Community discussions

MikroTik App
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

issues with Setting up My RB 951ui after a dlink router

Mon May 22, 2023 8:45 pm

Hello My friends..!
so i have a very simple question:
i have a Dlink Router configured as a bridge -(bridge mode)- i connected my Mikrotik directly to it as
ether-1 in MT represent the out interface
ether-2 in MT represent the LAN
in ip-firewall-NAT and as usuall i set a very simple masqurade rule as srcnat and the action is masqurade and the out interface is ether-1
i also create a route role as dst:0.0.0.0/0 and the gateway is the ip address of my Dlink router -(and absolutely the DHCP server0-
so every thing required so that a MT will work normally and give the users IP and internet.

now what is my proplem:
my devices that's connected to the network is connected and disconnected so the connection is not stable..

what is my question:
is it a true to create a masqurade rule in case my Dlink Router is in Bridge mode...?
i mean do i have to create a netmap rule..? or srcnat rule..?

anyone try this scenario before..?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Mon May 22, 2023 9:33 pm

To be clear,
a. is your intention for the MT to be a switch/AP
OR
b. is your intention for the MT to be a router.

Post config of MT
/export file=anynameyouwish ( minus router serial number )
 
sabatm
just joined
Posts: 7
Joined: Thu May 11, 2023 10:06 pm

Re: issues with Setting up My RB 951ui after a dlink router

Tue May 23, 2023 10:12 am

Hello My friends..!
so i have a very simple question:
i have a Dlink Router configured as a bridge -(bridge mode)- i connected my Mikrotik directly to it as
ether-1 in MT represent the out interface
ether-2 in MT represent the LAN
in ip-firewall-NAT and as usuall i set a very simple masqurade rule as srcnat and the action is masqurade and the out interface is ether-1
i also create a route role as dst:0.0.0.0/0 and the gateway is the ip address of my Dlink router -(and absolutely the DHCP server0-
so every thing required so that a MT will work normally and give the users IP and internet.

now what is my proplem:
my devices that's connected to the network is connected and disconnected so the connection is not stable..

what is my question:
is it a true to create a masqurade rule in case my Dlink Router is in Bridge mode...?
i mean do i have to create a netmap rule..? or srcnat rule..?

anyone try this scenario before..?
Couldn't the DHCP behind the NAT cause problems for the clients to get IP's?
Try to use it without the NAT and see the results maybe?
Just wondering.

Have a nice day.
Michael
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: issues with Setting up My RB 951ui after a dlink router

Tue May 23, 2023 7:41 pm

To be clear,
a. is your intention for the MT to be a switch/AP
OR
b. is your intention for the MT to be a router.

Post config of MT
/export file=anynameyouwish ( minus router serial number )
Hello anav..!
b. is your intention for the MT to be a router.
yes that's one.
so today i solved my problem -until now the internet connection is stable-
how..? well -its the first time that i encounter such a wired issue- first when the the problem exist, my config like below:
my TPlink router -(sorry i know that in the last thread i say Dlink but actually its TPlink router)- that was confiquired in bridge mode had the DHCP range from 192.168.95.100 to 192.168.95.200, in that day i add a static ip entry to my ether1 in mikrotik as 192.168.95.254/24
and create a route rule and masqurade rule as usuall.
today what i do just disable the DHCP in the TPlink router..! well and all thing goes normal..!
well i am not convinced with this solution BUT until now all thing like crystal.
Except the wireguard tunnel
so in my windows WG tunnel profile when i turn on the channel i get a sent packet but no recive packet.
i try alot of different thing but with no avail..!
i think that i am in the edge to know why i don't have a recive paket but well still on halt
here is my config
to give you some insight about my config:
in MT
ether-1 in out interface that connected to TPlink router and have the ip 192.168.95.254
ether-2 goes to VPN router with ip: 192.168.20.1/24 -(so from ether2 in MT to WAN port in VPN router)-
ether-3 from VPN router -(so from LAN in VPN router to MT router)- and have the ip 192.168.30.101
ether4+ether5+WLAN= represent LAN with ip range 192.168.42.1/24
You do not have the required permissions to view the files attached to this post.
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: issues with Setting up My RB 951ui after a dlink router

Tue May 23, 2023 7:47 pm

Hello My friends..!
so i have a very simple question:
i have a Dlink Router configured as a bridge -(bridge mode)- i connected my Mikrotik directly to it as
ether-1 in MT represent the out interface
ether-2 in MT represent the LAN
in ip-firewall-NAT and as usuall i set a very simple masqurade rule as srcnat and the action is masqurade and the out interface is ether-1
i also create a route role as dst:0.0.0.0/0 and the gateway is the ip address of my Dlink router -(and absolutely the DHCP server0-
so every thing required so that a MT will work normally and give the users IP and internet.

now what is my proplem:
my devices that's connected to the network is connected and disconnected so the connection is not stable..

what is my question:
is it a true to create a masqurade rule in case my Dlink Router is in Bridge mode...?
i mean do i have to create a netmap rule..? or srcnat rule..?

anyone try this scenario before..?
Couldn't the DHCP behind the NAT cause problems for the clients to get IP's?
Try to use it without the NAT and see the results maybe?
Just wondering.

