Community discussions

MikroTik App

Search found 345 matches

  • 1
  • 2
by osc86
Tue Mar 12, 2024 10:24 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 417
Views: 68443

Re: v7.14.1 [stable] is released!

@jsadler sounds like your setup is a bit more complicated than mine. I've assigned dedicated ip addresses (/30) to loopback interfaces which are explictely used as src and dst addresses for eoip interfaces on both sides. (still using bridges instead of lo). Addresses are distributed using ospf, conn...
by osc86
Tue Mar 12, 2024 8:58 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 417
Views: 68443

Re: v7.14.1 [stable] is released!

@jsadler I'm using eoip + local address without issues in 7.14.1. When you say that the local address is not being honored, the first thing you should check is the connection table (IP->Firewall->Connections). Set up a destination address filter that matches the value of dst-addr of the eoip interfa...
by osc86
Tue Mar 12, 2024 12:21 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 417
Views: 68443

Re: v7.14.1 [stable] is released!

Is this expected behaviour? of course this is expected behavior. people finally need to stop thinking of wireguard being just another server / client vpn software, which gives up after x unsuccessful connection attempts; it is not! once a peer has learned a peer's remote address, it will try to est...
by osc86
Mon Mar 11, 2024 7:45 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 417
Views: 68443

Re: v7.14.1 [stable] is released!

*) vrf - fixed VRF interfaces being moved to main table after reboot (introduced in v7.14);
#notfixed - it's getting ridiculous..
by osc86
Tue Mar 05, 2024 11:46 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 281
Views: 43406

Re: v7.15beta [testing] is released!

When do you plan to implement feature that just about any other vendor have ? PPSK... what are you talking about? PPSK feature exists since forever, long before other vendors supported it. WiFi -> Access List (capsmanv2) Wireless -> CAPsMAN -> Access List (legacy capsman) Wireless -> Wireless -> Ac...
by osc86
Mon Mar 04, 2024 3:00 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 281
Views: 43406

Re: v7.15beta [testing] is released!

Please add documentation for mvrp.
by osc86
Sat Mar 02, 2024 6:12 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 417
Views: 68443

Re: v7.14 [stable] is released!

It seems the issue is that even when the interface of the VPN is added to the VRF via ip->VRF list, the wireguard VPN interface isn't dynamically added to the VRF it was assigned when IP route assignments come up. 7.13.5 It works and behaves as expected, but in this case all wireguard interfaces so...
by osc86
Wed Dec 20, 2023 4:32 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 147902

Re: v7.14beta [testing] is released!

I'll try it in GNS3 later today.
Edit: seems to work fine in initial testing
by osc86
Wed Dec 20, 2023 3:42 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 147902

Re: v7.14beta [testing] is released!

*) system - expose "lo" interface;
no more fake loopback bridges required for ospf :)
by osc86
Mon Dec 18, 2023 7:39 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253244

Re: v7.13 [stable] is released!

I don't have the Wireless Wire, but a CubeG-5ac60ad kit. Both have similar hardware.
Updated both units the day 7.13 was released. 60G link has an uptime of over 3 days now.
No issues so far, should be safe to update.
by osc86
Mon Dec 11, 2023 2:18 pm
Forum: Announcements
Topic: v7.13rc [testing] is released!
Replies: 178
Views: 49136

Re: v7.13rc [testing] is released!

how is this a bug? The order doesn’t matter - at all.
There is also no equivalent brctl command to do that in linux.
by osc86
Thu Dec 07, 2023 9:23 pm
Forum: Forwarding Protocols
Topic: Question about OSPF route filtering
Replies: 6
Views: 1654

Re: Question about OSPF route filtering

Hi vingjfg, thank you for the suggestions. I tried both, but unfortunately it didn't make any difference. The catch-all rule generally works, so I've looked at the OSPF configuration again. It seems that subnets assigned to interfaces that are added using interface-templates cannot be excluded by an...
by osc86
Thu Dec 07, 2023 3:48 pm
Forum: Forwarding Protocols
Topic: Question about OSPF route filtering
Replies: 6
Views: 1654

Question about OSPF route filtering

Hi there, I'm encountering an issue with OSPF redistribution. I've configured an ospf-out ruleset to filter specific routes, but it seems that 10.242.99.X/32 routes are not being filtered. Based on my understanding, this shouldn't happen, as there's a catch-all reject rule at the end and the given s...
by osc86
Mon Dec 04, 2023 2:12 pm
Forum: Announcements
Topic: v7.13rc [testing] is released!
Replies: 178
Views: 49136

Re: v7.13rc [testing] is released!

no issues with ospf in 7.13rc2. Have it running on 2 separate installations, rather small topology, but routing and route exchange works.
by osc86
Wed Nov 15, 2023 10:21 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 86992

Re: v7.13beta [testing] is released!

Both CAPsMAN systems can work at the same time. Yes, they use the same port, but they differ the "call" from CAP and recognise which one must manage the CAP. Common mistake might be that old CAPsMAN is trying to generate certificate on a system where WiFi CAPsMAN was already made on older...
by osc86
Tue Nov 14, 2023 6:42 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 86992

Re: v7.13beta [testing] is released!

@alibloke, Although this solution might work, I don't believe it's optimal. I've always understood this to be a list of interfaces from which connections from caps are permitted, rather than capsman binding to these interfaces; instead of 0.0.0.0. Even if it works, I'd consider this bad practice. Tw...
by osc86
Tue Nov 14, 2023 5:28 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 86992

Re: v7.13beta [testing] is released!

..which means you can now use a single router to run both old and new CAPsMAN. It's not working here, at least not in parallel, since both capsman daemons try to bind to the same port 5246/udp, and the one that boots up first, wins. On my device it's either A or B, and I don't see an option to bind...
by osc86
Tue Nov 14, 2023 3:59 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 86992

Re: v7.13beta [testing] is released!

updated a CCR2004 to 7.13beta1. Moved some hapac2 w/ wifi-qcom-ac package over to the new "WiFi capsman". The remaining devices lost connection to old capsman v1. Is it not possible to have both capsman versions running on the same device? I don't see any other reason why capsmanv1 should'...
by osc86
Mon Nov 13, 2023 7:38 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 86992

Re: v7.13beta [testing] is released!

I welcome the partial split into separate packages as we knew it in v6, but maybe the "WiFi" menu should go into a separate "wifi" package so we can uninstall that as well.
+1, it's a mess currently
2023-11-13 at 18.41.17.png
by osc86
Mon Nov 13, 2023 6:29 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 86992

Re: v7.13beta [testing] is released!

I don't think it's a good idea to automatically install wireless package on chr. Having multiple WiFi / Wireless menus in winbox after installing the wireless package is extremely confusing.
by osc86
Fri Oct 27, 2023 10:14 pm
Forum: Beginner Basics
Topic: Mikrotik KNOT8Kit - loses LoRaWan settings after restart
Replies: 2
Views: 1622

Re: Mikrotik KNOT8Kit - loses LoRaWan settings after restart

No, that shouldn't happen. Are you using the old lora extra package or the iot package? Since 7.11 Lora is included in the iot package, so the old one is no longer needed. Mine came with ROS 7.0.5 and had both installed, try to remove the lora package if it exists, reboot and do the config in "...
by osc86
Fri Aug 25, 2023 6:15 pm
Forum: Announcements
Topic: v7.12beta [testing] is released!
Replies: 263
Views: 122464

Re: v7.12beta [testing] is released!

yes. that is a welcome addition - hopefully this will come to winbox (and maybe webgui) too
..with support for QR-codes like BTH has.
by osc86
Tue Jul 25, 2023 10:27 am
Forum: Announcements
Topic: v7.11beta [testing] is released!
Replies: 373
Views: 104420

Re: v7.11beta [testing] is released!

it's the DHCP server itself so no interface has `trusted=yes` configured
Every uplink port on every switch between the dhcp server and client needs to have trusted=yes set (both directions).
by osc86
Fri Jul 21, 2023 2:19 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 35504

Re: Forum moderation volunteers

nice to see that the amount of mods has been increased. btw..how is this one guy allowed to repeatedly spam the release topics with his self-caused wifi problems, that are obviously unrelated to current ros releases? His problems are 100% caused by user error and the unwillingsness to rtfm.
by osc86
Tue Jul 18, 2023 2:17 pm
Forum: Announcements
Topic: v7.11beta [testing] is released!
Replies: 373
Views: 104420

Re: v7.11beta [testing] is released!

don't know if it's a winbox or ros bug:
if you enable bth and copy the generated "back-to-home-vpn" firewall rule, you're unable to move the new rule afterwards: cannot move builtin (6).
by osc86
Tue Jul 18, 2023 10:09 am
Forum: Announcements
Topic: v7.11beta [testing] is released!
Replies: 373
Views: 104420

Re: v7.11beta [testing] is released!

@gigabyte091 BTH tested and is working ok here, even behind NAT. Remember to add an additional allow rule, in case you put a deny all rule at the end of your forward chain.
by osc86
Tue May 23, 2023 10:59 am
Forum: Announcements
Topic: v7.9.1 [stable] is released!
Replies: 59
Views: 17907

Re: v7.9.1 [stable] is released!

fasttrack counters are not working on hap ax3
by osc86
Mon May 22, 2023 7:10 pm
Forum: General
Topic: "Routing Table" Parameter for IPv6 Routes Not in Effect (v7.5) [SOLVED]
Replies: 17
Views: 3575

Re: "Routing Table" Parameter for IPv6 Routes Not in Effect (v7.5) [SOLVED]

I'm not sure if this thread should be marked as solved yet. The routing rule works, yes, but it's at best a workaround. ipv6 policy routing should be configured exactly the way it is done with v4, without the need of adding any additional rules. Since this is still not fixed in 7.10betaX, has anyone...
by osc86
Sun May 07, 2023 6:51 pm
Forum: Announcements
Topic: v7.9 [stable] is released!
Replies: 242
Views: 53702

Re: v7.9 [stable] is released!

I'm still seeing random ospf timeouts every few hours with 7.9. With 7.6 I had days of uptime without any disconnects or timeouts. I already set up netwatch to check the reachability of the neighbor, no downtimes reported in the log. The dead timer is set to 40 seconds (default), which should be mor...
by osc86
Thu May 04, 2023 6:36 pm
Forum: Announcements
Topic: v7.9 [stable] is released!
Replies: 242
Views: 53702

Re: v7.9 [stable] is released!

yes, I have fully deployed IPv6, I'll take a look, thanks.
by osc86
Thu May 04, 2023 6:17 pm
Forum: Announcements
Topic: v7.9 [stable] is released!
Replies: 242
Views: 53702

Re: v7.9 [stable] is released!

Since I upgraded to 7.9 (from 7.9rc2) my Homepod seems to have connection issues. I'm getting "The Home hub is not responding / The Home hub is now responding" notifications several times a day. Wifi controller shows an uptime of 1d+ for this device without an increased rate in retransmiss...
by osc86
Fri Mar 31, 2023 1:41 pm
Forum: Announcements
Topic: v7.9rc is released!
Replies: 253
Views: 75007

Re: v7.9rc is released!

thanks for this new release.

