Same same, just found this post, after umpteen MTU adjustments and iperf tests between Windows and Linux hosts over the Vultr VPC I can only get 300-600Mbps - Mbps! (tried lots of mtu values from 1300 up to 1450) Like poster above said if enabling NIC connecting directly to internet get 4Gbps from S...

Just want to say thanks for this amazing work, there is a lot in it, and a lot in your replies to people, good effort helping the community.

Hope to use and explore these scripts.

It works! but how? anybody can explain? I found this puzzling too, it works because your ipsec tunnel has a policy that applies to traffic destined for that address range, but traffic has to be on lan interrface to get picked up by the policy, that route gets traffic for that range onto lan where t...

Have L2TP Server working fine for one user, at another site I have three users all behind the same IP address and using L2TP and for those users the sessions keep disconnecting.

Is there a solution for multiple L2TP users behind one IP address? (if that is the issue)

(thanks for replies, this has surfaced again as an issue) This particular branch office was a public IP but due to poor 4G reception with our usual carrier we had to go with one which gives us a private nat'ed IP - cant get ipsec working with one of those. Hence wanting to punch through the Fortigat...

Head office FW is a Fortigate. Branch offices MT. Have some IPSEC VPN's from MT t o Fortigate - stable - but some sites have non-public IP address' and so want to use SSTP from branch MT to an internal MT behind the Fortigate. Have tried to forward port 12345 to internal MT port 443 so I can use SST...

Damnation. I tried to check I wasn't bungling before I posted. That worked, now I will move on to rest of config. Thanks.

No cigar Sindy, here is full message. /interface bridge add fast-forward=no name=bridge1 /interface bridge port add bridge=bridge1 interface=wlan2-Albatross add bridge=bridge1 interface=wlan1-Riverhawk /interface bridge settings set use-ip-firewall=yes /ip firewall mangle # in/out-interface matcher ...

Sindy I get in/out matcher not possible on slave interface when trying to match packets coming in on wlan, I cant see a way to classify wlan traffic without the vlans - not that I know how to get the vlans working mind... Tried to PM you but board doesent allow it - perhaps you could consult for me ...

Ok, hopefully I am getting closer, pretty sure I have made a fundamental error here with vlan, any comments welcome. /interface lte set [ find ] name=lte1 /interface bridge add fast-forward=no name=bridge-Albatross add fast-forward=no name=bridge-LAN add fast-forward=no name=bridge-Riverhawk /interf...

Most decent of you to reply in such detail, and also for your earlier suggestion.
I didn't try yet as it is stretching my networking skills, but I will learn if I try so pushing on with it now.
Very grateful for your help.

Sindy can I please get your opinion on the following idea? This works except when same device joins wlan2, device takes ages to get lease or it doesent get one - Mikrotik grants a lease (can see in log with dhcp debug on) but device doesent seem to accept it. I did a test and made a pool in a differ...

Sindy thanks, I got this when I tried
/ip firewall mangle
add action=mark-routing chain=forward new-routing-mark=via-WAN2 in-bridge-port=one-of-the-wlan-ones passthrough=yes

failure: routing-mark allowed only in output and prerouting chains

Appreciate your help.

you can place these resources to a dedicated subnet and let the devices in other subnets talk to them via routing; Sindy with say printers being visible on another subnet, how will discovery work with say Mac's finding printers, I think they might use mDNS / Bonjour - I am thinking that is L2, will...

Hi, wanting to know if possible for 2 wireless networks to share same LAN but be forced out seperate gateways? Want them to access same printers, network shares etc but to use a different internet connection. I got stuck on a mangle rule and in out matcher not being possible. Would be grateful for e...

You da man

# model = 951Ui-2HnD /interface bridge add arp=proxy-arp auto-mac=no fast-forward=no mtu=1500 name=bridge-local /interface bridge port add bridge=bridge-local interface=ether2-master-local add bridge=bridge-local interface=wlan1 add bridge=bridge-local interface=wlan2 add bridge=bridge-local interf...

Excellent idea. Didnt work for some reason, I am just cleaning up export to post. Many thanks. According to default route, your router will pick the WAN address as source address for pings. This will not be picked up by ipsec policy matcher. By adding a simple route for remote subnet to LAN, router ...

This would be perfect for my branch office with an IPSEC vpn, except I cant get the router itself to route packets over the VPN so the script always things host is down, anyone have some clues how to do that, tried a mangle rule but no luck. (that layer7 solution mentioned suffers same limitation) T...

Have a good stable ipsec tunnel between two sites. Head office is a windows domain and a branch office with domain client computers. Want branch office domain clients to resolve domain dns queries over tunnel, found this real nice bit of code below but it doesn't work as the branch office router its...

Hi Turnip, did you find anything that works?

Would love to have a printer you can press a button on that works with Mikrotik or Usermanager...

(networking noob here...) Hi, I had this issue as well. Looked to me to be dns resoltion, (do mac's use mdns somehow or multicast dns?) anyway they can find hotspot dns name no problem just not pc's. Anyway under hotspot gateway dns name I changed that to an ip address instead of a dns name and boom...