Community discussions

Search found 50 matches

by DummyPLUG
Sun Nov 11, 2018 12:05 pm
Forum: Beginner Basics
Topic: How to bypass the VPN for a specific website?
Replies: 1
Views: 136

Re: How to bypass the VPN for a specific website?

I think if you follow that guide all you need is add !dst address for the mangle rule which the dst address is the ip you don't want to go throught the VPN, you can use a dst address list instead.
by DummyPLUG
Wed Nov 07, 2018 2:57 pm
Forum: RouterOS v7
Topic: Feature request: Force sending of DHCP options to clients
Replies: 24
Views: 4245

Re: Feature request: Force sending of DHCP options to clients

Because of the china telecom 4K IPTV devices need force option-125. I have google "ros force dhcp option" since 2016. Now time is 2018 , it disappointed me again . Ok but why don't you request china telecom to put the option 125 request in the DHCP request packet? That would be the normal way of ha...
by DummyPLUG
Mon Oct 29, 2018 6:48 am
Forum: RouterOS v6 RC and v7 BETA
Topic: v6 RC and v7 BETA
Replies: 43
Views: 5391

Re: v6 RC and v7 BETA

which one will release first, Halflife 3 or V7 beta ?
by DummyPLUG
Thu Oct 25, 2018 2:28 am
Forum: Beginner Basics
Topic: Bridge filter didn't work [SOLVED]
Replies: 2
Views: 219

Bridge filter didn't work [SOLVED]

I have a CCR1009 with 2 bridges, I want to block traffic between the bridges without vlan so I try to use bridge filter, but the bridge filter didn't catch any traffic, I had enable use ip filter and disable fastpath in bridge setting. /interface bridge filter add action=drop chain=forward in-bridge...
by DummyPLUG
Tue Oct 23, 2018 7:05 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 67
Views: 12883

Re: v6.43.4 [stable] is released!

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak. Upgraded our CCR1009s to 6.43.4 yesterday and no issues so far. In our case memory consumption e...
by DummyPLUG
Mon Oct 22, 2018 6:19 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 67
Views: 12883

Re: v6.43.4 [stable] is released!

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak.
by DummyPLUG
Sun Oct 21, 2018 7:55 pm
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 355
Views: 112947

Re: Tik App, MikroTik android utility ALPHA test

Yeah, please stop development for iOS immediately because one user dislikes Apple..
Sorry but it's already 2 users, I don't like bitten-apple too :D
Make it 3, an Apple a day scare admin away.
by DummyPLUG
Thu Oct 18, 2018 3:50 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 25757

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

beware that of them are using PL2303 series chipset and some of them are using fake PL2303 chipset, the latest driver and win10 driver will refuse to work with them. If you look for a Serial to USB cable better check if can work in win10 without manually install any driver. Could be, I never use Wi...
by DummyPLUG
Tue Oct 16, 2018 7:50 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 25757

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

are those 3 hidden spots with Rx, Tx, and GND marking real serial port or just ... TTL serial. Get a TTL serial to USB converter from aliexpress or similar, and you can connect it to a PC and watch the boot procedure. (or even flash new firmware over serial when you are patient) Speak about TTL ser...
by DummyPLUG
Mon Oct 08, 2018 5:29 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 271

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing. Because you have better interface for your packets with source address of your directly conne...
by DummyPLUG
Mon Oct 08, 2018 4:59 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 271

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing. Because you have better interface for your packets with source address of your directly conne...
by DummyPLUG
Mon Oct 08, 2018 4:31 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 271

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing.
by DummyPLUG
Mon Oct 08, 2018 4:15 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 271

Re: Policy Base Routing not working [SOLVED]

I am also not that good in this. If you only use routing then you have route also the returning package.

I use connection marking for this because I am lazy. ;-)
May you teach me how to use connection marking for policy base routing? still pulling my hair out :(
by DummyPLUG
Mon Oct 08, 2018 3:45 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 271

Policy Base Routing not working [SOLVED]

I am still new to RouterOS, today I try to setup a PPTP client on the CCR1009 which connect to office vpn server, I want only specific IP go through the PPTP connection only. The CCR1009 ip range is 192.168.11.0/24, office's vpn server give out 192.168.10.2 to the CCR1009's PPTP client, and the offi...
by DummyPLUG
Sun Sep 23, 2018 2:52 pm
Forum: General
Topic: Wrong "Last Link Down Time" in Winbox
Replies: 8
Views: 525

Re: Wrong "Last Link Down Time" in Winbox

Happen to my CCr1009-7G too, everywhere is correct except in winbox, beside link down time the "last link up time" will sometime display the current time instead of the correct one
by DummyPLUG
Fri Sep 14, 2018 5:31 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 18331

Re: v6.43 [current] is released!

