MikroTik

Babujnik

I believe it requires nfs4.1 in order to mount properly share on ROS.
currently I find rose-storage a bit buggy, i.e doest not mount iscsii from qnap/Synology NAS at all, causing hangout.

Babujnik

any news on fixing issues with iscsi from QNAP/Synology target ?
SUP-109114 opened since April on this issue...

Babujnik

rose-manager still does not work with QNAP/Synology iscsi targets

Babujnik

not much option to choose from

Screenshot 2023-03-23 at 10.43.58.png

Babujnik

Hi,

is it just me or there is a general issue with LED for ether3 interface ?
it' simply just not blinking, although interface is up, running, and connection is working without issue. no other interfaces is having this issue. just not sure if to return device for warranty or not

Babujnik

that's why I'm asking :) as soon as I add rules before fasttrack: 3 ;;; cust: guests download chain=forward action=accept connection-state=established,related dst-address=192.168.100.0/24 log=no log-prefix="" 4 ;;; cust: guests upload chain=forward action=accept connection-state=establishe...

Babujnik

Here's an example of how I build these. This is a CCR2004 so I can get away with a bit more than on a 4011 but principals are the same. This is a very effective model. I don't use vlans per so this is IP matched match ip and mark UL and DL packets separately via mangle Add a queue tree with NO mark...

Babujnik

ROSE-MANAGER still cannot mount iscsi devices from QNAP/Synology NAS to CHR: [237610.752320] iSCSI_F:iscsi_target_login.c:803:iscsi_post_login_handler Login - I[MikroTik][MTK_IP:42944], T[iqn.2000-01.com.synology:valhalla.default-target.cf7d36ec4c8][SYNOLOGY_IP:3260], P[iSCSI/TCP] [237610.788037] iS...

Babujnik

Interesing, as there seems to be issue while trying to run containers from iscsi/nfs disks: [user@lab] /container> add remote-image=pihole/pihole:latest interface=test envlist=pihole_envs root-dir=iscsi/pihole [user@lab] /container> pr 0 name="961c061d-628b-4b29-9cc5-1b25152952f8" tag=&quo...

Babujnik

@rameex43 make raid1 with tcp-nvme drives @Babujnik Thanks we will try to fix this. @sirbryan Simple partitioning will be available in upcoming versions. We will check what we can do about LVM or ZFS. @issme RDMA is different beast, currently its not planned. must have been issue from QNAP side, as...

Babujnik

Any news of native for Linux/MacOS version of winbox ?

Babujnik

not sure if this is purely to CHR related, but I can't properly list iSCSI on x86 machine: [admin@lab] /disk> add iscsi-address=192.168.0.100 iscsi-iqn=iqn.2004-04.com.qnap:ts-251:iscsi.lab.f84517 slot=nas type=iscsi [admin@lab] /disk> pr action timed out - try again, if error continues contact Mikr...

Babujnik

ok.. so how do You import ED25519 SSH keys ?
You can not. This is about ed25519 key exchange. Let's hope host keys and public key authentication will follow...

my bad ! thanks for clarification

Babujnik

ok.. so how do You import ED25519 SSH keys ?

public keys generated with "ssh-keygen -t ed25519" seems not to import on RoS:

[user@tik] /user/ssh-keys> import public-key-file=id_ed25519.pub user=user
unable to load key file (wrong format or bad passphrase)!

Babujnik

you configure it like any other IPSEC/IKEv2, just in "identities" you set up "pre shared key" as authorisation method. that's your PSK for android client.

Babujnik

interesting... when I'm connecting with RoadWarrior to SiteB, I can without any issue reach subnets on SiteA. when other way around - connection RoadWarrior to SiteA - I cannot reach subnet on SiteB. below configs of IPSEC and FIREWALL SiteA /ip firewall address-list add address=192.168.0.4 list=lte...

Babujnik

having same issue between RB760iGS and CHG, both on latest 7.5.
no idea about your case, but in my situation, devices in the end manage to establish connection. sometimes takes 10min, sometimes 40

Babujnik

Or maybe I've misunderstood what you had in mind, and you actually mean that road warriors connected to Site A cannot access subnets on Site B?

apologies if wasn't clear, RoadWarrior connects to SiteA with IPSEC, but cannot access subnets on SiteB.

Babujnik

it's already in main post but: # serial number = A36A0D0B008A /ip ipsec mode-config add address-pool=vpn_pool name=roadwarrior /ip ipsec policy group add name=roadwarrior /ip ipsec profile add dh-group=modp1024 enc-algorithm=aes-128 name=roadwarrior add dh-group=modp2048 enc-algorithm=aes-128 name=i...

Babujnik

one question though - how to make sure that ROADWARRIOR can access SiteB ? because currently I see that it's reaching only SiteA

Babujnik

that was fast

that's for answer - that did the work.

I think I need a break from configuration as I'm starting to make some basic mistakes and not able to find them -_-

Babujnik

Hi, I've recently set site-to-site connection with IPSEC. peers are established, policies seems to be up. but for some reason I can get connection only in one direction. from SiteB to SiteA is working fine, the opposite direction - no chance. any idea what to take a look on ? I've tried similar sett...

Babujnik

Hi Sindy, I haven't stripped any internal network addresses O_o. anyway, just to have all information in one spot: Site_A (valhalla): # sep/29/2022 16:16:49 by RouterOS 7.5 # software id = CKQB-FCBE # # model = RB760iGS # serial number = A36A0D0B008A add client-to-client-forwarding=yes local-forward...

Babujnik

I've temporary switched to L2TP+BCP, but still no luck: /tool/sniffer/quick interface=mgmt ip-protocol=tcp port=ssh ip-address=192.168.101.9 Columns: INTERFACE, TIME, NUM, DIR, SRC-MAC, DST-MAC, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, SIZE, CPU INTERFACE TIME NUM DIR SRC-MAC DST-MAC SRC-ADDRESS DST-ADDR...

