Community discussions

Search found 167 matches

by vecernik87
Wed Aug 15, 2018 9:13 am
Forum: The Dude
Topic: Problem with graph Bit Rate history
Replies: 6
Views: 284

Re: Problem with graph Bit Rate history

Yesterday, I experienced similar thing - all SNMP probes died for my whole network. Firstly, my dude stopped working due to out-of-space (which is nonsense because it was on 4GB drive with 3GB of free space) anyway, I added second drive moved the dude folder there and restarted dude. Dude started bu...
by vecernik87
Tue Aug 14, 2018 3:45 am
Forum: General
Topic: RB2011 kind of bricked after update [SOLVED]
Replies: 6
Views: 223

Re: RB2011 kind of bricked after update [SOLVED]

In other topics, similar behavior was mentioned by NathanA and Normis , both concluding that pressing button cause use of backup bootloader in case when main bootloader is corrupted. This seems like exact match, so I believe CZFan is right - do netinstall to fix corrupted bootloader. I would like to...
by vecernik87
Tue Aug 14, 2018 2:44 am
Forum: General
Topic: MOAB mother of all blacklists
Replies: 25
Views: 1249

Re: MOAB mother of all blacklists

@mozerd: I made couple of manual downloads in browser before I let the script in my device. Then my device did 3 downloads of diffs (each has two files so 6 calls total), 3 downloads of mtiptik (because said it needs update everytime) and 0 downloads of wsiptik (because diff said this one does not r...
by vecernik87
Mon Aug 13, 2018 9:00 am
Forum: General
Topic: MOAB mother of all blacklists
Replies: 25
Views: 1249

Re: MOAB mother of all blacklists

Hi, I finally had chance to test the service and I must say, that performance impact on hAP ac^2 was negligible. All tests were done with iperf in ubuntu. I used TCP connection and default window sizes (512k) and always performed 2 tests - one with "-r" param for separate RX/TX testing, second with ...
by vecernik87
Sun Aug 12, 2018 6:30 am
Forum: Virtualization
Topic: CHR EULA?
Replies: 5
Views: 269

Re: CHR EULA?

In that case I guess this will apply: https://mikrotik.com/downloadterms.html I am not aware of any special EULA for CHR or Dude. However, if you are dealing with such corporate approach, best would be to get confirmation directly from sales department of Mikrotik which you can find here: https://mi...
by vecernik87
Sat Aug 11, 2018 2:30 pm
Forum: Beginner Basics
Topic: Block websites http and https without Web Proxy / 100% works.
Replies: 17
Views: 2084

Re: Block websites http and https without Web Proxy / 100% works.

And when you need to "block facebook" e.g. because your employees are spending their worktime on their phones instead of on their job, you better use other methods to achieve better productivity Gosh! so true - this should be written in legislation. I had request like that just month ago after one ...
by vecernik87
Sat Aug 11, 2018 1:56 pm
Forum: General
Topic: RB3011 and UPS
Replies: 2
Views: 169

Re: RB3011 and UPS

I believe it depends on UPS type. Officially, only APC Smart-protocol is supported. Based on my experience I believe there is also support for USB-HID (In my case CyberPower CP900EPFCLCDa works fine). After I connected the UPS to mikrotik, I saw instantly USB in winbox in choice of ports for UPS. Ca...
by vecernik87
Fri Aug 10, 2018 11:00 am
Forum: Beginner Basics
Topic: Block websites http and https without Web Proxy / 100% works.
Replies: 17
Views: 2084

Re: Block websites http and https without Web Proxy / 100% works.

Advice of the original poster is misleading, incomplete and I do not suggest to use this method to block websites. In addition to false positives, you will also kill the CPU of your router. Why not use the new tls-host matcher in firewall instead? Not first person with similar advice... I saw so ma...
by vecernik87
Thu Aug 09, 2018 7:36 am
Forum: RouterBOARD hardware
Topic: hAP ac (RB 962UiGS): Port flapping on LAN port when used for PPPOE connection
Replies: 9
Views: 586

Re: hAP ac (RB 962UiGS): Port flapping on LAN port when used for PPPOE connection

I had similar flapping issue with RBD52G (hap ac2) which was flapping 1G ethernet to my NAS. After several flaps it settled on 100Mbit speed and stayed like that. In the end, different cable solved the issue. Anything else (reboot of router, reboot of nas, same cable reconnection, interface disable ...
by vecernik87
Thu Aug 09, 2018 5:19 am
Forum: General
Topic: Traffic recorder on Mikrotik
Replies: 3
Views: 212

