MikroTik

CZFan

@Anav, IIRC, you are using an email client with mail server hosted our side your network. Then the client will send mails out, either directly to your hosted mail server or alternative Skype server. The mail coming in, is being "pulled" by the mail client, so connection is into initiated from inside...

CZFan

I am struggling to understand what you are looking for here, the "drop invalid" rule is the built in solution

CZFan

Based on the limited information you provided, this should be sufficient:

Create / run a script to pick up active wan IP

CZFan

RouterOS uses routes from "/ip route" to decide where to send packets. It doesn't automatically send replies back the same way from where the request came. So you have incoming connection on WAN2, but default route uses WAN1, so response packets are sent there and of course it doesn't work. Solutio...

CZFan

@anav I already did it (viewtopic.php?f=13&t=145144), but I got no answers... l don’t know what to do.

You now have an answer...

CZFan

If you have hired a company to do the installation, then surely they must correct the problem / design of the network?

Alternatively, my suggestion will be to hire a Mikrotik Certified Consultant in your area. https://mikrotik.com/consultants

CZFan

What will you do that concerns you about the memory.
Hap ac2 has 4 cpu and that memory is more than sufficient

CZFan

6344.JPG

CZFan

...

I can't seem to downgrade it to 6.34.4 Mikrotik seems to have deleted the firmware from there website

...

https://mikrotik.com/download/archive

CZFan

Add a simple queue with target of CCTV IP and set rate limits required

CZFan

As far as I can recall, Hap Mini and Lite has exactly the same specs, only difference is mini has 3 ether ports and Lite has 4 ether ports

CZFan

My main concern is to make sure the antennas are aligned, my thinking is does not matter settings you play with, if alignment is out, you will never have a stable / good link. but seems for some reason, no one here wants to comment on if the alignment tool in Winbox still works. I have set the chann...

CZFan

Yup, that will also work as OpenVPN on MT is TCP Based.

I just prefer SSTP over O-VPN as SSTP uses port 443, less chance of ISP's blocking it.

CZFan

One suggestion will be to not use NATing between proxy / ASA / MT, but rather routing and only NAT out on MT

CZFan

You can use certs with SSTP between MT's, but it is not required. My point was you can quickly test it without creating certs etc. if it works better, then implement with certs

CZFan

UDP not good for unstable links, maybe try a TCP based site to site VPN, i.e. SSTP bwteen MT's, don't need certs in this case

CZFan

Thx for your response, and I might very well be wrong and please correct me if I am wrong My understanding is that it is 897Mb/s air rate (radio) and should be able E to get 450 - 500 Mb/s data rate. I did some more reading, and it seems like with the equipment used for the link and due to short dis...

CZFan

Bump, anyone, please?

CZFan

Hi Have a PTP link (2 x LHG 5ac's) connected but not too happy re performance which I am sure is due to my limited knowledge on wireless and asking for some help. The distance between the devices is about 500m with clear line of sight, both devices are on ROS 6.44.1. I if I can get the link to push ...

CZFan

cause your rules are incorrect: Forward chain, you have dst address list which should work ok, but should really be src address list input chain, again you have dst address list, this will never work as you should not have any China IPs as per address list on your router, so should also be src addre...

CZFan

I want mind to grind coffee beans. They should call it the cAPpuccinoAC

CZFan

https://support.microsoft.com/en-gb/hel ... in-windows

CZFan

If you coming with a Windows client behind a NAT and L2TP/IPSec server is also behind a NAT, have a look at this, it solved my problem:

https://support.microsoft.com/en-gb/hel ... in-windows

CZFan

Would you use a Mini to transport the local school rugby / soccer team to a game?

The Hex S is a SOHO device, that is an acronym for "Small Office / Home Office", do you think what you are trying to do fits in there?

CZFan

Hi Emils,

Is this fix related to recent vulnerability issue that were going to go public on 9 April?

CZFan

Is this functionality still working? I have 2 lhg 5ac devices, link is up in bridged ptp config currently syncing at 400Mbps, but when I try this, I get nada. no sounds on station side, no info in Winbox on station side. All I get is customer screaming at me every time I do this as the link between ...

CZFan

Thx @mkx, @pe1chl for the info. Have over 1000 of these deployed in user homes (FTTx Deployment), so if things go wrong, not easy to get physical access to these plus user / client downtime. There was a time when I still had hair, when all jumped ship from Novell (had a very soft spot for Novell) to...

