Community discussions

Search found 5694 matches

by mrz
Wed Dec 05, 2018 4:49 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

will still be single-threaded
kind of but not exactly
by mrz
Fri Nov 30, 2018 12:30 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 82
Views: 15683

Re: URGENT security reminder

Same old
by mrz
Wed Nov 28, 2018 4:43 pm
Forum: Forwarding Protocols
Topic: Remove BGP Prepend
Replies: 7
Views: 2583

Re: Remove BGP Prepend

There is no such thing as BGP_PREPEND attribute. What set-bgp-prepend does is prepends your own AS number x times. If value is set to 0 then peer's own AS is removed from AS_PATH. So this parameter should not be set to 0 if network is originated by the router, since update received from eBGP peer re...
by mrz
Tue Nov 27, 2018 12:37 pm
Forum: General
Topic: Slow API
Replies: 2
Views: 141

Re: Slow API

Xeon core performance is a lot higher than CCR, os it is expected behavior that API response is slower too.
by mrz
Tue Nov 27, 2018 12:09 pm
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 1147

Re: MPLS MTU Calculations

by mrz
Tue Nov 27, 2018 11:55 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 1147

Re: MPLS MTU Calculations

+ control word (if it is enabled)
by mrz
Mon Nov 26, 2018 12:26 pm
Forum: Forwarding Protocols
Topic: Wrong priority for some routes in bgp
Replies: 2
Views: 210

Re: Wrong priority for some routes in bgp

Instance for both peers is the same?
by mrz
Fri Nov 02, 2018 5:14 pm
Forum: Forwarding Protocols
Topic: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]
Replies: 4
Views: 226

Re: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]

stub area => inject-summary-lsas=yes type=stub
totally stubby area => inject-summary-lsas=no type=stub
nssa => type=nssa

Currently no other option possible.
by mrz
Mon Oct 29, 2018 10:56 am
Forum: Forwarding Protocols
Topic: ip route cache BUG
Replies: 32
Views: 8000

Re: ip route cache BUG

Currently it is known that OVPN interface reconnects are responsible for route cache leaks.
by mrz
Fri Oct 26, 2018 9:40 am
Forum: General
Topic: [ASK] default configuration second part
Replies: 7
Views: 313

Re: [ASK] default configuration second part

Documentation clearly describes what it does: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter#Properties Matches the policy used by IpSec. Value is written in following format: direction, policy. Direction is Used to select whether to match the policy used for decapsulation or the policy th...
by mrz
Thu Oct 25, 2018 12:04 pm
Forum: General
Topic: [ASK] default configuration second part
Replies: 7
Views: 313

Re: [ASK] default configuration second part

no.
by mrz
Thu Oct 25, 2018 12:02 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 18895

Re: v6.42.9 [long-term] is released!

Bridge always worked that way and if suddenly bridge with inactive (no ports) will not have running flag, it will break all configurations with loopbacks and other configurations where bridge is used as dummy interface.
by mrz
Mon Oct 22, 2018 9:28 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 15415

Re: v6.43.4 [stable] is released!

x86 upgrade will take a little bit longer and show following script error in log file, while Mikrotik devices not: DefConf Gen: Unable to find ethernet interfaces Error may appear if default script generator is unable to find Ethernet interfaces within 30seconds after boot. On x86 you shouldn't wor...
by mrz
Mon Oct 22, 2018 9:25 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 294
Views: 29492

Re: RB4011

@Etz please generate supout file and send it to support.
by mrz
Thu Oct 18, 2018 1:13 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 5283

Re: Built in function library

Completely unrelated to original topic.
by mrz
Thu Oct 18, 2018 9:43 am
Forum: Forwarding Protocols
Topic: Graceful restart
Replies: 2
Views: 345

Re: Graceful restart

Graceful restart currently is not supported.
by mrz
Wed Oct 17, 2018 3:41 pm
Forum: General
Topic: [ASK] default configuration
Replies: 7
Views: 315

Re: [ASK] default configuration

L2TP/Ipsec shouldn't be affected, because in this case Ipsec uses transport mode and source address is routers WAN address, so masquerade actually is not doing anything.
Problems must be somewhere else.
by mrz
Wed Oct 17, 2018 11:41 am
Forum: Scripting
Topic: Script problems for multiple interfaces in global variable [SOLVED]
Replies: 4
Views: 217