Re: Traffic recorder on Mikrotik

You can use tool Packet Sniffer . It will allow you to capture packets and either display them, save them or stream them somewhere else. (if you are streaming them, make sure that you set your filter correctly so it does not capture packets which are being streamed.) for viewing, you can use for exa...
by vecernik87
Thu Aug 09, 2018 5:11 am
Forum: Scripting
Topic: Useful scripts
Replies: 42
Views: 68154

Re: Useful scripts

Its nice that you wrote it but you are not controlling the page. It is not unusual for websites to get hacked and get some hidden code included. You may for example post the script directly here instead of some Korean page, which probably most of local users don't understand. Also, some explanation ...
by vecernik87
Thu Aug 09, 2018 4:48 am
Forum: Wireless Networking
Topic: Hardware suggestions needed
Replies: 5
Views: 303

Re: Hardware suggestions needed

I hoped that there is proper sector antenna on pole. If it is just free wifi from AP somewhere inside of the building, I am afraid it will be not really good connection. It is also hard to do any calculation when there is no knowledge about power and position of the AP. (for example when you stand i...
by vecernik87
Wed Aug 08, 2018 8:01 am
Forum: Beginner Basics
Topic: bonding mikrotik
Replies: 3
Views: 182

Re: bonding mikrotik

I do not believe that RR is suitable for two independent wireless connections as packets will arrive out of order. On ethernet, chance of this is really low but on wireless, retransmissions are so common that advantage of RR might be diminished. I believe using usual LACP or balance-xor with correct...
by vecernik87
Wed Aug 08, 2018 7:39 am
Forum: General
Topic: INTEL� GIGABIT ET2 QUAD PORT SERVER ADAPTER is not supporting by Mikrotik
Replies: 3
Views: 211

Re: INTEL� GIGABIT ET2 QUAD PORT SERVER ADAPTER is not supporting by Mikrotik

Recommended solution is to use CHR instead of x86 as it solve all driver issues etc.. Topics like this are here every month. (I suspect x86 was never really intended to be run on normal computers but instead, it was released as Mikrotik was experimenting with x86 architecture in RB260) All you need ...
by vecernik87
Wed Aug 08, 2018 6:27 am
Forum: RouterBOARD hardware
Topic: No VLAN table on Realtek switch chip?
Replies: 9
Views: 472

Re: No VLAN table on Realtek switch chip?

I cannot confirm/deny what is really going on with RB1100AHx4 but info from Realtek sounds promising: all variants of RTL8367 have 4k VLAN table.
Looking forward for someone with RB1100AHx4 to confirm if it is implemented or not.
by vecernik87
Wed Aug 08, 2018 5:52 am
Forum: General
Topic: Hap AC2 RAM [SOLVED]
Replies: 13
Views: 445

Re: Hap AC2 RAM [SOLVED]

part of upper memory has to be reserved for something else and so that part isn't even reported by the kernel *wink wink* conspiracy, here we go :lol: Reading comprehension, people! What do they teach them in these schools! Sorry for that and you are 100% right with your arguments. I just tried to ...
by vecernik87
Wed Aug 08, 2018 5:34 am
Forum: Wireless Networking
Topic: Hardware suggestions needed
Replies: 5
Views: 303

Re: Hardware suggestions needed

If you can see the wifi on any normal device (computer/phone), there should be no problem with any wireless device from mikrotik range. However, I would definitely suggest to look for unidirectional models (or model with external antena and then buy unidirectional antenna). The reason is to improve ...
by vecernik87
Wed Aug 08, 2018 2:31 am
Forum: General
Topic: Hap AC2 RAM [SOLVED]
Replies: 13
Views: 445

Re: Hap AC2 RAM [SOLVED]

[conspiracy]Missing megabytes are not actually missing. It is hidden partition containing NSA spyware [/conspiracy] No, seriously - it is hard to understand why would any software incorrectly detect 233MB instead of 256MB. It is not like incorrect MB/MiB conversion (that would be 244). So it is easi...
by vecernik87
Tue Aug 07, 2018 12:24 pm
Forum: General
Topic: MOAB mother of all blacklists
Replies: 25
Views: 1249

Re: MOAB mother of all blacklists

@normis: Then they can post it on the web, so that others don't need to pay. I was wondering who will come with this idea :D Well, this is common issue for all services - to make sure that users will not share the product. In this case, it simply can't be done. If users can manage the router, then t...
by vecernik87
Tue Aug 07, 2018 6:04 am
Forum: General
Topic: MOAB mother of all blacklists
Replies: 25
Views: 1249

