Hi! I have a Wireguard server configured in a Mikrotik router (ROS 7.6) that only works when the peer has an IPv4 address. If the peer has an IPv6 address it doesn't work. One peer is my cell phone, sometimes the LTE carrier assing to it an IPv4, sometimes an IPv6. That's the problem, everytime it g...
Hi! I have a home network working good, with various VLANS, two WAN links in load balance, VPN server (Wireguard), etc. My main router is a CCR2004-1G-12S+2XS, that replaced an old RB3011. As I have a dedicated switch, using the RB3011 as a switch is not necessary in my network. So, I leave the RB30...
I had a Wireguard problem here, maybe someone can check. I configured an external paid VPN service. To change the contry the connection output will be, I have to change the endpoint field in the Peer configuration. The problem is that after changing the endpoint address, the RouterOS ramdomly connec...
Yes, you'll get the 300Mbps. But check the RB4011, it's CPU is more powerfull but lacks the USB port and the VLAN aware switch. I have a RB3011 and two 300Mbps Internet links, but using failover and load balance, with mangle and QOS, ie. no fasttrack, it is not capable of the 600Mbps combining the t...
It seems you are not familiar with the RouterOs yet. It's very powerful but with a steep learning curve. It's better to start with the very basic working before attempting changing configurations. I suggest you to reset the router to the default configuration: [System]->[Reset Configuration]->[Reset...
It seems that your network is well dimensioned for your use. Dou you identify some points that needs improvements? A possible upgrade path is going to a 10Gbps LAN, if there is enouth traffic/bandwidth demand between your servers and workstations, like a NAS/File Server for example. Another one is u...
@pcunite
I would like to thank you very much!
The best article about VLANs in RouterOS that I found, by a large margin.
I configured my network following your instructions, everything works as expected.
Excellent job.
As Windows 10 doesn't support link aggregation, you must relay on the NIC software. And chances are that Windows updates eventually break it. Try to follow these instructions, probably the two NICs must be the same model: https://www.intel.com/content/www/us/en/support/articles/000032008/network-and...
Intel PROSet always shows one of the NICs as inactive although both work just fine separately. It seems like a link state monitoring problem (ARP or MII are supported by RouterOS). Check it both sides, on router and on server. According with the balance mode, some monitoring methods doesn't work.
You could try to test each server NIC individually, removing one cable and then another. If each one can reach 1Gbps, then probably there is no problem. To use 1Gbps on both interfaces, your application must demmand that from both. Or you can try to configure link aggregation, creating an unique int...
Another option is to have admin access to the ISP modem/router, and create your subnets there. Then in the Mikrotik you can create two bridges. I had that same problem some time ago, having Internet and phone from the same box and no bridge mode possible. After complaing with the ISP, they replaced ...
I'm with the OP. OpenVPN is a very secure open source VPN protocol, and some VPN providers only accept it, like AirVPN. It is missing in RouterOS the client authentication using certificates, that is the most secure way to do it. Should we wait for that implementation in RouterOS, or forget about th...
I found the problem. It was missing a masquerade NAT rule. I added to the WAN interface list (that already have a masquerade rule in place) the ether3 interface, that ether3 connect to the OpenVPN router LAN: /interface list member add list=WAN interface=ether3 Everything is ok now, thank you all! R...
Well that seems to be the problem for me. Why does the VPN ROUTER have two LANIPS or two WANIPS It should only have one, requests come from the single LAN IP, (routed there by the mangle rules and route created) into the VPN router, they get encrypted, not sure what you are doing there, and GO OUT ...
Hmm, dont tell me your trying to to vpn over an lte celluar network LOL, Might as well use a soup can with a string to communicate. hehehe... no, no. It is only a redundancy, for the rare occasions when the fiber go down. But I contracted a second fiber link, to be installed in the next days. (1) W...
Listing part rules never helps me /export hide-sensitive file=anynameyouwish Not positive but likely your firewall rules get in the way. Yes, probably, it is a mess... # dec/08/2020 17:51:32 by RouterOS 6.47.8 # software id = 03Q9-KY1R # # model = RouterBOARD 3011UiAS # serial number = 7810087375DE...
Okay got it, Fixed list of IPs from various vlans for any internet traffic require to be routed through the OPEN VPN router, otherwise normal LAN to LAN traffic. As described to me in general. (1) Create another route, other than the default route which identifies a pathway to all destinations via ...
The problem I am having is figuring out how to direct certain vlan IP, devices on different vlans to get routed through the OPEN Vpn router, but not all the time. Can you confirm that those IP addresses ONLY require VPN access through the openvpn, or are they expecting to have normal activity throu...
To keep the requirement clear, would this be correct. (1) I wish to use an existing router I have, that does OPEN VPN, but behind the RB3011. (2) I wish to be able to direct various devices on different VLANS to use the OPEN VPN connection. Assumptions The other router has to be in router mode to a...
If all traffic from the second computer is to go via the WR1043 either put a few ports in a separate bridge on the RB3011, or change the existing bridge to be vlan-aware and use VLANs. No need for any DHCP, NAT, etc. as those few ports are effectively operating as an unmanaged switch. If some of th...
I dont understand the explanation. What device brand is router 2?? Router 2 is a Tp-link WR1043nd, with the OpenWRT firmware. How can a port on the RB3011 get an IP address from Router1? There is no Router1, only the RB3011 and Router2. A port on the RB3011 get an IP address from Router2 configurin...
Hello! I posted a similar question in another thread, mixed with UDP OpenVPN tunnel in a OpenWRT box, and get no answers. It is my fault to have mixed various potential problems together. So, I am testing a simplified setup and asking for help. This is the setup: WAN --PPPoE-->RB3011---->LAN1---->ro...
I'm trying a similar setup here. As ROS doesn't have support for UDP OpenVPN client certificate authentication, I'll use a separate OpenWRT box only as the OpenVPN client. Please see the attached image. https://i.ibb.co/fMFBBS2/OpenVPN.png The "Client OpenWRT" works fine, accessing the Int...
Is there any reason to use 1 bridge with 4 VLANs instead of 4 separated bridges? On a CRS1xx the VLAN handling is done in hardware even if configured using the /interface bridge configuration tree, so it doesn't cause any CPU load. So yes, I'd use a single bridge with vlan-filtering=yes with access...
So I'll not use VLAN at all, but configure 4 bridges in the switch and connect one cable for each. The two subnets with more traffic I connect in separate switch chip of the RB3011 (eth5 and eth6, for example).
Is there any reason to use 1 bridge with 4 VLANs instead of 4 separated bridges?
Hi, I have a CRS125-24G-1S-IN configured to work as router and switch in my home network. I upgraded my bandwidth and will configure a VPN to access my network externally. So I bought a RB3011UiAS-RM to work as router and leave the CRS125 only as a switch. I use 4 subnets with firewall rules to allo...