MikroTik

loveman

Hello everyone, I need to setup and enable usermanager with hotspot by GNS3 Vmware with CHR so my lab simple with Router one and before that I am setup file of usermanager with the same version all its fine and setup hotspot, My problem i can't access to userman by browser and my ip of that "1...

loveman

Hello everyone, My case i used chr 6.46.6 in gns3 2.2.8 and the same version of gns3 2.2.8 in VMware workstation. In this lab i will show you in picture below: Lab.jpg I need to connect vpn ipsec between R1 and R2 through R Internet, Applied to configure ipsec in R1 and R2 all configure of Routers s...

loveman

I dont have linux to doing the certificate, Can anyone advice me how to doing in windows?
Because i need to connection secure for my hotspot login webpage https certificate !!

loveman

You don't need to put anything in there, the max allowed is used by default. Which one you mean that? My tested putting the TX power in channel of capsman server = 20 its good one the signal strength best of when using -10 for example! TX power is normally given in positive numbers, but you know th...

loveman

Set control channel width to 20Mhz and extention channel either disabled, in case you only want to use 20Mhz as channel width, or Ce, eC, XX in case you want to support 40 Mhz channel width as well... Thank you, After tested when i selected the 40 Mhz and tried Ce, eC, XX but in log show failed to ...

loveman

In my cause my country Not Found with list, So i selected the Installation "indoor" Those two (country and installation type) are complementary, meaning that installation type does not work at all without country being specified. I guess when running your AP without CAPsMAN your obvious c...

loveman

Set control channel width to 20Mhz and extention channel either disabled, in case you only want to use 20Mhz as channel width, or Ce, eC, XX in case you want to support 40 Mhz channel width as well... Thank you, After tested when i selected the 40 Mhz and tried Ce, eC, XX but in log show failed to ...

loveman

Your question is already answered... If you leave the Tx Power empty, the MAX allowed by interface is used...! However, you must use the Tx Power allowed in your Country ... That is why we select the Country... Therefore, I did not know what is the correct value chosen because my country is not in ...

loveman

If under Capsman -> Configurations -> Wireless you did set your Country (as you should) then the Tx Power will be the maximum allowed for you Country... Only in case you want to lower the Tx Power you do use the Tx Power paramater field... In my cause my country Not Found with list, So i selected t...

loveman

You don't need to put anything in there, the max allowed is used by default.

Which one you mean that?
My tested putting the TX power in channel of capsman server = 20 its good one the signal strength best of when using -10 for example!

loveman

The signal strength will be the same as long as your configuration is correct....

I am need to active capsman inside of building so whats the TX power should i set in capsman"channels configuration" because the signal strength depend on TX power?

Captureq1.jpg

loveman

Any Advice

loveman

Local forwarding will take a large load off your network. 5Ghz doesn't through objects very well. I saw the problem when tested the signal i believe caps signal maybe the weakest signal in a broadcast "cap" when compared to the usual wireless from the same device "cap" so I used...

loveman

hi loveman, now I spent some additional days - tried to get the openvpn server running again but without any success... I am not able to connect anymore... I startet the whole configuration from begin with following commands: #create ca# /certificate add name=ca-template common-name=myCa key-usage=...

loveman

In your question: d) I have significant loss in signal strength after about 6 meters with some wardrobe and one drywall between. Is this normal for 5GHz or do I have to define the bands and bandwith in detail? I have the same problem, I saw the wireless interface of the same device "cap" w...

loveman

Hello everyone, I am tested my project to building capsman server with caps so after finished all config and caps worked as well and lock capsman key with caps and its all worked as good, I saw the problem when tested the signal i believe caps signal maybe the weakest signal in a broadcast "cap...

loveman

I think the problem in openvpn software you should edit again to set all information of your vpn

loveman

Options: a. Provide separate internet access - because there seems to be a requirement or need for this, and for it not to interrupt or be mixed up with WORK internet/network. b. IF another internet access is not possible (i) Provide a warning that use of illegal internet/wifi on business network i...

loveman

This kind of policy control cannot be handled at network layer anymore. As I see it , you will never be able to tell who coming in through "Baidu" "wireless AP" app and who is a regular wireless/wired user on you network. You will have to think about some PROXY system granting a...

loveman

Will be difficult, if not impossible. 1) As this is an application, you should talk to the system guys. It is not the "task" of the network-guy to plug the holes caused by mis-managed desktop systems! Being able to install this software so your PC performs ICS (Internet Sharing Connection...

