Community discussions

MikroTik App

Search found 79 matches

by DummyPLUG
Wed Oct 16, 2019 6:04 pm
Forum: Announcements
Topic: Winbox v3.20 released!
Replies: 42
Views: 57635

Re: Winbox v3.20 released!

Interface Link up/down date and time still incorrect, one of the reason I am still using 3.16.
by DummyPLUG
Tue Sep 10, 2019 2:51 am
Forum: Wireless Networking
Topic: Disable RSTP solve my roaming issue
Replies: 2
Views: 2394

Re: Disable RSTP solve my roaming issue

Best solution is something support 802.11k/v/r, I don't think mikrotik got these right now
by DummyPLUG
Mon Sep 09, 2019 8:49 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 256007

Re: RouterOS v7.0 beta1 - when?

Any info about V7 on Tile? (CCR)
No current ETA can be given but won't be years...
decades?
by DummyPLUG
Fri Sep 06, 2019 8:20 am
Forum: General
Topic: Policy to block website in Mikrotik increase CPU
Replies: 16
Views: 3941

Re: Policy to block website in Mikrotik increase CPU

what is the /tool profile indicating? could you share details on how the blocking works? find the policy how we are blocking /ip firewall filter add action=drop chain=forward dst-address-list=DoT-block /ip firewall address-list add address=xmovies8.com list=DoT-block add address=xmovies8.ru list=Do...
by DummyPLUG
Mon Aug 05, 2019 9:13 am
Forum: Announcements
Topic: Winbox v3.19 released!
Replies: 33
Views: 42048

Re: Winbox v3.19 released!

Przechwytywanie.PNG

Is this winbox or os issue? Timestamp is wrong and dynamic which means if I log in after 5 minutes, it will show this time + 5 minutes. Always 3 days ahead.
winbox issue, last known good version is 3.16
by DummyPLUG
Thu Aug 01, 2019 4:22 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 205
Views: 86940

Re: v6.45.2 [stable] is released!

What's new in 6.45.3 (2019-Jul-29 12:11): Important note!!! Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after...
by DummyPLUG
Wed Jul 31, 2019 7:47 am
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 84792

Re: v6.44.5 [long-term] is released!

AFAIK only "support" for DNSSEC in RouterOS is when you ask its resolver for DNSSEC-related records, it will ask upstream resolver and if it gets them from there, it will pass them on. But it's nothing special, any resolver that's not horribly broken does that. well at least it pass the r...
by DummyPLUG
Tue Jul 30, 2019 7:53 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 84792

Re: v6.44.5 [long-term] is released!

when did routeros start support DNSSEC? with 6.44.5 I see it support dnssec but no validation, as I remember I didn't see it support DNSSEC before.
by DummyPLUG
Thu Jul 18, 2019 10:09 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 106152

Re: v6.46beta [testing] is released!

not strictly a [testing] topic, but the routerboot changelog looks kinda deserted: https://wiki.mikrotik.com/wiki/RouterBOOT_changelog https://i.imgur.com/RiT4efs.png They leaved clear that wiki's page will not be updated... But would be great to know the changes for every RBoot version, even if th...
by DummyPLUG
Sun Apr 14, 2019 9:05 am
Forum: Beginner Basics
Topic: Router for my new home!
Replies: 14
Views: 3533

Re: Router for my new home!

my suggestion is use a router and an wifi AP, not a all in one.
it is likely you change the wifi ap every 2~3 year for newer standard but a good router can serve you for 6~10 years at least
also the best place for the router may not be a good place for for the wifi signal.
by DummyPLUG
Fri Mar 22, 2019 12:57 am
Forum: General
Topic: Attempt of attacks through Remote Desktop [SOLVED]
Replies: 6
Views: 4508

Re: Attempt of attacks through Remote Desktop [SOLVED]

If the computer you are using to connect to RD is using dynamic IP you can setup a ddns for it and only allow it to connect using address list
by DummyPLUG
Fri Mar 22, 2019 12:31 am
Forum: General
Topic: Feature Request: Separate the firmware(bootloader) and routeros version number
Replies: 8
Views: 2033