*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
please also do that when the router is rebooted (updates, maintenance).

And please fix PoE on hap ax3 to stay on when rebooting the device.
by osc86
Sat Mar 25, 2023 1:06 pm
Forum: Announcements
Topic: v7.9beta [testing] is released!
Replies: 118
Views: 25303

Re: v7.9beta [testing] is released!

5Ghz radio again not authenticating clients after ~12h uptime. Nothing but a reboot seems to fix it. Am I the only one having these issues on the hap ax3?
by osc86
Fri Mar 24, 2023 7:10 pm
Forum: Announcements
Topic: v7.9beta [testing] is released!
Replies: 118
Views: 25303

Re: v7.9beta [testing] is released!

upgraded my hap ax3 from 7.8 to this release, an iPhone X and an iPhone 14 Pro can no longer connect to my WPA3-PSK network. Both asking for a password, if entered again, “incorrect password”. A MacBook Air was able to connect. Still investigating what’s wrong. EDIT: Not a single 5Ghz enabled device...
by osc86
Fri Mar 24, 2023 11:46 am
Forum: Announcements
Topic: v7.9beta [testing] is released!
Replies: 118
Views: 25303

Re: v7.9beta [testing] is released!

Thanks for testing colinardo, this is very good news, thanks Mikrotik!
by osc86
Fri Mar 24, 2023 11:31 am
Forum: Announcements
Topic: v7.9beta [testing] is released!
Replies: 118
Views: 25303

Re: v7.9beta [testing] is released!

*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
I hope this not only happens when the address is deactivated but also every time the address is changed, like when a new address from a pool is assigned.
by osc86
Thu Mar 23, 2023 11:23 am
Forum: General
Topic: HAP AX^2 ether3 LED
Replies: 2
Views: 401

Re: HAP AX^2 ether3 LED

Check if it's configured correctly: System > LEDs.
You want led3 set to interface activity.
by osc86
Tue Mar 21, 2023 6:39 pm
Forum: Announcements
Topic: SwOS version 2.13 released!
Replies: 63
Views: 292736

Re: SwOS version 2.13 released!

ACLs or anything that messes with multicast? igmp snooping etc.
by osc86
Mon Feb 20, 2023 4:53 pm
Forum: General
Topic: how does L3HW actually works?
Replies: 128
Views: 32043

Re: how does L3HW actually works?

Wow, thank you for the list. Well, I'm using LACP, VLANs, and most inter-vlan traffic is passing through the same interface (in/out), as most traffic is going over the LACP (2x10G) Link to the CRS328. That's really unfortunate, and I couldn't find any of the mentioned limitations on the wiki page. G...
by osc86
Mon Feb 20, 2023 4:03 pm
Forum: General
Topic: how does L3HW actually works?
Replies: 128
Views: 32043

Re: how does L3HW actually works?

Hi @IPANetEngineer, you are correct, I was trying to do fw-offloading, but without NAT. The only interface I use NAT on is of type pppoe, which connections can't be offloaded anyway IIRC. I need firewall filtering between all vlans, this is why I can't just enable full L3-Offloading, and fw-offloadi...
by osc86
Mon Feb 20, 2023 12:57 pm
Forum: General
Topic: how does L3HW actually works?
Replies: 128
Views: 32043

Re: how does L3HW actually works?

Please share the solution here, once the problem is solved. I'm really interested if it's a configuration error or a bug. I never could get L3 offloaded inter-vlan routing working on my 2116, reading the wiki page dozens of times, and trying every possible configuration. IP communication worked, but...
by osc86
Fri Feb 03, 2023 10:31 am
Forum: General
Topic: CRS326-24S+2Q+ IPv6 forwarding Stopps working
Replies: 4
Views: 504

Re: CRS326-24S+2Q+ IPv6 forwarding Stopps working

Do you have IGMP Snooping enabled in bridge settings? It's buggy since version 0.001 and was never fixed, not even in V7.
by osc86
Tue Jan 24, 2023 9:49 pm
Forum: Wireless Networking
Topic: HAP AX3 WifiWave2 CAPSMAN
Replies: 43
Views: 18792

Re: HAP AX3 WifiWave2 CAPSMAN

I really hope they'll add support for capsman forwarding in the next release, not the best solution to add vxlan/eoip everywhere and bridge cap interfaces locally
by osc86
Mon Jan 16, 2023 10:25 pm
Forum: Wireless Networking
Topic: CubeSA 60Pro ac: 60Ghz clients flapping
Replies: 105
Views: 21433

Re: CubeSA 60Pro ac: 60Ghz clients flapping

ALL 60 GHz devices have this problem. It is not an ARM-thing
I can only speak for a pair of Cube 60G ac we use, but they run pretty stable, just upgraded them to 7.7 a few days ago.
2023-01-16 at 21.21.13.png
by osc86
Thu Jan 12, 2023 5:59 pm
Forum: Announcements
Topic: v7.7 [stable] is released!
Replies: 357
Views: 112108

Re: v7.7 [stable] is released!

updated my hap ax3, PoE was not correctly initialized after the reboot, and required the cable in port1 to be unplugged and plugged in again to power the connected CSS610
by osc86
Sun Jan 08, 2023 3:17 pm
Forum: Announcements
Topic: v7.7rc is released!
Replies: 259
Views: 88399

Re: v7.7rc is released!

Maybe DNSBench can help, I don't remeber if it also displays errors
by osc86
Fri Jan 06, 2023 6:06 pm
Forum: General
Topic: Login with Default Admin and No Password is Failing
Replies: 27
Views: 17287

Re: Login with Default Admin and No Password is Failing

WTF is going on, I have exactly the same issue with my new C53UiG+5HPaxD2HPaxD (hap ax3). The device came with 7.6 pre-installed and login was not possible with admin / empty . No - there's no sticker on the device or in the package indicating a changed default password. The manual also states that ...
by osc86
Thu Jan 05, 2023 2:13 pm
Forum: Announcements
Topic: SwOS Lite version 2.14 released!
Replies: 48
Views: 274961

Re: SwOS Lite version 2.14 released!

It's probably a confguration issue, trunks and vlans are working without any issue on this device running 2.14. For a trunk port see this working example (everything is tagged, even management - not a hybrid port): VLAN Tab: 2023-01-05 at 13.15.13.png VLANs Tab: 2023-01-05 at 13.14.56.png System Tab...
by osc86
Fri Nov 04, 2022 2:51 pm
Forum: Announcements
Topic: v7.7beta [testing] is released!
Replies: 322
Views: 122459

Re: v7.7beta [testing] is released!

*) vxlan - added "local-address" parameter support;
Please add local-address and vrf parameter support also to vtep configuration
by osc86
Fri Oct 28, 2022 5:03 pm
Forum: General
Topic: Wifi Calling
Replies: 6
Views: 1117

Re: Wifi Calling

clients use IKEv2 to establish an ipsec connection with the provider. Make sure you don't block 500/udp, 4500/udp and ESP protocol in forwarding chain. No problems here with WiFi Calling using Unifi and Mikrotik wireless. If you're testing this on an iPhone you can force it to use Wifi Calling, by e...
by osc86
Thu Oct 27, 2022 8:46 pm
Forum: General
Topic: VRRP on VLAN inside EOIP Tunnel
Replies: 4
Views: 533

Re: VRRP on VLAN inside EOIP Tunnel

IGMP snooping since it's introduction has and still is causing many problems, also with IPv6. On routers I usually turn it off, and at that time I don't expect that it will ever get fixed. I don't know why, but on SWOS igmp snooping seems to work way more reliable, without breaking multicast-depende...
by osc86
Thu Oct 27, 2022 8:26 pm
Forum: General
Topic: Can't get 25g ports to come up on CCR2004 when upgrading to V7
Replies: 8
Views: 1417

Re: Can't get 25g ports to come up on CCR2004 when upgrading to V7

I don't remember the default setting of fec mode, if it's auto, maybe it just works when both devices are running V7 and if they are connected to a Mikrotik Router running V6 or another vendor, manual adjustment of this parameter is required. Just a wild guess.
by osc86
Thu Oct 27, 2022 8:06 pm
Forum: General
Topic: VXLAN inside L2TP+IPSec
Replies: 4
Views: 1188

Re: VXLAN inside L2TP+IPSec

fasttrack is not available on hap ac2, and ipsec hw acceleration, at least in the tests I've done, never really made a significant difference in terms of throughput. Nevertheless it's worth trying, maybe you'll get a few extra Mb/s. Edit: to correct my post, fasttrack is only available for wireless...
by osc86
Thu Oct 27, 2022 7:48 pm
Forum: General
Topic: Can't get 25g ports to come up on CCR2004 when upgrading to V7
Replies: 8
Views: 1417

Re: Can't get 25g ports to come up on CCR2004 when upgrading to V7

can't tell, my CCR2004 is connected to a HPE FF 5945. But if I had to guess, it should work with the other CCR still running v6.
by osc86
Thu Oct 27, 2022 7:30 pm
Forum: General
Topic: Can't get 25g ports to come up on CCR2004 when upgrading to V7
Replies: 8
Views: 1417

Re: Can't get 25g ports to come up on CCR2004 when upgrading to V7

try different fec modes, had to set mine to fec91 to get it working using 25G. (Interface -> SFP Tab -> FEC Mode).
CCR2004-1G-12S+2XS running ROS7.4.1

2022-10-27 at 18.28.14.png
by osc86
Thu Oct 27, 2022 7:06 pm
Forum: General
Topic: VXLAN inside L2TP+IPSec
Replies: 4
Views: 1188

Re: VXLAN inside L2TP+IPSec

I'm using VxLAN over wireguard between two hap ac2, but it's not that much faster.
[SUM]   0.00-10.00  sec  83.2 MBytes  69.8 Mbits/sec                  sender
[SUM]   0.00-10.00  sec  82.8 MBytes  69.5 Mbits/sec                  receiver
by osc86
Mon Oct 24, 2022 10:09 pm
Forum: General
Topic: Winbox - I see all VLANS
Replies: 7
Views: 770

Re: Winbox - I see all VLANS

add name=BRIDGE protocol-mode=none
your vlan config is incomplete, add vlan-filtering=yes to your bridge config and depending on your setup also frame-types=admit-only-vlan-tagged
by osc86
Fri Oct 21, 2022 5:32 pm
Forum: General
Topic: how does L3HW actually works?
Replies: 128
Views: 32043

Re: how does L3HW actually works?

