Community discussions

Search found 1108 matches

by Steveocee
Fri Oct 11, 2019 6:45 pm
Forum: General
Topic: Mikotik routing marks
Replies: 3
Views: 339

Re: Mikotik routing marks

What happens if you swap the routing mark for the device getting this message? Does it work through other gateway?
by Steveocee
Wed Oct 09, 2019 11:56 am
Forum: Beginner Basics
Topic: queque trees..
Replies: 2
Views: 377

Re: queque trees..

Yes.
It wouldn't be the "global" queue as such, you would just mark the packets in a different way ie in.interface=wlan1 etc.
by Steveocee
Tue Oct 08, 2019 7:03 pm
Forum: Virtualization
Topic: Basic CHR config - problems with ESXi, VLANs, CAPsMAN (not yet installed)
Replies: 3
Views: 740

Re: Basic CHR config - problems with ESXi, VLANs, CAPsMAN (not yet installed)

Looking at your config, you haven't stated which interfaces VLAN traffic will be tagged or not tagged on. Turning filtering on would pretty much remove these interfaces from use as all VLANs are neither tagged or untagged on any interfaces. Yours: /interface bridge vlan add bridge=bridge1 comment=Ma...
by Steveocee
Tue Oct 08, 2019 6:59 pm
Forum: General
Topic: Best VPN for Mikrotik Router
Replies: 13
Views: 2054

Re: Best VPN for Mikrotik Router

If they support L2TP and will happily give you a username, password and IPSEC key then they should be fine.
by Steveocee
Tue Oct 08, 2019 6:03 pm
Forum: General
Topic: Why (not) use Hairpin NAT
Replies: 28
Views: 2843

Re: Why (not) use Hairpin NAT

Another issue I have with hairpin NAT'ing is when you have many different LANs. Either you have to make a very wide hairpin NAT rule, or keep adding a new hairpin NAT rule every time a new LAN is created. This is further complicated if your servers are also not all on one dedicated server LAN/DMZ, ...
by Steveocee
Mon Oct 07, 2019 12:19 pm
Forum: Wireless Networking
Topic: Point to Point Wireless Security
Replies: 10
Views: 2245

Re: Point to Point Wireless Security

Strong WPA2 password, hide SSID and one not mentioned yet, if you use MT then use NV2, if using UBNT then use Airmax. This makes using "any old 802.11" kit nigh on impossible as well.
by Steveocee
Sun Oct 06, 2019 10:48 am
Forum: General
Topic: /export hangs
Replies: 5
Views: 1198

Re: /export hangs

This sounds like a fault with the device.

That or you have a massive config in a very low powered router (which we know isn't the case).
by Steveocee
Fri Oct 04, 2019 3:25 pm
Forum: Beginner Basics
Topic: Help! How do I delete dynamic DNS servers? [SOLVED]
Replies: 10
Views: 1245

Re: Help! How do I delete dynamic DNS servers? [SOLVED]

Since I have DNS enabled on the router, should I add the router IP address to the:
IP
DNS Settings
Servers (The list now has two public DNS servers shown)
Absolutely not!
IP>DNS setting is to tell the router what DNS server you want IT to contact for name resolution and caching if you choose.
by Steveocee
Fri Oct 04, 2019 11:19 am
Forum: General
Topic: Remote connect to mikrotik behind NAT
Replies: 15
Views: 14021

Re: Remote connect to mikrotik behind NAT

its too easy 1- active dmz in the nat on your isp modem to wan ip on mikrotik 2- disable firewall on isp router 3- add line as the sam you see on Access Management >> ACL >> Lan but add other one as WAN on ISP rourer Done Nothing says that the carrier isn't doing NAT though so it's not "too easy". ...
by Steveocee
Fri Oct 04, 2019 11:14 am
Forum: Beginner Basics
Topic: Help! How do I delete dynamic DNS servers? [SOLVED]
Replies: 10
Views: 1245

Re: Help! How do I delete dynamic DNS servers? [SOLVED]

The router is picking up DNS servers in a dynamic way from *somewhere*. You've checked your DHCP-Client so that is one place checked off. Is there a pppoe_out1 client is similar? That has the ability to add dynamic servers. Also check for VPN client's which may also be adding in DNS. Your MikroTik i...
by Steveocee
Thu Oct 03, 2019 6:57 pm
Forum: Virtualization
Topic: VPS, experiences on running CHR on VPS [SOLVED]
Replies: 8
Views: 1723

Re: VPS, experiences on running CHR on VPS [SOLVED]

Hetzner was suggested to me by MT twitter account.
I have since decided to use AWS and that has worked very well.
by Steveocee
Mon Sep 30, 2019 6:18 pm
Forum: Beginner Basics
Topic: Static DNS server replies not handled as "related" by firewall
Replies: 11
Views: 838

Re: Static DNS server replies not handled as "related" by firewall

May sound stupid but recreate your established and related rule as a totally new rule, drag it to the top and then see if it works. Had this very recently and the only reason I could think was #mikrotik.
by Steveocee
Mon Sep 30, 2019 6:15 pm
Forum: Beginner Basics
Topic: L2TP (IPSec) connection fails from MikroTik Client to MikroTik Server
Replies: 13
Views: 1012

Re: L2TP (IPSec) connection fails from MikroTik Client to MikroTik Server

Ensure the server side has firewall open for IPSEC-ESP. As you are going through NAT it may be that NAT-T isn't working correctly.
by Steveocee
Mon Sep 30, 2019 4:12 pm
Forum: General
Topic: Can RouterOS do throttling ?
Replies: 4
Views: 640

Re: Can RouterOS do throttling ?

Another potential option would be to put a priority based QoS onto the router. Just push streaming (or the acks) down the list so that they can take bandwidth if it's available. Otherwise you will have these "abusers" able to cause network chaos for short periods of time where as a prioritised appro...
by Steveocee
Wed Sep 25, 2019 10:59 am
Forum: General
Topic: /export hangs
Replies: 5
Views: 1198

Re: /export hangs

Can't say I've encountered this but what happens if you do /export filename=testexport ?? This puts the output into an rsc file in the root directory.
Does it still hang or does it complete?
by Steveocee
Tue Sep 24, 2019 12:59 pm
Forum: Wireless Networking
Topic: wAP 60G experience
Replies: 289
Views: 40237

Re: wAP 60G experience

How are these smaller WAP60G's at doing around 250M?
Parents are moving very nearby and was going to throw a pair of NSM5Loco's up but then thought they might make a good target for an offsite backup location so Gigabit is tempting.
by Steveocee
Thu Sep 19, 2019 1:18 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2900

Re: Hairpin not working

What if you temporarily add this rule? /ip firewall nat add action=masquerade chain=srcnat comment="TEMP" dst-port=2222 protocol=tcp dst-addresses=192.168.1.203 It will change source of all packets going to 192.168.1.203:2222, so that it will be router's internal address, same as it is when connect...
by Steveocee
Wed Sep 18, 2019 11:02 am
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2900

Re: Hairpin not working

You do not need both of these rules. add action=dst-nat chain=dstnat dst-address=routerWAN_IP dst-port=2222 protocol=tcp to-addresses=192.168.1.203 add action=dst-nat chain=dstnat comment="2222 from external" dst-port=2222 protocol=tcp to-addresses=192.168.1.203 If you are resolving by hostname inte...
by Steveocee
Tue Sep 17, 2019 7:09 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2900

Re: Hairpin not working

That was clearly the problem that i missed that part about destination IP and it`s quite logic :) Thank you! Now from LAN i can resolve with my external IP, BUT, now I can`t reach it from external network. The irony being that the DDNS/Address List part is in reference to directing to the dst-addre...
by Steveocee
Tue Sep 17, 2019 1:47 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2900

Re: Hairpin not working

if heard right, he says that i`m finished if i do have static public IP Try watching further the entire video, it needs the port forward rules creating PROPERLY to work. He / I am quite sure if done properly it will work. Wont get it how adress list can help with hairpin. I have did as he shows wit...
by Steveocee
Tue Sep 17, 2019 11:04 am
Forum: Wireless Networking
Topic: hAP AC2+cAP AC Roaming is a joke
Replies: 35
Views: 4143

Re: hAP AC2+cAP AC Roaming is a joke

In the MikroTik world, roaming is still "up to the client to do" and this leads to all kinds of problems, especially when you are trying to carpet an area with WiFi coverage.
Which unfortunately usually puts you in a place where you have to specify the correct kit for the job.
by Steveocee
Tue Sep 17, 2019 10:59 am
Forum: RouterBOARD hardware
Topic: GPeR question
Replies: 18
Views: 2298

Re: GPeR question

Hello, 1) at what OSI layer this device work? at L1 like hub, or at L2 like switch? 2) what delay does this device add? 3) why distance is limited to 1500 m? 1) L2 although think of it more like L1. 2) None 3) Voltage droop It's actually incredible that the device is on the market. The closest I ha...
by Steveocee
Sun Sep 15, 2019 1:36 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2900

Re: Hairpin not working

if heard right, he says that i`m finished if i do have static public IP
Try watching further the entire video, it needs the port forward rules creating PROPERLY to work.

He / I am quite sure if done properly it will work.
by Steveocee
Fri Sep 13, 2019 9:57 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec
Replies: 13
Views: 1529

Re: MikroTik CHR on AWS with IPSec

This is all I have in mine. No need for anything else as I have a decent firewall on the CHR itself.
Capture.PNG
by Steveocee
Fri Sep 13, 2019 6:15 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2900

Re: Hairpin not working

ok so I have added the rule to the top of my NAT rules:
add action=masquerade chain=srcnat comment="Hairpin" dst-address=\
192.168.1.0/24 src-address=192.168.1.0/24
and it`s not working
You clearly haven't done everything it says to then. There is more than just 1 line of srcnat.
by Steveocee
Fri Sep 13, 2019 6:13 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec
Replies: 13
Views: 1529

Re: MikroTik CHR on AWS with IPSec

Why poke holes in a firewall you have little control over when you can forward all traffic to a firewall you have full control over? The option is easily accessible through MikroTik. If AWS don't give you option for it, make your life easier by putting a decent firewall on your CHR and pass everythi...
by Steveocee
Fri Sep 13, 2019 10:57 am
Forum: General
Topic: MikroTik CHR on AWS with IPSec
Replies: 13
Views: 1529

Re: MikroTik CHR on AWS with IPSec

The easiest way around that is to set Amazon AWS to forward "ALL" traffic onto the CHR istance rather than allowing specific ports and then control the firewall from the CHR. I did the registry hack on my laptop so it works from behind a NAT, my CHR at home works fine (+cool routing rules), my phone...
by Steveocee
Thu Sep 12, 2019 6:18 pm
Forum: General
Topic: MikroTik CHR on AWS with IPSec
Replies: 13
Views: 1529

Re: MikroTik CHR on AWS with IPSec

I literally finished setting this up myself this morning. Absolutely as above. You get a private LAN which is 1:1 NAT with a real public IP. You need NAT traversal and the key for me was IPSEC-ESP being open in the firewall. My CHR at home connects no problem as well as parents RB750 but I had to do...
by Steveocee
Thu Sep 12, 2019 6:05 pm
Forum: General
Topic: RB951Ui 2HnD rebootiing spontaneously [SOLVED]
Replies: 4
Views: 619

Re: RB951Ui 2HnD rebootiing spontaneously [SOLVED]

Sounds exactly like either wrong or faulting power supply. Make sure you have at least a 24v 500ma
by Steveocee
Thu Sep 12, 2019 12:13 pm
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2900

Re: Hairpin not working

Modify this to work as you need it:
https://www.youtube.com/watch?v=_kw_bQyX-3U






(Shameless plug but it DOES work)
by Steveocee
Wed Sep 11, 2019 5:20 pm
Forum: General
Topic: Public IP Routing
Replies: 6
Views: 729

Re: Public IP Routing

What about a 1:1 NAT?
Would likely be the simplest option and easiest to implement.
by Steveocee
Wed Sep 11, 2019 3:50 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 1354

Re: Bit confused by the existence of the hAP AC Lite?

