MikroTik

dakotabcn

Hello! I am implementing a failover on a client with routerOS v7, it has FW 7.6 I have followed this website adapting the IPs to those of my client, but I find that invalid appears in the routes section https://help.mikrotik.com/docs/pages/viewpage.action?pageId=26476608 this is my code: note: ISP1 ...

dakotabcn

Hello! RB3011 with 7.2.2 L2TP and SSTP stop working and we have to restart the router, this happens to us since 7.2.2 We have placed a script to restart the router every 24 hours, since we do not know what is happening. We also have an OVPN with a NAS and the message log is filling me up, so many th...

dakotabcn

Hello! I have spent days investigating how to send a route to a user who connects with an L2TP VPN When the user connects he receives the IP 10.10.0.2, I want to tell him when he connects to his windows 10 that all traffic to 192.168.30.64/28 use as GW 10.10.10.1 but I can't find how to send it Is t...

dakotabcn

Hi all Until recently this script that I put below worked fine but since I put 6.49 it has stopped working The script was implemented in its day to send every night a list with the L2TP connections that happened during the day and the active connections at the time of sending the log For some unknow...

dakotabcn

i have this messages into debug ipsec use local ID type IPv4_subnet use remote ID type IPv4_subnet This is frustrating, we hope that the Cisco admin will give us the logs and the configuration, since in principle after reading several documents I find everything fine, but that message does not help ...

dakotabcn

Phase 1 is failing. You need to focus on your device IDs. On the Cisco ASA, it is as follows: ASA(config)# tunnel-group <peer IP> ipsec-attributes ASA(config-tunnel-ipsec)# isakmp identity ? configure mode commands/options: address Use the IP address of the interface for the identity auto Identity ...

dakotabcn

more info

notify: INVALID-ID-INFORMATION
fatal INVALID-ID-INFORMATION notify messsage, phase1 should be deleted.
notification message 18:INVALID-ID-INFORMATION, doi=1 proto_id=3 spi=0bdbeb0b(size=4).

dakotabcn

Hello
I have this problem, i connecta via VPN L2TP and have this problem
I not use Wifi, via local lan works fine, via VPN show empty, this router not have wireless
any idea?

dakotabcn

I think the problem is where you say, the identity is rejecting it, but we do not know how to solve it In another case we put the IP that the mikrotik's WAN had and it worked, but in this case it rejected it and we couldn't know the reason, only that we received that message, on the other side the ...

dakotabcn

I think you have at least 2 different problems. I have configured many Cisco router and ASA to Mikrotik IPSec VPNs. With IPSec, both sides need to agree on the source and destination IP addresses to be encrypted (there are certain exceptions, but they are not predictable so it is easier to ensure b...

dakotabcn

Maybe you could set a range in the Cisco that is equivalent to a subnet mask? No idea if that would work, but you can try it.
So not the range 1.18-1.30 but instead range 1.16-1.31 on the Cisco end and 1.16/28 on the MikroTik end.

I have tried it without result, we keep getting the same message

dakotabcn

Hi! We have been asked to create a site2site against a Cisco ASA, the VPN is failing us due to the policy, it returns the INVALID-ID message, after consulting this error it is in the policy, the Cisco has defined ranges both in its network and for ours, these are examples similar to what our network...

dakotabcn

How about his: Create an address list of allowed VPN addresses to access the another network /ip firewall address-list add address=192.168.90.xx list=VPNto61 add address=192.168.90.yy list=VPNto61 ... Add src-nat rule which will do the address translation: /ip firewall nat add action=src-nat chain=...

dakotabcn

Hi! They have asked me for a NAT something curious since I had never encountered this I have 10 VPNs in routing to the local network, this is perfect, the VPN range 192.168.90.xxx and the local network 192.168.60.xxx, for various reasons they have asked me a few VPNs to access another network (192.1...

dakotabcn

*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47); I was excited about this in the changelog, I hoped that with this they would solve the problem of connecting several L2TP connections from the same IP when there is NAT in the middle of both the cli...

dakotabcn

Hello I hace problem with PCC balancing, only mark to GW1 all trafic except 192.168.1.255 and 8.8.4.4 I have this mangles /ip firewall mangle add action=mark-routing chain=prerouting comment="EXCLUSION DEL BALANCEO SALIENDO POR VRRP-GW1" new-routing-mark=to_VRRP-GW1 passthrough=no src-addr...

