MikroTik

aleab

Hello, i have a failover setup. to monitor one WAN (LTE CGNAT) i thinked to create a vpn to chr on cloud. so essentialy i have a sstp client vpn with my chr on port 443 and of course use main WAN i create second sstp client on port 465 and force and be sure to use secondary WAN (LTE CGNAT) i add thi...

aleab

ok, thank you.
now 'im reading your link.

big thank you!!!

aleab

Hello, i'm also try to use vrf. but i have a similar problem. for testing i try to my lab , so i use 3 different subnet LAN = 192.168.88.0/24 WAN1 (VRF1) = 10.1.1.0/24 WAN2 (VRF2) = 192.168.89.0/24 i attach rsc. with now i setup a dhcp server to use 8.8.8.8 and 1.1.1.1 because if i use 192.168.88.1 ...

aleab

yes i'm italian,
but i presume is better post guide in english.

anyway, i call ISP and they setup FTTH with ont (external)
so i have a 2.5gbps port from ont to RB5009 and then create vlan+pppoe

now works all fine
thank you

aleab

Hello, i have a customer with a router (TIM HUB+) with sfp 2.5gbps but 4 ports 1gbps. and would connect my router and switch to 2.5gps. so i remove sfp module from TIM HUB and put in a RB5009 sfp is recognized, in interfaces i see vendor name / serial / temperature / ecc... but status is down... i t...

aleab

Thank you.
But i don't have Windows server.
So i can't use on Windows PC...

I would reboot lte wap from hap ac3...

Thank you

aleab

Hello, i try to reboot a local mikrotik device from another mikrotik. unfortunately i don't have a linux box with curl or ssh to script and crontab. so i thought 2 ways... ssh and rest api 1. rest api i use /tool/fetch url=https://192.168.1.211:10443/rest/system/scripts/reboot check-certificate=no m...

aleab

Thank you to all for answers. @pe1chl yes i try to disable and re enable sstp-client2 but nothing... and also try to reboot firewall but connection fails... @anav thank you, i'm also for speedup use wireguard. but in this case i don't need to switch fast from wan1 to wan2. i would monitor if wan1 is...

aleab

Hello, i have a CHR on cloud and monitor my customer's mikrotik. so basically on CHR i have an sstp server and on customer i add an sstp client. works all fine. now i have a customer with 2 WAN (primary + LTE) so on CHR i create a rule to forward a secondary sstp server port to real. for example sst...

aleab

big thank you
@rextended

i know about my limit...
sorry if sometimes i ask...

i test and be sure works fine

thank you again

aleab

big thank you both !!!! i search if else and don't see a space .... :( i'm an idiot.... :( to answer @jaclaz because i'm not a programmer , so i have more difficult to "write" a script.... so after a considerationa think this is a definitive script :local var1 [:put ([/tool netwatch print ...

aleab

Hello, i'm sorry but i can understand why my script generate an error... i would check my WAN status and write a simple script that works i created 3 netwatch and put this on scheduler every 15 sec :local var1 [:put ([/tool netwatch print as-value where host=8.8.8.8]->0->"status");]; :loca...

aleab

here you are # 2024-01-05 21:34:07 by RouterOS 7.13 # # model = C52iG-5HaxD2HaxD # serial number = /interface bridge add admin-mac=74:4D:28:FB:CC:3E auto-mac=no comment=LAN mtu=1500 name=bridge \ port-cost-mode=short add comment=CONTAINER name=bridge-container port-cost-mode=short add comment="...

aleab

thank you for quick reply. of course routing rule was enabled... after many test i disabled to browsing with smartphone... and yes i dhcp static all of my devices (also my smartphone). but i try to change routing rule (of course enabled :) ) with my laptop (win 11) and same behavior... i can ping al...

aleab

Hello, i have i mikrotik at home with a LTE connection. Works all ok, but now i would route all traffic from specific device to wireguard. so i have a VPS on cloud provider, install docker and start wireguard (linuxserver/wireguard) test it on my smartphone and works very well... so i try to install...

aleab

thank you for reply.
but I have already purchased the other model by now...

is not a problem, i just add 30/40 watt on monitoring server (idrac)

thank you again

aleab

ok nothing.
thank you for reply.
i will value about 40watt..

