The route rule works under ROS v6.xx and does not work with ROS v7.xx?
Hi Normis,MAC connection is fragile and is only to be used for setting up IP address. Then you can reconnect and use the device normally. MAC is only for emergency access.
Try to allow gre on 941 input chain too !I dont need connect to router, i can do it. I need connect to last router LAN.
I need two VPN connections on one IP, but for two devices.
First vpn is working fine, it is my management vpn. But i need another connection directly to last routers lan.
Just set L2TP MRRU=1580 on both sites and reconnect the tunnel !I'm stuck almost for months now looking for the solution but still no luck.
For exemple this testThis seems to be a common pattern, looks like it's pretty much impossible to achieve more than 250-300 Mbit/s real world single client throughput with Mikrotik ac WiFi.
In case you ever manage to break this limit please let me know how you did it
Тhank you very much Sob !I don't think you can. You can block some with L7 like this:But it's far from perfect.Code: Select all
/ip firewall layer7-protocol add name=proxy regexp="^(CONNECT\\ .*|GET\\ https\?:\\/\\/.*)\\ HTTP\\/1\\."
Ooo sorry .... by the way, all is clear and there is nothing to discuss, but I will follow the topic .Sorry this discussion is NOT to include mangling LOL.
Еxactly !So if I put a vpn server under a public ip pc or routerboard I could connect the sxt routerboard to that server and example Android phone to same server and then with this" kind of bridge " see sxt contents with Android phone and viceversa ?
I cant see any IpSec IKE2 Site to Site configuration ! You may have set up some L2TP with IpSec ppp connection and routing the networks on it - do you have any routes for them in both places ?really hoping someone can point out what I'm doing wrong
Use NETMAP for source nat !?Hi
Can you please help me how to do Dynamic nat of apporx 100 private ip with /24 public ip pool . thanks
Are you sure ? When you are activated IKE (ISAKMP) these protocols /50 and 51/ are allowed automatically /unless you explicitly disallow them/ !Okay, 50% of mystery solved
Why is then my connection working even while I'm not allowing ipsec protocol (50) on input chain?
Communicate with the board wirelessly through the second mPCI-E wifi adapter !?It's not possible, because I need 3 ethernet port for our project, and a mPCI used for LTE with R11e-LTE.
It is why I need to add a port or a way to communicate with the board.
Scan this 188.8.131.52 - my IP address and tell me the open ports please!But that whats the point of this, i ran it 3 times and got all my ports listed 3 times before mikrotik blocked it, "attacker" already have all it needs.
Add same rule with chain INPUT -put this rule to the top on filter section !GENERAL TAB
And my remote desktop still not works:( thanks in andvance for help.
Block or not use lease time ? Just make static addresses for this specific mac addresses in leases table in dhcp server menu !Hello,
How can I block DHCP lease for specific mac addresses?
Rather around 20Mbit/s with aes128cbc !Hey thanks for the reply!
I will need like 30 - 40Mbit/s.
Do you guys think that I will achieve this speeds?
Many thanks to all.
Why, the router has five ports ... rather we are waiting for a flagship with 8+ Geternet ports , SFP+, hdd bay sata3, HighPower radios 802.11ac/ax 8/4-stream Dual-band with combo /5GHz and 2.GHz /i dream an rb750GR4 on this chipset
The connections across the router alternate respectively three connections through the first wan and one connection through the second !Hi,
Would you mind explaining me a little what these ratio does?
Choose the one of routers for vpn server and use cloud /ddns/ for establish the ppp connection !Hi yeah thanks for pointing that bit out, thats the bit I already know how to do
What main crux of my question was how to do this with a dynamic public IP address at both ends.
Are you sure ? How then can this tunnel (or all ppp tunnels) carry EoIP or all ppp tunnels with BCP carry L2 traffic?L2TP is layer 3.
Because i don't know full firewall setup ,let try to set them !These are completely unnecessary. You should NOT add them because they don't do anything that isn't done already.Just add 2 rules in firewall filter on the top of the forwards rules:
First disable service http /port 80/ on the router , after that add the nat rule:please help me......
Make static arp list and after that disable arp on the interface if you want !this is not working
how to block arp responses (reply) from clients to clients ?
Glad it worksI said in my post that my router was running now.Try this :
First put the power, after 2-3 seconds press the reset button and after 5 seconds release it and see if you will initialize the flash!
I use 10.0.0.1/24 for PC lan adapter and 10.0.0.2 for PXE .