Community discussions

MikroTik App

Search found 93 matches

by gutekpl
Wed Jul 26, 2023 3:26 pm
Forum: General
Topic: IKEV2 IPsec "payload missing: SA" error [SOLVED]
Replies: 8
Views: 12118

Re: IKEV2 IPsec "payload missing: SA" error [SOLVED]

Got the same. I have VPN set up on my hap ac2 and certificates expiry was set to 1yr, I was renewing them some time ago and problem probably occurred somewhere around that but I am not sure. What should I check?
by gutekpl
Thu Sep 08, 2022 9:46 am
Forum: General
Topic: IPsec - set multiple mobile users [SOLVED]
Replies: 14
Views: 4100

Re: IPsec - set multiple mobile users [SOLVED]

What you look for is the list of transforms proposed by the peer and by the Mikrotik side, you'll find rows like AES:AES, SHA:MD5 etc. This is what was caught with Your command. Nothing about SHA/MD5/AES :( # sep/ 8/2022 8:39:26 by RouterOS 7.5 # software id = S87N-E2ZU # 08:39:30 ipsec,debug =====...
by gutekpl
Wed Sep 07, 2022 3:32 pm
Forum: General
Topic: IPsec - set multiple mobile users [SOLVED]
Replies: 14
Views: 4100

Re: IPsec - set multiple mobile users [SOLVED]

Activate debug log
700 lines of text in 1 second, mostly hex values, what to look for?

to see what the phone proposes.
Android phone works OK. It's Windows 11 laptop which causes problems. Error on client side sound like "policy match error".
by gutekpl
Wed Sep 07, 2022 12:52 pm
Forum: General
Topic: IPsec - set multiple mobile users [SOLVED]
Replies: 14
Views: 4100

Re: IPsec - set multiple mobile users [SOLVED]

You can but you have to set match-by=certificate on the identities so that they could be distinguished from each other. Nice. The funny thing is that it was already stated in tutorial, I did miss it somehow. Anyway I am now one step further. Getting "no proposal chosen" warning after &quo...
by gutekpl
Wed Sep 07, 2022 11:28 am
Forum: General
Topic: IPsec - set multiple mobile users [SOLVED]
Replies: 14
Views: 4100

Re: IPsec - set multiple mobile users [SOLVED]

Hi, And what if I am using certificate authentication based on IKEv2? I have configured my VPN basing on https://mikrotikon-pl.translate.goog/vpn-ikev2-na-routerze-mikrotik-dla-systemow-windows-i-android/?_x_tr_sl=pl&_x_tr_tl=en&_x_tr_hl=pl&_x_tr_pto=wapp and it work very well from my an...
by gutekpl
Thu Jun 09, 2022 11:07 am
Forum: General
Topic: Gmail SMTP authentication doesn't work anymore, oauth needed
Replies: 13
Views: 2814

Re: Gmail SMTP authentication doesn't work anymore, oauth needed

The setting you're looking for isn't available in your account.

EDIT. Ok it now appeared as available after enabling two factor authentication. Seems it may be the solution to this.
by gutekpl
Thu Jun 09, 2022 10:47 am
Forum: General
Topic: Gmail SMTP authentication doesn't work anymore, oauth needed
Replies: 13
Views: 2814

Gmail SMTP authentication doesn't work anymore, oauth needed

Hi, As in topic google have just removed support for logging to gmail mailbox just with login and password via smtp. They informed about it twice, and now since two days all my routers stopped sending logs via email. Are there plans to implement oauth on mikrotik devices or we need to move to other ...
by gutekpl
Wed Apr 27, 2022 9:58 pm
Forum: Beginner Basics
Topic: Require certificate for wifi connection without any external tools
Replies: 0
Views: 341

Require certificate for wifi connection without any external tools

Hi, Maybe a noobish question, but I am not much into networking. I remember that sometime ago I played with wifi security at home and when I wanted it to require certificate for each connected client it needed FreeRadius to be active and hosting client identities or something like that. I passed bec...
by gutekpl
Wed Apr 27, 2022 9:50 pm
Forum: General
Topic: Please help me fix my VPN [SOLVED]
Replies: 2
Views: 944

Re: Please help me fix my VPN [SOLVED]

Thanks for posting that link. I deleted everything I had and followed instructions from that link and it worked right away.
by gutekpl
Wed Apr 27, 2022 3:33 pm
Forum: General
Topic: Please help me fix my VPN [SOLVED]
Replies: 2
Views: 944

Please help me fix my VPN [SOLVED]

I had working VPN configured on hap ac2 via one click in Mikrotik home Android app and it was accessible from my mobile phone via l2tp profile. Now I upgraded the phone to new one, and in Android 12 there is no l2tp vpn anymore. I found tutorial to set up ikev2 vpn - https://mikrotikon-pl.translate....
by gutekpl
Wed May 19, 2021 9:34 pm
Forum: Beginner Basics
Topic: How safe is l2tp/ipsec VPN set on MikroTik by a noob?
Replies: 6
Views: 1271

Re: How safe is l2tp/ipsec VPN set on MikroTik by a noob?