Re: Feature Request: Separate the firmware(bootloader) and routeros version number

Please re-read what @mkx posted and note: /set sarcasm=on and /set sarcasm=off
I really miss it, I thought that is some command I didn't know :lol:
by DummyPLUG
Thu Mar 21, 2019 3:11 pm
Forum: General
Topic: Feature Request: Separate the firmware(bootloader) and routeros version number
Replies: 8
Views: 2033

Re: Feature Request: Separate the firmware(bootloader) and routeros version number

or I really need to update the bootloader everytime? /set sarcasm=on You do. According to MT policy it's a major security breach to run Routerboot anything else than the latest one ... recently they started to force the same policy even for CRS328 units running SwOS ... If you don't update Routerbo...
by DummyPLUG
Thu Mar 21, 2019 2:11 pm
Forum: General
Topic: Feature Request: Separate the firmware(bootloader) and routeros version number
Replies: 8
Views: 2033

Feature Request: Separate the firmware(bootloader) and routeros version number

I am so confuse to determine when will need a firmware(bootloader) update when it is the same as routeros version number, I was told I don't need to update the firmware everytime as even the version number increase the bootloader may not have change at all, so what's the point to keep they the same ...
by DummyPLUG
Tue Mar 05, 2019 8:59 am
Forum: Beginner Basics
Topic: Noob default route question
Replies: 8
Views: 1690

Re: Noob default route question

That is right. You can't create manual route with distance 0.
Thanks for heads up, I think I mix up something with fortios again, ha ha
by DummyPLUG
Mon Mar 04, 2019 8:31 pm
Forum: Beginner Basics
Topic: Noob default route question
Replies: 8
Views: 1690

Re: Noob default route question

did you have the manually added route 0.0.0.0/0 with distance 0? If so it may be the problem.
by DummyPLUG
Fri Mar 01, 2019 9:23 am
Forum: General
Topic: Feature Request Are you sure Button when disabling interface
Replies: 4
Views: 1978

Re: Feature Request Are you sure Button when disabling interface

anyway is it possible to have safe mode enable by default? some of our tech had always forget to enable it before work on it.
by DummyPLUG
Fri Mar 01, 2019 9:08 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 218
Views: 96534

Re: v6.44 [stable] is released!

Incorrect time is cosmetic Winbox bug noticed when there are multiple Winbox instances open. If you check in terminal, time is reported correctly.
But it happen for me even with one winbox instance, I had this problem with 3.17/3.18 and no problem with 3.16
by DummyPLUG
Sat Feb 16, 2019 10:23 am
Forum: Beginner Basics
Topic: Finding a firewalled connection [SOLVED]
Replies: 4
Views: 2418

Re: Finding a firewalled connection [SOLVED]

Depends, but in most case I will log to a remote syslog server and exam later
by DummyPLUG
Fri Feb 15, 2019 7:30 pm
Forum: Beginner Basics
Topic: Setting up incoming traffic [SOLVED]
Replies: 14
Views: 2940

Re: Setting up incoming traffic [SOLVED]

You mean there is another router (provide by ISP?) before the mikrotik? If so see if that router can set to "bridge mode" sometime DMZ won't solve double nat problem Its seems this DMZ actually does what it says :) Most of the time, but not everything works right for double nat even after...
by DummyPLUG
Fri Feb 15, 2019 7:29 pm
Forum: Beginner Basics
Topic: Setting up incoming traffic [SOLVED]
Replies: 14
Views: 2940

Re: Setting up incoming traffic [SOLVED]

Try google for solutions, may be somebody had figure a way to use bridge mode for that modem or find a way to use their own router to do pppoe
by DummyPLUG
Fri Feb 15, 2019 7:18 pm
Forum: Beginner Basics
Topic: Setting up incoming traffic [SOLVED]
Replies: 14
Views: 2940

Re: Setting up incoming traffic [SOLVED]

