Community discussions

Search found 1165 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 24
by omega-00
Wed Jul 18, 2018 9:25 am
Forum: General
Topic: Problems with SSL Godaddy Hotspot
Replies: 7
Views: 592

Re: Problems with SSL Godaddy Hotspot

Your screenshot is showing everything working perfectly - the browser has detected the hotspot and all you have to do is click "Connect". This guy is correct, any modern device/modern operating system should detect the presence of a hotspot when you first connect to the network and present you a se...
by omega-00
Tue Jul 17, 2018 10:37 am
Forum: Wireless Networking
Topic: Secondary-channel?
Replies: 6
Views: 1038

Re: Secondary-channel?

It looks like a release-client only feature at the moment. I just noticed the same thing on a device I was testing v6.43rc42 and did the same as you, google searched, found my 802.11n article from 2013 and then came to the forums to see if anyone else had info :-) The only info I could find was in t...
by omega-00
Mon Jul 02, 2018 7:00 am
Forum: Wireless Networking
Topic: Wireless disconnection messages explained!
Replies: 85
Views: 70662

Re: Wireless disconnection messages explained!

I am also receiving "disconnected, received deauth: authentication not valid (2)" on AP side and "no beacons" on client side every few seconds while the link otherwise is able transfer data meanwhile. I'm also seeing this one appear from time to time on v6.42.5 13:55:48 wireless,info <removed1>@wla...
by omega-00
Mon Jun 04, 2018 6:06 am
Forum: General
Topic: Best way to Monitor PPPoE servers
Replies: 2
Views: 329

Re: Best way to Monitor PPPoE servers

When you say servers do you mean your device is accepting multiple customer connection requests? If so I would simply recommend you install a spare device also at the tower (something like a mAP/mAP lite) that should always have a test PPPoE connection established. If you used the mAP you could conn...
by omega-00
Mon Jun 04, 2018 6:01 am
Forum: General
Topic: Hotspot redirection after login
Replies: 2
Views: 264

Re: Hotspot redirection after login

Most modern devices (more commonly mobile devices than laptops) will simply close the hotspot page after initial login is completed. Unless you can allow the user to get to the Facebook page first (which requires a big list of walled garden entries); then complete the login process after that it wil...
by omega-00
Mon Jun 04, 2018 5:43 am
Forum: General
Topic: Mikrotik Hotspot issues
Replies: 3
Views: 337

Re: Mikrotik Hotspot issues

While I can't tell you exactly what your problem is, the images do give some things to look at: 1. It is normal to see a HTTPS error if you are trying to connect to a HTTPS enabled site before having authenticated to a hotspot - you should try a non-https page or simply use the DNS name you have for...
by omega-00
Wed Apr 25, 2018 8:06 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 128345

Re: Advisory: Vulnerability exploiting the Winbox port

This is the second advisory for this same port in as many weeks. Whilst we block it to the world we still feel compelled to update all our customers' routers. I hope this is not a sign of things to come. While I'm on my soapbox I'd like to suggest that graphs are moved off the web management port. ...
by omega-00
Mon Apr 23, 2018 5:55 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 128345

Re: Advisory: Vulnerability exploiting the Winbox port

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router; Shifting of the blame onto users... what else are we supposed to use for remote management? I can't understand how you have come to such a poorly devised conclusion so I wrote you a haiku. MikroTik secures You remov...
by omega-00
Mon Apr 23, 2018 2:45 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 128345

Re: Advisory: Vulnerability exploiting the Winbox port

Here's a simple port-knocking firewall + address list for anyone who wants to implement it in the interim for access to the default winbox port (8291) First add any custom IP address ranges (known safe networks) you need like so: /ip firewall address-list add address=123.123.123.123 list=Winbox_Admi...
by omega-00
Wed Mar 14, 2018 2:27 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 5290

Re: Built in function library

1. The implementation of a switch function as an alternative to if,else.. or at least if,elseif,else. 2. Add back in the LUA support for editing items/utilising datasets above 4k characters long. 3. A random function would be very handy 4. All the things boen said. A better debugger would also be ni...
by omega-00
Fri Jun 16, 2017 4:12 pm
Forum: General
Topic: Data Retention
Replies: 1
Views: 291

