Community discussions

MikroTik App

Search found 202 matches

by Znevna
Sun Feb 21, 2021 11:45 pm
Forum: General
Topic: Winbox - Darkmode - For the love of God, Please. [SOLVED]
Replies: 11
Views: 707

Re: Winbox - Darkmode - For the love of God, Please. [SOLVED]

Ah yes, the only problem left to be resolved in the MikroTik world: a dark mode for WinBox.
As a side note, I have all my monitors set at around 120cd/m2, which is a reasonable value for most home/office environments, no "screaming white light" here.
by Znevna
Mon Feb 15, 2021 9:29 pm
Forum: General
Topic: DHCP Client
Replies: 15
Views: 4300

Re: DHCP Client

@Mozez any reason why you try to look smart on a ~3 years old topic?
by Znevna
Mon Feb 15, 2021 1:41 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 67
Views: 12135

Re: v6.47.9 [long-term] is released!

The PoE issue was introduced in 6.46.8, as the comments from that release prove it.
Going back to 6.46.7 fixes it. Someone complained in IRC too about that.
One of the reasons I was hoping for a 6.46.9 bugfix release.
by Znevna
Thu Feb 11, 2021 11:44 am
Forum: General
Topic: Polling of mikrotik.com [SOLVED]
Replies: 7
Views: 456

Re: Polling of mikrotik.com [SOLVED]

IP > Cloud > Update Time also uses the cloud afaik.
by Znevna
Wed Feb 10, 2021 11:16 am
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 67
Views: 12135

Re: v6.47.9 [long-term] is released!

I was hoping for at least an 6.46.9 version if not more, with more fixes than with added features.. Oh well.
by Znevna
Wed Feb 10, 2021 8:42 am
Forum: General
Topic: hAP ac2 external antenna mod
Replies: 12
Views: 1764

Re: hAP ac2 external antenna mod

An engineer doesn't need to see your facebook pictures to pull something like this or better. Chill. You didn't find the Holy Grail. I'm just not a supporter of illegal mods and warranty voiding operations. So the public for this topic would be just the ones that are curious and have little knowledg...
by Znevna
Mon Feb 01, 2021 2:35 pm
Forum: General
Topic: Mikrotik and pfsense
Replies: 1
Views: 238

Re: Mikrotik and pfsense

I'd say that not all configurations are done properly, or it would've worked.
But we'll check our crystal balls regarding that.
by Znevna
Mon Feb 01, 2021 9:07 am
Forum: General
Topic: Open 100 tabs at the same time
Replies: 13
Views: 878

Re: Open 100 tabs at the same time

Best solution: get a router that can handle your traffic.
hAP ac lite has a not so powerful CPU.
Any reason why you're using two bridges anyway?
Stick to one bridge.
And stop creating topics all over the place for the same issue.
by Znevna
Fri Jan 29, 2021 5:53 pm
Forum: General
Topic: IPv6 over vlan issues
Replies: 11
Views: 626

Re: IPv6 over vlan issues

Did you change your VLAN config again? now a bridge appeared! Why?
Add those VLANs to Ethernet1 directly.
by Znevna
Fri Jan 29, 2021 2:54 pm
Forum: General
Topic: IPv6 over vlan issues
Replies: 11
Views: 626

Re: IPv6 over vlan issues

That's not how it works, and that ::10a is outside that specified /126, again. But since you seem to know better, fix it yourself. You're still missing a proper default route/gateway. And if your ISP routed that /48 through that ::8 they gave you, you have to use that ::8, not whatever you want. Che...
by Znevna
Fri Jan 29, 2021 12:46 pm
Forum: General
Topic: IPv6 over vlan issues
Replies: 11
Views: 626

Re: IPv6 over vlan issues

I donno about the VLAN config but your whole IPv6 config just looks wrong. Shouldn't you have 2001:DB8:ffff:fffe::8/126 set on your IPv6 VLAN Interface? What is that ::2 doing there? which is outside the said /126. I see no purpose for that P2P pool. And where is your gateway? You've mentioned 2001:...
by Znevna
Thu Jan 28, 2021 7:34 pm
Forum: General
Topic: Mikrotik PCI DSS External Vulnerability Scan
Replies: 5
Views: 435

Re: Mikrotik PCI DSS External Vulnerability Scan

I'm eager to see that export.
by Znevna
Thu Jan 28, 2021 8:42 am
Forum: General
Topic: What is strtbiz.site?
Replies: 6
Views: 513

Re: What is strtbiz.site?

Must lilkely you've set "allow remote requests" in the DNS Settings and you didn't block access to it from the internet, and now your Router is part of a DNS Attack.
Secure your router.
by Znevna
Mon Jan 25, 2021 12:28 am
Forum: General
Topic: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)
Replies: 6
Views: 430

Re: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)

adding more latency to your latency issues never solved anything.
by Znevna
Mon Jan 25, 2021 12:06 am
Forum: General
Topic: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)
Replies: 6
Views: 430

Re: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)

Yes, change your ISP.
by Znevna
Sat Jan 23, 2021 11:44 am
Forum: General
Topic: Coax to RJ45 - is a MoCA adapter required? [SOLVED]
Replies: 8
Views: 624

Re: Coax to RJ45 - is a MoCA adapter required? [SOLVED]

That has nothing to do with MoCA, it's part of a system used by Dahua, ePoE, and those adapters are advertised as EoC Passive Converters, the "passive" implies no chipset.
https://www.dahuasecurity.com/products/ ... logies/332
by Znevna
Fri Jan 22, 2021 5:19 am
Forum: General
Topic: Coax to RJ45 - is a MoCA adapter required? [SOLVED]
Replies: 8
Views: 624

Re: Coax to RJ45 - is a MoCA adapter required? [SOLVED]

Just like stated above, there are no alternatives to your cable modem. Those MoCA (Multimedia over Coax Alliance) devices work in pairs, so unless your ISP is using them for the services provided to you they would do you no good. Unless you want to use a pair of them in your house for something else...
by Znevna
Sun Jan 17, 2021 2:52 pm
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1274

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

Same advice I gave him above to fix his "tcp timestamps". If he would've done that, both of these "vulnerabilities" wouldn't be an "issue" -- secure your devices or pay someone to do it for you.
But the nut didn't stick to the wall.
by Znevna
Sun Jan 17, 2021 12:40 pm
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1274

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

yes, fix it like you've fixed the one above.
by Znevna
Mon Jan 11, 2021 3:06 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

It's the last time I wrote about some quirks in the configs. An "Oh yeah we forgot about this since we set it like this ages ago, we'll maybe take a look on this to improve the behaviour since it might have not been the best call back then" would've been a little better than "set it y...
by Znevna
Mon Jan 11, 2021 2:06 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

Ok, support response is: "RouterOS simply allocates 20 bytes headers. You can manually set the MTU and MRU values for the interface if other values are suitable. There is no need to increase the MTU on the ethernet interface." So they won't do anything about it. "What about the users ...
by Znevna
Mon Jan 11, 2021 10:10 am
Forum: General
Topic: RB750Gr3 difference between workstation speedtest vs bandwitch test
Replies: 13
Views: 749

Re: RB750Gr3 difference between workstation speedtest vs bandwitch test

It's not a hardware problem, that's for sure. He stated above that he had the same issue with 750Gr2 which is a completly different SoC (QCA9556 vs MT7621A) but even 750Gr2 can handle more than 100Mbps. It's somewhere between the chair and the speedtest server, but closer to the chair since I had a ...
by Znevna
Mon Jan 11, 2021 5:08 am
Forum: General
Topic: PUBG on Mikrotik | IP servers PUBG | Forward
Replies: 2
Views: 361

Re: PUBG on Mikrotik | IP servers PUBG | Forward

Get your snakeoil here, snakeoil everyone!
In what world limiting = acceleration?
Useless address lists.
by Znevna
Sat Jan 09, 2021 11:25 am
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

I'll wait from support, the behaviour ain't quite right.
Any user that has a pppoe-client as WAN out there is using a 12 bytes lower MTU than his provider supports, if everything is left to auto/defaults that is.
by Znevna
Fri Jan 08, 2021 6:25 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

Ok, I think I've figured it out where the bug might be, hope support confirms / fixes this. I've took some captures from the ethernet interface while connecting the pppoe-client and while watching them in Wireshark I saw something in an area to which I didn't pay much attention earlier (protocol req...
by Znevna
Fri Jan 08, 2021 3:09 pm
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 113
Views: 8545

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

I'm sure that every admin out there that respects his job went ahead and quickly updated all his production routers and switches just before new year not even a day after the build was released. That admin that did such a thing is not "industry standart (whatever a standart is)". Also the ...
by Znevna
Thu Jan 07, 2021 3:26 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

I wrote to support about this anyway, I had good results with support in the past, the issues reported were fixed.
by Znevna
Thu Jan 07, 2021 2:52 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

Regarding the MRU, no, here it shows only 1492 (max-mtu/mru both unset / auto) but I'll stay with 1520 in case the ISP decides to implement RFC4638 anyway.
ppp-mtu.PNG
by Znevna
Thu Jan 07, 2021 2:42 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

That's the one I was reffering to, how and why are those 12 (apparently invisible since it works just fine with 1500 and manualy setting 1492 for the PPPoE client interface) bytes getting in the picture.
I wasn't referring to the max-payload packet, I was just underlining the differences there.
by Znevna
Thu Jan 07, 2021 2:14 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

