Community discussions

Search found 246 matches

by karlisi
Fri Aug 09, 2019 1:25 pm
Forum: RouterBOARD hardware
Topic: Cant connect to RB951G-2HnD [SOLVED]
Replies: 2
Views: 366

Re: Cant connect to RB951G-2HnD [SOLVED]

Hold the reset button about 5 sec, until ACT LED starts flashing. If holded for 10 sec or more and LED stays lit or turns off, it's too long.
https://wiki.mikrotik.com/wiki/Manual:Reset
by karlisi
Mon Aug 05, 2019 5:56 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 89
Views: 21911

Re: v6.45.3 [stable] is released!

I don't know what smips device is, I have hAP and two hAP lites. Maybe I don't need the whole smips package.
Processor architecture, hAP is mipsbe, hAP Lite is smips.
by karlisi
Fri Aug 02, 2019 3:28 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 33633

Re: v6.45.2 [stable] is released!

my RB750Gr3 with 6.41.5 version. After reboot it must be upgraded. But after that he did not start correctly, i can not seen him in winbox
Check Winbox version, it must be at least 3.19
by karlisi
Tue Jul 30, 2019 8:18 am
Forum: The Dude
Topic: can't add winbox as tool to The Dude
Replies: 4
Views: 423

Re: can't add winbox as tool to The Dude

"C:\Program Files (x86)\Dude\winbox.exe" "[Device.FirstAddress]:1234" "[Device.UserName]" "[Device.Password]"
by karlisi
Mon Jul 29, 2019 11:44 am
Forum: RouterBOARD hardware
Topic: Electrical Problems Causing Failure
Replies: 10
Views: 1175

Re: Electrical Problems Causing Failure

Seems like something in network. RB2011 has external PSU which typically fails first on bad electricity.
by karlisi
Wed Jul 17, 2019 12:06 pm
Forum: Wireless Networking
Topic: Lost connection over wireless to remote station after upgrade [SOLVED]
Replies: 1
Views: 298

Re: Lost connection over wireless to remote station after upgrade [SOLVED]

To answer my own question - regulatory domain restrictions. On station wireless installation=outdoor, on AP installation=any, frequency on both 5180 MHz. For country Latvia lowest allowed frequency for outdoor installations is 5500 MHz, so on station frequency was wrong, but older ROS allowed it. Fr...
by karlisi
Tue Jul 16, 2019 9:58 am
Forum: General
Topic: NEED help with FORUM
Replies: 6
Views: 504

Re: NEED help with FORUM

See User control panel -> Board preferences -> Edit notification option
by karlisi
Tue Jul 16, 2019 8:13 am
Forum: The Dude
Topic: Is Dude Communication Secure ?
Replies: 4
Views: 594

Re: Is Dude Communication Secure ?

For example, part of my first question concerns SNMP to the RouterOS device itself. With secure mode enabled, does the Dude poll the RouterOS device's SNMP via the secure connection or across the WAN facing SNMP port ? Only SNMP v3 supports secure communication. Configure Dude server and devices to...
by karlisi
Mon Jul 15, 2019 4:05 pm
Forum: Wireless Networking
Topic: Lost connection over wireless to remote station after upgrade [SOLVED]
Replies: 1
Views: 298

Lost connection over wireless to remote station after upgrade [SOLVED]

Have AP and remote 2 stations to make wireless bridges. Upgraded AP and one of stations from 6.42.12 to 6.44.5 lost connection to upgraded station. Not upgraded station works. Some ideas, what is changed and is it possible to recover connection without physically accessing remote station? configurat...
by karlisi
Mon Jul 15, 2019 10:10 am
Forum: The Dude
Topic: Is Dude Communication Secure ?
Replies: 4
Views: 594

Re: Is Dude Communication Secure ?

Secure mode - Whether to use Secure mode when connecting to a RouterOS device. Uses TLS connection

https://wiki.mikrotik.com/wiki/Manual:T ... e_settings
by karlisi
Thu Jul 11, 2019 8:18 am
Forum: The Dude
Topic: Push logs from Mikrotik to Graylog Server
Replies: 5
Views: 504

Re: Push logs from Mikrotik to Graylog Server

Yes, logs from Mikrotik can be collected on Graylog.
by karlisi
Wed Jul 10, 2019 3:22 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 92
Views: 21229

Re: v6.44.5 [long-term] is released!

