Community discussions

MikroTik App

Search found 114 matches

by Samot
Mon Dec 06, 2021 4:10 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 224758

Re: v7.1 is released!

So I see there is a Dude Client for 7.1 but I don't see anything for The Dude Server. What is the story on that? Are we going to see The Dude for ROS7.x?
by Samot
Thu Dec 02, 2021 4:46 pm
Forum: Wireless Networking
Topic: WIFI 6 Roadmap
Replies: 199
Views: 143773

Re: WIFI 6 Roadmap

What I have noticed of the course of 2021 and people flexing hard about getting 802.11ax APs for their network. When you ask them about the devices on their network and **their 802.11ax support** turns out most of the wifi devices don't even have the support. So right now putting 802.11ax in a locat...
by Samot
Mon Jun 07, 2021 9:43 pm
Forum: General
Topic: IRC channel on freenode
Replies: 15
Views: 3191

Re: IRC channel on freenode

OK, I'm not sure what the end goal is here unless it is just being a Mikrotik Karen. So I'm going to leave this alone.
by Samot
Mon Jun 07, 2021 7:48 pm
Forum: General
Topic: IRC channel on freenode
Replies: 15
Views: 3191

Re: IRC channel on freenode

OK how about we add some context to this whole thing. As the original question that was posed was asking about the mode button that is a physical button on the router that only certain models have. You specifically asked how to "add more buttons" like the mode button. You were told no, tha...
by Samot
Mon Jul 01, 2019 5:09 am
Forum: General
Topic: VoIP Outgoing Voice Issues - Seeking Guidance
Replies: 8
Views: 3110

Re: VoIP Outgoing Voice Issues - Seeking Guidance

What do tests from inside the network show? The ISP can tell you the modem hasn't had any dropped packets but that's the WAN, the LAN is also a factor here. VoIP can be fickle, when you start getting jitter and/or packet loss it can start to impact the call. Get to around 30% of the call goes to hell.
by Samot
Sun May 12, 2019 12:44 am
Forum: General
Topic: VLAN over Bridge
Replies: 42
Views: 6122

Re: VLAN over Bridge

Do yourself a favor and have a look at sindy's post history so you can get some understanding of sindy's knowledge Uhm, my point was that the little tangent that was being taken wasn't needed and there were other problems with the config. I actually am pretty aware of Sindy's knowledge and in no wa...
by Samot
Sat May 11, 2019 7:26 pm
Forum: General
Topic: VLAN over Bridge
Replies: 42
Views: 6122

Re: VLAN over Bridge

@sindy & @anav, while your little spat is cute you both have failed to notice some glaring errors in this config. 1. bridgePrio6 is the one that is supposed to filter this WAN VLAN stuff. So why is it a _member_ of the default bridge?! That's a no no. 2. There is nothing that shows bridgePrio6 h...
by Samot
Thu May 09, 2019 3:26 pm
Forum: General
Topic: [Feature request] Wireguard
Replies: 148
Views: 65643

Re: [Feature request] Wireguard

Soooo, we're all begging for Mikrotik to implement something that has never (in 2.5 years) hit an actual v1 release or anything stable. It's also a project surviving off of VC funding so what happens when their next round comes up with a goose egg? Funny considering how much people complain about Mi...
by Samot
Tue May 07, 2019 5:18 pm
Forum: General
Topic: VoIP with load balancing PCC
Replies: 29
Views: 5971

Re: VoIP with load balancing PCC

I'm not sure this is the wisest route to go here. See, the PBX is going to set it's RTP IP to one of those WAN IP addresses. That's how it works. So if you have two WAN IPs and make a call or receive a call, the PBX needs to know what IP to assign for RTP to receive the media back. At any point duri...
by Samot
Fri May 03, 2019 3:03 pm
Forum: SwOS
Topic: How to configure Inter-vlan routing on CRS 3XXX Series
Replies: 1
Views: 3134

Re: How to configure Inter-vlan routing on CRS 3XXX Series

Does anyone know how to configure inter-vlan routing on CRS 3XXX. Yes, you just add them. If they were only connected on a switch they wouldn't be able to communicate. Because they are on a router, they can. So you actually would need to block the InterVLAN routing at the switch if you _didn't_ wan...
by Samot
Wed May 01, 2019 4:34 pm
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 122
Views: 73080

Re: v6.44.3 [stable] is released!

6.44.x have many bugs! far from stable, it breakdown 5G wifi. And what bugs are those? Just saying it has "many bugs" isn't insightful or helpful at all. If it has many bugs please list them so the developers and others can be aware of them and try to replicate them in order to prove they...
by Samot
Wed May 01, 2019 4:27 pm
Forum: General
Topic: wAP ac serious problem! maybe a bug?
Replies: 12
Views: 3169

Re: wAP ac serious problem! maybe a bug?

So is there a reason there are two active threads by you about your wAP ACs going crazy after updating to 6.44.3? Part of the problem with this is that in one thread Person 1 can tell you do X in order to help, while in the other thread Person 2 is telling you to do Y. Person 2 may have never told y...
by Samot
Wed May 01, 2019 4:13 pm
Forum: General
Topic: be careful! 6.44.x should not marked as stable!
Replies: 6
Views: 2673

Re: be careful! 6.44.x should not marked as stable!

