MikroTik

Thor187

You need a UTM/NGFW that can perform:
- SSL Man In The Middle (decryption mid stream, requires a CA and installation of your cert on client machines)
How long until that finally stops working?
I expect this solution to be dead in a year or two...

four years on, stil strong.

Thor187

[admin@MikroTik] > /tool bandwidth-test 207.32.194.24 user=btest password=btest direction=both
status: can not connect

Thor187

Can one cache Youtube in 2019?

Since everything is HTTPS nowadays I assume caching is no longer possible? (Squid etc)

Thor187

GPS device is built in. Antenna needs to be connected externally. I mean, it says that right in your image. Read it please, outside the yellow marked words.

Fix your product description and refund me for misleading marketing.
Thanks.

Thor187

/system gps set port=serial0 enabled=yes gps-antenna-select=external

I don't have the unit, so can you change this to anything else but external?

Apologies I updated the OP - it was set to internal which did not work and then I tried external for shits and giggles - also did not work.

Thor187

Any chance you added or removed the antenna, while the device was running? Shorting the connector central pin and connector outside, can cause GPS chip to be damaged. This is why you only should add/remove antenna while there is no power (GPS has an active 3V antenna). Software wise, I think it loo...

Thor187

Bump.

Thor187

Internal antenna exists and works if you have no miniPCIe module inside or if mounted with ports pointing up.
Surely, most cases will have a module, this is why we mention recommendation for external antenna.

2019-07-04_23-43-29.png

Thor187

How do I debug this piece of kak to know if it is user error (me) or GPS not working. This is what I did: /system console disable 0 /system gps set port=serial0 enabled=yes gps-antenna-select=internal /port set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none stop-bits=1 /port...

Thor187

If I enabled the default firewall in the Quick Config screen and I then went to IP->Cloud and setup a CNAME on my domain what rule to I need to add to the firewall to allow myself to access the router with WinBox remotely from (xxx.xxx.xx.xxx - my office IP)

Thor187

Turns out this wireless thing a lot more complex than one thinks.

Lots of little CAPs/hAPs is the way I will proceed then going forward.

Thor187

Is this the same AP or all of them? Reason I am asking, we had an AP in the building that would drop out randomly (well we assumed it was random) turns out this AP was in the ceiling beneath the top floor which is a kitchen and every time the people upstairs switched on their Microwave (blasting 2.4...

Thor187

What we did in our warehouse (a bit smaller, but same racks, just less) is put a directional AP pointing down the side of each aisle.

Thor187

This might be a noob question, but I am struggling (after 3 minutes of googling ;) ) to find answers. Does the strength of the phone matter - ie in my mind I am telling myself there is no point to put down a powerful Omni antenna in the middle of my house that all my devices can see, but cannot talk...

Thor187

Noted

Thor187

A single RB2011UiAS-2HnD-IN should easily be able to handle that workload. Even a hAP ac² would be able to handle the network traffic, the wireless will depend, the RB2011 will probably be able to handle it, the hAP is a bit light in the pants on the wifi end (most Mikrotik devices are) you can also...

Thor187

I see a lot of threads saying Mikrotik is not great in the wireless space (I agree, I use Mikrotik only for routing and firewall and then I use Unifi APs for wireless (just dump APs no settings/controller etc), but wonder what am I missing, why is this the case that it appears Mikrotik is not on the...

Thor187

User hits the Hotspot. Redirect them immediately to an external Linux server running PHP. The page they're redirected to now asks for their email address. When they submit their email, Post them back to the HotSpot server.

#profit

Thor187

#1: default firewall is pretty good at protecting your network from WAN. The only change/addition usualky needed is some port forwarding if you wat to expose some particular service to internet (e.g. if you wanted to run web server or something) Great stuff - Then I will put all my effort into the ...

Thor187

Alright so that means I still need to configure each hap mini individually (to enable bridge on the LAN ports with the WLAN (CAP)) If I have the firewall on the RB931, do I still need to configure a firewall on each hAP mini? If so, does this firewall need to be equally as hardened or can I simply a...

Thor187

Thank you for the reply @mkx This is for a home so the layout will look like this (just one SSID) I hope my text art is understandable. TP-LINK VDSL -> RB951 (PPPOE + CAPsMAN) (RB) -------------------RB--------> Unmanaged Gigabit Switch (S) -------------------S--------------------------> DHCP Server...