loveman

Will be difficult, if not impossible. 1) As this is an application, you should talk to the system guys. It is not the "task" of the network-guy to plug the holes caused by mis-managed desktop systems! Being able to install this software so your PC performs ICS (Internet Sharing Connection...

loveman

Hello everyone, I need to block program that working with windows 7, 8 The program name "baidu wifi hotspot" how can block by mikrotik I used method to change the TTL to 1 but program can working without any block and since that my mikrotik version 6.45.1, Used PPP, PPPOE Server in my netw...

loveman

Any help?

loveman

Any help?

loveman

No valid profile found means that the profile has been either expired because of reached uptime limit or because profile validity has ended. So what are the limitations you ve added in the specific user profile? The user have profile limitation "12hour" mean uptime 12hour The user used on...

loveman

Hello everyone In this time i have problem with hotspot and usermanger server, In usermanger server created before long time users like 100 user for example so when i connected to hotspot and write username and password like "netc3r and password 4rx" the user can login direct without any p...

loveman

Did you check out what he had from attack or hack codes! in all codes voucher, which be safe or not! ?

loveman

loveman, I guess while this forum would not be the best place to ask for penetration testing for your hotspot app, I do think I have a solution. Some websites offer for you to post a job and let people bid on what they will do for you. Maybe "Fivrr" is the best site for your post. Hope th...

loveman

I don't think this forum has a lot of professional web developers But it is impossible for users or designers Hotspot service does not know in the topics of page security! This is a forum for routers. Why are you even asking for html configuration help here? Take this to a forum for web designers. ...

loveman

Usually it is not the same person who is installing the hotspot router, and also doing the web programming, and also making sure the HTML code is valid and safe against injections.
You should ask in another forum.

Do you have a forum to suggest me, And I'am to ask the question there.

loveman

I don't think this forum has a lot of professional web developers

But it is impossible for users or designers Hotspot service does not know in the topics of page security!

loveman

Please i want advice

loveman

It's a little more difficult than this. Regular browser contains built-in list of trusted certificate authorities. If you get certificate from any of them, browser is able to verify that truted CA signed it. Another step is who the certificate is for, the most common is specific hostname. So if you...

loveman

Any help?

loveman

Hello everyone, I have free login webpage for hotspot "template", What is the correct way to find out if it is harmful or the presence of codes may cause harm to users or may be harmful may cause hacking of users' devices, I searched for a design ready for Hotspot page, but I do not know i...

loveman

Hello everyone! I need to add the certificate for hotspot to be showing in address browser "https" secure website!, But when read by searched and applied all steps but the certificate in browser "connection not secure" cert2.png All the steps can see below: /certificate add name=...

loveman

Sorry but this is now the wrong forum You must google some ways to automate QR code generation for big list of links.

I will check with google, But how i know if the voucher have attack with some code! Because i don't know if any code have attack or anything like this?

loveman

Now you need to generate a lot of usernames and passwords, and then convert each link into new QR code For example http://172.16.1.1/login?username=love&password=nice http://172.16.1.1/login?username=hate&password=bad http://172.16.1.1/login?username=other&password=password Then use som...

loveman

Did you use correct URL? You should be logged in automatically with this link: http://172.16.1.1/login?username=love&password=nice Yes dear, Now i checked and changed from server profile to "HTTP PAP", And enter with direct link and can login automatic.. Ok In this how to do and apply...

loveman

Yoru example doesn't match mine. Examine my example URL more carefully. Also you must enable PAP authentication in hotspot server profile

I checked the authentication and selected only PAP authentication, But the same.
What i see after i check the status of the success URL?

loveman

I hope that you have read the previous answer reply in order to get you the idea requested by me to be worked out. After i tested what you want from me the result show below: http://172.16.1.1/login?love&nice for example Ip server: 172.16.1.1 Username: love password: nice When i tried to apply w...

loveman

sorry, forum software isn't showing the full link the full link is this: http://10.200.0.1/login?username=alex&password=very-good-password I will test and replay the result here.. But if i need to but all users when connect ssid with hotspot should login like QR code. In this time i applied and...

loveman

Try to think a little bit. I did not give you exact link. this will depend on your own hotspot installation. Have you installed the hotspot in RouterOS? Have you configured it? Does it work and you can log in? Only then you can start thinking about vouchers and QR codes. In this link: http://10.200...

loveman

Sorry, I thought you want everyone to use the same QR code. If your vouchers are all generated and unique, simply use this format in Hotspot. You will have to enable HTTP PAP method in the hotspot server profile: http://10.200.0.1/login?username=alex&password=very-good-password I tried to open ...