I know it's been discussed before but it is a shame there isn't a consumer end with VDSL2 modem. You'd clean up in the UK - often the ISP provider WiFi routers are pretty unreliable esp. the older BT hubs. It is a crying shame 'Tik don't have anything with a combined modem however there are some ab...
by Steveocee
Tue Sep 10, 2019 7:04 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 1354

Re: Bit confused by the existence of the hAP AC Lite?

The RBCAPAC (cAP ac) is probably the device I'd consider most often. Except I do rather like the simplicity of the Ubiquiti cloud controller - I need to have a look at Dude but my initial investigation suggests it runs on one of the devices, not in the cloud. Is MikroTik looking at something simila...
by Steveocee
Tue Sep 10, 2019 7:00 pm
Forum: Wireless Networking
Topic: Bit confused by the existence of the hAP AC Lite?
Replies: 15
Views: 1354

Re: Bit confused by the existence of the hAP AC Lite?

I agree for consumer use but MikroTik is also sold in the business space here where 100Mbit often isn't enough. I'm new to the MikroTik range and I'm simply evaluating replacing what I usually install (Ubiquiti) with their equipment. I love the power of RouterOS so I was looking through the range f...
by Steveocee
Tue Sep 10, 2019 12:28 pm
Forum: General
Topic: Is the RB3011 a good fit?
Replies: 8
Views: 864

Re: Is the RB3011 a good fit?

The RB3011 had such potential and was severely let down. The RB4011 is the perfect successor to the RB2011 apart from coming in 1 form factor and being ugly as sin on 1U brackets.
by Steveocee
Tue Sep 10, 2019 11:24 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154560

Re: RouterOS v7.0 beta1 - when?

There is no changelog, because this is the first and only release
Changelog:
v6.xx changed to reflect correct version v7.xx
by Steveocee
Mon Sep 09, 2019 10:15 pm
Forum: Wireless Networking
Topic: SXT LTE kit - nothing received on Band 20 (800 MHz)
Replies: 5
Views: 772

Re: SXT LTE kit - nothing received on Band 20 (800 MHz)

Have you tried creating a specific APN? Was asked about one the other day operating similar and the solution was a specific APN needed adding in.
by Steveocee
Fri Sep 06, 2019 12:15 pm
Forum: Beginner Basics
Topic: Unstopable DSTNAT
Replies: 16
Views: 2166

Re: Unstopable DSTNAT

For future reference, the traffic between 2 IP addresses belonging to the same bridge and same subnet does NOT go through the firewall as it is a Layer-3 firewall (unless you have enabled the use-ip-firewall option under /interface bridge settings). @OP ^^^ this. Which is likely why none of your ro...
by Steveocee
Fri Sep 06, 2019 12:06 pm
Forum: Beginner Basics
Topic: Change DDNS name (Mikrotik cloud)
Replies: 10
Views: 1056

Re: Change DDNS name (Mikrotik cloud)

Just grab a domain and stick a CNAME on it.

You can think of any funky name you want then or go for the pro looking option router.mydomain.com
by Steveocee
Fri Sep 06, 2019 11:08 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154560

Re: RouterOS v7.0 beta1 - when?

I don't speak Russian but I take it that the beta is now available? mt.lv/v7 ? Yes, only for ARM architecture and only for hap ac^2 and WAPGR LTE/4G/LTE-US testing, to get v7 ready for upcoming 5G products, according to Sergejs. support for remaining boards will gradually come out it has v6.45.5 fe...
by Steveocee
Fri Sep 06, 2019 10:49 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154560

Re: RouterOS v7.0 beta1 - when?

I don't speak Russian but I take it that the beta is now available? mt.lv/v7 ?
by Steveocee
Wed Sep 04, 2019 11:08 am
Forum: Beginner Basics
Topic: CCR to CRS using S+DA0001 [SOLVED]
Replies: 7
Views: 857

Re: CCR to CRS using S+DA0001

You won't be able to push that amount of traffic through the CPU on the CRS. The CRS is a switch, you can create the VLANs to be offloaded but if you are looking to start limiting speeds then really you want to be doing that from the CCR end.
by Steveocee
Wed Sep 04, 2019 11:05 am
Forum: Beginner Basics
Topic: Private IP on WAN interface - how to NAT incoming traffic?
Replies: 2
Views: 310

Re: Private IP on WAN interface - how to NAT incoming traffic?

You don't need to do anything. The ISP is effectively NAT'ing all traffic with a destination of WAN.IP to your local WAN IP.

There is nothing complex about the scenario or that needs doing out of the ordinary.
by Steveocee
Wed Sep 04, 2019 11:01 am
Forum: Beginner Basics
Topic: Best VPN for Mikrotik / RouterOS
Replies: 12
Views: 1699

Re: Best VPN for Mikrotik / RouterOS

Good to know. I use third party VPNs on the client side devices themselves (pc- works on most browsers, and many streaming type devices aka Firestick). I am waiting for wireguard on the router and then life will be so much easier.
RouterOS v8.
by Steveocee
Mon Sep 02, 2019 2:56 pm
Forum: Beginner Basics
Topic: Firewall
Replies: 3
Views: 463

Re: Firewall

Maybe post an export of your current firewall? It sounds like you don't have an accept established & related rule either.
by Steveocee
Fri Aug 30, 2019 2:39 pm
Forum: Beginner Basics
Topic: ping internal hostnames
Replies: 1
Views: 239

Re: ping internal hostnames

That won't work as a DNS resolver for you unless you tick "Allow Remote Requests"
If you do that then make sure your firewall blocks requests from the WAN.

You should then be able to make static entries and ping them via hostname if you are using the MikroTik for DNS.
by Steveocee
Fri Aug 30, 2019 10:54 am
Forum: Beginner Basics
Topic: How can I Simutaneously apply QoS on my WLAN and LAN interfaces?
Replies: 1
Views: 281

Re: How can I Simutaneously apply QoS on my WLAN and LAN interfaces?

A very open question. You'll get a lot of varying opinions on how to do this. Your hap lite isn't the strongest of CPU devices so really you want to use Mangle as little as possible as it will eat through CPU. Initially limit by interface using simple queues but the bigger question is what do you wa...
by Steveocee
Fri Aug 23, 2019 3:34 pm
Forum: RouterBOARD hardware
Topic: Connection between RB3011UiAS-RM & CSS326-24G-2S+RM via SFP
Replies: 2
Views: 405

Re: Connection between RB3011UiAS-RM & CSS326-24G-2S+RM via SFP

I think you need to turn off auto negotiation on the CSS and force it to 1GB.
by Steveocee
Thu Aug 22, 2019 6:24 pm
Forum: Beginner Basics
Topic: How to effectively configure 6 hEX units ?
Replies: 5
Views: 690

Re: How to effectively configure 6 hEX units ?

Configure 1 how you want it.
Do an /export and then do a full reset on the others and import the .rsc file you made from the first one.
by Steveocee
Thu Aug 22, 2019 6:22 pm
Forum: Beginner Basics
Topic: Simple NAT between networks
Replies: 5
Views: 723

Re: Simple NAT between networks

I would think you would only need a firewall rule one way (forward chain) (subnet of users to specific IP of lan printer). Not needed. Default action is to allow anyway. @OP Can you ping the printer from the "other" office? If all computers are using the MT as the gateway the default action should ...
by Steveocee
Wed Aug 21, 2019 1:16 pm
Forum: General
Topic: 100% CPU load in CCR 1009
Replies: 22
Views: 2220

Re: 100% CPU load in CCR 1009

Please check Tools>Profile and then click on the Start button.
It will show which process is causing high cpu usage.
^^^This
by Steveocee
Wed Aug 21, 2019 1:13 pm
Forum: General
Topic: Playstation NAT issues on 6.45.3
Replies: 3
Views: 531

Re: Playstation NAT issues on 6.45.3

Firewall exactly the same on both units?

You really need to do a /export hide-sensitive so people can try to help.
by Steveocee
Wed Aug 21, 2019 1:10 pm
Forum: Beginner Basics
Topic: Network Making for (almost) Beginners
Replies: 10
Views: 1196

Re: Network Making for (almost) Beginners

A lot of what you have asked is something that will come with time/experience working with RouterOS and one or two of your points will require way more than a 1 post answer. Nearly a full tutorial for some. If your employer is serious about training you up and you will be using RB's day in and out t...
by Steveocee
Wed Aug 21, 2019 10:50 am
Forum: Beginner Basics
Topic: Bridge untagged ether1 with tagged vlan3 on ether1.
Replies: 10
Views: 1193

Re: Bridge untagged ether1 with tagged vlan3 on ether1.

Bridging isn't what is needed here. You have 2 separate segments on the same interface and you want to bring them together?

If you want the networks to talk to one another then you need to put a router between them.........so you have that bit sorted.
by Steveocee
Tue Aug 20, 2019 12:02 pm
Forum: Beginner Basics
Topic: Vlan first setup - help
Replies: 6
Views: 962

Re: Vlan first setup - help

is ther any way to tag a computer? and make it be vlan 100 ? and then i could check it? or maybe there is another way yo check it's working? Thanks , Through the network manager you should be able to create a new interface, select VLAN, input the relevant VLAN ID and then you can choose DHCP client...
by Steveocee
Tue Aug 20, 2019 9:20 am
Forum: Beginner Basics
Topic: Vlan first setup - help
Replies: 6
Views: 962

Re: Vlan first setup - help

It may work but I don’t think it was the reason why it wasn’t working. Simply you were trying to ping an ip within a vlan from outside of the vlan. You’re PC was not tagged therefore it was not on that network segment. Bridging the 3 interfaces is literally putting a cable from one network to anothe...
by Steveocee
Tue Aug 20, 2019 7:24 am
Forum: Beginner Basics
Topic: VPN
Replies: 4
Views: 795

Re: VPN

Something along this kind of line should do what you need
/ip firewall nat add chain=srcnat src-address=10.0.0.2-10.0.0.20 dst-address=192.168.0.252 action=masquerade comment="VPN clients to LAN"
by Steveocee
Fri Aug 16, 2019 2:59 pm
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 1600

Re: I'm sure Mikrotik has a legit response to this...

