Community discussions

Search found 38 matches

by almdandi
Mon Jun 24, 2019 10:40 pm
Forum: Beginner Basics
Topic: CGNAT with VLAN!!
Replies: 1
Views: 208

Re: CGNAT with VLAN!!

Hey, without configuration export is difficult to say was the problem is. A "export hide-sensitive" would be nice. A good idea to start with, would be to run a traceroute from the client to the main router or an IP address in the internet. Or even try to ping the main router. And for testing purpose...
by almdandi
Wed Oct 24, 2018 7:08 pm
Forum: RouterBOARD hardware
Topic: Wish: 60GHz Pro Model
Replies: 12
Views: 1659

Re: Wish: 60GHz Pro Model

+1

I don't care about a 1G or a 10G port, if the wireless link is "only" 1G but yes a integradet SXTsq 5 ac would be nice.
by almdandi
Wed Jul 25, 2018 7:40 pm
Forum: Wireless Networking
Topic: "banned" - what does it mean?
Replies: 2
Views: 599

Re: "banned" - what does it mean?

Looks like your mac access is not listed in the wlan acl

https://wiki.mikrotik.com/wiki/Manual:I ... ccess_List
by almdandi
Fri Jun 22, 2018 12:21 pm
Forum: General
Topic: hAP-AC2 6.42.4 - HWOffload [solved]
Replies: 13
Views: 2194

Re: hAP-AC2 6.42.4 - HWOffload

The hAP ac² dose have a switch chip (Atheros 8327) with vlan switching support and is supported in routeros. The RB750Gr3 have also a switch chip (MT7621) with vlan switching support but is on yet implemented in routeros. So on the RB750Gr3 you only can use software switch if you need vlans. See the...
by almdandi
Sat Jun 16, 2018 5:00 pm
Forum: General
Topic: Passing public IPs to some PPPoE Users
Replies: 4
Views: 624

Re: Passing public IPs to some PPPoE Users

Hallo I think, as victorsoares said, assign one of the /27 ips to your customer, exclude the /27 from your nat rule to the internet and check your firewall rules, so they allow the traffic. Maybe it's a problem that the local end of the pppoe tunnel uses a private address, for further routing but i ...
by almdandi
Fri May 25, 2018 1:20 am
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 279
Views: 35629

Re: wAP 60G experience

@MonkeyDan
What software are you using for the grath visualization?
by almdandi
Fri May 25, 2018 12:11 am
Forum: Beginner Basics
Topic: The NAT rule for viewing IPTV from a provider's UDP-to-HTTP server from outside the provider's network.
Replies: 6
Views: 1295

Re: The NAT rule for viewing IPTV from a provider's UDP-to-HTTP server from outside the provider's network.

The Cleint sends his HTTP reqeust to your router, with the worng host header. The router forwards the request to the http reverse proxy. The proxy rewrites the host header and sends a reqeust to the iptv provider. I used nginx a couple of time as a reverse proxy. Just google "nginx reverse proxy rew...
by almdandi
Wed May 23, 2018 9:00 pm
Forum: Beginner Basics
Topic: The NAT rule for viewing IPTV from a provider's UDP-to-HTTP server from outside the provider's network.
Replies: 6
Views: 1295

Re: The NAT rule for viewing IPTV from a provider's UDP-to-HTTP server from outside the provider's network.

You can try it with a http reverse proxy that rewrites the host header to the correct one (unitv.xxxxxx.net).
by almdandi
Tue May 22, 2018 1:24 pm
Forum: General
Topic: A router for home - capable of 300Mb/s
Replies: 17
Views: 1443

Re: A router for home - capable of 300Mb/s

The Hap ac^2 and the RB750GR3 have 4 cores compared to the Hap ac and RB2011 only 1 core and the RB3011 2 cores. So the Hap ac^2 and the RB750GR3 are the most powerful routers before the CCR series. RouterOS provides a tool to analyze the system load, called Profiler . So you can check whats the bot...
by almdandi
Fri May 18, 2018 5:04 pm
Forum: General
Topic: How to configure multiple vlan with hw-offload
Replies: 30
Views: 2995