thank you

aleab

Hello, i bought a new CCR2004-16G-2S+ and installed on datacenter. is there a way to monitor power consuption (watt)? i try to use health https://help.mikrotik.com/docs/display/ROS/Health but i don't see power-consumption: so on this model i can't check power consuption? thank you edit: sorry ROS an...

aleab

Thank you for suggestions.
but i think about different port but i can't.

i need to use port 80 and 443

so i will forward TCP 80 and 443 on a VM in lan with nginx-pm or haproxy ...

thank you

aleab

Hello, for some reason i need to change my actual provider. on new i need to optimize and use only 1 ipv4 (WAN address) but i have 3/4 webserver on LAN. can i setup only 1 ip address on wan and create a nat rule for specific hostname / domain ? so if i have only a single public ip 1.2.3.4 can i crea...

aleab

yes, for comfort when i approach api i used windows,
but my goal is use on linux because i want to use with zabbix server (so on linux).

practically my problem is solved because i use linux.
but if someone want to use on windows still have problem... i think is quote / double quote / ecc...

aleab

sorry for delay. i confirm in linux ( almalinux 8.8 ) with curl curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.6 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.2.0) libssh/0.9.6/openssl/zlib nghttp2/1.33.0 works fine all commands... curl -k -u admin:12345678 -X P...

aleab

sorry sorry sorry!!!! i'm trying from win pc, and i have error below... but on linux works fine... :D :D :D sorry, i understand i change my ssid without spaces... but now i would ty to monitor netwatch and i try to curl -k -u admin:12345678 -X POST https://10.2.5.1:10443/rest/tool/netwatch/print --d...

aleab

Hello, i try to check with rest api total wifi clients. for now i'm testing on my HAP ax2 with ROS 7.9. so on mikrotik i use /interface/wifiwave2/registration-table/print count-only where ssid="WIFI GUEST" but with rest api i try to use curl -k -u admin:12345678 -X POST https://10.2.1.1:10...

aleab

ok big thank you.

i plan to go onsite and check with a cable tester...

thank you

aleab

Hello, There is a way to check a cable with uplink active? I have a device that negotiation 100m but is gigabit. I think is cable, but i'm not on customer site. So i can remotely access ti rb4011 and see port is running but 100m (not 1gb). I try ti click cable check but tell me link Is active (no le...

aleab

Hello, i read this thread and post here without open new one... i have a similar situation. i need to connect to my mikrotik devices (behind isp nat, so i can't use port forwarding). now i'm using a VPN to mikrotik devices to a server in cloud (with public ip) and i can reach and connect to remote m...

aleab

now i can't reset and clean my ROS setup. but i setup a SSTP server on R1 and SSTP client on R2. add route to other site and with SSTP works fine... of course SSTP use TCP and is not faster like UDP, but that's okay... so now I leave it like this ... in future i check with other customer , in more c...

aleab

yes, i know. i'm testing various scenario and have a problem to organize rules... just to try to explain... R1 1 - ok, i removed wireguard interface from bridge 2 - ok i correct ip with 172.16.100.2/32 (and same on R2 with 172.16.100.1/32) 3 - 2 wireguard interfaces because 1 is to test road warrior...

aleab

thank you for reply.
for screenshot
left = site1
right = site2

i attach here export hide sensitive

but i thinked if ping works all works...

thank you again

aleab

Hello, i have 2 mikrotik hap ac2 with ROS 7.7 with default config. so simple config 1 WAN 1 LAN both side. LAN subnet site1 10.1.1.0/24 LAN subnet site2 10.2.1.0/24 i create a wireguard tunnel as decribed https://help.mikrotik.com/docs/display/ROS/WireGuard#WireGuard-SitetoSiteWireGuardtunnel tunnel...

aleab

+1 for me.

for some installations i used "port forwarding" to use more TCP port.
but is useful have more OVPN server (as I did in the past with pfsense)

thank you

aleab

same here...
from last days of 2022 i can't backup on cloud my mikrotik.
i try few mikrotik to few customers (so different ISP)...

aleab

just to confirm... with hap ac2 ROS 6.48.6 works fine for some days , after always 10mbps download... :( yesterday i received HAP AX2 with wifi wave2 (of course) and it works really well! with my basic config i can reach 60/70 download :) and plus i use eth1 poe out to "power" SXT LTE6 tha...

