Community discussions

MikroTik App

Search found 208 matches

by ilium007
Sun Jan 14, 2024 10:34 am
Forum: Scripting
Topic: IPv6 Version of Resolve?
Replies: 8
Views: 8329

Re: IPv6 Version of Resolve?

This was first raised over 10 years ago. Where can we put it in a feature request list. Ridiculous that it hasn't been implemented. Used this and it works but its a messy kludge: https://administrator.de/en/mikrotik-scripting-resolve-domain-to-ipv6-address-5151910821.html MOD EDIT: credit where cred...
by ilium007
Wed Dec 06, 2023 12:04 pm
Forum: RouterOS beta
Topic: Using WifiWave2 to bridge two Audience wirelessly, thoughts? == 4-address mode
Replies: 56
Views: 23266

Re: Using WifiWave2 to bridge two Audience wirelessly, thoughts? == 4-address mode

Where is meshing at with the Audience running the wifiwave2 package?
by ilium007
Sun Dec 03, 2023 4:22 pm
Forum: Wireless Networking
Topic: Audience on ROS 7.12.1 - Quickset doesn't work anymore
Replies: 3
Views: 1320

Re: Audience on ROS 7.12.1 - Quickset doesn't work anymore

That's what I ended up doing.
by ilium007
Sun Dec 03, 2023 1:41 pm
Forum: Wireless Networking
Topic: Audience on ROS 7.12.1 - Quickset doesn't work anymore
Replies: 3
Views: 1320

Audience on ROS 7.12.1 - Quickset doesn't work anymore

I have an Audience that was running 7.12.1 and the wifiwave2 package. I had top do a reset tonight so I can config this router and send it to family to get an internet connection up and running. I have noticed that quickset no longer configures the router. Instead of the usual set of firewall rules ...
by ilium007
Thu Nov 16, 2023 1:18 pm
Forum: RouterBOARD hardware
Topic: hAP ax3 - 802.11ax 160MHz ??
Replies: 14
Views: 7460

Re: hAP ax3 - 802.11ax 160MHz ??

ahahah well I just wasted 2hrs trying to get 160MHz working given the drop down in the channel config box allows you to select 160MHz.

I'm glad I found this forum thread!

Screenshot 2023-11-16 at 21.18.01.png
by ilium007
Tue Jul 05, 2022 6:52 am
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

So now reset to default and manually entering all config back in. SSH works now. This is insane.
by ilium007
Tue Jul 05, 2022 5:50 am
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

After another few hours I have the cAP ac back on the roof and its working but I can no longer SSH to the device. I could before it was 'recovered'. My RSA keys that were configured previously can no longer be imported to the device, when I attempt to import them I get a message about raising a supp...
by ilium007
Mon Jul 04, 2022 5:01 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

<r>Tried doing reset and set 'run after reset' script. It also fails with this message in log:<br/> <CODE><s>[code]</s>error while running run-after-reset script: failure: cannot change builtin<e>[/code]</e></CODE> <ATTACHMENT filename="Screen Shot 2022-07-04 at 11.58.23 pm.png" index="0"><s>[attach...
by ilium007
Mon Jul 04, 2022 4:33 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

A thread on these forums (from 2006) shows people 'learning the hard way' that there are undocumented issues in the length of the backup script that can be deployed via the netinstall process.
by ilium007
Mon Jul 04, 2022 4:09 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

So this is where I am at... netinstalled, selected configure script from export I took before. It looks like it has re-deployed routerOS and zerotier but when I winbox to the device it is a blank slate. Screen Shot 2022-07-04 at 11.05.01 pm.png Should there have been more output after "~Install...
by ilium007
Mon Jul 04, 2022 3:45 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

I found another post that suggested to place a switch between router and netinstall computer. That worked after the third attempt. All seemed to work up until this point: change state 9 select zerotier 1 selected: Z:\Users\zzz\support\mikrotik\7.3.1\capac\capac.rsc send key: script: Z:\Users\zzz\sup...
by ilium007
Mon Jul 04, 2022 3:31 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

You can set "try ethernet once then nand" in system->routerboard->settings and then do a system->reboot.
Then it will enter the netinstall mode once without having to press the button.
Tried this with fresh netinstall download for 7.3.1 and get the same failed output as above.
by ilium007
Mon Jul 04, 2022 3:29 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

ok thanks, maybe that will help. Currently trying with netinstall running via Wine on OSX (I have done this in the past successfully) using sudo -H -u root "/Applications/Winbox-mac.app/Contents/Resources/wine/bin/wine64" ~/Downloads/netinstall64/netinstall64.exe When I put into netinstall...
by ilium007
Mon Jul 04, 2022 2:31 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

Can I force netinstall from CLI or do I have to go and now pull the cap ac off the roof to reset? All for a DNS setting change.

This is why I now only use Ubiquiti Unifi AP's...
by ilium007
Mon Jul 04, 2022 2:28 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

I'll give it a go now
by ilium007
Mon Jul 04, 2022 2:02 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

Netinstall and import settings again ?
Seems extreme to save a settings worth bytes of data. Never had to save a backup and restore / import settings on any router I have ever owned because of storage space. Just insane.
by ilium007
Mon Jul 04, 2022 1:58 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

I managed to get 104Kb free but still lost settings on reboot. I now have a unit that I can't save settings on. [admin@capac] > /system/resource/print uptime: 2m6s version: 7.3.1 (stable) build-time: Jun/09/2022 08:58:15 factory-software: 6.44 free-memory: 56.4MiB total-memory: 128.0MiB cpu: ARM cpu...
by ilium007
Mon Jul 04, 2022 1:13 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

Re: ROS 7.3.1 All DNS settings reverting on reboot

Sounds like an out of space problem. Thats the problem. How do I see whats taking up 16MB HDD? The only extra package I have installed is zerotier. [admin@capac] > /system/resource/print uptime: 18m5s version: 7.3.1 (stable) build-time: Jun/09/2022 08:58:15 factory-software: 6.44 free-memory: 58.7M...
by ilium007
Mon Jul 04, 2022 1:12 pm
Forum: Announcements
Topic: v7.3 and v7.3.1 [stable] is released!
Replies: 269
Views: 80298

Re: v7.3 and v7.3.1 [stable] is released!

I posted here because I thought it might be a bug. I started a thread here: viewtopic.php?t=187330
by ilium007
Mon Jul 04, 2022 1:07 pm
Forum: General
Topic: ROS 7.3.1 All DNS settings reverting on reboot
Replies: 23
Views: 2146

ROS 7.3.1 All DNS settings reverting on reboot

I have a cAP ac running 7.3.1. I am attempting to set up DoH via Quad9 DNS and after removing all old static DNS entries and setting it all up and testing it reverts all settings on reboot. I found an old thread about DNS settings reverting due to DHCP client but I have no DHCP client configured. [a...
by ilium007
Mon Jul 04, 2022 1:02 pm
Forum: Announcements
Topic: v7.3 and v7.3.1 [stable] is released!
Replies: 269
Views: 80298

Re: v7.3 and v7.3.1 [stable] is released!

RouterOS 7.3.1 CapAC - All DNS settings reverting on each reboot. I am trying to configure DoH and each reboot results in old DNS servers being set and old static DNS entries being re-written after deleting them all prior to reboot.
by ilium007
Mon May 16, 2022 10:31 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

Thanks for the reply. Can you post a CAPsMAN config?
by ilium007
Sat May 14, 2022 5:11 pm
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

Something I don't get...
You had everything working reliably and you moved to capsman. For what purpose ? What extra benefit did you expect to get ?
Learning, that's all. Putting it back to how I had it and moving on.
by ilium007
Sat May 14, 2022 5:10 pm
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

Forget capsman unless you are a business running fields of them.
Understood, rolling it back to how I had it.

Thanks for the advice.
by ilium007
Sat May 14, 2022 11:44 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

I am testing my config on a Mikrotik Chateau LTE 12 (not using LTE), it has two wireless interfaces. Both set to the local CAPsMAN manager on 127.0.0.1 as per the Mikrotik HaP AC YouTube video tutorial. I also have a single HaP Lite I’m using to test CAPsMAN. Eventually I’d need 6 CAP AC’s and an RB...
by ilium007
Sat May 14, 2022 11:08 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

I’ll check when I get home later.
by ilium007
Sat May 14, 2022 10:55 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

How many cap devices you have in place ?
I’m testing with an HaP lite before I commit to CAP AC’s or Ubiquiti APa with pFsense
by ilium007
Sat May 14, 2022 10:51 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

I can’t access those devices. They don’t have an iP allocated to any interface. I thought that was the point of CAPsMAN.
by ilium007
Sat May 14, 2022 10:39 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

Local config on cap devices.
For which you have not provided config...

