Community discussions

MikroTik App

Search found 927 matches

by mozerd
Sat Mar 16, 2024 3:18 pm
Forum: General
Topic: Temporary loss of access to network without disconnecting to AP
Replies: 7
Views: 365

Re: Temporary loss of access to network without disconnecting to AP

..... ..... Finally gave in and changed manufactures. .... ..... All the trouble tickets stopped cold. The networks we could set and forget we're back. The only change I had to go back to using another vendor for wifi. @gotsprings -- Yes experience is the best teacher without a doubt ... but I see ...
by mozerd
Thu Mar 07, 2024 7:41 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 264
Views: 72255

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

……. At most they should be implemented by the ISP, because if one or more of those IPs attacks you, all the traffic will reach your home or office anyway, clogging up your connection... @rextended … salute 😀 I agree BUT very few do that …. My subscribing clients are very pleased with my MOAB. Servi...
by mozerd
Thu Mar 07, 2024 7:33 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 264
Views: 72255

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Hi Mozerd, I could really never tell what exactly makes up the MOAB list. I was under the impression it was just the firehol lists. Not sure where I got that impression. Tell me if I'm wrong. @texmeshtexas greetings 😀 You are not wrong …. But do you fully understand what makes up firehol …. [Overla...
by mozerd
Thu Mar 07, 2024 3:27 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 264
Views: 72255

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Hey all, i have a question. For the last couple of years I've been building a system that I've been using for 2 business and my own home office. ......... How many would be interested? I more than welcome the competion ... :D MOAB ... MOAB blocks over 600 million Bad Guys from attacking your Intern...
by mozerd
Thu Mar 07, 2024 3:15 pm
Forum: Wireless Networking
Topic: Wifi 7 - MikroTik when???
Replies: 70
Views: 13930

Re: Wifi 7 - MikroTik when???

Wifi 7 actually has some nice features... Lot's of improvements and shouldn't be snuffed at as just another speed bump :) Yes ... and I can predict that WiFi 7 will be an enormus success, first with the high end and Middle Class market ... I am aware that all the BIG names are in a ready set go sta...
by mozerd
Tue Mar 05, 2024 2:06 pm
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 19
Views: 2528

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

I stopped wasting my time on legacy IPv4 years ago. I would suggest you play with IPv6 multicast routing going forward. IPv4 should, one day, be removed from the network stack. While I agree with your sentiments wholeheartedly MANY ISP's still do not support ipv6 .... very sad to say .... My old IS...
by mozerd
Sun Mar 03, 2024 3:08 pm
Forum: General
Topic: WireGuard useful learning [Linux]
Replies: 6
Views: 367

WireGuard useful learning [Linux]

YET ANOTHER SYSADMIN WEBSITE The basics to know about wireguard routing Introduction Now that we learned how to configure wireguard on multiple operating systems, let’s take a break and review what running wireguard does to your routing table. Wireguard routing basics The most important thing to un...
by mozerd
Mon Feb 26, 2024 8:25 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8283

Re: VLANS creation and testing-AX2

but iguess anyone that finds my url on the internet somehow.. can at lkeast gain access to my NAS and from there try to hack it? @ antoniocerasuolo Apparently you do not comprehend how quick connect works …. And apparently All you want is to be hand held by others … Without the proper userdID and P...
by mozerd
Mon Feb 26, 2024 3:03 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8283

Re: VLANS creation and testing-AX2

and i have abilitated the synology quick connect from internet How secure is the quick connect on Synology? QuickConnect Web Portal is secured by end-to-end encryption when the browser is redirected to the Synology NAS using LAN or WAN connection. Otherwise, the request is directed to the Portal Se...
by mozerd
Sun Feb 25, 2024 1:01 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8283

Re: VLANS creation and testing-AX2

probably becasue the CRS310 has the 2.5 Gibit ports?
@antoniocerasuolo
The Switch Chip is the reason
by mozerd
Thu Feb 22, 2024 3:06 pm
Forum: Beginner Basics
Topic: VLANS creation and testing-AX2
Replies: 186
Views: 8283

Re: VLANS creation and testing-AX2

yes DPI /IDP for home use of course budget .. max 400Euro
https://eu.store.ui.com/eu/en/pro/products/ucg-ultra

Yes there is a yearly license fee and to find that out you will need to contact UI
by mozerd
Tue Feb 20, 2024 3:28 pm
Forum: Scripting
Topic: Scripts cannot run with permission denied V7.13.4
Replies: 11
Views: 1541

Re: Scripts cannot run with permission denied V7.13.4

3) Add "ftp" policy. I run the dynu script and do not have ftp policy checked and my script runs without issue. @rextended ... so why are you stateing point # 3) ? I have not seen the OP's script .... my dynu script is below: /system script add dont-require-permissions=no name=Dynu owner=...
by mozerd
Sun Feb 18, 2024 1:00 pm
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 46651

Re: v7.14rc [testing] is released!

But I am curiouse by that "check default script" api.ipify.org Mystery SOLVED .... I have a script that checks my WAN IP Address for changes ... in that script a call is made to api.ipify.org .... For some reason v7.14rc is now showing log info from this script that I have not seen before...
by mozerd
Sun Feb 18, 2024 11:42 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 46651

Re: v7.14rc [testing] is released!

But it "could" be CCR only ... Upgrade again to 7.14rc and check default script (which might already be pretty empty, I guess ?). What do you mean by "check default script" ? If this api is not appearing on your devices when running v7.14rc THEN its tied to something else and I ...
by mozerd
Sun Feb 18, 2024 11:30 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 46651

Re: v7.14rc [testing] is released!

Malware infected box. Do a clean netinstall and null config, then configure from scratch.
Thanks for your feedback but I do not agree just yet ... I am monitrring the LAB CCR1009 with wireshark and so far I do not see any activity from api.ipify.org under v7.13.4 [stable]
by mozerd
Sun Feb 18, 2024 11:05 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 46651

Re: v7.14rc [testing] is released!

CCR1009 LAB Testing v7.14rc A new log entry appears that I have never seen before: Download from api.ipify.org FINISHED Is this injected by MikroTik in THIS RC and for what reason ? api.ipify[.]org and similar domains have long been used by malware to look up an infected device’s public IP. In resea...
by mozerd
Thu Feb 15, 2024 5:30 pm
Forum: General
Topic: Wireguard from Linux not working [SOLVED]
Replies: 36
Views: 1951

Re: Wireguard from Linux not working [SOLVED]

I absolutely love the format of the Pro Custodibus blogs ! A brilliantly elaborate pedagogy using images in combination with a well-thought-out flow of explanatory text is among the best resources you can find on the internet. This is how I think User Guides and examples should look like on the Mik...
by mozerd
Thu Feb 15, 2024 2:07 pm
Forum: General
Topic: Wireguard from Linux not working [SOLVED]
Replies: 36
Views: 1951

Re: Wireguard from Linux not working [SOLVED]

When testing your Linux WireGuard Config following link provides you with excellent clues
by mozerd
Mon Feb 12, 2024 8:46 pm
Forum: General
Topic: WireGuard throughput depending on running torch [SOLVED]
Replies: 9
Views: 732

Re: WireGuard throughput depending on running torch [SOLVED]

I use a hAP ax^3 since 2023-10 and have the following issue: I followed basically this blog post (https://scholz.ruhr/blog/mullvad-as-second-wan-on-mikrotik/, thanks to the author) to setup WG tunnel to my friends place. Everything was working like a charm with RouterOS v7.11.2. Yesterday I updated...
by mozerd
Sun Feb 11, 2024 7:57 pm
Forum: Beginner Basics
Topic: Unable to get VLAN working between RB5009 and AX2
Replies: 16
Views: 815

Re: Unable to get VLAN working between RB5009 and AX2

There was a good tutorial for this scenario... Unfortunately it's taken down...
https://web.archive.org/web/20231216022 ... p?t=182373
by mozerd
Mon Feb 05, 2024 5:53 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4461

Re: [Discussion] MikroTik configuration abstraction complexity

MikroTik sells boxes with ASICs that are advertised for 100Gbps ASIC switching, that's a foot in the door of carrier-class network engineering. And you need product managers, good ones. @DarkNate IMO Mikrotik has ZERO interest in CARRIER-CLASS networking ... MikroTik Market is 1 .. Third World entr...
by mozerd
Thu Feb 01, 2024 2:32 pm
Forum: Beginner Basics
Topic: need help with choosing right hardware stack for a home office [SOLVED]
Replies: 12
Views: 864

Re: need help with choosing right hardware stack for a home office [SOLVED]

question 3 - if all my concerns will be true....I mean it will be impossible to do what I want with mikrotik wireless, I've read a lot messages like "MikroTik for routing, unifi for wireless" - maybe I need to grab two U6 and connect them to rb5009? I understand that MikroTik forum is not...
by mozerd
Sat Jan 13, 2024 12:17 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 147883

Re: v7.14beta [testing] is released!

WireGuard is a Peer-to-Peer protocol with built-in 4in6/6in4 mechanisms for easy encapsulation. There's no such thing as “server” or “client” in WireGuard protocol. There are only peers. You are 100% correct. But unfortunately many people [including so called gurus] on this forum refuse to accept t...
by mozerd
Tue Jan 09, 2024 1:21 pm
Forum: General
Topic: Brute Force Attacks
Replies: 16
Views: 2264

Brute Force Attacks

FYI

The following IP address 95.214.54.110 is trying very hard to gain access to my Tik via VPN [port 500] each and every day now for months ...

Just a FYI

How many are seeing the very same intrusion attempt on their Tiks ?
by mozerd
Wed Jan 03, 2024 11:46 pm
Forum: Beginner Basics
Topic: Purchase recommendation
Replies: 13
Views: 1614

Re: Purchase recommendation

@anav
Your UK friend has the correct answer
viewtopic.php?t=148825#p733499

@gabacho4
Yes the CCR1009 is discontinued and replaced by the CCR2004-16G-2S+PC (I think ?)
But I only have experience with the CCR1009 with gaming clients …
by mozerd
Wed Jan 03, 2024 11:21 pm
Forum: Beginner Basics
Topic: Purchase recommendation
Replies: 13
Views: 1614

Re: Purchase recommendation

I suggest that you consider the RB5009 or the CCR1009 … I have quite a few CCR1009 in homes where gaming is the number one priority … the tricky part will be for you to arrive a the correct QoS configuration but with some trial and error I’m sure you will arrive at a balance that will please your fa...
by mozerd
Wed Jan 03, 2024 4:41 pm
Forum: Beginner Basics
Topic: Purchase recommendation
Replies: 13
Views: 1614

Re: Purchase recommendation

@Denigor777
How much bandwidth does your primary ISP provide you with Download and Upload ?
by mozerd
Fri Dec 22, 2023 2:25 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 147883

Re: v7.14beta [testing] is released!

Why is MikroTik loading wireless package into CCR models? Please explain WHY! This makes ABSOLUTLY no sense to me ...
by mozerd
Tue Dec 19, 2023 7:53 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 264
Views: 72255

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

@kevinds. “Anybody else having this issue? Or just me?”