Re: Script problems for multiple interfaces in global variable [SOLVED]

add interfaces="$VLANBRDNAME,$VPNSERVER" routing-mark=$ROUTMARK
by mrz
Wed Oct 17, 2018 10:58 am
Forum: General
Topic: Script permissions
Replies: 4
Views: 667

Re: Script permissions

Or use dont-require-permissions=yes
by mrz
Wed Oct 17, 2018 10:02 am
Forum: General
Topic: [ASK] default configuration
Replies: 7
Views: 315

Re: [ASK] default configuration

Actual reason for this rule is that packets that should match ipsec policy must not be masqueraded. Masquerade will change source address and packets will fail to match against ipsec policy.
by mrz
Tue Oct 16, 2018 3:36 pm
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 1864

Re: iPhone XS and Mikrotik hAP ac

Will lock this, continue in wireless section
by mrz
Wed Oct 10, 2018 3:35 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 156
Views: 24649

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Changes regarding pools are not reverted. Fix changes how "solicit" packet is processed received from DHCPv6 clients that didn't have "Rapid Commit" enabled.
by mrz
Mon Oct 08, 2018 4:17 pm
Forum: General
Topic: Getting Error with IPSEC Configuration [SOLVED]
Replies: 3
Views: 285

Re: Getting Error with IPSEC Configuration [SOLVED]

Enable ipsec debug logs to get more info.
by mrz
Mon Oct 08, 2018 1:23 pm
Forum: General
Topic: Mikrotik as client don't ask for IPv6 address over IPsec ike2 tunnel
Replies: 2
Views: 257

Re: Mikrotik as client don't ask for IPv6 address over IPsec ike2 tunnel

Currently using this method ike2 will give out only IPv4 address, IPv6 is not implemented yet.
by mrz
Mon Oct 08, 2018 1:22 pm
Forum: General
Topic: No show the option DHCP
Replies: 1
Views: 178

Re: No show the option DHCP

Check /system package menu and verify that DHCP is installed/enabled
by mrz
Mon Oct 08, 2018 1:18 pm
Forum: General
Topic: No access to clients behind loadbalancer
Replies: 3
Views: 352

Re: No access to clients behind loadbalancer

You must ensure by mangle rules that forwarded connection from internet to LAN will always use the same interface.
by mrz
Mon Oct 08, 2018 1:11 pm
Forum: Scripting
Topic: get allowed value with api
Replies: 1
Views: 135

Re: get allowed value with api

You can't..
You should check what router you have and then based on type of router set parameters.
by mrz
Mon Oct 08, 2018 1:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: dhcp6 client always is requesting,can't get ipv6 prefix...
Replies: 2
Views: 381

Re: dhcp6 client always is requesting,can't get ipv6 prefix...

Enable dhcp debug logs to see what exactly is happening.
by mrz
Fri Oct 05, 2018 5:16 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 201
Views: 67252

Re: Feature Request: OpenVPN [ovpn] udp tunnels

LZO is deprecated, so you should be asking for LZ4 instead
by mrz
Fri Oct 05, 2018 4:51 pm
Forum: General
Topic: IPsec Mode Config and iPhone6 [SOLVED]
Replies: 11
Views: 600

Re: IPsec Mode Config and iPhone6 [SOLVED]

Router cannot respond to ipv4 pings with ipv6 packets. Run packet sniffer and see exactly what packet you are receiving, my guess is that phone is sending ipv6 packet not ipv4.
by mrz
Fri Oct 05, 2018 12:22 pm
Forum: General
Topic: a api problem, how to use /ip route remove [find routing-mark=test]
Replies: 1
Views: 129

Re: a api problem, how to use /ip route remove [find routing-mark=test]

There is no such thing as "find" in API, read the manual about API queries and search the forum, it has been asked many times before:
https://wiki.mikrotik.com/wiki/Manual:API#Queries
by mrz
Sat Sep 29, 2018 8:32 am
Forum: Scripting
Topic: /tool fetch - to variable [SOLVED]
Replies: 7
Views: 3504

Re: /tool fetch - to variable [SOLVED]

It means that fetch output will be sent to user variable.
by mrz
Tue Sep 25, 2018 11:35 am
Forum: Scripting
Topic: "No such item (4)" while counting connections
Replies: 11
Views: 450