Ah, you had another post above explaining the two ISP's, I've missed it, sorry. Did some tests here, is this realy a MikroTik PPPoE implementation bug? I'll post some logs with stripped irelevant (I hope) stuff. Ethernet MTU 1500: 13:20:05 pppoe,ppp,debug,packet pppoe-wan: sent LCP ConfReq id=0x20 1...
by Znevna
Thu Jan 07, 2021 12:33 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

Your magic orb is probably better than mine, maybe he set it to the MTU negotiated by the PPPoE interface, like I wrote on the other topic :) PS: your screenshots kinda proove that your ISP has RFC4638 implemented, otherwise it wouldn't negotiate 1500 MTU on your PPPoE interface. Why do you state th...
by Znevna
Thu Jan 07, 2021 11:59 am
Forum: General
Topic: Some websites unavailable on IPv6 [SOLVED]
Replies: 12
Views: 1087

Re: Some websites unavailable on IPv6 [SOLVED]

Again, not even here he didn't went with 1280. Read: viewtopic.php?f=2&t=169757#p831468
The marked "solution" which stinks was not applied.
by Znevna
Thu Jan 07, 2021 11:51 am
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

How do you know that he forced 1280?
by Znevna
Thu Jan 07, 2021 10:01 am
Forum: General
Topic: RouterOS 5.21 is having problem on speedtest site
Replies: 19
Views: 3924

Re: RouterOS 5.21 is having problem on speedtest site

I think that in the last 7 years @sdugoten fixed his issue.
Good find tho'! right on time.
Are bots getting smarter?
by Znevna
Wed Jan 06, 2021 10:30 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 1983

Re: Netflix and IPv6

What is you PPPoE interface Actual MTU?
Anyway, take a look on this topic too: viewtopic.php?f=2&t=169757&p=832247#p831447
by Znevna
Wed Jan 06, 2021 10:56 am
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1274

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

MikroTik can respond with timestamps only for the services running on it (winbox, www etc) services which should be accessible only from trusted zones (Management VLAN, allowed IP list etc.). So fix your security issues first and there won't be any "vulnerability". For the DSTNATed ports y...
by Znevna
Wed Jan 06, 2021 8:16 am
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1274

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

What services is your MikroTik Router providing to the outside (wild wild internet) that you consider this a vulnerability?
by Znevna
Tue Jan 05, 2021 12:12 pm
Forum: General
Topic: IP Cloud
Replies: 71
Views: 30337

Re: IP Cloud

You can't.
by Znevna
Mon Jan 04, 2021 2:04 pm
Forum: General
Topic: UPS connection usb for RB750Gr3
Replies: 2
Views: 287

Re: UPS connection usb for RB750Gr3

What kind of UPS are you connecting to it? Is it compatible with the protocol supported by MikroTik / RouterOS ? https://wiki.mikrotik.com/wiki/Manual:System/UPS
by Znevna
Mon Dec 14, 2020 10:38 pm
Forum: General
Topic: How to Exclude a site from Web proxy ?
Replies: 8
Views: 2647

Re: How to Exclude a site from Web proxy ?

Giving solutions to an 8 year old topic, now that's something.
In those 8 years HTTPS got everywhere so this is kinda completly useless anyway.
But congrats for finding this old topic!
by Znevna
Thu Dec 10, 2020 4:22 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 38
Views: 3275

Re: "antenna gain" missing in 6.46.8?

We know what it means and what it does, adjusting TX Power by that amount to comply to the regulatory-domain limits for the country set. Its long definition in the case above would be: "antenna-gain=substract this amount from the maximum EIRP of the country set and use the result for TX Power.&...
by Znevna
Mon Dec 07, 2020 8:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 42887

Re: v7.1beta3 [development] is released!

[...] Also, can Mikrotik support please post a setup example for dual band AP config with the wave2 package? On RB4011 I can create one radio interface with the 4x4 5Ghz radio, but are unable (or have not found yet) how to create/enable the 2.4G radio card...? PS: Would be good to create maybe new ...
by Znevna
Fri Dec 04, 2020 3:16 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 38
Views: 3275

Re: "antenna gain" missing in 6.46.8?

Changing tx-power-mode to all-rates-fixed and altering tx-power does nothing unless we also set frequency-mode to manual-txpower which isn't allowed for the country selected that I'm currently in. Atleast that's what I get on a hAP ac2. And changing the country to something else you wouldn't be boun...
by Znevna
Fri Dec 04, 2020 12:26 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 38
Views: 3275

Re: "antenna gain" missing in 6.46.8?

Isn't it also the only way to reduce TX Power? By specifying a higher antenna gain? Yes, there are situations where you might want to lower TX Power.
by Znevna
Thu Dec 03, 2020 1:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 42887

Re: v7.1beta3 [development] is released!

Almost every device out there based on ipq4018/4019 has atleast 256MB of RAM. With a few exceptions, like RT-AC58U which struggles to not throw errors because of the very limited memory available out of the 128MB total. So I wouldn't keep my hopes up to see it running in the future on lower requirem...
by Znevna
Wed Dec 02, 2020 9:07 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1137

Re: DDOS ATTACK

Well, help them, don't send them to some useless blacklist "full of bad guys", for $90 (ps: you add 9 more and you can buy 1x hAP ac³).
A blacklist doesn't fix anything.
Cheers.
by Znevna
Wed Dec 02, 2020 7:08 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1137

Re: DDOS ATTACK

@anav, could you stop recommending that useless blacklist everywhere?
If atleast he had some MikroTik certification.. but self-proclaimed "experts" are meh, in my personal opinion.
Cheers.
by Znevna
Wed Dec 02, 2020 2:44 pm
Forum: General
Topic: Some websites unavailable on IPv6 [SOLVED]
Replies: 12
Views: 1087

Re: Some websites unavailable on IPv6 [SOLVED]

Any advantage / disadvantage messing with mss instead of using lower mtu for IPv6 on LAN in cases like this? PS: contrary to what IPANetEngineer said above, it worked for some websites because some websites still force a lower, fixed MTU for IPv6, like 1280, disregarding the mss from the syn sent by...
by Znevna
Mon Nov 30, 2020 11:55 pm
Forum: General
Topic: Port scanner filling up connection tracking
Replies: 21
Views: 1194

Re: Port scanner filling up connection tracking

Um, you didn't move the port scanning detection rules in raw too, did you? that won't work.
You only keep the drop rule in raw, that's it.
by Znevna
Mon Nov 30, 2020 8:43 pm
Forum: General
Topic: Port scanner filling up connection tracking
Replies: 21
Views: 1194

Re: Port scanner filling up connection tracking

If your raw drop rule is set for a specific list, that list shouldn't contain "legit" IPs -> shouldn't drop legit traffic. If it does, you're doing something wrong. For example I'm piling up IPs that are hammering my DNS with abusive queries (todays favourite query is for "lavrov.in&q...
by Znevna
Mon Nov 30, 2020 12:10 pm
Forum: General
Topic: How is your public IP address determined?
Replies: 23
Views: 1493

Re: How is your public IP address determined?

Where does the public IP fit in while talking about OpenDNS blocking?
LE: I'm pretty sure that your "client" mentioned "public" network but he was referring to a "guest" network.
by Znevna
Sun Nov 29, 2020 4:29 pm
Forum: General
Topic: Some websites unavailable on IPv6 [SOLVED]
Replies: 12
Views: 1087

Re: Some websites unavailable on IPv6 [SOLVED]

Looks like broken PMTUD for whichever of the many reasons that can cause that. I see that you have MTU 1480 on you WAN interface, try setting MTU 1480 in IPv6/ND too, so that your clients get that instead of 1500. Maybe not the best way to deal with this but it is one way. I have it set to 1492 beca...
by Znevna
Mon Nov 23, 2020 4:12 pm
Forum: General
Topic: Question about TCP Established and Call of Duty disconnects [SOLVED]
Replies: 26
Views: 1510

Re: Question about TCP Established and Call of Duty disconnects [SOLVED]

Well he stated in the first post that he was having problems after he lowered TCP Established to 5 minutes (!) from the MikroTik default of 1 day. Tried to raise it to 30 minutes and then to 1 hour, and the last one seemed to work fine with no complaints from the customers. The posts are pretty clea...
by Znevna
Sat Nov 21, 2020 11:48 am
Forum: General
Topic: new Winbox Log window truncation of messages (need change)
Replies: 7
Views: 409

Re: new Winbox Log window truncation of messages (need change)

I like how there's something obviously wrong and people still defend it, saying that it's actually ok, and suggesting more or less complicated and not always practical workarounds. ;) [...] And if you have small screen or bad eyes, then what? Tough luck, no simple log viewing for you? Don't forget,...
by Znevna
Fri Nov 20, 2020 11:57 pm
Forum: General
Topic: new Winbox Log window truncation of messages (need change)
Replies: 7
Views: 409

Re: new Winbox Log window truncation of messages (need change)

That screenshot is 1281px wide, adding the missing menu from winbox probably results to 1366. That again, ain't 1080p, because if it was it should've been close to 1920 not to 1366. Disable the Display Scaling. And you can always export the log and view it with your favourite text editor, wrapped or...
by Znevna
Sat Nov 14, 2020 2:41 pm
Forum: General
Topic: Feature request: NTP client: canonical name of NTP servers
Replies: 7
Views: 466

Re: Feature request: NTP client: canonical name of NTP servers

He didn't mention if he needs the NTP package, I stand by my reply until then :P
by Znevna
Sat Nov 14, 2020 11:47 am
Forum: General
Topic: Feature request: NTP client: canonical name of NTP servers
Replies: 7
Views: 466

Re: Feature request: NTP client: canonical name of NTP servers

What feature? Some arrow to point you to the right menu?
snipntp1.PNG
by Znevna
Wed Nov 11, 2020 11:53 pm
Forum: General
Topic: IPv6 - Advertise router as DNS [SOLVED]
Replies: 15
Views: 14036

Re: IPv6 - Advertise router as DNS [SOLVED]

The wiki page for the DHCPv6 server is missing the options part even if there's a link to it in there (deserves a fix): https://wiki.mikrotik.com/wiki/Manual:IPv6/DHCP_Server#Options But, in 6.42 came this: *) dhcpv6-server - added DHCPv4 style user options; And https://wiki.mikrotik.com/wiki/Manual...
by Znevna
Wed Nov 11, 2020 1:52 pm
Forum: General
Topic: Horrifying bug in the DNS?
Replies: 3
Views: 286

Re: Horrifying bug in the DNS?