Yes this version 7.13 is a problem that’s already reported in the 7.13 upgrade thread

I has to downgrade to 7.12.1 where all my scripts worked ….
by mozerd
Tue Dec 19, 2023 12:48 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

If after this you do not understand it open a support ticket with Mikrotik. @diamuxin, you are correct ... I did not fully comprehend the meaning of your comment " You have to delete (uninstall) the existing packages except the "routeros" package, then do the downgrade ." Please...
by mozerd
Tue Dec 19, 2023 12:43 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

My CCR1009 shows under /system/packages routeros wireless I do not see a match under 7.12.1 in the archive Plus why would CCR1009 load a wireless package ? OK so I finally succeeded downgrading to 7.12.1 I had to uninstall the wireless package then reboot THEN my downgrade worked to 7.12.1. It was ...
by mozerd
Tue Dec 19, 2023 12:00 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

If you do try to upgrade/downgrade RouterOS manually, then router do expect 1:1 packages match. If that is not possible (for example, wifi-qcominstalled on 7.13) then on packages menu schedule these packages for uninstall. Uploadpackages that you want to install and execute downgrade command. My CC...
by mozerd
Mon Dec 18, 2023 8:45 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

You did upload the downgrade package to files before hitting "Downgrade", did you ? Yes I did upload the downgrade package to Files before hitting the “Downgrade” … Very annoying that the MikroTik instructions as shown in the link I provided earlier did not work … my only recourse now if ...
by mozerd
Mon Dec 18, 2023 6:57 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

In v7.13 the package "routeros" already exists in System > Package. You have to delete (uninstall) the existing packages except the "routeros" package, then do the downgrade.
OK followed your suggestion but that did not work ... thanks but now i will wait for 7.13.1 :-)
by mozerd
Mon Dec 18, 2023 6:13 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

What process did you follow? 1st step is copy file routeros-7.12.1-tile.npk to Files except I renamed the file like you suggested routeros 2nd step is via terminal issue /system/package/downgrade This did not work The procedure that is outlined in the MikroTiK Docs as follows also did not work for ...
by mozerd
Mon Dec 18, 2023 5:45 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

Hi friend, to downgrade from 7.13 to 7.12.X you only have to have in /system/package the package "routeros" and delete the rest, then the downgrade works.
Hi diamuxin
Your suggested fix did not work for me ...
by mozerd
Mon Dec 18, 2023 2:52 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

on my CCR1009 After upgrade to 7.13 from 7.12.1 when I attempt to downgrade back to 7.12.1 the downgrade fails. Log file shows omitting package system-7.12.1: newer package system-7.13 is already installed I tried 2 methods for the downgrade 1. via terminal 2. via Packages Both return the same resul...
by mozerd
Mon Dec 18, 2023 2:36 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

[ ] > :put ([/tool fetch url="https://upgrade.mikrotik.com/routeros/NEWEST7.stable" as-value output=user]->"data") 7.12.1 1700221125 It should report: 7.13 and epoch date: 1702542240 approx. Yes you are correct .... even through My CCR1009 is on 7.13 your code reports 7.12.1 170...
by mozerd
Fri Dec 15, 2023 5:34 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253217

Re: v7.13 [stable] is released!

This AM i upgraded my CCR1009 from version 7.12.1 to version 7.13 now getting the following error when running a script Download from https://view.sentinel.turris.cz/greylist-data/greylist-latest.csv to RAM FAILED: Fetch failed with status 206 The same script was working fine under 7.12.1 and earlie...
by mozerd
Sat Dec 09, 2023 4:14 pm
Forum: General
Topic: New ROuter suggestion please
Replies: 15
Views: 2492

Re: New ROuter suggestion please

I doubt it even comes close to the granularity achievable on the MT. True that MT RouterOS provides SIGNIFICANT granularity …. However when that granularity is exploited there is no guarantee that it will be reliable persistently and consistently with each iteration of the firmware …. Especially si...
by mozerd
Sat Dec 02, 2023 11:11 pm
Forum: General
Topic: Wireguard tunnel - speed problem
Replies: 19
Views: 3123

Re: Wireguard tunnel - speed problem

The following is some performance specs … look at WireGuard …. This is a TPLINK ER8411
https://www.tp-link.com/ca/business-net ... ifications

Impressive IMO … YEP I am now considering switching from my CCR1009 to this TPLINK router ….
by mozerd
Fri Oct 13, 2023 4:48 pm
Forum: RouterBOARD hardware
Topic: Search for new mikrotik router
Replies: 11
Views: 3166

Re: Search for new mikrotik router

My sugestion for you is the Mikr0Tik RB5009UG+S+IN ... and for great WiFi get youself the TP-Link AXE11000
by mozerd
Fri Oct 06, 2023 1:02 am
Forum: Beginner Basics
Topic: Hybrid VLAN and bridging in ROSv7 [SOLVED]
Replies: 18
Views: 4076

Re: Mikrotik VLAN routing for dummies [SOLVED]

Bla bla bla
@llamajaja … aka @anav …. Did they ban you AGAIN ??? goodness gracious great 👍
by mozerd
Tue Oct 03, 2023 3:36 pm
Forum: SwOS
Topic: Help with VLans.
Replies: 10
Views: 2737

Re: Help with VLans.

Thank you for the help guys, but I said to hell with it and bought an Aruba switch. I'm well versed in Aruba and understand the untagged/tagged/trunk far better than I do Mikrotik. HPE Aruba make EXCELLENT switches … nothing in the MikroTik switch line up can even compare … you made a very wise cho...
by mozerd
Fri Sep 29, 2023 1:43 pm
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4271

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

MikroTik can sell reasonably priced support agreement. 1/2 the price of Cisco or Juniper. Any business [especially manufacturers] that hopes to be alive for a long time operates with a sustainable gross margin model. What my be reasonable to techies is certainly not reasolnable to a business man .....
by mozerd
Thu Sep 28, 2023 1:35 pm
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4271

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

For gross margins on manufacturing, not my area of expertise, but I am willing to pay MikroTik thousands of dollars if they get their shit together. The business - use case is one very obviouse and important consideration that you have articulated clearly --- the deal maker for any manufactures is ...
by mozerd
Tue Sep 26, 2023 11:47 am
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4271

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

Can you make a business case for a production-grade L3 switch ? If you could make that BC [at a high level] then I suspect that might tweek Tik interetest :D ... Although I do suspect that they already have such BC and have decided that its not worth the investment. Do you have any idea whatsoever t...
by mozerd
Fri Sep 22, 2023 5:52 pm
Forum: General
Topic: Should moderators redact sensitive info, and how much?
Replies: 49
Views: 3804

Re: Should moderators redact sensitive info, and how much?

Im 100% with holvoe/tangent etc and 100% against mkx.
What a subtle way to say that you're 100% against me as well :lol: Given the fact that I usually don't agree with your vision of pedagogy, I must say that I'm not disappointed :D
@kraal and @mkx
I 100% agree with you both ...
by mozerd
Sun Sep 17, 2023 2:39 pm
Forum: General
Topic: Mikrotik SUCKS
Replies: 82
Views: 12000

Re: Mikrotik SUCKS

It seems popular to attack the person that complains instead of taking it serious....... We have here persons that work indirect for the government that act the same and attack and supress opinions from citizen. I get the same feeling here, as with that. @msatter ... I could not agree more !!! To t...
by mozerd
Sat Aug 05, 2023 2:54 pm
Forum: General
Topic: Connecting 2 mikrotiks over internet [SOLVED]
Replies: 37
Views: 5949

Re: Connecting 2 mikrotiks over internet [SOLVED]

Add one to the mix
Wireguard. A lot faster then all the rest.
100% better solution is WireGuard just as @holvoetn stated plus WireGuard Security is second to none without sacrificing performance ...
by mozerd
Wed Jul 26, 2023 3:47 pm
Forum: Announcements
Topic: Click here
Replies: 35
Views: 9329

Re: Click here

Nicely done Normis ....
by mozerd
Wed Jul 19, 2023 2:11 pm
Forum: General
Topic: Question: Prevent passwords in scripts from SUPOUT.RIF
Replies: 2
Views: 369

Re: Question: Prevent passwords in scripts from SUPOUT.RIF

Any and all passwords are revealed in a supout.rif The only way to avoid exposing your passwords is to --- create dummy password's in all areas, then generate the support-rif ... after you submit the support.rif change back to your real passwords ... yep this is a Hassel but its the only way when a ...
by mozerd
Fri Jul 14, 2023 4:07 pm
Forum: RouterBOARD hardware
Topic: Chateau LTE18 ax external antenna conn. for LTE or WIFI?
Replies: 6
Views: 3709

Re: Chateau LTE18 ax external antenna conn. for LTE or WIFI?

I do not know the answer to your question because I do not have any experience with this particular device. For Celluar devices External Antennas are still a must so i venture to state that the LTE18 antennas are for the Cell Service. For WiFi and specifically for AC. AX and wifi 7 devices external ...
by mozerd
Wed May 31, 2023 2:48 pm
Forum: General
Topic: Help Desk support.
Replies: 14
Views: 1171

Re: Help Desk support.

@webequipped I understand how you feel ... :( Did you buy MikroTik because the product provided great features at a very inexpensive price compared to the big boys in this industry? If the answer is yes then you have to expect failure because the components used are very cheap throughout ... persist...
by mozerd
Sat May 27, 2023 4:24 pm
Forum: General
Topic: Which the best IP 10.0.0.1 or 192.168.20.1 for local network?!
Replies: 10
Views: 1709

Re: Which the best IP 10.0.0.1 or 192.168.20.1 for local network?!

@Taleb
In the Private Address space there is no preferred or best … use whichever suites your intuition.
by mozerd
Fri Apr 21, 2023 3:06 pm
Forum: RouterOS beta
Topic: v7 and BFD, any ETA?
Replies: 148
Views: 26281

Re: v7 and BFD, any ETA?

You don't understand how stupid that remark is, don't you? I believe that MikroTik does understand how very stupid that remark is/was -- but are to ashamed to admit that MikroTik is having Network competency issues implementing the protocol in RoS 7.x .... Perhaps the expertise is finally coming in...
by mozerd
Thu Apr 13, 2023 5:50 pm
Forum: Beginner Basics
Topic: Can a mikrotik be a Wireguard server and a client in the same time?
Replies: 14
Views: 1943

Re: Can a mikrotik be a Wireguard server and a client in the same time?

For the initial handshake one side has to ACT as server and the other end a client. Peer to Peer means: Decentralized peer-to-peer programs (such as WireGuard) allow pushing files, which means the calling Peer initiates the data transfer rather than the receiving Peer. No SERVER is involved ...... ...
by mozerd
Thu Apr 13, 2023 4:23 pm
Forum: Beginner Basics
Topic: Can a mikrotik be a Wireguard server and a client in the same time?
Replies: 14
Views: 1943

Re: Can a mikrotik be a Wireguard server and a client in the same time?

In the WireGuard world of VPN's there is no such thing as Client/Server .... WireGuard is strictly Peer to Peer ... Any WireGuard Peer can communicate with any other WireGuard Peer .... A Peer does not talk to itself ... a Peer only communicates with it's other permitted Peers ... So your Raspberry ...
by mozerd
Wed Apr 12, 2023 8:48 pm
Forum: General
Topic: The problem that upnp does not work [SOLVED]
Replies: 12
Views: 1916

Re: The problem that upnp does not work [SOLVED]

I have another question, how to isolate the input traffic of upnp. yes you can restrict the trafic to only allow specific devices access to UPnP. The way that I do it it 1st create an address list of permitted devices by their IP address Then only allow UPnP interaction for those devices … I use 2 ...
by mozerd
Wed Apr 12, 2023 11:25 am
Forum: General
Topic: The problem that upnp does not work [SOLVED]
Replies: 12
Views: 1916

Re: The problem that upnp does not work [SOLVED]

If it has something to do with firewall policies, can you tell me which ports upnp needs to open on the firewall.
udp port 1900
tcp port 2828
by mozerd
Mon Apr 10, 2023 11:04 am
Forum: Beginner Basics
Topic: max-MTU Question [SOLVED]
Replies: 113
Views: 10541

Re: max-MTU Question [SOLVED]

It really should.
Should I mark in anyway, or it's a moderator's job?
DeDMorozzzz YOU should mark it as solved because you are the initiator ....

BTW, DarkNate is a very knowledgeable person and I 4 1 admire his many contributions regardless
...
by mozerd
Fri Apr 07, 2023 5:16 pm
Forum: General
Topic: CRS 354-48g-4s+2q+rm as a core router in a company
Replies: 6
Views: 641

Re: CRS 354-48g-4s+2q+rm as a core router in a company

A router's main objective is to establish a connection between various networks in a simultaneous manner and it works on the network layer. A switch's main objective is to establish a simultaneous connection among various devices. Some Switches have the ability to act both as a Switch and a Router a...
by mozerd
Mon Apr 03, 2023 7:14 pm
Forum: Wireless Networking
Topic: MikroTik hAP ax3 poor WiFi performance
Replies: 258
Views: 46769

Re: MikroTik hAP ax3 poor WiFi performance

So how do you propose to string that comm line to the moon?? No need for wired tech … NASA plus many MANY others rely very heavily on wireless. Once WiFi 7 becomes mainstream the wired world will become obsolete… 98% of my current business clients use wireless exclusively …. Many ISP will be transi...
by mozerd
Sat Apr 01, 2023 8:08 pm
Forum: Forwarding Protocols
Topic: BGP with BFD
Replies: 27
Views: 7401

Re: BGP with BFD

What does this all mean?
It’s an encrypted message for @DarkNate that states the following
“You catch more flies with honey than with vinegar.”

