Community discussions

Search found 51 matches

by nfletcher2
Thu May 23, 2019 10:07 pm
Forum: Beginner Basics
Topic: VRRP Question - Break Apart
Replies: 1
Views: 281

VRRP Question - Break Apart

I have done some searching but could not clearly find an answer to this. I am working on replacing 2 Mikrotik's with a different vendor/model of router and need a little help. Both routers are setup in a data center with VRRP setup on the public side. I need to break apart the VRRP and move all the ...
by nfletcher2
Thu Apr 04, 2019 5:33 pm
Forum: General
Topic: WAN Notifications
Replies: 6
Views: 451

Re: WAN Notifications

Anyone?
by nfletcher2
Tue Apr 02, 2019 10:53 pm
Forum: General
Topic: WAN Notifications
Replies: 6
Views: 451

Re: WAN Notifications

There are two perspectives here. One is to have the router detect a failure and alert you. The other is to determine if the router is visible from the internet. For part two, I suggest UpTimeRobot.com They can monitor specific ports, a normal ping, a website, and various other things. They can noti...
by nfletcher2
Tue Apr 02, 2019 10:46 pm
Forum: General
Topic: WAN Notifications
Replies: 6
Views: 451

Re: WAN Notifications

How will you be notified if all three go down? :-) The purpose of failover is so that the internet keeps being provided if one or two ISPs are not available. There is nothing to admin here unless you control the ISPs LOL. If the router goes down well you are in the situation of the first line. If t...
by nfletcher2
Mon Apr 01, 2019 10:08 pm
Forum: General
Topic: WAN Notifications
Replies: 6
Views: 451

WAN Notifications

Hello all, I am working on a customer's router and am not real sure how I want to accomplish monitoring of the WAN interfaces. I was hoping for some recommendations This specific customer has 3 separate internet lines. We are accomplishing fail-over via administrative distance on the default routes....
by nfletcher2
Wed Aug 22, 2018 2:25 pm
Forum: General
Topic: Winbox access to Mikrotik behind a MIkrotik
Replies: 9
Views: 644

Re: Winbox access to Mikrotik behind a MIkrotik

Think about both src-address and dst-address of packets in both directions. The RB connected to internet listens on public address. On this RB, you can set a dst-nat rule to translate e.g. dst-port=48291 to to-addresses=first.panel.ip and to-ports=8291 , and another one to translate dst-port=58291 ...
by nfletcher2
Wed Aug 22, 2018 2:22 pm
Forum: General
Topic: Winbox access to Mikrotik behind a MIkrotik
Replies: 9
Views: 644

Re: Winbox access to Mikrotik behind a MIkrotik

I am able to mac-telnet from the 3011 to the QRT panels [...]

Enable RoMON and you're set.

https://wiki.mikrotik.com/wiki/Manual:RoMON
I will check RoMON out, thank you. I have seen it but never looked into it.
by nfletcher2
Wed Aug 22, 2018 2:21 pm
Forum: General
Topic: Winbox access to Mikrotik behind a MIkrotik
Replies: 9
Views: 644

Re: Winbox access to Mikrotik behind a MIkrotik

Use non-standard ports for WinBox access to the PTPs. Then it’s just standard NATting to get to them from the internet.



Sent from a $&@#% iPhone using Tapatalk
I did try with offset ports with no success. I mac-telneted into the panels and changed the service port.
by nfletcher2
Tue Aug 21, 2018 3:46 pm
Forum: General
Topic: Winbox access to Mikrotik behind a MIkrotik
Replies: 9
Views: 644

Re: Winbox access to Mikrotik behind a MIkrotik

I understand that is the best practice. In reality, I just need to do some adjusting on the newly installed PTP panels and this is only a temp thing. But a VPN may be easier at this point. With that said, understanding how to NAT that through and why it isn't working is something I would love to know.
by nfletcher2
Tue Aug 21, 2018 3:25 pm
Forum: General
Topic: Winbox access to Mikrotik behind a MIkrotik
Replies: 9
Views: 644