Interesting, I updated wAP ACs to 6.44.2 last week. Along with all my cAP ACs and other systems. Not a single one of them has crashed or had an issue. Are you sure it wasn't something else?
by Samot
Mon Apr 29, 2019 4:09 pm
Forum: General
Topic: please help config class ip / 29
Replies: 20
Views: 3642

Re: please help config class ip / 29

That /48 network is probably IPv6? Usually you assign a /64 to every subnet interface and either enable DHCPv6 server (good luck with that on MT) or router advertisements (and let devices autoconfigure from there). Just make sure you have default IPv6 route set ... and most importantly, gave ROS 6....
by Samot
Mon Apr 29, 2019 3:34 pm
Forum: Wireless Networking
Topic: WISPs Worldwide
Replies: 1
Views: 912

Re: WISPs Worldwide

I know of three in one of my market areas but I wouldn't provide their names for public directories as possible options for Internet service because they suck, big time. All three wanted to resell my voice services to their customer and they lack basic knowledge of Linux and networking over all let ...
by Samot
Mon Apr 29, 2019 3:21 pm
Forum: General
Topic: mikrotik power on hours
Replies: 6
Views: 1945

Re: mikrotik power on hours

I want check how much this device worked, because its for my friend and he told me it worked for 2month so i want check if it really worked 2month or not Also what do you mean by "worked"? Do you mean it was running and didn't have issues? Or that it was running and now won't run (boot up...
by Samot
Mon Apr 29, 2019 3:18 pm
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 29
Views: 12432

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

What issue are you referring to? I setup a bunch of cAP ACs two weeks ago all in Bridge mode with the WISP AP as the quickset. Did you actually program the proper information in the route before hitting apply? Outside of some poor configurations that were posted, we haven't seen much else of these &...
by Samot
Mon Apr 29, 2019 3:06 pm
Forum: General
Topic: VLAN - hybrid port - untagged VLAN 1
Replies: 12
Views: 9954

Re: VLAN - hybrid port - untagged VLAN 1

The post you are referencing is from 2016 and at the end of 2017 how VLANs where done and managed was changed. So that post is irrelevant. Have you tried following the current steps here: https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering ?
by Samot
Fri Apr 26, 2019 3:28 pm
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 3377

Re: RB1100AHx4 Dude Edition insecure by default

As shown in our wiki (more specifically here ) RB1100, nor CCR, nor CRS series of Routers/switches are meant to be plug-and-play and has only IP for first-time connectivity. They will need to be configured by the end-user before usage, unlike our home-use router lineup (as mentioned by @Paternot ),...
by Samot
Fri Apr 26, 2019 3:20 pm
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 3377

Re: RB1100AHx4 Dude Edition insecure by default

No router should be exposed to the internet without proper configuration. No device calling itself a router should have this as it's fully patched, default configuration out of the box be this: # jan/02/1970 00:03:18 by RouterOS 6.44.2 # software id = 20C3-04CF # # model = RB1100Dx4 # serial number...
by Samot
Sun Apr 21, 2019 9:04 pm
Forum: Virtualization
Topic: Replaced 5yr old x86 with CHR (less than impressed)
Replies: 14
Views: 8272

Re: Replaced 5yr old x86 with CHR (less than impressed)

OK, that makes much more sense. Here check out this post, viewtopic.php?t=138549

The basic result is turn off hyperthreading on the host system and the guest VMs will improve CPU performance. All the reasoning is detailed in that post.
by Samot
Sun Apr 21, 2019 7:52 pm
Forum: Virtualization
Topic: Replaced 5yr old x86 with CHR (less than impressed)
Replies: 14
Views: 8272

Re: Replaced 5yr old x86 with CHR (less than impressed)

OK so did you install X86 or did you install CHR? There is no X86 CHR, they are not the same. X86 is meant for physical hardware and binds itself to the HDD much like the ROS appliances. Follows the same levels of licensing and limitations of that licensing. CHR is a completely different beast. It's...
by Samot
Sun Apr 21, 2019 4:01 pm
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 29
Views: 12432

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

All I see in that zip file is a bunch of configs that look incomplete. Did you actually try to see this stuff manually or just do this all through Quickset? What happens when you create the DHCP server on your own and assign IPs and the settings? Again, I do this with hEX's and other routers quite a...
by Samot
Fri Apr 19, 2019 2:47 pm
Forum: Beginner Basics
Topic: Multiple VLANs with one Router as Default Gateway in each VLAN
Replies: 7
Views: 6319

Re: Multiple VLANs with one Router as Default Gateway in each VLAN

I have got one modem (from my ISP) in bridge mode which is my gateway to the Internet. This is connected to Port 1 on the hEX. I also have two swiches and one Mikrotik hEX. Let's call the switches Switch A and Switch B. Switch A is connected to hEX on Port 2 and Switch B is connected to Port 3. hEX...
by Samot
Tue Apr 16, 2019 3:40 pm
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 29
Views: 12432

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

Don't mind the impatient others, they understand IT but not people :-) Well it's a good thing this is a networking forum and not a physiology forum and the need to understand IT is greater than the need to understand people. 1) With 6.44 the dhcp package is no longer optional and it seems that it c...
by Samot
Mon Apr 15, 2019 3:52 pm
Forum: Beginner Basics
Topic: Noobish Requesting Help - VLANed home network [SOLVED]
Replies: 15
Views: 3157

Re: Noobish Requesting Help - VLANed home network [SOLVED]

I could REALLY use some help. I'm starting to chase my tail here. I found enough info that put me on this no bridge path, and reading more about the bridging it seems sloppy. Since 6.41, so almost a year and a half, the preferred and recommended way of doing VLANs on every model but the CRS1xx/2xx'...
by Samot
Sun Apr 14, 2019 7:51 pm
Forum: Beginner Basics
Topic: CONFIGURATION OF ROUTER 3011 AND 2011 FOR VPN CONNECTION
Replies: 1
Views: 900

Re: CONFIGURATION OF ROUTER 3011 AND 2011 FOR VPN CONNECTION

Good morning i have 3 places and i have bought 2011 and 3011 kindly help me how to configure them
There is absolutely no need to have multiple threads for this. Also go to https://wiki.mikrotik.com for this. These are all basic concepts covered in the wiki.
by Samot
Sat Apr 13, 2019 3:25 pm
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 29
Views: 12432

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

problem identified, manually fixed and ticket opened. Mikrotik is adding a default rule that nobody outside of the LAN can access. But for the bridge this is not working. Disabling this rule made the hEX bridge accessable. What default rule? A firewall rule? A route rule? Why type of rule? You're n...
by Samot
Sat Apr 13, 2019 3:23 pm
Forum: Beginner Basics
Topic: Router for my new home!
Replies: 14
Views: 3533

Re: Router for my new home!

