Community discussions

MUM Europe 2020

Search found 46 matches

by Technetium
Tue Aug 06, 2019 9:30 am
Forum: General
Topic: Router - AP with WIFI guest on VLAN don't work
Replies: 4
Views: 535

Re: Router - AP with WIFI guest on VLAN don't work

So how can i receive untagged traffic in the bridge (to use local LAN) and tagged traffic (vlan-20) out of the bridge ?
by Technetium
Tue Aug 06, 2019 1:11 am
Forum: General
Topic: Router - AP with WIFI guest on VLAN don't work
Replies: 4
Views: 535

Router - AP with WIFI guest on VLAN don't work

I have a router hAP and a cAP as separate access point who has to manage the wifi network "local lan" and "guest". Local lan wifi is sent on untagged eth1 of cAP Guest Wifi is on a virtual interfaces with vlan=20 of physical radio interfaces. http://i66.tinypic.com/1430105.png The hAP router seems n...
by Technetium
Wed Jul 31, 2019 10:52 am
Forum: General
Topic: Mangle traffic from ethernet port in a bridge dedicated to WIFI AP
Replies: 0
Views: 279

Mangle traffic from ethernet port in a bridge dedicated to WIFI AP

I have connected the WiFi access point to one ethernet port (ether5) that is in the lan bridge "Bridge". I want mark all connections from the AP (on ether5) to route all to a specified WAN. /ip firewall mangle add action=accept chain=prerouting comment="Accept da WAN1" dst-address=\ 10.1.1.0/24 add ...
by Technetium
Thu Jul 25, 2019 5:13 pm
Forum: General
Topic: Ovpn server on separate pool cannot reach lan
Replies: 4
Views: 475

Ovpn server on separate pool cannot reach lan

I've setup an OpenVPN server on my router. My lan pool is 192.168.1.0/24, 192.168.1.1 is the bridge for the lan. The OpenVPN pool is 10.255.255.0/24 The connection to the server works fine but i can't see and ping the lan I've inserted the rule in the firewall to reach the lan from a open-vpn addres...
by Technetium
Tue Jul 23, 2019 12:29 am
Forum: General
Topic: Can't access Winbox from VPN - OpenVpn
Replies: 4
Views: 423

Re: Can't access Winbox from VPN - OpenVpn

I've added the interface list LAN in the profile. It worked only if i set a local ip in the dhcp range (es. 192.168.1.2) al local address and "dhcp" pool as remote address. It not work if a use a separate pool (10.255.255.2-10.255.255.254) for the ovpn profile. I can't figure out why using a separat...
by Technetium
Mon Jul 22, 2019 9:15 pm
Forum: General
Topic: Can't access Winbox from VPN - OpenVpn
Replies: 4
Views: 423

Re: Can't access Winbox from VPN - OpenVpn

But why ping to the devices is working ?
by Technetium
Mon Jul 22, 2019 7:03 pm
Forum: General
Topic: Can't access Winbox from VPN - OpenVpn
Replies: 4
Views: 423

Can't access Winbox from VPN - OpenVpn

I've setup a OpenVPN server on the router to be able to change it's config (using winbox) but when i'm connected from an external connection in a OpenVPN tunnel i can't connect t the router. The connection is correctly initated. Assigned ip 10.255.255.3 Ip pool for OVPN sever is 10.255.255.2/24. I c...
by Technetium
Sun Jul 21, 2019 5:55 pm
Forum: General
Topic: IKE-IPSEC - request not routed through the IPSEC
Replies: 5
Views: 641

Re: IKE-IPSEC - request not routed through the IPSEC

How can i set on my router DNS that a request for ".sitea.com" had to b resolved in the SITE A (192.168.27.48/29) network ?
by Technetium
Fri Jul 19, 2019 11:00 pm
Forum: General
Topic: IKE-IPSEC - request not routed through the IPSEC
Replies: 5
Views: 641

Re: IKE-IPSEC - request not routed through the IPSEC

So i have to insert a nat that match the destination and the local source. Thanks.

