Community discussions

MikroTik App

Search found 423 matches

  • 1
  • 2
by Mesquite
Sat Mar 02, 2024 10:05 pm
Forum: Beginner Basics
Topic: Issue with PVID and untagged ports. [SOLVED]
Replies: 7
Views: 731

Re: Issue with PVID and untagged ports. [SOLVED]

Not putting the untagged ports especially when learning how to setup vlans is not recommended. Even with much experience I still prefer to put them in as whenever I do an export of the config they are visible and easy to cross check with bridge ports. Many times a misconfigured config for vlans is h...
by Mesquite
Sat Mar 02, 2024 7:05 pm
Forum: Beginner Basics
Topic: PPPOE WAN SET UP NEED HELP
Replies: 3
Views: 509

Re: PPPOE WAN SET UP NEED HELP

I am going to assume there was no default config with this router?? This is wrong, Where at the bridge ports......... you have it backwards . /interface bridge port add bridge=LAN_BRIDGE interface=LAN More like /interface bridge port add bridge=LAN_BRIDGE interface=bonding1 add interface=LAN_BRIDGE ...
by Mesquite
Sat Mar 02, 2024 3:58 pm
Forum: General
Topic: VLAN struggles (continued)
Replies: 7
Views: 750

Re: VLAN struggles (continued)

viewtopic.php?t=143620

Well you have one bridge ( and no address assigned to bridge, no dhcp etc)
two vlans with interface bridge.
assign bridge ports
assign bridge vlans
assign firewall rules as required.
done.

Up to you to do the work..........
by Mesquite
Sat Mar 02, 2024 3:56 pm
Forum: General
Topic: Understanding why Minecraft Server won't connect [SOLVED]
Replies: 14
Views: 4528

Re: Understanding why Minecraft Server won't connect [SOLVED]

Its all there, so it must be a config error on your part.
by Mesquite
Sat Mar 02, 2024 1:16 pm
Forum: Beginner Basics
Topic: I made a mess of config
Replies: 5
Views: 652

Re: I made a mess of config

viewtopic.php?t=143620

Also would need to see complete config...
by Mesquite
Sat Mar 02, 2024 1:14 pm
Forum: General
Topic: Require help/advice with Bridge and VLAN's [SOLVED]
Replies: 10
Views: 1142

Re: Require help/advice with Bridge and VLAN's [SOLVED]

Which part doesnt work the router ports or the switch ports and if its the switch, you failed to mention which router model or switch model??
by Mesquite
Sat Mar 02, 2024 1:08 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 662
Views: 193451

Re: v7.14 [stable] is released!

Moral of story, never load up a 7.X.0 version, always at least wait for 7.X.1 or 7.X.2 :-)
by Mesquite
Fri Mar 01, 2024 9:54 pm
Forum: General
Topic: Separate gateway for 2 VPN clients.
Replies: 2
Views: 282

Re: Separate gateway for 2 VPN clients.

Assigning or forcing vpn out a specific WAN interface, is totally different than assigning the ISP connection to an ethernet port or VLAN.
Apples and Oranges
by Mesquite
Fri Mar 01, 2024 9:52 pm
Forum: Beginner Basics
Topic: 2 gateway VPN need help.
Replies: 7
Views: 542

Re: 2 gateway VPN need help.

As stated much more is possible if you switch positions of the routers.
by Mesquite
Fri Mar 01, 2024 2:00 pm
Forum: General
Topic: Wireguard ip routing int VPN
Replies: 2
Views: 287

Re: Wireguard ip routing int VPN

Draw a diagram the explanation is lacking
by Mesquite
Fri Mar 01, 2024 1:59 pm
Forum: General
Topic: Connecting with SOCKS created from another MikroTik router
Replies: 4
Views: 446

Re: Connecting with shocks created from another MikroTik router

Darn it, ;-) Sorry, I wear socks, dont know squat about IP socks, guess I havent needed to, so never looked it up.
by Mesquite
Fri Mar 01, 2024 1:56 pm
Forum: General
Topic: VLAN struggles (continued)
Replies: 7
Views: 750

Re: VLAN struggles (continued)

The first thing you should do is write clear requirements and not try to compress requirements into one line. Secondly communicate is horrible term. In networking its better to talk about, originating traffic to ............. Replies are permitted in firewall rules, and its all about who is allowed ...
by Mesquite
Fri Mar 01, 2024 1:05 pm
Forum: General
Topic: Winbox w3.40 Crashes evrytime.
Replies: 2
Views: 293

Re: Winbox w3.40 Crashes evrytime.

There have been reported issues with winbox over the past several months.
If you take a look at the latest firmware just released 7.14, and the winbox fixes, it may be solved............ ??
by Mesquite
Fri Mar 01, 2024 1:02 pm
Forum: Beginner Basics
Topic: 2 gateway VPN need help.
Replies: 7
Views: 542

Re: 2 gateway VPN need help.

If the routers were switched, it may be doable as you could VPN into Mikrotik connected to ISPA. Then you would simply make the connection to ROUTERB as WAN2 on router MT getting a private IP on that LAN connection DHCP provided by router2......... One would source nat out WAN2 on the mikrotik and t...
by Mesquite
Fri Mar 01, 2024 12:55 pm
Forum: General
Topic: Block anydesk/teamviewer [SOLVED]
Replies: 10
Views: 1607

Re: Block anydesk/teamviewer [SOLVED]

I dont think so, thats a DPI problem that MT is not best suited to intercept. I could be wrong though.
by Mesquite
Fri Mar 01, 2024 12:54 pm
Forum: General
Topic: Connecting with SOCKS created from another MikroTik router
Replies: 4
Views: 446

Re: Connecting with shocks created from another MikroTik router

Shock, do you mean VPN connection and if so, yes via wireguard.
by Mesquite
Fri Mar 01, 2024 6:04 am
Forum: Beginner Basics
Topic: 2 gateway VPN need help.
Replies: 7
Views: 542

Re: 2 gateway VPN need help.

Well what is the make model of Router1?? Why is your pC that is supposed to be connected at Router1, not behind the router but on the internet in the cloud reaching router 1 through the ISP?? Also does router 1 have a public IP? If so static or dynamic. Assuming the mikrotk gets a private IP and can...
by Mesquite
Fri Mar 01, 2024 3:08 am
Forum: General
Topic: hAP ac as a managed switch
Replies: 2
Views: 295

Re: hAP ac as a managed switch

Read this post ( the config for the attempt at a switch setup ) and pay attention to the corrections!! ( post #2)
viewtopic.php?t=204967
by Mesquite
Fri Mar 01, 2024 12:33 am
Forum: Beginner Basics
Topic: Multiple WAN, PPPoE and routing challenge
Replies: 6
Views: 781

Re: Multiple WAN, PPPoE and routing challenge

First things is that we need to make all three WANS available on the Main Table. I have no clue about your pppoe connections and dont care, going to focus on the WAN connections. Dont think any mangles required ?? /ip route add check-gateway=ping distance=1 dst-address=0.0.0.0 gateway=current-privat...
by Mesquite
Thu Feb 29, 2024 11:36 pm
Forum: Beginner Basics
Topic: 2 WAN link and dst-nat configuration
Replies: 7
Views: 544

Re: 2 WAN link and dst-nat configuration

So far looks okay..... 1. On two IP main table routes, would add check-gateway=ping. add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out-pishgaman routing-table=main comment=WAN2 add check-gateway=ping distance=2 dst-address=0.0.0.0/0 gateway=192.168.43.1 routing-table=main com...
by Mesquite
Thu Feb 29, 2024 11:11 pm
Forum: Beginner Basics
Topic: WLAN to LAN connection in VLAN not possible
Replies: 2
Views: 408

Re: WLAN to LAN connection in VLAN not possible

If they are in the same vlan then they are connected on layer2. Makes no sense.


Unless you reinvent rules, I see you have two bridges, first mistake and then attempt to assign the same vlan IDs to different vlans on the different bridges
Good luck with that.
by Mesquite
Thu Feb 29, 2024 11:10 pm
Forum: Beginner Basics
Topic: 2 gateway VPN need help.
Replies: 7
Views: 542

Re: 2 gateway VPN need help.

Are you saying Router 1 is physically connected to the Mikrotik by ethernet cable??
Does either ISPA or ISPB have a public IP address??
by Mesquite
Thu Feb 29, 2024 11:03 pm
Forum: Beginner Basics
Topic: Multiple WAN, PPPoE and routing challenge
Replies: 6
Views: 781

Re: Multiple WAN, PPPoE and routing challenge

So can I conclude that -both sets of users (business and private) are to use WAN1 as their primary source of internet? -if WAN1 is not available, then WAN2 should be used next by business users ONLY -if WAN2 is not available, then WAN3 should be used next by business users ONLY. In other words there...
by Mesquite
Thu Feb 29, 2024 2:21 pm
Forum: Beginner Basics
Topic: VLAN's have reduced throughput, glitch with Unifi
Replies: 5
Views: 542

Re: VLAN's have reduced throughput, glitch with Unifi

Well the config was incomplete and thus confusing. Yes everysmart device gets an IP on the managment vlan. Unifi devices as a default (backwards), assume the management vlan comes untagged and all the wifi vlans tagged. Thus you need a hybrid port. X is tagged for data vlans but untagged for the man...
by Mesquite
Thu Feb 29, 2024 5:41 am
Forum: Beginner Basics
Topic: 2 WAN link and dst-nat configuration
Replies: 7
Views: 544

Re: 2 WAN link and dst-nat configuration

The fastrack rule is NOT a mangle rule its a forward chain filter rule and should be typically the first forward chain rule.
Without seeing the whole config ( less any public IP info ) will be hard to pinpoint the issue
by Mesquite
Thu Feb 29, 2024 2:05 am
Forum: Beginner Basics
Topic: Wireguard LAN to LAN (one side behind NAT) not working
Replies: 16
Views: 3852

Re: Wireguard LAN to LAN (one side behind NAT) not working

VPN is a router service.
Where have you allowed the handshake in the firewall rules??
On router B the allowed IP should be /interface wireguard peers
add allowed-address=192.168.77.0/24,10.255.255.0/30

However that is not the cause of your issues.
by Mesquite
Thu Feb 29, 2024 2:00 am
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

If ether1 goes to the Internet (via modem etc..) then yes its part of the WAN interface list, NOT the LAN interface list.
by Mesquite
Thu Feb 29, 2024 12:03 am
Forum: General
Topic: Wireguard router clients
Replies: 4
Views: 390

Re: Wireguard router clients

Its not hard as you already have a wireguard interface, Just assign each router a wireguard IP. On the main router add a line for allowed IPs to each router. ipaddressRouterClient1/32,subnetC,subnetD...... ( either local users going to remote subnet, OR , remote subnets coming into the main router )...
by Mesquite
Wed Feb 28, 2024 10:11 pm
Forum: Beginner Basics
Topic: 2 WAN link and dst-nat configuration
Replies: 7
Views: 544

Re: 2 WAN link and dst-nat configuration

(1) Keep single NIC card and LANIP.......... / ip firewall nat add chain=srcnat out-interface=ether1-WAN1 action=masquerade add chain=srcnat out-interface=ether2-WAN2 action=masquerade add action=dst-nat chain=dstnat dst-port=3389 dst-address=StaticWANIP1 protocol=tcp to-addresses=192.168.70.20 add ...
by Mesquite
Wed Feb 28, 2024 9:55 pm
Forum: Beginner Basics
Topic: Redirect local port traffic to remote host
Replies: 2
Views: 323

Re: Redirect local port traffic to remote host

Perhaps this??
add chain=dstnat action=dst-nat src-address=10.20.28.0/22 src-port=8103 dst-address=10.20.28.XX dst-port=7547
by Mesquite
Wed Feb 28, 2024 9:47 pm
Forum: General
Topic: Wireguard router clients
Replies: 4
Views: 390

Re: Wireguard router clients

Are you saying you wish to connect all the clients' routers to your MT server router via WG? Are they all MT routers? Not much different from roadwarrior setup. No input chain rule (no handshake on client router) Still need IP address Still need allowed IPs ( not 0.0.0.0 likely but something like 19...
by Mesquite
Wed Feb 28, 2024 7:11 pm
Forum: Beginner Basics
Topic: 2 WAN link and dst-nat configuration
Replies: 7
Views: 544

Re: 2 WAN link and dst-nat configuration

Are the public IPs, static or dynamic? Same provider or different provider.