When WAN has vlans & LAN has vlans. How to configure Fasttrack Connections Offloading + NAT ? ... Since it's introduction I never got it working on my CCR2116, and I'm pretty sure it's not a configuration issue, following the requirements of L3+Hardware+Offloading . I attended a webinar held by...
by osc86
Wed Oct 19, 2022 12:32 am
Forum: Announcements
Topic: v7.6 [stable] is released!
Replies: 279
Views: 141843

Re: v7.6 [stable] is released!

not a valid dns name (6)
I'm getting the same error on my device (arm64).
by osc86
Mon Oct 10, 2022 8:09 pm
Forum: Announcements
Topic: v7.6rc is released!
Replies: 94
Views: 28033

Re: v7.6rc is released!

wireguard peer rx/tx counters reset to 0 at 4GB
by osc86
Fri Sep 30, 2022 11:36 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

@Seán in case you want to upgrade to beta10 again, please post the output of :put [:resolve smile.amazon.co.uk] when this error occurs
by osc86
Fri Sep 30, 2022 8:12 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

Please add source-ip parameter to vtep config, currently it's a big mess when using loopback addresses as remote endpoints.
by osc86
Sat Sep 24, 2022 2:29 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

what I don't understand is why the MTU is reduced by 32 bytes when using macsec. The 802.1AE header + ICV are injected into the ethernet frame. Sure your L2MTU needs to be large enough to fit the additional 32 bytes, but the MTU should stay the same.. Maybe I'm wrong but it doesn't make sense to me....
by osc86
Sat Sep 24, 2022 1:55 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

@elpeh the slave interfaces have to be enabled and connected on both sides
by osc86
Tue Sep 13, 2022 7:53 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

@raimondsp IPv6 hw offload didn't work either in my test, but currently I'm focusing only on IPv4. I removed like 90% of the configuration and ended up with probably the most simple setup. However it still isn't working. Here is the export of /int and /ip. There are some routes with invalid gateways...
by osc86
Tue Sep 13, 2022 3:39 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

For me l3hw offloading doesn't seem to work at all. I read the help page multiple times, but couldn't find anything I may have misconfigured. I got it working once for a few seconds, after making changes to the bridge configuration, then there was a H entry in the connection list. But a few seconds ...
by osc86
Thu Sep 08, 2022 5:23 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

*) l3hw - fixed "H" flag presence for accelerated connection tracking entries; does this work for anyone? I have l3hw offloading enabled on my CCR2116 and fasttrack enabled for all established,related connections but I've never seen a H flag in the connection list (ipv4/ipv6). Even when I ...
by osc86
Tue Sep 06, 2022 8:50 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

Can you connect to the device via console and post the whole output whilst you do an upgrade? MikroTik 7.5 (stable) CORE Login: Rebooting... ERROR: upgrade failed, free 33 kB disk space for a (null)upgrade [277810.368297] reboot: Restarting system stage2_loader v3.63.2 Memory repair completed withi...
by osc86
Fri Sep 02, 2022 9:08 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

@aliclubb yes there's an active network. I disabled it, but no luck. I even removed the whole zerotier package and tried to update without success. routeros is the only package installed now on that device and it won't let me update, I also tried to upload the firmware file manually. Still nothing i...
by osc86
Fri Sep 02, 2022 3:15 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 60937

Re: v7.6beta [testing] is released!

My CCR2116 is unable to update to this version, there's nothing in the logs, 42MB free diskspace. It downloads the 7.6beta4 image, reboots and comes up again with version 7.5.
2-Partition setup, user-manager and zerotier extra packages are installed.
by osc86
Thu Sep 01, 2022 2:01 pm
Forum: Announcements
Topic: v7.5 [stable] is released!
Replies: 219
Views: 68362

Re: v7.5 [stable] is released!

2x CubeG-5ac60ad constantly rebooting every 1-3 Minutes, both upgraded from 7.4.1 to 7.5.
EDIT: The issue seems to be related to the W60G interface, once disabled, the reboots stop.
Downgraded to 7.4.1 and devices are stable again with W60G interface enabled.
by osc86
Wed Aug 31, 2022 1:46 pm
Forum: General
Topic: SSH key import on V7.3.1
Replies: 9
Views: 2611

Re: SSH key import on V7.3.1

DES and RSA1 keys are deprecated, ECDSA and ED25519 are not yet supported in ROS, your keypair needs to be RSA2.
by osc86
Thu Aug 25, 2022 11:47 pm
Forum: Announcements
Topic: WinBox v3.37 released!
Replies: 110
Views: 139375

Re: WinBox v3.37 released!

Kid control is a feature clearly intended for home usage.. whatever your need is to export this data to something like splunk. The raw data could still be counted / exported in bytes, this topic is about winbox, it'd be easy to convert it to reasonable values and just display it in megabytes/gigabyt...
by osc86
Thu Aug 25, 2022 10:33 pm
Forum: Announcements
Topic: WinBox v3.37 released!
Replies: 110
Views: 139375

Re: WinBox v3.37 released!

IP/Kid Control/Devices: why is the traffic shown in bytes? Please make it show in gigabytes or at least megabytes.
by osc86
Tue Aug 23, 2022 11:07 am
Forum: Announcements
Topic: v7.5rc is released!
Replies: 86
Views: 20814

Re: v7.5rc is released!

bfd in netwatch would be a nice improvement and even more important, please make the bfd option in check-gateway work.
by osc86
Mon Aug 22, 2022 4:46 pm
Forum: General
Topic: Wireguard performance on hap AC2
Replies: 2
Views: 2804

Re: Wireguard performance on hap AC2

I get 245/207 Mb/s on a hap ac2 using wireguard. CPU is above 90%, so I think this is the max one can get with this hardware. 1G/1G Uplink.
by osc86
Tue Aug 16, 2022 4:11 pm
Forum: Announcements
Topic: Newsletter 107
Replies: 50
Views: 26161

Re: Newsletter 107

Why should they? This is why RB4011 and similar devices exist. I'm almost certain that there'll be something like a RB5011 in the near future. (RB5009 + ax)
by osc86
Mon Aug 15, 2022 4:56 pm
Forum: Announcements
Topic: Newsletter 107
Replies: 50
Views: 26161

Re: Newsletter 107

- fully agree, the default fans in the CRS and CCR series are terrible - also going to replace mine with noctuas
- not a big fan of the front port labeling on the hap ax2, I II III IIII IIIII, just confusing
by osc86
Sat Aug 13, 2022 11:24 am
Forum: Announcements
Topic: Re: v7.4.1 [stable] is released!
Replies: 99
Views: 31664

Re: v7.4.1 [stable] is released!

I'm using 2x XS+DA0001 with my CCR2116 and both work flawless, no matter of the ROS version. No link-downs, 10G, no problems at all.
by osc86
Wed Jul 27, 2022 10:56 am
Forum: Announcements
Topic: v7.5beta [testing] is released!
Replies: 138
Views: 45583

Re: v7.5beta [testing] is released!

does this now also work when DoH is enabled?
by osc86
Tue Jul 26, 2022 7:08 pm
Forum: Announcements
Topic: v7.4 [stable] is released!
Replies: 226
Views: 54608

Re: v7.4 [stable] is released!

@holvoetn @jhbarrantes thank you for your feedback, installation went well today using 7.4. (what is going on with that sim slot? I had to use so much force to get it in..)
by osc86
Mon Jul 25, 2022 9:56 am
Forum: Forwarding Protocols
Topic: How to do a simple Inter VRF route leak?
Replies: 5
Views: 3097

Re: How to do a simple Inter VRF route leak?

/routing rule add action=lookup-only-in-table disabled=no dst-address=192.168.72.0/23 table=A /ip route add disabled=no distance=1 dst-address=192.168.23.0/24 gateway=<interface> routing-table=A add disabled=no distance=1 dst-address=192.168.24.0/24 gateway=<interface> routing-table=A replace <inte...
by osc86
Sun Jul 24, 2022 1:00 pm
Forum: Announcements
Topic: v7.4 [stable] is released!
Replies: 226
Views: 54608

Re: v7.4 [stable] is released!

I just ordered an SXT LTE6 Kit and would like to know if I can safely run this release on it. I have no experience with any lte products from mikrotik. Usually I connect everything using dsl or fibre but this time the isp can't provide such a connection in time, so I have to use lte for a few weeks....
by osc86
Thu Jul 21, 2022 11:56 pm
Forum: Announcements
Topic: v7.4 [stable] is released!
Replies: 226
Views: 54608

Re: v7.4 [stable] is released!

@Zacharias netinstall didn’t work. RMA center confirmed that the device is broken.
by osc86
Thu Jul 21, 2022 10:23 pm
Forum: Announcements
Topic: v7.4 [stable] is released!
Replies: 226
Views: 54608

Re: v7.4 [stable] is released!

if it looks like that, it's probably dead. I had to rma my RB5009, just 4 days after I got it. Died during fw update.
IMG_0755.jpeg
by osc86
Wed Jul 13, 2022 6:44 pm
Forum: Forwarding Protocols
Topic: BGP with BFD
Replies: 27
Views: 7401

Re: BGP with BFD

Can we get an update on this? For me it's still not working in 7.4rc2.
by osc86
Mon Jun 27, 2022 4:52 pm
Forum: Announcements
Topic: v7.4beta [testing] is released!
Replies: 189
Views: 60447

Re: v7.4beta [testing] is released!

what is Routing/GMP?
EDIT: just found the wiki page.. never heard of this before
https://help.mikrotik.com/docs/display/ ... t+Protocol
by osc86
Mon Jun 20, 2022 12:56 pm
Forum: RouterOS beta
Topic: posts not strictly related to: v7.4beta [testing]
Replies: 165
Views: 11764

Re: v7.4beta [testing] is released!

and proxy_ndp!!
by osc86
Thu Jun 16, 2022 6:47 pm
Forum: Announcements
Topic: v7.4beta [testing] is released!
Replies: 189
Views: 60447

Re: v7.4beta [testing] is released!

thanks for the netwatch improvements, but I agree, src-address parameter is also needed.
any ETA when we can expect a working igmp part of PIM?
by osc86
Tue May 31, 2022 9:01 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3rc [testing] is released!

seems we got CAKE back?
by osc86
Tue May 24, 2022 2:46 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

Import of public key files is broken in beta40 (rsa). I tried with an older known-working one, and a newly generated one. Tested on arm64 (CCR2116). /user/ssh-keys> import public-key-file=UNIMUS.pub user=unimus error - contact MikroTik support and send a supout file (2) Edit: Seems the whole ssh stu...
by osc86
Mon May 23, 2022 3:48 pm
Forum: Announcements
Topic: NEWSLETTER 105
Replies: 56
Views: 44222

Re: NEWSLETTER 105

Does partitioning currently work on the CCR2116? I’ve heard of the RB5009 still having problems.
by osc86
Wed May 18, 2022 10:01 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

I also noticed when interacting with cake, like adding a new queue, trying to apply it to an interface, printing the queue type list, it always generates a 5 second lag on my router. At first I thought the router crashed.
by osc86
Wed Apr 27, 2022 7:23 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

exactly what happens on my device; technically it crashes and the router is unresponsive, it only reboots because I've enabled watchdog. Thanks for the input, I'll continue my testings. I also have filed a ticket (SUP-78584).
by osc86
Wed Apr 27, 2022 6:10 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

@marlab I have the exact same issue with my hap ac2 (also arm). The device reboots every ˜3h42m. I'm still trying to find the exact cause for it. This problem started with 7.2.0; 7.1.5 was stable. Are you absolutely sure capsman is causing this? Anything else running on this device like eoip, wiregu...
by osc86
Thu Apr 21, 2022 10:12 am
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 45663

Re: v7.2.1 [stable] is released!