aleab

now, i ordered new hap ax2. I hope it arrives before Christmas (2022 )
Keep in mind: default ROS7.

yes i know. but sooner or later i will switch to ROS7

aleab

for my use case (my home) with few devices . i need ROS7 only for wireguard. but it's only to play, i don't use in production wireguard i use openvpn or ipsec, but this is another story... for now i'm focused only to have a good wifi singlae and decent speed. so i'm ok with ROS 6.48 :) now, i ordere...

aleab

Latest ROS versions don't always deliver best wifi performance. Some version testing may be needed. you are a genius!!! :) i noticed that rb4011 have 6.48.6 . so i downgraded my hap ac2 with 6.48.6 (also routerboard). now with my hap ac2 , can reach 80 down 30 up :) i confirm routeros 7 is not the ...

aleab

sorry for delay... thank you for reply. screenshot is related to yesterday test , i have same problem and i have that value in mikrotik / notebook yesterday... i don't know about signal disturbance... for 802.11b i think is smart bulb (tp link), i see 802.11b also in past when i have fritzbox and WA...

aleab

Hello,
i check on my hap ac2 and wap.
now i set frequency = auto
and post screen ...

if you is all ok or i can improve this installation?

thank you again

aleab

thank you for reply. i reply with quote for greater understandability. Your 80Mbps download and 30 Mbps upload is probably due to the SXT LTE connection. The target speed. Why is it not in the wifi connection ? 10 Mbps is very low. because i'm not WISP , so i don't have wifi conection. at my house i...

aleab

Hello, i have a strange behaviour in a basic config at my home. Now i have a SXT-LTE6 (outdoor) with passthrough apn on VLAN HAP-AC2 with dhcp client on VLAN and manage DHCP server , NAT , ecc with wlan1 (only 2.4ghz enable) WAP with wlan1 (2.4 ghz) act as AP problem is wifi, if i take some speed te...

aleab

i post my experience... i have a chr on ionos cloud. i'm able to enable container successful with /system/device-mode/update container=yes then on console ionos (i think use vmware) i shutdown VM , when ask me software or hardware i click on hardware shutdown then start VM now container is enabled /...

aleab

thank you for reply. but i try to dude, i also monitor my mikrotik with dude. but is more complex to create probe / functions ... with zabbix i can monitor more and i have more control. ( at least it seems so to me... :) ) i monitor with zabbix 99% with snmp. i try to create custom snmp , works grea...

aleab

Hello, i need to monitor some parameters with zabbix, i use ssh agent . so zabbix check every minute some value and login with ssh to many mikrotik. on mikrotik i enable ssh and open only from zabbix ip . i also create a user , with only read and ssh permissions. works great but i have every minute ...

aleab

i found a way...

i add route
dst addres = 192.168.89.0/24
gateway = bridge
pref source = 192.168.89.1

now i can ping with
ping 192.168.88.1

so netwatch status is UP

thank you

aleab

Hello, i want monitor with netwatch my remote ipsec subnet... so if i run in terminal ping 192.168.89.1 timeout instead i run ping 192.168.89.1 src-address=192.168.88.1 ping ok so how i can setup ping with src-address in netwatch? i update my mikrotik to 7.4 , so i have more settings but i can't fin...

aleab

Hello, i find api and i try to check netwatch with api i'm able to read system resource with curl -k -u admin:password https://192.168.88.1/rest/system/resource but i want "read" netwatch status, so i try curl -k -u admin:password https://192.168.88.1/rest/tool/netwatch/print but i receive...

aleab

nothing, i try many code but with the dude i have always same error... to reader, i resolve with zabbix... i monitor netwatch with zabbix and ssh agent (of course i need to enable and expose ssh port, but i open only from my zabbix ip) thank you for reply. ps. @rextended , can i contact you in priva...

aleab

i check another way , and change function like this ros_command(":put ([/tool netwatch print as-value where comment=\"MONITOR WAN1\"]->0->\"status\")") i add it in appearance and i show correct : up so now i'm sure problem is on probe i create probe available: 1 error: ...