Re: Data Retention

Hi Mate, there's a few ways around this. Mike from Duxtel did some good work on a CGNAT style solution while I put through a feature request that resulted in MikroTik adding support for src-x-port, and src-x-address to the Netflow export. This means that if you have a Netflow server setup to receive...
by omega-00
Wed Mar 08, 2017 11:36 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 71
Views: 36636

Re: Statement on Vault 7 document release

Thanks for the update Normis. So as far as you can tell or are aware, the only way to exploit a router is if port 80 is open to the internet and the HTTP service is enabled? Please could you confirm this Normis ? In the documents provided by wikileaks it details this - you can ask MikroTik but they...
by omega-00
Wed Mar 08, 2017 6:39 pm
Forum: Announcements
Topic: v6.38.5 [current]
Replies: 66
Views: 21966

Re: v6.38.4 [current]

https://forum.mikrotik.com/viewtopic.php?f=21&t=119308&p=587512#p587512 We will continue to strengthen RouterOS services and have already released RouterOS version 6.38.4 which removes any malicious files in devices that have been compromised There's more info in the official post basically reiterat...
by omega-00
Wed Mar 08, 2017 5:31 pm
Forum: Announcements
Topic: v6.38.5 [current]
Replies: 66
Views: 21966

Re: v6.38.4 [current]

I strongly believe this update was released now in response to the CIA Vault 7 / Wikileaks leak that became known yesterday. I expect we may have a further update from Mikrotik has more info about the tools used when Wikileaks makes them available for analysis but kudos to them for the fast turnarou...
by omega-00
Wed Mar 08, 2017 4:24 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 39833

Re: CIA exploits against Mikrotik hardware

After reviewing a number of the documents since being made aware of them this morning, this leads me to believe at this time the exploits listed are only possible with access to services on the router.. IE: you *should* not be vulnerable if you keep your administration services firewalled. Operator ...
by omega-00
Wed Nov 30, 2016 4:34 pm
Forum: General
Topic: Speedtest firewalling and redirecting
Replies: 15
Views: 4536

Re: Speedtest firewalling and redirecting

I think you're kidding if you don't think the large ISPs don't do this already Tom. Large L7 DPI systems have specific profiles specifically for things like speedtests and BitTorrent to affect traffic speeds (not to mention forcibly cache 'uncachable' content). With that said, Homer asked for input ...
by omega-00
Sat Nov 26, 2016 12:30 am
Forum: General
Topic: HotSpot DoS
Replies: 10
Views: 1096

Re: HotSpot DoS

Because sometimes people travelling and using hotspots don't have access to change their IP settings but still want internet access.

Sent from my Pixel using Tapatalk
by omega-00
Thu Nov 24, 2016 4:24 pm
Forum: General
Topic: Hotspot causing netflix services to fail
Replies: 7
Views: 1391

Re: Hotspot causing netflix services to fail

You could still use hotspot, we have mac address login option for users who want to authorise devices like this, or you could simply add those domains to your walled garden listing?

Sent from my Pixel using Tapatalk
by omega-00
Thu Nov 24, 2016 4:21 pm
Forum: General
Topic: CCR1009 & Ubiquiti issues! Need your help experts!!
Replies: 15
Views: 2779

Re: CCR1009 & Ubiquiti issues! Need your help experts!!

Are you using a Ubiquiti switch for the APs also? In some recent testing I found the UniFi switch didn't like me having a hotspot bridge connected to it with RSTP enabled, it would administratively block the port until I toggled it physically. So it would show connected but not pass any traffic. Wit...
by omega-00
Thu Nov 24, 2016 3:37 pm
Forum: General
Topic: HotSpot DoS
Replies: 10
Views: 1096

Re: HotSpot DoS

This is caused in part by the 'universal proxy' application of the hotspot. You can avoid this by doing 2 things: 1. in your hotspot server settings, remove the address-pool entry (it should be none) - this way no unknown IP addresses will be mapped to pool addresses. 2. in the hotspot IP bindings l...
by omega-00
Thu Nov 24, 2016 3:30 pm
Forum: General
Topic: Hotspot Capturing All Traffic
Replies: 2
Views: 448

