Community discussions

MUM Europe 2020

Search found 24 matches

by sopro
Tue Sep 11, 2018 6:59 pm
Forum: Wireless Networking
Topic: Bad bandwidth performance hAP ac
Replies: 3
Views: 763

Re: Bad bandwidth performance hAP ac

https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack Thanks Adahi, is this the reason of why I get not even half of my ISP's broadband speed? If this is the solution, how is it implemented? Shouldn't this be acivated by default? I permanently install and recomend Mikrotik routers, but many users are ...
by sopro
Tue Sep 11, 2018 5:09 am
Forum: Wireless Networking
Topic: Bad bandwidth performance hAP ac
Replies: 3
Views: 763

Bad bandwidth performance hAP ac

Hi, My ISP provides 400Mbps Directly connected by cable to the gateway I get 400+Mbps speedtest Wired through the Mikrotik hAP ac I can't get that speed, max about 250Mbps (Gbps LAN card) WiFi I get max 150Mbps when connected to the 5G signal and doing a speedtest.net from my DELL E5470 notebook wit...
by sopro
Fri Jan 19, 2018 5:59 am
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

SOLVED!!
It was just a problem of another port, my NVR uses sdk port 6060 and media port 7070
No need of src-nat rule, special routes, no mangle, no netmap, etc.
You just need to have a vpn running and a dst-nat rule at the server router.
Thanks all for your help
by sopro
Fri Jan 19, 2018 4:18 am
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Maybe it is easier to make first a site to site SSTP and you have to put a route in it so the traffic knows where to go.

https://wiki.mikrotik.com/wiki/Manual:I ... -Site_SSTP
Thanks for your reply
The picture shows I already made a site to site SSTP tunnel
by sopro
Fri Jan 19, 2018 2:51 am
Forum: Beginner Basics
Topic: Route WAN traffic over IPSec tunnel possible?
Replies: 10
Views: 3665

Re: Route WAN traffic over IPSec tunnel possible?

IPSec policy set up to encrypt between 10.0.0.0/16 and 192.168.66.0/24 If you do this, then only traffic between 10.0.0.0/16 and 192.168.66.0/24 will pass through IPSec tunnel, nothing else. That's the problem with plain IPSec tunnels, they don't work like "normal" tunnels where you have regular in...
by sopro
Fri Jan 19, 2018 1:39 am
Forum: General
Topic: port forward to VPN
Replies: 14
Views: 9847

Re: port forward to VPN

On CRS: /ip firewall nat add action=masquerade chain=srcnat out-interface=<vpn-client-interface> It will make all forwarded connections look like they come from address at server's end of tunnel and it will allow replies to be routed the correct way (back to tunnel). If you keep original source add...
by sopro
Fri Jan 19, 2018 1:22 am
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Image
by sopro
Thu Jan 18, 2018 4:45 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Its easy. Here is how I used dst-nat to access winbox behind a public IP. /ip firewall> add action=dst-nat chain=dstnat comment="DST NAT for \"Tiny Tik\" Moms Wifi Router" \ port=31 protocol=tcp src-port="" to-addresses=192.168.1.31 to-ports=8291 add action=dst-nat chain=dstnat comment="To RB2011" ...
by sopro
Thu Jan 18, 2018 4:21 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Just connect to your router through a VPN on your phone. I can do this easily on my android, and then view it that way. Thanks for your reply. I've done that using my android phone, and it works fine. Matter is this cameras belong to a customer. She doesn't know (nor want to learn) how to connect t...
by sopro
Thu Jan 18, 2018 2:42 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

This: /ip firewall nat add action=masquerade chain=srcnat Should be more specific, for example add the out-interface otherwise it will NAT everything. You can also put more specific rules before the masquerade, so you are sure the latter will not interfere. To better understand this situations I fi...
by sopro
Wed Jan 17, 2018 8:40 pm
Forum: Beginner Basics
Topic: Routing through VPN
Replies: 4
Views: 1519

Re: Routing through VPN

I've added a NAT rule on the RouterOS to forward port 1022 to the SSH server: /ip firewall nat add action=dst-nat chain=dstnat dst-port=1022 in-interface=ovpn-sw1 protocol=tcp to-addresses=192.168.0.136 to-ports=1022 I've also added these rules to route back the response packets to the Linux server...
by sopro
Wed Jan 17, 2018 8:27 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