dakotabcn

Hello I have a curious problem and it only happens to me with a router RB4011 without wifi: winbox via local connects perfectly, via VPN L2TP or does not connect (it remains in downloading descriptors) or when it accesses it does not load and it remains blank, with other routers in 6.46.6 does not h...

dakotabcn

jun/02/2020 16:05:59 system,error,critical error while running customized default configuration script: no such item jun/02/2020 16:05:59 system,error,critical Got this on a HAPac², boot time was incereased too (about 2 minutes) same error in RB4011 WIFI, if reboot the same message is logged other ...

dakotabcn

Possible solution (work, yes!) add action=mark-connection chain=prerouting comment="REGLAS BALANCEO " connection-mark=no-mark dst-address=!192.168.200.0/24 in-interface=ISP1 new-connection-mark=ISP1_conn passthrough=yes add action=mark-connection chain=prerouting connection-mark=no-mark ds...

dakotabcn

Hello I have problems with VPN traffic and Load Balancing, i use the vpn for RDP connections, but no work I have mkt router with 2 FTTH lines and use mangles to balance the traffic, i have the next problem with VPN L2TP the connection is established correctly, the connection to the winbox via VPN wo...

dakotabcn

Hello! Due to the confinement due to the coronavirus, here in Spain our clients are teleworking from home, a client has asked me for a record of the connections made by each user, in principle it would be to record the connection and disconnection time The quick solution was to create a log that is ...

dakotabcn

RB4011 wireless version today report 50º, I had to place a fan on top to lower its temperature to 37 degrees This device has a very serious temperature problem, and I blame it on a design defect, it is not normal for it to be set at 50 degrees, I have a lot of devices at home 24 hours and none gets ...

dakotabcn

Hello I have problems wit ipsec tunel The other side is a fortinet firewall and the config for connect the RB 3011 is IKE v1 The exchange mode is main and i need indicate the remote ide and my id type with FQDN for remote ID i not have problem, but My ID Type only accept address or auto, i need indi...

dakotabcn

Interesante....
NetVicius, tu herramienta sirve para redes grandes tipo guifi.net?
Aqui tenemos muchisimos MKT y estan algunos sin actualizar por no llevar el control

saludos

dakotabcn

Hello i have created with scheduler this script for verify if fail one of ftth /system scheduler add comment="This will run after 4 mins" interval=5m name=ISP1 on-event="/system scheduler set [find name=checker] disabled=yes\r\ \n:local pinged [/ping address=8.8.8.8 count=5 interface=...

dakotabcn

Hey Sebastian This mi actual config, the 4G not is installed: (i have deleted/modified no essential info for security reason) # model = RB1100x4 /interface bridge add name=DMZ add name=LAN /interface ethernet set [ find default-name=ether1 ] name=ISP1 speed=100Mbps set [ find default-name=ether2 ] n...

dakotabcn

Hello I have an RB1100AHx4 with a load balancing with 2 FTTH of 300 Mb symmetrical. The client has asked us if it is possible to mount a backup 4G in case of failure that the Backup is activated for only an RDP connection to a cloud currently the load balancing has an automatic fail over that notifi...

dakotabcn

I have downgraded to 6.44.3 the rb4011 with wifi due fails with L2TP connections Mi computer connect with any problem, but other users no connect, the log report phase1 negotiation failed Others router RB3011 have the same issue All routers have NAT for Inet (the ftth/hfc router is wit NAT) and all ...

dakotabcn

https://support.microsoft.com/en-gb/hel ... in-windows
Please read and apply, Windows by default not support nat traversal

dakotabcn

Thanks for the tool I have problem with snifferviewer, i have installed the service in windows 7 VM machine, start and connect with the mikrotik OK. I use the viewer in local and show data, but if use the viewer in another machine and indicate the VM machine no show any data, i have disabled the fir...

dakotabcn

Hello My RB4011 wifi version is VERY VERY hot, it is impossible to put your hand on, you burn! I do not find this excessive temperature logical or normal, it is currently marking 51 degrees Celsius, this is not good, such a high temperature will end up damaging the hardware, and it is not a cheap de...

dakotabcn

Hello! We have a router with a site2site connection against another mikrotik, the internet connection of the network and the vpn leave by the same internet access in ETH1, we have been asked to place another FTTH to dedicate it to the VPN since the traffic of the users and of the l2tp VPN starts to ...

