Community discussions

Search found 115 matches

by JohnTRIVOLTA
Wed Jun 13, 2018 11:26 pm
Forum: Beginner Basics
Topic: Confused about L2TP and IPSec VPNs
Replies: 20
Views: 618

Re: Confused about L2TP and IPSec VPNs

There's: 6 ;;; defconf: accept established,related chain=forward action=accept connection-state=established,related,untracked log=no log-prefix="" So if the previous rules in "/ip firewall raw" are still in place, it's covered. You are right, the rules already exist in RAW section ! p.s. I remember...
by JohnTRIVOLTA
Wed Jun 13, 2018 10:14 pm
Forum: Beginner Basics
Topic: Confused about L2TP and IPSec VPNs
Replies: 20
Views: 618

Re: Confused about L2TP and IPSec VPNs

I don't see this rules on the top of filter section on both routers too: /ip firewall filter add chain=forward action=accept place-before=1 src-address=192.168.0.0/24 dst-address=192.168.3.0/24 connection-state=established,related,untracked add chain=forward action=accept place-before=1 src-address=...
by JohnTRIVOLTA
Wed Jun 13, 2018 10:12 am
Forum: Beginner Basics
Topic: Confused about L2TP and IPSec VPNs
Replies: 20
Views: 618

Re: Confused about L2TP and IPSec VPNs

Firewall NAT [...@trk-mtk-04] /ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat action=accept src-address=192.168.0.0/24 dst-address=192.168.3.0/24 log=no log-prefix="" 1 ;;; defconf: masquerade chain=srcnat action=masquerade out-interface=ether1 Is not this a NAT...
by JohnTRIVOLTA
Wed Jun 13, 2018 6:26 am
Forum: Beginner Basics
Topic: Confused about L2TP and IPSec VPNs
Replies: 20
Views: 618

Re: Confused about L2TP and IPSec VPNs

Encrypted traffic between routers goes through a udp 4500 connection, and I do not see it allowed every router in filter rules!
by JohnTRIVOLTA
Tue Jun 12, 2018 6:35 am
Forum: Beginner Basics
Topic: Confused about L2TP and IPSec VPNs
Replies: 20
Views: 618

Re: Confused about L2TP and IPSec VPNs

If you have public addresses on both sides, except site to site ipsec, you can also set ip ip tunnel , gre tunnel, eoip tunnel with ipsec and route the local networks through them ! Тhe settings of each of them are literally two clicks . See here - http://systemzone.net/mikrotik-site-to-site-eoip-tu...
by JohnTRIVOLTA
Tue Jun 05, 2018 8:59 pm
Forum: Beginner Basics
Topic: Mikrotik hAP lite As Wifi Extender with different SSID and WPA
Replies: 6
Views: 190

Re: Mikrotik hAP lite As Wifi Extender with different SSID and WPA

whoops. well if you are in a hurry and a bit dumb that's what happens :D . I edited the post. if you can so too. though I 'll change it now. Ok I 'll try what u suggested me and give it a try. i ll come back with the results. thanks for the answer. edit: can you explain me from which menu I can NAT...
by JohnTRIVOLTA
Mon Jun 04, 2018 11:54 am
Forum: General
Topic: Cannot Access VPN from Outside
Replies: 4
Views: 176

Re: Cannot Access VPN from Outside

Cloud features are used when you have a dynamic public address, not a private one . If you do not have a public address, you can not access your router.
by JohnTRIVOLTA
Sat Jun 02, 2018 10:52 am
Forum: RouterOS v6 RC and v7 BETA
Topic: The security flaw for Hajime is closed by the firewall
Replies: 12
Views: 2502

Re: The security flaw for Hajime is closed by the firewall

I had such kind of the invasion too. And now i updated routerOS from 6.41 to 6.42.3. I changed all user's passwords and update my router from the backup which i had before the invasion. But i find this string(screenshot) in the terminal window. What is it mean? This note came from a backup when the...
by JohnTRIVOLTA
Thu May 31, 2018 11:39 pm
Forum: Beginner Basics
Topic: Firewall rules: deny any traffic
Replies: 9
Views: 268

Re: Firewall rules: deny any traffic

And as for me chain=prerouting is not better way because "prerouting" after "input" in the packet flow diagram. Only for you ... Raw section is first in the packet flow , next is the filter ! P.S.First is the prerouting chain, after routing decision the next is forward or input and output chains an...
by JohnTRIVOLTA
Thu May 31, 2018 10:49 pm
Forum: Beginner Basics
Topic: Firewall rules: deny any traffic
Replies: 9
Views: 268