Every changelog must contain all changes and fixes from previous same channel release, not from previous release by number. It's about this sentence? For long-term channel there are no other intermediate releases, only long-term. Similarly as for stable channel there is no beta releases. Changelogs...
by karlisi
Wed Jul 10, 2019 2:57 pm
Forum: The Dude
Topic: Push logs from Mikrotik to Graylog Server
Replies: 5
Views: 504

Re: Push logs from Mikrotik to Graylog Server

Are you also writing in Graylog forum? As already said there, first check if messages can reach graylog server at all and if port 2514 is open on the server.
by karlisi
Wed Jul 10, 2019 11:29 am
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 92
Views: 21229

Re: v6.44.5 [long-term] is released!

How do you guys propose we make such a changelog? This is the long term branch, where releases are very rare, and the jumps are very big. Imagine there could be 15 fixes, new bugs, fixes again, then the feature could be already removed, then a new one added, removed again, and then a new feature ma...
by karlisi
Wed Jul 10, 2019 9:51 am
Forum: Wireless Networking
Topic: Equipment for the conference room
Replies: 6
Views: 819

Re: Equipment for the conference room

He's using PoE switch to provide power to APs, in place of 4 PoE injectors.
by karlisi
Tue Jul 09, 2019 2:13 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 92
Views: 21229

Re: v6.44.5 [long-term] is released!

Mikrotik, please, write changelogs properly! Since separating stable and long-term channels they ar incomplete, at least for long-term. Every changelog must contain all changes and fixes from previous same channel release, not from previous release by number. It will eliminate such problems, as in ...
by karlisi
Mon Jul 08, 2019 8:46 am
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 13
Views: 848

Re: L2TP VPN can not connect on Windows 10

Thanks, I will test it.

And yes, this should go to separate topic
by karlisi
Fri Jul 05, 2019 2:44 pm
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 13
Views: 848

Re: L2TP VPN can not connect on Windows 10

I assume you have good reasons to take all this burden (registry tweaking or implementing my trick) rather than running the L2TP/IPsec directly on the outer Mikrotik.
Don't want to enable proxy-arp on LAN interface, to access devices on internal network.
by karlisi
Fri Jul 05, 2019 1:32 pm
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 13
Views: 848

Re: L2TP VPN can not connect on Windows 10

Ah, I see, I should explain better. l2tp server is running on other Mikrotik device behind Mikrotik router. Windows l2tp client -> remote LAN -> SOHO router -> Internet -> Mikrotik router with dst-nat -> LAN -> Mikrotik l2tp server In this setup VPN can't connect without Windows registry modification.
by karlisi
Fri Jul 05, 2019 9:05 am
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 13
Views: 848

Re: L2TP VPN can not connect on Windows 10

(optional for clarity) add a bridge interface with no member ports attach the public IP of the NAT behind which the server Mikrotik lives to an interface on the Mikrotik as a /32 one (normally to the portless bridge one created above, but you can use any interface) /ip firewall nat print chain=dstn...
by karlisi
Thu Jul 04, 2019 3:36 pm
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 13
Views: 848

Re: L2TP VPN can not connect on Windows 10

it is possible to run an LT2P/IPsec server on a Mikrotik behind a NATing device even without tweaking the Windows registry, the price to pay is that the clients then cannot have public IPs directly on themselves. How? We have many sites with Windows clients behind src-nat and l2tp/ipsec server behi...
by karlisi
Thu Jul 04, 2019 9:23 am
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 13
Views: 848

Re: L2TP VPN can not connect on Windows 10

It is not clear from your post, how your network is set up. I assume, L2TP server is behind router with dst-nat to this server, and you are trying to connect from Windows client. If so, Windows registry modification is required on client computer. Read this (although article is about Windows Vista, ...
by karlisi
Fri Jun 28, 2019 8:12 am
Forum: Beginner Basics
Topic: L2TP SERVER BEHIND NAT
Replies: 4
Views: 1003

Re: L2TP SERVER BEHIND NAT

As You already found this is Windows problem. You can't solve it another way, only patching every Windows client.
by karlisi
Tue Jun 25, 2019 4:48 pm
Forum: Beginner Basics
Topic: Firewall rule for accessing winbox
Replies: 7
Views: 379