How many cap devices you have in place ?
They were factory reset and started in CAPsMAN mode by holding down reset when powering on until led went solid
by ilium007
Sat May 14, 2022 10:37 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

Then something is wrong in your local settings.
I dont’t understand what you mean by local settings?
by ilium007
Sat May 14, 2022 10:23 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

There are quite a lot of settings usable when setting up a wifi channel directly which are missing when using capsman. If the number of access points is limited, you don't really need to use capsman. As for settings (personal opinion, others might disagree): - basic rates: move up to 12 or even 18m...
by ilium007
Sat May 14, 2022 10:15 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

Thanks! I'll take a look at those. Any idea why my speeds are halved on the CAPsMAN config? I know its obviously config, just don't know where!
by ilium007
Sat May 14, 2022 10:11 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

Re: CAPsMAN settings for Australian WiFi and help with settings

And this is the other issue I'm trying to sort out. I had a generic WAP (ISP supplied) plugged into the Mikrotik router LAN port during CAPsMAN testing so family still had wifi while I was messing around. With my CAPsMAN config above in place I get 1/2 the download bandwidth that I used to get. Spee...
by ilium007
Sat May 14, 2022 9:48 am
Forum: Wireless Networking
Topic: CAPsMAN settings for Australian WiFi and help with settings
Replies: 23
Views: 2292

CAPsMAN settings for Australian WiFi and help with settings

I have configured my first CAPsMAN setup to test before I purchase some cAP AC's for home. I hade previously invested a lot of time in my non CAPsMAN wireless settings to get working reliably with Apple IOS devices and have found some settings are unavailable in CAPsMAN such as: - Multicast bufferin...
by ilium007
Sat May 14, 2022 6:46 am
Forum: RouterOS beta
Topic: some quick comments on configuring cake
Replies: 285
Views: 102301

Re: some quick comments on configuring cake

cake working fine in simple queue for me routerOS 7.2.3
by ilium007
Tue May 10, 2022 4:15 am
Forum: RouterOS beta
Topic: some quick comments on configuring cake
Replies: 285
Views: 102301

Re: some quick comments on configuring cake

Australian NBN FTTP 50/20 user here. I am using the following on the NBN connection: /queue type add cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-default add cake-ack-filter=filter cake-bandwidth=18.0Mbps cake-diffserv=besteffort cake-nat=yes kind=cake name=cake-up add cake-bandwidth=47...
by ilium007
Thu May 05, 2022 1:27 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

So I persisted with Mikrotik support and only then did the same person who told me yesterday that I needed to hire a consultant tells me that the power LED does not remain on unless the LTE interface is up. As I no longer use this router with a SIM card and LTE this is the reason the power LED is no...
by ilium007
Wed May 04, 2022 1:38 pm
Forum: Useful user articles
Topic: ZeroTier on Mikrotik – a rosetta stone [v7.1.1+]
Replies: 39
Views: 29094

Re: ZeroTier on Mikrotik – a rosetta stone [v7.1.1+]

Upgrading to 7.2.3 did not fix this issue.
by ilium007
Wed May 04, 2022 1:33 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

Logged a support ticket with Mikrotik and get the following response: Hello, By checking your supout rif file, the led are disabled, please recheck the configuration and reset/ reinstall the device. MikroTik support offers assistance if there is a problem or bug with RouterOS or other MikroTik produ...
by ilium007
Wed May 04, 2022 1:32 pm
Forum: General
Topic: ZeroTier 'interfaces'
Replies: 11
Views: 1515

Re: ZeroTier 'interfaces'

Interesting ... what version were you coming from ?
7.2.1
by ilium007
Wed May 04, 2022 1:25 pm
Forum: General
Topic: ZeroTier 'interfaces'
Replies: 11
Views: 1515

Re: ZeroTier 'interfaces'

Upgraded to RouterOS 7.2.3 and I can now get a connection specifying the 'WAN' interface list.
by ilium007
Tue May 03, 2022 3:37 am
Forum: General
Topic: ZeroTier 'interfaces'
Replies: 11
Views: 1515

Re: ZeroTier 'interfaces'

Thanks @Amm0 - what led me to your post was that when I set ‘interface’ to anything but ‘all’ (I had wanted it set to ‘WAN’) ZeroTier on routerOS would hang at REQUESTING_CONFIGURATION. You know it's entirely possible there are bug/limitations. And actually you understand do how it should work :). ...
by ilium007
Tue May 03, 2022 12:23 am
Forum: General
Topic: ZeroTier 'interfaces'
Replies: 11
Views: 1515

Re: ZeroTier 'interfaces'

Thanks @Amm0 - what led me to your post was that when I set ‘interface’ to anything but ‘all’ (I had wanted it set to ‘WAN’) ZeroTier on routerOS would hang at REQUESTING_CONFIGURATION.
by ilium007
Mon May 02, 2022 4:01 pm
Forum: Useful user articles
Topic: ZeroTier on Mikrotik – a rosetta stone [v7.1.1+]
Replies: 39
Views: 29094

Re: ZeroTier on Mikrotik – a rosetta stone [v7.1.1+]

I have a zerotier network with 3 members - Mikrotik router, one iPhone and one MacBook Pro. I am trying to remote access the Mikrotik router. The iPhone uses an LTE internet connection and receives an IPv6 address from the ISP, the MacBook Pro is on hotel wifi and has an IPv4 address. The MacBook ca...
by ilium007
Mon May 02, 2022 3:56 pm
Forum: General
Topic: ZeroTier 'interfaces'
Replies: 11
Views: 1515

Re: ZeroTier 'interfaces'

Best article on the subject.........
viewtopic.php?t=183424
I've re-read this tonight. It doesn't really provide any more info. It says that the interface selection is just for specifying interfaces the zero tier 'may' use.
by ilium007
Mon May 02, 2022 7:26 am
Forum: General
Topic: Zerotier has issues when connecting client has an IPv6 public IP
Replies: 0
Views: 525

Zerotier has issues when connecting client has an IPv6 public IP

Not sure where this problem lies but I have an issue where a zerotier client (iOS iPhone) with a public IPv6 address can connect to HTTP hosts inside the network but SSH, Mikrotik client etc (anything non HTTP) takes forever to connect, in the case of the Mikrotik client app it times out before conn...
by ilium007
Mon May 02, 2022 7:13 am
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

I'm not sure what I'm doing wrong but I can't recreate this on any of my chateau. I have factory reset twice and the power LED remains off. It comes on during boot and turns off soon after. My config: # may/02/2022 14:09:39 by RouterOS 7.2.1 # software id = 8DD5-P647 # # model = RBD53G-5HacD2HnD # ...
by ilium007
Mon May 02, 2022 7:07 am
Forum: General
Topic: ZeroTier 'interfaces'
Replies: 11
Views: 1515

Re: ZeroTier 'interfaces'

I'll go through it again, thanks.
by ilium007
Sun May 01, 2022 2:22 pm
Forum: General
Topic: ZeroTier 'interfaces'
Replies: 11
Views: 1515

ZeroTier 'interfaces'

I'm a bit stuck here. I don't know what 'interfaces' I should be selecting here: Screen Shot 2022-05-01 at 9.18.08 pm.png If I select anything other than 'all' the connection gets stuck on "REQUESTING_CONFIGURATION" Screen Shot 2022-05-01 at 9.20.08 pm.png The Mikrotik documentation page (...
by ilium007
Fri Apr 29, 2022 11:00 am
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

thank you, it was to exclude these possibilities as well
All good. I have raised a support request and attached a support.rif file.
by ilium007
Fri Apr 29, 2022 10:57 am
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

until is resetted and not configured the led is on as wanted?
you have scheduled some script to disalbe led at startup?
After a factory reset (and running 7.2.1) the power LED comes on briefly during boot and then turns off. No scripts, nothing. Factory reset.
by ilium007
Fri Apr 29, 2022 6:41 am
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

I did a factory config reset and manually entered config again and no power LED. Again, it comes on during start and then turns off. Ethernet and WiFi LED's are working.
by ilium007
Fri Apr 29, 2022 2:18 am
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

So I made the change and rebooted, as before I got the power LED on boot but turns off after approx 15s.
[admin@MikroTik] > /system/leds/export
# dec/29/2021 23:33:49 by RouterOS 7.2.1
# software id = 8DD5-P647
#
# model = RBD53G-5HacD2HnD
# serial number = xxx
[admin@MikroTik] >
by ilium007
Fri Apr 29, 2022 1:39 am
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

Your soluction, paste this...
/system leds
set 0 disabled=no
Thanks, I'll check later.
by ilium007
Fri Apr 29, 2022 1:35 am
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

what is the output of:
/system leds export
(do not post the serial number)
  
[admin@MikroTik] > /system/leds/export
# dec/30/2021 00:09:26 by RouterOS 7.2.1
# software id = 8DD5-P647
#
# model = RBD53G-5HacD2HnD
# serial number = xxx
/system leds
set 0 disabled=yes
[admin@MikroTik] >
by ilium007
Thu Apr 28, 2022 11:50 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Re: Chateau LTE12 turned off all LED's now power LED won't stay on

Sorry, I should have mentioned that it’s running 7.2.1
by ilium007
Thu Apr 28, 2022 5:54 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE12 turned off all LED's now power LED won't stay on
Replies: 21
Views: 3150

Chateau LTE12 turned off all LED's now power LED won't stay on

I had set routerOS (7.2.1) to run a script on startup to turn off all LED's. I now want the LED's to be on including the power LED. I have enabled with /system leds settings set all-leds-off=never but only WIFI, Ethernet and LTE LED's illuminate. The power LED does not turn on. If I power cycle rout...
by ilium007
Thu Apr 28, 2022 5:02 pm
Forum: General
Topic: OpenSSH future RSA host key deprecation
Replies: 26
Views: 14177

Re: OpenSSH future RSA host key deprecation

Following.

