Community discussions

Search found 5714 matches

by mrz
Wed Jan 09, 2019 6:31 pm
Forum: Announcements
Topic: v6.42.11 [long-term] is released!
Replies: 40
Views: 3831

Re: v6.42.11 [long-term] is released!

superchannel is not removed.Country selection is to comply with regulations.
If you want to break the law select superchannel, no country and keep using your link as before.
by mrz
Wed Jan 09, 2019 10:37 am
Forum: Scripting
Topic: auto upgrade -> set channel doesn't work anymore
Replies: 2
Views: 81

Re: auto upgrade -> set channel doesn't work anymore

Channel names have changed to "long-term", "stable", "testing"
by mrz
Tue Jan 08, 2019 3:42 pm
Forum: RouterOS v7
Topic: Issue Faced in BGP-VPNv4
Replies: 1
Views: 69

Re: Issue Faced in BGP-VPNv4

RouterOS closes connection whenever it receives malformed update. There are two possibilities, either remote peer sent actually malformed packet or packet contained attributes that RouterOS do not understand and think that they are malformed. I would suggest to run packet sniffer to catch which pack...
by mrz
Tue Jan 08, 2019 10:01 am
Forum: Forwarding Protocols
Topic: BGP Over GRE-- HOLD Timer Expired Subcode Zero
Replies: 8
Views: 240

Re: BGP Over GRE-- HOLD Timer Expired Subcode Zero

That is incomplete information. 1. On router A you have loopback for tunnel peering, on router B you don't 2. You have only 4 routes in routing table? what about BGP installed routes? As asked before provide IP addresses used for tunnel peering for both routers. And post the output of commands: /ip ...
by mrz
Mon Jan 07, 2019 4:37 pm
Forum: Forwarding Protocols
Topic: BGP Over GRE-- HOLD Timer Expired Subcode Zero
Replies: 8
Views: 240

Re: BGP Over GRE-- HOLD Timer Expired Subcode Zero

Show routing table output of both routers when BGP is established and specify what is the address tunnel is connected to.
by mrz
Mon Jan 07, 2019 1:55 pm
Forum: General
Topic: IPv6 Link-Local Addresses
Replies: 6
Views: 350

Re: IPv6 Link-Local Addresses

I would suggest not to remove link local addresses but block access in firewall.
by mrz
Mon Jan 07, 2019 11:33 am
Forum: Forwarding Protocols
Topic: BGP ignores local pref
Replies: 4
Views: 317

Re: BGP ignores local pref

Does both VPNv4 routes have unique RD? As far as I have seen it is happening when there is misconfiguration with route distinguishers.
by mrz
Fri Jan 04, 2019 5:27 pm
Forum: Forwarding Protocols
Topic: BGP Over GRE-- HOLD Timer Expired Subcode Zero
Replies: 8
Views: 240

Re: BGP Over GRE-- HOLD Timer Expired Subcode Zero

Look at routing table after BGP is established. Most likely because of how networks are advertised you are trying to reroute already encapsulated packets inside tunnel interface. Which obviously is not going to work.
by mrz
Thu Jan 03, 2019 2:34 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 143
Views: 17508

Re: v6.43.8 [stable] is released!

remove [find name="A"]

but I would suggest to use proper method and unset variables
:set A

If you have any further questions post in correct section, this is not v6.43.8 related.
by mrz
Thu Jan 03, 2019 1:37 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 143
Views: 17508

Re: v6.43.8 [stable] is released!

There will always be delays before items appear in the table. Slower CPU greater delay.
by mrz
Thu Jan 03, 2019 11:55 am
Forum: Scripting
Topic: unknown parameter API Error
Replies: 1
Views: 96

Re: unknown parameter API Error

use correct parameter names, there is no "name" for this command, but "user"
by mrz
Thu Dec 27, 2018 11:01 am
Forum: Forwarding Protocols
Topic: BGP over link-local IPv6 remote peer gets no prefixes
Replies: 4
Views: 283

Re: BGP over link-local IPv6 remote peer gets no prefixes

I assume it is eBGP peer, try to enable BGP debug logs, then you will see the reason why updates are ignored, most likely because advertised nexthop is not on the shared network.
by mrz
Fri Dec 21, 2018 2:12 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 143
Views: 17508

Re: v6.43.8 [stable] is released!

