Community discussions

MikroTik App

Search found 490 matches

  • 1
  • 2
by karlisi
Mon Jan 13, 2025 9:14 am
Forum: Beginner Basics
Topic: TP-Link adapter and access list (bug?)
Replies: 2
Views: 265

Re: TP-Link adapter and access list (bug?)

IMHO there should be reject rule for the same MAC address after accept rule
by karlisi
Wed Jan 08, 2025 3:53 pm
Forum: Wireless Networking
Topic: Old wap AC's together with new AX
Replies: 9
Views: 1321

Re: Old wap AC's together with new AX

To use wifi capsman for local radio see /interface/wifi/cap
by karlisi
Wed Jan 08, 2025 8:35 am
Forum: RouterBOARD hardware
Topic: RB260GSP POE Switch
Replies: 6
Views: 730

Re: RB260GSP POE Switch

User manual for this camera says - PoE Power over Ethernet, IEEE 802.3af. So, no, it is not compatible with RB260GSP
https://wiki.instar.com/dl/IN-8003HD/Qu ... 8003HD.pdf
by karlisi
Tue Dec 17, 2024 4:43 pm
Forum: General
Topic: Connect Mikrotik VPN with Microsoft AD Users
Replies: 2
Views: 688

Re: Connect Mikrotik VPN with Microsoft AD Users

I followed this and it still works after 5 years (ROS v.6 and Win2022)
https://mivilisnet.wordpress.com/2018/1 ... indows-ad/
by karlisi
Sat Dec 14, 2024 11:15 am
Forum: Wireless Networking
Topic: capsman ccr1009-7g with cAP AX
Replies: 9
Views: 815

Re: capsman ccr1009-7g with cAP AX

For ax radios you can't use old CAPsMAN. All settings are under WiFi menu
https://help.mikrotik.com/docs/spaces/R ... iFiCAPsMAN
It is possible to use both CAPsMANs , old and new, on one device.
by karlisi
Thu Dec 12, 2024 8:30 am
Forum: General
Topic: Bandwidth test to localhost, limited by CHR license? [SOLVED]
Replies: 4
Views: 1096

Re: Bandwidth test to localhost, limited by CHR license? [SOLVED]

Perhaps read the docs before asking?
https://help.mikrotik.com/docs/spaces/R ... enseLevels
P10 (perpetual-10) license level allows CHR to run indefinitely. It is limited to 10Gbps upload per interface
by karlisi
Wed Dec 04, 2024 4:05 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

I have problem here, I can't use now the winbox4. The app can open no problem but since I change my monitor and location, the winbox4 app was out of window and I don't know how to reset it. Thanks for your solution. Winbox4, if opened on second monitor stays there even if that monitor is removed, u...
by karlisi
Tue Nov 12, 2024 4:03 pm
Forum: RouterBOARD hardware
Topic: RB951Ui-2HnD port Running (R- flag) without cable connected to it
Replies: 5
Views: 1136

Re: RB951Ui-2HnD port Running (R- flag) without cable connected to it

I believe OP connected computer to ether2 in moment of screenshot, that's why there is tx/rx on it.
I had at least 2 devices with blown out ethernet ports, with the same symptoms. Switch chip itself was OK, only input transformer was damaged.
by karlisi
Tue Oct 29, 2024 4:05 pm
Forum: Beginner Basics
Topic: POE Questions
Replies: 9
Views: 1121

Re: POE Questions

From RB5009UPr+S+IN specs:
PoE out 802.3af/at
This is not passive PoE, the "box" can't be powered from it.
by karlisi
Mon Oct 28, 2024 2:59 pm
Forum: RouterBOARD hardware
Topic: Replacement rack ear screws
Replies: 4
Views: 1080

Re: Replacement rack ear screws

K-48 are M3.
Some devices perhaps uses M4, I personally never had any.
by karlisi
Fri Oct 25, 2024 11:49 am
Forum: 3rd party tools
Topic: Notepad++ rsc plugin
Replies: 2
Views: 1774