NVR needs to know where to send the reply packet, so the router on remote site it should have the gateway through the VPN. If you cannot do this, you can workaround by src-nat the packet with an IP from the local router (e.g. 192.168.77.1) which is reachable from the NVR. I can access the router on...
by sopro
Wed Jan 17, 2018 6:02 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

I know this has a solution, I've read a lot of them but do not know how to implement them. Some solutions I've tried: 1.- Mangle in the remote site router and redirect through a route: https://forum.mikrotik.com/viewtopic.php?f=13&t=114319 or https://forum.mikrotik.com/viewtopic.php?t=78664#p394987 ...
by sopro
Wed Jan 17, 2018 5:42 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Does the packet counter for src-nat rule increment?
If you want to mark packets then you can bind to that packet mark for the src-nat to work.
No, it doesn't increment
by sopro
Wed Jan 17, 2018 4:54 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

That is what it shows when I try to connect with my smartphone from outside.
Don't know how to redirect the packets.
Is there something wrong?
Shall I change the routes in the remote site in some way?
by sopro
Wed Jan 17, 2018 4:36 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Local site: WAN: something.sn.mynetname.net LAN: 192.168.77.1/24 VPN: 10.10.10.1 /ip firewall nat add action=masquerade chain=srcnat add action=dst-nat chain=dstnat comment=NVR port forward dst-port=6060 protocol=tcp to-addresses=192.168.10.102 to-ports=6060 [admin@MikroTik] /ppp active> print Flag...
by sopro
Wed Jan 17, 2018 3:29 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

You then need to match the packets you already dst-natted.
How to match the packets?
by sopro
Wed Jan 17, 2018 3:14 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Thanks for your help.

I added that rule but no success.

I read something about marking packets, I've tried that too but maybe I am doing something wrong cause still can't see the cameras.
by sopro
Wed Jan 17, 2018 2:07 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

Re: dst-nat through VPN [SOLVED]

Can you help me with an example of how to do that in Winbox?
by sopro
Tue Jan 16, 2018 9:26 pm
Forum: General
Topic: dst-nat through VPN [SOLVED]
Replies: 26
Views: 6523

dst-nat through VPN [SOLVED]

Hello, I need to view remote ip cameras using a mobile phone app. NVR is in remote site, can't access through public ip. Remote site 192.168.10.0/24 and local site 192.168.77.0/24 connected through VPN SSTP I can access remote site with no problem if connected to my local site, so VPN works. I would...
by sopro
Sun Sep 10, 2017 12:39 am
Forum: Wireless Networking
Topic: RouterBoard hAP AC Slow wireless performance.
Replies: 35
Views: 11131

Re: RB751U-2HnD - poor wireless performance & problems

Hi, I have a hAP ac RouterBOARD 962UiGS-5HacT2HnT Bad wirelss performance. I did /interface wireless export compact: # sep/09/2017 18:35:49 by RouterOS 6.40.3 # software id = LQRI-ZAIT # # model = RouterBOARD 962UiGS-5HacT2HnT # serial number = 6737054B278D /interface wireless set [ find default-nam...
by sopro
Thu Apr 06, 2017 4:02 am
Forum: Beginner Basics
Topic: Firewall Filter Restriction
Replies: 15
Views: 1996

Re: Firewall Filter Restriction

Create a DNS name like: /ip dns static add name=www.facebook.com address=127.0.0.1 Or to an IP with web server and block page. It's a solution instead of layer 7, like normis said. Sent from my XT1225 using Tapatalk Hi, I did this redirecting facebook requests to my web server 192.168.0.3 (IIS) Wit...
by sopro
Sat Mar 19, 2016 2:59 am
Forum: General
Topic: VPN Windows 10
Replies: 3
Views: 1484

Re: VPN Windows 10

I can connect from one place but not from another using exact same configuration, same notebook, same ISP, just different public ip address.

VPN client windows 10
VPN settings automatic using user and password
by sopro
Tue Mar 15, 2016 1:41 pm
Forum: General
Topic: VPN Windows 10
Replies: 3
Views: 1484

VPN Windows 10

Hi, I am using Windows 10 to establish a VPN connection from my notebook to a RB951G-2HnD placed in my office. When in my apartment everything works excellent and connection is inmediate, but when in my brother's apartment (Same ISP, same client notebook, etc) or somewhere else I can't establish tha...