CZFan

IIRC, MT does not support dynamic VLAN's

CZFan

uninstall tr069 package, remove everything from /files, upgrade only routeros, after suiccessful upgrade install tr069 again Yes, if it was a device at my home, no issues, but now I must go do that on over 1000 devices at client site? WTF is it even necessary to do that, I am a patient person, been...

CZFan

@CZFan, @gdelacruz: is there anything in the log about upgrading (or its failure)? When I try to uninstall the packages that are disabled, I get error, cant uninstall bundled package Have over 1000 of these devices deployed at 1 client only Log info after trying to upgrade: 23:46:30 system,info ins...

CZFan

unfortunately my MT is not upgrading to 6.44 from 6.43.12. i am using the upgrade tool from winbox. downloading and reboot but it does not change at all... pls. advise .. using RB952Ui-5ac2nD.. thanks Having the same problem on 1 device, trying to upgrade from 6.43.8 to 6.44.1, it downloads it, reb...

CZFan

Hi all,
I noticed since 6.44 and now 6.44.1 some neighbors are displayed without their IP address.. is there a solution?

My guess will be those devices do not have an IP on the interface reported on.

CZFan

Updated hAP AC2 and CCR1009 from 6.44 to 6.44.1 I am seeing a lot of dropped Forwarded packets as INVALID. These are packets that should have hit the New connection from a local device in the address list. But are getting dropped. Also ... Updated my Hap AC^2, also getting lots of invalids dropped,...

CZFan

upgrade ≠ reset configuration

On upgrade system files are replaced with new ones.

You are using the wrong symbol to explain to IT people, should use "!=" instead, then they will better understand

CZFan

So I missed this thread when it was new, but it's not too late to disagree now - hairpin NAT is awesome! ;) Ok, that was just to even things out a little. Reality is that haipin NAT should be unnecessary and by long time obsolete hack from old IPv4 + NAT times that were supposed to end years ago. U...

CZFan

Will have to configure routing, make sure FW's do not block this traffic between sites and ensure your syslog server accepts from these IP's, that should be all

CZFan

Hi Since the last update we have had multiple clients complaining about existing sites where VoIP experiences issues, from de-registration, no audio, one way audio. Currently we downgrading the clients back to 6.43.8 which works. I've sent multiple supouts and support tickets to Support with no fee...

CZFan

Trafic that you are trying to avoid in your ping command is not for the forward chain, is for the input chain. If you do not want users on vlanx communicate with the interface of the VLANy on the router , you need to block the traffic on the input chain. Regards. What you said makes no sense to me....

CZFan

Just thinking, I have a CRS326, up time currently reported as 51d12h, have zero downtime / flaps on SFP+ port.

Are the flaps not maybe caused by the other side?

CZFan

Add accept rules for guest subnet before fasttrack rule

CZFan

I think it will be best for you to engage with a Mikrotik Consultant in your local area

https://mikrotik.com/consultants

CZFan

For the Qs to correctly match both directions you need to add the following rule before fast track rule:

chain=forward action=accept connection-state=established,related dst-address-list=alist_to_s-queue log=no log-prefix=""

CZFan

I had to change the link sync to manual with every SFP module in SFP+ ports, this was on CCR1036, CCR1072 & CRS326 IIRC

Also, I think they do state that in the manual

CZFan

If I may ask, what device is this ISP modem, make, model, etc?

CZFan

Maybe you should approach your ISP?

CZFan

I am monitoring about 40 devices using the Dude. Have 3 devices that are across a bridged wireless PTP link. For any devices on the other side of this wireless link, I get every now and then (intermittent) SNMP timeouts and with that false notifications. Have done the normal checks, etc, i.e. CPU lo...

CZFan

It's almost like Mikrotik should run one

Please forward the bandwidth test link for Cisco, Juniper, Huawei, Zyxel, TP-Link, ....

CZFan

Yes, the wireless radios draw quit a bit of power.

It sounds as if the CRS109 meets your requirements, if that is the case, and it was me, I will buy the correct power supply, add a virtual WLan and voila, you have 2 x SSIDs

CZFan

You need to remove WLAn from bridge and add L2TP interface to bridge on L2TP client side, i.e. on your AP, the server side should be done dynamically of configured correctly. You DHCP client should also be bound to L2TP client interface i need wifi clients to get ip from dhcp server from ether2 Ok,...

CZFan

Topic below might get you started:

viewtopic.php?t=135504

Search found 1171 matches