Ran into same issue with routerOS 7.2.1 today. Solved with .ssh/config addition as per this thread.
by ilium007
Fri Sep 17, 2021 2:09 am
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues 7.1beta6 ESP8266 / ESP32

I gave up on trying to get it working and now just run dnsmasq in a docker container for both dhcp and dns. Works perfectly.
by ilium007
Fri Jul 30, 2021 12:52 am
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues 7.1beta6 ESP8266 / ESP32

I already have wireshark captures and think I know what’s happening. The ESP8266 is not sending an ‘option 12 hostname’ field in the DHCP DISCOVER packet. It only sends the hostname in the DHCP REQUEST packet. It seems some routers will accept the hostname if it’s present in only the REQUEST packet,...
by ilium007
Tue Jul 20, 2021 12:54 pm
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues 7.1beta6 ESP8266 / ESP32

I purchased more Mikrotik hardware to run routerOS 6.48.3 and again, exactly the same issue.
by ilium007
Wed Jul 14, 2021 8:38 am
Forum: General
Topic: RouterOS 6 on Chateau LTE??
Replies: 2
Views: 674

Re: RouterOS 6 on Chateau LTE??

Thanks
by ilium007
Wed Jul 14, 2021 1:59 am
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues 7.1beta6 ESP8266 / ESP32

So… recapping. When I have these ESP devices configured with DHCP and connected to the Mikrotik router they do not register their hostnames in the DHCP table until their first renewal even though they send DHCP option 12 in their DHCP request packet. There is a second issue whereby when configured w...
by ilium007
Wed Jul 14, 2021 1:49 am
Forum: General
Topic: RouterOS 6 on Chateau LTE??
Replies: 2
Views: 674

RouterOS 6 on Chateau LTE??

Can I run RouterOS 6.48.3 on the Chateau LTE in order to test an issue related to DHCP. [admin@router01] > /system/routerboard/print routerboard: yes model: RBD53G-5HacD2HnD serial-number: C8CA0CB0B626 firmware-type: ipq4000L factory-firmware: 7.0beta6 current-firmware: 7.1beta6 upgrade-firmware: 7....
by ilium007
Tue Jul 13, 2021 3:02 pm
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues beta6 ESP8266 / ESP32

Changed device name to remove hyphens in case that was causing issues but same story, host name does not appear in DHCP table.
Screen Shot 2021-07-13 at 10.01.02 pm.png
Screen Shot 2021-07-13 at 10.01.20 pm.png
by ilium007
Tue Jul 13, 2021 2:32 pm
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues beta6 ESP8266 / ESP32

So this ESP8266 is running ESPHome, a home automation firmware that integrates with HomeAssistant. I performed an erase and uploaded Tasmota (a competing home automation firmware) and on the Mikrotik Chateau LTE it again fails to register in the DHCP table with a hostname. Packet trace shows that th...
by ilium007
Mon Jul 12, 2021 12:47 pm
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues beta6 ESP8266 / ESP32

Reinstated the Mikrotik Chateau LTE and set DHCP lease time to 10hr. Straight away I can see that the ESP devices have no host name in the DHCP table (red box): Screen Shot 2021-07-12 at 7.17.55 pm.png I have now waited 50mins and right on queue the device reboots at 25mins intervals: Screen Shot 20...
by ilium007
Mon Jul 12, 2021 11:57 am
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues beta6 ESP8266 / ESP32

Should I put the Mikrotik Chateau LTE back in play, increase lease time to 10hrs and post back with the same 25min reboot schedule that led me to reduce lease time to 5min? I was hoping someone might take a look at the wireless config and see if there is anything in there that may be causing issue.
by ilium007
Mon Jul 12, 2021 11:50 am
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues beta6 ESP8266 / ESP32

I can conclude that the issue is with the Mikrotik / routerOS device rather that the ESP devices. A very strange conclusion. Maybe you would do better to look at the ridiculously short lease-time setting that you have (5 minutes) and compare what it is on the Billion (probably 24h) and then take th...
by ilium007
Sun Jul 11, 2021 4:01 pm
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues beta6 ESP8266 / ESP32

The is the uptime graph from the other day:
Screen Shot 2021-07-11 at 10.59.09 pm.png
The last set on this uptime graph is after changing from the Miktrotik Chateau router to the Billion router:
Screen Shot 2021-07-11 at 10.59.26 pm.png
by ilium007
Sun Jul 11, 2021 3:56 pm
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

Re: DHCP issues beta6 ESP8266 / ESP32

# jul/11/2021 07:36:37 by RouterOS 7.1beta6 # software id = 8DD5-P647 # # model = RBD53G-5HacD2HnD # serial number = C8CA0CB0B626 /interface bridge add admin-mac=48:8F:5A:11:24:D8 auto-mac=no comment=defconf name=bridge \ protocol-mode=none /interface wireless set [ find default-name=wlan1 ] antenn...
by ilium007
Sun Jul 11, 2021 3:47 pm
Forum: RouterOS beta
Topic: DHCP issues 7.1beta6 ESP8266 / ESP32
Replies: 16
Views: 4841

DHCP issues 7.1beta6 ESP8266 / ESP32

I have no idea how to start debugging this one.... I have a network of ESP8266 / ESP32 devices on a Chateau LTE device. I was using this device to test with before buying ceiling mount cAP devices. I have noticed a few issues with the DHCP server that others in the ESPHome / Homeassistant (home auto...
by ilium007
Wed May 26, 2021 2:46 pm
Forum: RouterOS beta
Topic: How do I enable wireguard logging on 7.1beta6
Replies: 3
Views: 7067

Re: How do I enable wireguard logging on 7.1beta6

At the very least I need to know what peer logged on, from what IP address and when for audit purposes. I can do this on EdgeOS (Ubiquiti).
by ilium007
Wed May 26, 2021 1:39 pm
Forum: RouterOS beta
Topic: How do I enable wireguard logging on 7.1beta6
Replies: 3
Views: 7067

How do I enable wireguard logging on 7.1beta6

I can't find a way to enable wireguard logging on 7.1beta6: [admin@router01] > /system/logging/add topics= account bgp certificate dhcp e-mail gps igmp-proxy iscsi ldp mme ospf poe-out radius rip script snmp store tftp upnp watchdog ! async bridge critical dns error gsm info isdn lora mpls ovpn ppp ...
by ilium007
Sun Nov 29, 2020 3:08 pm
Forum: Scripting
Topic: Yet another DHCP to DNS script
Replies: 34
Views: 40753

Re: Yet another DHCP to DNS script

Is this script supposed to work with dhcp static leases? I have a couple of static leases that when acquired don’t add the DNS record.
by ilium007
Sat Nov 28, 2020 3:52 pm
Forum: Scripting
Topic: Updating CA root certs regularly [SOLVED]
Replies: 9
Views: 4318

Re: Updating CA root certs regularly [SOLVED]

I will run this every 6months then. Is there any way to only import the certs that expired or will this import all and overwrite existing certs? { :do { /tool fetch url=https://mkcert.org/generate/ check-certificate=yes dst-path=cacert.pem; /certificate remove [ find where authority expired ]; /cert...
by ilium007
Sat Nov 28, 2020 3:49 pm
Forum: Scripting
Topic: Updating CA root certs regularly [SOLVED]
Replies: 9
Views: 4318

Re: Updating CA root certs regularly [SOLVED]

That makes perfect sense! Thanks.
by ilium007
Sat Nov 28, 2020 3:32 pm
Forum: Scripting
Topic: Updating CA root certs regularly [SOLVED]
Replies: 9
Views: 4318

Re: Updating CA root certs regularly [SOLVED]

Completely unnecessary to update them that often! Once every 3 months should be more than enough, maybe even once per year. So if I run 3 monthly and a cert expires the day after the last script run then potentially I wait 3 months for this remote site to update root certs so the dynamic DNS IP upd...
by ilium007
Sat Nov 28, 2020 3:31 pm
Forum: Scripting
Topic: Updating CA root certs regularly [SOLVED]
Replies: 9
Views: 4318

Re: Updating CA root certs regularly [SOLVED]

No need to remove all certificates... You could just remove the expired ones to clean up. /certificate remove [ find where authority expired ]; Thanks - will the certificate import command then only import the new ones or will it write them all again? /certificate import file-name=cacert.pem passph...
by ilium007
Sat Nov 28, 2020 3:16 pm
Forum: Scripting
Topic: Why are my posts being deleted from this forum?
Replies: 8
Views: 1749

Re: Why are my posts being deleted from this forum?

