Community discussions

MikroTik App

Search found 40 matches

by OlofL
Fri Mar 13, 2020 4:56 pm
Forum: General
Topic: 31 subnet - Not finding an answer to default gateway.
Replies: 17
Views: 3206

Re: 31 subnet - Not finding an answer to default gateway.

As of 6.46.2, this still doesnt work.
by OlofL
Thu Feb 20, 2020 2:50 pm
Forum: General
Topic: GRE Tunnels and Dual Wan on one side
Replies: 4
Views: 1978

Re: GRE Tunnels and Dual Wan on one side

Hello, I dig up this topic because I have a similar issue. For load balancing purpose, I need to establish 2 gre tunnels between 2 routers. On one side I have 1 wan only, with a good bandwith, and on the otherside, I have 2 wan with low bandwith. Everything seems to go well, as both tunnels are run...
by OlofL
Thu Feb 20, 2020 2:47 pm
Forum: Announcements
Topic: v6.46.3 [stable] is released!
Replies: 28
Views: 28456

Re: v6.46.3 [stable] is released!

I am seeing some issues with routes over a /29 gre interface.
This has been observed since I went to v6.46.

viewtopic.php?f=2&t=157756&p=775916#p775705

Bug?
by OlofL
Thu Feb 20, 2020 2:45 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 924

Re: GRE over IPSEC stopped working

I will set this to unsolved again, because I just had an equal case where the ip route for my ipsec gre link network is not routing properly...
And this time that trick is not working :/
by OlofL
Thu Feb 20, 2020 10:55 am
Forum: General
Topic: Request: add user with password hash
Replies: 3
Views: 949

Re: Request: add user with password hash

Agree with this. Adding password with a hash is very critical, and a dealbreaker when automating big projects.
by OlofL
Wed Feb 19, 2020 2:34 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 924

Re: GRE over IPSEC stopped working

Same problem here. It helped to restart VPN server on router side and delete clients and configure them again on client side. Hope that helps. I'm not sure but I think that Mikrotik might have some ipsec issues in versions 4.63.1-3. Do you also have a RB4011? Also, I downgraded to channel=long-term...
by OlofL
Wed Feb 19, 2020 2:21 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 924

Re: GRE over IPSEC stopped working

Same problem here. It helped to restart VPN server on router side and delete clients and configure them again on client side. Hope that helps. I'm not sure but I think that Mikrotik might have some ipsec issues in versions 4.63.1-3. @Elliot I have restarted the vpn several times, on both ends. Howe...
by OlofL
Wed Feb 19, 2020 12:32 pm
Forum: General
Topic: GRE over IPSEC stopped working
Replies: 5
Views: 924

GRE over IPSEC stopped working

Recently my gre tunnel over my ipsec tunnel stopped working. Remote site is using vyos. Ping works, so ipsec tunnel is obviously up, however, gre doesnt work. Here is a ping between both routers loopback interfaces. Which is in the ipsec policy. /ping src-address=172.24.32.54 172.18.255.26 count=3 S...
by OlofL
Tue Feb 18, 2020 11:36 am
Forum: Beginner Basics
Topic: How do I UNset a value under /system logging action ?
Replies: 1
Views: 549

How do I UNset a value under /system logging action ?

How do I unset a value under /system logging action? I set the remote src-address to a value, but I see no way to unset it. There is no unset under this configuration stanza. Also, I cannot remove ` remote ` since its a default rule. So, how do I remove the `src-address` value in /system logging act...
by OlofL
Thu Jan 09, 2020 10:28 am
Forum: General
Topic: Generic grok mikrotik logs pattern
Replies: 2
Views: 810

Re: Generic grok mikrotik logs pattern

Hello @orx did you find any patterns?
by OlofL
Thu Jul 18, 2019 11:53 am
Forum: General
Topic: encrypted password for mikrotik config
Replies: 19
Views: 5051

Re: encrypted password for mikrotik config

Any updates on this one?

In the world of automation, it would be nice to generate a list of users.
I need to not know the passwords of the other users.

For most other network OS's we have, there is an option to paste the encrypted password.
by OlofL
Mon Jul 08, 2019 11:23 am
Forum: General
Topic: What VPN tech with dynamic routing behind NAT?
Replies: 3
Views: 590

What VPN tech with dynamic routing behind NAT?