And I had a telepathic message from BFD developer that stated —- RoS 8.0 will be BFD production ready ….
by mozerd
Thu Mar 30, 2023 11:35 pm
Forum: RouterBOARD hardware
Topic: RB5009UPr+S+ Eth2 Lit up by itself
Replies: 13
Views: 1931

Re: RB5009UPr+S+ Eth2 Lit up by itself

I had a similar experience on a CCR1009 where ether1 stopped working but kept lighting up with no cable plugged in. What is strange is that I could assign an ip address to it and ping that address which would respond properly but connect a cable to that port with device but no response. I could disa...
by mozerd
Thu Mar 30, 2023 7:36 pm
Forum: RouterOS beta
Topic: BGP Confederation on Mikrotik V7
Replies: 25
Views: 9383

Re: BGP Confederation on Mikrotik V7

@404network …. What happened to you ??? Did they ban your remarkable friend “Anav” again for being a PITA? I can’t believe Anav is in the penalty box … tell me it ain’t so!
by mozerd
Mon Mar 27, 2023 5:22 pm
Forum: Wireless Networking
Topic: House wifi6 network with Mikrotik AX or Audience
Replies: 29
Views: 6604

Re: House wifi6 network with Mikrotik AX or Audience

Did you have chance to test AX3?
@Rox169
You did not see "I tried a couple of times and got so bogged down in the menus that I gave up." learn how to read :D
by mozerd
Wed Mar 22, 2023 1:04 pm
Forum: Wireless Networking
Topic: House wifi6 network with Mikrotik AX or Audience
Replies: 29
Views: 6604

Re: House wifi6 network with Mikrotik AX or Audience

@eazysnatch Some very good suggestions made by @Rox169 and @gotsprings I also have a suggestion that I believe will work extremely well for You ... its the TP-Link EHP660HD ... based on my experience the EHP660HD runs circles over the Mikrotik AX3 or Audience - in every way shape and form - and I he...
by mozerd
Mon Mar 20, 2023 12:20 am
Forum: General
Topic: Wireguard help (again)
Replies: 25
Views: 2168

Re: Wireguard help (again)

Perhaps by studying the following
https://www.procustodibus.com/blog/2021 ... and-spoke/
You may get some ideas how to properly implement your objectives …
by mozerd
Sat Mar 18, 2023 10:32 pm
Forum: General
Topic: Container/Docker -Adguard/Pihole For REAL.
Replies: 34
Views: 9285

Re: Container/Docker -Adguard/Pihole For REAL.

And it's unclear what issues you're actually run into...
My bad Amm0 … not binary —- but refer to viewtopic.php?p=985966&hilit=Docker+update#p985966
by mozerd
Sat Mar 18, 2023 5:49 pm
Forum: General
Topic: Container/Docker -Adguard/Pihole For REAL.
Replies: 34
Views: 9285

Re: Container/Docker -Adguard/Pihole For REAL.

Lets forget Pi-hole its so yesterday (betamax). Either discuss adguard or blocky for example. How is Pi-hole so yesterday? Blocky uses the very same hosts file as PiHole and Adguard is very hit and miss IMO .... Pi-Hole does what it supposed to do BUT its not an end-user Tool ... meaning that it mu...
by mozerd
Sat Mar 11, 2023 12:26 pm
Forum: Beginner Basics
Topic: logging in without actual login
Replies: 11
Views: 1035

Re: logging in without actual login

You need to follow MikroTik Advice as stated in the following otherwise you are asking for serious hacking trouble ... and its got nothing to do with your ISP ...
Securing Your Router
by mozerd
Fri Mar 10, 2023 4:42 pm
Forum: General
Topic: USB Disk management [SOLVED]
Replies: 4
Views: 1158

Re: USB Disk management [SOLVED]

For the hAPac2 the solution was to Reformat the USB memory stick then use
/disk/set x slot=disk2
Then Reformat top most named ID and make sure MBR is left unchecked … this worked to resolve the issue …
by mozerd
Fri Mar 10, 2023 12:29 pm
Forum: Scripting
Topic: Command to create directory?
Replies: 14
Views: 30171

Re: Command to create directory?

The flowing will do it for you
/ip smb shares add name=sharethis directory=moab
/ip smb shares remove [find name=sharethis]
The 1st directive will create the directory while the 2nd directive will remove the share that is not needed.
by mozerd
Thu Mar 09, 2023 3:00 pm
Forum: General
Topic: USB Disk management [SOLVED]
Replies: 4
Views: 1158

Re: USB Disk management [SOLVED]

What is really annoying about this specific CHANGE is that on many devices the change is transparent -- meaning the MOAB control file is stored successfully under disk2 -- while on some device like the hAPac2 I have lots of complaints that MOAB control file no longer get stored in disk2 ,,, they get...
by mozerd
Wed Mar 08, 2023 10:29 pm
Forum: General
Topic: USB Disk management [SOLVED]
Replies: 4
Views: 1158

Re: USB Disk management [SOLVED]

Thank you ..

You are correct … disk1 is no longer used …the naming convention has changed … it’s like you stated.
by mozerd
Wed Mar 08, 2023 10:19 pm
Forum: General
Topic: USB Disk management [SOLVED]
Replies: 4
Views: 1158

USB Disk management [SOLVED]

Assuming the USB memory stick was formated and named disk1 In RouterOS version 6.x the following command sequence worked to rename disk1 to Disk2 /disk set 0 name=disk2 In RouterOS ver7.8 the above does not work .. name= is no longer valid Can anyone tell me how to rename disk1 to Disk2 under router...
by mozerd
Sun Mar 05, 2023 8:11 pm
Forum: General
Topic: Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol [SOLVED]
Replies: 5
Views: 1767

Re: Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol [SOLVED]

@khalildelavaran Nice work Just a few comments 1. There are many many duplicate IP when all the lists are brought in 2. Your script does not check for file size of the list so some of them could hit a wall 3 .Some of the Tik models do not have enough memory to store large lists of IP addresses If yo...
by mozerd
Fri Mar 03, 2023 6:28 pm
Forum: General
Topic: PETITION: Request to Forum Admins to prohibit posting of ChatGPT scripts on the forum, without specify the source.
Replies: 75
Views: 6447

Re: PETITION: Request to Forum Admins to prohibit posting of ChatGPT scripts on the forum, without specify the source.

I started programming when I was a child with Assembler and CPM/86 with MSDOS 3.0 and "debug"...
"With Assembler and CPM/86" ... very impressive my Italian Friend ... your RouterOS code is very nice ... but you need to make it very fast not only NICE ... :) :) :)
by mozerd
Fri Mar 03, 2023 2:01 am
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624627

Re: Feature requests

North Idaho Tom Jones You really care about your name, it's always the most prominent thing in each of your posts and it's repeated in a completely useless way, since it's also the nickname and on the avtar... I see that you as a moderator are attacking North Idaho Tom Jones because he like to see ...
by mozerd
Fri Mar 03, 2023 1:47 am
Forum: Beginner Basics
Topic: Firewall Filter tool is not efficent
Replies: 13
Views: 1672

Re: Firewall Filter tool is not efficent

Now give me the solution or recommend me another hardware or equipment which full fill my need My suggestion for you is Untangle by Arista … can select the appliance plus the software based on your particular need. https://wiki.edge.arista.com/index.php/NG_Firewall_User_Guide https://edge.arista.co...
by mozerd
Thu Mar 02, 2023 2:56 am
Forum: General
Topic: how does L3HW actually works?
Replies: 128
Views: 32038

Re: how does L3HW actually works?

MikroTik needs to make some changes to their UI/CLI/UX logic and docs to help make L3 offloading as simple, straightforward and clear as possible.
DarkNate …
I could not agree more …
by mozerd
Sun Feb 26, 2023 8:35 pm
Forum: Wireless Networking
Topic: MikroTik hAP ax3 poor WiFi performance
Replies: 258
Views: 46769

Re: MikroTik hAP ax3 poor WiFi performance

So I am gun shy of that functionality.
Anav my friend 😀 you are wasting your valuable retirement time with this … I know that you want to conquer this bugger but tell me something …. Is it really worth the struggle ??? Poke poke POKE 😀
by mozerd
Sun Feb 26, 2023 1:56 pm
Forum: Wireless Networking
Topic: MikroTik hAP ax3 poor WiFi performance
Replies: 258
Views: 46769

Re: MikroTik hAP ax3 poor WiFi performance

So .what gear do you sell then?
My primary focus in gear is as follows all depending on circumstances:
Routing + Firewall : MikroTik, UBNT, Custom Build with OPNsense or Arista [untangle]
Wireless AP's : UBNT, TP-Link, Ruckus [CommScope]
Switches : Tik, UBNT, Cisco
by mozerd
Sat Feb 25, 2023 11:49 pm
Forum: Wireless Networking
Topic: MikroTik hAP ax3 poor WiFi performance
Replies: 258
Views: 46769

Re: MikroTik hAP ax3 poor WiFi performance

People get addicted too fast to speed... And I'm not taking about that other thing. My clients expects 3 features …. And that is what I deliver 1. Stability 2. Performance 3. PERFORMANCE And that is in every aspect … In my market 90% have the very same expectation The mainframe/Terminal days of hor...
by mozerd
Sat Feb 25, 2023 3:36 pm
Forum: Wireless Networking
Topic: MikroTik hAP ax3 poor WiFi performance
Replies: 258
Views: 46769

Re: MikroTik hAP ax3 poor WiFi performance

I have the Vodafone Pro II Ultrahub 6E MikroTik does not have any WiFi device that can compete with the Vodafone Pro II Ultrahub 6E. For excellent Router I suggest the RB5009 and for WiFi I suggest the TP-Link EAP660 HD ... this combination will provide excellent Routing and EXCELLENT WiFi equivale...
by mozerd
Fri Feb 24, 2023 2:18 pm
Forum: General
Topic: hEX as Standalone Wireguard Server
Replies: 25
Views: 2063

Re: hEX as Standalone Wireguard Server

My only contribution to this thread is JUST a reminder that WireGurad is not Rocket Science ,,, WireGuard is best utilized when YOU KISS it. There is no need to manage connections, be concerned about state, manage daemons, or worry about what's under the hood. WireGuard presents an extremely basic y...
by mozerd
Sun Feb 12, 2023 10:40 pm
Forum: General
Topic: Zerotier and Streaming
Replies: 42
Views: 7028

Re: Zerotier and Streaming

My question for the gurus, if I have a wireguard connection between two places or from iphone to home, what would adding zerotier bring to the mix that I cannot already do ?? It’s a virtual private switch in the cloud … so anything that you attach to that switch is now accessible For system integra...
by mozerd
Tue Feb 07, 2023 4:56 pm
Forum: General
Topic: Support for replacing OTHER enterprise manufacurer gear
Replies: 9
Views: 1077

Re: Support for replacing OTHER enterprise manufacurer gear

Until RouterOS 7 becomes actually STABLE I would not recommend the Tik Gear in Your Industry Sector ... Enterprise usage is dramatically different from SOHO usage from a reliability/performance perspective. Routing : SOHO - OK ..... Enterprise - NO Switching : SOHO - OK ..... Enterprise - ABSOLUTLY ...
by mozerd
Mon Jan 30, 2023 5:20 pm
Forum: RouterOS beta
Topic: Zerotier on CCR1xxx TILE?
Replies: 27
Views: 4236

Re: Zerotier on CCR1xxx TILE?

this makes it all easier and makes development faster
If that was true THEN your developers would have BGP/BFD done by now on 7.x .... and very surprising that it is not for ARM ...
by mozerd
Sat Jan 28, 2023 7:33 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 85
Views: 17697

Re: Block Youtube on computers and smartphone apps

DPI (Deep Packet Inspection) is currently impossible to perform on standard encrypted payloads which is what almost all traffic is these days, thus you have just IP address and port number to play with. Also, there is no hardware that can crack today's encryption algorithms and decrypt traffic in r...
by mozerd
Sat Jan 28, 2023 5:24 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 85
Views: 17697

Re: Block Youtube on computers and smartphone apps

@yahyamemeh MikroTik Routers and RouterOS cannot do Deep Packet Inspection [DPI] so any site that uses HTTPS:\\ [like YouTube, Facebook, etc.] cannot be inspected and blocked .... to do that you need to have the Router/Hardware capable of doing DPI efficiently without impacting performance greatly ....
by mozerd
Wed Jan 25, 2023 4:18 pm
Forum: General
Topic: How to monitor for attacks
Replies: 10
Views: 1203

Re: How to monitor for attacks

Perhaps you should consider MOAB blocks over 600 million Bad Guys from attacking your Internet » Here's how «
by mozerd
Mon Jan 23, 2023 12:44 am
Forum: General
Topic: Pros/Cons using RAW vs Filter [SOLVED]
Replies: 36
Views: 5168

Re: Pros/Cons using RAW vs Filter [SOLVED]

I disagree with your summary: this is not rocket science and the answer is very straightforward… Stateful firewalls are capable of monitoring and detecting states of all traffic on a network to track and defend based on traffic patterns and flows. Stateless firewalls, however, only focus on individu...
by mozerd
Sat Jan 07, 2023 10:19 pm
Forum: RouterOS beta
Topic: Feature Request: Zero Trust Tunnel - Cloudflare Version
Replies: 28
Views: 9400

Re: Feature Request: Zero Trust Tunnel

@anav … excellent suggestion and I agree that MT should fix the WG issue … long overdue …
by mozerd
Tue Jan 03, 2023 5:02 pm
Forum: General
Topic: CCR Frozen for electrical disconnection
Replies: 7
Views: 603

Re: CCR Frozen for electrical disconnection

First you need to protect the CCR from power outages by utilizing a Uninterrupted Power Supply otherwise known as a UPS ... A good quality UPS with AVR that will protect your CCR, Switches and ISP gear starts arround $1,000 or more depending on how many hours of uptime you expect from the UPSfor all...
by mozerd
Fri Dec 16, 2022 5:21 pm
Forum: Beginner Basics
Topic: Pi-Hole worth using?
Replies: 19
Views: 8046

Re: Pi-Hole worth using?