If you also consider vpn, I recommend carefully the "Mikrotik device RB1100AHx4" that we use in our lab. That is an absolutely absurd suggestion for a home router. No one needs to spend $300 USD for a home router when a hEX or hAP AC2 will do the job and has IPSec accel for VPN connection...
by Samot
Wed Apr 10, 2019 7:42 pm
Forum: General
Topic: Telnet function not working anymore since several versions
Replies: 5
Views: 1924

Re: Telnet function not working anymore since several versions

I'd suggest using Winbox. This issue doesn't exist there and it is just better than webfig.
by Samot
Wed Apr 03, 2019 6:52 pm
Forum: General
Topic: RB2011iL/UiAS Weirdness Happening, Checking if anyone else has seen this
Replies: 2
Views: 799

Re: RB2011iL/UiAS Weirdness Happening, Checking if anyone else has seen this

Suggest posting a config from the working unit and one from the worst unit to compare.......... /export hide-sensitive file=latestconfigs The configuration between working and none working will not matter because it actually never gets to the point where I can do the configuration changes I need fo...
by Samot
Wed Apr 03, 2019 6:23 pm
Forum: General
Topic: RB2011iL/UiAS Weirdness Happening, Checking if anyone else has seen this
Replies: 2
Views: 799

RB2011iL/UiAS Weirdness Happening, Checking if anyone else has seen this

2019-04-03 10_42_51.png I recently got a small order for RB2011's from Baltic Network, just four units, about a month ago roughly. So far three of the four that I have installed for my voice networks, (2 UiAS and 1 iL) have gone crazy. It appears to be only happening on ether's 6-10 using the Ather...
by Samot
Mon Apr 01, 2019 3:55 pm
Forum: General
Topic: Hotspot 2.0
Replies: 1
Views: 861

Re: Hotspot 2.0

I want to know if Mikrotik is compatible with Hotspot 2.0 and if there are any document to prove it Hi, I want to know if you made any attempts to find this and if there are any screenshots to prove it. Literally, "Hotspot 2.0 Mikrotik" in Google got me this in the first three results: ht...
by Samot
Sun Mar 31, 2019 5:31 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 304
Views: 157224

Re: v6.45beta [testing] is released!

it can not be considered as a bug or vulnerability That's not what they are saying here https://forum.mikrotik.com/viewtopic.php?f=2&t=147048 They are talking about CCR's and CHR's crashing I don't know what more resources people need. Actually there is at least one person in that thread that c...
by Samot
Sat Mar 16, 2019 4:11 pm
Forum: General
Topic: IPTV who should pay?
Replies: 46
Views: 10929

Re: IPTV who should pay?

What I find interesting in this conversation is how people are equating services such as Netflix or Amazon (real, legal streaming services) with non-legitimate IPTV services. As an example, I'm from the USA but now live in Canada. All my streaming services such as Netflix, etc are USA based accounts...
by Samot
Sun Mar 10, 2019 5:44 pm
Forum: General
Topic: Scaling Mikrotik
Replies: 5
Views: 1671

Re: Scaling Mikrotik

@magik20 I'm not really sure what you are expecting as replies to this. You're essentially asking "How should I build this ISP network?" but you haven't provided any real information to help give the advice or answer. What have you determined so far? What bottlenecks have you identified? W...
by Samot
Thu Jan 17, 2019 3:47 pm
Forum: General
Topic: Hotspot login page not loading automatically on some devices
Replies: 6
Views: 3158

Re: Hotspot login page not loading automatically on some devices

There is to ways around this. It's an easy fix. I had the same issue but I was able to come up with a fix.

Thanks,
Are you going to share?
by Samot
Sun Dec 30, 2018 3:31 pm
Forum: General
Topic: Do not bill hotspot user for walled garden sites
Replies: 2
Views: 1019

Re: Do not bill hotspot user for walled garden sites

Walled Garden's are for users that are _not logged in_. They allow "guests" to access those sites without a hotspot user account. Once they log in, everything is under their profile.
by Samot
Sun Dec 30, 2018 3:29 pm
Forum: Beginner Basics
Topic: Problem with Basic VLAN setup
Replies: 2
Views: 857

Re: Problem with Basic VLAN setup

Try reading here and here. See how far you get. We'll help you the rest of the way.
The CRS1XX/2XX models do not have VLAN aware Bridges. This still has to be done the "old way" with the switch chip and switch menu.
by Samot
Mon Dec 24, 2018 3:33 pm
Forum: General
Topic: Hotspot Simultaneous User Capacity
Replies: 5
Views: 5156

Re: Hotspot Simultaneous User Capacity

There is no Routerboard model available which is capable of controlling 900 devices simultaneously.
What was the point of this reply to a 7.5 year old thread? Nothing is relevant these days with this thread.
by Samot
Mon Dec 03, 2018 3:54 pm
Forum: General
Topic: Mikrotik Router SIP Connection Blocked.
Replies: 79
Views: 62022

Re: Mikrotik Router SIP Connection Blocked.

