Problem solved! In the beginning I had only one 1920s in the net but in time we got other 3 so the problem could not be avoided. I had to do something. Starting from nickshore's remark and manual I start digging on how to allow other protocols on the switch. We have to allow EtherType 0x88bf and dst...

Same problem, tested on 2 switches 1920s 24 port, both with same problem blocking ROMON. Older 1920 pass OK.

Not working well. Jumping "all ppp" interface to ppp chain means all new connections from other ppp connections that are not using filter will jump too to ppp chain. Adding return would fix this problem but ... any new dynamically added jump-target=test will be added as a last rule in the ...

/system ntp client set primary-ntp=[:resolve 1.pool.ntp.org] secondary-ntp=[:resolve 2.pool.ntp.org] enabled=yes /ip pool add name=pool-IKEv2 ranges=192.168.43.101-192.168.43.199 /ip ipsec mode-config add name=cfg-IKEv2 responder=yes address-pool=pool-IKEv2 address-prefix-length=32 \ split-include=0...

I am posting this topic hoping to help other people to setup a simple VPN server accepting connections from Windows 10 clients and Android. I run this on hAP ac, RouterBOARD 962UiGS-5HacT2HnT. Between Romania and Greece, speedtest dot net running on windows reported about 25,5Mbps with aes-256 and a...

I had similar problem and I solve it changing MTU=1500 for the EOIP tunnel
See this post: viewtopic.php?f=2&t=106730&p=759517#p759517

I would bet that your MTU changed when you added the EOIP interface to the bridge. While your LAN PC's are using 1500, your bridge likely shrunk to 1480 or less. This will cause almost all https sites to break, and many normal sites. This was my problem. I set MTU to 1500 for the EOIP interface and...

6.45.3 I have this problem too

No problem not using CCRs, they are definitely expensive for many deployments. I just wanted to let you know that you are the first one that I know of to test alternative platforms, so good for all of us. I would like to hear how well it works for you after you run for a while. The boot delay sound...

Yes Nathan, I'm sure will be fine for long time. I will let you know when I will put them into production (now I run them at my home). I have to implement some VPN solution and hope to find a way to allow access only from some countries, geoip. After that I will plug them into the rack. Some other f...

Hi Nathan, No, i used RB925ui-5ac2nD just for lab tests without activating wifi. They will be connected to the redundant RB3011UiAS-RM Please understand that we are talking about a very small office with only about 15-16 people + some visitors quite often. There is no point to buy CCR. I agree that ...

Many thanks to Nathan1 for this solution. I tested first on a pair of small RB925ui-5ac2nD. Didn't succeed at first try because lack of instructions, but after 2 hours the pair was working as intended. Then I installed the script on a pair of RB3011UiAS-RM and looks fine. It is still in my lab but n...

My vlan2 is for wifi guests. But they should be able to see the public NATed ports, so I blocked routing but allow NAT between the 2 networks
add chain=forward action=drop comment="Block guest to LAN" connection-nat-state=!srcnat,dstnat dst-address=192.168.0.0/24 src-address=10.1.102.0/24

Little late but maybe my post will help others. I have same issue after I created a new hotspot server and trying to add a second routerboard wifi connected to the main hotspot. I solved this problem creating a firewall rule to accept connections on vlan interface of hotspot's server on input chain....