Questions tagged [mikrotik]
Latvian manufacturer of computer networking equipment, known for the Linux-based operating system known as MikroTik RouterOS.
328 questions
0
votes
0
answers
72
views
mikrotik IKEv2 VPN password changing
I have a VPN server on mikrotik, IKEv2 protocol, with authorization via NPAS in a windows domain. The problem occurs when the RADIUS server requests a password change from the client. The user does ...
- 1
0
votes
0
answers
169
views
Wireguard on mikrotik - no internet connection
I have mirotik with Wireguard on AWS EC2, but I have problem with internet connection after connect to WG. My config which I get from mikrotik
[Interface]
ListenPort = 51820
PrivateKey = [private_key]
...
- 199
0
votes
0
answers
15
views
How to access PNET1 through PNET0 in GCP using a IPSEC tunnel?
Good day,
I have a local Mikrotik at my house connecting to a VM in GCP through an IPSEC tunnel. The IPSEC tunnel is up. I can reach the VPC network connected to PNET0 through the Tunnel. I am trying ...
0
votes
0
answers
56
views
ROS Routing Procedure
Good afternoon,
Trying to figure out a routing issue and wondering if anyone can help with procedure or idea behind it.
I have two Mikrotiks via a Wireguard Interface both as PPPoE dial outs, ...
- 1
1
vote
0
answers
65
views
IPSec on EC2 MIkrotik not working despite the connection
I have 2 mikrotiks listed on AWS:
R1 - public IP 3.75.170.246 and subnet 172.168.0.0/24
R2 - public IP 18.199.145.214 and subnet 10.0.0.0/24
On AWS, in the security group I have allow all on all ...
- 199
0
votes
0
answers
29
views
Juniper MX204 Client Can't Ping from BGP
Sorry, a newbie here, I have topology like this
BGP (Vyos) --- MX204 --- Client (Mikrotik)
Between BGP and MX204 have iBgp connection and advertise 103.20.186.0/24 from MX204
The question is, why BGP ...
1
vote
0
answers
57
views
Forwarding issue: no ping from IPSec subnet via Wireguard subnet
Problem: i1NN-clients are not able to reach hosts in remote networks like (yc1-subnet).
wireguard-peer {y} connects to {p} and receives 172.27.0.21/24 IP address in the (wireguard-subnet)
{y} is ...
- 123
1
vote
1
answer
256
views
How do I apply src-nat to the traffic coming from ipsec?
I am using StrongSwan to Mikrotik IKEv2 tunnel. I wonder if it is possible to sourcenat what is comming from the ipsec-tunnel on Mikrotik's side?
The problem is that I have a host in my local network ...
- 21
0
votes
0
answers
469
views
WireGuard tunnel on Mikrotik working "one way"
I have two remote locations.
Location 1: MKT-KRK - Mikrotik with public IP (11.12.13.14)
Location 2: MKT-BRZ - Mikrotik - no public IP
R1 - BRZ - public IP (15.16.17.18)
Network diagram below:
...
- 1,093
0
votes
0
answers
24
views
MikroTik VLAN AccessPort doesn't work
I have a problem with configuring access port on my MikroTik CRS312-4C+8XG-RM. Below, I show you my config.
I expect that on combo4 I can connect my computer to my VLAN10. In general my network works ...
- 31
0
votes
0
answers
82
views
MikroTik console command gets stuck
I am observing frequent yet not 100% repeatable cases where a console command aimed at removing all items from a given list (remove [find] to be exact) gets stuck while executing. The following is ...
- 117
0
votes
0
answers
254
views
Container in ipvlan L3 network cannot ping its docker's host, "connection status" is "invalid" in Mikrotik firewall, but can ping everyone else
Created static route on Mikrotik:
- destination address: 10.21.0.0/16
- gateway 10.9.0.3
Created docker network on Docker host:
docker network create -d ipvlan --subnet=10.21.0.0/16 --gateway=10.9.0....
- 103
0
votes
2
answers
487
views
How to wipe and completely reinstall all firmware on MikroTik router?
I have a brand new MikroTik router that behaves strangely out of the box (came with RouterOS version 7.11, upgraded to 7.14.1, default admin account disabled) - even when its configuration is ...
- 117
0
votes
1
answer
374
views
Why is MikroTik router DHCP server delivering ISP's gateway address in addition to router gateway address?
I am doing a very basic setup with a MikroTik router: an ISP modem in bridge (dumb modem) mode, a static public IP, router with DHCP server enabled, LAN. I have followed manufacturer's "Getting ...
- 117
0
votes
1
answer
1k
views
Mikrotik: Creating Letsencrypt cert fails on RouterOS v7
From RouterOS's webfig CLI I attempted to create a LetsEncrypt cert:
certificate/enable-ssl-certificate dns-name=my.domain.com
But it returned the error:
progress: [error] http challenge validation ...