OK, so I'm reading this thread and I have yet to see any real SIP debugs or information that is proving the MT's are the actual cause here. It looks like a bunch of assumptions and guessing. I am 100% a ITSP (Internet Telephone Service Provider) and I use MT's 100% for my end users. I have a wide va...
by Samot
Sun Sep 23, 2018 5:04 pm
Forum: Wireless Networking
Topic: Problems setting up hAP lite as wireless AP
Replies: 2
Views: 3621

Re: Problems setting up hAP lite as wireless AP

Change "Address" from 192.168.88.1/24 to 192.168.96.1/24 and "Network" from 192.168.88.0 to 192.168.96.0 OK this changed the IP on the Ethernet interface to 192.168.88.1. So let's see what steps you missed after that. 1) Updated the DHCP Server by going into IP --> DHCP Server -...
by Samot
Sun Sep 23, 2018 4:24 pm
Forum: General
Topic: Email via Gmail no longer working since Aug 22 [SOLVED]
Replies: 10
Views: 6297

Re: Email via Gmail no longer working since Aug 22 [SOLVED]

/tool e-mail set address="smtp.gmail.com" haha, works perfectly. I honestly didnt think to just try using the URL, I assumed it was still IP only, as per the wiki on it. thanks. FYI, smtp.gmail.com used in @nescafe202's code is not URL , it's FQDN . Try to be precise, everybody will under...
by Samot
Wed Sep 05, 2018 1:46 pm
Forum: Beginner Basics
Topic: VoIP issues [SOLVED]
Replies: 5
Views: 2021

Re: VoIP issues [SOLVED]

Does the caller hear the person or is it dead air/silence for both parties? This sounds like a NAT/congestion issue. How many phones, how much bandwidth and which CCR?
by Samot
Fri Aug 31, 2018 3:29 pm
Forum: General
Topic: Switch Chip on CRS106-1C-5S
Replies: 19
Views: 4567

Re: Switch Chip on CRS106-1C-5S

Well first thing I would do, is make sure that VLAN200 is setup as an actual interface on the router. You only have VLAN100 setup but you're setting up VLAN rules that include 200.
by Samot
Thu Aug 23, 2018 11:34 pm
Forum: SwOS
Topic: Switch stack
Replies: 5
Views: 7421

Re: Switch stack

There's no stacking functionality in RouterOS or SwitchOS, as far as I know.
by Samot
Thu Aug 23, 2018 3:40 pm
Forum: General
Topic: Problem with dual PPPOE load balancing
Replies: 2
Views: 1276

Re: Problem with dual PPPOE load balancing

You need to export and post your config. Those screenshots provide no real information.
by Samot
Mon Aug 20, 2018 2:20 pm
Forum: RouterBOARD hardware
Topic: hAP ac² Amazon USA Price
Replies: 13
Views: 3467

Re: hAP ac² Amazon USA Price

If you're in the US, Baltic Networks usually has pretty good deals, such as 10% or more off Mikrotik's MSRP.

https://www.balticnetworks.com/mikrotik ... ap-us.html

It's out of stock right now but you can still pre-order.
by Samot
Sun Aug 19, 2018 5:46 am
Forum: General
Topic: CRS Egress Tag Removal
Replies: 5
Views: 1669

Re: CRS Egress Tag Removal

If you are using the current branch or newer you'll want to use the new(ish) VLAN aware bridge and not configure anything in the Ethernet switch menu. Except that the CRS1XX/2XX actually use a special switch menu and they do not support Bridge VLAN Filtering. We are working with him on this in the ...
by Samot
Sat Aug 18, 2018 3:57 am
Forum: General
Topic: SIP Registration issue
Replies: 10
Views: 3127

Re: SIP Registration issue

We use the Yeastar S-Series platform PBX which has built in packet capture and can use the MT's packet sniffer tool to redirect it's findings into the Yeastar's pcap. The header analysis in OP is directly from a pcap captured this way. The Yeastar S-Series runs Asterisk v13. All of my PBXes sitting...
by Samot
Fri Aug 17, 2018 11:05 pm
Forum: General
Topic: SIP Registration issue
Replies: 10
Views: 3127

Re: SIP Registration issue

@WesternData - I use MTs for the sole purpose of supporting my voice deployments. So lets start with the basics. 1) What type of SIP platform is this? 2) Can you get an actual pcap/sip capture of the packets at both the SIP platform level and the router level?
by Samot
Fri Aug 10, 2018 4:41 pm
Forum: General
Topic: MT sending spam !? Confused!
Replies: 11
Views: 5057

Re: MT sending spam !? Confused!

Even with all the local interfaces disabled the emails are being sent. How is that possible? SYN packets with TCP 25 port are visible only coming out from my public interface. I have set several mangle rules and nothing comes to the router on this port, just goes out... This is why I said you need ...
by Samot
Fri Aug 10, 2018 3:43 pm
Forum: General
Topic: MT sending spam !? Confused!
Replies: 11
Views: 5057

Re: MT sending spam !? Confused!

Then I would go through it and make sure that there is nothing there that shouldn't be. Someone seems to be using you as an SMTP relay and that's bad.
by Samot
Fri Aug 10, 2018 3:41 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 33
Views: 51296

Re: WPA2 preshared key brute force attack

I think as long as your wifi password/keys are not something an idiot would use as their luggage combination you're fine.

Image
by Samot
Fri Aug 10, 2018 3:33 pm
Forum: General
Topic: MT sending spam !? Confused!
Replies: 11
Views: 5057

Re: MT sending spam !? Confused!