Re: MOAB mother of all blacklists

Sorry but I can't help myself not to ask couple of questions: 1) Can you clear up a little bit how does user/owner of router handle security - i.e. limiting your RSC to not create new users, open ports etc? Downloading 3rd party RSC can cause unpredictable and serious issues as it can completely rul...
by vecernik87
Fri Aug 03, 2018 2:13 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 108
Views: 11051

Re: Winbox vulnerability: please upgrade

So to me, it looks like Mikrotik has done all it could to notify the users, well done Mikrotik, very proud to be a Mikrotik Evangelist The email was released AFTER the news about botnet. It again happened after negative publicity hit the media, despite the fact I was many times asking to send the e...
by vecernik87
Fri Aug 03, 2018 10:17 am
Forum: General
Topic: Frequently Restart Mikrotik CCR-1036
Replies: 4
Views: 202

Re: Frequently Restart Mikrotik CCR-1036

Recently, there were couple of people complaining about restarts which later turned out to be unsecured and infected devices: https://forum.mikrotik.com/viewtopic.php?f=2&t=137200 If it is load-related, you should see the issue in /system resources If it is hardware related, you should see autosupou...
by vecernik87
Fri Aug 03, 2018 10:11 am
Forum: General
Topic: possible to delete file from fetch
Replies: 2
Views: 206

Re: possible to delete file from fetch

You can't really use FTP together with HTTP-METHOD. the HTTP-METHOD is commonly used for REST API to distinct different methods on same resource/object (deleting, viewing, updating ...) The fetch command does not have such functionality, so you cannot delete the file. You might, however, connect to ...
by vecernik87
Fri Aug 03, 2018 9:35 am
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]
Replies: 12
Views: 553

Re: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]

the "ambient temperature" tests mean it was running in environment where air temperature was 60 degrees. It means you can safely run it in room where it is -20 to 60 degrees. Your ambient temperature is within this range and your CPU barely go above 60 degrees. That does not sound like overheating b...
by vecernik87
Fri Aug 03, 2018 6:59 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 108
Views: 11051

Re: Winbox vulnerability: please upgrade

@Normis: Thank you for the email. I know I was pain in the a** by repeatedly pointing it out, but I believe it was simply missed. It is a bit shame it took so long but I really appreciate this step in order to help RouterOS users secure their devices. Please be assured that I never wanted to show an...
by vecernik87
Wed Aug 01, 2018 11:22 am
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6319

Re: Security announcement blog

@peichl: Great summary! I find myself in total agreement with your post. However, one point might be added:
- emails should be sent EVERYTIME there is serious security issue.
(I am refering to the fact that winbox port vulnerability - end of april - was not emailed)
by vecernik87
Wed Aug 01, 2018 10:01 am
Forum: RouterBOARD hardware
Topic: REQUEST : New Switch for SOHO, upgrade to 10GB over copper
Replies: 7
Views: 547

Re: REQUEST : New Switch for SOHO, upgrade to 10GB over copper

@umarcus: Not very likely. If it was here once and it was discontinued, I guess chances for reviving such product are almost zero. Recently, there have been some devices unveiled: https://download2.mikrotik.com/news/news_82.pdf (most of them are still not on market) Closest to your request is either...
by vecernik87
Wed Aug 01, 2018 8:41 am
Forum: General
Topic: [Feature request] Wireguard
Replies: 18
Views: 1989

Re: [Feature request] Wireguard

Just because it gets into linux kernel does not mean it is stable, nor it is ready for implementation. Let me quote their own website: WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change...
by vecernik87
Wed Aug 01, 2018 8:21 am
Forum: Beginner Basics
Topic: Not able to log in [SOLVED]
Replies: 5
Views: 297

Re: Not able to log in [SOLVED]

Most hacks we recently saw allowed users to log in - it would be contraproductive to block access as admin would instantly notice and reset the device. In this case I bet you just accidentally disabled MAC server for winbox etc.. Anyway, as said earlier, definitely go and update your device. Safest ...
by vecernik87
Wed Aug 01, 2018 5:15 am
Forum: Virtualization
Topic: CHR EULA?
Replies: 5
Views: 269

Re: CHR EULA?

