MikroTik

ramirez

Between a client MT and a remote server MT I have an L2TP/Ikev2 VPN and some mangle rules on the client side to only allow certain devices go through the vpn. What I 'm looking to do (and have not accomplished so far) is to have road warriors connect via Wireguard to the server (directly) when on ce...

ramirez

The source port is picked by the remote client initiating the connection, typically anything greater than 1023 but not fixed. Ok thank you ! The way I was understanding it was (in the event no MT router is involved) if you have a camera for example and you want to use a known port to access it from...

ramirez

also evaluate back to home.
https://help.mikrotik.com/docs/display/ROS/Back+To+Home

Hmmm didn't know about that ! Very interesting! Thank you !

ramirez

Ok so I was able to open port 42225 (could have been any other) and redirect it to 8291 and I want your thoughts if this is something I wasn't understanding towards my modem (see attached screen shot). I was under the impression that I had to specify the source port as well, in this example 42225 an...

ramirez

Can you change this rule, where the to port is the default Winbox port? And change this rule in the firewall as well: /ip firewall filter add action=accept chain=input dst-port=8291 in-interface=ether1 protocol=tcp Ok I changed both to 8291 and both ports remain closed as before but now I see packe...

ramirez

Yes it is behind NAT and does not have a public IP address.
Did you do port forwarding on the NAT device as well?

Yes !

ramirez

input ≠ forward

Changed it to forward but still the port remains closed...

ramirez

I would prefer through VPN over making a service available publically. Is your MT behind NAT, or does it have a publically available IP address? Who removed all filter rules that are part of the default? Indeed a vpn is preferable but for know I am looking to explore this option as well. Yes it is ...

ramirez

I am trying to set up port forwarding on a MT to be able to access it remotely and have failed to do so . I have set up a firewall rule and a dst-nat rule from port 8899 to port 8291 but like mentioned the port is not open. I have also configured the modem to port forward 8899 => 8899 to 192.168.1.1...

ramirez

Thank you MKX ! Got it !

ramirez

Generally I'd guess that for higher throughputs using CHR on decent hardware would be more cost effective solution than using a powerful MT router. And I'd guess that single core CPU speed is the most important parameter when choosing hardware for running CHR. Thank you MKX for all the info, on bot...

ramirez

It was a long time ago I had speed problems with my L2TP IPsec link and changing MAX MTU to 1400 fixed it for me .

ramirez

Dear community, what do you think can better cope as a VPN server with up to 200/200 Mb loads? Currently I am operating a CHR on a DELL R210 II/1xE3-1270/32GB and server speeds of up to 100/100 Mb (compressed video) through L2TP IPsec (5 clients - Sha1/aes128/modp2048) take anything between 20-50% C...

ramirez

Dear community a MT sitting behind 2 WAN addresses, when initially connected to the router (please see attached diagram) establishes L2TP/IPsec connection. However, at random times (could be 5 minutes/1 hour etc.) the connection is lost and although MT2 IP/cloud continues seeing router’s WAN address...

ramirez

Dear community a MT sitting behind 2 WAN addresses, when initially connected to the router (please see attached diagram) establishes L2TP/IPsec connection. However, at random times (could be 5 minutes/1 hour etc.) the connection is lost and although MT2 IP/cloud continues seeing router’s WAN address...

ramirez

I don't know if Sindy's eye will catch this, but I have doubts whether 192.168.1.1 is the correct address to enter : from the initial post : "As for determining the IP of the gateway of that WAN, either you don't need the router itself to determine it because it doesn't change (it is a typical ...

ramirez

Correct, the address of the modem is 192.168.1.1

Did everything per the instructions but still the link fails between the server and the client when I use the xxxxxxx.sn.mynetname.net

ramirez

You mean the modem's ? 192.168.1.1 ?

ramirez

Thank you Holvoetn ! Just a quick question ...which is the "ip.of.wan-x.gw" Sindy refers to /ip route add routing-mark=via-wan-x gateway=ip.of.wan-x.gw ?

ramirez

At a remote location (B) where no physical access is possible a MT client is connecting via L2TP to a server at another location (C). Access is only possible to MT client and MT Server FROM LOCATION (A). When that MT client is sitting behind an ISP modem with CGNAT and ip/cloud getting a different p...

ramirez

Thank you ! Yes indeed to the second part ! Like I said too fast of a click , too tired when did that, and didn't pay any attention to the obvious. The intention is to move that router (from that machine) in a month, to another machine so I may have to buy a new license (I have contacted support) ...

ramirez

True ! Too much speed !

