Community discussions

MikroTik App

Search found 18 matches

by lopar
Wed Dec 26, 2018 6:43 pm
Forum: General
Topic: Custom Ath method for IPIP/ipsec?
Replies: 0
Views: 274

Custom Ath method for IPIP/ipsec?

Hi @all. I have some ipsec vpn tunnels, which I convert to IPIP/ipsec for better dude monitoring. I used rsa signature Aut Method, but configuring IPIP only pse shared key is available. Is there any way to use rsa signature again, because of "Unsafe configuration, suggestion to use certificates" ale...
by lopar
Thu Dec 06, 2018 6:38 pm
Forum: General
Topic: What is main differences between stable and long-term? [SOLVED]
Replies: 7
Views: 6668

Re: What is main differences between stable and long-term? [SOLVED]

So If I need differences, I need to compare 6.42 (6.42.10) and 6.43 (6.43.7) versions? Because some changes are applied both to stable and long term (6.42.10 and 6.43.7 has some common updates for example). Also I cannot say that stable release become long-term, because of version numbers: https://w...
by lopar
Wed Dec 05, 2018 3:44 pm
Forum: General
Topic: What is main differences between stable and long-term? [SOLVED]
Replies: 7
Views: 6668

Re: What is main differences between stable and long-term? [SOLVED]

Hey, completely not what I asked. I did not ask "what is teh meaning of the [long-term] word combination". I asked what are major differences in functionality between two release trees. They must have different feature lists -- that's the idea of such branching. Long term should be a version mostly ...
by lopar
Tue Dec 04, 2018 7:16 pm
Forum: General
Topic: What is main differences between stable and long-term? [SOLVED]
Replies: 7
Views: 6668

What is main differences between stable and long-term? [SOLVED]

In functions of course. I read the full changelogs, I read changes in each branch, but I dunno what functionality will be lost (for example) when switching to long-term from stable. Is such switch completely safe, or it needs further investigations? Maybe there is a diff of release trees hidden some...
by lopar
Tue Nov 13, 2018 8:13 pm
Forum: Beginner Basics
Topic: Network Isolation (again)
Replies: 6
Views: 1034

Re: Network Isolation (again)

2 Allow forward traffic from WAN interface
3 Allow forward traffic to WAN interface
Broke my internet trying to ask why to do this. Then understood and found why. =)

Why only established/related? What;s wrong with new?
by lopar
Tue Nov 13, 2018 5:36 pm
Forum: Beginner Basics
Topic: [l2tp ipsec] ipsec issue
Replies: 4
Views: 626

Re: [l2tp ipsec] ipsec issue

Can you check '/ip ipsec peer print' when the issue is present?
Gotcha! Default dynamic peer rule completely dissapear from time to time. And appers when l2tp restarts.
I think, it is a bug.
Making static peer rule solved the problem for now.
by lopar
Tue Nov 13, 2018 2:54 pm
Forum: Beginner Basics
Topic: [l2tp ipsec] ipsec issue
Replies: 4
Views: 626

Re: [l2tp ipsec] ipsec issue

6.43.4. Okay, I'll wait till issue start and post peer print here and send email.
by lopar
Tue Nov 13, 2018 2:46 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 2700

Re: secure winbox port access only by wan ip

Winbox is to control the router and the router setup. It should not be done via WAN connection (direct), it should be done with a VPN or at the very minimum the Port Knocking technique. Theese are okay if you are using just a few mikrotiks. But when you get plenty of them in different places around...
by lopar
Tue Nov 13, 2018 2:25 pm
Forum: Beginner Basics
Topic: Network Isolation (again)
Replies: 6
Views: 1034

Re: Network Isolation (again)

