Community discussions

MikroTik App

Search found 97 matches

by bramwittendorp
Mon Nov 04, 2019 11:00 pm
Forum: Beginner Basics
Topic: cannot connect to web interface after changing to wisp ap
Replies: 12
Views: 3019

Re: cannot connect to web interface after changing to wisp ap

Grab yourself Winbox from the MikroTik download page. And connect the AP directly to your laptop/pc (you may need to assign some free IP-adress on your PC's NIC) in order to bring the link up. In Winbox have a look on the Neighbors tab and see if the devices shows up and with what IP-address, you ma...
by bramwittendorp
Wed Mar 27, 2019 9:07 pm
Forum: Beginner Basics
Topic: Solution for VPN into company network
Replies: 3
Views: 640

Re: Solution for VPN into company network

Hi,

I assume those remote workers are road warriors, so I would suggest either SSTP (this is an SSL-based VPN) or L2TP with IPsec.

The RB2011 doesn't support IPSec hardware acceleration, so throughput might be a bit slow, but I think for general use it will be fine
by bramwittendorp
Tue Mar 12, 2019 6:53 pm
Forum: Beginner Basics
Topic: OVPN disconnect after few seconds
Replies: 9
Views: 759

Re: OVPN disconnect after few seconds

The subject of your post is it disconnents after a few seconds, but I can see in the log it's connected for 1 minute at least. So what is your issue? Not being able to ping or getting disconnects?

Are you allowing the traffic coming in from the OVPN trough your firewall?
by bramwittendorp
Mon Mar 11, 2019 8:33 pm
Forum: General
Topic: EoIP/IPsec & L2TP/IPsec on the same router
Replies: 4
Views: 711

Re: EoIP/IPsec & L2TP/IPsec on the same router

Hi!

I have been using EoIP/IPsec & L2TP/IPSec on multiple environments just fine.

Can you share your config to see what might cause the issues?
by bramwittendorp
Tue Feb 26, 2019 9:31 pm
Forum: General
Topic: public subnet routing
Replies: 2
Views: 795

Re: public subnet routing

Hi, You have to choose: either use transparante mode (which I will be explaining) or use the subnet with NAT. I would suggest the following configuration, remove the config you have made before (as you specified in your post): 1) Add the first usable IP-address from the routed-subnet on the Bridge2....
by bramwittendorp
Mon Feb 25, 2019 8:55 pm
Forum: General
Topic: Forward VPN to Synology NAS
Replies: 1
Views: 1669

Re: Forward VPN to Synology NAS

Hi, What kind of firewall have you configured on the MikroTik? If it is not the default (https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router) you might need additional access rules to allow the traffic. These rules should then be placed in the forward chains. For the port forwarding part you'...
by bramwittendorp
Mon Feb 25, 2019 8:48 pm
Forum: Beginner Basics
Topic: Split tunneling
Replies: 7
Views: 962

Re: Split tunneling

Hi Khavale, Welcome on the forum! I am sure it is possible to use split-tunneling for YouTube traffic. But you'll need to find out the IP-address being used by YouTube, it might be easier to access the sites you want to access by VPN by additional routes. Also please share you config, so we can have...
by bramwittendorp
Wed Jan 23, 2019 7:44 pm
Forum: General
Topic: Setting a secondary PPPOE Connection
Replies: 9
Views: 1000

Re: Setting a secondary PPPOE Connection

I am sorry. I haven't taught of one part of the configuration. You should also mark the traffic that is ment to use the Secondary PPPoE. So add something for that as well under /ip firewall mangle /ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=secondary-pppoe passthrou...
by bramwittendorp
Tue Jan 22, 2019 7:54 pm
Forum: General
Topic: Setting a secondary PPPOE Connection
Replies: 9
Views: 1000

Re: Setting a secondary PPPOE Connection

Your gateway is not an IP-adress for the specified routing mark /ip route add distance=1 gateway=pppoe-secundar routing-mark=secondary-pppoe In order for it to work, you'll need to find the IP-adress the ISP uses on the other end of the PPPoE-interface. No next-hop lookup is performed when using thi...
by bramwittendorp
Tue Jan 22, 2019 5:20 pm
Forum: General
Topic: Setting a secondary PPPOE Connection
Replies: 9
Views: 1000

Re: Setting a secondary PPPOE Connection

If you could go to the Terminal. This is an option in both Webfig and Winbox

and there do an export: /export hide-sensitive

And past it here between the tags. That would be great
by bramwittendorp
Tue Jan 22, 2019 4:06 pm
Forum: General
Topic: Setting a secondary PPPOE Connection
Replies: 9
Views: 1000

Re: Setting a secondary PPPOE Connection

I think one option that would suit you is make use of routing-marks. Routing marks give you an additional routing table where you can store your config. First of all: under /ip firewall mangle add a rule in the prerouting chain. In the rule specify the secondary PPPoE interface and under Action spec...
by bramwittendorp
Sun Jan 13, 2019 2:57 pm
Forum: Beginner Basics
Topic: Mikrotik Client OpenVPN Only For 1 Destination
Replies: 1
Views: 344

Re: Mikrotik Client OpenVPN Only For 1 Destination

This would definitely be possible by adding a static route for a /32 address (ex.: 1.1.1.1/32) specifying the next-hop address as the other end of the OVPN tunnel.
by bramwittendorp
Fri Jan 11, 2019 8:48 pm
Forum: General
Topic: Connecting another router to my MT
Replies: 8
Views: 700