Re: Firewall rules: deny any traffic

Hello everyone. Need a help for newbie. Example section in the documentation say's that I can block everything on input chain with the rule: add chain=input action=drop But. Little bit higher on the same page there are parameters description. And there are words saying that parameter "protocol" has...
by JohnTRIVOLTA
Fri May 25, 2018 11:07 pm
Forum: General
Topic: SSTP Server Problem (port used by another service)
Replies: 6
Views: 216

Re: SSTP Server Problem (port used by another service)

> Yes, just change port number with 444 for example on both sides ! Technically this works, but the idea is to offer VPN-Access when traveling: I would like to stick with 443 since this port is open outgoing for clients from just about everywhere. I understand, but I think two services can not use ...
by JohnTRIVOLTA
Fri May 25, 2018 10:28 pm
Forum: General
Topic: SSTP Server Problem (port used by another service)
Replies: 6
Views: 216

Re: SSTP Server Problem (port used by another service)

Hi, I found a few hints in the forum about this, but did not spot a solution - sorry in case I overlooked it... I use a RB1100AHx4 with a public IP address at eth1 and a hotspot at eth2 with a private IP Address range. When activating the SSTP Server port 443, it complains: "Couldn't change SST Ser...
by JohnTRIVOLTA
Fri May 25, 2018 9:46 pm
Forum: General
Topic: Src-nat internal subnets to different public IPs not working - v6.42.2
Replies: 8
Views: 238

Re: Src-nat internal subnets to different public IPs not working - v6.42.2

I have not - so I would go IP -> Addresses, add .5/32 or the matching Subnet .5/28? Any reason why the /28 isn't covering the entire spread? They should be routed, its a Cable Modem Handoff and the Modem only has 1 Port. Otherwise I wouldnt think the connection would come up if the netmask and scop...
by JohnTRIVOLTA
Fri May 18, 2018 7:03 pm
Forum: Wireless Networking
Topic: RBM33G + two Wireless mpci-e cards ?
Replies: 3
Views: 229

RBM33G + two Wireless mpci-e cards ?

Hello friends, is there a possibility to run two radio modules at the same time on the rbm33g ? I want to run a split signal at 2.4 Ghz and 5 Ghz , i have one AR9380 a/n and one AR9381 b/g/n HP triple chain cards. Now i use only the a/n card! P.S. "Insert the miniPCIe and M.2 cards (not included) an...
by JohnTRIVOLTA
Mon May 07, 2018 10:23 pm
Forum: Wireless Networking
Topic: Where to find # of WIFI VLANS [SOLVED]
Replies: 14
Views: 532

Re: Where to find # of WIFI VLANS [SOLVED]

Anybody else with actual information? Seems like everyone in Bulgaria drinks heavily all day and should not be allowed near a computer. Every child can run google search engine and the first result gives you answer. I just have added the theoretical number of the vlans to my post ... yes, i drink w...
by JohnTRIVOLTA
Mon May 07, 2018 8:53 pm
Forum: Wireless Networking
Topic: Where to find # of WIFI VLANS [SOLVED]
Replies: 14
Views: 532

Re: Where to find # of WIFI VLANS [SOLVED]

2007 ssids = 2007 vlans
by JohnTRIVOLTA
Thu Apr 26, 2018 9:45 pm
Forum: Wireless Networking
Topic: CPE And AP on Same Router
Replies: 4
Views: 219

Re: CPE And AP on Same Router

by JohnTRIVOLTA
Thu Apr 26, 2018 6:23 pm
Forum: RouterBOARD hardware
Topic: How to add a ethernet port to RBM33G (mpcie)
Replies: 8
Views: 348

Re: How to add a ethernet port to RBM33G (mpcie)

It's not possible, because I need 3 ethernet port for our project, and a mPCI used for LTE with R11e-LTE.

It is why I need to add a port or a way to communicate with the board.