When installing a x86 CD .iso through VMware (as I have done) on a remote server is there any difference from choosing the VMDK image in regard to the router (to do the same thing), as to the operation/capabilities of the router ?

ramirez

Greetings to all ! After purchasing a license key for a x86 router OS, and entered through Winbox / system / License , restarted the router but nothing shows there . Does it take some time (hours) for Mikrotik to activate something ? Also my order shows fine on MT portal account , but when I click &...

ramirez

When a DHCP client is running on eth1 is it possible to "request" from the device running the DHCP server a particular IP? E.g. if the server hands out to client MT 192.168.50.10, to have MT receive 192.168.50.11 (not through "make static"), without changing anything on the first...

ramirez

Thank you mkx!

ramirez

Correct ! Let me ask you this : If a wireless device is connected to a MT which in turn is connected vie Ethernet on the ISP modem. Is there any way for this wireless device NOT to show it's MAC address in the LAN? Is there some setting on the MT that will accomplish that ? The MT receives local add...

ramirez

Thank you k6ccc, no you got it right

was trying to figure out if there is a way to avoid cloning of the mac address (by not knowing it ) but you are right in what you 're saying ...

ramirez

Besides options @ Tools/MAC Server, is there a way to stop MT’s from advertising their MAC addresses when connected on the ISP modem? In other words, for their MAC addresses not to show on a DHCP ISP modem/router.

ramirez

Bump.

ramirez

If a client (e.g. no. 7) connects to this server over L2TP/IPsec and has LAN address e.g. 192.168.20.10 like peer number 3, will the connection be successful or will it mess up with everything? Each client comes from a dynamic public IP address, each public IP address has only one client, as expecte...

ramirez

Thank you Sindy !

ramirez

Is it possible to have access to MT clients from X86 server (through L2TP/IPSEC), when both clients run a DHCP client service to receive LAN address from ISP modems, when both those LANs are the same (e.g. 192.168.100.x/24) ? Server MT is not behind NAT and has public IP 150.150.150.1 Windows is a r...

ramirez

UPDATE :

In case anyone has the same issue in the future:

The problem was choosing "mark connection" instead of "mark routing" in mangle tab. Due to speed I had entered the wrong value...

ramirez

Greetings to all! Can some please help with the following? On the client side that a single device is connected on the WiFi, I am looking to traffic all internet through the server’s side. That device is the 192.168.100.2 The MT is connected via ethernet on the ISP’s modem and a DHCP client is runni...

ramirez

This rule :

/ipv6 firewall raw
add chain=prerouting action=drop

Did return counters but none of the others, so probably IPV6 like you said cannot be blocked towards the phone . I appreciate the input ! ! !

ramirez

tried this first :

/ipv6 firewall filter
add chain=forward action=drop

and didn't see any counters (they are at 0) . From my android phone an IPV6 check still comes positive .

ramirez

chain=forward action=drop connection-state=established,related log=no log-prefix=""

is this above correct ?

ramirez

You thought it and you said it to yourself? I am sure that are better ways to phrase the above... As I don't understand the grammar of this : "If is not the smartphone than instaurate the VPN connection, but is the RouterBOARD, " Do you mean : "if it's not the smartphone (I assume, t...

ramirez

Are you "talking" to yourself? Only you know the details and you talk to yourself, who wins among you? You don't provide any useful information, such as device used, routerOS version, etc. Cell phone is a Xiaomi 9T pro , router OS is 6.48.2 on a RB751G-2HnD. What else do you need ? On APN...

ramirez

Although I do not have the IPV6 package installed (or to better put it I have it disabled) my cell phone when connected to the WiFi gets an IPV6 address from the ISP. Is there a way to block the phone from receiving one ? My ISP also offers me an IPV4 address and would like to use that one only . On...

ramirez

Thank you, so either will work (right after the drop invalid in input and forward, or last two rules drop ), correct?

ramirez

Thank you MKX, So if I understand it correctly create at the end two rules one for input and one for forward in this way ? : add action=drop chain=input and add action=drop chain=forward or after action=drop chain=input comment="defconf: drop invalid" connection-state=invalid and action=dr...

