Community discussions

MikroTik App

Search found 85 matches

by bekax5
Fri Jul 17, 2020 1:23 am
Forum: RouterBOARD hardware
Topic: hEX S - PoE Out
Replies: 3
Views: 901

Re: hEX S - PoE Out

If Ubiquiti Unifi-IW-HD is 802.3af/at compliant it should accept both Mode A and Mode B. And despite the fact, that in it's user manual it is stated that "using of passive PoE injectors is not recommended", I guess that means that it is still an option. So there is a good chance that it will work f...
by bekax5
Wed Jul 15, 2020 6:27 pm
Forum: RouterBOARD hardware
Topic: hEX S - PoE Out
Replies: 3
Views: 901

hEX S - PoE Out

Hello everyone. I am powering a hEX S through PoE with a RBGPOE Gigabit adapter. I'd like to understand how to use the PoE Out on Port5 to power an Ubiquiti Unifi-IW-HD which accepts 802.3 af/at. Do I need a special adapter to convert the Mikrotik Passive 57V into af/at ? Will I need to use a crosso...
by bekax5
Wed May 06, 2020 12:17 am
Forum: General
Topic: Multicast MDNS - Wifi to Wifi [SOLVED]
Replies: 4
Views: 1679

Re: Multicast MDNS - Wifi to Wifi [SOLVED]

Image

Client still stays like that. It appears multicast option is not being applied...
Sniffer shows packets not being sent back through wlan again.


Edit: Client forwarding solved my issue by the way!
Thanks a lot!
by bekax5
Tue May 05, 2020 11:02 pm
Forum: General
Topic: Multicast MDNS - Wifi to Wifi [SOLVED]
Replies: 4
Views: 1679

Re: Multicast MDNS - Wifi to Wifi [SOLVED]

That makes sense. Yet, I tried to apply that to the AP, but CapsMan doesn't seem to apply that setting to the client.. I applied it both in CAP Interface and Configurations. Client AP after being reconfigured, still keeps "Multicast Helper: Default", and of course does not allow me to change manuall...
by bekax5
Tue May 05, 2020 9:54 pm
Forum: General
Topic: Multicast MDNS - Wifi to Wifi [SOLVED]
Replies: 4
Views: 1679

Multicast MDNS - Wifi to Wifi [SOLVED]

Hi everyone, I saw that Mtik APs were the only in my house where devices weren't getting auto-discover services properly. A few sniffers later, I think the issue is that MDNS packets are forwarded to the other ports on the bridge, but not Wifi itself ( from where the original packet came from) Other...
by bekax5
Tue Nov 26, 2019 6:36 pm
Forum: General
Topic: MacOS Catalina, iOS, Catalyst, SwiftUI & Wine
Replies: 178
Views: 64329

Re: MacOS Catalina, iOS, Catalyst, SwiftUI & Wine

FYI Wine 4.19 and 4.20 breaks on Catalina again.
Use Wine 4.18 https://dl.winehq.org/wine-builds/macos ... g-4.18.pkg
Even though Wine gave lots and lots of errors... Winbox launched.
Thanks!
by bekax5
Tue Nov 26, 2019 2:58 pm
Forum: General
Topic: MacOS Catalina, iOS, Catalyst, SwiftUI & Wine
Replies: 178
Views: 64329

Re: MacOS Catalina, iOS, Catalyst, SwiftUI & Wine

Tried this method but also getting some errors: user@mac ~ % wine64 Desktop/winbox64.exe wine: created the configuration directory '/Users/andredias/.wine' 0009:fixme:esync:do_esync eventfd not supported on this platform. 000b:fixme:esync:do_esync eventfd not supported on this platform. 0009:err:env...
by bekax5
Tue Nov 26, 2019 2:44 pm
Forum: General
Topic: HowTo: Install WinBox64 on macOS
Replies: 6
Views: 3086

Re: HowTo: Install WinBox64 on macOS

I tried to follow this tutorial. Ended up with the following error: ###BOTTLING### Create .app... ###BOTTLING### Enabling CoreAudio, Colors, Antialiasing and flat menus... ### LOG ### Command '/Applications/Wine.app/Contents/Resources/bin/wine64 regedit /tmp/reg.reg' returned status 137. Task return...
by bekax5
Tue Feb 26, 2019 8:32 pm
Forum: Scripting
Topic: POST Request with fetch
Replies: 76
Views: 44714

Re: POST Request with fetch

OK :) In header field replace http-content-type:application/json with content-type:application/json
Hahahah, nice catch!
I've been trying this on yesterday's late night and I probably wasn't even looking anymore.

