Community discussions

MikroTik App

Search found 40 matches

by b3h3m07h
Thu Jun 03, 2021 8:49 am
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 34
Views: 30770

Re: Torrent blocking working in y2020

I find this set of firewall rules and layer 7 works well with encrypted torrents. Tested with Deluge full encryption and Flud on Android full encryption. /ip firewall layer7-protocol add comment="Mikrotik Block Torrent" name=layer7-bittorrent-expp regexp="^(\\x13bittorrent protocol|az...
by b3h3m07h
Tue Apr 20, 2021 12:25 pm
Forum: General
Topic: IP Cloud stops updating
Replies: 1
Views: 621

IP Cloud stops updating

Hello all, I seem to be having issues with Cloud not updating the IP attached to the xxxx.sn.mynetname.net domain after an uptime of around 2 plus weeks but sometimes shorter. A reboot of the CHR VM fixes the issue but it is a little annoying when I am not around and need remote access. Cloud simply...
by b3h3m07h
Mon Nov 30, 2020 1:41 pm
Forum: General
Topic: Cannot connect to IKEv2 Server behind pppoe WAN connection, SSTP and L2TP IPSec servers work fine.
Replies: 2
Views: 813

Re: Cannot connect to IKEv2 Server behind pppoe WAN connection, SSTP and L2TP IPSec servers work fine.

Cheers sindy, you pointed me in the right direction..

Turns out the pppoe connection defaulted to a MRU of 1500 not 1492 and I overlooked it :-/, changed itand all working a treat.

Something so simple, its just been one of those days.

Thanks again :-)
by b3h3m07h
Mon Nov 30, 2020 5:39 am
Forum: General
Topic: Cannot connect to IKEv2 Server behind pppoe WAN connection, SSTP and L2TP IPSec servers work fine.
Replies: 2
Views: 813

Cannot connect to IKEv2 Server behind pppoe WAN connection, SSTP and L2TP IPSec servers work fine.

Hello all. I have recently changed NBN/VDSL provider from Aussie Broadband (DHCP) to TPG (PPPoE VLAN2) and reconfigured the CHR for the pppoe connection. Everything is working fine, local network to wan, connections from remote devices to the sstp and l2tp ipsec servers on the same CHR but connectio...
by b3h3m07h
Tue Oct 27, 2020 9:26 am
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 11
Views: 3518

Re: Revoked certificate but IKEv2 connection still works?

Can you please try the latest testing version? The issue should be fixed some time ago, but only in testing branch.
I can confirm this now works in the latest stable and beta.

Any idea when it will be implemented into a long-term release?
by b3h3m07h
Wed Oct 21, 2020 4:40 pm
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 11
Views: 3518

Re: Revoked certificate but IKEv2 connection still works?

Which RouterOS version are you using?
Latest longterm as of today.
by b3h3m07h
Wed Oct 21, 2020 8:43 am
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 11
Views: 3518

Re: Revoked certificate but IKEv2 connection still works?

After some further testing I came to the conclusion that the following steps can be followed 1. Revoke current user certificate e.g. user1@xxxxx.sn.mynetname.net and rename with REVOKED placed at the front of the name e.g. REVOKEDuser1@xxxxx.sn.mynetname.net. 2. Create a new certificate and rename w...
by b3h3m07h
Tue Oct 20, 2020 7:31 am
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 11
Views: 3518

Re: Revoked certificate but IKEv2 connection still works?

I have not tried yet to revoke a certificate and see if the IKEv2 works BUT I did noticed that you need to create 1 IPSec Identities for each certificate you want to connect. If you disable or remove the specific IPSec Identity associated with the target digital certificate then the connection will...
by b3h3m07h
Mon Oct 19, 2020 4:14 pm
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 11
Views: 3518

Re: Revoked certificate but IKEv2 connection still works?

Are you testing from the same LAN as the router?
Over WAN. No lan testing.
by b3h3m07h
Sun Oct 18, 2020 5:01 pm
Forum: General
Topic: Revoked certificate but IKEv2 connection still works?
Replies: 11
Views: 3518

Revoked certificate but IKEv2 connection still works?

Hello all, I think I must be missing something but hopefully someone can point me in the right direction. It seems that windows 10 systems, I haven't tested other devices, can still connect to the IKEv2 server after its certificate has been revoked. I setup IKEv2 using the following config and info ...
by b3h3m07h
Sun Jul 08, 2018 2:34 pm
Forum: General
Topic: VPN Subnet cannot access Local Subnet Hosts [SOLVED]
Replies: 4
Views: 5028

Re: VPN Subnet cannot access Local Subnet Hosts [SOLVED]

Looks like the firewall didn't disable on the host.