Re: Notepad++ rsc plugin

by karlisi
Thu Oct 24, 2024 8:39 am
Forum: General
Topic: internal e-mail server and nat (503 error)
Replies: 4
Views: 630

Re: internal e-mail server and nat (503 error)

Hi, thank you for your answer :) DNS in domain.com is not a problem. This is external hosting and all DNS records are set by this provider. I only have influence on my subdomain, so I suspect that the nat rules are somehow intercepting all the packets that go to the e-mail ports and I don't know ho...
by karlisi
Fri Oct 18, 2024 2:59 pm
Forum: General
Topic: internal e-mail server and nat (503 error)
Replies: 4
Views: 630

Re: internal e-mail server and nat (503 error)

Check domain.com DNS records, first MX record perhaps pointing to your network.
by karlisi
Thu Oct 17, 2024 4:37 pm
Forum: Beginner Basics
Topic: FIREWALL Forward rule
Replies: 10
Views: 1142

Re: FIREWALL Forward rule

Sure, if the counter not increase, this rule does nothing. But you never know. I would leave as is, just in case.
by karlisi
Wed Oct 16, 2024 8:53 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

This is HOTEL Mikrotik, you can never leave!!
Only check out any time you like :)
by karlisi
Tue Oct 15, 2024 4:54 pm
Forum: Beginner Basics
Topic: Drop filter rule between subnets, not work.
Replies: 7
Views: 1196

Re: Drop filter rule between subnets, not work.

You have accept rule for src-address=10.1.10.0/24 before drop rule for the same subnet (..) This rule is for exclude from fasttrack this network. This has no impact on fasttrack. It only allows initial traffic from 10.1.10.0/24 to everywhere. After connection is established, fasttrack rule, which i...
by karlisi
Tue Oct 15, 2024 4:42 pm
Forum: Beginner Basics
Topic: Drop filter rule between subnets, not work.
Replies: 7
Views: 1196

Re: Drop filter rule between subnets, not work.

I didn't understand, do I have to share the whole configuration? Isn't it just enough firewall export?
Yes, because we need to see whole picture.
by karlisi
Mon Oct 14, 2024 9:28 am
Forum: Beginner Basics
Topic: Drop filter rule between subnets, not work.
Replies: 7
Views: 1196

Re: Drop filter rule between subnets, not work.

This is my firewall config: add action=accept chain=forward comment="guest fasttrack exclude" \ src-address=10.1.10.0/24 (...) add action=drop chain=forward comment="otdelqne 10.1.10.0 ot 5 mreja" \ dst-address=192.168.5.0/24 src-address=10.1.10.0/24 Don't work, i have icmp betw...
by karlisi
Thu Sep 05, 2024 10:54 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

Winbox4 is a new software, which has not replaced Winbox3. OK, you are the boss, new software, new experience, got it. But then, strange decision to name it almost as another your software, changing only the number on the end. Or this is temporary name and perhaps there will be TikBox at the end?
by karlisi
Thu Sep 05, 2024 10:16 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

Mac version - unable to drag multiple items at once. Selected multiple items, drag, but only one was moved.
Same in Windows
by karlisi
Wed Sep 04, 2024 9:34 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

one small thing on MacOS, Enter key is no more acts as "OK" button, now I need to click mouse instead of just pressing Enter like in v3.
The same on Windows.
Also, pg-down and pg-up not working. I hope, these will be added later. Normis said, they are working on keyboard shortcuts.
by karlisi
Mon Sep 02, 2024 5:29 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

Normis, here you see ping window, the new and the old Winbox. On both main text is "as black as can be"? Don't think so. ping-wb4.png ping-wb3.png Oh, and no more ping statistics? I hope, this will be back. Please, don't take our comments personal, we all want best product we can get, at t...
by karlisi
Mon Sep 02, 2024 11:44 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