Re: Hotspot Capturing All Traffic

Hi mate, sorry no one had responded to this one yet. What I'm getting from your post is that you want to be able to access the office LAN without needing to be logged in behind the hotspot? Because typically once you're logged into the hotspot you should be able to access anything that isn't firewal...
by omega-00
Thu Nov 24, 2016 3:24 pm
Forum: General
Topic: hotspot user can go the a file not in hotspot folder?
Replies: 2
Views: 430

Re: hotspot user can go the a file not in hotspot folder?

You can use other files, just make sure they are in the /hotspot/ directory or below otherwise the user will not be able to access them. With that said, you can create a hotspot folder named anything and point the hotspot server profile to use it then add your own files, images.. here is an example ...
by omega-00
Fri Sep 02, 2016 4:34 am
Forum: General
Topic: Hotspot Login Page not opening
Replies: 3
Views: 3162

Re: Hotspot Login Page not opening

Any iOS device that's been updated in the last few years should pop the CNA (captive network authentication) browser upon connection to a new wireless network. You can also help facilitate this by ensuring your hotspot content includes 302 redirect on the login page as per instructions here: http://...
by omega-00
Fri Sep 02, 2016 2:51 am
Forum: General
Topic: IP Hotspot Active User Access
Replies: 1
Views: 274

Re: IP Hotspot Active User Access

Hey mate, there's no way to do this through winbox directly but if you're using a hotspot management system of some sort you could create permissions for a user that could disconnect/send POD radius requests.
by omega-00
Thu Sep 01, 2016 11:28 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Hotspot with external Webserver - Too many redirect
Replies: 4
Views: 1873

Re: Hotspot with external Webserver - Too many redirect

Has the external site been added to the walled garden?
by omega-00
Thu Sep 01, 2016 11:26 am
Forum: RouterOS v6 RC and v7 BETA
Topic: 6.16 import stops when there is a duplicate entry
Replies: 15
Views: 5640

Re: 6.16 import stops when there is a duplicate entry

My recommendation is to build a script that clears all the items you don't need prior to running then adds everything it requires back. IE: Clear all IP addresses at the start then just add the ones you need. Something like this can be achieved by using a non-interactive initiation of the script (ru...
by omega-00
Thu Jul 07, 2016 6:23 am
Forum: Scripting
Topic: Determining Band and channel width options for wireless cards
Replies: 0
Views: 719

Determining Band and channel width options for wireless cards

Hi Guys, I'm in the process of updating a few scripts to automatically set wireless card configuration but am getting stuck on band and channel width selection. In winbox there is a dropdown list which tells you the available bands for the card you're using and in terminal you can get a printout by ...
by omega-00
Wed Apr 20, 2016 12:39 am
Forum: Forwarding Protocols
Topic: 1500 byte packet over EOIP
Replies: 3
Views: 944

Re: 1500 byte packet over EOIP

This is correct; if you have an established EOIP tunnel and haven't changed it from the default settings, packets that are passing over it should be fragmented automatically.
by omega-00
Tue Mar 29, 2016 4:43 am
Forum: Scripting
Topic: (Draft) IPv6 Authentication for Hotspots
Replies: 4
Views: 4782

Re: (Draft) IPv6 Authentication for Hotspots

This was largely broken by the advent of anonymised link-local addresses as there's no way to determine who an IPv6 client is based on their IPv4 address or MAC. The best suggestion for now would be to block all hotspot user access to v6 (and don't announce it) until there is a working working IPv6 ...
by omega-00
Mon Dec 07, 2015 2:34 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 989
Views: 162548

Re: Feature requests

Being able to set the RADIUS source IP to an interface instead of an explicit IP address would be useful... for me, at least! We have ROS boxen that speak RADIUS over a VPN to our freeradius servers; if I could set the RADIUS request source IP to the VPN interface, it would make for simpler "cookie...
by omega-00
Tue Nov 24, 2015 5:24 am
Forum: Scripting
Topic: Flashfig vs netinstall and scripting provisioning functions
Replies: 3
Views: 2126

