mikrotik

  1. Andy

    MikroTik port 53 DNS service DDoS attack mitigation and prevention

    If you found a router that's having botnet attacks on port 53 (DNS), you can use this script to mitigate the attack: /ip firewall filter add chain=input in-interface=pppoe-out1-ISP protocol=udp dst-port=53 action=drop add chain=input in-interface=pppoe-out1-ISP protocol=tcp dst-port=53...
  2. Andy

    Allow a hotspot user to be simultaneously used by multiple users or devices

    Log in to the MikroTik interface, either Winbox or Webfig, then navigate to: IP > Hotspot > User Profiles > Profile > Shared Users This is set to 1 as default, you can either directly increase the numerical value here or click the triangle at the end of the line to remove the restriction for...
  3. Andy

    MikroTik L2TP over IPsec VPN Server Tutorial Guide for RouterOS v6.44+

    This is an updated tutorial from my previous RouterOS v6.43 L2TP/IPsec tutorial. In RouterOS v6.44 there were major changes where they removed "main-l2tp" exchange-mode from the /ip ipsec peer. But this means configuring L2TP/IPsec is even more simpler, just follow through my guide down below...
  4. Andy

    MikroTik Schedule Auto Reboot Script every day at 6 AM

    So you want to have your MikroTik router rebooted every day at 6 a.m. in the morning before the business start to prevent possible random issues from happening? Go to MikroTik Winbox, open a New Terminal and enter this one line simple command: /system scheduler add name="reboot-6am"...
  5. Andy

    Setup MikroTik as L2TP/IPsec Dial-in VPN Server with all traffics are being routed

    Here we will be configuring a dial-in VPN using L2TP with IPsec. In this example, we will be using 192.168.7.0/24 for the L2TP clients and for the LAN. The configuration will detail the following: Enable L2TP server Create a DHCP pool Create an L2TP profile Create a sample user Configure...
  6. Andy

    Restore MikroTik interface default MAC address

    If you restore a MikroTik backup to another device, you will most likely have some duplicate MAC addresses on your network, this is because MikroTik configuration tends to restore along with the MAC address information. If you want to restore the interface's default MAC address, open a New...
  7. Andy

    MikroTik Fasttrack with IPsec

    Fasttrack is a new feature introduced in RouterOS v6.29 that allows you to forward packages in a way that they are not handled by the Linux Kernel which greatly improves the throughput of your router as well as lowering the CPU load. Fasttrack allows all packages that have the state Established...
  8. Andy

    MikroTik Site-to-Site IPsec Tunnel

    Easy Guide on how to setup MikroTik Site-to-Site IPsec Tunnel If one of MikroTik’s WAN IP address is dynamic, set up the router as the initiator (i.e. dial-out) If you are working from WAN, don’t forget to enable Safe Mode. Let’s go to Winbox -> IP -> IPsec -> Proposals, and this is the...
  9. Andy

    Setup MikroTik as L2TP/IPSec VPN Server

    This is a brief guide on how to implement an L2TP/IPSec VPN server on Mikrotik RouterOS and use it as a gateway. Change these to fit your setup: This router’s local IP address: 172.31.1.1/20 WAN connection is PPPoE with the name ether1-GTW. If you use PPPoE, use the name of your PPPoE...
  10. Andy

    MikroTik Bruteforce Login Prevention

    To stop SSH, Telnet and FTP attacks on your router, follow the following advise: This configuration allows only 10 FTP login incorrect answers per minute. in /ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop \ comment="drop ftp brute...
Back
Top