Known issues to be addressed:
How about:
Collapsible Actions and Options pane in inner windows (if it will stay there)
Not prefilled password on Winbox start, like on v.3

Oh, and if you revert to tabs, please keep ability to move them to separate windows
by karlisi
Thu Aug 29, 2024 11:52 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

No safe mode and undo/redo buttons or I'm blind?
No, they are gone
by karlisi
Thu Aug 29, 2024 11:51 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

no longer a single executable
It is single exe, you don't need 'assets' folder to run it.
by karlisi
Thu Aug 29, 2024 11:40 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1731
Views: 491174

Re: 📣 WinBox 4 is here 📣

Log don't scrolls to end on open. Because no Pg-down and Pg-up, nor Home and End anymore works, its very frustrating. We need standard keys back.
by karlisi
Tue Aug 27, 2024 1:33 pm
Forum: General
Topic: How to predefine hostnames for DHCP leases?
Replies: 11
Views: 2188

Re: How to predefine hostnames for DHCP leases?

Never used this server-side, but should work
by karlisi
Mon Aug 26, 2024 8:55 am
Forum: General
Topic: How to predefine hostnames for DHCP leases?
Replies: 11
Views: 2188

Re: How to predefine hostnames for DHCP leases?

Perhaps you mean option 012 hostname, it is supported
https://help.mikrotik.com/docs/display/ ... POptions.1
by karlisi
Fri Aug 23, 2024 1:19 pm
Forum: General
Topic: How to predefine hostnames for DHCP leases?
Replies: 11
Views: 2188

Re: How to predefine hostnames for DHCP leases?

You can't. Hostname dhcp server gets from client, not sends to it. Add comment to static lease if you need to identify it.
by karlisi
Fri Aug 09, 2024 9:03 am
Forum: Beginner Basics
Topic: CAPsMAN Profile Switching
Replies: 3
Views: 1054

Re: CAPsMAN Profile Switching

Putting in CAP mode reconfigures device permanently.
by karlisi
Tue Jul 30, 2024 8:11 am
Forum: Beginner Basics
Topic: Trouble Loading RSC File
Replies: 4
Views: 977

Re: Trouble Loading RSC File

Try to import with verbose=yes, it will show you the row where import is failing.
by karlisi
Wed Jul 24, 2024 8:41 am
Forum: General
Topic: L2TP VPN clients access to LAN
Replies: 16
Views: 1582

Re: L2TP VPN clients access to LAN

Change srcnat rule for all-ppp to this, leave all other config as is
add action=masquerade chain=srcnat src-address=192.168.99.0/24
by karlisi
Mon Jul 22, 2024 9:39 am
Forum: General
Topic: DSTNAT ports Hikvision
Replies: 6
Views: 1101

Re: DSTNAT ports Hikvision

Additional ports are used by applications, for web sessions only 80/tcp is needed.
by karlisi
Thu Jul 18, 2024 3:03 pm
Forum: General
Topic: DSTNAT ports Hikvision
Replies: 6
Views: 1101

Re: DSTNAT ports Hikvision

Connect from 172.16.10.0 subnet if it is the same. Perhaps not a NAT problem. Many Hikvision devices requires Webcomponents plugin to see stream or recordings in browser. Older devices also requires Internet Explorer to run this plugin (MS Edge in IE mode). Search for "Browser and Plugin Suppor...
by karlisi
Wed Jul 10, 2024 9:46 am
Forum: General
Topic: Too tight firewall rules? I'm lost!
Replies: 15
Views: 1761

Re: Too tight firewall rules? I'm lost!

