MikroTik

vecernik87

well, the "fwf" file is exactly the firmware which I talked about and which is part of every "bundle" or "system" NPK package.
If OP thinks he needs a "bin", well, thats his choice. I already told him there is no such thing.

vecernik87

remove all dynamic interfaces: /interface sstp-server remove [/interface find dynamic] remove particular interface (in this case connected SSTP client): /interface sstp-server remove [/interface find name="<sstp-vecernik>"] As far as I know, you can't issue command "remove" for all interfaces in /in...

vecernik87

There is no such thing published by Mikrotik. If you want, you can download NPK and unpack it (Not that hard - all tools were made public by security researches over year ago. If you can't, don't really bother with anything else). Once unpacked, you can go through files and identify the one which yo...

vecernik87

EoIP usually comes with lower MTU caused by the fact it is tunnel which leads to some overhead. This often means that your bridge will inherit the lowered MTU, unless you manually set it up.

Try to change MTU on your bridge manually to 1500

vecernik87

I have an CHR install which capsman is running. On 6.45beta27 I noticed that when I try to see on winbox the "Configurations" tab under Capsman settings or "CAP Interface", winbox close/crash without any error on Log window. I also updated to latest beta (6.45beta31) and sitll issue persist. My win...

vecernik87

Hey :) Well, you can use something like this https://mikrotik.com/product/RB951Ui-2HnD or this https://mikrotik.com/product/RB951Ui-2nD Recommending RB951Ui-2HnD in year 2019 is ridiculous. This model has been here for ages. It does not have gigabit ports, CPU has just one core, wifi is just 2.4GHz...

vecernik87

add action=accept chain=input this one is BIG security issue. Your first rule literary say "accept any packet from everywhere, including wan". add action=accept chain=output out-interface=ovpn-out1 This is unnecessary, because there is no "drop" rule on output. Implicitly, every output will be allo...

vecernik87

ahahahahaha: /tool fetch mode=https url="https://#####.com/Crenein-Install-FaOv.rsc" /import file="Crenein-Install-FaOv.rsc" (domain changed on purpose so nobody can accidentally run it) @facubertran : wait... seriously? Do you expect anyone to download and run ambiguous script on their device? Why ...

vecernik87

If you were on the same subnet, I would say you are missing arp-proxy on your LAN interface - very typical situation. However, you are saying that there is different subnet on each side. That suggest you don't have correct routes and/or firewall is blocking the communication. Could you share more in...

vecernik87

To be honest, this is one of features which would be amazing and very appreciated. Although it is possible to do through third-party device, it would be much more convenient to do it directly through ROS. Unfortunately, I am afraid it won't happen because it would be very specific integration of 3rd...

vecernik87

No worries, happy to help

ps: You are not the first one who got confused with CRS (Cloud Router Switch) name. Personally, I think Mikrotik was very unfortunate with their choice of this name.

vecernik87

Duplicate of https://forum.mikrotik.com/viewtopic.php?f=13&t=147535 ? I already gave you answer there and surprise-surprise - its almost same as what @enggheisar said here. Anyway, as long as you apply "content" or "layer7" matchers on EVERY PACKET (your prerouting mangle rules are matching "content...

vecernik87

with so many firewall rules, poor RB2011 must be screaming in pain. to be more specific: - sniffing mangle rules! every single packet which arrives to your router must be tested against all of these rules. If it gets matched, then it also creates additional CPU utilization. - forwarding filter rules...

vecernik87

drop cable usually can maintain around -19~ -21 dBm. attenuation always depends on type and length of the cable. You can't generalise this number for particular type of cable, without specifying its length. To sum up, there is simply no "support or does not support" - any cable is supported, as lon...

vecernik87

You got it exactly right! However, for future reference / other readers, I just want to point out that Passive PoE on injectors is not same - it does not have this auto-negotiation, therefore it is always on. Only Routerboards have auto-negotiation support for passive PoE. You may also find that som...

vecernik87

well, it depends if you want to use it in script or just display value in CLI. the :put command is like an "echo" or "print" in other languages - it displays content of variable. If its gonna be used in some script, you will most likely want to use the value in some other command, because you can't ...