@ sirbryan over 40 million raspberry pi devices have been sold and very few are complaining that their SD memory cards are failing. Certainly it's happening but your experience is not that common. Would I put a Raspberry Pi board in a Enterprise environment --- ABSOLUTLY not -- but I certainly would...
by mozerd
Fri Dec 16, 2022 3:55 pm
Forum: Beginner Basics
Topic: Pi-Hole worth using?
Replies: 19
Views: 8046

Re: Pi-Hole worth using?

Please accept my apology for using the term "Bogging" .... it was far too harsh of a term ... what I should have used is 'additional strain" .... regardless if only one container is used THEN that strain will be negligible 4 sure .... I am far more concerned with the security implicat...
by mozerd
Thu Dec 15, 2022 12:50 pm
Forum: Beginner Basics
Topic: Pi-Hole worth using?
Replies: 19
Views: 8046

Re: Pi-Hole worth using?

I do recommend PiHole + Unbound and I also recommend that PiHole + Unbound be installed on a Raspberry Pi Zero I do not believe that you will have performance improvement but you will have much better privacy and better control over unsolicited ads coming into your network. Containers are very nice ...
by mozerd
Fri Dec 09, 2022 11:10 pm
Forum: General
Topic: Enabling also IPv6 in RouterOS [SOLVED]
Replies: 2
Views: 949

Re: Enabling also IPv6 in RouterOS [SOLVED]

Using Winbox Check under system/packages then you should see ipv6 … enable this then reboot …
by mozerd
Sun Nov 27, 2022 8:05 pm
Forum: Beginner Basics
Topic: SSTP vs. WireGuard
Replies: 9
Views: 1924

Re: SSTP vs. WireGuard

My recommendation is to use WireGuard because it is VERY secure and performance is outstanding …
by mozerd
Sun Nov 27, 2022 12:45 pm
Forum: Beginner Basics
Topic: SSTP vs. WireGuard
Replies: 9
Views: 1924

Re: SSTP vs. Watchguard

Which Model of WatchGuard are you comparing to the MikroTik CCR1016-12S-1S+ ? WatchGuard are typically purchased for their UTM capability ... but WatchGuard can be purchased without the UTM License .... MikroTik do not have UTM capability in any way shape or form .... WatchGuard Firewall is excellen...
by mozerd
Fri Nov 18, 2022 6:47 pm
Forum: Containers
Topic: Unbound container setup
Replies: 6
Views: 5148

Re: Unbound container setup

You should install Pi and unbound into one container … a much better approach.

https://github.com/chriscrowe/docker-pi ... -container
by mozerd
Thu Oct 06, 2022 6:11 pm
Forum: Announcements
Topic: v7.5 [stable] is released!
Replies: 219
Views: 68357

Re: v7.5 [stable] is released!

Hi mozerd, can you confirm its easy to implement 2FA with tailscale, vice wireguard which seems to be a bit of a challenge. Greetings anav When you establish an account with Tailscale you are provided with a number of options including the most popular 2FA identity provider like google, Microsoft T...
by mozerd
Sun Oct 02, 2022 4:52 pm
Forum: Announcements
Topic: v7.5 [stable] is released!
Replies: 219
Views: 68357

Re: v7.5 [stable] is released!

If we need to start doing netinstalls before sending them out in the field... I wanna see a big f--king warning on the top of EVERYTHING from the Mikrotik domain. @gotsprings .... My speculation is that over the last 2 years many personnel changes have take place in the Tik developer domain so the ...
by mozerd
Sat Sep 24, 2022 5:58 pm
Forum: RouterOS beta
Topic: Feature Request NAT-PMP
Replies: 18
Views: 11731

Re: Feature Request NAT-PMP

+1 for PCP

This one is very important to include under ROS …..
by mozerd
Fri Sep 02, 2022 7:05 pm
Forum: Announcements
Topic: v7.5 [stable] is released!
Replies: 219
Views: 68357

Re: v7.5 [stable] is released!

How is Disk2 and Disk3 connected?
You only seem to have one usb device connected with one partition.
Good catch Znevna …. In fact disk3 is microSD card and disk2 is microUSB …..
by mozerd
Fri Sep 02, 2022 5:18 pm
Forum: Announcements
Topic: v7.5 [stable] is released!
Replies: 219
Views: 68357

Re: v7.5 [stable] is released!

CCR1009 ... upgrade from 7.4.1 to 7.5 stable Under Winbox v3.37 Disks do not show the installed number of Disks .... attached image shows that under Files does show the proper number of disks but under Disks only 2 disks are visible disks.GIF Disk2 is USB and named Disk2 but as shown in screen shot ...
by mozerd
Tue Aug 16, 2022 1:34 pm
Forum: Announcements
Topic: Newsletter 107
Replies: 50
Views: 26155

Re: Newsletter 107

@normis This newsletter has very exciting devices especially the ax stuff ... IMO the Chateau LTE18 ax AND the Chateau 5G ax will be a real winners assuming RoS7.x and the ax drivers are truly in effective sync when out the door and in the hands of the consumer. BTW, the Linux Kernel is now in v6 RC...
by mozerd
Sat Aug 13, 2022 2:47 am
Forum: General
Topic: A place for poetry
Replies: 63
Views: 246957

Re: A place for poetry

Here I site broken hearted
Paid my dime and only started
My Tik would not boot
RoS 7 to the rescue
Darn it it only farted
by mozerd
Sat Aug 13, 2022 12:33 am
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 66200

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

….. nobody is going to run containers on it.
The hAP ax2 was designed for the home user and not the Network nerd ….
by mozerd
Fri Aug 12, 2022 1:31 pm
Forum: Beginner Basics
Topic: Is MikroTik a good start for a complete noob?
Replies: 10
Views: 2228

Re: Is MikroTik a good start for a complete noob?

I am working on building up my home network. I was all set to press "buy" on a $2k Ubiquiti setup (home network and NVR) until the wife shot that down. For a person like you the Ubiquiti UDM-Pro setup etc. is the proper solution ... complete hassle free and will work just GREAT. If you do...
by mozerd
Sat Aug 06, 2022 4:47 pm
Forum: General
Topic: How to prevent random SIP attacks on default port 5060
Replies: 36
Views: 4508

Re: How to prevent random SIP attacks on default port 5060

@tahmidul I provide a VoIP Blacklist service that has successfully prevented SIP Attacks in 99% of cases ... there is a 10 day free trial period available ... see my sig. My current voipTIK blacklist list contains 39K+ IP addresses ... in your case you will need to whitelist all your core servers fo...
by mozerd
Wed Aug 03, 2022 3:19 pm
Forum: Wireless Networking
Topic: Early For April Fools, Mikrotik WIFI 6
Replies: 6
Views: 890

Re: Early For April Fools, Mikrotik WIFI 6

I just tried to buy the hAP ax2 from ISP Supplies for testing but they do not show this device in inventory ..... the very same for Baltic Networks etc.
by mozerd
Sun Jul 31, 2022 10:24 pm
Forum: Wireless Networking
Topic: Should I switch my APs from Ubiquiti to MT
Replies: 27
Views: 5317

Re: Should I switch my APs from Ubiquiti to MT

No you should not switch … Ubiquiti are excellent AP’s …. If you want another suggestion TP-Link EAP245 or EAP660HD are outstanding AP’s. The only MT wireless device I do at times suggest is the Audiance other than that the othe Tik AP’s suck. Unifi is a system … so to exploite that system everythin...
by mozerd
Sat Jul 30, 2022 1:18 pm
Forum: General
Topic: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN
Replies: 55
Views: 18819

Re: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN

@anav Pro Custodibus also have a Docker Container. https://hub.docker.com/r/procustodibus/agent and some very good info by Pro Custodibus on containers .... https://www.procustodibus.com/blog/2021/11/wireguard-containers/ I have no idea how this impacts Tik memory .... What I like about Pro Custodib...
by mozerd
Fri Jul 29, 2022 3:17 pm
Forum: General
Topic: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN
Replies: 55
Views: 18819

Re: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN

@Znevna
I was not aware of the TailScale official container [excellent] .. thank you for posting the info ...
by mozerd
Fri Jul 29, 2022 2:45 pm
Forum: General
Topic: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN
Replies: 55
Views: 18819

Re: Propose Mikrotik to adopt TailScale VPN similar to ZeroTierOne VPN

My point is that they adopted zerotier but it has limited applicability, not all MT devices can run it. If tailscale can run on more devices, then it should be adopted if they are relatively equal otherwise. Let the user decide which package they want to load! There is an active Tik user [cannot re...
by mozerd
Mon Jul 25, 2022 3:28 pm
Forum: General
Topic: Router Suggestion for Serviced Office
Replies: 13
Views: 989

Re: Router Suggestion for Serviced Office

Which of these devices is the best for this type of setup: 1. RB1100AHX4 2. CCR2004-16G-2S+ 3. CCR1009-7G-1C-1S+ Can you recommend which one is the best router for our setup. From the above 3 you selected I would suggest the CCR1009-7G-1C-1S+ .... this will be an excellent choice .... I also sugges...
by mozerd
Fri Jul 22, 2022 3:30 pm
Forum: Announcements
Topic: v7.4 [stable] is released!
Replies: 226
Views: 54602

Re: v7.4 [stable] is released!

Netinstall is not working.
You may need to run Netinstall 5 or 6 times ... and switch Netinstall to 1 version lower ..... that's been my experience with Netinstall on some version of Tik devices.
by mozerd
Tue Jul 19, 2022 1:03 pm
Forum: Announcements
Topic: v7.4rc is released!
Replies: 116
Views: 29620

Re: v7.4rc is released!

The talk about an "entirely new routing engine" already started ~10 years ago, when the mythical v7 was introduced that would solve all our problems and fulfill all our wishes. I believe that when MT Developers adopted the newer Linux Kernel [the very heart of the OS ] for version RoS v7 ...
by mozerd
Sun Jul 17, 2022 1:26 pm
Forum: Wireless Networking
Topic: Best wireless AP for 500-1000 mbit MT connection.
Replies: 35
Views: 3730

Re: Best wireless AP for 500-1000 mbit MT connection.

@PKSpeleo The following is my suggestion for YOU that will work well with the RB5009 you are considering ... your wireless Clients [all of them] that are capable can achieve between 600 - 800 Mbps TP-Link EAP660 HD AX3600 Gigabit Dual Band WiFi 6 WLAN Access Point. Integrated in Omada SDN: Critical ...
by mozerd
Sat Jul 16, 2022 4:33 pm
Forum: Wireless Networking
Topic: Best wireless AP for 500-1000 mbit MT connection.
Replies: 35
Views: 3730

Re: Best wireless AP for 500-1000 mbit MT connection.

