MikroTik

csalcedo

Anyone know if Zerotier will be soported on LtAP.
This would be an eaxtreamly usefull package to be able to connect to the device when using LTE and CGNAT..

csalcedo

Looking to buy this card since it does support all the 4G bands where I live (2,4,7,28,66). I have only seen one thread that looks like it does work? (https://forum.mikrotik.com/viewtopic.php?f=1&t=169829&p=854986&hilit=l850#p854986) it states that Mikrotik sees the card as ppp. What doe...

csalcedo

Hi guys, I have a situation that requires a site 2 site vpn. The other side is a fortinet with the following configuration. I just need to know if I would be able to configure a connection from a MTik using the fortinet configuration. It is not possible to change any configuration on the fortinet.. ...

csalcedo

Just installed v7.1beta1 on an RB2011 and found that if I plug in on ports ETH6-ETH10 the port LED does not turn on but if I plug into ETH1 both port 1 and 6 Leds turn on. This happens the same for ETH2 (turns on 2 and 7 and so forth) 3, 4 and 5
Otherwise looks ok

csalcedo

tried to install from packages menu to update but I get the following error:
missing routeros-smips-7.1beta1.npk
Unit is hap lite (for testing)
not sufficient space to download and move to files (manual mode)

csalcedo

The only way to get to the CGNAT router is via the vpn established between the public and CGNAC router

csalcedo

Ok I think that i more of what you are trying to do... You are in vpn using l2tp/ipsec to public MT. from your pc (connected to public ip MT) you are trying to winbox into lan ip of CGNAT lan ip. is this correct? I would like to have the complete exports (without passwords or public ip or any sensit...

csalcedo

Ok, I am a little confused.. You are trying to open a winbox session from the lan side of your internet MT to your CGNAT lan ip and not able to? You may need to add /ip firewall nat add action=accept chain=srcnat dst-address=(Lan Network Internet MT) src-address=(Lan network CGNAT) Should be the fir...

csalcedo

On your public mikrotik dont add a default route.. add a specific route like:
/ip route
add distance=10 dst-address=(lan network of cgnat network) gateway=(l2tp interface)

csalcedo

can you ping from the lan ip on the public ip Mikrotik to the CGnat lan ip?
post configs to see better

csalcedo

yes i did paste into winbox..

csalcedo

I tried this today and I was not able to get this to work..
I got it to log in and it showed as connected in the dashboard but was never able to connect to it using the link:port..
I tried sending an email to support but he email does not work..
Dont know whats going on..

csalcedo

Well i was like 90% there with your guys help..
Then i just tried al kinds of tweeks until bingo

csalcedo

Thanks everyone... this worked for me (changed port 2 to port 5) This was the trick: add independent-learning=no ports=ether1,ether2 switch=switch1 vlan-id=1 and vlan leave-as-is for this switch chip # mar/07/2020 12:42:16 by RouterOS 6.46.4 # # model = 960PGS /interface bridge add name=bridge1 prot...

csalcedo

Thanks for the response anav.. Switching is fine but the requirements are untagged vlan 1 on ether1 and tagged 189 on ether 1 (cisco equivalent to trunk? ether 2 untaged vlan 1 (cisco equivalent access port vlan 1 native/untagged) ether 3 untagged vlan 189 (cisco equivalent access port vlan 189 nati...

csalcedo

I wish it was SWOS (that I know how to get working.. super simple ,like me) but that device uses ROS and I am at a loss...

csalcedo

only switch.. everything is turned off. no firewall no dhcp, nothing...

just bridge1 with all 5 ports part of that bridge.

csalcedo

Thanks for the reply
I am using RB960PGS

csalcedo

Hi Guys, I just cant seem to get my head around a simple vlan config. ver 6.46.4 eth1 comes from a ubiquity switch that has the lan port configured with vlan 1 (Native) as un tagged and vlan 189 as tagged. eth4 is vlan 1 native (part of bridge that has eth1,2,3,4,5) eth3 needs to be an access port t...