RDP is not secure, dont recommend.
Much better off installing wireguard and have your users securely access the router and then you can have them access any LAN device, including an RDP server from the LAN side.
by Mesquite
Wed Feb 28, 2024 7:09 pm
Forum: Beginner Basics
Topic: VLAN's have reduced throughput, glitch with Unifi
Replies: 5
Views: 542

Re: VLAN's have reduced throughput, glitch with Unifi

All smart devices get IP on vlan11. (trusted or management network) Why is ethernet 5 UNTAGGED FOR TWO different vlans. ILLEGAL !!! an access port or Hybrid port can only have one untagged vlan. THus I removed vlan12 as untagged on 5. You have a mismatch between vlans and pools, plus I added a vlan....
by Mesquite
Wed Feb 28, 2024 6:47 pm
Forum: General
Topic: Switching to new router and wanted to cleanup the firewall mess
Replies: 8
Views: 804

Re: Switching to new router and wanted to cleanup the firewall mess

You didnt quite grasp the concept of drop all else............( all other rules save invalid traffic need only be accept ). You forgot to use drop all in forward chain??? Also you dont need to create firewall rules for reply traffic, it is already permitted. AKA open vpn user to LAN is good enough, ...
by Mesquite
Wed Feb 28, 2024 3:43 pm
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 816

Re: Question about ingress VLAN translation

I thought the whole idea of routers and smart switches is that the router is only involved when access to the internet is required or cross vlan traffic ( firewall rules ). Any traffic on the same vlan behind the switch doesn't go to the router, and stay within the wirespeed of the switch regardless...
by Mesquite
Wed Feb 28, 2024 2:59 am
Forum: Beginner Basics
Topic: New Home Setup Router+Switch+cAP+VLANs
Replies: 8
Views: 1011

Re: New Home Setup Router+Switch+cAP+VLANs

Nice thanks for the tip as well!! Glad it worked out for you!!
by Mesquite
Wed Feb 28, 2024 2:59 am
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 816

Re: Question about ingress VLAN translation

Well if your not going to use the proper vlan filtering method for CRS3Xx switches, you will need to get help from someone that understands doing it whatever way you have decided to use.
by Mesquite
Tue Feb 27, 2024 10:53 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

First you have to do the work Use this as a basis for all your rules and get rid of any raw ones etc... Then add the additional rules you need for traffic to occur ( all the allow rules you need ) /ip firewall filter {Input Chain} (default rules to keep) add action=accept chain=input comment="d...
by Mesquite
Tue Feb 27, 2024 10:36 pm
Forum: Beginner Basics
Topic: WireGuard Handshake issue protonvpn
Replies: 19
Views: 2344

Re: WireGuard Handshake issue protonvpn

Suggest get rid of made up rules, raw or otherwise, stick to default rules. Add wireguard settings THEN flush the proton rule down the toilet you talk about instead use this: add chain=srcnat action=masquerade out-interface=wireguard Also ensure you add this mangle rule to help with any potential MT...
by Mesquite
Tue Feb 27, 2024 10:29 pm
Forum: Beginner Basics
Topic: Question about ingress VLAN translation
Replies: 8
Views: 816

Re: Question about ingress VLAN translation

You have a CRS3, switch it should be setup the same as your router basically following https://forum.mikrotik.com/viewtopic.php?t=143620, for the router and similar on the switch, For the switch read this thread and take note of the ap/switch config AND THE CORRECTIONS. https://forum.mikrotik.com/vi...
by Mesquite
Tue Feb 27, 2024 10:27 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 1139

Re: Isolated Guest WiFi Sans VLANs

Easy solution, buy any non-MT wifi router, they come with a built-in guest wifi. :-)
by Mesquite
Tue Feb 27, 2024 1:48 pm
Forum: Wireless Networking
Topic: Which devices for a wireless link between two buildings, <100m range ?
Replies: 13
Views: 1272

Re: Which devices for a wireless link between two buildings, <100m range ?

Thanks for the real world example. That unit can also be mounted outside,drill hole through wall for cable, attach a lightning filter (outside - https://mikrotik.com/product/rbgesp ) or two ( and inside - https://ca.store.ui.com/ca/en/collections/unifi-accessory-tech-poe-and-power/products/ethernet-...
by Mesquite
Tue Feb 27, 2024 1:41 pm
Forum: Beginner Basics
Topic: New Home Setup Router+Switch+cAP+VLANs
Replies: 8
Views: 1011

Re: New Home Setup Router+Switch+cAP+VLANs

viewtopic.php?t=143620 ( for the 5009 )

viewtopic.php?t=204967 Look at this example of ap/switch and (router for that matter) AND THE CORRECTIONs,

ps.. mermaid looks nice, but not free. :-(
by Mesquite
Tue Feb 27, 2024 1:36 pm
Forum: General
Topic: How to dst-nat or redirect when routing marks are present
Replies: 7
Views: 543

Re: How to dst-nat or redirect when routing marks are present

With the proper mangling rules of course.................... what have you got so far! ;-)
by Mesquite
Tue Feb 27, 2024 1:26 am
Forum: General
Topic: Router and switchAP with VLAN, non-management VLANs not connectting
Replies: 9
Views: 873

Re: Router and switchAP with VLAN, non-management VLANs not connectting

Not required, the additional IP address on the offbridge port does not require dhcp-server/dhcp-server network, but thats your call if you want to avoid putting in an IP via iPV4 settings.
by Mesquite
Mon Feb 26, 2024 9:05 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 294
Views: 437171

Re: Using RouterOS to VLAN your network

pcunite what software did you use to generate diagrams??
by Mesquite
Mon Feb 26, 2024 9:00 pm
Forum: General
Topic: How to dst-nat or redirect when routing marks are present
Replies: 7
Views: 543

Re: How to dst-nat or redirect when routing marks are present

Good day Sir,
In plain english, do you mean you have two WANs conducing load balancing and now you at trying to figure out how to add LAN based servers in the mix............
viewtopic.php?t=204746
by Mesquite
Mon Feb 26, 2024 1:31 pm
Forum: Beginner Basics
Topic: WireGuard Handshake issue protonvpn
Replies: 19
Views: 2344

Re: WireGuard Handshake issue protonvpn

OP has mangled decent default settings into a mess.
by Mesquite
Mon Feb 26, 2024 1:30 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

?????? He has provided updated scripts throughout. ????
best documented work I have seen in some time even indicated if changes were made.
The pics are also germane and excellent.

Exactly what part dont you understand??
by Mesquite
Mon Feb 26, 2024 1:27 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Like any server, if its not en encrypted type of connection, you are screwed LOL.
I would get users to wireguard in, then access NAS.
by Mesquite
Mon Feb 26, 2024 1:26 pm
Forum: Beginner Basics
Topic: Multiple WAN, PPPoE and routing challenge
Replies: 6
Views: 781

Re: Multiple WAN, PPPoE and routing challenge

Draw a diagram and nothing is clear. Do you have three pppoe connections, and if so why are you using IP DHCP CLIENT? What type of WAN connections. Is each give you a private or public IP......... Is each from a different provider. Do you have any vpns coming into the router Do you have any servers ...
by Mesquite
Mon Feb 26, 2024 1:23 pm
Forum: General
Topic: Mikrotik router as managed switch
Replies: 1
Views: 345

Re: Mikrotik router as managed switch

viewtopic.php?t=204967

See the script and see the comments for the ap/switch
by Mesquite
Mon Feb 26, 2024 12:59 pm
Forum: General
Topic: What happened to anav and "The DEFACTO DEFAULT FIREWALL Setup"
Replies: 18
Views: 1207

Re: What happened to anav and "The DEFACTO DEFAULT FIREWALL Setup"

The docs are improving, being kept more up to date, and with more detail but they are not a specific 'your' scenario solutions based.
There are many excellent videos out there ( Network Berg, Network Trip etc.. ), including MT videos, to help with more detail on some scenarios.
by Mesquite
Mon Feb 26, 2024 2:48 am
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 1139

Re: Isolated Guest WiFi Sans VLANs

Not even going to try............ Its like, please tell me how to use my betamax player ;-P Without looking BRIDGE no vlans for everything guest WLAN port NOT on bridge assign WLAN port IP address directly. Article need not be any longer..... ;-P I recently attended the mkx school of brevity. :-)
by Mesquite
Mon Feb 26, 2024 2:43 am
Forum: General
Topic: Router and switchAP with VLAN, non-management VLANs not connectting
Replies: 9
Views: 873

Re: Router and switchAP with VLAN, non-management VLANs not connectting

ROUTER 1- MISSING ~~ You have five vlans - missing vlan99 pool - missing vlan99 dhcp server - missing vlan99 dhcp server-network - at least you do have the iP address LOL......... 2- INCORRECT Sloppy!!! add bridge=LAN_BRIDGE comment="HOME Access Port , access port" frame-types=\ admit-only...
by Mesquite
Mon Feb 26, 2024 2:15 am
Forum: General
Topic: Router and switchAP with VLAN, non-management VLANs not connectting
Replies: 9
Views: 873

Re: Router and switchAP with VLAN, non-management VLANs not connectting

AP SWITCH CHANGES 1- Should only have one vlan entry /interface vlan add comment="Management" network" interface=LAN_BRIDGE name=MGMT_VLAN vlan-id=99 2 - Should only have one entry. /interface list add name=MGMT_LIST 3 - REMOVED ETHER3 from bridge ports. As you defined it: set [ find ...
by Mesquite
Mon Feb 26, 2024 12:36 am
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 1219

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

What happened to all the firewall rules and interface lists??
by Mesquite
Sun Feb 25, 2024 8:46 pm
Forum: Beginner Basics
Topic: Wireguard configured but not handshake [SOLVED]
Replies: 17
Views: 4243

Re: Wireguard configured but not handshake [SOLVED]

@hightechlab, no worries, the important is not to copy and rule stick it in and move on!!.