Can i setup on the same router a LT2P/IPsec server ? This service use the same port (500 and 4500) of the IPSec tunnel.
by Technetium
Fri Jul 19, 2019 3:52 pm
Forum: General
Topic: IKE-IPSEC - request not routed through the IPSEC
Replies: 5
Views: 641

IKE-IPSEC - request not routed through the IPSEC

I've setup a plain IKE-IPSEC connection. The VPN connection is working (estabilshed) and from the SITE A they can ping the machine in my internal network but i can't ping machines on the other site -> Ping is not working from SITE B to SITE A. Using tracert i see that the request to a SITE A IP is s...
by Technetium
Sat Jun 08, 2019 7:13 pm
Forum: General
Topic: Route specific traffic through the VPN
Replies: 7
Views: 653

Re: Route specific traffic through the VPN

I will try. I'm not the administrator of the server side.
The server side is managed by the company who sell the web application.
The VPN connect my router to them datacenter.
by Technetium
Sat Jun 08, 2019 6:49 pm
Forum: General
Topic: Route specific traffic through the VPN
Replies: 7
Views: 653

Re: Route specific traffic through the VPN

Just an IPSec (IKE -IPSec).
by Technetium
Sat Jun 08, 2019 5:38 pm
Forum: General
Topic: Route specific traffic through the VPN
Replies: 7
Views: 653

Re: Route specific traffic through the VPN

The VPN is a tunnel to reach a server that exposes a webserver, port 80,8080,443.
The client on my network had to digit on browser https://192.180.1.10 to use it.
Is an /ip ipsec policy setup sufficient ?
by Technetium
Sat Jun 08, 2019 4:08 pm
Forum: General
Topic: Route specific traffic through the VPN
Replies: 7
Views: 653

Route specific traffic through the VPN

I have a network (192.168.1.XXX), connected to internet. To access to an application i have to setup a VPN and route through the VPN tunnel the requests from local devices that are requiring for the VPN network IP (192.180.1.XXX) How can i route only the requests to 192.180.1.1 through the VPN conne...
by Technetium
Tue Jun 04, 2019 10:17 am
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

The WAN interface of the mikrotik router are behind the ISP router because its doesen't support full bridge mode so on the WAN interface i have the private IP. The RTP stream received to the mikrotik router have the PBX ip because the PBX is a router that manage the phone network. So the PBX transla...
by Technetium
Mon Jun 03, 2019 10:43 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

Which doesn't answer my question. Do you know whether the RTP from the internal phone towards the VoIP provider reaches Mikrotik from the IP of the phone or from the IP of the PBX? RTP streams are directed and originate (outgoing stream) to the PBX IP. The PBX has it's own router (and switch) insid...
by Technetium
Mon Jun 03, 2019 7:14 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

On the other side, external there is the server of the VoIP provider. The PBX is internal and manages all the phones network. Generally receiving a call, on the other side there may be any device (a PSTN phone, a mobile phone.. a Voip device..) The problem is that sometimes a call result in a mute c...
by Technetium
Mon Jun 03, 2019 1:26 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

Here the export: /interface bridge add admin-mac=XXXXX auto-mac=no comment=defconf name=bridge /interface ethernet set [ find default-name=ether1 ] name=WAN1 set [ find default-name=ether2 ] name=WAN2 /interface ethernet switch port set 0 default-vlan-id=0 set 1 default-vlan-id=0 set 2 default-vlan-...
by Technetium
Thu May 30, 2019 12:24 am
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

The VoIP PBX isn't working very well. It is working but sometimes an incoming call is mute. No audio is received. Maybe because the PBX port are dst-natted? Port 5060, 5061 and a range from 8000-10000 are dst- natted to the IP of the PBX. The packet involved in a dst-nat are processed in input or ou...
by Technetium
Thu May 09, 2019 11:02 am
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

Documentation is not clear on that point: https://wiki.mikrotik.com/wiki/Manual:HTB. One example has such situation, but the effect/goal is not elaborated. Then again is that a valid situation for you? I would think not: voip should have higher prio, and it's volume will be much smaller than rest i...
by Technetium
Wed May 08, 2019 10:38 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

I've checked the queue tree in a test setup. https://i.imgur.com/HNDcad2.jpg The Voip queue takes all bandwidth up to its maximum limit even if in the other queue there is upload activity. I thought queue would split in half the bandwidth, after satisfying the minimum bandwidth imposed by limit-at. ...
by Technetium
Tue May 07, 2019 8:05 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

I have only 1 line. I measured the traffic during a call, it's a maximum of 100Kb. Phones are not in the lan of the mikrotik router. Are on another lan managed directly from PBX (pbx has it's own poe router/switch inside). VoIP connections is excluded from PCC using the rules that force traffic thro...
by Technetium
Tue May 07, 2019 3:59 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

I've added the dst-nat on port 5060, 5061 to the pbx an the range of port used for udp 10000-12000. It seems start working when i added this mangle rule that are matching some traffic. /ip firewall mangle add chain=forward in-interface=WAN1 action=mark-connection new-connection-mark=WAN1 add chain=f...
by Technetium
Tue May 07, 2019 12:31 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

With your suggestion i have to add this on mangle. Marking connection of Voip: /ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark disabled=no dst-address-type=!local in-interface=bridge src-address=192.168.1.246 new-connection-mark=Voip_WAN2 passthrough=yes comme...
by Technetium
Tue May 07, 2019 9:45 am
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

Can I use simple queue without marking packets?