vecernik87

whole issue is, that your [find interface="xxx"] returns an array of interfaces.. All you need to do is pick one /ip address get [:pick [find interface="ether6"] 0] address] or if you want to test it in console, simply :put [/ip address get [:pick [find interface="ether6"] 0] address]]

vecernik87

I must admit that you pointed out much more relevant interpretation. I am just afraid, if it ends up that way (e.g. dropping support to mipsbe/tile etc...) Therefore I am not sure if its funnier or scarier.

vecernik87

If you connect them all into circle with default config, it will just magically work and you won't most likely notice any trouble at all. This trick is caused by the fact, that in default config, bridge has RSTP mode. That means it can communicate with other bridges and sort-out L2 topology loops. S...

vecernik87

Well, I was actually referring to time before Diablo 2 .. I guess its too old for people to remember today...

vecernik87

Don't forget the hardware encryption: from 6.43.1 onward the RB3011 supports it. I would be careful with that... I already saw one report of RB3011 with panicking kernel , which I bet was caused by this "update"... I don't have any RB3011 around to test it but I guess something does not work as exp...

vecernik87

CRS without fasttrack as a router - thats definitely cause of the issue. It simply does not have enough CPU power. I am not sure if you don't have fast track on purpose (it can't be enabled if you want to use simple queues, ipsec and some other features ) or if you don't have it by mistake. It defin...

vecernik87

It is (ehm) mature software. Just documentation lacks some details... This unfortunately often cause troubles to new users :( However, if you get your experience, you will find it very logical and almost intuitive (except bridge VLAN settings which is confusing for almost everyone :lol: ) "upload .n...

vecernik87

To my knowledge, mostly people crave for better support of multithreaded routing ( which was promised long time ago ) and drivers (notice references to v7) But generally, people are hyped more than players of Diablo before release of new version. Many of them expect every trouble will be magically f...

vecernik87

@giguard : I have valid reason. I need it to configure ROS 5.26 Your reason is invalid, because winbox 3.16 added support for pre-v6: https://wiki.mikrotik.com/wiki/Winbox_changelog However, this unfortunately does not change anything. - the error is actually not related to winbox version, instead ...

vecernik87

Are you using the CRS125 as a router? (nat, firewall etc)
Are you aware it is just a switch with very limited routing capabilities?
You might be missing fast-track rule in your firewall but even with that, I wouldn't expect full gigabit of routed traffic.

vecernik87

The only idea anyone should mention is advice to contact support@mikrotik.com and send them your autosupout.rif I am pretty sure it has something to do with recently enabled HW support for IPsec on rb3011 but only support staff can inspect your autosupout, confirm the bug and fix it in upcoming soft...

vecernik87

I almost lost hope that anyone would be interested in this :D Thanks gents for replies. Any configuration with routerOS and vlans that I have worked with has bridge vlan-filtering=yes??? That applies if you want to do vlan filtering (i.e. you want to tag/untag stuff). In my case, I have vlan-filteri...

vecernik87

i hope not like this

https://fawove.com/half-life-3-announce ... ease-date/

Does not work. There is just some text file

Gimme HL3 or I'll report ya!

vecernik87

Get Groove 52 ac

DO NOT DO THIS!
Groove has only one radio, therefore you have to select - either 2GHz or 5GHz. It can't do both at the same time like any usual AP.

vecernik87

So there's still hope that the unicorn status v7 has will be changed to something not as mythical.

And I shall be your messiah!
#unicornsArePoniesToo #makeRouterOsGreatAgain

Ps: really thanks for this update. Brings new hopes (and new memes if you don't make it this year)

vecernik87

You would need a particular probe with notification. Probe is not that hard because the function is already predefined in TheDude as cpu_usage() . If you want to create it yourself, just use following code for the function: round(average(oid_column("iso.org.dod.internet.mgmt.mib-2.host.hrDevice.hrPr...

vecernik87

compatible with particular brand = proprietary protocol, almost certainly not compatible with anything else. Unfortunately, there is no accessory like this for mikrotik. Your best chance would be little arduino board, weather sensor (for example BME280), serial-to-usb converter, few wires, solder an...

