Community discussions

MUM Europe 2020

Search found 43 matches

by KitMikro
Thu Feb 15, 2018 10:11 am
Forum: Beginner Basics
Topic: Working L2TP iPsec VPN but no Ping to computer?
Replies: 8
Views: 3447

Re: Working L2TP iPsec VPN but no Ping to computer?

Add a rule on your forward chain that allows 192.168.100.0/24 to talk to 192.168.1.0/24 and place that at the top of the forward chain. So I did, and now I see traffic counter going up when trying to connect to a VNC, but the connection times out. When trying to connect via the local network everyt...
by KitMikro
Fri Feb 02, 2018 5:02 pm
Forum: Beginner Basics
Topic: Working L2TP iPsec VPN but no Ping to computer?
Replies: 8
Views: 3447

Re: Working L2TP iPsec VPN but no Ping to computer?

try to locate rule 10 on the 2th place, then try to ping from your vpn. the firewall is work like instruction sets, one by one and the first match is the one that catches. Nope still nothing. you mean /ip route print? I was thinking to add to NAT chain=srcnat action=accept src-address=192.168.100.0...
by KitMikro
Fri Feb 02, 2018 9:26 am
Forum: Beginner Basics
Topic: Working L2TP iPsec VPN but no Ping to computer?
Replies: 8
Views: 3447

Re: Working L2TP iPsec VPN but no Ping to computer?

I've minimized my firewall already, I was thinking it's something with the route? 0 ;;; accept chain=input action=accept protocol=udp dst-port=500,1701,4500 log=no log-prefix="" 1 chain=input action=accept protocol=ipsec-esp log=no log-prefix="" 2 ;;; Drop input invalid connection packets chain=inpu...
by KitMikro
Thu Feb 01, 2018 9:44 pm
Forum: Beginner Basics
Topic: Working L2TP iPsec VPN but no Ping to computer?
Replies: 8
Views: 3447

Re: Working L2TP iPsec VPN but no Ping to computer?

Thanks for your reply! are you able to send and receive pings from windows 10 to windows 10 on your LAN? Yes I can if I allow so in the firewall please completely disable your windows 10 firewall Yes I already did Sorry for not posting my configuration earlier, I just had to leave my computer for a ...
by KitMikro
Thu Feb 01, 2018 3:56 pm
Forum: Beginner Basics
Topic: Working L2TP iPsec VPN but no Ping to computer?
Replies: 8
Views: 3447

Working L2TP iPsec VPN but no Ping to computer?

Hi All, I've been reading many topic today but none of them fixed my problem. I have a working l2tp ipse vpn connection. I can connect to the webfig, I can also connect to the web configuration of the printers and access points. I can also ping the router and access points but I can't ping to any of...
by KitMikro
Fri Aug 04, 2017 5:16 pm
Forum: General
Topic: Block VPN connection when failed to get valid proposal
Replies: 11
Views: 11029

Re: Block VPN connection when failed to get valid proposal

KitMikro, were you able to improve your firewall filter to stop this kind of attacks? I'm also getting them. Thanks and Best Regards, Ricardo It seems they connect from a range of Ipaddresses like 1.2.3.X so I've added a rule to drop all connections on UDP ports 500 and 4500 from 1.2.3.0/24 Also ad...
by KitMikro
Fri Aug 04, 2017 11:31 am
Forum: General
Topic: VPN L2TP/IPSEC DMZ Apple connects Windows doesn't
Replies: 3
Views: 1823

Re: VPN L2TP/IPSEC DMZ Apple connects Windows doesn't

Ok editing the windows 10 registry worked;
  • *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\
    *New DWORD (32-bit) Value:AssumeUDPEncapsulationContextOnSendRule
    *Set the value to 2
by KitMikro
Thu Aug 03, 2017 1:58 pm
Forum: General
Topic: VPN L2TP/IPSEC DMZ Apple connects Windows doesn't
Replies: 3
Views: 1823

