOS and iOS, I need to replace my VPN. L2TP with IPsec would be the natural progression - except it doesn't work with multiple people using the same public ip (road warriors at the same hotel).
by craigreilly
Tue Oct 04, 2016 6:54 pm
Forum: General
Topic: replace Windows PPTP VPN
Replies: 12
Views: 1541

Re: replace Windows PPTP VPN

Do you have routers at the location that you manage? In that case, let the router setup the VPN, not the end systems. Any provider that is keeping up with technology is giving you IPv6 (but most of them are not, they apparently do not exist for clients or for internet, but only for shareholders) Th...
by craigreilly
Tue Oct 04, 2016 6:48 pm
Forum: General
Topic: PPTP iOS10
Replies: 59
Views: 23187

Re: PPTP iOS10

The team of workers could bring a mAP lite with them, and make the tunnel from there + use it as an AP in the room. As a workaround. Because in this case you would only need on tunnel. While this sounds like a good idea at $20 - I see a few issues: 1) Working in your guestroom - 10 different floors...
by craigreilly
Tue Oct 04, 2016 2:51 am
Forum: General
Topic: replace Windows PPTP VPN
Replies: 12
Views: 1541

Re: replace Windows PPTP VPN

Apparently same issue. I ended up doing the L2TP on the Mikrotik. Only 1 client per location can log on at the same time. The second person bumps the first. Does IPv6 solve this? My provider, Cox, didn't give me any IPv6 addresses when they installed this year. Does that mean I do not have any assig...
by craigreilly
Tue Oct 04, 2016 2:34 am
Forum: General
Topic: PPTP iOS10
Replies: 59
Views: 23187

Re: PPTP iOS10

You can not have multiple VPN Connections from same remote location if not using unique translated public IP adresses for each user/Connection. Then what is the point of having a VPN? I have a small office on the east - coast - just 4 people... no need for a Mikrotik for P2P VPN and also when my te...
by craigreilly
Mon Oct 03, 2016 9:07 pm
Forum: General
Topic: PPTP iOS10
Replies: 59
Views: 23187

Re: PPTP iOS10

Are you saying Remote devices can not access network once connected to VPN? Do you have the Chain rules for UDP 500,4500,1701? Also - on the WAN and LAN interface = the ARP should be set to "PROXY-ARP" However - I am still on 6.29.1 and plan to update to 6.37.1 tonight. I am having issues with multi...
by craigreilly
Mon Oct 03, 2016 8:42 pm
Forum: General
Topic: L2TP/IPSec VPN server config for clients behind NAT
Replies: 8
Views: 10151

Re: L2TP/IPSec VPN server config for clients behind NAT

So if not "port override" - how do we get multiple users from same remote location to connect to l2TP over IPsec VPN ?
by craigreilly
Mon Oct 03, 2016 8:36 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 34753

Re: L2TP/IPSec for Road Warrior

yes - when do we expect v7 release to fix L2TP with IPsec issues?
by craigreilly
Mon Oct 03, 2016 5:32 pm
Forum: Forwarding Protocols
Topic: VPN L2TP / IPsec on Windows 2008 Server (now trying Mikrotik)
Replies: 8
Views: 1447

Re: VPN L2TP / IPsec on Windows 2008 Server

EDIT -> I finally got connections going - set the IPsec peer Generate Policy to "port override". One guy has been on for 3 hours from his home. Another 2 guys on and off from the same remote office. Me and someone else tried using a shared Verizon hotspot - and it was hit or miss. I would get kicked...
by craigreilly
Mon Oct 03, 2016 5:26 pm
Forum: General
Topic: replace Windows PPTP VPN
Replies: 12
Views: 1541

Re: replace Windows PPTP VPN

So - my choices are
PPTP - no as Apple devices no longer support it
L2TP - the protocol does not work for remote users behind a firewall
OpenVPN - requires more hardware

Oh - so no choices.
by craigreilly
Sat Oct 01, 2016 5:36 pm
Forum: Forwarding Protocols
Topic: VPN L2TP / IPsec on Windows 2008 Server (now trying Mikrotik)
Replies: 8
Views: 1447

Re: VPN L2TP / IPsec on Windows 2008 Server

So - I'd be happy to get the Mikrotik VPN going. It fulfills our need and the Radius Auth was working fine.