Create a new routing table if you want to do policy routing. Or use a VRF if you need additional security for separating l3 networks.
https://help.mikrotik.com/docs/display/ ... g+Examples
https://help.mikrotik.com/docs/pages/vi ... eId=328206
by osc86
Thu Apr 21, 2022 2:28 am
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

the netinstall program is just a big mess. I don't understand why bootp is even required, completely unnecessary and overengineered. When starting in netinstall-mode the router should just listen to a predefined ip address and start up an sshd, so one can upload the system package using scp or sftp ...
by osc86
Wed Apr 20, 2022 9:59 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

Does the Router appear automatically again in Netinstall after you reboot it? Sure you didn't change /system/routerboard/settings/boot-device to ethernet?!
by osc86
Wed Apr 20, 2022 9:50 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

I updated my CCR2004 and this time, all went well. No boot loops, no config is lost. I can't believe it myself.
by osc86
Wed Apr 13, 2022 11:44 pm
Forum: Announcements
Topic: v7.3rc [testing] is released!
Replies: 452
Views: 101203

Re: v7.3beta [testing] is released!

It seems 6to4 interface routes are not installed in vrf with 7.3. /interface 6to4 add !keepalive mtu=1480 name=HE remote-address=X.X.X.X /ip vrf add interfaces=HE name=VRF-HE /ipv6 address add address=2001:470:xxxx:cc::2 advertise=no interface=HE no-dad=yes /routing/route/pr det where immediate-gw=H...
by osc86
Wed Apr 13, 2022 6:18 pm
Forum: Announcements
Topic: Missing RouterOS configuration after a reboot on very rare occasions [SOLVED]
Replies: 73
Views: 34476

Re: Missing RouterOS configuration after a reboot on very rare occasions [SOLVED]

I just have the case of missing parts of the configuration after updating a CCR2004 from 7.2 to 7.3b33. I took a verbose export and a supout, anything else I can do? I need to get the router up and running again asap. First thing I noticed is that all wireguard interfaces are gone, ether1 reset to d...
by osc86
Tue Apr 12, 2022 6:00 pm
Forum: General
Topic: Feature Request: Ed25519 SSH keys
Replies: 57
Views: 19777

Re: Feature Request: Ed25519 SSH keys

It seems we first need support for modern signature algorithms (rsa-sha2-256/512, ssh-ed25519, ecdsa-sha2-nistp256/384/521). With the release of OpenSSH 9.0, ssh-rsa is officially deprecated and disabled by default, which seems to be the only supported algorithm in RouterOS 6+7 (next to ssh-dss, als...
by osc86
Mon Apr 11, 2022 5:12 pm
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 60125

Re: v7.2 is released!

he.net tunnels are working ok in 7.2. Make sure your endpoint address matches your current public address (tunnelbroker.net), it is not updated automatically. Always use the cli to add routes. Winbox route menu is still buggy af, don't know about webfig.
by osc86
Fri Apr 08, 2022 9:40 am
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 60125

Re: v7.2 is released!

Like I mentioned earlier, I also have problems with constant reboots on my hap ac2 running 7.2. I don't think it's a hardware defect because with 7.1.5 it runs for days without a reboot. I created a ticket and already send a few supouts. While I'm waiting for a response from support, I tried to find...
by osc86
Wed Apr 06, 2022 10:41 am
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 60125

Re: v7.2 is released!

Hawkeye583: when the "use-doh-server" parameter is set, the "servers" parameter is ignored. Since you have used an fqdn as the doh server, it can't be resolved. You either have to create a static A/AAAA record for cloudflare-dns.com or use the ip address in the url. The easiest w...
by osc86
Tue Apr 05, 2022 2:58 pm
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 60125

Re: v7.2 is released!

@peichl I have a ticket open (with supout files), it was just to inform others that it's still not fixed in 7.2 stable
by osc86
Tue Apr 05, 2022 2:54 pm
Forum: Announcements
Topic: v7.2 is released!
Replies: 359
Views: 60125

Re: v7.2 is released!

unfortunately, the memory leak is not fixed (hap ac2)
by osc86
Mon Apr 04, 2022 2:11 pm
Forum: Announcements
Topic: v7.2rc6 and v7.2rc7 is released!
Replies: 100
Views: 19655

Re: v7.2rc6 and v7.2rc7 is released!

I know, it is enabled, I have the cpu and hdd graphs but the memory graph isn't there.
/tool graphing
set page-refresh=300 store-every=5min
/tool graphing resource
add allow-address=0.0.0.0/0 disabled=no store-on-disk=yes
2022-04-04 at 13.15.08.png
by osc86
Mon Apr 04, 2022 1:11 pm
Forum: Announcements
Topic: v7.2rc6 and v7.2rc7 is released!
Replies: 100
Views: 19655

Re: v7.2rc6 and v7.2rc7 is released!

@CTassisF I have the same problem on a hap ac2. The device has not a lot of memory, so it reboots every 3h42m.
I wanted to check the memory usage on a CCR2004-16G-2S+ running rc7, but the Memory Graph isn't even showing up under Tools / Graphing / Resource Graphs...
by osc86
Fri Apr 01, 2022 12:32 pm
Forum: Announcements
Topic: v7.2rc6 and v7.2rc7 is released!
Replies: 100
Views: 19655

Re: v7.2rc6 and v7.2rc7 is released!

One of my hap ac2 is rebooting every 3h42m since I upgraded to 7.2rc7. It didn't do that with 7.1.5.
I already checked, it's not because of low memory. I'll write to support.
2022-04-01 11_22_36-172.16.50.91 Logs _ LibreNMS - Brave.png
by osc86
Thu Mar 31, 2022 10:08 pm
Forum: Announcements
Topic: v7.1.4 and v7.1.5 is released!
Replies: 202
Views: 38888

Re: v7.1.4 and v7.1.5 is released!

7.2rc6 has some fixes for redistribution of OSPF & RIP into OSPF via route filters.
yes, my issue is fixed with 7.2rc7
by osc86
Wed Mar 30, 2022 11:33 am
Forum: Announcements
Topic: v7.1.4 and v7.1.5 is released!
Replies: 202
Views: 38888

Re: v7.1.4 and v7.1.5 is released!

is the ospf / instances / redistribute option supposed to work in 7.1.5? For me it's not working, even when nothing is checked, at least all connected routes are redistributed.
I solved it with route filters for now.
by osc86
Wed Mar 23, 2022 7:28 pm
Forum: Announcements
Topic: v7.2rc5 is released!
Replies: 91
Views: 23460

Re: v7.2rc5 is released!

There's still a bug in the IPv6 firewall forward chain: If an interface belongs to a vrf and you specify the same interface as in-interface, packets are not matched against the rule. In my case the packet matched the deny-all rule at the end and devices couldn't connect. in-interface parameter works...
by osc86
Wed Mar 02, 2022 3:41 pm
Forum: Announcements
Topic: v6.49.4 [stable] is released!
Replies: 38
Views: 18142

Re: v6.49.4 [stable] is released!

/ipv6 nd
set [ find default=yes ] advertise-dns=no interface=bridge1 ra-interval=\
    10s-30s
by osc86
Fri Feb 25, 2022 4:46 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55654

Re: v7.1.3 is released!

sounds like you use the same security profile on both interfaces
by osc86
Fri Feb 25, 2022 2:45 pm
Forum: RouterOS beta
Topic: 7.1.3 Zerotier issue [SOLVED]
Replies: 4
Views: 2269

Re: 7.1.3 Zerotier issue [SOLVED]

and if you choose to use a custom subnet in the controller by specifying the start and end ip address, make sure you have a matching route for this subnet in the controller as well. Without it, peers won’t get addresses assigned, even when the managed flag is set. so if you choose 10.13.37.1 - 10.13...
by osc86
Fri Feb 25, 2022 2:05 pm
Forum: General
Topic: Clients lose IPv6-Connectivity after a few minutes [SOLVED]
Replies: 9
Views: 8613

Re: Clients lose IPv6-Connectivity after a few minutes [SOLVED]

In ROSv7 an additional multicast package isn’t required, igmp-proxy and pim are included in the base system. However pim is still not functioning in 7.1.3 / 7.2rcX and the igmp part of pim is not yet implemented. I’m currently using mrouted on a rpi for multicast routing, together with avahi for mdn...
by osc86
Fri Feb 25, 2022 9:39 am
Forum: Announcements
Topic: v7.2rc4 is released!
Replies: 143
Views: 41620

Re: v7.2rc4 is released!

you explained that a lot better than me, but it's exactly what I meant. It was a pain to restore the router yesterday using an export file taken from the same device the night before. There were some logical / ordering issues within the file, that wouldn't let me restore the config at once. So I had...
by osc86
Thu Feb 24, 2022 1:04 am
Forum: Announcements
Topic: v7.2rc4 is released!
Replies: 143
Views: 41620

Re: v7.2rc4 is released!

I upgraded a CCR2004-16G-2S+ from 7.2rc3 to 7.2rc4. After I experienced an issue with one vlan not passing traffic anymore, I restarted the router. This was the second reboot after the upgrade, the first one happened right after the ros update to update routerboot. The router didn't come back online...
by osc86
Wed Feb 23, 2022 3:52 pm
Forum: Announcements
Topic: SwOS Lite version 2.14 released!
Replies: 48
Views: 274961

Re: SwOS Lite version 2.14 released!

which sfp+ module do you use in the CSS610?
by osc86
Wed Feb 23, 2022 2:38 pm
Forum: RouterOS beta
Topic: Let's Encrypt cert renewal
Replies: 31
Views: 21545

Re: Let's Encrypt cert renewal

letsencrypt-autogen_2022-02-23T12:29:26Z
why are certificates requested from le named so weird? Is it too much to just use the SAN as name?
by osc86
Thu Feb 03, 2022 8:28 pm
Forum: Announcements
Topic: SwOS Lite version 2.14 released!
Replies: 48
Views: 274961

Re: SwOS Lite version 2.14 released!

SNMP + LibreNMS, gets me stats about health, throughput, link up/down events, interface errors, stp, etc.
by osc86
Fri Jan 28, 2022 7:26 pm
Forum: Announcements
Topic: v7.2rc2 and v7.2rc3 is released!
Replies: 222
Views: 84678

Re: v7.2rc2 and v7.2rc3 is released!

I updated a CCR2004-16G-2S+ to 7.2rc3; after the 3rd reboot, I lost all 4 wireguard interfaces. Rebooted again and they were still missing. Loaded a backup and everything is ok again.
by osc86
Tue Jan 25, 2022 10:47 am
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223444

Re: v7.1.1 is released!