Okay then. More advanced situation. If I have more networks to be isolated, I should use Address Lists, so my complex rules should be: ip firewall filter add chain=forward src-address-list="isolated" dst-address=0.0.0.0/0 action=drop ip firewall filter add chain=forward src-address=0.0.0.0/0 dst-add...
by lopar
Tue Nov 13, 2018 2:15 pm
Forum: Beginner Basics
Topic: [l2tp ipsec] ipsec issue
Replies: 4
Views: 626

[l2tp ipsec] ipsec issue

hi @all, I'm making basic roadwarrior vpn setup, as written on wiki: /interface l2tp-server server> print enabled: yes max-mtu: 1450 max-mru: 1450 mrru: disabled authentication: mschap2 keepalive-timeout: 30 max-sessions: unlimited default-profile: L2TP use-ipsec: required ipsec-secret: ********** c...
by lopar
Tue Nov 13, 2018 1:56 pm
Forum: Beginner Basics
Topic: Network Isolation (again)
Replies: 6
Views: 1034

Network Isolation (again)

hi @all. Again, network isolation problem. I have a some networks in my organisation, some of them needs to be isolated from all other networks. Now I on some routers I have a bunch of similar rules, such as: ip firewall filter add chain=forward src-address=10.0.0.0/24 dst-address=192.168.1.0/24 act...
by lopar
Thu May 03, 2018 4:02 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ Micro SD / Memory card
Replies: 7
Views: 1686

Re: CCR1009-7G-1C-1S+ Micro SD / Memory card

Yes. Tried ext3 and fat32 (as it was written on wiki). Tried without partitioning. Tried NTFS. Can't see it.
by lopar
Mon Apr 23, 2018 9:18 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ Micro SD / Memory card
Replies: 7
Views: 1686

Re: CCR1009-7G-1C-1S+ Micro SD / Memory card

simple:

>disk print
# NAME LABEL TYPE DISK FREE SIZE

yes, i did full restart with powering off.
by lopar
Mon Apr 23, 2018 7:32 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ Micro SD / Memory card
Replies: 7
Views: 1686

CCR1009-7G-1C-1S+ Micro SD / Memory card

Greetings. Which cards for certs/Dude are supported? I tried 64GB Class10 cards from popular vendors, such as Sandisk, Samsung, Apacer and nothing worked. Is there any 100% supported card, or the full situation is total roulette?
by lopar
Thu Mar 29, 2018 3:05 pm
Forum: Forwarding Protocols
Topic: how to limit VPN user access to one server?
Replies: 12
Views: 22705

Re: how to limit VPN user access to one server?

hi all, I tried to use rules for l2tp, provided by @matiaszon, but rule to allow Internet for VPN user did not work for me. Also I have another question: you used jump rule add chain=forward action=jump jump-target=ppp to ignore networking rules. Do you have another jump rule at the end of VPN rules...
by lopar
Wed Nov 08, 2017 12:21 pm
Forum: Announcements
Topic: v6.40.5 [current]
Replies: 82
Views: 27531

Re: v6.40.5 [current]

Found possible problem point. I have two almost similar ipsec peers: 8 R address=::/0 passive=yes auth-method=pre-shared-key secret="AAAAAAAA" generate-policy=port-strict policy-template-group=l2tp exchange-mode=main-l2tp send-initial-contact=yes nat-traversal=yes proposal-check=obey hash-algorithm=...
by lopar
Wed Nov 08, 2017 10:54 am
Forum: Announcements
Topic: v6.40.5 [current]
Replies: 82
Views: 27531

Re: v6.40.5 [current]

L2TP/Ipsec died after ugrading from 6.40.4
Now I have a bunch of "possible wrong password" errors.
by lopar
Mon Jan 30, 2017 5:55 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 90005

Re: v6.39rc [release candidate] is released

your hyper-v client is a dhcp-client receiving the address from the DHCP server? Yes. Mikrotik - DHCP server. Guest OS on HOST and HOST himself - clients In addition - when described error is occurred, the affected clients remaining in "offering" state in DHCP server - Leases table with cycled 30s ...