Thank you, less of scary logs indeed.
by gutekpl
Tue May 18, 2021 3:22 pm
Forum: Beginner Basics
Topic: How safe is l2tp/ipsec VPN set on MikroTik by a noob?
Replies: 6
Views: 1271

Re: How safe is l2tp/ipsec VPN set on MikroTik by a noob?

Thank You, disabled. And how about SSTP?
I see that enabling VPN via app enabled those three together.
x.PNG
by gutekpl
Tue May 18, 2021 1:29 pm
Forum: Beginner Basics
Topic: How safe is l2tp/ipsec VPN set on MikroTik by a noob?
Replies: 6
Views: 1271

How safe is l2tp/ipsec VPN set on MikroTik by a noob?

Hi, I recently set up VPN on my hAP AC^2 to get access to monitoring/NAS from the world. From what I heard this is the best solution to access private environment insted of exposing it directly to the internet via public IP. I am not networking pro so I used new Mikrotik Home app and checked "e...
by gutekpl
Wed May 05, 2021 8:35 pm
Forum: Beginner Basics
Topic: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)
Replies: 7
Views: 1215

Re: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)

This was some leftover from testing, I have this field back on default. Configuration is messy I know, because there are 4 devices with 4 presets which gives 16 different configs. However as I wrote, when I switch config from working cAP to wAP it still doesn't work, so that bring us to my original ...
by gutekpl
Fri Apr 30, 2021 1:11 pm
Forum: Beginner Basics
Topic: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)
Replies: 7
Views: 1215

Re: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)

WIFI Frequencies may not match channel number specified in name, I was playing with them lately and didnt update names. # apr/30/2021 12:11:23 by RouterOS 6.48.2 # software id = S87N-E2ZU # # model = RBD52G-5HacD2HnD # serial number = B4A00AE5300B /caps-man channel add band=2ghz-b/g/n comment=hAP fr...
by gutekpl
Tue Apr 27, 2021 11:05 am
Forum: Beginner Basics
Topic: Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)
Replies: 7
Views: 1215

Can't set slave wireless interfaces on wAP AC (works ok on cAP AC)

Few words of HW setup - hAP AC^2 as mother device running CAPsMAN. Two cAP AC's running in CAP mode, all works perfectly. Few words of configuration - master radios are used for home 2.4/5 networks, both of them have their slaves - 2.4ghz is for iot devices, 5ghz is for guests. Bought wAP AC to gard...
by gutekpl
Fri Apr 16, 2021 1:15 pm
Forum: Beginner Basics
Topic: RBGPOE connected to PoE switch - will it block power request from source?
Replies: 1
Views: 487

RBGPOE connected to PoE switch - will it block power request from source?

I have Linksys PoE switch powering 5 cameras and 3 mikrotik access points. Linksys is powered from UPS, therefore all devices work during power outage. Thing is that I don't need APs to work during outage, I want my cameras to work few minutes longer. Do I need second PoE switch not attached to UPS ...
by gutekpl
Thu Jan 14, 2021 1:58 pm
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 295
Views: 127572

Re: v6.48 [stable] is released!

hEX PoE lost health info in 6.48
hex.PNG
by gutekpl
Sat Nov 07, 2020 9:56 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

Woops, hEX PoE became unaccessible today. I couldn't connect to it from my PC via IP/MAC. I did reboot via MAC telnet from my main router and after reboot it was still unaccessible and without IP address. Again via MAC telnet from main router I disabled rules 0-8 and it instantly got IP address from...
by gutekpl
Fri Nov 06, 2020 9:53 am
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

You are indeed forum guru. Thank You once more, it works like a charm now. All cameras accessible with all rules enabled and when I change MAC camera stops responding. Posting final settings, maybe someone will find it useful one day. Environment described few posts above.. Przechwytywanie.PNG Thank...
by gutekpl
Fri Nov 06, 2020 12:01 am
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

First of all thank You for Your patience. I totally understand what You wrote and it makes perfect sense in my logic, but sadly doesn't work. My setup: eth1 - connection with rest of the network eth2 - cam1 eth3 - cam2 eth4 - disabled eth5 - cam3 Settings on hEX PoE: Przechwytywanie.PNG This setup b...
by gutekpl
Thu Nov 05, 2020 9:08 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

I created "redirect to cpu" rule on switch1/eth2 but now when I provide cam MAC it stops working (only cam traffic is redirected to CPU) which is exactly opposite of what I want to achieve. In my understanding solution would be same switch rule with !MAC where all MACs except cam's would b...
by gutekpl
Thu Nov 05, 2020 3:08 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