aleab

thank you for reply. i check on mikrotik and yes , your code is more clean and works :) but when i change on dude i receive always "parse failed" maybe error is on probe??? name: mikrotik_netwatch_wan1 type: function agent: default available : 1=1 error : if(mikrotik_netwatch_wan1()=up, &q...

aleab

i think parse failed is a problem in functions. so i try also if (ros_command(":put ([:pick [/tool netwatch print as-value where comment=\"MONITOR WAN1\"] 0]->\"status\");")) = "up", "", "down") but i have same problem "parse failed&qu...

aleab

Hello, i want to monitor a mikrotik load balancer (pcc) with ip on wan natted. so i can't monitor from outside mikrotik. i can monitor mikrotik 4011 from a remote chr on datacenter with VPN. works all fine, but i want to check if a wan is down so, if a run on terminal in 4011 :put ([:pick [/tool net...

aleab

Hello again, i used this thread to dust off my old notes ... i hope found a solution to monitor netwatch with zabbix (of course you adapt for your needs) zabbix can monitor mikrotik only via SNMP and to use custom oid is necessary enable write access https://wiki.mikrotik.com/wiki/Manual:SNMP#Runing...

aleab

i also search to monitor internet connections (dual WAN) with zabbix (snmp).

for now i think only way is use snmp3 and custom oid
https://wiki.mikrotik.com/wiki/Manual:S ... s_with_GET

i'm working... i will post here scripts...

aleab

nothing...

i test this setup at my home and works fine .
i try to another customer and works fine...

seems only on particular devices not work...
for now is not a problem, i use another vendor to setup this wifi client for ethernet printer...

thank you again

aleab

sorry, of course could create a separate topic. sorry again, i create confusion... to explain i have this situation # in my customer's office hex (DHCP server) -- switch -- ubiquiti AP -- hap lite (AP client) # in my lab (for testing) map lite (DHCP server) -- switch -- provider AP -- hap ac2 or hap...

aleab

sorry but i'm still trying. i test on my lab with map lite (act as DHCP server) wifi is a provider AP and hap lite and hap ac2 in "client mode" and have same issue... to complete i post export of "DHCP server" # mar/11/2022 18:33:31 by RouterOS 7.1.3 # software id = xxxxx # # mod...

aleab

sorry if i not answer quickly... but i thinked that hap lite was broken, so now i have new hap ac2 :) same issue... reset hap ac2, without create bridge connect wlan1 with security profile in station mode (connection ok) add dhcp client on wlan1 same issue... searching... here export # jan/02/1970 0...

aleab

thank you for reply

here is log on hap lite (wlan station)

aleab

maybe problem is

5 offers in a row => no response, restarting with unicast

aleab

attach a screen...

10.1.1.7 is dhcp server...

thank you

aleab

thank you for reply. yes all pc / android / wifi printer can connect directly to ubiquiti and get dhcp from RB750GR3 . ubiquiti is uap-ac-pro set AP (without NAT, only AP) i try also in station mode, but i can't get ip from DHCP. reset hap lite, without create bridge connect wlan1 with security prof...

aleab

Hello, i'm sorry but i think it's related. i have a trouble with this simple configuration mikrotik RB750Gr3 as router (reset with default configuration) and AP ubiquiti from years . and all works fine i would attach a hap lite as "client" because i would connect a ethernet printer to mikr...

aleab

Hi, I am new in mikrotik Just wanna ask "dumb" question: Is it really worth to upgrade to 7.1 from 6.49 2? I have hAP lite and only use it to manage a home network with 3 APs in two bridges and approx 13-20 users. I have no problems with the current version, but just curious. i have an ha...

aleab

Thank you for reply. now i'm check your idea and will test... meanwhile i try to write a script to check if ovpn1 is running and in case switch to secondary profile.. this is a script, i hope this is useful for someone and of course anyone could check/improve it :local Statusovpn1 [/interface get ov...

aleab

Hello, i have this situation HEADQUARTER MIKROTIK dual wan (pcc configured) isp1 (on eth1) with public ip (30mbps download / 6 mbps upload) isp2 (on eth2) with public ip (30mbps download / 6 mbps upload) BRANCH OFFICE only 1 isp with dinamic ip (45mbps downloa / 15mbps upload) i would connect branch...