I think I just got this "ROUTER HAS NO SOFTWARE KEY" problem on an RB941-2nD. Before the device went offline, it showed 7.1.1 (Level 0) via snmp. I have to check tomorrow.
by osc86
Thu Jan 20, 2022 12:51 am
Forum: General
Topic: Clients lose IPv6-Connectivity after a few minutes [SOLVED]
Replies: 9
Views: 8613

Re: Clients lose IPv6-Connectivity after a few minutes [SOLVED]

I think the igmp-snooping code hasn't been touched since v6. I had 7.1 running on a CRS328 which caused various problems with multicast - incuding the one I described in my first post. I moved to SwOS on that device and these kind of problems went away. I'm really not sure what exactly is causing ig...
by osc86
Fri Jan 14, 2022 5:07 pm
Forum: Announcements
Topic: v7.2rc1 is released!
Replies: 240
Views: 159315

Re: v7.2rc1 is released!

Edit: ok solved, the romon config was wiped from the other device. Don't know when or why this happened. Edit2: But I still can't get romon to detect devices if only a vlan Interface is specified. Example: Router1 == eoip (tagged vlan99) == Router2 - the devices can't see each other in romon (commun...
by osc86
Fri Jan 14, 2022 3:35 pm
Forum: Announcements
Topic: v7.2rc1 is released!
Replies: 240
Views: 159315

Re: v7.2rc1 is released!

Does RoMoN work for anyone? No devices are shown in the discovery menu. Haven't seen a report in this thread that there's a problem with romon. Am I the only one?
by osc86
Sun Jan 09, 2022 3:01 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223444

Re: v7.1.1 is released!

they are just tables, you can use IPv4 and IPv6 routes with them. For adding IPv6 routes to a table other than main, you currently have to use the cli, winbox still doesn't show the routing-table parameter.
by osc86
Fri Jan 07, 2022 12:39 pm
Forum: Announcements
Topic: WinBox v3.32 released!
Replies: 65
Views: 93145

Re: WinBox v3.32 released!

agreed, this would be a very useful feature
by osc86
Sun Dec 26, 2021 11:50 pm
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223444

Re: v7.1.1 is released!

@infabo
/sys watchdog/set watchdog-timer=yes automatic-supout=yes
look for a file named autosupout.rif in the root directory after the router has locked up / rebooted by watchdog timer.
by osc86
Sat Dec 25, 2021 12:29 am
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 65
Views: 97641

Re: WinBox v3.31 released!

fc00::/7 addresses are displayed as "Global" in ipv6 address table, which is technically wrong; they're ULA - not globally routable.
by osc86
Fri Dec 24, 2021 7:01 pm
Forum: Announcements
Topic: v7.2rc1 is released!
Replies: 240
Views: 159315

Re: v7.2rc1 is released!

I’ve now moved to swos, not using any routing functionality on this device anyway.
Currently everything works as it should with igmp snooping enabled.
by osc86
Fri Dec 24, 2021 5:02 pm
Forum: Announcements
Topic: v7.2rc1 is released!
Replies: 240
Views: 159315

Re: v7.2rc1 is released!

I really hoped the days with broken igmp-snooping were over with ROS7, but apparently they aren't. I have a CRS328-24P-4S+ that refuses to forward icmpv6 frames between ports, unless I disable igmp snooping. The igmp querier shown in bridge status is correct, no bridge filter rules, ip firewall disa...
by osc86
Tue Dec 14, 2021 11:36 am
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 is released!

I also observed bridge filters not working in 7.1, which worked fine in 6.49.1. One example: add action=drop chain=forward comment="FW MULTICAST" packet-type=multicast This blocked all multicast traffic including igmp requests. In 7.1 no frames are matched. I've set up acl rules on the ups...
by osc86
Sun Dec 12, 2021 1:29 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 is released!

what is going on with IP Cloud in 7.1? I can see 2 different dns-names in Winbox and CLI, when hitting F5. One is the actual SN of the device, like it always was. The other one looks like this 455a01d2eaf030.sn.mynetname.net. The problem here is that it's always random which of these dns-names are g...
by osc86
Tue Dec 07, 2021 9:58 am
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 is released!

@benoga I got an answer from support. I’ll try that tomorrow, when I’m in the office. Here’s the response I got, you may want to check that. #[SUP-67981]: Connect a serial cable to this device, open the serial console, and make sure that you have successfully connected to RouterOS CLI. Now leave the...
by osc86
Mon Dec 06, 2021 1:04 pm
Forum: RouterOS beta
Topic: Does PIM work AT ALL on 7.1?
Replies: 12
Views: 6493

Re: Does PIM work AT ALL on 7.1?

also tried it and can confirm it is not working at all. A few users have asked about the current status, but didn't get an answer from Mikrotik.
by osc86
Mon Dec 06, 2021 12:57 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 is released!

and to Long Term 👀
by osc86
Mon Dec 06, 2021 12:07 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 is released!

@dksoft thank you for the script, I'll try it later today. I'm not sure if it helps in my case, because when I added the cap to the controller, the router was already up for a few hours and capsman was started before the cap connected. Another strange thing I noticed, when I connected the 951Ui-2HnD...
by osc86
Sun Dec 05, 2021 11:45 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 is released!

I'm able to generate a kernel panic on a CCR2004-1G-12S+2XS (capsman controller) when I enable caps-mode on a 951Ui-2HnD. If I leave this enabled, the CCR is rebooting in a loop. Cap certificate was just generated, capsman controller is reached via IP, not discovery interface. There's nothing in the...
by osc86
Sun Dec 05, 2021 10:17 pm
Forum: RouterOS beta
Topic: Problem with Policy-Routing in 7.1 on CCR2004-1G-12S+2XS [SOLVED]
Replies: 2
Views: 2030

Re: Problem with Policy-Routing in 7.1 on CCR2004-1G-12S+2XS [SOLVED]

Thanks mducharme!
I added the in-interface matcher to the second rule and it works. I tried a few different things, don’t know why I overlooked this.
by osc86
Sun Dec 05, 2021 1:54 pm
Forum: RouterOS beta
Topic: Problem with Policy-Routing in 7.1 on CCR2004-1G-12S+2XS [SOLVED]
Replies: 2
Views: 2030

Problem with Policy-Routing in 7.1 on CCR2004-1G-12S+2XS [SOLVED]

Hello, yesterday I upgraded a CCR2004-1G-12S+2XS from 6.49.1 to 7.1. Of course the upgrade failed, the device ended up in a reboot loop, so I had to netinstall it with 7.1. When I reconfigured the device I faced a problem with policy routing I'm currently unable to solve. I've done this many times b...
by osc86
Fri Dec 03, 2021 3:53 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 [testing] is released!

RB951Ui-2HnD (mipsbe) running 6.48.5 is trying to download separate packages instead of bundle package. Tried testing and development channel. Uploading the file manually now.
by osc86
Thu Dec 02, 2021 7:42 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 [testing] is released!

/routing/pimsm/igmp-interface-template> print
error - contact MikroTik support and send a supout file (3)
Please give us an update on the current development status of pimsm.
by osc86
Thu Dec 02, 2021 6:27 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 222997

Re: v7.1 [testing] is released!

even with 7.1 ROS still reports system,error,critical router was rebooted without proper shutdown between normal updates
by osc86
Mon Nov 29, 2021 11:44 am
Forum: RouterOS beta
Topic: v7.1rc7 [development] is released!
Replies: 174
Views: 54545

Re: v7.1rc7 [development] is released!

I just noticed that networks defined in wireguard peer "AllowedAddress" are not dynamically added to the routing table.
Wireguard for linux, windows and mac (except for 0.0.0.0/0) does this automatically. Please consider changing this.
by osc86
Fri Nov 26, 2021 6:01 pm
Forum: RouterOS beta
Topic: v7.1rc7 [development] is released!
Replies: 174
Views: 54545

Re: v7.1rc7 [development] is released!

IPv6 masquerading is working fine here
by osc86
Fri Nov 26, 2021 5:43 pm
Forum: RouterOS beta
Topic: v7.1rc7 [development] is released!
Replies: 174
Views: 54545

Re: v7.1rc7 [development] is released!

@markmcn, traffic wasn't encrypted / decrypted properly, so no communication between peers was possible. in-state-protocol-errors counter went up. I had this problem on a CCR2004-16G-2S+, I'm glad it's solved with rc7. Spent hours debugging it in rc6, but couldn't find a configuration error. Now I k...
by osc86
Fri Nov 26, 2021 3:29 pm
Forum: RouterOS beta
Topic: v7.1rc7 [development] is released!
Replies: 174
Views: 54545

Re: v7.1rc7 [development] is released!

Thanks for fixing ipsec on arm/arm64.
Still a problem in rc7, when a peer is disabled, the corresponding policies are not marked invalid.
The result is, affected policies are still installed in kernel, and blocking traffic between src and dst networks defined in these policies.
by osc86
Tue Nov 23, 2021 10:48 am
Forum: RouterOS beta
Topic: v7.1rc6 [development] is released!
Replies: 145
Views: 56059

Re: v7.1rc6 [development] is released!

Unlike pim, igmp-proxy is working fine here on 2 different devices. I can't imagine it only doesn't work on a RB5009. Check that you don't accidently block igmp, and make sure the RB5009 is the igmp-querier for all downstream interfaces. Also try to disable and re-enable igmp-snooping in bridge sett...
by osc86
Sat Nov 20, 2021 4:55 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 138
Views: 80143

Re: v6.49.1 [stable] is released!

Updated a CCR2004-1G-12S+2XS from 6.49 to 6.49.1.
Exactly one day later, the router was rebooted by watchdog. This is not looking good, will keep an eye on it.
by osc86
Thu Nov 18, 2021 5:21 pm
Forum: RouterOS beta
Topic: v7.1rc6 [development] is released!
Replies: 145
Views: 56059

Re: v7.1rc6 [development] is released!

Updated a CCR1009 from rc5 to rc6:
- /ip ipsec identities were wiped, and newly created ones get deleted with every reboot
- deleted my Loopback Bridge Interface
- deleted all GRE+EOIP+WG Tunnel Interfaces
- didn't update zerotier package; deleted it instead
by osc86
Thu Nov 11, 2021 6:00 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 219
Views: 95211

Re: v6.49 [stable] is released!

@BrateloSlava try another version of netinstall, some don't seem to work. Last week I had to download 3 different versions, until I found a working one, I think it was 6.47.10. Same story, Router appeared in netinstall, you hit install and nothing happens, or it is stuck forever at formatting harddi...
by osc86
Mon Nov 08, 2021 4:09 pm
Forum: RouterOS beta
Topic: v7.1rc6 [development] is released!
Replies: 145
Views: 56059

Re: v7.1rc6 [development] is released!

when will PIM-SM be fixed? it isn't working at all currently.
by osc86
Thu Nov 04, 2021 3:33 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 106723

Re: v6.48.5 [long-term] is released!

