Good day!
i have RB3011UiAS with latest update i am having issue i can't open many websites
mostly "https" even www.mikrotik.com i cant open & ip cloud service also not updating
please help thanks.
[SOLVED] IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
Last edited by DjAtif on Fri Oct 15, 2021 6:57 pm, edited 5 times in total.
Re: many websites aren't working
What do you think the "latest update" is? Please post version number.
Hope this isn't your complete firewall?
Please, based on current information, do a netinstall and at least keep the default firewall rules.
Besides, please never ever expose management over the Internet, at least use a vpn.
And why did you add DNS rules?
Hope this isn't your complete firewall?
Please, based on current information, do a netinstall and at least keep the default firewall rules.
Besides, please never ever expose management over the Internet, at least use a vpn.
And why did you add DNS rules?
Re: many websites aren't working
i am using 6.49 router os & i set DNS rule because without that i can't even use google.com.
my network is simple switch and 5 PCs.
i am not having any firewall previous router was working fine i just installed MT yesterday with same subnet.
in PPPOE MTU 1480 default i tried to change 1492 1500 but no luck.
have tried MSS rule in mangle but still the same.
in DNS setting i am using default dynamic dns FROM pppoe.
my network is simple switch and 5 PCs.
i am not having any firewall previous router was working fine i just installed MT yesterday with same subnet.
in PPPOE MTU 1480 default i tried to change 1492 1500 but no luck.
have tried MSS rule in mangle but still the same.
in DNS setting i am using default dynamic dns FROM pppoe.
Re: many websites aren't working
i just did quick wizard setting
added PPPOE added DHCP & changed LAN subnet by default to the one i have now.
internet is working but mostly websites aren't working just few working.
added PPPOE added DHCP & changed LAN subnet by default to the one i have now.
internet is working but mostly websites aren't working just few working.
Re: many websites aren't working
Quick set is only for initial use, never ever use it afterwards.
Can you please share your config:
/export hide-sensitive file=anynameyoulike
Post this export, preferably between code tags
Can you please share your config:
/export hide-sensitive file=anynameyoulike
Post this export, preferably between code tags
This is an indication that your router is misconfiguredi set DNS rule because without that i can't even use google.com.
Working fine might not be that safe security wise.i am not having any firewall previous router was working fine i just installed MT yesterday with same subnet.
Re: many websites aren't working
Code: Select all
[admin@MikroTik] > export
# oct/14/2021 12:49:41 by RouterOS 6.49
# software id = cccccc
#
# model = RB3011UiAS
# serial number = xxxxxx
/interface bridge
add admin-mac=xxxxxxx auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 password=xyz use-peer-dns=yes user=\
xyz
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.1.1/24 comment=defconf interface=ether2 network=192.168.1.0
/ip arp
add address=192.168.1.x interface=bridge mac-address=xxxxx
add address=192.168.1.x interface=bridge mac-address=xxxxx
add address=192.168.1.x interface=bridge mac-address=xxxxx
add address=192.168.1.x interface=bridge mac-address=xxxxx
/ip cloud
set ddns-enabled=yes ddns-update-interval=30m
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.x,8.8.4.4 domain=falcon
192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
add address=159.148.172.226 name=upgrade.mikrotik.com
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" co
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)"
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=i
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-st
add action=accept chain=forward comment="defconf: accept established,related, untracked"
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connecti
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none o
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat out-interface-list=all
/ip proxy
set anonymous=yes max-cache-size=none
/ip service
set www disabled=yes
/system clock
set time-zone-name=Asia/Dubai
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Re: google, youtube ,mikrotik.com, gmail not working!
I think MTU is the magic word (as you were looking already). Have you contacted your ISP in regards to this?
What MTU was your previous router set to?
What MTU was your previous router set to?
Re: google, youtube ,mikrotik.com, gmail not working!
pervious router mtu 1480 & mikrotik running on same mtu i have tried 1492, 1500, 1470 but still no luck.I think MTU is the magic word (as you were looking already). Have you contacted your ISP in regards to this?
What MTU was your previous router set to?
if i am putting back pervious router its working fine and showing MTU 1492.
so by default MT is getting MTU 1480 but i set manually 1492 still no luck its same & i ran mangle rule already
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
3 chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=yes tcp-flags=syn protocol=tcp
[admin@MikroTik] /ip firewall mangle>
Last edited by DjAtif on Thu Oct 14, 2021 1:27 pm, edited 2 times in total.
Re: google, youtube ,mikrotik.com, gmail not working!
its really giving me hard time anyone can help me to get rid out of this.
Code: Select all
[admin@MikroTik] > ping forum.mikrotik.com
SEQ HOST SIZE TTL TIME STATUS
0 159.148.147.239 timeout
1 159.148.147.239 timeout
2 159.148.147.239 timeout
3 159.148.147.239 timeout
4 159.148.147.239 timeout
5 159.148.147.239 timeout
6 159.148.147.239 timeout
7 159.148.147.239 timeout
8 159.148.147.239 timeout
9 159.148.147.239 
Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
Paste this on terminal
you have pppoe-client or dhcp client?
if you have only pppoe-client paste also this:
on nat you have 3 masquerade and the output on forum are trunked
keep the first and delete the other two
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none o <<<--- ???? must be out-interface-list=WAN
???? --->>> add action=masquerade chain=srcnat
???? --->>> add action=masquerade chain=srcnat out-interface-list=all
I do not see other errors, if not work, you must contact your ISP, MikroTik has nothing to do with that.