aleab

thank you for reply. but dstnat is not an option (for me) because my fear is that office lan is 192.168.1.0/24 and remote lan (ovpn client) is same. so if in remote lan exists ip 192.168.1.200 ovpn client ping/connect server.lan (192.168.1.200) call/connect local (client lan) and not server in offic...

aleab

Hello, can i configure mikrotik to respond to DNS requests differently? i explain i have mikrotik 4011 and is DHCP server, DNS server (classic installation of small office) i setup static ip with 192.168.1.200 -> server.lan so from a windows pc (inside a lan) i run ping server.lan .... server.lan [1...

aleab

yes i know. i try to monitor first a temperature disk i create custom script #!/bin/bash sudo /usr/sbin/hddtemp -n /dev/sda and add it on /etc/snmp/snmpd.conf extend sda_temp /bin/bash /etc/snmp/scripts/sda_temp.bash find correct oid and monitor it with the dude for now works and i get temperature o...

aleab

same here,
i try to monitor proxmox server (or debian linux) and i get only basic info (cpu, memory, ecc)
I can not find disk or raid status , thermal , ecc...

aleab

thank you!!!! i try and for now i use this way (monitor volume instead disk) on VolumeStatus – 4 = Healthy (snmpwalk) right click create probe name asustor_volume_status_healthy type SNMP agent default snmp profile v2-public oid iso.org.dod.internet.private.enterprises.asustor.asustorVolume.volumeTa...

aleab

ok, i understand
if i create a probe as in the attachement.

probe is ok when is Healthy, but return error when is "not equal" Healthy.
correct?

thank you

aleab

thank you for reply.
ok i try as you described...

but if I wanted to value can i use ?
oid_raw("..................")

thank you in advance

aleab

sorry, i'm here again to ask help.... i try to monitor an asustor NAS with the dude. i can upload mib on the dude correctly and now get value with snmpwalk . my goal is monitor CPU and disk status (health) i create a function with code oid("iso.org.dod.internet.private.enterprises.asustor.asust...

aleab

just for info...

simply i edit in this
available: 1=1

error: if (1>0,"","")

so i have never error :)

thank you again

aleab

Hello, i would monitor client connected to wifi so i setup dude with this rules dude - functions new name: client_wifi_function code: ros_command("/interface wireless registration-table print count-only") dude - probes new name: client_wifi_probe type: function agent: default available: cl...

aleab

sorry for write an old post, but i have a similar problem... i have a mikrotik 4011 with 2 isp ether1 to ISP1 ether2 to ISP2 ether2 have a dynamic ip and i want configure with ovh dynhost. on old pfsense i set simple cronjob curl --interface igb0 --user "<user>:<mypassword>" "http://w...

aleab

Hello, sorry if i'm posting but i don't find the solution myself... i have a mikrotik behind nat of my isp. i add pool / secret and theese rules /interface l2tp-server server set enabled=yes default-profile=L2TP-profile authentication=mschap2 use-ipsec=required ipsec-secret=my_password /ip firewall ...

aleab

i used this workaround

viewtopic.php?f=2&t=160936&p=802695#p802695

aleab

work perfect
thank you

aleab

i think is a behavior of mikrotik openvpn server, because i see much tutorial on youtube and all of that have this behavior .
so is not a config can i manage.

i wait, is not a big problem...

thank you

aleab

ok thank you.

aleab

Hello, i'm testing dude, it's very great! now i'm monitor few routerOS and work fine. but for testing i have created a network maps called "ping test" i have added some devices (50 about) unrelated to each other , so for me is better have a list of devices instead of view a map... can i vi...

aleab

so i can create vpn to this powershell command?

viewtopic.php?t=135647#p668516

i will try ... thank you in advance!!!!

aleab

sorry, but i'm an idiot...

i try to connect with another pc and works perfectly!!!!
i think the problem is on my laptop i have also a certificate of my CHR (that of my first post)
can i have only one ipsec ikev2 on a single pc/laptop?
or i was wrong on setup ikev2 server?

thank you

aleab

sorry, but i'm an idiot...

i try to connect with another pc and works perfectly!!!!
i think the problem is on my laptop i have also a certificate of my CHR (that of my first post)
can i have only one ipsec ikev2 on a single pc/laptop?
or i was wrong on setup ikev2 server?

