MikroTik

divB

Hi, My RouterOS box is between some Ethernet and wireguard tunnels. For the longest time everything was perfectly fine (clients with MTU=1500 and wiewguard on the RouterOS router MTU=1420). Just recently one single SSL server seemed to hang. Turns out I can fix this by decreasing MTU on my clients o...

divB

Surprisingly I did not get a response to what I thought was a simple question . I'll ask again, based on what I want to achieve: I have 4 Point-to-Point links over which 2 iBGP sessions should be established to provide redundant default routes. The 4 PtP links are wireguard links and connect to two ...

divB

Yes I think quotes are only needed if comment has spaces or special characters. Just a simple word still works without.

divB

Hi, I have two OSPF routes where one where one has OSPF metric 190 and the other has OSPF metric 100. Yet both of them have distance 110 when installed in the FIB (see attached screenshots). Why is this OSPF metric not reflected in the FIB and can it be changed? The reason is that I would like to ma...

divB

Then please just ignore my answer.

I am sure sooner or later someone will find this post and has the same issue and will appreciate the pointer to a more universal solution.
I spent the last week working around RouterOS shortcomings and I’m happy to save someone else the same hassle.

divB

I think the issue with pre-src on 172.20.215.1/32 is that there is another direct connected route with higher priority. Alright, another crazy option: SNAT to an invalid address and then use a static route to force pref-src on that prefix. Disadvantage: All packages appear to come from the own addre...

divB

@anav: It is the setup in https://forum.mikrotik.com/viewtopic.php?p=1112178, so public IP and multiple WANs. However, upon more and more debugging it turns out the issue is still the DNAT, or, more accurately the missing source address. It seems that for some packets, a different source address is ...

divB

Yet still "not all can have specialized, niche vpn WAN only setups" as an argument that a broken design is "OK" is a fairly bad excuse. At least the issue should be acknowledged, rather than downplaying it. It should not matter if a WAN uplink is Ethernet, a VLAN device, a bridge...

divB

One day later and this stopped working. The crux really seems to be the initial source address that is assigned on the first routing decision. I'm sure I have the same config but different source address is chosen. Instead of 172.20.215.1, it's again the ISP IP or something else. @lurker888: Do you ...

divB

This hack only works in the "trivial" case that your multiple WANs are in the main routing table. I have a setup where I establish my WAN uplinks via VPNs (also wireguard). Then you need policy routing (VRFs don't work because not implemented) and everything goes nuts. If you have that set...

divB

I have a wireguard tunnel from a mobile device to a CHR, the setup described here: https://forum.mikrotik.com/viewtopic.php?p=1112178 Ping works flawlessly. Enthusiastically I tried connecting to Winbox over it but surprisingly I just get "Failed to establish secure connection". I tried si...

divB

It seems finally I could get it working with the combined ideas of @lurker888, @wiseroute, @Larsa and myself. Note that neither DNAT or SNAT by itself work for the reasons I mentioned a couple of times. It is important to indeed use a separate dummy device for DNAT. It is also necessary to create a ...

divB

@lurker, i will assume that you probably meant to write: iptables - t nat -a output -s 177 -o wan1 - j snat -to 210 no no.. it is literally -s 210 -o wan1 -j snat -to 210 ok. let us try to break down @divb first scenario: - vlan bridge/loopback/wireguard listen ip 210 - wan1 ip 177 no nat. full rou...

divB

Alright, good to know it works with 7.17rc1. Not sure when this changed, but it didn’t work before. If mangle works, that’s a third option along with NAT and routing rules. Would you mind summarizing again explicitly what the first 2 options are ("1. NAT" and "2. routing rules")...

divB

I've played around a bit more and this is the nicest version: /ip/firewall/mangle add chain=output action=mark-packet new-packet-mark=wg passthrough=yes protocol=udp src-port=13231 add chain=output action=mark-routing new-routing-mark=wg passthrough=yes packet-mark=wg /ip/firewall/nat add chain=dst...

divB

Thank you, you cleared up some important points for me! [...] It's not lazy coding, but a result of a philosophy regarding the protocol. One which obviously quite a few people don't agree with... but not exactly a bug. Ok, I get now what you are saying. But please hear me out until the end of my res...

divB

Actually this is not a bug, but simply an effect of how wireguard and linux routing works. By the way as far as I can tell, Mikrotik uses the stock linux implementation - and yes, the same thing happens on straight linux and yes, this is a frequently asked question on linux forums as well. To break...

