can't connect to mikrotik via Winbox or Http

Question

We have a Mikrotik RB 750GL and I can't connect to it via Winbox or Http.

There is a PPTP connection (Running) between us (On Internet), That RB is PPTP Client.

Winbox stops on retrieving preferences and then disconnect. and Http webpage doesn't load. But I can connect to it via SSH or Telnet remotely and ping it!

and a local client can connect via Winbox or Http.

also I can't conncet to DVR (which connected to that RB).

None of these solutions work for me:

-Frameware Upgrade
-RouterOS Update
-Try L2TP Conncection
-Change MTU
-Change MRRU
-Another Winbox Version
-disable all Firewall Rules
-RB Client Reset Configuration(!)
-secure mode Winbox
-IP>Services: port and address

I need your help

Arash · Accepted Answer · 2017-01-25T09:50:45.497

1

It may be mss problem; as in Tunnels this is most common problem. Please make sure your packages are Clamped like this:

Put these rules on top on the mangle table.

 ip firewall mangle add chain=forward action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp out-interface=all-ppp tcp-mss=1441-65535 

 ip firewall mangle add chain=forward action=change-mss new-mss=1390 tcp-flags=syn protocol=tcp in-interface=all-ppp tcp-mss=1391-65535

Here is the same rules for Input and Output (which affects mikrotik itself)

 ip firewall mangle add chain=input action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp out-interface=all-ppp tcp-mss=1441-65535 

 ip firewall mangle add chain=input action=change-mss new-mss=1390 tcp-flags=syn protocol=tcp in-interface=all-ppp tcp-mss=1391-65535

 ip firewall mangle add chain=output action=change-mss new-mss=1440 tcp-flags=syn protocol=tcp out-interface=all-ppp tcp-mss=1441-65535 

 ip firewall mangle add chain=output action=change-mss new-mss=1390 tcp-flags=syn protocol=tcp in-interface=all-ppp tcp-mss=1391-65535

edited Jan 25 '17 at 09:50

answered Jan 24 '17 at 07:11

Arash

274
1
8

This mss issue might be on PPTP server as well, so check the server mss config too. – Arash Jan 24 '17 at 07:56
OMG Thank you so much ! Still I can't connect to the router via winbox or http but Now I can connect to my DVR !!! so do you think is there another value for mss to connect to router? – Omid Estaji Jan 25 '17 at 09:27
just added 2 more rules for the Input chain which should fix it for the mikrotik itself. Please make make it as answered if it works! – Arash Jan 25 '17 at 09:46
I can't make three of them and errors appear "Couldn't add New Mangle Rule - tcp mss clamping not possible in prerouting and input chains.". unfortunately they aren't usefull. any Other idea?! but I'm happy to connect my DVR. – Omid Estaji Jan 26 '17 at 06:13

score 0 · Answer 2 · answered Jan 20 '17 at 16:47

0

Have you checked IP -> Services ; Winbox service may be configured on another port or be set to authorize limited addresses.

If this is the case, here is how you can reset it to default.

ip service set address=0.0.0.0/0 port=8291 [find name ~"winbox"] disabled=no

answered Jan 20 '17 at 16:47

Arash

274
1
8

Thank you but I have checked this before and there is no problem with IP>Services . any other solution? – Omid Estaji Jan 21 '17 at 05:59
There might be a firewall problem/setting in your ISP which deny connections except working ones(ssh, telnet, ping). Have you checked it from another remote connection? (from Internet somewhere else) – Arash Jan 22 '17 at 10:49
Do you Think is it possible to filter packets in a PPTP or L2TP Tunnel? I don't think so. anyway I think it's a firewall problem but Where!? I checked every rules. Thank you so much – Omid Estaji Jan 23 '17 at 09:42

score 0 · Answer 3 · answered Nov 09 '18 at 20:30

0

A bit late joining the party here, but I had a similar problem.

Logged on to WinBox via MAC address, opened a terminal and then typed in:

export file="name-your-file-here"

Open that with text editor and then searched for WinBox.

Turns out the WinBox port had been changed.

answered Nov 09 '18 at 20:30

PhillipOReilly

101
3

I couldn't connect via MAC address because that was a remote router. anyway my problem was MSS size and solve with changing it in ip --> firewall. Thanks for share your idea with me. Regards – Omid Estaji Nov 11 '18 at 05:56
Yep, I realized that. I just stumbled upon this trouble-shooting method that I thought might benefit others who, like myself, are unfamiliar with RouterOS. – PhillipOReilly Nov 12 '18 at 21:20

can't connect to mikrotik via Winbox or Http

3 Answers3