csalcedo

what about the other side?

csalcedo

Add a route on both sides using the l2tp interface..

csalcedo

Ok,
what is the default userman user/password..

how about a quick rundown on changes.. it looks like everything is done via CLI now?

csalcedo

I installed 7b4 and the user-manager package. It shows as installed in the log and the system-->package list (also installed the other packages LCD, Calea etc these work without problems). There is no command in the CLI under tool and no response to calling via http. Am i missing something? this is ...

csalcedo

Esta configurado tu regla de NAT para las 2 redes?..
Exporta la configuracion para poder ayudar mejor..

Is your NAT rule made for both of your networks?
Export your config to better help

csalcedo

/32 means that its just that specific address. if you wanted to use the network use 192.168.88.0/24
Post the config to see what your configuration looks like for the other problem

csalcedo

If I understand correctly port 37777 is already being port forwarded, correct? now you need more machines visible from the outside to this same port, correct? If my assumptions are correct you need to do port translate (dest-nat). Something like this: /ip firewall nat add action=dst-nat chain=dstnat...

csalcedo

Just fyi..
I have Teltonika to Mikrotik working fine with pure ipsec.. super simple and avoids the tcp/udp problem with the ovpn.
let me know if interested...

csalcedo

are you using l2tp over ipsec?

csalcedo

Solved!
Just needed to delete the profile "Lyon" and just use the dynamic profile that was created for the L2tp-ipsec configuration for all the dynamic VPNs.
Same password etc..

csalcedo

Hi guys, I have a problem with site-to-site ipsec vpn and l2tp-ipsec config. When I have just site-to-site ipsec vpns enable I am able to get my sites to connect without any issues. When I then enable l2tp-ipsec client one of 2 things happens... 1. all my sites maintain connection and also l2tp-ipse...

csalcedo

Hi Guys, I am having some trouble with limiting total bandwidth of a hotspot. I have a 100M link that I share with another firewall. I want to limit the total bandwidth that the hotspot uses to 70M leaving 30M for the other firewall. I also limit the individual bandwith of each user of the hotspot t...

csalcedo

RB4011iGS+5HacQ2HnD-IN

csalcedo

First... lose the all caps... thats like shouting....
second.. post configs of both routers..
third.. help will arrive

csalcedo

Of course but....
You have to tell your ISP to route the branch office network to the internet..
Probably a simple route statement...

csalcedo

This will print the oids for the intefaces...

/interface> print oid

csalcedo

Correct... hard to give the full answer when we dont have a config...

csalcedo

mtik.jpg

connect isp utp directly to Mikrotik ether1
connect your home router to etherXX (any open port)
create a new bridge
make ether1 and etherXX part of that bridge.
Done

csalcedo

First you need to do a binding of the MAC-IP of the camera. /ip hotspot ip-binding add address=10.5.51.11 mac-address=XX:XX:XX:XX:XX:XX type=bypassed (change XX:XX:XX:XX:XX:XX to the MAC address of your camera). This allows the camera to bypass the hotspot. next do a destination nat rule in firewall...

csalcedo

Your statement ion forwarding port 80 is incorrect. You are talking about a DMZ situation in wich all incoming trafic is routed to your IP. What you want is only UDP port 1194 to the ip of your pie. This can be done. Will they do it is the million dolar question.....I assume that you need this as an...

csalcedo

you can do this:

/interface bridge filter
add action=drop chain=input in-interface=ether3 src-mac-address=!D0:BF:9C:9B:70:07/FF:FF:FF:FF:FF:FF

only mac D0:BF:9C:9B:70:07 is allowed on ether 3 ..
This will do what you want....

csalcedo

Español: Requerda que si el usuario no esta autentificado no puede pasar a la internet. el problema (creo) es que el Mikrotik nunca recibe el mensaje de autenticad de tu app. (supongo porque no se como funciona tu aplicacion) Mas detales de como funciona podria ayudar. English: Remenber that if the ...

