VPN (Virtual Private Network) is a technology that provides a secure tunnel across a public network. A private network user can send and receive data to any remote private network using VPN Tunnel as if his/her network device was directly connected to that private network.

MikroTik provides EoIP (Ethernet over IP) tunnel that is used to create a site to site VPN. EoIP tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two MikroTik Routers on top of an IP connection. EoIP adds an outer header mentioning the entry point of the tunnel (SourceIP) and the exit point of the tunnel (DestinationIP) but the inner packet is kept unmodified.

This article shows my take on DHCP server lease script, which creates and deletes static DNS records automatically, based on creation and deletion of DHCP leases. Although, bunch of such scripts is already available, I wanted to have the features I liked merged into one universal script.

By using Mikrotik, we can monitor the flow of packets based on protocol type, source address, destination address and port types. With this facility has been provided at Packet System, when we install RouterOS, it is easier for us in the administration of the router, out of this facility, we can tell whether the data flow in the machine we're normal or not. Monitor the occurrence of flooding, monitor malware activities and so on.

Using it is fairly easy, usually to be more comfortable in Monitoring, please enabled via Winbox, to get into the Router. More details can be seen the picture below.

Facilities Torch can be used with Winbox the Tools menu - Torch. Please Click the Torch, the Torch will be shown a window

Or Can also via IP - ARP. In the ARP List window, please chosen IP address, MAC address will be in the Monitor. Right-click to enter the Torch.

Note, the items contained in these windows Torch, the manual clearly stated above have been given information on these items. Click the Start button to activate this Torch. Now we can monitor the flow of packets on Router machine. If there are any suspicious traffic please take further action.

Connect team members from anywhere in the world on any device.

ZeroTier creates secure networks between on-premise, cloud, desktop, and mobile devices.

It Just Works

• ZeroTier combines the capabilities of VPN and SD-WAN, simplifying network management.

• Enjoy flexibility while avoiding costly hardware vendor lock in.

• SPEED ⏁ Set up ZeroTier in minutes with remote, automated deployment.

• FLEXIBILITY ⏁ Emulates Layer 2 Ethernet with multipath, multicast, and bridging capabilities.

• SECURITY ⏁ ZeroTier’s zero-trust networking solution provides scalable security with 256-bit end-to-end encryption.

Here we will discuss how to block website on MikroTik? how to block domain in MikroTik router and how to block social media websites on MikroTik, like Youtube, Facebook, Twitter.

One of the best solutions so far is to force everyone on the network to use a dns resolver you control and block the dns request for this domain.

/ip firewall nat

add action=dst-nat chain=dstnat dst-address=!<dns-server> dst-port=53 \
protocol=udp to-addresses=<dns-server> to-ports=53
add action=dst-nat chain=dstnat dst-address=!<dns-server> dst-port=53 \
protocol=tcp to-addresses=<dns-server> to-ports=53

Then either create a static dns entry for download.windowsupdate.com pointing to 127.0.0.1 or use the layer7 filter to identify and drop the request.

After you have installed the RouterOS software, or turned on the Router for the first time, there are various ways how to connect to it:

Accessing Command Line Interface (CLI) via Telnet, SSH, serial cable or even keyboard and monitor if your router has a VGA card.
Accessing Web based GUI (WebFig)
Using the WinBox configuration utility (Windows app, compatible with Wine)
Every router is factory pre-configured with the IP address 192.168.88.1/24 on the ether1 port. The default username is admin with no password. After you log in for the first time, please create a new user with a password in the "full" group, re-login and delete the default admin user. We highly recommend you to follow the general guidelines of the article Securing your router to protect the device from any unauthorised access.

In this guide, I create a separate WiFi interface for phones and tablets.

Phones rarely need full network access to other local devices. And they have a nasty habit of getting lost, stolen or otherwise broken, so having a separate WiFi access point (and password) means you don’t accidentally disclose your main WiFi password.

A network which can access the Internet, but not other machines on the LAN. Not even ethernet frames.

I posted a feature request on the Mikrotik forums to validate the remove button after I managed to delete my network.

And I learned there was already a way to save me from my own stupidity: safe mode.

Safe Mode is a feature of WinBox, Webmin, TikApp and the Mikrotik console.

It provides an undo stack of changes you’ve made on your router. And if your changes involve… errr… nuking your router from orbit, they’ll automatically roll back after 9 minutes. Or, you exit without confirming your changes, you are given the option to undo them Or, you can hit the undo button to undo something bad.

To be clear, this isn’t queuing up changes ready to be applied; all your changes are made as normal. All it does is allow you to hit CTRL+Z if you mucked something up really badly. (Impressively, “something” also includes “removing all router connectivity”).

When you’re all done making changes, click Safe Mode again so they won’t be done when you exit.The manual says the router will only store the last 100 actions. I’m not exactly sure what one action may encompass (my guess is each action is one console command), but you could configure quite a bit in 100 actions. Also, this should encourage you to make small changes and then test they are working.The 9 minute timeout relates to TCP timeouts (apparently). That is, you need to confirm your changes for them to take effect. If you don’t, it takes the router 9 minutes to notice your connection wasn’t closed cleanly and roll the changes you made back.

Update pool.ntp.org address on a Mikrotik Router.Configure a Mikrotik router to use the pool.ntp.org public NTP server pool in its NTP client. So the clock will be set accurately.

If a simple copy-paste wasn’t going to work, a script which updates the IP addresses on a regular basis will.

Step-by-step guide time!