MikroTik

dg3feh

Hello! Does anyone know if there will be something like the CCR2004-16G-2S+ with 24 ethernet ports and at least one SFP+? I have been using a CRS125-24G-1S for years, but its performance as a router has definitely reached its limits. I would like to stick with one device. But the CRS326-24G-2S+IN is...

dg3feh

I will say what the majority would say. Use Wireguard with VXLAN/EOIP (if using layer 2). The CRS125 is MIPSBE with 1 core cpu, and that was never good with OpenVPN or IPSEC

CRS125 with v7 is also dump, because u loose the HW offloading.

I still have to solve my IPSEC issue, any idea?

dg3feh

Concur like 200-400 Mbps max for ethernet and a portion of that for any VPN. What is your ISP throughput at home? 400MBit/s up and down in fiber Do you have a public IP at home (static or dynamic)? dynamic, but that is well fixed by the l2tp which works fine. EGADs, Your rules are a mess and need t...

dg3feh

Although this is beside the point, IPsec won't give you any performance advantages compared to OpenVPN unless both endpoints (i.e., both your routers) support AES hardware acceleration. If there is no hardware acceleration, consider using WireGuard instead. But since your home "router" CR...

dg3feh

Hello! I operate on Mikrotik at home and one as access point if we are on holiday. Until now I used OpenVPN, but the performance isn't any longer acceptable, therefore I wanna change to IPsec/L2TP. The site to site connection works fine, but the tunneling of the holiday network towards the internet ...

dg3feh

Ok. I will send back the hap ax3. based on that the device is useless for me. I have to think over how to deal with wifi in the future. Mikrotik won't be considered. Shame on u if u fool me once, shame on me if u fool me twice I dislike hard breaks without any backward compatibility for an entire pe...

dg3feh

Hello! I did some tests with different hardware an ROS v7.11.2 - hexS - hap ac2 - hap ax3 hexS with wifiwave2 package works as a CAPsManger with the hap ax3 (which uses wifiwave2). hap ac2 does not connect as a CAP to the hexS in this configuration hap ac2 does not accept the wifiwave2 package (not ...

dg3feh

Hello! My CAPsMAN server runs on a v6 device. Is it possible to bind a v7 device as a CAPsMAN client to this v6 server? In v6 the device which were handed over to CAPsMAN have to been explicitly specified (interface in the CAP card). I can't find that within the v7. Any hints are welcome! BR Holger

dg3feh

....and at the end of the day the CRS326 is an old device on an old chip(set) wich is not well supported by ROS v7. We already tested that, btw the same with CRS125.

dg3feh

Hello all! I don't want to discuss new HW for my switch, but nevertheless CRS125 does HW offloading in ROS v6, there is no need for 2 SFP+. The only question was whether anyone had tested such SFP modules in the CRS125!? If it is not working I need a new 24-copper-port Router with one SFP for WAN up...

dg3feh

Hi! Thx for ur answer! The table in the wiki https://wiki.mikrotik.com/wiki/MikroTik_wired_interface_compatibility#10G_SFP+/25G_SFP28 lists quite a lot of modules higher than 1G working with that device. Therefore the question: Has someone tried that already? Buying a new switch is senseless due to ...

dg3feh

Hello! My CRS125-24G-1S gets more and more load and is also a little bit old fashioned as a Router. I wanna degrade that device just being a switch and transfer the routing to a RB5009. Therefore I want to connect the RB5009 with the CRS125 with 2.5G ethernet. Has anyone checked the SFP on the CRS12...

dg3feh

Hello! I have two PPPoE WAN Interfaces running. In general all clients have to use PPPoE_1 and if it is down PPPoE_2. That works fine with distances 5 and 10. So far so good. I have one IP (or Interface on MT side), that have to use PPPeE_2 in anycase. How can i setup a static route for that? All cl...

dg3feh

At MT it's getting worse and worse. WPA3 isn't supported, SFPs stop working, etc. It's time to look for an alternative provider...

dg3feh

Hello!

My test router is a simple hex-s RB760iGS. After updating to v7.1.1the SFP module is no longer recognized. It is a simple fs.com BiDi fiber module, which works fine since ever in several MTs. After downgrading to v6.49.2 everything is fine again. Any hints what is wrong here?

BR Holger

dg3feh

Hello! Has anyone had any experience with Edge optical transceivers (e.g. https://edgeoptic.com/Pub_downloads/Datasheets/BIDI-1.25G-SFP-21-ADS.pdf) ? They explicitly offer programming for Mikrotik. I had asked about parameter settings as well as diagnostic and status messages that are availible/visi...

dg3feh

Hello!