So the poster isn't on any recent release of any branch.
Horrifying indeed.
Checked in 6.46.7, works fine. As @Sob mentioned.
by Znevna
Tue Nov 10, 2020 11:47 pm
Forum: General
Topic: IP Cloud
Replies: 71
Views: 30337

Re: IP Cloud

Easier and safer to add cloud2.mikrotik.com to IPv6/Firewall/Address Lists.
And block that list in the IPv6 firewall.
by Znevna
Tue Nov 10, 2020 11:03 pm
Forum: General
Topic: IPv6 - Advertise router as DNS [SOLVED]
Replies: 15
Views: 14036

Re: IPv6 - Advertise router as DNS [SOLVED]

Oh, I wasn't referring to the solution provided by you, but to the python script posted above.
Sorry :D
by Znevna
Tue Nov 10, 2020 10:36 pm
Forum: General
Topic: IPv6 - Advertise router as DNS [SOLVED]
Replies: 15
Views: 14036

Re: IPv6 - Advertise router as DNS [SOLVED]

why complicate your life? /ipv6 dhcp-server option> add code=23 name=dnstest value="'fe80::ceff:e0ff:fabc:abcd'" /ipv6 dhcp-server option> print # NAME CODE VALUE RAW-VALUE [...] 4 dnstest 23 'fe80::ceff:e0ff:fabc:abcd' fe80000000000000ceffe0fffabcabcd
by Znevna
Wed Nov 04, 2020 12:57 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 38
Views: 2861

Re: Does quouting quotes of quotes in consecutive post make any sense?

So you had the power to strip the quote from the post that irritated you and warn the user about this bad practice a little more subtle, but instead you decided to post your offtopic rant, as a moderator...
by Znevna
Tue Nov 03, 2020 9:42 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 38
Views: 2861

Re: v6.46.8 [long-term] is released!

OT but ... maybe I am too irritable but I CAN'T UNDERSTAND why quoting whole PRECEDING post is assumed to be a better answer than just sending a short comment? Why pushing "Post reply" is avoided by readers but "Reply with quote" is not? Do they think that others are unable to f...
by Znevna
Thu Oct 22, 2020 9:32 am
Forum: General
Topic: IKEv2 IOS - Cannot Connect [SOLVED]
Replies: 21
Views: 4155

Re: IKEv2 IOS - Cannot Connect [SOLVED]

I've connected two months ago using whatever latest iOS was back then, with CA cert valid for 10 years and client cert also valid for 10 years, I didn't see that ~800 days limitation that is mentioned around here.
by Znevna
Fri Oct 09, 2020 3:48 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 578

Re: IKEv2: ipsec SPI [...] not registered for [...]

The logs above are hard to follow as I didn't realize until after posting them that I had one working machine behind that IP and one not working. So parts with the same client.addr are ok and others not. LE: the one with port 1024 was working and the one with 4500 was not. The other machine behind t...
by Znevna
Fri Oct 09, 2020 3:11 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 578

Re: IKEv2: ipsec SPI [...] not registered for [...]

So, I've had a closer look even in the logs above, notice this: 13:00:46 ipsec -> ike2 request, exchange: INFORMATIONAL:2 CLIENT.IP.ADDR[4500] b11fd45efa9bc4fa:cf4eae90ff15f549 13:00:46 ipsec SPI 49f515ff90ae4ecf not registered for CLIENT.IP.ADDR[4500] In the first line: cf 4e ae 90 ff 15 f5 49 And ...
by Znevna
Fri Oct 09, 2020 1:49 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 578

Re: IKEv2: ipsec SPI [...] not registered for [...]

Well, I can't reproduce this. Yesterday I had 3 clients with this problem, today all 3 work fine. Nothing usefull I can send to support. I can't see any other lines like that in the logs either. How is that SPI hash computed? what could've caused ipsec to look for the wrong one for some clients? dat...
by Znevna
Thu Oct 08, 2020 10:45 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 578

Re: IKEv2: ipsec SPI [...] not registered for [...]

I've rebooted, updated from 6.46.6 to 6.46.7, disabled/enabled the peer on the server, redone the affected client's identities and mode-confs, nothing helped so far. Now I'm just waiting for calls to switch the nonfunctional ones to an alternate connection to the server until I sort this out. I was ...
by Znevna
Thu Oct 08, 2020 10:08 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 578

Re: IKEv2: ipsec SPI [...] not registered for [...]

During the day one more client failed to have a functional VPN. Only Windows clients affected so far, since I mostly have Windows clients with a few exceptions it might be just a matter of time. What can cause these? software? hardware going bad? I can see the SAs getting installed after the clients...
by Znevna
Thu Oct 08, 2020 1:33 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 578

IKEv2: ipsec SPI [...] not registered for [...]

So.. everything worked fine for a few months on this RB4011, until today, when random clients decided to not work anymore, they connect to the server but can't pass traffic. What I can see relevant in the logs is in the topic title, but why is this happening, no ideea. Running 6.46.6. Help. LE: upgr...
by Znevna
Mon Oct 05, 2020 6:03 pm
Forum: General
Topic: Debugging a Site with IP Cloud (site LONG) [SOLVED]
Replies: 6
Views: 534

Re: Debugging a Site with IP Cloud (site LONG) [SOLVED]

Don't forget to mention it in all your other topics too ^^.
Worked and still works fine here.
I don't rely only on one ddns service where it is needed anyway, so meh.
Thanks for the update tho'.
Cheers.
by Znevna
Thu Oct 01, 2020 5:29 pm
Forum: General
Topic: Debugging a Site with IP Cloud (site LONG) [SOLVED]
Replies: 6
Views: 534

Re: Debugging a Site with IP Cloud (site LONG) [SOLVED]

Since you didn't understand the suggestion by @sindy with the static DNS entry to some other public IP to which you have access instead of the MikroTik ones, you can replace almost all of the above "yes, I did" with "No, I did not" and any further "debugging" seems poin...
by Znevna
Thu Oct 01, 2020 4:43 pm
Forum: General
Topic: Debugging a Site with IP Cloud (site LONG) [SOLVED]
Replies: 6
Views: 534

Re: Debugging a Site with IP Cloud (site LONG) [SOLVED]

yay, another useless topic for the same issue. @sindy suggested something in the OTHER thread, did you do it? On your devices that don't work, point cloud.mikrotik.com and cloud2.mikrotik.com to another public IP where you can monitor incoming packets and see if you receive any UDP packet on port 15...
by Znevna
Thu Oct 01, 2020 9:01 am
Forum: General
Topic: Is there a problem with IP Cloud? [SOLVED]
Replies: 20
Views: 1306

Re: Is there a problem with IP Cloud? [SOLVED]

Not that much of a fan of "works for me" posts but in your case, I'm in. And that just because you keep writing about your issue in atleast 3 topics without trying to debug it yourself, (hey, you did a traceroute yesterday, that's something! congrats.) And yes, it works for me in an ancien...
by Znevna
Mon Sep 28, 2020 3:50 pm
Forum: General
Topic: Search Domain (DHCP Option 119) not working
Replies: 5
Views: 1110

Re: Search Domain (DHCP Option 119) not working

As sindy pointed out, you're missing the null termination. And probably the mistake pointed out by sid5632. Adding this in /ip dhcp-server option: add code=119 name=option1 value="0x0c'soonoononono'0x02'co'0x02'uk'0x00" Which translates in: /ip dhcp-server option> print # NAME CODE VALUE R...
by Znevna
Sun Sep 27, 2020 11:54 am
Forum: General
Topic: 6.46.6 shows testing?
Replies: 2
Views: 319

Re: 6.46.6 shows testing?

by Znevna
Sat Sep 26, 2020 7:17 pm
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 15771

Re: Newsletter 97 (September 2020)

That Premium one should have external antennas for LTE also ^^
by Znevna
Sat Sep 26, 2020 3:28 pm
Forum: General
Topic: Request for Temporary Mitigation Guide/Official Patch for CVE-2020-12695
Replies: 3
Views: 604

Re: Request for Temporary Mitigation Guide/Official Patch for CVE-2020-12695

Unless you opened up UPnP to the internet, I don't see the big drama over this.
by Znevna
Sat Sep 26, 2020 11:58 am
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 15771

Re: Newsletter 97 (September 2020)

I loved the hAP ac³! And it comes with 128MB storage! Now it will be possible to use partitioning at home! :D Product page specifications show storage size as 128 MB, but for some reason it reads "FLASH 16 MB" on block diagram... Probably a mistake, since they redid that diagram based on ...
by Znevna
Fri Sep 25, 2020 12:01 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