ramirez

Based on a previous post and the help from Sindy: https://forum.mikrotik.com/viewtopic.php?f=2&t=175285#p859705 , I have managed to run a CHR on a remote dedicated server (Through Vmware). The setup is as follows, Windows physical NIC : public IP 23.23.23.90 / gateway: 23.23.23.1 . Went on and c...

ramirez

In IP/Routes you will set Dst. address of the machine you wish to reach or the subnet and you will choose the appropriate gateway .

ramirez

Thank you Sindy ! All this is very interesting :-) ! use a display filter arp.dst.proto_ipv4 == 22.22.22.22. If the packet list becomes empty once you apply this display filter, it's definitely the worst case. Yes, it did come back as empty :-( and after some back and forth with the provider they ca...

ramirez

So the first thing necessary is to find out how it is actually done, because the setup will differ accordingly. I am attaching both results with ARP filter on External virtual card and Dst host to 22.22.22.22 (ping from laptop) . Didn't see any ARP requests for 22.22.22.22 when I run ping to it. I ...

ramirez

In Hyper-V's virtual switch management, you have to forbid Windows to connect to the physical interface at all (untick the checkbox saying "allow the host operating system to share this adapter" in the settings of the External network). If I do that, won't I lose remote connection to the ...

ramirez

ramirez

I have been facing the same problem ! The solution is similar for me. On the server side I disable the PPP/secrets for the clients and disable peers and proposals on IPsec (occasionally I have to flush the SAs also) and then enable them back, the link then comes back online. I can confirm this happe...

ramirez

If you create an internal network, a corresponding virtual interface is created in the host Windows, which you can use to share internet with the CHR connected to the corresponding virtual network. You mean to chose the physical connection and the "new" internal virtual connection, and cl...

ramirez

Any virtualization platform I know for Windows does address also networking. So as soon as you install/activate it, a virtual Ethernet interface will be added to the Windows system, and you'll be able to add more manually. And you will also be able to specify how to use them. Yes, I am using Hyper-...

ramirez

Is it possible to install Router OS on a windows host machine when that machine has no Internal IP address, but only an external one?

ramirez

Thank you Sindy !

ramirez

Is it possible to connect two same subnets (as per diagram) to the same Server? In the event that you cannot change a client's subnet (but you still need to connect it to that Server), how do you deal with establishing that link between all three (2 clients and 1 server) ? And then... e.g. be able t...

ramirez

UPDATE: OK I can confirm: Last night one of the client's public IP address changed. The link went down and never came up. What I did : Disabled on client the L2TP-out client - disabled all settings in IP/ipsec On Server: Disabled the client's Secret @ PPP/secret , disabled the peer for that client R...

ramirez

OK so far: I have contacted support on the issue, and they asked to upgrade to V. 6.48.2 from 6.48.1, as some improvements took place regarding transport mode and IPsec. The problem persisted after the upgrade. Then support suggested to include dst-nat rule to either machines (since both are behind ...

ramirez

Has anyone successfully connected via L2TP/IPsec (manual - transport mode) a physical client MT to a CHR Windows Server 2019 dedicated machine (with Vmware Workstation 16 / or other vm platform) ? I have tried allowing UDP ports 500, 1701, 4500 on windows firewall (on the dedicated server) , didn't ...

ramirez

OK, the delay 1m before disable did the trick :-) ! I have also emailed support regarding the so far discussed ...

ramirez

Of course replace name by the actual name of the peer. And yes, the scheduled script is a substitution of your manual disable/re-enable operation after reboot. I just tried it and it didn't bring the link up ...do you think I should make the delay 1m longer, say 3 minutes? Although I would imagine ...

ramirez

Thank you Sindy ! I will follow up with this post (Mikrotik support) and will try something extra with a dedicated server I have (and post results) to further assist other people and the progress of Router OS . Again ...much appreciate it !!!

ramirez

Thank you Sindy!
Do I have to replace the word "name" with the peer's actual name, or leave it as is? If I understand it correctly , upon reboot/shutdown etc. the schedule will basically do automatically, what I do manually - disable the peer once and then re-enable it?

ramirez

It seems that the log is from the only client whose configuration you haven't posted. [admin@Client3] > export hide-sensitive # apr/11/2021 10:48:08 by RouterOS 6.48.1 # software id = # # model = RBmAPL-2nD # serial number = /interface l2tp-client add connect-to=dnsln.ddns.net disabled=no max-mru=1...