Thanks a lot, it worked perfectly.
by bekax5
Tue Feb 26, 2019 7:11 pm
Forum: Scripting
Topic: POST Request with fetch
Replies: 76
Views: 44714

Re: POST Request with fetch

In the meantime this feature has been added. Has anyone tried to use it with the Cloudflare v4 API ? I am having difficulties with post to update a DNS zone. It gives me error 400 bad request. [admin@MikroTik-RB3011] > /tool fetch http-method=get url="https://api.cloudflare.com/client/v4/zones/__ZO...
by bekax5
Tue Feb 26, 2019 5:05 am
Forum: Scripting
Topic: POST Request with fetch
Replies: 76
Views: 44714

Re: POST Request with fetch

In the meantime this feature has been added. Has anyone tried to use it with the Cloudflare v4 API ? I am having difficulties with post to update a DNS zone. It gives me error 400 bad request. [admin@MikroTik-RB3011] > /tool fetch http-method=get url="https://api.cloudflare.com/client/v4/zones/__ZON...
by bekax5
Sun Feb 03, 2019 5:24 pm
Forum: General
Topic: IKEv2 multiple clients [SOLVED]
Replies: 7
Views: 2232

Re: IKEv2 multiple clients [SOLVED]

Hi! I am running the exact same setup and am dealing with the same issue, and by assigning none to the remote certificate it now accepts all clients. :) Thanks! However, would it be possible to distinct peers only by the remote certificate? Assuming I'd just like to have different mode-configs for d...
by bekax5
Fri Aug 17, 2018 2:16 pm
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Re: Help with IKEv2

[admin@MikroTik-RB3011] /ip ipsec> mode-config print Flags: * - default, R - responder 0 * name="request-only" responder=no 1 R name="ikev2-config" system-dns=no static-dns=192.168.1.250 address-pool=pool_ikev2_1 address-prefix-length=32 split-include=0.0.0.0/3,64.0.0.0/3 [admin@MikroTik-RB3011] /i...
by bekax5
Thu Aug 16, 2018 8:55 pm
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Re: Help with IKEv2

Now with both ipv4 range halves [admin@MikroTik-RB3011] /ip ipsec policy> print Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 0 T * group=default src-address=0.0.0.0/0 dst-address=192.168.200.0/24 protocol=all proposal=default template=yes 1 DA src-address=0.0....
by bekax5
Mon Aug 13, 2018 7:17 pm
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Re: Help with IKEv2

I was trying to avoid posting too much rules... /ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related add ...
by bekax5
Mon Aug 13, 2018 5:36 am
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Re: Help with IKEv2

I think it's safe to assume all packets that don't get caught in these rules are dropped. It is not safe to assume this, and this firewall actually protects nothing at all . The reason is that in RouterOS, the default packet handling in the /ip firewall filter is action=accept , so whatever does no...
by bekax5
Sun Aug 12, 2018 4:59 pm
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Re: Help with IKEv2

I am yet to understand if it is forwarding Internet traffic, since everywhere I check IP when connected to the IKEv2 in iPhone, it is showing the cell network IP and not the remote IKEv2 connection IP. The Note in this section of the Mikrotk IPsec manual is related to this. Many VPN clients on othe...
by bekax5
Sun Aug 12, 2018 1:54 am
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Re: Help with IKEv2

Perfect! At first it was not working, it seems I had yet to add an accept firewall input rule for in:ipsec policy since these packets were being dropped by my generic WAN input drop rule. add action=accept chain=input in-interface=bridge-vlan12 ipsec-policy=in,ipsec add action=drop chain=input comme...
by bekax5
Sat Aug 11, 2018 6:42 pm
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Re: Help with IKEv2

With plain IPsec, routing works very different from the standard one. After all the standard routing is done and the packet is just about to be sent out, its source and destination IP addresses are compared to active IPsec policies and if they match, the packet is sent using the security associatio...
by bekax5
Sat Aug 11, 2018 1:57 pm
Forum: General
Topic: Help with IKEv2
Replies: 16
Views: 2657

Help with IKEv2

Hello everyone, I'm trying to setup IKEv2 between my RB3011 and an iPhone. I've been fighting against the authentication, but finally I seem to have it figured out and it appears to be a bug which I would like to report first. I am using WinBox 3.17 and RB3011 v6.43rc51 # If I check in IPsec Peer Pr...
by bekax5
Wed May 09, 2018 3:16 am
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

Re: RB3011 Port-Mirror implementation (150Mbps slowdown)

Well, it would also limit but I guess it would be bonded to the CPU's processing power, which appears to be able to handle about 60% more than what I'm putting it up to (with gigabit). As you can see on the block diagram in one of the earlier posts, the CPU ports of the switch chip are also only 1 ...
by bekax5
Wed May 09, 2018 1:20 am
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

