Community discussions

Search found 24 matches

by isaacgrover
Sat Feb 09, 2019 9:28 pm
Forum: Announcements
Topic: v6.43.11 [stable] is released!
Replies: 79
Views: 11963

Re: v6.43.11 [stable] is released!

Good afternoon from western Wisconsin,

After upgrading my company's CCR1009 to v6.43.11, the local DNS resolver stopped resolving. A rollback to v6.43.4 restored local DNS resolution. Has anyone else experienced this same issue after upgrading to v6.43.11 ?

Thank you in advance,
Isaac Grover
by isaacgrover
Wed Oct 31, 2018 6:23 pm
Forum: General
Topic: How to whitelist top level domains? [SOLVED]
Replies: 2
Views: 591

Re: How to whitelist top level domains? [SOLVED]

Hi joegoldman,
Thank you for the proposed solution. For our situation, this is a really big hammer for a very small nail, so we'll need to approach this from a different direction. =)
by isaacgrover
Wed Oct 31, 2018 12:14 am
Forum: General
Topic: How to whitelist top level domains? [SOLVED]
Replies: 2
Views: 591

How to whitelist top level domains? [SOLVED]

Greetings from Wisconsin, We need to rate limit outbound SSL connections to certain top level domains on an RB750Gr3. The subdomains change somewhat infrequently but frequent enough that maintaining an address list would prove laborsome. Is there a way to check the first connection made to "anysubdo...
by isaacgrover
Tue Oct 30, 2018 5:46 pm
Forum: General
Topic: Client to site IPSec negotiation traffic only one direction?
Replies: 4
Views: 520

Re: Client to site IPSec negotiation traffic only one direction?

Good morning xvo,

You're correct - this firewall had to be rebuilt from scratch last Thursday, so I moved all the default rules to the bottom and put ours to the top, and I haven't taken the time to clean it up yet.
by isaacgrover
Tue Oct 30, 2018 5:06 pm
Forum: General
Topic: Client to site IPSec negotiation traffic only one direction?
Replies: 4
Views: 520

Re: Client to site IPSec negotiation traffic only one direction?

Hi emils, I have removed all the 'disabled=yes' lines, port forwarding rules, and those related to two other site-to-site VPNs. Here's what's left. /ip ipsec peer profile add dh-group=modp1024 enc-algorithm=3des name=profile_3 /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des /ip ipsec...
by isaacgrover
Mon Oct 29, 2018 8:58 pm
Forum: General
Topic: Client wants to access NAT'd web server from inside LAN using WAN IP [SOLVED]
Replies: 4
Views: 986

Re: Client wants to access NAT'd web server from inside LAN using WAN IP [SOLVED]

Hi steveocee, The Youtube video nailed the solution for me. If Youtube ever yanks it though, here's the solution for future visitors: - In /ip firewall nat, you need to create a rule in the srcnat chain that masquerades traffic from the internal LAN subnet to the same internal LAN subnet. - Then in ...
by isaacgrover
Mon Oct 29, 2018 7:32 pm
Forum: General
Topic: RouterBoard does not boot up after upgrade
Replies: 4
Views: 526

Re: RouterBoard does not boot up after upgrade

Hi yusuftek, Out of the 30+ RB750Gr2/3 units that we manage, there was only one that didn't come back online after the v6.43.4 upgrade. We dispatched a technician to that site, who found that the pppoe-client interface had been disabled, likely a result of the failed update. He was still able to acc...
by isaacgrover
Mon Oct 29, 2018 6:46 pm
Forum: General
Topic: MikroTik and SSL website (Comodo)
Replies: 5
Views: 611

Re: MikroTik and SSL website (Comodo)

Hi alfred998,
Could you post your sanitized config? Unless you're doing mangling on the SSL traffic, I'm not aware of how your Mikrotik could be causing such interference.
by isaacgrover
Mon Oct 29, 2018 6:44 pm
Forum: General
Topic: Client to site IPSec negotiation traffic only one direction?
Replies: 4
Views: 520

Client to site IPSec negotiation traffic only one direction?

Good morning from Wisconsin, I'm trying to rebuild a "road warrior" client-to-site IPSec VPN after a Mikrotik failed its firmware update last Thursday and took parts of its config with it. Based on backups and past documentation, it's set up correctly; however, the negotiation traffic only travels f...
by isaacgrover
Mon Oct 29, 2018 5:06 pm
Forum: General
Topic: Client wants to access NAT'd web server from inside LAN using WAN IP [SOLVED]
Replies: 4
Views: 986

Client wants to access NAT'd web server from inside LAN using WAN IP [SOLVED]

Good morning from Wisconsin, One of our MSP clients wants to access his company's website, which is hosted on a VM in the same LAN, using the WAN IP address. To be clear, the website is accessible externally from the WAN IP address on port 80, and we have been unable to convince him to use the FQDN ...
by isaacgrover
Mon Oct 29, 2018 4:56 pm
Forum: General
Topic: MikroTik and SSL website (Comodo)
Replies: 5
Views: 611

Re: MikroTik and SSL website (Comodo)

Hi alfred998,

Welcome to the Mikrotik forums. Is the Mikrotik doing the connecting to the website, or are you referring to clients on the LAN side of the Mikrotik connecting to the website on the WAN side?
by isaacgrover
Fri Dec 22, 2017 7:09 pm
Forum: Scripting
Topic: Need to flush only one IPSec tunnel, not all of them
Replies: 0
Views: 249