Perhaps double NAT situation? I see you have DHCP client on ether1 interface, are you sure you can access this interface from Internet?
Your configuration looks simple and correct.
by karlisi
Fri Jul 05, 2024 8:46 am
Forum: General
Topic: Syslog
Replies: 1
Views: 388

Re: Syslog

In log rule Action should be 'Syslog', not 'remote'
by karlisi
Mon Jun 17, 2024 4:55 pm
Forum: General
Topic: SFP module "how to"
Replies: 3
Views: 875

Re: SFP module "how to"

Yes, it is normal.
by karlisi
Fri Jun 14, 2024 10:17 am
Forum: Beginner Basics
Topic: Can't Port Forward 1433
Replies: 10
Views: 1373

Re: Can't Port Forward 1433

I am having trouble telnetting from outside of Winbox as it is just timing out,
Can you connect from WAN side to router or ping it?
by karlisi
Tue Jun 11, 2024 8:12 am
Forum: Announcements
Topic: v6.49.13 [long-term] is released!
Replies: 26
Views: 54374

Re: v6.49.13 [long-term] is released!

Question about release notes: Aren't the changes listed in the first post in this thread very incomplete? Shouldn't the long-term release notes for 6.49.13 include all the changes between it and the previous long-term release? Forget it. I had quite extensive dispute with Normis from Mikrotik in th...
by karlisi
Fri Apr 26, 2024 12:56 pm
Forum: General
Topic: This very simple firewall ruleset SHOULD work-- but.....
Replies: 4
Views: 522

Re: This very simple firewall ruleset SHOULD work-- but.....

SSH rule because of address-list instead of address.
As for other traffic, I'm not sure. Rules are too complex and order is not optimal, but in theory should work.
by karlisi
Fri Apr 26, 2024 11:01 am
Forum: General
Topic: This very simple firewall ruleset SHOULD work-- but.....
Replies: 4
Views: 522

Re: This very simple firewall ruleset SHOULD work-- but.....

change to this chain=forward action=accept connection-state=established,related,untracked chain=forward action=accept protocol=tcp dst-address=199.181.204.130 dst-port=22 chain=forward action=drop log=no log-prefix="Drop it" Check if it works About SSH I'm not sure, from your description c...
by karlisi
Tue Apr 23, 2024 10:54 am
Forum: General
Topic: Site to site VPN problem
Replies: 3
Views: 808

Re: Site to site VPN problem

Without router config it's hard to say, but my guess is, routes are not set properly.
by karlisi
Tue Apr 02, 2024 11:47 am
Forum: General
Topic: Switch + Router all lights blinking [SOLVED]
Replies: 2
Views: 985

Re: Switch + Router all lights blinking [SOLVED]

Broadcast storm perhaps? Ethernet loop or faulty network device?
by karlisi
Mon Mar 25, 2024 9:09 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 113
Views: 41214

Re: CCR1036 Power Supply

IMHO CCR1009, 1016, 1036 and 1072 series all share the same board and all have the same problem - bad 680uFx6.3V capacitors, C1442, C143, C1613, C1617. First clue if they are failing is higher CPU temperature and slightly lowered voltage. We are replacing all 4 caps, not only bulged.
by karlisi
Fri Mar 22, 2024 9:51 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 49
Views: 6069

Re: Many PSU failures in CCR1036

However, it's even the other way around: ROS regulates fan speed (and thus air flow) according to temperature of CPU (and port area). But indirectly this also affects cooling of CPU (part of air does flow through PSU) and keeping fan speed low means higher temperature inside PSU. This will not work...
by karlisi
Tue Mar 19, 2024 11:38 am
Forum: General
Topic: RB3011UiAS-RM - Gigabit Lan strange
Replies: 5
Views: 666

Re: RB3011UiAS-RM - Gigabit Lan strange

@Maggiore81 IMHO, that's not the case, with switch between router and client speed is OK

@pocci Have you tried to set 1Gbps for ether6 manually? Server has 2.5Gbit interface, it could be a problem for Mikrotik
by karlisi
Tue Mar 19, 2024 11:17 am
Forum: General
Topic: low signal client in CAPSMAN?
Replies: 4
Views: 729

Re: low signal client in CAPSMAN?