Re: RB3011 Port-Mirror implementation (150Mbps slowdown)

Also, do you know if Mangle "sniff-tzsp" option does have the same behaviour as the Packet Sniffer sniffer-server that kills "Fasttrack" and "Fastpath" when running? Bad news, sure it does. Fasttrack is fastpath combined with connection tracking, and consists in minimization of CPU processing of th...
by bekax5
Tue May 08, 2018 5:59 pm
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

Re: RB3011 Port-Mirror implementation (150Mbps slowdown)

Well, you have yourself identified that there is a physical limitation. The mirror destination has a bandwidth of 1 Gbit/s and the mirroring function of the switch chip itself (so no CPU involved hence no CPU load) can only mirror both directions of the mirrored port (mirror source). So if the summ...
by bekax5
Tue May 08, 2018 12:52 pm
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

Re: RB3011 Port-Mirror implementation (150Mps slowdown)

Still looking for assistance with this.
Anyone?
by bekax5
Mon Apr 30, 2018 8:43 pm
Forum: General
Topic: Cannot forward port 80 [SOLVED]
Replies: 31
Views: 4009

Re: Cannot forward port 80 [SOLVED]

I have disabled the mikrotik web service. I try to disable hotspot. But all are not working. My blind shot would be to bind the Mikrotik www service to another port than 80 on top/instead of disabling it if the ISP is not the reason. I already disable the www service since I only use winbox. Moreov...
by bekax5
Mon Apr 30, 2018 11:12 am
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

Re: RB3011 Port-Mirror implementation (150Mps slowdown)

Recently I came back to the mirror implementation. This problem still happens with the router. It happens with both switch groups. Packet loss is not happening, nor full CPU or Core usage. Unfortunately this limits actual "live" internet traffic and so it is not a solution to use until it is solved ...
by bekax5
Mon Feb 26, 2018 12:13 pm
Forum: General
Topic: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN
Replies: 9
Views: 2021

Re: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN

Thanks a lot for your time! It's been great to read your explanation, and honestly I feel that there are some key points that the IPsec wiki misses to explain which I believe I got the handle with your help. I hope at lease that this topic will be useful for IPsec newcomers like me! - Good call on ...
by bekax5
Mon Feb 26, 2018 2:32 am
Forum: General
Topic: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN
Replies: 9
Views: 2021

Re: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN

With IPsec "server" (your Mikrotik) connected to internet via a NAT device (i.e. when the Mikrotik itself doesn't have a public address on any interface) you need to use dirty tricks, so if you can get public address directly on Mikrotik via 4G, you should start from that configuration and eventual...
by bekax5
Sun Feb 25, 2018 8:03 pm
Forum: General
Topic: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN
Replies: 9
Views: 2021

Re: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN

I believe you meant export the firewall? Anyway, I might have many rules that don't matter for this. Well, I had in mind everything in order to avoid asking piece per piece if the firewall is not guilty, but never mind. Before I dive into the rule jungle, are you sure that all your client devices h...
by bekax5
Sun Feb 25, 2018 12:41 pm
Forum: General
Topic: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN
Replies: 9
Views: 2021

Re: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN

"/export hide-sensitive", please. Replace each public address eventually present in the result systematically with a unique token (like public.ip.1) if you don't want to disclose their association to you. As phase 2 completes, most likely the firewall rules will be the reason. I believe you meant e...
by bekax5
Sun Feb 18, 2018 8:47 pm
Forum: General
Topic: IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN
Replies: 9
Views: 2021

IPSec (Road Warrior + RB3011) - Can't LAN/Internet from VPN

Hi everyone, Given that apple removed PPTP from all their devices, I'm trying to setup IPSec for about 2 or 3 devices I use outside. By outside, all these 3 devices have Dynamic IPs, and besides home also having a dynamic I use dynamic DNS. Following the wiki I managed to configure IPSec and the dev...
by bekax5
Thu Feb 01, 2018 11:29 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 205
Views: 157583

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

I am really tempted on setting Suricata with Mtik integration. I want to run suricata on a QNAP as a VM and I already bought an Intel NIC for this purpose, however I noticed that the current QNAP versions do not support promiscuous mode for VMs, as such if I try to mirror the WAN interface I end up ...
by bekax5
Thu Dec 14, 2017 4:40 pm
Forum: General
Topic: Firewall - Block IPs (Raw/Filter?)
Replies: 0
Views: 355

Firewall - Block IPs (Raw/Filter?)