Should this router be connecting to mx.mail.ru? Sounds like you are compromised. What version of ROS are you running?
by Samot
Mon Aug 06, 2018 8:41 pm
Forum: General
Topic: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk
Replies: 8
Views: 4142

Re: New Attack on WPA/WPA2 Discovered, Most Modern Routers Might be at Risk

This is a vague article that tells us nothing. Sure they found a flaw but was it a fluke? Was it it isolated? Who knows really because it seems they've done nothing more but find it on they equipment they were using/testing and it was a mistake that they found it. They did not provide any informatio...
by Samot
Thu Aug 02, 2018 3:14 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

I think he means the default action of "if not filters apply", which is a non issue given the factory "default" firewall filters. I did think which reading this post that maybe the firewall should default to deny with no rules, so you have to explicitly allow everything you want...
by Samot
Thu Aug 02, 2018 2:25 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... Have a look at the posting times and my posting is probably the trigger to have Mikrotik postin...
by Samot
Thu Aug 02, 2018 2:08 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... You mean the one the patched back in April 2018? Or the one that was patched in March 2017? Wha...
by Samot
Thu Aug 02, 2018 2:05 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

The sad part is that owners/admins DO NOT CARE.
And that statement right there is the crux of the issue.
by Samot
Thu Aug 02, 2018 2:04 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... Have a look at the posting times and my posting is probably the trigger to have Mikrotik postin...
by Samot
Thu Aug 02, 2018 1:58 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 56
Views: 15831

Re: Mikrotik in the news..bad news

Mikrotik staff already posted a reminder for users to upgrade. More info here https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 The sad part it's that the exploit is more than two months old.... You mean the one the patched back in April 2018? Or the one that was patched in March 2017? Wha...
by Samot
Thu Aug 02, 2018 1:55 pm
Forum: General
Topic: RouterOS 6.20 is not sending LCP Term-Req when receives PoD
Replies: 6
Views: 2559

Re: RouterOS 6.20 is not sending LCP Term-Req when receives PoD

I have the same problem. Lot of SOHO PPPoE routers do not reconnect again after PoD (or CLI, Winbox method, it makes no difference) disconnect if do not receive correct LCP Term-Req packet before PADT. MikroTik sends only PADT. It is incorrect. Please fix it. You have the same problem someone on a ...
by Samot
Thu Aug 02, 2018 1:51 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176608

Re: Winbox vulnerability: please upgrade

That's what I figured.
by Samot
Thu Aug 02, 2018 1:41 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176608

Re: Winbox vulnerability: please upgrade

@normis, hey can you get this on the blog? I'd like the see any complainers cut off at the pass that this announcement didn't end up in the right spots.
by Samot
Wed Aug 01, 2018 3:24 pm
Forum: Beginner Basics
Topic: Help with Basic VLAN [SOLVED]
Replies: 30
Views: 6910

Re: Help with Basic VLAN [SOLVED]

I'm not sure why the majority of the suggestions are pre-6.41 since that hasn't been the case for almost a year now. You've got most of it right but here is what needs to happen. 1) Do not use the Switch setup. That's wrong, it's done via the Bridge now. 2) Under Bridge go to the VLAN tab, you'll wa...
by Samot
Thu Jul 26, 2018 2:16 pm
Forum: General
Topic: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)
Replies: 15
Views: 7391

Re: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)

Why would Mikrotik enable a feature that has almost ZERO client support in its current incarnation? Also lets cover some things here. If I want to go to secretsite.com and I'm using DNS over HTTPS, my PC or router will send the request to the DNS over HTTPS servers. They will make the DNS queries. N...
by Samot
Tue Jul 24, 2018 5:19 am
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 8049

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

This is what technical fora are all about.... sharing KNOWLEDGE.... (If you want to rant, go to facebook or twitter and knock yourself out) Yes and a bunch of people with knowledge are saying this is a non-issue and shouldn't be something to worry about. None of us here are against sharing knowledg...
by Samot
Tue Jul 17, 2018 1:44 pm
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 8049

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

There is absolutely no need for this. I seriously do not recommend mucking around with these settings as you'll find yourself with issues down the road when something screws up. Let's be clear on this: Washer/Dryers, A/C units, Water Heaters, DECT/cordless phones, Microwaves, Bluetooth, Remote Contr...
by Samot
Sun Jul 15, 2018 11:23 pm
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 8049

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

even if someone sleeps only 1 meter away from the router?
Yes, it is a non-issue.
by Samot
Sun Jul 15, 2018 4:17 pm
Forum: Beginner Basics
Topic: Script to reduce Wi-Fi transmitter power on schedule/at night
Replies: 34
Views: 8049

Re: Script to reduce Wi-Fi transmitter power on schedule/at night

I want to reduce Wi-Fi transmitter power on schedule/at night because the router is located in a bed room. What on earth for? Does the 'excess' power keep someone awake or what? Or maybe you think it causes cancer or something? I'm with sid5632 on this. Why do you need to decrease the TX power of t...
by Samot
Sun Jul 15, 2018 3:51 pm
Forum: Beginner Basics
Topic: Help: I need to set a IP to use Wan1 only
Replies: 2
Views: 1033

Re: Help: I need to set a IP to use Wan1 only

Well regardless of the load balancing or not I do see one issue you're going to have with the the connections: add comment=isp1 distance=1 gateway=192.168.1.1 routing-mark=isp1 add comment=isp2 distance=1 gateway=192.168.0.1 routing-mark=isp2 You are 100% being double NAT'd right now. So right now y...
by Samot
Sun Jul 15, 2018 3:31 pm
Forum: General
Topic: Load balancer issue
Replies: 1
Views: 751