IMHO below -80 most of disconnection are caused by signal loss, not by access rules
by karlisi
Thu Mar 14, 2024 8:26 am
Forum: Scripting
Topic: Mikrotik script syntax highlight [SOLVED]
Replies: 10
Views: 9305

Re: Mikrotik script syntax highlight [SOLVED]

by karlisi
Thu Feb 15, 2024 8:42 am
Forum: Scripting
Topic: Script breaks on ROS 7 due to changes in date format
Replies: 4
Views: 1857

Re: Script breaks on ROS 7 due to changes in date format

Or in short:
:local senha;
:local ds [/system clock get date]
:local mm [:pick $date 5 7];

:set  senha ( "user*" . $mm * [:pick $ds 8 10])

/ip hotspot user set "user" password=$senha
by karlisi
Tue Feb 06, 2024 11:07 am
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 16941

Re: [Discussion] MikroTik configuration abstraction complexity

So, for all of us, it would be interesting to hear, which directions Mikrotik will go.
by karlisi
Mon Feb 05, 2024 10:50 am
Forum: General
Topic: DHCP in VLAN not working for virtual wireless interface [SOLVED]
Replies: 8
Views: 2317

Re: DHCP in VLAN not working for virtual wireless interface [SOLVED]

Default masquerade rule catches all, so nothing will go to next srcnat rules. Perhaps these srcnat rules are not needed, only dstnat rules?
by karlisi
Wed Jan 24, 2024 9:06 am
Forum: General
Topic: hEX POE not doing POE
Replies: 8
Views: 883

Re: hEX POE not doing POE

So the POE device doesn't actually do POE. Thanks for the verification. I'll return it to Amazon and buy a new router from a company that doesn't lie to its customers. Perhaps next time read description before buy. Quote from https://mikrotik.com/product/RB960PGS It also supports passive PoE input ...
by karlisi
Tue Jan 23, 2024 2:47 pm
Forum: RouterBOARD hardware
Topic: Missing product: RB on an top-hat raill
Replies: 7
Views: 2076

Re: Missing product: RB on an top-hat raill

It's the same DIN rail.
In fact, there is. LtAP mini https://mikrotik.com/product/ltap_mini with DIN rail mounting bracket https://mikrotik.com/product/dinrail_pro
by karlisi
Thu Jan 18, 2024 9:36 am
Forum: Beginner Basics
Topic: WAN serving DHCP addresses on eth1
Replies: 1
Views: 591

Re: WAN serving DHCP addresses on eth1

Remove ether1 from bridge local?
Without configuration export this is the only guess.
/export file=anyfilename hide-sensitive
Remove from exported config public IPs, MAC addresses, passwords and other sensitive info, and post here between code tags
by karlisi
Mon Jan 15, 2024 11:08 am
Forum: General
Topic: User poll about using Winbox
Replies: 107
Views: 111627

Re: User poll about using Winbox

1.No
2.Save and load multiple interface settings for same device?
3.No idea
4.Perhaps yes
5.Not surprised, but yes, learned something
by karlisi
Thu Jan 11, 2024 10:49 am
Forum: Scripting
Topic: Syntax difference in versions, how to handle? [SOLVED]
Replies: 12
Views: 8751

Re: Syntax difference in versions, how to handle? [SOLVED]

Think what you write, Normis. ROS v.6 is still supported, it means 6.49.11 is up to date.
by karlisi
Thu Dec 28, 2023 10:47 am
Forum: General
Topic: CAP Poe [SOLVED]
Replies: 3
Views: 979

Re: CAP Poe [SOLVED]

Even worse, OP has hEX S and it's max PoE output is only 500mA.
by karlisi
Thu Dec 28, 2023 8:38 am
Forum: General
Topic: RBwAP2nDr3 I've lost wifi device after upgrade to 7.13 [SOLVED]
Replies: 2
Views: 1662

