MikroTik

vecernik87

Yesterday, I experienced similar thing - all SNMP probes died for my whole network. Firstly, my dude stopped working due to out-of-space (which is nonsense because it was on 4GB drive with 3GB of free space) anyway, I added second drive moved the dude folder there and restarted dude. Dude started bu...

vecernik87

In other topics, similar behavior was mentioned by NathanA and Normis , both concluding that pressing button cause use of backup bootloader in case when main bootloader is corrupted. This seems like exact match, so I believe CZFan is right - do netinstall to fix corrupted bootloader. I would like to...

vecernik87

@mozerd: I made couple of manual downloads in browser before I let the script in my device. Then my device did 3 downloads of diffs (each has two files so 6 calls total), 3 downloads of mtiptik (because said it needs update everytime) and 0 downloads of wsiptik (because diff said this one does not r...

vecernik87

Hi, I finally had chance to test the service and I must say, that performance impact on hAP ac^2 was negligible. All tests were done with iperf in ubuntu. I used TCP connection and default window sizes (512k) and always performed 2 tests - one with "-r" param for separate RX/TX testing, second with ...

vecernik87

In that case I guess this will apply: https://mikrotik.com/downloadterms.html I am not aware of any special EULA for CHR or Dude. However, if you are dealing with such corporate approach, best would be to get confirmation directly from sales department of Mikrotik which you can find here: https://mi...

vecernik87

And when you need to "block facebook" e.g. because your employees are spending their worktime on their phones instead of on their job, you better use other methods to achieve better productivity Gosh! so true - this should be written in legislation. I had request like that just month ago after one ...

vecernik87

I believe it depends on UPS type. Officially, only APC Smart-protocol is supported. Based on my experience I believe there is also support for USB-HID (In my case CyberPower CP900EPFCLCDa works fine). After I connected the UPS to mikrotik, I saw instantly USB in winbox in choice of ports for UPS. Ca...

vecernik87

Advice of the original poster is misleading, incomplete and I do not suggest to use this method to block websites. In addition to false positives, you will also kill the CPU of your router. Why not use the new tls-host matcher in firewall instead? Not first person with similar advice... I saw so ma...

vecernik87

I had similar flapping issue with RBD52G (hap ac2) which was flapping 1G ethernet to my NAS. After several flaps it settled on 100Mbit speed and stayed like that. In the end, different cable solved the issue. Anything else (reboot of router, reboot of nas, same cable reconnection, interface disable ...

vecernik87

You can use tool Packet Sniffer . It will allow you to capture packets and either display them, save them or stream them somewhere else. (if you are streaming them, make sure that you set your filter correctly so it does not capture packets which are being streamed.) for viewing, you can use for exa...

vecernik87

Its nice that you wrote it but you are not controlling the page. It is not unusual for websites to get hacked and get some hidden code included. You may for example post the script directly here instead of some Korean page, which probably most of local users don't understand. Also, some explanation ...

vecernik87

I hoped that there is proper sector antenna on pole. If it is just free wifi from AP somewhere inside of the building, I am afraid it will be not really good connection. It is also hard to do any calculation when there is no knowledge about power and position of the AP. (for example when you stand i...

vecernik87

I do not believe that RR is suitable for two independent wireless connections as packets will arrive out of order. On ethernet, chance of this is really low but on wireless, retransmissions are so common that advantage of RR might be diminished. I believe using usual LACP or balance-xor with correct...

vecernik87

Recommended solution is to use CHR instead of x86 as it solve all driver issues etc.. Topics like this are here every month. (I suspect x86 was never really intended to be run on normal computers but instead, it was released as Mikrotik was experimenting with x86 architecture in RB260) All you need ...

vecernik87

I cannot confirm/deny what is really going on with RB1100AHx4 but info from Realtek sounds promising: all variants of RTL8367 have 4k VLAN table.
Looking forward for someone with RB1100AHx4 to confirm if it is implemented or not.

vecernik87

part of upper memory has to be reserved for something else and so that part isn't even reported by the kernel *wink wink* conspiracy, here we go :lol: Reading comprehension, people! What do they teach them in these schools! Sorry for that and you are 100% right with your arguments. I just tried to ...