Re: Load balancer issue

You need to show your config so we can see how you've done this load balancing and failover. Do an /export hide-sensitive and post the config.
by Samot
Sun Jul 15, 2018 3:28 pm
Forum: Wireless Networking
Topic: Drop all traffic besides port 80 for unauthorized hotspot users
Replies: 4
Views: 1618

Re: Drop all traffic besides port 80 for unauthorized hotspot users

And I answered. You cannot DROP the traffic, well I guess you could, but how would they log in? Only by getting to the hotspot address? You realize that most devices are going to detect they are on a hotspot/proxied network and send them to the login page? Again, once the hotspot is active and the u...
by Samot
Sat Jul 14, 2018 3:29 pm
Forum: General
Topic: Problem with hotspot
Replies: 2
Views: 1104

Re: Problem with hotspot

And how is this AP configured? Is it in Bridge mode? Is it still running a DCHP-Client or a DHCP-Server? Sounds like the AP is the only device the Mikrotik is seeing in this scenario so the AP is considered the "user".
by Samot
Sat Jul 14, 2018 3:25 pm
Forum: Wireless Networking
Topic: Drop all traffic besides port 80 for unauthorized hotspot users
Replies: 4
Views: 1618

Re: Drop all traffic besides port 80 for unauthorized hotspot users

The hotspot will block/redirect traffic to the login page when unauthorized or non-authorized users connect and try to surf. However, without proper HTTPS setup on the hotspot requests to like Google, YouTube or pretty much normal traffic since almost all "major" sites are HTTPS will die a...
by Samot
Thu Jul 12, 2018 4:14 pm
Forum: Wireless Networking
Topic: Hotspot not redirecting to login page
Replies: 4
Views: 23935

Re: Hotspot not redirecting to login page

In order to redirect HTTPS requests to the Hotspot login, it needs to know to redirect HTTPS. Right now the login is set to http-chap. There's no SSL cert assigned and nothing is showing port 443 active on the router for this. HTTPS requests will redirect to an HTTPS version of the login page and th...
by Samot
Mon Jul 09, 2018 5:20 pm
Forum: Beginner Basics
Topic: Load balancing with 2 Wan links plus peering, Is it possible on Mikrotik routers?
Replies: 1
Views: 939

Re: Load balancing with 2 Wan links plus peering, Is it possible on Mikrotik routers?

Hi all, I have 2 WAN links of 45 Mbps each and peering link of 100 Mbps. My software vendor says, Mikrotik router is not good in doing load balancing so better avoid. Is it so? If its possible, please guide me how to establish load balancing, so that I ll get the combined bandwidth of 90 Mbps. I am...
by Samot
Mon Jul 09, 2018 4:38 pm
Forum: Beginner Basics
Topic: No access on HTTP pages on RB941-2nD-TC
Replies: 6
Views: 1731

Re: No access on HTTP pages on RB941-2nD-TC

Hi, In this case, the problem occurs with Firefox, Chrome and Internet explorer. I'll try some other browsers but i noticed that this problem is really on my router, because i temporally fixed the access on HTTP sites replacing my mikrotik to a basic router From my experience "basic routers&qu...
by Samot
Tue Jul 03, 2018 2:30 pm
Forum: General
Topic: Web Proxy Hacked
Replies: 8
Views: 4208

Re: Web Proxy Hacked

What version of ROS are you running on the SXT's? That will determine the answer to your question as there are older versions with vulnerabilities known to them.
by Samot
Tue Jul 03, 2018 2:28 pm
Forum: General
Topic: RB1100AHx2 bridge HW-offload issue [SOLVED]
Replies: 4
Views: 2182

Re: RB1100AHx2 bridge HW-offload issue [SOLVED]

There doesn't need to be another page. From 6.41 and up the Layer2 switching is done via the Bridge interface. So when it says "Pre-6.41" that means "Do this if you are not on 6.41 or higher" and when it says "Post-6.41" that means "Do this is you're running 6.41 o...
by Samot
Sun Jun 24, 2018 3:18 pm
Forum: Beginner Basics
Topic: Triple WAN VOIP Load Balancing
Replies: 8
Views: 2074

Re: Triple WAN VOIP Load Balancing

What are the "limited connectivity" speeds of WAN 2 and WAN 3 that the VoIP is going over? How many phone devices are there? And what is simultaneous call average? Failing over the phones is possible but there are other considerations that have to factor in, such as the phone updating its ...
by Samot
Sun Jun 24, 2018 3:04 pm
Forum: General
Topic: Pfsense on a Mikrotik KVM
Replies: 1
Views: 1031

Re: Pfsense on a Mikrotik KVM

My thought on this

Image
by Samot
Sun Jun 24, 2018 2:22 pm
Forum: RouterBOARD hardware
Topic: Mikrotik with SIP port integrated
Replies: 8
Views: 5166

Re: Mikrotik with SIP port integrated

But there are many protocols other than SIP that a "VoIP-to-analog adapter" with such a port might speak on the IP side: IAX2, MGCP, H.323, etc. For the record, if a modem/router is going to have a "VoIP" combination built into it that combination is going to be based on SIP. Bo...
by Samot
Fri Jun 22, 2018 2:00 pm
Forum: RouterBOARD hardware
Topic: Mikrotik with SIP port integrated
Replies: 8
Views: 5166

Re: Mikrotik with SIP port integrated

Hi,
There's any plan to a routerboard have SIP port integrated and the possibility to configure it through routerOS?

Thanks.
What do you mean by this?
by Samot
Tue Jun 12, 2018 6:05 pm
Forum: General
Topic: New IP cloud is coming.
Replies: 84
Views: 46707

Re: New IP cloud is coming.