ramirez

Thank you Sindy for your continuous efforts to assist (and teach) ! A) The way you describe it, you've opted to use a dst-nat rule rather than to restrict the IPsec policy to carry only the L2TP transport packets. Nothing wrong about that. However, it then cannot be a matter of a bypassed dst-nat an...

ramirez

A) Why when connected to client1's WiFi, I cannot connect to the Server through DDNS (WinBox)? If I try from my phone's 4G I can. I understand that this happens because I am connected to that network, that has the L2TP link with the Server (and I can connect using server's 172.21.69.153) but cannot...

ramirez

Hi Anav, there is only one IP address 192.168.0.1 and that is of the bridge . Indeed all Ethernet ports are on that bridge.

ramirez

Thank you Sindy, for some reason I had left enabled the "use IP sec" in PPP/interface/dial-out (had manually configured IPSEC). After I disabled that, the link got established and is steady. All links between clients and Server are as expected. 3 questions if I may: A) Why when connected t...

ramirez

First, even a whole elephant can be eaten, but you have to chop it into small enough pieces. Indeed, got carried away as I was typing, apologies ... I will try to keep as short as possible the answers . Regarding many clients using the same subnets internally, the key point here is whether you need...

ramirez

Thank you Sindy for the time spent and the input offered! So how about this (based on) : “…Since the five-tuple of (public local IP, public local port, remote IP, remote port, IP protocol) must be unique for each tracked connection…” Assuming that you have 2 clients connecting to a server over L2TP/...

ramirez

Thank you !

ramirez

Thank you! One thing that helped a lot (per support's instructions) was to set MTU on both sites at 1400 instead of 1492 or 1500 and/or minus 28 on both... 1400 boosted speeds to almost 90%-95% of what the internet lines can give. I have read about HW acceleration in the past and as I am using a vir...

ramirez

Same problem here with 6.48.1 Edit: I changed the NAT keep alive from 30 to 60 and looks like the problem is fixed ? ? ? Will keep checking and will post here in a few days my findings ... Edit2: No it seems I was wrong, as to this part: I disconnected the client from power (to simulate a power outa...

ramirez

I see...good to know , thank you! Would you say that in transport mode if I have access to one site (Server side) but don't have access to the other side, would I be able to establish a link between the 2, by entering the static address (to call/connect to) on the client side? E.g. if the the DDNS o...

ramirez

Indeed true ... Here is what I did and it works, the (MT) DDNS is operating as expected to update the IP, I set it up to update every 5 minutes ...now to access from winbox a MT through "that name" indeed you need some changes/access to the modem . But! If you only need to be informed of t...

ramirez

Thank you 2frogs, no unfortunately there will be no other device update client running on the network ...just a modem (to which I have no access) and the MT. I was also under the impression that the DNS name in ip/cloud is not accessible when behind a NAT modem (and needs port forwarding) or are you...

ramirez

Is there a way to be able to find out the external IP when the MT is behind a modem and set a noip.com name, without involving entering your account details on the Modem? When you don't have any access to the ISP modem and you just connect the MT on the modem (no firewall rules present on MT) is it ...

ramirez

Well, that did the trick !

Followed the instructions and was able gain access to it through the ethernet port .

Much appreciate it 2frogs!!!

I have no idea how to place a [SOLVED] tag on this post , but indeed has been resolved :-)

ramirez

:-) Again what you say makes total sense! Just because I 've never tried it before (yes it is in range the signal) can you dictate please steps/advice regarding the virtual wireless?

ramirez

Hmmmm without knowing how to do it :-) it makes sense what you're saying . Will do some research and hopefully figure out a safe way to do it ...

P.S. When you say to configure the gateway for wireless, Pi has the 192.168.100.151 , you mean to set a static gateway of the pi ?

ramirez

OK here it is (in case anyone faces the same in the future) ... 2frogs was spot on! Up until now I have had experience with MT's (4 Ethernet ports or more) , also I had performed software and hardware reset to these devices with previous ROS versions (the one running on this particular Map Lite is 6...

ramirez

Hmmmm ...didn't know that :-)

Well in that case how do you explain getting an IP automatically (out of the box) and me being able to access it through the ethernet connection (the first time ) ?

ramirez

But how can you connect to the wireless side of the Map Lite when you cannot access it via ethernet to configure SSID , other parameters of it and its password ?

ramirez

It is a Map Lite . No I did not check the keep old configuration. I was under the impression that with the latest ROS versions when a reset is performed then a DHCP client is automatically present ...I may be wrong though ... But how do you explain the fact of a present IP and I cannot access it nei...

ramirez

That MT has only one physical Ethernet port, is that considered as a WAN port in the default/initial configuration after a reset?