Looking through the moderator logs, I see that the only removed posts were self removed. Including the post deleted on the 26th of November, and after that, the ones you removed in September. Perhaps there was a misclick, but I don't see a moderator willfully deleting your posts. Ok, thanks for loo...
by ilium007
Sat Nov 28, 2020 1:29 pm
Forum: General
Topic: Router unresponsive after reboot
Replies: 0
Views: 578

Router unresponsive after reboot

I have a cAP AC that I’m trying to get configured. After spending hours yesterday configuring and setting up scripts and WireGuard etc I took a backup and performed a reboot. The router did not come back, no DHCP, no wifi. I set a static address in same subnet and still no ssh or web access. I perfo...
by ilium007
Sat Nov 28, 2020 1:20 pm
Forum: Scripting
Topic: Why are my posts being deleted from this forum?
Replies: 8
Views: 1749

Re: Why are my posts being deleted from this forum?

Good luck with contacting an administrator. Messaging is switched off again. It could be that your posting got reported and they are deleted...manually or "automatic". ps. you posted this in scripting and that is not right place post this. I posted in scripting because that’s the forum th...
by ilium007
Sat Nov 28, 2020 6:51 am
Forum: Scripting
Topic: Why are my posts being deleted from this forum?
Replies: 8
Views: 1749

Why are my posts being deleted from this forum?

I have posted two different threads in the scripting forum this week and both seem to have been deleted. Not sure if I am doing something against rules but no mod has been in contact to advise.
by ilium007
Fri Nov 27, 2020 2:27 pm
Forum: Scripting
Topic: Updating CA root certs regularly [SOLVED]
Replies: 9
Views: 4318

Re: Updating CA root certs regularly [SOLVED]

Completely unnecessary to update them that often! Once every 3 months should be more than enough, maybe even once per year.
ok, thanks
by ilium007
Fri Nov 27, 2020 1:58 pm
Forum: Scripting
Topic: Updating CA root certs regularly [SOLVED]
Replies: 9
Views: 4318

Updating CA root certs regularly [SOLVED]

What is the best way to update CA root certs? I am running the script below every 7 days but I wondered if there is a better way to work out if they actually *need* updating before downloading, deleting and replacing certs every week. Also - can running this every week damage flash RAM (or whatever ...
by ilium007
Tue Nov 24, 2020 6:55 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

I have no idea what you are talking about (too much kangaroo boxing??). Not sure whats so hard to understand. I'll try and make it simpler for you. VLAN 10 - INTERNAL VLAN VLAN 99 - MGT VLAN I have a 5 port Mikrotik Chateau LTE router with 4 SSIDs. - 4 ethernet ports should be on INTERNAL VLAN 10 a...
by ilium007
Mon Nov 23, 2020 8:02 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

If you want to have all devices being controlled by the management VLAN then each device gets its IP from the managment vlan
The MGT VLAN should only be used to access HTTP/S and SSH ports on the devices, each VLAN has an interface on the main router that serves DHCP, DNS etc.
by ilium007
Mon Nov 23, 2020 2:35 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

Your trunk port (the one between the Audience and the cAP ac) should be a trunk port. I’ve taken the cAP out of the picture initially, I was trying to get the VLANs working before trying the trunk port and cAP. I have initially followed this config from the pages mentioned up top of this thread - h...
by ilium007
Sun Nov 22, 2020 1:10 pm
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

So I've spent another night on this and I've got closer after reading through the posts in this thread but I can't get it working as it should I have two VLANs, 10 (INTERNAL_VLAN) and 99 (MGT_VLAN) I can get a DHCP address via VLAN 10 and VLAN 99 (after a very large delay) I have intermittent intern...
by ilium007
Sat Nov 21, 2020 2:49 pm
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

Thanks for the configs. I’ll try and piece it all together.
by ilium007
Sat Nov 21, 2020 11:39 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

Thanks. Do you have similar config for the other Mikrotik router with DHCP server?
by ilium007
Sat Nov 21, 2020 10:21 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

I followed this config without success:

viewtopic.php?t=143620#p706999
by ilium007
Sat Nov 21, 2020 10:17 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Re: Problems getting VLANs between two Mikrotik devices

This topic taught me a lot about VLAN's on MikroTik devices:
viewtopic.php?t=143620
I spent an hour reading this and still got nowhere. I know how VLANs work, I just dont know how to implement in routerOS.
by ilium007
Sat Nov 21, 2020 8:51 am
Forum: General
Topic: Problems getting VLANs between two Mikrotik devices
Replies: 14
Views: 2158

Problems getting VLANs between two Mikrotik devices

I have spent hours today trying to get some virtual wireless networks on a cAP-AC to work with a Mikrotik Chateau LTE. I am following old guides I have found, none of which are working. I don't know if I should have multiple bridges or one bridge. I don't know if VLAN interfaces are assigned to a br...
by ilium007
Wed Nov 18, 2020 1:17 am
Forum: General
Topic: DSTNAT to local web interface [SOLVED]
Replies: 1
Views: 692

DSTNAT to local web interface [SOLVED]

Hi - I am trying to DSTNAT from internet to local RouterOS web interface, I simply want to change to external port for the Web UI but leave the internal port. ie. DSTNAT 80443 to 443 on device. Is there any way of doing this?
by ilium007
Sat Nov 14, 2020 11:09 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

It works 100% with other hardware. It only fails for me on MikroTik RouterOS.
by ilium007
Sat Nov 07, 2020 9:54 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

I thought chateau was only ros v7?
It is, my issues are all on RouterOS7, verified in RouterOS7 Beta 3
by ilium007
Tue Oct 13, 2020 2:22 am
Forum: RouterOS beta
Topic: Apple devices not reconnecting to wifi
Replies: 7
Views: 7316

Re: Apple devices not reconnecting to wifi

I think I have solved my wireless issues with the help of a few other threads in these forums. Key configuration changes were: channel-width wmm-support keepalive-frames multicast-buffering multicast-helper group-key-update and increasing DHCP lease time from 10mins to 10hrs [admin@router01] > /inte...
by ilium007
Mon Oct 12, 2020 10:31 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

we have possible fix for this issue, that will be included in upcoming version.
I tested the bug on beta3 and it’s still there
by ilium007
Fri Oct 09, 2020 1:37 pm
Forum: General
Topic: Wireless and DHCP problems
Replies: 8
Views: 1368

Re: Wireless and DHCP problems

I'm having these issues on routerOS7 with all Apple devices. Try to enable WMM support in the wireless section https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless Thanks for that,but in CAPsMAN WMM Support is absent Just do it from CLI, change wlan1 for the appropriate interface: /interface/wi...
by ilium007
Fri Oct 09, 2020 1:53 am
Forum: General
Topic: Wireless and DHCP problems
Replies: 8
Views: 1368

Re: Wireless and DHCP problems

Is this a known fix or a stab in the dark?
by ilium007
Thu Oct 08, 2020 3:10 pm
Forum: General
Topic: Wireless and DHCP problems
Replies: 8
Views: 1368

Re: Wireless and DHCP problems

I'm having these issues on routerOS7 with all Apple devices.
by ilium007
Wed Oct 07, 2020 5:46 am
Forum: RouterOS beta
Topic: Apple devices not reconnecting to wifi
Replies: 7
Views: 7316

Re: Apple devices not reconnecting to wifi

I have turned on DHCP logging to try and catch something the next time it happens.
by ilium007
Mon Oct 05, 2020 1:24 pm
Forum: RouterOS beta
Topic: Apple devices not reconnecting to wifi
Replies: 7
Views: 7316

Re: Apple devices not reconnecting to wifi

There's something else going on here. I am getting the problem whereby I can't reconnect my Apple MacBook Pro. It seems like the wireless is connecting but I'm not getting an IP address. Could there be an issue with the DHCP side of things? I hadn't experienced the problem in weeks but all of a sudd...
by ilium007
Sun Sep 27, 2020 1:31 am
Forum: RouterOS beta
Topic: Recovery from backup fails
Replies: 4
Views: 1768

Re: Recovery from backup fails

As I said, I perform a backup daily via script and email to myself from the router. The backups I attempted to restore were from the pas few days as I know I had made recent changes. These keep failing to restore. I went back to the backup from the 16/09 and was able to restore that unencrypted back...
by ilium007
Sat Sep 26, 2020 3:07 pm
Forum: RouterOS beta
Topic: Recovery from backup fails
Replies: 4
Views: 1768