Cameras are in same LAN as PC so I understand I am interested in forward rule

I created drop rule for both directions and changed MAC to different (oirignal ends up with 17) and I still can access camera via IP in browser, so it is not working as it should be.
Przechwytywanie.PNG
by gutekpl
Thu Nov 05, 2020 12:52 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

On hEX PoE which my cameras are connected to I created rules as below in section bridge-> filters, but I still can connect to them from my PC if I change MAC in rule for test purposes. Is it because from my side they are treated as destination not source and it is ok (I don't have opportunity to con...
by gutekpl
Tue Nov 03, 2020 10:36 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

I managed to setup RADIUS server on my QNAP NAS and connected hEX PoE with it (I could authenticate on router using user from RADIUS), but nothing else. I was playing with it nearly 2h and I think there is issue on camera side - it doen't have EAP-TTLS which I set on hEX. Przechwytywanie.PNG I think...
by gutekpl
Tue Nov 03, 2020 2:50 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

I see IEEE 802.1X enable checkbox on my hikvision cam along with some parameters like protocol, version, user, password, so I assume it is supported. What now? Should I find tutorial how to setup IEEE 802.1X on mikrotik yes? Is it better to set it directly on hex poe managing only those 3 cams, or b...
by gutekpl
Tue Nov 03, 2020 1:31 pm
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24688

Re: Allow Ethernet interface with specific MAC address only

I have hex poe with pretty default configuration powering on my 3 outdoor cameras. Ether1 plugged to my network and ether 2,3 and 5 connected to cameras. poe.PNG I was thinking about restricting those ports to my devices MAC only so if anyone unplugs my camera and connects other device it won't get ...
by gutekpl
Mon Sep 21, 2020 4:51 pm
Forum: SwOS
Topic: Powering RB260GS from PoE
Replies: 3
Views: 5316

Re: Powering RB260GS from PoE

Hi.
And what if I will plug ETH1 of RB260 to some PoE Switch with 802.3af / 802.3at? Because of passive PoE I am afraid auto-negotiation will fail to set proper voltage? Or it will work OK?
by gutekpl
Fri Jul 24, 2020 11:22 pm
Forum: General
Topic: Powering cameras from mikrotik switch [SOLVED]
Replies: 3
Views: 2167

Re: Powering cameras from mikrotik switch [SOLVED]

Ok, so in order to maintain 802.3 af/at on Eth2-5 of hEX I need to fed it with 48V, thats clear.
Can I do it with PoE injector+48V supply via ethernet cable? Or it needs to come through DC input?

Is this solution a good practice or I should go with different approach?
by gutekpl
Fri Jul 24, 2020 9:21 pm
Forum: General
Topic: Powering cameras from mikrotik switch [SOLVED]
Replies: 3
Views: 2167

Powering cameras from mikrotik switch [SOLVED]

Hi, I am a bit confused with all that PoE standards, so I would appreciate some help. I have ethernet cable which is plugged into Linksys LGS116P switch at home and it is powering IP camera mounted outside, everything works well and this is clear. Now I want to mount second camera in same place wher...
by gutekpl
Thu Feb 20, 2020 9:41 pm
Forum: Forwarding Protocols
Topic: Connection between two separate networks [SOLVED]
Replies: 7
Views: 11066

Re: Connection between two separate networks [SOLVED]

Seems You were right. It should work since begining. Traffic between networks was blocked by this: bl.PNG So I created address list called iot, added there all hosts form home network which should be able to access raspberrypi in iot network and added it as exception for above. Now it works. al.PNG
by gutekpl
Thu Feb 20, 2020 9:52 am
Forum: Forwarding Protocols
Topic: Connection between two separate networks [SOLVED]
Replies: 7
Views: 11066

Re: Connection between two separate networks [SOLVED]

If you're trying to say that you isolated iot network just by not giving some devices default gateway, then bad news, you really didn't. It's not very likely that those devices will be guessing what the gateway is and trying to get out that way. But if they did, they could succeed. No, I separated ...
by gutekpl
Thu Feb 20, 2020 12:57 am
Forum: Forwarding Protocols
Topic: Connection between two separate networks [SOLVED]
Replies: 7
Views: 11066

Re: Connection between two separate networks [SOLVED]

Well that would require changing mask from /24 to /16 isn't it? With /24 I can access only IPs withing range x.x.x.1-254, right? And those networks are separated for a reason. If some chinesse hackers sitting 20 meters underground have backdoor on some of their iot devices I don't want them to have ...
by gutekpl
Thu Feb 20, 2020 12:36 am
Forum: Forwarding Protocols
Topic: Connection between two separate networks [SOLVED]
Replies: 7
Views: 11066

Connection between two separate networks [SOLVED]

