Community discussions

MikroTik App

Search found 48 matches

by dave864
Tue Aug 25, 2020 11:21 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

I removed the Source address and it made no difference. I don't know if I'm imagining it but now I have a simple Mangle on Prerouting, it appears that some web pages are stalling. Is it correct to simply have a single prerouting mangle rule covering the lan (for each WAN)? add action=mark-routing ch...
by dave864
Mon Aug 24, 2020 12:00 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

I had another go at doing the mangle without conn marks and I think that worked. add action=mark-routing chain=prerouting comment=WAN1 dst-address-list=!to_WAN2list new-routing-mark=to_WAN1 passthrough=no src-address-list=to_WAN1list add action=mark-routing chain=prerouting comment=WAN2 dst-address-...
by dave864
Mon Aug 24, 2020 11:12 am
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

Just a note: you don't need to mark connections in your setup, as you mark connection for every packet from LAN, and then mark routing for every packet from LAN using connection-mark you just set. You can mark routing directly. Unless you're using those marks in Filter or NAT for some reason... Any...
by dave864
Mon Aug 17, 2020 9:16 am
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

From the bits of information you've posted instead of the complete configuration, I assume that you didn't get the purpose of setting the connection-mark in the /ip ipsec mode-config row. You can use src-address-list , connection-mark , or both, but if you use both, packets need to match both to ge...
by dave864
Fri Jul 24, 2020 9:45 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

Hi Note,
If you have a rule that marks a connection, and then a rule to mark a route then you must have passthrough = YES on the mark connection. That way, the processing can drop onto the route mark rule.
by dave864
Wed Jul 22, 2020 6:34 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

2020-07-22v2.png I think I know the problem: Mangle. My Ether7 and Ether6 inputs are mangled to WAN1conn and WAN2conn. So when my traffic on WAN1 swaps to WAN2, the incoming traffic gets conn marked as WAN2conn while its out going traffic remains at a WAN1conn mark. Do you agree, is this the problem?
by dave864
Wed Jul 22, 2020 6:13 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

Do you use VRF there?.. > no to_WAN1 data flows through WAN2 What error does, for example, 'ping' return on the client? Is it timeout? Did you check where actually packets marked as to_WAN1 go? No idea what VRF is. I do not use BGP or anything. This router is in my house, I plugged 2 mobile broadba...
by dave864
Wed Jul 22, 2020 5:06 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

Normal: WAN1 and WAN2 working 0 X S ;;; Local LTE dst-address=0.0.0.0/0 gateway=192.168.42.129 gateway-status=192.168.42.129 inactive check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_ISP2 1 A S ;;; DEFAULT route for WAN2 devices to WAN2 dst-address=0.0.0.0/0 gateway=8.8.4.4 gat...
by dave864
Wed Jul 22, 2020 2:35 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

Yes, that is correct. For to_WAN1, When the modern on ether7 goes down then I expect it to switch to ether6. While that does happen in the router, additional dynamic rule is created. And the traffic does not actually flow to ether6. When I delete the dynamic rule traffic still does not flow. By dyna...
by dave864
Wed Jul 22, 2020 11:08 am
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

to_WAN1 and to_WAN2 So I have removed the old testing rules. So everything listed is used except the LTE rule 0 and the currently the blackholes are not active. 0 X S ;;; Local LTE dst-address=0.0.0.0/0 gateway=192.168.42.129 gateway-status=192.168.42.129 inactive check-gateway= scope=30 target-scop...
by dave864
Mon Jul 20, 2020 10:52 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

I removed the DAS dynamic entry - again. happens whenever a connection drops. 2020-07-20 (2).png Now I get this: 0 X S ;;; Local LTE dst-address=0.0.0.0/0 gateway=192.168.42.129 gateway-status=192.168.42.129 inactive check-gateway=ping distance=2 scope=30 target-scope=10 routing-mark=to_ISP2 1 A S ;...
by dave864
Mon Jul 20, 2020 10:47 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

I had changed WAN1 to now be fully Conn marked. So now both WAN1 & WAN2 devices have conn marks. I obviously have the Route marks set in Mangle too. Today I had an outage on WAN1. I turned WAN1 off and all the WAN1 devices did not switch over. The route did change to the backup. However, a Dynamic r...
by dave864
Wed Jul 15, 2020 10:22 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

WAN2 have a connection mark.
WAN1 does not. Could that be the source of the problem you think?
by dave864
Tue Jul 14, 2020 9:27 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 89
Views: 17376

Re: Advanced Routing Failover without Scripting

I have tried this method of load balancing with fail over. While I am able to successfully load balance; WAN1 without any routing marks but WAN2 with routing mark to_WAN2 Using Address lists and Mangle I now have most traffic on WAN1 but 2 devices on WAN2. When WAN1 or WAN2 are power cycled, the rec...
by dave864
Wed Jul 08, 2020 7:32 pm
Forum: RouterOS v7 BETA
Topic: Chateau LTE won't get an IP, 7beta8 [SOLVED]
Replies: 2
Views: 1111

Re: Chateau LTE won't get an IP, 7beta8 [SOLVED]

Thank you!