Re: Flashfig vs netinstall and scripting provisioning functions

Another problem with using netinstall vs flashfig is the amount of time it takes to reinstall a device via netinstall; vs flashfig which can accept and apply configs to multiple devices in the space of a minute. I haven't tested if it can apply configs to more than one device connected at a time but...
by omega-00
Tue Nov 24, 2015 4:25 am
Forum: Scripting
Topic: Flashfig vs netinstall and scripting provisioning functions
Replies: 3
Views: 2126

Flashfig vs netinstall and scripting provisioning functions

I've been looking at ways to automate/simplify the deployment of batches of MikroTik devices using some of the provided utilities. After some testing and research on the subject of Flashfig vs Netinstall; it seems that both have limitations. Flashfig: 1. Only works on first boot of the device (repea...
by omega-00
Wed Nov 11, 2015 1:53 am
Forum: General
Topic: TR-069
Replies: 12
Views: 4818

Re: TR-069

Haven't used it myself yet but going to spin up an instance of GenieACS to give it a try :-)

OpenACS looks to be a bit outdated, LibreACS has more recent work done, tGem also looks promising.
by omega-00
Wed Oct 07, 2015 9:36 am
Forum: General
Topic: UPnP port blocking
Replies: 9
Views: 2275

Re: UPnP port blocking

a nasty solution is to change the mikrotik port on that services conflicting That's fine for services on those ports but the problem I'm running into is like this; say I have 4 users with Xbox's on a site; each behind their own router which is in turn behind the core router. Normally if they had pu...
by omega-00
Wed Oct 07, 2015 9:33 am
Forum: General
Topic: UPnP port blocking
Replies: 9
Views: 2275

Re: UPnP port blocking

I have decided to disable upnp and I do the port mappings manually when really necessary. Only by this approach I have the control over it. I see very dangerous to let any application on whatever device in the network to open a hole inside on its own. But maybe you don't care. That is true but in t...
by omega-00
Fri Oct 02, 2015 5:14 pm
Forum: General
Topic: UPnP port blocking
Replies: 9
Views: 2275

UPnP port blocking

Hi Guys, Had a query and wondered if anyone else had encountered this and might have a suggestion / solution. I've use UPnP on some customer facing routers to allow devices like xboxes, playstations etc to perform port mapping and get online. As part of this I've always added some dst-nat action=acc...
by omega-00
Thu Jul 30, 2015 5:40 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 169501

Re: Cloud Hosted Router

Will there be optional CHR-only packages available for this flavor of RouterOS? For example, you've mentioned driver support for different virtualisation systems interfaces will be added, but would it be worthwhile that these be additional packages to be installed only as needed, as well as things l...
by omega-00
Wed Jul 15, 2015 1:45 pm
Forum: Announcements
Topic: v6.30.x bugfix release
Replies: 136
Views: 30973

Re: v6.30.1 bugfix release

Awesome work guys, can't wait to give it a try :-)
by omega-00
Wed Feb 04, 2015 4:25 am
Forum: General
Topic: Mikrotik Hotspot and IOS7 CNA problems
Replies: 30
Views: 25631

Re: Mikrotik Hotspot and IOS7 CNA problems

It looks like the newest iOS versions use a randomly assigned CNA user-agent number too. ios-cna.png I'm not sure exactly what language the MikroTik hotspot content is using but would it be possible to modify the $(if user-agent == CaptiveNetworkSupport) line to allow a numerical version on the end?
by omega-00
Mon Sep 01, 2014 8:54 am
Forum: General
Topic: Memory leak
Replies: 6
Views: 1182

Re: Memory leak

Normally the best thing to do is take some supouts from the affected MT (preferably one right after rebooting the device then one when the issue is occurring) and send them through to MikroTik to review. If you've done this it'd be useful to link this thread to them as well.
by omega-00
Mon Sep 01, 2014 8:40 am
Forum: Scripting
Topic: Disconnect WLAN Uplink if Not Needed
Replies: 2
Views: 862