Also, I was under the impression that after a rest there are no firewall rules present in the filter rules ...

hmmmm

ramirez

At a remote connection where 2 Mt’s are connected on a modem, I had to reset via Winbox settings of one MT. At that location, I don’t have physical access and although I thought (after the reset) it would automatically receive an IP from the running DHCP server (Modem) well, I lost access to it… I h...

ramirez

When creating a tunnel/ link between two sites and site (A) ISP modem has 1500 mtu (server) and site (B) client has mtu 1492, how to you configure the setting between them/on each one? For example, on L2TP/Ipsec or GRE/Ipsec do you remove 28 and 24 respectively and add them on each site (meaning e.g...

ramirez

If someone can shed some light please. I am running ROS (6.48.1) as a virtual machine and I cannot get between 2 locations (L2TP/IPSEC) a higher bandwidth test upload speed than 8-9Mbits. Side (A) has a 200/200 and side (B) 60/10, I was expecting to get the full speed side (A) can give, while runnin...

ramirez

I am running on Winx64 Home, a VMware WorkStation Pro 16 and through it a trial version of ROS 6.48.1 (I used the CD image to install it on the virtual machine) . Everything works as expected and wanted to ask what is the difference between running this "version" and the CHR VDI image ?

ramirez

Thank you! I will give it a try with 6.48 and 7 beta and will post my findings here...

ramirez

Well I have been reading conflicting info, that's why I thought to ask :-) ...

viewtopic.php?t=121196

EDIT: Also it seems that version 7.0 will support x64 multi processors? ? ?

ramirez

Has anyone tried to install RouterOS X86 on a NVMe storage unit?

ramirez

Did you format the USB disk to Fat32?

Yes for some reason it wont do it ...

I am going to try with vmware...

EDIT: What operating system do you chose in VMware ?

ramirez

How can I install RouterOS on a USB stick to be able to insert it on a PC and boot from it in routerOS environment? NetInstall will not do it...

ramirez

When trying to establish a connection between 2 M.T. routers if (on the server side) chose NOT to use IPSEC, and do the same on the client side, the link is established. If on the other had I chose (on the server side) IPsec=required enter a password and do the same for the client , I get a log (on ...

ramirez

Through a Bandwidth Test, I get max 24Mbits over either OVPN / IPsec with a 100% CPU usage :-) ...

ramirez

Like I mentioned here viewtopic.php?f=2&t=171995 I get about 21Mbits which is very low ...and have no Idea why is so slow :-)

ramirez

Thank you!

If anyone else has experience with X86 processors and encryption transfer algorithms please share your findings ...

ramirez

Thank you MKX! When you say that I 'd have to benchmark, you mean get the device and start tests right? As it would be the only way to tell weather such a CPU would be powerful enough to handle the encrypted traffic?

ramirez

If I may ask the community for ideas/suggestions: Through bandwidth tests between multiple locations (site-site MT routers) from Location A to B/C/D the CPU (in Location A) maxes out at approximately 21Mbits (whether sending to one or to all), when location A can offer 200Mbits upload speeds. I have...

ramirez

WinBox v. is 3.19

I cleared cache via winbox/tools but problem persists ... how do I do it via connection dialog?

UPDATE: WinBox version 3.27 works with v6.48

ramirez

Is anyone experiencing problems after upgrading to v6.48 when trying to add a new policy @ IP/IPsec?

When clinking on the + sign to add a new policy , WinBox shuts down !

Tried it on 2 different routers and does exactly that...

UPDATE: After downgrading to v6.46.8 WinBox works fine

ramirez

Yes, if 192.168.10.254 is the default gateway of the device, 192.168.10.21 will not be able to reach either the other subnet or the internet via site B. I am able to ping from 192.168.10.21 the router on the other side of the tunnel (and other devices on that subnet), but am not able to make it app...

ramirez

Thank you for your help, I will keep working on it ...

ramirez

Wait I got confused :-) device 192.168.10.21 has as gateway 192.168.10.1 (I can see it from its settings)

In IP routes I have Dst address: 0.0.0.0/0 => Gateway : 192.168.10.254 and next to it says : reachable bridge1

Do you mean to change it to 0.0.0.0/0 => Gateway : 192.168.10.1 ?

ramirez

Firewall - interface with ip 192.168.10.254/24 is (should be) in LAN interface list in default config - therefore allowing forward traffic (not dropping) Nat - ipsec=out,none is applied in standard masquerade rule - so the source address should not be altered 192.168.10.254/24 (ISP modem) is connec...

ramirez

hmmmm no it says PH2 state: no phase 2 ...