All working well now.

Thanks again.
by b3h3m07h
Sun Jul 08, 2018 4:55 am
Forum: General
Topic: VPN Subnet cannot access Local Subnet Hosts [SOLVED]
Replies: 4
Views: 5028

Re: VPN Subnet cannot access Local Subnet Hosts [SOLVED]

if i add the below to the nat table i can access the local subnet devices from the vpn subnet. /ip firewall nat add action=masquerade chain=srcnat disabled=yes dst-address=192.168.50.0/24 out-interface=!ether1 src-address=192.168.150.0/24 I didn't think i needed to use NAT. Is this the correct way o...
by b3h3m07h
Sat Jul 07, 2018 7:27 am
Forum: General
Topic: VPN Subnet cannot access Local Subnet Hosts [SOLVED]
Replies: 4
Views: 5028

VPN Subnet cannot access Local Subnet Hosts [SOLVED]

I am having the issue of not being able to reach my local subnet devices e.g. 192.168.50.200 from my vpn subnet 192.168.150.0/24 while connected remotely e.g. road warrior. Local subnet 192.168.50.0/24 dhcp pool 192.168.50.10-200 VPN subnet 192.168.150.0/24 vpnpool 192.168.150.1-10 Local LAN Bridge ...
by b3h3m07h
Wed Feb 14, 2018 4:02 am
Forum: General
Topic: P2P connection to security camera recorder behind MTik
Replies: 13
Views: 7137

Re: P2P connection to security camera recorder behind MTik

Probably something to do with uPnP not being enabled with correct firewall rules. Most IP Cameras use uPnP to forward some ports for those apps and communication to their cloud service for easier connection and work around dynamic public ip's..
by b3h3m07h
Wed Feb 14, 2018 3:45 am
Forum: General
Topic: Epson WiFi MFC discovery issue and temp solution on RB2011UiAS-2HnD-IN
Replies: 0
Views: 696

Epson WiFi MFC discovery issue and temp solution on RB2011UiAS-2HnD-IN

Recently i tried to setup some epson Wifi MFC's on my network. The issue was that i could not discover them with the Epson install tool. The mfc's both were assigned an ip in the same subnet and i could ping them from the windows pc's on 3 different systems. i also tried another Access Point ( techn...
by b3h3m07h
Mon Aug 21, 2017 5:33 pm
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 11573

Re: securing L2TP/IPsec server connection

Clients are windows, Android and iOS. I use a port knocker app from play store and app store. the knocking then adds the clients to the secure list which is part of the requirements for the connection. Without the knock the port is closed for that device. For windows i just googled a port knocker. W...
by b3h3m07h
Sun Aug 20, 2017 8:01 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 219702

Re: v6.41rc [release candidate] is released! New bridge implementation!

still having issues with RB2011UAS-2HnD and optus (aus) Huawei E3372h-607 http://www.optus.com.au/shop/prepaid/mo ... /usb/e3372

under load, p2p , multiple users on netflix or youtube, router reboots.
by b3h3m07h
Thu Aug 17, 2017 8:39 am
Forum: General
Topic: Cannot access RB951ui remotely thru Cloud and USB 4G modem
Replies: 1
Views: 1162

Re: Cannot access RB951ui remotely thru Cloud and USB 4G modem

Your 4G usb dongle sounds like is has NAT and that is why it is not getting the true WAN IP from your provider. if you can log into the device and it has a dmz option, enter the mikrotiks ip in the dmz field. if you cannot you may need to get a unit like the following which should allow DMZ to be se...
by b3h3m07h
Thu Aug 17, 2017 8:17 am
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 11573

Re: securing L2TP/IPsec server connection

i use the following rules with port knocking and a ipsec policy matcher (no need to open port 1701 UDP) /ip firewall filter add action=add-src-to-address-list address-list=port_knock_tcp_ph1 address-list-timeout=10s chain=input comment="PORT KNOCK" dst-port=51412 in-interface=ISP1 protocol...
by b3h3m07h
Tue Aug 15, 2017 1:00 pm
Forum: Wireless Networking
Topic: RB951g-2nd + e3372 (hilink and no hilink) loose connection when downloading something
Replies: 9
Views: 3232

