Interesting , does it legal to post any solution here? (i don't have any)

Why don't you just look at mikrotik change log update and find all patch with "CVE-" after 6.42.11?
I remember few loud news like "immediately update your microtik or it's not safe!!!"

As I see you made settings and someone can connect but not you. There need more logs and and hide-sensitive config (btw hide your IP) Run this in terminal This will create new topics under System->Logging with debug option with flood your log with debug messages system logging add topics=ipsec,debug...

I hear about some bug when you generate certificate your password must match your "secret".
Moreover need more log. Even deeper then standard log.
On other way may I propose you use IPSEC IKEv2? Nikita Tarikin did about 4 presentation for Mikrortik meetings and there is no pit falls about.

Some IPs is going via bridge / switch and CPU never sees them

CZFan, I appreciate attention you gave for topic and thank you for suggestion! I think this is it. I will try to separate devices for few subnets and try again.

Question about firewall. Here is pic. Right side, from top to bottom. 1. Ping from 192.168.56.10 to 192.168.56.22 2. Ping from 192.168.56.23 to 192.168.56.22 3. Ping from 192.168.56.10 to wireless 192.168.56.64 4. Ping from 192.168.56.23 to wireless 192.168.56.64 -Top left Pic, connection filter pro...

Here are some offline scripts to decode supout.rif files: https://github.com/farseeker/go-mikrotik-rif
Much better than uploading it to some shady server for analysis... supout may contain various private info.

Make this clear please)!

Hi!
Is there option to use random port for ipsec tunnel?

akin2silver , Sob , vecernik87 , thank you for answers. It's become clear to me that less people know my IP more secure I am. Here is config) if you have time roast me) [(Put your user name here)@MikroTik] > export compact hide-sensitive # oct/22/2019 19:23:04 by RouterOS 6.45.6 # software id = 34L...

Is there a place where I may ask whitehat to hijack my ROS?
I need to check my security rules.

Hello!
Winbox LogIn GUI option "Keep Password". It create file %APPDATA%\Mikrotik\Winbox\settings.cfg.viw with full login and password and not encrypt this string.
Is there option to hide (encrypt) Log-Pas and use "Keep Password" option?
Thank for your time.

Hello! When I switch Win10 OS to Linux Mint OS vai reboot or proper shut down and power on (triple OS PC), I loose my wired connection. It's solved when I switch Ethernet cable from one port of router to another. DHCP gives proper IP but PC have no wire connection. Router LED just blink( not a prope...