Regards.
Olivier
Communicate with the board wirelessly through the second mPCI-E wifi adapter !?
by JohnTRIVOLTA
Tue Apr 24, 2018 10:04 pm
Forum: Scripting
Topic: Establish a L2L tunnel on wan failover
Replies: 1
Views: 106

Re: Establish a L2L tunnel on wan failover

Add static route to the L2 vpn server ip address through LTE interface.Add l2tp-out /L2TP client/ and use netwatch to check main gateway , when is on down execute /interface ppp-client enable l2tp-out1 or when is on up - interface ppp-client disable l2tp-out1 !
by JohnTRIVOLTA
Tue Apr 24, 2018 7:27 pm
Forum: Beginner Basics
Topic: don't write logs
Replies: 5
Views: 206

Re: don't write logs

maybe... did you try to check how many lines you have setup? /system logging action print look for "memory-lines= ..." Or go to System / Logging / Actions / memory / Lines Thank you, I've solved the problem ... System / Logging / Actions / disk / Lines are only 1, but why i don't know - they was se...
by JohnTRIVOLTA
Tue Apr 24, 2018 6:52 pm
Forum: Beginner Basics
Topic: don't write logs
Replies: 5
Views: 206

Re: don't write logs

I have completly same problem with my RB3011 ! I'm waiting to see at 22 o'clock what log file will send me to the mail automaticly !
by JohnTRIVOLTA
Mon Apr 23, 2018 3:12 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 72783

Re: Advisory: Vulnerability exploiting the Winbox port

But that whats the point of this, i ran it 3 times and got all my ports listed 3 times before mikrotik blocked it, "attacker" already have all it needs.
Scan this 93.155.148.98 - my IP address and tell me the open ports please!
by JohnTRIVOLTA
Mon Apr 23, 2018 2:50 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 72783

Re: Advisory: Vulnerability exploiting the Winbox port

But if i run it from https://mxtoolbox.com/SuperTool.aspx?action=scan, it finishes every time and shows my open ports on router without blocking it.. Try for your self. OK, try this : ip fi fi add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="...
by JohnTRIVOLTA
Mon Apr 23, 2018 2:12 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 72783

Re: Advisory: Vulnerability exploiting the Winbox port

What do do : 1) Firewall the Winbox port from the public interface, and from untrusted networks. It is best, if you only allow known IP addresses to connect to your router to any services, not just Winbox. We suggest this to become common practice. As an alternative, possibly easier, use the "IP ->...
by JohnTRIVOLTA
Sat Apr 21, 2018 9:54 pm
Forum: General
Topic: winbox vulnerable! Unusual login to routers [SOLVED]
Replies: 44
Views: 5795

Re: winbox vulnerable! Unusual login to routers [SOLVED]

In point 1 you're wrong, just like the password type, I had a password of type "@ _23UbakJav!2947!#6hasd! - +)" and they have entered with a single attempt, it is something more serious that lets you see the key, only way to close all the ports to the computers on the LAN. Where is the Cyrillic alp...
by JohnTRIVOLTA
Sat Apr 21, 2018 7:38 pm
Forum: General
Topic: winbox vulnerable! Unusual login to routers [SOLVED]
Replies: 44
Views: 5795

Re: winbox vulnerable! Unusual login to routers [SOLVED]

1.Set user name and password with combination with cyrillic alphabet after that remoove or disable user - admin ! 2.Change the port numbers for ssh , winbox etc. 3.Set strog crypto for ssh 4.Set ACL 5.Set 3 attempts login to black list and deny attempts with RAW 6,Disable all other non-useable servi...
by JohnTRIVOLTA
Fri Apr 20, 2018 8:33 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 334
Views: 39435

Re: v6.43rc [release candidate] is released!

*) wireless - improved compatibility with BCM chipset devices (this includes phones by Xiaomi, Lenovo, etc); SUPER . I try some test and the 20 mb/ps speed problem and 54mb/ps connectivity with mobile phones is resolved ! Test Xiaomi https://s26.postimg.cc/i3qlimq3d/xiaomi_TEST.png Test Nokia https...
by JohnTRIVOLTA
Wed Apr 18, 2018 7:29 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 15245

Re: v6.42 [current]

I have hap lite /smips/ with 6.41.2 . With 6.42 in station mode and WEP security /40bit/not work - can not connect. I downgrade to bugfix 6.40.7 and everything is fine - the routrboard is connected !
by JohnTRIVOLTA
Tue Apr 10, 2018 10:56 am
Forum: Forwarding Protocols
Topic: EoIP Tunnel is Running but not passing traffic
Replies: 3
Views: 262

Re: EoIP Tunnel is Running but not passing traffic

Allow in firewall filter sectionon port udp 500,4500 and GRE /47/ with in-interface WAN and put the rules on top of the section !
by JohnTRIVOLTA
Tue Mar 27, 2018 10:42 pm
Forum: Beginner Basics
Topic: Problem with port forwarding for RemoteDesktop
Replies: 17
Views: 553