Re: How to configure multiple vlan with hw-offload

Hallo,

i think you need a vlan interface for each for your vlans under the bridge, so the cpu can access the traffic and can NAT it. Then assign your ip address to the vlan interfaces.
by almdandi
Sat Apr 14, 2018 12:57 pm
Forum: Beginner Basics
Topic: CCR - Mikrotik Bridge usage with multiple Vlans
Replies: 6
Views: 958

Re: Mikrotik Bridge usage with multiple Vlans

Here is a presentation from the MUM in Berlin, explaining the new bridge implementation pretty well: https://www.youtube.com/watch?v=ZMMpza-O7_w&
by almdandi
Thu Mar 22, 2018 3:44 pm
Forum: General
Topic: L2TP VPN with Raduis authentication
Replies: 0
Views: 253

L2TP VPN with Raduis authentication

Hallo, i trying to configure the mikrotik router to authenticate L2TP Users through an ADS (NPS). I followed the this video but it seem like that the router need contraction the NPS (see screenshot). In the Event Log on the Server, i also see no authentication attemps. Config: /radius add address=19...
by almdandi
Fri Mar 09, 2018 2:00 pm
Forum: Forwarding Protocols
Topic: IPSEC Symmetric Routing
Replies: 1
Views: 459

Re: IPSEC Symmetric Routing

I'm a littlebit confused what you trying to achieve and what your setup is. Maybe a config export (export compact hide-sensitive) would be helpful. If i understand you correctly, you want that site A (192.168.0.0/24) and site B (10.0.0.0/24) can access each other. For that i would use a IPSec Site 2...
by almdandi
Mon Mar 05, 2018 10:26 pm
Forum: General
Topic: Netflix and Hulu over VPN
Replies: 4
Views: 1657

Re: Netflix and Hulu over VPN

What about the new tls-host matcher. It is possible to use it in the mangle table to set a routing-mark. So maybe, i'm not tested it, you mark all packets which hits the mangle rule with the netflix and hulu domains and route it through the vpn gateway. Something like this: /ip firewall mangle add a...
by almdandi
Sun Feb 18, 2018 11:24 am
Forum: General
Topic: How to properly setup IPV6 over PPPoE?
Replies: 4
Views: 1973

Re: How to properly setup IPV6 over PPPoE?

Hallo

Under IPv6 -> ND you can set the prefered lifetime und the valid lifetime for every prefix or globally. Maybe this will help
by almdandi
Wed Jan 17, 2018 3:13 am
Forum: Beginner Basics
Topic: IPv6 router settings
Replies: 15
Views: 2516

Re: IPv6 router settings

Hallo, i also got a static /56 prefix form my ISP last December but I hadn't really time to set it up yet and I am also really new to IPv6. In the IPv4 world you have NAT. It directly protects your internal devices from being accessed from the internet. Even when the device doesn't have a firewall. ...
by almdandi
Tue Oct 31, 2017 9:44 pm
Forum: General
Topic: Ipsec Site to Site, again...
Replies: 14
Views: 1763

Re: Ipsec Site to Site, again...

Oh. I mist the "X". But i had the same problem in the past where fasttrack was introduced. To be able to ping from the rooter to the other subnet you need the add a static route. Here is an example. dst-address is your remote subnet and gateway is your interface with the local subnet attached. /ip r...
by almdandi
Tue Oct 31, 2017 12:23 am
Forum: General
Topic: Ipsec Site to Site, again...
Replies: 14
Views: 1763

Re: Ipsec Site to Site, again...

Hallo, All wrong. You have a fasttrack rules in your filter table. Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree with parent=global, ip traffic-flow(restriction removed in 6.33), IP accounting, IPSec, hotspot universal client, VRF assignment, so it is up to admi...
by almdandi
Sat Oct 14, 2017 12:49 pm
Forum: General
Topic: Mikrotik IPV6 Network, IPV4 ISP
Replies: 4
Views: 733

Re: Mikrotik IPV6 Network, IPV4 ISP

You can have a dynamic ip and use the he.net tunnelbroker. I use it with one and also in compinations with pppoe. 1. Setup to tunnel. You can copy the configuration for RouterOS from the "Example Configurations" tab. 2. Next i added a ppp profile for my pppoe connection and i added a script an the u...
by almdandi
Tue Oct 10, 2017 3:30 am
Forum: General
Topic: Public & Private IP on PPPOE LAN
Replies: 1
Views: 446