divB

@divb, I assume it's a bug (or at least very bad implementation) of wireguard that does not set source address properly when generating local packets. ok. let us find out... you have 3 interfaces in the router. 2 wan and 1 loopback (wg ip). now... from those 3 interfaces - 210, 253, 177 which ip di...

divB

well, if @op would listen to put wg to listen on interface address 177 (which is persistent in terms of path) - then he won't have this headache resolving pref-src or nat or spoofing issues. please read his other thread as well so you get the picture. i did tell him to use nat - but he insisted on ...

divB

I haven't tested with your particular config, but on my router, when I want to control the source address as well as the outgoing interface for WireGuard reply-packets, I use dstnat rules: * First create an address on the lo interface, let's say 10.20.30.40/32 * Add dstnat rule for destination 192....

divB

Wow crazy. Thanks. I looked everywhere but did not find this. At least I'm not alone. Ok, I really want to avoid NAT but I'm OK to use it as a workaround. However, I am still not able to get it running. I am using the packet sniffer tool and just filter for UDP and the IP of my road warrior setup an...

divB

I continued to debug and the issue is, as I stated, that RouterOS uses the wrong source address which should be handled via pref-src. Since this is a new topic, I started a new thread: https://forum.mikrotik.com/viewtopic.php?t=212887 @wiseroute: it's obviously re written somewhere. either you have ...

divB

This is a followup question from https://forum.mikrotik.com/viewtopic.php?t=212807 but posting new topic because original question is resolved. Per request, I am starting with a network diagram: Screenshot 2024-11-27 at 16.27.59.png RouterOS runs a wireguard "server" for a road warrior set...

divB

Same issue, very badly waiting for WireGuard vrf support

divB

Ok, major update: RouterOS did send the return packages out but I had the wrong filter in the packet sniffer (192.0.2.210/32 instead of 192.0.2.0/24). One definitely should take breaks in between. Now the situation is clear: Even though I request the connection to 192.0.2.210, the return packet does...

divB

I am finding it difficult to understand what you are saying, but I will assume the mikrotik has 3 public ip addresses on it. And the incoming wg packets all come into the mikrotik via either the 2.249 or 2.253 interfaces but directed at the .210 address. Normally for this, I would use routing rules...

divB

@anav: I replaced my public /24 with 192.0.2/24 and keys/other public IPs/secrets with asterisks. Not sure how easy to digest this full blown config is but as I said, the gist is: ISP (with dynamic IP) is vlan2/FTTH Two wireguard tunnels wg-bg1-ftth and wg-bg2-ftth which establish over this FTTH con...

divB

Ok, I have a simple Wireguard road warrier setup and it drives me NUTS!! I am always getting handshake failed messages from the client and after hours I figured out at least what it has to do with: Two uplinks. But from here, nothing makes sense. Setup: RouterOS router with 192.0.2.210/28 on vlan4 a...

divB

Thank you. Now followup question: If a router which is VRRP slave receives a packet for the VRRP address, would it be forwarded to the VRRP master? Or, would a slave VRRP just not listen on this address? Then, what happens if a VRRP master listens on, say, 51820 and it transitions from master to sla...

divB

Thank you!
Understood.

I believe the easiest option is to create an interface list for firewall rules and put both main interface and VRRP interface in.
I think it would be good to have a note on this in the documentation because this is not logical behavior if you're not aware of it.

divB

Hello, I started using the documentation to build my own firewall: https://help.mikrotik.com/docs/display/ROS/Building+Advanced+Firewall However, first, it does not include rules to allow traffic (probably for simplicity due to NAT) and second, I don't understand why the last rule is not a DROP all:...

divB

I just spent an hour debugging why my firewall rules were not working and not matching my specified interfaces. I have configured VRRP for many interfaces and it turns out, instead of, e.g. vlan3, I need to use vrrp3 in the firewall rules. I thought VRRP interface is just a virtual interface for the...

divB

Thanks. Not sure, didn’t find it on the Documentation page for the CHR licenses.

This happens automatically, without having to run /system/license/renew etc?