Winbox access to Mikrotik behind a MIkrotik

So I am trying to access a couple PTP panels externally that are behind a Mikrotik. The setup is as follows... Me -----> Internet -----> (public IP) Mikrotik 3011 (10.1.10.1) -----> LAN (10.1.10.0/24) -----> QRT ac (10.1.10.209) -----> QRT ac (10.1.10.211) I have full Winbox access to the 3011. The ...
by nfletcher2
Tue Apr 24, 2018 5:19 pm
Forum: General
Topic: Odd Casting Issue
Replies: 1
Views: 265

Re: Odd Casting Issue

Anyone?
by nfletcher2
Mon Apr 23, 2018 4:15 pm
Forum: General
Topic: Odd Casting Issue
Replies: 1
Views: 265

Odd Casting Issue

So we have an issue that is not directly caused by a Mikrotik, but I think we can use the Mikrotik at the gateway to solve the issue. We have a customer that has about 50 sites connected via VPN and all are routed with OSPF. This customer recently added a couple new TVs in their executive conference...
by nfletcher2
Wed Dec 06, 2017 6:07 pm
Forum: General
Topic: Bad Speeds on CRS125 [SOLVED]
Replies: 6
Views: 514

Re: Bad Speeds on CRS125 [SOLVED]

The CPU of the CRS is very underpowered and struggles to reach anything close to a gig. This is a very common complaint and scenario on the CRS. You really need an RB3011, 100AHx2 or 4 or CCR1009 for the routing part.
Thank you!
by nfletcher2
Wed Dec 06, 2017 6:06 pm
Forum: General
Topic: Bad Speeds on CRS125 [SOLVED]
Replies: 6
Views: 514

Re: Bad Speeds on CRS125 [SOLVED]

Does it mean the switch switches slowly? I doubt that. More likely you use it as router. In this case think about switching the fasttrack on if you do natting with connection tracking. Also check its nominal routing performance on product page and imagine it is a switch with some routing capabiliti...
by nfletcher2
Wed Dec 06, 2017 5:48 pm
Forum: General
Topic: Bad Speeds on CRS125 [SOLVED]
Replies: 6
Views: 514

Re: Bad Speeds on CRS125 [SOLVED]

I am using it as a router, but I would assume that it should get at least better than what I am seeing.
by nfletcher2
Wed Dec 06, 2017 3:00 pm
Forum: General
Topic: Bad Speeds on CRS125 [SOLVED]
Replies: 6
Views: 514

Bad Speeds on CRS125 [SOLVED]

Hello All! I have a question and I am hoping I am missing something... I have a WAN connection that has 500x100Mbps. I can plug in laptop and get around that. I connect a PC directly to a Mikrotik CRS125 and I only get around 120x100Mbps. I have disabled all firewall rules and verified there are no ...
by nfletcher2
Wed Nov 01, 2017 4:30 pm
Forum: The Dude
Topic: The Dude Infrastructure Question
Replies: 2
Views: 732

Re: The Dude Infrastructure Question

Hello, nfletcher2! Dude is a nice tool and we think in near future it will become more powerful. What I would like to setup though, if possible, is one central Dude server that connects to the WAN IP address of all of these Mikrotik's and allows managing and updating from a central location. At the...
by nfletcher2
Wed Nov 01, 2017 4:27 pm
Forum: Scripting
Topic: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]
Replies: 14
Views: 2767

Re: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]

Thank you! I will look into what they use for DNS or find an alternate to point the route to. I like this take as it is much easier and less complicated than some of the others I have seen. Do you have any insight into how to make both WAN's accessible? The problem I assume I am running into is whe...
by nfletcher2
Tue Oct 31, 2017 7:05 pm
Forum: The Dude
Topic: The Dude Infrastructure Question
Replies: 2
Views: 732

The Dude Infrastructure Question

Hello All! I have been doing some R&D with The Dude and am trying to understand if I can make it work for our infrastructure. I have searched and searched for a forum or topic that covers what I want The Dude to be able to do, but can not find a spot on article that better describes what I want it t...
by nfletcher2
Tue Oct 10, 2017 2:21 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 1057