Hi everyone, I have a hEX PoE which is double NATted behind a RB3011. This device is to have IoT devices and further a few VLANs for guests and other stuff. At the moment I'm trying to set a blacklist to drop every IP I consider not being safe. I'm using Fastpath+Fasttrack, although if I read correc...
by bekax5
Tue Nov 07, 2017 9:13 pm
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

Re: R3011 Port-Mirror implementation (150Mps slowdown)

Hmm, indeed that seems weird. Have you tried v6.40.x? Does it exhibit the same behavior? (in case you are hitting some weird bug with the new bridges/hw offload implementation on 6.42rc) Just out of curiosity, have you tried this using the 2nd switch group instead? (eth6-eth10) I don't see how it c...
by bekax5
Tue Nov 07, 2017 6:46 pm
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

Re: R3011 Port-Mirror implementation (150Mps slowdown)

You are hitting 100% CPU usage in one core that why you see 50% total usage (the 2nd core is idle). So you are CPU bound. What does /tool > profile shows when you get 50% cpu usage? I haven't used mirroring in MikroTik, so I don't know how it behaves when the destination port is congested. In Cisco...
by bekax5
Tue Nov 07, 2017 2:02 am
Forum: General
Topic: RB3011 Port-Mirror implementation (150Mbps slowdown)
Replies: 13
Views: 1718

RB3011 Port-Mirror implementation (150Mbps slowdown)

Hi everyone. I have a RB3011 with gigabit FTTH. This Gigabit line is recent and I am still optimising the router for this setup. Anyway, I found out that by having no mirror setup I could reach every time 920Mbps+ If I would setup a mirror from eth1 to eth2 I can't go over 750Mbps! CPU won't go over...
by bekax5
Tue Oct 10, 2017 2:56 am
Forum: General
Topic: How to force hostname ? (wild device with hostname=localhost)
Replies: 1
Views: 1805

Re: How to force hostname ? (wild device with hostname=localhost)

Sorry for bump, but here it is the capture.

https://www.cloudshark.org/captures/d111922b008f

We can see the router offering a lease with a different hostname than the one being requested, but at the end the device just ignores...
Is this normal?
Am I using Option 12 in a wrong way?
by bekax5
Sun Oct 08, 2017 7:51 pm
Forum: General
Topic: How to force hostname ? (wild device with hostname=localhost)
Replies: 1
Views: 1805

How to force hostname ? (wild device with hostname=localhost)

Hello everyone, As some might know, there is a firmware on these samsung tizen smart tvs that comes with hardcoded hostname "localhost". I don't what what kind of engineers they have at samsung that statically assigned a reserved hostname like this. For now it's not causing big problems on my networ...
by bekax5
Sat Jun 24, 2017 7:10 pm
Forum: General
Topic: Delay@HTTP due to MTU ?? 200ms_Increase
Replies: 6
Views: 962

Re: Delay@HTTP due to MTU ?? 200ms_Increase

Update: I was able to track this issue to the hosts themselves. It appears that they were taking too long to answer due to a config called DelayedAckTimeout. On Win8.1 one can see the settings over powershell: Get-NetTCPSettings There are several setting profiles, and it was using one that had a del...
by bekax5
Sat Jun 24, 2017 5:25 pm
Forum: General
Topic: Delay@HTTP due to MTU ?? 200ms_Increase
Replies: 6
Views: 962

Re: Delay@HTTP due to MTU ?? 200ms_Increase

Yes, I'm trying to figure out where the problem comes from. Although it doesn't appear to be from MTk. All packets are the same size in either situation, and no ICMP are trying to be sent, so it doesn't appear to be a MTU mismatch. Here I managed to capture both situations with MTk MTU=4137 & MTU=41...
by bekax5
Sat Jun 24, 2017 5:41 am
Forum: General
Topic: Delay@HTTP due to MTU ?? 200ms_Increase
Replies: 6
Views: 962

Re: Delay@HTTP due to MTU ?? 200ms_Increase

I assume the L2MTU is still set to 8156 on the ten copper gigabit interfaces, and 8158 on SFP1 (which the Wiki states is the values for a 3011 routerboard) Honestly the copper are all 1500MTU/1598L2MTU. SFP is the only one in the local-bridge for testing purposes. This way I can also guarantee that...
by bekax5
Sat Jun 24, 2017 12:11 am
Forum: General
Topic: Mikrotik is unable to open ports for port forwarding [SOLVED]
Replies: 5
Views: 2819

Re: Mikrotik is unable to open ports for port forwarding [SOLVED]

If you're trying to allow traffic from wan to lan side,

I believe you should go to "ip firewall nat":
add chain=dstnat protocol=tcp dst-port=6800 action=dst-nat to-addresses=INTERNAL_IP_WITH_SAID_SERVICES to-ports=6800 comment="" disabled=no
by bekax5
Fri Jun 23, 2017 11:56 pm
Forum: General
Topic: Delay@HTTP due to MTU ?? 200ms_Increase
Replies: 6
Views: 962