You mean there is another router (provide by ISP?) before the mikrotik? If so see if that router can set to "bridge mode"

sometime DMZ won't solve double nat problem
by DummyPLUG
Fri Feb 15, 2019 5:28 pm
Forum: Beginner Basics
Topic: Setting up incoming traffic [SOLVED]
Replies: 14
Views: 2940

Re: Setting up incoming traffic [SOLVED]

First of all make sure ping isn't filter by your ISP, as I can't see your firewall config so I can't comment on that.
and you said VPN isn't working, is that a PPTP or IPSec or OVPN?
by DummyPLUG
Mon Feb 04, 2019 6:15 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions
Replies: 10
Views: 3881

Re: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions

I'm getting 10G easily with fasttrack, even without jumbo frames. Here's more detailed performance analysis for more home oriented usage: https://forum.mikrotik.com/viewtopic.php?t=138626 I think this really depends on config, I can also get my CCR1009 go with full 1Gbps with limited set of rules a...
by DummyPLUG
Mon Feb 04, 2019 10:40 am
Forum: RouterBOARD hardware
Topic: Cheapest way to bridge 10Gb SFP+ to 1Gb copper
Replies: 1
Views: 1114

Re: Cheapest way to bridge 10Gb SFP+ to 1Gb copper

CRS305 + 1 Cheap 1G coper SPF or CRS326 ?
by DummyPLUG
Sun Feb 03, 2019 3:07 pm
Forum: Beginner Basics
Topic: Question about correct fasttrask fules
Replies: 3
Views: 984

Re: Question about correct fasttrask fules

Are these two rules one after another (no other rule in between) and in this exact order? If answer is yes to both questions, then it is indeed weird for the second one to catch anything. You could add "log=yes log-prefix=ftrack" to the second rule and check what kind of traffic triggers ...
by DummyPLUG
Sun Feb 03, 2019 1:12 pm
Forum: Beginner Basics
Topic: Question about correct fasttrask fules
Replies: 3
Views: 984

Question about correct fasttrask fules

I am tesing these 2 rules: add action=fasttrack-connection chain=forward comment=Fasttrack connection-state=established,related add action=fasttrack-connection chain=forward comment=Fasttrack connection-state=established,related in-interface-list=WAN out-interface-list=LAN I found that the below one...
by DummyPLUG
Fri Feb 01, 2019 9:08 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions
Replies: 10
Views: 3881

Re: CCR1009-8G-1S-1S+ Can't get more than 350-450 Mbps single session, can get more with multiple sessions

Same story on CCR1009-7G, need to enable fasttrack then I can have 800~900Mbps for single connection, without fasttrack it also limited at 300~500Mbps too but none of the CPU goes over 60% usage
by DummyPLUG
Wed Dec 19, 2018 3:13 pm
Forum: Announcements
Topic: Product comparison matrix
Replies: 30
Views: 26390

Re: Product comparison matrix

Need fan/fanless detail, also number of fan.
by DummyPLUG
Sun Nov 11, 2018 12:05 pm
Forum: Beginner Basics
Topic: How to bypass the VPN for a specific website?
Replies: 2
Views: 1874

Re: How to bypass the VPN for a specific website?

I think if you follow that guide all you need is add !dst address for the mangle rule which the dst address is the ip you don't want to go throught the VPN, you can use a dst address list instead.
by DummyPLUG
Wed Nov 07, 2018 2:57 pm
Forum: General
Topic: Feature request: Force sending of DHCP options to clients
Replies: 71
Views: 21339

Re: Feature request: Force sending of DHCP options to clients

Because of the china telecom 4K IPTV devices need force option-125. I have google "ros force dhcp option" since 2016. Now time is 2018 , it disappointed me again . Ok but why don't you request china telecom to put the option 125 request in the DHCP request packet? That would be the normal...
by DummyPLUG
Mon Oct 29, 2018 6:48 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 46393

Re: v6 RC and v7 BETA

which one will release first, Halflife 3 or V7 beta ?
by DummyPLUG
Thu Oct 25, 2018 2:28 am
Forum: Beginner Basics
Topic: Bridge filter didn't work [SOLVED]
Replies: 2
Views: 1550

Bridge filter didn't work [SOLVED]

I have a CCR1009 with 2 bridges, I want to block traffic between the bridges without vlan so I try to use bridge filter, but the bridge filter didn't catch any traffic, I had enable use ip filter and disable fastpath in bridge setting. /interface bridge filter add action=drop chain=forward in-bridge...
by DummyPLUG
Tue Oct 23, 2018 7:05 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50775

Re: v6.43.4 [stable] is released!