Which firewall rule (host/port) is required for this check?

divB

See below. The first print was the demo license. I then purchased, issued renew command but there is still a next-renewal-at and deadline-at date: [admin@SunGate2] > /system/license/print system-id: xxxxxxxxxxx level: p10 limited-upgrades: no next-renewal-at: 2024-10-02 00:42:31 deadline-at: 2024-10...

divB

I have 2 Mikrotik routers. "Internal" network is a public /28, each router has an IP of this subnet and additionally a VRRP address. I want both routers to act as a redundant wireguard VPN server. Can wireguard on each router listen on an VRRP address to provide redundant VPN? If not, is t...

divB

Thank you!

divB

I am looking for an easy emergency "cold standby" backup device when my CHR is not functional. Hence speed is not important. The hEX Lite or RBM11G are the most cost effective solutions. Ideally I would like to rackmount them but if I get the RBM11G I need case, power supply etc all separa...

divB

Thanks everyone, especially also for reporting back that you're running RouterOS successfully on Proxmox/KVM. Good to know that this is not a fundamental issue with CHR. I meanwhile did another test: mikrotik1: 10.227.79.111 runs bandwidth server mikrotik2: 10.227.79.100: client to test bandwidth Bo...

divB

Also, let me ask, is anyone here actually running CHR on Proxmox and can confirm things are running fine? I just found https://blog.kroy.io/2019/08/23/battle-of-the-virtual-routers/#CHR .... also describing pretty poor performance. It would be hard for me to imagine that CHR on KVM would generally b...

divB

No, in first post you stated that you run speedtest from container. Can you do the same but now watch perfmon

Same. CPU of "networking" goes to 40%

divB

Yes, please add VRF support for Wireguard! I am not sure is this is 100% the same issue but I am seeing something odd: I place one internet connection (interface + default route) into a VRF, say "wwan" I add mangle+snat rules to force a specific wireguard endpoint (for tunnel "wg-wwan...

divB

Do you

What do you mean by this? Start "BTest Server" on localhost and then make a speedtest to 127.0.0.1?

Then I just get 10% networking, 10% BTest, 10% firewall (roughly).

And speeds 3.1Gbps / 6.7Gbps (Rx/Tx)

divB

Thank you @kleshki! See here:

Screenshot 2024-09-10 at 11.03.36.png

Indeed, the CPU is under heavy load. It fluctuates but above is roughly the situation during the bandwidth test. Have of the CPU goes into "networking" (which is not very specific to me).

divB

Or just spin a CHR on the same prox host without any config just with BTest server, can't see a reason why it can take more than 2 minutes to do so Ok I tried it out now with 1xP-10 and 1xP-unlimited. Again, the result is truly incredible. The first screenshot shows the demo license. RX is just 1Mb...

divB

Thank you all for helping to debug, I really appreciate it! Some feedback on the suggestions: Another forum member runs as public "Bandwidth Test" server, see: viewtopic.php?t=104266 Great! I tried this out and the result is truly surprising! TX (i.e. upload) is around 700Mbps but RX (i.e....

divB

What is your configuration? I.e. firewall rules and so on. As for the config, it's really big and I am not sure how relevant. Just basic firewall rules but no traffic shaping etc. I tried to strip away everything completely unnecessary and attach config at the bottom. Have you run perftests from CH...

divB

I have the following setup (see https://snipboard.io/mdF74v.jpg for a picture): A FTTH connection with 1Gbps symmetric on vlan2 A managed Gigabit ethernet switch A proxmox host connected to the GB switch the vlan2 and an internal LAN vlan3 (both tagged) A CHR VM (P10) on proxmox that has a VLAN awar...

divB

Hi all, Sorry for posting another question on this topic but I can literally not believe this. Either I am staring too long at it or it's another weird bug. I am tagging OUTPUT packets with a route mark to 8.8.8.8: /ip firewall mangle add action=mark-routing chain=output dst-address=8.8.8.8 log=\ ye...

divB

Just got back to this after 3 weeks. All of a sudden this does not work any longer :-( The following rule 3 chain=output action=mark-routing new-routing-mark=default_wwan passthrough=no dst-address=192.0.2.1 protocol=udp dst-port=51522 log=no log-prefix="" does not match any longer (packet...

divB

Thank you! Options are a global setting ... how would I make the connection to the lease and and where would/could the hostname be stored? The link mentions $(HOSTNAME) but to me it's unclear where the value of this variable actually comes from (and how it connects to a specific lease entry). Or ......

divB

Thank you, this seems to work, indeed! For future reference (and poking holes, if not correct): /ip firewall nat add action=dst-nat chain=dstnat dst-address=192.0.2.209 dst-port=443 protocol=tcp to-addresses=10.227.4.10 to-ports=443 /ip firewall mangle add action=mark-connection chain=prerouting dst...