I am trying the same. Could u please send me a screenshot of the FritzBox Config? That is the strange part for me.

How have u fixed the dynamic ip adress problem?

BR

Holger

dg3feh

is that only done by a passphrase? no keys possible?

dg3feh

The GRE documentation ist not the best one at mikrotik. Do I have to use the static addresses generated by L2TP as local/remote address and afterwards the routing is done in the routing table? Where is the encryption defined at GRE?

dg3feh

IPsec works with policies not with routing and 0.0.0.0 is not accept there......

dg3feh

Hello all! I want to connect a remote site (small network with a Mikrotik) behind a natted router with my home site which is also a Mikrotik. I want to have access to my computers on my home site and beside that I want to route all traffic from the remote site to the internet through the tunnel and ...

dg3feh

Hello! I have one site with DDNS running als a concentrator for my network. The concentrators network is 192.168.51.0/24. I connect two satelite sites (192.168.54.0/24 and 192.168.55.0/24) to the concentrator by L2TP/IPsec. That works fine. so I get access from the satelite sites to the concentrator...

dg3feh

No ideas?

dg3feh

Hello! I run a L2TP Server on my Mikrotik at home (VDSL connection). The Client side is a Mikrotik connected to some kind of WLAN router running NAT. The configuration export without secrets u find here: Server: server.txt.rsc Client: client.txt.rsc The L2TP connection seems to work (R for running, ...

dg3feh

Hello! I want to set up a mikrotik based on a RB433UL for my parents motor home. The aim is to provide a secure 2GHz WLAN in the RV (R11e-2HPnD). This WLAN connects to the Internet by using a LTE connection (R11e-LTE) or if available a WLAN connection (R52HnD). To set up this within RouterOS is not ...

dg3feh

Yes, B is mandatory, because in this network are several clients with internal traffic which should have no connection to the outside. I found the problem. operating with a wan-bridge for wlan and ether1 as out-interface doesn't work. the routing here was not clear. using the wlan-to-wan and the eth...

dg3feh

Hello! I wanna try the following. A) I want to act a MT as a station connected to a (pubilc) wlan. That works fine, I get an IP, DNS, NTP, default route by the WLANs DHCP. B) I want to provide a local WPA2-WLAN for my clients using the network 192.168.54.0/24. That works also fine. C) I want to rout...

dg3feh

Hello!

I have the problem, that all apple devices loose their WiFi connection, if they are not used. I read in several other threads, that reducing the AMSDU values to 4096 solved the problem. How do I change that value if I use CAPsMAN?

BR Holger

dg3feh

Strange, but it doesn't work with an explicit destination IP. I have now an additional problem. I want to route http://<external-ip>:8100 to another webserver 192.168.51.231. add action=accept chain=forward comment=Heatermeter disabled=yes dst-port=8100 log=yes log-prefix=HM-forward: protocol=tcp ad...

dg3feh

Hello! Thanks for ur help! I changed the dst-nat to add action=dst-nat chain=dstnat comment="Port-forwarding HTTPS zum Server" dst-address=!192.168.51.254 dst-address-type=local dst-port=443 log-prefix="APACHE443: " \ protocol=tcp to-addresses=192.168.51.230 to-ports=443 add acti...

dg3feh

Hello! I am geting a bit nut with my firewall rules. My WAN connection is a PPPoE connection with a dynamic IP, the DynDNS works fine. The local networks I use: 192.168.50.0/24 - only modem in 192.168.51.0/24 - main LAN - Mikrotik Router 192.168.51.254 - Web-Server 192.168.51.230 192.168.53.0/24 - g...

dg3feh

Hello!

I run an AP wAP G-5HacT2HnD and it works fine for all Device (Win7/Win10, Linux, iOS, Android, etc.) Since one week I own a FireTV Stick (the new one with Alexa) and it does not connect to the Mikrotik. I run WPA2 PSK with aes ccm. Does anyone have a hint?