CCR1009, just found out all the "last link up time" is the current time in winbox (except those have link down will be in future), anyone have the same issue?
by DummyPLUG
Thu Sep 13, 2018 10:17 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 18331

Re: v6.43 [current] is released!

After update to 6.43 sometime the time will show in future, the correct link down time should be around Sep/13/2018 3:40 AM from syslog: 03:40:18 interface,info ether3 link down 03:40:33 interface,info ether3 link up (speed 100M, full duplex) 03:40:36 interface,info ether3 link down 03:40:39 interfa...
by DummyPLUG
Mon Sep 10, 2018 8:48 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 18331

Re: v6.43 [current] is released!

10G on CCR1009 ethernet port? cosmetic issue?
Image
by DummyPLUG
Sat Sep 08, 2018 10:03 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: NTFS support
Replies: 34
Views: 3177

Re: NTFS support

May be I should ask why our nexus can't install windows.
by DummyPLUG
Sat Sep 08, 2018 10:01 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: NTFS support
Replies: 34
Views: 3177

Re: NTFS support

It doesn't really matter what they are designed for (for most people, hAPs are way overpowered for simple AP). But even if you look at something that's supposed to be home router (RB2011 perhaps), it's still the same. MikroTik tried to expand to home market, which was great, because so many home ro...
by DummyPLUG
Mon Sep 03, 2018 5:40 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159710

Re: Feature requests

resend syslog email if fail to send, currently any syslog email will be discard if fail to send which raise a problem if wan or mail server down.
by DummyPLUG
Sat Aug 11, 2018 9:26 pm
Forum: Beginner Basics
Topic: Question about chain in firewall filter [SOLVED]
Replies: 2
Views: 224

Question about chain in firewall filter [SOLVED]

Forgive me if this sounds stupid, for my understanding each packet will go through all filter rules unless it have a match, if I have 10 rules for input chain and another 10 rules for forward chain, is that a packet come from Wan destination to Lan will only go though the 10 rules in forward chain o...
by DummyPLUG
Wed Aug 08, 2018 9:16 pm
Forum: Beginner Basics
Topic: Please help me get my network in order
Replies: 7
Views: 540

Re: Please help me get my network in order

Beware of the asus router if you have flow control enable, I found the RT-AC68U will send out lot of pause frame when boot which cause the whole network stop working. I had help Asus debug it but they can't find a solution, the only workaround is turn off flow control but Asus said they can't do it,...
by DummyPLUG
Mon Aug 06, 2018 6:40 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 1303

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

I have both, the default CPU frequency is lower on PC model, but easy to clock it back to 1200MHz without issue (assume in a not so hot environment), it is smaller and the LCD screen is on the top so is good for wallmount in network equipment box. If you don't mind the fan noise or size get the non ...
by DummyPLUG
Mon Aug 06, 2018 12:43 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 38447

Re: Winbox vulnerability: please upgrade

As other said make a CVE for each vulnerability, it is easier to know if we are taking about the same thing. for example right now we know which winbox vulnerability we are talking about just because there is only one, if there is another one in future how can we know which one we are talking about?...
by DummyPLUG
Fri Aug 03, 2018 8:39 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 38447

Re: Winbox vulnerability: please upgrade

From https://wiki.mikrotik.com/wiki/Manual:IP/Services it said MAC winbox using 20561/udp, is that it is better to block this port too?
by DummyPLUG
Fri Aug 03, 2018 6:54 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]
Replies: 12
Views: 790

Re: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]

I have disconnection issue few months ago, the link will down if that night is hot, and need to set to 100MB full duplex for stable connection, it usually disconnect at the same time, finally we find out it is the problem of a faulty ethernet patch panel of our building, punch it again solve the pro...
by DummyPLUG
Fri Aug 03, 2018 6:26 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]
Replies: 12
Views: 790