loveman

But this QR card will have the same code for everyone, are you not worried about that? If that's ok, you can achieve that easily What you mean "same code", Like username and password that was created by voucher! If you can help me about the "header, Row, Footer, Break" for QR co...

loveman

https://support.apple.com/en-jo/HT209144#trusted Price and Trust have nothing to do with each other! E.g. Letsencrypt certificates are free and they are trusted, but paid certificates from some used-to-be-big-names like Symantec are NOT Trusted! If possible, please write down the basic steps in ord...

loveman

https://support.apple.com/en-jo/HT209144#trusted

Is the website can buy direct to hotspot server mikrotik?

loveman

When buying a certificate for your website, buy from "trusted" authority.
Otherwise you might face inconvenient issues when using newer IOS clients.

Can you tell me about trusted website to buy from it.

loveman

You can get certificates for free. But only for your own site. So you cannot get a certificate for Google.com and so you CANNOT SOLVE the redirection problem. And neither can MikroTik. It is just a case of 'sorry but that is no longer possible, forget about it'. That is why you should focus on gett...

loveman

@loveman: I think you don't get it, MikroTik can't solve it. The redirection done by captive portals was always dirty trick, an abuse of technology. That's one reason why https became so popular, because too many people liked to tamper with someone else's unprotected traffic. Https prevents that, s...

loveman

As written many times above, that issue cannot be solved ! However, the writers of software like Chrome and Android do know that, and they use requests that you do not enter yourself (some DNS and some HTTP requests) to detect this situation. When they find that they are on a hotspot/portal network...

loveman

As written many times above, that issue cannot be solved ! However, the writers of software like Chrome and Android do know that, and they use requests that you do not enter yourself (some DNS and some HTTP requests) to detect this situation. When they find that they are on a hotspot/portal network...

loveman

I have the same issue when i connect with ssid "hotspot services" With computer's, After connect to ssid and i go to broswer like google chroum (If i set before in browser login page like "https://www.google.com", In this case the hotspot login page can't change automatic to hots...

loveman

Any advice

loveman

thnx love man after add this nat , vpn is ok and i have internet over the vpn but when ping 8.8.8.8 result is time out but i have internet when i disable vpn ping is ok and very slow internet over the vpn very very slow Check your dns in vpn, can add the public dns over vpn 8.8.8.8, You know about ...

loveman

QR code is just a link to any URL. What URL will you send them to? I know that, But i need to create voucher user name and password by hotspot server in user manger, At result i print all card for services and include the QR In this time any one need internet in cafe i gave him the card, After that...

loveman

Any advice?

loveman

Any advice?

loveman

You can using user manger like hotspot server to limit time so when the user finish real time after that the user disconnect or no internet service.

loveman

Your ip range of vpn should add rule in firewall, nat
and chain: srcnat
src address: range of vpn ip
action: masquerade

loveman

All you need on third router are only two addresses and nothing else: /ip address add address=192.168.70.1/30 interface=ether1 add address=192.168.80.1/30 interface=ether2 Then connect R1-ether1 with R3-ether1 and R3-ether2 with R2-ether1. Add default routes on R1 and R2 (same as you tried before)....

loveman

Hello everyone, I want to create QR code in hotspot server by make voucher user name and password, When the users can login by 2 ways (step 1 can login by user name and password by created in user manger, Step 2 the users can login by using QR code by create the voucher so in this step the user can ...

loveman

If you have direct connection between ether1 on first router and ether1 on second, it can't work like this, because there's no routing between them. You added routes, but there's no 192.168.80.1 or 192.168.70.1 anywhere. You need to have same subnet on both ether1s, e.g. 192.168.70.1/30 on one rout...

loveman

It looks like you may be doing something a little different than I thought. Try to share more info about addresses and subnets, these and any other you have on routers. How exactly is everything connected, on what interface is each address, etc. [admin@Office 1] > ip address print Flags: X - disabl...

loveman

Hello everyone I have created the voucher users in user manger (10 users with username and password) and applied uptime when the user login with hotspot server the uptime go to count down, Suppose the uptime =0 in this case how can the username and password who zero uptime can be recharge the same a...

loveman

If it's local and you know it, it's ok. You get timeout on phase 1, so first thing to check out is connectivity between 192.168.80.2 and 192.168.70.2. Can they reach each other? Doesn't firewall block port 500? Can you ping between those addresses (if you don't block ping with firewall)? I tested t...

loveman

Phase 1 depends on peer config, it's before policies. Is this just a local test? Because private address for remote peer would not be very useful otherwise.