Re: Firewall rule for accessing winbox

chain=input is for incoming packets destined for router itself.
by karlisi
Wed Jun 19, 2019 4:09 pm
Forum: RouterBOARD hardware
Topic: MTBF of RouterBOARD
Replies: 16
Views: 3721

Re: MTBF of RouterBOARD

UP! Mikrotik APs compliant with the wifi4eu minimum specs? As request from WiFi4EU 9.2.1 What are the technical requirements for the WiFi4EU Access Points? (...) Supports IEEE 802.11r Supports IEEE 802.11k Supports IEEE 802.11v (...) These protocols are missing in Mikrotik products, so they are not...
by karlisi
Wed May 29, 2019 4:23 pm
Forum: General
Topic: Enable NTP Client [SOLVED]
Replies: 4
Views: 297

Re: Enable NTP Client [SOLVED]

Yes
by karlisi
Wed May 29, 2019 9:46 am
Forum: General
Topic: Simple config but Internet not working.
Replies: 1
Views: 129

Re: Simple config but Internet not working.

Try this
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether13WAN
Not related to connection problems, but You have very insecure firewall rules. In input chain You should block everything, allowing only needed inputs. Also, forward chain is empty.
by karlisi
Fri May 24, 2019 10:04 am
Forum: Beginner Basics
Topic: Ban IP's / Drop connections of RDP Brute forcers
Replies: 6
Views: 574

Re: Ban IP's / Drop connections of RDP Brute forcers

Hmmmm, there is no reason why the action drop rule should be in the RAW firewall filter and NOT the input chain. In simple english, why drop is in input chain, not in raw? Perhaps linked wiki is intended to show the principle, not working configuration. You never know what other firewall rules are ...
by karlisi
Fri May 17, 2019 8:26 am
Forum: Wireless Networking
Topic: CAPsMAN channel selection
Replies: 7
Views: 795

Re: CAPsMAN channel selection

It's OK if these CAPs are far away one from other. You can reduce reselect interval to force CAPs to check more often for less busy frequency.
by karlisi
Mon Apr 29, 2019 3:27 pm
Forum: General
Topic: Ipsec error in Log [SOLVED]
Replies: 4
Views: 297

Re: Ipsec error in Log [SOLVED]

i don't use IPSEC at all how can i disable it?
Review firewall input chain, perhaps you have unnecessary ports or protocols open. Best practice is to close all, except only those you are using.
by karlisi
Mon Apr 29, 2019 1:32 pm
Forum: General
Topic: Ipsec error in Log [SOLVED]
Replies: 4
Views: 297

Re: Ipsec error in Log [SOLVED]

Also what is the TCP connection established towards my router? These are connections to your PPTP server. 'TCP connection established' not necessarily means someone was able to get in, it means someone established connection and was able to begin the authentication process. The same for ipsec error...
by karlisi
Tue Apr 23, 2019 11:03 am
Forum: General
Topic: POE Out [SOLVED]
Replies: 4
Views: 276

Re: POE Out [SOLVED]

Typical RB951 power consumption is about 0.13A on startup and about 0.1A when running. If this is 24V 0.8A power adapter then yes, you can, because both RBs will use 0.26A max.
by karlisi
Mon Apr 15, 2019 5:46 pm
Forum: Beginner Basics
Topic: L2TP with RADIUS
Replies: 8
Views: 666

Re: L2TP with RADIUS

Try to use simpler RADIUS configuration
/radius
add address=192.168.7.70 secret=AgileroSecret123 service=ppp src-address=192.168.7.1

I can't ping my AD Server (192.168.7.70) using udp 1812/1813

You tried this from Mikrotik?
by karlisi
Fri Apr 12, 2019 10:22 am
Forum: Beginner Basics
Topic: L2TP with RADIUS
Replies: 8
Views: 666

Re: L2TP with RADIUS

If L2TP client is Windows, run this command in Windows administrative command window (cmd -> run as administrator), then restart Windows:
reg add HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
by karlisi
Wed Apr 10, 2019 11:48 am
Forum: Beginner Basics
Topic: L2TP with RADIUS
Replies: 8
Views: 666