Re: Recovery from backup fails

So I'm having a heap of problems here. Power outage last night, router was unresponsive when I came home. Because I do daily backups, emailed to myself, I thought I would grab one and load back to the router. The backups that I am doing now are unencrypted due to the bug I have previously reported i...
by ilium007
Thu Sep 24, 2020 4:26 pm
Forum: RouterOS beta
Topic: Apple devices not reconnecting to wifi
Replies: 7
Views: 7316

Apple devices not reconnecting to wifi

I have a strange issue where Apple devices are sometimes not reconnecting to the Mikrotik Chateau LTE 12 wireless networks after previously being connected. Not sure where to start, I have read of issues plaguing routerOS for years regarding Apple devices and wireless but cant find solutions. I have...
by ilium007
Thu Sep 17, 2020 3:33 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

I agree, but it pretty clear from all the testing that I have done that there is an issue. The dstnat works fine from another cheap router via its LTE interface, dstnat on ethernet on Device A works fin, the WireGuard instance on Device B works fine. The problem is dstnat when using the LTE WAN inte...
by ilium007
Thu Sep 17, 2020 1:59 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Yes, on device B and on your client. I think the mtu should match on both sides. No idea what happens if it does not. Tried lowering on both with no success. I have checked MTU on the lte1 interface and it is set at 1500. There is no packet fragmentation when doing ping tests to an internet host at...
by ilium007
Thu Sep 17, 2020 1:43 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

I'm out of ideas. - TP-Link with LTE works => LTE is ok - Chateau with ethernet works => Chateau is ok - Chateau with LTE does not work => ???, but why, when both should be ok? It would be interesting if someone else could test it with their Chateau and LTE, but so far there isn't anyone else. I as...
by ilium007
Thu Sep 17, 2020 1:39 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Does it make a difference if you lower the mtu size on wireguard interfaces?
On Device B?
by ilium007
Wed Sep 16, 2020 12:23 pm
Forum: RouterOS beta
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 1337

Re: Scripted firewall rule ordering fails

You should agree that this is much better than using a line number when it is done in a script.

I suppose it is. Thanks.
by ilium007
Wed Sep 16, 2020 11:53 am
Forum: RouterOS beta
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 1337

Re: Scripted firewall rule ordering fails

It is not possible to use ordering sequence numbers in a script!

Wow ok! So I guess I'm confused by the point of "place-before" if rules can't be referenced by an array index number.
by ilium007
Wed Sep 16, 2020 11:01 am
Forum: RouterOS beta
Topic: Recovery from backup fails
Replies: 4
Views: 1768

Re: Recovery from backup fails

As I had my scripted rebuild working I decided to try the backup and restore again on an un-encrypted backup and can confirm that it successfully restores. The process below worked: [admin@router01] > /system/backup/save password=xxxx dont-encrypt=yes name=backup01 [admin@router01] > /system/reset-c...
by ilium007
Wed Sep 16, 2020 10:14 am
Forum: RouterOS beta
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 1337

Scripted firewall rule ordering fails

[admin@router01] > /system/routerboard/print routerboard: yes model: RBD53G-5HacD2HnD serial-number: C8CA0CB0B626 firmware-type: ipq4000L factory-firmware: 7.0beta6 current-firmware: 7.0beta6 upgrade-firmware: 7.1beta2 [admin@router01] > Due to the backup recovery issue I'm facing I decided to put ...
by ilium007
Wed Sep 16, 2020 8:46 am
Forum: RouterOS beta
Topic: Recovery from backup fails
Replies: 4
Views: 1768

Recovery from backup fails

[admin@MikroTik] > /system/routerboard/print routerboard: yes model: RBD53G-5HacD2HnD serial-number: C8CA0CB0B626 firmware-type: ipq4000L factory-firmware: 7.0beta6 current-firmware: 7.0beta6 upgrade-firmware: 7.1beta2 I had generated a routerOS backup using: /system backup save name=router01 passw...
by ilium007
Wed Sep 16, 2020 5:52 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Ok, so putting the TPLink LTE router (Device 0) in front of Device A and placing a port forward (UDP 13232) on Device 0 to Device A, and then Device A with a port forward to Device B WORKED . So its not the dstnat that the problem it is something in the LTE side of things. Device 0 - TPlink LTE rout...
by ilium007
Mon Sep 14, 2020 2:39 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Exactly.
So how do I troubleshoot my failed installation then? It works if I put a cheap router in front and port forward, it fails when I put a $365 Mikrotik Chateau LTE12 in front and dstnat the WireGuard traffic.
by ilium007
Mon Sep 14, 2020 12:34 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

The 'broken port forwarding' theory. So no change for device B, but I also used 7.1beta2 on device A.

Sorry, but I'm a little confused. Are you saying that you have put a 7.1beta2 WireGuard instance (Device B) behind a 7.1beta2 router (Device A) and its all working?
by ilium007
Sun Sep 13, 2020 10:07 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

I didn't expect that it would change anything, but I tested device A with 7.1beta2 and no problem at all, everything works.
What exactly did you test??
by ilium007
Sun Sep 13, 2020 12:39 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

DNS query from Internet to Device B via Device A DSTNAT worked.


Packet capture:
http://ge.tt/4O1Xh773

IMG_3207.jpg
by ilium007
Sun Sep 13, 2020 2:00 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Not that it would be completely impossible, but dstnat is simple thing, it's there for years, everyone uses it, ... it's not likely that it would get broken and not noticed by many other people. On the other hand, it is beta version, so maybe the chance is slightly higher. You can test another serv...
by ilium007
Sat Sep 12, 2020 4:40 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

That was easy. :-)

Sometimes it’s the little things 🤷‍♂️
by ilium007
Sat Sep 12, 2020 4:28 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

Enabling starttls has resolved the problem, email is now sending. [admin@chateau] /tool/e-mail> print address: smtp.gmail.com port: 587 tls: starttls from: xxxxxxx@gmail.com user: xxxxxxx@gmail.com password: xxxxxxx last-status: succeeded last-address: 74.125.24.108 [admin@chateau] /tool/e-mail>
by ilium007
Sat Sep 12, 2020 4:23 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

I have a feeling this is due to 2fa or an incomplete user name. In the user name field it should be your email address. I had been using email address for user name with no success. The generated app password with 2FA is the documented method of authentication. The error in getting is a TLS handsha...
by ilium007
Sat Sep 12, 2020 3:52 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

ehmmmm I did not see that earlier. You are a gmail user (port 587, normal 25) so you should use inbound

The only secure documented method of sending mail via Googles SMTP servers for non-GSuite users is via smtp.gmail.con:587 with TLS
by ilium007
Sat Sep 12, 2020 3:49 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

Else go the SMTP/25 way.
Plain text / no encryption?
by ilium007
Sat Sep 12, 2020 3:39 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

CRL seems only be possible for certificates you generate on your Router.

Looks like thats the end of sending emails via Google SMTP relays? It really shouldn't be this difficult!
by ilium007
Sat Sep 12, 2020 3:26 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

I think that you also need this file:

http://crl.globalsign.net/root-r2.crl

That CRL was already in the CRL list but shows up as invalid. I tried re-importing from the URL but it was invalid as well.

Screen Shot 2020-09-12 at 10.25.31 pm.png
by ilium007
Sat Sep 12, 2020 2:52 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

All of the Google Trust Services root CA's were already in the list of 138 certs that are already present on the device.
by ilium007
Sat Sep 12, 2020 2:34 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

Delivering a e-mail to them is a PITA and the best chance is using the relay. In the middle of the linked page is a PEM file and have a look at that. I can't test anything being on my tablet. I thought the relay was for G-Suite users only (I use it for SMTP access for printers / scanners at work).
by ilium007
Sat Sep 12, 2020 1:39 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

Have you tried: smtp-relay.gmail.com Same issue: 20:38:51 e-mail,error Error sending e-mail <email test>: TLS handshake failed Where should I be downloading CA root certs from? I have put the config back, this is the command line I am executing to test: [admin@chateau] /tool/e-mail> print address: ...
by ilium007
Sat Sep 12, 2020 1:22 pm
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

There are no certificates present by default in Mikrotik routers so you have to install them to use TLS. https://support.google.com/a/answer/6180220?hl=en I had already imported CA root certs from here: https://mkcert.org/generate/ [admin@chateau] /certificate> print Flags: L - CRL; T - TRUSTED Col...
by ilium007
Sat Sep 12, 2020 11:20 am
Forum: RouterOS beta
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 9768

TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

I can't send email via smtp.gmail.com. 18:15:18 e-mail,error Error sending e-mail <email Test Email>: TLS handshake failed Config: [admin@MikroTik] > /tool/e-mail/print address: smtp.gmail.com port: 587 tls: yes from: xxxxxxx@gmail.com user: xxxxxxx@gmail.com password: xxxxxxx last-status: failed la...
by ilium007
Sat Sep 12, 2020 3:21 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

So this happened..... I set up a dirt cheap TP-Link LTE 4G router with the same SIM card and gave it the same LAN IP address and set up a port forward to the Mikrotik Device B. I connected from the same iOS WireGuard client and it successfully connected and performed handshake. The issue has to be w...
by ilium007
Sat Sep 12, 2020 2:13 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

