Community discussions

Search found 31 matches

by gradash
Thu Nov 03, 2016 3:58 pm
Forum: Beginner Basics
Topic: L2TP + ipsec - no ping to /23 LAN
Replies: 0
Views: 341

L2TP + ipsec - no ping to /23 LAN

hi, i have fresh 6.34 mikrotik configured internet, l2tp, ipsec... all working, except one. how to ping all /23 network ? for ex. 192.168.4/23 if i got ip from pool 192.168.4.* - i can ping only 192.168.4.* if i got ip from pool 192.168.5.* - i can ping only 192.168.5.* but i need to ping all networ...
by gradash
Mon Apr 25, 2016 5:26 pm
Forum: Beginner Basics
Topic: Web-Proxy block all except some local sites
Replies: 0
Views: 351

Web-Proxy block all except some local sites

Hi, i have configured web proxy by some manuals, and it working... i can block some sites, and allow some sites, BUT i cant allow any local address, i have some sites like http://ens or http://register e.t.c i need to allow only this sites i created next access rules src 0.0.0.0/0 dst.host "ens" act...
by gradash
Mon Oct 26, 2015 12:44 pm
Forum: Beginner Basics
Topic: PPP user access control
Replies: 0
Views: 280

PPP user access control

Hi, i have configured L2TP server, users, profiles - all ok. But connected user have access to all LAN, how to allow just few IP addresses in LAN ?
by gradash
Thu Sep 24, 2015 11:17 am
Forum: Beginner Basics
Topic: VPN Security
Replies: 8
Views: 937

VPN Security

I often see in logs somebody from USA, China, Korea etc. trying to connect to my vpn, all ipsec negotiations failed, but... how to secure this more ?
for now i drop any ipsec-esp and ipsec-ah connections, except Vpn Allow list..
by gradash
Thu Sep 24, 2015 11:15 am
Forum: Beginner Basics
Topic: L2TP working like magic...
Replies: 3
Views: 906

Re: L2TP working like magic...

hi, most likely your remote users have firewall between them and their device (PC or otherwise), check their firewall and see if there is anything like "allow IPSEC passthrough" and also allow all IPSEC related ports like UDP 500, 4500 as well as L2TP port 1701 UDP to be forwarded via the firewall....
by gradash
Mon Sep 21, 2015 12:46 pm
Forum: General
Topic: CCR1009-8G-1S Error spam in log
Replies: 2
Views: 301

Re: CCR1009-8G-1S Error spam in log

got it... seems like someone from china trying to connect to my vpn... as i see...

but what about time ? between first packet and errors - 2 hours..
Capture.JPG
by gradash
Mon Sep 21, 2015 11:36 am
Forum: General
Topic: CCR1009-8G-1S Error spam in log
Replies: 2
Views: 301

Re: CCR1009-8G-1S Error spam in log

if i enable my vpn tunnels, all working, and L2TP users working also... if need
by gradash
Mon Sep 21, 2015 11:35 am
Forum: General
Topic: CCR1009-8G-1S Error spam in log
Replies: 2
Views: 301

CCR1009-8G-1S Error spam in log

Help, what is this ? I have configured some VPN tunnels, but they are disabled until need... and i have L2TP with IPsec configured, but no one trying to connect, and no one connected...


error spam...
Capture (1).PNG
Capture.PNG
by gradash
Fri Sep 18, 2015 11:57 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 37983

Re: v6.33rc release candidate

hehe...something new ! ^)
Capture.PNG
by gradash
Fri Sep 18, 2015 10:45 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 37983

Re: v6.33rc release candidate

wason 6.27....now on 6.33rc11....same... ok i got working L2TP, but this error spam in log, wtf ? no vpn connections, just trivial internet usage...
Capture.PNG
by gradash
Fri Sep 18, 2015 4:04 pm
Forum: Beginner Basics
Topic: How to forward one local PC through VPN ?
Replies: 1
Views: 479

How to forward one local PC through VPN ?

Hi, i have configured PPTP client interface, it connects, and appears reachable route. Now i need to forward one IP address from local net through this route, to another country, how to do that ? I have idea only about mangle...
by gradash
Thu Sep 17, 2015 12:28 pm
Forum: Beginner Basics
Topic: L2TP working like magic...
Replies: 3
Views: 906

L2TP working like magic...

Help, i dont know what to do, if i connect from intranet to l2tp - all ok, even if i connect from phone's 3g - all ok. But that's all, all other external users got that error, i don't understand, my 3g internet also external, but it works ! how ?... Capture.JPG /interface bridge add arp=proxy-arp na...
by gradash
Thu Sep 17, 2015 11:07 am
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 37983

Re: v6.33rc release candidate

dadoremix, i have this errors spam in log on 6.27 :)
by gradash
Thu Sep 10, 2015 1:23 pm
Forum: Beginner Basics
Topic: ipsec error spam
Replies: 3
Views: 704

