Community discussions

MikroTik App
 
Quokka
just joined
Topic Author
Posts: 2
Joined: Thu Oct 27, 2022 8:13 pm
Location: Fryslân / The Netherlands

MikroTik hAP ax2 / no connection between mobile app and server application at network device

Mon Oct 31, 2022 9:55 pm

Hi Forum,

This is to solicit your help to solve a problem I am surely not able to overcome myself, despite perusing the MikroTik WiKi and browsing the messages at this forum. At the same time, I have to admit that I am pretty much a noob when it comes to configuring routers beyond the basics, so please bear with me.

My reason for posting is the fact that I am not able to establish a connection between a client app on my mobile phone (‘HQPDControl’) and a music server application on one of my network devices (‘HQPlayer Desktop’), when the phone is hooked up to a WiFi network created by my new MikroTik hAP ax2. To give you an idea what my network looks like, please see the following diagram.

Thuisnetwerk - MikroTik 28102022.png

The primary router in my network is a Vilfo VPN router, which (instead of the FritzBox modem / router) assigns static IP-addresses to all devices that are part of my LAN. So far, I have relied on the WiFi network broadcasted by this router (connection Ia in the diagram above) for 1) getting access to Internet with both my work laptop and my mobile phone, 2) WiFi calling with the latter (such, since mobile coverage in and around my home is absolutely abysmal), and 3) controlling the aforementioned music server application (‘HQPlayer Desktop’) on my Apple Mac Mini by means of the ditto client app on my iPhone (‘HQPDControl’).

However, as the WiFi signal that the Vilfo VPN router generates is far from stable, the WiFi network created by the MikroTik hAP ax2 that arrived last week is meant to serve as a more reliable alterative. It certainly does when it comes to getting access to the Internet and WiFi calling; I had the device running in no time, and I have nothing to complain about in this department. What I cannot get figured out, however, is how to connect to the music server application on my Mac Mini, when my iPhone is hooked up to the WiFi network that is broadcast by the MikroTik hAP ax2 (connection Ib). Whether the internet port of the latter is directly connected to the Vilfo VPN router (connection IIa) or to the QNAP switch (connection IIb) does not make a difference: I have access to the Internet and can make WiFi calls, but I can’t reach the Mac Mini from my iPhone.

Setting up a connection between the client app on the phone and the server application on the Mac Mini is basically really straightforward, for which see the screen shot below.

HQPDControl v4.png

When the client app is provided with the IP address of the Mac Mini as assigned by the Vilfo VPN router (10.220.0.14) and the port the server application listens to (4321), a connection is set up, and the app can give commands (e.g. select album, start playing, adjust volume etc.) to the music server application. However, this is as long as my iPhone is connected to WiFi network as broadcasted by the Vilfo VPN router (connection Ia). The moment I switch and connect my iPhone to the WiFi network that comes from the MikroTik hAP ax2 (connection Ib), the connection between the client app and the music server application is lost, and there is no way re-establishing it.

It is not as if the MikroTik hAP ax2 does not ‘see’ my Mac Mini, though. When I connect my work laptop to its WiFi network (connection Ib) and log in at the management console, I can run an IP scan, the results of which show my Mac Mini at address 10.220.0.14, as well as all other IP addresses as assigned by the Vilfo router (192.168.88.254 is the laptop, and the address right above it my iPhone when connected to the same network).

IP Scan MikroTik hAP AC2 29102022.png

When I disable ‘stealth mode’ at the Mac Mini, I can ping it from the MikroTik hAP ax2 as well.

As a further bit of information, when I connect my iPhone to the WiFi network broadcasted by my Vilfo VPN router (connection Ia), the info panel about this connection at the phone looks like this:

Info panel Vilfo WiFi 29102022.png

And when it is connected to the WiFi network broadcasted by MikroTik hAP ax2 (connection Ib), the info panel is as follows:

Info panel MikroTik WiFi 29102022.png

Additional information as regards the configuration of my MikroTik hAP ax2 may be found in the attached text file, for which see below.

Although I, like written above, have tried to find an answer by browsing the MikroTik WiKi and the messages at this forum, I am simply lacking the background and knowledge to logically deduce in what direction to look for a solution. Therefore, any help or suggestions you could provide me with to put me at the right trail will be warmly welcomed. Should I need to post further details, please do let me know.

Many thanks in advance!

# oct/31/2022 18:44:07 by RouterOS 7.6
# software id = PLFD-7ZHD
#
# model = C52iG-5HaxD2HaxD
# serial number = XXXXXXXXXXX
/interface bridge
add admin-mac=18:FD:74:BB:A7:96 auto-mac=no comment=defconf name=bridge
/interface wifiwave2
set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
    configuration.country=Netherlands .mode=ap .ssid=MikroTik-BBA79A \
    disabled=no
set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
    configuration.country=Netherlands .mode=ap .ssid=MikroTik-BBA79B \
    disabled=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi1
add bridge=bridge comment=defconf interface=wifi2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-name=Europe/Amsterdam
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: raphaps and 67 guests