Re: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]

I live in Hong Kong with CCR1009-7G-1S-1C+PC, o.c. to 1200MHz router temp is always above 40C (place it 45degree again the wall) and CPU is 56C at best when idle, it always go over 60C underload without problem. few things can improve the temp: 1. try place it 45 degree against the wall, this is the...
by DummyPLUG
Wed Aug 01, 2018 11:52 pm
Forum: Beginner Basics
Topic: Set vlan interface as DHCP server [SOLVED]
Replies: 12
Views: 565

Re: Set vlan interface as DHCP server [SOLVED]

Out of interest - what would be use for VLANs on a home network? Except of course specifically learning about the technology, but otherwise at home network I have yet to find use for VLANs therefore I am happy to have avoided the complication so far. such as sperate untrusted device from trusted, a...
by DummyPLUG
Fri Jul 27, 2018 2:35 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 113
Views: 18281

Re: Security announcement blog

Is there a way to sign up for email announcements of new articles too?
+1
RSS is good, but will be nice to have some mailing list for security announcement and firmware update
by DummyPLUG
Thu Jul 26, 2018 5:03 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 401

Re: How to block IPv6 for specific device?

I use the MAC of the device in IPv6 RAW and block on ICMP 135 code 0. 133 and 135 works, the problem is I can't block 134, actually I don't see any 134 too but the device still generate Ipv6 Address Any luck yet? Not yet, although I understand the reason behind it I think I better just disable ipv6...
by DummyPLUG
Tue Jul 24, 2018 10:13 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 401

Re: How to block IPv6 for specific device?

I use the MAC of the device in IPv6 RAW and block on ICMP 135 code 0.
133 and 135 works, the problem is I can't block 134, actually I don't see any 134 too but the device still generate Ipv6 Address
by DummyPLUG
Tue Jul 24, 2018 9:24 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 401

Re: How to block IPv6 for specific device?

Nothing. What you want cannot be done. Except when you split your LAN into two different networks, on one you announce IPv6 and on the other you don't. This second LAN can be a single port on your router. Just take it out of the bridge, put an IPv4 subnet on it, configure DHCP when required, and of...
by DummyPLUG
Tue Jul 24, 2018 9:04 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 401

How to block IPv6 for specific device?

As some my deivce cannot turn off IPv6 and it also unstable when using it, so I try to filter all IPv6 packet for it, I successfully filter most IPv6 packet include ICMPv6 type 133/135 by drop all IPv6 (86dd) packet but that device still can receive RA and generate the IPv6 address.I also try to fil...
by DummyPLUG
Sun Jul 08, 2018 9:17 am
Forum: General
Topic: DNSSEC
Replies: 33
Views: 7567

Re: DNSSEC

Simple: do not use the resolver in the MikroTik for clients, but let them directly use 1.1.1.1 or 8.8.8.8 or similar. (advertised via DHCP) I think there's a lot of reasons people wouldn't want to do that though. What are those reasons? With most routers on the market, the built-in resolver is limi...
by DummyPLUG
Sun Jun 24, 2018 10:56 pm
Forum: Beginner Basics
Topic: syslog Email fail to send will not retry again
Replies: 0
Views: 122

syslog Email fail to send will not retry again

I am using CCR1009 with 6.42.3, if a syslog email can't send then I never see it resend later, is it possibale to make it retry to send?
by DummyPLUG
Sat Jun 23, 2018 6:07 am
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 10931

Re: v6.42.4 [current]

after update to 6.42.4 DHCP server cannot assign IP to some of our IP cam (mostly Foscam) randomly with this message: dhcp,warning dhcp1 offering lease 192.168.xxx.xxx for 44:2C:05:xx:xx:xx without success, never have the same problem with 6.42.3
by DummyPLUG
Thu Jun 21, 2018 3:18 am
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 10931

Re: v6.42.4 [current]

CCR1009, confirm DNS server stop working after about a few hours after update to 6.42.4
by DummyPLUG
Sun Jun 17, 2018 7:39 pm
Forum: Beginner Basics
Topic: L2TP & IPSEC with Windows 10
Replies: 12
Views: 1504

