MikroTik

xrlls

You don need to set the certificate in /iot/mqtt/brokers But you do need to have a the root certificate for the mqtt servers certificate on the router. From ROS7.19 forward, the os itself includes root certificates for many common certificate authorities, so if for instances using a letsencrypt cert...

xrlls

The iot-bt-extra package is somehow lost and needs to be reinstalled every time I upgrade my L009UiGS-2HaxD. To get it back, I need to reinstall manually. Anyone else have the same experience?

xrlls

My point is that I think OSPF is less work. While I understand that routes can be pushed through Zerotier, relying on it, would require me to maintain both the Zerotier routing configuration and another route distribution method for the non-Zerotier connections. So I would have two maintain the rout...

xrlls

@unlikely I tried enabling bridging for the Zerotier endpoint (Rb5009, 7.18.2) not working and … heureka… it started working! I then disabled bridging again, and the multicast traffic stopped arriving on the RB5009. Enabling bridging on the non-working endpoint also fixed my other issue with RoMon, ...

xrlls

Thanks a 10^6

xrlls

Thanks for an exhaustive answer! :) I will update my scripts to iterate through the ADs until the MikroTik AD is found. On the topic of the relase note, it calls out the following: Added an option for MikroTik format payload to detect disabled accelerometer. Can you elaborate on how to detect this? ...

xrlls

Returning to the OP originally problem, I previously stated that it works for me… and it does… on some of my routers. I currently have 3 MikroTik routers connected to the same ZeroTier network, and OSPF is working on two of them over Zerotier. On the third, a RB5009, running 7.18.2, I only see outgo...

xrlls

Browsing the documentation I stumbled upon the changelog for the TG-BT5 tags, which listed version 2.4: [link] https://help.mikrotik.com/docs/spaces/UM/pages/215351328/MikroTik+Bluetooth+TG-BT5-XX+tag+changelog[/link] However after upgrading a few tags, they stopped working with my backend. It seems...

xrlls

For LTE, the IP address is not obtained through DHCP. Instead you should check that your APN profile matches the settings required by your provider. Most if it is pretty standard, but the APN may vary from provider to provider. From your screenshots it appears you have a default profile, but you mig...

xrlls

Hi, it looks like a mismatch of IP subnets. Both the bridge address, 192.168.88.1/24 and the wireguard address, 192.168.88.100/24 are in the same subnet. They should be separate. Try setting the wireguard interface to 192.168.89.1/24 instead, and for the client something in that subnet, e.g. client-...

xrlls

What I have is this: /zerotier/interface> /zerotier/interface/print detail Flags: D - dynamic, X - disabled; R - running 0 R name="zerotier1" mac-address=3E:65:02:6A:A1:37 mtu=2800 arp-timeout=auto network="xxxxxxxxxxxxxx" instance=zt1 allow-managed=yes allow-global=no allow-defa...

xrlls

For what it’s worth, I have OSPF running between a few ‘tiks without any issues. My flow rules are default, and I have not enabled bridging, so I would believe that it should just work. The only issue I had was relating to firewall, where I needed to allow OSPF (or any other traffic for that matter)...

xrlls

AFAIK connect-list is available on the wireless package for older devices, while when using the wifi packages it is not. It has been discussed earlier in other threads.

If/when this feature is brought to the wifi package, I’d love to hear about it <3

xrlls

Coming to think of it, the device where I saw the issue is currently on 7.19beta6, so it might have been on 7.18 I had the issue as well. But if you feel adventurous, you can try 7.19beta

xrlls

I had a similar issue on a L009UiGS-2HaxD where the Wi-Fi uplink was also flapping. I think it was on 7.17.something, but for me it went away with 7.18. Anyway, a work around that helped me was to set channel.band manually: /interface/wifi/set [find configuration.mode=station] channel.band=2ghz-n Th...

xrlls

I have the same experience as @infabo, but it might be because I am not willing to leave port 80 open. As MT support suggested @infabo.

xrlls

It does not renew itself automatically, so you will have to script your way out of it. Also please remember to open and close port 80 in the firewall programmatically, as leaving it open is a recipe for disaster

xrlls

I spent some time trying to figure it out. Ultimately I opened the device, and it was written on the PCB. It turns out that the one I could not guess is ModBus.

xrlls

Thanks for the update! I will keep my eyes open, when new software is released

Do you possibly have any recommendations on something that is known to work in the meantime?

