Community discussions

MikroTik App

Search found 24 matches

by Fesiitis
Tue Apr 14, 2020 6:42 pm
Forum: RouterBOARD hardware
Topic: PoE Injectors
Replies: 5
Views: 1756

Re: PoE Injectors

@Paternot, I got your idea, but I don't have any plans for using second ethernet port, maybe in future. Currently I'm using only wi-fi.
 
The point is U-POE-AF from Ubiquiti would fit perfectly in my current situation. So I would be happy to see similar PoE devices from Mikrotik as well.
by Fesiitis
Tue Apr 14, 2020 6:03 pm
Forum: RouterBOARD hardware
Topic: PoE Injectors
Replies: 5
Views: 1756

Re: PoE Injectors

This is my situation. There is no way RBGPOE can help without any switch or something between incoming LAN cable from ISP and my router. https://i.imgur.com/3DItBBC.jpg I'm planning to replace my current wAP with new cAP ac, and I have to figure out how to power it.   Why don’t you add a female-to-f...
by Fesiitis
Tue Apr 14, 2020 4:03 pm
Forum: RouterBOARD hardware
Topic: PoE Injectors
Replies: 5
Views: 1756

PoE Injectors

Hi, Does Mikrotik has any plans in future for PoE Injectors similar like Ubiquiti has? For example this one - https://store.ui.com/collections/operator-accessories/products/u-poe-af RBGPOE does not fit my needs, because in my apartment the ISP has only provided incoming LAN cable without any switche...
by Fesiitis
Wed Nov 27, 2019 1:26 pm
Forum: General
Topic: Azure VPN [SOLVED]
Replies: 8
Views: 5480

Re: Azure VPN [SOLVED]

You can follow this guide how to create a Site-to-Site connection in the Azure portal - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal And there is my Mikrotik configuration, including full firewall configuration. Just replace your public IP...
by Fesiitis
Fri Nov 22, 2019 3:45 pm
Forum: General
Topic: Can't access router after establishing IPsec tunnel to it
Replies: 11
Views: 1178

Re: Can't access router after establishing IPsec tunnel to it

You have to add additional input rule on both sides -
add action=accept chain=input comment="IPsec allow access to router" \
    dst-address=<site1-router-ip> in-interface-list=WAN ipsec-policy=in,ipsec \
    src-address=<site2-subnet>
by Fesiitis
Wed Nov 13, 2019 10:26 am
Forum: General
Topic: IPsec IKE2 can find valid sertificate [SOLVED]
Replies: 9
Views: 2092

Re: IPsec IKE2 can find valid sertificate [SOLVED]

These are steps I did - 1. Create CA /certificate add common-name=XX.XX.XX.XX name=XX.XX.XX.XX sign "XX.XX.XX.XX" ca-crl-host=XX.XX.XX.XX 2. Create server certificate add common-name=XX.XX.XX.XX subject-alt-name=IP:XX.XX.XX.XX key-usage=tls-server name="IKE2 RSA server" sign "IKE2 RSA server" ca=XX....
by Fesiitis
Mon Nov 11, 2019 9:41 pm
Forum: General
Topic: IKE2 RSA Road Warrior connected, but can't access to LAN [SOLVED]
Replies: 2
Views: 958

Re: IKE2 RSA Road Warrior connected, but can't access to LAN [SOLVED]

Thank you for the detailed explanation! ;) I just changed IP pool to different addresses and it works now. :D Previously I had PPTP enabled with 10.0.0.71-10.0.0.80 in IP pool and proxy-arp was already enabled on bridge interface, so I thought something is wrong with firewall rules. But your post ga...
by Fesiitis
Mon Nov 11, 2019 4:41 pm
Forum: General
Topic: IKE2 RSA Road Warrior connected, but can't access to LAN [SOLVED]
Replies: 2
Views: 958

IKE2 RSA Road Warrior connected, but can't access to LAN [SOLVED]

