MikroTik

tcpip77

I had a NV2 Mesh / PTP from our shed to our house working all winter with TX power of 5 at the house and the SXT on the shed set to 7 but when the weather warmed up for some reason I know get a lot of ping time outs and internet is very erratic. What is the best TX Power to use when you are trying t...

tcpip77

I hear it may be out in a few days? anyways?

tcpip77

Awesome! Thanks for such a fast reply I liked the CRS125 so much I bought 3 for my home office Keep up the awesome work Sorry just as a quick question not sure if you will be able to answer I posted in general I believe on the new 6.10 asnd some kernel panics on RB450Gs and some other routers. Is 6....

tcpip77

Where is 6.11?? to download?

tcpip77

Thank you Normis; I found the problem Not sure if this is odd but the SFP ports were not part of the switch off the default They had NONE for master port and DHCP Client setup on SFP1 I changed the fibre ports to be ether2master and, turned off DHCP client on sfp1 and VOILA now using switch chip and...

tcpip77

Dear Mikrotik Gurus

I am new to using fibre on the CRS125

Do you have to bridge the Fibre ports to connect switches together or will it connect using the Fibre connections using the switch chip

IE just plug them in and there is a connection of switches using the fibre conenctions???

tcpip77

It is good to know I am not alone

Normis or anyone at Mikrotik

Is this a known issue? Is a fix coming soon??

Anyone?

tcpip77

Dear Mikrotik Gurus; I learned about the supout.rif viewer so I uploaded a file to look at the logs. One of my devices had a kernel panic and of the 4 - 6 devices I have updated to 6.10, 80 - 90% of them are having random reboots at least 1 - 2 times a week. One place it reboots every 2 - 3 days 3 -...

tcpip77

Would you be able to give me an example? of setting it up on the firewall? as wouldn't the Rogue DHCP Server ignore the firewall as it would be internal and never hit the firewall?

tcpip77

Dear Mikrotik Gurus; I am not sure if this is possible but I thought I would ask. I am wondering if using the CRS125 switch if it is possible to DUMP / DROP all DHCP Broadcasts unless it is coming from the IP or MAC of the actual DHCP Server such as a Windows Server or a mikrotik router? Is it possi...

tcpip77

This is all I am doing very simple. Example Port Group A Ports 4,5,6,7 Port Group B Ports 8,9,10,11 Group A is one subnet Group B is another subnet Group A can use internet from Port 2 connected to RB450G Group B can use internet from port 2 connected to RB 450G Group A and B should not be able to s...

tcpip77

Thank you for the reply. I looked at http://wiki.mikrotik.com/wiki/Manual:CRS_examples and with experimentation got it to work. What I guess I am trying to get my head around is do I need to unslave a set or physical ports like 4-8 to use VLANs? If I unslave ports 4 - 8 do I need to make one master?...

tcpip77

Dear Gurus; Here is what I am trying to do. Do I need to just add ports to a VLAN or do you have to unslave a group of ports to setup a vlan????? MIKROTIK 450G Ether-1 - Internet Ether-2 to "Ether-2" of CRS125-24G-1S-2HnD-IN VLAN 10 Ports 4-5-6-7-8 Unslaved from Ether-2 (Port 4 Becomes Mas...

tcpip77

Ok if anyone is having speed issues I found the fix
Once you have at least RoS 6.9 Installed
Reset your configuration via the menu
After a reboot I got 100+ MBps or 900+ Mbps
Factory Reset even though it was out of the box fixed the problem

tcpip77

Does anyone know what the throughput of the CRS125-24G-1S-2HnD-IN should be. I copied a 900 MB ISO file from a Windows 7 Pro box from a QNAP TS469PRO NAS. RESULTS: HP Procurve 1810-24Gv2 Semi Managed Layer 2 Switch Speed: 110 MBps approx. throughput LACP Bonding - Same speed (Higher possible but not...

