Hi, I got a strange issue with a site-to-site vpn between a PFSense box and a Mikrotik device. The vpn itself is created with OpenVPN (server side = PFsense, client = Mikrotik).. The simplified setup: https://preview.ibb.co/k436GU/issue.png The problem is as follow: From Mikrotik side * I can succes...

Dear, I'm trying to create a IPSEC vpn connection between 2 Mikrotik Devices: --192.168.100.0/24--MIKROTIK -- 185.59.71.2 -------INTERNET ----- ISP MODEM (NAT APPLIED)-- 192.168.15.1 ----192.168.15.252---MIKROTIK --- 192.168.16.0/24 --- So as you see one side of the part has a NATTED IP. When I look...

Dear, I'm looking for a product that allow me to count the bandwidth usage per IP. I've already installed tools like nfsen, ntop, bandwidthd but none of them do exactly what I want. nfsen+ntop: don't allow me to show me per ip data bandwidthd: can show data per ip, but doens't support netflow as a c...

Following routes are active on Site 1: [admin@router] > /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DIST 0 A S 0.0.0.0/0 192.168.0.1 1 ADC 172.1...

HI, I've made some progress, when I start a ping from a device on the 192.168.100.0/24 network to a device on the 192.168.15.0/24 network, and start a torch on the L2TP interface i see on the 100.0/24 network TX traffic and on the 15.0/24 RX traffic, but the traffic is not going back.. Export from t...

When I do a traceroute via interface PRIVATE LAN it seems that he's sending traffic through it's default gateway instead of using the route I've devined for the 192.168.15.0 network.

I can't get this to work, my setup: PRIVATE LAN 192.168.100.0/24 <-----|ROUTERBOARD DC|172.16.1.1 ------L2TP VPN ------ 172.16.1.2|ROUTERBOARD HOME|---> PRIVATE LAN 192.168.15.0/24 - From my home router I can ping to 172.16.1.2,172.16.1.1 and also clients on the PRIVATE LAN subnets on both sides - F...

Somebody with tips on this issue ?

On SITE1: Allow both inbound, outbound en forward traffic
On SITE2: No firewall rules present

Hi,

Thanks for your reply,

Those routes already exists, clients have the RB as their default gateway.
On a client I can succesfully ping 172.16.1.1 or .2 but not the 192.168.100.0/24 network

Dear, We've 2 sites: SITE 1, private lan with range 192.168.100.0/24 - port 2,3,4 bridged in bridge called 'PRIVATE LAN' SITE 2, private lan with range 192.168.15.0/24 - port 2, wlan1 bridged in bridged called 'bridge-local' I've created a L2TP tunnel between SITE 1 and SITE 2 as described in http:/...

Tried that, enabled rstp on all bridged , enabled firewall on the bridge & vlan, but still no luck..
How can I disable the whole firewall ?

Side note:

Also after rebooting the communication is working for a couple of minutes..

Hi , Thanks for your assistance, the config: # may/12/2014 19:20:34 by RouterOS 6.12 # software id = EWM0-5AGT # /interface bridge add l2mtu=1598 name="Onapp Management" add admin-mac=4C:5E:0C:45:44:E8 auto-mac=no l2mtu=1594 name=bridge-local add l2mtu=1598 name=iDRAC protocol-mode=none /i...

Dear, Got some very, very strange problem I'll try to explain.. OUR SIDE: RB2011UAS for the routing on our network, one uplink ETH4 is a direct uplink to a customer private cage CUSTOMER SIDE: - RB2011UiAS - ETH1 uplink (direct uplink to ETH4 on our RB) - ETH2 ==> Direct link to temporary server - E...

Hi , Sorry it was my fault, I forgot to add the PUBLIC ip on the IP-->Addresses list, after that is was working. Now I need to create a firewall filter rule to allow all traffic to PUBLIC IP, when I create a forward rule with any any everything works Ok, but for some reason when I enter PUBLIC IP in...

Hi,

When I configure the 2 rules as described above and try to reach is over https://publicip, nothings happens even the counters for both NAT rules didn't increase...

So something like this: /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-address=PUBLICIP dst-port=443 protocol=tcp to-addresses=CUSTOMERIP to-ports=4343 add action=masquerade chain=srcnat disabled=no dst-address=CUSTOMERIP dst-port=4343 protocol=tcp This is for forwarding all reques...

Dear, I need to achieve something that's quite easy but for some reason I can't get this working. A client has a server at home running a website at port 9090 the reasong why the site is running on 9090 is because the ISP is blocking all ports < 1024, now we want to assign another public ip address ...

Hi,

Which configuration can I transfer? Is it everything (interface configs, vlans, firewall rules,..) ?
As from my understanding with vrrp you create an active/active setup right ?

Is vrrp the right choice to create this or is there something else ? I got a lot of fw rules and vlans.

Dear, I would like to setup an active-active or active-passive cluster of 2 routerboard routers in case one of the routers fails another takes over. I've read a lot of it that I need to configure VRRP but got a question about it: - One you've configures VRRP is the configuration continiously replica...

So you need to name all address list items the same to create a group?

Strange way but OK

Hi, I don't know this is possible, but if it is it would be great: I've 2 address list items defined in my IPV4 firewall - Server 1 - 192.168.1.1 - Server 2 - 192.168.1.2 For both servers I would like to allow all traffic on port 80, now I create 2 identical rules to allow traffic on port 80 to this...

Hi, Got my brand new Mikrotik RB2011 device configured. But for some reason the leds are not flashing on interface activity. When I do an output of /system leds print I got this: Flags: X - disabled, * - default # TYPE INTERFACE LEDS and when I try to add a new led via /system leds add led for inter...

Hi again, Got it working after a few hours of euh.. ;-). Now I got 2 servers which are in different broadcast domain and can't access each other resources, now my last challenge is the following: All servers need to have access to just 1 server (dns server), I tried to add routing stuff and so on bu...

Hi Guys, Thanks for the feedback, that's running smoothly now. Next step is creating VLANS on the same network, as described here: http://gcharriere.com/blog/?p=620 Found this topic on the forum here from a guy trying to achieve the same as me http://forum.mikrotik.com/viewtopic.php?f=2&t=56208 ...

Hi, So i now created a bridge called 'Servers', addes ETH1 and ETH2 to this bridge and assigned an ip address 192.168.16.254 to interface ETH1. I also applied the "Use IP Firewall" setting in the bridge settings menu. Now my network setup is as follow: DESKTOP (192.168.16.2) --> SWITCH -->...

Hi Guys, I'm new to Routerboard and I want to configure my Routerboard acting as a "transparant firewall" in the current network, something like this: LAN (192.168.16.x /24) ---> ETH1 RB (192.168.16.254 /24) ----> ETH2 RB ----> LAN 2 (192.168.16.x/24) Clients that are connected to lan 2 ar...