Re: RBwAP2nDr3 I've lost wifi device after upgrade to 7.13 [SOLVED]

EDIT: the upgrade policy was to suggest the same version, but I couldn't believe this starts auto upgrade without any prompt It always been like that, if you want upgrade manually, set the upgrade policy to 'none'. Policy 'suggest same version' means, caps will try to upgrade to the same version as...
by karlisi
Wed Dec 27, 2023 10:02 am
Forum: RouterBOARD hardware
Topic: POE not working on 2 Hex POE routers
Replies: 21
Views: 3781

Re: POE not working on 2 Hex POE routers

It seems You are confused by passive PoE and active PoE. I will oversimplify this, but the main visible difference is in voltage. Hex poe can deliver both but not in same time. With included 24V PSU it delivers passive PoE. For active PoE (I assume your devices needs active PoE) you need 48V PSU. Wh...
by karlisi
Tue Nov 14, 2023 1:48 pm
Forum: RouterBOARD hardware
Topic: CCR1036 temperature "issue" cause reboot.
Replies: 19
Views: 11819

Re: CCR1036 temperature "issue" cause reboot.

CCR1009-8G-1S-1S+PC constantly rebooting by thermal protection. Replaced the same as above 4 capacitors 680uF*6.3V, problem solved. About 3 months ago another CCR1009, the same repair.
by karlisi
Wed Nov 08, 2023 2:20 pm
Forum: The Dude
Topic: Email notification: how to?
Replies: 2
Views: 3830

Re: Email notification: how to?

You need TLS Mode = yes
by karlisi
Tue Nov 07, 2023 9:45 am
Forum: The User Manager
Topic: rb951ui-2hnd
Replies: 1
Views: 3346

Re: rb951ui-2hnd

The User Manager? Next time choose appropriate section of the Forum.
What RouterOS version? Wireless package is enabled?
by karlisi
Thu Nov 02, 2023 9:43 am
Forum: General
Topic: Problem with Remote DNS via SSTP (site-to-site)
Replies: 1
Views: 712

Re: Problem with Remote DNS via SSTP (site-to-site)

If regex is OK, there should be something else outside of routing or static dns. My regex is similar to this
add forward-to=192.168.10.16 regexp=".*\\.internal\\.mydomain\\.org\$" type=FWD
by karlisi
Wed Nov 01, 2023 8:27 am
Forum: General
Topic: winbox 8291 wan connexion refused (V7.11.2)
Replies: 2
Views: 682

Re: winbox 8291 wan connexion refused (V7.11.2)

Do you have public IP on router's WAN interface?
by karlisi
Fri Oct 27, 2023 2:50 pm
Forum: Beginner Basics
Topic: Three problems/questions starting up with MikroTik
Replies: 5
Views: 1533

Re: Three problems/questions starting up with MikroTik

Weird thing still is how it works with the old router with the block rule in place.. Windows network profile is the same with old and new router? If Windows computer is connected directly to router, it detects hardware change and can change network profile, even if new router is configured exactly ...
by karlisi
Thu Oct 26, 2023 11:05 am
Forum: General
Topic: Bridge External and Internal network [SOLVED]
Replies: 6
Views: 1513

Re: Bridge External and Internal network [SOLVED]

You can set passtrough interface for APN in use. It's under interfaces -> LTE -> LTE APNs. Remove that interface from default bridge before setting it as passtrough. You can lose access to router if set bridge as passtrough interface.
by karlisi
Tue Oct 24, 2023 4:19 pm
Forum: Beginner Basics
Topic: VPN L2tp connection problem [SOLVED]
Replies: 10
Views: 11553

Re: VPN L2tp connection problem [SOLVED]

all works thanks guys
The most hated reply in all technical forums :evil:
by karlisi
Mon Oct 09, 2023 2:56 pm
Forum: General
Topic: Can't access DNS domain names from the router
Replies: 7
Views: 1507