Re: Connecting another router to my MT

Are you sure the traffic isn't being blocked by the MikroTik? Maybe you could post the output of your firewall config here? (/ip firewall export). Another issue I can think of is NAT, where traffic isn't being forwarded to the correct host. Maybe perform an traceroute as well, to identify where traf...
by bramwittendorp
Fri Jan 11, 2019 8:34 pm
Forum: General
Topic: Unable to connect using MAC address and Winbox
Replies: 1
Views: 675

Re: Unable to connect using MAC address and Winbox

I have seen some strange behaviour with regards to neighbor discovery not working because the network interface isn't active because it has no IP-configuration. But that doesn't explain why it works when connecting trough a switch.
by bramwittendorp
Thu Jan 10, 2019 4:04 pm
Forum: Beginner Basics
Topic: WISP AP DHCP server does not work [SOLVED]
Replies: 2
Views: 526

Re: WISP AP DHCP server does not work [SOLVED]

Your config is incomplete if this is your full configuration. Please use the DHCP Server setup option in Winbox or follow the guide found in the Wiki: https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server. You're now just running a DHCP server, without any Pool (addresses to hand out) or any other op...
by bramwittendorp
Wed Jan 09, 2019 8:07 pm
Forum: General
Topic: Apple devices flooding DHCP server
Replies: 15
Views: 3246

Re: Apple devices flooding DHCP server

I have a lot of Apple Gear, and haven't seen the problem so far. I think it is caused by the devices in question, but not due to some widespread issue, but rather to the individual device. I found the following topic in the Apple Forum: https://discussions.apple.com/thread/8193574 Maybe the suggesti...
by bramwittendorp
Wed Jan 09, 2019 1:36 pm
Forum: Beginner Basics
Topic: Google Home Mini / ICS-2000
Replies: 3
Views: 447

Re: Google Home Mini / ICS-2000

Hi, From your config, you have multiple IP-addresses assinged to ether2, which is your lan interface: /ip address add address=10.166.14.254/24 interface=ether2-LAN network=10.166.14.0 add address=192.168.2.1/24 interface=ether2-LAN network=192.168.2.0 add address=172.16.16.254/24 interface=ether2-LA...
by bramwittendorp
Tue Jan 08, 2019 7:30 pm
Forum: Beginner Basics
Topic: Google Home Mini / ICS-2000
Replies: 3
Views: 447

Re: Google Home Mini / ICS-2000

Hi, I have a couple more questions in order to understand your problem better: - Are both devices actually connected (eg.: do they show up in the registration list of any WiFi-interfaces; is the ethernet-interface running)? Do they have an IP-address assigned for the servers? - Can you use torch to ...
by bramwittendorp
Tue Jan 08, 2019 7:22 pm
Forum: Beginner Basics
Topic: Multiple EoIP\IPsec tunnels
Replies: 1
Views: 343

Re: Multiple EoIP\IPsec tunnels

I suspect this is normal behaviour. All four IPSec policies use the same-endpoint, so it is only necessary to have one of the policies active. Since they are created dynamically I think MikroTik creates the policy for every EoIP interface you create.
by bramwittendorp
Thu Jan 03, 2019 10:16 pm
Forum: Beginner Basics
Topic: ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]
Replies: 6
Views: 826

Re: ARP vs DHCP| Packs vs RBversion|PPPoE [SOLVED]

Hi, I am making an attempt to answer you as good as I can: This one is pretty easy. The ARP table is used for the lookup of MAC-Addresses (OSI Layer 2) based on IP-adresses (OSI-Layer 3). This is needed for the transport from the IP-packets towards an client. For more info on ARP you can look in the...
by bramwittendorp
Mon Nov 26, 2018 8:18 pm
Forum: Beginner Basics
Topic: Windows 7 L2TP Ipsec error 789
Replies: 2
Views: 1468

Re: Windows 7 L2TP Ipsec error 789

According to this page of Microsoft the error 789 is an generic error, which could be caused by the IPSec connection not being established, you could check this by watching the IP > IPSec menu-items in Winbox, you would see a remote peer when IPSec is establishing a connection. How is your traffic f...
by bramwittendorp
Tue Nov 20, 2018 2:33 pm
Forum: Beginner Basics
Topic: Windows Firewall and Sub-Network question
Replies: 6
Views: 1116

Re: Windows Firewall and Sub-Network question

It depends on what you're trying to do. It's not the MikroTik in your way, the Windows Firewall is blocking the traffic. You'll need to add the other networks as trusted in your Windows Firewall if you wish to communicate while having Windows Firewall enabled. You can certainly create work-around on...
by bramwittendorp
Tue Nov 13, 2018 7:14 pm
Forum: General
Topic: Third Party (SonicWall) to MikroTik Aggressive IPSec tunnel Interface
Replies: 0
Views: 499

Third Party (SonicWall) to MikroTik Aggressive IPSec tunnel Interface

Hi guys, I am working on a project where I have to build a setup where all traffic gets routed trough an IPSec tunnel. Since I need routing I figured out I need to use a tunnel interface either GRE or IPIP to be able to use this interface in the routing table. On the main site we have an SonicWall f...
by bramwittendorp
Sun Oct 28, 2018 4:21 pm
Forum: General
Topic: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]
Replies: 4
Views: 851

Re: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]