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak. Upgraded our CCR1009s to 6.43.4 yesterday and no issues so far. In our case memory consumption e...
by DummyPLUG
Mon Oct 22, 2018 6:19 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50775

Re: v6.43.4 [stable] is released!

CCR1009, memory usage higher then normal and keep increasing slowly when compare to 6.42.7, I am talking about 100MB+ different, as I had schedule reboot so dunno if it just higher memory usage or leak.
by DummyPLUG
Sun Oct 21, 2018 7:55 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 487
Views: 270757

Re: Tik App, MikroTik android utility ALPHA test

Yeah, please stop development for iOS immediately because one user dislikes Apple..
Sorry but it's already 2 users, I don't like bitten-apple too :D
Make it 3, an Apple a day scare admin away.
by DummyPLUG
Thu Oct 18, 2018 3:50 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 85152

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

beware that of them are using PL2303 series chipset and some of them are using fake PL2303 chipset, the latest driver and win10 driver will refuse to work with them. If you look for a Serial to USB cable better check if can work in win10 without manually install any driver. Could be, I never use Wi...
by DummyPLUG
Tue Oct 16, 2018 7:50 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 85152

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

are those 3 hidden spots with Rx, Tx, and GND marking real serial port or just ... TTL serial. Get a TTL serial to USB converter from aliexpress or similar, and you can connect it to a PC and watch the boot procedure. (or even flash new firmware over serial when you are patient) Speak about TTL ser...
by DummyPLUG
Mon Oct 08, 2018 5:29 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 2580

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing. Because you have better interface for your packets with source address of your directly conne...
by DummyPLUG
Mon Oct 08, 2018 4:59 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 2580

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing. Because you have better interface for your packets with source address of your directly conne...
by DummyPLUG
Mon Oct 08, 2018 4:31 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 2580

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing.
by DummyPLUG
Mon Oct 08, 2018 4:15 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 2580

Re: Policy Base Routing not working [SOLVED]

I am also not that good in this. If you only use routing then you have route also the returning package.

I use connection marking for this because I am lazy. ;-)
May you teach me how to use connection marking for policy base routing? still pulling my hair out :(
by DummyPLUG
Mon Oct 08, 2018 3:45 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 2580

Policy Base Routing not working [SOLVED]

I am still new to RouterOS, today I try to setup a PPTP client on the CCR1009 which connect to office vpn server, I want only specific IP go through the PPTP connection only. The CCR1009 ip range is 192.168.11.0/24, office's vpn server give out 192.168.10.2 to the CCR1009's PPTP client, and the offi...
by DummyPLUG
Sun Sep 23, 2018 2:52 pm
Forum: General
Topic: Wrong "Last Link Down Time" in Winbox
Replies: 24
Views: 10528

Re: Wrong "Last Link Down Time" in Winbox

Happen to my CCr1009-7G too, everywhere is correct except in winbox, beside link down time the "last link up time" will sometime display the current time instead of the correct one
by DummyPLUG
Fri Sep 14, 2018 5:31 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70814

Re: v6.43 [current] is released!

CCR1009, just found out all the "last link up time" is the current time in winbox (except those have link down will be in future), anyone have the same issue?
by DummyPLUG
Thu Sep 13, 2018 10:17 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70814

Re: v6.43 [current] is released!

After update to 6.43 sometime the time will show in future, the correct link down time should be around Sep/13/2018 3:40 AM from syslog: 03:40:18 interface,info ether3 link down 03:40:33 interface,info ether3 link up (speed 100M, full duplex) 03:40:36 interface,info ether3 link down 03:40:39 interfa...
by DummyPLUG
Mon Sep 10, 2018 8:48 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70814

Re: v6.43 [current] is released!