Re: VPN L2TP/IPSEC DMZ Apple connects Windows doesn't

First of all, make sure you are running the latest stable version of RouterOS. If it still does not work, enable IPsec debug logs, generate supout.rif file after a failed connection attempt from Windows and send it to support@mikrotik.com. You can enable debug logs with this command: /system loggin...
by KitMikro
Thu Aug 03, 2017 1:02 pm
Forum: General
Topic: VPN L2TP/IPSEC DMZ Apple connects Windows doesn't
Replies: 3
Views: 1823

VPN L2TP/IPSEC DMZ Apple connects Windows doesn't

Hi All, I have the following configuration ( https://forum.mikrotik.com/viewtopic.php?f=2&t=122909 ) behind a cable modem. It's configured as DMZ. I can connect on the public IP to the WebFig, also I can connect to the VPN from my iPhone and Macbook. But I can't connect from any Windows 10 computer....
by KitMikro
Thu Aug 03, 2017 12:59 pm
Forum: General
Topic: Block VPN connection when failed to get valid proposal
Replies: 11
Views: 11029

Re: Block VPN connection when failed to get valid proposal

KitMikro, were you able to improve your firewall filter to stop this kind of attacks? I'm also getting them. Thanks and Best Regards, Ricardo It seems they connect from a range of Ipaddresses like 1.2.3.X so I've added a rule to drop all connections on UDP ports 500 and 4500 from 1.2.3.0/24 Also ad...
by KitMikro
Tue Jul 11, 2017 10:52 pm
Forum: General
Topic: Block VPN connection when failed to get valid proposal
Replies: 11
Views: 11029

Re: Block VPN connection when failed to get valid proposal

Also, as IPsec uses UDP, won't the addresslist be filled constantly regardless if the tunnel establishes or not?
True, but the tries come from a specific range 1.2.3.x so I can identify it that way.

I'm still thinking of another way, without port knocking or parsing... will be continued :)
by KitMikro
Tue Jul 11, 2017 9:54 am
Forum: General
Topic: Block VPN connection when failed to get valid proposal
Replies: 11
Views: 11029

Block VPN connection when failed to get valid proposal

Hi Everyone, I'm running an L2TP/IPSec VPN, and see different IP's try to connect in my log. respond new phase 1 (Identity Protection): Mikrotik_IP[500]<=>x.x.x.x[12345] x.x.x.x failed to get valid proposal. x.x.x.x failed to pre-process ph1 packet (side: 1, status 1). x.x.x.x phase1 negotiation fai...
by KitMikro
Tue Jun 27, 2017 4:56 pm
Forum: General
Topic: Sending UPnP package message
Replies: 0
Views: 280

Sending UPnP package message

I was wondering if anyone ever tried or has experience with sending upnp commands to other devices on the network.

I am looking for a way to send a upnp port forwarding message to another router from my mikrotik device.

Anybody knows if this is even possible?
by KitMikro
Mon Jun 26, 2017 1:40 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 37463

Re: v6.39.2 [current]

Hi Sorry if this has been posted already, but don't have time to read whole thread...

After update the speed on my RB750gr3 is incorrect. I can't change it back to any other setting.

viewtopic.php?t=116969
by KitMikro
Mon Jun 26, 2017 10:22 am
Forum: General
Topic: Bridge mode with VPN
Replies: 4
Views: 5011

Re: Bridge mode with VPN

What is the problem exactly? Do the remote L2TP client connects but no reachability to the network the 750 is in? If so, set the arp mode of bridge1 to proxy-arp couldn't connect from outside... seemed the solution was to UPDATE and as follows /interface bridge add name=bridge1 /ip ipsec proposal a...
by KitMikro
Fri Jun 23, 2017 10:28 pm
Forum: General
Topic: Bridge mode with VPN
Replies: 4
Views: 5011