Re: RB951g-2nd + e3372 (hilink and no hilink) loose connection when downloading something

i am also having the a similar issue with a rb2011uas-2hnd and a e3372h-607. after downloading a few files for a minute or so the connection drops and router reboots. i am using the latest 6.41rc11 and have even tried the 5v usb power injector https://shop.duxtel.com.au/product_info.php?manufacturer...
by b3h3m07h
Wed Aug 02, 2017 5:10 am
Forum: General
Topic: RB2011 & huawei e3372h-607 under load restart
Replies: 0
Views: 984

RB2011 & huawei e3372h-607 under load restart

Hi all. I have a RB2011UAS-2HnD with 6.38.7 bugfix (have tried 6.40 and other versions) and a huawei e3372h-607 connected via usb for failover. Problem is that when traffic is routed through the usb dongle the router reboots when loaded up. I have tried a factory reset with basic config and differen...
by b3h3m07h
Wed May 31, 2017 8:19 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 225251

Re: Blacklist Filter update script

Nice work. All good here.
by b3h3m07h
Wed May 31, 2017 7:19 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 225251

Re: Blacklist Filter update script

try this, worked fine on my rb2011 and usb drive # Import Intrus Managed Filter Lists # © 2016-2017 David Joyce, Intrus Technologies ##### Update your path, is you are using a USB Flash or other storage :global datapath "disk-8G/" :global datafile "dynamic.rsc" ###### DO NOT EDIT...
by b3h3m07h
Wed May 31, 2017 5:03 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 225251

Re: Blacklist Filter update script

Just made a few changes to the script as it didn't seem to delete the blacklist at the end # Import Intrus Managed Filter Lists # © 2016-2017 David Joyce, Intrus Technologies ##### Update your path, is you are using a USB Flash or other storage :global datapath "usb1/" :global datafile &qu...
by b3h3m07h
Mon May 29, 2017 8:58 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 225251

Re: Blacklist Filter update script

here you go :-) # Import Intrus Managed Filter Lists # (C)2016 David Joyce, Intrus Technologies :log warning "Blacklist update in 30 seconds"; # :delay 10 :local model [/system resource get board-name] :local version [/system resource get version] :local memory [/system resource get total-...
by b3h3m07h
Mon May 29, 2017 6:43 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 225251

Re: Blacklist Filter update script

Here is the script i use to save and execute the blacklist (dynamic.rsc) from a usb drive (named usb1) /system script add name=updateBlacklist-usb1 owner=admin policy=read,write,test source="# Import Intrus Managed Filter Lists\r\n# (C)2016 David Joyce, Intrus Technologies\r\n\r\n:log warning \...
by b3h3m07h
Fri May 26, 2017 5:36 am
Forum: Scripting
Topic: OpenDNS script error 911
Replies: 0
Views: 1084

OpenDNS script error 911

I have been trying to get the following script to work but keep getting a error 911. The script just wont update my dynamic ip in the dashboard. The username is my opendns username/email address, password i have tried both the normal login password and the update-only password issued by opendns supp...
by b3h3m07h
Thu Jan 19, 2017 4:32 am
Forum: General
Topic: double upload rate on wan when using pptp client.
Replies: 2
Views: 1015

Re: double upload rate on wan when using pptp client.

just a bump.

another note, i disconnected all other devices from the network so the upload is only from the vpn device on the local network
by b3h3m07h
Wed Jan 04, 2017 12:17 pm
Forum: General
Topic: double upload rate on wan when using pptp client.
Replies: 2
Views: 1015

double upload rate on wan when using pptp client.

i currently have my rb951 setup as a home router and also a pptp client setup to route certain local ip's through it. what i am noticing is that when using one of the vpn routed hosts e.g. streaming from youtube, the download speeds on the WAN and PPTP are very similar but the upload speeds are quit...
by b3h3m07h
Tue Dec 27, 2016 3:00 pm
Forum: General
Topic: Uncontrolled upload using google drive
Replies: 4
Views: 2014

Re: Uncontrolled upload using google drive

What type of qos setup if any have u setup for the uplink? Are you using fasttrack? What is your cpu usage like at this time? 97mbps without fast track on a 400mhz cpu might be making it hit the limit and if you are using mangle rules even worse. For my outbound traffic i mark in mangle using forwar...
by b3h3m07h
Mon Dec 19, 2016 9:41 am
Forum: Beginner Basics
Topic: Enabling DHCP in Mitrotik on bridge mode
Replies: 6
Views: 3599