Re: Disconnect WLAN Uplink if Not Needed

one quick thought on how to do this via scripting: Use a script that checks for address list entries in a list called "internet-access"; have a firewall rule like /ip firewall filter in-interface=ether1 chain=forward src-address=!192.168.1.10 dst-address=!192.168.1.0/24 action=add-dst-to-address-lis...
by omega-00
Fri May 16, 2014 4:19 pm
Forum: RouterOS v7
Topic: Feature request: Stateful HA with Conntrackd
Replies: 30
Views: 6133

Re: Feature request: Stateful HA with Conntrackd

+1 for stateful connection tracking (along with dhcp leases, hotspot auths) perhaps a master-slave setup would be more likely possible.

Sent from my One using Tapatalk
by omega-00
Wed May 07, 2014 2:52 am
Forum: General
Topic: MikroTik MetroEthernet 2.0 Certification
Replies: 10
Views: 1853

MikroTik MetroEthernet 2.0 Certification

Was curious if MikroTik has any plans to get the CCR series (or any other units for that matter) certified for Metro Ethernet delivery? With the growing prevalence of MEF standards, performance metrics and definitions, this will become an increasingly pressing issue for us and potentially the MikroT...
by omega-00
Mon May 05, 2014 4:35 am
Forum: General
Topic: Tool: Realtime per IP traffic monitor for home/office
Replies: 283
Views: 282256

Re: Tool: Realtime per IP traffic monitor for home/office

service crashes before the login process it seems. I run avast antivirus/security suite on my machine but tried disabling that before starting the service too to ensure it wasn't trying to block/intercept anything. Omega-00, do give the updated snifferservice.exe a try. If it still fails you can ex...
by omega-00
Fri May 02, 2014 8:28 am
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ General info & Questions
Replies: 100
Views: 64529

Re: CCR1009-8G-1S-1S+ General info & Questions

Another thing I just realized. There is no active monitoring on the PSU's. The routerboard does not know how many PSU's are actually connected (photo's only show power cables going from the PSU module to the mainboard) so there is no way to check if 1 or 2 power cables are connected and/or working....
by omega-00
Tue Apr 01, 2014 3:41 am
Forum: General
Topic: v7.0 Released! (april fools joke)
Replies: 11
Views: 2609

v7.0 Released! (april fools joke)

I read about it here: http://www.mikrotik-routeros.com/2014/04/routeros-v7-0-released/ What's new in 7.0: *) dude - 5.0 package released for PPC and CCR platforms *) ppp - LNS/LAC support added *) ppp - CoA updates now supported for all ppp services *) openvpn - UDP transport support *) ipsec - VTI ...
by omega-00
Fri Feb 28, 2014 5:20 am
Forum: General
Topic: v6 DHCP server conflict detection, what does it do?
Replies: 1
Views: 942

v6 DHCP server conflict detection, what does it do?

I notice in the terminal settings for DHCP-servers there's a "conflict-detection" option and this was mentioned in the changelog but there's no information on how it works or what it does?
Has anyone tested this or are MT staff able to give us a rundown?

Cheers :-)
by omega-00
Wed Feb 26, 2014 2:50 pm
Forum: Scripting
Topic: Single User Simultanous login on pppoe+hotspot
Replies: 1
Views: 1340

Re: Single User Simultanous login on pppoe+hotspot

Hey Cicserver

I remembered reading about someone doing a similar thing to block multiple hotspot authentications across routers, perhaps this might help you?

http://forum.mikrotik.com/viewtopic.php?f=9&t=25126
by omega-00
Thu Feb 20, 2014 1:55 pm
Forum: General
Topic: MUM Europe 2014 - Italy, Venice, February 20-21
Replies: 146
Views: 56579

Re: MUM Europe 2014 - Italy, Venice, February 20-21

Mikrotik, where is "new routing" ?
Really hanging out for this to be honest; some weird bugs hanging out in v6 that have been around for ages now :-(
  • 1
  • 2
  • 3
  • 4
  • 5
  • 24