/ip cloud set sdwan-enabled=yes
Ugh. Just, ugh.
by Samot
Thu Jun 07, 2018 6:04 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 190
Views: 145857

Re: VPNfilter official statement

The fact that Mikrotik is still on the list due to them seeing Mikrotik routers still being hit by this means one thing only for Mikrotik users. They have failed to keep their routers current and are still running over a YEAR OLD (plus) version of ROS. Regardless of this virus attack, that is just ...
by Samot
Thu Jun 07, 2018 3:03 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 190
Views: 145857

Re: VPNfilter official statement

The fact that Mikrotik is still on the list due to them seeing Mikrotik routers still being hit by this means one thing only for Mikrotik users. They have failed to keep their routers current and are still running over a YEAR OLD (plus) version of ROS. Regardless of this virus attack, that is just b...
by Samot
Thu Jun 07, 2018 2:58 pm
Forum: Beginner Basics
Topic: slaveless router
Replies: 3
Views: 1381

Re: slaveless router

You need to post your config. From the terminal do: /export compact hide-sensitive
Then paste the config here so we can see what you did.
by Samot
Sun Jun 03, 2018 8:30 pm
Forum: General
Topic: Mikrotik Hotspot issues
Replies: 3
Views: 1498

Re: Mikrotik Hotspot issues

All of these images are pointless. You did not describe or post any of your Hotspot setup/config. No idea what is happening or if this is a config issue, etc.

You need to post some real information (like the hotspot setup) so we can actually work the problem.
by Samot
Sat Jun 02, 2018 7:30 pm
Forum: Forwarding Protocols
Topic: sip phone being stopped at wan address
Replies: 7
Views: 2595

Re: sip phone being stopped at wan address

Thanks, No it's not hosted in a DC. The PBX is a standalone PBx connected to a microtik router and a couple of onsite ip phones on the same router. It's the off site phones that are being blocked. Whats strange is that if I turn on the SIP helpers the Offsite phones register immediately, however if...
by Samot
Sat Jun 02, 2018 7:25 pm
Forum: Beginner Basics
Topic: Hotspot userman not redictering to login page
Replies: 11
Views: 4042

Re: Hotspot userman not redictering to login page

I keep asking the same thing because you haven't answer the question. I asked _what_ webpage you went to. Because if you went to http://microsoft.com and then ended up at https://microsoft.com then the Hotspot isn't "randomly" redirecting you to https://microsoft.com. If you said "I w...
by Samot
Sat Jun 02, 2018 4:46 am
Forum: Beginner Basics
Topic: Make devices with different LANs Communicate
Replies: 6
Views: 1572

Re: Make devices with different LANs Communicate

The picture doesn't make sense until you label the devices with the red arrows. You shouldn't have to do anything to make the 2 networks communicate if both subnets are defined on the same router. If they aren't talking, you are blocking it. You don't need to add any routes, they are already there ...
by Samot
Sat Jun 02, 2018 3:34 am
Forum: Forwarding Protocols
Topic: Duel Firewall rule or HA failover
Replies: 8
Views: 3494

Re: Duel Firewall rule or HA failover

hi I need help how I can use firewall on mikrotik to block an application named (netshare). I use hotspot so people use this app to share free internet to others. you can find it on google play and how it work. I see that this app use port 8282 and it give the client a diffrent ip which is 192.168....
by Samot
Sat Jun 02, 2018 3:29 am
Forum: Forwarding Protocols
Topic: sip phone being stopped at wan address
Replies: 7
Views: 2595

Re: sip phone being stopped at wan address

Do you have a destination nat rule for you PBX? Something like: /ip firewall nat add chain=dst-nat dst-address=192.168.20.10 protocol=tcp dst-port=5060 to-address=192.168.0.5 This sounds like the PBX is "hosted" in a DC or another location, so that's not going to work as there would be mu...
by Samot
Sat Jun 02, 2018 3:24 am
Forum: Beginner Basics
Topic: Make devices with different LANs Communicate
Replies: 6
Views: 1572

Re: Make devices with different LANs Communicate

Also what is what in this drawing? Is the rounded object (router) actually the RB2011? If so, what is the squared object (smart switch?)? Please identify what those two objects in the drawing are because if you have a smart switch that might be doing something with the routing of the networks that w...
by Samot
Fri Jun 01, 2018 7:22 pm
Forum: Beginner Basics
Topic: Hotspot userman not redictering to login page
Replies: 11
Views: 4042

Re: Hotspot userman not redictering to login page

Hi, Http only. after connecting to hotspot. it was supposed to go login page right. but it goes to Microsoft.com website insteadt and it's https. OK, so you made an HTTP request to where? Does the Hotspot login page load when you hit it directly via HTTP? Have you tested from another device to repr...
by Samot
Thu May 31, 2018 4:46 pm
Forum: General
Topic: Two mikrotik NAT to NAT
Replies: 15
Views: 2863

Re: Two mikrotik NAT to NAT

Actually, the modem is not in bridge mode. it is pppoe client.
So you initially had three NATs stacked?
I was just writing a reply with that exact question. At best this is double NAT, at worse it's triple NAT. It's a mess.
by Samot
Thu May 31, 2018 5:56 am
Forum: Beginner Basics
Topic: Hotspot userman not redictering to login page
Replies: 11
Views: 4042

Re: Hotspot userman not redictering to login page

What type of request was this? An HTTP or HTTPS request? And what was the site that you tried to hit when you were redirected to microsoft.com? Finally, was it https://microsoft.com?
by Samot
Wed May 30, 2018 5:30 pm
Forum: SwOS
Topic: RB250GS swos last version
Replies: 8
Views: 6519