Re: Enabling DHCP in Mitrotik on bridge mode

First i would put your modem into bridge mode and then use the mikrotik to do the routing dhcp server etc. This way you avoid double natting. Personally i use a rb951g wifi init Setup some firewall rules, nat on your wan interface, create a bridge and add your wifi interface and all your ether port...
by b3h3m07h
Mon Dec 19, 2016 9:15 am
Forum: General
Topic: Throttle Windows Updates
Replies: 32
Views: 22363

Re: Throttle Windows Updates

Here is what i have been using with a modified layer7 from above. Seems to be catching all windows updates, office updates etc The following checks for the content and layer7 in connections tcp 80 and 443(do i need 443?) and then adds the src address to a list which is then marked. /ip firewall laye...
by b3h3m07h
Fri Dec 16, 2016 1:49 pm
Forum: Beginner Basics
Topic: Enabling DHCP in Mitrotik on bridge mode
Replies: 6
Views: 3599

Re: Enabling DHCP in Mitrotik on bridge mode

First i would put your modem into bridge mode and then use the mikrotik to do the routing dhcp server etc. This way you avoid double natting. Personally i use a rb951g wifi init Setup some firewall rules, nat on your wan interface, create a bridge and add your wifi interface and all your ether ports...
by b3h3m07h
Thu Apr 28, 2016 11:27 am
Forum: Forwarding Protocols
Topic: forward relevant broadcast traffic to port 27036 UDP from one subnet to another?
Replies: 0
Views: 1576

forward relevant broadcast traffic to port 27036 UDP from one subnet to another?

HI all At home i am running a RB951G-2HnD with two local subnets, 192.168.1.0/24 and 192.168.2.0/24. One is a wired network the other is the wifi network. i am trying to get steam's in-home streaming to communicate with systems on the other subnet but haven't had any luck. i have ip forward filters ...
by b3h3m07h
Sat Jun 13, 2015 12:27 pm
Forum: Wireless Networking
Topic: Slow Local Transfer when using additional AP, only 450KBps.
Replies: 4
Views: 1587

Re: Slow Local Transfer when using additional AP, only 450KBps.

when the notebook connects to the 951 directly and not the tplink/7800n, wireless speeds are around 3000KBps.

can you have two AP's right next to each other, one on channel 1 and the other channel11 and have them not interfere?
by b3h3m07h
Sat Jun 13, 2015 4:42 am
Forum: Wireless Networking
Topic: Slow Local Transfer when using additional AP, only 450KBps.
Replies: 4
Views: 1587

Slow Local Transfer when using additional AP, only 450KBps.

i have the following setup RB2011UAS-2HnD is in station bridge mode with wifi and lan ports bridged. RB951Ui-2HnD is setup as a wireless router, wifi and lan ports 1-4 on bridge, port 5 connected to adsl modem in bridge mode. tp link AP or 7800n as AP (dhcp server disabled) Patch Lead ------- wifi l...
by b3h3m07h
Tue Jun 09, 2015 9:45 am
Forum: General
Topic: slow ap to host speed
Replies: 0
Views: 782

slow ap to host speed

i have the following setup RB2011UAS-2HnD is in station bridge mode with wifi and lan ports bridged RB951Ui-2HnD is setup as wifi router, wifi and lan ports 1-4 on bridge, port 5 connected to adsl modem tp link AP or 7800n as AP (dhcp server disabled) lan lead ------- wifi link ^^^^^^^ PC ----------...
by b3h3m07h
Fri May 02, 2014 7:10 pm
Forum: General
Topic: IPVanish VPN PPTP L2TP OVPN Setup
Replies: 2
Views: 6109

IPVanish VPN PPTP L2TP OVPN Setup

Has anyone had any luck with either a PPTP, L2TP IPSec or OVPN Client setup on their router?

i am beginning to think it has something to do with ipvanish's servers as a free pptp works perfect?

Also any recommendations for a decent paid VPN with unlimited bandwidth and good speed :-)

Cheers
by b3h3m07h
Sat Dec 28, 2013 3:09 am
Forum: RouterBOARD hardware
Topic: RB951Ui-2HnD with external antennas
Replies: 18
Views: 42388

Re: RB951Ui-2HnD with external antennas

+1 for some photos. I would like to do this to one i have to get a little extra range :)