How many of these vulnerabilities though are still present when a competent person configures the router?
by Steveocee
Thu Aug 15, 2019 7:08 pm
Forum: General
Topic: QoS / Prioritisation on Variable Bandwidth Link
Replies: 6
Views: 903

Re: QoS / Prioritisation on Variable Bandwidth Link

Thanks. That's a little disappointing. I was hoping there was a mechanism that would let the interface run at line rate, sending each outgoing packet as soon as the preceding one had been transmitted. Even quite basic routers will do that. I don't see how that could work with traffic types such as ...
by Steveocee
Wed Aug 14, 2019 3:36 pm
Forum: General
Topic: micro stutter and (probably) bufferbloat in certain INTERVALS
Replies: 4
Views: 749

Re: micro stutter and (probably) bufferbloat in certain INTERVALS

It simply sounds like your carrier may be experiencing some intermittent interference. This likely won't be something you can mitigate with your own settings so ask them to investigate and provide some proof of jitter. A second point which unfortunately gets my fur up. If your career is dependant on...
by Steveocee
Wed Aug 14, 2019 12:41 pm
Forum: General
Topic: QoS / Prioritisation on Variable Bandwidth Link
Replies: 6
Views: 903

Re: QoS / Prioritisation on Variable Bandwidth Link

You could script a bandwidth test to run every X amount of time and adjust your master queue limits to that. I do not know how you would get it to set 90% of the measured bandwidth though (as you don't want to set the full amount of speed for QoS) FQ_CoDel will do this without too much input but it ...
by Steveocee
Wed Aug 14, 2019 12:37 pm
Forum: Beginner Basics
Topic: MikroTik PPTP can access LAN but can not access internet
Replies: 1
Views: 400

Re: MikroTik PPTP can access LAN but can not access internet

There should be an option in Windows to specify a route using the PPTP tunnel, you should just need to set it for 10.10.10.0/24 through the VPN.
by Steveocee
Tue Aug 13, 2019 5:05 pm
Forum: Beginner Basics
Topic: VPN
Replies: 4
Views: 795

Re: VPN

You are on a different network so cannot natively reach the "LAN". Try creating a NAT rule from your VPN IP range as the traffic is from the WAN to the router and won't naturally go into your LAN.
by Steveocee
Wed Aug 07, 2019 2:05 pm
Forum: Wireless Networking
Topic: Question about antenna gain setting
Replies: 4
Views: 604

Re: Question about antenna gain setting

I think it is dangerous the default antenna_gain is set to 0, as that will almost always result in illegal operation if the setting is not changed, especially for products with built-in antenna (here you would not expect the need to change any configuration, if you attached the antenna yourself you...
by Steveocee
Wed Aug 07, 2019 12:55 pm
Forum: Wireless Networking
Topic: Question about antenna gain setting
Replies: 4
Views: 604

Re: Question about antenna gain setting

You need to enter the absolute value of the antenna gain.
RouterOS when factory defaulted has no way of knowing what antenna is connected to it so you need to input this data. RouterOS is an operating system which is deployed across various boards, it isn't device specific.
by Steveocee
Wed Aug 07, 2019 12:53 pm
Forum: General
Topic: marked routing not working
Replies: 5
Views: 588

Re: marked routing not working

OK, Looking at Mangle, are you seeing both rules counters increment? Establish you are marking correctly first. Looking at your mangle rules, I would have probably approached it like this; #NAT (In my mind this adds another layer of security so you don't NAT traffic up the VPN that shouldn't go up t...
by Steveocee
Wed Aug 07, 2019 11:03 am
Forum: General
Topic: Mikrotik DNS Cache vs BIND9/Unbound server
Replies: 7
Views: 872

Re: Mikrotik DNS Cache vs BIND9/Unbound server

Assuming you would still keep the central DNS server as a sort of primary? Would you then use the tower pppoe concentrators using the main central server to resolve and cache from?
by Steveocee
Wed Aug 07, 2019 10:57 am
Forum: General
Topic: marked routing not working
Replies: 5
Views: 588

Re: marked routing not working

add distance=1 dst-address=0.0.0.0/0 gateway=tashivpn routing-mark=route_ta
That should work. You are specifying the dst-address as the LAN subnet which won't work.
Without self advertising too much I recently did a quick video on how to do policy based routing in the way you are using it here.
by Steveocee
Mon Aug 05, 2019 6:10 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154560

Re: RouterOS v7.0 beta1 - when?

Forget v7.

v8 Needs to be rounded on. Use off the shelf drivers, get it out there, give the people what they want.

(I'll stick to my v6 though as it does almost everything I need).
by Steveocee
Fri Aug 02, 2019 3:56 pm
Forum: RouterBOARD hardware
Topic: RB3011 port flopping - bad design
Replies: 56
Views: 12822

Re: RB3011 port flopping - bad design

Have same problem on CRS326-24G-2S+ and CRS125-24G-1S
You have a different problem.
by Steveocee
Thu Aug 01, 2019 1:30 pm
Forum: General
Topic: Queuing bandwidth test [SOLVED]
Replies: 2
Views: 441

Re: Queuing bandwidth test [SOLVED]

For a queue priority to work the tree needs to know it is getting to it's maximum. As you haven't set a max-limit then the tree won't ever prioritise one sub-tree (branch) over another.

Set a reasonable max-limit on "tree1" and it should start working.
by Steveocee
Thu Aug 01, 2019 11:32 am
Forum: Beginner Basics
Topic: Cannot get BT (UK) with PPPoE working :(
Replies: 5
Views: 513

Re: Cannot get BT (UK) with PPPoE working :(

Are you certain the Draytek modem is acting as a modem and not routing to a DMZ'd IP address? I am UK based with similar setup (HG612 modem into a MikroTik) and when using BT had no issues at all. For a start don't use dial on demand, it's not needed. Can you post a /export hide-senstitive and I'll ...
by Steveocee
Fri Jul 19, 2019 6:00 pm
Forum: General
Topic: RB2011UiAS-RM - High CPU on Download
Replies: 6
Views: 803

Re: RB2011UiAS-RM - High CPU on Download

Hate to be the one to ask.

Your WAN port is in 1-5 not 6-10? Only 1-5 are Gigabit.
by Steveocee
Fri Jun 28, 2019 12:48 pm
Forum: Beginner Basics
Topic: RB3011 Show LTE in Quickset
Replies: 13
Views: 953

Re: WInBox Shuts down whenever I click on Quickset

I have a Mikrotik RB951Ui-2HnD Indoor Wireless Router and I installed winbox. However, whenever I login to my winbox and click on Quickset to configure my network, the winbox shuts down. How do I congigure my router without quickset I need ideas please. CHiditron Maybe try this https://forum.mikrot...
by Steveocee
Wed Jun 26, 2019 7:05 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 598

Re: make order in firewall rules

I like that, nice and simple
just like
Europe drop all for UK
UK drop all for Europe ;-P

Perhaps soon when landing in the UK, Canadian Citizens will join the quick colonials line at customs....... while the europeans wait in long peon lines!!
v7 will arrive before we leave!
by Steveocee
Wed Jun 26, 2019 7:03 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 598

Re: make order in firewall rules

NEVER use information from YouTube on managing a MikroTik router, it is full of crap advise.
Use the forum.
Apart from mine of course. I give crap advice on both YouTube AND the forum!!
by Steveocee
Wed Jun 26, 2019 5:46 pm
Forum: Beginner Basics
Topic: make order in firewall rules
Replies: 7
Views: 598

Re: make order in firewall rules

Simply;
Allow related & established
Allow what you want to allow
Block everything else

Rules are processed in descending order so apply common sense.
by Steveocee
Tue Jun 25, 2019 5:30 pm
Forum: RouterBOARD hardware
Topic: hEX S & SFP S-RJ01
Replies: 4
Views: 599

Re: hEX S & SFP S-RJ01

SFP port can be purposed however you need it to be.
Can you put the SFP into your :AN and connect a PC to it and access the router?
It sounds like hardware issue or negotiation problem between modem and SFP.
by Steveocee
Tue Jun 25, 2019 5:25 pm
Forum: General
Topic: RB3011 - PPPoE with 1 GbE?
Replies: 1
Views: 255

Re: RB3011 - PPPoE with 1 GbE?

Are you using Fasttrack? The RB3011 can do this with FT.
by Steveocee
Fri Jun 14, 2019 4:37 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4256

Re: single IP constantly trying to log to my Mikrotik

Create a firewall to drop it before any rules to accept PPTP input.
by Steveocee
Tue Jun 11, 2019 2:57 pm
Forum: RouterBOARD hardware
Topic: Mikrotik SFP / Cisco
Replies: 3
Views: 711

Re: Mikrotik SFP / Cisco

Probably not massively helpful for you but I successfully use the Cisco GLC-SX-MM SFP's in all of my MT devices. Dirt cheap on the second hand market as well.
by Steveocee
Wed Jun 05, 2019 2:33 pm
Forum: Virtualization
Topic: How do i reinstall mikrotik license in new X86 VM
Replies: 3
Views: 894

Re: How do i reinstall mikrotik license in new X86 VM

Older x86 licenses were done per installation per HDD. You'll be on an uphill struggle to get Mikrotik support to re-issue it for you as from what I've read they tend to only re-issue for damaged HDD's.
It will involve paying for a license but pay for a CHR license and never have this problem again.
by Steveocee
Mon Jun 03, 2019 4:04 pm
Forum: Beginner Basics
Topic: RB3011 Show LTE in Quickset
Replies: 13
Views: 953

Re: RB3011 Show LTE in Quickset

Unhelpfully I'll echo the above. If the device is up and running and you can't bare to lose the config.
1)Back up your config NOW
2)Make changes manually and don't use quickset again
3)If you mess it up badly at least you have a backup now.
by Steveocee
Sat Jun 01, 2019 8:59 am
Forum: Forwarding Protocols
Topic: Qos playstation and xbox
Replies: 1
Views: 477

Re: Qos playstation and xbox

Yes. Check IP>DHCP-SERVER>LEASES for the IP's of your devices, maybe make them static by double clicking and using "Make Static" IP>FIREWALL>MANGLE pre-routing mark src-address, one rule for one IP and another for the other. Mark connection and mark packet QUEUE>TREES> Create master upload and downl...
by Steveocee
Sat Jun 01, 2019 8:48 am
Forum: Forwarding Protocols
Topic: HOW TO ADD GRANDSTREAM IP PHONE TO MIKROTIK ROUTEROS
Replies: 2
Views: 572

Re: HOW TO ADD GRANDSTREAM IP PHONE TO MIKROTIK ROUTEROS

87.4 is the answer.....Well, that's the answer I've come to taking all of the specifics you've mentioned so far.

You are going to need to give a lot more information if you want help though. Maybe a diagram showing network layout, where the MikroTik is in relation to your phones and server?
by Steveocee
Sat Jun 01, 2019 8:41 am
Forum: General
Topic: Is CCR CPUs Physical Cores or threads?
Replies: 4
Views: 482

Re: Is CCR CPUs Physical Cores or threads?

Cores. CCR is pure core quantity. That said, most tasks in RouterOS are single threaded so I'd argue that a strong Xeon would wipe the floor with Tilera in some applications. What are you planning on using the router for is the ultimate question? Are we talking as an Edge router or Firewall protecti...
by Steveocee
Sat Jun 01, 2019 8:38 am
Forum: Beginner Basics
Topic: Ban IP's / Drop connections of RDP Brute forcers
Replies: 6
Views: 663

Re: Ban IP's / Drop connections of RDP Brute forcers

Exposing anything to that vast outside world will always incur hackers trying to be.......hackers. Usually but as you've already cut off, allowing only a set IP list is the answer. How about a VPN server? Then you don't have to expose any of your local devices directly to the internet?
by Steveocee
Sat Jun 01, 2019 8:34 am
Forum: Beginner Basics
Topic: Are these redundant dns firewall rules?
Replies: 2
Views: 424

Re: Are these redundant dns firewall rules?

Without getting a look at all of your rules it's difficult to advise. Your setup must b vastly different to mine but I don't need either of those for local DNS to work.
by Steveocee
Thu May 16, 2019 10:53 am
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 414

Re: How to PCQ this?

Target should point to internal subnet, rest looks good
I have 3 internal subnets so would that still work? If rather keep it a simple queue if I can, I know I could mangle & mark but if rather try to keep it simple.
by Steveocee
Wed May 15, 2019 8:06 pm
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 414

Re: How to PCQ this?

OK, This is working as far as I speedtest from my PC and I can see the queue hitting limits. So it's correct in that it works, but is it correct in it's implementation?
/queue simple
add max-limit=55M/16M name=WAN_PCQ queue=pcq-download-default/pcq-upload-default target=pppoe-out1
by Steveocee
Wed May 15, 2019 8:01 pm
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 414

How to PCQ this?

Hi, I just can't get my head around using PCQ to do what I want. Any help would be appreciated. This is for my internet connection which is a PPPoE client and I am using an SFQ rule as follows: /queue simple add max-limit=55M/16M name=WAN_CONTROL queue=default-sfq/default-sfq target=pppoe-out1 All I...
by Steveocee
Mon May 13, 2019 11:29 am
Forum: General
Topic: Got fq_codel yet?
Replies: 36
Views: 10941

Re: Got fq_codel yet?