Delay@HTTP due to MTU ?? 200ms_Increase

I've noticed today something very peculiar when working with MTUs and jumbo frames. There's something weird happening when I change the MTU from 4136 bytes to 4137 bytes. I first saw this because I had a HTTP sensor in PRTG and I saw huge delay increases when I started using big frames in the RB3011...
by bekax5
Wed Jun 21, 2017 5:02 am
Forum: General
Topic: SNMP changing on link down/up
Replies: 0
Views: 402

SNMP changing on link down/up

Hello everyone, I am using PRTG to monitor my network and its devices. One thing I noticed is that my VPN interface from mikrotik, whenever I get a link down and then it comes back up, even though that it's the same interface, PRTG is unable to keep tracking of it's information, It's as if the OIDs ...
by bekax5
Fri Aug 05, 2016 10:22 pm
Forum: General
Topic: Sniffer cures packetloss [fasttrack problem?]
Replies: 3
Views: 945

Re: Sniffer cures packetloss [fasttrack problem?]

If that port is part of a bridge try disabling it in the bridge settings.... /interface bridge settings> set allow-fast-path=no I guess this fixes the problem ! :D Thanks a lot!! Question: The fasttrack keeps active for any traffic coming from the outside right? Only ignored inside the bridge-local...
by bekax5
Fri Aug 05, 2016 9:33 pm
Forum: General
Topic: Sniffer cures packetloss [fasttrack problem?]
Replies: 3
Views: 945

Sniffer cures packetloss [fasttrack problem?]

Hello everyone, I am using a RB3011 with 6.36rc12. Somehow starting the sniffer cures my problems with a PPTP connection (only two clients connect with packet_mark and route) I read somewhere that this could happen because the sniffer turns off the fasttrack. Although, I'm not sure how to set the fi...
by bekax5
Tue Jul 19, 2016 9:55 pm
Forum: Beginner Basics
Topic: [How To] NAT on PPTP Server
Replies: 1
Views: 882

[How To] NAT on PPTP Server

Hi everyone, I am in search of some help setting up correctly a PPTP Server. At the moment everything is working correctly, with multiple clients being able to connect, they must be in a LAN with different subnet obviously, and they have access to the whole network. 1. Is there any interesting solut...
by bekax5
Mon May 23, 2016 2:06 am
Forum: General
Topic: CRS109 vs RB3011 (the latest is the slower ?!?)
Replies: 4
Views: 1351

Re: CRS109 vs RB3011 (the latest is the slower ?!?)

Just to update...

Turns out it was the NAT that getting too heavy.
I added: "dst-address-type=local" to every port-forward rule (I had 8 ) and the speeds increased from 17 to 100+

I haven't tried the full power on the 3011 because its only 100/100 fiber, but for now it's perfect.

Regards.
by bekax5
Mon May 23, 2016 2:02 am
Forum: Beginner Basics
Topic: [How to] dstnat on Vlan (Internet)
Replies: 1
Views: 1043

Re: [How to] dstnat on Vlan (Internet)

I managed to find out the issue. Turns out I had one wrong Firewall filter rule: chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=bridge-vlan12 log=no log-prefix="" I forgot to add the ! in the "connection-nat-state=dstnat" and so I was dropping everything tha...
by bekax5
Sun May 22, 2016 9:36 pm
Forum: Beginner Basics
Topic: [How to] dstnat on Vlan (Internet)
Replies: 1
Views: 1043

[How to] dstnat on Vlan (Internet)

Hi all, I receive my internet through a VLAN on eth1. I have setup a vlan interface on that input, a masquerade on that vlan and now I'm receiving IP from ISP's DHCP and Internet is working ok! I'm having an issue although which is related to NAT. I was trying to forward some ports but they are not ...
by bekax5
Mon May 16, 2016 4:05 am
Forum: General
Topic: DNS not working from RouterOS, can't pin down the problem
Replies: 2
Views: 1857

Re: DNS not working from RouterOS, can't pin down the problem

Atually I have the same dns issue at the new rb3011@6.36rc12
by bekax5
Sun May 15, 2016 2:19 pm
Forum: General
Topic: CRS109 vs RB3011 (the latest is the slower ?!?)
Replies: 4
Views: 1351

Re: CRS109 vs RB3011 (the latest is the slower ?!?)

