Mar 20 2015

Mikrotik IPSec VPNs with multiple destination Networks/Policies and SA(s) management.

While configuring Multiple Networks VPNs (Multiple policy and destination SubNets reached via the same remote IPSec VPN Peer) between Mikrotik and other Firewalls, traffic would randomly stop for certain destinations.

Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and any other destination (and only the first matched one) will be reachable by performing a ‘SA Flush’.

Continue reading


Nov 6 2012

RouterOS: Understanding ‘Safe Mode’.

It is sometimes possible to change router configuration in a way that will make the router inaccessible from a remote connection and an access from the local console is needed to repair the mistake.
Usually this is done by accident, but there is no way to undo last change when connection to router is already cut.

In RouterOS, Safe Mode can be used to minimize this risk.
Continue reading


Sep 9 2012

Mikrotik Configuration Management.

Configuration Backup can be used to save MikroTik RouterOS configuration to a binary file, which can be stored on the router or downloaded from it using FTP for future use.
The configuration restore can be used for restoring the router’s configuration, exactly as it was at the backup creation moment, from a backup file.

The restoration procedure assumes the configuration is restored on the same router, where the backup file was originally created, so it will create partially broken configuration if the hardware has been changed.

Configuration Export can be used for dumping out complete or partial MikroTik RouterOS configuration to the console screen or to a text file, which can be downloaded from the router using FTP protocol.

The configuration dumped is actually a batch of commands that add (without removing the existing configuration) the selected configuration to a router.
Continue reading


Sep 2 2012

Stream Mikrotik RouterOS Sniffer TZSP directly to a remote WireShark host.

Network administrators often use Protocol Sniffers to debug remote network problems.

Here is a brief explanation on how to configure WireShark to receive MikroTik RouterOS Sniffer Stream (in TZSP format).
Continue reading


Mar 20 2012

Configure Port-Knocking in RouterOS.

Port knocking is a method of establishing a connection to a networked device that has no open ports.

Before a connection is established, ports are opened using a port knock sequence, which is a series of connection attempts to closed ports.
Continue reading