Hello, I have a scenario where I need a backup connection over LTE. The LTE connection has a private IPv4 from provider , and is subjected to change any time. I have the LtAP from mikrotik, and I need to setup a VPN with dynamic routing to play together with a VyOS router. Mikrotik behind NAT, dynam...
by OlofL
Wed Jul 03, 2019 8:00 pm
Forum: Beginner Basics
Topic: "Failed to start IGMP proxy, you probably some PIM interfaces configured"
Replies: 3
Views: 1004

Re: "Failed to start IGMP proxy, you probably some PIM interfaces configured"

/routing pim export

no config

reboot
enable igmp proxy - still invalid.. hmm?
@losty ?
by OlofL
Thu May 02, 2019 1:27 pm
Forum: General
Topic: Kernel Failure in previous boot
Replies: 17
Views: 7409

Re: Kernel Failure in previous boot

Same problem here... Router is rebooting almost 10 times every hour. /system routerboard print routerboard: yes model: RB4011iGS+ serial-number: xxxx firmware-type: al2 factory-firmware: 6.43.8 current-firmware: 6.44.3 upgrade-firmware: 6.44.3 /log print 09:37:22 system,error,critical router was reb...
by OlofL
Tue Jan 15, 2019 2:53 pm
Forum: General
Topic: After restart device the PPP connection is not established
Replies: 2
Views: 4182

Re: After restart device the PPP connection is not established

I was trying to connect a Huawei E3372 LTE modem. I used the mikrotik microusb to usb cable that came with the RB2011 router. I can confirm this was a power issue. I was using RB2011 with a 5v 0.8a power. Changed to 5v 1.2a power, still same issue. Changed to a RB3011 with the 5v, 1.2a power - and p...
by OlofL
Tue Nov 13, 2018 6:08 pm
Forum: General
Topic: Any success with ansible over SSH in 2018?
Replies: 3
Views: 2901

Any success with ansible over SSH in 2018?

Hello, Im trying to do some simple ansible scripts to push some config to routeros. Im on routeros 6.43 and ansible 2.7 and trying the ansible modules: raw , command and the new routeros_command https://docs.ansible.com/ansible/latest/modules/routeros_command_module.html. None succeeeds, and they ju...
by OlofL
Tue May 15, 2018 3:29 pm
Forum: General
Topic: How should I be using queueing when I am also using fast track?
Replies: 1
Views: 410

How should I be using queueing when I am also using fast track?

I intend to limit WAN to LAN and LAN to WAN (up/download) bandwidth per host, with some burst traffic The wiki says on the fasttrack page: "Fasttracked packets bypass firewall, connection tracking, simple queues, queue tree ..." I am not getting a queue working, where I want to shape bandwidth per h...
by OlofL
Tue Feb 20, 2018 2:22 pm
Forum: General
Topic: L2TP IPSEC With Local Secret works. With windows NPS doesnt work.
Replies: 1
Views: 701

L2TP IPSEC With Local Secret works. With windows NPS doesnt work.

My setup: Mikrotik RB2011 with public IP and L2TP server enabled, use IPSEC and PSK. # feb/20/2018 12:56:31 by RouterOS 6.41.2 My clients are connecting from behind NAT to the public IP. On another setup, I use local /ppp secret users and they connect just fine from behind NAT. (Server still public ...
by OlofL
Tue Oct 24, 2017 2:00 pm
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 1744

Re: LTE Huawei E3372? [SOLVED]

It's weird. I got it up running once. It showed up under /interface lte But then I had to unplug the device, and now its not showing up again. Have tried reboot router and unplug a couple of times without success. are you using original OTG? This was probably it. I was using a one dollar china cabl...
by OlofL
Mon Oct 23, 2017 2:26 pm
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 1744

Re: LTE Huawei E3372? [SOLVED]

It's weird. I got it up running once. It showed up under /interface lte

But then I had to unplug the device, and now its not showing up again.