I tried with the 6.36rc12 Same issue. Router isn't able to push over 17Mbit/s of upload. Whereas a simple crs109 is pushing a bit over 100Mbit/s. Also, I am not able to do a pingtest due to some firewall reason on the RB3011, even though both firewalls have the same configs! Not sure how to debug th...
by bekax5
Sun May 15, 2016 1:40 pm
Forum: General
Topic: RB3011 sfp-port not in switch menu
Replies: 3
Views: 1312

Re: RB3011 sfp-port not in switch menu

From the Block diagram, (http://i.mt.lv/routerboard/files/RB3011 ... 123613.png)
it looks like either it connects to the second CPU directly, or it gives 2Gbit/s for the second switch.

At least on mine it came as default on the local-bridge but also didn't came with any switch association.
by bekax5
Sun May 15, 2016 5:06 am
Forum: General
Topic: CRS109 vs RB3011 (the latest is the slower ?!?)
Replies: 4
Views: 1351

CRS109 vs RB3011 (the latest is the slower ?!?)

Hello everyone, I have been using a CRS109 as my home router. I realize it wasn't actually made to work as a router but as a switch, although until a few days ago I only had ADSL and 4G which didn't actually need much horsepower and it was doing a perfect job until now. Now I have a fiber 100/100 an...
by bekax5
Sun Apr 24, 2016 5:42 pm
Forum: RouterBOARD hardware
Topic: RB3011 Block diagram?
Replies: 230
Views: 56056

Re: RB3011 Block diagram?

Allow me to resuscitate this topic :D Am I right to assume that if I have a fiber uplink to the LAN and WAN on the first switch chip the router will just use the CPU1 ?? I am not sure if SFP will connect directly to CPU1 or to the second Switch chip? By the way, how does the router decide which CPU ...
by bekax5
Mon Nov 02, 2015 11:19 am
Forum: Beginner Basics
Topic: Hairpin NAT - 2nd Router
Replies: 4
Views: 1064

Re: Hairpin NAT - 2nd Router

How should I do that with DNS? set a static DNS record? Yes, and make sure your LAN is using your Mikrotik as its DNS server. Perfect! Thanks. It is, unfortunately these 4G routers can't be config as Bridges, and they still offer much more bandwith than a pendrive that I could really use as modem...
by bekax5
Sun Nov 01, 2015 6:16 pm
Forum: Beginner Basics
Topic: Hairpin NAT - 2nd Router
Replies: 4
Views: 1064

Re: Hairpin NAT - 2nd Router

Nobody is going to be able to tell you have to do hairpin NAT on this outside router without knowing the make/model. You might find it easier to do this with DNS rather than hairpin NAT. Hi. Well, let's just say that the other router is not very customizable.. It's a Huawei B593 and I was trying to...
by bekax5
Sat Oct 31, 2015 8:50 pm
Forum: Beginner Basics
Topic: Hairpin NAT - 2nd Router
Replies: 4
Views: 1064

Hairpin NAT - 2nd Router

Hi everyone. I have setup a NAT rule for Hairpin NAT. Now I had to change from Mikrotik being the only gateway for a second 4G router being the Internet gateway and it stopped working.. It seems that the second router doesnt redirect the requests when they are the public IP but uses them as if it wo...
by bekax5
Mon Oct 26, 2015 6:39 pm
Forum: Beginner Basics
Topic: What does Local ip address in Quick Set means?
Replies: 7
Views: 4549

Re: What does Local ip address in Quick Set means?

I mean, if we have multiple lan networks with DHCP and all. What IP must we put there in Quick Set - Local Network - IP Address? I figure out that sometimes automatically changes this IP and also sometimes if i set a wrong ip i got no connection to internet. Thanks for your help That's exactly what...
by bekax5
Mon Oct 26, 2015 2:13 pm
Forum: Beginner Basics
Topic: PPTP Client - cant ping server
Replies: 3
Views: 696

Re: PPTP Client - cant ping server

Heelo, Set proxy-arp on your local bridge, and then try to ping again. Regards, Hi, I've already done it, but still nothing. I'm starting to think this is a server side problem since I did the exact same thing with a different server and got it to work on the first try. I guess it's some problem as...
by bekax5
Sat Oct 24, 2015 11:06 pm
Forum: Beginner Basics
Topic: PPTP Client - cant ping server
Replies: 3
Views: 696

Re: PPTP Client - cant ping server

Edit: Local and Remote IP are now - OK. It was a misconfiguration under the PPP profile (Use Encryption required a yes). Still, I can sniff the ping packets, they leave with the correct IPs, but never return... I have a NAT masquerade for the pptp-out1 A mangle that I confirm the packets are passing...
by bekax5
Sat Oct 24, 2015 9:42 pm
Forum: Beginner Basics
Topic: PPTP Client - cant ping server
Replies: 3
Views: 696