Just bought Chateau. Worked out of the box but upgraded to Beta8 and it broke LTE.

These commands worked:
/interface lte apn add apn=internet use-network-apn=no
/interface lte set lte1 apn-profiles=internet

Didn't do the IPv4 bit. For another day!
by dave864
Sat Jul 04, 2020 12:07 am
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

Hey, that works.
Web pages are going through better and google now works.
Thanks - very much appreciated

Just ran speed tests to the free ProtonVPN in NL and it is doing 20mbs both ways. vast improvement
by dave864
Fri Jul 03, 2020 11:59 pm
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

Tunnel = un-ticked
Source = 0.0.0.0/0
Dest = 192.168.50.0/24
protocol = 255(all)
Template = un-ticked

Action = none
Level = require
IPsec Proto = esp
Proposal = ProtonVPNproposal or should this be default?
by dave864
Fri Jul 03, 2020 11:48 pm
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

My IPsec policy is a template.
Are you saying I create the exact same thing but set it as not a template and set action to none?

I don't understand that. You're suggesting that the ICMP packets are incorrectly being pushed through the tunnel instead of back to the lan
by dave864
Fri Jul 03, 2020 11:25 pm
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

Hi Sindy,
Your second point about IPsec and mtu. I am confused.
I understand the mtu and your reasons but not sure how to solve it with the additional rule. Is that a firewall rule or something I setup in NAT or IPSEC?
by dave864
Fri Jul 03, 2020 12:23 am
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

The free server is a bit funky. I get some web pages working fine, Google webpage/search doesn't work at all. DNS does though although I use 8.8.8.8 and 1.1.1.1 so no idea if my dns switched provider. This issue might be my config and not related to the free server. Anyway, speedtest net mobile app ...
by dave864
Fri Jul 03, 2020 12:00 am
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

Well what da-ya know?!?!? I did it!!!! Thanks Sindy. I had not done that part. https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS substitute for ProtonVPN, got an address (free server) in Netherlands got my IKE details from my ProtonVPN account Got cert from: https://protonvpn.com...
by dave864
Sun Jun 28, 2020 1:16 am
Forum: General
Topic: ProtonVPN on Mikrotik
Replies: 43
Views: 10409

Re: ProtonVPN on Mikrotik

I get
Can't verify peers certificate from store
Peer failed to authorise

Any ideas?
by dave864
Tue Jun 09, 2020 10:06 am
Forum: Beginner Basics
Topic: Use two WANs at same time (not Load Balancer)
Replies: 11
Views: 1935

Re: Use two WANs at same time (not Load Balancer)

I do not have any fast-track firewall rules. I don't think fast-track is enabled. I looked in IP\Settings and the Fast Path is unchecked (think that is something entirely different though) I do have route cache enabled though - don't know what that does? I use simple queues and remember there was a ...
by dave864
Sun Jun 07, 2020 12:11 am
Forum: Beginner Basics
Topic: Use two WANs at same time (not Load Balancer)
Replies: 11
Views: 1935

Re: Use two WANs at same time (not Load Balancer)

I don't understand the 2nd and 3rd Prerouting.... If I untick PASSTHROUGH on the 2nd. OR I move the 3rd up to position 2 then the connection fails. I have removed the Connection Mark from the NAT and all is ok. But the problem above is still apparent. NAT Chain=Src NAT, Out Interface=LTE1, Action= M...
by dave864
Sat Jun 06, 2020 11:45 pm
Forum: Beginner Basics
Topic: Use two WANs at same time (not Load Balancer)
Replies: 11
Views: 1935

Re: Use two WANs at same time (not Load Balancer)

Ok. Got it. ISP1 is ADSL ISP2 is LTE I've got the unique device MAC marked and placed into an address list DeviceToISP2 - done in MANGLE Firewall For now, I've put a block all INPUT chain from LTE1 Mangle - Untick Passthrough except for where mentioned PREROUTING - In interface=LTE1, Action=Mark Con...
by dave864
Sat Jun 06, 2020 6:30 pm
Forum: Beginner Basics
Topic: Use two WANs at same time (not Load Balancer)
Replies: 11
Views: 1935

Re: Use two WANs at same time (not Load Balancer)

I'm trying to do the same.
I have tried packet marking all from a device single IP on LAN and using Routing. But this still does not work.
Any ideas?