Bridge mode with VPN

Hi All, I've been trying to use a RB750Gr3 in bridge mode with a VPN server. The situation is as follows: Internet ---> Modem/router---> Mikrotik 1.1.1.1 ---> 192.168.5.1 ---> 192.168.5.100 Port 1 is connected to Modem/router I need port 2,3,4,5 to be acting as switch. What did I overlook? # jun/23/...
by KitMikro
Thu Apr 06, 2017 7:30 pm
Forum: General
Topic: Router as DHCP client on Mikrotik
Replies: 3
Views: 465

Re: Router as DHCP client on Mikrotik

ip firewall nat add action=masquerade src-address=192.168.1.0/24 dst-address=192.168.2.0/24 out-interface=LanB Thanks! that was easy... Works like a charm :D Edit; This works for the regular users. Not for the users on the "go-through-vpn" addresslist. IP address' on this list get a Routing Mark an...
by KitMikro
Thu Apr 06, 2017 7:14 pm
Forum: General
Topic: Router as DHCP client on Mikrotik
Replies: 3
Views: 465

Router as DHCP client on Mikrotik

Hi everyone, I have the following problem; In the building where I work there is a second network (LAN B) and I need to access a server (192.168.2.250) on that second network. I cannot change any settings on the second router. LAN B is connected to ether5 on Mikrotik On the Mikrotik I have one port ...
by KitMikro
Fri Aug 26, 2016 9:34 pm
Forum: General
Topic: DHCP issue, users getting IP outside set range
Replies: 7
Views: 2367

Re: DHCP issue, users getting IP outside set range

You can enable a DHCP server alert in your MikroTik on the Alert tab in DHCP Server. It will log a message (and you can execute a script e.g. to send a mail) when a rogue DHCP server appears on a network where the MikroTik is supposed to be the only DHCP server. Thanks another useful tip! I'll do s...
by KitMikro
Fri Aug 26, 2016 9:32 pm
Forum: General
Topic: Redirect DNS + Pi Hole
Replies: 2
Views: 3814

Re: Redirect DNS + Pi Hole

It seems to me that you just need to change your original rules to have to-addresses=192.168.22.254. Plus add haipin NAT , because you'll be redirecting requests to outside address back to LAN. And finally you'll need to exclude 192.168.22.254 from redirection. oh man.... I already tried that but h...
by KitMikro
Fri Aug 26, 2016 4:16 pm
Forum: General
Topic: Redirect DNS + Pi Hole
Replies: 2
Views: 3814

Redirect DNS + Pi Hole

Hi all, Ive been using the following lines to prevent users from using their own dns settings: /ip firewall add action=dst-nat chain=dstnat dst-port=53 log-prefix="" protocol=tcp to-addresses=37.235.1.174 to-ports=53 add action=dst-nat chain=dstnat dst-port=53 log-prefix="" protocol=udp to-addresses...
by KitMikro
Fri Aug 26, 2016 3:50 pm
Forum: General
Topic: DHCP issue, users getting IP outside set range
Replies: 7
Views: 2367

Re: DHCP issue, users getting IP outside set range

Well yesterday I checked every network cable (about 90 in a 5 stories high building), switched the wifi off and still couldn't find another DHCP server. I'm starting to wonder if this is a problem with my laptop or angryipscanner... Also I didn't have any more complaints about any users getting the ...
by KitMikro
Fri Aug 19, 2016 10:34 am
Forum: General
Topic: DHCP issue, users getting IP outside set range
Replies: 7
Views: 2367

Re: DHCP issue, users getting IP outside set range

Check to see if there is another DHCP server on the network. The quickest way to do this is to create a DHCP client on the interface (with add default route set to no). If it gets a response from something, then you need to investigate the layer2 network and figure out where the other server is. Th...
by KitMikro
Thu Aug 18, 2016 12:42 pm
Forum: General
Topic: DHCP issue, users getting IP outside set range
Replies: 7
Views: 2367

