MikroTik

rcocchiararo

I use IPv6 for remote access routeros device (rb4011 and ax2) by https, and WireGuard endpoint address. I use dynv6 to register my dynamic IPv6 address. cool, i didn't know that service. I already have a script for zoneedit and i am researching one for cloudflare, but i will keep that in mind. NEW ...

rcocchiararo

Use freedns.afraid.org to keep your DDNS records and a scheduled script on RouterOS to update the AAAA only. I believe the script was posted somewhere here. [1]: How do you use this pool exactly? [2]: That doesn't sound right. As if Neighbor Discovery was not running and LLA were learned through ot...

rcocchiararo

[1]: What do you mean “no dns listed”? What you configure to advertise is what should be advertised regardless of /ip/dns settings [3]: port needs to be open on both RouterOS (filter, forward chain) and Windows. Use address lists and DHCPv6 Client lease script to keep it up to date At some point, i...

rcocchiararo

I came here + 2 places in reddit (tik and ipv6). I have ipv6 running now, with a single delegated prefix. Now i have to learn/test about: 1) Windows machines having only ipv4 DNS (might be related to having no DNS servers listed and using DoH) - EDIT: ok, it seems fine now (except on my work laptop ...

rcocchiararo

Hi There Long time mikrotik user here (router + capman + APs at home, router at parents/places i help manage), had to learn IPv6 becasue: 1) ISP started swaping from copper (coaxial) cables to fiber where i live, with their new gear/network being dual stack 2) In the old network, asking to set their...

rcocchiararo

Did you enable the IP Forwarding on the Mikrotik CHR VM NIC?

IP Forward.png

I didn't know about that before

After I kept failing I googled some more and enabled that, still did not work, so I rebooted the VM and went to sleep.

Will test more today.

rcocchiararo

maybe worth mentioning, the CHR is unable to get the cloud DDNS function going (i got a demo license), public address/dns name remains blank. I tried a script for getting the public ip: { /tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt local ip [file get mypu...

rcocchiararo

My azure interface had only the option of using the 10.0.1.0/24 ip range. I added 10.1.0.0/24 too. Then i added a 2nd interface to the CHR VM: ethernet1: 10.1.0.0/24 address range and public ip ethernet2: 10.0.0.0/24 address range and no public ip The CHR can ping my azure vm that shares the 10.0.0....

rcocchiararo

Hi there I've been using Mikrotik for personal stuff for ages, and recently learned about Wireguard after the V7 upgrade I help an ONG (got them an azure sponsorship), and since they can't get a public IP (ISP gives them a fake public IP behind double Nat), I thought about setting up a VM to be thei...

rcocchiararo

In that case, the HOME ROUTER should be the SERVER for both connections and both the office and relatives should be clients during the initial establishment of the tunnel. If you provide full config for all three, I will take a look. In terms of the other devices........ Having an ISP router will n...

rcocchiararo

And then... i went to my parents home to try again (i have a mikrotik there too).
I failed in the SAME way... but then it hit me.... my home has a real public IP and both the office and my parents home has double nat. (handled by the ISP).

rcocchiararo

I dont see any glaring showstoppers regarding whats preventing your wireguard connection. :-( Presuming the clients were set up okay. They should be ok since i am testing with a notebook and android phone, i am able to use them on my home device but not on this other one. Fearing i might have done ...

rcocchiararo

Well, your post about my firewall prompted me to look at the default one and, i think, set it in a simpler way (i left the syn flood, port scanner and bogons stuff there, but removed the "support/wireguard lists and went with the LAN/!LAN option (added each wireguard interface to the LAN list t...

rcocchiararo

Why do you use capsman on the hex, do you have a number of APs attached??

That's my personal one, yes, at home i have 2 CAP AC and 1 HAP AC2 for wifi. (overkill, but had them laying arround after some failed proyects).

There is no capsman where roadwarrior does not work tho.

rcocchiararo

I put my WireGuard interface on the list of internal interfaces (LAN on the default configuration). This will solve most problems, like masquerading (if needed), firewall rules, forwarding internal to WireGuard road warriors, etc. The only firewall rule I add is to accept UDP port 13231 in the inpu...

rcocchiararo

Someone with more experience than I, may be able to help you on that front. The only thing I would do is clean up your firewall rules and have about 10,000 less rules and clearer rules. THats personal preference, your rules seem to be working fine for you so no need to change, but to be honest for ...

rcocchiararo

Yeah I had a once over and dont see what would be blocking it.

That's sad

Any way i can trace/snoop whats happening with the connection ?

rcocchiararo

There goes. You will notice i don't use keepalive normally, mostly because i saw no need for that when i was "road warrioring into my home". If i don't use it on their config against the azure server or against my TIK, then until they ping the other side the conection does not work for the...

rcocchiararo

example of my road warrior setup. IP IPHONE: WG INTERFACE Public key : xxxxx { to give my mikrotik server } Addresses: 10.2.30.2/32 { fake source address to be assigned to my IPHone for the purposes of traversing the tunnel } DNS Servers: 1.1.1.1,9.9.9.9 { use standard dns servers available } PEER ...

rcocchiararo

One step at a time. 1. Can a road warrior connect to your Router? 2. If so, the steps/settings for the office Router would be the same!!! So determine the differences between the two hexes. a. ISP type b. ISP equipment Suggest you post your hex config here /export file=anynameyouwish and we can see...

rcocchiararo

Hi there I have a HEX S (RB760iGS) at home, acting as a router, capsman (controlling 2 CAP AC and 1 HAP AC2), where i used to run openVPN, and now migrated to Wireguard (super cool). Since i help an ONG with their IT stuff (i work in IT myself), i got them the same router, mostly mirroring my config...