Hi, maybe offtopic but i think you should know - 1Mbps limit make it really slow everytime you open dude client or open some device window in the client. It will not happen straight away because you will start with empty log and database, but once your database builds up, all these transfers from du...
by vecernik87
Sun Jul 29, 2018 12:18 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: web UI Firewall rule click/drag
Replies: 1
Views: 144

Re: web UI Firewall rule click/drag

If you move your mouse during click (even one pixel is enough), it will obviously detect it as drag. That is not really surprise and as webdeveloper, I can say that it is common distinction between click/drag on most of sites. This issue obviously is not caused by developers but by user - only one t...
by vecernik87
Sat Jul 28, 2018 3:44 pm
Forum: General
Topic: winbox exploit
Replies: 11
Views: 1066

Re: winbox exploit

Actually, thanks to this script (Earlier I saw different not-that-complete version) I realized that there is hidden caveat to currently recommended "set your firewall" - MAC winbox does ignores the IP firewall (obviously you cant use L3 feature to filter L2 communication). That however means, that e...
by vecernik87
Sat Jul 28, 2018 9:01 am
Forum: General
Topic: winbox exploit
Replies: 11
Views: 1066

Re: winbox exploit

Firstly, outsider should never have access to your management port. There should be no port 22,23,80,443,8291 opened to other than your computer. Secondly, this is several months old - it was disclosed on end of April and fix was released within couple of days for both Bugfix and Current release tre...
by vecernik87
Sat Jul 28, 2018 2:18 am
Forum: The Dude
Topic: Problem with graph Bit Rate history
Replies: 6
Views: 284

Re: Problem with graph Bit Rate history

Hi, I have similar experience and I can clearly map those holes it to time periods, when SNMP is not available (for example network problem, device turned off, SNMP service stopped etc..) Same apply for the chart which ends on 4am - it means since then, there is no SNMP data available -> no data for...
by vecernik87
Fri Jul 27, 2018 3:23 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6319

Re: Security announcement blog

I received email (urgent security advisory) for the web port vulnerability because I have a user account on mikrotik homepage. As far as I know, the winbox port vulnerability didn't get similar warning email. However, I received email about newly released 6.42.1 and 6.40.8 which fixed this vulnerabi...
by vecernik87
Fri Jul 27, 2018 8:15 am
Forum: General
Topic: No Switch on RouterOS 6.42.6 [SOLVED]
Replies: 2
Views: 201

Re: No Switch on RouterOS 6.42.6 [SOLVED]

Switch option is available for routerboards with hardware switch chip. If you installed in on virtual machine, there is no integrated hardware switch, therefore no reason to have switch option available.
by vecernik87
Fri Jul 27, 2018 6:26 am
Forum: Wireless Networking
Topic: Additional Wireless Interface [SOLVED]
Replies: 3
Views: 226

Re: Additional Wireless Interface [SOLVED]

cAP AC cannot add more physical radios, however it is still possible to add virtual AP: https://wiki.mikrotik.com/wiki/Manual:I ... interfaces
With that, you can create for example gues wifi etc..
by vecernik87
Thu Jul 26, 2018 10:13 am
Forum: General
Topic: Block youtube and not google earth
Replies: 18
Views: 657

Re: Block youtube and not google earth

"To implement SSL decryption for your end users, you need a root certificate on each client machine that acts as a Certificate Authority for SSL requests to the cloud proxy." So - you have to manually set up each client to support this, otherwise you will see famous "your connection is not secure" m...
by vecernik87
Thu Jul 26, 2018 9:30 am
Forum: General
Topic: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)
Replies: 5
Views: 221

Re: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)

"experimental protocol"... there is not even consensus about implementation... Google and mozilla are using some form, IEFT with cloudflare different... Implementing such feature in routerOS would be just waste of time for developers. Wait till it is finished and supported by all major players, then...
by vecernik87
Thu Jul 26, 2018 8:50 am
Forum: General
Topic: Filter rule mysteriously created and keeps showing up after I delete
Replies: 9
Views: 411

Re: Filter rule mysteriously created and keeps showing up after I delete

Exploits are everywhere in IT, including Cisco. So yes, there is/was big vulnerability, misused massively. It is already fixed for several months and you can read more on forum or shortly summarized on blog: https://blog.mikrotik.com/ There are many topics all around. I am really surprised you were ...
by vecernik87
Thu Jul 26, 2018 8:22 am
Forum: Wireless Networking
Topic: Additional Wireless Interface [SOLVED]
Replies: 3
Views: 226

Re: Additional Wireless Interface [SOLVED]