If i need to connect 2 router local without internet
Using IPsec site to site and have devices for test..
Not pass the lab you mean?

loveman

SA Src/Dst Address was where you put the same addresses as in peer config. Now you select peer on General tab and they are taken from there automatically. After show in log i have the error below Untitled223.jpg What is the problem and how to solve it? since that the ipsec policies "PH2 State&...

loveman

SA Src/Dst Address was where you put the same addresses as in peer config. Now you select peer on General tab and they are taken from there automatically.

Thank you for your replay,
I will try soon and replay you here.
Thank you

loveman

Hello, I found this incredible app for android is called MikroTicket https://fhx47.app.goo.gl/mikroticket generates tickets or vouchers for access by hotspot mikrotik and you can configure access times, bandwidth, time runs and makes automatic removal of the vouchers, I use it in my business. https...

loveman

Hello everyone, I have 2 router and need to join by IPSEC between them, So when i need to finish all step before the last one i cant see : SA Src. Address SA Dst. Address In ip>ipsec>policies>Action And you can see the result in photos below: Untitled1.jpg But in ver. 6.37.2 : SA Src. Address SA Dst...

loveman

Any help?

loveman

Can I know how much the price of the certificate?

loveman

Hello everyone,
How can build roaming wireless to benefit that all wifi who connected in network wireless can gets a strong signal all areas of the building and without any disconnect or reconnect, And how can distribute the APS devices in floors?
Any advice

loveman

The best thing you can do with Mikrotik is setup all APs with same SSID / authentication, ensure they're all in the same broadcast domain and ensure your DHCP server is very fast at handling requests / renews (eg no pinging for 2 seconds before giving a lease). Unfortunately RouterOS lacks support ...

loveman

You can't. At least not with Mikrotik. Every WiFi access point has its own MAC address (which is base for communication between AP and its clients) and even if all APs are using same frequency client still has to disassociate from the old AP (its MAC actually) and associate to the new AP (its MAC)....

loveman

Hello everyone, I have a building consisting of 5 floors .. I need the work of the wireless network operating system roming so that the phone of (persons) roaming the whole building in all floors is the signal wireless cover and there is no separation of the phone and re-connect the network of new c...

loveman

Here are the IP ranges used by PUBG. I would not recommend blocking it. http://ec2-reachability.amazonaws.com/ Why? if some employee playing PUBG among the time working how can i block this game? Most business have employees sign an internet use form. a. though shalt not store or view porn on pc (m...

loveman

Here are the IP ranges used by PUBG. I would not recommend blocking it.

http://ec2-reachability.amazonaws.com/

Why? if some employee playing PUBG among the time working how can i block this game?

loveman

Blocking stuff is a complicated thing. You can block DNS used by program, but this can be passed by changing DNS server. Even a forced DNS may be passed by adding DNS to host file. Blocking IP used by the game may block other needed stuff on the same server. VPN can be used to bypass various blocki...

loveman

Hi,
Any one advice me to how can i block pubg game on mobile with mikrotik?
All of internet method i tried but not working.
Please help me
Thanks

loveman

1/If i change winbox port from 8291 to others port number? Am on safe or no?
2/My version 6.40.x? Should upgrade?

loveman

Thank all of yours for wonderful comments,
Any one have idea how to block program "Baidu WiFi Hotspot"?

loveman

Hi everyone
Please help me to block program that working on computer "windows" the program name:
(baidu hotspot wifi), used by users because sharing internet connection.
Anyone have rule to drop it?
Regards

loveman

That will not work! MikroTik (and Ubiquiti) use a nonstandard form of PoE on their (older) products that is not compatible with the 802.11AF/AT standard used by Cisco and other phone manufacturers, and output by mainstream PoE switches. You can use the PoE output of MikroTik routers only to power a...

loveman

Both RB2011 and RB951 will output 12 watts when the input power is 24 volts, such as when using the included power supply. Both these devices output 24v passive. It won't power any device that is expecting 48 volts 802.3af/at. Thank you for your comment If i need to connect ip phone 7962g cisco wit...

loveman

Dear members
I need to know what's the output of poe routerboard in watt? or which class poe of routerboard output?
information of routerboard
1-Routerboard 2011 wireless.
2-Routerborad 951 series with bulid in wireless.
Regards

loveman

if i used the script to auto shutdown the routerboard not shutdown? I think the shutdown command will cause the Mikrotik to unmount resources so it's in a safe state to unplug the power. You could buy an electrical timer. Shutdown at 2:45, timer cuts power at 2:46, then the timer turns power back o...

loveman

Using one of this method
1.NTH
2.PCC

loveman

Use configurable power outlet that will cut the power off. Shutting router down will not switch it off.