Hi! This is first time I have ever configured IKE2 RSA Road Warrior, I followed this tutorial - https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication Current DHCP for LAN - 10.0.0.10-10.0.0.70 I have two site-to-site IPsec tunnels configured as well - ...
by Fesiitis
Tue Oct 29, 2019 12:27 pm
Forum: General
Topic: IKE2 EAP as responder
Replies: 1
Views: 506

IKE2 EAP as responder

Does Mikrotik has any plans for this feature? Support for EAP authentication methods as initiator was added back in 6.45.1 update. I would like to know whether this feature will be added sooner or later or not at all.
by Fesiitis
Thu Oct 03, 2019 5:28 pm
Forum: General
Topic: Azure Site-to-Site VPN using Mikrotik, cant access private IP from. Traffic flows only from Azure to Onprem [SOLVED]
Replies: 8
Views: 1639

Re: Azure Site-to-Site VPN using Mikrotik, cant access private IP from. Traffic flows only from Azure to Onprem [SOLVED]

No, BGP should be configured only if you only really needs it. Also there's no need for additional Routes from Azure side. With default NSG rules, Azure should allow IPsec traffic for both sides.
by Fesiitis
Thu Oct 03, 2019 5:08 pm
Forum: General
Topic: Azure Site-to-Site VPN using Mikrotik, cant access private IP from. Traffic flows only from Azure to Onprem [SOLVED]
Replies: 8
Views: 1639

Re: Azure Site-to-Site VPN using Mikrotik, cant access private IP from. Traffic flows only from Azure to Onprem [SOLVED]

First srcnat rule is not meant to allow Azure to On-Premise traffic, it is for On-Premise to Azure. Basically with that srcnat, mangle rule and these default fw rules you should be able to access Azure from On-Premise and vice versa. I have many IPsec tunnels created from Mikrotik to Azure that way ...
by Fesiitis
Thu Oct 03, 2019 1:10 pm
Forum: General
Topic: Azure Site-to-Site VPN using Mikrotik, cant access private IP from. Traffic flows only from Azure to Onprem [SOLVED]
Replies: 8
Views: 1639

Re: Azure Site-to-Site VPN using Mikrotik, cant access private IP from. Traffic flows only from Azure to Onprem [SOLVED]

You have to add additional NAT rule to access Azure from On-Premise - /ip firewall nat add action=accept chain=srcnat comment="Azure" dst-address=\ azure-subnet/24 src-address=onprem-subnet/24 Also Azure suggests to clamp TCP MSS at 1350, so you should set this value by adding additional Mangle rule...
by Fesiitis
Thu Sep 26, 2019 12:04 am
Forum: General
Topic: VLANs for wifi and guest on router as AP
Replies: 2
Views: 794

VLANs for wifi and guest on router as AP

I'm pretty new on VLAN's, never had any needs to configure it before, so basically this is first time I'm doing it. Here you can see how I would like to see network for wifi for employees and guests - https://i.imgur.com/1MukyEr.png On cAP ac has no any specific configuration yet, it's basically fre...
by Fesiitis
Tue Sep 17, 2019 2:32 pm
Forum: General
Topic: Disk space problem [SOLVED]
Replies: 4
Views: 1232

Re: Disk space problem [SOLVED]

This router has only 16 MB of storage size. I have RBwAP2nD and RB760iGS as well. On RBwAP2nD I had upgrade problems just because of storage size. And I solved this by getting rid of unwanted packages. Go to System > Packages and uninstall packages you don't use. Now on both routers I have only thes...
by Fesiitis
Thu Sep 12, 2019 2:08 pm
Forum: General
Topic: L2TP/IPSec VPN can access LAN but not Router [SOLVED]
Replies: 12
Views: 6254

Re: L2TP/IPSec VPN can access LAN but not Router [SOLVED]

Thanks for reply. This works. Next time I will post configuration as a text, thanks for suggestion. ;)
by Fesiitis
Thu Sep 12, 2019 1:34 pm
Forum: General
Topic: L2TP/IPSec VPN can access LAN but not Router [SOLVED]
Replies: 12
Views: 6254

Re: L2TP/IPSec VPN can access LAN but not Router [SOLVED]