Re: RB250GS swos last version

There should always be a time frame in which software (alone or for a device) or the firmware for EOL devices/programs should no longer be available. Users need to be forced sometimes to upgrade to something supported and relevant. I'll give you an example (not Mikrotik but same type of case) User c...
by Samot
Wed May 30, 2018 5:16 pm
Forum: Scripting
Topic: i have postpaid subscribers how to script send to my email when user expired after 15 days
Replies: 3
Views: 1293

Re: i have postpaid subscribers how to script send to my email when user expired after 15 days

If you've never done scripting in Mikrotik I suggest reading the first link to understand how scripting works and then the other two links for examples. Sample scripts for what you are looking for are in the example pages of the wiki for scripting. After you've done that and attempted a script of yo...
by Samot
Tue May 29, 2018 6:27 pm
Forum: Scripting
Topic: i have postpaid subscribers how to script send to my email when user expired after 15 days
Replies: 3
Views: 1293

Re: i have postpaid subscribers how to script send to my email when user expired after 15 days

Is this something you need to do in Mikrotik? If you have postpaid customers, are you tracking that in some system? Otherwise if all this is being just done in UserMan you'll need to write a script to handle looking up the accounts, checking the dates and sending yourself an email when the check mee...
by Samot
Tue May 29, 2018 6:19 pm
Forum: General
Topic: Separating 2 LANs with different gateways
Replies: 6
Views: 1742

Re: Separating 2 LANs with different gateways

How did you add 3.3.3.3 to the router? Your diagram doesn't show what port the IP is assigned to. That IP has to be bound to an Interface it just can't be the whole router. Whatever the WAN IPs the ISPs give you are the WAN IPs on Eth5 and Eth6. Those would be the IPs to reach the router over the In...
by Samot
Tue May 29, 2018 2:59 am
Forum: Beginner Basics
Topic: RouterOS 5.20 - IP Route List
Replies: 13
Views: 4857

Re: RouterOS 5.20 - IP Route List

I'd also suggest updating your router to a version that is not years behind and has known security holes.
by Samot
Tue May 15, 2018 4:43 pm
Forum: Beginner Basics
Topic: DHCP over bridge VLAN [SOLVED]
Replies: 14
Views: 14661

Re: DHCP over bridge VLAN [SOLVED]

I'll admit, I'm still a bit confused by this. Especially since I just looked at the op's config and no where in there does he have 192.168.2.0/24 assigned to any interface, more importantly it's not assigned to the VLAN20 interface. Having a IP Pool for 192.168.2.1-192.168.2.255 is pointless if that...
by Samot
Sun May 13, 2018 7:00 pm
Forum: Beginner Basics
Topic: DHCP over bridge VLAN [SOLVED]
Replies: 14
Views: 14661

Re: DHCP over bridge VLAN [SOLVED]

OK, so do you want to have Ether2-Ether10 on the same bridge so that no matter what plugs into the Ether ports can be on either of those VLANs? Or is Ether3 (or 10) going to have a switch that will have the devices connected there? Or will X amount of ports be for one subnet and X for the other? I'm...
by Samot
Sun May 13, 2018 6:08 pm
Forum: Beginner Basics
Topic: cAP ac bridge ethernet interfaces [SOLVED]
Replies: 7
Views: 4468

Re: cAP ac bridge ethernet interfaces [SOLVED]

You have the DHCP Client on the cAP AC set to the bridge?
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=local-bridge
by Samot
Sun May 13, 2018 5:56 pm
Forum: Beginner Basics
Topic: DHCP over bridge VLAN [SOLVED]
Replies: 14
Views: 14661

Re: DHCP over bridge VLAN [SOLVED]

For 6.41.x or higher the way you do this has changed. However, looking at this why do you need two VLANs? It looks like one subnet is on ether3 and the other is on ether10. Are you going to be using the two subnets on the same Ethernet interfaces? Or will these subnets be isolated to each interface?...
by Samot
Fri May 11, 2018 4:39 pm
Forum: General
Topic: Can route to internet but not between local Subnets
Replies: 10
Views: 2172

Re: Can route to internet but not between local Subnets

You cannot route between subnets by default. That's the point of having different subnets, so the hosts can communicate with those on their subnet but not others. Those dynamic routes that are being made are for Internet access so those subnets can route out to the Internet. If you want 10.0.16.0/24...
by Samot
Tue May 08, 2018 4:15 pm
Forum: SwOS
Topic: RB250GS swos last version
Replies: 8
Views: 6519

Re: RB250GS swos last version

The RB250GS is End of Life this is probably why the new 2.7 doesn't work. I don't think EOL devices get tested with newer releases of software.
by Samot
Mon May 07, 2018 3:05 am
Forum: SwOS
Topic: RB250GS swos last version
Replies: 8
Views: 6519

Re: RB250GS swos last version

You shouldn't be looking in the archive for current software. Current software is at http://mikrotik.com/downloads

version 2.7 for new RB260GS(CSS106-5G-1S), new RB260GSP(CSS106-1G-4P-1S) <-- That's the version you're looking for.
by Samot
Sat Mar 10, 2018 12:46 pm
Forum: General
Topic: Slingshot APT [SOLVED]
Replies: 44
Views: 42067

Re: Slingshot APT, RouterOS spying software [SOLVED]

Look, you guys cannot ask Mikrotik to fix a problem they already fixed a *year ago* and then complain the solution of upgrading is off the table because you need to sit on a 12 month or older version of RouterOS that you can't take the time to update properly because your config is "complicated...
by Samot
Wed Dec 13, 2017 6:21 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 207605

Re: v6.41rc [release candidate] is released! New bridge implementation!

Support, I have found an issue with v6.41rc61 and DHCP. I have several networks and ip pools configured but have found that upgrading to the rc61 build the dhcp server is handing out DNS server that the ccr1036 is using. This is not the same list of DNS server client should use. I have test reverte...