THe key is understanding that the handshake is TO the router. Such traffic is handled in the input chain.
by Mesquite
Sun Feb 25, 2024 6:28 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Nice article, what caught my eye, was the comment ......why is MT using such old switch chips..... I read the MT product info and all it says --> the amazing Marvell 98DX226S switch-chip I go to the marvell website, and put in 98DX226S and I get NOTHING.......... I also notice that the AX3 router ha...
by Mesquite
Sun Feb 25, 2024 6:21 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 1219

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

hahahah, you make me laugh, there should be a first post process period, ONE solution for all the littly bitty ideas you guys come up on so many posts, please do this, please do that, you should do this, you should do that....... There is a way. No one supported me. ;-P
by Mesquite
Sun Feb 25, 2024 2:44 pm
Forum: General
Topic: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]
Replies: 10
Views: 1219

Re: poor intervlan on rb5009, lots of invalid connections dropped [SOLVED]

1 Main issue - you didnt turn on VLAN filtering yet. /interface bridge add name=BR1 protocol-mode=none vlan-filtering= no 2. I gather all your bridge ports save ether8 are trunk ports going to smart devices and thus would make some minor modifications. /interface bridge port add bridge=BR1 interface...
by Mesquite
Sun Feb 25, 2024 2:02 pm
Forum: General
Topic: Automatic switching default routes
Replies: 13
Views: 930

Re: Automatic switching default routes

Not sure what your saying. 1-The request was simple, you wanted to make use of check-gateway=ping. 2-To do that you need to create a manual route instead of dhcp client ( add default route=yes). 3-We did that, however your ISP does not work using ether5 as the interface, which does in some cases but...
by Mesquite
Sat Feb 24, 2024 11:41 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 138
Views: 9614

Re: [Discussion] MikroTik configuration abstraction complexity

I am still trying to add up the math...... ;-) quote: "DarkNate @jaclaz 1. Nobody is asking for a Juniper MX2020 from MikroTik. 2. MikroTik HARDWARE isn't the problem. In last 10 years of MikroTik, 1/10 are hardware issues. 3. MikroTik SOFTWARE is the problem. In last 10 years of MikroTik, 10/1...
by Mesquite
Sat Feb 24, 2024 9:20 pm
Forum: Beginner Basics
Topic: Cloud Access need help
Replies: 7
Views: 604

Re: Cloud Access need help

It is not clear what you want, and unlike Erlinden I don't see any point on running around like a chicken with its head cut off. Please clearly state what requirement or requirements you are attempting to communicate. ( describe the traffic flow required in terms of users, use a diagram if necessary...
by Mesquite
Sat Feb 24, 2024 9:18 pm
Forum: Beginner Basics
Topic: Cloud Access need help
Replies: 7
Views: 604

Re: Cloud Access need help

Buy a plane ticket!
by Mesquite
Sat Feb 24, 2024 8:52 pm
Forum: Wireless Networking
Topic: Which devices for a wireless link between two buildings, <100m range ?
Replies: 13
Views: 1272

Re: Which devices for a wireless link between two buildings, <100m range ?

Hi Goodbye, I would hope that MT is not making claims of 1gig at 200 meteres, in filtered or sterilized air '=) Even worse, results in a vacuum chamber!! If you look at their brochure for the wireless wire, it even shows the diagram of both antennas pointing at each other through windows. Certainly ...
by Mesquite
Sat Feb 24, 2024 8:46 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

To be honest, the geniuses are behind me, I am just channeling great advice I have gotten from others over the years. Glad its working well. You may want to play with PCC settings aka both addresses and ports as that combo is said to be the optimal for spreading connections among the WANs, but poten...
by Mesquite
Sat Feb 24, 2024 8:39 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP

I would say the DNS approach, is favoured by my favourite gateau, rextended............. He swears by it. ( orange cat is a close second by the way ). Somewhat similar in concept to what you have offered, but since I dont understand it at all,,,,,,, just putting it out there. I don't even think you ...
by Mesquite
Sat Feb 24, 2024 8:15 pm
Forum: General
Topic: new mikrotik - how to wipe it?
Replies: 6
Views: 672

Re: new mikrotik - how to wipe it?

I do upgrades to required version (I never let it stay at factory version), then reset to default configuration.
And then I begin config ...
Nice but not a wipe in my books, perhaps a gentle cleansing.
by Mesquite
Sat Feb 24, 2024 8:04 pm
Forum: General
Topic: Automatic switching default routes
Replies: 13
Views: 930

Re: Automatic switching default routes

Okay no problem so using a manual route using gateway IP set to ether5 did not WORK. Thats okay! Next step is to do the following. Reading the IP DHCP client settings, STATUS TAB, get the current gateway IP. THen go to your manual route and remove ether5 and put in the current actual gateway IP and ...
by Mesquite
Sat Feb 24, 2024 6:30 am
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP

Remember he has an upstream router with a dynamic public IP.
Hence he uses a dyndnsurl to reach the upstream router, which forward the incoming trafffic with destnation port to the lanip 192.168.100.100.
This is also the WANIP of the MT device.
by Mesquite
Sat Feb 24, 2024 6:28 am
Forum: General
Topic: OpenVPN between TP-Link and Mikrotik
Replies: 5
Views: 525

Re: OpenVPN between TP-Link and Mikrotik

Nope would need to update it to vers7,
Wireguard is well supported on MT, openvpn has never been completely supported.
by Mesquite
Sat Feb 24, 2024 4:10 am
Forum: Wireless Networking
Topic: Which devices for a wireless link between two buildings, <100m range ?
Replies: 13
Views: 1272

Re: Which devices for a wireless link between two buildings, <100m range ?

+1 Concur with gotsprings. What could be easier then a wifi switch, on a diff spectrum from all the other 2.4 and 5ghz noise.
by Mesquite
Sat Feb 24, 2024 4:07 am
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP

Hey MTNICK. (1) The hairpin nat rule is port/protocol agnostic. Not required. He has the correct rule. (2) The dstnat (port forwarding rules) can very much so have a different dst port, the one hitting the router, and a to-port the one hitting the server. Its called port translation. If your ISP blo...
by Mesquite
Sat Feb 24, 2024 3:37 am
Forum: General
Topic: OpenVPN between TP-Link and Mikrotik
Replies: 5
Views: 525

Re: OpenVPN between TP-Link and Mikrotik

Better off doing wireguard IMHO.
by Mesquite
Sat Feb 24, 2024 3:21 am
Forum: General
Topic: new mikrotik - how to wipe it?
Replies: 6
Views: 672

Re: new mikrotik - how to wipe it?

netinstall.
by Mesquite
Sat Feb 24, 2024 1:24 am
Forum: General
Topic: A place for poetry
Replies: 63
Views: 247611

Re: A place for poetry

"Scissors"
Run With Naked!
"Fork"
Stabbed in Eye!
"First MT Post"
1000 cuts just add iodine!
by Mesquite
Sat Feb 24, 2024 12:56 am
Forum: General
Topic: Automatic switching default routes
Replies: 13
Views: 930

Re: Automatic switching default routes

Nm........... First take note in ip dhcp client STATUS tab of the wanip and gateway IP. Two Options if the Modem is doing all the work and you simply get client via ETHER5 then simply a. DO not use default route b. add an IP route manually, add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gat...
by Mesquite
Fri Feb 23, 2024 11:27 pm
Forum: General
Topic: Firewall is dropping traffic on CCR1009-8G-1S-1S+ (tile) [SOLVED]
Replies: 9
Views: 1011

Re: Firewall is dropping traffic on CCR1009-8G-1S-1S+ (tile) [SOLVED]

Sorry, but I am outta here, good luck with assistance. Reason - contradictory statements. Intro Post: The Core router CCR1009-8G-1S-1S+ (tile), has no NAT rules , no Mangle rules , simple static default route. There is a simple Firewall rule list (CCR): [/b] Latest Post: My CCR works as a primary Co...
by Mesquite
Fri Feb 23, 2024 11:10 pm
Forum: General
Topic: Firewall is dropping traffic on CCR1009-8G-1S-1S+ (tile) [SOLVED]
Replies: 9
Views: 1011

Re: Firewall is dropping traffic on CCR1009-8G-1S-1S+ (tile) [SOLVED]

Stated differently, what is it doing there............. Not needed ????
by Mesquite
Fri Feb 23, 2024 11:09 pm
Forum: Scripting
Topic: Automatic Simple Queue based on IPv6 Neighbors [SOLVED]
Replies: 4
Views: 1428

Re: Automatic Simple Queue based on IPv6 Neighbors [SOLVED]

Perhaps what AI bots are outputting these days for answers??
by Mesquite
Fri Feb 23, 2024 11:07 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

You will have to wait for netgear,tplink, etc to start making prosumer 2.5 gig smart switches LOL.
by Mesquite
Fri Feb 23, 2024 10:54 pm
Forum: Beginner Basics
Topic: firewall filters - solid?
Replies: 5
Views: 618

Re: firewall filters - solid?

1. Okay separate NTP server, not sure why you bother as the router already provides this, and thus all devices including the router are in the same sync. 2. The invalid rule ensure that any new traffic is caught and discarded before hitting any other rules. 3. Every time a connection is new, it is n...
by Mesquite
Fri Feb 23, 2024 10:43 pm
Forum: General
Topic: app for end user on ios [SOLVED]
Replies: 7
Views: 1104

Re: app for end user on ios [SOLVED]

Agreed, one should not be configuring from scratch on IOS app. Its mean really for tweaking a config or adding wg peer etc............
Not for complex changes to the config.
by Mesquite
Fri Feb 23, 2024 6:50 pm
Forum: General
Topic: Automatic switching default routes
Replies: 13
Views: 930

Re: Automatic switching default routes

Interesting, so you dont use LTE settings on the chateau?? Just IP DHCP client?
by Mesquite
Fri Feb 23, 2024 6:42 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP

All good, thanks for letting me know. Yup the rule is disabled, should have noticed. I am of the ilk of removing rules not used, so IF i see it, assume its working. Okay, So one last time by MYIP If it contains ONLY DOMAIN name a. external users like you on your cell phone Do NOT reach the servers! ...
by Mesquite
Fri Feb 23, 2024 6:07 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP

If not using IPV6 you can disable it AND REMOVE all the firewall address lists and firewall rules associated.
by Mesquite
Fri Feb 23, 2024 6:02 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP

Can you confirm the upstream router correctly port forwards traffic to port 8000 to 192.168.100.100 (jpeg)?? I think I see one problem, you didnt remove a rule, when it was replaced by three other rules. ( AS STATED CLEARLY in post #2 ) I am not sure it will change anything, but please see if extern...
by Mesquite
Fri Feb 23, 2024 5:59 pm
Forum: General
Topic: Switching to new router and wanted to cleanup the firewall mess
Replies: 8
Views: 804

Re: Switching to new router and wanted to cleanup the firewall mess

Yes, but my understanding is that it may be used in the background for other things, but not clearly stated anywhere.
by Mesquite
Fri Feb 23, 2024 4:50 pm
Forum: Beginner Basics
Topic: firewall filters - solid?
Replies: 5
Views: 618

Re: firewall filters - solid?