I found this topic, because I have a same issue the OP had. Except I don't have L2TP/IPsec VPN, but IKE2 IPsec configured. And changing from !LAN to WAN does not fix issue, I can't access to router from any device on 10.12.14.0/24 network at all. If I disable that default "not from LAN" rule, I can ...
by Fesiitis
Thu Aug 15, 2019 7:24 pm
Forum: General
Topic: Feature requests
Replies: 1216
Views: 261465

Re: Feature requests

I'm waiting for ike2 support for eap as responder. Hope this feature will be added soon, since support for this as initiator was added in v6.45.1 update.
by Fesiitis
Wed Jul 03, 2019 5:12 pm
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 13
Views: 5934

Re: L2TP VPN can not connect on Windows 10

Does it stuck on "Connecting to **IP address**"? If yes then it's not Mikrotik problem. I have same issue with L2TP. On 1803 I had this issue if I had GeForce Experience installed on Windows 10. After upgrade to 1809 L2TP does not work even without GeForce Experience. Haven't tried with 1903.
by Fesiitis
Wed Jul 03, 2019 4:55 pm
Forum: General
Topic: IKEv2 with EAP-MSCHAPv2 mobile VPN [SOLVED]
Replies: 1
Views: 742

IKEv2 with EAP-MSCHAPv2 mobile VPN [SOLVED]

Hi! I have two different routers. One of them is just a personal computer running OPNsense as OS. Second one is RB850Gx2 (v6.45.1). I want to create VPN server using IKEv2 with EAP-MSCHAPv2 on both of them. I have already created it on OPNsense following this tutorial . Now I want to create somethin...
by Fesiitis
Tue Jun 26, 2018 8:21 pm
Forum: General
Topic: IP NAT only when connecting to specific IP [SOLVED]
Replies: 2
Views: 551

IP NAT only when connecting to specific IP [SOLVED]

Hi! I have DHCP setup with address pool 10.2.0.0/24. What I want to achieve is that when I connect to 10.50.50.4 with 80 and 443 ports (just example) then outgoing address pool is 10.3.0.0/24. It's should be like - my PC has IP 10.2.0.15 assigned. I'm connecting to 10.50.50.4:80 via web browser. My ...
by Fesiitis
Tue Apr 17, 2018 11:36 am
Forum: General
Topic: Remote logging to Graylog2 [SOLVED]
Replies: 2
Views: 2714

Re: Remote logging to Graylog2 [SOLVED]

Problem solved. Stupid Graylog2 can't reach neither Mikrotik router nor any other server if it's binded to direct IP address. After I set bind address to 0.0.0.0, everything started as it should be.
by Fesiitis
Tue Apr 17, 2018 11:26 am
Forum: General
Topic: Remote logging to Graylog2 [SOLVED]
Replies: 2
Views: 2714

Remote logging to Graylog2 [SOLVED]

I'm trying to configure Mikrotik router to send logs to Graylog2 server, but it looks that I have something missing or wrong because nothing happens..
mikrotik.PNG
graylog.PNG
Is there someone who can help me?
by Fesiitis
Tue Sep 13, 2016 1:57 pm
Forum: Wireless Networking
Topic: 2.4 and 5 GHz best settings
Replies: 5
Views: 10449

Re: 2.4 and 5 GHz best settings

When both chains are in use, my laptop (with Intel Centrino Wireless-N 2230) maximum download/upload speed shows ~25Mbps, but with one chain ~55Mbps. However another laptop (with Intel Centrino Advanced-N 6230), when both chains are in use, maximum speed is ~90Mbps, but with one chain ~45Mbps. That'...
by Fesiitis
Tue Sep 13, 2016 11:18 am
Forum: Wireless Networking
Topic: 2.4 and 5 GHz best settings
Replies: 5
Views: 10449

2.4 and 5 GHz best settings

Hi! One of our clients is using this product . That wireless router is configured as access-point (no DHCP, Ethernet and both Wi-Fi interfaces bridged). Currently settings for both interfaces: https://s12.postimg.io/bsv9tzpx9/image.png https://s12.postimg.io/6vhp8vny5/image.png Problem is that I can...