MikroTik

tholderbaum

The Mikrotik default config is essentially not to accept RAs, you have to explicitly enable them with: /ipv6 settings set accept-router-advertisements=yes If you do that make sure to configure the firewall to discard RAs from unwanted interfaces and/or nodes. I am not sure that is entirely true. In...

tholderbaum

2022-01-20_18-44-27.png So I played with this further on my test rig. Basically the issue was you had to have both the port 80 traffic allowed on the input chain AND the web fig enabled under IP Services. the requirement appears to be both. I tried it 4 different ways: Port 80 open and Webfig enabl...

tholderbaum

I really appreciate the inclusion of LetsEncrypt certificates. I have been playing with them, but I have run into a significant problem. It appears that to obtain or renew a certificate, the process requires an open port 80. Not just that, but specifically you have to enable Webfig on port 80. Which...

tholderbaum

I have a Mikrotik CCR 1036. I am running non default ports for winbox. I am running 6.46.8 Long term This morning, I attempted to login, and found that no password I have was valid. We then tried the default password of admin with no password, and got in. The issue is that the router is completely o...

tholderbaum

It looks like you have the routing marks setup, but you don't define what to do with them Routing marks should lead to a separate route table for each WAN. Essentially, you need a default route on each route table for each WAN interface.

tholderbaum

I can confirm this behavior. RFC 1178 recommends not using DNS Host names that start with numbers. https://tools.ietf.org/html/rfc1178 here is the relevant section: Don't use digits at the beginning of the name. Many programs accept a numerical internet address as well as a name. Unfortunately, some...

tholderbaum

It is difficult to understand what you are trying to accomplish. I assume you are trying to open TCP/445 from the outside through the firewall. If so then it is a 2 step process: Step one, you need to define the dstnat rule: /ip firewall nat add action=dst-nat chain=dstnat dst-address=publicIP dst-p...

tholderbaum

Can you please post your config? Can you verify that you have UDP/1701,500 and 4500 open on the input chain? Also are you accepting IPSEC-AH,ESP and GRE packets?

tholderbaum

Hi everyone, i have this scennario: RB750Gr3 (inntended to be a load balancer) - eth1 to RB3011 RB3011 (inntended to be a pppoe srvr): - eth1 to RB750 - eth10 to OmniTIK Omnitik - eth1 to RB3011 - eth2 to NanoBeam AP (1) - eth3 to NanoBeam AP (2) RB750 - eth1 to NanoBeam Station (1) - eth5 to ADSL ...

tholderbaum

Did you allow traffic between the different subnets?

For example:

If my lan is 10.1.1.0/24

and my VPN users are on 10.1.2.0/24

I have to allow traffic between the two subnets.

If that doesn't work, can you post your config?

tholderbaum

For starters, you need to understand that from a networking perspective. Bridges work just like a switch. When you create a bridge, and add to interfaces together, you are saying that those interfaces are link together as if they were plugged into a same switch. This commonly referred too as a layer...

tholderbaum

try to locate rule 10 on the 2th place, then try to ping from your vpn. the firewall is work like instruction sets, one by one and the first match is the one that catches. Nope still nothing. you mean /ip route print? I was thinking to add to NAT chain=srcnat action=accept src-address=192.168.100.0...

tholderbaum

Hi. Is some general guide available for new Mikrotik users how to setup new instance in common enviroment like small office ? Simple specification: - what to buy to have good background for 100 devices office ? (50 PCs, 40 mobile phones, 5 printers, some guests coming in and out frequently) with re...

tholderbaum

Hi all, I have multiple devices on my LAN and I am segregating them for security purposes into 3 groups using 3 VLANs (2 tagged, one untagged). All the devices are connected to a managed VLAN aware switch. Now, I want to connect those devices to the Internet via a MTK router (I'm currently playing ...

tholderbaum

Hi Guys, Does anyone have a method to remotely configure a new, out the box unit directly. The device will be connected to a lan, not wan directly. I can think of using TeamViewer etc to get to a PC and do basic config, then remote to device directly. VPN to network and config from there Any other ...

tholderbaum

What is the best way to isolate an IP on wired or wireless network? The goal is for that IP to be able to connect to the outside world/internet but nothing on the LAN Specifically here the most basic way. /ip firewall filter add action=accept chain=forward src-address={YourIP Here} out-interface={Y...

tholderbaum

I have tried the RB2011. The most I would do is 2 tunnels. If you are doing the hub and spoke VPN method, then the 2011 would be fine for the spokes. However, The CCR1009-7G blows the absolute doors off the RB2011. There really is no comparison. It can handle your loads without an issue. I run a sli...

tholderbaum

Here is what I do: On the firewall: (Assumes Ether2 is the interface you want to trunk. /interface vlan add interface=ether2 name="vlan1" vlan-id=1 add interface=ether2 name="vlan2" vlan-id=2 add interface=ether2 name="vlan3" vlan-id=3 add interface=ether2 name="vl...

tholderbaum

Cmaney is correct. Bridge mode is the way to go here. I just did this for a client. The Guide works by downloading the guide and other information and then sending it over the COAX cable to the boxes. All you have to do is plug the WAN port on the verizon router into an open port on the Mikrotik. Ad...

tholderbaum

Can you please post the config for the tunnels as well as any IPSec config?

tholderbaum

I don't know where to post this so I just chose the Genera post. I have a client who is running RB2011UiAS-2HnD. This router is giving problems. It keeps losing clock settings which I setup for time-based firewall filters. Every time I try to log into the router it kicks me out after 2 minutes. I h...

tholderbaum

Hello, I did not understan from the manuals if a configuration like this could create logical loops or other problems: /interface bridge add name=bridge1-untagged add name=bridge2-Vlan2 add name=bridge3-Vlan3 /interface vlan add interface=ether1 name=vlan-2a vlan-id=2 add interface=ether2 name=vlan...