Re: Odd VOIP Behavior on Mikrotik 3011

Are you talking about on the phone itself?
Yes
I will try this, thank you!
by nfletcher2
Mon Oct 09, 2017 11:47 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 1057

Re: Odd VOIP Behavior on Mikrotik 3011

I believe they re-register every 240 seconds, according to the vendor.
Change this to be less than 180 seconds, say 120. The remote server maybe terminating them. MikroTik's timeout is 300. Linux is 180 I think.
Are you talking about on the phone itself?
by nfletcher2
Mon Oct 09, 2017 5:20 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 1057

Re: Odd VOIP Behavior on Mikrotik 3011

Hi, yes, these two values are especially relevant for SIP/RTP. I can't give a general advice which values to set in your case, but it's worth trying to slightly increase these values. Furthermore, have a read of this thread: https://forum.mikrotik.com/viewtopic.php?t=85039 Usually, the problem is t...
by nfletcher2
Mon Oct 09, 2017 2:59 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 1057

Re: Odd VOIP Behavior on Mikrotik 3011

Hi, as troffasky already stated, most of the time these issues occur in conjunction with ALG settings. Another thing to look at: As the firewall is stateful and UDP (which is used fpr SIP) is stateless, the firewall emulates stateful UDP connections by maintaining timers for those UDP connections. ...
by nfletcher2
Mon Oct 09, 2017 2:56 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 1057

Re: Odd VOIP Behavior on Mikrotik 3011

If rebooting the router fixes the connections for you, as a workaround, drop the active connections every hour: /ip firewall connection remove [ find where protocol=udp and dst-address="1.2.3.4:5060" ] Scheduled: /system scheduler add interval=1h name=reset-sip-conn on-event="/ip firewall connectio...
by nfletcher2
Mon Oct 09, 2017 2:54 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 1057

Re: Odd VOIP Behavior on Mikrotik 3011

Did disabling the SIP ALG make any difference to the observed behaviour?
You need a packet capture of a phone that is failing to register. SIP is quite readable in Wireshark.

Disabling SIP ALG did not make any noticeable difference. The phone still failed to register.
by nfletcher2
Fri Oct 06, 2017 5:31 pm
Forum: General
Topic: Odd VOIP Behavior on Mikrotik 3011
Replies: 12
Views: 1057

Odd VOIP Behavior on Mikrotik 3011

Hello All! We are having a weird issue and I am about out of ideas. About 2 weeks ago we swapped out an old Cisco ASA (Config attached) with Mikrotik 3011. This customer has VOIP phones that connect to a cloud PBX. Shortly after we swapped the router one of their phones (EX 101) stopped working. The...
by nfletcher2
Tue Sep 12, 2017 3:50 pm
Forum: General
Topic: PPTP VPN - Proxy Arp - Odd Bridge behavior
Replies: 10
Views: 2318

Re: PPTP VPN - Proxy Arp - Odd Bridge behavior

Yes, I understand the risk, and we use L2TP often. For this particular setup we are replacing an existing PPTP are avoiding reconfiguring each user's setup. Previously they passed the VPN to a Windows RRAS server that passed to a NPS server, both of which are getting decommissioned. Do I am doing wh...
by nfletcher2
Mon Sep 11, 2017 8:45 pm
Forum: General
Topic: PPTP VPN - Proxy Arp - Odd Bridge behavior
Replies: 10
Views: 2318

Re: PPTP VPN - Proxy Arp - Odd Bridge behavior

Yes, PPTP is supported. Thank you!
by nfletcher2
Mon Sep 11, 2017 7:52 pm
Forum: General
Topic: PPTP VPN - Proxy Arp - Odd Bridge behavior
Replies: 10
Views: 2318

Re: PPTP VPN - Proxy Arp - Odd Bridge behavior

That makes since. They are all Windows clients connecting on the VPN. When you talk about non-overlapping IP blocks do you mean use an IP block for the VPN users that are in a different subnet? What we typically do is exclude a part of the LAN block for the VPN and set the local address to the same ...
by nfletcher2
Mon Sep 11, 2017 6:37 pm
Forum: General
Topic: PPTP VPN - Proxy Arp - Odd Bridge behavior
Replies: 10
Views: 2318