Excluded, same config works fine without "workarounds" between 6.46.x versions.
Without the netwatch set in 7.1b2, the end from 6.46 fails after the keepalive timeout (10,3 = it stops running after 30 sec.) nothing to do with conntrack.
by Znevna
Fri Sep 25, 2020 10:41 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

Ah, stupid me... Of course it's keepalive. / interface gre unset keepalive [ find ] !!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is). THANKS. [admin@gw-viper-rds] /interface/ipip> print Flags: R - RUNNING Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, ...
by Znevna
Wed Sep 23, 2020 10:01 pm
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 15771

Re: Newsletter 97 (September 2020)

How is that related to "ARM optimizations"? What compiler flags cause WiFi issues?
by Znevna
Wed Sep 23, 2020 6:53 pm
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 15771

Re: Newsletter 97 (September 2020)

I loved the hAP ac³! And it comes with 128MB storage! Now it will be possible to use partitioning at home! :D Yes it looks good, I am sort-of looking for a router to replace my aging RB2011 at home and this could be it (of course with an additional switch). Unfortunately there are no performance sp...
by Znevna
Tue Sep 22, 2020 11:34 pm
Forum: General
Topic: Mangle rules with unexpected behavior [SOLVED]
Replies: 7
Views: 962

Re: Mangle rules with unexpected behavior [SOLVED]

Kinda offtopic, but I'd like to see a little brainstorming that leads to well, not the ultimate, but "almost complete multi-wan setup load-balancing WITH failover" with decent explanations and what ifs. With the recent "online school" I had to make use of the current available tu...
by Znevna
Mon Sep 21, 2020 8:20 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 96
Views: 17800

Re: WinBox v3.27 released!

It is indeed a WinBox bug, checked with 3.24 and it doesn't happen, it started with 3.25.
by Znevna
Mon Sep 21, 2020 8:02 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 1634

Re: CCR2004 poor bridge performance

He insists that you removed the "fast path rule" which doesn't exist, in your setup or anywhere in the RouterOS world, there isn't any "fast path rule", there's only a "fasttrack rule" if you were doing any kind of firewalling/routing on it, which again, is not the case...
by Znevna
Mon Sep 21, 2020 6:23 pm
Forum: General
Topic: IP Cloud
Replies: 71
Views: 30337

Re: IP Cloud

they can deprecate anytime support for version older than 6.43, why would anyone care about those with so many security issues in them anyway?
by Znevna
Mon Sep 21, 2020 5:08 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 1634

Re: CCR2004 poor bridge performance

Paternot, you are confusing fastpath with fasttrack. Document yourself better about the two.
by Znevna
Mon Sep 21, 2020 1:52 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 1634

Re: CCR2004 poor bridge performance

Well, like in the other thread, it is mentioned that this is advertised as a router, not a switch, so maybe performance between the 25Gbps ports and 10Gbps ports might be better than only using the 10Gbps ports. I see that config as the intended use for this device. Archived datasheet of that PX is ...
by Znevna
Mon Sep 21, 2020 1:13 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 1634

Re: CCR2004 poor bridge performance

@Paternot got it a little wrong. But, those tests say 39444Mbps, 3248kpps at 1518 byte packet size on ALL ports. (thus involving all 12x 10G ports and the two remaining uplinks of 25Gbps out of the 4 total on that 98PX1012, two of which are connected to the CPU?). Is performance that limited when us...
by Znevna
Mon Sep 21, 2020 12:38 pm
Forum: General
Topic: Weird PING behavior on RouterOS
Replies: 10
Views: 760

Re: Weird PING behavior on RouterOS

Having two bridges doesn't disable hardware offload for one of the bridges? I'd suspect an IP conflict too, don't know if it can be spotted in IP/ARP but I know I've seen one when doing an IP Scan using Tools/IP Scan for the whole subnet (one IP was showing twice with two different MACs) which were ...
by Znevna
Mon Sep 21, 2020 12:01 am
Forum: General
Topic: hAP ac2 over heated vent holes mod
Replies: 16
Views: 1196

Re: hAP ac2 over heated vent holes mod

the topic is about hap ac2.. if it derailed to ccr1009 not my fault :p
by Znevna
Sun Sep 20, 2020 11:28 pm
Forum: General
Topic: hAP ac2 over heated vent holes mod
Replies: 16
Views: 1196

Re: hAP ac2 over heated vent holes mod

yes, yes, aluminium mesh cages for proper wifi coverage.
by Znevna
Sun Sep 20, 2020 6:20 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 1634

Re: CCR2004 poor bridge performance

uhm, and how was this test done exactly? except the " two loop-backed 10G ports" there's nothing mentioned. what util, what generated the traffic on which port, what captured it on what port.. except RFC2544 which states hours of testing.. nothing. so.. again, what and how did you test exa...
by Znevna
Sun Sep 20, 2020 1:05 pm
Forum: RouterOS v7 BETA
Topic: After installing ROS 7.1beta2
Replies: 3
Views: 985

Re: After installing ROS 7.1beta2

Only when doing it via WinBox/GUI, from terminal it works fine.
I wrote about it here: viewtopic.php?f=1&t=165248#p815503
PS: you could change the topic name to something closer to the issue though
by Znevna
Sat Sep 19, 2020 8:41 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 96
Views: 17800

Re: WinBox v3.27 released!

Bug(?) (3.15 -> current): make any changes to an opened window (just moving it is enough) save session, close that window to which you've made changes. try to open that window again -> winbox session crashes. LE: I couldn't test with releases older than 3.15 because of the protocol changes or whatev...
by Znevna
Thu Sep 17, 2020 5:01 pm
Forum: General
Topic: hAP ac2 external antenna mod
Replies: 12
Views: 1764

Re: hAP ac2 external antenna mod

Those aren't connectors for external antennas.
How did you disable the internal antennas? Or you just don't care about the RF stage? Sheesh.
Also stop advertising your facebook page or any facebook crap in here.
by Znevna
Wed Sep 16, 2020 1:28 pm
Forum: General
Topic: Terrible speeds over point to point 10G SFP+
Replies: 5
Views: 424

Re: Terrible speeds over point to point 10G SFP+

Writing to support about improper use of equipment is pointless. Those CRSs are switches, not routers. Any firewall rule cripples them. Check https://mikrotik.com/product/CRS326-24G-2SplusRM#fndtn-testresults Bandwidth tests ran from devices with a single core CPU running at 800MHz is also bad. Ther...
by Znevna
Tue Sep 15, 2020 11:31 pm
Forum: General
Topic: Fast Path issues (Solved)
Replies: 1
Views: 295

Re: Fast Path issues (Solved)

Wan bridge? why do you have such a thing? what is the purpose of it? Only one bridge is hardware offloaded if I remember right. And on rb4011 even that one bridge is hardware offloaded if you disable rstp/stp. Something in your config is causing those issues. Export a sanitized version of it if you ...
by Znevna
Tue Sep 15, 2020 10:43 pm
Forum: General
Topic: Can't login here with my password from 12 September 2020
Replies: 4
Views: 459

Re: Can't login here with my password from 12 September 2020

False statement there about what passwords were "declared invalid". 1. My password had lower case and upper case characters + numbers and I also had to reset it. 2. I doubt that any forum stores passwords the way you think that are stored, it should be (almost) impossible to recover the pl...
by Znevna
Mon Sep 14, 2020 10:12 am
Forum: General
Topic: CVE-2020-11881 PATCH [SOLVED]
Replies: 16
Views: 1562

Re: CVE-2020-11881 PATCH [SOLVED]

If you are watching the release dates so close you'd notice that atleast the last 3 (maybe more) long term builds were released to public after ~7 days of probably inside testing since they were built.
Read first, blame later.
Cheers.
by Znevna
Mon Sep 14, 2020 9:54 am
Forum: General
Topic: CVE-2020-11881 PATCH [SOLVED]
Replies: 16
Views: 1562

Re: CVE-2020-11881 PATCH [SOLVED]

There is an entry for 6.47.2 which states
*) smb - fixed SMB server (introduced in v6.47);
So in 6.47 maybe SMB was broken anyway, so the vulnerability didn't have what to crash?
by Znevna
Sat Sep 12, 2020 4:27 pm
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 5593

Re: Expected down time for this forum SEPT 11

After reading that the old passwords no longer work I've said to give it a try and I've logged out. Well, indeed I had to reset the password since the old one no longer worked. And yes the old one had all the security strength requirements since I've reused the old password (yes, bad, I know, but he...
by Znevna
Sun Sep 06, 2020 11:19 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

You can write the interface name manually and it will work even if there's no list from which you could easily select it. On another note, I can't figure out how to setup load balancing using ECMP. More exactly how to adapt this old tutorial for v7: https://wiki.mikrotik.com/wiki/ECMP_load_balancing...
by Znevna
Sun Sep 06, 2020 8:20 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

bug: 7.1beta2, hAP ac2 changing any interface name belonging to the internal switch using WinBox GUI makes the router reboot: sep/06/2020 20:14:55 system,error,critical router rebooted because some critical program crashed Doing the same thing from terminal however: /interface/ethernet/print; /inter...
by Znevna
Sun Sep 06, 2020 12:08 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN: https://rickfreyconsulting.com/wireguard-site-to-site-vpn-example/ It's not rocket science to build up a Wireguard tunnel and route something over it. Do you guys get a cut for traffic generated to his site or out of how many ...
by Znevna
Sat Sep 05, 2020 9:59 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN: https://rickfreyconsulting.com/wireguard-site-to-site-vpn-example/ That's hardly an "in depth tutorial". And don't get me started on the quality of the screenshots, missing accompanied selectable text for whatever go...
by Znevna
Tue Sep 01, 2020 2:44 pm
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 7436

Re: WinBox v3.25 released!