/ip firewall filter add action=accept chain=input comment="Allow Estab & Related & untracked" connection-state=established,related,untracked add action=drop chain=input comment="drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: a...
by Mesquite
Fri Feb 23, 2024 4:39 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

/routing table add fib name=to-dorm /routing table add fib name=to-LTE /ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark \ dst-address-type=!local in-interface-list=LAN new-connection-mark=LTE2 \ passthrough=yes per-connection-classifier=src-address-and-port:3/0...
by Mesquite
Fri Feb 23, 2024 4:13 pm
Forum: General
Topic: Switching to new router and wanted to cleanup the firewall mess
Replies: 8
Views: 804

Re: Switching to new router and wanted to cleanup the firewall mess

+1 johnson' Only change I would make is add the internal loopback, the router uses for various functionalities behind the scenes. add action=accept chain=input comment=defcon: accept to local loopback" dst-address=127.0.0.1 after the ICMP rule. (only very minor quibble would be to change wordin...
by Mesquite
Fri Feb 23, 2024 2:58 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

add check-gateway=ping dst-address=0.0.0.0/0 gateway=192.168.86.1 routing-table=2then3 ............ comment="ISP2-ST" add dst-address=0.0.0.0/0 gateway=192.168.85.1 routing-table=2then3 distance=3 comment="ISP3-ST" ( missing distance=2 but would work as the default is 1 lol ) Th...
by Mesquite
Fri Feb 23, 2024 2:52 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP

Please print your latest config, so I can see where we are going wrong.
by Mesquite
Fri Feb 23, 2024 2:38 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

What? the new switch is $999 us.
by Mesquite
Fri Feb 23, 2024 2:35 pm
Forum: General
Topic: Automatic switching default routes
Replies: 13
Views: 930

Re: Automatic switching default routes

After rereading, I understand. You use the use default route route (YES) offered in dhcp client but the settings do not provide check-gateway=ping. My recommendation is to uncheck the default route and add a manual one. add distance=1 check-gateway=ping dst-address=0.0.0.0/0 gateway=ISP-gateway-IP r...
by Mesquite
Fri Feb 23, 2024 2:24 pm
Forum: General
Topic: Masquerade with Multiple IPs
Replies: 3
Views: 363

Re: Masquerade with Multiple IPs

Interesting question.......... Maybe try out-interface-list=WAN? Although your should have covered it, if it was to every work.
by Mesquite
Fri Feb 23, 2024 5:20 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Trust me, you have gotten this far faster than I................ and your attention to detail is very good!!
by Mesquite
Fri Feb 23, 2024 4:51 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Well think about it, the reason to do this last change was to spread out the new connections 1 to one ISP, then to the next ISP then to the next ISP, vice the first two connections to wan1, the next two etc.............. Therefore logically one has to not move the 6/0 from whatever is the first rule...
by Mesquite
Fri Feb 23, 2024 4:39 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

The missing letter was simply a typo.... You moved the rules around perfectly, but the point was not to move the 6/0 etc numbering, which as the rest should be in order 6/0 through 6/5, they dont follow the rule they were with previously. Correct for the routing mark rules, they dont change. Correct...
by Mesquite
Fri Feb 23, 2024 3:28 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Why did you remove the SPECIFIC Table routes?
The clue is if you kept them in the tables listing created, you should be using them!
Remember this is for server traffic so you should use them............
by Mesquite
Fri Feb 23, 2024 3:25 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Okay I see one error in the last PCC mark connection...... add action=mark-connection chain=prerouting connection-mark=no-mark \ connection-state="" dst-address-type=!local in-interface-list=LAN \ new-connection-mark= 3then1 _conn passthrough=yes per-connection-classifier=\ src-address-and...
by Mesquite
Fri Feb 23, 2024 3:19 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Wow, very impressive, you nailed it. I am going to start asking you todo all my configs!!. You kept the original recursive routes on the main table as required. you kept the tables and mangles and the specific table routes to ensure server traffic was not entangled with PCC traffic. you correctly se...
by Mesquite
Fri Feb 23, 2024 3:02 am
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

Very good question.
So external users can access the server no problem with they dyndns URL pointing the public IP of the upstream router,
but the internal servers are unsuccessful using the same?
However if they simply use 192.168.100.100:8000 they are successful?
by Mesquite
Thu Feb 22, 2024 11:57 pm
Forum: Beginner Basics
Topic: router not broadcasting wifi
Replies: 12
Views: 935

Re: router not broadcasting wifi

OK, time to stop playing around.
Ur Killen me!!!
Where were you when I said MT should have an initial posting process LOL...........
Do'n't know whether to laugh or cry, but seeing you all flail around like chickens with your heads cutoff can be rather amusing.......
by Mesquite
Thu Feb 22, 2024 9:33 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

I would only invoke other rules like raw, if you get issues........... With drop all, you shouldnt need raw.
By the way, the router cannot really prevent flooding etc.......... that is the job of the upstream providers.......
by Mesquite
Thu Feb 22, 2024 9:17 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

Can you confirm more information.

Do you get an actual IP address as /32 (single IP)
OR
Do you get some other mask.................

AND
Do you ever get the gateway IP information.
by Mesquite
Thu Feb 22, 2024 8:19 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

Sorry I didnt see where you said it was up and running. Thus you do have an interface right.

Does it not show up on the interface tab ?
Does it show up anywhere for selection on any rules?? ie the name LTE1 ???
by Mesquite
Thu Feb 22, 2024 8:17 pm
Forum: Beginner Basics
Topic: Force all LAN devices to use Adguard local DNS running on Docker on the same Router
Replies: 10
Views: 3382

Re: Force all LAN devices to use Adguard local DNS running on Docker on the same Router

I would have to look at the config to assess but the only thing missing from the initial discussion is a forward chain rule allowing all vlans permisssion to reach the adguard Ip address ( destination address ). So that if sent there by other means, it will be allowed. I dont see the need to mangle??
by Mesquite
Thu Feb 22, 2024 8:13 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Concur, the 310 is CRS3XX series and thus setting up vlans is like vlan bridge filtering in routers and works great.
If one asked their spouse to spend $$ on IT, none of us would be here!!
by Mesquite
Thu Feb 22, 2024 6:59 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

I will see what I can do.
by Mesquite
Thu Feb 22, 2024 6:54 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

The essentials remain the same, the problem seems to be how to setup LTE, forget about load balancing at the moment, on the chateau. Did you find the LTE interface tab I displayed? Did you try and select LTE APN and insert the information provided by the provider ( or perhaps the MODEM ) not sure th...
by Mesquite
Thu Feb 22, 2024 4:22 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

Okay so b. b for bogus, there is no special requirment for people to access the OTHER WAN. Since both will be available thru PCC we dont care about b. Since each will failover to the other we dont care about b. Now for the tough question. Can you forward any ports on the dorm server router to your r...
by Mesquite
Thu Feb 22, 2024 2:36 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Please define NEXT GEN - using cute buzz words means nothing to me. If you looking for DPI and IDP subscription services, your barking up the wrong tree here. Again, being vague is not helpful. Stating "relatively cheap" is another bogus statement that has no real meaning. WHat is your bud...
by Mesquite
Thu Feb 22, 2024 2:34 pm
Forum: General
Topic: wireguard only working locally
Replies: 4
Views: 709

Re: wireguard only working locally

Dont understand your network, provide a diagram
Cannot comment on the MT without seeing the config. Post the config ( minus router serial number, public WANIP information, keys )
by Mesquite
Thu Feb 22, 2024 1:31 pm
Forum: Beginner Basics
Topic: Internet for Remote Gateway
Replies: 9
Views: 986

Re: Internet for Remote Gateway

Wireguard is far easier, if the config didnt work it was simply not setup properly.
However, it would seem you would prefer the IPSEC approach, nothing wrong with that, enjoy!!
by Mesquite
Thu Feb 22, 2024 1:30 pm
Forum: Useful user articles
Topic: Using Automate on Android for Wireguard on dynamic IP
Replies: 1
Views: 1608

Re: Using Automate on Android for Wireguard on dynamic IP

What does this have to do with Mikrotik?
by Mesquite
Thu Feb 22, 2024 1:28 pm
Forum: Useful user articles
Topic: Lis of ingress allow ports for Windows networks
Replies: 3
Views: 2628

Re: Lis of ingress allow ports for Windows networks

So you need to allow VLAN to VLAN traffic, but have a mandate to restrict by IP and port?
If so, what you are doing seems reasonable in terms of rules and efficiencies.
by Mesquite
Thu Feb 22, 2024 1:21 pm
Forum: Beginner Basics
Topic: Internet for Remote Gateway
Replies: 9
Views: 986

Re: Internet for Remote Gateway

Any reason you decided not to try wireguard vpn between the routers?
by Mesquite
Thu Feb 22, 2024 1:20 pm
Forum: Beginner Basics
Topic: Site access problem
Replies: 4
Views: 481

Re: Site access problem

What is the throughput of your ISP? The number of concurrent users, for anything other than checking email and browsing the net, and the "lite" router you have are not a good mix for performance.
by Mesquite
Thu Feb 22, 2024 1:17 pm
Forum: Beginner Basics
Topic: Access to other network over VPN Client
Replies: 1
Views: 344

Re: Access to other network over VPN Client

What routers do you have, recommend Wireguard, much easier to accomplish same.
by Mesquite
Thu Feb 22, 2024 1:11 pm
Forum: Beginner Basics
Topic: VLANs and firewall
Replies: 5
Views: 538

Re: VLANs and firewall

Something like that yes.......
Why would you think order of rules is not important?
Also the organization of chains together is for easy reading/understanding and supportive of troubleshooting.
by Mesquite
Thu Feb 22, 2024 1:10 pm
Forum: Beginner Basics
Topic: WireGuard Handshake issue protonvpn
Replies: 19
Views: 2344

Re: WireGuard Handshake issue protonvpn

Definitely a problem in your config........
by Mesquite
Thu Feb 22, 2024 1:05 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

From where? If you mean a computer on your LAN, and you want to use ip address then its 192.168.1.1 : winboxport# If rules dont work, then its likely due to your firewall rules. Suggest go back to defaults and focus on needed traffic vice blocking traffic. Something like this where all traffic not s...
by Mesquite
Thu Feb 22, 2024 1:02 pm
Forum: General
Topic: Automatic switching default routes
Replies: 13
Views: 930

Re: Automatic switching default routes

post config (less router serial number, any public wanip info )
by Mesquite
Thu Feb 22, 2024 4:46 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Maybe you spoke to soon, read above again LOL new info.
by Mesquite
Thu Feb 22, 2024 4:03 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Sweet!! Looking good! Now for the icing on the cake!!! Have each WAN, when it fails, spread its traffic evenly to the two remaining ISPs vice just one. Step One: Increase the PCC mangles. The idea is is not to have 1/3 of the traffic go to each WAN, but 2/6 of the traffic go to each WAN and thus whe...
by Mesquite
Thu Feb 22, 2024 3:59 am
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