Have a nice day.
Michael
Hello Mr.Michael..!
thanks for your interest..!
well you can read what i replied to anav to get more insight about my issue.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Wed May 24, 2023 3:44 am

Your explanation doesnt match your other post diagram which shows TWO WAN routers (both dlink or tplink, you seem to be confused on this point), as well as the VPN router which also in a way provides a third WAN for MT users.......

in terms of your config the error may be in your routing rules
from
/routing rule
add action=lookup-only-in-table disabled=no min-prefix=0 src-address=\
192.168.42.1/24 table=VPN
add action=lookup disabled=no src-address=192.168.20.1/24 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.100/32 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.176/32 table=ISP-1
add action=lookup disabled=yes src-address=172.10.1.1/24 table=ISP-1


TO
/routing rule
add action=lookup-only-in-table disabled=no min-prefix=0 src-address=\
192.168.42.0/24 table=VPN

add action=lookup disabled=no src-address=192.168.20.0/24 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.100/32 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.176/32 table=ISP-1
add action=lookup disabled=yes src-address=172.10.1.0/24 table=ISP-1
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: issues with Setting up My RB 951ui after a dlink router

Wed May 24, 2023 6:54 am

Your explanation doesnt match your other post diagram which shows TWO WAN routers (both dlink or tplink, you seem to be confused on this point), as well as the VPN router which also in a way provides a third WAN for MT users.......

in terms of your config the error may be in your routing rules
from
/routing rule
add action=lookup-only-in-table disabled=no min-prefix=0 src-address=\
192.168.42.1/24 table=VPN
add action=lookup disabled=no src-address=192.168.20.1/24 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.100/32 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.176/32 table=ISP-1
add action=lookup disabled=yes src-address=172.10.1.1/24 table=ISP-1


TO
/routing rule
add action=lookup-only-in-table disabled=no min-prefix=0 src-address=\
192.168.42.0/24 table=VPN

add action=lookup disabled=no src-address=192.168.20.0/24 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.100/32 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.176/32 table=ISP-1
add action=lookup disabled=yes src-address=172.10.1.0/24 table=ISP-1
your explanation doesnt match your other post diagram which shows TWO WAN routers
if you mean by that the diagram in the other thread, the answer is no that's another problem in different site.
yes i know that maybe i add a confusion when i say this sentence -(sorry i know that in the last thread i say Dlink but actually its TPlink router)- so not the last thread but the last comment so we still in the same thread.

in this response in terms of your config the error may be in your routing rulesfrom
so you mean the disconnect error or wireguard error..?

also for this replay: what is the different that if i put 192.168.20.0/24 or i put 192.168.20.1/24...?
as i know the router will take this two value as the same..!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Wed May 24, 2023 2:13 pm

One describes the subnet and the users in it, which is what you should put in, the other desrcibes the IP address only and not all that useful in routes.

Please look at your routing tables to compare....................
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: issues with Setting up My RB 951ui after a dlink router

Wed May 24, 2023 7:24 pm

One describes the subnet and the users in it, which is what you should put in, the other desrcibes the IP address only and not all that useful in routes.

Please look at your routing tables to compare....................
i try both anav and it work..! so doesn't matter trust me..!
yet my WG tunnel still not work..!
so well don't trust me so much..
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Thu May 25, 2023 12:23 am

You need to be more precise in your language.
The wireguard tunnel to the Mikrotik DOES WORK, its just the extension to the DLINK that is not working.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Thu May 25, 2023 12:27 am

Everywhere I look on your config I see issues LOL.

Take this....
/routing rule
add action=lookup-only-in-table disabled=no min-prefix=0 src-address=\
192.168.42.1/24 table=VPN
add action=lookup disabled=no src-address=192.168.20.1/24 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.100/32 table=ISP-1
add action=lookup disabled=no src-address=192.168.42.176/32 table=ISP-1


Routing rules ORDER is critical.
One can see that the first rule takes all traffic from 192.168.42.1 again, it should be 192.168.42.0/24 to make it clear........ proper way to identify subnet !!
and then later on you want to move .100/32 and .176/32 through ISP-1.