if i used the script to auto shutdown the routerboard not shutdown?

loveman

Since you want it to shutdown, use the first script and you can just switch power off/on the next day. However, if there is a power failure it will restart when the power is back on. If you are in an area that has lots of power failures, you may want to turn the power off before you leave. I am won...

loveman

Hello everyone
Whats the true rules should I applied to active the store and playing ONLINE with Playstation 4, I used routerboard 2011 wireless.
Regards

loveman

/system scheduler add interval=1d name=shutdown on-event="/system shutdown" start-time=14:45:00 Shutdown requires a power cycle (removing power) to reboot. Did you mean to RESTART? /system scheduler add interval=1d name=restart on-event="/system restart" start-time=14:45:00 This...

loveman

Hello everyone
i need help with how to auto shutdown the routerboard at every day,, the routerboard shutdown at 2:45 pm?
how can do that?
Thank you

loveman

you can change dhcp, to static dhcp
that makes any one you need add manual you can add with Mac address
else any one can't connect

loveman

if you need in hotspot server..
you can add who user logging without login..
you can add in bypass

loveman

I think you forgot add nat

loveman

im also getting this with v6.38.1 you disable and enable it and works for a while (sometimes more time than other) but after that while it still shows as connected and uptime but it cant ping anymore to the other side what could this problem be? masquarade is ok Using static route to make sure your...

loveman

If i need using only ready voucher with hotspot server how can that ?
What is the number of users can create in ready voucher

loveman

Hello,

you won't get them.
This is closed source kept and maintained by Mikrotik guys.

greets

I'd think by mikrotik There is a simple test to a simple test before entering the exam
Thank you

loveman

Hello
How can i get test questions for MTCWE exam before test online exam ?
Thank you

loveman

Port of program or can block by torch ip

loveman

How can i get the test exam for MTCWE before going to online exam?

loveman

Hi, you only need to make a address-list containing the folowing addresses: (taken from http://www.whatsapp.com/cidr.txt) 31.13.69.240/32 31.13.70.49/32 31.13.71.49/32 31.13.73.49/32 31.13.74.49/32 31.13.76.81/32 31.13.77.49/32 50.22.75.192/27 50.22.93.192/27 50.22.198.204/30 50.22.210.32/30 50.22....

loveman

Any help

loveman

Hi I have some idea to run the project I applied all of the hotspot server, but i need to not showing up login page of hotspot in browser (only when i write gateway "ip address" of hotspot server in browser) the login page will show in browser,and last can write username and password to op...

loveman

Hello, i have same issue but only sometimes - it happends randomly. I use Mikrotik-Mikrotik enviroment. When I manualy do disable/enabla client or remove dynamic connection it reconnect corectly.

Thank you
I tried more than one but the same problem

loveman

I have the same message in log
Any one know what meaning

loveman

No answer

loveman

Hello everyone I have a some problem with "static route" My project to connect pptp server between server and client . Now i applied all configuration from server like pool&pptp server&profile ppp& ....etc all are good In client routerboard applied pptp client with all config. ...

loveman

I found program using in vpn like "Hamachi"
It is the perfect program?

loveman

Hello everyone
I have vpn server between two point and i need to setup program's chatting voice between server and client to use voice between vpn point
What is the best program, free call.
Regards

loveman

I think the time of lease dhcp change between some time that mean the ip address of printer change.
You can increase the time or applying static dhcp printer

loveman

Upload photos for queue

loveman

Upload some pictures for pptp server configuration

loveman

Have public ip address

loveman

What have you learned from other threads with the same topic?
i know how block it via firewall
But, I don't know how block it via bridge firewall filter

What is the problem if you block from firewall?
If you can upload the method for how to block torrent via firewall

loveman

How much your public ip address?
If you have one should the public ip address in a orginal branch

loveman

You need to control youtube bandwidth from any direction? Like speed or block website

loveman

Maybe you're redirecting your own DNS queries back to you? Try specifying src-adress= customers blocked from facebook and dst-address != Your_DNS_Server_ip in the dstnat redirection rule. Thank you for replying In dst-address! =have two dns like 8.8.8.8 And dns for isp I try to putting two dns? All...

loveman

Hello everyone I have problem when i tried to apply static dns My step Ip, dns, static, add For example block website Name :*facebook.com Address:127.0.0.1 Timeout :1d 00:00:00 Apply ok Going to Nat Add chain dstnat, protocol 17udp,dst port 53 Action redirect When i test if website of Facebook was b...

loveman

Any think used to drop any website or application from firewall?

