Community discussions

Search found 5679 matches

by mrz
Thu Oct 18, 2018 1:13 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 4135

Re: Built in function library

Completely unrelated to original topic.
by mrz
Thu Oct 18, 2018 9:43 am
Forum: Forwarding Protocols
Topic: Graceful restart
Replies: 2
Views: 167

Re: Graceful restart

Graceful restart currently is not supported.
by mrz
Wed Oct 17, 2018 3:41 pm
Forum: General
Topic: [ASK] default configuration
Replies: 7
Views: 250

Re: [ASK] default configuration

L2TP/Ipsec shouldn't be affected, because in this case Ipsec uses transport mode and source address is routers WAN address, so masquerade actually is not doing anything.
Problems must be somewhere else.
by mrz
Wed Oct 17, 2018 11:41 am
Forum: Scripting
Topic: Script problems for multiple interfaces in global variable [SOLVED]
Replies: 4
Views: 114

Re: Script problems for multiple interfaces in global variable [SOLVED]

add interfaces="$VLANBRDNAME,$VPNSERVER" routing-mark=$ROUTMARK
by mrz
Wed Oct 17, 2018 10:58 am
Forum: General
Topic: Script permissions
Replies: 4
Views: 261

Re: Script permissions

Or use dont-require-permissions=yes
by mrz
Wed Oct 17, 2018 10:02 am
Forum: General
Topic: [ASK] default configuration
Replies: 7
Views: 250

Re: [ASK] default configuration

Actual reason for this rule is that packets that should match ipsec policy must not be masqueraded. Masquerade will change source address and packets will fail to match against ipsec policy.
by mrz
Tue Oct 16, 2018 3:36 pm
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 1475

Re: iPhone XS and Mikrotik hAP ac

Will lock this, continue in wireless section
by mrz
Wed Oct 10, 2018 3:35 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 148
Views: 22446

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Changes regarding pools are not reverted. Fix changes how "solicit" packet is processed received from DHCPv6 clients that didn't have "Rapid Commit" enabled.
by mrz
Mon Oct 08, 2018 4:17 pm
Forum: General
Topic: Getting Error with IPSEC Configuration [SOLVED]
Replies: 3
Views: 213

Re: Getting Error with IPSEC Configuration [SOLVED]

Enable ipsec debug logs to get more info.
by mrz
Mon Oct 08, 2018 1:23 pm
Forum: General
Topic: Mikrotik as client don't ask for IPv6 address over IPsec ike2 tunnel
Replies: 2
Views: 228

Re: Mikrotik as client don't ask for IPv6 address over IPsec ike2 tunnel

Currently using this method ike2 will give out only IPv4 address, IPv6 is not implemented yet.
by mrz
Mon Oct 08, 2018 1:22 pm
Forum: General
Topic: No show the option DHCP
Replies: 1
Views: 150

Re: No show the option DHCP

Check /system package menu and verify that DHCP is installed/enabled
by mrz
Mon Oct 08, 2018 1:18 pm
Forum: General
Topic: No access to clients behind loadbalancer
Replies: 3
Views: 310

Re: No access to clients behind loadbalancer

You must ensure by mangle rules that forwarded connection from internet to LAN will always use the same interface.
by mrz
Mon Oct 08, 2018 1:11 pm
Forum: Scripting
Topic: get allowed value with api
Replies: 1
Views: 91

Re: get allowed value with api

You can't..
You should check what router you have and then based on type of router set parameters.
by mrz
Mon Oct 08, 2018 1:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: dhcp6 client always is requesting,can't get ipv6 prefix...
Replies: 2
Views: 306

Re: dhcp6 client always is requesting,can't get ipv6 prefix...

Enable dhcp debug logs to see what exactly is happening.
by mrz
Fri Oct 05, 2018 5:16 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 191
Views: 63795

Re: Feature Request: OpenVPN [ovpn] udp tunnels

LZO is deprecated, so you should be asking for LZ4 instead
by mrz
Fri Oct 05, 2018 4:51 pm
Forum: General
Topic: IPsec Mode Config and iPhone6 [SOLVED]
Replies: 11
Views: 513

Re: IPsec Mode Config and iPhone6 [SOLVED]

Router cannot respond to ipv4 pings with ipv6 packets. Run packet sniffer and see exactly what packet you are receiving, my guess is that phone is sending ipv6 packet not ipv4.
by mrz
Fri Oct 05, 2018 12:22 pm
Forum: General
Topic: a api problem, how to use /ip route remove [find routing-mark=test]
Replies: 1
Views: 99