Re: Can't access DNS domain names from the router

Add this rule, typically DNS uses UDP: add action=accept chain=input comment="Allow router to access DNS" dst-port=53 protocol=tcp add action=accept chain=input comment="Allow router to access DNS" dst-port=53 protocol=udp And this rule does nothing because you already dropped al...
by karlisi
Wed Aug 23, 2023 2:23 pm
Forum: General
Topic: mAP (RBmAP2nD) supports a PoE camera on 2nd eth?
Replies: 6
Views: 1942

Re: mAP (RBmAP2nD) supports a PoE camera on 2nd eth?

I suspect camera will not work, at least I've not seen af/at only cameras working on passive poe. To answer, if you can connect camera to passive poe port for testing, I have done it without bad consequences, but take it on your risk of course.
by karlisi
Wed Aug 16, 2023 8:46 am
Forum: Beginner Basics
Topic: Please check my configs - first time setting up Mikrotik network. [SOLVED]
Replies: 12
Views: 3061

Re: Please check my configs - first time setting up Mikrotik network. [SOLVED]

Perhaps start with default configuration and learn how it works. First you should remember, all rules are evaluated in sequence as they are ordered. As short example, here second rule will not work at all because previous rule already blocks all packets from ether1. add action=drop chain=input comme...
by karlisi
Tue Aug 15, 2023 8:36 am
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2052

Re: NORMUNDS FOR PRESIDENT

:lol: BTW, there is no vacancy for President, only for Prime Minister (Ministru prezidents) in Latvia.
by karlisi
Mon Aug 14, 2023 1:42 pm
Forum: Beginner Basics
Topic: Power adapter backup
Replies: 5
Views: 1385

Re: Power adapter backup

Yes, You can. Voltages must match, in this case both are 24V. Amperage should be equal or more. In general, amperage indicates maximum current you can draw from PSU.
by karlisi
Thu Aug 10, 2023 12:57 pm
Forum: General
Topic: Rookie Question: DstNAT
Replies: 3
Views: 716

Re: Rookie Question: DstNAT

Yes
by karlisi
Sat May 20, 2023 11:34 am
Forum: Beginner Basics
Topic: Can't get dst-nat to work
Replies: 17
Views: 3483

Re: Can't get dst-nat to work

I tried it, and it didn't work. The counter for this rule stays at 0, so apparently no packet matching the rule is ever received by the firewall. It was my understanding that this should have been done already by the existing "masquerade" rule, Be sure masquerade is the last in srcnat cha...
by karlisi
Fri May 19, 2023 8:28 am
Forum: Beginner Basics
Topic: POE switch for MT
Replies: 9
Views: 1649

Re: POE switch for MT

Passive PoE is not compatible with 802.3af/at
by karlisi
Thu May 18, 2023 1:43 pm
Forum: General
Topic: CCR-1009-8G-15-15 +
Replies: 1
Views: 576

Re: CCR-1009-8G-15-15 +

Who knows, but there is ROS 7.10 for Tile architecture, so I hope it will be supported some time.
by karlisi
Mon May 15, 2023 1:17 pm
Forum: Beginner Basics
Topic: port forwarding not working on RB3011
Replies: 8
Views: 2342

Re: port forwarding not working on RB3011

So your dst-nat works. Check if there is response from 192.168.10.10. And it would be better if we can see all configuration, perhaps something was altered by configuration transfer and adaptation process.
by karlisi
Fri Apr 28, 2023 3:08 pm
Forum: Beginner Basics
Topic: Is there a way to see all previous failed logins on Winbox?
Replies: 35
Views: 5574

Re: Is there a way to see all previous failed logins on Winbox?