loveman

- make sure you run version 6.36.2 - add all those names to an address list named kaspersky (use those URL without the http:// ) - block traffic to that address list on your network - hope for the best When i added in address list Going to filter Add Chain forward Advanced Dst-address-list,,,, here...

loveman

I found all server update of Kaspersky antivirus Whats the best way to drop it? Below is the list of Kaspersky Lab servers used for downloading antivirus database updates, new application modules, and patches: http://dnl-01.geo.kaspersky.com http://dnl-02.geo.kaspersky.com http://dnl-03.geo.kaspersk...

loveman

You can use mangle and simple queue and you can take priority packet

loveman

the ability to resolve DNS to IP address. However, in testing, it looks like it will only resolve a single address. realistically, you are going to have to look up and manually add all of the IP's yourself. Before i posted here I tested by write link of server update from ip dns static End apply th...

loveman

If i write in "address" and apply the show error expect?
you need RouterOS 6.36

What is the new in version 6.36 in address list?

loveman

Should add ip route from office 1 and office 2
In ip route of office 1 add dst:private network of office 2 and gateway:write gateway of office 1
And the same in office 2 add ip route and write dst:private network of office 1 and gateway:write gateway of office 2

loveman

create a drop rule in the forward chain that drops an address list. Then put all of the hostname of the update servers into the address list. In address list contains Name Address Timeout If i need to add link for update server for example Kaspersky : Where i add this link? Inside address list If i...

loveman

Hello everyone
In my network i need to drop and stop all update of Anti virus like Kaspersky, Norton, Node 32 etc
How can that?
Regards
uninstall it?

or block the update servers in the filter

How can drop by filter rule? Like Kaspersky and Norton

loveman

Any help

loveman

Hello everyone
In my network i need to drop and stop all update of Anti virus like Kaspersky, Norton, Node 32 etc
How can that?
Regards

loveman

I have same problem with Ap cisco and mikrotik showing in dhcp server offered

loveman

to block the freedom : /ip firewall layer7-protocol add name=freedom regexp="^.+(2yf.de|1yf.de)" /ip firewall filter add action=drop comment="block-freedom-maxupgrade" chain=pre-hs-input layer7-protocol=freedom To know who use your freedom brogram : /ip firewall mangle add actio...

loveman

If you not have reply for ping, i think the firewall of windows , can't reply ping,try to off firewall and try to ping.
Regards

loveman

Going in ppp, secret
You see username and password for PPTP server
Open this username and you see ip address in (Remote address), this ip the same you seen on remote pptp client.
Clear or remove the ip address from secret in remote address.
Now you try connect pptp client.
Regards

loveman

to block the freedom : /ip firewall layer7-protocol add name=freedom regexp="^.+(2yf.de|1yf.de)" /ip firewall filter add action=drop comment="block-freedom-maxupgrade" chain=pre-hs-input layer7-protocol=freedom To know who use your freedom brogram : /ip firewall mangle add actio...

loveman

I think active DDNS from Ip, Cloud And select true on DDNS after some time you see code that meaning DDNS. Hi. I don't undestand. I can enable DDNS in IP -> Cloud. But I have problems with firewall rules. With current config I can't use DDNS and I don't want to disable ''Drop'' rule since its risk...

loveman

Write in run
cmd and press Enter
You look dos screen.
Write
nslookup www.google.com
Press Enter
You look ip's for google website.
In this tutorial you can apply to your website.
nslookup www.jma.go.jp

loveman

it is true but in new version of routeros you can import domain name in firewall rule

You meaning in advanced "content" or what the new

loveman

I think active DDNS from Ip, Cloud And select true on DDNS after some time you see code that meaning DDNS. Hi. I don't undestand. I can enable DDNS in IP -> Cloud. But I have problems with firewall rules. With current config I can't use DDNS and I don't want to disable ''Drop'' rule since its risk...

loveman

hello
i think you should reset configuration and then re-config your router

The problem was solved

loveman

I think active DDNS from Ip, Cloud
And select true on DDNS after some time you see code that meaning DDNS.

loveman

Change from
Ip service, in www
Change to 8080 apply ok
Now open browser
Write your public ip address with :8080 like
X. X. X. X:8080
Thanks!
It works too.
Best regards.

