MikroTik

pgh321

Hi, I had issues with a Wireguard "road warrior" setup with a Mikrotik RB2011 and a Android phone, so I tried OpenVPN and it seems to be working. I've done all the certificates and ppp user-password stuff, then created the ip pool for ovpn /ip pool add name=ovpn-pool ranges=192.168.100.10-...

pgh321

Hi, loose tcp tracking was already enabled... Logging invalid packets I started see only many RST packets, all dropped for the invalid rule, not only for the phone address but also other devices... Then I tried disabling the "drop invalid" rule, and those RST packets were dropped by the &q...

pgh321

There is something I don't understand The rule blocking invalid packets here is the first one, and without log. If I see packets in log, they should be blocked by the last rule ( drop all the rest) So how can I target those packets? Just above the rule "drop all" but how? Finding about the...

pgh321

Sorry I was wrong, my packets are just dropped by the LAST rule "drop and log everything else" These connections seems "orphaned" like in https://forum.mikrotik.com/viewtopic.php?t=3991 DROP: input: in:ether01-gateway out:(unknown 0), src-mac XXX, proto TCP (ACK,PSH), 151.101.X.Y...

pgh321

I've similar issues

viewtopic.php?f=2&t=150601&p=743068#p743068

What can happen if I just remove the rule dropping invalid packets?

pgh321

After a while reasoning, this seems not related to VPN usage and could be definitely like https://forum.mikrotik.com/viewtopic.php?t=3991 So I looked for packet timeout values here https://forum.mikrotik.com/viewtopic.php?t=85039 But I'm not sure if this is a good way to solve the issue. This could ...

pgh321

router tplink is a VDSL router that I'm behind (NAT) , MIK WAN is the IP that I have on the gateway interface 151.99.125.1 and 2 are DNS servers configured in the router This traffic starts if I enable detect-internet, that works and shows a nice graph in the mobile app, but these entries are floodi...

pgh321

Hi, I'm doing some tests using l2tp ipsec VPN with my Android smartphone My Mikrotik is behind a tplink (double nat, I've already removed every application layer gateway rules and added l2tp and ipsec port forwarding), but I see some logs like DROP: input: in:ether01-gateway out:(unknown 0), src-mac...

pgh321

Hi guys, I posted a while ago needing a VPN to remote access my lan from my phone. After some reading, I followed https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Basic_L2TP.2FIPsec_setup Setup firewalling: add action=accept chain=input comment="allow L2TP VPN - protocol ipsec-esp" in-interf...

pgh321

Hi all. I have a rb2011 behind the NAT of a tplink VDSL router. Right now I've opened ports for some surveillance cameras, but now I've also a home alarm with a mobile app and a small fileserver, but I don't feel confident having too many devices that are "facing the outside". So I was thi...

pgh321

Hi, I have a wired network connecting two buildings. In the main building I have a rb2011 as a router/firewall connecting the network to the internet, and for the second building I have another rb2011. At the beginning I was thinking about some kind of "isolation" between the two buildings...

pgh321

I'm trying to remotely shutdown a NAS with a fetch command (rb2011 and nas are on the same ups) So far, I've found (with live http headers in firefox), the cgi url that shuts down it. But it works only from firefox url bar, if I'm already logged in. No way to use it like http://user:pass@host , I've...

pgh321

Hi. I've just put a pendrive on my 2011 (ros 6.24) It didn't recognize it, but it did after a reboot (weird). Then, I've seen usb1 on Files. But I cannot format or check it: - under Stores I just see 0kb used / 0 kb free - under Disks -> format drive -> I see "action not permitted" and a w...

pgh321

Hi, I've read about this on the wiki, but there no examples about it.

How often does it send an email?

May I use it to send me a mail, for example, every 100 lines of log?
Or it sends a mail for every new log line?

Thank you

pgh321

Yes, but if you are using your script above, how do you deal with it? How often do you send your file? thank you

pgh321

/system logging action set 1 disk-file-count=20 disk-file-name=/usb1/log disk-lines-per-file=2000 regular script for sending: /tool e-mail send to="my.email" subject=([/system identity get name] . \ " SystemLog") from=my.device.email file=usb1/log.0.txt I've just found this post...

pgh321

Hi, I connected a NAS Zyxel NSA310S to my mikrotik (RB2011, v. 6.10) and when I tried to make static the dhcp lease Webfig crashed and I was logged off with internal server error (I've done it without problems for other devices). Then I stopped seeing the lease in Webfig, and I need to logout/login....

pgh321

Hi, I have an RB2011. ether1 is gateway, ether2 is master for 3,4,5 , ether6 is master for 7,8,9,10 ; then I have bridged ether2 , ether6, and sfp1. When I configured LAN IP on the RB2011 (from the Quick Set view) the local mikrotik IP had been assigned to ether2. It works, but shouldn't it be assig...

pgh321

Do you use light or dark mode? I have interface graph as default, 30min timeout and dark mode from the beginning. No problems at all.

