Thank you for your feedback, I appreciate it! The reason I didn't reach out to Mikrotik support is that their support page mentions that email support is only available for 30 days after the purchase of a RouterOS licence or product. But seeing as this is a verified bug, I'll make sure to contact th...

Thanks for your response. I don't really understand how my post could be seen as a complaint, but if you think that way, I'm sorry about it. It's good to hear that this is being actively worked on.

Bumping this as it actually seems to occur more frequently now that we've updated to v6.40.9

Hi, we have set up a site-to-site VPN connecting our main office (running strongSwan 5.5.1 on Debian Stretch) to a branch office (using a RB2011iL with RouterOS 6.40.8 ). It's a IKEv2 tunnel using a PSK and the default key lifetime of 1 hour. Everything works great, but every now and then (maybe aro...

The DHCP server uses a raw socket so it receives everything, unaffected by the firewall. So you don't require any input rule.

That's it. Completely forgot that dhcpd needs to open a raw socket, so no chance for any firewall rules to apply. Thanks for all the feedback.

It has already popped up 10 years ago with no clear outcome. I would suggest to send that to support@mikrotik.com for clarification. Thanks for your support! The link you provided does not seem to work, do you mean https://forum.mikrotik.com/viewtopic.php?t=14050 ? It's interesting that this has be...

Here's the export. We have two VLANs on a bridge containing all LAN-facing ports, vlan60 (10.60.0.0/16) is internal while vlan99 carries guest WiFi traffic. We only do DHCP relay (to the DHCP server in the main office subnet 10.10.0.0/16) for vlan60, for vlan99 it's handled by the WiFi controller. F...

The input interface is indeed a VLAN on a bridge. No bridge filtering is active, however ("Use IP Firewall" and "Use IP Firewall For VLAN" are disabled). In any case, shouldn't all packets that are received by a process on the router traverse the INPUT chain?

Hi all, we have a setup where use a Mikrotik router at a remote site and relay DHCP over an IPsec tunnel to a central DHCP server in the main office. Everything works fine, but today I noticed that we don't actually have any appropriate rule in the firewall's input chain—at the same time there is a ...

Hi all, I have a few RouterBoards in use that connect remote branches over IPsec with our main office, where we use strongSwan as the IKE daemon. This works fine so far, using the cipher suite AES_CBC_128/HMAC_SHA2_256_128/MODP_2048 for the IPsec SAs. RouterOS version is v6.40.4. I'm currently tinke...

andriys, thanks for your response! If I understand it correctly that means that I can setup two simple queues in the Postrouting table, one for the VoIP traffic and another for all the other traffic that goes through the IPsec tunnel. As a follow-up, it's not possible to prioritize flows without set...

Hi there, we're using a RB2011 as a branch router for a remote office. There is an IPsec tunnel configured that connects the remote office's internal network to the main network. Among other internal traffic, there is also a VoIP connection between a SIP-DECT base station inside the remote office an...