Hi Jim, The order you have is correct as is, the rules would be triggered correctly for this rule to work properly. Consider replacing it for the following rule. This is less specific but might work better, because in your current config your only applying the rule to TCP-traffic. /ip firewall nat a...
by bramwittendorp
Sun Oct 28, 2018 1:53 pm
Forum: General
Topic: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]
Replies: 4
Views: 851

Re: SRC-NAT --> NETMAP Incorrect Public IP [SOLVED]

Are you sure these rules are actually the first rules under the IP > NAT configuration. The way MikroTik walks to the NAT-table is from top to bottom, so if there is for instance a masquerare rule for traffic leaving on ether1-WAN first, that rule is applied. Also under IP > Firewall > Service Port ...
by bramwittendorp
Sat Oct 27, 2018 4:50 pm
Forum: Beginner Basics
Topic: Port mapping
Replies: 2
Views: 524

Re: Port mapping

Hi, Could you post your config? There might be an issue with firewall configuration why traffic is dropped. Also: port 80 is used for webfig. In order to forward it towards a LAN-device it might be good practice to disbale the web-service under IP > Services. Also, make sure you aren't double natted...
by bramwittendorp
Wed Oct 24, 2018 9:55 pm
Forum: Beginner Basics
Topic: Send two untagged vlan from trunk uplink to access port..
Replies: 4
Views: 782

Re: Send tvo untagged vlan from trunk uplink to access port..

You can only have 1 untagged vlan on a port or trunk. All additional ports need to be tagged.
by bramwittendorp
Wed Oct 24, 2018 9:50 pm
Forum: Beginner Basics
Topic: Routing to the designated ISP [SOLVED]
Replies: 4
Views: 725

Re: Routing to the designated ISP [SOLVED]

Hi, Depending on your exact needs I think it can be done. So, assuming from your description we have two separate locations; location A with the 192.168.1.0/24 network and location B with both a 192.168.2.0/24 network and a 192.168.3.0/24. In order for the user1 in location B, which has an IP-addres...
by bramwittendorp
Tue Oct 23, 2018 10:59 pm
Forum: Beginner Basics
Topic: Routing to the designated ISP [SOLVED]
Replies: 4
Views: 725

Re: Routing to the designated ISP [SOLVED]

Could you be more specific about your design choices? For starters I am wondering why you use 2 routers, which would then lead to a third router leading towards a switch leading towards the clients. To me it seems you make things more complicated than it needs to be. You could configure both ISPs on...
by bramwittendorp
Tue Oct 23, 2018 10:48 pm
Forum: General
Topic: Firewall remote log doesn't contains all
Replies: 2
Views: 418

Re: Firewall remote log doesn't contains all

[admin@R1] > /ip firewall filter print Flags: X - disabled, I - invalid, D - dynamic ...shortened 30 ;;; BLOCK TROJANS chain=input action=drop src-address-list=Trojans log=no log-prefix="" 31 chain=forward action=drop src-address-list=Trojans log=no log-prefix="" Maybe change the log=no to log=yes,...
by bramwittendorp
Mon Oct 22, 2018 7:44 pm
Forum: Beginner Basics
Topic: Upgrade 802.11 version in repeater mode
Replies: 1
Views: 314

Re: Upgrade 802.11 version in repeater mode

I would like to know - whether it is possible or not, to configure Microtik router in such a way, when, in repeater mode - LAN devices would be connected on higher speeds, than when running on main router's network? No, it is not possible, and it won't work with any other vendor, before you run off...
by bramwittendorp
Mon Oct 22, 2018 7:05 pm
Forum: Beginner Basics
Topic: Router works. However websites don't open at first attempt
Replies: 1
Views: 465

Re: Router works. However websites don't open at first attempt

Hi, In your DHCP-settings I noticed you're using two public DNS-caching servers, but you have enabled DNS-request to your router as well, so it might be better to put your router's LAN-IP on the DHCP-server network set-up in order to use it as a DNS-caching server. This way DNS can reply quicker, wh...
by bramwittendorp
Tue Oct 09, 2018 3:05 pm
Forum: Beginner Basics
Topic: No internet connection on my switch
Replies: 9
Views: 2080

Re: No internet connection on my switch

To check if the correct interface has an IP-address, you'll need to do an /ip address export from the terminal and check whether the correct IP-address has been assigned to ether1. Alternatively you could also use the IP > Address tab in WinBox of Webfig. If you want proper help, please post the con...
by bramwittendorp
Sun Oct 07, 2018 3:43 pm
Forum: General
Topic: MacOS Winbox features and limitations
Replies: 4
Views: 1416

Re: MacOS Winbox features and limitations

Hi WeWiNet, I personally use the WinBox for Mac from Joshaven.com, which can be found on: http://joshaven.com/resources/tools/winbox-for-mac/. No file drag and drop >> I have this problem as well, but that is not a WinBox issue, but an dependency in Wine No windows like copy via CTRL-C/CTRL-V in Win...
by bramwittendorp
Fri Sep 28, 2018 11:45 am
Forum: General
Topic: something is wrong with my DNS resolving...
Replies: 8
Views: 1249

Re: something is wrong with my DNS resolving...

Which DNS servers have you configured under IP > DNS (/ip dns export OR /ip dns print)?