"rextended" has gone awry and starts abusing his forum admin privileges. He comments on other people writing things that MikroTik never have said are not allowed, and is editing other people's post to remove such things. He attacks others for writing the truth about some MikroTik problems...
by mozerd
Sat Jul 02, 2022 11:50 pm
Forum: General
Topic: DNS request through wireguard
Replies: 57
Views: 7098

Re: DNS request through wireguard

@mozerd
Did you copy-paste your post? Perhaps a more relevant proverb in English is 'All roads lead to Rome".
Yes, in fact I did.
BTW, very beautiful women live in the mountains of Iran and love their cooking skills …
https://youtu.be/vMeQ1oSixIU
by mozerd
Sat Jul 02, 2022 8:40 pm
Forum: General
Topic: DNS request through wireguard
Replies: 57
Views: 7098

Re: DNS request through wireguard

There is a proverb in Persian "هر جا بری آسمون همین رنگه" (Wherever you go, the sky is the same color). Publius Ovidius Naso The concept of the proverb can be traced as far back as the poetry of Publius Ovidius Naso, better known as Ovid (43 BC – 17 AD), who wrote Fertilior seges est alen...
by mozerd
Fri Jun 17, 2022 11:02 pm
Forum: RouterBOARD hardware
Topic: Any plans for a small size SoHo router managing Gigabit WAN capacity?
Replies: 19
Views: 2300

Re: Any plans for a small size SoHo router managing Gigabit WAN capacity?

+1 for the hEX OR hEX S … excellent router ….
by mozerd
Fri Jun 10, 2022 7:12 pm
Forum: Beginner Basics
Topic: Is MikroTik good for home use?
Replies: 28
Views: 7854

Re: Is MikroTik good for home use?

There are some downsides, sort of. You can do more, but in order to do so, you need to know more, or be willing to learn a bit. And also be careful, because if you decide to shoot your own foot, system will be happy to help, meaning that it won't say "no". But there's no need to be too sc...
by mozerd
Fri Jun 10, 2022 5:38 pm
Forum: Beginner Basics
Topic: Is MikroTik good for home use?
Replies: 28
Views: 7854

Re: Is MikroTik good for home use?

Absolutely, if you're good to face some pretty hard challenges when things doesn't work as expected (for a regular SOHO user that is). The very same can be said for any so called consumer brand device like Netgear, TP-Link, Asus, D-Link. etc. regardless of the fact that all these brands are PHD . P...
by mozerd
Fri Jun 10, 2022 3:36 pm
Forum: Beginner Basics
Topic: Is MikroTik good for home use?
Replies: 28
Views: 7854

Re: Is MikroTik good for home use?

Need Wifi, the house is not very big - 3 bedrooms. 3 gadgets (tablets and laptop). Internet is needed for everyday use, Watching movies, sometimes working from home. @Marvinjul, you need to provide much more info: 1 ... Where are you located [USA, Canada, Europe, Middle East etc.] 2 ... What speed ...
by mozerd
Fri Jun 10, 2022 3:14 pm
Forum: Announcements
Topic: v7.3 and v7.3.1 [stable] is released!
Replies: 269
Views: 79519

Re: v7.3 and v7.3.1 [stable] is released!

Most of times when we receive such reports simply router/switch have a too complex configuration in order to run RouterOS, process traffic, and do everything that is configured on the device. The beauty of RouterOS is that we do not limit you with random limitations, but at the same time you have t...
by mozerd
Wed Jun 08, 2022 12:23 am
Forum: General
Topic: posts not strictly related to: v7.3 and v7.3.1 [stable]
Replies: 52
Views: 5144

Re: v7.3 [stable] is released!

@DarkeNate The 2 parts that make up the solution for Tik gear is: 1… The functional software that drives the capability 2… The Firmware [drivers] that enables the functional software to exploit the capability So When upgrading it’s MANDATORY to always do both parts sequentially otherwise the capabil...
by mozerd
Thu May 26, 2022 2:45 pm
Forum: Announcements
Topic: v7.2.2 [stable] and v7.2.3 [stable] are released!
Replies: 401
Views: 79819

Re: v7.2.2 [stable] and v7.2.3 [stable] are released!

@Larsa IMO I believe that Tik management understand the cost equation ... the more people you hire in mgmt positions the les comparative you will become.. MikroTik are doing a GREAT Job with the resources they do have --- consequently very competitive and an unbeatable value proposition to boot. But...
by mozerd
Wed May 25, 2022 1:21 am
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

That was a bit unfair since hell will freez to ice already tomorrow and I don't really have time to fix it. : )
@Larsa, without one shadow of doubt I really like your sense of humor …. :lol:

Are you a ZT employee?
by mozerd
Tue May 24, 2022 11:51 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

Still waiting for that "right" config LOL
Hell will freeze over before @Larsa will provide that “right” config for you …. simplicity, performance, reduced costs ONLY in Larsa’s dreams.
by mozerd
Tue May 24, 2022 9:52 pm
Forum: Beginner Basics
Topic: Road Warrior Config by the Network Berg
Replies: 5
Views: 863

Road Warrior Config by the Network Berg

Outstanding WireGuard Video by the one and only Network Berg
Using RoS 7.2.3
https://m.youtube.com/watch?v=CH10spRyG ... e=youtu.be
by mozerd
Tue May 24, 2022 7:09 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

So ZeroTier cannot meet ANY of those 3 CRITICAL advantages.

TZ meets all these requirements by definition.
@Larsa … word games do not work ?.. but you can dream all you want because in dreams everything is possible.
by mozerd
Tue May 24, 2022 7:03 pm
Forum: Wireless Networking
Topic: Compatible APs?
Replies: 23
Views: 5084

Re: Compatible APs?

Yeah shied away from netgear ….. Netgear Orbi is the finest WiFi on earth without exception …. No need to shy away …. I do not like Netgear dedicated AP’s just yet but if they move their AP line to to the Orbi TECH then that will be my go to line … however Orbi is very expensive … but if one want t...
by mozerd
Tue May 24, 2022 5:05 pm
Forum: Wireless Networking
Topic: Compatible APs?
Replies: 23
Views: 5084

Re: Compatible APs?

I certainly will endorse the use of Ubiquiti U6 AP's and the Ubiquiti GenKey Controller ... will work very nicely with Any Tik Router. The only problem with Ubiquiti U6 AP's is that they are very difficult to get since they sell out very fast -- faster than a speeding bullet. My second choice is the...
by mozerd
Tue May 24, 2022 12:39 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

Of course there might be advantages to other alternatives, but at the moment ZT is the only available solution for Mikrotik (so far). So ZeroTier cannot meet ANY of those 3 CRITICAL advantages ..... otherwise you @Larsa would be singing from the Tree Tops :) To bad that TailScale is not integrated ...
by mozerd
Tue May 24, 2022 11:22 am
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

When it comes to SD-WAN, I think there are other important factors to take into account than just pure speed. Benefits of SD-WAN SD-WAN offers many benefits to geographically distributed organizations, including: Simplicity : Because each device is centrally managed, with routing based on applicati...
by mozerd
Tue May 24, 2022 12:30 am
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

There are plenty of other more more in depth and serious tests than this one IMHO. @Larsa … IMHO Netmaker test are COMPREHENSIVE and very credible …. I do not understand why YOU would think otherwise … why because my comparison made some time ago showed TailScale being FAR superior to ZeroTier … by...
by mozerd
Sat May 21, 2022 3:28 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

What gives?
Just for You @Znevna
Battle of the VPNs: Which one is fastest? (speed test)
Perhaps you can learn something from Netmaker .... :)
by mozerd
Sat May 21, 2022 1:42 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

...... I have all the time in the world and don't have a stop button. :-) @anav The following mikrotik ZeroTier document has very extensive information on howto configure ZeroTier to work in the kind of scenario you want ... the complexity is not trivial perhaps because it cannot be so but I 4 1 am...
by mozerd
Fri May 20, 2022 7:42 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

Since I'm always right, there is really no reason for me to make an argument. ;-) @Larsa .... so YOu do not want to prove it ..... shame shame shame and a smart fellow like you could easily help @anav to prove that you are RIGHT. Common Larsa help our fellow guru use ZeroTier ... show your expertis...
by mozerd
Fri May 20, 2022 1:53 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

@Larsa SAID: And it's a proven fact, whatever you say! ;-) OK I will bite ... Prove it that ZeroTier is easier to administer .... provide @anav with the solution to his ZeroTier dilemma ! BTW, I did forget to mention that WireGuard is integrated into the current Linux Kernel plus WireGuard is avail...
by mozerd
Thu May 19, 2022 9:39 pm
Forum: Beginner Basics
Topic: ZeroTier SD-WAN / Network Orchestration [SOLVED]
Replies: 37
Views: 6832

Re: ZeroTier SD-WAN / Network Orchestration [SOLVED]

TILE
ZeroTier is NOT available on the Tile architecture……

WireGuard is faster, better and works GREAT ….
by mozerd
Tue May 17, 2022 5:14 pm
Forum: Beginner Basics
Topic: Need product recommendation
Replies: 9
Views: 1310

Re: Need product recommendation

Can your ISP provided Router operate in BRIDGE mode?
What Bandwidth does your ISP provide you and is that throughput symmetrical or asymmetrical?
How many users will you need to support?
by mozerd
Sat May 14, 2022 5:08 pm
Forum: General
Topic: Wireguard VPN
Replies: 13
Views: 2573

Re: Wireguard VPN

Yes, but I cannot help if you requirements are wishy washy. Detailed clear requirements I can work with and a config that is cleaned up and organized is much more conducive to problem solving ......... .......... If you get organized, gladly will help. otherwise its not productive. Amen brother AME...
by mozerd
Mon May 09, 2022 1:45 pm
Forum: General
Topic: Securing a small network
Replies: 27
Views: 3186

Re: Securing a small network

Regular office, ......
If the Office is high security then measures can be taken to protect the nodes etc ... it all depends on the budget and network access control via Network Intrusion Detection systems ...
Money and knowledge determines what will be done.
by mozerd
Mon May 09, 2022 12:25 pm
Forum: General
Topic: Securing a small network
Replies: 27
Views: 3186

Re: Securing a small network

@Sob
Nope. Let me clarify ... Router. Switches are in secure area. If Zero Trust then Cameras are used to monitor and staff are properly trained. The security paradigm can be as tight as budget allows.
by mozerd
Mon May 09, 2022 2:15 am
Forum: General
Topic: Securing a small network
Replies: 27
Views: 3186

Re: Securing a small network

@tangent Yes I understand but I will not accept poor security disciplines …. I made that clear earlier. Physical device security is a must as is credential security. If the business cannot afford effective security disciplines no amount of technical hoops will prevent rogue intentions who gain physi...
by mozerd
Sun May 08, 2022 11:33 pm
Forum: General
Topic: Securing a small network
Replies: 27
Views: 3186

Re: Securing a small network

@rules
For VPN I strongly suggest WireGuard … you do not need certificates …. You do not need VPN for internal … VPN for road worrier on demand only … use Radius only if you have mission critical otherwise it’s overkill … mission critical where money or valuable secrets …..
by mozerd
Sun May 08, 2022 9:20 pm
Forum: General
Topic: Securing a small network
Replies: 27
Views: 3186

Re: Securing a small network

@rules Lots of stuff others have provided. My suggestion is KISS … keep it simple …. Unless you have a handle on your network users requirements in line with the bosses objectives you will run into trouble. Once requirements are understood the rest is easy since the objectives must match the capabil...
by mozerd
Sat May 07, 2022 2:17 pm
Forum: General
Topic: Securing a small network
Replies: 27
Views: 3186

Re: Securing a small network

MikroTik provide some very good guidance in the following link Securing your router
And pay specific attention to the subsections Titled:
Building Your First Firewall
Building Advanced Firewall

Another excellent source that you will find may be helpful The DEFACTO DEFAULT FIREWALL Setup
by mozerd
Thu May 05, 2022 3:47 pm
Forum: General
Topic: RB4011 together with ASUS RT-AX89X
Replies: 8
Views: 1827

Re: RB4011 together with ASUS RT-AX89X

hahahaha, how big is your house? Two TPLINKS could do the same job ;-PP 1665 sq ft with a detached garage. Most of the house is covered from the AP here in the family room (very back wall of the house). There is an outdoor AP on the front wall of the house under the eve. It's there primarily for th...
by mozerd
Thu May 05, 2022 2:41 am
Forum: General
Topic: RB4011 together with ASUS RT-AX89X
Replies: 8
Views: 1827

Re: RB4011 together with ASUS RT-AX89X

You should place the Asus in AP mode only … this turns of the NAT and router functions of the Asus. Then you can exploit the Ethernet ports on the Asus … the WiFi of the Asus will become available to everyone on your network … in AP mode you can exploit the Asus WAN port … it just becomes another Et...
by mozerd
Tue May 03, 2022 11:16 pm
Forum: General
Topic: Best ACCESS POINT
Replies: 12
Views: 2227

Re: Best ACCESS POINT

@balancer For reliable wifi that can fully exploit your bandwidth for all your users the only mikrotik product I can recommend is the Audience using the wifi2 drivers running under RoS 7. The very best wifi currently is made by Netgear called the Orbi but it is expensive …after the Orbi I suggest TP...
by mozerd
Tue May 03, 2022 1:17 pm
Forum: General
Topic: 3rd party say he can log into my router using default credentials.
Replies: 5
Views: 748

Re: 3rd party say he can log into my router using default credentials.