Re: PPTP VPN - Proxy Arp - Odd Bridge behavior

I would love to give each user a tik to take with them but unfortunately, I think that would be too much. If proxy-arp is not the answer then why do so many guides advise to use it with road-warrior VPN's?
by nfletcher2
Fri Sep 08, 2017 10:23 pm
Forum: General
Topic: PPTP VPN - Proxy Arp - Odd Bridge behavior
Replies: 10
Views: 2318

PPTP VPN - Proxy Arp - Odd Bridge behavior

We have a customer that has a HQ location with a Mikrotik. There are two remote locations that also have MT routers that connect back to the HQ location with persistent site-to-site VPNs. This has been in place and working for sometime. On the HQ router there are two PPTP Server Bindings, one for ea...
by nfletcher2
Tue Aug 29, 2017 10:43 pm
Forum: Scripting
Topic: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]
Replies: 14
Views: 2767

Re: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]

Yes, I had a momentary lapse of conscious. I posted a second message directly after my previous questions stating that I saw how you addressed this in your original message and to disregard. Sorry!
by nfletcher2
Tue Aug 29, 2017 5:30 pm
Forum: Scripting
Topic: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]
Replies: 14
Views: 2767

Re: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]

Question about your netwatch script for failover... If you create a Netwatch monitor that reaches out to 8.8.4.4 and if it can't reach that address is disable the main route until reachable again, won't that IP become instantly reachable when it fails over to the second backup default route, causing...
by nfletcher2
Tue Aug 29, 2017 2:34 pm
Forum: Scripting
Topic: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]
Replies: 14
Views: 2767

Re: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]

Can you give an example of where the mangle rule below would apply that the others don't? It looks like it is telling all traffic on the connected networks to bypass all other mangle rules but I am having a hard time wrapping my head around why or an example of why that would be needed. ip firewall ...
by nfletcher2
Tue Aug 29, 2017 12:08 am
Forum: Scripting
Topic: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]
Replies: 14
Views: 2767

Re: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]

Thank you Pukkita! I was able to get this to successfully route traffic in WAN1 back out WAN1 and traffic in WAN2 back out WAN2, based on the great video you linked to. The gentleman actually did a great job at explaining most of the config and I was able to follow along. Mangle rules are one of my ...
by nfletcher2
Mon Aug 28, 2017 3:18 pm
Forum: Scripting
Topic: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]
Replies: 14
Views: 2767

Re: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]

Thank you! I will look into what they use for DNS or find an alternate to point the route to. I like this take as it is much easier and less complicated than some of the others I have seen. Do you have any insight into how to make both WAN's accessible? The problem I assume I am running into is when...
by nfletcher2
Fri Aug 25, 2017 7:21 pm
Forum: Scripting
Topic: Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]
Replies: 14
Views: 2767

Redundant WANs - Script or Mangle to make both accessible and 2 hop failover [SOLVED]

Hello all! I know this question has been asked but I have done some testing and can not find a forum that applies and works for our specific scenario. This should be fairly straight forward but I am not the best at scripting or mangle rules so I am hoping the community can help! This is also a two p...
by nfletcher2
Fri Aug 25, 2017 6:39 pm
Forum: Beginner Basics
Topic: Weird DNS Issue on Mikrotik 3011
Replies: 6
Views: 843

Re: Weird DNS Issue on Mikrotik 3011

OMG! I just re-read what you said and it clicked. I have the labtech server explicitly listed in my hosts file on my PC. So Winbox was resolving from my PC and the terminal was resolving from the router itself. Seems odd that it runs that way but I am sure there is a back-end reason. Doesn't explain...
by nfletcher2
Thu Aug 24, 2017 9:06 pm
Forum: General
Topic: RDP Port Forwarding Issue
Replies: 7
Views: 15819

Re: RDP Port Forwarding Issue

I did not have the notifications setup for this forum, sorry. Did you get this squared away? Can you provide a little more clarification if not?
by nfletcher2
Thu Aug 24, 2017 9:04 pm
Forum: Beginner Basics
Topic: Weird DNS Issue on Mikrotik 3011
Replies: 6
Views: 843

Re: Weird DNS Issue on Mikrotik 3011

Yes, but it has to be pulling that 10.0.12.10 address from somewhere. That address is the internal IP on the labtech server, which is not attached or on the same network at all. It is strange.
by nfletcher2
Wed Aug 23, 2017 2:59 pm
Forum: Beginner Basics
Topic: Weird DNS Issue on Mikrotik 3011
Replies: 6
Views: 843

Re: Weird DNS Issue on Mikrotik 3011

Image


Also, we control the public DNS for this domain and I have validated that there are no public records pointing to this internal IP.