Thor187

Hello, quick question if I want to use the RB931-2nD as a CAP I assume all I need to do is bridge the LAN ports with the WLAN for all the traffic to travel through to the main router whether the device has wifi clients or a physical pc attached to the lan? The scenario, I want to have one main route...

Thor187

You have two options: a) edit alogin.html to directly redirect via a meta refresh, the only HTML in the file should be: <html><head><meta http-equiv="refresh" content="0;url=http://example.com/" /></head></html> b) edit the form in login.html that is submitted for login to contain a hidden input el...

Thor187

no one with the same issue?

Thor187

Does anyone know how to fix this?

When I enter a customer address in the hidden DST field to be redirected to after the login completes it does not work on Android,

[*]<input type="hidden" name="dst" value="http://www.example.com">

Thor187

This proves what the torch sees. Despite the nat entry, Netflix is still getting through to 8.8.8.8

Thor187

add to the above rules:
src-address=<ip ps4>

but easiest would be if you configure the dns server on ps4 itself.

Does not work as that is done already, netflix is hardcoded to use 8.8.8.8

Thor187

I did that.

But it still goes to Google's DNS (does not matter what the DNS settings are on the mikrotik.)

IP below is for the PS4 (different mikrotik)

2019-02-17_15-01-53.png

Thor187

Does mikrotik support javascript to its full extent?

Can I use jquery?

Thor187

How can I force smartDNS’s DNS for only the IP address of my PS4 (static IP) I do not want to use smartdns for all traffic just the PS4 for netflix. I initially had this: but this routes all dns traffic. add chain=dstnat action=dst-nat to-addresses=154.127.57.224 to-ports=53 protocol=tcp dst-port=53...

Thor187

Surely there must be a way to track https URLs. not for one moment can I imagine that https URLs are untraceable.

Mac | dst url

That should be possible?

Thor187

I have a few of these, they work great:

https://mikrotik.com/product/RBMetalG-52SHPacn

What settings do you have on them, power wise?

I have them, but the wifi ability (range) seems very bad.

Thor187

We use the couple of them, we are able to set custom APNs.

The only issue I have with these units are the WiFi coverage, it's pretty weak.

Thor187

Also, have the Metal AC and I am not impressed, my Tenda router is better than this.

What is the ideal settings to use on this device (I am assuming here that the device needs more configuration).

Thor187

Same problem here, I plugged the Metal AC into my routerboard, changed the metal to wisp AP, logged out of winbox and now I cannot get back into the metal ac.

Thor187

Thor187

Alright, so how do you go about getting https traffic?

All I want is:

src-address/hotspot username | dst-address/website | timestamp

Thor187

The gist URL is a 404 this side.

Thor187

Hello, I have a Mikrotik using the hotspot functionality with MAC authentication and a Freeradius server. Everything works, I just have one question: How do I whitelist/walled-garden a specific website and prevent the accounting to be added to the radius server when a user views that website? In oth...

Thor187

Thor187

UPDATE:

MikroTik:
Hello,

Thank you for reporting this.
We replicated this with other hardware and other modems as well.
Fixes for this will be available in upcoming versions.

Best regards,
Antons B.

Thor187

Hi, I have a situation where any /interface lte at-chat lte1 input="xxx" command crashes the router and it then reboots. I've tried this on the latest stable RouterOS (6.42.1) as well as the current RC (6.43rc5). The same thing happens on both my RB2011 as well as a client's RB951: routerboard: yes ...

Thor187

Sorry bluemoon. I have 3 Ethers active. one for Hotspot and LAN and two others for internet. If i'm gonna open my webfig or UM, I just enter another Ether's IP from client computer. should note that the only one who knows it it's me. so no one can open it easily so it's more secure. So I think inst...

Thor187

I have the same issue - doesn't seem like userman's limits does anything at all.

Why is that?

Thor187

I have a hotspot with userman setup and the signup page.

How do I go about to install an LE certificate since this (https://wiki.mikrotik.com/wiki/Manual:H ... PS_example) will never work, it will scare users away and chrome will block it anyway.

Thor187

How exactly in usermanager?

I selected that user sign up be allowed, now what?

Thor187

Same issue - this is a bug in the Mikrotik software.

Thor187

This doesn't sound right - So the hotspot cannot count https traffic?

Thor187

Hello,

Just some clarification the page template required for the sign-up functionality does that exist by default or must I create it?

(I come from a Ubiquiti background)

Search found 49 matches