I'm running out of ideas. Last one for now, although there's no reason why it should be the problem, did you try to connect only to device B and no other server at the same time?
The last two sets of packet captures where whilst connecting to Device B only. One WireGuard connection only.
by ilium007
Fri Sep 11, 2020 6:44 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Captures from the DSTNAT connection attempt to a Raspberry Pi WireGuard server running behind the Mikrotik Device A.

http://ge.tt/2jsaQ573

Client WAN IP: 49.195.16.14
Client LAN IP: 192.168.8.101

Device A WAN IP: 123.209.194.128
Device B LAN IP: 192.168.10.20
by ilium007
Fri Sep 11, 2020 6:22 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

The obvious problem is that it contains only initial requests, there's not a single response. It was the same in previous combined capture as well. All non-TZSP packets are from client to server. But if you look at TZSP packets, you can see that device B is sending responses. So one more thing you ...
by ilium007
Fri Sep 11, 2020 1:32 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

I realised that I could have just produced a .pcap file on Device B itself using the packet sniffer tool. To avoid confusion I have produced two seperate packet captures, one from my laptop in the hotel, the other from Device B. Laptop: SRC IP: 172.20.1.195 Hotel WAN IP: 124.19.6.93 https://transfer...
by ilium007
Fri Sep 11, 2020 1:02 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working behind internet facing router with DSTNAT v7.1beta2

And how exactly did you capture this? It looks like strange mix. Some packets are wrapped in TZSP, from 192.168.10.5 to 192.168.200.11 (what's that?), while others look like direct capture from interface. But if it's captured using packet sniffer on 192.168.10.5, as TZSP suggests, then it shouldn't...
by ilium007
Thu Sep 10, 2020 11:47 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

After a lot of messing around I have captured the USP packet stream for both the client and Device B. https://transfer.sh/Poqim/client_connect.pcapng 172.20.1.195 - hotel room IP address 124.19.6.93 - hotel WAN IP address 123.209.117.65 - Device A WAN IP address (LTE modem interface where DSTNAT to ...
by ilium007
Thu Sep 10, 2020 9:39 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

But there's one thing I noticed now, you have 192.168.201.0/24 as address on wireguard1 interface. But it's not correct address, with .0 at the end it's subnet address. Change it to something else, e.g. .1. That was a configuration typo during testing! I have fixed now and it behaves the same. I am...
by ilium007
Thu Sep 10, 2020 3:58 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

Is there are firewall rule that does source NAT just after destination NAT for the incoming packet? Possibly that confuses wireguard... What interfaces are in interface list "WAN"? SRCNAT / masquerade rule is above the DSTNAT rule for Device B WireGuard instance: /ip firewall nat add acti...
by ilium007
Wed Sep 09, 2020 10:36 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

Have you tried to access Wireguard on device A via port 8080 and set up DSTNAT to device B to the Wireguard port. Some ISPs block various ports. If port 8080 (TCP) works, it should also work on WG. As expected it behaves exactly the same. Packets were always getting through the DSTNAT to the WireGu...
by ilium007
Wed Sep 09, 2020 1:48 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

I've done some more testing and can't make sense of this. I can successfully DSTNAT TCP 8080 traffic from the internet to Device B on TCP port 80 (just a test to the Device B webfig app) - DSTNAT works from Device A to Device B: http://mikrotik2020.duckdns.org [admin@MikroTik] /ip/firewall> nat/ pr ...
by ilium007
Wed Sep 09, 2020 11:06 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

I tried quick test with RouterOS as WG server behind NAT with forwarded port, same as OP has, and it works fine. Exactly as expected, since WG shouldn't care about NAT at all.
What routerOS version is running on the Mikrotik router doing your port forward?
by ilium007
Wed Sep 09, 2020 12:23 am
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

Ah, I misread and misunderstood some details. So both peers are behind NAT, one is supposed to be reachable via destination NAT. Never tried that with wireguard, no idea if this should work. Device A has a public IP address (no CGNAT) via its LTE modem. I port forward (DSTNAT) UDP 31232 to Device B...
by ilium007
Tue Sep 08, 2020 11:08 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

There’s no “LTE stick”. Internet facing router is a Mikrotik Chateau LTE12. As I said, other port forwards work through to the cAP ac so I know DSTNAT from Device A and all routing is working. I know WireGuard works on Device B because I can connect to it locally and handshake is successful. I also ...
by ilium007
Tue Sep 08, 2020 4:36 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Re: Wireguard not working when behind internet facing router with DSTNAT

Why do you configure wireguard on device B, not device A? Because as I said, I am setting this device up to send to my parents to use as a wireless access point but also to give me a WireGuard VPN for remote access. They have an ISP issued VoIP router that can't be swapped out so I need to place th...
by ilium007
Tue Sep 08, 2020 4:16 pm
Forum: RouterOS beta
Topic: Wireguard not working behind internet facing router with DSTNAT v7.1beta2
Replies: 57
Views: 18631

Wireguard not working behind internet facing router with DSTNAT v7.1beta2

Problem described in detail here: https://www.reddit.com/r/mikrotik/comments/inkuqp/trying_to_port_forward_wireguard_connection_to/ I have two MIkrotik devices. I am testing Wireguard on the internal (behind internet router) Mikrotik device before I send it off to my parents to use behind their ISP ...
by ilium007
Wed Sep 02, 2020 2:26 pm
Forum: Scripting
Topic: DuckDNS Update Script (free DynDNS alternative)
Replies: 20
Views: 29831

Re: DuckDNS Update Script (free DynDNS alternative)

:local resolvedIP [:resolve "{{ domain }}.duckdns.org"]; :local currentIP [/ip address get [find interface="{{ interface }}"] address]; :local currentIP [:pick $currentIP 0 [:find $currentIP "/"]]; :if ($resolvedIP != $currentIP) do={ :log info ("Trying to update ...
by ilium007
Wed Sep 02, 2020 10:41 am
Forum: RouterOS beta
Topic: WireGuard on DHCP WAN [SOLVED]
Replies: 2
Views: 2217

WireGuard on DHCP WAN [SOLVED]

Getting my Chateau LTE 12 tonight and doing some research. I believe WireGuard is available in the routerOS 7 beta but I can’t find a lot of info on it. I remember a few years back when using routerOS with OpenVPN I couldn’t run the OpenVPN server on a WAN interface that had a dynamic public IP. The...
by ilium007
Thu Aug 27, 2020 11:54 am
Forum: RouterBOARD hardware
Topic: SXT Modem
Replies: 6
Views: 1333

Re: SXT Modem

Can anyone please confirm the MikroTik SXT LTE Cat 6 only has 10/100 Mbit Ethernet interfaces? If so I am confused.... why bundle an LTE 6 modem capable of 300Mbit download speed if the Ethernet interface can only handle 100Mbit?
by ilium007
Wed Aug 26, 2020 1:40 pm
Forum: RouterBOARD hardware
Topic: SXT Modem
Replies: 6
Views: 1333

Re: SXT Modem

Thanks - I'll look in to it some more. Need to find an Australian reseller for the SXTR.
by ilium007
Tue Aug 25, 2020 4:44 pm
Forum: RouterBOARD hardware
Topic: SXT Modem
Replies: 6
Views: 1333

SXT Modem

Can the internal modem in the SXT LTE 6 be replaced. I would like to run a EP06-E.
by ilium007
Sat Jun 17, 2017 5:32 am
Forum: RouterBOARD hardware
Topic: MC7710 exact procedure to get it working with Routerboard
Replies: 6
Views: 3770

Re: MC7710 exact procedure to get it working with Routerboard

Thanks for the reply. I'm interested to know how the ppp serial interface affects upload speeds. The application I am looking at is remote video surveillance access so the 4G upload speed is of interest to me.
by ilium007
Fri Jun 16, 2017 7:18 am
Forum: RouterBOARD hardware
Topic: MC7710 exact procedure to get it working with Routerboard
Replies: 6
Views: 3770

Re: MC7710 exact procedure to get it working with Routerboard

Sorry to drag this post up but I am looking at a RB912UAG-2HPnD and I am being told that the Sierra MC7304 is unsuitable because it only does ppp and that it needs DirectIP to work with LTE speeds. From what I am reading below the MC7710 can work with DIP ? Can I expect LTE speeds with an MC7710 and...
by ilium007
Thu Nov 29, 2012 2:29 pm
Forum: Beginner Basics
Topic: MikroTik to MikroTik VPN - OpenVPN or IPSec
Replies: 15
Views: 29328

Re: MikroTik to MikroTik VPN - OpenVPN or IPSec

Almost two years on... glad I didnt wait before going back to dd-wrt where simple things work..
by ilium007
Tue Sep 06, 2011 12:32 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

Because you showed me a single command to set up a default route. When I change the PPP to include the 'Local Address' that you pointed out earlier the RouterOS does not auto create the routes - we have established this. So you said to run a single command that I assume only creates a single default...
by ilium007
Tue Sep 06, 2011 11:27 am
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

The IP address here is auto configured via PPP - it is not the static one they assigned me.
by ilium007
Tue Sep 06, 2011 11:17 am
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

These are the two route entries that are auto created: http://f.cl.ly/items/3C2G3J1v013m241m3O0I/admin@192.168.10.1%20(RB750G)%20-%20WinBox%20v5.5%20on%20RB750G%20(mipsbe)-1.jpg http://cl.ly/0J203k1y2b0j391U1l1w/Screen_Shot_2011-09-06_at_6.18.59_PM.png http://cl.ly/3W3J3c0T320I0e2a1U1b/Screen_Shot_2...
by ilium007
Tue Sep 06, 2011 10:25 am
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

OK - i'll give it a go. There seemed to be two auto created entries when it is set to do it itself.
by ilium007
Tue Sep 06, 2011 3:07 am
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

I havent worked out how to do that yet..
by ilium007
Mon Sep 05, 2011 4:54 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

No - it's not working !