Need to flush only one IPSec tunnel, not all of them

Greetings from Wisconsin, On several different client Mikrotik firewalls that we manage, the clients themselves have multiple sites connected via IPSec site-to-site VPN. Sometimes one remote site goes down, and our IPWatcher script performs a "/ip ipsec installed-sa flush" which flushes all the tunn...
by isaacgrover
Fri Dec 22, 2017 7:00 pm
Forum: Announcements
Topic: MikroTik used by Amazon in their cloud datacenters
Replies: 34
Views: 18085

Re: MikroTik used by Amazon in their cloud datacenters

Thank you for sharing - I have reposted the video link to our company's Facebook and LinkedIn pages, further promoting the superiority of Mikrotik devices over Cisco, Sonicwall, and Watchguard for the SMB market.
by isaacgrover
Fri Oct 21, 2016 2:40 pm
Forum: The Dude
Topic: "get settings failed: std failure: broken path (2)"
Replies: 4
Views: 2509

"get settings failed: std failure: broken path (2)"

Greetings, On a new installation of The Dude, I am seeing the error "get settings failed: std failure: broken path (2)" when trying to connect to a remote RB750GL. The RB750GL is running v6.37.1, winbox to the RB750GL works, credentials are correct, and firewall rules allow all traffic from this wor...
by isaacgrover
Fri Oct 21, 2016 2:27 pm
Forum: The Dude
Topic: Dude agent not work
Replies: 6
Views: 1695

Re: Dude agent not work

Hi there,

I am seeing this same message after a new install of The Dude. What did you do to resolve?

Thanks in advance,
Isaac
by isaacgrover
Thu Oct 20, 2016 10:16 pm
Forum: General
Topic: CPU usage stuck at 100% on RB750GL
Replies: 2
Views: 805

Re: CPU usage stuck at 100% on RB750GL

Thanks for the suggestion. I installed The Dude, tried connecting to the device, and receive the error "get settings failed: std failure: broken path (2)" at the bottom. Our connection with winbox is fully functional - any thoughts?
by isaacgrover
Tue Oct 18, 2016 10:36 pm
Forum: General
Topic: CPU usage stuck at 100% on RB750GL
Replies: 2
Views: 805

CPU usage stuck at 100% on RB750GL

Good afternoon, One of our client RB750GL units has been stuck at 100% CPU usage for at least several weeks (don't have a firm start date to know what changed). Currently running v6.37.1 and thought that might be the cause, so rolled it back to v6.34.4 and still stuck at 100% CPU usage. Running /too...
by isaacgrover
Thu Feb 11, 2016 1:09 pm
Forum: General
Topic: Missing "OVPN Server" tab in v6.34.1 on RB750Gr2
Replies: 3
Views: 813

Re: Missing "OVPN Server" tab in v6.34.1 on RB750Gr2

<facepalm> I was looking for a tab, not a button. :)
by isaacgrover
Thu Feb 11, 2016 12:59 pm
Forum: General
Topic: Port forwarding stopped after dual WAN added
Replies: 6
Views: 1584

Re: Port forwarding stopped after dual WAN added

As a followup, we put in a second RB750Gr2. Turns out space wasn't "that" limited. =)
by isaacgrover
Thu Feb 11, 2016 12:11 am
Forum: General
Topic: Missing "OVPN Server" tab in v6.34.1 on RB750Gr2
Replies: 3
Views: 813

Missing "OVPN Server" tab in v6.34.1 on RB750Gr2

Greetings from western Wisconsin. I am setting up an OpenVPN server on an RB750Gr2 running ROS 6.34.1 and am stuck at creating an OpenVPN server interface because the tab is missing. Using Winbox, I go to Interfaces, and I can see the following tabs: Interface, Ethernet, EoIP Tunnel, IP Tunnel, GRE ...
by isaacgrover
Sun Jan 10, 2016 12:55 am
Forum: General
Topic: Port forwarding stopped after dual WAN added
Replies: 6
Views: 1584

Re: Port forwarding stopped after dual WAN added

Why not just buy a second one?
Power availability and space is very limited in this environment, and I know the Mikrotik platform is easily capable of such a task.
by isaacgrover
Sat Jan 09, 2016 3:21 pm
Forum: General
Topic: Port forwarding stopped after dual WAN added
Replies: 6
Views: 1584

Port forwarding stopped after dual WAN added

Good morning all, I have one RB750Gr2 that is now set up with two WAN connections, each corresponding to its own LAN, no load balancing. LAN 192.168.100.x sits on ether2 and all outbound traffic goes out on A.A.A.249 via ether1. LAN 192.168.1.x sits on ether4 and all outbound traffic goes out on A.A...
by isaacgrover
Wed Nov 25, 2015 6:33 pm
Forum: General
Topic: IPSec Site2Site VPN not NATting
Replies: 3
Views: 1014

IPSec Site2Site VPN not NATting

Good morning from Wisconsin, I have set up an IPSec site-to-site VPN between two RB750Gr2 units both behind static IP addresses where the Comcast SMCD3G modems are in bridge mode. The "Installed SA" tab shows both directions are fully established and the packet counters are incrementing with constan...
by isaacgrover
Wed Nov 25, 2015 6:19 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 3247

Re: Another help me with L2TP/IPSEC proxy-arp...

Hi KitMikro,

Any response, as we have the same exact issue here?

Thanks in advance,
Isaac