So that your wireguard queries to any LAN device are allowed to reach back to the wireguard interface instead of being forced out the VPN tunnel

TOO LATE

These two rule have to be before the first rule in the order!!

++++++++++++++++
Also I would add another routing rule before sending all 192.168.42.0/24 traffic to wireguard, similarly in thinking with the other two rules.
add action=lookup-only-in-table dst-address=172.10.1.0/24 table=main.

This ensures any traffic from .254, heading back to wireguard doesnt get sucked out VPN router and goes back to wireguard.
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: issues with Setting up My RB 951ui after a dlink router

Thu May 25, 2023 5:52 am

You need to be more precise in your language.
The wireguard tunnel to the Mikrotik DOES WORK, its just the extension to the DLINK that is not working.
to update my current scenario to remove confusing :
instead of bridge mode in the router now i have a normal ADSL Router and the connection is stable.
i change my MT config its now like this:
ether1: out interface from Dlink router with ip address 192.168.95.254/24
ether2: out interface from VPN router with ip address 192.168.30.100/24
ether3+ether4+ether5 now represent the LAN interface with IP range: 192.168.42.1/24

before it was like this :
ether-1 in out interface that connected to Dlink router and have the ip 192.168.95.254
ether-2 goes to VPN router with ip: 192.168.20.1/24 -(so from ether2 in MT to WAN port in VPN router)-
ether-3 from VPN router -(so from LAN in VPN router to MT router)- and have the ip 192.168.30.101
ether4+ether5+WLAN= represent LAN with ip range 192.168.42.1/24

the wireguard tunnel stil doesn't work.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Thu May 25, 2023 7:26 pm

This is different again from the current thread and from your other Thread and diagram.
Can you please stop changing your config as it is not helpful.

Do you or do you not have two ISPs?
Do you or do you not have two WG connections one for each ISP.

I understand the change of eliminating subnet .30 on the mikrotik as you will attempt to use the .42 subnet for this purpose.
I actually like the separate .30 subnet for this purpose much better, clear and not messy but it may be just personal preference.

In any case there should be no issue with providing the VPN router a fixed WANIP on the .42 local MT subnet.
It will make things interesting when we attempt to route users but willing to cross that bridge later.

Understand that THAT ether 3,5 WIFI will be hooked to the local subnet .42. ( before it was just 5+wifi, with ether 5 going to switch and the natted router after the switch!
However your use of ETHER4 makes no sense here.

i change my MT config its now like this:
ether1: out interface from Dlink router with ip address 192.168.95.254/24
ether2: out interface from VPN router with ip address 192.168.30.100/24
ether3+ether4+ether5 now represent the LAN interface with IP range: 192.168.42.1/24


If you want users to access the VPN router for internet you still need an extra port dedicated back to the VPN router remembe ( for MT local users )
It can be any private subnet on the VPN router lets say 10.20.50.0/24, of which lets say 10.20.50.2 is a fixed IP for another WAN input on the MT router.

++++++++++++++++++++++++++++++

So before continuing help on either thread, you need to clarify truth,
how manY ISPs?
how many wg interfaces?
use of ether4?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Fri May 26, 2023 3:04 am

Okay, well good luck, tis too bad you posted for help on two configs so eerily similar, as its confusing for me to deal with at the moment.
Both are very solvable on their own, I know you can do it. Just use logic all traffic needs
a. to be permitted to flow (firewall rules and allowed IPs)
b. needs a path to get there ( and watch out for when you force traffic ).
 
User avatar
Techsystem
Member
Member
Topic Author
Posts: 337
Joined: Tue Dec 21, 2021 5:12 am

Re: issues with Setting up My RB 951ui after a dlink router

Fri May 26, 2023 8:06 am

Okay, well good luck, tis too bad you posted for help on two configs so eerily similar, as its confusing for me to deal with at the moment.
Both are very solvable on their own, I know you can do it. Just use logic all traffic needs
a. to be permitted to flow (firewall rules and allowed IPs)
b. needs a path to get there ( and watch out for when you force traffic ).
you begain to use a blackhole route method in your answer . mmm well i understand..! thanks..!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: issues with Setting up My RB 951ui after a dlink router

Fri May 26, 2023 6:43 pm

use blackhole at your own risk, normally not required.

Who is online

Users browsing this forum: No registered users and 31 guests