Newer WinBox versions shouldn't break client's routers running stable, older ROS versions, disconnecting CAPs or whatever else the current version is able to kill or mess up with. Or atleast there should be some warning regarding this, when it encounters unsupported (anymore) ROS versions instead of...
by Znevna
Tue Sep 01, 2020 10:11 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 7436

Re: WinBox v3.25 released!

You can say that this version has a killer feature. Open CAPsMAN, click on "Radio" tab and watch all your CAPs disconnect. Also keeping that tab open will not let any CAP connect back. "failed to connect, timeout". I am running 9 CAPs (18 radios) and cannot reproduce this. All C...
by Znevna
Mon Aug 31, 2020 8:23 pm
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 7436

Re: WinBox v3.25 released!

You can say that this version has a killer feature. Open CAPsMAN, click on "Radio" tab and watch all your CAPs disconnect. Also keeping that tab open will not let any CAP connect back. "failed to connect, timeout". LE: they do come back eventualy but nothing shows up on the Radio...
by Znevna
Sun Aug 30, 2020 12:05 pm
Forum: RouterOS v7 BETA
Topic: [ROSv7b4] - OpenVPN - Auth SHA256 ?
Replies: 3
Views: 3005

Re: [ROSv7b4] - OpenVPN - Auth SHA256 ?

OpenVPN should be dropped in v7, make room for something more useful.
by Znevna
Sat Aug 29, 2020 3:00 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

Tiny (not realy) bug:
I don't know why but my dynamic DNS servers went *poof* from the config. (Which are set by the pppoe client).
No wan disconnect, nothing in the logs. They just went missing.
And I was wondering why the DNS cache is empty...
by Znevna
Fri Aug 28, 2020 8:23 am
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 113
Views: 8545

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

There's nothing hot about this topic. You say you're from Latvia, give MikroTik a call to help you choose the hardware based on your not yet mentioned requirements (since MikroTik is a Latvian company, as you know already, right?). Unless you're not from there and everything you've said here is comp...
by Znevna
Tue Aug 25, 2020 6:02 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

Are the issues with RAW Firewall known? If you have any rules there (two+) issuing a disable/enable on any of them makes the counters for the existing enabled rules go crazy. Also I have a rule that keeps counting packets when enabled even though there shouldn't be any matching traffic (the notrack ...
by Znevna
Tue Aug 25, 2020 5:12 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

Ah, stupid me... Of course it's keepalive. / interface gre unset keepalive [ find ] !!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is). THANKS. [admin@gw-viper-rds] /interface/ipip> print Flags: R - RUNNING Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, ...
by Znevna
Sun Aug 23, 2020 3:05 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97081

Re: v7.1beta2 [development] is released!

So.. little broblem. I've upgraded from 6.46.6 to 7.1beta2 directly (I know, bad) ...and this happend with my static routes. I made an export before and after the upgrade to see what changed. I get the missing gateway, but the IP in pref-src? (and only there?) why? before: /ip route add distance=1 d...
by Znevna
Wed Aug 19, 2020 10:53 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 1988

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

In the manual there's a warning Warning: Phase 1 is not re-keyed if DPD is disabled when lifetime expires, only phase 2 is re-keyed. To force phase 1 re-key, enable DPD. This switch only happens when both sides are Tiks. Or so I've noticed until now. That's why I thought that setting DPD to disabled...
by Znevna
Wed Aug 19, 2020 8:42 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 1988

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

On the clock again. Now since I've established that phase1 rekeying is the culprit (I think? right?) if I disable DPD on the server side (as per the documentation DPD is the one forcing phase 1 rekey) how will that affect my other connected clients to it? Do Windows clients care about the DPD set on...
by Znevna
Tue Aug 18, 2020 8:44 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 1988

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

On the clock, now it's back to initiator (1 day). So, it has a chance to switch every 24 hours, which equals to the lifetime set in the ipsec profile, phase 1 ? I've set a script to check for sides switching and if any switch occurs to notify me over Telegram. That's how I pinned it down. (that Tele...
by Znevna
Mon Aug 17, 2020 8:45 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 1988

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

Ok, so I'm pretty sure that during this (captured from the client / initiator) the sides switched (initiator -> responder). I'll also try to capture a switch back to initiator. I don't know if it provides anything useful. 20:20:54 ipsec,debug ===== received 572 bytes from SERVER.IP[4500] to CLIENT.I...
by Znevna
Sun Aug 16, 2020 2:50 pm
Forum: General
Topic: IKE2 identity not found (IOS to Mikrotik) [SOLVED]
Replies: 25
Views: 8497

Re: IKE2 identity not found (IOS to Mikrotik) [SOLVED]

On IOS, in the Authentication section, you have to click the User Authentication and select "None", go back and be sure that Use Certificate is checked.
by Znevna
Mon Aug 10, 2020 2:07 pm
Forum: General
Topic: RB760iGS VPN
Replies: 10
Views: 1929

Re: RB760iGS VPN

My reply is a little offtopic, but I do hope that the internal subnet you are using (172.168.0.0/20) is fictional and you aren't realy using that range.
Because, well, that range isn't part of the private IPv4 ranges defined in RFC1918.
And it looks like it belongs to OATH/yahoo, not good.
by Znevna
Tue Aug 04, 2020 2:25 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 1988

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

Safe to say that Pure-VPN is using MikroTiks ? I've set a logging rule for "topics=ipsec,!packet" on one of those hAP ac2 client that sits mostly idle, maybe I can catch a switch in the logs (from initiator to responder) hoping that these may provide anything useful regarding this. I don't...
by Znevna
Mon Aug 03, 2020 10:42 am
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 1988

IKEv2 between MikroTiks, sides switching, initiator <> responder

Hello! As per the topic title, I'm running a few IKEv2 tunnels on a RB4011. A bunch of Windows clients connect to it, three of my other MikroTiks for now (hAP ac2) and one FreeBSD based router I think (support for some software uses it) which stacks up PH2 count from time to time, but that's not an ...
by Znevna
Sun Jul 26, 2020 12:10 am
Forum: General
Topic: Add emoji to the ssid name
Replies: 27
Views: 8584

Re: Add emoji to the ssid name

The client (OS/driver/etc) also has to know how to translate that SSID into an emoji.
Windows 7 doesn't know how to do that for example. Windows 10 does.
No joke. Just.. not for production. Not all clients will show what you intended to be seen :)
by Znevna
Sat Jul 25, 2020 9:50 pm
Forum: General
Topic: Add emoji to the ssid name
Replies: 27
Views: 8584

Re: Add emoji to the ssid name

Works fine on 6.46.6 too.
by Znevna
Fri Jul 10, 2020 10:43 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 62353

Re: v6.47.1 [stable] is released!

Nobody cares about the "reduced resell value" because of the sector writes count. Who advertises de sector writes count when selling their hardware? Is that a thing? realy? Selling a cheap MikroTik, cheaper? how much "resell value" loss are we talking about? If you decided to dit...
by Znevna
Tue Feb 25, 2020 2:04 pm
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 130773

Re: v6.47beta [testing] is released!

I don't know when this was introduced but, I now have to issue ":ip ipsec installed-sa flush" after my WAN (PPPoE) goes down and back up. If I don't IPv4 routing is broken for some reason, no packets go over WAN (packets that don't match any policies). I only have local subnets in policies...
by Znevna
Mon Feb 10, 2020 11:14 pm
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 130773

Re: v6.47beta [testing] is released!

It's probably just a missed bug, you can still set the antenna gain from terminal. There's no mention of it beeing removed in the changelog, no need to panic like that. It's under testing branch for a reason. Hold your horses. I'm happy that this got fixed: *) ike2 - fixed DHCP Inform package handli...
by Znevna
Sat Feb 01, 2020 11:51 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 5455

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

BUT, but.. If he uses the 1000$ wonder switch audiophile quality for them TVs/ Netflix, imagine how the colors and everything on those movies will be, if it does so many wonders for audio. Or if simply browsing this forum, imagine the layouts and everything that we're not seeing while using our chea...
by Znevna
Sat Feb 01, 2020 8:31 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 5455

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

But, here's what I don't get, you have already one of these "Sotm sNH-10G" which you like. Why don't you get more of them for your TV's and everything else? You know, to have audiophile-grade Netflix and HBO and whatever too. Why settle for switches that are 4 to 10 times cheaper than that...
by Znevna
Sat Feb 01, 2020 2:01 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 5455

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

From the mac mini mod: "Blacker backgrounds, better dynamics and voices are so realistic it's almost scary!" :lol: :lol: And the switch you mentioned in the first post, Sotm sNH-10G, 800$ for a 10 (8+2) port DUMB (unmanaged) gigabit switch? :lol: The killer there are the cables, 1.5M patch...
by Znevna
Fri Jan 31, 2020 11:12 am
Forum: General
Topic: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?
Replies: 9
Views: 1995

Re: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?

File a bug report if it is a technical issue.
by Znevna
Sat Jan 25, 2020 7:58 pm
Forum: General
Topic: Ping is timeout !
Replies: 8
Views: 1136

Re: Ping is timeout !