I have updated 10 hap ac2s and a few hap lites, and didn't have this problem with any of them. I'm using split packages on all of them.
I don't use bundle package anymore with 16MB flash devices.
by osc86
Sun Oct 31, 2021 5:17 pm
Forum: RouterOS beta
Topic: v7.1rc5 [development] is released!
Replies: 167
Views: 48141

Re: v7.1rc5 [development] is released!

/routing/filter/rule/add chain=ospf-out rule="if (dst in 0.0.0.0/0 || protocol connected) {set ospf-ext-type type1; accept}"
Be careful with that last rule, if I'm reading that correctly, you're exporting a default route.
by osc86
Sun Oct 31, 2021 4:03 pm
Forum: RouterOS beta
Topic: v7.1rc5 [development] is released!
Replies: 167
Views: 48141

Re: v7.1rc5 [development] is released!

I have migrated my home router from v6 to v7.1beta5 and noticed a few changes/problems. - It seems ROS DNS server isn't responding to requests that origin from VRFs other than main. I haven't tested if that also applies to other services like ssh, www, etc., but from a security perspective this is a...
by osc86
Tue Oct 26, 2021 11:09 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 219
Views: 95211

Re: v6.49 [stable] is released!

It may be a good idea to turn off auto-upgrade until this mystery has been solved.
by osc86
Mon Oct 18, 2021 4:50 pm
Forum: General
Topic: What to do when Netinstall doesn't respond to boot requests
Replies: 3
Views: 756

Re: What to do when Netinstall doesn't respond to boot requests

set my NIC to a static 192.168.88.55/24
by osc86
Mon Oct 18, 2021 3:49 pm
Forum: General
Topic: What to do when Netinstall doesn't respond to boot requests
Replies: 3
Views: 756

Re: What to do when Netinstall doesn't respond to boot requests

Have you disabled all other network interfaces? I'd also disable windows firewall during the netinstall process.
by osc86
Mon Oct 18, 2021 1:51 pm
Forum: Announcements
Topic: SwOS Lite version 2.14 released!
Replies: 48
Views: 274961

Re: SwOS Lite version 2.14 released!

Is your IPv6 router running ROS? This sounds like the (still unfixed) bug where igmp-snooping is filtering out neighbor advertisements. Check your neighbor table if hosts are showing up with their correct mac address, and if they reappear in the list after they have timed out. I think it's about 4 m...
by osc86
Fri Oct 15, 2021 10:33 pm
Forum: RouterOS beta
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 81538

Re: v7.1rc4 [development] is released!

I just noticed that log files aren't preserved upon reboots on my hapac2. I'm using the dafault disk action. I also tried to move the file to flash/log, without luck. No /log.1.txt is created, and log.0.txt only contains messages since the device has restarted. 1 * name="disk" target=disk ...
by osc86
Tue Oct 12, 2021 2:05 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 219
Views: 95211

Re: v6.49 [stable] is released!

I have a dual-partition setup on my CCR1009. Part0 is used for known-stable versions, Part1 for testing. Part1 was active and had 6.49rc2 installed. The upgrade to 6.49 went ok, but after the second boot when RouterBoot was upgraded it didn't come back online and was stuck in a reboot loop. Tried ev...
by osc86
Thu Oct 07, 2021 8:26 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 219
Views: 95211

Re: v6.49 [stable] is released!

*) sfp28 - changed FEC auto mode to disabled;
no, when I updated a CCR2004-1G-12S+2XS it turned on auto mode and I lost connectivity.
But even with auto mode enabled, it fails to detect the correct mode. fec91 is the only mode that works in my case, configured it manually.
by osc86
Thu Oct 07, 2021 6:31 pm
Forum: General
Topic: Configure IPV6 on Mikrotik [SOLVED]
Replies: 24
Views: 13303

Re: Configure IPV6 on Mikrotik [SOLVED]

How has the ISP configured their end? Have they said the /60 is routed to 2407:xxxx:0:1::2 ? If they have merely attached a /60 to the interface at their end it will never work. I'm in quite the same situation here, the ISP isn't routing the assigned network (in my case it's a /56) to a specific ad...
by osc86
Tue Sep 28, 2021 8:56 pm
Forum: Announcements
Topic: Newsletter 102
Replies: 29
Views: 45803

Re: Newsletter 102

Does the CCR2004-16G-2S+ support L3HW offloading (per switch)?
by osc86
Fri Sep 24, 2021 9:39 am
Forum: General
Topic: IPv6 Routing Mark in Firewall > Mangle Rules
Replies: 60
Views: 21726

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Looking at the v7 Routing Protocol Status Page, it should already work, but how? or is this only the input matcher? routing-mark=abc action=xyz. But even this doesn't make sense, because when we can't add routing-marks how should we match on them.. 2021-09-24 at 08.21.23.png Edit: Answer from suppor...
by osc86
Thu Sep 23, 2021 11:22 pm
Forum: General
Topic: IPv6 Routing Mark in Firewall > Mangle Rules
Replies: 60
Views: 21726

Re: IPv6 Routing Mark in Firewall > Mangle Rules

/ipv6/firewall/mangle> add chain=prerouting connection-mark=C_PR_VPN action=mark-routing passthrough=no new-routing-mark=VRF-VPN
input does not match any value of new-routing-mark

is this still not working in 7.1rc4, or am I doing something wrong?
by osc86
Mon Sep 20, 2021 7:19 pm
Forum: RouterOS beta
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 81538

Re: v7.1rc4 [development] is released!

@dksoft, have you set use-ipv6=yes in your pppoe profile?
by osc86
Sat Sep 18, 2021 3:15 pm
Forum: RouterOS beta
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 49136

Re: v7.1rc3 [development] is released!

You can't downgrade below factory-firmware (/sys routerboard print). There are 2 types of CCR2004, CCR2004-16G-2S+ and CCR2004-1G-12S+2XS.
CCR2004-1G-12S+2XS works with v6, the new CCR2004-16G-2S+ does not.
by osc86
Fri Sep 10, 2021 5:54 pm
Forum: RouterOS beta
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 49136

Re: v7.1rc3 [development] is released!

@jookraw are you sure your devices are rebooting because of the l2mtu? My hapac2 has a relatively simple config and is also rebooting every few hours. Just checked the l2mtu settings on my device and most of them have 1594 / 1598 set. Will lower them to 1592, and see if the random reboots stop. Edit...
by osc86
Thu Sep 09, 2021 11:31 am
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 308312

Re: ZeroTier added to RouterOS v7.1rc2

@rodyeo I have zerotier running on my hapac2, it's already working. The device is rebooting 5-6 times/day, but I think this is because of ROS7 and not the zerotier-addon package.
by osc86
Sat Sep 04, 2021 3:04 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 308312

Re: ZeroTier added to RouterOS v7.1rc2

After installing the zerotier npk on my HAP AC2, my Firewall Filter Rules are all mixed up, and wireless caps settings are gone. I also lost my Loopback Bridge, it's address was still present in /ip/address. One unplanned reboot since I installed the package, nothing in the log, but an autosupout wa...
by osc86
Fri Sep 03, 2021 3:33 pm
Forum: RouterOS beta
Topic: Zerotier Immediate Gateway Unknown [SOLVED]
Replies: 12
Views: 5140

Re: Zerotier Immediate Gateway Unknown [SOLVED]

This *<number> stuff usually means that there is a reference to an unkown interface.
Have you tried renaming the zerotier interface?
Does it look different in the cli?
by osc86
Fri Sep 03, 2021 11:32 am
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 308312

Re: ZeroTier added to RouterOS v7.1rc2

also make sure the network you try to ping is not used in an ipsec policy
by osc86
Thu Sep 02, 2021 9:48 am
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 308312

Re: ZeroTier added to RouterOS v7.1rc2

How does encryption / key exchange work with zerotier? Are the keys / certificates kept locally on the devices, or are they stored in the Cloud, so the provider theoretically could look at the traffic routed through their network? Do you guys have any privacy concerns?
by osc86
Mon Aug 30, 2021 6:27 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75868

Re: v7.1rc1 [development] is released!

is repartitioning working for anyone? I tried it with 7.0.5 and 7.1rc1. After a reboot the router still showed 1 partition. Tried the same with rc2 and it didn't boot up, I think I have to netinstall.
by osc86
Sun Aug 29, 2021 2:02 pm
Forum: General
Topic: RB5009 IPSec Performance
Replies: 33
Views: 15673

Re: RB5009 IPSec Performance

We know! It's just an informative post for people to give an indication what can be expected from this model in terms of ipsec (software) performance.
It's not a rant against Mikrotik or the product itself. I still think it's a good choice for a Homelab Router.
by osc86
Sun Aug 29, 2021 11:05 am
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75868

Re: v7.1rc1 [development] is released!

And please give us the ability for management VRF, currently all management services only works for master instance
+1
by osc86
Sat Aug 28, 2021 9:23 pm
Forum: General
Topic: RB5009 IPSec Performance
Replies: 33
Views: 15673

RB5009 IPSec Performance

Yesterday I received my RB5009UG+S+IN. There's nothing mentioned about the ipsec performance on the product page, so I did some tests how it performs as a Home Router with an IPSec Connection to my Workplace. I bought the RB5009 as a replacement for my CCR1009, which did a great job for the last 4+ ...
by osc86
Sat Aug 28, 2021 5:14 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75868

Re: v7.1rc1 [development] is released!

I don't think any of "stable" let alone "long-term" releases ever had any CLI-only item. There were and still are a lot of things in stable/lt that can only be configured using cli. Only think about the new bridge features introduced with ~6.40 or so. IGMP-Version / MLD-Version ...
by osc86
Fri Aug 27, 2021 3:06 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75868

Re: v7.1rc1 [development] is released!

exactly!
I'll do some tests tomorrow and post the ipsec results I get with the RB5009 (in a new thread).
by osc86
Fri Aug 27, 2021 2:03 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75868

Re: v7.1rc1 [development] is released!

I just received my 5009. Knowing now that ipsec hw acceleration isn't supported is really frustrating. There wasn't a word about this in the newsletter / product page 😡. Is repartitioning working on 7.1rc1? because on 7.0.5 it is not. IGMP-Proxy / PIM Routing also missing. What should people do with...
by osc86
Thu Aug 26, 2021 1:39 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75868

Re: v7.1rc1 [development] is released!

IMO ROS should have all major Root-CAs included by default. Saves a lot of headache with LE and DoH.
by osc86
Mon Aug 23, 2021 7:08 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 68
Views: 72243

Re: v6.48.4 [stable] is released!

upgraded a pair of CubeG-5ac60ad from 6.47.10 to 6.48.4 and one unit didn't survive the upgrade. Have to check tomorrow what's wrong. Probably needs to be netinstalled again.
by osc86
Mon Aug 23, 2021 2:14 pm
Forum: Announcements
Topic: Newsletter 101
Replies: 43
Views: 20452

Re: Newsletter 101

@mada3k yep, preferably the 2.5Gb Port for third party ax APs
by osc86
Mon Aug 23, 2021 12:03 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35029

Re: WinBox v3.29 released!