thank you

aleab

ok, i understand . last question... so if i have this situation : my-laptop (192.168.1.3) | LAN 192.168.1.1 router isp @ home (NAT) WAN IP DINAMIC <- - - - - - - INTERNET - - - - - - > WAN STATIC IP router isp @ office (NAT) with port forwarding on mikrotik 192.168.2.2 LAN ROUTER ISP 192.168.2.1 | W...

aleab

yes, i resetup all and works if you described... sorry, for i ask again but it's related. (if you prefer i can open a new thread) i setup an ikev2 on my router in office (this time as a server) but mikrotik is behind a NAT (isp router , that i can't touch) now i would connect with my laptop (also be...

aleab

thank you, now works!!!
i found problem, when i create certificate i dont't select key usage (digital signature)
now i create new cert with that option with common name abc.deg.xyz and now works.

thank you again

aleab

maybe fqdn is present on certificate?
can i use "key id"? is similar to password or secret that is same on both side?

thank you again

aleab

thank you for advice, next time i correct also domain name... ok, i have deleted the row add exchange-mode=ike2 name=ike2-office passive=yes profile=ike2 send-initial-contact=no now i have only 1 peer add exchange-mode=ike2 name=ike2 passive=yes profile=ike2 send-initial-contact=no in identties now ...

aleab

ok, i setup again and i have same issue .... identity not found for peer: FQDN: office.ab-tech.it ... this is server CHR # jun/07/2020 00:10:25 by RouterOS 6.45.9 # software id = # # # /interface bridge add name=bridge add name=bridge-loopback-ipsec /interface ethernet set [ find default-name=ether1...

aleab

ok, this is configuration before my first post # jun/06/2020 23:20:15 by RouterOS 6.45.9 # software id = # # # /interface bridge add name=bridge add name=bridge-loopback-ipsec /interface ethernet set [ find default-name=ether1 ] disable-running-check=no /interface wireless security-profiles set [ fi...

aleab

thank you for replay, but i don't understand... i try to set: on responder (server chr) peer: ike2-office auth method: digital signature certificate: server1-ipsec my id type: auto remote id type: office.mydomain.tld match by: remote id mode config : ike2-office (where i set "static" local...

aleab

thank you for reply. but i try to create several mod config (with different pool or single address) and identity, but remote client have not static ip so sometimes client1 when connect takes client2 ip... maybe in identity can i set match by certificate (now is remote id) ? or i must create more pee...

aleab

Hello, i have this configuration on my chr server /interface bridge add name=bridge-loopback-ipsec /ip address add address=10.115.210.1/24 interface=bridge-loopback-ipsec network=10.115.210.0 /ip pool add name=ipsec-pool ranges=10.115.210.2-10.115.210.200 /ip ipsec profile add name=ike2 /ip ipsec pr...

aleab

i don't have find any solution. can you post how do you solve? i use this script to configure ovpn server /certificate add name=CA country="IT" state="IT" locality="IT" organization="home" unit="mk" common-name="CA" key-size=4096 days-valid...

aleab

I also confirm.
on my win 10 64 bit netinstall not work.

i installed win xp on virtualbox (bridged) and now my cap ac is unbricked! and can boot!
thank you

aleab

ok, thank you. i have a "normal" lan with more devices but is a single class, so for now i don't need to setup particular interface or remote address.

i will try this and then post if works.

thank you again

aleab

ok thank you fo reply. so it's correct use this rules (both direction) /ip firewall nat add chain=dstnat dst-address=192.168.89.0/24 action=netmap to-addresses=192.168.88.0/24 /ip firewall nat add chain=srcnat dst-address=192.168.88.0/24 action=netmap to-addresses=192.168.89.0/24 or i add other rule...

aleab

Hello, i have a very simple configuration. so quick set ether1 WAN DHCP from isp , ether2-5 LAN with ip 192.168.88.1 DHCP 2-100 some devices in LAN have DHCP ip , other static ip with 192.168.88.0/24. can i setup a netmap or other function (ex dstnat o srcnat) to call my devices with another class? ...

aleab

thank you for reply.

so i can't setup a secondary LAN class and access simultaneously without "touch" devices?
i think a similar to masquerade .... i try to add masquerade rules but don't work...