Thoughts?
by nfletcher2
Mon Aug 21, 2017 7:05 pm
Forum: Beginner Basics
Topic: Weird DNS Issue on Mikrotik 3011
Replies: 6
Views: 843

Weird DNS Issue on Mikrotik 3011

Hello all, We are running into a weird DNS issue for one of our customers. Let me give a little context into the configuration before I describe the problem. Site B--- Mikrotik 3011 - Comcast Internet IP/DNS points to 8.8.8.8 LAN: 10.0.2.0/24 GW: 10.0.2.1 DHCP Scope: 10.0.2.50-10.0.2.150 DHCP DNS: 1...
by nfletcher2
Wed May 24, 2017 3:14 pm
Forum: Scripting
Topic: Scripting Help
Replies: 3
Views: 408

Re: Scripting Help

Thank you! I appreciate the assist. I have two follow up questions... 1. What is the best way to run a script like this? Generally speaking we have scripts that run daily or weekly with the scheduler but with the attached script you want an immediate response. Suggestions? 2. Is scripting this the b...
by nfletcher2
Tue May 23, 2017 6:35 pm
Forum: Scripting
Topic: Scripting Help
Replies: 3
Views: 408

Scripting Help

Okay so I am very new and weak with Mikrotik scripting so I am hoping someone can give me a hand. First I will describe the problem I am running into and then the solution that I would like to put together... Problem I work for a managed service provider that services several different customers all...
by nfletcher2
Mon Mar 13, 2017 8:10 pm
Forum: General
Topic: RDP Port Forwarding Issue
Replies: 7
Views: 15819

Re: RDP Port Forwarding Issue

I sure do appreciate your answer. It provided clarification on something that has bugged me for a while. Thank you!
by nfletcher2
Mon Mar 13, 2017 6:45 pm
Forum: General
Topic: RDP Port Forwarding Issue
Replies: 7
Views: 15819

Re: RDP Port Forwarding Issue

Thank you for your response Sob. Can you expand on the magic rule? This is really very similar to how I mentioned we have been doing it. I was really hoping to get an explanation of why filtering at the firewall was not working as expected as well. Just to verify, dstnat processes first, then filter...
by nfletcher2
Mon Mar 13, 2017 5:21 pm
Forum: General
Topic: RDP Port Forwarding Issue
Replies: 7
Views: 15819

RDP Port Forwarding Issue

Hello all! This is my first time posting here so please be gentle:) We are running into an odd issue with port forwarding that I am going to try to describe clearly. If I leave anything out, please feel free to ask for more info. We have many Mikrotiks all over the US deployed as gateway routers. At...
by nfletcher2
Mon Jun 15, 2015 12:37 am
Forum: Wireless Networking
Topic: PTP with seamless APs on both ends
Replies: 0
Views: 449

PTP with seamless APs on both ends

Okay so I posted this yesterday but I can not seem to find that post anywhere. Ya for me, typing twice! I have about a year with Mikrotiks and I have found them extremely flexible and cost effective in our business environments. One of my weakest areas is wireless and I am trying to set something up...
by nfletcher2
Sun Jun 14, 2015 2:27 am
Forum: Wireless Networking
Topic: PTP with seamless APs on both ends
Replies: 1
Views: 536

PTP with seamless APs on both ends

This is my first post on here and I would like to thank all of you in advance for all your help! I have been working with Mikrotiks and routerOS for a little over a year and have become a big fan. On to the fun! What I would like to do is utilize 2 router OS devices in my house. The first is a CRS12...