BR Holger

dg3feh

In /ip firewall service-port there is the possibility to reduce the TTL for SIP connections: SIP helper. Additional options: sip-direct-media allows redirect the RTP media stream to go directly from the caller to the callee. Default value is yes. sip-timeout allows adjust TTL of SIP UDP connections....

dg3feh

Hello! I tried to write the sniffer log to a Memorystick, without success. [admin@Router-HH] /disk> print # NAME LABEL TYPE DISK FREE SIZE 0 disk1 1GB-MEMSTIC fat32 PDU01_1G 71G2.0 968.6MiB 984.0MiB ...that seems ok for me. I found the disk1 in the files: [admin@Router-HH] /file> print # NAME TYPE S...

dg3feh

"use peer DNS" results in a "push". These DNS are dynamical set by the ISP.

No hints regarding the file problem?

dg3feh

Hello all, thanks for u comments. I have a small unix server in my LAN doing mostly nothing ;) (beside family file serving) which is able do act as DNS. Problem is the dynamic push of the ISPs nameserver to the mikrotik. How do I transfer this information to the server? Beside that: Some hints for t...

dg3feh

...beside that I tried to write the sniffer log to a Memorystick, without success. [admin@Router-HH] /disk> print # NAME LABEL TYPE DISK FREE SIZE 0 disk1 1GB-MEMSTIC fat32 PDU01_1G 71G2.0 968.6MiB 984.0MiB ...that seems ok for me. I found the disk1 in the files: [admin@Router-HH] /file> print # NAM...

dg3feh

In the last 24h I forced a TTL of 1sec to all DNS entries and there where no registration losts on my VoIP. So I am pretty sure that the ISPs DNS SRV Records are corrupt regarding TTL, weight, priority. I am already in discussion with my ISP, but as usual: To get someone on the phone, who is able to...

dg3feh

Nope! I know that my VoIP Service is some how currupted by wrong DNS entries, The work around is to ask not the mikrotik DNS cache, but the ISP DNS directly. Thus I want a directive to do that only for the VoIP domains. The rest works fine with the "normal" DNS relay. Only if this is not p...

dg3feh

I am talking about the SRV record. If there are two or more entries for a canocial name the descission which is taken is made by pritority and weight. -> https://en.wikipedia.org/wiki/SRV_record

dg3feh

Is it possible to see the priority and the weighting of the records?

dg3feh

Hello!

I know all this. The IPs TTLs and weightings seems to be wrong. I want to send all DNS queries direct to the ISP DNS and all the rest first to the caching name server. The normal TTL is 1h.
Is there no possibility to force this?

BR Holger

dg3feh

Hello! I have quite often regsitration losts on my VoIP. I figured out that the provider is changing all the time the IP Address of the VoIP Server. Thus I need to exclude the Provider Domain from the DNS cache. How can I do this? I need to use the mikrotik as DNS server due to the fact, that the DN...

dg3feh

Hello!

I have learned that the OpenVPN within Mikrotik has some lacks (e.g. push route, etc). Is it possible to activate client-to-client mode and if so, how?

BR Holger

dg3feh

Hello! I run two mikrotik devices: - Cloudswitch CRS125-24-1S - Access point wAP ac The private (W)LAN is 192.168.51.0/24 and the guest WLAN is 192.168.52.0/24. The private LAN incl. WLAN works fine. I setup the WLANs for guest WLAN as virtual APs, put them in a new bridge interface and defined a ne...

dg3feh

Hello! I use a Draytek Vigor 130 as a modem and fire up the WAN connection by PPPoE with the router. Rightnow I am connected to a ADSL2+ line and everything works fine. I will switch over to VDSL2+ in a few weeks and for that I need to pass a VLAN Tag from the mikrotik to the modem, but I haven't fo...

dg3feh

But it works now, thanks for ur help.

dg3feh

Correct me, but I masqueraded the request with the external address, why shouldn't match that with !192.168.1.0/24?

dg3feh

Ok, that's the point. I changed it now to /ip firewall nat add action=dst-nat chain=dstnat comment="Portforwarding HTTP zum Server" dst-port=80 log=yes log-prefix=FW80 protocol=tcp \ src-address=!192.168.1.0/24 to-addresses=192.168.1.252 to-ports=80 So that rule only works, if the source i...

dg3feh

So how this thread differs from your previous one ? Because the first one is more general and now only the hairpin is the problem. Is there any specific reason why you refuse to acknowledge that it can't work with dstnat rules that have in-interface=PPPoE-ALICE? :) I have under stand that, but /ip ...

dg3feh

use code on conclusion page of this presentation https://goo.gl/35GBvK , it's work both single wan and multi-wan

credit : https://www.facebook.com/mikrotiktutori ... 126599365/

I can't see the difference to what I am doing....