Re: ipsec error spam

i have 6.27 now.... will try to upgrade to 6.33.3..
by gradash
Thu Sep 10, 2015 12:08 pm
Forum: Beginner Basics
Topic: ipsec error spam
Replies: 3
Views: 704

ipsec error spam

Hi, some two weeks ago mikrotik started spamming with that errors... but all working as usual... what is this ?
by gradash
Wed Aug 12, 2015 1:43 pm
Forum: General
Topic: L2TP connection failed
Replies: 1
Views: 328

Re: L2TP connection failed

sry, that error

phase1 negotiation failed due to time up Y.Y.Y.Y[500]<->X.X.X.X[500]
by gradash
Wed Aug 12, 2015 1:34 pm
Forum: General
Topic: L2TP connection failed
Replies: 1
Views: 328

L2TP connection failed

Hi, i have configured and working mikrotik, with L2TP server started. And one problem... can't connect to it from home (no any ip addressess blocked on mikrotik) it write "phase 1 negotiation failed due to timeout" if i connectiong from phone (3g internet) - all ok other computers in other city - al...
by gradash
Tue May 26, 2015 1:30 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Re: Mikrotik PPTP config.

Any increasing counts on your drop firewall rules while you try to connect? and I don't see any accept rules? Is that export correct?
i tryed many firewall configs... now i have first 3 rules accept all input,output,forward
by gradash
Tue May 26, 2015 1:08 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Re: Mikrotik PPTP config.

Also I suggest you don't use PPTP and instead follow this guide:
https://www.nasa-security.net/mikrotik/ ... ith-ipsec/
hmm.... L2TP working.... but ok, good
now just NEED to know what about PPTP :)
by gradash
Tue May 26, 2015 12:21 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Re: Mikrotik PPTP config.

nothing in log... just appears\disappears connection to pptp port in Torch (previous screenshot)

there is log settings and log part when connecting

log.PNG
log2.PNG
by gradash
Tue May 26, 2015 11:56 am
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Re: Mikrotik PPTP config.

can it be because this turned off ?
Capture.PNG
by gradash
Tue May 26, 2015 11:39 am
Forum: General
Topic: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!
Replies: 38
Views: 51337

Re: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!

tryed disable all ISP2 settings (address, interface, route) - and again nothing :(
by gradash
Mon May 25, 2015 12:44 pm
Forum: General
Topic: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!
Replies: 38
Views: 51337

Re: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!

same problem, VPN work from LAN side and not working from net side.... i have two ISP's, configured as failover (with distance 1,2 and ping check) Capture.PNG maybe trouble in routes ? because firewall setting is basic (trying with and without many rules), NAT settings also basic, just masquerading ...
by gradash
Sun May 24, 2015 9:01 pm
Forum: General
Topic: PPTP - external connection not working
Replies: 2
Views: 693

Re: PPTP - external connection not working

very dificult... because i have 24\7 office... but must be reason, why it working from LAN and not working from internet, maybe some specific PPTP routes or mangle rules need for 2 ISP's...
by gradash
Sun May 24, 2015 8:56 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Re: Mikrotik PPTP config.

TCP port 1723 and IP protocol GRE - allowed.
by gradash
Fri May 22, 2015 6:15 pm
Forum: Beginner Basics
Topic: RB2011 PPTP Help. External users cannot connect
Replies: 2
Views: 578

Re: RB2011 PPTP Help. External users cannot connect

same trouble, what wrong ?, my firewall /ip firewall filter add chain=input comment="Allow gre" protocol=gre add chain=output protocol=gre add chain=input comment="Allow port 1723" dst-port=1723 protocol=tcp add chain=output dst-port=1723 protocol=tcp add chain=forward comment="Allow all subnets" ds...
by gradash
Fri May 22, 2015 3:14 pm
Forum: General
Topic: PPTP - external connection not working
Replies: 2
Views: 693

PPTP - external connection not working

Hi, i have CCR and need to configure PPTP access from remote pc. All configured as written in many manuals but connection working only from LAN Maybe i have missed some firewall rule or NAT ? what i need to do to connect to PPTP from outter internet ? export compact # may/21/2015 11:48:36 by RouterO...
by gradash
Fri May 22, 2015 2:45 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Re: Mikrotik PPTP config.

in Torch when trying to connect i see this, but only two seconds... then dissapears
Untitled.png
by gradash
Fri May 22, 2015 2:17 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Re: Mikrotik PPTP config.

maybe i need some NAT rule ? or route ? help pls
by gradash
Thu May 21, 2015 11:57 am
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1382

Mikrotik PPTP config.

Hi, i have CCR and need to configure PPTP access from remote pc. All configured as written in many manuals but connection working only from lan I have missed some firewall rule or NAT ? what i need to do to connect to PPTP from outter internet ? export compact # may/21/2015 11:48:36 by RouterOS 6.27...
by gradash
Mon Apr 20, 2015 11:49 am
Forum: Beginner Basics
Topic: CCR cant RDP to virtual maxhines
Replies: 1
Views: 480

CCR cant RDP to virtual maxhines

Hi,

I have CCR, version 6.27, two offices with VPN connection (separate ubuntu openvpn), i can ping and rpd all pc's both side, but cant RDP virtual windows machines on esxi server, ping ok. Firewall allowed all subnets.

LocalNet - address list with all subnets
Capture.PNG