tcpip77

I thought this was some hidden feature. I thought I had to have hair pin nat rules to make this work but for some reason it just works...... Never tried from the server itself back to the server as what need would there be for that anyways. But I was just wondering why it works auto - magically? :) ...

tcpip77

Dear Mikroik Gurus; I have add action=dst-nat chain=dstnat comment="HTTP Server" disabled=no \ dst-address=1.1.1.1 dst-port=80 protocol=tcp to-addresses=172.16.31.254 to-ports=80 1.1.1.1 is just example Public IP If I set a phone, web browser or anything to 1.1.1.1 whether I am on the Loca...

tcpip77

IM running Mavericks as well and WinBox works BUT I can't drag and drop files to winbox to update my RB450Gs???

Is this winbox or a limitation of wine / inbox on MAC?

tcpip77

Dear Mikrotik Gurus; I have been scouring the wikis and the forum for days. I have looked at http://forum.mikrotik.com/viewtopic.php?t=54607 but still no luck. All I want to do is drop certain port or ports connections that make more then 10 connection attempts from the same ip or different based on...

tcpip77

Thank you I will look into

tcpip77

All the 192.168.x.0/24 does not need to see any other 192.168.x.0/24 traffic. It only needs to be able to get internet via the MikroTik WAN port 1 so I guess the answer is Yes??? it does need to in theory traverse / go through the router. How do you block 192.168.n.0/24 from 192.168.n.0/24 Is there ...

tcpip77

Dear MikroTik Gurus; I have successfully made 3 VLANs on an HP Procurve Managed Switch and RB750GL. HP Procurve Switch: VLAN1 - Default Management VLAN2 VLAN3 VLAN4 MikrotTik RB750GL: WAN x.x.x.x LAN 10.2.0.1/24 VLAN2 - 192.168.2.1/24 VLAN3 - 192.168.3.1/24 VLAN4 - 192.168.4.1/24 They all work and h...

tcpip77

Dear Gurus I am trying to setup a wireless access point thought VLAN on the Mikrotik so that it gets internet but will not see my network. My Network is 172.16.10.0/24 RB450G is 172.16.10.1 I setup VLAN on Ether2 with VLAN8 interface with ID 8 WAP is using VLAN ID 8 SWITCH is using VLAN ID 8 on its ...

tcpip77

This worked great however I cannot browse any windows files shares or map a network drive using the IP of the servers
Do I need to know setup a VPN over the wireless??? to enable file browsing / mapping network drives?
If so from what point to what point?

tcpip77

Dear Mirkotik; I have purchased 2 SXT Wireless and I would like to use the fast wireless link to join two subnets over the wireless for server data transfer/ backup but leave regular Internet traffic for everything else. Internet01 ----RB750-01 ----- Switch01 -- Servers01 and Workstations01 Building...

tcpip77

Dear Mikrotik Gurus; I have setup SSTP server and use windows 7 client. However I look at the connection in windows 7 and on the mikrotik RB750GL with Ros 6rc11 and in the encryption it is blank on the sstp server connection showing.... how do I know if the VPN for SSTP is encrypting or does it now ...

tcpip77

Dear Mikrotik Users; I am trying to setup a point to point so that I can backup one server to another server. Some of the files are over 3 GB in size so the PPTP VPN between mikrotiks on a 1 mbps upstream ISP are not fast enough. I would like to setup a wireless PtP and see if that is cheaper and be...

tcpip77

Dear Mikrotik Example: I have 10 road warriors setup with L2TP IPsec VPNs using Windows 7. I have created 10 L2TP Secrets and 1 IPsec Peer usin 0.0.0.0/0 and a IPsec passphrase However now comes the problem that if 1 users is fired I can change or disable their L2TP secret but now i have to change t...

tcpip77

Yes I have tonnes of these with no certificate. IT is not needed with just Mikrotik to Mikrotik SSTP. MT takes care of it itself. I rolled back to 6 rc11 and now it all works. Why was this changed in 6 rc12???