dakotabcn

HELP! i have upgraded the RB4011 wireless and not work the router flickers the lights of the SFP and the switch but it does not start, I've tried it in every way and it does not happen there, I had the 6.34.8 and updated this version this morning I need help, because right now it is totally out of s...

dakotabcn

As stated above, we are aware of the issue and will be fixed in the next beta versions. i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work if upgrade to next version all vpn l2tp/ipsec with this config will they stop working? /inter...

dakotabcn

Isn't the answer two posts above?.. i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work if upgrade to next version all vpn l2tp/ipsec with this config will they stop working? /interface l2tp-server server set authentication=mschap2 e...

dakotabcn

L2TP/IPSEC no work, the message are "failed to pre-process ph2 packet" config # nov/27/2018 17:36:36 by RouterOS 6.44beta39 # # model = 951G-2HnD /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des /interface l2tp-...

dakotabcn

Hello
Is there any solution to this problem? I have several clients that use laptops and connect from the same network and with L2TP / IPSEC they can not connect, at the moment I have solved it with PPTP, I have tried to implement IKEv2 but it is costing me to leave it operational

dakotabcn

I too get this however it is not so much a problem as expected behaviour. You can use split VPN types as you have found or you could set up a VPN from the router and some sort of policy based routing to get around this. Hello It is not possible to put a VPN in the router of the office where the con...

dakotabcn

I have a problem with L2TP / IPSEC in a client, several users connect from the same connection behind a NAT and with L2TP it is impossible, when a user connects, he disconnects the one that is already connected. I've been reading why this happens and change the L2TP from port strict to port override...

dakotabcn

I would put an action=log rule as the very first one in the chain=forward of /ip firewall filter with protocol=tcp dst-port=80 src-address=192.168.35.0/24 , try to connect from the VPN client to the server, and see whether the SYN packet is logged or not. You may e.g. find that it actually comes fr...

dakotabcn

Hello I have this situation VPN client have IP 192.168.35.1 Webserver have IP 192.168.10.10 i have this rule add action=accept chain=forward comment="open port 80 for User10" dst-address=192.168.10.10 dst-port=80 log=yes protocol=tcp src-address=192.168.35.1 i have other rule for RDP Port ...

dakotabcn

Hi sindy
Thanks for the solution, I had not thought about creating the rules by IP.
I have modified the rules so that users who connect by VPN do not have access to the LAN except the 3389, now it works, the RDP responds but the server resources can not be seen

dakotabcn

Can anyone help me solve this problem with the firewall and pptp connections?

dakotabcn

Hello I have created a pptp server for VPN connections, working perfectly I have created the VPN with an IP range different from the local network so that I can block everything except the RDP with the firewall The problem is that I do not know how to create the rules that only apply to VPN connecti...

dakotabcn

/interface ethernet set ether1 mac-address=

In New terminal, i insert this command and reboot the cablemodem and routerboard
and.... i have the IP!

if use the quick set not work, this quick set no work fine, the best solution is console

dakotabcn

This is the config working with mi ISP (ONO with HFC Docsis 3.0) # may/16/2017 22:20:27 by RouterOS 6.39.1 # software id = # /interface bridge add admin-mac=E4:8D:8C:A1:XX:XX auto-mac=no comment=defconf name=bridge /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/...

dakotabcn

Hello i have the RB951G-2HnD, with default config with mi isp works fine, connect and received the dinamic IP... but i have un problem I have a fixed IP assigned to a specific mac of type 00:0a:5e:4f:xx:xx Is a mac that had a 3COM 905C that I was burned with a storm many years ago, because in my ISP...

dakotabcn

Are you using TKIP or WEP encryption? 802.11n requires AES or no encryption at all. It can be WPA or WPA2, but it must be AES. Hi Oldman Sorry, i no have activated the suscription for mi post :? I revised the config, I have in Security Profile this config http://i64.tinypic.com/2hftno7.png i have c...

dakotabcn

Anyone from the forum can help me?
I have update the firmware and router os
With wifi analyzer i have this info
RSSI -19 dBm
Channel 1+5
2412
2442-2402=40Mhz
WPA2

but only connect 11g, 11n no work

dakotabcn

Hello, sorry for mi bad english I have the RB 951G-2HnD and i have configured the wireless with 11GN, but all mobile only connect with 54mb i have this config (sorry, i use subefotos.com and not show the images http://subefotos.com/ver/?3fda8a25258a5ec36e6c40ca52485a79o.png http://subefotos.com/ver/...

Search found 50 matches