Why do you have this
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1
On a PtP Link? and on both ends too? where did you get this from?
WHY??
by Znevna
Thu Jan 23, 2020 3:16 pm
Forum: General
Topic: ❗️❓ Fake Mikrotik devices !!? [SOLVED]
Replies: 10
Views: 2753

Re: ❗️❓ Fake Mikrotik devices !!? [SOLVED]

:lol:
Glad someone else caught that.
Anyway, that's the least of his problems.
by Znevna
Fri Jan 17, 2020 5:15 pm
Forum: General
Topic: ipsec ikev2 Split Include do not send to windows 10
Replies: 8
Views: 1886

Re: ipsec ikev2 Split Include do not send to windows 10

I've tried, but I don't know how to disable FP for PPPoE. I've set allow-fast-path=no in IP settings and in bridge settings (though it is not part of a bridge but I've disabled everythig that had fast path in it). I've disabled the fasttracking FW rule. Rebooted. And I still see traffic in "FP ...
by Znevna
Thu Jan 16, 2020 5:01 pm
Forum: General
Topic: ipsec ikev2 Split Include do not send to windows 10
Replies: 8
Views: 1886

Re: ipsec ikev2 Split Include do not send to windows 10

If your WAN Type is PPPoE on MikroTik this would not work, issue also described here: https://forum.mikrotik.com/viewtopic.php?f=2&t=154743&p=764979#p764979 And I also have (still) an open ticket regarding this, SUP-3815, support acknowledged an issue that fits my description. I was hoping t...
by Znevna
Wed Jan 15, 2020 10:56 am
Forum: General
Topic: IKE2 identity not found (IOS to Mikrotik) [SOLVED]
Replies: 25
Views: 8497

Re: IKE2 identity not found (IOS to Mikrotik) [SOLVED]

I wrote the exact same thing a few posts above. Glad you got it working.
by Znevna
Fri Jan 10, 2020 11:37 pm
Forum: General
Topic: IKE2 identity not found (IOS to Mikrotik) [SOLVED]
Replies: 25
Views: 8497

Re: IKE2 identity not found (IOS to Mikrotik) [SOLVED]

I tested this last month and it worked with My ID and Remote ID set to "auto".
iOS 13.2.something.
User Authentication was set to "None" and "Local ID" was left empty in iOS.
Can't give more details as I don't have any iOS devices around right now.
by Znevna
Thu Jan 09, 2020 9:51 am
Forum: General
Topic: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?
Replies: 9
Views: 1995

Re: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?

How often do you change your wan interface name that this is such a big issue for you?
by Znevna
Wed Jan 08, 2020 3:02 am
Forum: Scripting
Topic: tx rx fp rx dropped pppoe account
Replies: 29
Views: 6622

Re: tx rx fp rx dropped pppoe account

Weird. I have not seen something like this with PPPoE and we mostly have PPPoE around here, almost all ISPs offer PPPoE connections. A config export wouldn't hurt, before digging more. As for the FP counter you'd have to be sure your fastracking rules are properly set and you don't have your traffic...
by Znevna
Tue Jan 07, 2020 11:57 pm
Forum: Scripting
Topic: tx rx fp rx dropped pppoe account
Replies: 29
Views: 6622

Re: tx rx fp rx dropped pppoe account

Tried to understand something out of this "issues" but I just don't get it. What is the initial issue? The FP Tx = 0 ? That's normal. While connected to a router which is mostly idle, from outside.: /interface monitor-traffic ppp-wan once name: ppp-wan rx-packets-per-second: 8 rx-bits-per-...
by Znevna
Mon Dec 30, 2019 12:38 pm
Forum: General
Topic: IP Cloud can it only update IPV6?
Replies: 1
Views: 500

Re: IP Cloud can it only update IPV6?

That shouldn't happen unless you've checked "use local address" From the wiki: https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#Advanced use-local-address (yes | no; Default: no) By default, the DNS name will be assigned to the detected public address (from the UDP packet header). If you wis...
by Znevna
Mon Dec 30, 2019 12:05 pm
Forum: General
Topic: IPsec lockup, DPD not working?
Replies: 2
Views: 739

Re: IPsec lockup, DPD not working?

What client? I didn't experience such a thing with StrongSwan. Except that my battery was almost dead overnight because of the 20s keep-alives.
PS: clients log might be useful too.
LE: nevermind. routeros IS the client. skip this post. too early for me.
by Znevna
Mon Dec 30, 2019 6:32 am
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 2208

Re: Invalid syntax in WIN10 only IKEv2 FIXED thanks

I wrote in the 2nd post above exactly the same thing, in english. viewtopic.php?f=2&t=154789#p765207
But you continued to blame MikroTik.
Cheers.
by Znevna
Tue Dec 17, 2019 4:44 pm
Forum: General
Topic: GREENBOW and IKEV2 MIKROTIK RSA and PSK setup WIN10
Replies: 2
Views: 756

Re: GREENBOW and IKEV2 MIKROTIK RSA and PSK setup WIN10

1. Why do you open multiple topics for the same issue?
2. Is it RSA or PSK ?!
3. Did you fix your config as I've said at the end of this post here? viewtopic.php?f=2&t=154789#p765247
by Znevna
Tue Dec 17, 2019 12:27 pm
Forum: Announcements
Topic: v6.46 [stable] is released!
Replies: 113
Views: 42438

Re: v6.46 [stable] is released!

Any chance that SUP-3815 might get fixed in 6.46.1 ? It's regarding this: viewtopic.php?f=2&t=154743&p=764979#p764979
by Znevna
Mon Dec 16, 2019 11:41 pm
Forum: General
Topic: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?
Replies: 9
Views: 1995

Re: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?

That "arbitrary name" as you call it, is also used in other places in RouterOS and some stuff depend on it (firewall rules or whatever). They can't work using some "name" that doesn't exist (if you change it).
Just my two cents on this.
Why does it bother you?
by Znevna
Sun Dec 15, 2019 9:06 pm
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 2208

Re: Invalid syntax in WIN10 only IKEv2

/certificate add common-name="MY.VPN Root CA" name=MyCA key-size=2048 days-valid=3650 trusted=yes key-usage=key-cert-sign,crl-sign Nothing fancy. Also, try leaving in Identities My ID and Remote ID type to "auto". !!! how can you have this in config? just seen it. *stripped add ...
by Znevna
Sun Dec 15, 2019 8:52 pm
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 2208

Re: Invalid syntax in WIN10 only IKEv2

I've tested with Windows 10 1809 and 1909, no issue here. Except the unrelated one I've posted in that topic. It also works with Windows 7 but it's a little tricky to import certificates in Local Machine store (there are guides on the web, or use certlm.msc from a win8+ machine). Windows 7's issue, ...
by Znevna
Sun Dec 15, 2019 3:35 pm
Forum: General
Topic: Invalid syntax in WIN10 only IKEv2 FIXED thanks
Replies: 9
Views: 2208

Re: Invalid syntax in WIN10 only IKEv2

Under Windows you have to import the certificates in "Local Machine" store location. The one generated for client under "Personal". The CA for some reason doesn't get imported, donno why yet, you have to export it as "pem" from RouterOS and import it also in Local Machi...
by Znevna
Fri Dec 13, 2019 9:59 pm
Forum: General
Topic: IKEv2 behind PPPoE, Windows clients and split tunneling / split-include issue [SOLVED]
Replies: 4
Views: 2397

Re: IKEv2, Windows Clients and Split Tunneling issue [SOLVED]

Weird. I only have ethernet from ISP's in remote locations outside the city and I can't disrupt the connections there just for tests. BUT, what if I double NAT it? Have you tried? PPPoE on one router and putting the IKEv2 server behind it on another router? that way it will be ethernet-wan? Maybe it...
by Znevna
Fri Dec 13, 2019 7:33 pm
Forum: General
Topic: IKEv2 behind PPPoE, Windows clients and split tunneling / split-include issue [SOLVED]
Replies: 4
Views: 2397

Re: IKEv2, Windows Clients and Split Tunneling issue [SOLVED]

Why? I didn't see anywhere any limitation about the WAN type of the IKEv2 server regarding this. It is connected via PPPoE to the ISP, yes. The connection works, just, something about this isn't: *) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received; O...
by Znevna
Fri Dec 13, 2019 4:54 pm
Forum: General
Topic: DNS Cache
Replies: 21
Views: 4497

Re: DNS Cache

He is using it, for clients behind the network /ip dhcp-server network add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 But his firewall is a mess. These lines in particular: /ip firewall filter add action=drop chain=forward dst-address=192.168.1.0/24 dst-port=53 in-interface-li...
by Znevna
Fri Dec 13, 2019 3:05 pm
Forum: General
Topic: IKEv2 behind PPPoE, Windows clients and split tunneling / split-include issue [SOLVED]
Replies: 4
Views: 2397

IKEv2 behind PPPoE, Windows clients and split tunneling / split-include issue [SOLVED]

FIXED IN 6.47beta32 / 6.46.4 / *) ike2 - fixed DHCP Inform package handling when received on PPPoE interface; Original text below: Hello, I need some fresh eyes on this, I just can't get it to work and no ideea what to try next. Long story short, I'm trying to switch from OpenWRT & OpenVPN that'...
by Znevna
Tue Dec 10, 2019 9:36 am
Forum: General
Topic: Site to Site VPN (13 Sites & 2 remote Laptops)
Replies: 18
Views: 3275

Re: Site to Site VPN (13 Sites & 2 remote Laptops)

Sorry to bump this thread, but, is split-tunneling in Windows 10 and RouterOS v6.46 stable working for anyone? (IKEv2) I've caught this bug report: https://forum.mikrotik.com/viewtopic.php?t=124945#p695000 Which was fixed: *) ike2 - send split networks over DHCP (option 249) to Windows initiators if...
by Znevna
Mon Dec 09, 2019 6:55 pm
Forum: RouterOS v7 BETA
Topic: [ROS 7.0beta4] PPP[PPPoE/PPTP/L2TP/SSTP] interface no rx traffic, and mss need change by mangle.
Replies: 1
Views: 2179

Re: [ROS 7.0beta4] PPP[PPPoE/PPTP/L2TP/SSTP] interface no rx traffic, and mss need change by mangle.