Thats because your rule is not correct. Lets work through the logic! a. the input chain rule for wireguard permits the handshake and makes the tunnel happen between the android phone and the MT. Once connected think of the phone basically parallel to the LAN............ b. to allow the phone to subn...
by Mesquite
Wed Feb 21, 2024 11:58 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

Accept winbox from the LAN only and if you know which IPs, use a source address list to narrow it down.
The LAN users still need access for DNS services by the way.
Also if you need remote access add the wireguard address to the allowed source address list noted above.
by Mesquite
Wed Feb 21, 2024 11:29 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

Lets look at the facts. 1. Defining wg interface - great! add comment="My wireguard Server on RB4011" listen-port=15445 mtu=1420 name=\ wireguardRB 2. Defining peer client device - great! ( currently only one, could be phone, could be laptop, phone is easier to check with cellular connecti...
by Mesquite
Wed Feb 21, 2024 11:14 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Awesome, I need we could get there, the journey is the fun part!
by Mesquite
Wed Feb 21, 2024 11:14 pm
Forum: Beginner Basics
Topic: Access Point as Router
Replies: 3
Views: 383

Re: Access Point as Router

If you have multiple WANS, it is likely the haplite is not the best option, doable of course.
How many WANS and throughput of each??
Amount of traffic anticipated??
by Mesquite
Wed Feb 21, 2024 11:10 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

Good day atais. After some sobering thought and discussion with someone who knows better........ There are TWO methods that users should use to reach the server. A. Directly is the most foolproof for internal users 192.168.88.253:8000 B. Through the DYNDNS URL you are using, be it from a free or pai...
by Mesquite
Wed Feb 21, 2024 10:49 pm
Forum: Beginner Basics
Topic: VLANs and firewall
Replies: 5
Views: 538

Re: VLANs and firewall

Dont know your current setup but this is the basic default rule setup with the switch done. Block all, use accept rules to add traffic to be allowed ( just before the drop all rule ). Stops vlan to vlan traffic cold. /ip firewall filter {Input Chain} ( default rules to keep ) add action=accept chain...
by Mesquite
Wed Feb 21, 2024 10:40 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

You are LOL. Oh holy crap! I went back and read and wow. I've got no excuse other than I'm an idiot. Clearly my guidance would have been different, and in line with yours, had I had the literacy of a 2 yr old. I'll administer a self beating that would make a Canadian like you proud Mesquite. My uno...
by Mesquite
Wed Feb 21, 2024 10:39 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

Don't use hide sensitive. Default ROS7 is to hide most (not all) sensitive info. Just use /export file=anynameyouwish Edit that file. There shouldn't be too much sensitive info in there. Concur, remove router seriaal number, any keys public private etc, any public WANIP info or WAN gateway IP info,...
by Mesquite
Wed Feb 21, 2024 9:52 pm
Forum: Beginner Basics
Topic: Port forwarding [SOLVED]
Replies: 18
Views: 1591

Re: Port forwarding [SOLVED]

I still have no idea what you were trying to do LOL. but if its working great!
by Mesquite
Wed Feb 21, 2024 9:45 pm
Forum: General
Topic: Android and IOS VPN with Mikrotik
Replies: 12
Views: 1084

Re: Android and IOS VPN with Mikrotik

Modifying MTU on mikrotik devices, when the mikrotik is CLIENT, is often done connecting to third party servers. Not the reverse. :-(

You could try setting the MTU the same on android and Mikrotik to 1500 or other higher and lower variants than the default, and see if one work for all.
by Mesquite
Wed Feb 21, 2024 9:42 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

Conceptually speaking,,,,,,, LTE is roughly double that of dorm wrt throughput. Thus would PCC 3 connections to provide a 2:1 type ration.. session X goes to LTE session X +1 goes to dorn session X+2 goes to LTE rinse and repeat. ++++++++++++++++++++++++++++++++++++ If you want partition some traffi...
by Mesquite
Wed Feb 21, 2024 9:36 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

Okay so this a Chateau unit with an LTE module/capability. 1. Got it you get LTE of unknown type and thus dont know if the ISP provides a fixed IP, or a dynamic IP that changes? 2. Dont know if the LTE IP is actually public, or cgnat type, either ?? Can you call them and ask?? 3. Can you confirm tha...
by Mesquite
Wed Feb 21, 2024 9:26 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

Post the complete config ( less public WANIP info, router serial number, any KEYS ) to see what is going on.
by Mesquite
Wed Feb 21, 2024 12:41 am
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

Because your Port Forwarding rule is incorrect. You still have the in-interface part in there, should be removed. From: add action=dst-nat chain=dstnat comment=http dst-address=192.168.100.100 \ dst-port=8000 in-interface-list=all protocol=tcp to-addresses=\ 192.168.88.253 What do you mean by specif...
by Mesquite
Wed Feb 21, 2024 12:38 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Negative if all three ISPs, when rebooted, provide the proper gateway IP in IP routes we are good to go.
by Mesquite
Wed Feb 21, 2024 12:09 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Try this iteration......... for the three scripts.......... should work. :if ($bound=1) do={ :local gw $"gateway-address" /ip route set [ find comment="ISP1-MainTable" gateway!=$gw ] gateway=$gw /ip route set [ find comment="ISP1-SpecificTable" gateway!=$gw ] gateway=$g...
by Mesquite
Tue Feb 20, 2024 11:17 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

standard export is fine.........i use notepad++
by Mesquite
Tue Feb 20, 2024 11:05 pm
Forum: Beginner Basics
Topic: Port forwarding [SOLVED]
Replies: 18
Views: 1591

Re: Port forwarding [SOLVED]

Remove /24 from what you still havent stated that ALso why are you removing dns-server entry??? My bad on dst port rule please adjust too ( I didnt hoist in that your wanip is fixed static ) /ip firewall nat add action=dst-nat chain=dstnat dst-port=3000 protocol=tcp dst-address=staticWAN-ip \ log=ye...
by Mesquite
Tue Feb 20, 2024 11:04 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

Post your complete config please, it should work well?
by Mesquite
Tue Feb 20, 2024 11:03 pm
Forum: Beginner Basics
Topic: WireGuard Handshake issue protonvpn
Replies: 19
Views: 2344

Re: WireGuard Handshake issue protonvpn

Its probably your chateau configuration.
by Mesquite
Tue Feb 20, 2024 10:56 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Okay will have to sort out proper syntax............ its like working through mud!!
I am assuming that you are using the letters instead of the actual number showing correct to keep wan information private???
gateway=ISP3-GW-IP
by Mesquite
Tue Feb 20, 2024 9:17 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Can you poste your IP ROUTES protecting the actual WANIPs of course.
Im looking for the line with distance of 255 especially, should be three of them in blue ( possibly withe Dd as the first entry column)
by Mesquite
Tue Feb 20, 2024 9:11 pm
Forum: Beginner Basics
Topic: Port forwarding [SOLVED]
Replies: 18
Views: 1591

Re: Port forwarding [SOLVED]

Sorry you are not making any sense.
Where above was there advice to remove a /24 and put in a /32 ???

Your input about DHCP and DNS, seems out of the blue as well........... what is the issue here?
by Mesquite
Tue Feb 20, 2024 9:00 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

It does not work because 192.168.88.1 is nonsensical. Nobody uses the interface address of the subnet to reach a server...... Either you are connect to the ROUTER WANIP, like you were coming in externally and get port forwarded to the router. dst-address=actual WANIP for static, in-interface=WAN for...
by Mesquite
Tue Feb 20, 2024 8:30 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

Thats weird, okay I must have overlooked something.............. Post the complete config for me to review.................. NM, found the issue............... Okay, so the public IP is that of the upstream router and not your own WANIP 192.168.100.100. That makes a huge difference my apologies, for...
by Mesquite
Tue Feb 20, 2024 8:11 pm
Forum: Beginner Basics
Topic: help to configure
Replies: 24
Views: 1376

Re: help to configure

Yup, when there is a need. I currently only have a cap and an ax3 both as wifi devics with a CCR1-1009 router and a mixed bag of other vendor consumer APs..........So no need for roaming as I dont have two of the same anything.
by Mesquite
Tue Feb 20, 2024 8:10 pm
Forum: Beginner Basics
Topic: Mikrotik Dual WAN Services access (ROS 6.47.9)
Replies: 3
Views: 434

Re: Mikrotik Dual WAN Services access (ROS 6.47.9)

Any reason you have to stick to RoS 6. Can be done in both vers6 and vers7
by Mesquite
Tue Feb 20, 2024 8:08 pm
Forum: Beginner Basics
Topic: Failover WAN Thru wifi bridge
Replies: 3
Views: 1174

Re: Failover WAN Thru wifi bridge

Recursive works fine,...........just dont select default route on the pppoe client settings as were are doing its routes manually!! One WAN, two different DNS addresses to ensure the ppoe wan is reaching the internet. /ip route add distance=1 check-gateway=ping dst-address=0.0.0.0/0 gateway=1.1.1.1 ...
by Mesquite
Tue Feb 20, 2024 7:24 pm
Forum: Beginner Basics
Topic: help to configure
Replies: 24
Views: 1376

Re: help to configure

I agree with you. My point is that drawing lines is highly subjective.
Concur, personally, I have steered clear of capsman and still have all my hair!! ;-)
by Mesquite
Tue Feb 20, 2024 7:07 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

GO to my IP tab upper left on winbox, select IP and near the top select CLOUD. Enable DDNS, hit apply. Soon a DNS name should show up near the bottom. This is the tried and true method of setting this up. I cannot recommend in-interface-list=ALL as a solution, mainly because I dont know if there are...
by Mesquite
Tue Feb 20, 2024 6:44 pm
Forum: Beginner Basics
Topic: RB5009 VLAN initial setup [SOLVED]
Replies: 6
Views: 723

Re: RB5009 VLAN initial setup [SOLVED]

You are braver than I. I actually looked at your config and I am surprized anything is working........ First of, if you are going to use vlans across more than one port as well as other subnets, its best too create vlans for each subnet. Then we are dealing with apples and apples and everything is c...
by Mesquite
Tue Feb 20, 2024 6:43 pm
Forum: General
Topic: Thoughts on a "LoopProtect" type script..
Replies: 3
Views: 424

Re: Thoughts on a "LoopProtect" type script..

