MikroTik

vanikcz

Hello Mikrotik community! I’ve recently designed a custom enclosure for the Mikrotik RouterBoard RBM33G, and I’d like to invite you to check it out and give it a try! https://makerworld.com/en/models/1004072 https://www.muscari.cz/download/RBM33Genclosure.jpg Here’s what the enclosure offers: Two mo...

vanikcz

Feel free to try this
https://makerworld.com/models/1004072

vanikcz

Hi there! As Android dropped support for L2TP/IPsec in new versions, it looks like L2TP/IPsec should be dead, but we are using it on Windows clients because of good support by OS. As per Sindy in his epic article: https://forum.mikrotik.com/viewtopic.php?p=652517 Is there any change in behavior in R...

vanikcz

Hi there! I have setup IKE2 VPN server for road warriors. I have some thoughts, maybe someone can help me with... - Let's Encrypt certificate is great functionality, but it makes me mad to have port 80 open for whole world. In the best effort I managed Layer7 regexp to catch GET /.well-known/acme-ch...

vanikcz

moderator note: do not quote preceding post, use "post Reply".

Thank you for that ultimate VLAN Guide!
Now there is only problem with settings of channel lists over two bands.

vanikcz

Hi there! Let me introduce situation, I'm pretty familiar with Mikrotik routers, I'm using mainly IPSec tunnels and some basic features. Now lack of devices force me to try Mikrotik APs. I have one RB750Gr3 as main router and three hAP ac2 as AP and switch. In first try, I tried to setup it like jus...

vanikcz

Is there any (plan to) release SDK for MAC-Telnet? Basically I want to create utility that can initialy set the router that was bought by customer. Do you know about any other viable path to setup freshly purchased box without running winbox? Yes, I can use API, or SSH but MAC-Telnet might be cooler...

vanikcz

I just recovered from weird issue. Router was unable to ping anything (by IP address) in local, or any connected network. I catch that because I have netwatch rule that is watching our main connection and in case of failure it is switching to backup connection. Netwatch is pinging every 30 seconds t...

vanikcz

Great idea!
I'm suggesting to create some high level configuration that generates a rsc script, that will be downloaded to RB in provisioning process. As user I would like to add some lines ro generated code...

vanikcz

If you do it the way I suggest, you'll have local (Mikrotik) timestamps.

I'll give it a try. Thank You.

vanikcz

Thank you for reply. I need to preserve original timestamp of a packet. If I am not wrong TZSP action will resend the packet to the Wireshark, but time of the packet will be the time when packet arrtives to wireshark and not from the router where it originates from. So I want to store packets locall...

vanikcz

It would be great if we can sniff only packets marked by specific packet mark in mangle.
For example, I need to get only first 3 packets from each TCP connection, but TZSP action is not suitable for me.

vanikcz

Does it mean that all policies include 192.168.60.x/x? It could help if you posted what exactly you have. Yes, there are all policies created. Now I tried to find some of mine customers that is using routing from RW VPN Client to another IPSec tunnel, and I found one. It is running on 6.49. So I tr...

vanikcz

Hi there, I have three routers linked together by IPsec site-to-site vpn. I'm elaborating with 7.1.5 version of ROS , but I have the same problem at 6.49.2. EDIT: Information about 6.49.2 was not true, there was another mistake in configuration, sorry. Router1 LAN IP 192.168.50.1/24 Router2 LAN IP 1...

vanikcz

Dear msatter,
please canyou specify how can I load a 60kB file in variable? I cant find any example of that...

A few months ago no one knew that chunking was possible in combination with variable in ROS and now it used widely.

Thank you

vanikcz

I want to report a minor bug in following configuration: RB750Gr3 ROS: 7.1.1 stable , firmware 7.1.1 in winbox configuration there in only led to select: sfp-led, unknown in previous releases there was only user-led, if I select sfp-led, the user-led on the router does not respond to the signal. Bes...

vanikcz

Dear tdw, thank you for comment on MTU, it seems to bring stability to tunnel. Before changing MSS it was running at speed oscilating from 0,5 to 20 mbps. After change MSS, tunnel is running on 60-70mbps. It is on 100mbps line running solidly at speed of 95mbps. So it can be better but result is fai...

vanikcz

Dear forum visitor! can you please advise me on optimal settings for IPSec hardware offloading on devices such as RBM33G or RB750Gr3 according to this table? https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Hardware_acceleration Can the settings look like this or there is place for optimalisation? In ...

vanikcz

After you get config inn to an variable, who would you then use it from there, to what?