*) added "Windows" menu for list of all currently opened windows;
Thanks for this improvement.

No issues with resizing columns in any of the windows, never had. Maybe your graphics driver or emulation thing if you're using wine.
by osc86
Mon Aug 09, 2021 6:25 pm
Forum: General
Topic: Did I miss something? New 4011
Replies: 30
Views: 4953

Re: Did I miss something? New 4011

Anyone who already got one of the new devices? I'd be really interested in a speed comparison between hw-accelerated IPSec and WG.
by osc86
Mon Aug 09, 2021 1:55 pm
Forum: General
Topic: Did I miss something? New 4011
Replies: 30
Views: 4953

Re: Did I miss something? New 4011

I'm more interested in real world speedtests for wireguard. Last time I tried wireguard on my CCR1009, I was really disappointed, so I moved the wireguard setup to a RPI4, which offered far better speeds. I'm willing to switch to the new RB5009 or the new CCR2004, if they're able to push at least 1G...
by osc86
Wed Jul 07, 2021 3:52 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624671

Re: Feature requests

@pe1chl didn't know about this, thanks!
by osc86
Wed Jul 07, 2021 3:42 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9554

Re: "TLS Host" option doesn't work

To my knowledge, L7 filter won't help here, but not 100% sure, as I'm not using it too much. You can also add domain names to address lists, for example: /ip firewall address-list add list=windows_update address=download.windowsupdate.com Router will resolve all A-records (not sure if AAAA too) for ...
by osc86
Wed Jul 07, 2021 3:11 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9554

Re: "TLS Host" option doesn't work

You need to have an address-list, like the one crazy-max provides, and route them via vpn like so: /ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=windows_update new-connection-mark=\ c_windows_update passthrough=yes add action=mark-packet chain=prerouting connection...
by osc86
Wed Jul 07, 2021 2:20 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9554

Re: "TLS Host" option doesn't work

This is basically useless to me as I'm using DoH which hides all the DNS from attackers, but you already knew this. Bullshit! Not even the just released Windows 11 pre-release uses DoH or DoT for DNS resolution. It's using the same unencrypted shit that was invented in 1983. You have to understand ...
by osc86
Wed Jul 07, 2021 1:08 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9554

Re: "TLS Host" option doesn't work

Actually it won't be too cpu intensive because only (small) dns packets will be matched against the L7 filter. In this case, the TLS version is unimportant. However, for policy routing a little more is required, you should've mentioned this in your first post. My solution just prevents a successful ...
by osc86
Wed Jul 07, 2021 12:04 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9554

Re: "TLS Host" option doesn't work

I'm actually trying to make it so all Windows Update traffic gets redirected to a VPN
by osc86
Tue Jul 06, 2021 11:19 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9554

Re: "TLS Host" option doesn't work

There are no reports Microsoft is going to enforce users to use DoH or DoT any time soon. And even if they do, If you control the clients, you'll be able to disable it using group policies. Blocking IP ranges is way more useless, as they can change any time and with the increased use of CDNs and IPv...
by osc86
Tue Jul 06, 2021 9:02 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9554

Re: "TLS Host" option doesn't work

TLS Host matcher doesn't work with TLS1.3+. One of the best solutions so far is to force everyone on the network to use a dns resolver you control and block the dns request for this domain. /ip firewall nat add action=dst-nat chain=dstnat dst-address=!<dns-server> dst-port=53 \ protocol=udp to-addre...
by osc86
Tue Jul 06, 2021 7:20 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624671

Re: Feature requests

@SiB While this surely is a good solution for some scenarios, it won't work if you need to make multiple changes to the uplink interface of a remote device. If you need to change the ip address and the pvid of the bridge port, you could only do one of n changes, before losing connection to the route...
by osc86
Tue Jul 06, 2021 6:40 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624671

Re: Feature requests

I'd like to be able to queue changes and apply them all at once. Like an inverted safe mode.
I often need this when I have to make multiple changes to interfaces / ip addresses.
by osc86
Thu Jun 17, 2021 11:28 am
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 241140

Re: v7.1beta6 [development] is released!

I didn't see anything specific in the recent changelogs regarding filtered RS/RA/NS/NA messages when igmp-snooping is being used, only general improvements to igmp-snooping. Currently it's kind of working for me. Sometimes connected routes randomly disappear from the routing table, which is also a k...
by osc86
Wed Jun 16, 2021 5:44 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 241140

Re: v7.1beta6 [development] is released!

@vfreex this problem exists for many months now (v6), and has been reported to support. I hope they get this right with the stable release of v7.
viewtopic.php?f=2&t=161792#p797122
by osc86
Mon Jun 14, 2021 8:47 pm
Forum: Announcements
Topic: SwOS Lite version 2.14 released!
Replies: 48
Views: 274961

Re: SwOS Lite version 2.14 released!

Hello EdPa, thank you for your detailed reply. As for the 0.0.0.0 querier address, this is a special case querier address that should not affect the querier election, the multicast routers and IGMP proxy should ignore such packets. This is not what I've observed here. The packet is not ignored by RO...
by osc86
Fri Jun 11, 2021 9:22 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 148
Views: 65470

Re: v6.47.10 [long-term] is released!

Since I got my 2 CCR2004 they never went above 0RPM, running 6.48.1/.2/.3.. And honestly 52C is nothing. Check fans again when it reaches 75C+. The reboot probably didn't happen because of overheating.
by osc86
Mon Jun 07, 2021 11:58 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 148
Views: 65470

Re: v6.47.10 [long-term] is released!

Which version of RouterOS works correctly for igmp-snooping?
6.47.10 does work correctly.
After some more testing I found out that the issue I'm currently dealing with is because of a newly added CSS610 and it's software, and not the new long-term release. Sorry.
by osc86
Mon Jun 07, 2021 11:36 pm
Forum: Announcements
Topic: SwOS Lite version 2.14 released!
Replies: 48
Views: 274961

Re: SwOS Lite version 2.14 released!

SwOS Lite 2.14 acts as igmp querier using IGMPv3 when igmp-snooping is turned on. You can't change the igmp version being used nor can you turn off the querier function. What makes things worse, it sends out these igmp reports using 0.0.0.0, since it has no IP Address other than on the management vl...
by osc86
Thu Jun 03, 2021 8:39 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 148
Views: 65470

Re: v6.47.10 [long-term] is released!

I've noticed, the igmp-proxy stops working after a few hours. IGMP join requests from downstream interfaces are either ignored by the igmp-proxy or discarded by the bridge. I did a traffic capture on the upstream interface, and no igmp requests is sent, when a client on a downstream interface reques...
by osc86
Fri May 28, 2021 1:21 am
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 111
Views: 69037

Re: v6.48.3 [stable] is released!

I have a CubeG-5ac60ad, since the upgrade to 6.48.2 (which bricked the firmware or config, so I had to netinstall it), it randomly reboots every few hours, sometimes after 48h+. I don't think it's a hardware fault, it's running fine using Long-Term and 6.48.1. In the logs I sometimes see rebooted by...
by osc86
Thu May 27, 2021 3:02 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 111
Views: 69037

Re: v6.48.3 [stable] is released!

I also updated an RBcAPGi-5acD2nD r2 from 6.48(.0) to 6.48.3 without issues. It is also running in CapsMan Mode.
by osc86
Wed May 26, 2021 2:30 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 111
Views: 69037

Re: v6.48.3 [stable] is released!

confirmed, advanced-tools from extras package for arm is broken.
It is not recognized as a valid npk.
2021-05-26 13_27_16-admin@172.17.198.150 (MT-ZOO-MASTER) - WinBox (64bit) v6.47.9 on Cube 60G ac (ar.png
by osc86
Sat May 22, 2021 9:28 pm
Forum: Announcements
Topic: SwOS Lite version 2.13 released!
Replies: 31
Views: 30149

Re: SwOS Lite version 2.13 released!

I made the same observation. Also got my CSS610 yesterday, and noticed that my Devices didn't get an IP address today morning, worked fine yesterday. I'm using DHCP Snooping on all devices between the DHCP server and the CSS and all Ports inbetween are set as trusted. I disabled "Add Informatio...
by osc86
Fri May 21, 2021 11:16 pm
Forum: General
Topic: CRS326-24S+2Q+RM and FAN
Replies: 4
Views: 1817

Re: CRS326-24S+2Q+RM and FAN

Thank you for sharing this article, I didn't even know such wiki article existed. Seems one S+RJ10 is enough to generate this amount of heat, the 3 other ones installed are optical transceivers. I switched to a standard 1Gb/s ethernet port, and it's quiet again. Silence > 10G What I don't understand...
by osc86
Fri May 21, 2021 9:56 pm
Forum: General
Topic: CRS326-24S+2Q+RM and FAN
Replies: 4
Views: 1817

Re: CRS326-24S+2Q+RM and FAN

I have a slightly different Problem with a CRS328-24P-4S+RM. Usually the fans stay below 1000 RPM all the time. Today I connected a CSS610 to one of the SFP+ Ports using S+RJ10s and the fans went haywire. Continuously spinning now at around 8000 RPM, people on the street can hear this thing. Looking...
by osc86
Fri May 21, 2021 8:56 pm
Forum: Announcements
Topic: SwOS Lite version 2.13 released!
Replies: 31
Views: 30149

Re: SwOS Lite version 2.13 released!

I'm using LibreNMS to monitor the CSS610 and the device hasn't rebooted yet.
by osc86
Fri May 14, 2021 11:14 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 141
Views: 61312

Re: v6.48.2 [stable] is released!

/ip route add distance=1 gateway=1.0.0.1 routing-mark=to_WAN2 add distance=2 gateway=1.1.1.1 routing-mark=to_WAN2 add distance=1 gateway=1.1.1.1 routing-mark=to_WAN1 add distance=2 gateway=1.0.0.1 routing-mark=to_WAN1 add check-gateway=ping distance=1 gateway=1.1.1.1 add check-gateway=ping distance...
by osc86
Fri May 14, 2021 12:37 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 141
Views: 61312

Re: v6.48.2 [stable] is released!

and why do you use in-interface-list; do you have multiple wan connections? are the correct interfaces added to that list? Do you have mangle rules that make sure packets leave on the same interface they came in?
by osc86
Wed May 12, 2021 12:19 pm
Forum: General
Topic: problem exclude some ip from firewall block rule
Replies: 4
Views: 6117

Re: problem exclude some ip from firewall block rule

/ip firewall filter add action=accept chain=forward dst-port=443 protocol=tcp tls-host=*.yahoo.com,yahoo.com src-address-list=IT /ip firewall filter add action=reject chain=forward dst-port=443 protocol=tcp reject-with=icmp-admin-prohibited tls-host=*.yahoo.com,yahoo.com you may also want to block Q...
by osc86
Wed May 05, 2021 4:58 pm
Forum: General
Topic: Management Services not accessible from VRF
Replies: 0
Views: 1178

Management Services not accessible from VRF

Hello, today I moved an interface to a new vrf. I want to create some kind of oobm interface with separate routing for management access only, so I can play around without losing access to the router. After I did that the device wasn't reachable anymore using winbox or ssh, ping still worked.. I add...
by osc86
Fri Apr 23, 2021 7:10 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 89071

Re: v6.49beta [testing] is released!