Did you raise any supouts for bugs detected ??
by Mesquite
Tue Feb 20, 2024 6:42 pm
Forum: General
Topic: WINBOX PROBLEM
Replies: 3
Views: 408

Re: WINBOX PROBLEM

This is a known issue happening to many many people. Its seemingly random and happens on all my devices from time to time, no rhyme or reason but started for me at some iteration of version 7............. probably also after the last major winbox update as well. Try logging in and out of winbox, unp...
by Mesquite
Tue Feb 20, 2024 6:38 pm
Forum: Beginner Basics
Topic: RB5009 VLAN initial setup [SOLVED]
Replies: 6
Views: 723

Re: RB5009 VLAN initial setup [SOLVED]

Also if not using IPV6, disable it and remove all the firewall address lists and firewall rules......
https://www.youtube.com/watch?v=4Z32oOPqCqc&t=787s
by Mesquite
Tue Feb 20, 2024 6:34 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

So, well, that was my usual way of testing that it works... And later I'd test it works outside of my network. Quite correct, most have that built-in, whereas the MT RoS is very configurable if one knows networking, even when I used consumerPRO zyxel models, they had a simple checkbox for this, thi...
by Mesquite
Tue Feb 20, 2024 6:30 pm
Forum: Beginner Basics
Topic: Wireguard simple firewall rule
Replies: 8
Views: 956

Re: Wireguard simple firewall rule

Check for any traffic on the wg interface using Winbox Tools -> Packet Sniffer. If not, there might be a mismatch in the wg peer configuration, either with the keys or the allowed addresses. ........how could that be?? Oh right, you have introduced another private-pair key coupling into the mix.......
by Mesquite
Tue Feb 20, 2024 6:23 pm
Forum: Beginner Basics
Topic: Port forwarding [SOLVED]
Replies: 18
Views: 1591

Re: Port forwarding [SOLVED]

1. A clue as to improper config.............. symbols and number in your rules where not applicable!!! From: /interface list member add list=LAN { empty entry you need to get rid of } add interface= *F list=WAN add interface=bridge1 list=LAN add interface=ether1 list=WAN add interface= *10 list=WAN ...
by Mesquite
Tue Feb 20, 2024 6:19 pm
Forum: Beginner Basics
Topic: Wireguard simple firewall rule
Replies: 8
Views: 956

Re: Wireguard simple firewall rule

hahaha, obviously we need to have few beers together to discuss!!!
I promise to have an open mind and be patient as it may take awhile for you to see the better way........
by Mesquite
Tue Feb 20, 2024 6:08 pm
Forum: Beginner Basics
Topic: Problem with port forwarding on L009UiGS, double NAT, dynamic WANIP
Replies: 39
Views: 2030

Re: Problem with port forwarding on L009UiGS

So you are attempting to get fancy by reachin an internal server by using the public IP address as if you were coming in from externally. Boggles my mind, why not just use the LANIP address LOL. In any case you are running into hairpin NAT. 1. Solved partially by adding this sourcenat rule put at th...
by Mesquite
Tue Feb 20, 2024 5:51 pm
Forum: Beginner Basics
Topic: Wireguard simple firewall rule
Replies: 8
Views: 956

Re: Wireguard simple firewall rule

LARSA, you complicate life LOL. You doth go too far....... Simply solved by adding the appropriate firewall rules............. No need to create ANOTHER INTERFACE However, I can play your silly game and UPSELL you on a better approach Simply create another IP Address associated to the interface. Ens...
by Mesquite
Tue Feb 20, 2024 5:05 pm
Forum: General
Topic: Can't access hEX (pretty urgent) [SOLVED]
Replies: 30
Views: 2773

Re: Can't access hEX (pretty urgent) [SOLVED]

The good news is that a. you have a working device in place, b. the old one netinstalled and reconfigged, can be in a box ready to plug in and take over next time there is an issue.
by Mesquite
Tue Feb 20, 2024 5:02 pm
Forum: Beginner Basics
Topic: help to configure
Replies: 24
Views: 1376

Re: help to configure

We will receive many examples but what you said highlights the need for a. to understand each variation of wifi first (before using another layer of complexity - capsman) b. in this case both devices are not the same vintage.... @op, I gave you both the generic setup of the cap you have and the swit...
by Mesquite
Tue Feb 20, 2024 4:59 pm
Forum: Beginner Basics
Topic: Wireguard simple firewall rule
Replies: 8
Views: 956

Re: Wireguard simple firewall rule

Firewall forward chain of the receiving router is a good spot to put such rules. Assuming your rules look like this.... add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yes add action=accept chain=forward comment=&...
by Mesquite
Tue Feb 20, 2024 1:39 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

No it makes little difference, perhaps more items for the CPU to keep track of. I personally like the differentiation as its really different traffic we are marking, the similarity is we push that traffic to the same routes, via using the same table. So the PCC is working, great news!! As for mangle...
by Mesquite
Tue Feb 20, 2024 1:37 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

@Quantam Alfa, its time you did some work here ....... I provided very clear instructions on what needed to be setup on both routers. I also provided links to good videos. Take the configs you have now, pulled from both routers, and work on them in notepadd++ and then present here for review. I unde...
by Mesquite
Tue Feb 20, 2024 1:34 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

I feel like I'm taking crazy pills. You are LOL. The OP stated early on........ Quote:" I want to take advantage of wireguard VPN. . " unquote. Then cat interjected incorrectly stating the OP had to use BTH and nevermind normal wireguard VPN, further the hex cannot do BTH not being arm/ar...
by Mesquite
Tue Feb 20, 2024 1:26 pm
Forum: General
Topic: Forward WAN port to another subnet/router LAN [SOLVED]
Replies: 8
Views: 2210

Re: Forward WAN port to another subnet/router LAN [SOLVED]

its been awhile since ive looked at your config.
Post the complete config again and state clearly what you are attempting to do.
by Mesquite
Tue Feb 20, 2024 5:26 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Okay upon review, I erred in the first half of second set of mangle rules...................... The initial PCC rules..... FROM: add action=mark-connection chain= forward comment=\ "divide traffic into three groups" connection-mark=no-mark \ connection-state="" disabled=yes dst-a...
by Mesquite
Tue Feb 20, 2024 5:02 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Okay, the IP Routes Table is exactly correct. If one was to follow the main table, traffic would get routed out WAN1 as its primary (and working hence black). The two farther distance routes wan2 and wan3 are blue because they are not being used in the main table at the moment ( on-standby) The spec...
by Mesquite
Tue Feb 20, 2024 4:47 am
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

All very doable, the hex connects to the RB4011 as a wireguard client and that tunnel then allows local users at the RB to reach the HEX as well as any users reaching the RB via wireguard.
by Mesquite
Mon Feb 19, 2024 10:25 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

Hopefully the OP will respond soonest so the additional support can be provided. If I ever see a thread where BTH is the answer I know who to call, I am brain dead on that functionality. What I find awkward is someone having to deal with weird BTH menus when trying to setup basic (normal) wireguard,...
by Mesquite
Mon Feb 19, 2024 9:32 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

Easiest (and only) solution would be to buy another router which supports BTH VPN
Complete Baloney Sandwich

Own it and move on, weaseling like a politician is unbecoming.
by Mesquite
Mon Feb 19, 2024 9:21 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

The hex doesnt have BTH nor needs BTH, it can connect to the RB just fine using standard wireguard setup. Concur, great new functionalities have been added by MT to allow this punching through non-public IP addresses, when necessary. Telling the OP they should spend money when there is a perfectly g...
by Mesquite
Mon Feb 19, 2024 9:04 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

https://help.mikrotik.com/docs/display/ROS/WireGuard This covers the road warriors ( aka single devices well, windows, ubuntu.) https://www.youtube.com/watch?v=CH10spRyGpU&t=80s Road warrior google play store: https://www.youtube.com/watch?v=jcNkytR_G4g&pp=ygUZd2lyZWd1YXJkIG1pa3JvdGlrIGlwaG9...
by Mesquite
Mon Feb 19, 2024 8:55 pm
Forum: General
Topic: RB4011 / hEX routers upgrade & VPN connections
Replies: 55
Views: 3364

Re: RB4011 / hEX routers upgrade & VPN connections

The RB has a public IP , there is no need for BTH. Or another router! Am I missing something the OP said?? Quote:" Home A : Router : RB4011iGS+ firmware : v6.49.10 Internet : Dynamic public IP - but stays same for months unless I turn off modem for 3 - 4 days. "unquote" Setup the RB a...
by Mesquite
Mon Feb 19, 2024 8:14 pm
Forum: Beginner Basics
Topic: Fasttrack on single interface
Replies: 1
Views: 376

Re: Fasttrack on single interface

I would actually use one bridge and two vlans and then queue the single vlan. as for the ruleset would do this... accept the vlan traffic prior to fastrack rule...... Thus the fastrack rule will not be reached or seen and thus NOT executed for queued traffic but will work fine for the other vlan tra...
by Mesquite
Mon Feb 19, 2024 7:37 pm
Forum: Beginner Basics
Topic: help to configure
Replies: 24
Views: 1376

Re: help to configure

For the switch ....... /interface bridge add name=bridgeSW vlan-filtering=yes /interface ethernet set [ find default-name=ether2 ] name=offbridge-2 /interface vlan add interface=bridgeSW name=mgmtVLAN vlan-id=99 /interface list add name=management /interface bridge port add bridge=bridgeSW ingress-f...
by Mesquite
Mon Feb 19, 2024 7:12 pm
Forum: Beginner Basics
Topic: help to configure
Replies: 24
Views: 1376

Re: help to configure

For the cap ( wifi is representative of wifi5, so not to be used verbatim). ..... /interface bridge add ingress-filtering=no name=bridgecap vlan-filtering=yes /interface ethernet set [ find default-name=ether2 ] name=offbridge-access /interface vlan add interface=bridgecap name=mgmt-VLAN vlan-id=99 ...
by Mesquite
Mon Feb 19, 2024 6:49 pm
Forum: Beginner Basics
Topic: help to configure
Replies: 24
Views: 1376

Re: help to configure

I am of the ilk that first you get a solid config with the network up and running and then you tweak. In the long run, I would tend to agree if both wifi setups are of the same vintage and it will benefit roaming, capsman may be a logical goal to reach for. Its all going to work just fine without it...
by Mesquite
Mon Feb 19, 2024 6:38 pm
Forum: General
Topic: Pass WAN over VLAN with SwithOS [SOLVED]
Replies: 4
Views: 525

Re: Pass WAN over VLAN with SwithOS [SOLVED]

Please confirm if the internet traffic coming into the switch is not already on a vlan ( what type of connection is it?) Please confirm the router provides vlan DHCP for all vlans Please confirm this is the only wan connection coming into the switch ( not multiple wans ) What subnet or vlan are the ...
by Mesquite
Mon Feb 19, 2024 6:32 pm
Forum: General
Topic: Android and IOS VPN with Mikrotik
Replies: 12
Views: 1084

Re: Android and IOS VPN with Mikrotik

Android devices support wireguard, which is recommended
As per the next post.... Confirm what type of Public IP you get from your provider.
by Mesquite
Mon Feb 19, 2024 6:31 pm
Forum: General
Topic: Wireguard breaking changes in 7.12
Replies: 3
Views: 1325

Re: Wireguard breaking changes in 7.12

Post a config of a NON-working mt router and will sort it out.........
by Mesquite
Mon Feb 19, 2024 4:12 am
Forum: General
Topic: problem with connect mikrotik and Unifi
Replies: 3
Views: 440

Re: problem with connect mikrotik and Unifi

Will depend, its either a trunk port to the UNIFI carrying all vlans and the management vlan ( the one that the UNIFI should get its IP address from ) could be one of the existing vlans if its considered TRUSTED, or, it would need to be a hybrid port.
by Mesquite
Mon Feb 19, 2024 4:04 am
Forum: Beginner Basics
Topic: Bridge VLAN Filtering
Replies: 24
Views: 2938