xrlls

@denissMT Thanks for getting back! Based on your feedback, I have tried entering a "random" address: /iot/bluetooth> print Columns: NAME, PUBLIC-ADDRESS, RANDOM-STATIC-ADDRESS, ANTENNA # NAME PUBLIC-ADDRESS RANDOM-STATIC-ADDRESS ANTENNA 0 bt1 A8:6E:84:47:98:0E E5:7B:B3:01:AD:73 internal I ...

xrlls

Hi, I am looking for any experience with Bluetooth Dongle support with the iot-bt-extra package. Please share your experience with dongles that works for you, as MikroTik has not yet published a list of compatible peripherals and I am curious to see what works for the community.. I have tried a TP-L...

xrlls

It is in the manual :) https://help.mikrotik.com/docs/spaces/UM/pages/41680915/RB924i-2nD-BT5+BG77#RB924i2nDBT5%26BG77-Cellularmodemfirmwareupgrade From the console run this command: /interface/ppp-client/firmware-upgrade ppp-out1 upgrade=yes Assuming that the modem interface was not rename.

xrlls

As I read your post, it seems you are downloading a JSON payload, and attempting to convert it to a variable. If so, you should not be using parse, but deserialize:

:local leaseList [:deserialize  $response from=json]

This seems to work correctly with the example JSON payload you have included.

xrlls

Hi, The parenthesis around the -> operator is missing. It should be: :local currentIP ([/tool fetch url="http://icanhazip.com" as-value output=user]->"data"); BTW. I removed the escaping of the quotes to be able to run the command from CLI. If you use the build in editor from the...

xrlls

The phone number of a message can be read like this:

 :put [/tool/sms/inbox/get 0 phone ]

xrlls

Do your UPS offer the “on-battery” field? While I see it mentioned in the documentation, https://help.mikrotik.com/docs/spaces/ROS/pages/120324130/UPS , my little experience is that the actual UPS implementation on Mikrotik deviates a lot from the documentation. Some of it may be due to the exact mo...

xrlls

@nickvacula Mikrotik acknowledged the latest addition to my (still) open support case late August, but couldn’t give me an ETA of a fix at that time. The case has not been updated since, and judging from the release notes, nothing has happened. @toxicfusion At least the client side makes sense to me...

xrlls

If you are referring to this example: https://help.mikrotik.com/docs/display/UM/IFTTT+app+notifications+on+BLE+tag+appearance+in+KNOT%27s+range The script has a problem as it does not store the current state of the tag persistently in a global variable. On a newer version of ROS (e.g. 7.16) I would ...

xrlls

This is kind of what I made for Home Assistant, except that I assume that the KNOTs are stationary and the tags are moving, so when the tags are out of range I clear the position, while In the forklift case, the position should be updated as long as the tag is in range, and be retained rather than c...

xrlls

Yep, just run the install script again [fingers crossed]

The problem with multiple KNOTs is both the test effort to mature it, and that I don’t have any use case myself

xrlls

I have added Bluetooth Beacon support on the Github repository. It is still a bit rough around the edges in that it triggers some errors in the Home Assistant log, and that it logs a lot on the MikroTik log. Also there are more optimisations to be done. But all in all it works and provides the funct...

xrlls

Hi, I have the Lora version of the KNOT. 1) As far as I have understood, both versions are the same, except the Lora version has a mini-PCI car mounted. So I would expect both to have GPIO. 2) The GPIOs are not accessible on the Lora version without modifying the case. The area is however punched fr...

xrlls

@Ammo The KNOT is Lora enabled. I guess I am “future proofing” Something more to explore later :) @niklaswelin I have something working now with Home Assistant auto discovery and decoding of the payload server side through Jinja templates. There is a lot missing though in terms of logic to keep the ...

xrlls

I put in an order on the KNOT and a few BLE tags. I guess that in the end the Temptation was to big :D It is now in my desk! The Knot really does a lot of stuff! For now I have added support of firmware update notification for the NB/CAT-M radio. I think on my program next is support of the GPIOs. a...

xrlls

You are not exactly clear on the purpose of the script, but in this line: :if ($xxx=$name) do={ It seems that you are comparing a date to a route. I cant imagine that will ever be true. Maybe you should be comparing to name1 instead, if the name of the secret is a date? In this case it would be: :gl...

xrlls

No scripting should be required. Check the documentation for “failover”. This should be helpful for you:
https://help.mikrotik.com/docs/display ... +Balancing

Also, there are many many threads regarding this topic on the forum.

xrlls

The date format was updated in ROS7.10, and your code needs to be updated accordingly. Check e.g. this thread for more info: https://forum.mikrotik.com/viewtopic.php?t=196072 I think this will do it for you: :global input [/system clock get date] :global xxx ([:pick $input 5 7]."/".[:pick ...

xrlls

It is not possible to avoid local logging. The act of disabling local logging itself is logged locally, so there is no way.