Hello. I need some help as my knowledge about networks tells me that this is possible but I dont know how. I have 2 networks at home (well actually 3, but third one is irrelevant in this case): - hap ac2 eth1-4 + wifi "home" vlan1, ip pool 192.168.1.0/24 - some basic home devices like note...
by gutekpl
Sun Jan 26, 2020 9:49 pm
Forum: Scripting
Topic: Basic netwatch via ping with saving error timestamp to textfile
Replies: 6
Views: 4861

Re: Basic netwatch via ping with saving error timestamp to textfile

Why not just use a telegram bot to receive ping notifications? That was my first idea and I did it that way as I already have few telegram informations implemented. It was working pretty ok on test IP 8.8.8.88. All "unreachable" messages arrived to me via telegram. But when I moved it fro...
by gutekpl
Fri Jan 24, 2020 8:59 am
Forum: General
Topic: My public IP is getting raped by port scanners - is that normal?
Replies: 24
Views: 6150

Re: My public IP is getting raped by port scanners - is that normal?

Stopping seeding of linux iso's makes port scanning stop within 2 minutes. I resume it starts again. My guess is that one of peers has some malicious software installed and it uses seeders list as target for attack.
by gutekpl
Thu Jan 23, 2020 12:38 am
Forum: General
Topic: My public IP is getting raped by port scanners - is that normal?
Replies: 24
Views: 6150

Re: My public IP is getting raped by port scanners - is that normal?

Came back home and studied Shodan a bit more. If I understand correctly I am added there not as "host", but as comment to other host entry: Bez tytułu.png I checked Deluge running on my raspberry pi and indeed it used 52676 port during current session. So if my thinking is correct then som...
by gutekpl
Wed Jan 22, 2020 10:27 pm
Forum: General
Topic: My public IP is getting raped by port scanners - is that normal?
Replies: 24
Views: 6150

Re: My public IP is getting raped by port scanners - is that normal?

I checked shodan and I am listed there with that port 52676 - what does it mean? Where did it came from? Entry was added there yesterday, but I am getting flooded since 3 days - just when I did upgrade to 6.46.2 from 6.46.
by gutekpl
Wed Jan 22, 2020 6:51 pm
Forum: General
Topic: My public IP is getting raped by port scanners - is that normal?
Replies: 24
Views: 6150

Re: My public IP is getting raped by port scanners - is that normal?

BTW That IP Address may be a QNAP server http://93.105.141.14:8080/cgi-bin/ Do you have a QNAP NAS running? Now it became a bit creepy as I have QNAP running in my network. I hope it is just coincidence, as it works just as DVR for outside cam recording and no aditional services are configured on i...
by gutekpl
Tue Jan 21, 2020 11:38 pm
Forum: General
Topic: My public IP is getting raped by port scanners - is that normal?
Replies: 24
Views: 6150

My public IP is getting raped by port scanners - is that normal?

Hi, I am using MT devices around year now and I like to check my main router logs from time to time. There was always some port scanner entries from Firewall, some IP scanned few ports and disappeared for some time. Sometimes there were 3-4 different scanning source IPs per day, sometimes there was ...
by gutekpl
Fri Jan 17, 2020 3:40 pm
Forum: Scripting
Topic: Basic netwatch via ping with saving error timestamp to textfile
Replies: 6
Views: 4861

Re: Basic netwatch via ping with saving error timestamp to textfile

Are You reffering to this part?
:set contents ($contents . "\n" . $time)
How to avoid it? Is there any other way to save new data at the end of the file?
by gutekpl
Tue Jan 14, 2020 3:35 pm
Forum: Scripting
Topic: Basic netwatch via ping with saving error timestamp to textfile
Replies: 6
Views: 4861

Re: Basic netwatch via ping with saving error output to textfile

Ok, I think I managed to get it working :D :local file :local time :local date :set time [/system clock get time] :set date [/system clock get date] :local file ([:pick $date 7 11]."-".[:pick $date 0 3]."-".[:pick $date 4 6]) :if ([/ping 8.8.8.8 count=5] = 0) do={ :log error &quo...
by gutekpl
Tue Jan 14, 2020 2:40 pm
Forum: Scripting
Topic: Basic netwatch via ping with saving error timestamp to textfile
Replies: 6
Views: 4861

Basic netwatch via ping with saving error timestamp to textfile

Hi guys. Out of curiosity I want to test my ISP stability/uptime. Easiest way I think of is to run scheduler with ping 8.8.8.8 every few seconds, and report if there is output other than normal ping reply. This is what I came up with: :local file :local time :local date :set time [/system clock get ...
by gutekpl
Fri Nov 01, 2019 11:33 pm
Forum: Beginner Basics
Topic: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]
Replies: 9
Views: 6242

Re: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]

Welcome to the Mikrotik botnet... If you don't like this "feature", make sure internet interface detection, cloud and auto time sync and timezone are all disabled. That fixed it for me, have blocking firewall rule and it's been sitting there with 0 hits for months... Yup, internet detecti...
by gutekpl
Fri Nov 01, 2019 9:41 am
Forum: Beginner Basics
Topic: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]
Replies: 9
Views: 6242