I haven't found a suitable solution in other products either. The Ubiquiti solutions don't have enough throughput and have other problems. I don't IF/WHEN Mikrotik will ever get around to this, been waiting for a long time.. so I decided to bypass Mikrotik on this topic and built a Linux VM, passed...
by Steveocee
Fri May 10, 2019 1:57 pm
Forum: RouterBOARD hardware
Topic: Need more than one SFP interface at the level of $100 and $200
Replies: 8
Views: 780

Re: Need more than one SFP interface at the level of $100 and $200

CRS326
CRS112
CRS305

?
Those are switches, not routers.
OP does not mention whether router or switch is needed, just that they want a cheap multi SFP unit.
Also CRS switches can route, maybe not a huge amount of traffic but can push over 100Mb with correct FT rules.
by Steveocee
Fri May 10, 2019 10:55 am
Forum: RouterBOARD hardware
Topic: mikrotik 4011 wot wifi - passes traffic but cannot login
Replies: 1
Views: 339

Re: mikrotik 4011 wot wifi - passes traffic but cannot login

You need to give a bit more for people to be able to help you.
Can you post an /export hide-sensitive so people can see the problem?
by Steveocee
Fri May 10, 2019 10:52 am
Forum: Beginner Basics
Topic: cant view graphing
Replies: 6
Views: 503

Re: cant view graphing

Do you have access to Winbox to the router? You can view the graphs through Winbox as well.
by Steveocee
Fri May 03, 2019 5:39 pm
Forum: General
Topic: CoDel support?
Replies: 45
Views: 13420

Re: CoDel support?

I have used fq_codel in multiple environments as solution when the internet connection is not fast enough for handling f.e. 100 computers under 100Mbps line needing it to be balanced that everyone has a small portion from the line and nobody can get full bandwith when somebody needs a little portio...
by Steveocee
Fri May 03, 2019 5:35 pm
Forum: Beginner Basics
Topic: Reset Factory Default without pressing Reset button [SOLVED]
Replies: 4
Views: 453

Re: Reset Factory Default without pressing Reset button [SOLVED]

If you can't log into it then no you won't be able to reset it without using the button. If you could then it would be a huge risk for anyone with a MT router deployed.
by Steveocee
Wed May 01, 2019 9:17 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154560

Re: RouterOS v7.0 beta1 - when?

Great idea but can’t see it happening.
Do Apple give updates on what their design and software team are working on?
by Steveocee
Tue Apr 30, 2019 10:57 am
Forum: Virtualization
Topic: Replaced 5yr old x86 with CHR (less than impressed)
Replies: 14
Views: 1527

Re: Replaced 5yr old x86 with CHR (less than impressed)

Maybe a conversation with Baltic networks as to what they'd expect to see?
If there are fundamental issues with the machine or the way it is set up, all you are doing is wasting your time trying to chase a potentially non existent problem around a user forum.
by Steveocee
Tue Apr 30, 2019 10:52 am
Forum: Virtualization
Topic: Why is there not a CHR ISO for bare metal ?
Replies: 5
Views: 874

Re: Why is there not a CHR ISO for bare metal ?

I see this topic coming up time and again on here. Long & short of it is why no x64 build? The more I read about people wanting it the more I agree with them, I like many use the free ESXi installation and then visualise under that and would have happily ran x86 had it not been for the licensing sys...
by Steveocee
Sat Apr 20, 2019 9:32 am
Forum: Virtualization
Topic: CHR: Does Fast Track work? [SOLVED]
Replies: 2
Views: 641

Re: CHR: Does Fast Track work? [SOLVED]

Correct. CHR does not support it as FT is done in hardware and MT cannot guarantee every CHR will have the relevant hardware to do this.
by Steveocee
Sat Apr 20, 2019 9:27 am
Forum: Beginner Basics
Topic: RB2011UiAS-RM WAN not achieve 1GBps
Replies: 4
Views: 455

Re: RB2011UiAS-RM WAN not achieve 1GBps

The answer will undoubtedly be you need to use fast track but an example of your config is needed to ensure it's been put into place correctly.
by Steveocee
Wed Apr 10, 2019 2:04 pm
Forum: RouterBOARD hardware
Topic: Looping on ether3 on MikroTik RB951
Replies: 1
Views: 269

Re: Looping on ether3 on MikroTik RB951

Try giving your bridge an admin MAC that isn't that of your ether interaces. I normally increment the first section of ether1 e.g. E4:XX:XX becomes E6:XX:XX
by Steveocee
Tue Apr 09, 2019 3:51 pm
Forum: General
Topic: Plex setup
Replies: 12
Views: 13139

Re: Plex setup

This is making me crazy. half the commands here don't even function in the Command line for some reason. either they have changed in the last year or ----hellifikknow. can this not be done through winbox? It can easily be done through Winbox however your problem is this: Annotation 2019-04-09 13481...
by Steveocee
Sat Apr 06, 2019 10:52 pm
Forum: Virtualization
Topic: CHR-Aws
Replies: 2
Views: 510

Re: CHR-Aws

How can we answer your question if we don’t know what your going to use it for?
by Steveocee
Sat Apr 06, 2019 10:50 pm
Forum: Virtualization
Topic: CHR does not transmit frames with VLAN tags from bridge
Replies: 4
Views: 1046

Re: CHR does not transmit frames with VLAN tags from bridge

What happens if you change the vlan ID? Try using anything other than 1.

Sounds mad but in my mind I had a problem similar and it was caused by this and we’re talking about MikroTik.
by Steveocee
Wed Apr 03, 2019 3:52 pm
Forum: RouterBOARD hardware
Topic: Port Will Not Negotiate 1Gbps
Replies: 5
Views: 567

Re: Port Will Not Negotiate 1Gbps

What PoE are you using? Air Fibres in my experience can be a bit touchy.
by Steveocee
Wed Apr 03, 2019 3:41 pm
Forum: Wireless Networking
Topic: Single SSID multiple passwords
Replies: 8
Views: 769

Re: Single SSID multiple passwords

In short you can't have the same SSID with 2 different passwords on the same wireless chip. On the interface you set the security profile. A dual band router you can set the same SSID with different security profiles BUT if a device strays from one band to the other then it will get an error and dro...
by Steveocee
Wed Apr 03, 2019 3:22 pm
Forum: Beginner Basics
Topic: Best VPN for Mikrotik / RouterOS
Replies: 12
Views: 1699

Re: Best VPN for Mikrotik / RouterOS

Answer to that question may be here

The reality of it is that most/all PPTP and SSTP solutions will work. L2TP/IPSEC, some will and some won't and openVPN is a bit of a shambles as far as MT goes.

Is your question more whats the best VPN or is it, I've got a VPN so how do I route my traffic?
by Steveocee
Tue Apr 02, 2019 6:55 pm
Forum: General
Topic: Mikrotik works smootly but sites don't work
Replies: 3
Views: 325

Re: Mikrotik works smootly but sites don't work

You need to post your config if it is MikroTik related.
by Steveocee
Tue Apr 02, 2019 6:54 pm
Forum: General
Topic: Raw disk image(img) - inpossible to booting from flash
Replies: 8
Views: 638

Re: Raw disk image(img) - inpossible to booting from flash

It's likely CHR doesn't have drivers for your hardware (disk) so it can't find root filesystem and fails to boot. Sadly there are no kernel messages so you don't really know what's happening.
Or it's designed to be run virtually and not on bare metal.
by Steveocee
Tue Apr 02, 2019 6:52 pm
Forum: Wireless Networking
Topic: How to list devices around mk?
Replies: 5
Views: 481

Re: How to list devices around mk?

Wireless scanner works well. It's under the wireless tab in Winbox.
by Steveocee
Tue Apr 02, 2019 6:51 pm
Forum: Wireless Networking
Topic: Single SSID multiple passwords
Replies: 8
Views: 769

Re: Single SSID multiple passwords

I understand what you are trying to achieve but have to ask, Why?
Just spin a second WLAN up and let them have a "-Guest" of your main SSID.
by Steveocee
Tue Apr 02, 2019 6:50 pm
Forum: Wireless Networking
Topic: problem with 2hspn
Replies: 1
Views: 192

Re: problem with 2hspn

Are you connecting over wireless or through ethernet? Try connecting via ethernet and use MAC address not IP.
by Steveocee
Tue Apr 02, 2019 6:49 pm
Forum: Wireless Networking
Topic: LHG 60G default configuration for beginners
Replies: 1
Views: 423

Re: LHG 60G default configuration for beginners

Reset the units, as a default pair they will talk to each other.
~Then discover safe mode.
by Steveocee
Tue Apr 02, 2019 6:48 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 1237

Re: 34km link low CCQ

Have you tried reducing channel width? Try it at 20Mhz and see if the CCQ improves. If it is fine, bump it up to 40Mhz and retry until you find where it is bad.
by Steveocee
Tue Apr 02, 2019 6:36 pm
Forum: Beginner Basics
Topic: DNS issue on vlan OR Not
Replies: 4
Views: 365

Re: DNS issue on vlan OR Not

export hide-sensitive file=yourexport
:lol: Couldn't help myself.....Sorry.
by Steveocee
Tue Apr 02, 2019 2:52 pm
Forum: General
Topic: Raw disk image(img) - inpossible to booting from flash
Replies: 8
Views: 638

Re: Raw disk image(img) - inpossible to booting from flash

They are designed to be used in a virtual environment, not directly installed on hardware.
by Steveocee
Sat Mar 30, 2019 2:17 pm
Forum: General
Topic: CoDel support?
Replies: 45
Views: 13420

Re: CoDel support?

I just spent this past weekend comparing fq_codel(smart queue) on a ubiquiti edgerouter with sfq on mikrotik. With all this talk of how great codel is I expected the performance difference to be huge. After doing extensive testing with various configs in different scenarios, I didn't find one syste...
by Steveocee
Wed Mar 27, 2019 11:02 pm
Forum: General
Topic: X86_64 ROS - 64bit Mikrotik
Replies: 79
Views: 29635

Re: X86_64 ROS - 64bit Mikrotik

I can’t see them doing it..... they’ve previously been very vocal that you should run CHR if you don’t want to use a routerboard.
by Steveocee
Wed Mar 27, 2019 10:34 am
Forum: Beginner Basics
Topic: What is the best outdoor wireless access point
Replies: 9
Views: 805

Re: What is the best outdoor wireless access point

Perhaps think outside the container. :-) (1) WAN or MultiWAN input to main Router (2) Router ethernet too Outdoor Multipoint Omni TX device of some sort (in close proximity LOS) to containers. (3) Each Container equipped with a receiving antenna (to ethernet cable built-in) to AP inside container w...
by Steveocee
Wed Mar 27, 2019 10:31 am
Forum: Beginner Basics
Topic: Firewall rule Order
Replies: 3
Views: 376

Re: Firewall rule Order

Rules are processed top down. Allow only what you want and block everything else.
Your most used rules at the top (established & related)
I stick a drop invalid packets here
Accept stuff you want
Drop everything else
by Steveocee
Wed Mar 27, 2019 10:28 am
Forum: Beginner Basics
Topic: How do you turn on hEX's DMZ?
Replies: 16
Views: 2268

Re: How do you turn on hEX's DMZ?

after trying a bunch of the command line suggestions from old threads
Does anyone know how to write the actual DMZ command?
It's just a port forward that forwards everything from your inbound WAN interface to an IP on your LAN.
by Steveocee
Wed Mar 27, 2019 10:26 am
Forum: General
Topic: CoDel support?
Replies: 45
Views: 13420

Re: CoDel support?

