Community discussions

MikroTik App

Search found 11 matches

by g22113
Mon Jul 24, 2023 9:07 pm
Forum: RouterOS beta
Topic: Version 7 BGP Filters Conversion
Replies: 1
Views: 1812

Re: Version 7 BGP Filters Conversion

Probably something like this: add chain=foo rule="if (dst in 123.123.123.0/24 && dst-len in 24-32) { accept }" # or? add chain=foo rule="if (dst in 123.123.123.0/24 && dst-len >= 24) { accept }" # although that seems to be redundant, you could probably just do add...
by g22113
Thu Jun 22, 2023 6:52 pm
Forum: RouterOS beta
Topic: "Feature" request: Improve discovery (LLDP) compatibility with TP-Link
Replies: 1
Views: 1984

"Feature" request: Improve discovery (LLDP) compatibility with TP-Link

We use TP-Link JetStream switches, and they appear to be sending NUL-padded device name (identity) field in LLDP. This is even with latest switch firmware; newer models only add more padding (presumably to support longer switch names). Because of this, the default tabular view of /ip/neighbor/print ...
by g22113
Wed Apr 24, 2019 11:50 am
Forum: General
Topic: [Feature Request] /ip service list
Replies: 1
Views: 911

Re: [Feature Request] /ip service list

Just use a firewall filter rule?
by g22113
Fri Apr 19, 2019 1:51 pm
Forum: General
Topic: 6.45beta34: router kills IKEv2 SAs immediately after establishing them
Replies: 3
Views: 2647

6.45beta34: router kills IKEv2 SAs immediately after establishing them

Just reporting in. After upgrading from 6.45beta31 to 6.45beta34, my IKEv2 tunnels to strongSwan no longer stay up: 13:29:28 ipsec,info,account peer authorized: 192.168.1.37[4500]-212.71.255.217[4500] spi:10af2dc6e1e029fa:ba657fbd8e028608 13:29:28 ipsec peer selected transport mode 13:29:28 ipsec pr...
by g22113
Mon Dec 24, 2018 12:18 pm
Forum: General
Topic: IPv6 accept-ra bug
Replies: 2
Views: 1687

IPv6 accept-ra bug

I have a few RB951G's which act as APs/bridges (not routers). They have this configuration: /ipv6 settings set accept-router-advertisements=yes forward=no This kind of works, because the devices indeed accept RAs and self-assign IPv6 addresses and default routes, but there are two problems with it: ...
by g22113
Tue Nov 27, 2018 6:19 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169148

Re: v6.44beta [testing] is released!

g22113 , that is not a limitation, simply the warning messages are misleading. The limitation should be - one identity per one initiator peer. We will resolve the issue in the next beta. The same goes for "this peer is unreachable" warnings - they are not working as expected. Also resolve...
by g22113
Tue Nov 27, 2018 5:45 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169148

Re: v6.44beta [testing] is released!

What's new in 6.44beta39 (2018-Nov-27 12:14): !) ipsec - added new "identity" menu with common peer distinguishers; This new menu keeps complaining about my IKEv2-PSK configuration. After upgrade, I have 5 entries autogenerated in "/ip ipsec identity", but all of them (except on...
by g22113
Fri Dec 15, 2017 3:32 pm
Forum: General
Topic: Feature request - Diffie Hellman groups 19-21
Replies: 6
Views: 4460

Re: Feature request - Diffie Hellman groups 19-21

I have a VPN requirement that specifies that DH19 must be used. Are these ECC modes ever likely to available? They are already available in 6.41rc. Performance is not overly a concern as the data to be transmitted is only small. ECC modes are usually faster than traditional DH. But either way, DH i...
by g22113
Thu Dec 07, 2017 10:48 am
Forum: General
Topic: 6.41rc61: DHCP server ignores dns-servers?
Replies: 9
Views: 4147

6.41rc61: DHCP server ignores dns-servers?

Hi, Under "/ip dhcp-server network" I have my LAN network configured with "dns-server=8.8.8.8", but RouterOS is completely ignoring that and advertising its own IP address plus the gateway's IP address as domain servers. Yes, I know for most LANs that would be normal, but then wh...
by g22113
Thu Aug 24, 2017 1:50 pm
Forum: General
Topic: IPsec EC [SOLVED]
Replies: 4
Views: 2948

Re: IPsec EC [SOLVED]

Should be fixed in the next release candidate version (6.41rc17 or later). Please let us know if you experience any issues with this version. Thanks, I tried rc17 and rc18, but: 13[ENC] invalid DH public value size (130 bytes) for ECP_521 13[IKE] remote host is behind NAT 13[IKE] applying DH public...
by g22113
Sat Aug 19, 2017 3:30 pm
Forum: General
Topic: IPsec EC [SOLVED]
Replies: 4
Views: 2948

IPsec EC [SOLVED]

Hi, Happy to see that there's finally support for ECDH groups in IPsec, but there seem to be compatibility issues with strongSwan (5.6.0): charon[935]: 15[ENC] invalid DH public value size (65 bytes) for ECP_256 charon[935]: 09[ENC] invalid DH public value size (97 bytes) for ECP_384 charon[935]: 11...