Re: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]

Try disabling Time Zone Autodetect if you haven't already.
/system clock set time-zone-autodetect=no
Disabled it at night yesterday. Growth of requests at morning is still high.
by gutekpl
Thu Oct 31, 2019 11:23 pm
Forum: Beginner Basics
Topic: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]
Replies: 9
Views: 6242

Re: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]

You really don't want your router to communicate with mikrotik ? Why? :lol:
Didn't say anything like that. I just like to know what is going on if I have such possibility.
by gutekpl
Thu Oct 31, 2019 5:13 pm
Forum: Beginner Basics
Topic: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]
Replies: 9
Views: 6242

Re: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]

I found that on wiki when googled for cloud.mikrotik.com. I have "DDNS enabled" and "Update time" both unchecked on all three devices.
by gutekpl
Thu Oct 31, 2019 8:38 am
Forum: Beginner Basics
Topic: Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]
Replies: 9
Views: 6242

Mikrotik devices are constantly connecting to cloud.mikrotik.com - what for? [SOLVED]

Hi, Installed pi-hole yesterday to get some control on my home network traffic and I noticed that cloud.mikrotik.com is topping query list after one day. What happens there that all mikrotik devices are constantly connecting there? I have 3 MT devices and pi-hole is running for like 16 hours, which ...
by gutekpl
Mon Aug 05, 2019 8:31 am
Forum: Announcements
Topic: Winbox v3.19 released!
Replies: 33
Views: 42052

Re: Winbox v3.19 released!

Przechwytywanie.PNG
Is this winbox or os issue? Timestamp is wrong and dynamic which means if I log in after 5 minutes, it will show this time + 5 minutes. Always 3 days ahead.
by gutekpl
Sun Jul 14, 2019 8:37 pm
Forum: Announcements
Topic: MikroTik News June 2019 (Issue #89)
Replies: 38
Views: 30196

Re: MikroTik News June 2019 (Issue #89)

wAP ac LTE - powerful and versatile dual-band wireless access point with LTE support My original plans was to put standard wAP AC outside home as garden access point. Can wAP ac LTE be configured to act both as garden AP and LTE backup ISP when main ISP (fibre coming to hap ac2 via media converter)...
by gutekpl
Thu Jul 11, 2019 9:51 pm
Forum: RouterBOARD hardware
Topic: Mikrotik RBGESP surge protector [SOLVED]
Replies: 3
Views: 3444

Mikrotik RBGESP surge protector [SOLVED]

Quick question - does it matter which side is plugged into ISP line entering home or it should work both sides the same?
by gutekpl
Wed May 15, 2019 1:18 pm
Forum: Scripting
Topic: Set timer or some other way to prevent script from running multiple times in short time [SOLVED]
Replies: 5
Views: 3207

Re: Set timer or some other way to prevent script from running multiple times in short time [SOLVED]

In scripts I created dwnFlagCleaner :global downloadFlag set downloadFlag "0" And in traffic monitor I now have this maxDown if ($downloadFlag != "1") do={ global telegramMessage "Download 100mbps reached!" /system script run SendToTelegram set downloadFlag "1"...
by gutekpl
Wed May 15, 2019 1:06 pm
Forum: Scripting
Topic: Two questions about DHCP leases script. [SOLVED]
Replies: 10
Views: 12717

Re: Two questions about DHCP leases script. [SOLVED]

Hah, I read that manual which I pasted above searching for mac address variable, but turns out that other variables I needed now are also there! if ($leaseBound = "1") do={ global telegramMessage "$"lease-hostname" ($leaseActMAC) got address $leaseActIP from DHCP_guest"...
by gutekpl
Tue May 14, 2019 10:04 pm
Forum: Scripting
Topic: Two questions about DHCP leases script. [SOLVED]
Replies: 10
Views: 12717

Re: Two questions about DHCP leases script. [SOLVED]

They are being set automaticaly during dhcp registration process lease-script (string; Default: "") Script that will be executed after lease is assigned or de-assigned. Internal "global" variables that can be used in the script : leaseBound - set to "1" if bound, otherw...
by gutekpl
Tue May 14, 2019 7:28 pm
Forum: Scripting
Topic: Two questions about DHCP leases script. [SOLVED]
Replies: 10
Views: 12717

Re: Two questions about DHCP leases script. [SOLVED]

The thing is I am not parsing that mac anyhow, Its builtiin feature which I use. If I was parsing it already then probably my knowledge would be enough to modify it by myself :)
by gutekpl
Mon May 13, 2019 10:24 am
Forum: Scripting
Topic: Set timer or some other way to prevent script from running multiple times in short time [SOLVED]
Replies: 5
Views: 3207