Real wlan interface? Depends on model. Some of them have mini-PCI slot, but if your model is just ordinary box with several ports, most probably you will have only integrated radio without possibility to add more. With every model, you can add "virtual" interface with limited capabilities as slave i...
by vecernik87
Thu Jul 26, 2018 7:23 am
Forum: General
Topic: BTEST - Good UDP results - Poor TCP results
Replies: 4
Views: 184

Re: BTEST - Good UDP results - Poor TCP results

Jarda already guessed that in his first answer... 10ms is huge latency for TCP! Just try to imagine it - UDP is sending packets as fast as possible - utilizes maximum of bandwidth. TCP sends a paket (only one per stream!) and then waits for response. As you said - latency is around (or slightly belo...
by vecernik87
Thu Jul 26, 2018 6:55 am
Forum: General
Topic: Block youtube and not google earth
Replies: 18
Views: 657

Re: Block youtube and not google earth

No you can't and it was described many times, again and again. Layer7 filtering does not work if website use HTTPS. Only result will be slow router and CPU on 100% because every connection will be checked again and again... please watch following: https://youtu.be/XkKj9rj4quQ?t=25m43s It explains wh...
by vecernik87
Thu Jul 26, 2018 6:40 am
Forum: General
Topic: Youtube Monitoring
Replies: 13
Views: 522

Re: Youtube Monitoring

Monitor as in "see what are people watching" - absolutely not. Monitor as in "see how much data is going to/from youtube" - also not really: At the moment, there is no way to reliably detect all youtube traffic by content of packet. You can block youtube by blocking youtube IP addresses (and instead...
by vecernik87
Thu Jul 26, 2018 6:28 am
Forum: General
Topic: "unclassified" cpu usage during btest
Replies: 1
Views: 105

Re: "unclassified" cpu usage during btest

Not sure about your conditions. You did not share much info. Actually, you did not share any info... However, I found similar/same thing and based on instructions, I reported this to support with Ticket#2018053122000411 In my case it was happening on 6.42.1 and 6.42.3 anytime I used TCP btest (does ...
by vecernik87
Thu Jul 26, 2018 5:43 am
Forum: General
Topic: Filter rule mysteriously created and keeps showing up after I delete
Replies: 9
Views: 411

Re: Filter rule mysteriously created and keeps showing up after I delete

1) what version of RouterOS are you running? (You need at least 6.40.8 in Bugfix tree or 6.42.1 in Current tree. You also need to change password if you were compromised in past) 2) can you export the rule and show us? 3) any weird files or log entries? First thing in my mind was enabled UPnP with "...
by vecernik87
Wed Jul 25, 2018 2:19 pm
Forum: Wireless Networking
Topic: hAP AC lite (952Ui-5ac2nD) - no phone can see 5GHz ac
Replies: 11
Views: 1580

Re: hAP AC lite (952Ui-5ac2nD) - no phone can see 5GHz ac

I recently encountered similar issue caused by cheap Realtek wifi chip in Lenovo E580. This chips ET had limited range of supported 5GHz frequencies, thus making wifi invisible if you had 80MHz channel and different frequency than 5180MHz. Please, check what frequencies are supported by your phone/c...
by vecernik87
Wed Jul 25, 2018 9:10 am
Forum: General
Topic: Block youtube and not google earth
Replies: 18
Views: 657

Re: Block youtube and not google earth

I didn't know either, until I tried to do this few month ago, failed and started looking why the hell... :lol: If you ever find some workaround, I believe many people would be very glad for that (including myself) edit: i couldn't help myself so I started digging and found that despite QUIC support ...
by vecernik87
Wed Jul 25, 2018 8:30 am
Forum: General
Topic: Block youtube and not google earth
Replies: 18
Views: 657

Re: Block youtube and not google earth

No. I was never able to really make this reliably working, and there is reason behind this . I noticed that for example anonymous mode of Google Chrome will always start with http/2 (which is TCP) and only after that, it will switch to http/2+quic. After support for QUIC is cached, it will always st...
by vecernik87
Wed Jul 25, 2018 7:26 am
Forum: Wireless Networking
Topic: Wifi is slower then wired and slower then others wifi routers [SOLVED]
Replies: 6
Views: 366

Re: Wifi is slower then wired and slower then others wifi routers [SOLVED]

That's weirdest thing I have ever seen :D My apologies. It really looked like some bot or person trying to get attention and now I feel like prick. Anyway, your conditions are similar but not exactly same. You will be limited to 100Mbps as well (RB751U has only 10/100 ports) but that seems not an is...