Re: Problem with port forwarding for RemoteDesktop

GENERAL TAB chain:forward protocol:6(tcp) dst.port:3389 ACTION TAB Action:accept And my remote desktop still not works:( thanks in andvance for help. Add same rule with chain INPUT -put this rule to the top on filter section ! You don't need to add input rules for dst nat to work... Why ? If you ha...
by JohnTRIVOLTA
Tue Mar 27, 2018 6:14 am
Forum: Beginner Basics
Topic: Problem with port forwarding for RemoteDesktop
Replies: 17
Views: 553

Re: Problem with port forwarding for RemoteDesktop

GENERAL TAB
chain:forward
protocol:6(tcp)
dst.port:3389
ACTION TAB
Action:accept
And my remote desktop still not works:( thanks in andvance for help.
Add same rule with chain INPUT -put this rule to the top on filter section !
by JohnTRIVOLTA
Mon Mar 26, 2018 8:00 pm
Forum: Beginner Basics
Topic: ssh settings
Replies: 3
Views: 172

Re: ssh settings

I think strong crypto enforcing ssh connection to use aes 256 algorithm for encryption !
by JohnTRIVOLTA
Tue Mar 13, 2018 6:51 am
Forum: The Dude
Topic: Mac Address Block
Replies: 3
Views: 272

Re: Mac Address Block

I dont want a given Mac Address to get an IP Address from my DHCP pool Use bridge filter - /interface bridge filter add mac-protocol=ip src-address=192.168.88.1/32 dst-port=68 dst-mac-address=XX:XX:XX:XX:XX:XX 192.168.88.1/32 - replace with actual dhcp ip address XX:XX:XX:XX:XX:XX - replace with re...
by JohnTRIVOLTA
Mon Mar 12, 2018 9:32 pm
Forum: The Dude
Topic: Mac Address Block
Replies: 3
Views: 272

Re: Mac Address Block

Hello,

How can I block DHCP lease for specific mac addresses?
Block or not use lease time ? Just make static addresses for this specific mac addresses in leases table in dhcp server menu !
by JohnTRIVOLTA
Mon Mar 12, 2018 2:52 pm
Forum: General
Topic: Tunnel between two routers
Replies: 2
Views: 198

Re: Tunnel between two routers

Hi Boris, in your case you must set some ppp server on the main router with public ip and route over this ppp link the both lans . If you want to extend transparent lan on main router , just use BCP on bridges on both sites ! if you want to explain in detail you can post a theme in kaldata, аt least...
by JohnTRIVOLTA
Mon Mar 05, 2018 3:19 pm
Forum: General
Topic: Bridge - Use local Gateway
Replies: 2
Views: 138

Re: Bridge - Use local Gateway

Hello, i have two offices. The local LAN 192.168.0.0/24 is bridged between both offices. (eoip tunnel + eth ports) Office1 provides the DHCP server and the default gateway. Now i would like clients in Office2 to use the local internet, instead of going through the brigde. It seems an easy task, but...
by JohnTRIVOLTA
Sat Feb 17, 2018 12:35 pm
Forum: Beginner Basics
Topic: Mikrotik RB941-2ND-TC: VPN Throughput
Replies: 7
Views: 518

Re: Mikrotik RB941-2ND-TC: VPN Throughput

Hey thanks for the reply!
I will need like 30 - 40Mbit/s.
Do you guys think that I will achieve this speeds?

Many thanks to all.
Kind regards
Rather around 20Mbit/s with aes128cbc !
by JohnTRIVOLTA
Sat Feb 10, 2018 9:31 am
Forum: RouterBOARD hardware
Topic: HAP AC2 PERFORMANCE NUMBERS
Replies: 14
Views: 4067

Re: HAP AC2 PERFORMANCE NUMBERS

i dream an rb750GR4 on this chipset
Why, the router has five ports ... rather we are waiting for a flagship with 8+ Geternet ports , SFP+, hdd bay sata3, HighPower radios 802.11ac/ax 8/4-stream Dual-band with combo /5GHz and 2.GHz /
external antennas ... maybe based on Qualcomm IPQ8074 !
by JohnTRIVOLTA
Thu Jan 25, 2018 6:31 am
Forum: Beginner Basics
Topic: Dual WAN Load Balancing with Fail-over
Replies: 7
Views: 686

