Mikrotik 4011 - Unable to Connect

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Mikrotik 4011 - Unable to Connect

Shindig

1621 posts

Uber Geek
+1 received by user: 362

Trusted

#312338 8-Apr-2024 10:36

Hello there.

I had a 4011 running 7.14.2. This was failing with Wireguard and NAT rules to local services. None of this was working and the firmware felt buggy.

Did a reset on 7.14.2 to see if that would rectify the issue. Spent all Sunday trying to get NAT rules working with the default firewall configuration.

I decided to downgraded to 7.12.1 via NetInstall. That worked, using the Router_OS ARM 7.12.1 NPK file. Flashed OK, rebooted.

Now the 4011 isn’t visible in Neighbours on WINBOX.

I’m unable to connect to the router at all and at a complete loss...

Any ideas please?

The little things make the biggest difference.

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#3215513 8-Apr-2024 11:15

Are you using the default subnet on your PC since the reset? 192.168.88.0/24 IIRC.

Re: Did a reset on 7.14.2 to see if that would rectify the issue. Spent all Sunday trying to get NAT rules working with the default firewall configuration.

From memory the default firewall rules should be fine. I'm certain this was the case for my RB5009. Also FWIW I have 7.14.2 running and it has been fine for me.

Chills

175 posts

Master Geek
+1 received by user: 99

Subscriber

#3215516 8-Apr-2024 11:22

I don't have much experience with MikroTiks, but a good amount with router connections - I assume the subnet you created before re-flashing the MikroTik had been reset to the default - I'd try setting your PC Subnet manually to the default subnet (if the Mikrotiks default gateway is 192.168.88.1, set your PC to 192.168.88.2), then at the least try SSH in (if MikroTik allows this)

Again, please excuse If I am just blatantly incorrect, just a suggestion.

Shindig

1621 posts

Uber Geek
+1 received by user: 362

Trusted

#3215534 8-Apr-2024 12:08

Downgraded to 7.11 via NETInstall, ticked the default configuration

Then plugged everything back in. Ether1 connected to WAN on ONT.

Default IP address came up, as well as the default config.

Happy days! Back in business.

7.14.2 is cursed. NAT rules all working again, nothing changed in terms of the rule.

Thats me really burnt with simply clicking upgrade now. Never again.

The little things make the biggest difference.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#3215545 8-Apr-2024 12:17

Burnt? Does that mean you did this in production or is it a personal device?

You're not on Atlantis anymore, Duncan Idaho.

Shindig

1621 posts

Uber Geek
+1 received by user: 362

Trusted

#3215548 8-Apr-2024 12:20

MadEngineer: Burnt? Does that mean you did this in production or is it a personal device?

Not prod, personal network but heavily relied upon.

The little things make the biggest difference.

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#3215601 8-Apr-2024 12:27

Shindig:

7.14.2 is cursed. NAT rules all working again, nothing changed in terms of the rule.

Its a bit unfair to say its cursed for a data point of 1. As I said; it is fine for me. But I accept 2 data points is not indicative either.

AliExpress

Shop now on AliExpress (affiliate link).

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#3215709 8-Apr-2024 15:45

Shindig:
MadEngineer: Burnt? Does that mean you did this in production or is it a personal device?

Not prod, personal network but heavily relied upon.

It’s to be expected with any update of any hardware. You should always be exporting a backup and be expecting an outage equal to the time it takes to netinstall and reload config or worse, replace hardware.

At least with Mikrotik gear it’s super quick.

If it were production you’d test in your workshop first, have the same gear on hand and either be prepared to swap in a working clone on site or if remote/regardless, be ok with resources on hand to drive to the location.

Mikrotiks forum has plenty of people stung by such updates - even for devices up high on a pole somewhere in the middle of winter with many grumpy customers

You're not on Atlantis anymore, Duncan Idaho.

RunningMan

9186 posts

Uber Geek
+1 received by user: 4840

#3215749 8-Apr-2024 17:08

MadEngineer:

If it were production you’d test in your workshop first, have the same gear on hand and either be prepared to swap in a working clone on site or if remote/regardless, be ok with resources on hand to drive to the location.

Swap in the one you've got for sale to get you back up and running

https://www.geekzone.co.nz/forums.asp?forumId=77&topicId=312319

RunningMan

9186 posts

Uber Geek
+1 received by user: 4840

#3215805 8-Apr-2024 17:36

Also, read the changelog as there's several changes to how wireguard is implemented that may apply to your config.

https://forum.mikrotik.com/viewtopic.php?t=205097

As for 7.14.2, running, stable, no issues.

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#3215985 9-Apr-2024 01:15

+1 to reading the Changelogs.

If it helps you we are running 7.12.1 in production in an ISP environment. But this is not to say there is something wrong with 7.14.x. Its just its not a good idea to be too hasty when there are a bunch of clients involved.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET