Hello, I have several wAP-LTE boards running on different locations. All are setup with an IPsec tunnel to the headquarter. Actually the tunnels are working good (depending on LTE signal strength), but I found something I would like to fix. So, I have a fully configured wAP-LTE which is connected to...

Do you have any updates on this? It seems I have quite similar problems. My unit also works fine after reboot for some minutes and then it just looses LTE-connection. Previously I had another LTE-router installed, which had other issues but LTE-Connection was stable. At the moment I use two other WA...

Got it working now. It was more a C# related problem than a router one.

First of all: Great work! I just started to play around with tik4net and C#, but I got a little trouble. If I use your examples and create a WindowsConsoleApplication everything works as it should. Problems are starting when I try to do the same within a WindowsFormApplication. I use exactly the sam...

I was pretty unsure about this, but I found the following link where somebody says it would work: https://forum.splynx.com/t/mikrotik-api-error/449 Whatever....when I use the Raw connection in Putty I see API packets in torch but my "real" API connection does'nt work. I'am trying to use it...

Hi, I just got some problems using the API Interface of my RB2011UiAS. I'am not able to connect via the API-port. The IP service is enabled and there are no firewall rules which would deny it. For testing I made a log-filter-rule which shows me, if there are any API-related packets. When I use Telne...

I would agree with WirtelPL: Try using the TLS-Host option. It was introduced in RouterOS v. 6.41. It will also handle HTTPS. Just an excerpt from the mikrotik newsletter Feb2018: Since most of the internet now uses https, it has become much harder to filter specific web content. For this reason, Ro...

If you set PVID 20 on ether4 this will mean, you set VLAN 20 as untagged to that port - and I don't think that's what you want. You want to set VLAN1 as untagged and VLAN20 as tagged on ether4 (or any other ports). So you gonna leave the PVID on ether4 at "1" (again, thats the untagged VLA...

I found few things which you have to check: 1.) Have you enabled "VLAN filtering" on the VLAN-tab in the bridge settings? 2.) You have to add the IP-address to the VLAN20-interface, not to the bridge. Maybe I will work the way you did if you have only one VLAN on your bridge, but I would a...

What the heck is all-vlan? Is this a special function or pull down menu selection that already exists? Where is it found and what is its purpose? (I had assumed all-VLAN was simply a name given to an address list of all the vlan). I think this option will handle all existing vlan-interfaces in a wa...

So I just did a quick lab-test with this scenario: One CRR1009 with VLANs 10,20,30 an 100, DHCP-server on every VLAN interface. With an old HP switch I distributed this VLANs to connect some devices in severals VLANs. First I tried the method described by anav and che: I created an interface-list wi...

This looks like a elegant way of realizing blocking inter-VLAN traffic too. I will also try this, but I'am also interested if this "all-VLANs" option will do the same. I think I don't have to take care of CPU utilization that much, because the 1009s CPU will sleep most of it's life in my s...

I didn't test it, but rule with both in-interface=all-vlan and out-interface=all-vlan looks promising.

I will try this in lab and see what will happen.

Hello, I'am searching for a comfortable way to block traffic between VLANs on an Mikrotik router. For example I have a CCR1009 with the SFP+ port as VLAN-trunk with VLAN IDs 10, 20 and 100. The only way I found in the forums was to make individual firewall rules for each VLAN and each direction. So ...

I have a problem with an RB3011 and SIP / VoIP. The RB3011 have two WAN connections and one of them (WAN2) should only be used for VoIP. The PBX is cloud based, so SIP-clients will connect through the internet. I tried to work with mangle rules. As the phones (DECT base and softclients) are not in a...

Thanks for answer.

You are a right, but it is a little tricky. My client certificate did'nt hat the "K" in status. I tried to import the .key file (which was'nt written in the tutorial I used) but got an error. The trick is to rename the .key file to .pem and everything is working well.

If you are trying to aggregate/bond your connections so that you can get 200/80, this will not work on standard residential connections. This is because outbound traffic expects to return back to the same network, on the same IP it went out on. It can be done on business/enterprise-grade connection...

Hi, I have a little problem with an OpenVPN setup. In our central we have running a RB3011 as OpenVPN-Server. Clients can connect fine via PC or smartphone - works good so far. Now I want to connect mikrotik routers on customer site via OpenVPN. I just followed the tutorial I found on the web and ge...

Maybe this will help you out with your VPN-setup, if you want to use IPsec: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf 1.) Yes you can do that. 2.) If you want connection from everywhere you just leave this fields empty. Depending on the setup you have, I would ...

Just found here...

viewtopic.php?t=73287

Ok, that makes things a bit clearer, but I don't know yet, why you want to work with your WAN-IP.
If you have VPN-Clients which want to connect to the Mikrotik you can use it's DNS-name I think.

Hi,

for what you want to use the WAN-IP information?

In IP -> Cloud you can find the Mikrotik-DNS Name and your WAN-IP - maybe this will help you out.

Seems I got it working now.

I hat to change the peer to aggressive-mode (also on the LTE-router site) and disable the "passive" option.

Hi, I'am struggeling a bit with configuring an IPsec-tunnel with dynamic IP on one site. So my setup is: Mikrotik (192.168.79.0/24 / static WAN-IP) <-> LTE-Router (192.168.83.0/24, dynamic WAN-IP) So I tried to setup the mikrotik with a template policy as followed: /ip ipsec peer add address=0.0.0.0...

Hi, maybe you should try this guide: https://blog.linitx.com/load-balancing-multiple-internet-connections/ It also uses PPC like the video you had, but maybe there are some differences? (did'nt watch the whole video). I'am pretty new to mikrotik devices but got a nice load-balancing working with the...

Hi,

just comment out or delete this line in your config:
It tells your client to send all the traffic via the VPN-Gateway. Depending on the IP-subnets your network an your clients are working, you have to add a route to your network into your ovpn-config.

You are right and it seems I figured out what was wrong. First I had a global forward accept rule, which I don't really need at all. I also don't know why I created this rule, maybe a relict from former tests. The accept-rule for related and established connections I already had. So the point was, t...

Hello, at the moment I'am struggeling with firewall-rules on ipsec traffic. I already read that there are some issues with filtering IPsec traffic, but I hope there is a way to solve my problem. I have a RB3011 with has several IPsec tunnels to our customer routers (non mikrotik). Via IPsec policy t...