Hi, sorry for the long delay.
Anyway I checked my settings and they were left as default, the same as yours: 30 min timeout, time interval MIN , color scheme DARK...

pgh321

Hi, sorry for the long delay... I've understood my error, inadvertently I merged the "do" from the if block and the "do" of the on-error block, thank you :-) Am I right now? BTW I added logging of the current IP, can you tell me if this is correct? :if ($EntryDNSForceUpdate) do={...

pgh321

Submitting this as a bug report,
since it is quite confusing.

Thank you

pgh321

Sorry, I still don't understand. My cable works, so how can it be wrong? I'm using a straight ethernet cable (not rollover) and a rj45-db9 adapter , wired the way I've posted before. Again, in the wiki image there are no serial pins connected to TWO wires, while in the table below both 4 and 5 from ...

pgh321

Hi, I've built my serial cable a year ago, and I've looked back at the wiki page today to suggest mikrotik to a friend. Image http://wiki.mikrotik.com/wiki/File:Rj45.gif seems wrong to me, or at least different from my cable. My cable is a straight ethernet cable, plus an rj45 F - DB9 F adapter RJ45...

pgh321

but the screen remains on even when the backlight is turned off. This weird behaviour could be the cause of the problem (small problem indeed for devices that are normally closed inside racks, but anyway fixing it could be nicer). Since you have found a possible cause, I'm marking this as a bug rep...

pgh321

During these weeks, I noticed that if I periodically change view (for example, from interface stats to log to system health...) burn-in from previous display seems to slowly vanish...
I'll check again with more attention, I'll post if there will be "permanent marks".

pgh321

Sorry, what is it?

There is nothing about it on http://wiki.mikrotik.com/wiki/Manual:LCD_TouchScreen ,
maybe it is an undocumented feature?

Anyway, I'm mostly using the default setup...

pgh321

I've checked after one day, and the display was correctly off. Probably with default timeout in the config. Anyway, I still see the ghost image of sfp1 graph :-( Maybe you were not showing graphs but informations, and that kind of graphics creates less burn-in? I think it could be something covered ...

pgh321

Hi, I've partially setup an rb2011 in my new home, then I stayed some weeks without going there, busy with other things. I had noticed that the lcd screen was going dark after a while, so I've not investigated into its setup. Yesterday I noticed that the lcd screen is suffering from burn-in (even ch...

pgh321

I have a mikrotik rb2011 connected with an ups, but let's imagine it runs out of power. I've read here that "After a shutdown someone has to physically go and unplug the power source, and plug it back in" So, if I do a full shutdown with a script monitoring ups power, then I need my action...

pgh321

ADSL modem and my netbook were powered off, there were only a surveillance camera, the rb2011 and the nas. I don't think this could be related to the camera... So, I don't know why the link went up and down 2 times in a minute... Has the mikrotik "switched on and off" the link 2 times ? Bu...

pgh321

Hi, I'm not sure this can be Mikrotik-related, but I'm investigating to exclude things :-) I have a rb2011 and a Zyxel nas, NSA310S, in a rack shelf, adsl is still not connected and nobody had physically accessed stuff. I'm sure nas was powered off, everything connected and ready, but not used yet. ...

pgh321

I have a rb2011, a nas, and I need to have unattended clean shutdown of both when ups goes low. Then I need to have them starting again on power restored. In the next days I'll try to do it, in the meanwhile I'd like to know your opinions. I'm still investigating if it is simpler to have mikrotik sh...

pgh321

In the meanwhile, I've built and tested a cable. I'm reporting things here, maybe someone will find this post useful. 1) I've not built a rollover cable + adapter, but an adapter "inverted", that works with common ethernet cables. 2) I just used a flat 8 wire phone cable, with straight rj4...

pgh321

In the meanwhile I bought a NAS, maybe I'll test usage of rb2011 as a secondary storage or something like that...

Thank you all

pgh321

The major drawback for me in webfig is that you can't connect using MAC Address. If the router has no configured IP addresses, you can't connect through webfig. Ok, I was aware of this. But if connecting with IP address, winbox and webfig replicates the same things? ie: are there system things that...

pgh321

yes, I tried it too, it works well... But I don't like having wine if not needed, so I was wondering if webfig is not reliable, has problems, or if it mirrors only some winbox commands... If webfig has the same possibilities (and the main advantage is when dealing with many devices), I'd just stay w...

pgh321

Hi, I have only one rb2011, so no need to save lists of addresses, and I have only Linux machines. winbox works ok with wine, but I don't like having wine on my machines, if possible. So, does winbox do something that the web interface webfig is not able to do, or they're just different interfaces f...

pgh321

Really nice script, thank you... Anyway, if this is not a problem for entrydns, I have no problems just updating every 5 minutes :-) Regarding your script, just a question: LocalSite is global because you need to still have it at the next script run, am I correct? I tried, as an exercise, to modify ...

pgh321

Ok, seems really simple! Do you just run it every 5 minutes or something like that? Don't you check if your ip has changed before updating it? Most scripts I've seen, like http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_dynDNS_behind_NAT , check if the external ip has changed before tryi...