PPTP Client - cant ping server

Hi everyone, I am trying to set my Mikrotik CRS109 with a PPTP Client. I tried following this tutorial: http://strongvpn.com/setup_mikrotik_pptp.html However there is still something not working. I see packets flowing through the out interface and Mangle rule, but they are not returning. It works ho...
by bekax5
Sun Aug 23, 2015 7:50 pm
Forum: Beginner Basics
Topic: How To Lease time infinite ?
Replies: 10
Views: 22563

Re: How To Lease time infinite ?

lease-time (time; Default: 0s) Time that the client may use the address. If set to 0s lease will never expire. From: wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server Hope that helps, --jg3 Well, I tried: "0s" which returns an "Invalid value in Lease Time". Also the default comes as: "00:00:00" which us...
by bekax5
Sat Aug 15, 2015 5:14 pm
Forum: Beginner Basics
Topic: How To Lease time infinite ?
Replies: 10
Views: 22563

Re: How To Lease time infinite ?

adding a lease makes it static, as you say, indefinite. Any device that is not specifically added by you, will have a dynamic lease, and will expire as per the DHCP server lease time. So, simply adding the IP and MAC makes the lease last forever. All other will expire. Both via the telnet or web, a...
by bekax5
Sat Aug 15, 2015 1:19 am
Forum: Beginner Basics
Topic: How To Lease time infinite ?
Replies: 10
Views: 22563

Re: How To Lease time infinite ?

adding a lease makes it static, as you say, indefinite. Any device that is not specifically added by you, will have a dynamic lease, and will expire as per the DHCP server lease time. So, simply adding the IP and MAC makes the lease last forever. All other will expire. Both via the telnet or web, a...
by bekax5
Sat Aug 15, 2015 12:30 am
Forum: Beginner Basics
Topic: How To Lease time infinite ?
Replies: 10
Views: 22563

Re: How To Lease time infinite ?

you only need the IP address and MAC address. /ip dhcp-server lease add address=192.168.1.10 mac-address=00:11:22:33:44:55:66 Hi, thanks for the quick answer. That way the lease will still take the DHCP Rule lease time correct? I would like for any normal lease to take 1 day, and for static leases ...
by bekax5
Fri Aug 14, 2015 11:47 pm
Forum: Beginner Basics
Topic: How To Lease time infinite ?
Replies: 10
Views: 22563

How To Lease time infinite ?

Hello everyone. I am trying to set some static leases. Although, I am not able to set a lease time =infinite in the static ones. The DHCP Rule has lease time ="1d 00:00:00" In the static leases I was trying to set lease time ="00:00:00" Which I though was infinite, but or the main dhcp rule overrule...
by bekax5
Thu Aug 13, 2015 9:18 pm
Forum: Beginner Basics
Topic: Domain does not redirect correctly to NAT:Port but to Router
Replies: 7
Views: 1191

Re: Domain does not redirect correctly to NAT:Port but to Router

Update:

Nevermind.
My other NAT rules were set with in-interface=pppoe-out1
I did change them From in-interface=pppoe-out1 To dst-address-type=local

Now everything is working with a general Hairpin NAT rule.
Thanks for all!
by bekax5
Thu Aug 13, 2015 7:37 pm
Forum: Beginner Basics
Topic: Domain does not redirect correctly to NAT:Port but to Router
Replies: 7
Views: 1191

Re: Domain does not redirect correctly to NAT:Port but to Router

Looks like this is what you are looking for: http://wiki.mikrotik.com/wiki/Hairpin_NAT That was exactly what I was searching for. Thanks a lot !! I was reading a bit more to see how to set a general rule for the hairpin NAT from 192.168.1.0/24 to 192.168.1.0/24. I am although, trying to set it like...
by bekax5
Thu Aug 13, 2015 4:24 am
Forum: Beginner Basics
Topic: Domain does not redirect correctly to NAT:Port but to Router
Replies: 7
Views: 1191

Re: Domain does not redirect correctly to NAT:Port but to Router

Dont forward to port 80 ! Port 80 is allready "bisy" from WebFig Administration Panel from MikroTik. Please cheange the port to 82 for ex, and try again, or change Webfig port from 80 to another else. Perhaps I didn't explain well. My problem is after I forwarded several ports via Nat to the outsid...
by bekax5
Thu Aug 13, 2015 1:22 am
Forum: Beginner Basics
Topic: Domain does not redirect correctly to NAT:Port but to Router
Replies: 7
Views: 1191

Re: Domain does not redirect correctly to NAT:Port but to Router

Anyone ?