If the 3rd party cannot produce evidence that they were able to access your router(s) THAT is all the evidence you need. If the 3rd party is using a backdoor and you are not aware of that backdoor into the router there is nothing that you can do --- according to MikroTik no backdoor exists or has be...
by mozerd
Sun May 01, 2022 4:34 pm
Forum: General
Topic: Wireguard slow speed
Replies: 39
Views: 11248

Re: Wireguard slow speed

@holvoetn assessment is 100% correct. Throughput is always subject to the weakest link plus ISP idiosyncrasies Symmetrical connections enjoyed by both PEERS under WireGuard will under excellent circumstance provide 90% or better performance of the subscribed bandwidth assuming peers are capable. Asy...
by mozerd
Tue Apr 26, 2022 2:56 am
Forum: Wireless Networking
Topic: Wireless interface (wlan1) not present at CCR1009 MikroTik Router
Replies: 3
Views: 953

Re: Wireless interface (wlan1) not present at CCR1009 MikroTik Router

First you must purchase the TP-Link EAP660HD Wireless Access Point ... mount that in your ceiling of your venue as central as possible ... now run a Cat6 Ethernet Cable from the EAP660HD to the location of your CCR1009 and connect that Cable to either5 .... once connected to either5 on your CCR1009 ...
by mozerd
Wed Apr 20, 2022 1:05 am
Forum: Wireless Networking
Topic: WiFi with Apple Products
Replies: 99
Views: 30061

Re: WiFi with Apple Products

I have 4 Apple Extreme WiFi Routers connected to hAP AC2 in client sites … all work well 1. Make sure that you Apple wireless Router is in bridge mode In all my cases the Tik device has its WiFi disabled …. For WiFi strictly relying on the Apple WiFi. The reason the Extreme WiFi is far superior to t...
by mozerd
Wed Apr 13, 2022 12:51 am
Forum: General
Topic: IPv6 and NAT - how I changed my mind
Replies: 59
Views: 30849

Re: IPv6 and NAT - how I changed my mind

@msatter My knowledge oh Hotmail/Live is very poor so I cannot answer to those specific services … office 365 and all other Windows systems provide 100% support for ipv6 …. 90% of US government mail systems are now ipv6 …. Where MS now has a dominate position by 2023 all US government depts will be ...
by mozerd
Tue Apr 12, 2022 9:57 pm
Forum: Beginner Basics
Topic: Remote management on WAN
Replies: 22
Views: 4400

Re: Remote management on WAN

@anav The admin wants to eliminate the threat posed by the WAN and the Winbox Port … by not allowing any “outside” connection to hit that port no need to change the default port. VPN on the other hand provides the needed security and path for “trusted devices” so that any interface inside can be acc...
by mozerd
Tue Apr 12, 2022 6:38 pm
Forum: General
Topic: IPv6 and NAT - how I changed my mind
Replies: 59
Views: 30849

Re: IPv6 and NAT - how I changed my mind

As of March 2022, according to Google, the IPv6 adoption rate globally is around 34%, but in the U.S. it’s at about 46%.

What is IPv6, and why is adoption taking so long?
by mozerd
Tue Apr 12, 2022 5:31 pm
Forum: Beginner Basics
Topic: Remote management on WAN
Replies: 22
Views: 4400

Re: Remote management on WAN

The llama has arrived...... ...... add chain=input action=accept in-interface-list=Trusted dst-port=winboxport protocol=tcp src-address-list=authorized My suggestion for this rule is as follows: add chain=input action=accept in-interface-list=!WAN dst-port=8291 protocol=tcp src-address-list= Truste...
by mozerd
Sat Apr 09, 2022 7:08 pm
Forum: General
Topic: clickbite: How do members of the Forum feel about this article?
Replies: 54
Views: 4384

Re: How MikroTik Routers Became a Cybercriminal Target

By the way unlike most Canadians, I would have put our troops side by side with Ukranians as soon as the border was crossed so no I am not an average Cdn, like yourself sitting in their comfy homes 1000s. of miles from danger, much like we were when General Dallaire was begging for help in Rwanda a...
by mozerd
Fri Apr 08, 2022 7:06 pm
Forum: Announcements
Topic: NEWSLETTER 105
Replies: 56
Views: 44217

Re: NEWSLETTER 105

The new masthead is very professional and LOOKS G R E A T
by mozerd
Thu Apr 07, 2022 4:36 pm
Forum: Announcements
Topic: NEWSLETTER 105
Replies: 56
Views: 44217

Re: NEWSLETTER 105

The new masthead is very cool :)

The LHG LTE18 kit .... when will this become available?
TheNewTik.gif
by mozerd
Tue Apr 05, 2022 6:25 pm
Forum: General
Topic: Which product can support at least 200 hotspot users?
Replies: 16
Views: 2181

Re: Which product can support at least 200 hotspot users?

non-critical social media activity, no VOIP / no gaming.
It's not strictly simultaneous, just typical coffee shop free wifi activities.
The hEX will serve for your purposes as the Router.

The following Internet Data Usage Guide should be of interest to you ....
by mozerd
Tue Apr 05, 2022 6:15 pm
Forum: General
Topic: Which product can support at least 200 hotspot users?
Replies: 16
Views: 2181

Re: Which product can support at least 200 hotspot users?

I am looking for a router that can support at least 200 simultaneous hotspot users, is hAP lite good enough for this? 200 simultaneous hotspot users ---- simultaneous ---- means occurring, operating, or done at the same time ... What activity will these 200 simultaneous users be involved in? And do...
by mozerd
Tue Apr 05, 2022 5:45 pm
Forum: General
Topic: clickbite: How do members of the Forum feel about this article?
Replies: 54
Views: 4384

Re: How MikroTik Routers Became a Cybercriminal Target

My opinion: How MikroTik Routers Became a Cybercriminal Target ? Simply: is the best software for routers and can do many things than the other competitoirs can not do or price/features is too high... How Microsoft Windows Became a Cybercriminal Target ? Simply: Is the most simple and used OS... Ye...
by mozerd
Mon Mar 28, 2022 2:12 pm
Forum: RouterBOARD hardware
Topic: Mikrotik hardware shortage - official statement?
Replies: 36
Views: 7982

Re: Mikrotik hardware shortage - official statement?

China has everyone [mfgs & vendors] by the short hairs ... geopolitics is causing a very significant realignment so until that is sorted out China will use all of its commercial weapons' to gain the upper hand. Since EVERYONE in this game relied on the very cheap labour that China offered and de...
by mozerd
Wed Mar 23, 2022 6:24 pm
Forum: RouterOS beta
Topic: WIREGUARD Routes & DNS Resolve
Replies: 2
Views: 3085

Re: WIREGUARD Routes & DNS Resolve

@anav Errr --- you mean the ("Peer" server) -- right? why? because WG is a p2p protocol :) Which version of Linux is under the RoS hood? Me thinks its 5.6 but I am not 100% sure .... Does RoS run independently of Linux or does it rely on Linux but uses its own abstraction to run Linux so t...
by mozerd
Wed Mar 23, 2022 5:40 pm
Forum: Announcements
Topic: v7.2rc5 is released!
Replies: 91
Views: 23460

Re: v7.2rc5 is released!

Do you also update the MT Apps in RC releases ( like missing allowed IP addresses in peer settings )?
*) ios app - text
Many many data fields are not populated with the MT App under IOS on my iPhone ... far too many to take pics .... I do not think that MikroTik look at this frequently.
by mozerd
Wed Mar 23, 2022 4:36 pm
Forum: RouterOS beta
Topic: Wireguard use Hostname in endpoint
Replies: 63
Views: 19089

Re: Wireguard use Hostname in endpoint

The WireGuard Tools script addresses the following scenario When the WireGuard interface of the ("Peer" client) starts up, it will resolve the DNS record for myvpn.myddns.com , and select one of the IP addresses to use as its endpoint for the ("Peer" server). Let’s say it selects...
by mozerd
Wed Mar 23, 2022 3:35 pm
Forum: RouterOS beta
Topic: Wireguard use Hostname in endpoint
Replies: 63
Views: 19089

Re: Wireguard use Hostname in endpoint

The only built-in way for a WireGuard ("Peer" client) to detect a change to an endpoint’s IP address is if the endpoint proactively initiates a connection to the ("Peer" client) from its new IP address (which NAT or other firewall rules make impossible in a typical ("Peer&qu...
by mozerd
Tue Mar 22, 2022 9:49 pm
Forum: Wireless Networking
Topic: Future owner(?) of hAP ac3
Replies: 18
Views: 2090

Re: Future owner(?) of hAP ac3

I suggest you consider the MikroTik RB5009 as your router. I do no recommend Tik wireless because they generally underperform … for your wireless and based on your network diagram the TP-Link EAP660HD will provide excellent wireless performance to all your wireless devices. RoS supports vlans and al...
by mozerd
Mon Mar 21, 2022 4:23 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@mozerd: The part you keep missing is that while WG may be peer-to-peer "at heart", ............ it's clearly client-server behaviour. @Sob ... I believe you are brilliant .... as is mkx .... and anav is very smart :) If its Pure WG Lets not call it C/S .... lets call it a communication r...
by mozerd
Mon Mar 21, 2022 3:56 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

Everyone is a peer The Author is Vladimír Záhradník .... my type of tech guy :) ------------------------------------------------------- In WireGuard, there is no client-server relationship. WireGuard introduces a concept of peers, which are interconnected clients, and by definition, there is no sup...
by mozerd
Sun Mar 20, 2022 8:07 pm
Forum: General
Topic: NAT in output chain for Wireguard [SOLVED]
Replies: 13
Views: 4799

Re: NAT in output chain for Wireguard [SOLVED]

In the Tik world WG has 2 states for Routing Table … either off or by default on …. When the WG interface has a IP address Routes are added automatically … when the WG interface does not have IP address assigned Table is off and you must add routes manually. [edit] forgot to mention that cryptokey r...
by mozerd
Sun Mar 20, 2022 6:28 pm
Forum: General
Topic: NAT in output chain for Wireguard [SOLVED]
Replies: 13
Views: 4799

Re: NAT in output chain for Wireguard [SOLVED]

@anav: The idea with routes was inspired by @mozerd, poor guy now has constant nightmares that WG in RouterOS is incomplete, so this option would save him, and it's true that I saw other people miss adding routes before.
@Sob .... :lol:
Understanding modern Linux routing (and wg-quick)
by mozerd
Thu Mar 17, 2022 7:10 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

What a shame that MikroTik did not integrate WireGuard completely—- by taking advantage of every aspect provided by its creator. Every Linux disto that includes WireGuard takes complete advantage of the Donenfeld creation except RoS. Yes, the Donenfeld wg tools that for example effectively generate ...
by mozerd
Tue Mar 15, 2022 2:25 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

In Winbox Tools and using the Ping tool if no static route is added for 10.10.50.99 in my test scenario 10.10.50.99 is pingable but as soon as a static route is added 10.10.50.99 becomes host unreachable ….. why? Because you're trying to take torch from @anav and continue his previous adventure. ;)...
by mozerd
Mon Mar 14, 2022 11:26 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

One other very interesting observation In Winbox Tools and using the Ping tool if no static route is added for 10.10.50.99 in my test scenario 10.10.50.99 is pingable but as soon as a static route is added 10.10.50.99 becomes host unreachable ….. why? Yes in the configuration all subnets are isolate...
by mozerd
Mon Mar 14, 2022 9:59 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@larsa I agree that it’s cryptic … I also believe that RoS fully supports WireGuard but a lot of the stuff like the Tools the Donenfeld provides with WireGuard is encapsulated within RoS otherwise allowed IPs would not work the way that is expressed in the WireGuard docs. A very simple test for exam...
by mozerd
Mon Mar 14, 2022 7:44 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