Re: Public & Private IP on PPPOE LAN

Hey. 1.) Setup a ip pool for from 192.168.1.1 to 192.168.1.255 2.) Setup a ppp profile for the pppoe server. Local address should be 20.15.64.81 and remote address should be to ip pool. 3.) With the ppp secrets you can then assign your special customers a public address otherwise they will get a pri...
by almdandi
Mon Oct 09, 2017 12:26 pm
Forum: General
Topic: L2TP/IPSEC client-to-client [SOLVED]
Replies: 8
Views: 1081

Re: L2TP/IPSEC client-to-client [SOLVED]

Hey How far did you got with your l2tp setup? Maybe a thing. Did you added a route back on each router? Maybe because you want to add more sites, you should consider to use a dynamic routing protocol. Try this. Router 172.16.1.1 /ip route add dst-address=10.0.2.0/24 gateway=172.16.1.2 /ip route add ...
by almdandi
Mon Oct 09, 2017 3:09 am
Forum: General
Topic: L2TP/IPSEC client-to-client [SOLVED]
Replies: 8
Views: 1081

Re: L2TP/IPSEC client-to-client [SOLVED]

Hey I don't know exactly what you try to accomplish but i would recommend you a simple ipsec site 2 site tunnel from each site to the others. So all private networks are connected to each other. One important point in such a setup is to have different subnets on each site but as your diagram shows t...
by almdandi
Mon Oct 09, 2017 2:41 am
Forum: Beginner Basics
Topic: PPPOE with a /29 ip range? [SOLVED]
Replies: 4
Views: 702

Re: PPPOE with a /29 ip range? [SOLVED]

Hey

Try this. Add to your ether2 interface your x.230.119.41/29 address. Than assign your mail server for example x.230.119.42/29 and try it again.
The gateway for the mail server should be x.230.119.41.

Greetings
by almdandi
Mon Oct 09, 2017 2:16 am
Forum: Beginner Basics
Topic: Trying to set up VLAN per port with DHCP on hEX 5 port router
Replies: 2
Views: 656

Re: Trying to set up VLAN per port with DHCP on hEX 5 port router

Hey

The hEX (RB750Gr3) with the MT7621 switch chip doesn't support vlans at the current router os version. The a look a this and this.

What you can do is, configure one subnet per port the ship around the missing functionality or use software based vlan switching.

Greetings
by almdandi
Mon Oct 09, 2017 1:59 am
Forum: General
Topic: IKEv2 client trouble [SOLVED]
Replies: 2
Views: 672

Re: IKEv2 client trouble [SOLVED]

Hey

Here is a note from the IPSec Wiki. First result form google.
Note: Currently RouterOS does not support any of EAP authentication methods
Greetings
by almdandi
Thu Jun 29, 2017 4:07 pm
Forum: General
Topic: Give out Public IPs Using PPPoE Server
Replies: 9
Views: 2135

Re: Give out Public IPs Using PPPoE Server

Maybe a little be late but i tried it today in GNS3 and it worked. https://i.imgur.com/JT7wpov.png ISP Router /ip address add address=1.2.3.1/29 interface=ether2 network=1.2.3.0 PPPoE Server /interface ethernet set [ find default-name=ether1 ] arp=proxy-arp /ip pool add name=pool-pppoe ranges=1.2.3....
by almdandi
Sun Jun 25, 2017 3:55 pm
Forum: General
Topic: Give out Public IPs Using PPPoE Server
Replies: 9
Views: 2135

Re: Give out Public IPs Using PPPoE Server

Why is that not possible? I think it is possible. You have 6 usable ip addresses. For example: 1.2.3.0 - Network Address 1.2.3.1 - ISP Gateway 1.2.3.2 - WAN Router 1.2.3.7 - Broadcast Address So the ip's from 1.2.3.3 to 1.2.3.6 are free. In the ppp profile configuration for the pppoe server, you set...
by almdandi
Sun Jun 25, 2017 3:17 pm
Forum: General
Topic: IPSec Site to Site Firewall
Replies: 16
Views: 1841