Not available (yet) but both SFQ and PCQ can provide a solution if you don't have brand flexibility. Correct me if I'm wrong (and I appreciate that you are trying to find a workaround), but my understanding is those require something with fixed bandwith that you can tune the settings to. Isn't the ...
by Steveocee
Mon Mar 25, 2019 6:46 pm
Forum: Beginner Basics
Topic: CRS328-24P-4S+RM as an internet router
Replies: 4
Views: 393

Re: CRS328-24P-4S+RM as an internet router

I'm fairly sure you could push 300Mb+ using fast track. It won't ever really do BGP and be an edge router but would be more than capable for simple home and small office routing.
by Steveocee
Mon Mar 25, 2019 6:43 pm
Forum: General
Topic: IP is up on port that's down
Replies: 2
Views: 221

Re: IP is up on port that's down

I kind of understand where you are coming from but that's not necessarily how it works.
By disabling the interface you are disabling the physical access on that side of the interface. Think of the IP sitting between the CPU and the interface you're assigning it to.
by Steveocee
Sun Mar 24, 2019 3:21 pm
Forum: RouterBOARD hardware
Topic: More "Power" for CRS112-8P-4S-IN
Replies: 4
Views: 464

Re: More "Power" for CRS112-8P-4S-IN

Fast track should see you up to 150Mb
by Steveocee
Wed Mar 20, 2019 4:09 pm
Forum: Beginner Basics
Topic: RB3011UiAS-RM Speeds
Replies: 5
Views: 397

Re: RB3011UiAS-RM Speeds

Something very wrong there. Even the RB2011 could do 350Mb without fast track!
Config will tell the story.
by Steveocee
Tue Mar 19, 2019 12:43 pm
Forum: Virtualization
Topic: CHR Hardware
Replies: 12
Views: 2083

Re: CHR Hardware

Will you be licensing your ESXi installations? If not you can only use 8 vCPU's per machine so you'd have a lot of redundant cores. Saying that it's better to run WITHOUT HT for CHR so only 4 over.
by Steveocee
Mon Mar 18, 2019 10:44 pm
Forum: Beginner Basics
Topic: RB2011UiAS-2HnD-IN antennas
Replies: 1
Views: 164

Re: RB2011UiAS-2HnD-IN antennas

You may have been better buying a connectorised radio such as a Netbox or Netmetal.
I would generally advise leaving the antennas alone on the RB2011
by Steveocee
Mon Mar 18, 2019 9:42 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 711

Re: Block port tcp/udp

Your router is very vulnerable. If it is public facing you need to update it and at a minimum put a public facing firewall on it.
by Steveocee
Mon Mar 18, 2019 6:05 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 711

Re: Block port tcp/udp

IP>Firewall>Service Port isn't "the" service. It's a service helper. A very bad one at that. Do you have any port forwards? Are you using UPnP? 5060 is generally used for VOIP/SIP, do you have anything that uses that on your network? You could make a rule to drop it however surely your firewall must...
by Steveocee
Mon Mar 18, 2019 4:00 pm
Forum: Beginner Basics
Topic: CCR1016-12G VPN to discover ubiquiti radios for UNMS
Replies: 4
Views: 422

Re: CCR1016-12G VPN to discover ubiquiti radios for UNMS

You won't be able to use discovery tool unless you use some kind of EOIP solution. UBNT discovery requires being on the same broadcast network which you won't be going in through VPN even though you can access the IP's.
by Steveocee
Mon Mar 18, 2019 12:59 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM idle power consumption
Replies: 5
Views: 1060

Re: CRS328-24P-4S+RM idle power consumption

Here is my CRS328-24P-4S+RM Annotation 2019-03-18 105542.png This is running; 3 data only ports 3 48v ports running 2 UniFi AC Pro's and a PoE splitter for modem. 3 24v ports Running 2 UniFi CCTV cameras and an NSM5 3 SFP's I didn't think consumption was too bad to be fair bearing in mind I also run...
by Steveocee
Wed Mar 13, 2019 11:25 am
Forum: General
Topic: Searching for the Best VPN for Kodi to stream unofficial addons safely
Replies: 10
Views: 1033

Re: Searching for the Best VPN for Kodi to stream unofficial addons safely

Might as well change thread title to; Help me break the law.

Although if you're ok with pptp then Tiger do a very good unlimited lifetime option.
by Steveocee
Tue Mar 12, 2019 5:25 pm
Forum: General
Topic: Why (not) use Hairpin NAT
Replies: 28
Views: 2843

Re: Why (not) use Hairpin NAT

Firstly, thank you for linking my video 8) I use home.mydomain.com for getting into certain things remotely and from home. These are differentiated by port number. I can't do that with internal DNS so it suits me quite well. I shared what I found as I initially had a lot of problems getting a hairpi...
by Steveocee
Tue Mar 12, 2019 4:51 pm
Forum: Beginner Basics
Topic: Connecting two routers in two buildings with cable
Replies: 8
Views: 682

Re: Connecting two routers in two buildings with cable

Hello, I'm assuming that the /16s are just to summarize local subnets and you don't have such a big network. Otherwise, break the subnet down to smaller ones (like /24). Also, I'd probably go with fiber regardless since your working with two buildings. Fiber will insulate you from grounding issues,...
by Steveocee
Mon Mar 11, 2019 1:25 pm
Forum: RouterBOARD hardware
Topic: CRS309-1G-8S+IN (General questions and experience)
Replies: 7
Views: 1155

Re: CRS309-1G-8S+IN (General questions and experience)

Liked & Subbed.
Nice to see well made content.
by Steveocee
Mon Mar 11, 2019 1:18 pm
Forum: Wireless Networking
Topic: 10Gb on RB2011 - bad idea?
Replies: 6
Views: 534

Re: 10Gb on RB2011 - bad idea?

Great idea. Shame the RB2011 only has SFP and not SFP+ so won't do a 10Gb connection.
by Steveocee
Mon Mar 11, 2019 11:51 am
Forum: Beginner Basics
Topic: Firewall rules
Replies: 6
Views: 495

Re: Firewall rules

You need hairpin NAT.
by Steveocee
Sun Mar 10, 2019 8:57 am
Forum: General
Topic: RB3011 and 10GB SFP
Replies: 3
Views: 447

Re: RB3011 and 10GB SFP

Bummer, no worries. Thanks for the compatibility link! I'm not sure if anyone can verify or has tried but do the Cisco 1GB SFP's work with MikroTik routers? I've got a couple laying around at my parents i was thinking of having them ship me. Cisco GLC-SX-MM work absolutely fine. I picked a load up ...
by Steveocee
Sun Mar 10, 2019 8:31 am
Forum: Beginner Basics
Topic: HELP: how to per ip shaping?
Replies: 10
Views: 594

Re: HELP: how to per ip shaping?

If i set 50m/50m in simple queue maxlimit, shaping will not work. Now, I set my values to 40m/40m and it worked. Why is that? Queue will only apply once you hit the max limit, if you set it higher than your connection can go then it will never apply itself. It going red only signifies traffic is ne...
by Steveocee
Sun Mar 10, 2019 8:21 am
Forum: Beginner Basics
Topic: Help with WAN bandwidth limiting
Replies: 12
Views: 571

Re: Help with WAN bandwidth limiting

it's rx/tx , I think, so upload or download depending on that interface / target you apply it to.
Correct, however it is done from client of interface perspective so for pppoe interface the values do reverse.
by Steveocee
Fri Mar 08, 2019 3:52 pm
Forum: General
Topic: hEX S shows activity on disabled SFP port without a link
Replies: 6
Views: 354

Re: hEX S shows activity on disabled SFP port without a link

Faulty hardware. Recently had similar with a CCR thinking ether5-7 was connected when they weren't.
by Steveocee
Fri Mar 08, 2019 2:35 pm
Forum: Wireless Networking
Topic: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)
Replies: 6
Views: 489

Re: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)

Roaming is done by the client. You can only try to encourage it.
Make sure you use the same encryption method and key and try to separate the wireless channels as far as you can. It can help to stick a minimum RSSI of around -75 on to discourage sticky clients.
by Steveocee
Thu Mar 07, 2019 8:31 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 12
Views: 1611

Re: RB4011 real world speed tests

I think btest is limiting your results.
by Steveocee
Thu Mar 07, 2019 5:12 pm
Forum: General
Topic: RB4011 real world speed tests
Replies: 12
Views: 1611

Re: RB4011 real world speed tests

Just finished bandwidth test
What did you use to test?
25% on a quad core CPU device means 1 core was running at 100% whilst the others were idle.
by Steveocee
Thu Mar 07, 2019 4:49 pm
Forum: General
Topic: Interface shows R (running) when it's not
Replies: 9
Views: 1317

Re: Interface shows R (running) when it's not

You won't.

The interface on your CHR will always be connected to the vSwitch/port group in ESXi.
by Steveocee
Thu Mar 07, 2019 4:44 pm
Forum: RouterBOARD hardware
Topic: mikrotik 4011 not all ports leds are blinking
Replies: 1
Views: 300

Re: mikrotik 4011 not all ports leds are blinking

Broken?

It does sound like there is a fault with the hardware there with the LED's being vertically stacked, bad track on the board probably.
by Steveocee
Thu Mar 07, 2019 1:57 pm
Forum: Wireless Networking
Topic: Back to back LHGG-60ad Ptp link (relay) [SOLVED]
Replies: 10
Views: 775

Re: Back to back LHGG-60ad Ptp link (relay) [SOLVED]

This forum sometimes! The guy sis asking what seems a really simple question, can he back to back two of the 60Ghz links, the answer is yes. Who mentioned dual radios and PtMP? Radio A <WIRELESS> Radio B <CAT5> Radio C <WIRELESS> Radio D. Is there some additional text in the same colour as the page...
by Steveocee
Wed Mar 06, 2019 4:18 pm
Forum: RouterBOARD hardware
Topic: No beeper on HAP AC2
Replies: 3
Views: 536

Re: No beeper on HAP AC2

Lets be honest though, the only use the beeper really gets is when you're bored and you want to play the Mario tune?
by Steveocee
Wed Mar 06, 2019 1:47 pm
Forum: General
Topic: How can i use datacenter multi ip on dsl?
Replies: 3
Views: 224

Re: How can i use datacenter multi ip on dsl?

You could set up a VPN in the datacenter. I need to ask though, why do you need that many IP's on your home connection? Have you heard of this amazing thing called NAT?
by Steveocee
Wed Mar 06, 2019 1:38 pm
Forum: Wireless Networking
Topic: wAP 60G AP to wAP 60G AP
Replies: 1
Views: 228

Re: wAP 60G AP to wAP 60G AP

Use bridge, not AP bridge and it will work.
Also ensure you have correctly set SSID and password.
by Steveocee
Wed Mar 06, 2019 10:37 am
Forum: Wireless Networking
Topic: New LHG 4G kit - RBLHGR&R11e-4G
Replies: 7
Views: 689

Re: New LHG 4G kit - RBLHGR&R11e-4G

Hi Steveocee Thanks for your reply, have you found the new equipment gives greater range or is it about the same?. You might be better on EE as they use the 1800Mhz band where I can get clients pulling down up to 85Mb. O2 only work on the 800Mhz channel which I've found Ok but speeds rarely go abov...
by Steveocee
Wed Mar 06, 2019 10:34 am
Forum: Wireless Networking
Topic: Back to back LHGG-60ad Ptp link (relay) [SOLVED]
Replies: 10
Views: 775

Re: Back to back LHGG-60ad Ptp link (relay) [SOLVED]

This forum sometimes! The guy sis asking what seems a really simple question, can he back to back two of the 60Ghz links, the answer is yes. Who mentioned dual radios and PtMP? Radio A <WIRELESS> Radio B <CAT5> Radio C <WIRELESS> Radio D. Is there some additional text in the same colour as the page ...
by Steveocee
Tue Mar 05, 2019 5:47 pm
Forum: Beginner Basics
Topic: RB4011 5Ghz Wifi unstable
Replies: 7
Views: 1780

Re: RB4011 5Ghz Wifi unstable

Having the device set to Auto is probably the worst way of operating the unit. It needs to be configured correctly otherwise it'll be all over the place.
Please give some details or config you have as an example (don't forget the country you are in) and I'm sure people on here will help you.
by Steveocee
Tue Mar 05, 2019 5:44 pm
Forum: Wireless Networking
Topic: Back to back LHGG-60ad Ptp link (relay) [SOLVED]
Replies: 10
Views: 775

Re: Back to back LHGG-60ad Ptp link (relay) [SOLVED]

It will work as well as daisy-chaining switches will work.