Correction I had the values written opposite ...now it says connected

UPDATE: Although now it says it is connected device 192.168.10.21 (in site A) is still using site A's Internet provider and not side B... should I include an extra IP route rule?

ramirez

No need for additional protocols or interfaces. This scenario will work in standard ipsec tunneling mode. On site A create an additional policy: /ip ipsec policy add dst-address=0.0.0.0/0 peer=siteB src-address=192.168.10.21/32 tunnel=yes On site B create an additional policy: /ip ipsec policy add ...

ramirez

Thank you ! Do you think LT2P over IPsec would be an option? I have configured in the past OVPN between the two routers but the speed maxes out at around 15Mbits (Down/up in location B is 200/200) and was looking for ways to get the most out of it , in other words the fastest vpn option between to M...

ramirez

If anyone can help please : I have created an IPsec tunnel between location A (LAN 192.168.10.1/24) and location B (LAN 152.21.69.151/24). I am able to ping devices from one router to another. 192.168.10.1 to 152.21.69.151 In location A I have a device (192.168.10.21 / ISP modem: LAN 192.168.10.254/...

ramirez

(Bump)... Anyone ?

ramirez

Have a similar question here :

viewtopic.php?f=2&t=170797

Haven't received any answer yet , but have a feeling it's related to yours ...

ramirez

Greetings to all! I have a OVPN between location A (Map) and location B (Map Lite) . Location A is client and location B is server. Connection A has an Internet speed of 200/200 and I can only get about 20Mbit at location B during a transfer. So I figured that this is a CPU problem at location A? An...

ramirez

Bump!

ramirez

Greetings to all! I have a connection between A and B (both MT’s) through OVPN and as I need to use locations A’s Internet service on one device in location B (not the whole subnet, just one device e.g. 192.168.40.40) I have created a mangle rule in location B as chain: prerouting => src address 192...

ramirez

OK for some reason the modem to M.T2 port forward rule didn't work, but....... A) on M.T.1 /ip firewall nat add action=dst-nat chain=dstnat dst-address=192.168.0.1 dst-port=3456 protocol=tcp to-addresses=192.168.0.38 B) /ip firewall nat add action=dst-nat chain=dstnat dst-address=192.168.0.38 dst-po...

ramirez

Thank you @mkennedy67 It makes total sense what you just pointed out. I followed the rules but still the port does not respond . Edit: I forgot to mentioned that I checked with the ISP and they confirmed the don't block any ports or services. Thank you @ Sob, things are more clear now ! I followed y...

ramirez

Hi Sob, so would you say that in order for a port to appear open something has to "κnock" and something has be awaiting to respond to that "knock" and open it? In other words when I try an open-port-check-tool from the Internet to 3456 because there is no device waiting to reply ...

ramirez

Thank you Zacharias, to be honest I don't remember after so many tries if I did that, so I went and I forwarded from my modem port 3456 to M.T1. @ 192.168.0.1 with dstnat to 192.168.0.38 (MT2-Eth1), then the same dst nat from 192.168.0.38 (MT2 - Eth1) to 192.168.10.15 (PC) and still the port is clos...

ramirez

Hi Everyone, I am including a design of what I am looking to do and boy oh boy have I had my head scratching on how to port forward 3456 from my VDSL modem to a PC connected to M.T.2 WIFI . I have included the rule in the modem's settings page but the port remains closed! I have tried with dstnat ru...

ramirez

Thought to include this to explain it better:

ramirez

Yeap that did the trick...Thanks a million!!!

ramirez

I see, thank you MKX, unfortunately I need both ways communication... between 192.168.10.0/24 and 192.168.0.0/24

ramirez

Hi everyone...I am going through a brain freeze so I'd like to ask for your advice... I am running a DHCP client on eth1 and the port has received 192.168.0.27 I am running a DHCP server 192.168.10.0/24 on Wlan (its static address is 192.168.10.10) I would like for devices connected on Wlan to be ab...