tcpip77

Dear Mikrotik I recently purchased a RB450G and updated it to Rc6.12. I was on Rc6.11 I imported all my settings and all my SSTP Mikrotik to Mikrotik Clients no longer work? Did you take away the SSTP MT to MT feature now? NOTE: I found a copy of 6 rc11 and downgraded and now all my SSTP client conn...

tcpip77

Dear Mikrotik Gurus Currently I can connect windows 7 pro boxes using 3DES but the minute I change my settings to AES 256 I cant connect??? Set as 0.0.0.0/0 port 500 Firewall rules working /ip ipsec peer add enc-algorithm=aes-256 exchange-mode=main-l2tp generate-policy=yes \ hash-algorithm=sha1 nat-...

tcpip77

Is there a particular reason why you have mixed internal IPs? 192.168.88.x 192.168.2.x 192.168.3.x 192.168.4.x If your using 192.168.2.x subnet then if you should have a LAN address on ether 2 that is something like 192.168.2.1 Then if all your internal client are on the 192.168.2.x subnet then they...

tcpip77

Dear Mikrotik Gurus For the first time ever my company has asked me to setup a site to site VPN using Mikrotiks. We have purchased 2 x RB750GLs Site 1 has a static IP Site 2 Dynamic IP Site 2 will conenct using SSTP Client to site 1 SSTP Server I changed the Port to be different then regular 443 so ...

tcpip77

Another Question. This picture shows the topology of the main office network. Is it OK to put the router where it is right now? Or should I change the topology somehow? Please let me know what's best for the router. http://img713.imageshack.us/img713/3337/topologyw.jpg Typically you should have you...

tcpip77

Someone help me please.

Instead of pasting in my findings on how to setup Mikrotik SSTP please find my Mikrotik SSTP post on my website here. www.nasa-security.net

Hopefully it will give you enough of a head start that you can fill in the gaps of what you need later.

tcpip77

Sorry I have not been much help. Please go to www.nasa-security.net and go to my mikrotik categories. In there look for L2TP Mikrotik setup post. If after reading that you can't get it to work then I will not be able to help you further. Use my post as a guide for your setup. Everyone's situation is...

tcpip77

If they are all mikrotik setup SSTP VPN from clients Mikrotik to the main Mikrotik at the head office

tcpip77

Please tell me what exactly at this point what you are trying to do or at what point you are stuck Example It looks like you have PPTP server allready up and running If so are you trying to access from the WAN . Internet side? If so you need a firewall rule to let you connect to your mikroptik PPTP ...

tcpip77

Well it looks like you have pptp server running and already have uses connected
Now just setup your phones pptp client and your done

tcpip77

Here is m Blog on how I setup Windows 7 and Iphone 4 to use L2TP. Im no expert but it works

http://www.nasa-security.net/2013/02/20 ... ith-ipsec/

Travis

tcpip77

Sorry I am not at my station
Google Greg sowell consulting and in his mikrotik video training he shows how to setup l2tp with IPSec
To get it to work with iPhones make sure the IPSec proposal I believe has AES 256 as well as 3des
Will post my blog if you still need it

tcpip77

L2TP requires IPsec as far as I know
Google Greg Sowell and he has a VPN how to for L2TP and IPsec Mikrotik Setup

Travis

tcpip77

Maker sure Your DHCP is on the LAN interface that has the subnet you want people to get a DHCP address from For the other 2 ports that you wants statics and not have a DHCP examine whether you want to implement using VLAN As for forcing people to not be able to use a static not sure how you can cont...

tcpip77

Mikrotik setup for IPhone needs L2TP with IPsec I was able to get my Iphone 4 working with L2TP and IPsec after alot of research and work Under Iphone VPN settings you have the choice of L2TP PPTP or IPsec IPSec is for CISCO PPTP as of 2012 is not desirable anymore as a comapny that i cannot remembe...

