RoMON can ping but not connect

RouterOS General
1

I have a wAPR-2nD (behind NAT as it is customary for 3G) that I would like to manage remotely. To do this I set up a CHR on a VM that the wAPR-2nD can connect to:

┌──────────┐                ┌─────┐                  ┌─────┐
  │ wAPR-2nD │ ) ) ) 3G ( ( ( │ ISP │ ─── Internet ─── │ CHR │
  └──────────┘                └─────┘                  └─────┘
                                                 │
                                                 │     ┌───────┐
                                                 └──── │ My PC │
                                                       └───────┘

I set up an SSTP connection from the wAPR-2nD to the CHR and then an EoIP tunnel using the SSTP endpoint IPs.

They appear as RoMON neighbors and as normal neighbors, here from the point of view of the CHR:
2021-05-31-22-02-30-winbox.png
2021-05-31-22-03-32-winbox.png
2021-05-31-22-05-12-winbox.png
They can RoMON ping each other:
2021-05-31-22-06-07-winbox.png
But when I try to connect to the wAPR’s RoMON address using the CHR as RoMON agent, I only get:
2021-05-31-22-08-01-winbox.png

2

Firewall setting? MAC server setting?
EoiP-tunnel is member of what “Interface list” ?


And heh … , I use a similar setup. Use CHR as IP default gateway for PC, SSTP is used with masquerade, but No EoIP, nor RoMON (MAC based access ?) but Winbox, with normal IP based access.
The CHR used is mAP Lite (mobile) and hAP Lite (@home).

3

Firewall setting?

There are no Firewall rules set up on the CHR. There is one (masquerading) on the wAPR to allow a Raspberry Pi on ether1 to use the 3G connection.


MAC server setting?

Not sure what you are referring to. You mean RoMON? Just “Enabled” on.


EoiP-tunnel is member of what “Interface list” ?

I don’t have any interface lists set up (apart from the 4 default ones).

4

Sorry, I was referring tot the WAPR for the “Firewall” and “MAC Server” settings.

Masquerade on the CHR to allow all clients (PC) to have the same IP address on the wAPR for the response. (This is instead of the RoMON hop on the CHR)

“MAC server” , is under Tools, and sets the interfaces where MAC access is allowed.

With the default Firewall on the wAPR the SSTP interface (and eventually the EoIP) should be in the LAN interface list, to keep it simple)

5

Got same issue on one location, i see all romons devices and can ping and all but cant connect, completely shut down FW doesnt help, i think they broke it with some update again like same happen recently before, and cant updated them right now as i cant connect via romon…gona need to go to location.

6

MAC Telnet? MAC SSH ? from Tools in CHR. Even Telnet or SSH from Tools in CHR.
Via Web-proxy on CHR and using HTTP from PC?

7

All of those work. Even “tool romon ssh” works. But Winbox doesn’t (hangs on connect).

8

Looks a bit like a WinBox immediate disconnect?. WinBox version mismatch? Sorry no experience on such disconnects, only this … http://forum.mikrotik.com/t/winbox-keeps-disconnecting/123086/1

9

I do think it has something to do with Winbox. If I enter the RoMON address of the CHR in Winbox and try to connect to it, essentially using the CHR as both RoMON agent and as host-to-manage, it will hang as well, so the VPN and the EoIP aren’t really the issue here.

10

“Clear cache” in WinBOX? (under tools menu)

11

No effect.