In wireless interface settings obviously.
by mrz
Fri Dec 21, 2018 1:29 pm
Forum: Beginner Basics
Topic: IPv6 subneting
Replies: 2
Views: 216

Re: IPv6 subneting

We cannot repeat the problem, please enable dhcp debug logs, enable dhcp client, make a supout file and send to support.
by mrz
Tue Dec 18, 2018 2:01 pm
Forum: Scripting
Topic: Script to disable BGP when OSPF neighbor down - No such item
Replies: 5
Views: 223

Re: Script to disable BGP when OSPF neighbor down - No such item

if ([/routing ospf neighbor find where address=\"192.168.37.1\"] != "") do={
#get state
{
by mrz
Tue Dec 18, 2018 1:44 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 318
Views: 52215

Re: v6.44beta [testing] is released!

set frequency-mode to regulatory-domain
by mrz
Tue Dec 18, 2018 1:37 pm
Forum: Scripting
Topic: Script to disable BGP when OSPF neighbor down - No such item
Replies: 5
Views: 223

Re: Script to disable BGP when OSPF neighbor down - No such item

Of course you will get no such item, because you are trying to get "state" parameter for non-existent item.

First check if ospf neighbor exist and only then try to get any params.
by mrz
Thu Dec 13, 2018 6:58 pm
Forum: General
Topic: HEX S and hardware IPSEC
Replies: 5
Views: 251

Re: HEX S and hardware IPSEC

Yes double encrypted. And you can play with change-mss rules in mangle to reduce TCP packet size to get better performance.
by mrz
Thu Dec 13, 2018 3:13 pm
Forum: General
Topic: HEX S and hardware IPSEC
Replies: 5
Views: 251

Re: HEX S and hardware IPSEC

There is no marketing trick. Test results are provided for pure ipsec tunnel with UDP traffic. In your case you are having additional load and overhead by using L2TP + l2tp encryption which is completely useless if you are using ipsec. Another thing is since you did not mention what protocol and pac...
by mrz
Thu Dec 13, 2018 2:06 pm
Forum: Forwarding Protocols
Topic: Top Level Router on Ospf Domain not able to get redistributed routes from NSSA Area [SOLVED]
Replies: 4
Views: 326

Re: Top Level Router on Ospf Domain not able to get redistributed routes from NSSA Area [SOLVED]

what "translator-role" did you set? If it is set to "never" then no routes will be translated.
by mrz
Wed Dec 05, 2018 4:49 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 318
Views: 52215

Re: v6.44beta [testing] is released!

will still be single-threaded
kind of but not exactly
by mrz
Fri Nov 30, 2018 12:30 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 85
Views: 19307

Re: URGENT security reminder

Same old
by mrz
Wed Nov 28, 2018 4:43 pm
Forum: Forwarding Protocols
Topic: Remove BGP Prepend
Replies: 7
Views: 2768

Re: Remove BGP Prepend

There is no such thing as BGP_PREPEND attribute. What set-bgp-prepend does is prepends your own AS number x times. If value is set to 0 then peer's own AS is removed from AS_PATH. So this parameter should not be set to 0 if network is originated by the router, since update received from eBGP peer re...
by mrz
Tue Nov 27, 2018 12:37 pm
Forum: General
Topic: Slow API
Replies: 2
Views: 175

Re: Slow API

Xeon core performance is a lot higher than CCR, os it is expected behavior that API response is slower too.
by mrz
Tue Nov 27, 2018 12:09 pm
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 1573

Re: MPLS MTU Calculations

by mrz
Tue Nov 27, 2018 11:55 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 1573

Re: MPLS MTU Calculations

+ control word (if it is enabled)
by mrz
Mon Nov 26, 2018 12:26 pm
Forum: Forwarding Protocols
Topic: Wrong priority for some routes in bgp
Replies: 2
Views: 310

Re: Wrong priority for some routes in bgp

Instance for both peers is the same?
by mrz
Fri Nov 02, 2018 5:14 pm
Forum: Forwarding Protocols
Topic: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]
Replies: 4
Views: 336

Re: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]

stub area => inject-summary-lsas=yes type=stub
totally stubby area => inject-summary-lsas=no type=stub
nssa => type=nssa

Currently no other option possible.
by mrz
Mon Oct 29, 2018 10:56 am
Forum: Forwarding Protocols
Topic: ip route cache BUG
Replies: 32
Views: 8590

Re: ip route cache BUG

Currently it is known that OVPN interface reconnects are responsible for route cache leaks.
by mrz
Fri Oct 26, 2018 9:40 am
Forum: General
Topic: [ASK] default configuration second part
Replies: 7
Views: 338

Re: [ASK] default configuration second part

Documentation clearly describes what it does: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter#Properties Matches the policy used by IpSec. Value is written in following format: direction, policy. Direction is Used to select whether to match the policy used for decapsulation or the policy th...
by mrz
Thu Oct 25, 2018 12:04 pm
Forum: General
Topic: [ASK] default configuration second part
Replies: 7
Views: 338

Re: [ASK] default configuration second part

no.
by mrz
Thu Oct 25, 2018 12:02 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 20556

Re: v6.42.9 [long-term] is released!