Try with different DNS-servers to make sure the problem isn't in your current set of DNS servers.
by bramwittendorp
Tue Sep 04, 2018 5:27 pm
Forum: Beginner Basics
Topic: DHCP server not handing out IP's
Replies: 10
Views: 1706

Re: DHCP server not handing out IP's

You're only running a DHCP-server on ether2. From your config it says servers are connected on ether3. So it seems legit that you don't recieve a dhcp-address on your server if it's connected on ether3. /ip dhcp-server add add-arp=yes address-pool=dhcp_pool1 disabled=no interface="ether2 (LAN)" name...
by bramwittendorp
Tue Sep 04, 2018 7:45 am
Forum: Beginner Basics
Topic: L2tp error 789
Replies: 5
Views: 2334

Re: L2tp error 789

Hi Marco, I was troubleshooting VPN-issues on Windows (10) earlier today with Mac OS working fine, but Windows giving me shit. I saw similar error messages. I found this post very useful (https://superuser.com/questions/1298513/l2tp-ipsec-vpn-fails-to-connect-on-windows-10-works-fine-on-ios). I also...
by bramwittendorp
Sun Sep 02, 2018 6:27 pm
Forum: General
Topic: L2TP routing issue - SOLVED
Replies: 5
Views: 562

Re: L2TP routing issue

You should post your router configuration with an
/export hide-sensitve
We than can walk trough it and guide you towards a solution.

Are the L2TP-clients also MikroTik, if so please post the config of it as well
by bramwittendorp
Fri Aug 31, 2018 7:48 pm
Forum: Forwarding Protocols
Topic: Mikrotik DDNS and NVR
Replies: 10
Views: 1707

Re: Mikrotik DDNS and NVR

You're NAT-export looks incomplete of the MikroTik. The NAT-rules aren't matching any ports right now. That could be an issue You'll need either a catch-all rule: this one will catch all traffic and forward it to the NVR. /ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.0.109 Or...
by bramwittendorp
Wed Aug 29, 2018 7:12 pm
Forum: Forwarding Protocols
Topic: Mikrotik DDNS and NVR
Replies: 10
Views: 1707

Re: Mikrotik DDNS and NVR

Can you post your current configuration; an /ip firewall nat export would be sufficient?

The RTSP-protocol is likely UDP as it's a continous data-stream.
by bramwittendorp
Tue Aug 28, 2018 3:50 pm
Forum: Forwarding Protocols
Topic: Mikrotik DDNS and NVR
Replies: 10
Views: 1707

Re: Mikrotik DDNS and NVR

It depends on the application I guess. I don't know which protocol and which ports are used by the application. You should forward all the necessary ports for the application by additional NAT-rules and verify that these NAT-rules actually git a hit. You should see packet-counters running when tryin...
by bramwittendorp
Sun Aug 26, 2018 10:18 pm
Forum: Forwarding Protocols
Topic: Mikrotik DDNS and NVR
Replies: 10
Views: 1707

Re: Mikrotik DDNS and NVR

Hi, From my point of view it seems you have too many NAT-rules. You should leave the SRC-NAT (Masqeraude) but you should remove any other rules. It think you'll only need the following rules. I assume port 80 is used for a webpage of the NVR, so that should be TCP (as web is TCP-based). For the port...
by bramwittendorp
Sat Aug 25, 2018 5:54 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 4652

Re: L2TP to remote office

Hi Flynno, Thanks for the reply, the drawing you made shines a better light on your case and what you're trying to do. I'm under the impression you followed some tutorials online to set things up. From my point-of-view it looks crazy difficult. Based on the drawing, and my experience I have given yo...
by bramwittendorp
Sat Aug 25, 2018 4:03 pm
Forum: Forwarding Protocols
Topic: Mikrotik DDNS and NVR
Replies: 10
Views: 1707

Re: Mikrotik DDNS and NVR

Hi, You could definitely use the MikroTik DDNS function for this, start with enabling it under /ip cloud. Then what you'll need to do is add two destination NAT-rules following the documentation (https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Destination_NAT). In your firewall filters you sho...
by bramwittendorp
Fri Aug 24, 2018 3:51 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 4652

Re: L2TP to remote office

On the DHCP-client of my WAN-interface (not sure if you can set it on an LTE-device) I changed the default route distance to 10. That way my default route that's get added trough the VPN-connection will always become the more preffered one. My routing table with active VPN looks like this: 2 ADS 0.0...
by bramwittendorp
Fri Aug 24, 2018 2:54 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 4652

Re: L2TP to remote office

Why are you using Mangle anyway? I want to be able to use the office connection as the main internet connect for the mikrotik LTE device, send all traffic from the LTE down the tunnel to the office connection. You want to send all traffic through the VPN-tunnel am I right? It seems to me that you ha...
by bramwittendorp
Fri Aug 24, 2018 8:24 am
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 4652

Re: L2TP to remote office

For the PPP-secret, I use the following configuration on the Main-router: /ppp secret add local-address=192.168.100.6 name=map_bram remote-address=10.9.5.1 routes=10.9.5.0/24 service=pptp This takes care of the whole Site-to-Site VPN tunnel for me. On the remote end it will use the IP-address I setu...
by bramwittendorp
Tue Aug 21, 2018 10:38 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 4652

Re: L2TP to remote office

That should be it I think, does it work?
by bramwittendorp
Tue Aug 21, 2018 8:36 pm
Forum: Forwarding Protocols
Topic: L2TP to remote office
Replies: 27
Views: 4652