divB

I have set up a simple policy routing that sends all packets with source address 192.0.2.0/24 through interface wan2 (all other traffic goes through wan1). Now the router has public IP 192.0.2.209/28 and I want to run port forwarding (dstnat) over it: All packets to 192.0.2.209:443 shall be forwarde...

divB

Yeah, it would be really great to have clarification on this. I am still testing my setup, if I know for sure that it will work once I buy the license I am fine.

divB

Hi, I have P10 license (trial right now) for CHR and DDNS just doesn't work. It's always stuck in "Updating": [admin@SunGate1] > ip cloud print ddns-enabled: yes ddns-update-interval: 5m update-time: no status: updating... [admin@SunGate1] > Cloud is reachable (and no specific firewall rul...

divB

I have the same issue with v7.15.3.

Can it be that this is still not fixed?

divB

For everyone having the same issue: I figured it out:

It works when you ping with vrf=isp.

It seems now that vlan2 is in VRF isp, every connection from the router itself that uses this VRF is automatically in. In my case, the Wireguard tunnel. Now the tunnel interface is ALSO in VRF isp...

divB

I'm not sure that's necessarily true. KVM supports USB passhrough. So nothing on host required and for CHR instance it looks just like a regular USB device directly plugged in

divB

Thanks. Wow that's weird then: [admin@SunGate1] > /ip/cloud/force-update [admin@SunGate1] > /ip/cloud/print ddns-enabled: yes ddns-update-interval: 5m update-time: no [admin@SunGate1] > Seems updates are just not happening. I have internet access. How can I debug this? EDIT: [admin@SunGate1] > /ping...

divB

I switched everything over to a big bridge now. Bridge has one port (ether1) which has all tagged VLANs. And the VLAN interfaces are now children of the bridge, not ether1.

divB

Crazy.
Every other DHCP server supports this.
Sad that RouterOS has to stand out

divB

I run CHR and get an ether1 interface with multiple VLANs. I’ve created VLAN devices such as vlan1, vlan2, vlan3. Now, some traffic is untagged and shall correspond to vlan1. But I see nowhere an option to either specify the default PVID of the Ethernet interface nor do I see the option to specify a...

divB

Normally one can define hostnames that are proposed/sent to the client. I thought this is "Client ID" but now my static leases got ignored: This seems to be a MATCHING field, along with the MAC address. So I have to leave that one empty. In my opinion, static leases should only match MAC a...

divB

I see, thanks!! I tried it and it works: [admin@SunGate1] > /ip/route/print where routing-table=default_wwan Flags: A - ACTIVE; s - STATIC Columns: DST-ADDRESS, GATEWAY, DISTANCE # DST-ADDRESS GATEWAY DISTANCE 2 As 0.0.0.0/0 lte1 1 [admin@SunGate1] > [admin@SunGate1] > /ip/firewall/nat/print Flags: ...

divB

Hello, I would like to send all packets for 192.0.2.1, udp, por 51522 over my lte interface. I have put the default route for the lte interface in routing table "default_wwan": [admin@SunGate1] > /ip/route/print where routing-table="default_wwan" Flags: A - ACTIVE; s - STATIC Col...

divB

So, getting LTE on my CHR running is a nightmare. I've been trying muliple sticks. The first one was E3372-607 with stick firmware and ppp. Port showed up, ppp device showed up but connection was just never established. I have up. Got another E3372h-607, this was has firmware 21.315.01.00.910 and on...

divB

Have you ever figured out anything more? I have the same issue and it I am really stuck. My stick is definitely in modem mode. I use usb_modeswitch on host PC (12d1:1506, which provides the serial ports) and then pass through to CHR via proxmox. One additional interesting thing: Im not sure where th...

divB

Hi, and thank you for the hint.

But how do find the right channel for Data and Info? I assume it's just coincidence that they are the same for you?

For me, channel=1 answers to all the AT commands but I assume that's the Info channel, not the data channel right? How do I find out the data channel?

divB

I am trying out the CHR test license and for some reason my dynamic DNS does not update: [admin@SunGate1] > /ip/cloud/print ddns-enabled: yes ddns-update-interval: 5m update-time: no status: updating... [admin@SunGate1] > According to the docs, the demo/test license should still include all function...

divB

Can anyone confirm a working (ROS7) LTE/5G (4G ok too) USB stick <$80 that's actually available?