I have contacted MikroTik and requested information as to how the Following WireGuard fundamental Principle is supported in RoS .... When I receive a response I will post it here assuming that they will permit me doing that. Today I received a response from MikroTik …. Cryptokey routing is fully su...
by mozerd
Sat Mar 12, 2022 11:20 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@anav
Very sorry but I can no longer recommend your link because I absolutely disagree with your wg approach …..
by mozerd
Sat Mar 12, 2022 7:20 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

I hope you can see now where your thinking went off the rails..................
Goodness Gracious Great Balls of Fire .... @anav -- The configuration Guru is back and kicking .... :)
by mozerd
Sat Mar 12, 2022 6:51 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@Larsa ... I ABSOLUTLY agree with you 100% :)
by mozerd
Sat Mar 12, 2022 6:45 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

And about routes, for example: That's what sane people do. Insane ones will: 1) (basic) Not assign 192.168.99.1/24 to WG interface, and instead add route to 192.168.99.0/24 pointing to WG interface. Zero improvement, but feels cool. (*) 2) (advanced) Assign random 192.168.88.X/24 to client's WG int...
by mozerd
Sat Mar 12, 2022 6:30 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@Sob
What does WireGuard AllowedIPs actually do?
Well I disagree with you because The keyword allowed-ips is a list of addresses that will get routed to the peer. That is the WireGuard way
by mozerd
Sat Mar 12, 2022 6:12 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@ Sob My question to MikroTik how does RouterOS provide support for “cryptokey routing” and how to display the cryptokey routing table in RoS? The only display of keys and associated source IPs etc I see in Winbox and CLI is that shown is under interface ... no Routing Table for WG .... however I do...
by mozerd
Sat Mar 12, 2022 5:30 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@mozerd, something happened to the linked pic: @Larsa .... thank you ... your message forced me to use my brain with a guessed fix noted below. .... Yes I saw that ... the pic is there but its not placed properly by the forum phpBB software -- must be a bug :) ... I tried fixing it but my fix does ...
by mozerd
Sat Mar 12, 2022 2:18 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

I have contacted MikroTik and requested information as to how the Following WireGuard fundamental Principle is supported in RoS .... When I receive a response I will post it here assuming that they will permit me doing that. Extracted from the WireGuard Whitepaper The fundamental principle of a secu...
by mozerd
Fri Mar 11, 2022 7:40 pm
Forum: RouterOS beta
Topic: Wireguard peer doesn't work [SOLVED]
Replies: 5
Views: 2332

Re: Wireguard peer doesn't work [SOLVED]

@bardilf I hope that the WG private key and your Wan IP that you posted are not real … you should never show those when posting …. For private key just state my private key and for WAN IP just show xxx.vvv.zzz.fff ….. If the private key that you showed is real I strongly suggest that you immediately...
by mozerd
Fri Mar 11, 2022 3:22 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

....... To provide a reason to some fool to push the red button ? Because that's what WILL happen if he gets cornered too much. ....... This non-sense needs to stop ASAP. 500% agree. Which are you more afraid more off .... Nuclear, Chemical and/or Biological Weapons'? I am terrified by all of them ...
by mozerd
Fri Mar 11, 2022 2:33 pm
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

Re: WireGuard: allowed IPs - Unofficial WireGuard Documentation

@mozerd do you even wireguard on mikrotik? Clearly he has used wireguard for MT devices, but seemingly only in a very narrow, what I would call restrictive way. Just want to ensure that he realizes he wont go to Mikrotik jail ( I mean who wants to end up in Latvia with a bunch of bearded Latvian co...
by mozerd
Fri Mar 11, 2022 12:20 am
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

@404 You pointed out in my proof of concept that on my CCR1009 WG Allowed IPs was wrong .... you must have edited that out after the fact as I no longer see the orange highlight that you used to show which IPs where not required .... You are correct .... Yes I did make a mistake .... thank you for p...
by mozerd
Thu Mar 10, 2022 11:13 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

Your proof of concept was bogus to begin with.
Thank you @404 … your expertise ….. I will leave that to your imagination ….. however, I will live with my way of doing things because they work and work well … extremely well …. Remarkably well :) ….
by mozerd
Thu Mar 10, 2022 10:42 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

@mozerd ... when preparing CCR for first run and you remove IP address from wireguard_ccr interface, do add route: /interface route add address=172.168.50.51/32 gateway=wireguard_ccr @mkx …. You missed the whole point of my proof of concept . And that was that by omitting the wg interface IP addres...
by mozerd
Thu Mar 10, 2022 8:33 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

And I'll assume you didn't do the job properly. Because I know it can be done differently. If you care to pursue the thing further, you can always do a lab setup and then you will be able to disclose config for peer review. If you don't care to do it, then nobody else will either. Wow, a challenge ...
by mozerd
Thu Mar 10, 2022 6:14 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

@mozerd: care to show exact WG configuration you did for case (b) ? Both /interface wireguard and /ip (if any)? I do not reveal client configs unless I get permission to do so .... He is currently in Paris in a Hotel , his hEX is in Denver Colorado and I am in Ottawa .... I have no desire to bother...
by mozerd
Thu Mar 10, 2022 5:44 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

@holvoetn
My principle issue is with (a) .... since NO IP address was assigned to the WG Interface the WG Tunnel should not have be activated but it was and IMO this is wrong.
So I will contact Jason Donenfeld and ask why is this behavior allowed or is this a WG Bug or something else.
by mozerd
Thu Mar 10, 2022 5:21 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

@holvoetn
Perhaps but with (b) I did not have any issues --- assigning a IP address to the WG Interface and like MAGIC everything worked like it should. :)
by mozerd
Thu Mar 10, 2022 5:01 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

@404 Today I set up a WireGuard Tunnel for a Client .... A MikroTik hEX as the Router running RoS v7,1.3 .... The Client wanted to remotely access his office Windows 11 Desktop and the Office NAS plus the ability to print to his Canon Network Printer using his Windows 10 Laptop and His iPhone13 ... ...
by mozerd
Thu Mar 10, 2022 12:59 am
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

The way it’s done in MikroTik is the exact same way it’s done in Linux.

First create the WG interface then name it followed by assigning a IP address to that interface. You just refuse to accept that because you found a stupid bug that Tik has yet to fix.
by mozerd
Thu Mar 10, 2022 12:08 am
Forum: Beginner Basics
Topic: WireGuard: allowed IPs - Unofficial WireGuard Documentation
Replies: 112
Views: 42852

WireGuard: allowed IPs - Unofficial WireGuard Documentation

AllowedIPs This defines the IP ranges for which a peer will route traffic. On simple clients, this is usually a single address (the VPN address of the simple client itself). For bounce servers this will be a range of the IPs or subnets that the relay server is capable of routing traffic for. Multip...
by mozerd
Wed Mar 09, 2022 11:26 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

Re: WireGuard: Interface - Unofficial WireGuard Documentation

[Interface] # Name = WG-Server Router { no such entry of address on MT devices } Actually Yes there is @404 .... Name =wg0 or whatever name one wants to give THE INTERFACE using the GUI or CLI, But very unfortunately you are missing the boat completely .... and its my opinion that MikroTik are not ...
by mozerd
Wed Mar 09, 2022 11:03 pm
Forum: Beginner Basics
Topic: WireGuard: Peers - Unofficial WireGuard Documentation
Replies: 1
Views: 799

WireGuard: Peers - Unofficial WireGuard Documentation

Peers Defines the VPN settings for a remote peer capable of routing traffic for one or more addresses (itself and/or other peers). Peers can be either a public bounce server that relays traffic to other peers, or a directly accessible client via LAN/internet that is not behind a NAT and only routes...
by mozerd
Wed Mar 09, 2022 9:26 pm
Forum: Beginner Basics
Topic: WireGuard: Interface - Unofficial WireGuard Documentation
Replies: 62
Views: 5422

WireGuard: Interface - Unofficial WireGuard Documentation

Following is EXCELLENT guidance that MikroTik users should follow. These guidelines apply to ALL platforms that want to exploit WireGuard effectively. IMO, Unfortunately MikroTik have not implemented these guidelines strictly .... perhaps over time they will, I am only providing a small subset of th...
by mozerd
Tue Mar 08, 2022 9:50 pm
Forum: Beginner Basics
Topic: Wireguard not working
Replies: 24
Views: 9121

Re: Wireguard not working

@Rox169 443 UDP is used by QUIC a Google tech … so if you use chrome or any chrome derivative you will have issue with that port under WG. I suggest that you use port 44355 and see if that helps you. I have not checked your config properly so I cannot make further comment other that to suggest that ...
by mozerd
Sun Mar 06, 2022 4:06 pm
Forum: Beginner Basics
Topic: Wireguard Subnet accessing different subnet
Replies: 20
Views: 4071

Re: Wireguard Subnet accessing different subnet

When using WireGuard the most important part is to understand 3 key areas 1.. Allowed IPs 2.. Associated public keys 3. CryptoKey Routing 1.. Allowed IPs provides the path to all nets/subnets/vlans/etc 2. Public Keys enable the Allowed IPs to understand the path to take 3. CryptoKey Routing makes ev...
by mozerd
Thu Mar 03, 2022 5:39 pm
Forum: RouterOS beta
Topic: Will the wireguard ever become usefull vpn server / client
Replies: 27
Views: 3340

Re: Will the wireguard ever become usefull vpn server / client

The pro cuttybus guy gives you a share of the sales?
I have no affiliation with PRO CUTODIBUS of what-so-ever-nature ...

I do however respect PRO CUTODIBUS and their exceptional tech team especially engineer Justin Ludwig
by mozerd
Thu Mar 03, 2022 5:14 pm
Forum: General
Topic: DHCPv6 Client not working, unable to get and deliver IPv6
Replies: 7
Views: 4403

Re: DHCPv6 Client not working, unable to get and deliver IPv6

Following is my ipv6 config that using a /56 ,,, perhaps you can extract only the parts you want that may help you ... this config works really well for me and all my VLAN's plus their hosts and has for a very long time. This configuration is based on SLAAC so no dhcpv6 server is involved and IMO no...
by mozerd
Thu Mar 03, 2022 3:23 pm
Forum: RouterOS beta
Topic: Will the wireguard ever become usefull vpn server / client
Replies: 27
Views: 3340

Re: Will the wireguard ever become usefull vpn server / client

1... I would like to know if Wireguard will ever become something more than "proof of concept"? 2... Will we ever have a simple way to create and track users? 3... Will we be able to allow users other than "administrators" to establish the connection? 4... Will we ever be able t...
by mozerd
Wed Mar 02, 2022 11:54 pm
Forum: Wireless Networking
Topic: WiFi6 solution for Mikrotik-based SOHO network
Replies: 8
Views: 3211

Re: WiFi6 solution for Mikrotik-based SOHO network

Also they cover 20k sq ft, so you will only need just 1!!!
do you really believe that? I sure as heck do not !
by mozerd
Wed Mar 02, 2022 7:57 pm
Forum: General
Topic: IPv6 [yes/no] ????
Replies: 12
Views: 1235

Re: IPv6 [yes/no] ????

Ipv6 is THE one
Three reasons why IPv6 is worth the effort
1… End-to-end connectivity
2… Reduced network complexity
3… Support and content have become common place
by mozerd
Tue Mar 01, 2022 1:06 am
Forum: General
Topic: Are mikrotic routers next generation firewalls?
Replies: 22
Views: 6487

Re: Are mikrotic routers next generation firewalls?

@Woland NGFW was coined by Gartner 2003 … since then many FW vendors adopted that acronym.. MikroTik cannot be classified as NGFW in any way shap or form because it does not posses any of the attributes the industry ascribes to NGFW. While a traditional firewall like that found in Tik Routers —- tha...
by mozerd
Mon Feb 28, 2022 6:58 pm
Forum: General
Topic: WireGuard and routing tables
Replies: 21
Views: 13001

Re: WireGuard and routing tables

I finally managed to get it working this weekend. :D :D :D
..................
One thing I've learned with WireGuard: good planning is a requirement.
Nice work arnaldo .... YES good planning is the KEY to WireGuard Success ...
by mozerd
Sun Feb 27, 2022 7:23 pm
Forum: Wireless Networking
Topic: Mikrotik / Capsman WiFi Rant
Replies: 16
Views: 2002

Re: Mikrotik / Capsman WiFi Rant

My view. Everyone is entitled to see things differently.
@holvoetn … excellent POV ….. :)
by mozerd
Sun Feb 27, 2022 1:59 pm
Forum: General
Topic: Are mikrotic routers next generation firewalls?
Replies: 22
Views: 6487

Re: Are mikrotic routers next generation firewalls?