When I add the ppp profile and then add the local IP ( my static ip ) I can not get Internet access because there is no default route being added. However, in this configuration I can connect in to this static ip via ssh.
by ilium007
Mon Sep 05, 2011 3:14 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

Hi - I created the new profile with the static IP as 'Local Address' and it worked fine for incoming SSH traffic (tested via phone) but I can't get any traffic out of the network with it enabled this way. I have worked out that no default route is being added when I use the profile set up with the l...
by ilium007
Mon Sep 05, 2011 2:58 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

OK - will do that. I thought that I had configured this static IP address somewhere last time I was with this ISP. Maybe not ! Out of interest - I have had cheaper Linksys routers that also do pppoe but also allow me to specify a static IP address. How does this work if it is PPP that is handing out...
by ilium007
Mon Sep 05, 2011 2:39 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

Not sure how to explain this any better ! That address (220.244.77.236/32) is being given via DHCP. The ISP has sent a welcome email stating a different static address that I should be using. Each time I configure this (different) static IP address again pppoe-out1 the RB750G changes this static add...
by ilium007
Mon Sep 05, 2011 1:17 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

I am pretty sure I need to run pppoe (TPG ADSL in Australia) - they have supplied me a pppoe username and password and static IP.
by ilium007
Mon Sep 05, 2011 1:11 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Re: Can't stop DHCP on pppoe interface

Cool - but I am a little confused. How do I now implement my static IP address that my ISP has given me to use ?
by ilium007
Mon Sep 05, 2011 12:32 pm
Forum: General
Topic: Can't stop DHCP on pppoe interface
Replies: 22
Views: 3700

Can't stop DHCP on pppoe interface

Hi - something strange is happening here ! I have moved house and went from a static IP on my ADSL connection to a new service also with a static IP. The funny thing is that I can't seem to get the static IP that the ISP gave me to work - whenever I configure it under 'IP/Addresses' in the GUI again...
by ilium007
Tue Apr 12, 2011 12:06 am
Forum: Wireless Networking
Topic: Advice for a small link
Replies: 21
Views: 4026

Re: Advice for a small link

So really all I need is a point to point link over about 200m to avoid digging a massive trench and laying copper. At either end I will have a normal Layer 2 switched network (in re-reading my first post I probably should have been clearer here. The 2-3 cameras will be wired and connect to a PoE swi...
by ilium007
Mon Apr 11, 2011 5:25 pm
Forum: Wireless Networking
Topic: Advice for a small link
Replies: 21
Views: 4026

Re: Advice for a small link

So there is no one who can advise me on the merits of the SXT devices as opposed to two 411's /711's with antennas ? This was my first real project using Mikrotik after having used a RB750G here at home. I am also looking into Ubuiquiti gear now given the lack of response here. I am a bit worried as...
by ilium007
Sun Apr 10, 2011 2:27 pm
Forum: Wireless Networking
Topic: Advice for a small link
Replies: 21
Views: 4026

Advice for a small link

Hi guys - I am going to get to set up my first Mikrotik wifi link for a friend. Basically we need to set up a number of IP cameras for a small property security project. 2 - 3 of the cameras will be situated away from the main farm house and I will need to get a wifi link to haul the traffic back. T...
by ilium007
Sun Feb 27, 2011 4:58 am
Forum: Beginner Basics
Topic: Can not get NTP or SNTP clients to work
Replies: 10
Views: 3578

Re: Can not get NTP or SNTP clients to work

OK, so going through the logs I found the error was because the NTP server was trying to send SYN packets to the external (public IP) interface of the router but these SYN packets were being dropped. I added the following rule: http://dl.dropbox.com/u/973862/Screen%20shot%202011-02-27%20at%2012.55.3...
by ilium007
Sat Feb 26, 2011 3:24 pm
Forum: Beginner Basics
Topic: Can not get NTP or SNTP clients to work
Replies: 10
Views: 3578

Can not get NTP or SNTP clients to work

Hi - I have followed the wiki article: http://wiki.mikrotik.com/wiki/Manual:System/Time and I have also installed the standalone NTP package. System is running routerOS 4.16. I have verified the NTP servers I an trying to query by running from my OSX machine inside the network: MacBookPro:~ user$ /u...
by ilium007
Fri Feb 25, 2011 3:37 am
Forum: Beginner Basics
Topic: Help - route to ADSL modem in bridge mode
Replies: 5
Views: 1963

** RESOLVED **

I hope this helps anyone else trying to do this ! So I set up a log and noticed the traffic was not being NAT'd: http://dl.dropbox.com/u/973862/Screen%20shot%202011-02-25%20at%2011.32.54%20AM.png The source IP was still 192.168.10.10 So I set up a simple NAT rule in the ether-1 interface to NAT outg...
by ilium007
Fri Feb 25, 2011 3:01 am
Forum: Beginner Basics
Topic: Help - route to ADSL modem in bridge mode
Replies: 5
Views: 1963

Re: Help - route to ADSL modem in bridge mode

I have also just done another test; I got a laptop and assigned the ethernet interface 1.1.1.2/24 with no default gateway etc. unplugged the ADSL modem from the RB750G and plugged the laptop direct to the ADSL modem. I could then use a web browser on the laptop to get to 1.1.1.1 Now when I plug it a...
by ilium007
Fri Feb 25, 2011 1:35 am
Forum: Beginner Basics
Topic: Help - route to ADSL modem in bridge mode
Replies: 5
Views: 1963

Re: Help - route to ADSL modem in bridge mode

OK - no. I am not that much of a noob !! Maybe I should draw the diagram better: ADSL Modem [1.1.1.1/24] --> [1.1.1.2/24] ** RB750G ** [192.168.10.1/24 ]-->Internal Network 192.168.10.0/24 So I have 1.1.1.2/24 assigned to ether1-gateway on the RB750G and 1.1.1.1/24 assigned to the ethernet port on t...
by ilium007
Thu Feb 24, 2011 3:35 pm
Forum: Beginner Basics
Topic: Help - route to ADSL modem in bridge mode
Replies: 5
Views: 1963

Help - route to ADSL modem in bridge mode

Hi - not sure why this won't work. I have a RB750G as a pppoe client behind an ADSL modem in layer 2 bridge mode. Even in this mode I can still assign an ip to the Ethernet interface to view ADSL stats. Internet-----[ADSL MODEM 1.1.1.1/24]----------(RB750G Gateway pppoe 192.168.10.0/24) I have a rou...
by ilium007
Thu Feb 24, 2011 3:11 pm
Forum: RouterBOARD hardware
Topic: Asus RT-N16
Replies: 5
Views: 6476

Re: Asus RT-N16

And besides...the RT-N16 is rubbish compared to the Mikrotik gear.
by ilium007
Thu Feb 03, 2011 12:59 pm
Forum: RouterBOARD hardware
Topic: How many aerials do I buy ???
Replies: 7
Views: 1657

Re: How many aerials do I buy ???

will that work given one of my networks must be 802.11n and the other 802.11g ?
by ilium007
Thu Feb 03, 2011 12:47 pm
Forum: RouterBOARD hardware
Topic: How many aerials do I buy ???
Replies: 7
Views: 1657

Re: How many aerials do I buy ???

Does anyone know if there is a more suitable enclosure to allow hanging off 6 aerials !
by ilium007
Wed Feb 02, 2011 1:19 pm
Forum: Beginner Basics
Topic: RB750G wi-fi router build help
Replies: 10
Views: 3149

Re: RB750G wi-fi router build help

I don't have the hardware as yet. As soon as I have it I can send you my configs. Happy to do so.
by ilium007
Wed Feb 02, 2011 9:47 am
Forum: RouterBOARD hardware
Topic: How many aerials do I buy ???
Replies: 7
Views: 1657

Re: How many aerials do I buy ???