I can only find the Huawei E3372h-325 and it seems it's not supported (or at least, not easily).

divB

My WAN interface is vlan2 and have put it in a separate VRF: /ip vrf add interfaces=vlan2 name=isp Reason is that I am getting the default route via DHCP and I do not want the default route to land in the main table. Of course, since main table doesn't have the default gateway anymore, nothing can c...

divB

Thanks for responding. Ok, let me try: Interfaces: br-wan (=main uplink), gre-vultr (=second uplink, via GRE tunnel), br-lan (local RF1912 network). br-wan's address is 233.252.102.170 and has it's default gateway 233.252.102.169 (via NAT). /ip address add address=192.168.200.254/24 interface=br-lan...

divB

Hi, I have multiple uplinks on my router, say br-wan1 and br-wan2. br-wan1 is default gateway but I use source routing ("ip rule") to ensure a separate routing table is consulted for traffic with source for br-wan2. This works exactly as expected. However, RouterOS messes up my traceroute:...

divB

I know this is not a solution but after days of debugging (and recording raw BGP packets and decoding OPEN message) I confirmed that the issue is the other endpoint. I was able to select a different endpoint and it hopped immediately to ESTABLISHED.

divB

Hi, Just to start, I have one BGP peer to which I can only talk via IPv6 but I need to announce both IPv6 and IPv4 prefixes over it. Sureley enough, only the IPv6 prefix is announced, although I ticked both "ip" and "ipv6" in the address families. The only thing I could find abou...

divB

Thanks. I finally got it working with ptp. In the end, even with the /31. EDIT: Just for future reference: Check the other tunnel endpoint! Linux (and derived systems) have the inconvenient property of setting the tunnel ttl to "inherit". OSPF sets TTL=1 (since they should just go one hop)...

divB

Hello, I am setting up a BGP session via a GRE tunnel. In my opinion I have done everything correctly but the peer does not show up as "E - established". I think this should be the first step that should work, right? Then I started the packet sniffer on that GRE interface and I see that no...

divB

Hi, I currently have the following straight forward config in bird to announce a net 192.168.1.0/24 on a particular interface (via source address) from my AS65536 to the peering AS64496: router id 10.1.1.1; protocol device { scan time 5; } protocol kernel { scan time 60; import none; } protocol stat...

divB

Thanks, I have checked this already. GRE tunnel MTU is 1476 on both sides (Linux and Mikrotik). I have tried setting to a smaller value, like MTU=1200. No changes. Is there a configuration/mtu with which I can exclude all MTU related issues? Any more suggestions? EDIT: I also tried ping to the multi...

divB

I need to connect Mikrotik OSPF with bird over a non-multicast connection. I have tried nbma but the neighbors are just not recognized, despite identical configuration. When I try ptmp, Mikrotik is still sending multicast. Here is what arrives at the Linux box: 07:04:47.192109 IP (tos 0xc0, ttl 1, i...

divB

How can I properly add neighbors for ptp and ptmp? There is only an "NBMA Neighbors" tab and "Neighbors" is readonly. Also, what is the proper way to configure OSPF over a point-to-point link (IPIP or GRE) with a /31 network? Say the tunnel endpoint has 192.168.1.254/31 and the M...

divB

Hi, So I know IPIP does not support multicast but GRE does. I created a GRE tunnel between a Linux machine and my Mikrotik router. From the linux end I send packets addressed to 244.0.0.5 (a multicast address). With tcpdump I can clearly see these packets being transmitted. However, on the Mikrotik ...

divB

Ok for the rest of the world, after banging my head on this for the last two days I finally got it working. There can be multiple rules and multiple rules can jump to different tables. Key observation is (and unfortunately Mikrotiks documentation is totally lacking here) that if a rule is applied an...

divB

What am I doing wrong? I have a normal main routing table: https://snipboard.io/IpZxKO.jpg This table contains (a) dynamic routes from all kinds of connected interfaces, (b) static routes, (c) will soon include OSPF or BGP routes. It also includes a default gateway. What I want to achieve is to crea...

divB

On future keep one eye on VRF... I have briefly looked into this but I have trouble understanding. I also played around briefly but lost connection to the router. Gave up because I am not on-site (Safe Mode to the rescue!!) Would you be willing to give a brief example using the numbers above? Inter...