If it was possible to disable the log without a record if it being disabled, it would be a security liability as the audit trail would be broken.

xrlls

You have two misplaced “]” and there is a problem with the capitalization of the variables isdnsxup and dns. Try this: :local dns1 "192.168.179.5" :local dns2 "192.168.179.6" :local dns "$dns1,$dns2" :local altDns1 "94.140.14.14" :local altDns2 "94.140.15...

xrlls

I’m getting dizzy by the NAT’ing :O I suspect it would work without that dstnat. As far as I can see, you are have no dstnat on https, so maybe tray connecting using https on port 443 and see if it works. I guess I don’t have experience enough in NAT’ing to say for sure what is happening. If it was ...

xrlls

It is probably some kind of routing error. But it may be dependent on missing configuration on the remote end of your PPTP. Can you ping the router from the host you are trying to connect from?

xrlls

You have the "accept" rule for your PPTP: add action=accept chain=input dst-port=80,443 protocol=tcp src-address=10.0.0.0/23 after your general "drop rule": add action=drop chain=input comment="defconf: drop all not coming from LAN" You need to change the sequence to ma...

xrlls

Hi! I am happy that you like my project! I have not looked at the KNOT and Bluetooth before, and I have not had a use case for these device in my setup yet. So I am starting from scratch. On the Bluetooth side, if using Mikrotik beacons with the Knot, it seems like the payload is decoded on the devi...

xrlls

The Mikrotik device won’t have route to the Zyxel LAN,192.168.0.0/?, network, unless you have specified it. So on the Mikrotik device, you need to set a route to the Zyxel lan, through the Zyxel WAN address. Additionally, the Zyxel router is likely doing NAT and Firewalling on the LAN interface, and...

xrlls

Depends on whether you created the VLAN directly on the interface, or whether it was done through the bridge. In the first case, with the VLAN created directly on the interface: /interface/vlan/export where interface=ether2 If done through the bridge it is more complicated, but you can try this: /in...

xrlls

It looks like a firewall issue. You either need to have a rule allowing the traffic arriving on the wireguard interface, or you need to add the wireguard interfaces to an interface list with an existing rule. Ping works to the router because ICMP is allowed by default on the input chain. If you want...

xrlls

I have seen a similar issue on RB5009, L009 and CHR, where a faulty iscsi initiator configuration on the router prevents it from rebooting when using the ROSE-storage package. I looked at the console output, and the router fails to unmount the share during shutdown and stalls. If you are using this ...

xrlls

No scripting required :) Assuming that your router already has a working email configuration it can be achieved with the following logging setup: /system logging action add email-to=<your@email.com> name=email target=email /system logging add action=email prefix=ether2 topics=interface,info Where th...

xrlls

It seems the name of your UPS is different from the script.

Change this line:

/system ups monitor ups1 once do={

to:

/system ups monitor "SALICRU SPS ONE 700VA" once do={

… and try again

xrlls

The script appears to be working fine, however you need to make sure that the UPS name referenced matches the name shown in /system/ups, and that you have a working SMTP configuration for outgoing mails. Also, it would be helpful if you shared the message you are getting ;) IF the problem persist, s...

xrlls

I have recently setup this on 7.15.3: /ipv6 firewall mangle add action=mark-routing chain=prerouting dst-address-list=!FastSpeed new-routing-mark=HE.net passthrough=no src-address-list=HE.net add action=mark-routing chain=output dst-address-list=!FastSpeed new-routing-mark=HE.net passthrough=yes src...

xrlls

I tried running the example outlined here, between 2 Mikrotiks: https://help.mikrotik.com/docs/display/ROS/ROSE-storage#ROSEstorage-Configurationexample With an L009 with a USB drive as target, and a CHR as initiator. This works also leads to the initiator (the CHR) stopping to respond, and stalling...

xrlls

Hi, I am trying to connect a Mikrotik router to an iSCSI target running on Synology NAS using the following CLI command: [admin@l009] /disk> add type=iscsi iscsi-address=192.168.3.6 iscsi-iqn=iqn.2000-01.com.synology:nas.target-1.a7deb01406e [admin@l009] /disk> print action timed out - try again, if...