10G on CCR1009 ethernet port? cosmetic issue?
Image
by DummyPLUG
Sat Sep 08, 2018 10:03 pm
Forum: General
Topic: NTFS support
Replies: 38
Views: 14680

Re: NTFS support

May be I should ask why our nexus can't install windows.
by DummyPLUG
Sat Sep 08, 2018 10:01 pm
Forum: General
Topic: NTFS support
Replies: 38
Views: 14680

Re: NTFS support

It doesn't really matter what they are designed for (for most people, hAPs are way overpowered for simple AP). But even if you look at something that's supposed to be home router (RB2011 perhaps), it's still the same. MikroTik tried to expand to home market, which was great, because so many home ro...
by DummyPLUG
Mon Sep 03, 2018 5:40 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631774

Re: Feature requests

resend syslog email if fail to send, currently any syslog email will be discard if fail to send which raise a problem if wan or mail server down.
by DummyPLUG
Sat Aug 11, 2018 9:26 pm
Forum: Beginner Basics
Topic: Question about chain in firewall filter [SOLVED]
Replies: 2
Views: 1373

Question about chain in firewall filter [SOLVED]

Forgive me if this sounds stupid, for my understanding each packet will go through all filter rules unless it have a match, if I have 10 rules for input chain and another 10 rules for forward chain, is that a packet come from Wan destination to Lan will only go though the 10 rules in forward chain o...
by DummyPLUG
Wed Aug 08, 2018 9:16 pm
Forum: Beginner Basics
Topic: Please help me get my network in order
Replies: 7
Views: 2074

Re: Please help me get my network in order

Beware of the asus router if you have flow control enable, I found the RT-AC68U will send out lot of pause frame when boot which cause the whole network stop working. I had help Asus debug it but they can't find a solution, the only workaround is turn off flow control but Asus said they can't do it,...
by DummyPLUG
Mon Aug 06, 2018 6:40 pm
Forum: General
Topic: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC
Replies: 18
Views: 6577

Re: CCR1009-7G-1C-1S+ vs CCR1009-7G-1C-1S+PC

I have both, the default CPU frequency is lower on PC model, but easy to clock it back to 1200MHz without issue (assume in a not so hot environment), it is smaller and the LCD screen is on the top so is good for wallmount in network equipment box. If you don't mind the fan noise or size get the non ...
by DummyPLUG
Mon Aug 06, 2018 12:43 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176608

Re: Winbox vulnerability: please upgrade

As other said make a CVE for each vulnerability, it is easier to know if we are taking about the same thing. for example right now we know which winbox vulnerability we are talking about just because there is only one, if there is another one in future how can we know which one we are talking about?...
by DummyPLUG
Fri Aug 03, 2018 8:39 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176608

Re: Winbox vulnerability: please upgrade

From https://wiki.mikrotik.com/wiki/Manual:IP/Services it said MAC winbox using 20561/udp, is that it is better to block this port too?
by DummyPLUG
Fri Aug 03, 2018 6:54 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]
Replies: 13
Views: 7833

Re: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]

I have disconnection issue few months ago, the link will down if that night is hot, and need to set to 100MB full duplex for stable connection, it usually disconnect at the same time, finally we find out it is the problem of a faulty ethernet patch panel of our building, punch it again solve the pro...
by DummyPLUG
Fri Aug 03, 2018 6:26 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]
Replies: 13
Views: 7833

Re: CCR1009-7G-1S-1C+PC Problem OverHeat [SOLVED]

I live in Hong Kong with CCR1009-7G-1S-1C+PC, o.c. to 1200MHz router temp is always above 40C (place it 45degree again the wall) and CPU is 56C at best when idle, it always go over 60C underload without problem. few things can improve the temp: 1. try place it 45 degree against the wall, this is the...
by DummyPLUG
Wed Aug 01, 2018 11:52 pm
Forum: Beginner Basics
Topic: Set vlan interface as DHCP server [SOLVED]
Replies: 12
Views: 11339