You welcome my friend
Regards

loveman

What is your method to block website? Layer 7 or rule only?

loveman

Change from
Ip service, in www
Change to 8080 apply ok
Now open browser
Write your public ip address with :8080 like
X. X. X. X:8080

loveman

I think I got it working, and so simple. if there is a better way, please share it or correct me. I captured some traffic when connecting to different Teamspeak servers, it seems all first packets have the same phrase inside of them. So I used that as my regex. It seems to kill all connection atte...

loveman

You have idea or rule to block psiphon vpn? I need to block psiphon vpn. When will you stop whining about that? Psiphon VPN is designed in such a way that it cannot easily be blocked. Live with it. Furthermore, if you would succeed in blocking it (e.g. by finding all IP addresses of their servers a...

loveman

What is the benefit if it is blocked ,, without block program vpn like "psiphon vpn" buz user can install psiphon vpn to connect with outside server can open all block program. It would be fine if the user would connect trough a VPN, this would prevent other people to see our IP. You have...

loveman

What is the benefit if it is blocked ,, without block program vpn like "psiphon vpn" buz user can install psiphon vpn to connect with outside server can open all block program. It would be fine if the user would connect trough a VPN, this would prevent other people to see our IP. You have...

loveman

The same model

loveman

What is the benefit if it is blocked ,, without block program vpn like "psiphon vpn" buz user can install psiphon vpn to connect with outside server can open all block program.

loveman

how can i disable some of my hotspot users from 06:00 till 23:00 and enable them from 23:00 till 06:00??? You have to create two scripts , one for disabling users at 06:00, and second for enabling them at 23:00 hrs, and schedule them as per required timings. DISABLE Script name: disable-users # Set...

loveman

Thanks
If you can drop vpn program like (psiphon vpn) by mikrotik. Please help me

loveman

Check steps :
1-check if you added gateway ip address from IP ROUTE.
2-check ip dns if you added.
3-check NAT in ip, firewall, nat, add, src address write range ip address, chain Masquerade.
Regards

loveman

I have some idea to try it. You can use the mangle and traffic packet to apply the range ip address for example (mark connection, mark packet), and create simple queue In advanced you can select in packets mark(was created in mangle), and you can select priority to voip like equal 1 In the same simp...

loveman

I will solution your problem, but first in outside on windows you can upload photo of error you saw it.

loveman

Maybe you added moreover rule on firewall.

loveman

1.you can create ip pool and write range of it. And then in pptp profile you can select pool and continue to create pptp server. Any user connect with vpn server the user have ip from ip pool. Range of ip pool like 192.168.0.2-192.168.0.254 And ip 192.168.0.1 write in pptp profile in local address, ...

loveman

Just set DNS for these domains to 127.0.0.1 or to any fake address which will fool te game.

Please explain your method to upload some photos how to do it.

loveman

I suggest can connect vpn like pptp server between two mik1 and mik2,
After You can connect computer between them.

loveman

Hello everyone
I have problem in firewall that change automatic sequence don't anyone change rules but it is changed automatically, what is the problem and how can i stopped the automatic change.
Note i watch by "log" but not one change it.
Regards

loveman

In case 2
Try to work dhcp-client and select ether who in case 1
And finally try to access hotspot from case 2

loveman

Anyone hava idea

loveman

Go in new terminal and write
system reset-configuration
Y
The router will rest.

loveman

Hello Everyone 1-How can limit time to user with hotspot server When user active in hotspot that limit time to disable automatically for example limit 1 day after time, the user (username and password) will stopped expired. 2-the same method using pppoe server, i read in profile in "session-tim...

loveman

Follow

loveman

If you need to sharing equal bandwith should put the pcq equal 0 (pcq=0) and in queues limit at general upload and download like 1m/1m, in target put your network like x.x.x.x/24 And in advanced select pcq upolad and pcq download Test your work. In video and pcq=2m that meaning everyone have 2m from...

loveman

Write ip pool?
And should add your pool in firewall nat and action masquerade.
And in pptp server don't select "chap, pap" select only mschap1 mschap2.

loveman

Do you really think, that after you block the VPN program the employees will be brave, and honest, and will NEVER EVER use VPN anymore? I can give you 100% guarantee: THEY WILL look for an alternative. Like OpenVPN, which even bypasses the great (fire) wall of China, Bhutan, Oman and other countrie...

loveman

I think you change some port for winbox and webfig
From ip, services because cant login in mikrotik server.
You can try to input from mac address for mac of interface you can see in neighbors discovery or you can take mac address from behind device.
Regards

loveman

1.x the Main ipsec vpn right!
In branch like 2.x,3.x what you added in ip route
How much route added?
Please if you can upload photos for all branch to see where your some wrong.
Regards

loveman

Are you wanting to block all VPN's from end users, or just specific programs? Depending on what you want to do will determine the path you want to take. Either one will require leg work and testing on your part to make sure it works as you desire and is not preventing traffic that you want to allow...