dg3feh

Ok, I tried that one: /ip firewall nat add action=masquerade chain=srcnat comment="Maskierung LAN" out-interface=PPPoE-ALICE src-address=192.168.1.0/24 add action=src-nat chain=srcnat comment=NTP protocol=udp src-port=123 to-addresses=192.168.1.254 add action=dst-nat chain=dstnat comment=&...

dg3feh

Hello! I have the following configuration: FullSizeRender.jpg I want to reach with the normal clients the internet and the server from extranal and subnet 192.168.1.0/24 under the external server address. Beside that I want to reach the modem on its internal address for configuration, etc. The addre...

dg3feh

That's just a half of it. You still need proper dstnat rules. And your current ones only work for connections coming from internet (via PPPoE-ALICE interface). Hm. As far as I understood: We are coming from the inside (e.g. 192,168.1.100) and want to connect to the WAN addresss. Therefore we catch ...

dg3feh

Yep, two hints: 1) tag is very useful thing. what do u mean by that? 2) Read my previous post again and this time pay a little more attention (extra subhint: you did not touch your dstnat rules).[/quote] As fare as I understod, the Hairpin works by masquerading. The internal call from LAN to the ex...

dg3feh

Hello! the Hairpin and the forwarding for the Router still does not work. Here the actual export: [admin@Router-HH] > /export # feb/03/2017 00:42:43 by RouterOS 6.38.1 # software id = D5X7-MT4X # /interface ethernet set [ find default-name=ether2 ] master-port=ether1 set [ find default-name=ether3 ]...

dg3feh

I implemented ur hints, and the Harpin still doesn't work

also the redirect of the Router HTTPS Interface doesn't work

dg3feh

And what about the Hairpin? I need to get that working to get access to the addressbooks an calendars from smartphones while they are connected to the LAN via WLAN

dg3feh

Hello! Thank u for ur answer. The routing from the outside works fine for HTTP, HTTPS and SSH. For the Harpin rule u mean: /ip firewall nat add action=masquerade chain=srcnat comment=Hairpin dst-address=192.168.1.252 dst-port=22,80,443 out-interface-list=ether1 protocol=tcp src-address=192.168.1.0/2...

dg3feh

Please show a complete /export of your config so it can be debugged. [admin@Router-HH] > /export # feb/01/2017 10:45:22 by RouterOS 6.38.1 # software id = D5X7-MT4X # /interface ethernet set [ find default-name=ether2 ] master-port=ether1 set [ find default-name=ether3 ] master-port=ether1 set [ fi...

dg3feh

LAN means LAN, the internal network where both server and client are connected.

How do I define that? These are all ports accept 23 (where the Modem is connected to)

dg3feh

Mistake found. I have to use the PPPoE Interface and not the port! Next problem is the Hairpin NAT http://wiki.mikrotik.com/wiki/Hairpin_NAT /ip firewall nat add chain=srcnat src-address=192.168.1.0/24 \ dst-address=192.168.1.2 protocol=tcp dst-port=80 \ out-interface=LAN action=masquerade what does...

dg3feh

So the public IP address is assigned to a PPPoE connection on the Mikrotik? Do you have firewall forward rules to accept the incoming connection? dst-nat only tells the system what you want the packets re-written to, it doesn't give it permission to actually forward the traffic. You likely need to ...

dg3feh

Hello! I did some changes on the DDNS-script given by the Wiki in order to use different providers and protocols: :global ddnsuser "USERNAME" :global ddnspass "PASSWORD" :global theinterface "INTERFACEtoWAN" :global ddnshost DOMAINNAME :global ddnsserver SERVERNAME :glo...

dg3feh

The public IP is held by the PPP Interface on ether23-MODEM.

What kind of forward rule? U can see all my rules in the post.

dg3feh

Hello! I run my LAN on 192.168.1.0/24 and a xDSL connection via a modem (192.168.0.2) which is connected to ether23-MODEM. The internet connections worksfine. The firewall is like this Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Kaputte Pakete DROP chain=input action=drop connection-state=in...

dg3feh

Thanks!
The defined gateway is not used, if the Vigor130 acts as a modem and not as a router! The route on the modem sloved the problem!

Holger

dg3feh

Hello! I am completely new to mikrotik. The first aim is to connect a local network (192.168.1.0/24) via a modem (DratyTek Vigor 130) to the internet. The modem has a maintenance ip inteface. This on should run in a seperate network (192.168.0.0/24). Mikrotiks IP is set to 192.168.1.254 on ether1 an...

Search found 68 matches