Set timer or some other way to prevent script from running multiple times in short time [SOLVED]

I want to monitor my download to check how often I reach max bandwidth and basing on that decide whether to increase speed at my ISP or not. I created simple traffic monitor, set trigger to above 100M and pasted this script: global telegramMessage "100mbps reached!" /system script run Send...
by gutekpl
Sun May 12, 2019 12:55 am
Forum: General
Topic: CAPsMAN virtual wlans don't inherit wireless channel settings [SOLVED]
Replies: 3
Views: 1364

Re: CAPsMAN virtual wlans don't inherit wireless channel settings [SOLVED]

Thank You. One more thing. Even if it works very well now, best practice is best practice and should be followed all the time, so... Is it better to leave it as it is - all three devices (hap/cap/cap) on same channels, or maybe I should split channels between devices? something like: hap: 1 / 36 cap...
by gutekpl
Sat May 11, 2019 11:09 pm
Forum: General
Topic: CAPsMAN virtual wlans don't inherit wireless channel settings [SOLVED]
Replies: 3
Views: 1364

CAPsMAN virtual wlans don't inherit wireless channel settings [SOLVED]

Hi, I installed wireless analyzer today on android phone, and noticed that my wireless networks uses only 2 of 4 channels I set in CAPsMAN settings. I have 4 channels configured: 1 - home 2.4g 11 - home internet of things 36 - home 5g 44 - guests it looks like this: prze.PNG Then in configuration I ...
by gutekpl
Fri Apr 26, 2019 10:17 am
Forum: Scripting
Topic: Two questions about DHCP leases script. [SOLVED]
Replies: 10
Views: 12717

Re: Two questions about DHCP leases script. [SOLVED]

Here is complete script, but it is only responsible for sending it via telegram, so I did not posted it before as I think it doesn't matter. :global telegramMessage :local botid :local chatid set botid "xyz" set chatid "123" if ($telegramMessage != "") do={ /tool fetch ...
by gutekpl
Mon Apr 22, 2019 8:50 pm
Forum: Scripting
Topic: Two questions about DHCP leases script. [SOLVED]
Replies: 10
Views: 12717

Two questions about DHCP leases script. [SOLVED]

I have a simple script which informs me via Telegram whenever I have new device connected via guest wifi. global telegramMessage "$leaseActMAC connected as guest and received $leaseActIP address." /system script run SendToTelegram My guest DHCP lease is set to 6h and I get 2 messages per d...
by gutekpl
Tue Apr 16, 2019 10:24 am
Forum: Wireless Networking
Topic: WiFi in garden - wouldn't cAP AC be better than wAP AC?
Replies: 15
Views: 3754

Re: WiFi in garden - wouldn't cAP AC be better than wAP AC?

Well, garden is for mobile devices mostly and all of them as for now work on 5ghz so it may be worth going this way.

But is omnitik really much better than wAP? I see they have very simmilar cpu, same AC speed, same OS, just a bit more ram, what is the game changer?
by gutekpl
Thu Apr 11, 2019 9:52 pm
Forum: Beginner Basics
Topic: Is routing package doing anything more beside things contained in Routing menu on the left? [SOLVED]
Replies: 1
Views: 976

Is routing package doing anything more beside things contained in Routing menu on the left? [SOLVED]

I am doing some cleaning on my hAP Ac^2 configured as main router with capsman running on it. I have already disabled ipv6, hotspot, mpls and advanced-tools. I checked Routing submenus on the left and I have nothing configured there, so I am wondering can I disable it and if yes is it safe to disabl...
by gutekpl
Fri Apr 05, 2019 2:38 pm
Forum: Wireless Networking
Topic: WiFi in garden - wouldn't cAP AC be better than wAP AC?
Replies: 15
Views: 3754

Re: WiFi in garden - wouldn't cAP AC be better than wAP AC?

Get Groove 52 ac
DO NOT DO THIS!
Groove has only one radio, therefore you have to select - either 2GHz or 5GHz. It can't do both at the same time like any usual AP.
I noticed that. Going for wAP AC.
by gutekpl
Thu Apr 04, 2019 11:37 am
Forum: General
Topic: Mikrotik "Internet detect" problem
Replies: 19
Views: 23246

Re: Mikrotik "Internet detect" problem

I think new mobile app solved that issues.
by gutekpl
Sun Mar 31, 2019 3:57 pm
Forum: Wireless Networking
Topic: Wireless disconnected, group key exchange timeout
Replies: 68
Views: 75328

Re: Wireless disconnected, group key exchange timeout

this is a old issue. its 99% sure due to bad signal.
I don;t think so. It's currently affecting my MiBOX which lies around 50cm from cAP AC and has full signal strength.