xrlls

I am not sure if this is any help at all, at least my story is circumstantial, but I had a similar issue on a RB5009UPr+S+IN. The device would not reboot, but would instead end up being powered off. This was consistent on CLI, and WebFig, and also when rebooting through firmware update. I ended up d...

xrlls

It depends on whether you are running the old wireless package or the new wifi package. I am running the old wireless package and based my setup on this guide: https://wiki.mikrotik.com/wiki/Manual:Wireless_PEAP_client_with_FreeRADIUS#Access_Point with focus on the “access point” section. I have not...

xrlls

Hi,

Your configuration seems incomplete; the OSPF interface-template is refering to an area, that is not defined in the configuration excerpt you have provide.

Is the area definition missing in general, or just in the excerpt?

xrlls

I’m not certain whether you want to save the output to disk or just put it in variable, but if it is the later case, you can do something like this:

 global a [:ping address=google.com count=5 as-value ]

Which stores the output for each separate ping in an array, a, that you can work on.

xrlls

You could do something like this: system/scheduler/add name="Auto update" start-time=startup interval=1d on-event="/system/package/update/check-for-updates ; /system/package/update/install" This would check for an update daily and install it if there is one. But I can think of a ...

xrlls

You can specify

originate-default=if-installed

On your OSPF instance on R5.

https://help.mikrotik.com/docs/display/ROS/OSPF

xrlls

You are absolutely right! I messed up the WIFI standards. Checking it, I see that even my own HomePod Mini is connected on 5GHz.

xrlls

The homepod mini only supports 802.11n (https://www.apple.com/homepod-mini/specs/), so if you have configured your 2.4GHz radio to something else, e.g. followed the temptation to set it to 802.11ax, it will not work. I have seen a similar issue with other IOT devices.

xrlls

VLANs are fully supported… but in software, without hardware acceleration. But not really a loss, since the bridge is not hardware accelerated to begin with

xrlls

Yep, the HAP ax^2 is not hardware offloaded. It is documented here: https://help.mikrotik.com/docs/display/ROS/Bridging+and+Switching#BridgingandSwitching-BridgeHardwareOffloading look for “IPQ-PPE”. As they write in comment 6: “ Currently, HW offloaded bridge support for the IPQ-PPE switch chip is ...

xrlls

I did not consider the hardware limitations on the mAP lite, as I have been doing this on a device with dual chain WI-FI, multiple ethernet interfaces and LTE, and even have scripting on top of this to bend the router to my will, hence I have not been facing this issue. But you are right if doing it...

xrlls

I am not sure why you would disable the firewall on the WAN. The WI-FI interface is serving as a WAN connection, so it should be firewalled unless you have very specific needs. Also the interface needs to be NAT'ed, so adding it to the WAN list ensures that this is done using the default config. I h...

xrlls

Try something like:

interface/list/member/add interface="wlan2 (uplink 5GHz)" list=WAN disabled=no

your interface name may vary…

xrlls

I have achieved this by adding both interface to the WAN interface list. Having a separate DHCP client configured for each device. Setting a lower default-route-distance for the DHCP client for the preferred (wired) interface, than for the wireless interface. This is working as intended for me :) It...

xrlls

Regarding your follow up questions: The bridge is a layer2 device, not unlike an Ethernet switch. Traffic is allowed to pass between ports when the ports are on the same bridge. On a device like yours with a switch chip, configuring the bridge correctly offloads the VLAN processing to hardware. This...

xrlls

Hi, the problem with VLANs is not cutting the branch you are sitting on... It is not obvious which interface you are using to connect when performing the configuration, but you would want to keep the configuration of that interface unchanged until you have verified the remainder of your configuratio...

xrlls

Regarding (1) @anav is absolutely right, adding the pvid is an oversight that results in the vlan being untagged, which is not what you need, as your port is a trunk port. To specify what ports the vlan is available on, tagged, instead do this: /interface bridge vlan add vlan-ids=3 tagged=ether1 No ...

xrlls

Your device has a MT7621 switch chip: https://i.mt.lv/cdn/product_files/RB760iGS-dsw_180523.png Hence this example is relevant: https://help.mikrotik.com/docs/display/ROS/Basic+VLAN+switching#BasicVLANswitching-CRS3xx,CRS5xxseriesswitches,CCR2116,CCR2216andRTL8367,88E6393X,88E6191X,88E6190,MT7621and...

xrlls

Hi, Is your configuration currently working? It looks a bit odd to me. I am assuming that you want the Hex to act as a switch and acquire a DHCP lease for itself on VLAN3, right? If so, I am not sure why you have the DHCP client on the brigde while ether1, connecting to your Unifi network is not. I ...

xrlls

I am still running the legacy drivers due to the disk space constraints, so this was exactly what I needed!

