The problem in changing the SSTP port is that users are connecting from Windows machines and in the SSTP client there's not an easy way to change the port. Maybe I'll need to change the VPN protocol to another one like PPTP for instance. My first choice to SSTP was because user connects from differe...

Hi, Currently we have one public IP and we are using a Mikrotik box as VPN server using SSTP protocol. Now our users needs to reach one internal https server and I cannot redirect the 443 port to that server because SSTP will stop to work. Is there a way to include some entries in the public DNS Ser...

Hi gregsowell, I've just checked your slides. Great job! I've considering the slides showing two Mikrotiks with one private IP even in my case I have both public IP's with one side being dynamic (PPPoE). You suggest to put the private WAN IP in SA Src Address from IPSEC policy but in my setup this s...

sergejs, I really don't know why the log informs that about encryption-algorithm mismatch. Both the ipsec proposal and peer and configured with 3des. Maybe the "peer" in line logs refers to the ipsec client. And If you check the next line in logs, it's informed that the encryption peer is ...

sergejs, Here is my /log print: 18:12:06 ipsec respond new phase 1 negotiation: 189.19.xxx.xxx[500]<=>201.1.xxx.xxx[500] 18:12:06 ipsec begin Identity Protection mode. 18:12:06 ipsec received broken Microsoft ID: MS NT5 ISAKMPOAKLEY 18:12:06 ipsec received Vendor ID: RFC 3947 18:12:06 ipsec received...

sergejs, The RouterOS device is a Soekris x86 SBC model NET4501. It's running the L2TP/IPSec server with the following IPSec config: /ip ipsec proposal set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m \ name=default pfs-group=modp1024 /ip ipsec peer add address=0.0.0.0/...

Well, I've just tried with v4.4 but with no success. Please "rpress" did you need to configure anything in /ip ipsec policy? I did not put anything there because I've let the /ip ipsec peer with Gererate Policy enabled. When connecting, the RouterOs creates two Installed SAs with the Publi...

Hi, I'm trying to connect 2 distant LAN's using one MK in each point. The 2 MK's reach the Internet through ADSL modems but one of them (let's call it Remote Router) has dynamic IP using PPPoe and the other has fixed IP (Local Router). I'm trying to set up the Local Router to generate automatically ...

Exactly, this Microsoft changing only should affect NAT servers but in my case also the server has a public IP so only the client is behind a NAT. Besides that, I've tried to change the client to a XP SP1 machine and the problem persists. Is there anyone who tried with the new v4.x software? Mine ha...

Hi, I'm Experiencing exactly the same problem. RouterOS version is 3.20. The L2TP/IPSEC client is a Vista SP2 computer and is behind a NAT device (Dlink DI-624). The L2TP/IPSEC server is the Mikrotik with Public IP and NAT-T enabled. The log shows the same error: ipsec the length in the isakmp heade...

Since I have several gateways (one without routing mark and others with routing marked for routing policy), I need to change them in a script. Using the exact example in docs (below), it changes all my default gateways. /ip route set [/ip route find dst-address="0.0.0.0/0"] gateway 10.0.0....

Hey Guys,

Am I the only one who has tried to connect a RouterOS into dual PPPoE gateways with dynamic IP´s?

Hi, I need to set up policy routing based on source address of my internal IP's. Some IP's from my internal network should reach Internet using gateway 01 and other internal IP's using gateway 02. The problem is that these two Internet interfaces are PPPoE clients with dynamic IP's. I have created ...