Re: Set vlan interface as DHCP server [SOLVED]

Out of interest - what would be use for VLANs on a home network? Except of course specifically learning about the technology, but otherwise at home network I have yet to find use for VLANs therefore I am happy to have avoided the complication so far. such as sperate untrusted device from trusted, a...
by DummyPLUG
Fri Jul 27, 2018 2:35 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 117
Views: 73534

Re: Security announcement blog

Is there a way to sign up for email announcements of new articles too?
+1
RSS is good, but will be nice to have some mailing list for security announcement and firmware update
by DummyPLUG
Thu Jul 26, 2018 5:03 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 5514

Re: How to block IPv6 for specific device?

I use the MAC of the device in IPv6 RAW and block on ICMP 135 code 0. 133 and 135 works, the problem is I can't block 134, actually I don't see any 134 too but the device still generate Ipv6 Address Any luck yet? Not yet, although I understand the reason behind it I think I better just disable ipv6...
by DummyPLUG
Tue Jul 24, 2018 10:13 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 5514

Re: How to block IPv6 for specific device?

I use the MAC of the device in IPv6 RAW and block on ICMP 135 code 0.
133 and 135 works, the problem is I can't block 134, actually I don't see any 134 too but the device still generate Ipv6 Address
by DummyPLUG
Tue Jul 24, 2018 9:24 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 5514

Re: How to block IPv6 for specific device?

Nothing. What you want cannot be done. Except when you split your LAN into two different networks, on one you announce IPv6 and on the other you don't. This second LAN can be a single port on your router. Just take it out of the bridge, put an IPv4 subnet on it, configure DHCP when required, and of...
by DummyPLUG
Tue Jul 24, 2018 9:04 pm
Forum: Beginner Basics
Topic: How to block IPv6 for specific device?
Replies: 7
Views: 5514

How to block IPv6 for specific device?

As some my deivce cannot turn off IPv6 and it also unstable when using it, so I try to filter all IPv6 packet for it, I successfully filter most IPv6 packet include ICMPv6 type 133/135 by drop all IPv6 (86dd) packet but that device still can receive RA and generate the IPv6 address.I also try to fil...
by DummyPLUG
Sun Jul 08, 2018 9:17 am
Forum: General
Topic: DNSSEC
Replies: 43
Views: 23533

Re: DNSSEC

Simple: do not use the resolver in the MikroTik for clients, but let them directly use 1.1.1.1 or 8.8.8.8 or similar. (advertised via DHCP) I think there's a lot of reasons people wouldn't want to do that though. What are those reasons? With most routers on the market, the built-in resolver is limi...
by DummyPLUG
Sun Jun 24, 2018 10:56 pm
Forum: Beginner Basics
Topic: syslog Email fail to send will not retry again
Replies: 0
Views: 657

syslog Email fail to send will not retry again

I am using CCR1009 with 6.42.3, if a syslog email can't send then I never see it resend later, is it possibale to make it retry to send?
by DummyPLUG
Sat Jun 23, 2018 6:07 am
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 39384

Re: v6.42.4 [current]

after update to 6.42.4 DHCP server cannot assign IP to some of our IP cam (mostly Foscam) randomly with this message: dhcp,warning dhcp1 offering lease 192.168.xxx.xxx for 44:2C:05:xx:xx:xx without success, never have the same problem with 6.42.3
by DummyPLUG
Thu Jun 21, 2018 3:18 am
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 39384

Re: v6.42.4 [current]

CCR1009, confirm DNS server stop working after about a few hours after update to 6.42.4
by DummyPLUG
Sun Jun 17, 2018 7:39 pm
Forum: Beginner Basics
Topic: L2TP & IPSEC with Windows 10
Replies: 12
Views: 7298

Re: L2TP & IPSEC with Windows 10

RAS key? I had something similar for win10 in the past which cause by the modem block fragmented IP packets, fixed by switch to other cert make the payload smaller and don't need fragmentation.
by DummyPLUG
Fri Jun 15, 2018 10:10 am
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631774