Re: a api problem, how to use /ip route remove [find routing-mark=test]

There is no such thing as "find" in API, read the manual about API queries and search the forum, it has been asked many times before:
https://wiki.mikrotik.com/wiki/Manual:API#Queries
by mrz
Sat Sep 29, 2018 8:32 am
Forum: Scripting
Topic: /tool fetch - to variable [SOLVED]
Replies: 7
Views: 3155

Re: /tool fetch - to variable [SOLVED]

It means that fetch output will be sent to user variable.
by mrz
Tue Sep 25, 2018 11:35 am
Forum: Scripting
Topic: "No such item (4)" while counting connections
Replies: 11
Views: 336

Re: "No such item (4)" while counting connections

Connection tracking is large periodically changing table. While processing entries that entry could already be removed, so you will get no such item.
by mrz
Tue Sep 25, 2018 11:30 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 940
Views: 153476

Re: Feature requests

I join the request, i need secure way to use NordVPN. I'd like to ask to complete IPSEC/IKEv2 implementation. Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing. Such request is pretty useless. Defince what you consider "complete"? Which...
by mrz
Fri Sep 21, 2018 5:39 pm
Forum: Forwarding Protocols
Topic: OSPF: wrong lsa type
Replies: 14
Views: 406

Re: OSPF: wrong lsa type

Show OSPF config from 10.10.203.1 router
by mrz
Fri Sep 21, 2018 3:50 pm
Forum: Scripting
Topic: $ Sign Not Accepting from New Terminal
Replies: 5
Views: 181

Re: $ Sign Not Accepting from New Terminal

It is not recommended to use special characters used by console in anywhere else (including password). But if you really want to use it, then character need to be escaped \$
by mrz
Fri Sep 21, 2018 3:04 pm
Forum: Forwarding Protocols
Topic: OSPF: wrong lsa type
Replies: 14
Views: 406

Re: OSPF: wrong lsa type

No Type 5 LSA is only if you are redistributing routes via (redistribute-connecte, static, other ospf etc.) as it was mentioned previously
Or when ABR is changing from LSA type 7 to 5 (in case of NSSA)
by mrz
Fri Sep 21, 2018 12:43 pm
Forum: Forwarding Protocols
Topic: OSPF: wrong lsa type
Replies: 14
Views: 406

Re: OSPF: wrong lsa type

.. работает только при включении redistribute-other-ospf It most likely means that kh router uses different OSPF instance than other routers, and those routes from redistribute-other-ospf will be type 5 (external routes). OSPF creates a type 5 LSA for a subnet that is injected into OSPF from an ext...
by mrz
Thu Sep 20, 2018 4:28 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: IPv6 Firewall - Router Header
Replies: 4
Views: 244

Re: IPv6 Firewall - Router Header

As far as I know it is dropped by linux kernel, you do not need to add specific firewall rules for that. Correct me if I am wrong.
by mrz
Thu Sep 20, 2018 3:42 pm
Forum: Wireless Networking
Topic: Add mac address using milkrotik api call php
Replies: 3
Views: 155

Re: Add mac address using milkrotik api call php

Open terminal and type in /interface wireless registration-table add
What will you get?
by mrz
Thu Sep 20, 2018 1:40 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30917

Re: Winbox vulnerability: please upgrade

would check firewall rules for unsafe entries on every upgrade
What is considered unsafe entry? And how would you determine that particular entry is unsafe in specific firewall?
by mrz
Thu Sep 20, 2018 11:18 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30917

Re: Winbox vulnerability: please upgrade

No it does not, unless you scheduled automatic restarts.
by mrz
Thu Sep 20, 2018 11:15 am
Forum: General
Topic: Difficulty to use Mikrotik as OpenVPN client (TCP without compresion)
Replies: 2
Views: 141

Re: Difficulty to use Mikrotik as OpenVPN client (TCP without compresion)

Compression in PPP profile has nothing to do with LZO.
LZO is not supported, see the manual on which features are supported and which not:
https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN
by mrz
Thu Sep 20, 2018 11:13 am
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 893

Re: restore back to identical devices never works :(

Like I said, did anyone reported these problems to support? Only now, with this thread to you. Hopefully you can put it on the agenda 😊 Write to support, specify what configuration you had on the router when you created backup (preferably generate supout file) then restore backup and generate anoth...
by mrz
Thu Sep 20, 2018 11:07 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30917