Re: L2TP to remote office

Hi, You're correct, there is a issue with the following route, on the LTE-device /ip route add distance=1 dst-address=0.0.0.0/0 gateway=l2tp-out1 routing-mark= PPTP Instead of specifying the gateway-interface (l2tp-out1) you'll need to specify the IP-address of the RB on the other end of the tunnel ...
by bramwittendorp
Tue Aug 21, 2018 8:28 pm
Forum: General
Topic: DMZ Routing question (Stuck)
Replies: 17
Views: 1224

Re: DMZ Routing question (Stuck)

You'll need Hairpin-NAT lots of good topics on this forum explaining that. Just do a search for Hairpin-NAT.

search.php?keywords=Hairpin+NAT
by bramwittendorp
Tue Aug 21, 2018 8:24 pm
Forum: Beginner Basics
Topic: Limit bandwidth per ether-port
Replies: 1
Views: 356

Re: Limit bandwidth per ether-port

Hi,

I'm running RouterOS 6.42.7 (latest release), and you could just specify the interface on the General tab. At target, instead of specifying an IP-adress you can also select interfaces there.
by bramwittendorp
Sat Aug 18, 2018 11:53 am
Forum: General
Topic: openvpn site to site linux and mikrotik
Replies: 2
Views: 374

Re: openvpn site to site linux and mikrotik

Please post the config of your MikroTik by running an
/export hide-sensitive
We can have a look at your config and spot any issues with regard to firewall rules or anything like it.
by bramwittendorp
Sat Aug 18, 2018 11:50 am
Forum: General
Topic: Issue with disabling [REDACTED] on Mikrotik
Replies: 1
Views: 736

Re: Issue with disabling [REDACTED] on Mikrotik

Hi, You'll probably follow the guide and reverse the instructions. And then troubleshoot it when everything is removed. Could be something with Firewall-rules, NAT-rules or a route that hasn't been removed when you remove all configuration. If taken sometime to go trough your configuration, and from...
by bramwittendorp
Fri Aug 17, 2018 7:01 pm
Forum: General
Topic: SIP Registration issue
Replies: 10
Views: 1215

Re: SIP Registration issue

In a case I experienced with SonicWall and SIP the solution was to use TCP for the SIP protocol, as this would work better than UDP. Also: after changing the SIP helper setting you might need to clear connection tracking/reboot the phones in order to test it properly. But I'm not sure about it, so j...
by bramwittendorp
Thu Aug 16, 2018 8:31 pm
Forum: Beginner Basics
Topic: Allowing traffic between switches within router
Replies: 13
Views: 2817

Re: Allowing traffic between switches within router

As I've said before, use the forward chain for packets passing through the router. Place the rule allowing VNC-traffic above any drop-rules in your firewall configuration. You could try to add the following two firewall rules, add them and place them at the top of the firewall chain, after the "DEFA...
by bramwittendorp
Wed Aug 15, 2018 8:53 pm
Forum: General
Topic: Subnet over PPPoE take the wrong IP outgoing
Replies: 3
Views: 597

Re: Subnet over PPPoE take the wrong IP outgoing

I've seen a similar problem as well, where traffic on a site-to-site L2TP was NAT'ted because a masquerade rule.

Add a rule under /ip firewall nat. In the src-nat chain. Traffic from your router going towards the L2TP-tunnel interface with action accept and place it at the top of the NAT-rules.
by bramwittendorp
Wed Aug 15, 2018 8:47 pm
Forum: General
Topic: Mikrotik Local IP on Fiber and public IP Pool from ISP Configuration for Local Lan Internet
Replies: 2
Views: 1021

Re: Mikrotik Local IP on Fiber and public IP Pool from ISP Configuration for Local Lan Internet

Your NAT-rule does the following: It will NAT(Masquerade) everything leaving your router on ether1. You should do this however for the SFP1 interface. Since you have some Public IP-space, I'd use the following method: Add a src-nat rule similar to the following: /ip firewall nat add action=src-nat c...
by bramwittendorp
Wed Aug 15, 2018 8:27 pm
Forum: Beginner Basics
Topic: Understanding Default config: bridge
Replies: 4
Views: 4650

Re: Understanding Default config: bridge

You can certainly use a MikroTik device without a bridge, but for SoHo-use you'll probably be better of with a bridge. Without a bridge the router will be in routed mode, in that case every interface of the router needs it's own ip-address and when devices are trying to reach other network segments ...
by bramwittendorp
Wed Aug 15, 2018 8:23 pm
Forum: Beginner Basics
Topic: Routing Issue
Replies: 1
Views: 368

Re: Routing Issue

To me it sounds more like a issue with NAT, but to make sure please post your config using: /export hide-sensitive That way we can have a look at the configuration. Also: please provide us some more information? Gateway, is this also the MikroTik or is this some other kind of device? We can help you...
by bramwittendorp
Tue Aug 14, 2018 7:56 pm
Forum: General
Topic: Winbox from AP to Station
Replies: 4
Views: 653

Re: Winbox from AP to Station

Hi,

Please share your config, by doing an
/export hide-sensitive
. That way we'll get a better understanding of your config and possible firewall rules that are in the way.
by bramwittendorp
Tue Aug 14, 2018 7:52 pm
Forum: Beginner Basics
Topic: Allowing traffic between switches within router
Replies: 13
Views: 2817