Re: Bridge VLAN Filtering

Its up to you to figure out how the UNIFI can work or the managed switch you have. All I know is that, at least for the MIkrotik device. /interface bridge port An access port or hybrid port require the PVID of the single subnet(vlan) traversing the port and leaving the port untagged, and return traf...
by Mesquite
Mon Feb 19, 2024 3:45 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

A couple of things to think about once we get the rudimentary setup working properly. Did you want recursive routing, meaning check the connectivity not from router to ISP but from router do public DNS on the web. Rare to happen but its possible the router and the ISP talk but the ISP to the interne...
by Mesquite
Mon Feb 19, 2024 1:24 am
Forum: General
Topic: problem with connect mikrotik and Unifi
Replies: 3
Views: 440

Re: problem with connect mikrotik and Unifi

Can you confirm your unifi AP wants by default to accept the mangement vlan untagged into the router and all the data vlans as tagged (over the port leading from MT)??
by Mesquite
Mon Feb 19, 2024 1:07 am
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Okay, well since you have servers in the mix External traffic to LAN, then we have to account for that traffic to ensure its goes back out the same WAN it came in. Since you have no external traffic to the router itself,VPN etc, there is no need to mangle that traffic. 1. The other thing I noted is ...
by Mesquite
Sun Feb 18, 2024 11:52 pm
Forum: General
Topic: Winbox Secure Mode, TLS encryption version
Replies: 11
Views: 10067

Re: Winbox Secure Mode, TLS encryption version

We should have TLS1.3 as an option to select when............... YESTERDAY.
I believe that protocol makes perfect forward secrecy mandatory when selected so that will create additional firmware work to implement.
It would be nice if MT actually stated approx when its expected to hit the road map.
by Mesquite
Sun Feb 18, 2024 11:20 pm
Forum: Beginner Basics
Topic: 3-ISPs Load Balancing - need help [SOLVED]
Replies: 51
Views: 6600

Re: 3-ISPs Load Balancing - need help [SOLVED]

Can you confirm that ISP1,2,3 are providing static fixed WANIPs, or dynamic WANIps
Are they all from the same provider?
Do you have any external traffic going to the router itself (aka wireguard handshake for example)
Do you have any LAN servers that external traffic expects to hit...........
by Mesquite
Sun Feb 18, 2024 11:16 pm
Forum: Beginner Basics
Topic: Routing traffic of NAS through VPN, targetting specific device/IP on network [SOLVED]
Replies: 6
Views: 929

Re: Routing traffic of NAS through VPN, targetting specific device/IP on network [SOLVED]

I did have two errors on my dstnat rule, since routing is done after dstnat, the out-interface is not yet known so that needs to be removed, and I needed source address list not in-interface list!!!! Thus this should be the dstnat rules......... add chain=dst-nat action=dst-nat src-address-list=VPNs...
by Mesquite
Sun Feb 18, 2024 10:55 pm
Forum: Beginner Basics
Topic: Bridge VLAN Filtering
Replies: 24
Views: 2938

Re: Bridge VLAN Filtering

To be clear, I would never use these rules, IF the intent is to have TRUNK ports, you are not, you are actually ATTEMPTING to set up hybrid ports. IF its a unifi switch and unifi AP, they very well may be setup to accept the management vlan untagged ( which is their default setting ) in which case y...
by Mesquite
Sun Feb 18, 2024 10:50 pm
Forum: Beginner Basics
Topic: Bridge VLAN Filtering
Replies: 24
Views: 2938

Re: Bridge VLAN Filtering

This is a contradictory statement. Duly noted. I've updated the configuration and can confirm that we are still operational with both the UAP and SWR PVID at 99 with frame type set to VLAN-Tagged-Only. /interface bridge ports: a. Either the bridge ports are identified as TRUNK PORTS ( vlan-tags only...
by Mesquite
Sun Feb 18, 2024 10:45 pm
Forum: Beginner Basics
Topic: Bridge VLAN Filtering
Replies: 24
Views: 2938

Re: Bridge VLAN Filtering

Hi there, if its adding quotes its because you are not and in the case of bridge vlan interfaces who knows what the result is ???? YOU CANNOT put in interface names with spaces !! If you want to, you have to put quotes around the name. So either a. create interface names without any spaces OR b. cre...
by Mesquite
Sun Feb 18, 2024 10:40 pm
Forum: Beginner Basics
Topic: wireguard question
Replies: 2
Views: 470

Re: wireguard question

(1) Shorten interface list members to: /interface list member add interface=sfp-sfpplus2 list=WAN add interface=pppoe-out1 list=WAN add interface=ether13 list=MGMT add interface=vlan-servers-78 list=LAN add interface=vlan-home-88 list=LAN add interface=wireguard1 list=LAN (2) ORGANIZE your firewall ...
by Mesquite
Sun Feb 18, 2024 9:49 pm
Forum: General
Topic: RouterOS - Simple WireGuard Client Setup
Replies: 4
Views: 1141

Re: RouterOS - Simple WireGuard Client Setup

Will have to see your current full config to make any more recommendations.
PS where do you see to enter DNS on the mikrotik wireguard interface settings, not any such thing on my router ???
What DNS did the third party provider give you???
by Mesquite
Sun Feb 18, 2024 9:43 pm
Forum: General
Topic: RouterOS - Simple WireGuard Client Setup
Replies: 4
Views: 1141

Re: RouterOS - Simple WireGuard Client Setup

In terms of setup, this is actually what it should look like, no offense to the previous poster but its in error. One should be careful before providing bad information!!!! /interface wireguard add listen-port=51820 name=wireguard1 { port can be anything random no relation to port given to you by th...
by Mesquite
Sun Feb 18, 2024 9:34 pm
Forum: General
Topic: RouterOS - Simple WireGuard Client Setup
Replies: 4
Views: 1141

Re: RouterOS - Simple WireGuard Client Setup

Not really enough info. It would seem you are saying you have purchased a third party VPN provider and wish to use that provider for internet access for some or all of the users on your router. In other words the router is not the server for handshake but he wireguard client for handshake? OR You ar...
by Mesquite
Sun Feb 18, 2024 9:09 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Designed as a router and a home for a mouse.
by Mesquite
Sun Feb 18, 2024 9:08 pm
Forum: General
Topic: What's the point of 7.12.2?
Replies: 1
Views: 311

Re: What's the point of 7.12.2?

In general, the purpose of 7.12.2 was probably to fix some issue with 7.12 and 7.12.1.
It also happens to be the milestone or changeover firmware one needs to upgrade to from earlier versions including version 6 firmware when concerned about wifi.
by Mesquite
Sun Feb 18, 2024 3:42 pm
Forum: Beginner Basics
Topic: help to configure
Replies: 24
Views: 1376

Re: help to configure

You should also discuss how many subnets you have/need and your current use of vlans if any.
by Mesquite
Sun Feb 18, 2024 3:41 pm
Forum: Beginner Basics
Topic: Routing traffic of NAS through VPN, targetting specific device/IP on network [SOLVED]
Replies: 6
Views: 929

Re: Routing traffic of NAS through VPN, targetting specific device/IP on network [SOLVED]

To be clear you are attempting to connect to a third party VPN provider? Not sure what that has to do with your phone, as either. a. you are connecting to proton with your router and ISP connection and then selecting which users use the tunnel OR b. you are connecting your phone via cellular and wir...
by Mesquite
Sun Feb 18, 2024 5:52 am
Forum: Beginner Basics
Topic: Wireguard on Android not getting internet [SOLVED]
Replies: 4
Views: 1002

Re: Wireguard on Android not getting internet [SOLVED]

No worries, learning can be fun with an open mind!! In terms of the sourcenat question. A general rule of thumb is that when the router is a server for handshake, it means more than likely client peers are going to connect to the router and access either the subnets or the internet. In this case, it...
by Mesquite
Sun Feb 18, 2024 5:41 am
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Sorry giga, I guess the green & bold didnt grab your attention, next time I will make it larger 38Gigs
by Mesquite
Sun Feb 18, 2024 5:38 am
Forum: Beginner Basics
Topic: Bridge filter rules not working
Replies: 26
Views: 2021

Re: Bridge filter rules not working

I don't have a CRS3xx device, so discussion in this thread is now beyond my knowledge. Feel for you buddy, looking at at CRS310 I just took out of the box. :-) Anytime you want to wireguard in and look around let me know. By the way, the secret is never put yourself in a position to have to get ana...
by Mesquite
Sun Feb 18, 2024 5:33 am
Forum: Beginner Basics
Topic: Bridge VLAN Filtering
Replies: 24
Views: 2938

Re: Bridge VLAN Filtering

Trunk ports do not require pvid so at first blush I would do this............ From this: add bridge=bridge1 interface="ether6 - SWR1" pvid=10 add bridge=bridge1 interface="ether1 - UAP1" pvid=10 TO: add bridge=bridge1 interface="ether6 - SWR1" ingress-filtering=yes fram...
by Mesquite
Sun Feb 18, 2024 5:15 am
Forum: General
Topic: Wireguard doesn't work and no logs
Replies: 22
Views: 2925

Re: Wireguard doesn't work and no logs

You only have one peer in the config above, when did you add others....
Please post your latest complete config for review.
by Mesquite
Sun Feb 18, 2024 3:17 am
Forum: General
Topic: hap ax^2 does not provide full speed connection
Replies: 31
Views: 1896

Re: hap ax^2 does not provide full speed connection

Shouldve called this thread the holy grail! ;-) Cant wait for the ending.
by Mesquite
Sat Feb 17, 2024 6:15 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Actually, the 310-8G, as a router should provide you somewhere around 180-200Mbps
If you are talking switching throughput 38Gigs. :-)
Point of repeating already provided information???
by Mesquite
Sat Feb 17, 2024 6:12 pm
Forum: General
Topic: hap ax^2 does not provide full speed connection
Replies: 31
Views: 1896

Re: hap ax^2 does not provide full speed connection

NOT default. But should not be slowing your router down regardless ?????? 1. You can remove default static rule..... /ip dns static add address=192.168.88.1 comment=defconf name=router.lan 2. You can add some external servers...... /ip dns set allow-remote-requests=yes servers=1.1..1, 9.9.9.9 3. You...
by Mesquite
Sat Feb 17, 2024 4:34 pm
Forum: General
Topic: hap ax^2 does not provide full speed connection
Replies: 31
Views: 1896

Re: hap ax^2 does not provide full speed connection

Post the config, it will have to be there then............ sounds like fastrack is disabled or in conflict with another part of your config!!! Which would mean not exactly default.
by Mesquite
Sat Feb 17, 2024 4:33 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

I know, but that is for routing performance. I hope OP here plan to use it strictly as switch. Not router.
You are still wrong, the 310 has two SFP+ ports, so its more like 10Gigs at least not 2.5!!
by Mesquite
Sat Feb 17, 2024 3:35 pm
Forum: Beginner Basics
Topic: Wireguard on Android not getting internet [SOLVED]
Replies: 4
Views: 1002

Re: Wireguard on Android not getting internet [SOLVED]