Bridge always worked that way and if suddenly bridge with inactive (no ports) will not have running flag, it will break all configurations with loopbacks and other configurations where bridge is used as dummy interface.
by mrz
Mon Oct 22, 2018 9:28 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 17009

Re: v6.43.4 [stable] is released!

x86 upgrade will take a little bit longer and show following script error in log file, while Mikrotik devices not: DefConf Gen: Unable to find ethernet interfaces Error may appear if default script generator is unable to find Ethernet interfaces within 30seconds after boot. On x86 you shouldn't wor...
by mrz
Mon Oct 22, 2018 9:25 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 324
Views: 37931

Re: RB4011

@Etz please generate supout file and send it to support.
by mrz
Thu Oct 18, 2018 1:13 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 6350

Re: Built in function library

Completely unrelated to original topic.
by mrz
Thu Oct 18, 2018 9:43 am
Forum: Forwarding Protocols
Topic: Graceful restart
Replies: 2
Views: 437

Re: Graceful restart

Graceful restart currently is not supported.
by mrz
Wed Oct 17, 2018 3:41 pm
Forum: General
Topic: [ASK] default configuration
Replies: 7
Views: 345

Re: [ASK] default configuration

L2TP/Ipsec shouldn't be affected, because in this case Ipsec uses transport mode and source address is routers WAN address, so masquerade actually is not doing anything.
Problems must be somewhere else.
by mrz
Wed Oct 17, 2018 11:41 am
Forum: Scripting
Topic: Script problems for multiple interfaces in global variable [SOLVED]
Replies: 4
Views: 276

Re: Script problems for multiple interfaces in global variable [SOLVED]

add interfaces="$VLANBRDNAME,$VPNSERVER" routing-mark=$ROUTMARK
by mrz
Wed Oct 17, 2018 10:58 am
Forum: General
Topic: Script permissions
Replies: 4
Views: 919

Re: Script permissions

Or use dont-require-permissions=yes
by mrz
Wed Oct 17, 2018 10:02 am
Forum: General
Topic: [ASK] default configuration
Replies: 7
Views: 345

Re: [ASK] default configuration

Actual reason for this rule is that packets that should match ipsec policy must not be masqueraded. Masquerade will change source address and packets will fail to match against ipsec policy.
by mrz
Tue Oct 16, 2018 3:36 pm
Forum: General
Topic: iPhone XS and Mikrotik hAP ac
Replies: 29
Views: 2168

Re: iPhone XS and Mikrotik hAP ac

Will lock this, continue in wireless section
by mrz
Wed Oct 10, 2018 3:35 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 165
Views: 27011

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Changes regarding pools are not reverted. Fix changes how "solicit" packet is processed received from DHCPv6 clients that didn't have "Rapid Commit" enabled.
by mrz
Mon Oct 08, 2018 4:17 pm
Forum: General
Topic: Getting Error with IPSEC Configuration [SOLVED]
Replies: 3
Views: 322

Re: Getting Error with IPSEC Configuration [SOLVED]

Enable ipsec debug logs to get more info.
by mrz
Mon Oct 08, 2018 1:23 pm
Forum: General
Topic: Mikrotik as client don't ask for IPv6 address over IPsec ike2 tunnel
Replies: 2
Views: 280

Re: Mikrotik as client don't ask for IPv6 address over IPsec ike2 tunnel

Currently using this method ike2 will give out only IPv4 address, IPv6 is not implemented yet.
by mrz
Mon Oct 08, 2018 1:22 pm
Forum: General
Topic: No show the option DHCP
Replies: 1
Views: 195

Re: No show the option DHCP

Check /system package menu and verify that DHCP is installed/enabled
by mrz
Mon Oct 08, 2018 1:18 pm
Forum: General
Topic: No access to clients behind loadbalancer
Replies: 3
Views: 379

Re: No access to clients behind loadbalancer

You must ensure by mangle rules that forwarded connection from internet to LAN will always use the same interface.
by mrz
Mon Oct 08, 2018 1:11 pm
Forum: Scripting
Topic: get allowed value with api
Replies: 1
Views: 158

Re: get allowed value with api

You can't..
You should check what router you have and then based on type of router set parameters.
by mrz
Mon Oct 08, 2018 1:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: dhcp6 client always is requesting,can't get ipv6 prefix...
Replies: 2
Views: 461

Re: dhcp6 client always is requesting,can't get ipv6 prefix...

Enable dhcp debug logs to see what exactly is happening.