I've reported the MSS issue one month ago and they were able to reproduce it.
Let's hope the fix will make it in beta5 atleast.
by Znevna
Wed Dec 04, 2019 1:22 pm
Forum: General
Topic: Webfig with HTTPS and a certificate, please.
Replies: 1
Views: 1792

Re: Webfig with HTTPS and a certificate, please.

Just tested this with success and without the "pain in the ass". I've used the same certificate I've generated for IKEv2 server-side. Cert was generated using this: /certificate add common-name=domain.name subject-alt-name=DNS:domain.name key-size=2048 days-valid=3650 key-usage=tls-server ...
by Znevna
Tue Dec 03, 2019 7:15 pm
Forum: Announcements
Topic: v6.46 [stable] is released!
Replies: 113
Views: 42438

Re: v6.46 [stable] is released!

*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
This .. doesn't appear in WinBox nor in WebFig. Only present in terminal.
by Znevna
Tue Dec 03, 2019 3:08 pm
Forum: Announcements
Topic: v6.46 [stable] is released!
Replies: 113
Views: 42438

Re: v6.46 [stable] is released!

I'm guessing that
*) ike1 - fixed minor spelling mistake in logs;
isn't regarding this: viewtopic.php?f=21&t=154286#p763108 since it's the same in this release.
My logs are from ike2 anyway.
by Znevna
Mon Dec 02, 2019 9:38 am
Forum: Wireless Networking
Topic: RBwAP2nD Antenna diagram
Replies: 3
Views: 1666

Re: RBwAP2nD Antenna diagram

by Znevna
Sun Dec 01, 2019 7:34 pm
Forum: Announcements
Topic: v6.46rc [testing] is released!
Replies: 16
Views: 10942

Re: v6.46rc [testing] is released!

Little typo in ipsec logging:
18:10:25 ipsec prepearing internal IPv4 address 
18:10:25 ipsec prepearing internal IPv4 netmask 
18:10:25 ipsec prepearing internal IPv6 subnet 
18:10:25 ipsec prepearing internal IPv4 DNS
by Znevna
Fri Nov 29, 2019 11:17 am
Forum: General
Topic: Problem with expiring IPv6 addresses
Replies: 2
Views: 798

Re: Problem with expiring IPv6 addresses

I'd advise to not use something that short. RFC 7772 (Reducing Energy Consumption of Router Advertisements) advises to not send more than 7 RAs per hour. Something else might be broken in your config. These are my settings that work just fine. /ipv6 nd set [ find default=yes ] ra-interval=8m34s-11m2...
by Znevna
Mon Nov 25, 2019 4:29 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 79440

Re: v6.46beta [testing] is released!

Signal Strength Range -1..120 It's joke ? Access Lists unusable now.
Bug still present: I've written here also: viewtopic.php?f=2&t=154126
Post could be moved or deleted, I didn't know it was beta related at the time. Done the tests today :)
by Znevna
Thu Nov 21, 2019 9:20 pm
Forum: General
Topic: [bug] WinBox/WebFig Wireless ACL - Signal Strength Range - input validation [SOLVED]
Replies: 1
Views: 848

[bug] WinBox/WebFig Wireless ACL - Signal Strength Range - input validation [SOLVED]

Hello. Bug present on 6.46beta59, might be present on stable, can't test right now, but maybe someone else can. Later edit: bug was introduced in 6.46beta28, 6.46beta16 is fine, stable is fine. There's some error with the default value for Signal Strength Range, and the validation for the values ent...
by Znevna
Wed Nov 20, 2019 12:56 pm
Forum: General
Topic: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?
Replies: 20
Views: 2914

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

*ahem* my bad. It looks like it's exactly what Sob mentioned earlier. There isn't such version, at least not yet, maybe in future. But perhaps it could be this in real life action: https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21 Long story short, you have winbox open to the w...
by Znevna
Wed Nov 20, 2019 10:45 am
Forum: General
Topic: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?
Replies: 20
Views: 2914

Re: erm what is FW 6.55.6 , no mention of it here yet routers say it is current stable?

You or your ISP is hijacking the DNS for the download server. MikroTik's servers are in Latvia. Check what DNS server your router is using and check the static DNS entries on it, if you have nothing in static DNS regarding upgrade.mikrotik.com or download.mikrotik.com and you're using the ISP's DNS ...
by Znevna
Fri Nov 15, 2019 1:56 pm
Forum: Wireless Networking
Topic: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi
Replies: 296
Views: 95573

Re: hAP ac^2 Problems---Extremely Poor Performance found in 2.4G and 5G WiFi

Thanks for the "AMSDU Limit to 2048" tip. It makes my Huawei Mate 20 Lite like the router a little bit more (atleast I get ~20mbps and even more somewhat stable download on 5GHz, instead of, well, less.)
by Znevna
Sat Nov 09, 2019 1:10 pm
Forum: General
Topic: IPv6 firewall rules with dynamic IPv6 prefix
Replies: 6
Views: 3258

Re: IPv6 firewall rules with dynamic IPv6 prefix

Hello, I've been trying to find a solution for this and came across this topic. Just thinking, wouldn't it be easier for the script (and maybe on the resources?) to make use firewall address lists? And use those address lists in the rules? Instead for the script to search through firewall rules it w...
by Znevna
Thu Nov 07, 2019 5:59 pm
Forum: General
Topic: DHCPv6 - Option 24 - Domain Search List
Replies: 3
Views: 1269

Re: DHCPv6 - Option 24 - Domain Search List

To my surprise, regarding option code 23, which was also bugging me, i've discovered that it automagically does this (in 6.46beta59):
by Znevna
Thu Nov 07, 2019 3:50 pm
Forum: General
Topic: DHCPv6 - Option 24 - Domain Search List
Replies: 3
Views: 1269

DHCPv6 - Option 24 - Domain Search List

Hello, spent the whole morning dealing with this and I think this should be documented somewhere. If this isn't the right place for this please move it somewhere else. So, basically I wanted to push the local dns suffix to clients via IPv6 too, not just only via IPv4 which is quite easy from the DHC...
by Znevna
Wed Nov 06, 2019 8:17 pm
Forum: General
Topic: MikroTik hAP ac2 - PoE in problem
Replies: 16
Views: 3722

Re: MikroTik hAP ac2 - PoE in problem

What are you smoking mate?
Even if as a switch why would you want to cripple it? Or as an AP?
As a router you can configure wan to ethernet5 and use ethernet1 as lan (to maintain the wan port to one end, others recommend wan to port 2 but that's just nasty.)
by Znevna
Wed Nov 06, 2019 6:31 pm
Forum: General
Topic: MikroTik hAP ac2 - PoE in problem
Replies: 16
Views: 3722

Re: MikroTik hAP ac2 - PoE in problem

There is: https://mikrotik.com/product/rbgpoe_con_hp
I don't see your device in the compatibility list though, https://wiki.mikrotik.com/index.php?tit ... lity_table
Should work..
by Znevna
Wed Nov 06, 2019 10:58 am
Forum: General
Topic: MikroTik hAP ac2 - PoE in problem
Replies: 16
Views: 3722

Re: MikroTik hAP ac2 - PoE in problem

It's not a problem.
hAP ac2 doesn't support 802.3af/at, check the product page.
PoE in: Passive PoE
PoE in input Voltage: 18-28 V
by Znevna
Tue Nov 05, 2019 4:58 pm
Forum: General
Topic: Feature request: exporting configuration sould be password protected
Replies: 10
Views: 1683

Re: Feature request: exporting configuration sould be password protected

You want the file to be password protected? :-?
Why don't you just add it to a password protected archive before sending it by e-mail? 7zip or zip or whatever.
by Znevna
Mon Nov 04, 2019 10:50 pm
Forum: General
Topic: Your router was open to attack...
Replies: 11
Views: 2130

Re: Your router was open to attack...

We don't know that's all he's got in the firewall (didn't reply yet), if he does, oh my :shock: , yes, he should redo his setup following defaults atleast. AFTER reinstall
by Znevna
Mon Nov 04, 2019 10:47 pm
Forum: General
Topic: RouterBOARD 962UiGS-5HacT2HnT + GPS
Replies: 5
Views: 1064

Re: RouterBOARD 962UiGS-5HacT2HnT + GPS

Dumb question, but did the old router had WiFi? If it didn't, did you try turning off both wlans on your hap ac to see if it helps? Something might interfere with the GPS signal. LE: even the CPU's harmonic is pretty close. 720x2=1440 which is pretty close to 1575.42MHz. try lowering the CPU frequen...
by Znevna
Mon Nov 04, 2019 10:29 pm
Forum: General
Topic: Your router was open to attack...
Replies: 11
Views: 2130

Re: Your router was open to attack...