ramirez

In location (A), I have a M.T. router (172.21.69.180) that is connected to a modem that has address 172.21.69.1 and runs a DHCP server I have created a VPN connection with location (B) that has a LAN address 192.168.1.1/24 and everything works fine. I wish to do the same with 2 other locations that ...

ramirez

Thank you! I will look into it further...

ramirez

Attached here

ramirez

Greetings to all! Does anyone have problems with latest update (6.46.1) and DHCP client on wlan? In my setup there is no need for bridge as I have a MaP that I only wish to connect to a router to which by the way I have no access to its settings. After I setup the wifi as station and input all neces...

ramirez

Thank you guys! @ erlinden you mean create a bridge between the laptop's wifi and it's Ethernet port? Can you please point me to the direction of how to do that? Yes both machines will be running. Also regarding the cloning of MAC address...the router allows specific MAC addresses to connect to it a...

ramirez

If anyone knows...

Can I have a Windows PC that is connected to a wifi pass internet to a mikrotik router through an Ethernet cable?

The M.T. router is not going to be able to receive a LAN I.P. from the router, only the the PC will.

Thank you

ramirez

Thank you Zacharias,

So (just to double check) although I cannot access client machines (only ping them) from machines behind Host M.T., I will be able to set up a machine behind it (host M.T.) to use client's ISP ? Correct?

ramirez

Greetings everyone! If I set up a VPN connection with certificates between a client M.T. and a host M.T. can I have the host through pre-routing rule in IP/Firewall/Mangle receive Internet from the client? In the opposite scenario I can have a client use the host's Internet and appear to the world w...

ramirez

Thank you both! Unfortunately There is no other RB in the remote location that I can remotely access :-( Also I tried the mactelnet way and although I was able to discover it, because I have Installed the latest update, it does not login and returns "Login failed, incorrect username or password...

ramirez

Greetings to everyone! Is there a way through Linux terminal or Webfig to configure an out-of-the-box M.T. router by using the "Mac address access" as we do it from WinBox? On a remote location I have a raspberry Pi connected on the ISP's VDSL modem router. On that modem-router, that by th...

ramirez

Bump.

ramirez

Greetings everyone! I have successfully created a VPN tunnel between MT router in location A (VPN I.P. 192.168.5.1) with LAN 192.168.11.0/24 and MT router in location B (VPN I.P. 192.168.5.2) with LAN 192.168.10.0/24. I can also route internet to a PC in location B (client side) from location A. Thu...

ramirez

I thought I had followed the directions correctly, but obviously not since the client is not connecting ... In the attached design the 192.168.80.1:443 I.P. is the vdsl's modem ip from the ISP? I am confused by the three addresses on each mikrotik router . My setup only operates one I.P. address as ...

ramirez

Sorry I am confused ...I enabled SSTP server through (winbox) PPP / Interface / SSTP server but now am stuck. I would assume that I need to create a server with a username and password (certificate?) and an I.P. address which then I would enter on a client router and thus I would be able to have a V...

ramirez

Thank you Zacharias, Sign certificates and add CRL url. We will use IP address of the server as CRL URL. /certificate sign ca-template ca-crl-host=10.5.101.16 name=myCa In the above Wiki (https://wiki.mikrotik.com/wiki/Manual:Create_Certificates )what does it mean the "IP address of the server&...

ramirez

If anyone can help please with a guide as to how to create a VPN between two Mikrotik routers?

I am looking to have a host on site A and a client on site B and to be able to tunnel all internet traffic from site B through site A.

Thank you in advance.

ramirez

Greetings everyone! Please advise whether there is a way to connect a mikrotik router via Ethernet on a VDSL modem and without knowing the local address range to allow a vpn connection that has been preconfigured on that host mikrotik router. For streaming content, I would like to send to a friend o...

ramirez

Thank you mkx, I created in options a name raspberry with code 3 and '192.168.10.13' (with single quotes) rule, and assigned it to the static lease for my PC , but when I check "what is my IP address" on a browser it still shows my actual location when the raspberry shows a VPN location. I...

ramirez

Thank you mkx, I would like to try it with my PC first as then I would like to do the same for a media player that is also connected to the router. Therefore regarding the PC I would only wish to make changes on the router without changing any settings on the pc (as the media player is "dumb&qu...