For the price of solarwind log analyzer, i might as well pay for fortigate/sophos licensing to get full NGFW features My personal preference in NGFW is Juniper or Untangle software running in a custom black box ... but there are lots of open source log analyzers that do not cost money but do cost l...
by mozerd
Sun Feb 27, 2022 4:16 am
Forum: General
Topic: Are mikrotic routers next generation firewalls?
Replies: 22
Views: 6487

Re: Are mikrotic routers next generation firewalls?

So how do i like see statictics of wwhere traffic is comming from? what countries? locations? what IPs are making most requests etc? Those are features am looking for not virus scanning or the other NGFW features Just want modern traffic reporting A MikroTik Router can log your traffic and send tho...
by mozerd
Sun Feb 27, 2022 12:17 am
Forum: General
Topic: Are mikrotic routers next generation firewalls?
Replies: 22
Views: 6487

Re: Are mikrotic routers next generation firewalls?

MikroTik’s firewall is not next gen and I do not believe that MikroTik want to be in that arena. Next gen firewalls work very comfortably in layer 7 very close to wire speed … they are in a class of their own. NGFWs are able to block malware from entering a network, something that traditional firewa...
by mozerd
Wed Feb 23, 2022 2:01 pm
Forum: Announcements
Topic: v7.2rc4 is released!
Replies: 143
Views: 41618

Re: v7.2rc4 is released!

Why, according to Mozerds links, its important to have different peer cryptography or did I read that wrong. @404 BEST PRACTICES The best practices for WireGuard keys are similar to those for SSH keys or client certificates (or any other host-based credentials) — no two hosts should share the same ...
by mozerd
Wed Feb 23, 2022 1:25 pm
Forum: Announcements
Topic: v7.2rc4 is released!
Replies: 143
Views: 41618

Re: v7.2rc4 is released!

On my CCR1009 the wrong version description is displayed in the window:
7.2rc4.GIF
by mozerd
Wed Feb 23, 2022 3:46 am
Forum: General
Topic: Wireguard - access to remote LAN
Replies: 87
Views: 15240

Re: Wireguard - access to remote LAN

404 …. You were given lots of evidence but you have chosen to ignore that evidence .. your approach is abnormal. Connecting an interface to a network makes it a part of that network. Therefore, the IP address is a property of the connection — when an interface becomes active like a WG interface the ...
by mozerd
Tue Feb 22, 2022 1:21 am
Forum: Beginner Basics
Topic: WireGuard: Cryptokey Routing
Replies: 14
Views: 2318

Re: WireGuard: Cryptokey Routing

The article I linked blesses everything I have been doing!! If you're happy then keep on trucking with what you are doing cause IMO you are a godsend to many on this forum whom you've helped. I tip my hat to You. BTW anav, I hope that Tik will restore your other anav account .... I do not understan...
by mozerd
Tue Feb 22, 2022 12:58 am
Forum: Beginner Basics
Topic: WireGuard: Cryptokey Routing
Replies: 14
Views: 2318

Re: WireGuard: Cryptokey Routing

@404
Do you understand Cryptokey Routing and the example that was illustrated within that submission .... nothing can be simpler ....
by mozerd
Tue Feb 22, 2022 12:51 am
Forum: Beginner Basics
Topic: WireGuard: Cryptokey Routing
Replies: 14
Views: 2318

Re: WireGuard: Cryptokey Routing

Actually not, it was your imprecise terminology of " network interface " vice " wireguard interface " that was confusing. :-) @404: ... The Topic is WireGuard : Cryptokey Routing When discussing INTERFACES ... they ARE all related to WireGuard under this topic .... absolutely no...
by mozerd
Tue Feb 22, 2022 12:42 am
Forum: Beginner Basics
Topic: WireGuard: Built-in Roaming
Replies: 0
Views: 477

WireGuard: Built-in Roaming

Key Point 1: The client configuration contains an initial endpoint of its single peer (the server), so that it knows where to send encrypted data before it has received encrypted data. Key Point 2: The server configuration doesn't have any initial endpoints of its peers (the clients). This is becaus...
by mozerd
Mon Feb 21, 2022 11:34 pm
Forum: Beginner Basics
Topic: WireGuard: Cryptokey Routing
Replies: 14
Views: 2318

Re: WireGuard: Cryptokey Routing

@404 a network device like a printer has a IP address and resides in a net, subnet or vlan …. If the IP address of the printer is in the range of allowed IPs then WireGuard participants will be able to send print requests to that printer. Another device like a PC also has a IP address and that PC si...
by mozerd
Mon Feb 21, 2022 10:55 pm
Forum: Beginner Basics
Topic: WireGuard: Cryptokey Routing
Replies: 14
Views: 2318

Re: WireGuard: Cryptokey Routing

Key Point 2 : Each network interface has a private key and a list of peers. Did you mean each wireguard interface? Or each Device network interface ( aka vlans, subnets etc.....), very confusing,,,,,,, Is a Wireguard a network interface ? or just an interface? Each WireGuard interface … a vlan, sub...
by mozerd
Mon Feb 21, 2022 10:09 pm
Forum: Beginner Basics
Topic: WireGuard: Cryptokey Routing
Replies: 14
Views: 2318

WireGuard: Cryptokey Routing

Key Point 1 : At the heart of WireGuard is a concept called Cryptokey Routing , which works by associating public keys with a list of tunnel IP addresses that are allowed inside the tunnel. Key Point 2 : Each network interface has a private key and a list of peers. Key Point 3 : Each peer has a pub...
by mozerd
Sat Feb 19, 2022 1:59 am
Forum: Scripting
Topic: Pseudo Random Number Generator Script (Mersenne Twister)
Replies: 21
Views: 16248

Re: Pseudo Random Number Generator Script (Mersenne Twister)

@Sob …. MikroTik are memory misers because the value proposition is tied to lowest cost providing best possible functionality …. So to add a function library would require adding more memory …. In mfg for every cent in additional cost requires a 400% return …. So it’s understandable that tradeoffs m...
by mozerd
Thu Feb 17, 2022 8:43 pm
Forum: General
Topic: WireGuard connections in site-to-site implementation behind peer IP [SOLVED]
Replies: 17
Views: 2211

Re: WireGuard connections in site-to-site implementation behind peer IP [SOLVED]

@mozerd: Finding manual is easy, but the challenge is to find at least one good example how it can be used for something useful. I have zero idea how it might be useful … apparently MikroTik believes it is used to automate WAN connectivity for systems like CPE but that is only my uneducated guess.
by mozerd
Thu Feb 17, 2022 7:48 pm
Forum: General
Topic: WireGuard connections in site-to-site implementation behind peer IP [SOLVED]
Replies: 17
Views: 2211

Re: WireGuard connections in site-to-site implementation behind peer IP [SOLVED]

Detect Internet
Detect Internet is a tool that categorizes monitored interfaces into the following states - Internet, WAN, LAN, unknown, and no-link.
by mozerd
Tue Feb 15, 2022 10:14 pm
Forum: Wireless Networking
Topic: Wifi 7 - MikroTik when???
Replies: 70
Views: 13930

Re: Wifi 7 - MikroTik when???

@anav … did you know that Ignorance and naïveté destroy its civilization …. So you’ve bought into the COVID scam …. And you probably think that Trudeau is just the best thing since slice bread … I hate communists Anav they all come in different colors. Supply chain … btw, … Biden and the Democrats t...
by mozerd
Tue Feb 15, 2022 4:57 pm
Forum: Wireless Networking
Topic: Wifi 7 - MikroTik when???
Replies: 70
Views: 13930

Re: Wifi 7 - MikroTik when???

Mikrotik Wi-Fi 6E I could sure use some additional frequencies for my Mesh networks - the existing 5 GHz band is congested, noisy, slow and competing with cellular LTE-U (#46). There is no such thing as a clean 5 GHz channel these days. @TomjNorthIdaho ... You are 100% correct .... in FACT what is ...
by mozerd
Tue Feb 15, 2022 1:42 am
Forum: General
Topic: MT alternative products
Replies: 15
Views: 2037

Re: MT alternative products

TP-Link switches are easy to use, but depending on model do not receive updates that long. nonsense … for example: https://www.tp-link.com/us/business-networking/easy-smart-switch/tl-sg1428pe/ The TL-SG1428PE a business class switch has had 5 firmware updates since it’s inception plus the documenta...
by mozerd
Mon Feb 14, 2022 5:19 pm
Forum: General
Topic: RouterOS 7 - Wireguard site-to-site over multiple wans [SOLVED]
Replies: 9
Views: 3460

Re: RouterOS 7 - Wireguard site-to-site over multiple wans [SOLVED]

For High availability the following example may prove to be useful for your needs ....
its not MikroTik centric but the same principles apply and I am certain that the same example can be converted into MikroTik Speak

High Availability WireGuard Site To Site
by mozerd
Mon Feb 14, 2022 2:49 pm
Forum: General
Topic: What's your preferred VPN service for using with Mikrotik (2022)
Replies: 13
Views: 3409

Re: What's your preferred VPN service for using with Mikrotik (2022)

I like IPVanish because I found them to be the most consistent/persistent from a performance perspective .... the other VPN 3rd party services I have tried is ExpressVPN and Private Internet Access where my experiences where unsatisfactory. IPVanish also provides superb documentation exploiting Wire...
by mozerd
Sun Feb 13, 2022 11:49 pm
Forum: General
Topic: MT alternative products
Replies: 15
Views: 2037

Re: MT alternative products

@mike19
I suggest that you take a serious look at the TP-Link Jetstream line of switches and the TP-Link EAP660 HD Access Points combine that with the Omada network controller and you will have a very good system for your 800 students etc.

For Router I suggest the MikroTik CCR2116-12G-4S+
by mozerd
Sun Feb 13, 2022 8:41 pm
Forum: Beginner Basics
Topic: WireGuard: Simple Network Interface
Replies: 42
Views: 4466

Re: WireGuard: Simple Network Interface

Thanks Mozerd, after some thought I think its overcomplicated and not as useful as other approaches for the new user. In actual fact the New User would love to learn the proper way …. And what I outlined for you is the proper approach from a network discipline standpoint. I suggest that you reconsi...
by mozerd
Sun Feb 13, 2022 7:11 pm
Forum: Beginner Basics
Topic: WireGuard: Simple Network Interface
Replies: 42
Views: 4466

Re: WireGuard: Simple Network Interface

Please clarify POINT TO POINT The simplest topology is just Point to Point — one endpoint running WireGuard connected directly to another endpoint running WireGuard. It’s also the only topology that produces E2E (End-to-End) encryption — all other topologies involve WireGuard packets being decrypte...
by mozerd
Sun Feb 13, 2022 6:49 pm
Forum: Beginner Basics
Topic: WireGuard: Simple Network Interface
Replies: 42
Views: 4466

Re: WireGuard: Simple Network Interface

@anav, my suggestion to help users with WireGuard configurations is to start by discussing common Topologies like Point to Point Hub and Spoke Point to Site Site to Site Then provide samples of each and that would give the user community a wealth of effective methods. Pro Custodibus does a superb jo...
by mozerd
Sun Feb 13, 2022 5:29 pm
Forum: Beginner Basics
Topic: WireGuard: Simple Network Interface
Replies: 42
Views: 4466

Re: WireGuard: Simple Network Interface

You are a kind and generous person anav ... and I 4 1 applaud your herculin efforts in assisting newbies with MikroTik configurations. When testing the Performance of any WireGuard tunnel one of the best tools to use is iPerf .... to use iPerf and to test the actual WGT the client and server [The Hu...
by mozerd
Sun Feb 13, 2022 4:42 am
Forum: Beginner Basics
Topic: WireGuard: Simple Network Interface
Replies: 42
Views: 4466

Re: WireGuard: Simple Network Interface

You create a WireGuard interface and name=wg0 but do not assign it an IP address ….. Anav, can you ping that unaddressed interface?
by mozerd
Sun Feb 13, 2022 2:12 am
Forum: Beginner Basics
Topic: WireGuard: Simple Network Interface
Replies: 42
Views: 4466

Re: WireGuard: Simple Network Interface

It’s a MikroTik introduced bug Anav, they will fix it soon …. An active interface needs a address assignment when used.