As @mistry7 has already said, loosely there are 4 channels. 58, 60, 62 and 64 Ghz. Just don't reuse the same channel back to back and you'll be fine.
by Steveocee
Tue Mar 05, 2019 5:42 pm
Forum: Beginner Basics
Topic: 2 firmware update locations ?
Replies: 7
Views: 469

Re: 2 firmware update locations ?

You are up to date.

You have a "current" firmware (think of as BIOS) and a "factory firmware" which you will never be able to upgrade and is there purely for in case of emergency.
by Steveocee
Tue Mar 05, 2019 5:32 pm
Forum: General
Topic: dynamic ip in a dst-nat rule
Replies: 5
Views: 272

Re: dynamic ip in a dst-nat rule

This won't be totally applicable but it explains how to get the dynamic bit down far easier than my typing will do.
https://www.youtube.com/watch?v=_kw_bQyX-3U
by Steveocee
Tue Mar 05, 2019 5:31 pm
Forum: General
Topic: VPN & 2 pppoe issue
Replies: 3
Views: 263

Re: VPN & 2 pppoe issue

You should probably post your config as this will give us a better idea of what you have done and where it can be fixed. Make sure to use "hide-sensitive" flag so no personal information is posted.
by Steveocee
Tue Mar 05, 2019 5:28 pm
Forum: Beginner Basics
Topic: problem connecting to cctv from my local wifi network
Replies: 2
Views: 159

Re: problem connecting to cctv from my local wifi network

Sounds like you need hairpin NAT. Youtube has some excellent videos on how to do it (mine being one of them).
by Steveocee
Tue Mar 05, 2019 5:27 pm
Forum: Beginner Basics
Topic: Help with WAN bandwidth limiting
Replies: 12
Views: 571

Re: Help with WAN bandwidth limiting

OP has stated line saturation is causing the PPPoE connection to drop and has sensibly suggested a limit of the PPPoE interface, I honestly don't know where the logic in limiting users individually came from there? @OP the solution from @solar77 is perfect for you. Be aware though I think when you s...
by Steveocee
Tue Mar 05, 2019 5:16 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 228

Re: I've locked myself out of the router admin interface.

I'm sure this will be a vlaid reason why not but.....plug into ether9?
by Steveocee
Tue Mar 05, 2019 3:45 pm
Forum: Wireless Networking
Topic: New LHG 4G kit - RBLHGR&R11e-4G
Replies: 7
Views: 689

Re: New LHG 4G kit - RBLHGR&R11e-4G

Have had one on test for a couple of weeks. As I move about from client to client I've been doing some very barbaric speedtest.net results and comparing.

The long and short of my findings was give up if you plan on using O2 network.

Awaiting an EE SIM to see if things improve.
by Steveocee
Tue Mar 05, 2019 10:52 am
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 973

Re: Control kids iPad usage time

As a parent of a 2, 3, 5 and 8 year old speaking. Have you considered saying "No"? No scripting needed.
The only "script" you'd possibly need is a CD set to loop saying no :lol:
Tell me about it. Hindsight eh?
by Steveocee
Mon Mar 04, 2019 6:48 pm
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 3
Views: 399

Re: Outgoing SSH traffic is blocked

*Fixed*
Don't think my problem was related. I have a route policy on site that tells it to send certain devices up a VPN. I managed to go "to" the device down the WAN and then it was trying to respond back up the VPN hence firewalls blocking packets from unexpected sources.

Good luck to the OP.
by Steveocee
Mon Mar 04, 2019 6:46 pm
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 3
Views: 399

Re: Outgoing SSH traffic is blocked

How strange.
I have just come across this problem myself. I am port forwarding from a specific remote IP back into my network and using torch I can see the LAN device trying to get back to it with dst IP but it simply isn't available.
by Steveocee
Sat Mar 02, 2019 7:09 am
Forum: Wireless Networking
Topic: 60Ghz 2.4km - possible?
Replies: 41
Views: 6033

Re: 60Ghz 2.4km - possible?

Just use a weird 5GHz channel nobody else is using
Losing a bucket of throughput, opening yourself up to local noise and losing full duplex.

I currently have a 2.4Km link on trial, it's struggling.
by Steveocee
Fri Mar 01, 2019 5:26 pm
Forum: Beginner Basics
Topic: Introduction to RouterOS documentation
Replies: 13
Views: 891

Re: Introduction to RouterOS documentation

Hi Colin, Welcome to the world of MikroTik. Very little official documentation, lots of user input (with multiple solutions to 1 issue normally) and an extremely steep learning curve. Use the default config to start with, adapt it to get you "online" and then study it from there to understand what ...
by Steveocee
Fri Mar 01, 2019 4:39 pm
Forum: General
Topic: 2x CRS112 Loop with single uplink? [SOLVED]
Replies: 1
Views: 221

Re: 2x CRS112 Loop with single uplink? [SOLVED]

Your bridge is using the MAC address of your ether port.

Set an admin-mac of your ether interface (I always use ether1 for continuity) but increment the second character EG 00:AA: becomes 02:AA

Will get rid of the error for you.
by Steveocee
Fri Mar 01, 2019 4:35 pm
Forum: Beginner Basics
Topic: Introduction to RouterOS documentation
Replies: 13
Views: 891

Re: Introduction to RouterOS documentation

Hi Colin, Welcome to the world of MikroTik. Very little official documentation, lots of user input (with multiple solutions to 1 issue normally) and an extremely steep learning curve. Use the default config to start with, adapt it to get you "online" and then study it from there to understand what e...
by Steveocee
Fri Mar 01, 2019 10:50 am
Forum: RouterBOARD hardware
Topic: Passive PoE: MikroTik and Ubiquiti
Replies: 6
Views: 1142

Re: Passive PoE: MikroTik and Ubiquiti

I use G3's connected to a CRS328, works fine with no problems. I changed from a UniFi 8 port switch last week and to be honest didn't even remember the G3's are 24v only. I've been really impressed with the CRS328 so far.
by Steveocee
Thu Feb 28, 2019 4:36 pm
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 973

Re: Control kids iPad usage time

As a parent of a 2, 3, 5 and 8 year old speaking. Have you considered saying "No"? No scripting needed.
by Steveocee
Thu Feb 28, 2019 3:35 pm
Forum: General
Topic: hap Mini
Replies: 10
Views: 1005

Re: hap Mini

lil0's OP The free space thing could be a problem, remove all packages you don't need. Remove all files you don't need (or at least back them up). Let's face it, do you need MPLS and BGP on this device? Probably not, be brutal, remove everything you don't need. I use a hAP Mini as a travel router a...
by Steveocee
Thu Feb 28, 2019 3:33 pm
Forum: General
Topic: hap Mini
Replies: 10
Views: 1005

Re: hap Mini

To be honest, this shouldn't escalate to an last resort like netinstall - the small size is not good because does not allow to use all compatible features simultaneously, it's like installing Linux and only be able to execute X11 or Console(tty) but not both - it is damaging the brand, and SPI Flas...
by Steveocee
Thu Feb 28, 2019 3:20 pm
Forum: General
Topic: Remote SSH access Issue Via NAT
Replies: 4
Views: 280

Re: Remote SSH access Issue Via NAT

If the modem is truly in bridge mode then you won't be able to access it via the WAN through SSH. Your SSH should be hitting the MikroTik. This would only not be the case if it wasn't actually in bridge mode and was routing and your MikroTIk was simply taking a LAN connection from it. I use a modem ...
by Steveocee
Thu Feb 28, 2019 3:12 pm
Forum: Beginner Basics
Topic: Need help opening ports for Torrents on RB2011iLS-IN
Replies: 10
Views: 734

Re: Need help opening ports for Torrents on RB2011iLS-IN

I really can't begin to tell you what a bad idea that is. So you're downloading P2P, maybe one of the files is infected, this then generates multiple services on the host, all of which then tell your router to open up ports which it does because UPnP is on which then enables more malicious software ...
by Steveocee
Mon Feb 25, 2019 8:43 pm
Forum: Beginner Basics
Topic: CRS112-8G-4S-IN question
Replies: 1
Views: 407

Re: CRS112-8G-4S-IN question

Bridge all ports and enable hardware offload so it uses switch chip rather than CPU.
Job done.
by Steveocee
Mon Feb 25, 2019 8:41 pm
Forum: Beginner Basics
Topic: Control kids iPad usage time
Replies: 9
Views: 973

Re: Control kids iPad usage time

IP>Kid Control
Maybe it won't limit to 30 mins per day but it's a start to minimise watch time.
by Steveocee
Fri Feb 22, 2019 5:08 pm
Forum: RouterBOARD hardware
Topic: SFP in SFP+ question
Replies: 2
Views: 368

Re: SFP in SFP+ question

Dropped a bunch of Cisco GLC-SX-MM's into a CRS328-24P-4S+RM yesterday and all worked absolutely fine with auto negotiation. The "B" end's were a CRS125, CRS112 and UniFi 8 port.
by Steveocee
Fri Feb 22, 2019 5:05 pm
Forum: General
Topic: Mikrotik RB951G USB Port
Replies: 2
Views: 329

Re: Mikrotik RB951G USB Port

The menu is under IP>SMB, you can create the share in there but for an honest opinion, it will be hideous to use. As it is USB2 based the transfer speed will be very slow and you'll have far less headache with a "real" NAS unit.
by Steveocee
Thu Feb 21, 2019 12:32 pm
Forum: Beginner Basics
Topic: L2TP/IPsec connection without sharing internet [SOLVED]
Replies: 5
Views: 451

Re: L2TP/IPsec connection without sharing internet [SOLVED]

You can use mangle to add routing marks then set the appropriate routing marks in your IP>Routes.

Use mangle to identify either src or destination and then apply either an "in-vpn" or "out-vpn" mark to it.
I use very similar to identify specific LAN devices to be able to use my work VPN.
by Steveocee
Thu Feb 21, 2019 12:16 pm
Forum: Beginner Basics
Topic: 2 Public IP
Replies: 3
Views: 329

Re: 2 Public IP

No problem at all. I've recently spun something similar up for a customer request. My use case was pppoe-out1 with static IP X.X.X.1 and then it had a /29 of routed IP's Y.Y.Y.0/29 of which each port in the router (RB3011) was going to have a different LAN range but traffic coming from a correspondi...
by Steveocee
Tue Feb 19, 2019 10:14 pm
Forum: Beginner Basics
Topic: Forum have BUG 5 (five) years.
Replies: 9
Views: 958

Re: Forum have BUG 5 (five) years.

Yeah @support !!! Why didn't you know this guy had problems for 5 years? Be more like Huawei and spy on your users data so we can complain about that instead!
by Steveocee
Tue Feb 19, 2019 10:11 pm
Forum: Beginner Basics
Topic: hairpin nat/routing [SOLVED]
Replies: 9
Views: 1444

Re: hairpin nat/routing [SOLVED]

Have a watch through this. Will explain everything you need.
https://www.youtube.com/watch?v=_kw_bQyX-3U&t=1s
by Steveocee
Wed Feb 13, 2019 3:48 pm
Forum: Beginner Basics
Topic: RB4011 not working? [SOLVED]
Replies: 2
Views: 420

Re: RB4011 not working? [SOLVED]

Download Winbox and try L2 connection, no IP needed.
by Steveocee
Tue Feb 05, 2019 11:35 am
Forum: General
Topic: DNS resolution vulnerability
Replies: 7
Views: 584

Re: DNS resolution vulnerability

This just sounds like you didn't set up your firewall properly. Not a vulnerability. If you enable DNS cacheing then the router will do it regardless, it is up to you then as the user to ensure that only requests you want answered are responded to. Usually a dro pUDP-53 rule from the WAN interface i...
by Steveocee
Wed Jan 30, 2019 2:59 pm
Forum: RouterBOARD hardware
Topic: hap mini, is 'foot' removeable?
Replies: 5
Views: 594

Re: hap mini, is 'foot' removeable?