tcpip77

Okay incase anyone reads this I solved the problem a different way I Bought yet ANOTHER cert from go daddy Made a new dns entry sstp.something.com made up the priv key and then the CSR pasted it in and then waited for the CRt to generate Then I downloaded the CRT and copied the proiv key and CRT to ...

tcpip77

In windows 7 I opend VPN settings and then in the connect to I entered secure.somesite.com I made sure it was the same CN that I amde the certificat with. Can you have 2 SSl certs with different names www.something.com and another.something.com point to the same IP address? or will this mess up the ...

tcpip77

OK I hope I am asking inthe right area. I have setup a SSL Certificate at go daddy. I created the priv key and then the CSR I imported the Priv Key and CRT that I got back from godaddy and when I use windows 7 I cant connect to the mirotik using SSTP no problem. The CN is www.somesite.com (example) ...

tcpip77

Dear Gurus; I have a 750 series wireless and I turned on hot spot and now I cant logon using the hotspot lgon and now winbox doesnt let me in so I cant fix the wireless. I never set up any user and the only user I use in winbox is admin with my password but now winbox doesnt work anymore. How do I f...

tcpip77

Dear Mikrotik; I hope this is the right area for Software ID and License issues: My RouterBoard 333 glitched so I erased the NAND then used netinstall to load the new 5.19 mikrotik software to it. It recovered and I got it up and running BUT, now I have Software ID: 3M4B-VSSN but I get a warning no ...

tcpip77

Dear Gurus I am running windows 7 64 bit 192.168.88.2/24 DNS 192.168.88.1 I have setup DNS on Mikrotik with and entry like this: somehostname001 192.168.2.200 But I cant ping it from my laptop I have to make an entry like somehostname001.domain.local and ping that instead...... HERE IS TEXT OUTPUTS ...

tcpip77

I am trying to drag a new rule I made in the FIREWALL | NAT section and I cannot drag it up in the list. Am i mising something?

I can drag the rules in FILTER RULES up and down....

Travis

tcpip77

I dont have any mangling happening. I am not even sure how to set that up.

Do you have to have mangling for L7 filters / rules to work?

tcpip77

Ok I have been trying to get a L7 rule to succesfully work for hours now. Here is what I am trying Is this all that needs to be set for it to work????? /ip firewall layer7-protocol add name=yahoo-messenger regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80" /ip firewall filter add...

tcpip77

I have been trying to follow http://wiki.mikrotik.com/wiki/Transparently_Bridge_two_Networks on how to bridge but its not working. Its needs more detail becuse I seem to be missing something. Is there a step by step wiki or something that doesnt do the middle bridging step but actually shows full en...

tcpip77

Dear Mikrotik Gurus; I have 2 RB333s. They each have 1 wireless and 1 LAN setup. I am trying to use the wireless cards to setup a brindge or to make the one wireless conenct to the main wireless so computers at the remote site can wirlessly connect from site 2 to site 1 via wireless. Here is my setu...

tcpip77

Well thankyou so much. After trying out the PDF I was able to successfully make a bridge and make a Transparent Wireless AP for my netowrk. Name resolution went through excellent and now all laptops can access any device on the network with no problems. I was hopeing for a way to combine making the ...

tcpip77

WoW Thankyou for your great replies. The PDF doc looks great too.

Thnakyou everyone

Travis

tcpip77

I am trying to set it up as an Access Point for laptops. Basically Wireless is for the laptops the LAN of the MT connects to my LAN switch which has other workstations and servers. The problem is that if the wireless is say 10.10.1.x and my LAN is 192.168.x.x then the wireless clients can see the se...

tcpip77

Dear MT How can I setup my wireless card on my RB333 to act transparently so that all computer that use the wireless can use netbios names for resolution such as being able to ping our server by name ie "server" and be able to see shares and printers without problems. I would love my wirel...

tcpip77

Thankyou JJCinAZ for your reply.