vecernik87

If you can see the wifi on any normal device (computer/phone), there should be no problem with any wireless device from mikrotik range. However, I would definitely suggest to look for unidirectional models (or model with external antena and then buy unidirectional antenna). The reason is to improve ...

vecernik87

[conspiracy]Missing megabytes are not actually missing. It is hidden partition containing NSA spyware [/conspiracy] No, seriously - it is hard to understand why would any software incorrectly detect 233MB instead of 256MB. It is not like incorrect MB/MiB conversion (that would be 244). So it is easi...

vecernik87

@normis: Then they can post it on the web, so that others don't need to pay. I was wondering who will come with this idea :D Well, this is common issue for all services - to make sure that users will not share the product. In this case, it simply can't be done. If users can manage the router, then t...

vecernik87

Sorry but I can't help myself not to ask couple of questions: 1) Can you clear up a little bit how does user/owner of router handle security - i.e. limiting your RSC to not create new users, open ports etc? Downloading 3rd party RSC can cause unpredictable and serious issues as it can completely rul...

vecernik87

So to me, it looks like Mikrotik has done all it could to notify the users, well done Mikrotik, very proud to be a Mikrotik Evangelist The email was released AFTER the news about botnet. It again happened after negative publicity hit the media, despite the fact I was many times asking to send the e...

vecernik87

Recently, there were couple of people complaining about restarts which later turned out to be unsecured and infected devices: https://forum.mikrotik.com/viewtopic.php?f=2&t=137200 If it is load-related, you should see the issue in /system resources If it is hardware related, you should see autosupou...

vecernik87

You can't really use FTP together with HTTP-METHOD. the HTTP-METHOD is commonly used for REST API to distinct different methods on same resource/object (deleting, viewing, updating ...) The fetch command does not have such functionality, so you cannot delete the file. You might, however, connect to ...

vecernik87

the "ambient temperature" tests mean it was running in environment where air temperature was 60 degrees. It means you can safely run it in room where it is -20 to 60 degrees. Your ambient temperature is within this range and your CPU barely go above 60 degrees. That does not sound like overheating b...

vecernik87

@Normis: Thank you for the email. I know I was pain in the a** by repeatedly pointing it out, but I believe it was simply missed. It is a bit shame it took so long but I really appreciate this step in order to help RouterOS users secure their devices. Please be assured that I never wanted to show an...

vecernik87

@peichl: Great summary! I find myself in total agreement with your post. However, one point might be added:
- emails should be sent EVERYTIME there is serious security issue.
(I am refering to the fact that winbox port vulnerability - end of april - was not emailed)

vecernik87

@umarcus: Not very likely. If it was here once and it was discontinued, I guess chances for reviving such product are almost zero. Recently, there have been some devices unveiled: https://download2.mikrotik.com/news/news_82.pdf (most of them are still not on market) Closest to your request is either...

vecernik87

Just because it gets into linux kernel does not mean it is stable, nor it is ready for implementation. Let me quote their own website: WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change...

vecernik87

Most hacks we recently saw allowed users to log in - it would be contraproductive to block access as admin would instantly notice and reset the device. In this case I bet you just accidentally disabled MAC server for winbox etc.. Anyway, as said earlier, definitely go and update your device. Safest ...

vecernik87

Hi, maybe offtopic but i think you should know - 1Mbps limit make it really slow everytime you open dude client or open some device window in the client. It will not happen straight away because you will start with empty log and database, but once your database builds up, all these transfers from du...

vecernik87

If you move your mouse during click (even one pixel is enough), it will obviously detect it as drag. That is not really surprise and as webdeveloper, I can say that it is common distinction between click/drag on most of sites. This issue obviously is not caused by developers but by user - only one t...

vecernik87

Actually, thanks to this script (Earlier I saw different not-that-complete version) I realized that there is hidden caveat to currently recommended "set your firewall" - MAC winbox does ignores the IP firewall (obviously you cant use L3 feature to filter L2 communication). That however means, that e...

vecernik87

Firstly, outsider should never have access to your management port. There should be no port 22,23,80,443,8291 opened to other than your computer. Secondly, this is several months old - it was disclosed on end of April and fix was released within couple of days for both Bugfix and Current release tre...