Babujnik

Hi Sindy, you're perfectly right, should have thought about exporting more info. guess I've spend too much time on thinking why there is issue with connection.. my apologies :) below export from siteA: /ip ipsec policy group add name=road_warriors /ip ipsec profile add name=road_warriors /ip ipsec p...

Babujnik

Hi everyone, I'm having some issue with (probably) MTU settings in site-2-site connection and L2TP connection to one site. here's config SiteA: /interface bridge add admin-mac=9E:B9:9C:3F:B0:E7 auto-mac=no name=br_100_mgmt add admin-mac=08:55:31:0D:C8:F5 auto-mac=no name=br_200_home add admin-mac=D4...

Babujnik

What about VxLAN over IPsec?
i was wondering about that too. or via wireguard maybe

vxlan via L2tp+ipsec

your remote IP's will be those from L2TP connection

Babujnik

does OSPF works over WireGuard ? I just get hello packets and nothing more...

Babujnik

from what I've seen - anytime you change variable, you need to remove and create new container.

Babujnik

Hi, I've noticed some issue with revoking certificates on Mikrotik with external CRL. I'm using easy-rsa on linux box (192.168.0.151) to generate/sign/revoke certificates. some sort of small PKI I've generated certificate, exported it as p12 and imported on mikrotik as shown below: [noyes@midgard] /...

Babujnik

depends on your electric infrastructure. i can easily get 300mbps between two Fritz devices. and utilizing 100mbps when my ISP gives me 250mbps is a huge loss

Babujnik

I'm having Fritz! PLC, and works fine.
But there is no chance of monitoring devices unless you're plugged in directly. having it on RouterOS would definitely help and allow for other functionality

Babujnik

Hey,

are you planning to release powerline adapter (like https://mikrotik.com/product/pwr_line_ap) but with gigabit interface ?
I would be really interested in such solution

Babujnik

damn.. good to know about that -_- now just question if only to buy a custom repeater, or another MT device and set it up as repeater :D 2,4 GHz is having good range, but with that amount of noise I have near (at least 15 other networks), it's really hard to get good speed. thanks for reposones guys.

Babujnik

Hi, I have a device RouterBOARD 962UiGS-5HacT2HnT, and I've configured it to use both, 5GHz as main network and 2,4GHz wireless interfaces (for some older devices). for some reason, 5Ghz network is having far more worse range. can you please take a look on my config and advise what can I tweak ? 0 R...

Babujnik

is it only me, or wireless performance on 6.42.5 is really bad ? (RouterBOARD 962UiGS-5HacT2HnT) Is ANI enabled? /interface wireless set adaptive-noise-immunity=ap-and-client-mode wlan2 /interface wireless set adaptive-noise-immunity=ap-and-client-mode wlan1 No, i haven't set this function. I can r...

Babujnik

is it only me, or wireless performance on 6.42.5 is really bad ? (RouterBOARD 962UiGS-5HacT2HnT) Maybe it is device specific? No disconnection or slow network with RBD52G-5HacD2HnD running 6.42.5 maybe it is as you mentioned. haven't changed anything else in environment, except update to 6.42.5. go...

Babujnik

is it only me, or wireless performance on 6.42.5 is really bad ? today I couldn't even work from home, was disconnected every few minutes. speed between workstation and NAS (laptop--WIFI->RB--LAN->NAS) was runing around 800kbs (5Ghz Network !). when downgraded to 6.42.4 - works like a charm (RouterB...

Babujnik

Hi, This is my first post as I encountered issue which started to bother me a lot - wireless speed short topology: modem --> RB951Ui-2HnD--> client problem: - speed between modem and mikrotik: ~90Mbps/20Mbps - speed (via Wifi) between client and Mikrotik: ~ 40/20Mbps - speed (via eth) between client...

Search found 39 matches

Re: network drive

Re: v7.10rc is released!

Re: v7.9beta [testing] is released!

Re: HAP AX^2 ether3 LED

HAP AX^2 ether3 LED

Re: FQ_Codel and Mikrotik CCR CPU Utilization

Re: FQ_Codel and Mikrotik CCR CPU Utilization

Re: v7.8 [stable] is released!

Re: 7.8beta2 adds new package ROSE-storage

Re: 7.8beta2 adds new package ROSE-storage

Re: WinBox v3.37 released!

Re: 7.8beta2 adds new package ROSE-storage

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: IKEv2/IPSec PSK server

Re: IPSEC site-to-site connection only one direction [SOLVED]

Re: l2tp with ipsec mschap2 auth issue

Re: IPSEC site-to-site connection only one direction [SOLVED]

Re: IPSEC site-to-site connection only one direction [SOLVED]

Re: IPSEC site-to-site connection only one direction [SOLVED]

Re: IPSEC site-to-site connection only one direction [SOLVED]

IPSEC site-to-site connection only one direction [SOLVED]

Re: EoIP + L2TP + IPSEC MTU issue

Re: EoIP + L2TP + IPSEC MTU issue

Re: EoIP + L2TP + IPSEC MTU issue

EoIP + L2TP + IPSEC MTU issue

Re: VxLAN example configuration

Re: v7.1 is released!

Re: v7.1rc3 adds Docker (TM) compatible container support

Mikrotik not revoking certificate from CRL

Re: Powerline with 1gbit

Re: Powerline with 1gbit

Powerline with 1gbit

Re: poor range of 5Ghz, comparing to 2,4Ghz

poor range of 5Ghz, comparing to 2,4Ghz

Re: v6.42.5 [current]

Re: v6.42.5 [current]

Re: v6.42.5 [current]

wireless speed