I want to send it via /tool fetch HTTPS to my webservice for backup.

vanikcz

Dear Mikrotik forums, it would be great if command /tool/fetch http-method=post url="https://blabla.server/fileservice" mode=https can specify the file on mikrotik that will be send as data of POST request. Better without that annoying 4kB limitation! May I believe in that it will be imple...

vanikcz

Finally i found that /file get ... contents can work with files up to 4kB. If the file is bigger, function returns empty result.

vanikcz

Hi there! is there any way to read file with rsc extension? I tried: :global fileContents [/file get current.rsc contents]; but the variable is then empty. If I try to read another, for example txt file, contents are loaded successfully. Tried on 6.49 and 7.1.1 Basically I want to get current config...

vanikcz

You can add various RAID server, but only one can be used for each service. The single services supported are: dhcp dot1x hotspot ipsec login ppp wireless Thank you, It would be nice if I can authenticate user@domain.one against domain.one RADIUS server, user@domain.two against domain.two RADIUS se...

vanikcz

Hi there! It would be awesome, if User Manager can sync users from LDAP server including the information about source doman, so I can connect to more independent LDAP servers. Also it would be great If mikrotik can authenticate users against the LDAP server such as Active Directory. Is there any pla...

vanikcz

Hi there, I have following scenario: Multiple Microsoft Active Directory forests behind one Mikrotik router. Each forest in its own segment. Each forest is having its own Directory servers with NPS role (RADIUS server) installed. Is there any chance to have multiple RADIUS servers defined in Mikroti...

vanikcz

Hi there, I have a router (RB1100AHx4) that is configured with multiple IPSec tunnels. Each tunnel is having its own proposal like this: /ip ipsec proposal set [ find default=yes ] enc-algorithms="aes-256-cbc,aes-256-ctr,aes-256-gcm,a\ es-128-cbc,aes-128-ctr,aes-128-gcm,3des" lifetime=1h a...

vanikcz

Hi there, is there any documentation to RBM33G board? I have some questions: - J601 connector is containing UART2 and UART3 - they are +/-12V RS232, or TTL? - in the configuration there is only Serial0 and Serial1, but on the hardware there are 3 ports - where are the GPIO ports? - what is J4 port? ...

vanikcz

You can use action=sniff-tzsp in mangle rules. So you can either set the match conditions directly in that rule, or you can assign packet-marks in preceding rules and then match on them in the sniff-tzsp rule. To sniff into a file on Mikrotik this way, you'd have to send the TZSP packets to some ex...

vanikcz

So the NTP server is in the HQ network? Consider making a routing rule for the HQ network in mikrotik. Lets say the HQ lan is 192.168.16.0/24, so you have to make route for 192.168.16.0/24 with gateway set to LAN interface of branch Mikrotik.

vanikcz

It would be great if I can sniff only marked packets, but it is not possible, am I right?

vanikcz

Hi there, I want to analyze network traffic - http, https and other tcp protocols and I need to capture first 10 packets from each connection, is that possible anyhow? For now, I can stream capture to another machine, or capture everything and download the capture files, but it woult be nice it that...

vanikcz

Hi Jan, Not sure if this helps your use case but mikrotiks do support SNMP so you can poll snmp and then produce graphs from the polled data. One open source example of an snmp polling tool is https://www.librenms.org . Otherwise you could setup netflow on the mikrotik to send aggregated stats off ...

vanikcz

Hi there,
please it is possible to get source data of graphing hru API or any other method? Getting data from gif from http://router/graphs is the last change for me…

Thank you for any tip!

Best regards, Jan

vanikcz

I resolve it by myself - just disable STP on the bridge and viola... I'm not sure why, but now it is working.

vanikcz

Hi there! I have a question regarding LLDP and its passing thru the bridge. I have several Profinet devices (some industrial automation controllers) and want to monitor the traffic with help of mikrotik devices, but I have problem with the fact the LLDP packets that are carrying PLC time synchronisa...

vanikcz

since 6.44 IPsec tunnels stop working for me, it says: no identity suits proposal, failed to get valid proposal. Maybe my setup is not the best but until 6.43.12 it was working well. I solved that - in IPsec peer identity there was My ID Type set to address, I switched it do auto and use the router...

vanikcz

since 6.44 IPsec tunnels stop working for me, it says: no identity suits proposal, failed to get valid proposal. Maybe my setup is not the best but until 6.43.12 it was working well.

vanikcz

Hi there, I'm trying to integrate Mikrotik router to my environment even deeper, so I want to use account from active directory as login to RoadWarrior VPN. I've just tried L2TP/IPsec with RADIUS server pointed to my AD server. It worked like a charm, BUT it is useless because of Mikrotik's limitati...

vanikcz

Hi there, I want to setup multisubnet site-to-site VPN tunnel and Im facing problem with template policy: I set template policy like this: src-address=::/0 src-port=any dst-address=::/0 dst-port=any protocol=all action=encrypt level=unique ipsec-protocols=esp tunnel=yes sa-src-address=0.0.0.0 sa-dst...

vanikcz

Hi there! I have trouble with configuration a IPsec tunnel between RB750r2 with 6.32.2 and KERIO Control 8.6.2. In case I want to connect one subnet from Mikrotik to KERIO it is working well, since I need to connect multiple subnets in Mikrotik and Kerio, peers are connected but no ping or any other...

Search found 40 matches