- 425
0
votes
0
answers
80
views
Mikrotik cloud router with vlans routing
I have a MikroTik router configured with 30 VLANs, all passing through a trunk via a bridge. The router provides internet access via three PPP links with load balancing, and also local services to ...
0
votes
0
answers
267
views
LTE Mikrotik NAT not works
I've and LTE Mikrotik HRBwAPGR-5HacD2HnD and QNAP NAS server.
My need was to route trafic to QNAP server (192.168.88.102) from internet(using DDNS and so on) but not able to perform it, maybe I'm ...
4
votes
1
answer
413
views
Which LAGG type should be used for MLAG switches to CARP firewalls?
My network setup involves two firewalls in a Common Address Redundancy Protocol (CARP) group, each connected to an MLAG (Multi-Chassis Link Aggregation) configuration of Mikrotik switches. Onward ...
- 195
0
votes
1
answer
370
views
Sending COA request to NAS behind NAT from Freeradius
My Mikrotik NAS is behind a NAT so it only has a private network IP address. So for authentication, I am using the public IP address which works fine. But when Freeradius (hosted) has to send the COA ...
- 101
0
votes
0
answers
85
views
Mikrotik router DDNS pointing to wrong interface
I've tried to follow multiple guides that, in theory, addresses my problem with no results.
I will first make a general explanation on what i think is the problem and the steps followed to address ...
1
vote
2
answers
2k
views
How to Configure Domain-Specific Port Forwarding on MikroTik Router?
I have a MikroTik router set up at the entrance of our office network. I'm looking to configure it for specific domain-based port forwarding. The task seems to be rather common, but I am stuck. Here's ...
- 161
0
votes
0
answers
1k
views
SNMP scraping returned HTTP status 500 Internal Server Error on Prometheus
I installed Prometheus and SNMP exporter on Ubuntu Server, then configuring for scraping with
/etc/prometheus/prometheus.yml
- job_name: 'Mikrotik'
static_configs:
- targets:
- 10.10.106.210 ...
2
votes
1
answer
230
views
Port forwarding fails with two DHCP Servers/routers on the same network
TL;DR I have two routers and a switch, and have forwarded port 80 on both routers to the switch, but depending on which router gives the switch its IP, it'll have that as its default gateway, and I ...
- 141
1
vote
0
answers
388
views
mikrotik script is not run through GUI or Schedule
I get a problem that i have a one line script as bellow:
/tool fetch url="https://......"
When i run this script in winbox with "Run Script" button it does not work and after i ...
- 174
0
votes
0
answers
67
views
Two subdomains, two iredmail (postfix) servers, duplication and migration
There are two servers in the local network, and iredmail is installed on both (I don't think this is important, since Postfix is here). There is one domain example.com and one IP, and also two ...
1
vote
0
answers
575
views
Scripting with variables in RouterOS
I seem to be at a complete loss as to how Global variables work in RouterOS. My goal is to create a script which will make calls to other infrastructure components when DHCP leases are changed.
For ...
- 705
-1
votes
1
answer
528
views
Assigning static WAN IPs
My ISP gave me a /27 of IPs. Basically, they gave me the following information.
Network: 1.2.3.64/27
Gateway: 1.2.3.65
IP Range: 1.2.3.66-94
Netmask: 255.255.255.224
To deploy this, I want to give ...
- 1
0
votes
0
answers
1k
views
Windows native client not connecting to IKEv2 EAP VPN
We are investigating the possibility of replacing pfSense/opnSense with Mikrotik for our office routers. Our current routers provide site-to-site tunnels between locations, as well as RADIUS-backed ...
- 1,003
0
votes
0
answers
375
views
How to troubleshoot PXE boot from DD-WRT dnsmasq not sending tftp server info?
I have a MikroTik hEXs router (firmware v6.47.1) which I want to flash with OpenWRT. The OpenWRT wiki site has detailed instructions on the procedure, and it requires that one netboot the router. My ...
- 111
0
votes
1
answer
1k
views
DST-NAT for port tcp/80 on Mikrotik router
I am trying to redirect the incoming traffic to tcp/80 of the public IP interface of Mikrotik router to the internal server with reverse proxy.
No matter what I do, the NAT rule does not work with tcp/...
0
votes
0
answers
895
views
Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227
I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility.
It also configured for L2TP/IPSec,...
- 167
0
votes
0
answers
267
views
Mikrotik NAT rules does not trigger
I have a LAN subnet 192.168.10.0/24 connected to my CCR-1036. this router acts as DHCP server and Hotspot for users to access internet, a third party accounting server (172.17.1.0/30) is connected to ...
- 11
0
votes
2
answers
707
views
New network not using updated TLS and failing to connect to certain websites
I have 2 networks that are configured just about identically. The both have the same Router - Mikrotik RB2011UiAS-RM, with a direct fiber link to the ISP. I am using the same ISP for both networks. ...
