Hello there Mikrotik gurus. I have a problem with torrent files. I want to have two user profiles Profile A and Profile B. I want to allow ONLY users registered on Profile A to download torrent files and BLCK those registered under Profile B. Is there any way I can do this? I have tried a google search but I only get the ability to block all torrent files.

P2P now encrypted, how do you know they download torrent ?

use layer 7 to block p2p now. After that you create mangle rules to shape that traffic.

use layer 7 to block p2p now. After that you create mangle rules to shape that traffic.

Like I said, I am a beginner in this therefore I need more guidance on the 'mangle rules'. thank you.

use layer 7 to block p2p now. After that you create mangle rules to shape that traffic.

L7 can read data encrypted ???

use layer 7 to block p2p now. After that you create mangle rules to shape that traffic.

L7 can read data encrypted ???

I suggest you read more about layer 7 on mikroti wiki @ wiki.mikrotik.com. as for how to setup the rules, I have attached screen shot that will guide u.

Hi,
I just want to know why dns 8.8.8.8 bypass my mikrotik config., I have a Mikrotik router and fully setup. including blocking website like facebook. My problem is 1 user put a dns 8.8.8.8 on a computer
and he access the facebook using 8.8.8.8 dns. So useless the Mikrotik config if user's using 8.8.8.8 dns?

Pls help.

use layer 7 to block p2p now. After that you create mangle rules to shape that traffic.

L7 can read data encrypted ???

I suggest you read more about layer 7 on mikroti wiki @ wiki.mikrotik.com. as for how to setup the rules, I have attached screen shot that will guide u.

Your solution won't work when user enable protocol encryption.

As suggested, users get wise to enabling BitTorrent encryption etc which will make layer 7 efforts far less or completely in-effective, savvy users may even start to use VPN to hide the traffic
You're better off approaching this from a QoS point of view, prioritising certain traffic leaving bulk traffic to use whatever is left. This should go a long way to keeping legit users happy.

You could also control access to various sites via DNS using services such as OpenDNS or similar (don't forget DNS redirect to prevent work arounds). This won't stop the most determined users but will be another tool in the arsenal.

You could also add various popular (illegal file sharing) tracker Domain Names as static entries in your DNS pointing to 127.0.0.1 to scupper their Torrent Clients from making connections. This doesn't mitigate DHT though.

Depending on policies/contracts - monitors users bandwidth and or DNS queries to single out users breaking rules/conditions and approach them about the issue or build a case for removing them from your network.

One issue that's making it harder in relation to BitTorrent is the increasing use of BitTorrent for legitimate purposes. i.e. OS Updates, Game Updates, numerous Open Source software downloads etc
Myself I run a Torrent Client 24/7 sharing things such as Raspbian, Linux installs, Bootable Images etc. I run this from my VPN from OVH but a lot of users do this from home connections.
If users are running BitTorrent for legit purposes on your network where do you stand...?
,