@ jtroybailey I just noticed you are in Brisbane as well !! I am at Gordon Park.
by ilium007
Wed Feb 02, 2011 9:46 am
Forum: RouterBOARD hardware
Topic: How many aerials do I buy ???
Replies: 7
Views: 1657

Re: How many aerials do I buy ???

hmmm - its going to look like Routenstein with 6 aerials hanging off of it !
by ilium007
Wed Feb 02, 2011 8:49 am
Forum: RouterBOARD hardware
Topic: How many aerials do I buy ???
Replies: 7
Views: 1657

How many aerials do I buy ???

Hi - I have already posted about my intention to run an RB493G with 3 x R52Hn wifi cards at home in order to build 3 networks. One 802.11n (trusted), one 802.11g (trusted) and one 802.11g (untrusted) for friends etc to access but should not be able to get to my internal network etc etc. Anyway, I wa...
by ilium007
Tue Jan 18, 2011 2:24 pm
Forum: Beginner Basics
Topic: RB750G wi-fi router build help
Replies: 10
Views: 3149

Re: RB750G wi-fi router build help

Ok - this is what I have: [admin@MikroTik] > /ip firewall export # jan/18/2011 12:19:54 by RouterOS 4.11 # software id = M26S-4LTJ # /ip firewall connection tracking set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ tcp-close-wait-timeout=10s tcp-established-timeout=1d \ t...
by ilium007
Tue Jan 18, 2011 2:02 am
Forum: Beginner Basics
Topic: RB750G wi-fi router build help
Replies: 10
Views: 3149

Re: RB750G wi-fi router build help

Or IP addressing But this is my dilema - if I were to use just IP addressing, a savvy operator could manually change their IP address to one on my other network (ie. change his 192.168.11.0/24 address to a 192.168.10.0/24 address) and then bypass the firewall rules. I work for a financial instituti...
by ilium007
Tue Jan 18, 2011 12:17 am
Forum: Beginner Basics
Topic: RB750G wi-fi router build help
Replies: 10
Views: 3149

Re: RB750G wi-fi router build help

Ahh ok - that makes sense. So set up firewall rules based on source interface?
by ilium007
Mon Jan 17, 2011 11:32 pm
Forum: Beginner Basics
Topic: RB750G wi-fi router build help
Replies: 10
Views: 3149

Re: RB750G wi-fi router build help

I don't want to rely on Layer 3 to separate the networks. If someone were to change their IP address to one on the LAN network then they would gain full access. I would rather separate the networks at Layer2 which is why I thought you use VLANs on the same physical switch. Also - was my post not det...
by ilium007
Mon Jan 17, 2011 9:10 am
Forum: Beginner Basics
Topic: RB750G wi-fi router build help
Replies: 10
Views: 3149

RB750G wi-fi router build help

Hi guys - I am looking to build an elaborate 493G setup at home. I am starting off with a RB750G however just to get a feel for the platform and capabilities etc. Once I am happy with this as opposed to the pfSense install I have been running I will purchase the 493G with 3 x R52Hn wifi cards. I wan...
by ilium007
Fri Oct 22, 2010 4:55 pm
Forum: Beginner Basics
Topic: GUI config
Replies: 11
Views: 3458

Re: GUI config

That will be awesome !!
by ilium007
Wed Oct 20, 2010 5:14 pm
Forum: Beginner Basics
Topic: GUI config
Replies: 11
Views: 3458

Re: GUI config

Thanks for taking the time to reply. Can you point me to any doco with a full guide to setting up the dynamic ip VPN ?

Cheers
by ilium007
Tue Oct 19, 2010 3:45 pm
Forum: Beginner Basics
Topic: MikroTik to MikroTik VPN - OpenVPN or IPSec
Replies: 15
Views: 29328

Re: MikroTik to MikroTik VPN - OpenVPN or IPSec

Does anyone know if road warrior IPSec VPM support has gotten better in the latest RouterOS releases. The lad time I looked at this was early this year and have continued using low end WRT54GL routers instead.
by ilium007
Tue Oct 19, 2010 2:55 pm
Forum: The Dude
Topic: Dude alternatives
Replies: 14
Views: 14071

Re: Dude alternatives

We are looking at Nagios and also Zenoss
by ilium007
Tue Oct 19, 2010 2:35 pm
Forum: Beginner Basics
Topic: GUI config
Replies: 11
Views: 3458

Re: GUI config

Great - thanks for that.

Now to work out how to use dynamic IP addresses for IPSec VPN's (or just get a solid OpenVPN install happening) and I will be a happy man.
by ilium007
Tue Oct 19, 2010 2:28 pm
Forum: Beginner Basics
Topic: PM'ing on this forum
Replies: 3
Views: 1106

Re: PM'ing on this forum

OK cool - thanks.
by ilium007
Tue Oct 19, 2010 2:28 pm
Forum: Beginner Basics
Topic: GUI config
Replies: 11
Views: 3458

Re: GUI config

awesome - I can use other monitoring tools such as Nagios I assume. I haven;t looked at the RouterOS SNMP support as yet.

If I can configure ALL options via CLI I will be happy enough.
by ilium007
Tue Oct 19, 2010 2:16 pm
Forum: Beginner Basics
Topic: GUI config
Replies: 11
Views: 3458

Re: GUI config

Didn't mean to offend man... just saying...it's a strange name to call a product. Anyway - its not the Windows computers we don't want, it's any form of O/S licensing associated with Microsoft.

Can RouterOS be configured via CLI or web interface ?
by ilium007
Tue Oct 19, 2010 2:11 pm
Forum: Beginner Basics
Topic: PM'ing on this forum
Replies: 3
Views: 1106

PM'ing on this forum

Also - can someone tell me how to get PM'ing turned on. I read the FAQ's and it says that I can;t PM because of up to 3 issues, not logged on etc etc or a mod has disabled. Not sure why I would be disabled.

Cheers.
by ilium007
Tue Oct 19, 2010 2:09 pm
Forum: Beginner Basics
Topic: GUI config
Replies: 11
Views: 3458

GUI config

Hi - Does anyone know if there is a Java based GUI instead of the 'Dude'. We are a 100% Microsoft free organisation and this is one of 2 things holding us back from RouterOS. The other is the inability to find a way to get an IPSec VPN running with dynamic DNS / IP's. Any help appreciated. **EDIT - ...
by ilium007
Tue Oct 19, 2010 1:55 pm
Forum: General
Topic: MUM in Australia. Would you come?
Replies: 113
Views: 33622

Re: MUM in Australia. Would you come?

Another vote for Brisbane - i'd be there
by ilium007
Mon Feb 01, 2010 9:48 pm
Forum: Beginner Basics
Topic: MikroTik to MikroTik VPN - OpenVPN or IPSec
Replies: 15
Views: 29328

Re: MikroTik to MikroTik VPN - OpenVPN or IPSec

I have been doing IPSec VPNs to low end devices (Draytek, Billion, Linksys and Netgear) for years with dynamic ips. Why is it so hard for Mikrotik to implement?
by ilium007
Mon Feb 01, 2010 1:25 pm
Forum: Beginner Basics
Topic: MikroTik to MikroTik VPN - OpenVPN or IPSec
Replies: 15
Views: 29328

Re: MikroTik to MikroTik VPN - OpenVPN or IPSec

I have read that page, the examples are much better than I have found anywhere to date. I couple of questions though. Some people have reported issues around SA flushing, is there any fix to this with the later versions of RouterOS ? Also, I think I can see now why people are having issues with dyna...
by ilium007
Mon Feb 01, 2010 1:12 pm
Forum: Beginner Basics
Topic: MikroTik to MikroTik VPN - OpenVPN or IPSec
Replies: 15
Views: 29328

Re: MikroTik to MikroTik VPN - OpenVPN or IPSec

Ha cool - reading that now. Didn't think to look in the old user manual. Just to confirm, does the VPN dial on traffic 'from' or 'to' a specific subnet ?? I definitely have only ever seen a VPN dial on traffic 'to' a specific subnet - at least thats what I need t do here. Thanks again.
by ilium007
Mon Feb 01, 2010 11:00 am
Forum: Beginner Basics
Topic: MikroTik to MikroTik VPN - OpenVPN or IPSec
Replies: 15
Views: 29328

Re: MikroTik to MikroTik VPN - OpenVPN or IPSec

So - I have read all of those pages, still no MikroTik to MikroTik IPsec example from the CLI. Also, my plan is to have configs for up to 50 VPN's but only dial on demand. Most other routers I have dealt with will only connect the VPN when they receive traffic for a particular subnet on an interface...
by ilium007
Sun Jan 31, 2010 10:14 am
Forum: Beginner Basics
Topic: MikroTik to MikroTik VPN - OpenVPN or IPSec
Replies: 15
Views: 29328

MikroTik to MikroTik VPN - OpenVPN or IPSec

Hi all - first post here. I am looking to set up a number of VPN's (around 50) to my clients for the purposes of remote support. I am looking at a number of router O/S's and hardware platforms, obviously MikroTik is a strong contender at this point. I am looking at using RB750G's at client sites but...