Re: L2TP & IPSEC with Windows 10

RAS key? I had something similar for win10 in the past which cause by the modem block fragmented IP packets, fixed by switch to other cert make the payload smaller and don't need fragmentation.
by DummyPLUG
Fri Jun 15, 2018 10:10 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159710

Re: Feature requests

Please add port redirect in IPv6 firewall, will much easier to force all http/https redirect to proxy and redirect all free/public DNS server access back to local dns server.
p.s. newer linux kernel and ip6tables already support this, hope routeros will have this feature as well.
by DummyPLUG
Thu Jun 07, 2018 8:32 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Add print server (printer support)
Replies: 134
Views: 48838

Re: Add print server (printer support)

Just buy one of those "usb print server" device, much cheaper than a routerboard
by DummyPLUG
Tue Jun 05, 2018 8:17 am
Forum: General
Topic: Dynamic DNS inside a LAN
Replies: 35
Views: 2418

Re: Dynamic DNS inside a LAN

I know some asus router support pptp, some newer model even have openvpn, but I don't know the performance, and I don't know if it can port forward to the vpn interface (I had some asus router, but I use them as AP only) update: just check one of my RT-AC86U with firmware 3.0.0.4.384.20942, it have...
by DummyPLUG
Sun Jun 03, 2018 9:20 pm
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 53
Views: 9284

Re: Future of LTE products, user feedback requested

I come from Hong Kong, support of 3G and even 2G is a must, because in some area 4G is much slower then 3G (example: CMHK in some Hospital), and few years ago CMHK just have 2G and 4G data service so fallback to 3G will not work at all. I quite sure there must be some other network provider in the w...
by DummyPLUG
Sun Jun 03, 2018 9:03 pm
Forum: Announcements
Topic: v6.42.3 [current]
Replies: 80
Views: 16931

Re: v6.42.3 [current]

There is some issue with firewall rules or maybe they work differently now.I think it started with 42.2 version. My ICMP rules made on input and/or forward chains are ignored. They were working just fine in 42.1. I usually drop ICMP Type 8 Echo Request when i am not playing online games from WAN (B...
by DummyPLUG
Sun Jun 03, 2018 8:24 pm
Forum: General
Topic: Dynamic DNS inside a LAN
Replies: 35
Views: 2418

Re: Dynamic DNS inside a LAN

It's simple. You need VPN server on friend's side, connect your router to it as client, and then forward some ports from their public address to you via the tunnel. Exact configuration depends on router. VPN can, in theory, be anything supported by RouterOS (PPTP, L2TP, SSTP, OpenVPN, IPSec). I jus...
by DummyPLUG
Sun May 27, 2018 3:20 pm
Forum: General
Topic: Domain name in address list not resolve to IP? [SOLVED]
Replies: 3
Views: 241

Re: Domain name in address list not resolve to IP? [SOLVED]

I am using 6.42.3 on a CCR1009 I have 2 different domain name with the same IP, I add both to the address list but only one of them will be resolve into IP, both of them are working if only just have one of them in the list I had try recreate both of them but it still not working, is this a bug or ...
by DummyPLUG
Sun May 27, 2018 2:55 pm
Forum: General
Topic: Domain name in address list not resolve to IP? [SOLVED]
Replies: 3
Views: 241

Domain name in address list not resolve to IP? [SOLVED]

I am using 6.42.3 on a CCR1009 I have 2 different domain name with the same IP, I add both to the address list but only one of them will be resolve into IP, both of them are working if only just have one of them in the list I had try recreate both of them but it still not working, is this a bug or I...
by DummyPLUG
Sun May 27, 2018 12:24 pm
Forum: General
Topic: Possibe to limit total upload + download bandwidth?
Replies: 0
Views: 139

Possibe to limit total upload + download bandwidth?

We have a 1000/1000Mbps connection, but when the download is using >800Mbps the upload will be slow down to <400Mbps or vice versa (that is only 1200Mbps combined) due to the ISP's limit Is it possible to limit the download bandwidth so the upload can use full capacity, but give all bandwidth to dow...
by DummyPLUG
Tue May 22, 2018 8:52 am
Forum: General
Topic: DNSSEC
Replies: 33
Views: 7567

Re: DNSSEC

Just switch from a draytek to ccr1009, but because lack of DNSSEC I am not sure if the CCR will go in production at all