vecernik87

Hi, I have similar experience and I can clearly map those holes it to time periods, when SNMP is not available (for example network problem, device turned off, SNMP service stopped etc..) Same apply for the chart which ends on 4am - it means since then, there is no SNMP data available -> no data for...

vecernik87

I received email (urgent security advisory) for the web port vulnerability because I have a user account on mikrotik homepage. As far as I know, the winbox port vulnerability didn't get similar warning email. However, I received email about newly released 6.42.1 and 6.40.8 which fixed this vulnerabi...

vecernik87

Switch option is available for routerboards with hardware switch chip. If you installed in on virtual machine, there is no integrated hardware switch, therefore no reason to have switch option available.

vecernik87

cAP AC cannot add more physical radios, however it is still possible to add virtual AP: https://wiki.mikrotik.com/wiki/Manual:I ... interfaces
With that, you can create for example gues wifi etc..

vecernik87

"To implement SSL decryption for your end users, you need a root certificate on each client machine that acts as a Certificate Authority for SSL requests to the cloud proxy." So - you have to manually set up each client to support this, otherwise you will see famous "your connection is not secure" m...

vecernik87

"experimental protocol"... there is not even consensus about implementation... Google and mozilla are using some form, IEFT with cloudflare different... Implementing such feature in routerOS would be just waste of time for developers. Wait till it is finished and supported by all major players, then...

vecernik87

Exploits are everywhere in IT, including Cisco. So yes, there is/was big vulnerability, misused massively. It is already fixed for several months and you can read more on forum or shortly summarized on blog: https://blog.mikrotik.com/ There are many topics all around. I am really surprised you were ...

vecernik87

Real wlan interface? Depends on model. Some of them have mini-PCI slot, but if your model is just ordinary box with several ports, most probably you will have only integrated radio without possibility to add more. With every model, you can add "virtual" interface with limited capabilities as slave i...

vecernik87

Jarda already guessed that in his first answer... 10ms is huge latency for TCP! Just try to imagine it - UDP is sending packets as fast as possible - utilizes maximum of bandwidth. TCP sends a paket (only one per stream!) and then waits for response. As you said - latency is around (or slightly belo...

vecernik87

No you can't and it was described many times, again and again. Layer7 filtering does not work if website use HTTPS. Only result will be slow router and CPU on 100% because every connection will be checked again and again... please watch following: https://youtu.be/XkKj9rj4quQ?t=25m43s It explains wh...

vecernik87

Monitor as in "see what are people watching" - absolutely not. Monitor as in "see how much data is going to/from youtube" - also not really: At the moment, there is no way to reliably detect all youtube traffic by content of packet. You can block youtube by blocking youtube IP addresses (and instead...

vecernik87

Not sure about your conditions. You did not share much info. Actually, you did not share any info... However, I found similar/same thing and based on instructions, I reported this to support with Ticket#2018053122000411 In my case it was happening on 6.42.1 and 6.42.3 anytime I used TCP btest (does ...

vecernik87

1) what version of RouterOS are you running? (You need at least 6.40.8 in Bugfix tree or 6.42.1 in Current tree. You also need to change password if you were compromised in past) 2) can you export the rule and show us? 3) any weird files or log entries? First thing in my mind was enabled UPnP with "...

vecernik87

I recently encountered similar issue caused by cheap Realtek wifi chip in Lenovo E580. This chips ET had limited range of supported 5GHz frequencies, thus making wifi invisible if you had 80MHz channel and different frequency than 5180MHz. Please, check what frequencies are supported by your phone/c...

vecernik87

I didn't know either, until I tried to do this few month ago, failed and started looking why the hell... :lol: If you ever find some workaround, I believe many people would be very glad for that (including myself) edit: i couldn't help myself so I started digging and found that despite QUIC support ...

vecernik87

No. I was never able to really make this reliably working, and there is reason behind this . I noticed that for example anonymous mode of Google Chrome will always start with http/2 (which is TCP) and only after that, it will switch to http/2+quic. After support for QUIC is cached, it will always st...

vecernik87

That's weirdest thing I have ever seen :D My apologies. It really looked like some bot or person trying to get attention and now I feel like prick. Anyway, your conditions are similar but not exactly same. You will be limited to 100Mbps as well (RB751U has only 10/100 ports) but that seems not an is...

Search found 167 matches