MikroTik standard "ping" packet is usually 50k (NOT the "payload", but the FULL packet), is impossible that is a MTU problem, from "ping" point of view.
Try to ping something, if work, ping with on advanced the Dont fragment flag set, starting from 1500 and subtract 2 until work.
When work, that value is probably your max MTU.
Code: Select all
/interface detect-internet
set detect-interface-list=none
/ip address
set [find where address="192.168.1.1/24"] interface=bridge
you have pppoe-client or dhcp client?
if you have only pppoe-client paste also this:
Code: Select all
/ip dhcp-client
remove [find]
on nat you have 3 masquerade and the output on forum are trunked
keep the first and delete the other two
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none o <<<--- ???? must be out-interface-list=WAN
???? --->>> add action=masquerade chain=srcnat
???? --->>> add action=masquerade chain=srcnat out-interface-list=all
I do not see other errors, if not work, you must contact your ISP, MikroTik has nothing to do with that.
MikroTik standard "ping" packet is usually 50k (NOT the "payload", but the FULL packet), is impossible that is a MTU problem, from "ping" point of view.
Try to ping something, if work, ping with on advanced the Dont fragment flag set, starting from 1500 and subtract 2 until work.
When work, that value is probably your max MTU.
Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
Done but nothing changed still same after rebooted even here are the new config & yes i am using only PPPOE one ClientPaste this on terminalCode: Select all/interface detect-internet set detect-interface-list=none /ip address set [find where address="192.168.1.1/24"] interface=bridge
you have pppoe-client or dhcp client?
if you have only pppoe-client paste also this:Code: Select all/ip dhcp-client remove [find]
on nat you have 3 masquerade and the output on forum are trunked
keep the first and delete the other two
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none o <<<--- ???? must be out-interface-list=WAN
???? --->>> add action=masquerade chain=srcnat
???? --->>> add action=masquerade chain=srcnat out-interface-list=all
I do not see other errors, if not work, you must contact your ISP, MikroTik has nothing to do with that.
MikroTik standard "ping" packet is usually 50k (NOT the "payload", but the FULL packet), is impossible that is a MTU problem, from "ping" point of view.
Try to ping something, if work, ping with on advanced the Dont fragment flag set, starting from 1500 and subtract 2 until work.
When work, that value is probably your max MTU.
Code: Select all
# oct/14/2021 16:59:53 by RouterOS 6.49
# software id = dfg
#
# model = RB3011UiAS
# serial number =
/interface bridge
add admin-mac=fffffff auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 max-mtu=1492 name=pppoe-out1 password=xxx use-peer-dns=yes user=xxx
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface l2tp-server server
set enabled=yes ipsec-secret=Atif@5617 use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/interface pptp-server server
set enabled=yes
/ip address
add address=192.168.1.1/24 comment=defconf interface=bridge network=192.168.1.0
/ip arp
add address=192.168.1.243 interface=bridge mac-address=58:03:FB:DF:11:E0
add address=192.168.1.36 interface=bridge mac-address=B8:CB:29:9B:4C:B3
add address=192.168.1.35 interface=bridge mac-address=94:57:A5:8E:1A:C0
add address=192.168.1.242 interface=bridge mac-address=58:03:FB:DF:11:D8
/ip cloud
set ddns-enabled=yes ddns-update-interval=30m update-time=no
/ip dhcp-server network
add address=192.168.1.0/24 comment=defconf dns-server=192.168.1.36,8.8.4.4 domain=dfgh gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.1.1 comment=defconf name=router.lan
add address=159.148.172.251 name=cloud2.mikrotik.com
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
in-interface-list=WAN
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip proxy
set anonymous=yes max-cache-size=none
/ip service
set www disabled=yes
set www-ssl disabled=no
/ppp secret
add name=vpn password=sdf
/system clock
set time-zone-name=Asia/Dubai
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
you try this ???
MikroTik standard "ping" packet is usually 50k (NOT the "payload", but the FULL packet), is impossible that is a MTU problem, from "ping" point of view.
Try to ping something, if work, ping with on advanced the Dont fragment flag set, starting from 1500 and subtract 2 until work.
When work, that value is probably your max MTU.
Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
I have problem only to access few webs even I can’t open our web MikroTik.
Https webs aren’t working (not all) tried to hard reset and re config again twice but results same.
Same device i used two months ago and working still fine with same ISP.
However the current device is reacting strange and if i remove MT and put normal router things are working fine.
I have tried MTU settings different MTU still same.
Https webs aren’t working (not all) tried to hard reset and re config again twice but results same.
Same device i used two months ago and working still fine with same ISP.
However the current device is reacting strange and if i remove MT and put normal router things are working fine.
I have tried MTU settings different MTU still same.
Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
Possibly an IP conflict, can you change the mac address on port facing ISP on the mikrotik to the previous ISP router mac address
Re: IP CLOUD, Google, YouTube ,mikrotik.com, Gmail not working!
Solved champion my ip is dynamic from ISP tried to reboot but still getting same ip so finally when i got new ip all system starts working fine.Possibly an IP conflict, can you change the mac address on port facing ISP on the mikrotik to the previous ISP router mac address
Guys thank you all be safe and help people.
Who is online
Users browsing this forum: almdandi and 66 guests