DHCP issue, users getting IP outside set range

Hi All, I've got a weird issue since a few days. Sometimes users get an IP address outside the set IP Pool. I have no clue what to look for. my ip range is 192.168.10.x but sometimes users get 192.168.1.x or 192.168.2.x or 192.168.3.x etc etc etc /ip address add address=192.168.10.250/24 disabled=no...
by KitMikro
Wed Aug 10, 2016 4:39 pm
Forum: General
Topic: Update every second or upon event? (VPN update script)
Replies: 0
Views: 325

Update every second or upon event? (VPN update script)

Hi again everyone, I just wrote a script that updates URL, Username and Password of a free VPN service. I did this because they update their url & password every so often. I'm not ready to share this now, so let's just keep this hypothetical) Now I don't want to connect without a VPN, so I set my sc...
by KitMikro
Sun Jul 24, 2016 3:37 pm
Forum: General
Topic: Block Teamspeak with layer 7
Replies: 14
Views: 1775

Re: Block Teamspeak with layer 7

I think I got it working, and so simple. if there is a better way, please share it or correct me.  I captured some traffic when connecting to different Teamspeak servers, it seems all first packets have the same phrase inside of them. So I used that as my regex. It seems to kill all connection atte...
by KitMikro
Sat Jul 23, 2016 9:19 pm
Forum: General
Topic: How to use Winbox in MAC PC?
Replies: 10
Views: 1107

Re: How to use Winbox in MAC PC?

No, much easier. Download and run this:
binary available here
Awesome! Finally can stop using buggy wine
by KitMikro
Sat Jul 23, 2016 8:45 pm
Forum: General
Topic: Block Teamspeak with layer 7
Replies: 14
Views: 1775

Re: Block Teamspeak with layer 7

My question though remains, How can I block Teamspeak with layer 7? to elaborate on my question; It seems, one of my users is stalking other users with teamspeak using somekind of scriptkiddie tool. I want to prevent him from harming other internet users. Isn't it overkill? You killed his Teamspeak...
by KitMikro
Sat Jul 23, 2016 4:57 pm
Forum: General
Topic: Block Teamspeak with layer 7
Replies: 14
Views: 1775

Re: Block Teamspeak with layer 7

I think I got it working, and so simple. if there is a better way, please share it or correct me.  I captured some traffic when connecting to different Teamspeak servers, it seems all first packets have the same phrase inside of them. So I used that as my regex. It seems to kill all connection attem...
by KitMikro
Sat Jul 23, 2016 12:39 pm
Forum: General
Topic: Block Teamspeak with layer 7
Replies: 14
Views: 1775

Re: Block Teamspeak with layer 7

You have idea or rule to block psiphon vpn? I need to block psiphon vpn. When will you stop whining about that? Psiphon VPN is designed in such a way that it cannot easily be blocked. Live with it. Furthermore, if you would succeed in blocking it (e.g. by finding all IP addresses of their servers a...
by KitMikro
Sat Jul 23, 2016 11:28 am
Forum: General
Topic: Block Teamspeak with layer 7
Replies: 14
Views: 1775

Re: Block Teamspeak with layer 7

What is the benefit if it is blocked ,, without block program vpn like "psiphon vpn" buz user can install psiphon vpn to connect with outside server can open all block program. It would be fine if the user would connect trough a VPN, this would prevent other people to see our IP. You have idea or r...
by KitMikro
Sat Jul 23, 2016 9:50 am
Forum: General
Topic: Block Teamspeak with layer 7
Replies: 14
Views: 1775

Re: Block Teamspeak with layer 7

What is the benefit if it is blocked ,, without block program vpn like "psiphon vpn" buz user can install psiphon vpn to connect with outside server can open all block program.
It would be fine if the user would connect trough a VPN, this would prevent other people to see our IP.
by KitMikro
Sat Jul 23, 2016 8:12 am
Forum: General
Topic: Block Teamspeak with layer 7
Replies: 14
Views: 1775

Block Teamspeak with layer 7

Hi All,

I need to block Teamspeak, I'd like to do so with the layer7 protocol. Because port blocks can be bypassed.

