1. Andy

    Restore MikroTik interface default MAC address

    If you restore a MikroTik backup to another device, you will most likely have some duplicate MAC addresses on your network, this is because MikroTik configuration tends to restore along with the MAC address information. If you want to restore the interface's default MAC address, open a New...
  2. Andy

    MikroTik Fasttrack with IPsec

    Fasttrack is a new feature introduced in RouterOS v6.29 that allows you to forward packages in a way that they are not handled by the Linux Kernel which greatly improves the throughput of your router as well as lowering the CPU load. Fasttrack allows all packages that have the state Established...
  3. Andy

    MikroTik Site-to-Site IPsec Tunnel

    Easy Guide on how to setup MikroTik Site-to-Site IPsec Tunnel If one of MikroTik’s WAN IP address is dynamic, set up that router as the initiator (i.e. dial-out) If you are working from WAN, don’t forget to enable Safe Mode. Let’s go to Winbox -> IP -> IPsec -> Proposals, and this is the...
  4. Andy

    Setup MikroTik as L2TP/IPSec VPN Server

    This is a brief guide on how to implement an L2TP/IPSec VPN server on Mikrotik RouterOS and use it as a gateway. Change these to fit your setup: This router’s local IP address: WAN connection is PPPoE with the name ether1-GTW. If you use PPPoE, use the name of your PPPoE...
  5. Andy

    MikroTik Bruteforce Login Prevention

    To stop SSH, Telnet and FTP attacks on your router, follow the following advise: This configuration allows only 10 FTP login incorrect answers per minute. in /ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \ comment="drop ftp brute...