Basically, what I'm trying to do is access:
http://domain.com:8080 (since I have a dst-nat map to internal IP 192.168.1.100:8080)
But instead, it gives me the router's IP:Port, meaning: http://192.168.1.254:8080

Perhaps something missing in the NAT ? Any ideas?
by bekax5
Sun Aug 09, 2015 3:04 am
Forum: Beginner Basics
Topic: Domain does not redirect correctly to NAT:Port but to Router
Replies: 7
Views: 1191

Domain does not redirect correctly to NAT:Port but to Router

Hello everyone. I am currently using a CRS109-8G-1S-2HnD-IN with OS6.28. I have a valid SSL/TLS certificate that points to my external IP. Although when I use it inside of the network, the mikrotik does not point to the correct IP:Port that should, but redirects to the router's IP and not the correc...
by bekax5
Thu Jun 11, 2015 2:38 am
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

One more question. I am not able to access inside services if I use my DNS anymore. Before I could for example use my DNS to open my web server or open an SSH session with DNS:22. Now if I use it inside of the network it doesn't redirect me. I believe it's some config I have no idea of. Could you en...
by bekax5
Mon May 18, 2015 2:23 am
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

They have different IP addresses, they represent IP hops between devices attached to them.... It actually makes a lot more sense on the server side - suppose you have 500 customers all connected to ether1 via PPPoE - you'd have 500 interfaces that you could set up with different queues, IP filters,...
by bekax5
Sun May 17, 2015 7:18 pm
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

Well, as for the block incoming traffic question I think I got it to work since I changed one rule blocking all input traffic from interface "ether1-gateway" to interface "pppoe-out" and it stopped previously opened ports =) Edit: I did the same with the NAT, changed "ether1-gateway" to "pppoe-out" ...
by bekax5
Sun May 17, 2015 6:59 pm
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

Ah I guess I got the point! In fact yes, there was no gateway in the device on the ether1 network so I guess that's why there wasn't any answer back =) Thanks for the hint! Let me ask you for a few more questions regarding the security of the Mikrotik. I configured everything else and now I'm in the...
by bekax5
Sun May 17, 2015 2:41 am
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

Problem: I cannot ping inside 192.168.0.0/24 from LAN. Mikrotik can ping 192.168.0.0/24 from web portal. I have although, Internet access on LAN =) Add this rule to your srcnat chain, BEFORE the normal masquerade rule for the pppoe interface: action=src-nat to-addresses=192.168.0.x dst-address=192....
by bekax5
Sat May 16, 2015 11:27 pm
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

This is not a clear request. Your ADSL modem, what you are calling the bridge?, is configured with 192.168.0.1/24 on its ethernet interface. Yes / No? Your ADSL modem also passes through PPPoE so that your CRS109 can get a public IP for Internet access. Yes / No? You want to use PPPoE on the MikroT...
by bekax5
Thu May 14, 2015 12:40 am
Forum: Beginner Basics
Topic: Connecting 2 Mikrotik's over the internet
Replies: 36
Views: 4394

Re: Connecting 2 Mikrotik's over the internet

Have you ever heard about hamachi ?
by bekax5
Tue May 12, 2015 7:13 pm
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

This is not a clear request. Your ADSL modem, what you are calling the bridge?, is configured with 192.168.0.1/24 on its ethernet interface. Yes / No? Your ADSL modem also passes through PPPoE so that your CRS109 can get a public IP for Internet access. Yes / No? You want to use PPPoE on the MikroT...
by bekax5
Tue May 12, 2015 5:13 pm
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Re: Help! PPPoE and Static same interface

I am really interested in knowing if this is possible! (bump)
by bekax5
Tue May 05, 2015 10:30 am
Forum: RouterBOARD hardware
Topic: Transceivers S-3553LC20D
Replies: 1
Views: 686

Transceivers S-3553LC20D

Hello everyone,

I have a question related to these transceivers.

I wonder if they accept all kinds of LC connectors, like LC/PC, LC/UPC and LC/APC or if they don't allow certain types?

Regards!
by bekax5
Mon May 04, 2015 1:41 am
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 4142

Help! PPPoE and Static same interface

Hi all, I am trying to find out how to make a connection similar to the one I have at the moment but I want to improve the network to RouterOS. I bought a CRS109 and want to make it my default router at home. I have a bridge that brings ADSL as a PPPoE, but I would like to still access this bridge's...
by bekax5
Fri May 01, 2015 5:38 pm
Forum: Beginner Basics
Topic: Dual Access PPPoE
Replies: 0
Views: 1113

Dual Access PPPoE

Hi everyone. Yesterday I received a new CRS109. My knowledge in networks is nothing really advanced, but I want to use this equipment to learn something more. In any case, at the moment I have my network setup like this: Modem - Router - Switch - Rest of the network The modem is actually an Adsl rou...