ramirez

If anyone can please help with the following: I have a raspberry Pi running Raspbian buster and is connected to vpn service provider. That raspberry is connected on my Mikrotik router on which router my PC is also connected. How can I run all traffic (to and from my PC) through the raspberry so that...

ramirez

Thank you TDW,

You Rock!

ramirez

Got it! So would this scenario work in your opinion? I get 2 x mAP lite and I connect them with a network cable, I then program unit A to be a client to search for Wi-Fi networks and unit B to be as AP station for my devices to be able to connect to. I login to unit A and set SSID and password, then...

ramirez

Well understood, now would this be possible to accomplish over Wi-Fi in the sense that the router will connect to an access point in the house and then the router operate a DCHP server (on a virtual AP?) for devices to connect? In other words would it be possible for the router's Wi-Fi to replace th...

ramirez

I see, I read the basic set up instructions but if I may, how will devices on the LAN side will have access to the internet without a static rule 0.0.0.0/0 to Ethernet 1 (WAN port)? Ethernet 1 and bridge will be different sub-nets, isn't that right?

ramirez

Thank you TDW Ok so please advise if I got it right: I set up a client DHCP on ethernet 1 (Where I connect physically the DSL modem) . I create then a bridge for ports 2,3,4,5 and VPN wifi. Then in addresses I hand out 190.168.0.1/24 for ethernet 1 and 190.168.1.1/24 to bridge. I arrange on the LAN ...

ramirez

Is it possible to setup a mikrotik router in such a way that network 192.168.1.1/24 runs a DHCP server and then by physically connecting the mikrotik router on a DSL modem (from ISP) that probably runs a different network (let’s call it 192.168.0.1/24) without any static routes to have the mikrotik ...

ramirez

Thank you all! I was under the impression that dual band models simply allow simultaneous connections on 2.4 and 5Ghz and that they don’t allow for separate routing rules. Also regarding a VLAN, I was unaware that I can have an AP and a wds station at the same time, operating it at the same channel ...

ramirez

Greetings everyone! I am looking for your knowledge on whether a MT hardware exists that incorporates 2 separate WLAN cards. What I am looking to do is have WLAN1 connect to an AP and the other card WLAN2, to work as an AP itself, on which clients will be connecting. I am looking to have the clients...

ramirez

Dear Sindy, I don’t think I should set statically in MT dns 8.8.8.8 and 8.8.4.4 as this is the whole thing I am trying to avoid, meaning to have MT use any other DNS servers than of Google’s. In addition, the MT is not PPPOE client, meaning that I do not have my modem set in bridge mode and the MT h...

ramirez

Hi everyone, If I may, here is what I ‘m stuck with…I have a RB493G behind my VDSL modem, the first one takes care handling local addresses (modem’s DHCP is disabled). I have 2 WiFi interfaces, 1 Lan and one VDSL port. All are in bridge mode. I am connecting over wifi a Chromecast Ultra to the MT, a...

ramirez

Dear Chris, I must be going wrong somewhere...I have bridged port1 and port 2 on MT1. Bridge has address 192.168.1.1/24 (ADSL modem is connected physically on port 1 with 192.168.1.254/24), port 2 is my LAN. Port 3 of MT1 is connected on port1 of MT2 = 192.168.0.5 (that basically acts like a switch,...

ramirez

Thank you Chris, much appreciated!

ramirez

I have two APs connected together via cable, mt2 has Lan: 192.168.10.5/27 and Wlan: 192.168.10.48/28 -- mt1 has 192.168.10.1/27 (mt1 is dhcp server for LAN) . Mt1 is connected to my VDSL modem which is 192.168.11.254. The problem is that I cannot ping or see wireless devices from lan devices e.g. if...

ramirez

If anyone could help please… I have a 751U which is connected through port 5 (10.47.156.4/27) on a 493G port 5 (10.47.156.1/27). On port 3 of the 751U there is a 250GS switch connected (10.32.57.134), on the 1st port of the switch there is a Groove connected with (10.32.57.125). What I am looking to...

ramirez

Hello everyone, After I updated to version 5.25 from 5.24 I have been experiencing 50% reduction of speed in my RB493G. I use bonding on ports 6+8 for connection to my NAS and after the upgrade the NAS performs 50% less (It seems that although ports get registered as 1000Mb they work as 100Mb). Has ...

Search found 157 matches