Thanks!

xrlls

Hi, I am in the process of setting up VLANs on a wAP ac LTE6. On the Ethernet side I have been successfull, by following the guide here: https://help.mikrotik.com/docs/display/ROS/Basic+VLAN+switching#BasicVLANswitching-Otherdeviceswithabuilt-inswitchchip /interface ethernet switch port set 0 defaul...

xrlls

My wAP ac LTE6 sometimes dies in such a way that it is entirely unreachable, if it runs out of disk space. The only way I have found to restore operation in this case is by restoring the firmware through netinstall. Background: I am probably putting to much on the disk, by running ROS7.13.3, with th...

xrlls

I agree on the quotes must be treated as string! However I can see where they are coming from, as the current functionality was probably a work around to allow writing floats to JSON, such as voltage, power consumption or some other measure that is typically handled by strings by ROS. It just comes ...

xrlls

A word of warning with the new serialize and deserialize commands, each of them do different conversion, so the process is not reversible! I have been working a bit with the new serialise and deserialize commands and JSON containing various types of numbers, and the results are wildly inconsistent. ...

xrlls

Thanks!

xrlls

Hi, I am working with the new serialize and deserialize commands for JSON. I found that the deserialize command will convert a null payload to a variable with type nil: > global org [deserialize value="{\"a\":\"Hi\",\"b\":12,\"c\":null}" from=json ] ...

xrlls

RouterOS only handles integers. This means that in some places like health, ROS will return a string with the decimal number, and in other places, like the POE section, ROS returns the output voltage as a number in deci-volt, i.e. times ten, to convert the number to an integer. The later has been ca...

xrlls

I had a U-Blox 8 based GPS working on USB until 7.13.1, but then I both updated the RB5009, and messed around with the GPS at the same time (reset it to factory defaults) and it stopped registering as a port. I assumed it was something with 7.13.2 and 7.14 as it seems that people are having a lot of...

xrlls

I have done this earlier with an OpenVPN TCP server on port 443. While a lot of bad things can be said about OpenVPN TCP, it looks a lot like HTTPS when traversing restrictive firewalls

xrlls

I'm glad you like it! To my knowledge, you are the first user beyond myself :) The intention with the firmware versions is that "Hassio Firmware Entity Publish.rsc" creates the update entity, and populates the device info with the current version from /system/resource/ and the update entit...

xrlls

I have made this MQTT “integration” for Home Assistant with auto discovery: https://github.com/Xrlls/MikroTik-Home-Assistant-MQTT-telemetry It is made for my own purposes, so the metrics may not match your use cases, or may require modification, also it does not offer any control of the router. Spec...

xrlls

I agree that it would be more efficient to let the backend handle it. But the backend is beyond my control. I got it working using this approach: global test [/tool/fetch "http://upgrade.mikrotik.com/routeros/7.12beta9/CHANGELOG" output=user as-value] Instead of having the intermediate ste...

xrlls

Hi, I am writing a script that fetches the latest release note and forwards and excerpt to a server backend, put I am struggling with no text showing of the release note is long. An example: tool/fetch http://upgrade.mikrotik.com/routeros/7.12beta7/CHANGELOG :put [file/get CHANGELOG contents ] Resul...

xrlls

What I mean was that rather than add a comment the route, saying it is WAN1, then just use the above command in netwatch.

If you insist on adding a comment you might be able to do so by adding a script that does it in the DHCP script client script.

xrlls

Maybe it is easier to search for a default route related to the interface when it changes? Something like

ip/route/find where (vrf-interface=wan1 and dst-address=0.0.0.0/0)

xrlls

On Pihole it can be configured in

Settings -> DNS -> Conditional forwarding

xrlls

If you check

/ip/dhcp-client/

You should be able to see all DHCP clients running on your router, and then disable any instance you do not need.

xrlls

Ultimately it is not recommended by Mikrotik, check https://help.mikrotik.com/docs/display/ROS/Upgrading+to+v7, second note: “Note: We do not recommend running v7 on hardware that does not have at least 64 MB of RAM.” I have been running ROS7 on a hAP lite myself, with IPv6, Wireguard, OSPF etc. and...