tholderbaum

Hi, We have just migrated our GNU/Linux router to a Mikrotik CCR1009-7G-1C-1S+ . We have mainly a bunch of IP address (public and privat) on the combo1 interface and that's it But now when doing connections from the router to somewhere , they are failing. For example: DNS client on the router has s...

tholderbaum

The issue with MikroTik and HA in general is the lack of any way to sync two routers together. When I saw your thread I was hoping you would post some way of syncing both routers automatically. Especially on a statefull firewall with connection tracking the lack of state sync can cause many issues ...

tholderbaum

I had considered VRRP. The problem being that at the colo datacenter (Peak 10), they clear tier mac address tables every 5 hours, instead of anything more reasonable. The problem being that the having the IP addresses come up with entirely different MAC addresses was not being recognized fast enough...

tholderbaum

Can you post a network diagram? Hand drawn is fine. On the face of it, running vlans precludes the use of an unmanaged switch because you have to do at least some form of routing. Your network diagram would help to determine what you need.

tholderbaum

I have called another script from within a script before such as to define variables. But I think in your case, the best practice is to have separate schedules that fire off the separate scripts. it is cleaner and easier to troubleshoot this way.

tholderbaum

Hi Guys, I'm struggling to setup MikroTik to bridge to local network on ether1 port. This is my current setup: There is a network 192.168.222.1 (No DHCP) in the building which is intended for VOIP Phones, if plugged into this switch the phones work normally On the same network the ISP's outside net...

tholderbaum

Everyone, We developed a fault tolerant solution for our main Mikrotik CCR 1036 router. This router is used at the main shared firewall for our entire hosted customer base. Right now, we have 25 subnets and 47 tunnels to our various clients. When this firewall goes down, we needed a method to minimi...

tholderbaum

I can help you with that. I just need to understand if it is a tunnel between two Mikrotiks or between a mikrotik and something else.

tholderbaum

Thanks.

That is the plan. I have a set of lab routers and non critical routers we will test on. When we approve a version, we will upload it to the update unit, which will update our production units.

tholderbaum

Remember to disable the windows firewall.

tholderbaum

This code is my standard VPN setup: It is a bit different than yours. Try it out, and see how it works for you. Comment: This proposal works for most devices. /ip ipsec proposal add auth-algorithms=sha256,sha1 enc-algorithms=\ aes-256-cbc,aes-192-cbc,aes-128-cbc,3des name=L2TPVPN_Proposal pfs-group=...

tholderbaum

Assuming you have some sort of tunnel between the two sites, it sounds like the RB2011 is becoming a bottleneck for you. I would switch to a CCR1009, especially the new ones. A CCR1009 will blow the doors off of a 2011 any day of the week. Introducing an RB750 doesn't really help you. If the 2011 is...

tholderbaum

Guys, We manage about 75 Mikrotiks. We have about 15 CCR1009, 55 RB2011s, and the remaining being split among AH1100x2 and rb750 and CRS switches I have to update all of them from time to time, but I also want to thoroughly test the versions before using them. I have a script which can update Router...

tholderbaum

There is a bug that i cannot stand When using winbox version 3, it will not let me copy and paste anything via either CTRL+V or right-click to paste. I run about 30 mikrotiks all over Florida and each one has at least 2 separate admin accounts, each with 24 character randomly generated password whic...

tholderbaum

Here is my question http://s12.postimg.org/o3eqvd0rh/Mikrotik_Tunnel_Configuration.jpg I have the following network. We run a hosted datacenter. We use a Mikrotik AH1100x2 as our core router. In the datacenter, we have our corp network, (Red), which has a tunnel to our main office, (also in red). Th...

tholderbaum

I am trying to put script in to upload the router config to a FTP server. I was using the scripts I found elsewhere on this board. However, when I try to do the upload it appears that the fetch tool is missing. I dont have in any of my Mikrotiks. I am running routerOS 6.7. Any idea on how to get it ...

Search found 38 matches

Re: IPV6 DHCP client does not add correct default route after reboot

Re: Letsencrypt requires an open Webfig HTTP port 80

Letsencrypt requires an open Webfig HTTP port 80

Unusual Problem

Re: Routing 4 lans and 4 wans [SOLVED]

Re: I can't set a DNS name that starts with a digit.

Re: why mikroitk Donot Cross File sharing traffic

Re: L2TP and IPSEC just not working IPSec Error

Re: VLAN and Bridge

Re: Mikrotik L2TP VPN works but can not reach LAN IPs

Re: Difference between /interface bridge filter and /ip filter?

Re: Working L2TP iPsec VPN but no Ping to computer?

Re: Quick config guide for new member of Mikrotik ?

Re: Security & VLAN

Re: Remote setup

Re: Isolate an IP [SOLVED]

Re: Need some advice...

Re: VLAN Trunking Router / SW / SW [SOLVED]

Re: IOS VPN into RB3011 behind Verizon NAT

Re: Dual VPN / same provider

Re: Router losing time settings

Re: Bridge for tagged and untagged traffic

Re: How to select where the traffic goes out through. Router with several IP's on the same interface

Re: Mikrotik Fault Tolerance Solution

Re: Mikrotik Fault Tolerance Solution

Re: CSS106/RB260GS to be un-managed switch

Re: can I run 2 scripts at the same time?

Re: Connecting Multiple Questions

Mikrotik Fault Tolerance Solution

Re: VPN IPSEC

Re: RouterOS Upgrade Question

Re: Networking Problem

Re: VPN IPSEC

Re: Is it necessary to install CCR on all remote sites?

RouterOS Upgrade Question

Re: Winbox 3

Tunnel Routing Question

/tool fetch missing???