I only want one device to pass through WAN2 while all other traffic to go through WAN1
by dave864
Sun May 24, 2020 5:11 pm
Forum: General
Topic: DNS over HTTPS
Replies: 139
Views: 27436

Re: DNS over HTTPS

This is great news.
Does anyone know the url to fetch the google cert?
by dave864
Sat Jun 01, 2019 9:24 am
Forum: General
Topic: Please add the ability to choose Proposal
Replies: 11
Views: 2355

Re: Please add the ability to choose Proposal

Why is the use-ipsec=yes a bad thing?
by dave864
Sun Apr 07, 2019 10:50 pm
Forum: Announcements
Topic: v6.44.2 [stable] is released!
Replies: 67
Views: 20355

Re: v6.44.2 [stable] is released!

I don't know when it happened but the kid controls don't appear to accept times anymore. Not that it's important in the grand scheme of things.
It was working when it accepted only the allowed times but Mikrotik decided to add on times and off times which is odd.
by dave864
Sun Apr 07, 2019 12:32 am
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 133
Views: 95086

Re: Add DNS over HTTPS (DoH) support

+1
About time DNSCrypt or DNS over TLS was implemented.
by dave864
Tue Feb 12, 2019 5:35 am
Forum: General
Topic: Assistance with kid control
Replies: 1
Views: 652

Re: Assistance with kid control

Strange. I have mine setup the same way. My kids Mac address is set and the hours it can be active - not blocked, are set. And yes, the guide was not entirely helpful. Once blocked, you should see a B next to the device Includes the kids menu. Also, a firewall will is created at the top of your fire...
by dave864
Tue Feb 12, 2019 5:27 am
Forum: General
Topic: Mikrotik as IPSec/IKEv2 client
Replies: 10
Views: 9194

Re: Mikrotik as IPSec/IKEv2 client

I'm not sure anyone really knows how to do this as I've asked similar questions. I've tried using certificates but they just don't work. The guide is not very good and I think it needs updating with a fool proof step by step instructions list - with pictures! I'll be watching this thread for a solut...
by dave864
Sat Dec 01, 2018 10:49 pm
Forum: General
Topic: OpenVPN and Android
Replies: 10
Views: 11841

Re: OpenVPN and Android

My internal IP is 192.168.60.1 for the vpn elements.
Perhaps some of my error is with the certs so can we start there please?

Every guide ive read does the certs differently for SAN and most guide assume knowledge and miss out tons of details. I just can't get this working.
by dave864
Sat Dec 01, 2018 10:47 pm
Forum: General
Topic: OpenVPN and Android
Replies: 10
Views: 11841

Re: OpenVPN and Android

Could anyone help provide a real idiot guide to ovpn with Mikrotik and Android please? I have tried making a cert and configuring the ovpn client but can't get it to work. I have tired my certs generated, inside my Mikrotik, with L2TP and can't get that working either. All I can use is preshared keys!
by dave864
Sun Jul 01, 2018 4:05 pm
Forum: General
Topic: Wireless beacon interval and DTIM missing
Replies: 20
Views: 8382

Re: Wireless beacon interval and DTIM missing

+1
I have an iot gadget that needs DTIM or beacons to be spaced out. DTIM works brill at 7. My choice was that or change beacons to 200 / 250 ms
by dave864
Wed Oct 04, 2017 12:05 am
Forum: General
Topic: Feature request: CAPsManager - roaming
Replies: 80
Views: 28586

Re: Feature request: CAPsManager - roaming

Any equipment you buy today will support 11r and 11k. Anything in the last 2 years will too. Almost all iPhones supported these standards for several years.

These standards are supported in all modern WiFi chipsets. It's up to vendors to implement on top.
by dave864
Tue Oct 03, 2017 11:51 pm
Forum: General
Topic: Feature request: CAPsManager - roaming
Replies: 80
Views: 28586

Re: Feature request: CAPsManager - roaming

I use edimax wap1750 with 11r and 11k. 11r gives a FT on my SSID decode data using WiFi analyser android application = [WPA2-PSK+FT/WPA2-CCMP][ESS] All clients - android phones and tablets - connect and roam except 1 laptop with old Intel WiFi. 11n I think. In that case it connects but falls asleep ...
by dave864
Sun Nov 20, 2016 5:02 pm
Forum: General
Topic: Throttle Windows Updates
Replies: 32
Views: 17709

Re: Throttle Windows Updates

Thanks KAAS for the L7 work. it's very useful.
by dave864
Sun Nov 20, 2016 11:20 am
Forum: General
Topic: Youtube bandwidth load blance with real bandwidth
Replies: 11
Views: 1907

