Community discussions

MikroTik App

Search found 12 matches

by arnaldo
Tue May 08, 2018 1:52 pm
Forum: General
Topic: Access public IP dst-nat from local subnet
Replies: 22
Views: 13041

Re: Access public IP dst-nat from local subnet

Congratulations for figuring it out. But it looks like you missed this page , it could save you some effort, everything is described there, even with images. But it doesn't hurt when something makes you think and discover stuff by yourself. :) Thanks for the pointer. it's indeed the same explanatio...
by arnaldo
Tue May 08, 2018 3:04 am
Forum: General
Topic: Access public IP dst-nat from local subnet
Replies: 22
Views: 13041

Re: Access public IP dst-nat from local subnet

I've been trying to make heads and tail about this, specially since all "basic" routers seem to do it without requiring any special configuration. As there are some "solutions" but no explanation of the flow, I was looking at the solutions that claim to be working, so I dare to state that problem oc...
by arnaldo
Thu Apr 26, 2018 2:02 pm
Forum: General
Topic: SIP Account Registration Problem
Replies: 9
Views: 1878

Re: SIP Account Registration Problem

Maybe your ISP is filtering port 5060?
I'm running 6.42.1 and SIP is working for me (my ISP filters and I switch to port 5080).

If you are using Mikrotik SIP ALG (service port), try disabling NAT support on your client (SIP device or PBX).
by arnaldo
Sat Apr 21, 2018 11:10 pm
Forum: Scripting
Topic: DynDNS script that works?
Replies: 8
Views: 7680

Re: DynDNS script that works?

This one allows for multiple interfaces, dynamic interfaces, and even more than one DNS entry per interface. I've been using it for a few years now. :local ifs {"ppp1";"wan1";"wan1"}; :local hostnames {"a.homeip.net";"b.homeip.net";"c.homeip.net"}; :local user "your-account-name"; :local password "y...
by arnaldo
Sat Apr 21, 2018 4:13 am
Forum: General
Topic: Fasttrack and route marked packets
Replies: 17
Views: 3118

Re: Fasttrack and route marked packets

My view of why you don't want to fasttrack "new" connections is that you want the new connection to first go through your firewall to see if safe/trusted, once the new connection is seens as safe/trusted, the established/related part of that connection can be accepted/fasttracked That's how I under...
by arnaldo
Thu Apr 19, 2018 8:50 pm
Forum: General
Topic: Fasttrack and route marked packets
Replies: 17
Views: 3118

Re: Fasttrack and route marked packets

Took some time to rewrite all the rules (changing route-marks to connection-marks) adjust passthrough and setting the new route-marks. So far seems to be working fine. The idea to add extra connection-mark->route-mark at the top saves most packages from having to traverse the whole chain. Combine th...
by arnaldo
Thu Apr 19, 2018 2:46 am
Forum: General
Topic: Fasttrack and route marked packets
Replies: 17
Views: 3118

Re: Fasttrack and route marked packets

Thanks for all the insights. Using connection-marks was my original approach, but I went the other way around: route-mark -> connection-mark (not a bright idea) :mrgreen: I think the following code will work: /ip firewall mangle add connection-state=new dst-address=10.10.0.0/16 chain=prerouting acti...
by arnaldo
Wed Apr 18, 2018 3:43 pm
Forum: General
Topic: Fasttrack and route marked packets
Replies: 17
Views: 3118

Re: Fasttrack and route marked packets

Interesting, my understanding of "route-mark" with a value of "main" is that it means "no routing mark" (if that's true, why not use "no-mark"). This is very confusing. Also, I've tried using routing-table, without success. Anyone knows when "routing-table" is set? I will give the idea of conn-mark ...
by arnaldo
Wed Apr 18, 2018 3:24 am
Forum: General
Topic: Fasttrack and route marked packets
Replies: 17
Views: 3118

Fasttrack and route marked packets

I know that PBR does not play well with Fasttrack. So, I'm trying to exclude "route-marked" packets from being Fasttracked. To my understanding, the following filter rule should pick all packets that were not mangled with route-mark during prerouting: /ip firewall chain=forward action=fasttrack-conn...
by arnaldo
Thu Oct 13, 2016 11:40 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 37480

Re: L2TP/IPSec for Road Warrior

Let me joint the party and share my toughts here. With Apple dropping PPTP, this issue has become a more sensitive problem. Setting up an L2TP/IPSEC server for road warriors was not a major problem once I moved to 6.37.1. It works fine for Win7-10, Android, macOS (10.11 and 10.12) and iOS 10. But as...
by arnaldo
Thu Oct 13, 2016 4:06 pm
Forum: General
Topic: L2TP/IPSEC client only connects on ROS reboot
Replies: 1
Views: 503

L2TP/IPSEC client only connects on ROS reboot

I'm trying to use ROS 6.37.1 (RB750GL) as a L2TP/IPSEC client (user/password + shared key), using the auto-generated IPSEC policies (I do not create the IPSEC policies, ROS does) The setup is quite straight forward and I can get it to work from mobile phones, macOS and Windows. But under ROS I can o...
by arnaldo
Wed Sep 21, 2016 2:45 am
Forum: General
Topic: Need Help: L2TP Client Interface with shared secret key
Replies: 24
Views: 31006

Re: Need Help: L2TP Client Interface with shared secret key

(at least) On 6.36.3 we can defer the creation of the IPSec peer and policy to ROS, for setting up either a L2TP/IPSec server or client. I need to set up both. Setting up the server works fine and I can connect from our target road warrior devices, iOS and Mac OS X. But I also need to make our Mikro...