Re: L2TP with RADIUS

Unable to access LAN from VPN client
viewtopic.php?t=85962
by karlisi
Wed Apr 10, 2019 11:44 am
Forum: Beginner Basics
Topic: L2TP with RADIUS
Replies: 8
Views: 666

Re: L2TP with RADIUS

For Mikrotik and Windows AD integration I used this tutorial
https://mivilisnet.wordpress.com/2018/1 ... indows-ad/
by karlisi
Mon Mar 04, 2019 10:02 am
Forum: Wireless Networking
Topic: CAPSMAN - Upgrade Policy - Require same version - should always work - suggestion
Replies: 3
Views: 439

Re: CAPSMAN - Upgrade Policy - Require same version - should always work - suggestion

You can download and upload the latest release of RouterOS in the files section of your CHR then point cAPs via CAPsMAN to pickup the latest ROS from there and update. Could be MIPSBE or any other. There is one problem. You should first upgrade the CAPsMAN, and after that upload files for other pla...
by karlisi
Mon Feb 25, 2019 4:32 pm
Forum: General
Topic: Upgrade fails if .npk for other platforms are present
Replies: 0
Views: 439

Upgrade fails if .npk for other platforms are present

If I remember correctly, some time ago it was possible to upload to CAPsMAN router all needed packages for APs and router itself. After restart router was upgraded and all APs too, if "suggest same version" upgrade policy was enabled. Now, if there are additional .npk files uploaded RouterOS upgrade...
by karlisi
Thu Feb 21, 2019 4:28 pm
Forum: Wireless Networking
Topic: Identify which CAPsMAN interface belongs to which AP [SOLVED]
Replies: 2
Views: 285

Re: Identify which CAPsMAN interface belongs to which AP [SOLVED]

/caps-man provisioning add name-format=identity
by karlisi
Fri Feb 15, 2019 1:11 pm
Forum: Scripting
Topic: Contribute backup script to FTP [SOLVED]
Replies: 2
Views: 335

Re: Contribute backup script to FTP [SOLVED]

Sometimes it's good to have configuration export too:
/system backup save name=$filename password=xxxxx
:delay 3s
/export file=$filename
by karlisi
Mon Feb 11, 2019 10:52 am
Forum: RouterBOARD hardware
Topic: Mikrotik Poe Cascading
Replies: 6
Views: 596

Re: Mikrotik Poe Cascading

We have in some sites RB260GSP -> RB951Ui-2HnD -> RB951Ui-2HnD chained, somewhere 2 chains on one switch, without problems for more than 3 years. From my experience RB951 power consumption is about 130mA on boot, about 95mA when booted, so theoretically we can put such chains on all 4 outputs.
by karlisi
Fri Feb 08, 2019 2:54 pm
Forum: Beginner Basics
Topic: Cloud Router Switch administration [SOLVED]
Replies: 11
Views: 679

Re: Cloud Router Switch administration [SOLVED]

Use one of combo ports for connection to PC.
Do You see device in Winbox? Try to connect using MAC address.
https://i.mt.lv/cdn/rb_files/1539897967 ... lus-qg.pdf
by karlisi
Fri Feb 01, 2019 2:34 pm
Forum: General
Topic: Winbox Urgent Suggestion
Replies: 15
Views: 1018

Re: Winbox Urgent Suggestion

i have the right to use a winbox version that is compatible with my OS
As the Winbox name suggests, it's a Windows Box.
by karlisi
Thu Jan 10, 2019 10:04 am
Forum: Beginner Basics
Topic: Noob firewall question - being brute forced
Replies: 7
Views: 467

Re: Noob firewall question - being brute forced

If I understand correctly these could be commands I'd need to use after adding all WAN addresses to a custom contacts list MyContactList?(I replaced RDP /w TCP as per @mkx comment and used 8.8.8.8 as server IP for this example) Do I need to use the WinBox software to execute this or can I do it fro...
by karlisi
Fri Dec 28, 2018 3:47 pm
Forum: RouterBOARD hardware
Topic: RB750 Aluminum Electrolytic Capacitor SMD need replacement
Replies: 3
Views: 595

Re: RB750 Aluminum Electrolytic Capacitor SMD need replacement

If there is j not capital J after 330, then it is 330uF 6.3V 105*C