What flash or mag do you recommend for Web Proxy Caching on a RB333?

tcpip77

Thankyou so MUCH It was the antenna. I thought the Card had a range of at least 25 feet. Turns out it has 3-5 feet range without an Antenna. Went back online and ordered an antenna. I wish there was a manual with the air cards saying the range and that you should buy an antenna. My laptop was in ano...

tcpip77

I have setup my RouterBoard 333 with OS 3.6 Everything is working great I purchased a Atheros AR5212 wireless card and RB33 recognizes it I then set it up with /interface wireless set wlan1 ssid=test frequency=2442 band=2.4ghz-b/g mode=ap-bridge disabled=no I boot up my laptop and it cannot see the ...

tcpip77

Dear MT; 1. I would like to setup a wireless card on my new RB333. Is there a compatability list of MiniPC cards that work with the RB333. 2. I have been looking at the WLM54 200mW 802.11b/g miniPCI card. Can it be used on my RB333 as an Access Point for laptop users? 3. While looking at my Systems ...

tcpip77

Ok I have DHCP Setup and I get a valid IP but I cannot ping the MT router or other stations. I also cannot ping the laptop wireless. What is missing. MT Router 192.168.2.250 Server 192.168.2.254 laptop gets 192.168.2.100 when a station gets a DHCP lease it works no problem whrn the wireless get a DH...

tcpip77

I allready have the box setup as a firewall / router LAN - 192.168.2.250 WAN - dynamic (ADSL) All boxes route through it no problem DHCP pool is 192.168.2.50-192.168.2.100 I installed the Wireless and made a DHCPServer for WLAN1 using the regular DHCP_POOL I see it connected in dhcp leases and grabs...

tcpip77

This part of the manual is pretty vague on some parts. /interface wireless set wlan1 ssid=test frequency=2442 band=2.4ghz-b/g \ mode=ap-bridge disabled=no ok I do that but then many many pages later it talks about security profiles. Ok after reading through all the stuff I dont need to know I find t...

tcpip77

ok setting up a hotspot is getting very confusing. Is there a detailed step by step setup for hotspot. Simply pressing setup under hotspot doesnt work. here are the things im running into. 1. In order to connect to the access point I have had to setup the wireless and then a Security Profile for the...

tcpip77

I am hoping this is a real easy question. I have setup wireless on MT 2.9.23 with a Wireless (Atheros AR5213) card (really a Dlink PCI Card) and have setup a profile for WEP PSK TKIP. Its simply setup as a WAP I hope. I authenticate no problem but I recieve no IP Address from the DHCP server. Since ...

tcpip77

There is a lot of good info here. Can we sticky this unitl it is setup in Wiki so we dont loose this info?

Travis

tcpip77

Savage has helped me setup Frame-Pool so that PPPoE server clients that are authenticated in freeradius using MySQL are using the IP Pool setup for a PPPoE connection. This makes it easier to use the PPPoE_POOL I setup for the PPPOE profile instead of using Frame-IP-Address which I would have to set...

tcpip77

Thanks so much Savage I pulled out EMS MySQL manager and started checking the SQL tables and found the section I needed. The test-user was set to Frame-IP-Address instead of Frame-Pool. After I setup a new user for testing and then set the Frame section to Frame-Pool the PPPoE logon used the PPPoE p...

tcpip77

Awesome. I look forward to reading it so that I can compare my setup to your giude. Now I am on for a search to implement Radius. Does anyone know how to use the freeradius to restrict internet usage / surfing by employees through the MT Router???? I figured out how to use freeradius to setup users ...

tcpip77

Thanks again Beccara this guide was GREAT. I had freeradius up and running, and mysql. it was the PPPoE thing in my other post you replied to that I am having problems with. If you could add that it would be great. Its nice to read stuff from ppl who know what they are doing. Makes life a lot easier...

tcpip77

ah ok. Well anyways your guide was AWESOME. It really helped me. I also got the PPPoE server part setup. Its sloppy but it works. The only problem I am running into now is that the PPPoE is not using my PPPoE POOL I made. It keeps grabbing the same IP address that is in the DHCP Pool.????? /sigh I a...