Firstly, it would be necessary to see the wireguard config on the android phone as well for a complete assessment. I suspect errors there as well. Second remove actual keys from your config before posting!! ( and go back and remove them from your post if that is the case ) As for the router... 1. As...
by Mesquite
Sat Feb 17, 2024 3:06 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

Actually, the 310-8G, as a router should provide you somewhere around 180-200Mbps If you are talking switching throughput 38Gigs. :-) The $$ as you call it is not for the routing capacity its for the switching capacity and unique 2.5 gig ports etc..... The moral of the story is research before your ...
by Mesquite
Sat Feb 17, 2024 3:05 pm
Forum: Beginner Basics
Topic: DHCP Starting IP from 192.168.88.2
Replies: 13
Views: 1592

Re: DHCP Starting IP form 192.168.88.2

Its one of the funny perks of RoS DHCP leases. It doesnt start applying leases at the start of the pool by default, but at the end of the pool. But my ccr1009 does not, so I have no idea how to control it, maybe its random. I believe someone asked for a software change so one could choose a. start o...
by Mesquite
Sat Feb 17, 2024 3:03 pm
Forum: Beginner Basics
Topic: Trouble with VLAN Configuration on MikroTik RB5009 [SOLVED]
Replies: 11
Views: 1384

Re: Trouble with VLAN Configuration on MikroTik RB5009 [SOLVED]

Concur, valuable feedback which can enable us perhaps to help others better.
by Mesquite
Sat Feb 17, 2024 3:00 pm
Forum: Beginner Basics
Topic: actual basics
Replies: 20
Views: 1421

Re: actual basics

Awesome, my favourite line......... Quote: " What I want from you in return is effort. If you show us that you're trying to learn, and progressing, you'll increase the chances of getting more of this "free" training. If not, then why would any of us expend more of our finite time on t...
by Mesquite
Sat Feb 17, 2024 2:51 pm
Forum: General
Topic: Transport layer 2 over Internet?
Replies: 4
Views: 468

Re: Transport layer 2 over Internet?

Zerotier?
by Mesquite
Sat Feb 17, 2024 2:50 pm
Forum: General
Topic: Accessing/Manage multiple networks locally
Replies: 3
Views: 336

Re: Accessing/Manage multiple networks locally

I read this differently. The MIKROTIK is the main router for both LAN subnets. One port on the MT is connected (wired) to an wifi router which provides home network. Another port or perhaps all other ports on the MT is connected to LAB subnet. To allow one to reach the other is just a matter of fire...
by Mesquite
Sat Feb 17, 2024 2:45 pm
Forum: General
Topic: hap ax^2 does not provide full speed connection
Replies: 31
Views: 1896

Re: hap ax^2 does not provide full speed connection

No idea, you should be getting in the 900ish range with that device.
Default settings would not cause slowdown. What firmware are you using?
by Mesquite
Fri Feb 16, 2024 10:11 pm
Forum: General
Topic: Can't get basic vlan trunk to work. What am I missing?
Replies: 4
Views: 368

Re: Can't get basic vlan trunk to work. What am I missing?

Which device is chip filtered? The CR3XX series is the same as bridge filtering....
https://www.youtube.com/watch?v=YLtGQAQ8iS0
by Mesquite
Fri Feb 16, 2024 10:05 pm
Forum: General
Topic: Wireguard from Linux not working [SOLVED]
Replies: 36
Views: 2413

Re: Wireguard from Linux not working [SOLVED]

Makes no sense to me. Linux device should produce both a private key and a public key. The public key should be placed in the peer settings on the mikrotik router and the Mikrotik public key should be placed on the peers settings of the linux machine. Note: Even stupid windows generates a public key...
by Mesquite
Fri Feb 16, 2024 5:36 pm
Forum: Beginner Basics
Topic: Wireguard LAN to LAN (one side behind NAT) not working
Replies: 16
Views: 3852

Re: Wireguard LAN to LAN (one side behind NAT) not working

In general only the router (server for handshake) identifies peer by /32 addresss ( peer to peer quality) All other routers (acting as cliengs for handshake) not using 0.0.0.0/0 for allowed IPs (covers all addresses) should utilize for allowed IPS. wireguardsubnet, remotesubnet(s) where remote subne...
by Mesquite
Fri Feb 16, 2024 5:22 pm
Forum: Beginner Basics
Topic: basic dual WAN configuration do not work
Replies: 13
Views: 5373

Re: basic dual WAN configuration do not work

Dual wan works very well. What is not clear is the requirements, so I have to guess. WAN1 is primary should run most traffic all the time. If WAN1 fails you want users to go to WAN2? WAN2 is secondary, handles servers all the time. If WAN2 fails you want servers accessible on WAN1? add distance=1 ch...
by Mesquite
Fri Feb 16, 2024 4:50 pm
Forum: Beginner Basics
Topic: Wireguard LAN to LAN (one side behind NAT) not working
Replies: 16
Views: 3852

Re: Wireguard LAN to LAN (one side behind NAT) not working

Yes it should, I would guess all your other peers are incorrect. The way to ensure traffic does not pass is the use of firewall rules at the receiving router end..... (aka assumes peer 5 is a router) Ex at Peer 5 add action=accept chain=forward in-interface=wireguard dst-address=subnet src-address-l...
by Mesquite
Fri Feb 16, 2024 4:39 pm
Forum: Beginner Basics
Topic: Two DNS server behind one IP address?
Replies: 8
Views: 1077

Re: Two DNS server behind one IP address?

Having both up at the same time is possible, but I am not so sure you can "fail over" from ad guard to MT. I would say you have to manually adjust the config. For example /ip NAT add chain=dst-nat action=dst-nat dst-port=53 protocol=udp source-address-list=!Adguard to-address=AdguardIP add...
by Mesquite
Fri Feb 16, 2024 4:22 pm
Forum: General
Topic: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial
Replies: 26
Views: 1756

Re: Mikrotik Chateau AX (5G) eth1 + lte1 load balancer with failover - looking for a tutorial

So it would appear ether1, is a fixed private IP you get from an upstream router?
The LTE would appear to be possibly a public IP that is dynamic (can change)??
by Mesquite
Fri Feb 16, 2024 2:42 pm
Forum: Beginner Basics
Topic: Wireguard LAN to LAN (one side behind NAT) not working
Replies: 16
Views: 3852

Re: Wireguard LAN to LAN (one side behind NAT) not working

1. The client side settings should be:
allowed IPs=172.31.1.0/24, 192.168.10.0/24

Not sure why showing 6 wireguard peers, assuming the first one is for a different wg interface on the router and thus not in play for your question.
by Mesquite
Fri Feb 16, 2024 2:38 pm
Forum: Beginner Basics
Topic: Firewall rules - Dont know why my server is accessible from the internet. Is should be not [SOLVED]
Replies: 8
Views: 1159

Re: Firewall rules - Dont know why my server is accessible from the internet. Is should be not [SOLVED]

I would have to say your firewall rules are less than optimal and you should go back to default type settings to start with and then modify them as required. The fact that you forward chain port 80 from wan to lan ( vice using dstnat ) seems off. Confirmed my suspicions when you leave your winbox po...
by Mesquite
Fri Feb 16, 2024 2:28 pm
Forum: Beginner Basics
Topic: Trouble with VLAN Configuration on MikroTik RB5009 [SOLVED]
Replies: 11
Views: 1384

Re: Trouble with VLAN Configuration on MikroTik RB5009 [SOLVED]

Cannot spot error yet either......... Not sure what ether6 is doing its identified on bridge ports as a trunk port but nothing assigned bridge vlans. Just to be consistent with how you did the other ones, I would manually untag ether4 on /interface bridge vlans but not necessary. /interface bridge v...
by Mesquite
Fri Feb 16, 2024 4:34 am
Forum: Beginner Basics
Topic: Wireguard LAN to LAN (one side behind NAT) not working
Replies: 16
Views: 3852

Re: Wireguard LAN to LAN (one side behind NAT) not working

No not without seeing your wireguard peer setting on the router ( all five ) and the client device wireguard settings......
by Mesquite
Fri Feb 16, 2024 12:17 am
Forum: Beginner Basics
Topic: Routing traffic of NAS through VPN, targetting specific device/IP on network [SOLVED]
Replies: 6
Views: 929

Re: Routing traffic of NAS through VPN, targetting specific device/IP on network [SOLVED]

1. DANGER! - UNPLUG YOUR ROUTER - Please DO NOT allow direct access to WINBOX from the internet!! It is meant for internal access!! Also bad is using the default winbox port................. add action= accept chain=input comment="allow Winbox" in-interface=\ "ether1[internet]" p...
by Mesquite
Fri Feb 16, 2024 12:09 am
Forum: Beginner Basics
Topic: Bridge VLAN Filtering
Replies: 24
Views: 2938

Re: Bridge VLAN Filtering

Please post your latest complete config and I will be happy to review. Reading through the posts again, you should not need to use another device (bypass this acting switch) to pass vlans to another switch!! Its trunk in ( all vlans), rest of ports are either trunk out to smart device, or access por...
by Mesquite
Thu Feb 15, 2024 11:33 pm
Forum: Beginner Basics
Topic: Dual DHCP WAN recursive failover w/ PCC load-balancing; and recursive ECMP
Replies: 1
Views: 531

Re: Dual DHCP WAN recursive failover w/ PCC load-balancing; and recursive ECMP

I dont understand the premise. ECMP and PCC are two different load balancing types, thus confused. Yes, I dont understand what he is doing for routing for the NON ECMP routes either... Its actually incomplete.... I dont know about ECMP (equal path) but in the case of PCC you still need to assign som...
by Mesquite
Thu Feb 15, 2024 11:29 pm
Forum: General
Topic: Wireguard - Multiple connections as a client [SOLVED]
Replies: 5
Views: 2073

Re: Wireguard - Multiple connections as a client [SOLVED]

Outbound is problem, if each wg peer setting to the third party provider is 0.0.0.0/0 for allowed IPs, then it wont work.
By having a different interface and different port, the problem is avoided.
by Mesquite
Thu Feb 15, 2024 2:50 pm
Forum: General
Topic: Wireguard from Linux not working [SOLVED]
Replies: 36
Views: 2413

Re: Wireguard from Linux not working [SOLVED]

LInux firewall getting in the way?
by Mesquite
Thu Feb 15, 2024 2:44 am
Forum: General
Topic: Mikrotik blocks pages
Replies: 3
Views: 366

Re: Mikrotik blocks pages

I would retain the one bridge you use for the LAN and scrap the rest unless there is some reason you have to have bridges. THis reduces bridge ports to three lines. Simpy assign all the vlans to sfpplus1 as you have and define each pppoE client as follows: /interface pppoe-client add disabled=no int...
by Mesquite
Wed Feb 14, 2024 10:18 pm
Forum: General
Topic: Wireguard from Linux not working [SOLVED]
Replies: 36
Views: 2413

Re: Wireguard from Linux not working [SOLVED]

2. Only because Ive signed in on firefox and to lazy to sign out and sign back in again LOL
by Mesquite
Wed Feb 14, 2024 10:17 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 9913

Re: VLANS creation and testing-AX2

As I said fair points, I have habits.......... regardless of where router is located.
  • 1
  • 2