Re: Allowing traffic between switches within router

Hi, That enlightens your question and gives me a better opportunity to help you in a good way. Let's start with the printer, you've already got a proper firewall rule for it in your config: add chain=forward comment="Trainer access to printer" dst-address=192.168.0.19 src-address=80.233.170.45 The i...
by bramwittendorp
Tue Aug 14, 2018 2:17 pm
Forum: Beginner Basics
Topic: Allowing traffic between switches within router
Replies: 13
Views: 2817

Re: Allowing traffic between switches within router

Let me try to understand you correctly: The devices on ether6 - ether9 have an IP-address in the 80.233.170.42-45 range. But also private IP's? Where are the networkadapters providing these private-IPs connected to?
by bramwittendorp
Mon Aug 13, 2018 4:53 pm
Forum: Beginner Basics
Topic: Allowing traffic between switches within router
Replies: 13
Views: 2817

Re: Allowing traffic between switches within router

Hi, First of all, in your export I see you're running 6.33.3, please consider upgrading to at least the latest bugfix release, as this version of RouterOS is vulnerable to an attack that can exploit Winbox. You can read more about it here: https://blog.mikrotik.com/security/winbox-vulnerability.html...
by bramwittendorp
Sat Aug 11, 2018 4:40 pm
Forum: Beginner Basics
Topic: Allowing traffic between switches within router
Replies: 13
Views: 2817

Re: Allowing traffic between switches within router

I don't think you need a bridge at all, but to answers your questions: Question 1: Can an interface be a part of multiple bridges? I'm not sure, my logic says no. The error you posted also points to this, please read the Wiki-page for more information on bridges https://wiki.mikrotik.com/wiki/Manual...
by bramwittendorp
Sat Aug 11, 2018 4:19 pm
Forum: Beginner Basics
Topic: map lite difficulties
Replies: 1
Views: 871

Re: map lite difficulties

Correct me if I'm wrong, but you want to use the mAP lite as a bridge in your network? According to your config you're now using a default configuration and access from the wired network is blocked due to the firewall rules that are in the mAP right now. Please follow the next steps: What you should...
by bramwittendorp
Fri Aug 10, 2018 10:58 am
Forum: General
Topic: OVPN Client - no ping from Mikrotik itself possible
Replies: 1
Views: 351

Re: OVPN Client - no ping from Mikrotik itself possible

Hi Unic, Please share your config using /export hide-sensitive That way we get a better understanding of possible issues in your configuration. Maybe the issue isn't blocking outgoing traffic, but blocking traffic on the input-chain. Because the reply doesn't come back to your router I use a firewal...
by bramwittendorp
Thu Aug 09, 2018 8:15 pm
Forum: General
Topic: Question for Normis
Replies: 1
Views: 537

Re: Question for Normis

My name is definitly not Normis, you'd be better off changing this subject, because I've a suggestion for you: Add a simple firewall rule: /ip firewall filter add action=accept chain=input connection-state=established,related That rule allows established or related connections from entering your rou...
by bramwittendorp
Thu Aug 09, 2018 7:43 pm
Forum: General
Topic: Issue with OVPN between Mikrotik and PFSense
Replies: 1
Views: 466

Re: Issue with OVPN between Mikrotik and PFSense

Please post the output of the following command, hiding stuff you don't want to share, like public IP-adresses or something like that. /export hide-sensitive That way we'll get a better understanding of your config and any problems that might occur. Something that comes to mind immediatly: make sure...
by bramwittendorp
Wed Aug 08, 2018 8:19 pm
Forum: Beginner Basics
Topic: Please help me get my network in order
Replies: 7
Views: 1036

Re: Please help me get my network in order

I can only give you advice on the MikroTik-part of your network. What you should do: Reset the MikroTik-devices, with no default configuration Access the MikroTik using Winbox and Mac-address Create a new bridge, containing all interfaces (ethernet and wireless) Depending on your need, either config...
by bramwittendorp
Wed Aug 08, 2018 7:56 pm
Forum: Beginner Basics
Topic: Cant Ping Internal Server but can see an ARP entry and the server can ping out [SOLVED]
Replies: 2
Views: 499

Re: Cant Ping Internal Server but can see an ARP entry and the server can ping out [SOLVED]

It's nicer to post your export in a forum post using the brackets. I've downloaded and looked through your configuration: /ip dhcp-server add address-pool=dhcp disabled=no interface="LAN S Bridge" name="DHCP Office Lan" /ip address add address=192.168.2.10/24 interface="Ether10 (BreedeNet Antenna)" ...
by bramwittendorp
Tue Aug 07, 2018 9:02 pm
Forum: Beginner Basics
Topic: Adding a third Interface
Replies: 12
Views: 1153

Re: Adding a third Interface

Hi Julian, My bad, you should omit the in-interface then. It won't work in NAT (I did not test the syntax, excuse me). /ip firewall nat add chain=srcnat out-interface="ether3 - SonicWall X0" action=masquerade I might be betting on the same hore a gain, what you're saying sounds very logic to me. You...
by bramwittendorp
Mon Aug 06, 2018 11:16 pm
Forum: Beginner Basics
Topic: Adding a third Interface
Replies: 12
Views: 1153

Re: Adding a third Interface

Essentially what a bridge does is connecting multiple LAN-segments as if it was a single LAN. https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge ] But I'm under the impression you're trying to build a routed network, and in that case you won't need a bridge. When I do a tracert to Ether3 from Et...
by bramwittendorp
Sun Aug 05, 2018 11:05 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 9949