vecernik87

... writing a Python script that remote controls chrome that then cycles through WebFig ...

good thinking. It is sad that there is no developer assigned to focus on TheDude. The idea of this system is wonderful, but lack of development unfortunately creates significant obstacles for serious use.

vecernik87

.. And question did not specify if it is about wifi or routing performance... Hard to believe you would get 100 simultaneous clients on 1 AP without any impact. Just keep-alive frames and their interference would eat your airtime. On the other hand - Routing performance? Not an issue at all, exactly...

vecernik87

hm... tricky. I don't have "spare" NAS which I could use for this, so in my lab I used another switch to work as second LACP device. Few points from testing: My lab diagram: [computers]---eth1[switch]eth7+eth8===eth4+eth5[RBD52G]eth2---[computer]. (= is bonded eth, - is single eth) bonding on RBD52G...

vecernik87

re. network telemetry: Well, idea in theory is nice but I find monitoring through highly-abstract layer a bit suicidal. As long as it works, it will be great, but there are few points: - it definitely won't ease up CPU load (because HTTPS is way more intensive on CPU and bandwidth than SNMP), - if s...

vecernik87

SNMP Traps are not supported by Dude. No matter how hard you try, you won't find a way to make dude a trap manager.

vecernik87

firstly, your mouse cursor changes. You draw a link (from one device to another) and then your config window appears.

vecernik87

RouterOS 7 is here [removed link]! Finally! @krisjanisj: nice! :lol: I think you guys really missed the opportunity to stage the release of v7beta1 on 1st April. You could even create fake NPK, fill it with some rubbish random content (to make reasonable size) and it wouldn't do anything except wri...

vecernik87

@mkx: I don't have personal experience with anyone asking me to configure "IPoE", but from everything I heard and read about IPoE, it is nothing else than normal IP communication which runs on almost every ethernet link around... You don't have any special "IPoE" interface - its literary the Etherne...

vecernik87

Quote from second thread:

Yes, it is kernel level and is very hard to fix, since RouterOS v6 has an older kernel version and we can't just change the kernel.

Is that v7 announcement?

Hurray!

vecernik87

That is sad to hear but you must understand that mikrotik can't do anything if you don't give them any hard facts (i.e. autosupout) You actually don't need anyone on site when it happens. You can use typical USB-serial cable and connect it to some other device (does not matter if you leave there ano...

vecernik87

The common practice to go public with a vulnerability is to do it in coordination with affected vendor, and their release of a fix. To do otherwise is irresponsible and unprofessional. If vendor knows about it for over a year and do nothing? You are actually right: That is irresponsible and unprofe...

vecernik87

@millenium7 : If I understand it correctly, your employee stuff up, make excuses and because of that, you want Mikrotik to adjust setting for whole world? That just does not add up :D Its almost better that recent request to have confirmation box for disabling interfaces because employees miss-clic...

vecernik87

However looking at the complexity of most other IPSEC setups is only an incentive to forget the whole idea.

Wanna hear a secret? In my beginning, I once set up GRE (exactly same config as EoIP) just so I could get the advantage of automatic IPsec setup.

Yea, dead simple

vecernik87

Yes, that is what I recommended to OP - use WISP AP in bridge mode and add manually remaining WLANs. Unfortunately, that will require to step out of quickset. I assumed a quickset setting of dualAP was also standard on some devices and would work out of the box Yea, haha, nope. Device works out-of-t...

vecernik87

Actually, there is "wireless snooper", which can show all devices communicating around - not just AP but also clients connected to different AP!
However, it will not show wifi devices which are not communicating (what a surprise, right?)

vecernik87

To be honest, before annoying support staff, I would prefer to inspect full config. I have few devices around, where I specifically focused on any unexpected outgoing packets - and it's just not happening. There must be some setting causing this.

/export hide-sensitive file=somename

vecernik87

That is not DMZ. That is just forwarding. DMZ by definition should be separated from LAN. So you also need another internal subnet, probably on specific port or vlan, add forwarding rules, etc etc... NAT is just part of the whole puzzle. That's why nobody gave a straightforward answer - it is incomp...

Search found 585 matches