Community discussions

MikroTik App
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

i can't access to webfig from internet

Fri Aug 13, 2021 5:10 pm

Hello everyone

I am connected to my mikrotik from IPSEC VPN via internet
on the local network, I can access my router
but, from wan, (internet + vpn ipsec) I can connect to my mikrotik router, but it remains a blank page, nothing is displayed

thank you in advance for your help
 
erlinden
Forum Guru
Forum Guru
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: i can't access to webfig from internet

Fri Aug 13, 2021 5:20 pm

The supplied information is too little: can you please share your config (/export hide-sensitive file=anynameyoulike)? Could be that webfig is only available through LAN.
Last edited by erlinden on Fri Aug 13, 2021 5:34 pm, edited 1 time in total.
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

Re: i can't access to webfig from internet

Fri Aug 13, 2021 5:21 pm

like that :

Image

and any one know how active the https please ?
 
rjow2021
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Nov 19, 2020 6:26 pm

Re: i can't access to webfig from internet

Fri Aug 13, 2021 5:24 pm

In the web interface, or WinBox, open the New Terminal and type...
/export hide-sensitive file=anynameyoulike
Then insert the output here.
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

Re: i can't access to webfig from internet

Fri Aug 13, 2021 5:34 pm


[admino@PIPIPITO] > export
# aug/13/2021 15:24:50 by RouterOS 6.47.10
# software id = 
#
# model = RBD52G-5HacD2HnD
# serial number = 
/interface bridge
add admin-mac=zz:zz:zz:zz:zz:E6 auto-mac=no comment=defconf name=bridge_LAN
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=PIPIPITO-A wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=PIPIPITO-B wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec policy group
set [ find default=yes ] name=group2
/ip ipsec profile
add dh-group=modp1024 dpd-interval=5s enc-algorithm=3des,des lifetime=6h name=Ike_Crypto
/ip ipsec peer
add address=80.14.xx.xx/32 exchange-mode=aggressive name=PIPIPITO profile=Ike_Crypto
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add enc-algorithms=aes-128-cbc lifetime=1h name=IPSec_Crypto
/interface bridge port
add bridge=bridge_LAN comment=defconf interface=ether2
add bridge=bridge_LAN comment=defconf interface=ether3
add bridge=bridge_LAN comment=defconf interface=ether4
add bridge=bridge_LAN comment=defconf interface=ether5
add bridge=bridge_LAN comment=defconf interface=wlan1
add bridge=bridge_LAN comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge_LAN list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.10.10.1/25 comment=defconf interface=bridge_LAN network=10.10.10.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=192.168.254.3,192.168.254.4
/ip firewall filter
add action=accept chain=forward dst-address=192.168.32.0/16 src-address=10.10.10.0/25

/ip firewall nat
add action=src-nat chain=srcnat dst-address=192.168.32.0/16 to-addresses=10.10.10.0/25
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether1
/ip ipsec identity
add my-id=user-fqdn:admin@admin.com peer=PIPIPITO secret=123456
/ip ipsec policy
add dst-address=192.168.32.0/16 peer=PIPIPITO proposal=IPSec_Crypto src-address=10.10.10.0/25 tunnel=yes
set 1 disabled=yes
/ip route
add distance=1 gateway=192.168.1.1 pref-src=10.10.10.1
/system clock
set time-zone-name=Europe/Paris
/system identity
set name=PIPIPITO
/system logging
add topics=ipsec
add prefix=ipsec topics=ipsec
/system package update
set channel=long-term
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: i can't access to webfig from internet

Fri Aug 13, 2021 6:19 pm

/ip firewall nat
add action=src-nat chain=srcnat dst-address=192.168.32.0/16 to-addresses=10.10.10.0/25

you src-nat any packet directed to 192.168.32.0/16 (= 192.168.0.0 - 192.168.255.255 = 64000 addresses)
with 10.10.10.0/25 (= 10.10.10.0 - 10.10.10.127 = 127 addresses) ???
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

Re: i can't access to webfig from internet

Mon Aug 16, 2021 6:20 pm

/ip firewall nat
add action=src-nat chain=srcnat dst-address=192.168.32.0/16 to-addresses=10.10.10.0/25

you src-nat any packet directed to 192.168.32.0/16 (= 192.168.0.0 - 192.168.255.255 = 64000 addresses)
with 10.10.10.0/25 (= 10.10.10.0 - 10.10.10.127 = 127 addresses) ???
it's network for my a company where i work

Who is online

Users browsing this forum: NimbuS and 32 guests