tcpip77

Ok I had to add a profile for the PPPoE server, Make a PPPoE PPOOL and then set the attributes to NO ENCRYPTION in the PPPoE Profile Settings. This allowed me to connect and get an IP address and dealt with the no encryption problem I was running into. Before addeing that profile it was trying to us...

tcpip77

I added PAP to the line where it says Service. I dont believe I am setting up the PPPoE Server correctly. Is there a document that helps show how to setup a PPPoE server correctly to use with freeradius server.. I dont want to waste anyones time when I can read about how to setup a PPPoE Server with...

tcpip77

Oh no I did not. This is set in the PPP Interfaces where I have the PPPoE Interface under Service? Correct?

tcpip77

I have gone into settings and only allowed PAP. Is there more I need to set on the Radius server? PPPoE Server only accepts PAP and CHAP no MS CHAP The client is only a PPPOE dialer with a security setting of only PAP Should I try connecting with a different client What client is a good for testing ...

tcpip77

ok on the PPPoE Server I only have chap and pap selected now. Still gets the same error.

tcpip77

Ok I finally got freeradius and mysql working. Got MT to talk to it. So now I dream of testing it so I pull up my Windows XP Box and create a new internet connection : manul connection : PPPOE and then put in the test-user and test-pass as is described in the forums. I get to the registering compute...

tcpip77

WOOT ok never mind got the Mikrotik to finally talk to the Radius Server now on to more problems to solve lol.

tcpip77

http://wiki.mikrotik.com/wiki/RouterOs_MySql_Freeradius was an awesome help in setting up Freeradius and MySQL But he left us hanging. At the end he gets freeradius up and MySQL running. But he only half way sets up Mikrotik and then says... "Whats Left To Do Well that’s the end of this guide, ...

tcpip77

Where can I find documentation on userman. I downloaded and installed user-manager-2.9.23.npk. I went to http://192.168.2.250/userman I cannot logon. I have tried admin with my password, admin with no password.... what am I missing. Where is userman in Winbox or where can I get some documention on s...

tcpip77

Umm.. Never mind Im an idiot. You dont drag and drop on system - packages you drag and drop them into the files listing and then reboot. Sorry... its 2:30 am and Im tired.

Travis

Thanks for the help : )

tcpip77

I can drag and drop the packages but I get the error messages. The FTP worked though. How can I re-enable the drag and dropping so that I dont have to fire up FTP all the time? I used to be able to just drag a package onto the system | packages window. Now I get that key error. How can I fix it? Tra...

tcpip77

I have a level 4 liscence that has 200 user limit on hot spot. When I try to add the 2.9.23 package hotspot-2.9.23.npkI get this error message. "could not change the key - invalid key". My router has 2.9.23 packages installed right now. I even tried to add one of the ones I allready have a...

tcpip77

Well the gentlemen at MT decided to help me and were more then generous. I am happy to say that I have MT working again in my house protecting my familys internet. Thanks MT youguys are awesome.

I look forward to having lots of MT firewalls in all of my customers places.

Travis

tcpip77

well I only bought the license for my MT about 1-2 weeks ago have barely used it and then the old 40 GB drive I was using is dying. /sigh I knew I should have put a new drive in the system but I just grabbed whatever I had around the house to try out MT. I booted up my spare Dell PC and it was fine....

tcpip77

Yah I agree MT is well worth it but I just dont have the cash right now. I dont have lots of money to throw around and Im trying to watch what I spend. 50 dollars here and 20 dollars here and next thing you know your way in over your head in debt. I know that sounds bad but I dont get paid really we...

tcpip77

OK thankyou.

tcpip77

I just purchased a level 4 license 1-2 weeks ago so I could play with Mikrotik and get a feel for it. Its been working great and so I am using at my house for a firewall, Insead of the cheap store bought one. Well Murphys law prevails and after 2 weeks the old 40 GB HDD dies on me and now I have was...

Search found 91 matches