Re: Mikrotik in the news..bad news

From the GDRP Wiki-page: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation According to the European Commission, "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home a...
by bramwittendorp
Fri Aug 03, 2018 11:58 pm
Forum: Beginner Basics
Topic: Adding a third Interface
Replies: 12
Views: 1153

Re: Adding a third Interface

You're now talking about a routing to the internet, that sounds reasonable. You'll need a default route pointing towards the gateway for internet-traffic, probally the IP-adres that's configured on the X0 interface in the sonicwall. /ip route add dst-address=0.0.0.0/0 gateway=X0 IP SonicWall distanc...
by bramwittendorp
Fri Aug 03, 2018 6:03 pm
Forum: Beginner Basics
Topic: Adding a third Interface
Replies: 12
Views: 1153

Re: Adding a third Interface

In your RouterOS config it shows ether3 is connected to a SonicWall on the X0 interface. No rules in there blocking your ping-checks?

What does a traceroute show when trying to reach an IP on ether3? Where are packets not forwarded anymore?
by bramwittendorp
Fri Aug 03, 2018 5:49 pm
Forum: Beginner Basics
Topic: dhcp lease table
Replies: 5
Views: 895

Re: dhcp lease table

It will revoke that DHCP Lease. So when the client notices it's lease has been revoked the client will send a new DHCP-Request and the server will respond with a new DHCP-offer, and so the problem is resolved.
by bramwittendorp
Fri Aug 03, 2018 5:46 pm
Forum: Beginner Basics
Topic: VPN for Beginner
Replies: 4
Views: 835

Re: VPN for Beginner

This method routes ALL of the traffic via the VPN? What is you only want to route traffic destine JUST for that remote subnet? You could just add a more specific route pointing towards the VPN-gateway. So don't use a 0.0.0.0/0 pointing, but uses the IP-range intended. For example: /ip route add dis...
by bramwittendorp
Fri Aug 03, 2018 2:16 pm
Forum: Beginner Basics
Topic: Adding a third Interface
Replies: 12
Views: 1153

Re: Adding a third Interface

I'm finding it hart to decipher your question? Can you be more clear of the problem? From which interface to which interface are you trying to ping? And what doesn't work? On a side-note: set [ find default-name=ether4 ] disabled=yes name=ether2 speed=1Gbps set [ find default-name=ether3 ] name="eth...
by bramwittendorp
Thu Aug 02, 2018 8:52 pm
Forum: Beginner Basics
Topic: Adding a third Interface
Replies: 12
Views: 1153

Re: Adding a third Interface

Can you post your config by doing a
/export hide-sensitive
by bramwittendorp
Thu Aug 02, 2018 8:44 pm
Forum: Beginner Basics
Topic: hEX - Unable to ping outside of backup internet connection [SOLVED]
Replies: 6
Views: 1120

Re: hEX - Unable to ping outside of backup internet connection [SOLVED]

Can you post your firewall config as well? You can anonimize it, but maybe there's something in the firewall that's missing the correct interface?
by bramwittendorp
Wed Aug 01, 2018 8:22 pm
Forum: General
Topic: L2TP/IPSEC on MAC OS trouble
Replies: 4
Views: 1842

Re: L2TP/IPSEC on MAC OS trouble

Also is your client configuration the same?

By default, an iOS added VPN will forward all traffic through the VPN-tunnel; However macOS won't. You there need to go in to the advanced VPN-settings and make sure you check the send all traffic option.
by bramwittendorp
Wed Aug 01, 2018 8:30 am
Forum: Beginner Basics
Topic: WISP AP or WAN via WIFI and Routing
Replies: 1
Views: 3193

Re: WISP AP or WAN via WIFI and Routing

Hi Mark, Quickset can be a handy tool, but mostly I will not use it, some unexpected behaviour can come from this. I'd recommend resetting the device to blank (no factory default configuration) and than start building your own configuration. Somethings you'll need to do, you'll need WinBox for this:...
by bramwittendorp
Sun Jul 29, 2018 12:51 pm
Forum: Beginner Basics
Topic: Installed new router, no internet through wireless
Replies: 7
Views: 2842

Re: Installed new router, no internet through wireless

You're not recieving an DHCP-adress because your DHCP-server is only running on ether2. /ip dhcp-server add address-pool=dhcp disabled=no interface=ether2 name=dhcp1 A static IP on your wireless won't work either, because you've configured the default gateway on ether2 as well: /ip address add addre...
by bramwittendorp
Sat Nov 18, 2017 2:12 pm
Forum: RouterBOARD hardware
Topic: Hardware suggestions
Replies: 0
Views: 382

Hardware suggestions

Hi all, I'm busy designing and choosing hardware for a new network topology. The network is intended for an radio and tv-station, so there are some network components that need to be high available and I've come to almost 10 VLANs at this point. In my design I want some kind of separation between th...
by bramwittendorp
Tue Nov 14, 2017 4:56 pm
Forum: General
Topic: VoIP + NAT: registration works, audio/RTP "dead"
Replies: 5
Views: 1850

Re: VoIP + NAT: registration works, audio/RTP "dead"

I was having similar issues at my company, it was a setup with non-MikroTik hardware. But what we found was that setting up the phones to use TCP for SIP (5060 tcp instead of udp) did the trick.