Re: Dual WAN Load Balancing with Fail-over

Hi,

Would you mind explaining me a little what these ratio does?
The connections across the router alternate respectively three connections through the first wan and one connection through the second !
by JohnTRIVOLTA
Fri Jan 19, 2018 8:34 pm
Forum: General
Topic: Host to Host Connection not happening via Mikrotik Router
Replies: 19
Views: 596

Re: Host to Host Connection not happening via Mikrotik Router

You dont need nat or static routes !!! Just add in firewall filter 2 rules:
/ip fi fi
add chain=forward src-address=192.168.12.0/24 dst-address=192.168.110.0/24 action=accept
add chain=forward src-address=192.168.110.0/24 dst-address=192.168.12.0/2 action=accept
by JohnTRIVOLTA
Thu Jan 11, 2018 10:04 pm
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 782

Re: Port forward not working for me [SOLVED]

I'm a bit noob. How do I do that? :shock:
https://wiki.mikrotik.com/wiki/Hairpin_NAT
or
/ip dns static add name=www.xxxxxxxx.duckdns.org address=192.168.10.16
by JohnTRIVOLTA
Thu Jan 11, 2018 7:13 pm
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 782

Re: Port forward not working for me [SOLVED]

If you want to access it/web server/ from the local network , you must set Hairpin NAT , or if the board have DNS role you must add a static entry on DNS section !
by JohnTRIVOLTA
Thu Jan 11, 2018 10:54 am
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 782

Re: Port forward not working for me [SOLVED]

he just has to place up the rules and the last input rule must be - /add action=drop chain=input comment="Drop everything else"
by JohnTRIVOLTA
Thu Jan 11, 2018 10:20 am
Forum: Beginner Basics
Topic: Port forward not working for me [SOLVED]
Replies: 18
Views: 782

Re: Port forward not working for me [SOLVED]

Just add accept rule for port tcp 8123 in filter section:
/ip fi fi add action=accept chain=input comment="allow WEB" dst-port=8123 protocol=tcp place-before=3
by JohnTRIVOLTA
Sun Jan 07, 2018 3:40 pm
Forum: General
Topic: Problems with proxy-arp after upgrade from 6.39.1 to 6.41
Replies: 6
Views: 827

Re: Problems with proxy-arp after upgrade from 6.39.1 to 6.41

I have similar issue with proxy-arp . I have build sstp connection with BCP between 2 routerboards. After upgrade ROS to 6.41 i lost the network discovery between bridges!
by JohnTRIVOLTA
Wed Dec 27, 2017 10:35 pm
Forum: Wireless Networking
Topic: wAP AC 5GHz problem
Replies: 4
Views: 316

Re: wAP AC 5GHz problem

First , i thank you for the help !
I understand that the power adapter has been changed inadvertently with less than 0.2A 24v and may be the problem!
I will write by replacing it if everything is all right, at 99% I'm sure this is the solution.
by JohnTRIVOLTA
Tue Dec 26, 2017 8:52 pm
Forum: Wireless Networking
Topic: wAP AC 5GHz problem
Replies: 4
Views: 316

Re: wAP AC 5GHz problem

I have all 3chains enabled and no problems with restart. Maybe you have problem with power?
On Sys/Health i see 23.1v ... this is normal ?
by JohnTRIVOLTA
Tue Dec 26, 2017 7:12 pm
Forum: Wireless Networking
Topic: wAP AC 5GHz problem
Replies: 4
Views: 316

wAP AC 5GHz problem

Hi all, i have a problem with wAP AC 5GHz radio , when I test the speed with the phone the board is always restarted, and when I uncheck one of the chains /second or third/ everything is fine and i get maximum speed ! In conclusion, the board works with only 2 chains regardless of which one we chose...
by JohnTRIVOLTA
Fri Dec 22, 2017 12:09 pm
Forum: General
Topic: Prevent Client comunication - block relay
Replies: 2
Views: 168

Re: Prevent Client comunication - block relay

You talking about wireless isolation ? Do not use a "default forward" on the radio interface settings!
by JohnTRIVOLTA
Sun Dec 10, 2017 9:28 pm
Forum: General
Topic: Mikrotik to Mikrotik VPN - Dynamic IP
Replies: 7
Views: 341

Re: Mikrotik to Mikrotik VPN - Dynamic IP

Hi yeah thanks for pointing that bit out, thats the bit I already know how to do

What main crux of my question was how to do this with a dynamic public IP address at both ends.
Choose the one of routers for vpn server and use cloud /ddns/ for establish the ppp connection !