Earlier had this for random devices on random times. Changed 05min to 1h now, will see. using CAPsMAN on 6.44.0
by gutekpl
Fri Mar 29, 2019 10:25 pm
Forum: Wireless Networking
Topic: Mikrotik CAPSMAN + SONOFF(ITEAD) devices
Replies: 10
Views: 7712

Re: Mikrotik CAPSMAN + SONOFF(ITEAD) devices

I have capsman based on 2 devices - hap ac2 + cap ac and few sonoffs (basic, dual, pow), each one of them works fine, without any issues while pairing. I used standard quick pairing in ewelink app. You can paste You capsman config screenshots, so I can compare them with mine settings if You like.
by gutekpl
Fri Mar 29, 2019 10:23 pm
Forum: Wireless Networking
Topic: WiFi in garden - wouldn't cAP AC be better than wAP AC?
Replies: 15
Views: 3754

Re: WiFi in garden - wouldn't cAP AC be better than wAP AC?

Didn't thought about insects, You may be correct indeed, that they can make some mass after longer time. So I have now around 70MB free ram on my other cAP AC with few packages disabled , does that mean that wAP will have only 6MB free with same config? Isn't that too low? Anyone have any experience...
by gutekpl
Fri Mar 29, 2019 3:54 pm
Forum: Wireless Networking
Topic: WiFi in garden - wouldn't cAP AC be better than wAP AC?
Replies: 15
Views: 3754

WiFi in garden - wouldn't cAP AC be better than wAP AC?

It will be mounted outside, but under roof so protected from rain/snow and direct sunlight in summer when sun is high. Tested ambient temperature starts from -40 for both, cAP ends on 50C while wAP on 70C, but as they are white and will be protected from direct sun I dont think that 20C makes a big ...
by gutekpl
Wed Mar 20, 2019 4:35 pm
Forum: General
Topic: Mikrotik "Internet detect" problem
Replies: 19
Views: 23246

Re: Mikrotik "Internet detect" problem

Enabling it turned on my internet speed graph in mobile app. However thing I cannot understand is difference in speeds between pppoe-out1 and ether1 - for my understanding that should be exactly the same, as my ISP cable is plugged into eth1.
by gutekpl
Fri Mar 15, 2019 7:22 pm
Forum: General
Topic: Mobile app customisation
Replies: 1
Views: 688

Re: Mobile app customisation

It looks for me exactly like on screen.

Info about new version is shown automaticaly.

Internet traffic is shown after tuning on internet detection in interfaces - detect internet.
by gutekpl
Fri Mar 08, 2019 1:23 pm
Forum: General
Topic: wifi AC speed went down from 7xx mbps to 1xx mbps after migrating wlans to CAPsMAN
Replies: 2
Views: 953

Re: wifi AC speed went down from 7xx mbps to 1xx mbps after migrating wlans to CAPsMAN

No, I removed .11a just after posting that post - realized it is not used anymore. Anyway problem solved, turns out that in MikroTik the best way is to not touch options which You are not sure how works. I removed "control channel" and "extension channel" and speeds are now ok. T...
by gutekpl
Fri Mar 08, 2019 12:43 pm
Forum: General
Topic: wifi AC speed went down from 7xx mbps to 1xx mbps after migrating wlans to CAPsMAN
Replies: 2
Views: 953

wifi AC speed went down from 7xx mbps to 1xx mbps after migrating wlans to CAPsMAN

Hey. hAP AC2 is my main router on which wifi worked at full speed until it was configured "localy" (in wireless instead of capsman). In order to extend wifi range I bought cAP AC. There was some mess with configuration, because of my three vlans and multiple ssid, but I finally managed it....
by gutekpl
Sun Mar 03, 2019 11:16 am
Forum: General
Topic: MIKROTIK SMB with external HDD or USB drive
Replies: 17
Views: 104089

Re: MIKROTIK SMB with external HDD or USB drive

This is a pretty old topic so maybe something changed in this case. I currently don't have money for synology 918 so I thought about buying single wd red 4tb, putting it into usb enclosure and connecting to mikrotik hap ac2 as smb storage. Will it handle? I don't need nothig fancy like for monitorin...
by gutekpl
Sun Mar 03, 2019 11:07 am
Forum: Beginner Basics
Topic: Extending home network with additional mikrotik APs.
Replies: 6
Views: 1897

Extending home network with additional mikrotik APs.