xrlls

Wireguard works excellent with one of the device behind NAT. On the device behind NAT, configure as usual. On the device with a public IP, configure the wireguard peer without an "endpoint address" or "endpoint-port", as you do not know these, and set the "persistant.keepali...

xrlls

On the topic of firewall, given that you want you remote client to have the same rights as hosts on your local LAN, you can simply add your wireguard interface to the LAN list: add interface=wireguard1 list=LAN In many situations I think this is a better solution than having many, almost identical, ...

xrlls

It's a unfortunately a manual process. At least for the clients. What I did was: - I added an IPv6 address from an unused subnet to the Wireguard interface. (It could have been assigned automatically from the Pool, but it makes little difference as the clients have to be configured manually anyway.)...

xrlls

Wireguard and OSPF requires a bit of extra work, as OSPF does not support broadcast.

You will need to configure your Wireguard interfaces as PTMP in

/routing ospf interface-template

And, then you need to add the peer(s) as a static neighbor(s) in

/routing ospf static-neighbor

Good luck!

xrlls

Netinstall 6.49.3 did the job. I first tried 6.47.8 but it resulted in “key was rejected”. I was upgrading from 7.11 to 7.11.2 so it should not have been an issue however, I was also installing the IOT package at the same time, so I might not upgrade and install packages simultaneously another time....

xrlls

Hi, I attempted to upgrade a WAP AC LTE6 to 7.11.2 yesterday, but it never came back. To recover the device I have attempted netinstall on Linux, and the process proceeds as follows: $ sudo ./netinstall-cli -a 192.168.88.3 -r routeros-7.11.2-arm.npk Version: 7.11.2(2023-08-31 14:41:16) Will reset to...

xrlls

The address for the Wireguard interface is the same as the network address. Try changing it to 10.10.0.1

xrlls

So, there is nothing fundamentally wrong at the conceptual level in the idea of forwarding a port from a wireguard ip to another host. It's just a matter of finding the way to do it. I'll try to add the wireguard interface to the LAN group. What I tried to say is that it is technically possible whi...

xrlls

Hi, You likely need to modify your firewall rules to allow the traffic from the Wireguard interface beyond ICMP. That can either be done by separate rules, or by adding your wireguard interface to the LAN group with something like: interface/list/member/add interface=wireguard list=LAN - depending o...

xrlls

A small clarification to the above statement regarding routes: Your client will need to have route telling it that your LAN is reachable through the Wireguard tunnel. A host only configures routes to directly connected networks, and the routes to anything on the remote side of the tunnel, e.g. the L...

xrlls

Hi, You got it right, except for the last point; regarding configuration of routes; it is not necessary to configure any routes to networks that are directly connected to the router, as the router will setup these routes automatically. You should see these routes in ip/route with a separate entry fo...

xrlls

Hi, Try to run nmap from the LAN side of the router to eliminate any firewall issues. Hopefully you should see the port listed as open. Your IP configuration will not work, with the wireguard and the bridge having addresses in the same subnet. You will need to assign a separate subnet to the wiregua...

xrlls

Thanks a million! I had tried to disable the tunnel, but not for 10 minutes. Removing the connection did the trick! :)

xrlls

I am using ROS 6.84, and Open VPN push routes are accepted from the server. The output of ip firewall connection print detail is: 19 S C s protocol=ipv6-encap src-address=192.168.32.1 dst-address=192.168.0.1 reply-src-address=192.168.0.1 reply-dst-address=10.160.22.11 timeout=9m59s orig-packets=29 8...

xrlls

I’m not using mangle, at least not that I am aware of. There is nothing under /ip firewall mangle. The frames are routed through dynamic routes pushed from the remote Open VPN server.

xrlls

Hi, I have a 6in 4 tunnel with the following config: /interface 6to4 add !keepalive local-address=192.168.32.1 name=Home remote-address=192.168.0.1 My problem with this is that when trying to send something through the tunnel, the source address is not the specified address, but the WAN addres: 77 9...

xrlls

I ended up adopting the script from here:
viewtopic.php?t=119469

While I will still prefer a "native" solution, rather than something bolted on.

Br. Crilles

xrlls

Excellent! Just what I needed!

xrlls

Hi, I am trying to make a setup where hosts on the LAN, configured using DHCP can be looked up using the hostname. I have similar setups on other brands, such as Ubiquiti USG, Edgerouter and Asuswrt, all based on dnsmasq, where it is straight forward to setup. On these systems I can specify a domain...

Search found 110 matches