To use queue tree I have to mark all packet to and from my PBX IP.
Next, set a queue tree global on wan 2. Which type of queue?
Next a queue with "limit at" for marked packets.
Did I understand right ?
by Technetium
Tue May 07, 2019 12:20 am
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

I haven't rule to mark packet in mangle.
Can i use queue tree on WAN 2 without marking the packet ?
by Technetium
Mon May 06, 2019 11:47 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

Yes, you are right. I've added another connection mark but there is no need to do it. Thanks ;)

WAN2 is 10M down/1M up.
Now, how can i reserve some bandwidth for VoIP upload ?
by Technetium
Mon May 06, 2019 10:50 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

Re: VoIP with load balancing PCC

Interesting...I did not think about using other marks. But which is the default route ? Wan 1 has a gateway (ISP1) and Wan 2 has another gateway (ISP2) I thought to force the routing adding this rules in mangle: /ip firewall mangle #Mark Voip connection, force use WAN2 add action=mark-connection cha...
by Technetium
Mon May 06, 2019 9:20 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 1704

VoIP with load balancing PCC

I have set my routerboard to use 2 wan on load balance with PCC technique. /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=10.0.1.0/24 comment="Accept da WAN1" add action=accept chain=prerouting disabled=no dst-address=10.0.2.0/24 comment="Accept da WAN2" #Identify whi...
by Technetium
Thu May 02, 2019 12:15 pm
Forum: Beginner Basics
Topic: 2 Wan - Guaranteed minimum bandwidth to server
Replies: 1
Views: 321

Re: 2 Wan - Guaranteed minimum bandwidth to server

If i add a simple queue for each WAN interface: /queue simple add max-limit=3M/30M name="WAN1" target=192.168.1.0/24 add limit-at=1M/1M max-limit=0/0 name="SERVER Traffic" parent="WAN1" target=192.168.1.200 add max-limit=3M/30M name="Other client" parent="WAN1" target=192.168.1.0/24 Can it work or i...
by Technetium
Wed May 01, 2019 4:45 pm
Forum: Beginner Basics
Topic: 2 Wan - Guaranteed minimum bandwidth to server
Replies: 1
Views: 321

2 Wan - Guaranteed minimum bandwidth to server

I have 2 Wan in load balancing using PCC. A classic setup using mangle marking rule. In the lan i have a server that can be reached from internet through a dsn-nat that is working. During high bandwidth usage from other clients of the LAN, requests to the server from internet can do a timeout error....
by Technetium
Tue Apr 30, 2019 8:13 pm
Forum: Beginner Basics
Topic: NAT not working in load balance (2 WAN)
Replies: 5
Views: 469

Re: NAT not working in load balance (2 WAN)

I think that the reason why there isn't any advice about fasttrack is that no one required it or at the author of the article on PCC didn't occur to him.
I think that user on forum can help to improve it.

P.s. https://wiki.mikrotik.com/wiki/Manual:TOC is the official manual of RouterOS.
by Technetium
Tue Apr 30, 2019 2:55 pm
Forum: Beginner Basics
Topic: NAT not working in load balance (2 WAN)
Replies: 5
Views: 469

Re: NAT not working in load balance (2 WAN)

I saw after that i have to disable fasttrack. In the book and guide i read there is no advice to disable fasttrack and also on the Mikrotik PCC wiki (https://wiki.mikrotik.com/wiki/Manual:PCC). @normis Can you update the wiki about PCC and insert an advice like: "disable fasttrack to use PCC" ? I th...
by Technetium
Mon Apr 29, 2019 7:33 pm
Forum: Beginner Basics
Topic: NAT not working in load balance (2 WAN)
Replies: 5
Views: 469

NAT not working in load balance (2 WAN)

I have 2 Wan in load balance configuration after the ISP modem. Wan 1 : 192.168.10.2 Wan 2 : 192.168.20.2 The load balance work but a NAT rule i have set for a webserver seems not working well. If 2 Wan are connected the NAT sometimes work, sometimes no. If it work, the connection is slow. If i disa...
by Technetium
Mon Apr 29, 2019 4:30 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 879

Re: Isolate VLAN from home network

Problem resolved by itself.
The AP doesn't support Vlan when in AP mode, only when in router mode. So i can't use vlan to differentiate home wireless network from guest. It's limited by the netgear firmware.
by Technetium
Wed Apr 24, 2019 11:26 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 879