Have tried reboot router and unplug a couple of times without success.
by OlofL
Mon Oct 23, 2017 11:13 am
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 1744

Re: LTE Huawei E3372? [SOLVED]

just Unplug Power wait few seconds then plug it back Nope. Model 2011UiAS Serial Number 4CA904EC4A14 Firmware Type ar9344 Factory Firmware 3.10 Current Firmware 3.41 Version 6.41rc47 (testing) And /port> print Flags: I - inactive # DEVICE NAME CHANNELS USED-BY BAUD-RATE 0 serial0 1 Serial Console a...
by OlofL
Mon Oct 23, 2017 9:59 am
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 1744

Re: LTE Huawei E3372? [SOLVED]

on which board you test that?
Check if the usb port is added under system ports.
RB2011.

And no, nothing under system ports. Just the serial interface.
by OlofL
Fri Oct 20, 2017 4:41 pm
Forum: General
Topic: Understanding Mikrotik's definition of "Throughput" [SOLVED]
Replies: 5
Views: 977

Re: Understanding Mikrotik's definition of "Throughput" [SOLVED]

Im pretty sure it means the second one. The first one would be impossible :)
by OlofL
Fri Oct 20, 2017 4:37 pm
Forum: General
Topic: LTE Huawei E3372? [SOLVED]
Replies: 7
Views: 1744

LTE Huawei E3372? [SOLVED]

I cannot get this one started. Interface LTE shows nothing. Nothing in logs. RouterOS 6.41RC47. Ubuntu reports this as [23892.376108] usb 2-3.2: new high-speed USB device number 13 using xhci_hcd [23892.481169] usb 2-3.2: New USB device found, idVendor=12d1, idProduct=1f01 [23892.481172] usb 2-3.2: ...
by OlofL
Fri Oct 06, 2017 2:34 pm
Forum: Forwarding Protocols
Topic: Pushing routes to PPTP/L2TP client of my RB
Replies: 8
Views: 12525

Re: Pushing routes to PPTP/L2TP client of my RB

Or any solution in 2017?
This actually worked on a macos sierra client: under /ppp secrets just select user and add under routes=1.1.1.0/24

The user is connecting with L2TP IPSEC.
Now I have split tunneling and users doesnt hog cpu of my weak little rb2011 :-)

I haven't tried on windows though.
by OlofL
Mon Oct 02, 2017 1:30 pm
Forum: General
Topic: Bridge configuration on RB2011?
Replies: 0
Views: 377

Bridge configuration on RB2011?

I'm getting IPTV from my ISP on a tagged vlan (101) on interface sfp1. It should go out untagged on ether5 where my IPTV decoder is located. I'm not getting the IPTV to work. From what I know, the decoder should get a DHCP address from ISP IPTV network. I can see traffic going in and out on bridge p...
by OlofL
Tue May 09, 2017 4:20 pm
Forum: General
Topic: "Slow" download RB3011
Replies: 6
Views: 1244

Re: "Slow" download RB3011

So much info is missed out here. How is your "/ip firewall export" looking like?
What is using CPU when you access Internet?
Check out /tool profile
by OlofL
Tue May 09, 2017 1:04 pm
Forum: General
Topic: Flapping IPSEC VPN Between Mikrotik and VyOS
Replies: 3
Views: 1636

Re: Flapping IPSEC VPN Between Mikrotik and VyOS

Just to be safe since you've obfuscated the IPs. The SA src or dst is not included in either range to be tunneled correct? That would explain why it goes down as soon as it comes up. Alternatively you may have a layer 1 (physical) issue at one of the sites. Have you ruled that out? Possibly w/a sus...
by OlofL
Mon May 08, 2017 3:39 pm
Forum: General
Topic: traffik flow pre/post nat?
Replies: 4
Views: 970

Re: traffik flow pre/post nat?

The thread is a bit old, but I'm having similar issues. I'm trying to collect using nProbe + ntopng, and I see that v9 and IPFIX flows contain post-NAT address information, but this seems to be ignored by nProbe/ntopng - did you ever find a solution? I'm having the same problem whereby clients appe...
by OlofL
Mon May 08, 2017 2:25 pm
Forum: General
Topic: Flapping IPSEC VPN Between Mikrotik and VyOS
Replies: 3
Views: 1636

Flapping IPSEC VPN Between Mikrotik and VyOS

Hello, I've had a flapping IPSE Ctunnel for a while now. I cannot find out what the problem is. I can't see in logs on either side that VPN has stopped/started. Other side seem to get unreachable for a good 5-10 minutes and then back up again on its own. I am not 100% sure it is a VPN problem though...
by OlofL
Fri Dec 16, 2016 12:06 am
Forum: General
Topic: traffik flow pre/post nat?
Replies: 4
Views: 970

Re: traffik flow pre/post nat?