Re: Winbox vulnerability: please upgrade

Even your "beloved" Microsoft does not force reboots. You choose when to reboot the PC.
by mrz
Wed Sep 19, 2018 2:57 pm
Forum: General
Topic: Cannot establish IPsec point to point VPN between Cisco RV180 and Mikrotik HAP ac2
Replies: 2
Views: 122

Re: Cannot establish IPsec point to point VPN between Cisco RV180 and Mikrotik HAP ac2

It means that phase1 fails because routers cannot communicate with each other. I would suggest to recheck firewall if UDP/500 is allowed.
by mrz
Wed Sep 19, 2018 1:28 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 893

Re: restore back to identical devices never works :(

Like I said, did anyone reported these problems to support?
by mrz
Wed Sep 19, 2018 12:49 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: ip cloud without default route
Replies: 4
Views: 242

Re: ip cloud without default route

It is not possible, please read some basic info how routing works.
If you do not need default route then add static route to cloud servers address manually.
by mrz
Tue Sep 18, 2018 5:19 pm
Forum: General
Topic: L2TP & Unsafe Config
Replies: 3
Views: 565

Re: L2TP & Unsafe Config

This is informative message so that you know potential risk of using PSK.
by mrz
Tue Sep 18, 2018 5:17 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: ip cloud without default route
Replies: 4
Views: 242

Re: ip cloud without default route

How do you expect router will reach cloud server without routes?
by mrz
Tue Sep 18, 2018 3:12 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 893

Re: restore back to identical devices never works :(

Did you report any of these problems to support?
by mrz
Tue Sep 18, 2018 2:32 pm
Forum: General
Topic: Best software to monitor bgp peers?
Replies: 2
Views: 102

Re: Best software to monitor bgp peers?

Zabbix can monitor ROS BGP peers
by mrz
Tue Sep 18, 2018 1:28 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 893

Re: restore back to identical devices never works :(

Define "same type of device"? Backup was never intended to work between different HW models.
You can restore backup reliably only on exactly the same HW model.
by mrz
Tue Sep 18, 2018 12:25 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 120
Views: 17997

Re: v6.44beta [testing] is released!

Because it is whole system backup.
by mrz
Mon Sep 17, 2018 4:55 pm
Forum: General
Topic: IPsec IKE2 can find valid sertificate [SOLVED]
Replies: 5
Views: 210

Re: IPsec IKE2 can find valid sertificate [SOLVED]

You need to import also CA, not just client cert.
by mrz
Mon Sep 17, 2018 4:31 pm
Forum: Scripting
Topic: port tracking in php PEAR2 Api
Replies: 2
Views: 125

Re: port tracking in php PEAR2 Api

API cannot do this, such selection must be done on your APP side.
by mrz
Mon Sep 17, 2018 4:28 pm
Forum: General
Topic: Bug: No such item(4) or object doesn't exist (4)
Replies: 5
Views: 308

Re: Bug: No such item(4) or object doesn't exist (4)

Those are dynamic interfaces, IDs will change on reconnect, if your script tries to edit interface that is at the same time reconnected you will get an error that item does not exist.
by mrz
Mon Sep 17, 2018 1:16 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30917

Re: Winbox vulnerability: please upgrade

How happy would you be if Tesla would suddenly reboot and try to upgrade in a middle of slippery mountain road with a lot of dangerous turns? Router is supposed to work 24/7 and it is not possible to guess what would be convenient time for each customer to upgrade and have network downtime. That is ...
by mrz
Mon Sep 17, 2018 11:17 am
Forum: Forwarding Protocols
Topic: OSPF: Filter routes using firewall
Replies: 4
Views: 191

Re: OSPF: Filter routes using firewall

It could be possible with L7 filters, but running such filters will consume a lot of CPU resources and another problem is that OSPF does not send one LSA per packet, so even if you get packet to match you will be dropping all LSAs in that packet. Not to mention that this whole filtering thing will g...
by mrz
Mon Sep 17, 2018 11:14 am
Forum: Forwarding Protocols
Topic: OSPF: Route not being filtered [SOLVED]
Replies: 12
Views: 436

Re: OSPF: Route not being filtered [SOLVED]

Onlu "external" routes can be filtered. Based on your configuration 192.168.126.216/29 is not advertised as "external".
by mrz
Mon Sep 17, 2018 11:07 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 244
Views: 30917

Re: Winbox vulnerability: please upgrade