Re: Feature requests

Please add port redirect in IPv6 firewall, will much easier to force all http/https redirect to proxy and redirect all free/public DNS server access back to local dns server.
p.s. newer linux kernel and ip6tables already support this, hope routeros will have this feature as well.
by DummyPLUG
Thu Jun 07, 2018 8:32 pm
Forum: General
Topic: Add print server (printer support)
Replies: 145
Views: 102211

Re: Add print server (printer support)

Just buy one of those "usb print server" device, much cheaper than a routerboard
by DummyPLUG
Tue Jun 05, 2018 8:17 am
Forum: General
Topic: Dynamic DNS inside a LAN
Replies: 35
Views: 8752

Re: Dynamic DNS inside a LAN

I know some asus router support pptp, some newer model even have openvpn, but I don't know the performance, and I don't know if it can port forward to the vpn interface (I had some asus router, but I use them as AP only) update: just check one of my RT-AC86U with firmware 3.0.0.4.384.20942, it have...
by DummyPLUG
Sun Jun 03, 2018 9:20 pm
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 208
Views: 101720

Re: Future of LTE products, user feedback requested

I come from Hong Kong, support of 3G and even 2G is a must, because in some area 4G is much slower then 3G (example: CMHK in some Hospital), and few years ago CMHK just have 2G and 4G data service so fallback to 3G will not work at all. I quite sure there must be some other network provider in the w...
by DummyPLUG
Sun Jun 03, 2018 9:03 pm
Forum: Announcements
Topic: v6.42.3 [current]
Replies: 80
Views: 47569

Re: v6.42.3 [current]

There is some issue with firewall rules or maybe they work differently now.I think it started with 42.2 version. My ICMP rules made on input and/or forward chains are ignored. They were working just fine in 42.1. I usually drop ICMP Type 8 Echo Request when i am not playing online games from WAN (B...
by DummyPLUG
Sun Jun 03, 2018 8:24 pm
Forum: General
Topic: Dynamic DNS inside a LAN
Replies: 35
Views: 8752

Re: Dynamic DNS inside a LAN

It's simple. You need VPN server on friend's side, connect your router to it as client, and then forward some ports from their public address to you via the tunnel. Exact configuration depends on router. VPN can, in theory, be anything supported by RouterOS (PPTP, L2TP, SSTP, OpenVPN, IPSec). I jus...
by DummyPLUG
Sun May 27, 2018 3:20 pm
Forum: General
Topic: Domain name in address list not resolve to IP? [SOLVED]
Replies: 3
Views: 2105

Re: Domain name in address list not resolve to IP? [SOLVED]

I am using 6.42.3 on a CCR1009 I have 2 different domain name with the same IP, I add both to the address list but only one of them will be resolve into IP, both of them are working if only just have one of them in the list I had try recreate both of them but it still not working, is this a bug or ...
by DummyPLUG
Sun May 27, 2018 2:55 pm
Forum: General
Topic: Domain name in address list not resolve to IP? [SOLVED]
Replies: 3
Views: 2105

Domain name in address list not resolve to IP? [SOLVED]

I am using 6.42.3 on a CCR1009 I have 2 different domain name with the same IP, I add both to the address list but only one of them will be resolve into IP, both of them are working if only just have one of them in the list I had try recreate both of them but it still not working, is this a bug or I...
by DummyPLUG
Sun May 27, 2018 12:24 pm
Forum: General
Topic: Possibe to limit total upload + download bandwidth?
Replies: 0
Views: 708

Possibe to limit total upload + download bandwidth?

We have a 1000/1000Mbps connection, but when the download is using >800Mbps the upload will be slow down to <400Mbps or vice versa (that is only 1200Mbps combined) due to the ISP's limit Is it possible to limit the download bandwidth so the upload can use full capacity, but give all bandwidth to dow...
by DummyPLUG
Tue May 22, 2018 8:52 am
Forum: General
Topic: DNSSEC
Replies: 43
Views: 23533

Re: DNSSEC

Just switch from a draytek to ccr1009, but because lack of DNSSEC I am not sure if the CCR will go in production at all