TCP MSS is on.
https://www.dropbox.com/s/cop548c7uxiur ... t.rif?dl=0

Thanks for your guidance.
by craigreilly
Sat Oct 01, 2016 3:03 am
Forum: Forwarding Protocols
Topic: VPN L2TP / IPsec on Windows 2008 Server (now trying Mikrotik)
Replies: 8
Views: 1447

Re: VPN L2TP / IPsec on Windows 2008 Server

1701 didn't make a difference. protocol 50 isn't needed from what I have read. I have also tried setting up the Mikrotik VPN - and sometimes it works, sometimes it doesn't. I had it working. Then it stopped. I reloaded old config. Reset from scratch. It worked. Then it stopped. I am not sure if this...
by craigreilly
Fri Sep 30, 2016 9:52 pm
Forum: Beginner Basics
Topic: L2TP Firewall Issue [Solved while writing post]
Replies: 2
Views: 2065

Re: L2TP Firewall Issue [Solved while writing post]

Is this using the Mikrotik L2TP VPN?

I'm trying to setup a Windows Server VPN. It works internally - but not from home or another office.
by craigreilly
Fri Sep 30, 2016 9:25 pm
Forum: General
Topic: replace Windows PPTP VPN
Replies: 12
Views: 1541

Re: replace Windows PPTP VPN

Anyone have any insight on using a Windows L2TP Server? I have it set up and clients can connect when at the office. But remotely, I can not get the traffic to pass. I have 2 DST-NAT Rules destination 70.x.x.x. (Public IP) for UDP 500,4500 to Windows Server 192.168.3.252. What am I missing? (Just ad...
by craigreilly
Fri Sep 30, 2016 8:49 pm
Forum: Forwarding Protocols
Topic: VPN L2TP / IPsec on Windows 2008 Server (now trying Mikrotik)
Replies: 8
Views: 1447

VPN L2TP / IPsec on Windows 2008 Server (now trying Mikrotik)

I have added dst-nat for UDP 500 and UDP 4500 from the Public IP 70.x.x.x to my server 192.168.3.252. Internally I can connect to the L2TP VPN from Mac and Windows clients. However, externally (from home), I can not connect to the L2TP VPN. I see some traffic hit port 500 but that is it. What am I m...
by craigreilly
Tue Aug 16, 2016 6:09 pm
Forum: General
Topic: replace Windows PPTP VPN
Replies: 12
Views: 1541

Re: replace Windows PPTP VPN

As I mentioned in my initial post - I have to replace PPTP since Apple is removing support in upcoming iOS10 and macOS Sierra.
by craigreilly
Thu Aug 11, 2016 2:04 am
Forum: General
Topic: replace Windows PPTP VPN
Replies: 12
Views: 1541

replace Windows PPTP VPN

When I started this job - the company was already using Windows PPTP along with a small Sonic Wall Router. I replaced the router with a CCR1009 when we went to VoIP. So it is fairly new. I am hoping it can support our latest need. Our dear friends at Apple is getting rid of PPTP support in their new...
by craigreilly
Tue Jan 27, 2015 4:34 pm
Forum: Beginner Basics
Topic: WAN Bridge
Replies: 3
Views: 1142

Re: WAN Bridge

Went live with my bridge config last night and it's all working great... Thanks for the replies.
by craigreilly
Mon Jan 26, 2015 8:00 pm
Forum: Beginner Basics
Topic: Uber newbie questions
Replies: 2
Views: 719

Re: Uber newbie questions

If you have the default config loaded - generally you will be able to get online... You say your modem has a static IP - LAN or WAN?

Also to note: Is the WAP a WAP or a ROuter with a WAP? If a router with WAP - be sure to turn DHCP off and plug a LAN port into the Mikrotik.
by craigreilly
Mon Jan 26, 2015 7:07 pm
Forum: Beginner Basics
Topic: WAN Bridge
Replies: 3
Views: 1142

WAN Bridge

So What I would like is to plug my ISP into Port 1 where I have a /28. I would like to be able to use any of those Public IP addresses on port 2 - for testing from time to time, or needing a Public IP on a device. Mikrotik support told me to use a Bridge. My VoIP Provider said No - that is the wrong...