@rextended I have read you're post, but you've posted to-addresses=127.0.0.1 which is localhost and I don't want to change destination to router but another server. If I'm guessing correctly when I change 127.0.0.1 to eg. 192.168.1.100, it will work, right?

Oh wow, I didn't expect so extensive discussion. Let me clarify things: Here's my motivation to have own NTP server: https://askubuntu.com/questions/14558/how-do-i-setup-a-local-ntp-server I don't have atomic clock, but I want to have Stratum 1 time server, so I have GPS module. Now the rules: add a...

Hi! I want to force wi-fi clients to use my own NTP server (which is not really important). I have dst-nat and src-nat rules: add action=dst-nat chain=dstnat comment="Force using local NTP Server" \ dst-port=123 in-interface-list=LAN protocol=udp src-address-list=\ "!NTP Server" ...

According to this post: viewtopic.php?t=106958#p811364 it is a valid command.

Hi! I'm trying to upload file via SFTP. While using WinSCP everything works great. I've used this command: /tool fetch url="sftp://nas/MikroTik-20210522-0903.backup" src-path="flash/MikroTik-20210522-0903.backup" user="xyz" password="xyz" dst-path="MikroT...

I use Layer7 and regex: Is there any other way?

Hi!
I have a domain on CloudFlare. My A record point to my router. I use it only for access to CRL. I want on my router firewall block all incoming connection (input chain) which point to different address than crl.domain.com/crl/*

How can I do that?

Is there any plans to implement it?

Hi! I'm trying to generate certificates. First I generate root ca cert (key usage: digital signature, key cert. sign, crl sign) and sign it with param: CA CRL Host: xxx. Generated certificate has CRL Distribution Points set to good value. Than I try to generate intermediate certificate (key usage: d...

Hi! I've configured IKEv2 VPN based on https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication. Everything work fine... on MacBook, but when I try to connect via iPhone I have "User authentication failed." error. I use the same cert in MacBook ...

Sure, so now I've got this:
That's all?

I've made this configuration. Can someone check if this is ok? /interface wireless add default-forwarding=no disabled=no mac-address=CE:2D:E0:C9:C6:D1 \ master-interface=wlan1 name=wlan-guest1 security-profile=guest ssid=\ "Guest" wps-mode=disabled add default-forwarding=no disabled=no mac...

Hello,
I'm trying to do guest wifi (2 virtual wlan) and create vlan for guests. Can somebody provide a configuration to do this? I also want that client don't see each other and cannot use internal resources. I have read multiple tutorial but neither have answer to my question.

You're welcome. I had exacly the same issue

Yes, sure. I know that, but I also want to create VLAN and I don't know how to put this step to advice above.

You can disable dynamic dns by disable peer dns in dns client

Hello, I'm trying to create VLAN for guests. It's should be easy task, but on every tutorial I've watched the example was about only 1 ap. I have WLAN 2,4GHz and WLAN 5GHz. I've also created already 2 virtual WLAN for my guests. And my problem is how to create 1 VLAN with this 2 separate virtual WLA...

Hello, I just bought new MikroTik hAP AC^2. I read a lot of tutorials and guide how to configured it properly. I have problem with VPN connection from my iPhone. It connect properly but very stuff get weird when it's disconnecting. After disconnect iPhone create new connection. I attach log to demon...