Community discussions

MUM Europe 2020

Search found 17 matches

by davidcx
Fri Jan 10, 2020 10:57 am
Forum: General
Topic: IPSEC issues and instability
Replies: 14
Views: 1239

Re: IPSEC issues and instability

This is well known, RouterOS IPsec is ridiculously unstable at the moment. Reboot both ends at the same time (kill connection or flush SPI will not help). You can even observe this same behaviour on two routers directly connected that have no other interfaces or configuration but a gre tunnel with I...
by davidcx
Mon Apr 01, 2019 12:30 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 43090

Re: UKNOF 43 CVE

Where is this posted? I did a quick search and didn't find anything.
viewtopic.php?p=724264#p724238
by davidcx
Sun Mar 31, 2019 11:40 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 43090

Re: UKNOF 43 CVE

Mikrotik have publicly disclosed the details of the vulnerability, on a Sunday, in a way that a child could exploit it - before even providing a fixed beta, let alone a stable release version, let along giving us time to test and deploy it. Truly despicable behaviour there Mikrotik. Do you have no r...
by davidcx
Fri Mar 29, 2019 7:04 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 43090

Re: UKNOF 43 CVE

Looking at the remaining workaround, usual end-user blocking any incoming traffic not already established / related, isn't impacted, right? You'd be limiting traffic to 2 new flows per second which is not an option except in the tiniest of networks. Now, there may be a higher value that is acceptab...
by davidcx
Mon Aug 13, 2018 9:50 pm
Forum: RouterBOARD hardware
Topic: mAP USB regulator?
Replies: 4
Views: 627

Re: mAP USB regulator?

Officially no, but some posts suggest you can do it with the right Y-connectors https://forum.mikrotik.com/viewtopic.php?t=77535&start=100#p446454 https://forum.mikrotik.com/viewtopic.php?t=123799#p612739 Watch out for the overall current draw though. The mAP has a maximum potential draw of 1A at 5V...
by davidcx
Tue Aug 07, 2018 6:15 pm
Forum: RouterBOARD hardware
Topic: mAP USB regulator?
Replies: 4
Views: 627

Re: mAP USB regulator?

Perfect, thanks for confirming.
by davidcx
Tue Aug 07, 2018 5:44 pm
Forum: RouterBOARD hardware
Topic: mAP USB regulator?
Replies: 4
Views: 627

mAP USB regulator?

I'm wondering if the mAP has a 5V regulator for the USB port output.

i.e. whether I can power it 12V via the DC jack (necessary for PoE-out to a camera) and still have 5V supplied to a USB OTG modem.
by davidcx
Fri Jul 06, 2018 10:31 pm
Forum: General
Topic: Non-leaky CRS3xx configuration
Replies: 4
Views: 657

Re: Non-leaky CRS3xx configuration

We recently discovered a bug on CRS326 that it allows to forward packets that are internally tagged with PVID=1, this will be fixed in future versions, though this bug does not exist on CRS317. To avoid this bug, simply set PVID=2 to all ports that currently have pvid=1/no-pvid. Actually it looks l...
by davidcx
Fri Jul 06, 2018 10:11 pm
Forum: General
Topic: Non-leaky CRS3xx configuration
Replies: 4
Views: 657

Re: Non-leaky CRS3xx configuration

Hi artz, Thanks, yes I understand that ingress-filtering only applies to ingress traffic. And there are no untagged VLANs on this port. So there should be no untagged packets on ingress or egress. The only possible traffic from this port should be on VLAN tags 2031 and 2032. Yet here are the neighbo...
by davidcx
Fri Jul 06, 2018 3:23 pm
Forum: General
Topic: Non-leaky CRS3xx configuration
Replies: 4
Views: 657

Non-leaky CRS3xx configuration

I am struggling to find a configuration that does not leak untagged traffic between ports on both the CRS326 and CRS317. Example with CRS326. All ports in a flat VLAN 1 except three special ports: ether9 should have VLANs 2030 and 2031 tagged, nothing untagged. ether10 should have VLANs 2030 and 203...
by davidcx
Fri Jun 29, 2018 12:43 am
Forum: Scripting
Topic: API Admin Password Reset
Replies: 1
Views: 489

Re: API Admin Password Reset

Yes that's possible, here is an example with the Python API #!/usr/bin/python3 import routeros_api import sys login_username = 'myuser' login_password = '123123' change_username = 'admin' change_password = '345345' connection = routeros_api.RouterOsApiPool('127.0.0.2', username=login_username, passw...
by davidcx
Tue Jun 26, 2018 10:25 pm
Forum: Scripting
Topic: Script to try multiple PPPoE credentials until one works
Replies: 0
Views: 471

Script to try multiple PPPoE credentials until one works

Here is a stupid script to handle "fallback" PPPoE credentials that will be tried one after another until one set succeeds. Use case example Your customer is migrating to another ISP, you know what the new credentials will be (but they won't work in advance of the migration), and you don't want to h...
by davidcx
Fri Jun 01, 2018 11:35 am
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 314
Views: 94941

Re: Mikrotik VDSL / DSL Modem?

I contacted Proscend regarding the VPI/VCI settings for the 180-T and was told unequivocally that the device does not support ADSL. I found this very strange as the data sheet does have the ADSL2+ specifications, so I asked for clarification and was again told that they do not have any devices that ...
by davidcx
Sat Nov 18, 2017 6:51 pm
Forum: General
Topic: Management inside a routing-table [SOLVED]
Replies: 6
Views: 1376

Re: Management inside a routing-table [SOLVED]

Well I have a definitive answer from Mikrotik support:
Yes, that is currently the behavior of VRFs, management can be done only if address is in main table.
Sigh. How many ISPs out there are going to allow management of their routers from the global table?
by davidcx
Sat Nov 18, 2017 6:45 pm
Forum: Beginner Basics
Topic: CRS317 basic VLAN setup
Replies: 0
Views: 474

CRS317 basic VLAN setup

Is there any documentation for this switch yet? All the examples on the wiki state explicitly they are not for CRS3xx series. Not sure why Mikrotik think they can keep geting away with not providing documentation and having customers figure it out and document it for them. I'm struggling to get some...
by davidcx
Wed Nov 15, 2017 4:18 pm
Forum: General
Topic: Management inside a routing-table [SOLVED]
Replies: 6
Views: 1376

Re: Management inside a routing-table [SOLVED]

@tangram - thanks, unfortunately adding a route to the default table didn't help: [admin@MikroTik] /ip route vrf> set 0 disabled=no [admin@MikroTik] /ip route vrf> /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhol...
by davidcx
Tue Nov 14, 2017 7:25 pm
Forum: General
Topic: Management inside a routing-table [SOLVED]
Replies: 6
Views: 1376

Management inside a routing-table [SOLVED]

I want to keep a management port on each device for "local only" management using the 192.168.88.1 addresses. I wish to put this address and that interface into a routing-table so it does not pollute the global table (so the equivalent of "VRF-lite" on Cisco). In this example, ether1-mgmt is the des...