As you can see in picture, the netflow 5 flows are captured after dst-nat is done.

The behavior seem to differ in ipfix. Is this a bug or working as intended?
ipfix vs netflow5.PNG
by OlofL
Wed Dec 14, 2016 1:10 am
Forum: General
Topic: traffik flow pre/post nat?
Replies: 4
Views: 970

traffik flow pre/post nat?

It seems like traffik flow is captured pre dst nat. This means when I'm analyzing it looks like all traffic is headed for my WAN IP. Is it possible to get the traffik flow to capture flows post dst nat? The ipv4 next hop address field is populated with the right destination nat address. I am capturi...
by OlofL
Fri Sep 30, 2016 3:14 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 140352

Re: HAP AC

Hm, tried to test network performance between windows PC connected by gigabit cable (cat.5e) to hAP AC and MacBook Pro connected by wifi 5ghz (1000-1300Mbit connection). Why transfer speed is so low? iperf -c 192.168.1.253 -t 30 -i 5 ------------------------------------------------------------ Clie...
by OlofL
Tue Dec 01, 2015 10:12 am
Forum: Beginner Basics
Topic: IPSEC problems with hAP and Bintec RS123
Replies: 17
Views: 2012

Re:

Read the fasttrack thread instead asking what is it. Unfortunately it has some problems as it is quite newly introduced feature.
The thread is huge, why would you just not answer here instead?
by OlofL
Fri Nov 20, 2015 9:26 am
Forum: General
Topic: Routing different subnets through different providers, possible???
Replies: 5
Views: 587

Re: Routing different subnets through different providers, possible???

It's not metrics... I want all 10.x.x.x traffic from every location to route through Location A / Provider A. I want all 192.x.x.x. traffic from every location to route through Location B / Provider B. I think it has to do with masquerade and srcnat, but what I've tried hasn't worked. Currently I h...
by OlofL
Thu Nov 12, 2015 2:43 pm
Forum: General
Topic: Firewall filter rule with est+rel breaks when edited with gui? bug?
Replies: 1
Views: 360

Re: Firewall filter rule with est+rel breaks when edited with gui? bug?

Seems like this might have been a bug connected to the browser. The routers where earlier upgraded from 6.4 to 6.32, but deleting browser cache helped.
by OlofL
Thu Nov 12, 2015 2:41 pm
Forum: Beginner Basics
Topic: DNS over VPN (PPTP)
Replies: 1
Views: 1215

Re: DNS over VPN (PPTP)

I don't think it is possible to set on Mikrotik. You have to do it on the clients.
Powershell:
Set-VPNConnection -Name "Your-Connection" -DNSSuffix "something.local"
by OlofL
Thu Nov 05, 2015 10:37 am
Forum: General
Topic: LTE Interface Hijacking my Default Route
Replies: 3
Views: 879

Re: LTE Interface Hijacking my Default Route

So... I got a 4g/LTE USB Dongle with a SIM card in it. The problem is whenever I reboot my router or disable/re-enable the LTE interface, it adds a default route with it's address as the gateway. This overrides my default routes and screws up everything for me. Anyone familiar with this issue? I do...
by OlofL
Tue Nov 03, 2015 1:25 pm
Forum: Beginner Basics
Topic: [SOLVED]Default route to Internet
Replies: 10
Views: 3582

Re: Default route to Internet

/ip firewall nat src-address=192.168.88.0/24 action=masquerade out-interface=ether3 chain=src-nat

meaning
address incoming to router with address 192.168.88.0/24 will be source-nated
with technique masquerade (meaning it will use the outgoing address of interface) ether3.
by OlofL
Tue Nov 03, 2015 12:35 pm
Forum: General
Topic: Firewall filter rule with est+rel breaks when edited with gui? bug?
Replies: 1
Views: 360

Firewall filter rule with est+rel breaks when edited with gui? bug?

Hello, if I create a rule from command line with two connection-states in one rule: /ip firewall filter add connection-state=established,related dst-address=192.168.213.0/24 chain=forward comment="est/rel to guests" If I then open this rule from the webgui the connection-state is removed, if I prese...