Well, you could've had that there since a long time and you didn't even know about it, but recently you might have updated WinBox to 3.20, which in the changelog, reads: *) show system note at login; So.... You should start with a fresh install using netinstall just to be sure, as @mkx suggested. /e...
by Znevna
Mon Nov 04, 2019 8:36 pm
Forum: General
Topic: Can't route between local Subnets. (One router). [SOLVED]
Replies: 16
Views: 2562

Re: Can't route between local Subnets. (One router). [SOLVED]

Elegant or not it's the easiest solution. The DNS based one isn't that far off. While there is a script here: https://github.com/Tolaris/mikrotik-dns-dhcp/blob/master/mikrotik-dns-dhcp.script (among others i've tested, this is the finest of them all) to aid in completing mikrotiks dns implementation...
by Znevna
Mon Nov 04, 2019 7:48 pm
Forum: General
Topic: Can't route between local Subnets. (One router). [SOLVED]
Replies: 16
Views: 2562

Re: Can't route between local Subnets. (One router). [SOLVED]

Sheesh. It's not a routing problem. It's not a DNS problem, workgroups work a little different, read: wins server. Assign static IP's to your machines so they don't change overnight. Access them by \\192.168.x.xx. Setup shares properly, use network drives (map network drives where you need to) \\192...
by Znevna
Sun Nov 03, 2019 5:45 pm
Forum: General
Topic: PPPoE client default MTU
Replies: 25
Views: 16254

Re: PPPoE client default MTU

You didn't post your config yet to see what you've set there, as you have some serious issues understanding this whole MTU thingie (what I get from your posts atleast).
Also, don't open another topic if you already asked in another. Makes tracking your issue kinda hard.
by Znevna
Sat Nov 02, 2019 2:13 pm
Forum: General
Topic: IPv6 PPPoE+DHCPv6 Client Pool Rebind BUG
Replies: 11
Views: 4902

Re: IPv6 PPPoE+DHCPv6 Client Pool Rebind BUG

Well, two years since this topic was started, but it looks fixed in 6.46beta59: *) dhcpv6-client - properly update bind time when unused prefix received from the server; *) dhcpv6-client - properly update IPv6 address on rebind; *) dhcvp6-client - fixed timeout when doing rebind; I've tested without...
by Znevna
Sat Nov 02, 2019 1:55 pm
Forum: General
Topic: HAP AC2 IPv6 performance
Replies: 6
Views: 2254

Re: HAP AC2 IPv6 performance

I've done tests with multiple sessions.. same core (3) busy doing all the work: network, firewall. I'll redo this weekend some tests and compare it to how a 750Gr3 deals with this. Weird thing is that with lower load (speed/connections), all the cores seem to do a little bit of something. Only when ...
by Znevna
Sat Nov 02, 2019 1:33 pm
Forum: General
Topic: HAP AC2 IPv6 performance
Replies: 6
Views: 2254

Re: HAP AC2 IPv6 performance

That still doesn't explain why only one core is saturated and the rest sit idle (I have the same device, encountered the same with IPv6), there may be room for optimization maybe.
by Znevna
Thu Oct 31, 2019 3:08 pm
Forum: RouterOS v7 BETA
Topic: RouterOS v7 Beta 3 - PPPOE WAN Intermittently Not Passing Traffic [SOLVED]
Replies: 3
Views: 4742

Re: RouterOS v7 Beta 3 - PPPOE WAN Intermittently Not Passing Traffic [SOLVED]

Welcome, I'm staying away of v7 for the moment because of this, I don't know what else might not work as expected. After 6.39 the "change-tcp-mss=yes" from the profile assigned to that ppp interface was supposed to take care internally of this but somehow it doesn't work right atm. 6.39: !...
by Znevna
Thu Oct 31, 2019 9:12 am
Forum: RouterOS v7 BETA
Topic: RouterOS v7 Beta 3 - PPPOE WAN Intermittently Not Passing Traffic [SOLVED]
Replies: 3
Views: 4742

Re: RouterOS v7 Beta 3 - PPPOE WAN Intermittently Not Passing Traffic [SOLVED]

Encountered something similar, I've sent an email describing what I could, I'm no network guru. Easy test is to try to open this forum and u'll see it gets stuck at the SSL part (other sites behave the same), I don't know how to debug this so I've sent two packet captures, but no reply yet. But, if ...
by Znevna
Wed Oct 30, 2019 5:21 pm
Forum: General
Topic: Hap ac2 DHCP Client not working on 2G WLAN station
Replies: 6
Views: 1559

Re: Hap ac2 DHCP Client not working on 2G WLAN station

In the test above I was connected to an Asus AC58U.
I'll cleanup my config and post it here so that you can compare it with yours.
LE: added config
by Znevna
Wed Oct 30, 2019 11:32 am
Forum: General
Topic: Problem with DHCP server [SOLVED]
Replies: 12
Views: 2542

Re: Problem with DHCP server [SOLVED]

[...] For now i have set on Mikrotik -->Store Leases on Disk never| hoping that will try to assign unused addresses after reboot. So far it is good No.. that won't do it. I also set "never" to store leases on disk, to minimize flash wear and because except the IPs I've set static, I don't...
by Znevna
Tue Oct 29, 2019 12:37 pm
Forum: General
Topic: Problem with DHCP server [SOLVED]
Replies: 12
Views: 2542

Re: Problem with DHCP server [SOLVED]

Well, there is no option that I know of in RouterOS to assign consecutive IP addresses. For example, in dnsmasq we have this: --dhcp-sequential-ip Dnsmasq is designed to choose IP addresses for DHCP clients using a hash of the client's MAC address. This normally allows a client's address to remain s...
by Znevna
Mon Oct 28, 2019 9:36 pm
Forum: General
Topic: Hap ac2 DHCP Client not working on 2G WLAN station
Replies: 6
Views: 1559

Re: Hap ac2 DHCP Client not working on 2G WLAN station

Works fine here. Same device. ROS 6.45.7 21:30:37 wireless,info 4C:ED:FB:B2:C0:D0@wlan1 established connection on 2437000, SSID ViperNet 21:30:37 dhcp,debug,state dhcp-client on wlan1 entering <selecting...> state 21:30:38 dhcp,debug,state dhcp-client on wlan1 entering <requesting...> state 21:30:38...
by Znevna
Mon Oct 28, 2019 4:05 pm
Forum: General
Topic: Quick Set: Home AP Dual - IP assignment
Replies: 8
Views: 2120

Re: Quick Set: Home AP Dual - IP assignment

Oh boy, with guys like you little bugs like this one will never get sorted out and even be afraid to say something about other little bugs that if fixed will make it more user friendly. But what do I know :)
Sorry to bother you with little things like this one.
Friendly support forum... :)
by Znevna
Mon Oct 28, 2019 3:31 pm
Forum: General
Topic: Quick Set: Home AP Dual - IP assignment
Replies: 8
Views: 2120

Re: Quick Set: Home AP Dual - IP assignment

I didn't even wanna bother answering to your replies just because I consider them offtopic. Why not use quickset? It is there just for that, quickly setup a router with the minimal required settings. (mikrotiks solution to the next next next kind of routers.) And Home Ap Dual on this device (or othe...
by Znevna
Mon Oct 28, 2019 12:22 pm
Forum: General
Topic: Quick Set: Home AP Dual - IP assignment
Replies: 8
Views: 2120

Quick Set: Home AP Dual - IP assignment

Hello, this thing bugs me for a while. Device: hAP ac2 The default config has the local IP address assigned to bridge, but, if let's say I want to use the Home AP Dual from Quick Set, it changes the IP assignment from bridge to ethernet2. If you change the IP assignment back to bridge, it quacks up ...
by Znevna
Thu Oct 24, 2019 1:06 pm
Forum: RouterOS v7 BETA
Topic: 7.0beta3 available in testing?
Replies: 40
Views: 11995

Re: 7.0beta3 available in testing?

hAP ac2, manual upgrade from 6.46beta55 spits the same thing in the logs, but it does upgrade. # oct/24/2019 9:33: 8 by RouterOS 7.0beta3 # software id = [...] # jan/01/2002 03:00:00 system,error broken package routeros-arm-7.0beta3.npk jan/01/2002 03:00:00 system,info installed system-7.0beta3 jan/...
by Znevna
Wed Oct 23, 2019 6:32 pm
Forum: RouterOS v7 BETA
Topic: Torrent client
Replies: 59
Views: 19902

Re: Torrent client

Question is, was it worth having it there taking up ~500KB of our precios space in devices with 16MB of storage?:)
by Znevna
Wed Oct 23, 2019 12:09 pm
Forum: General
Topic: What is the use case for displaying local drives in netinstall?
Replies: 7
Views: 1396

Re: What is the use case for displaying local drives in netinstall?

The answer to your question is found even by clicking "Help" in the netinstall main window. In the first lines too. "This program allows remote installation of the MikroTik RouterOS over Ethernet or to any local disk from a Windows computer. Installation methods: - over the network us...
by Znevna
Mon Oct 21, 2019 11:18 am
Forum: General
Topic: [Feature Request] IPv6 Fasttrack
Replies: 39
Views: 10907

Re: [Feature Request] IPv6 Fasttrack

Would be nice if it atleast scaled right on cpus somehow. With a simple test using fast.com with more than 2 parallel connections, on a hAP ac2, cpu3 goes up to 100% and the rest of them sit idle, tested with with ROS 7 Beta 2, same thing. Bandwidth capped because of this under 400mbps out of ~900. ...