divB

Yes, the routes on main table are set manually or by BGP? Right now manually as well as automatically (the automatic ones are for the various interfaces. Turns out without these not even simple forwarding from one interface to the other works). There are a few tens of entries right now. However, I ...

divB

Hi, I think this was pretty much what I was saying (" either via "ip route rule "). My problem is a different one: I want to replace the default route only . Currently my main routing table is big...and it has a default route, say via 193.0.0.169. If the source address is from net 233...

divB

Hello, How can I make routes to appear in multiple tables? Or, alternatively, how can I make sure that a newly created table contains all the routes from the main table? What I actually want is to override the existing default route if and only if a package has source address from 233.252.0.0/24. If...

divB

I have a RouterBoard 750G which I housed in a 19" rack using the dual 19" rackmount case (the right slot is empty). I installed it 4 years ago and so far it works nicely. However, it is in a remote spot. There is someone who can do basic things but it is very hard for myself to get there. ...

divB

The problem is that from version v6.41.0 onward there was the introduction of new bridge concept that removed the master/slave on ethernet ports. This was documented in the release notes https://mikrotik.com/download/changelogs for v6.41.0. At that point a script was made available to migrate old c...

divB

Hi, It just took me about 4 hours to recover from my upgrade to 6.48 on my RouterBoard 450G. I have a configuration in which my WAN is connected via ether1, an adm net via ether2, the lan via ether3 and ether4 and ether5 is a VLAN tagged port for all of them. So I have VLANs, bridges and stuff. This...

divB

Thanks sricci. That's a sad reply.

I think at the very least, a force-reboot and force-stop of the meta routers should be implemented so that they can't hang. A metarouter should not be able to crash the whole host system

divB

According to "/system resource print" it is version: 6.38 (stable).

It's really frustrating. Sometimes the meta router just crashes and the only way to get it back is to reboot the entire system.

divB

Hi, I am using metarouter (with OpenWRT) on RB450G with 3.24 and metarouter (not OpenWRT!) seems to be pretty unreliable: Very often, when rebooting/shutting down, the router just hangs with Status "rebooting" or "shutting-down". There is no way no force a clean restart of a meta...

divB

Thank you! That worked!

(http://wiki.mikrotik.com/wiki/Hairpin_NAT)

divB

Thank you, this is a nice hack.
I'll implement it but this should really be a functionality of RouterOS :-/

divB

I have two questions: 1.) Is there any chance to make it work for TCP? I guess the reason is that the actual content is in the packets after SYN, SYN-ACK, ACK so that the first three packages of the connection cannot be marked? 2.) I now have this setting: [admin@ugate] /ip firewall layer7-protocol>...

divB

I have set a public IP with masquerding and some IP forwardings: [admin@ugate] /ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; default configuration chain=srcnat action=masquerade out-interface=br-wan log=no log-prefix="" 1 ;;; SSH chain=dstnat action=dst-nat to...

divB

Hi, Is it possible to have RouterOS act as a DNS server, pointing to DNS servers for the queries but forward certain zones to a separate DNS server? With dnsmasq this can be done with: server=/localhost/127.in-addr.arpa/0.in-addr.arpa/255.in-addr.arpa/intra.mydomain.net/1.168.192.in-addr.arpa/1.7.10...

divB

Hi, I got OpenWRT for my METAROUTER (RB450) according to the Wiki from: http://www.mikrotik.com/download/metarouter/openwrt-mr-mips-rootfs.tgz However, does anyone know where I can find an opkg repository? I would like to install packages such as openvpn, ... Currently it is set to http://openwrt.pa...

divB

Hi, I just configured a meta router with the provided OpenWRT package. This is really great! However, there are not many packages and using opkg does not work because the referenced repository in opkg.conf results in a 404. How can I install OpenVPN within this OpenWRT instance as easily as possible...

divB

This is a great explanation - thank you! Do I understand correctly that 1.) For a physical port 5 that has vlan1,vlan2,vlan3 tagged I would need to create three interfaces and bridge them together? 2.) For example, vlan1_eth2 in your example - is this really needed? Because eth2 is an untagged port ...

divB

I am new to RouterOS and just trying to replace my router based on WRT54GL/OpenWRT with RouterBoard 750. I am confused with the architectural way Mikrotik handles VLANs (and interfaces, switches etc). What I want: - Interface 1: WAN (static IP), VLAN3, untagged - Interface 2: VLAN1, untagged - Inter...

Search found 102 matches