rcocchiararo

I didnt really understand the config posted above, but i find that using capsman allows me to just plug a new AP pressing the mode button so that it goes to CAPs mode, it then shows up in capsman and i configure it as desired. I failed on the auto channel selection, but since this is my home, where ...

rcocchiararo

The problem with CAPsMAN provisioned wireless network is that CAPs still autonomously select channels to operate (out of list of allowed channels provisioned by CAPsMAN) - unless you manualy configure provisioning rules for each CAP. If all CAPs do the frequency scans at the very same time (e.g. af...

rcocchiararo

Hi there I used to run my home with a HAP AC2 as the main router + wifi, with a CAP AC and an older wifi 2.4ghz only mikrotik as extra wifi APs. I then got my hands on a non wifi model to have as the core device, and another CAP AC to retire my older one. At some point before the upgrades, i had det...

rcocchiararo

That's the thing, softether, AFAIK has one place to declare routes, that are only shared via the DHCP. Then you probably just cannot use SoftEther for this use case. Run MikroTik CHR virtual machine in Azure instead. After a ton of reading it seems that for what I needed, I had to use local bridge ...

rcocchiararo

That's the thing, softether, AFAIK has one place to declare routes, that are only shared via the DHCP. That's in the securenat function (which has secure nat and dhcp as 2 options). Declaring rutes there did nothing. I also tried declaring routes in windows command line, to no avail. This happened b...

rcocchiararo

Hi there i've been strugling with softether as a vpn server on a virtual windows server on azure (some "pro-bono" work i am doing for an ONG, i got them an azure sponsorship and moved their pretty bad administration software to the cloud during the pandemic). https://www.vpnusers.com/viewt...

rcocchiararo

.... then i remembered that i had only virtual wireless interfaces on the guest-bridge... so the subnet i use for guests was not interconected between mikrotiks. Is there somethin akin to cisco's "trunk" in mikrotik ? (i run cisco @work) I am using the backup cable for this now, but i woul...

rcocchiararo

Aaaand look who is back >P Question time. I wanted to try and move my capsman config from my old device to the new one, keeping the old one for upstairs wifi, firewall / QOS / OpenVPN server, DNS (maybe) and backup DHCP server. I more or less succeded, except for the guest wifi (its more of a whim t...

rcocchiararo

Separate configs are for various devices you want to manage from CAPsMAN. Then you push the correct config to the device. E.g. 2,4GHz only config to older 2,4GHz only CAP. If all your CAP devices support the same standards you can have only one config. For cases when I want to force only AC on newe...

rcocchiararo

Hi, this file should answer your questions about CAPsMAN VirtualAP Setup, Dual Band CAP, CAPsMAN and CAP in one board: https://mum.mikrotik.com/presentations/BR14/Uldis.pdf (little outdated, November 2014, but still nice explaining) Was failing miserably when i got to the dual band setup, until i n...

rcocchiararo

Hi, this file should answer your questions about CAPsMAN VirtualAP Setup, Dual Band CAP, CAPsMAN and CAP in one board:
https://mum.mikrotik.com/presentations/BR14/Uldis.pdf
(little outdated, November 2014, but still nice explaining)

i was just looking into that after googling a little xD

rcocchiararo

Ok Following the basic guide i am up and running. Things still not working tho: 1) If i enable "forbid" on "all" in the capsman manager, even tho i allowed the bridge, the local wifi of the main mikrotik (old device) can´t connect as CAP. 2) The 2.4ghz radio of the new device (or...

rcocchiararo

As your current device is capable of performing all routing needed, I'd decide the future place of both devices based on expected wireless usage. RBD52G (hAP ac2) features 5GHz radio while RB951G doesn't. My brief measurements showed that RB951G (having wireless settings on 2.4GHz the same as RBD52...

rcocchiararo

Set up caps-man.

On to it then xD

Local or managed forwarding?

Since my current device can handle all my network now I guess it won’t do much of a difference?

The new one will have most of the WiFi activity, the tv vi Ethernet cable and nothing else.

rcocchiararo

Hi there O got my RB951G-2HnD some years ago and it has seen a fair share of use and re-configuring. Currently it’s my only WiFi device at home, handles the internet connection with QoS rules, has a guest WiFi network and OpenVPN so that I can connect to it from outside to handle some of the web app...

rcocchiararo

This used to crash from time to time and i had to restart the service.

Now it lasts a few minutes and dies.

Can it be related to something from update 6.35.4?

rcocchiararo

Hi there I am facing a problem in my home config (i have setup dual wan via PCC, traffic shaping with queue tree, openvpn and some more stuff, i kinda shared my config when i asked about WOL problems in another post, if it is relevant). My ADSL provider uses an old modem/router that is in BRIDGE mod...

rcocchiararo

As weird as i find it, it turns out that the MICROSOFT driver for all my ethernet cards that gets installed for windows 10 DISABLES Wake on Lan somehow.

Installing the realtek one for my 2 computers that have a realtek device fixes it.

My older pc with an nforce4 chipset has no luck

rcocchiararo

I got an older PC that i used to wake remotedly to test, and same results.

rcocchiararo

Hi there Today i tried adding yet more usefulness to my RB951G-2HnD with Wake On Lan, but i am failing.. I tried with the wol command from the microtik, wakeonlanx on windows and wake on lan app from my phone: tool wol mac=00:1D:7D:A2:64:8D tool wol mac=00:1D:7D:A2:64:8D interface=ether3-slave-local...

Search found 41 matches