I might be helpful for anyone else, so posting this here.
by bramwittendorp
Tue Oct 17, 2017 5:24 pm
Forum: Beginner Basics
Topic: One way video - PBX [SOLVED]
Replies: 9
Views: 1199

Re: One way video - PBX [SOLVED]

I'm not sure your problem lies in the NAT-policy. Are you allowing incoming traffic through your firewall on the given ports? A good NAT-translastion doesn't mean the traffic is actually entering your network
by bramwittendorp
Tue Jul 18, 2017 9:35 pm
Forum: Scripting
Topic: Setting a custom default configuration after system reset
Replies: 5
Views: 2519

Re: Setting a custom default configuration after system reset

Thanks for your tips guys!

I can confirm that it was indeed related to wireless drivers and fixed using a loop. I've taken a look at the MikroTik default configuration and used the loop element found in there.
by bramwittendorp
Thu Jul 13, 2017 5:09 pm
Forum: Beginner Basics
Topic: Make home broadband as VPN server using maP RouterOs
Replies: 9
Views: 2358

Re: Make home broadband as VPN server using maP RouterOs

My question is that how can I access my routerOS from outside? 1. Do I need to setup port forwarding? 2. would my server IP in my phone/laptop VPN setting contain port as well? something like 213.129.45.11:422 It is unclear to me how your have your mAP set-up, is it behind another broadband router ...
by bramwittendorp
Wed Jul 12, 2017 5:43 pm
Forum: Scripting
Topic: Setting a custom default configuration after system reset
Replies: 5
Views: 2519

Re: Setting a custom default configuration after system reset

Here is the configuration I have used. I've replaced my wpa-key with stars but it's an actual value in the real script of course. When using this configuration as a script it works, when pasting it in the terminal it works, when preforming a first installation using netinstall it works. @Puttika, th...
by bramwittendorp
Wed Jul 12, 2017 4:40 pm
Forum: Scripting
Topic: Setting a custom default configuration after system reset
Replies: 5
Views: 2519

Setting a custom default configuration after system reset

Hi all, I have a couple of SXT's that I like to setup with a certain configuration. I've found a topic on this forum that describes this as possible through netinstall ( https://forum.mikrotik.com/viewtopic.php?t=28169 ). I've written an custom configuration that works when pasting it in the termina...
by bramwittendorp
Mon Jul 03, 2017 11:08 am
Forum: Wireless Networking
Topic: Weird log message on DynaDish 5
Replies: 3
Views: 546

Re: Weird log message on DynaDish 5

Forgot to ever come back to post a reaction on this question. But updating to the latest RouterOS version solved the problem for me.
by bramwittendorp
Sat May 13, 2017 5:03 pm
Forum: Wireless Networking
Topic: Weird log message on DynaDish 5
Replies: 3
Views: 546

Re: Weird log message on DynaDish 5

Since this problem just happend again I've now disabled the loop protection on the ether1-interface, setting the value from default to off. I've also noticed the link speed is now 1G instead of 10M as well. Hope this helps at preventing possible issues.
by bramwittendorp
Sat May 13, 2017 8:42 am
Forum: Wireless Networking
Topic: Weird log message on DynaDish 5
Replies: 3
Views: 546

Weird log message on DynaDish 5

Hi all, I'm using a DynaDish 5 setup for a point-to-point wireless bridge between our studio and a remove transmitter location, we use a MPX Multicast stream for this connection. The configuration is working properly and without any problems so far. Yesterday I've gotten several messages from our Za...
by bramwittendorp
Tue Dec 06, 2016 3:25 pm
Forum: Wireless Networking
Topic: DynaDish EtherMPX Multicast stream
Replies: 6
Views: 1100

Re: DynaDish EtherMPX Multicast stream

Of course, I don't have currently access to all values of the changed settings. And I don't know if my settings are the best possible settings to achieve te optimal result, it is probably a trail and error process. Since our current installation is live and all changes made impact our broadcasting I...
by bramwittendorp
Fri Dec 02, 2016 4:54 pm
Forum: Wireless Networking
Topic: DynaDish EtherMPX Multicast stream
Replies: 6
Views: 1100

Re: DynaDish EtherMPX Multicast stream

Since we've figured it all out and this link is currently running providing data to our remote broadcast station without any issues. We've tweaked around with lots of settings on the Wireless cards of both devices and got a good link with stable ping response times.

This topic may be closed.
by bramwittendorp
Wed Nov 30, 2016 10:41 am
Forum: Wireless Networking
Topic: DynaDish EtherMPX Multicast stream
Replies: 6
Views: 1100

Re: DynaDish EtherMPX Multicast stream

Its indeed a multicast stream. Last night we got a pretty decent signal with just a little bit of jittering. When we initial started setting things up we where looking at the PIM en IGMP-proxy setting. But I realised we where looking at the wrong place, since multicast traffic was already arriving a...
by bramwittendorp
Tue Nov 29, 2016 3:27 pm
Forum: Wireless Networking
Topic: DynaDish EtherMPX Multicast stream
Replies: 6
Views: 1100

DynaDish EtherMPX Multicast stream

Hi all, For my volunteering job I'm currently building an wireless bridge using the DynaDish 5. We use EtherMPX encoder and decoders for transferring a MPX-signal from our main studio to a sender location. The multicast stream is working across the DynaDish link, but the quality is very bad. It migh...