csalcedo

Yes you are correct...
Just another way to do it but you are right its better with your method

csalcedo

Thanks Sob Worked like a charm . Go to network connection properties of the vpn connection Select ipv4 properties Advanced unselect "Use default gateway on remote network" If you configured your l2tp addresses in the same range as the remote network you are golden. If it different then you...

csalcedo

Hi Guys, I have created a l2tp/ipsec tunnel from a windows 10 client (using native windows client). It works fine except that what I would like is that only the trafic destined for the remote networks pases over the tunnel. At his point all trafic is routed to the remote MT. Can someone point out wh...

csalcedo

I have a hotel that does exactly this.. In Opera they create a temporary table that merges the guests last name with the room number (and does a check to see if they are in checked in state) like this: Perez2002 They update the table every 5 minutes so when they check out they drop from the table. T...

csalcedo

Post your config.. It will be easier to help..

and yes no ip needed on any vlan

csalcedo

Post your config.. It will be easier to help..

csalcedo

Unfortunately for you this is working correctly. All subsequent connections from the nat router use the same IP/MAC that authenticated so the hotspot thinks its all the same user. You need to not use nat in your router. If its a home router (WiFi with a wan port and some lan Ethernet ports) then dis...

csalcedo

For anyone looking for this answer. This was a response I received from Mikrotik Support By default led1-led5 are assigned for modem-signal strength. The whole modem-signal strength range is [-113..-51] and the modem-signal-threshold increases the weakest signal limit to -91 so the signal range for ...

csalcedo

Its not the hotspot that has the issue. on android there is an "internet check" that it does (goes to some site to se if it responds on connection). The only way get around this is for the mikrotik to spoof the web address that its looking for. you can try wireshark and see what the androi...

csalcedo

Hi Guys, I have an SXT LTE that is set by default on the System/Led trigger/modem signal Modem Signal Threshold to -91. Can someone tell me how the other Leds are set? I think led 1 is if its connected to the cell but the others I dont know what their settings are. [admin@MTK] /system leds> print Fl...

csalcedo

Hi guys, I am looking to deploy 15 ipsec vpn sites to a central site. I am thinking of using an RB1100AHx4 as the central unit and the RB750Gr3 at the branch sites. max link would be 10m for each site (some less). Lets say I have 10m at each site this would geve me a total of 150m of VPN traffic at ...

csalcedo

Hi guys, I am trying to figure out how to prioritize VPN traffic. I have a site to site ipsec vpn working. At the main site I have a 20 meg link and at the branch site I have an adsl (8 meg down, 600k up). What I would like to do is is have the vpn traffic have #1 priority over all the rest of the t...

csalcedo

OK, now what format? spaces, coma newline for next device?

ipaddress, user, password, note ?
1.1.1.1, admin, admin, test

csalcedo

Yea I got that... What format does the file need to be in?

csalcedo

anyone now how to import address and password into the app?

csalcedo

If you are using backup this will copy the mac address.. Its used to restore to the same device.
Use export then import to the new device..

csalcedo

I am trying to do this but have been unable to...

Can you share a conf of this working?

csalcedo

Do the following: disconnect the dsl modem and connect it to ether 2 of the MikroTic add ip address of 192.168.1.2/24 to ether 2 add route 0.0.0.0 gateway 192.168.1.1 firewall add srcnat from 192.168.77.0/24 out ether1 (or if you can add route in dsl modem 192.168.77.0 --> 192.168.1.2) Be sure that ...

csalcedo

Hi Guys, I am having an issue with an EOIP tunnel (I think). I have 2 sites that are connected via an MPLS link at 100M. Due to an issue with migration an EOIP tunnel had to be created between the 2 sites. Some VMWare servers are at Router 2 site and a replication VMWare server is at Router 1 site. ...