0
votes
1
answer
1k
views
Mikrotik Ovpn with RADIUS
I need to setup OpenVPN server on a Mikrotik router. The authentication for the clients needs to be done by a Windows RADIUS server.
My problem is that the Mikrotik uses the unencryptrd PAP protocol ...
- 76
1
vote
1
answer
2k
views
Why are certain TCP connections extremely slow, except while running a packet capture on the router?
I have a weird issue with my MikroTik RouterBOARD hEX - RB750Gr3 (running Router OS 7.8).
Certain TCP connections are extremely slow, for example this 93 KB file takes ages to download from the ...
- 496
2
votes
2
answers
22k
views
nslookup finds IP address, but still claims NXDOMAIN
In my network I have:
mikrotik router (10.0.0.1) with static DNS entries for myhost.mydomain.com -> 10.0.0.4
adguard server (10.0.0.128) that uses 10.0.0.1 as upstream DNS
DHCP gives 10.0.0.128 as ...
- 131
0
votes
1
answer
648
views
One port 2 external ip linked to MAC split by LAN ports
The provider issues 2 static addresses linked to the MAC address of the device on one port. Is it possible to divide the ports of the Mikrotik router into traffic exchange through each address?
For ...
- 1
0
votes
1
answer
1k
views
Internet stopped working after upgrading RouterOS 6 to RouterOS 7
I would like upgrade RouterOS 6 to RouterOS 7, everything went fine, all interfaces went up, but the Internet did not appear for users. As I understand it, somewhere need to change routes / something ...
0
votes
1
answer
3k
views
Mikrotik - Access from VPN to LAN
There is a VPN server on Mikrotik to connect from internet to the network behind the router. Like:
LAN -> Mikrotik <-> VPN <- PC in internet
I can connect but can't access PCs on LAN when ...
- 101
0
votes
1
answer
430
views
Mikrotik configuration lost after electricity went off
Because of electric went off the miktrotik router lost operation system ..
The operation System went down ..
I did backup to the router "ccr1009"
After that everything went well but I got ...
- 1
0
votes
1
answer
665
views
MikroTik: How send the mac AP to external CAPTIVE
I set up the MikroTik router hEX RB750Gr in hotspot mode, connected the WapR-2nD access point to it and distribute wifi. Hotspot is configured for an external authorization portal (Captive). Captive ...
- 3
0
votes
0
answers
3k
views
Failure connecting Mikrotik to Strongswan using IPSec
hope you are doing well.
I am trying to connect a Mikrotik RB2011RM to Strongswan running on a cloud server. I cannot get past Phase 1.
I have searched through google and found some great examples ...
0
votes
1
answer
228
views
Mikrotic 6.49.4 queues and mangle
I'm trying to configure upload and download limits per IP on Mikrotik 6.49.4 using simple queues. Probably I'm missing something similar to disabling 'fastttrack' but even with disabled fasttrack I ...
- 129
0
votes
0
answers
313
views
Slow traffic(high ping) of MikroTik on Hyper-V
I am new to networking.
I installed MikroTik with one Windows server and two Windows 10 clients within Hyper-V. It is routing and I can access the internet from one of the Windows VMs but it is super ...
- 1
1
vote
1
answer
10k
views
Redirecting Netflix and Youtube traffic to another gateway by IP addresses on Mikrotik router
I help a friend in taking care of the network with few buildings with appartments for rent.
During the holiday season all apartments are fully booked, and that means we have 40-60 guests. There are 18 ...
- 157
0
votes
2
answers
241
views
How to implement backup link via VPN
I have a PTP wireless network from one location to another and it is working well. I would like to have a VPN backup in case it should ever go down.
How can I make this happen automatically? I am ...
-1
votes
1
answer
198
views
access mikrotik webfig through the private openvpn address
I am using Mikrotik (7.1.1) router with an ovpn client interface connected to an openvpn server installed on ubuntu ec2. Everything worked fine:
I want to use my laptop (connected to the same OpenVPN ...
- 119
0
votes
0
answers
652
views
Can I send raw TCP data directly from Mikrotik using script?
I want to control some network relay that accepts commands from PuTTY in raw mode.
Is it possible to do this with Mikrotik router? As far I know Mikrotik routers have ssh and telnet client server and ...
- 157
1
vote
0
answers
237
views
Significant throughput loss when sending data from 40G to 10G/1G ports
Not too long ago I put together a 40G network using a Mikrotik CRS354-48G-4S+2Q+RM switch as the backbone of it. I very quickly ran into an issue using this switch, transferring data from a port with ...
- 11
1
vote
0
answers
583
views
Why do I get an error when connecting to a tftp server PXE-T00 pxelinux.0 filename too long?
As a DHCP server, I have a Mikrotik configured with options 66 and 67.
/ip dhcp-server option
add name="option66" code=66 value="s'10.10.14.200'"
add name="option67" code=...
- 111