Forgot I made that video.
by Steveocee
Wed Jan 30, 2019 2:57 pm
Forum: Beginner Basics
Topic: DNS server behaviour
Replies: 5
Views: 488

Re: DNS server behaviour

Yeah your config sounds screwed up. With a drop rule there should be no need for an extra rule in there. Also after the drop rule there should be no hits on any input rules........ This. Unless you have an established & related rule and the requests are coming form the same hosts and by some wizard...
by Steveocee
Tue Jan 29, 2019 6:59 pm
Forum: RouterBOARD hardware
Topic: hap mini, is 'foot' removeable?
Replies: 5
Views: 594

Re: hap mini, is 'foot' removeable?

Yes it is. I have trouble keeping it on to be fair, the device is so light and once you have a cat5 and power cable plugged in it struggles to stand up with it's own weight.
by Steveocee
Mon Jan 28, 2019 5:36 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 547
Views: 63448

Re: LHG 60G experience

Finally got my link up! 64Ghz wasn't cutting it but when I've tried out 66Ghz we now have a link. There is still some more panning that needs to be done, still not quite the 4Km touted recently.
66g1.JPG
by Steveocee
Wed Jan 16, 2019 4:20 pm
Forum: Beginner Basics
Topic: Test user on Desktop computer.
Replies: 3
Views: 297

Re: Test user on Desktop computer.

X86 isn't really a supported variant any more. "Real" hardware installations are now advised to be done using CHR through a Virtual Host.
by Steveocee
Tue Jan 15, 2019 12:29 pm
Forum: Beginner Basics
Topic: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)
Replies: 9
Views: 977

Re: Performance issue with Bell FTTH 940mbps/940mbps internet on Mikrotik CRS328-24P-4S+ (Bell Home Hub bypass)

CRS series are primarily switches with an amount of L3 capability. I think you'd need to use fast track and hardly anything else to get near the throughput you want. Ideally you'd need an RB3011 or upwards to route at those sorts of speeds.
by Steveocee
Wed Dec 26, 2018 11:18 pm
Forum: Virtualization
Topic: Problem buying a copy CHR
Replies: 1
Views: 586

Re: Problem buying a copy CHR

You don't buy CHR. You can buy a CHR license though, is that what you mean?
by Steveocee
Wed Dec 26, 2018 11:05 pm
Forum: Beginner Basics
Topic: Configure RB3011 to work with Comcast SB6183
Replies: 5
Views: 474

Re: Configure RB3011 to work with Comcast SB6183

Assuming Comcast work like most, you can connect a DHCP-client device to the modem and you're on the net. If so, reset the RB3011 to factory defaults and connect the modem to ether1. Should get you up and running (providing they don't have any weird MAC timeout restrictions on the services) and then...
by Steveocee
Mon Dec 24, 2018 11:52 am
Forum: RouterBOARD hardware
Topic: VDSL2
Replies: 5
Views: 831

Re: VDSL2

Not heard any mumbles of it.
The SFP approach is the closest yet but there will be little appetite in going for VDSL now with the general lean towards fibre to the premises.
by Steveocee
Sun Dec 23, 2018 10:18 am
Forum: Wireless Networking
Topic: Config RB952UI-2nd with 4 NMS2 for captive portail project
Replies: 1
Views: 243

Re: Config RB952UI-2nd with 4 NMS2 for captive portail project

This will be a LOT for someone to write for you a step by step guide. Maybe watch some YouTube tutorials first? Setting up router, then hotspot, then come back with any configuration issues or changes that need making?
by Steveocee
Sun Dec 23, 2018 10:11 am
Forum: Wireless Networking
Topic: Broadcast Storm avoiding
Replies: 1
Views: 486

Re: Broadcast Storm avoiding

Are you using client isolation? That would mitigate a lot for you, you should not get a storm across all ports though unless you add the ports to a bridge and then have a single pppoe server on the bridge.
by Steveocee
Sun Dec 23, 2018 9:58 am
Forum: RouterBOARD hardware
Topic: Problems with Mikrotik RB951Ui-2HnD
Replies: 2
Views: 469

Re: Problems with Mikrotik RB951Ui-2HnD

Your router has been hacked and likely has a script running on startup.

You need to do a netinstall to latest version and then re on figure securely before connecting back to the web.
by Steveocee
Sun Dec 23, 2018 9:55 am
Forum: RouterBOARD hardware
Topic: Ethernet flapping on RB3011
Replies: 5
Views: 822

Re: Ethernet flapping on RB3011

I’m on mobile but search this forum for the term “port flopping”. There is a large thread about it, why it is happening and how the problem hasn’t yet been fully solved.
by Steveocee
Sat Dec 22, 2018 11:08 am
Forum: Beginner Basics
Topic: Hairpin NAT is not working
Replies: 13
Views: 4819

Re: Hairpin NAT is not working

@Steveocee Thanks for wonderful and helpful video that you share in youtube, I am totally new user to Mikrotik but base on your guidance from the video, after some testing and reboot finally I able to get the loopback/ Hairpin NAT plus DYNDNS work perfectly with my Dynamic IP. Keep up the good job ...
by Steveocee
Wed Dec 19, 2018 1:55 pm
Forum: Beginner Basics
Topic: Locking down a Port Forward - noob question
Replies: 2
Views: 282

Re: Locking down a Port Forward - noob question

Do you actually need the port open? Could the traffic be part of your established or related chain instead? If you are "dialling out" to this company then you shouldn't need this rule.

Can you do an export (hiding the addresses of course) so we can see and help?
by Steveocee
Tue Dec 18, 2018 3:09 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2040

Re: Newbie: LHG 5ac only hitting 100mbps

Several people have already said, you are not missing anything. Your expectation of the product is too high. Either use an LHG60 to get gigabit or you will have to deal with the connection you are getting. The fact you are gettin 800+ burst rates is impressive to say the least, especially in the con...
by Steveocee
Tue Dec 18, 2018 3:05 am
Forum: General
Topic: Any alternatives for IP Cloud (DDNS)?
Replies: 1
Views: 318

Re: Any alternatives for IP Cloud (DDNS)?

It was only temporary downtime, not full shut down. The current version is quite stable also.
You can script the router to pull WAN ip from your interface if you really need it to on net watch up but that is very long way around an easily solvable problem.
by Steveocee
Fri Dec 14, 2018 4:52 pm
Forum: Beginner Basics
Topic: Blocking traffic on the same NAT doesn't work
Replies: 10
Views: 742

Re: Blocking traffic on the same NAT doesn't work

^^^^ Anav missed the easy solution. Although correct in that they are essentially in a L2 network, you can force L3 connectivity.

If the interfaces are in the same bridge you can use the bridge settings to use IP firewall or bridge filters and stop them from talking that way.
by Steveocee
Fri Dec 14, 2018 4:49 pm
Forum: Beginner Basics
Topic: Basic ROUTING [SOLVED]
Replies: 9
Views: 966

Re: Basic ROUTING [SOLVED]

Should be doable with a dst-nat rule I think.
Need a bit more info from your side to give you a more exact answer though.
by Steveocee
Fri Dec 14, 2018 1:10 pm
Forum: Beginner Basics
Topic: Web filter for Childs
Replies: 7
Views: 812

Re: Web filter for Childs

MikroTik Kid Control is brilliant for controlling who can access the net at what times and at what speeds across a grouped amount of devices.
No good for site control though.
by Steveocee
Fri Dec 14, 2018 12:34 pm
Forum: Beginner Basics
Topic: Mikrotik reserving some of my bandwith and I don't want that
Replies: 18
Views: 1396

Re: Mikrotik reserving some of my bandwith and I don't want that

I want to stream 4k high bitrate media, to 4 devices around the house if its possible I'd like to do that from a big external HDD hooked up to the router via usb 3.0 or something faster via NFS or something similar. If I can do this it basically means I can avoid buying a NAS which would be amazing...
by Steveocee
Fri Dec 14, 2018 12:16 pm
Forum: Beginner Basics
Topic: Web filter for Childs
Replies: 7
Views: 812

Re: Web filter for Childs

Separate network for her devices and use something like OpenDNS to filter DNS requests?
by Steveocee
Thu Dec 13, 2018 5:13 pm
Forum: Wireless Networking
Topic: New 60ghz channel release expectation
Replies: 4
Views: 665

Re: New 60ghz channel release expectation

The channel is not something MikroTik are releasing, the channel itself is already there. MikroTik are enabling the use of the channel through firmware which currently is only in the RC version but will ultimately release to current (whenever that may be). It is the 66000 channel which moves further...
by Steveocee
Tue Dec 11, 2018 1:03 pm
Forum: Beginner Basics
Topic: Remove port from the default brige [SOLVED]
Replies: 17
Views: 1400

Re: Remove port from the default brige [SOLVED]

Interesting
So I will then always set up bridges like this:
/interface bridge
add admin-mac=x[26AE]:xx:xx:xx:xx:xx auto-mac=no name=bridge
Where x are random[0-9A-F]
My MTCNA tutor taught to increment the first digit set by 2.
IE 00:AA:BB becomes 02:AA:BB
by Steveocee
Mon Dec 10, 2018 3:27 pm
Forum: Beginner Basics
Topic: Remove port from the default brige [SOLVED]
Replies: 17
Views: 1400

Re: Remove port from the default brige [SOLVED]

What happens if you use MAC address rather than IP? I always use MAC where I can as it means I don't lock myself out with L3 problems.
by Steveocee
Mon Dec 10, 2018 1:13 pm
Forum: Beginner Basics
Topic: Remove port from the default brige [SOLVED]
Replies: 17
Views: 1400

Re: Remove port from the default brige [SOLVED]

Are you plugged in to ether2 when you are doing this? If you are connecting to the router via IP, the IP sits on the bridge, if you remove the port from the bridge then you lose your IP connectivity.
by Steveocee
Mon Dec 10, 2018 8:56 am
Forum: Beginner Basics
Topic: DNS defaults to router gateway
Replies: 1
Views: 295

Re: DNS defaults to router gateway

IP>DHCP-SERVER>NETWORKS

Click into your network and then use the DNS box to full in the DNS servers you want to hand to DHCP clients.

That should work, do an ipconfig release and renew just in case.
by Steveocee
Mon Dec 10, 2018 8:51 am
Forum: Wireless Networking
Topic: wAP ac is slow with manager forwarding and high CPU
Replies: 9
Views: 1072

Re: wAP ac is slow with manager forwarding and high CPU

Do you need to run the traffic locally through manager? The traffic is being tunneled back to the manager hence where the CPU usage is coming from, without tunneling you should get full speed.
by Steveocee
Mon Dec 10, 2018 8:48 am
Forum: Wireless Networking
Topic: Associate with two 5ghz networks at the same time in station mode(client) with SXTsq 5 ac
Replies: 2
Views: 352

Re: Associate with two 5ghz networks at the same time in station mode(client) with SXTsq 5 ac

You can't connect to two networks as a client regardless of version.

If you had a board with 2 of the 5ghz chips then yes but certainly not through virtual. It simply can't do what you are asking.
by Steveocee
Mon Dec 10, 2018 8:45 am
Forum: Wireless Networking
Topic: Wireless Wire 60Ghz PTP link: weather problems?
Replies: 7
Views: 1730

Re: Wireless Wire 60Ghz PTP link: weather problems?

80m should be fine even with heavy rain. Maybe use the upper channels if you can.