I recently rebuild my home network with mikrotik hap ac2 as a brain of this operation. Now, when I have configured all vlans, guest and IoT networks, etc. I started thinking about signal range extension. I found MikroTik RouterBOARD RbcAPGi-5acD2nD, cAP ac and here is the main question of this topic...
by gutekpl
Wed Feb 27, 2019 11:24 am
Forum: General
Topic: Exclude guest network from fasttrack to limit its bandwidth with simple queue - possible? [SOLVED]
Replies: 5
Views: 2537

Re: Exclude guest network from fasttrack to limit its bandwidth with simple queue - possible? [SOLVED]

Thank You. It didn't work at beginning when I applied network IP in allow rule same as in fasttrack but without "!", but when I used whole guest bridge it works. But as I am very curious person one more thing did cross my mind. If the guest-accept rule is now above fasttrack, then it shoul...
by gutekpl
Wed Feb 27, 2019 10:59 am
Forum: General
Topic: Exclude guest network from fasttrack to limit its bandwidth with simple queue - possible? [SOLVED]
Replies: 5
Views: 2537

Re: Exclude guest network from fasttrack to limit its bandwidth with simple queue - possible? [SOLVED]

Switched places 7 with 8 and now it works. Is that good way too? Or should I copy this allow rule and for guest network place it above fasttrack and for rest leave it under fasttrack as it was?
by gutekpl
Wed Feb 27, 2019 1:56 am
Forum: General
Topic: Exclude guest network from fasttrack to limit its bandwidth with simple queue - possible? [SOLVED]
Replies: 5
Views: 2537

Exclude guest network from fasttrack to limit its bandwidth with simple queue - possible? [SOLVED]

Hello. I just spent some time digging why simple queues doesn't work and then I found that fasttrack doesn't come along with them. Actually I didn't have idea what fasttrack is so I read some stuff and I liked it. However I would also like to have my guest wifi limited to 5MB. Guest pool network is ...
by gutekpl
Fri Feb 22, 2019 10:47 am
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

Well, I'm suggesting you create two SSID names, Home and Home24G. Name them whatever you want. How this solves splitting devices connected to Home24G between home vlan1 and iot vlan100? I would understand if You suggest "IoT" 2.4 SSID, "HOME" 2.4 and 5 SSIDs overlaping each othe...
by gutekpl
Fri Feb 22, 2019 1:09 am
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

So the solution from picture attached below is not possible to achieve, right?
by gutekpl
Fri Feb 22, 2019 12:56 am
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

Then You got me wrong. Both master radios have same SSID with same password, so home client device just connect with the one which is best for it. In case of my new phone it uses 5ghz, in case of old notebook it uses 2.4ghz, etc. Same was with guest SSID, but it is no longer valid as I removed guest...
by gutekpl
Fri Feb 22, 2019 12:26 am
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

The SSIDs and of course wpa2 psk passwords should be different. So in Your example I have 3 SSIDs, right? home - common for 2.4 and 5 master radios guest - for slave radio 5 iot - for slabe radio 2.4 Am I right? If I have master and slave 2.4 with same SSID then how would client device know to whic...
by gutekpl
Thu Feb 21, 2019 9:05 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

I wanted guest 2.4ghz and guest 5ghz in same vlan because I thought its the simplest solution. They will have same ssid and be transparent. However as I am thinking now I dont need 2.4 for guestd as guest wifi is mostly for mobile devices and those all should now have 5ghz so we can reduce that. Sla...
by gutekpl
Thu Feb 21, 2019 6:57 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

I know that guest wifi is just a fancy name for logic behind that. I also know that hidden ssid isnt for protection. Anyway, lets skip it, thats not the point in here. I pasted link above to show how did i create guest wifi where guy used seperate bridge for that. If assumptions in this tutorial are...
by gutekpl
Thu Feb 21, 2019 5:46 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

Guest WiFi on seperate VLAN was done following this tutorial:
https://www.youtube.com/watch?v=1ZJ-pM89N7o
by gutekpl
Thu Feb 21, 2019 4:02 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

You can set up VLAN membership per device ... but that involves entering MAC address of every single "special" device I am aware of that and totally OK with reserving lease once per device lifetime. Just can't find the way to do it, I cannot select same interfaces (wlan1+2) second time fo...
by gutekpl
Thu Feb 21, 2019 3:49 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

I just did. Thanks for tips contained in there and for Your approach which is easy to understand even for normal people, not only for network geeks, my VLAN knowledge has now grown a bit. However I did find there only refference to my first idea which is seperate SSID per VLAN. I would really love t...
by gutekpl
Thu Feb 21, 2019 2:37 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Re: Three vlans at home on MT hap ac2 - best practice?

I am thinking now about my idea number two and I suppose it is wrong too, because DHCP is two way communication, so if even if dhcp server from network 192.168.1.0/24 will assign someone IP from 192.168.100.0/24 it will lose connection with that client immidiately and there won't be handshake or wha...
by gutekpl
Wed Feb 20, 2019 7:19 pm
Forum: General
Topic: Three vlans at home on MT hap ac2 - best practice?
Replies: 20
Views: 4391

Three vlans at home on MT hap ac2 - best practice?

Hello. I am new to mikrotik but already amazed with it's possibilities. Here is picture of what I want to accomplish at home: 192.168.1.0/24 default network (in my mind called vlan1), bridging eth2-5 + both wlans (2.4ghz and 5ghz) - already working, has own dhcp server with pool .1.100-.1.250, high ...