Re: Youtube bandwidth load blance with real bandwidth

Use a L7 filter, mangle and a simple queue. /ip firewall layer7-protocol add name=MicrosoftUpdates regexp="^.+(update.microsoft|windowsupdate|download.microsoft|wustat|ntservicepack).*\$" /ip firewall mangle add action=mark-packet chain=prerouting comment="ms list dst" layer7-protocol=MicrosoftUpdat...
by dave864
Sat Oct 29, 2016 11:50 am
Forum: RouterBOARD hardware
Topic: Mikrotik OLT ?
Replies: 6
Views: 3186

Re: Mikrotik OLT ?

Just Google it. No offence. I tried coaxial direct copper. This has the SFP+ integrated to the cable. It works perfectly at 10G speeds. I should think that most if not all SFP/SFP+ modules will work. Although you should be looking at SFP+? I remember reading a few issues but don't remember the brand...
by dave864
Sat Jul 02, 2016 2:15 pm
Forum: General
Topic: Simple Queue question
Replies: 13
Views: 1884

Re: Simple Queue question

It does look like the way I have it setup is to try and reserve or guarantee a minimum service. But that any one user can use all the capacity if available. To have 5 users, each will need to be manually setup with ip addressed and have a queue each. Seems like hard work. Is there another way of doi...
by dave864
Thu Jun 30, 2016 11:37 pm
Forum: General
Topic: Simple Queue question
Replies: 13
Views: 1884

Re: Simple Queue question

Err. Just done a quick test on 6.34.6 it appears the simple queue isn't working. Both limit at and max limit are not working as I thought they did. I'll do some more testing tomorrow night, but you might be right with the limit at setting reserving capacity. If that's true then either set a simple q...
by dave864
Thu Jun 30, 2016 11:22 pm
Forum: General
Topic: Simple Queue question
Replies: 13
Views: 1884

Re: Simple Queue question

The PCQ type works very well for me but..... PCQ is per connection queueing. From what I understand, it detects a connection based on ip. I haven't tested it for a while but I could be wrong on its effect. I'll test this weekend to find out. I seem to remember having it allow an individual user to u...
by dave864
Thu Jun 30, 2016 11:03 pm
Forum: General
Topic: Simple Queue question
Replies: 13
Views: 1884

Re: Simple Queue question

The limit at parameter tells the router to give 2M to reach IP. The max of the connection is 10M. The PCQ type will use this information to try and guarantee 2M per ip. So.... Say you have 2 users. Each will get 2M. Total used will be 4M Say you have 5 users, each gets 2M with total 10M. Say you hav...
by dave864
Thu Jun 23, 2016 10:50 pm
Forum: General
Topic: Simple Queue question
Replies: 13
Views: 1884

Re: Simple Queue question

Target = 192.168.0.0/24
Max limit = 10M
Limit at = 2M
Queue type = PCQ-UPLOAD-DEFAULT and also PCQ-DOWNLOAD-DEFAULT


I have one for the ISPQueue connection /16 and one for each smaller /24 group. These smaller groups has the main ISP queue linked using the PARENT=ISPQueue setting
by dave864
Mon Jun 13, 2016 12:24 am
Forum: RouterBOARD hardware
Topic: Is my 2011 dead after firmware update and config reset?
Replies: 11
Views: 2035

Re: Is my 2011 dead after firmware update and config reset?

Not sure if you solved your setup. I use simple queues assigned as PCQ. "Max" is limit of broadband, "limit at" is the guaranteed minimum. Simple queues can be IP ranges or i think, individual IP address. It doesn't use ports. So, in your case, I would bridge all together for the LAN and use the sim...
by dave864
Sun Apr 10, 2016 12:39 pm
Forum: General
Topic: Simple queues, total counters
Replies: 1
Views: 827

Simple queues, total counters

Hi, When I setup a simple queue using PCQ, the total counters do not increment. PCQ download and upload are OK. The queue functions correctly. With default-small for the total, the counters remain blank. But, set the total to default and the counters start working. Very odd. Is that the correct setu...
by dave864
Sat Mar 26, 2016 12:24 pm
Forum: Wireless Networking
Topic: Wifi keeps mobile device awake? [keepalive packets]
Replies: 81
Views: 31738

Re: Wifi keeps mobile device awake? [keepalive packets]

On my edimax pro, mine were defaulted to 300s. We have no issues with android gear and have no apple stuff yet. But I can change it to 65535s max. I chose 12h. On the edimax the setting, if the same, is called station idle time out. I've already ordered a couple of mikrotik APs to test. So I hope th...