That did the trick!

Thank you both very much!!!

Thank you Mkx, I've already try adding a chain forward accept rule with the src address. The result was that some traffic was captured by the rule, but the site still fails. Any ideas?

Hi All, I need to exclude traffic from a specific public ip from being procesed by fasttrack. The reason is that the site won't work properly when fasttrack is enable. If somehow I can bypass that connection from fasttrack, I will be able to access the site normally, without having to disable fasstr...

Hi Kentzo, sorry for the late response. I still haven't found the time to try it, but I wonder two things. 1) What do you mean by *tunnel-1 matching* 2) if the destination address is always 192.168.0.0/24 how would the router will distinguish when I want to go through tunnel 1 from when I want to go...

Thanks for your reply.

It sound like a good idea, but can you give a hint on how to implement?

Hello, My local network is 172.24.0.0/16 I need two ipsec site to site vpn's, but both remote sides have subnet 192.168.0.0/24 As expected routeros won't let me enable the two policies at the same time. I was wondering what nat or any other configuration would be suggested to accomplish this. Thanks...

Hi everyone, I resolved the issue. I am just making this post to document what resolved the issue for me so that if anyone else has this issue, they can potentially solve it. I had to add a firewall rule to allow "ipsec-esp" protocol. Like so: /ip firewall filter add action=accept chain=i...

Hello, I am using ovpn to connect clients to mikrotik router on headquarters. My only concern is that once clients connect to the vpn, all internet traffic goes through the headquarters router and their public ip became the one from the headquarters. What I need to accomplish is that clients can use...

No one? Only me? On 7.4.1 also everything works good. Not on 7.5

Hello. I use certificates for ovpn and also use the revocation service inside the mikrotik. I normally do this by adding the corresponding URL. (usually http://"router ip"/crl/1.crl). The problem is that I try this with a new Routerboard RB750gr3 and it always show invalid. I have then dec...

Unfortunately RouterOS currently doesn't allow triggering of a script by a firewall rule match or by an address list becoming non-empty. So you can use a mangle rule to add the dst-address to an address-list ("send-wol"), with a lifetime of a few seconds, each time a packet arrives for th...

Hi Zacharias, doesn't matter if it is htttp or whatever traffic, y just need that when any traffic is pointed to that PC, the wol script runs and turns it on.

Hello, I would link to run a script (with a wol comand inside) to start certain PC with Wol. The script works fine, but I want to trigger the script only when traffic to that specific PC is detected. For example, I want the pc off all the time, but if a send an http request or whatever traffic is de...

Hi, I'm trying to make a script that runs only if the time is between for example from 18:00:00pm to 04:00:00am hs. So far I've got this one working: :if ([/system clock get time] > "18:00:00") do={} This one will run if time is past 18:00:00, but what I need now is to "tell" th...

Hi, I'm trying to make a script that runs only if the time is between for example from 18:00:00pm to 04:00:00am hs. So far I've got this one working: :if ([/system clock get time] > "18:00:00") do={} This one will run if time is past 18:00:00, but what I need now is to "tell" the...

Hi. Yes I am using bare ipsec. I'll try to explain what I need to accomplish. Let's say I have site A with an ip range of 192.168.0.0/24 and Site B 192.168.1.0/24. I would like to create a policy that for example allows only ip's from 192.168.0.10 to 192.168.0.20 range to reach only 192.168.1.50 on ...

Sorry Sebastian, I don't quite understand what you mean by bare ipsec. Also I try creating drop forward rules, but does not seem to work.

Hello, I have an ipsec vpn configured between two Mikrotiks. Everything is working normally, having traffic coming and going from both sides with no issues. What I need to do now, is to filter the traffic in order to allow specific IP's and protocols to be allowed inside the tunnel, in contrast to w...

Thank's to everyone. I've ended up learning and writing my own script. I leave it here in case someone needs it. # Set needed variables and resolve remotedomain and local domain :global RemoteIp [:resolve remotedomain] :global LocalIp [:resolve mydomain] # get actual values of sa-dst-address and sa-...

Can't thank you enough Evince. I've ended up like this: :global LocalSite [:resolve mydomain] :global RemoteSite [:resolve remotedomain] /ip ipsec policy set 1 sa-dst-address=$RemoteSite sa-src-address=$LocalSite I just need one more thing. I've created a schedule to run the script, but since it won...

Thank you. Do you have a sample script that you can share with me?

Also I've just installed 6.41rc23 an it allows me to specify dns on Peer on winbox. The issue still persist on specifying SA Src. Address and SA Dst. Address on the policy action. Any ideas?

Hi, I'm new to mikrotik. I'm starting to learn about it and every step I go, I am finding it more and more interesting. At the moment I've managed to create an ipsec vpn between two mikrotik's. Right now my issue is how to make this work with dynamic ip addresses on both sides since I don't find a w...