Performance on these is great and I find the quoted distances to be a minimum.
by Steveocee
Sun Dec 09, 2018 11:12 am
Forum: General
Topic: Allow only one country to access router [SOLVED]
Replies: 3
Views: 635

Re: Allow only one country to access router [SOLVED]

I use similar to exclude a few countries from reaching me and my router (and vice versa). Your router is most likely trying to reach DNS outside your country and updates will be coming from MT (Latvia?) so a different approach is probably needed. If this is for access control you would be better rea...
by Steveocee
Fri Dec 07, 2018 3:45 pm
Forum: RouterBOARD hardware
Topic: pleaaaas help :CCR1036 ether ports doen't respond
Replies: 6
Views: 794

Re: pleaaaas help :CCR1036 ether ports doen't respond

Serial into it and see if anything is amiss. We use a standard USB-Serial adapter and then a Dev/Null cable in between to get access. Console you will see if ports are disabled or not. Recently had a similar problem not being able to netinstall a CCR and I ended up leaving it connected for around 15...
by Steveocee
Fri Dec 07, 2018 3:42 pm
Forum: Beginner Basics
Topic: SXT LTE traffic Monitor
Replies: 2
Views: 348

Re: SXT LTE traffic Monitor

You could turn on graphing for the LTE interface, activate the www server (make sure you firewall it properly) and view it locally?
by Steveocee
Fri Dec 07, 2018 2:09 pm
Forum: General
Topic: block p2p on router os version 6.4
Replies: 7
Views: 1187

Re: block p2p on router os version 6.4

Very difficult in general now as most P2P uses encryption.
Hope they integrate IDS/IPS feature in RouterOS in v7.
I like your optimism.
by Steveocee
Fri Dec 07, 2018 2:06 pm
Forum: Beginner Basics
Topic: Ludvigs first experience with routeros, and Pihole.
Replies: 2
Views: 646

Re: Ludvigs first experience with routeros, and Pihole.

IP > DHCP-Server > Networks Change the DNS server you are handing out to the IP of your Pi-Hole. Done. Be careful with Pi-Hole though, I would be more inclined to statically set the DNS in the client devices rather than blanket the network as I've read recently it has been a bit flakey with provider...
by Steveocee
Fri Dec 07, 2018 2:01 pm
Forum: General
Topic: PoE passive on port 5, same voltage as input
Replies: 1
Views: 192

Re: PoE passive on port 5, same voltage as input

Hex can do 48v in and out but does not have WiFi chip built in. You would need a separate AP.
https://mikrotik.com/product/RB960PGS
by Steveocee
Fri Dec 07, 2018 1:56 pm
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself
Replies: 258
Views: 33312

Re: RB4011: wlan1 disabling itself

Steveocee: The solution to this is to reduse the 2,4GHz transmit power a bit so that clients sees the 5GHz net as the strongest when close. This would reduce the 2,4GHz theoretical coverage, but normally not the actual/usable coverage, since coverage is normally limited by tx power on client. Yep, ...
by Steveocee
Fri Dec 07, 2018 1:31 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 1824

Re: firewall is pushing the cpu

Are you sure it is not just somebody trying to attack your router and it's doing it's job? Does/Has the CPU usage subside(d)?
by Steveocee
Fri Dec 07, 2018 12:05 pm
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself
Replies: 258
Views: 33312

Re: RB4011: wlan1 disabling itself

Are you using the same SSID name for both your 5G network and 2G network? Devices roaming from 5G to 2G would leave the 5G AP as running but not active. My P20 Lite is a PITA as it's dual band and I have done everything I can to get it to prefer 5G but it always ends up on 2.4G
by Steveocee
Fri Dec 07, 2018 11:48 am
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 1824

Re: firewall is pushing the cpu

With firewalls my personal ethos is drop everything and allow only what you want. Your firewall was allowing what you want and dropping "some" stuff. Your rules can be much simpler if you set them up as per below and that may transpire into better CPU utilisation. Nobody has asked what model router ...
by Steveocee
Fri Dec 07, 2018 10:29 am
Forum: General
Topic: Interface-list VS firewall address-list best practices and approach?
Replies: 8
Views: 846

Re: Interface-list VS firewall address-list best practices and approach?

Its worthwhile stating that one can make up numerous Interface Lists (subset1, newlist23, etc) but the options for each list is fixed at interfaces. Valid entries are: WAN entries, LAN entries, dynamic entries, or No entries They are applied as an Inclusion Entry or an Exclulsion entry. So there is...
by Steveocee
Thu Dec 06, 2018 6:29 pm
Forum: Scripting
Topic: Need help to email ping results / mode button event
Replies: 1
Views: 376

Re: Need help to email ping results / mode button event

You will need to set up /tools email to work correctly but when done use the below to create a script and then run the script on mode button being pressed; #Define Email variables here :local toEmail toaddress@mikrotik.com :local fromEmail fromaddress@mikrotik.com #Ping Variables :local avgRtt; :loc...
by Steveocee
Thu Dec 06, 2018 5:21 pm
Forum: Beginner Basics
Topic: New hEX S setup, but no internet.
Replies: 1
Views: 298

Re: New hEX S setup, but no internet.

It is doubtful the router is faulty. Most likely a misconfiguration. Please post your config for us so we can see and advise.
Enter into terminal; export hide-sensitive=yes
This will export your config hiding most specific details, ensure to edit out anything else.
by Steveocee
Thu Dec 06, 2018 5:09 pm
Forum: General
Topic: Interface-list VS firewall address-list best practices and approach?
Replies: 8
Views: 846

Re: Interface-list VS firewall address-list best practices and approach?

I too do similar with my setup. Interface list as an example "WANs" for my 2 WAN interfaces which is good for firewall & NAT rules and make use of address lists in multiple ways. I think of it more as interface-list for hardware interfaces and address-lists for IP related. Sometimes both will suit a...
by Steveocee
Thu Dec 06, 2018 2:18 pm
Forum: General
Topic: Winbox question in regards to traffic
Replies: 6
Views: 649

Re: Winbox question in regards to traffic

There is a padlock in the top right corner of Winbox. If it is lit and locked you are encrypted. If not then you aren't.
by Steveocee
Thu Dec 06, 2018 12:27 pm
Forum: General
Topic: block p2p on router os version 6.4
Replies: 7
Views: 1187

Re: block p2p on router os version 6.4

Very difficult in general now as most P2P uses encryption.
by Steveocee
Thu Dec 06, 2018 12:05 pm
Forum: General
Topic: HELP MIKROTIK STATIC ROUTE
Replies: 3
Views: 353

Re: HELP MIKROTIK STATIC ROUTE

You can have multiple routes all with the same priority however RouterOS will prioritise more specific routes over others. In your instance you can set routes to those individual IP's through the relevant WAN interfaces and still have a generic 0.0.0.0/0 rule all with the same priority and them coin...
by Steveocee
Wed Dec 05, 2018 3:48 pm
Forum: General
Topic: pcc does not work with fasttrack
Replies: 4
Views: 365

Re: pcc does not work with fasttrack

It's useful in certain instances.
by Steveocee
Wed Dec 05, 2018 2:23 pm
Forum: Beginner Basics
Topic: Possible Loop Errors.
Replies: 8
Views: 799

Re: Possible Loop Errors.

Good info all the way round.
I suspect it may have been this.......... .g. laptop connected to wifi and eth at the same time with those interfaces bridged.
It has not re-occurred yet.
PEBKAC ?
by Steveocee
Wed Dec 05, 2018 1:21 pm
Forum: Scripting
Topic: How to create a loop to add bridge with pre-defined configuration?
Replies: 4
Views: 586

Re: How to create a loop to add bridge with pre-defined configuration?

Hello,

This shouldn't be too difficult to do, do you need the bridge names to be dynamic some how or just a set name and comment for each? Reading your script you've already made I don't see the need for scripting what could be a few lines of config though?
by Steveocee
Wed Dec 05, 2018 1:06 pm
Forum: General
Topic: Crowd Funding of v7
Replies: 32
Views: 5362

Re: Crowd Funding of v7

It might be easy to hire any kind of developer, but to find a person who can quickly adapt and start working on important v7 RouterOS features - not an easy task. Anyway. Multi Threaded BGP doesn't exist. It will not be coming in v7 and is not implemented in any other brand routers. You can read ot...
by Steveocee
Wed Dec 05, 2018 1:04 pm
Forum: General
Topic: the pcc dose not work when it works with fasttrack
Replies: 18
Views: 1756

Re: the pcc dose not work when it works with fasttrack

PCC requires mangle and connection tracking to work.
Fast track removes all connection tracking in an effort to process packets faster.

No bug. No magic.
by Steveocee
Wed Dec 05, 2018 1:01 pm
Forum: Beginner Basics
Topic: Asociation
Replies: 1
Views: 246

Re: Asociation

Very open ended question with not enough detail.

An unhelpful answer would be: Are they both turned on?
A helpful answer would be, please post your configs for all to see and help you.

Both answers are applicable with ambiguity of question.
by Steveocee
Wed Dec 05, 2018 10:31 am
Forum: Beginner Basics
Topic: Possible Loop Errors.
Replies: 8
Views: 799

Re: Possible Loop Errors.

Hey Steve, can you elaborate? My bridge has a mac assigned, why would one need to assign it a different one? Or Are you saying that each interface to bridge interaction should see a different bridge mac address and if so how to do that??? By default the bridge uses auto-mac which grabs the MAC addr...
by Steveocee
Tue Dec 04, 2018 6:02 pm
Forum: Scripting
Topic: Limit user/IP by volume
Replies: 2
Views: 477

Re: Limit user/IP by volume

Where is "total-bytes" coming from? The router does not register or hold this information unless using hotspot.
by Steveocee
Tue Dec 04, 2018 2:23 pm
Forum: Beginner Basics
Topic: Possible Loop Errors.
Replies: 8
Views: 799

Re: Possible Loop Errors.

It can be helpful setting a MAC address for your bridge. I generally tend to use ether1 MAC as a template so if the MAC is 00:01:02 I will increment the second character by 2 so it becomes a made up MAC of 02:01:02 and this has resolved these situations before.
by Steveocee
Mon Dec 03, 2018 5:42 pm
Forum: Beginner Basics
Topic: Can't connect to 192.168.88.1 and winbox wrong username
Replies: 1
Views: 494

Re: Can't connect to 192.168.88.1 and winbox wrong username

How are you trying to reset? You can't just push the reset button with MT. Are you deploying this to a public facing connection straight away? Try resetting (properly) then connecting only your computer to the device, ensure you use a decent admin password in doing so. To reset you need to hold rese...
by Steveocee
Mon Dec 03, 2018 5:39 pm
Forum: Beginner Basics
Topic: Netinstall not install routeros
Replies: 3
Views: 432

Re: Netinstall not install routeros

Try having console open and watch what it says to do. I had similar and the router was waiting for a reboot.
by Steveocee
Mon Dec 03, 2018 5:02 pm
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself
Replies: 258
Views: 33312

Re: RB4011: wlan1 disabling itself

What does it say in the logs?
5Ghz may be disabling itself if it "thinks" it is seeing DFS and is in a DFS channel. You need to provide more of your config for further help.
by Steveocee
Mon Dec 03, 2018 10:53 am
Forum: Wireless Networking
Topic: Improve PTMP download
Replies: 11
Views: 1175

Re: Improve PTMP download

Even with a fully implemented and well working TDMA I would not expect you to be able to manage a 10Mb upload from one client whilst still providing anywhere near 70Mb to the others as download. For the cost of a single CPE it's worth keeping your 16 customers happy so 1 doesn't ruin the experience ...
by Steveocee
Fri Nov 30, 2018 5:42 pm
Forum: Beginner Basics
Topic: 750Gr3 Private Internet Access PPTP
Replies: 8
Views: 1000

Re: 750Gr3 Private Internet Access PPTP

Your PPTP client is creating it's own route which is not helping /interface pptp-client add add-default-route=yes connect-to=XXXX.privateinternetaccess.com \ dial-on-demand=yes disabled=no name=PPTP-PIA password=XXXXX user=\ XXXXX Should be /interface pptp-client add add-default-route=no connect-to=...