I found this:
^\xf4\xbe\x03.*teamspeak
But it doesn't work. I am still able to connect to the teamspeak test server.
any help would be awesome :)
by KitMikro
Thu Dec 03, 2015 8:27 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 3628

Re: Another help me with L2TP/IPSEC proxy-arp...

in the end I made it work following this tutorial http://www.firstdigest.com/2015/01/mikrotik-l2tp-with-ipsec-for-mobile-clients/ if you also want to connect to this vpn from a computer change /ppp profile add name=l2tp-profile local-address=L2TP-Pool remote-address=L2TP-Pool use-encryption=required...
by KitMikro
Thu Dec 03, 2015 8:24 pm
Forum: General
Topic: email when Wan IP change script
Replies: 1
Views: 2182

email when Wan IP change script

Hi All, I've been playing with this script I found. ( http://networkgeekstuff.com/networking/minipost-mikrotik-scripting-monitoring-interface-ip-for-changes/ ) I would like to recieve an email when my wan IP changes. :global actualIP; :local newIP [/ip address get [find interface="ether1-Gateway"] a...
by KitMikro
Mon Oct 19, 2015 11:20 pm
Forum: General
Topic: IGMP Snooping
Replies: 137
Views: 61919

Re: IGMP Snooping

still nothing???

+1
by KitMikro
Wed Oct 14, 2015 12:17 pm
Forum: General
Topic: DDOS protection config
Replies: 1
Views: 1103

Re: DDOS protection config

In the wiki I found a smtp spam protection which blocks users for one day; http://wiki.mikrotik.com/wiki/How_to_autodetect_infected_or_spammer_users_and_temporary_block_the_SMTP_output so I guess you need to change "address-list-timeout" edit So here is how I guess you should do it; first add everyo...
by KitMikro
Mon Sep 14, 2015 10:07 am
Forum: General
Topic: User connection limit with browser message.
Replies: 0
Views: 403

User connection limit with browser message.

Hi All, I'm looking for a solution I used to have on some other routers. I'd like to have the same option on my MT os 6. I know trying to block torrent doesn't alway work that well so I'd like to limit total of connections/sessions per user with /ip firewall filter add chain=forward action=drop prot...
by KitMikro
Mon May 04, 2015 2:38 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 3628

Re: Another help me with L2TP/IPSEC proxy-arp...

I've replied twice now, and every time I get a message saying it is moderated or something, but it never shows.... so I'll try one more time. I am trying to login to the Acces Point web interface behind the mikrotik router. All the device on the Mikrotik network connect trough the LAN bridge. all us...
by KitMikro
Sat May 02, 2015 8:23 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 3628

Re: Another help me with L2TP/IPSEC proxy-arp...

Is it just the web interface that doesn't work? Can you ping them? What default gateway do the devices have? I am trying to access the web interface of different access points in the remote LAN through a vpn. Yes all devices on the network use the same gateway. gateway is de microtik LAN IP. When I...
by KitMikro
Sat May 02, 2015 1:48 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 3628

Re: Another help me with L2TP/IPSEC proxy-arp...

Can you give an example of what you are trying to access when you say web interfaces? If you are on an L2TP tunnel you should be able to access other LAN devices....
I'm trying to access the access points behind the microtik

Image
by KitMikro
Sat May 02, 2015 1:42 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 3628

Re: Another help me with L2TP/IPSEC proxy-arp...

Is it just the web interface that doesn't work? Can you ping them? What default gateway do the devices have? Thanks for your reply, the default gateway is the same for all devices. and is the internal ip of the microtik. when I am connected with the VPN I can ping the internal IP of the mikrotik, b...
by KitMikro
Thu Apr 30, 2015 12:06 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 3628

Another help me with L2TP/IPSEC proxy-arp...

Hi All, Recently I bought a pre-programmed mikrotik router. I Do know some networking stuff but it would take to much time to learn the mikrotik and I needed to make it work quick. Anyway now everything is working I needed to login to a web interface but from a remote location. So I decided to setup...