loveman

Up up

loveman

You can block website from layer 7 or easy method
In add firewall filter rule
Chain forward, in advanced write in content facebook, action drop, apply
Any one cant access facebook
Regards

loveman

Upolad photos for ip firewall
Regardless you upolad external code

loveman

After when you finish apply to added ip route between to routers. And 3.x cant ping in to 2.x
You can try to off "disable" firewall windows in network 2.x then you can try ping finally you see reply ping from network.viceversa.
Regards

loveman

You need to sharing file or connect to computers network from two different ip of ether 1 and ether 2?

loveman

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Broadband Internet (Login)</title> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-9"> <meta ht...

loveman

Can find from system packages and install

loveman

I know IP Pool for VPN must be in VPN, but still, is not a IP problem, is just is NOT connecting...... Check in L2tp setup of auth. Select only "mschap1" and "mschap2". Your client which are pc computer or routerborad? In case if you are using computer From connection of windows...

loveman

Ip pool should put in nat in vpn server

loveman

when you open webpage you can not see them

No all of word above showing in webpage when i connected with hotspot.

loveman

Hi
I tried to design webpage login for hotspot
In finsh i need to hide some word of text which are
"$(if chap-id)"
" $(endif)"
"$(error)"
"$(if error)"
"$(endif)"
"$(username)"
I need to hide all of this word text
How can that
Regards

loveman

Thank you all

loveman

Upolad some picture from your vpn to see where the wrong

loveman

In server check
Ip, ipsec, peer
Check
Generate policy : port overmide
...
And in proposale
Select
3des
Sha1

loveman

Please answer me

loveman

Hello
We need to discuss about the most important rules used to protect the server from penetration.
Any one have rule please write here and discuss little for rule how to work.
Regards

loveman

Thank you for your explain I have idea if you agree I add 2 rule in mangle No. 1 Add Chain forward Src address 10.10.10.2-10.10.10.254 that mean range of ip pool Action Mark-connection New mark connection :for example name, white -connection Select true on pass through. Apply ok Step 2 Add Chain for...

loveman

If you want to use PCQ then you need to specify a target that covers all hosts who are to share bandwidth fairly. I.e. Target=10.10.16.0/23 When using the global htb, the IPs can live on several interfaces. You could probably insert s few "more-specific-target queues sooner in the list (e.g. T...

loveman

The target cannot use ranges. It has to use a CIDR block. i.e. 192.168.12.0/24 , or 10.12.0.0/16 or whatever prefix describes the IP range. And yes, your pools should be organized in CIDR blocks like this too - not ranges, because very few things work with ranges. (I've seen lots of networks that a...

loveman

Try setting the target to be the IP range that your users come from - HTB happens sort of "in between" lots of other steps, so perhaps that's the best way to capture the traffic and police it properly, so that the queueing is done before the time that PPPoE encapsulation takes place / aft...

loveman

Hello everyone
I need slides for mum in Lebanon whats the way to i get all presentation of mum.
Because one of the lecture told any one need to slide you can get from Mikrotik.com
Any one help
Regards

loveman

What you want is more of a PCQ application than a per-user-queue application, and there's nothing that directly does exactly what you want - that being give users up to full pipe if available, but strictly limit to X whenever there is load. In general, the options for bandwidth management are basic...

loveman

No- just specify a queue in the pop profile and the router will dynamically add queues whoever users connect. Or specify a RADIUS attribute on their account and that will work too. In your paragraph "just specify a queue in the pop profile and the router will dynamically add queues whoever use...

loveman

The queue can't see this traffic because it's looking for IP addresses, but ether2 isn't carrying IP traffic - it's carrying PPPoE traffic. In other words - pppoe is like a tunnel, and the only information available on the "outside" of the tunnel is the src/dst MAC addresses for each sess...

loveman

u maked pppoe server with ip pools and profiles ?? or what

Yes
created ip pool
Profile
pppoe server
Secret
What is the problem

loveman

Hello everyone I have problem in queues when i create pppoe server in ether 2 then, Created new queue and in target putting interface ether 2 And put upload and download load like 1m/1m Finally apply ok. Suppose all user's active.. I saw the traffic of queue was not working? Where is the error? pppo...

loveman

Does the PPTP server in the Mikrotik have MSCHAP and MSCHAP v2 selected?

Also check to see what authentication methods are selected on the PPTP client.

Screenshot_2.pngScreenshot_1.png

Yes was working
But why dont selected chap and pap?

Thank you

Search found 348 matches