csalcedo

Can the Mikrotik ping anything on the 10.10.1.0 network? if not then you need a route on the mikrotik that points to 10.10.2.1
I.E. 10.10.1.0/24 --> 10.10.2.1
That should get you to the 10.10.1.0 network

csalcedo

Looks like it is supported in RC40.. try it

csalcedo

Got this working.. this is the config: /interface ethernet set [ find default-name=ether10 ] master-port=ether9 /interface vlan add interface=ether9 loop-protect-disable-time=0s loop-protect-send-interval=0s name=vlan2 vlan-id=2 /interface pppoe-client add add-default-route=yes disabled=no interface...

csalcedo

Hi guys, I have the following situation: I have an FTTH connection wher the fibre is connected to an ONT from there it connects to a home router that has voice analog ports (vlan 6) and Internet (Vlan2). What I am trying to do (and can do in a cisco switch) is connect the ethernet port of the ont to...

csalcedo

Yup cant winbox to CHR in VMWARE 6.38RC10

csalcedo

are vlans proccesed in the cpu or in the switch chip directly ?

csalcedo

I to have the same issue with dhcp fixed to specific mac addresses. My ISP gives out "STATIC" IP addresses but tied to specific mac addresses. I would like to use only 1 physical for this..

Thanks

csalcedo

Hi guys, I have RB2011UiAS installed at a customer and he requested blocking of facebook and youtube. What I did was use the new feature of dynamic address list to create a couple of rules that do the blocking. From what I see the unit is not showing any high CPU etc. This feature is new in 6.36. Wh...

csalcedo

I was able to get the web ui updated to the version mentioned above but I still do not have dhcp options

this is the firmware version: 22.200.13.00.916
This is the web ui version: 17.100.13.01.03

Do i need a fiferent firmware version?? is so what version

csalcedo

irghost,

Can you help me on the update??. I have downloaded the update (lots of places on the internet have it) but I cant load it because the installer asks for a code of some sort... I dont know where to get the code....

csalcedo

wrong post...

csalcedo

Hi Guys, I have the following situation, I have a hap ac lite and I would like to use 2 lte usb dongles. They will be connected via a powered usb hub so power is not a problem I get the HAP to recognize each dongle separately with out issues (they come up as LTE1 and LTE2). With one plugged in ev...

csalcedo

Perfect.. works great

thanks

csalcedo

Hi Guys,

I need a script that will run every 3rd of the month.

I now i can schedule to run every 4 weeks etc but how to run every X of the month??

Maybe run once a day and check the date then parse the day then do what I need to do????
If so how to parse the date..

Thanks

csalcedo

Perfect thanks..

csalcedo

Hi Guys, I need to get the time and date via a script. I use the following :local ds [/system clock get date] log info "$ds" but i get nothing.. if I enter /system clock get date in the console I also get nothing.. If I use /system clock print then I get time: 11:01:54 date: apr/25/2016 ti...

csalcedo

Hi Sinan, I looked at traffic monitor but I get the impresion that its for bandwith not for data passed through the interface.. Am I wrong???? Here goes one... I have 2 3g/4g Ethernet routers that i am using as Wan1 and Wan2 links. What I am trying to do is the following: all traffic should go out W...

csalcedo

Here goes one... I have 2 3g/4g Ethernet routers that i am using as Wan1 and Wan2 links. What I am trying to do is the following: all traffic should go out Wan1 until I hit my data limit. The Telco gives me full speed of 4-20G until I hit my limit then throttles me to 32K. So the switch mechanism co...

csalcedo

Hi Guys, I searched the forums but was unable to find a solution that works. I have 2 3g/4g Ethernet routers that i am using as Wan1 and Wan2 links. What I am trying to do is the following: all traffic should go out Wan1 until I hit my data limit. The Telco gives me full speed of 4-20G until I hit m...

csalcedo

Hi Guys, I hope someone can help. I have 2 wan links and 1 lan link. I am balancing the wan links without problems but I am having an issue with incoming packets.. this is a drawing of my net Internet----Router Wan1-------------Mikrotik-------Router Wan2---Internet | | | LAN Between the WAN1 router ...

Search found 80 matches