From your config, better using VLAN. All port except WAN into bridge-port. I use https://forum.mikrotik.com/viewtopic.php?t=143620 for my RB4011 and hAP-AC3. In my case I dont need VLAN tag for my dumb-AP after the mikrotik. Thank you for your suggestion. Will consider learning VLAN Not sure what y...

V6 firmware /export hide-sensitive file=anynameyouwish (minus router serial number, public WANIP information, keys etc ) V7 firmware /export file=anynameyouwish (minus router serial number, public WANIP information, keys etc ) I'm on V7.7 and tried everything, even hide sensitive still I can found ...

To export and paste your configuration (and I'm assuming you are using WebFig or Winbox), open a terminal window, and type (without the quotes) "/export hide-sensitive file=any-filename-you-wish". Is hide sensitive only for password? Is there any way to hide Wireguard public key, comments...

Greetings, There was a breach long time ago because I'm still learning Mikrotik and managing hundreds of client in multiple sites. I want to check my sanity level on firewall. My raw firewall is 150 lines because I'm a little anxious. At the moment, I'm isolating client just like in the attachment. ...

RB5009UGS v7.4.1 to v7.5 so far so good. no issue at the moment

on AWS EC2 CHR tried to upgrade 7.2 to 7.3 not working
create new instance from 6 to 7.3 its working

I don't like to start again config from beginning, export import cert, etc

is there any solution?

basic hotspot + queue is working properly now starting v7.3beta37

trying on beta40 still disconnect after a while
my solution is trying to reboot several times

Brand new RB5009UGS on v7.3beta40 suddenly, ohhhh!
running hotspot, queue, ovpn, seems normal

WAN eth is barely any packet around 1Mbps

I'm planning to buy RB5009 for hotspot. Is this still a problem in v7?

Preferably after default configuration as curernt default config is pretty safe. The last rule in default config drops anything not coming in from LAN. So when adapting default config beware that most guides found on net (mikrotik's own included) predate the current config, hence it's not wise to s...

Last week my MT bricked. I check there are some attack in the network. First netcut, dhcp failed, and some open port 4444 used by malware I'm not networking professional, I found some firewall article that can protect my MT First advanced defcon firewall from MT https://help.mikrotik.com/docs/displa...

I was too excited about Wireguard on V7 so I upgraded all my site to V7 and done well with site to site VPN. And then suddenly I realized my hotspot page is not working and many people found the same problem here in the forum. So I have to downgrade all 5 sites back into V6.49 with OpenVPN and yes i...

what is the difference between
1 certificate
https://cacerts.digicert.com/DigiCertGl ... CA.crt.pem

100000 certificate
https://curl.haxx.se/ca/cacert.pem

I have 3 router using only 1
but 1 other is not working so I have to use 100+ cert

The cacert.pem is the same list that most browsers and operating systems trust. So if you don't trust them, you have a bigger problem :). If you only want to import a specific certificate, inspect the certificate chain of eg https://dns.google/ in your browser and import the relevant root certifica...

I'm tried DoH Cloudflare and Google and verify DoH certificate work flawlessly when configure DoH for Google, some tutorial told me to download certificate from this site https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem I think this one is for Cloudflare, right? and this https://curl.haxx.s...

You have similar problem with me in viewtopic.php?f=15&t=173880&p=850505#p850505
I'm using L2TP/IPSec and CHR on AWS

I encountered your problem before can't see can't ping some of devices
I believe this is routing problem either in cloud CHR or hAP

Hello, my goal is to adopt TP-Link AP from site B to its controller on site A we have Mikrotik CAP shortage in our country then I use TP-Link here is the topology https://i.ibb.co/rbCPjQ5/AWS-Mikrotik-CHR2.png I can ping everything I can see AP from OC200 controller but my problem is I can't adopt A...

this is great tutorial I tried 1 router with Public IP and 1 non Public IP, behind NAT tried on AWS EC2 + CHR just follow the step it work perfectly Then I add another router without Public IP, behind NAT all 2 router PH2 state established but just for a minute when I flush installed SAs either 1 is...

2021
am I the only one here still waiting for sha256, TLS auth, and auth without username/password?

for now I'm trying aws free tier + openvpn AS
I would like to try openvpn Cloud

Depending on how the NATs in question behave, in particular whether the source port of a UDP packet sent from your router's WAN IP is kept as the packet goes through the NATs all the way to the public IP, it may be possible to establish an IPsec tunnel between the two devices. The source port must ...

Hello my friend. If both "routers" are "inside" network (not public IP) and you can't redirect ports, is IMPOSSIBLE" for reaching each other. Both are inside and is not possible to communicate directly both. The only "way" is finding somebody with a public IP allo...

Hello, this is my first post and I want to say Mikrotik is awesome, disruptive price in my country, best price per performance! but I have problem with VPN. My ISP give me only private ip address, and it's double NAT (first 2 hop is private ip) Tried almost everything and it doesn't work PPTP SSTP O...