*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address; When can we expect a fix for discarded IPv6 NS/NA/RA messages when IGMP Snooping feature is enabled? In it's current state, IGMP Snooping is unusable, if the device also acts as an IPv6 Router. It's real...
by osc86
Sat Mar 20, 2021 11:22 am
Forum: RouterOS beta
Topic: v7.1beta5 [development] is released!
Replies: 292
Views: 84760

Re: v7.1beta5 [development] is released!

This is usually not needed, because of path mtu discovery (RFC8201). ICMPv6 just needs to be allowed on all routers between Host A and B.
I still see people blocking icmp for "security reasons"...
by osc86
Sat Feb 13, 2021 8:08 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 73
Views: 46372

Re: v6.47.9 [long-term] is released!

hap ac2, exact same dns configuration. There must be something different on those devices showing this problem. Maybe it's a service or setting interacting with the dns, which is disabled on my devices.. just a guess. (Graph)
by osc86
Sat Feb 13, 2021 6:07 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 73
Views: 46372

Re: v6.47.9 [long-term] is released!

strange, I still see no increase in memory usage. The screenshot I posted is from a 750G r3 (hEX). Does this only occur on arm devices?
We use this device at work to provide internet access to guests, not too much traffic, around 100GB/month.
by osc86
Fri Feb 12, 2021 3:09 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 73
Views: 46372

Re: v6.47.9 [long-term] is released!

With 6.47.9, there is currently no indication of memory leaking when DoH is used. /ip dns set allow-remote-requests=yes use-doh-server=https://dns.adguard.com/dns-query verify-doh-cert=yes /ip dns static add address=94.140.14.14 name=dns.adguard.com add address=94.140.15.15 name=dns.adguard.com /cer...
by osc86
Tue Feb 09, 2021 7:59 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 73
Views: 46372

Re: v6.47.9 [long-term] is released!

I updated to this version and enabled DoH. So far everything seems to work as expected. Will keep an eye on the memory usage.
by osc86
Fri Feb 05, 2021 10:13 pm
Forum: RouterOS beta
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 55936

Re: v7.1beta4 [development] is released!

I can't get more than one peer per wireguard instance working at the time.
After a reboot the first client connecting "wins", all other don't receive traffic.
Multiple instances with just one peer each seem to work simultaneously.
by osc86
Fri Jan 29, 2021 12:35 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126844

Re: v6.48 [stable] is released!

Got it, thanks 👍
by osc86
Fri Jan 29, 2021 12:26 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126844

Re: v6.48 [stable] is released!

@peichl Thanks for the explanation. I assumed everything you enter there is treated as a string, because Data doesn't necessarily need to be an IP Address, it could also be a domain name, in case it's a CNAME or PTR record.
by osc86
Thu Jan 28, 2021 7:28 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126844

Re: v6.48 [stable] is released!

Maybe I'm doing something wrong, but the "contains" filter option doesn't work with "Data" in IP -> DNS -> Cache. If you don't put in the full string you won't get any results. But I guess this is what the "is" option is for. I only discovered this, because a few minute...
by osc86
Wed Jan 27, 2021 6:38 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126844

Re: v6.48 [stable] is released!

If you need anything MORE stable - go to Zyxel with their zyfwp.
but keep in mind that you share your admin account with anyone on the internet
by osc86
Fri Jan 08, 2021 6:23 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126844

Re: v6.48 [stable] is released!

I hope we'll get an official statement from a Mikrotik representative. As a workaround I'm currently forwarding all DNS requests to an OpenBSD machine running unbound, which handels DoH and CF just fine. Would be great if this could be done on the router itself.
by osc86
Fri Jan 08, 2021 5:51 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126844

Re: v6.48 [stable] is released!

It seems static DNS records of type FWD are ignored once a DoH server is added.
Is this a design decision or a bug? If this is not going to change, we'll never be able to use it, because we need conditional forwarding.
by osc86
Wed Dec 23, 2020 1:40 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 126844

Re: v6.48 [stable] is released!

Trusted checkbox appears twice in Bridge -> Ports -> <interface> -> General
by osc86
Tue Dec 22, 2020 9:46 pm
Forum: Announcements
Topic: v6.48rc [testing] is released!
Replies: 18
Views: 15066

Re: v6.48rc [testing] is released!

oh, now I see. But it is confusing, needs to be fixed. Didn't notice this in earlier versions.
by osc86
Tue Dec 22, 2020 6:19 pm
Forum: Announcements
Topic: v6.48rc [testing] is released!
Replies: 18
Views: 15066

Re: v6.48rc [testing] is released!

The Trusted checkbox at the top doesn't do anything? The bottom one is for DHCP Trust.
Image
by osc86
Fri Dec 04, 2020 12:21 pm
Forum: RouterOS beta
Topic: v7.1beta3 [development] is released!
Replies: 261
Views: 78625

Re: v7.1beta3 [development] is released!

Which features are missing in your opinion?
avahi / mdns-reflection; I have to do this on a raspberry pi now. It's a necessary feature, if you separate your iot stuff from production networks.
by osc86
Fri Dec 04, 2020 10:51 am
Forum: RouterOS beta
Topic: v7.1beta3 [development] is released!
Replies: 261
Views: 78625

Re: v7.1beta3 [development] is released!

Is this a bug or some kinda of new feature, my bridge gets new MAC every time i reboot router (Hex), just installed beta3, so DHCP reservation is messed up as it gets new ip every reboot. No, this has always been the case - really annoying. The bridge uses the mac-address of one of the slaved inter...
by osc86
Thu Dec 03, 2020 3:17 pm
Forum: RouterOS beta
Topic: v7.1beta3 [development] is released!
Replies: 261
Views: 78625

Re: v7.1beta3 [development] is released!

Updated my HAP AC2 from beta2 to beta3 and the device is constantly rebooting at about 1 minute of uptime.
There was only one critical log entry, the device restarted because of a kernel failure. Downgraded back to beta2.
by osc86
Wed Dec 02, 2020 4:40 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 184
Views: 114201

Re: v6.48beta [testing] is released!

what's in the disk log?
/log pr where buffer=disk topics~"critical"
by osc86
Wed Nov 25, 2020 6:31 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 184
Views: 114201

Re: v6.48beta [testing] is released!

6.48beta58: The default value for "LLDP MED Network Policy VLAN" is invalid. (IP > Neighbors > Discovery Settings)
by osc86
Wed Oct 28, 2020 6:23 pm
Forum: Announcements
Topic: v6.47.6 [stable] is released!
Replies: 39
Views: 24260

Re: v6.47.6 [stable] is released!

you only allow 6Mbit/s basic rate, I use 6,9,12,24. This works fine with all of my devices.
by osc86
Fri Oct 16, 2020 2:04 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 152872

Re: v7.1beta2 [development] is released!

We know that DHCP doesn't work in the current beta (for wireless clients), but for me the wireless interfaces are not passing any kind of traffic. Even if I use a static ip address / DNS / Gateway on a wireless device, it can't connect to any host on the network or the internet. The traffic is bridg...
by osc86
Fri Oct 09, 2020 4:48 pm
Forum: Announcements
Topic: v6.47.4 [stable] is released!
Replies: 68
Views: 36486

Re: v6.47.4 [stable] is released!

Another DHCP feature I request is when a static lease is added, a static ARP entry for this IP Address should also be created. On Interfaces with arp=reply-only this is very useful. When a device later uses the static address instead of dhcp, communication breaks if the ARP entry is not added manual...
by osc86
Wed Oct 07, 2020 7:37 pm
Forum: Announcements
Topic: v6.47.4 [stable] is released!
Replies: 68
Views: 36486

Re: v6.47.4 [stable] is released!

After updating to 6.47.4, my IPTV stopped working. Does anyone know how to fix it? Thank you in advance for your help. I also encountered problems with IPTV or multicast in general. I opened up a ticket with MT support, and currently there seems to be a bug where the "multicast-router=pemanent...
by osc86
Fri Sep 25, 2020 5:17 pm
Forum: General
Topic: Feature Request: ip ospf mtu ignore
Replies: 4
Views: 1705

Feature Request: ip ospf mtu ignore

Can we please get an option to ignore different MTU sizes between routers that run ospf? This should be easy to implement.
I don't even know why ospf cares about this. It's job is to exchange routes, nothing more.
by osc86
Mon Sep 21, 2020 8:11 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 100
Views: 58849

Re: WinBox v3.27 released!

Bridge -> VLANs -> +
Default Value for VLAN IDs is invalid. Happens with latest ROS stable and beta, so this might be a winbox issue.
Screenshot_20200921_190339.png
by osc86
Tue Sep 15, 2020 6:35 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 184
Views: 114201

Re: v6.48beta [testing] is released!

- IGMP-Snooping feature on CCR breaks igmp-proxy. IGMP Join Requests generated by the router on the upstream interface are filtered out by the igmp snooping feature.
When disabled, it works fine, but overloads my eoip tunnels because the traffic is flooded to all ports (as expected).
by osc86
Thu Sep 10, 2020 1:22 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 100
Views: 58849

Re: WinBox v3.27 released!

pe1chl, you are right. I downloaded an earlier Version of Winbox and it behaves the same.
I really thought this would open a new Winbox window, like when you start winbox.exe.
Sorry for that.
by osc86
Thu Sep 10, 2020 12:28 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 100
Views: 58849

Re: WinBox v3.27 released!

Session > new, opens up a new session, and will not save upon exit if it's not done manually.
It may worked like this in previous versions, but with 3.27 it opens up nothing.
Tested on Windows 10 x64 and wine64.
It should open a new winbox window where you can select a new session.
by osc86
Wed Sep 09, 2020 2:37 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 100
Views: 58849

Re: WinBox v3.27 released!

Menu: Session -> New doesn't do anything
by osc86
Thu Sep 03, 2020 9:43 pm
Forum: Announcements
Topic: v6.47.3 [stable] is released!
Replies: 50
Views: 28150

Re: v6.47.3 [stable] is released!

So far, one HAP AC2 didn't survive the update from 6.47.2 -> 6.47.3. No response via IP / RoMON. Have to check tomorrow what is going on. Another 951Ui-2HnD took ages to come back online again, and didn't reply to pings anymore, I had to reboot the router a second time (RouterBOARD FW Update) and ev...
by osc86
Wed Sep 02, 2020 6:15 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 184
Views: 114201

Re: v6.48beta [testing] is released!

*) discovery - allow choosing which discovery protocol is used (CLI only);
EDIT: just found out, you can choose multiple protocols, comma separated. Thanks for this welcome change, I can finally disable cdp.
  • 1
  • 2