pgh321

How do you use entrydns?
Their website says you need to use a "PUT" http request, I've looked fetch tool and it uses only GET ...

pgh321

In the meanwhile I discovered that the site I linked has a caveat too... Something like expiring after 30 days without logging in , like similar services... So, I'll stick with your suggestions... EntryDNS or freedns.afraid.org , I'll need to choose one and hope they won't disappear like other free ...

pgh321

Hi, looking for a free dynamic dns I found that many providers are not free anymore, or have caveats in their free versions, like you need to log manually to keep alive your account or similar things. Then I found d y n d n s DOT it ... written this way so you will not think I'm spamming :-) Seems t...

pgh321

Ok, so with these rules I'm just blocking everything incoming, directed to router or to LAN machines, except for the camera exceptions I'll add... Shortly speaking, are these rules enough to protect my own network or should I look elsewhere?

pgh321

but you also need to allow it on your forward chain if you use a default drop Sorry, I don't understand... I thought that inserting NAT rule would automatically open port in firewall... If I use dst-nat for port 1234, should I manually open that port in firewall? Can you provide me an example? Sorr...

pgh321

I moved from post below from beginner basics to here since it got no replies there Obviously I deleted original post to not have duplicates :-) Thank you for your help Hi, I will install in a few days a new rb2011 as a home router, and I looked into its setup. Most stuff should be already ok in the ...

pgh321

Hi,
I noticed (on the demo2.mt.lv router) that if I open a terminal from webfig it does not autoscroll to bottom when I enter commands.
I need to scroll down manually to see commands output.

Is this a bug, is there a workaround?
Should I just use ssh or winbox, instead of webfig?

pgh321

Hi, I've read http://forum.mikrotik.com/viewtopic.php?t=57557 , wiki page about grounding, and various other forums... I don't have outdoor equipment like in the wiki page, just a home with network outlets, ftp cable, patch panel (all shielded), rb2011, adsl modem, ... I could ground the rb2011, the...

pgh321

So you tested a big file transfer and got a very high cpu usage...
Seems quite weird to me, anyway obviously RB2011 is not a NAS

Maybe FTP works better, I'll try when I'll have my stuff working... Then if cpu usage stays high I'll just buy a nas

Thank you

pgh321

In the meanwhile, I found these:
http://forum.mikrotik.com/viewtopic.php?f=2&t=69175
http://gregsowell.com/?p=3485

Seems somebody has done it, I'll try when my setup will be ready.
Does somebody else use it? I was just wondering if there are drawbacks or problems...

Thank you

pgh321

I have a rb2011, I know that a true NAS is better, but I just need a "simple" storage for a surveillance camera... In the meanwhile, may I just use a usb disk connected to the usb port, or it is "possible, but with problems" ? Is there enough power for a 2,5" disk or should ...

pgh321

I was just curious about it, quoting user Normis from that thread This is a microUSB port so that you can use your standart phone charger cable to plug the router into your PC and configure it directly over USB (something like a replacement for serial port). There are also some other exciting featur...

pgh321

Hi, sorry if this is a noob question but I have not been able to find an answer. Only something quite old on http://forum.mikrotik.com/viewtopic.php?t=59709 I've seen only usage examples with usb port as "host" to attach disks, 3g modems, hubs... Is it also possible to use rb2011 usb as &q...

pgh321

Hi, I'll mount my rb2011 in a indoor wall-mounted rack, powering it with its adapter, and I'll use shielded ethernet cables. I've noticed the grounding screw on the rear side, but I've not read anything about it (only about grounding antennas) Do I need to connect a grounding cable there? Just a cou...

pgh321

Why double NAT? 1) I'd like to access the modem web interface, and doing that with bridged modem seems complex and sometimes unreliable (or, at least, I've not googled well, things like http://www.dd-wrt.com/wiki/index.php/Access_To_Modem_Configuration) 2) Better security in case I'll do something w...

pgh321

Sorry, that was a typo, I corrected my post to 192.168.1.0 instead of .0.0

Anyway, assuming the part regarding usage of ports is fine, other suggestions regarding the rest (nat,firewall, routing...) ?

pgh321

Hi, I've bought an RB2011UiAS-RM for my home, I have a DSL connection. I've already bought an adsl ethernet modem, and I was thinking about a double NAT setup. Regarding ports, I'd like to use a fast ethernet port as a wan port, since adsl will be 7M, I don't want to use a gigabit port. I've read ht...

pgh321

Thank you for your reply, I was planning to buy this
http://www.amazon.it/StarTech-ICUSB232- ... 000067SNB/
(just since it has free shipping, don't know product quality...)

Greetings

pgh321

Hi, regarding Mikrotik I'm a newbie, and I've recently bought a RB2011UiAS-RM as a router for my new home. Before starting using it, I'd like to buy a console cable, I've read online ( http://forum.mikrotik.com/viewtopic.php?f=2&t=66920 ) I need a cisco-style rollover cable... Can you confirm me...

Search found 58 matches