Re: "No such item (4)" while counting connections

Connection tracking is large periodically changing table. While processing entries that entry could already be removed, so you will get no such item.
by mrz
Tue Sep 25, 2018 11:30 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 989
Views: 162535

Re: Feature requests

I join the request, i need secure way to use NordVPN. I'd like to ask to complete IPSEC/IKEv2 implementation. Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing. Such request is pretty useless. Defince what you consider "complete"? Which...
by mrz
Fri Sep 21, 2018 5:39 pm
Forum: Forwarding Protocols
Topic: OSPF: wrong lsa type
Replies: 14
Views: 491

Re: OSPF: wrong lsa type

Show OSPF config from 10.10.203.1 router
by mrz
Fri Sep 21, 2018 3:50 pm
Forum: Scripting
Topic: $ Sign Not Accepting from New Terminal
Replies: 5
Views: 232

Re: $ Sign Not Accepting from New Terminal

It is not recommended to use special characters used by console in anywhere else (including password). But if you really want to use it, then character need to be escaped \$
by mrz
Fri Sep 21, 2018 3:04 pm
Forum: Forwarding Protocols
Topic: OSPF: wrong lsa type
Replies: 14
Views: 491

Re: OSPF: wrong lsa type

No Type 5 LSA is only if you are redistributing routes via (redistribute-connecte, static, other ospf etc.) as it was mentioned previously
Or when ABR is changing from LSA type 7 to 5 (in case of NSSA)
by mrz
Fri Sep 21, 2018 12:43 pm
Forum: Forwarding Protocols
Topic: OSPF: wrong lsa type
Replies: 14
Views: 491

Re: OSPF: wrong lsa type

.. работает только при включении redistribute-other-ospf It most likely means that kh router uses different OSPF instance than other routers, and those routes from redistribute-other-ospf will be type 5 (external routes). OSPF creates a type 5 LSA for a subnet that is injected into OSPF from an ext...
by mrz
Thu Sep 20, 2018 4:28 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: IPv6 Firewall - Router Header
Replies: 4
Views: 303

Re: IPv6 Firewall - Router Header

As far as I know it is dropped by linux kernel, you do not need to add specific firewall rules for that. Correct me if I am wrong.
by mrz
Thu Sep 20, 2018 3:42 pm
Forum: Wireless Networking
Topic: Add mac address using milkrotik api call php
Replies: 3
Views: 196

Re: Add mac address using milkrotik api call php

Open terminal and type in /interface wireless registration-table add
What will you get?
by mrz
Thu Sep 20, 2018 1:40 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 40534

Re: Winbox vulnerability: please upgrade

would check firewall rules for unsafe entries on every upgrade
What is considered unsafe entry? And how would you determine that particular entry is unsafe in specific firewall?
by mrz
Thu Sep 20, 2018 11:18 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 40534

Re: Winbox vulnerability: please upgrade

No it does not, unless you scheduled automatic restarts.
by mrz
Thu Sep 20, 2018 11:15 am
Forum: General
Topic: Difficulty to use Mikrotik as OpenVPN client (TCP without compresion)
Replies: 2
Views: 204

Re: Difficulty to use Mikrotik as OpenVPN client (TCP without compresion)

Compression in PPP profile has nothing to do with LZO.
LZO is not supported, see the manual on which features are supported and which not:
https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN
by mrz
Thu Sep 20, 2018 11:13 am
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 1025

Re: restore back to identical devices never works :(

Like I said, did anyone reported these problems to support? Only now, with this thread to you. Hopefully you can put it on the agenda 😊 Write to support, specify what configuration you had on the router when you created backup (preferably generate supout file) then restore backup and generate anoth...
by mrz
Thu Sep 20, 2018 11:07 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 40534

Re: Winbox vulnerability: please upgrade

Even your "beloved" Microsoft does not force reboots. You choose when to reboot the PC.
by mrz
Wed Sep 19, 2018 2:57 pm
Forum: General
Topic: Cannot establish IPsec point to point VPN between Cisco RV180 and Mikrotik HAP ac2
Replies: 2
Views: 194

Re: Cannot establish IPsec point to point VPN between Cisco RV180 and Mikrotik HAP ac2

It means that phase1 fails because routers cannot communicate with each other. I would suggest to recheck firewall if UDP/500 is allowed.
by mrz
Wed Sep 19, 2018 1:28 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 1025

Re: restore back to identical devices never works :(

Like I said, did anyone reported these problems to support?