Re: IPSec Site to Site Firewall

I'm a little bit confused what you want to do. IPSec Site 2 Site, Road Worear VPN.That's two different things. Maybe you can give us a look at our ipsec configuration. That would be very helpful But if i get you corrent from your first post. The traffic form your second site will appear on the WAN i...
by almdandi
Wed May 31, 2017 7:01 pm
Forum: General
Topic: Transparent Bridge - PPPoE
Replies: 7
Views: 2720

Re: Transparent Bridge - PPPoE

I think he means this post: viewtopic.php?t=96047
by almdandi
Sat May 27, 2017 8:13 pm
Forum: General
Topic: Transparent Bridge - PPPoE
Replies: 7
Views: 2720

Re: Transparent Bridge - PPPoE

I do not understand what you want at all and what you already tried because bridging all ports together in a pppoe setup and a nat passthrough rule makes to me no sense?? Can you please explain your problem again and what you want. And more information on your setup would be also gread (interface/ i...
by almdandi
Sat May 27, 2017 12:02 pm
Forum: General
Topic: NAT with Multi-Gateway problems
Replies: 4
Views: 847

Re: NAT with Multi-Gateway problems

I tested it with the following and it worked. And you will run into a private address leak because you only nat ip address up to 20. To avoid this, you could for example, add a rule in your forwarding chain that allows only traffic from your 40 addresses. /interface ethernet set [ find default-name=...
by almdandi
Mon May 22, 2017 5:22 pm
Forum: General
Topic: NAT with Multi-Gateway problems
Replies: 4
Views: 847

Re: NAT with Multi-Gateway problems

Your second default route (2.2.2.254) is not active because you already have a default route in your main routing table (1.1.1.254). The key word is Policy Based Routing. Just google it. In short. You create 2 extra routing tables. One with the default gateway points to 1.1.1.254 and one with the de...
by almdandi
Sat May 13, 2017 1:53 pm
Forum: RouterBOARD hardware
Topic: LHG 60G
Replies: 63
Views: 13340

Re: LHG 60G

Yeah, more information about the upcoming 60 Ghz products would be great.
by almdandi
Sun May 07, 2017 2:57 pm
Forum: General
Topic: Port Forwarding from Certain IP's only
Replies: 2
Views: 2822

Re: Port Forwarding from Certain IP's only

Hello mi0tx Try this. The first rule will allow all connection on your wan port for which you have a dst-nat rule defined. This way to filter your port forwardings is much more scalable because you need only one rule for all your port forwardings. The second rule is the destination nat rule. Your mi...
by almdandi
Tue Jul 26, 2016 7:13 pm
Forum: General
Topic: Set packets marks
Replies: 3
Views: 2545

Re: Set packets marks

Okay, nice. So something like this should work right? /ip firewall mangle chain=forward action=mark-connection new-connection-mark=mitarbeiter-con passthrough=yes in-interface=br-mitarbeiter out-interface-list=gates log=no log-prefix=""  chain=forward action=mark-packet new-packet-mark=mitarbeiter-p...
by almdandi
Mon Jul 25, 2016 9:31 pm
Forum: General
Topic: Set packets marks
Replies: 3
Views: 2545

Set packets marks

Hello,

can somebody explain me the difference between setting the mark in the prerouting, postrouting or in the forward chain. Or is it better to set first a connection mark? I need these marks for my queue setup.
by almdandi
Thu May 14, 2015 11:59 pm
Forum: General
Topic: IPSec: Tunnel established but no connection
Replies: 2
Views: 758

Re: IPSec: Tunnel established but no connection

Wow. Thanks a lot. That was the issue.
I misunderstood the packet flow but when you take a closer look at the IPsec encryption and decryption diagram you see exactly how the packet flows.
by almdandi
Sun May 03, 2015 7:19 pm
Forum: General
Topic: IPSec: Tunnel established but no connection
Replies: 2
Views: 758

IPSec: Tunnel established but no connection

Hallo everyone I'm trying to setup up an IPSec VPN with a friend. Both are Mikrotik router with the current RouterOS version. Setting up the Polices, the Peer,the proposal and the src-nat exclusion, no problem, the tunnel gets established. But when i try to ping an ip in his network i get a timeout ...