Re: Isolate VLAN from home network

I have checked the AP configuration. It can assign more than one Vlan. Can assign 3 Vlan to respective "services": Home Wifi, Guest wifi, IPTV. It was set for only one Vlan 20 for guest wifi. Now i have a "vlan 10" for the home wifi. eth9 is a trunk port. How i can isolate Vlan 20 from home network ...
by Technetium
Wed Apr 24, 2019 8:15 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 879

Re: Isolate VLAN from home network

I'm using a routerboard without wireless. I've associted the vlan20 to the eth9 because the AP is connected to the eth9. Is an error ? Or simply isn't necessary ? Vlan10 doesn't exist. The AP has only the vlan20 for the WIFI Guest net. The home WIFI isn't associated to a VLAN but is received on the ...
by Technetium
Wed Apr 24, 2019 4:00 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 879

Re: Isolate VLAN from home network

Great resource on VLAN. Thanks for the link.

In attachment there is my config of the routerboard.
by Technetium
Wed Apr 24, 2019 1:21 pm
Forum: Beginner Basics
Topic: Isolate VLAN from home network
Replies: 8
Views: 879

Isolate VLAN from home network

I have a Netgear AP that has 2 net home and guest. The Guest wifi is on VLAN 20. I think that that home wifi is untagged on the same port. My rb2011 setup is: 2 wan on eth1 and eth2 a bridge from eth3 to eth10 Netgear AP is conected to eth10 I've created a VLAN "vlan20" on eth10 and is in the bridge...
by Technetium
Sun Jul 02, 2017 2:26 pm
Forum: Scripting
Topic: Netwatch logging and send log daily by email
Replies: 9
Views: 3137

Re: Netwatch logging and send log daily by email

i can't help with checking send email (i didn't have to setup this). in my cases i usually setup logging to remote servers and for critical systems have telegram alerts This setup work if the device is supposed to be constantly connected. If the connection stops, the message to syslog server are lo...
by Technetium
Sun Jul 02, 2017 12:15 pm
Forum: Scripting
Topic: Netwatch logging and send log daily by email
Replies: 9
Views: 3137

Re: Netwatch logging and send log daily by email

Thanks very clear and it works ;) I'm a beginner of RouterOs and after many research i found that from script i have to save any messages about topics we select (es. warning or info or..) and after (download, email..) filter it to select the messages that interest us. In my mind, working on linux sy...
by Technetium
Sat Jul 01, 2017 2:56 pm
Forum: Scripting
Topic: Netwatch logging and send log daily by email
Replies: 9
Views: 3137

Re: Netwatch logging and send log daily by email

In log i want write a string like "PC1 is down". I don't understand how to use "action" and "rule" of logging system to obtain a file only dedicated to netwatch message. I don't understand how to log only netwatch log because script can write only on 4 topics.. "debug, error, info and warning".. so,...
by Technetium
Thu Jun 29, 2017 3:00 pm
Forum: Scripting
Topic: Netwatch logging and send log daily by email
Replies: 9
Views: 3137

Netwatch logging and send log daily by email

I'm a beginner of RouterOS ;) I would like to set up a lan monitoring tool that send me the log daily. Email is already configured. Using netwatch i want log only if a host is down. But how can i write a specific log only dedicated to netwatch and send it only daily by email ? How can i "reset" the ...
by Technetium
Wed Apr 12, 2017 8:50 pm
Forum: RouterBOARD hardware
Topic: More info about mUPS
Replies: 53
Views: 9334

Re: More info about mUPS

If it is completly passive and give no remote signal, from my point of view, isn't very useful.
If the radio are running on battery i want to know it..
by Technetium
Tue Apr 11, 2017 1:22 pm
Forum: RouterBOARD hardware
Topic: More info about mUPS
Replies: 53
Views: 9334

More info about mUPS

The mUPS device it's very interesting. I couldn't attend at MUM in Milano due to some work commitments. Can we have more info about it? Will the mUPS monitor the battery voltage and send alert message over ethernet (like low voltage, running on batt, no dc power..) ? Or will have a continuous monito...
by Technetium
Sat Nov 12, 2016 3:55 pm
Forum: RouterBOARD hardware
Topic: Antenna camouflage - which paint ?
Replies: 2
Views: 984

Antenna camouflage - which paint ?

Hi, we had a request to mount some antenna but the client require a camouflage of the antenna with the color of the roof (dark grey, dark red). Anybody have some experience in painting anntenas like QRT, SXT or mAnt30 ? Which paint is recommended to use ? Can painting the antenna in dark colour, cau...