thank you

aleab

seems work in strange mode... i explain. if i setup a netmap from local LAN i can ping 192.168.3.100 but i can't access to \\192.168.3.100\share idem from example printet i can ping 192.168.3.101 but i can "visit" webgae at http://192.168.3.101 of course with 192.168.1.100 or 101 works fin...

aleab

if you feel that i should open a new post feel free to divide... sorry, but i need some help with this setup . as i described i have this situation in office mikrotik as router lan 192.168.1.0/24 local server 192.168.1.100 when a colleague connect with openvpn and at his home have same subnet 192.16...

aleab

Not sure why its not working, but since you already have the ID of the line to delete, just use the ID like this: { :foreach i in=[/ip firewall address-list find where creation-time~"apr" && list~"mylist"] do={ :local address [/ip firewall address-list get $i address] :l...

aleab

sorry, but my script seems not work. i added a log, so script is :foreach i in=[/ip firewall address-list find where creation-time~"apr" and list="mylist"] do={ :local address [/ip firewall address-list get $i address] :log info "Removing $address in mylist" /ip firewal...

aleab

ok thank you
is not a problem, i try to set search for month and wait next month to try it

thank you again

aleab

yes, of course.

i did that , but now i no have entries with "mar". next month i will try to "apr"

thank you

aleab

sorry, but i think that function is for files, not for address list... i'm reading link posted before, but i think is more complex ... can help if i would delete entries for past month? so now is april, can i delete all entries for march? :foreach i in=[/ip firewall address-list print where creation...

aleab

sorry,
yes i need to delete a existing entries...

i think plan to use dynamic but they dont persist at reboot...

thank you

aleab

Can i set a script to delete all items older than 7 days in a specific address list?

thank you

aleab

Hello, i have a mikroitk as openvpn server. and work fine but i noticed that initial connection it's a little slow... in log on client i find... Sat Nov 09 09:54:13 2019 [server] Peer Connection Initiated with [AF_INET]1.2.3.4:1194 Sat Nov 09 09:54:14 2019 MANAGEMENT: >STATE:1573289654,GET_CONFIG,,,...

aleab

Sorry, i 'm a idiot... works fine, it was enough to restart the mikrotik... so, recap to move openvpn from old mikrotik to new mikrotik on old mikrotik /certificate export-certificate CA export-passphrase="12345678" /certificate export-certificate client1 export-passphrase="12345678&q...

aleab

i see when i import a CA.crt creates automatically a CRL
http://127.0.0.1/crl/1.crl
would be that?

thank you

aleab

thank you for reply @sebastia but if i try to import only key (without crt) [admin@MikroTik] > /certificate import file-name=server.key passphrase=12345678 certificates-imported: 0 private-keys-imported: 0 files-imported: 0 decryption-failures: 0 keys-with-no-certificate: 0 doesn't import anything.....

aleab

Hello, i have a RB941-2nD and I have just purchased RBD52G-5HacD2HnD-TC. my configuration is simple but i have set ovpn server. can i move certificates from "old" mikrotik to new? i searched and i found something but is still not working... i try to do this on old mikrotik /certificate exp...

aleab

i found the solution... i add a simple rules in ip - firewall nat tab add rules chain: dstnat Dst.Address: 192.168.147.0/24 ( fake lan) Tab Action Action: netmap To Addresses: 192.168.1.0/24 (real lan) now when i connect with openvpn client i can ping 192.168.147.1 or ping 192.168.1.1 (mikrotik rout...

aleab

ok, thank you. so i have a dhcp 10 to 19 for vpn users end 20 to 229 to "local lan" users, correct? but if i have a printer with satic ip 172.16.20.20.240 and with my notebook i'm in a same lan 172.16.20.20.0/24 and in connect in openvpn roadwarrior. unfortunately there is a device with ip...

aleab

can anyone show me a guide to learn about this rules?

thank in advance
Ale

aleab

Hello, i'm new on mikrotik and now i use it for testing but is very good product. i installed a mikrotik on my office because i need a vpn where i'm outside of office. configured and works like a charm... but i have this problem. lan on mikrotik is "classic" 192.168.1.0/24 and i wan't chan...

Search found 120 matches