Wait, so this behaviour could be an anti virus scanning the network?
Yes. The same experience from other Mikrotik user viewtopic.php?p=988766&#p988766
by karlisi
Mon Mar 13, 2023 3:58 pm
Forum: Scripting
Topic: problem to get system identity
Replies: 2
Views: 1605

Re: problem to get system identity

by karlisi
Fri Jan 27, 2023 9:26 am
Forum: Beginner Basics
Topic: CAPsMAN with Two Hap ac2?
Replies: 9
Views: 3838

Re: CAPsMAN with Two Hap ac2?

Hap ac2 reset button has no CAP mode, as per user manual. Instead you should log in similar to your master router, click on Quick Set, then choose CAP, adjust settings if needed, and save settings.
by karlisi
Fri Nov 11, 2022 8:19 am
Forum: General
Topic: attacking my mikrotik device
Replies: 20
Views: 3010

Re: attacking my mikrotik device

Your router is completely unprotected. I suggest to apply default firewall rules first, then add your customizations.
Edit: OK, Jotne already wrote about it.
by karlisi
Thu Oct 27, 2022 3:17 pm
Forum: General
Topic: Block all ports from outside and allow specific only [SOLVED]
Replies: 7
Views: 7731

Re: Block all ports from outside and allow specific only [SOLVED]

This rule blocks all traffic to 92.92.92.92./28 subnet, including replies to tcp requests originating from this subnet add action=drop chain=forward comment=Block-All-TCP-PORTS dst-address=92.92.92.92/28 \ in-interface=ether1 log=yes protocol=tcp You should allow replies to outgoing requests to esta...
by karlisi
Thu Oct 27, 2022 2:02 pm
Forum: General
Topic: Block all ports from outside and allow specific only [SOLVED]
Replies: 7
Views: 7731

Re: Block all ports from outside and allow specific only [SOLVED]

What if you add this as first rule in forward chain?
/ip firewall filter
add action=accept chain=forward connection-state=\
    established,related,untracked
by karlisi
Mon Oct 24, 2022 12:53 pm
Forum: General
Topic: DROP ANY ALWAYS?
Replies: 11
Views: 934

Re: DROP ANY ALWAYS?

The router of my example would be a Mikrotik Routerboard Hex RB750GR3 and unfortunately I didn't find an option to edit the title of this post to add this information. In the link @karlisi gave it says "IP connectivity on the public interface must be limited in the firewall." so I underst...
by karlisi
Fri Oct 21, 2022 10:51 am
Forum: General
Topic: DROP ANY ALWAYS?
Replies: 11
Views: 934

Re: DROP ANY ALWAYS?

Now I'm going to get the popcorn and wait for when the others read... rextended is teasing You, sorry :D If You expect useful answer, post some more information, router model at least (from your description we can only guess this is no low end home router), or config export. Also, perhaps read http...
by karlisi
Thu Oct 06, 2022 3:56 pm
Forum: General
Topic: l2tp with ipsec site-to-site between 2 mikrotik router
Replies: 2
Views: 834

Re: l2tp with ipsec site-to-site between 2 mikrotik router

I suppose, there is more configuration, especially on server side. Because you don't posted it, this can be only guess, but perhaps there is no ipsec-esp (50) protocol allowed in input chain of server's firewall?
by karlisi
Thu Sep 08, 2022 10:46 am
Forum: General
Topic: which VPN to use ?
Replies: 6
Views: 731

Re: which VPN to use ?

PC2 should resolve AD domain name via DNS to join domain. It is easier if all traffic from PC2 to Internet goes trough VPN, in this case use AD DNS in PC2 network settings. If not, you can use static DNS entries in Mikrotik to forward DNS queries for AD domain to specific servers.
by karlisi
Fri Jul 29, 2022 8:38 am
Forum: Wireless Networking
Topic: CAPSMAN - Surely there's a simpler/cleaner way?
Replies: 19
Views: 3680

Re: CAPSMAN - Surely there's a simpler/cleaner way?

Finally someone has found a Grandstream product that works!!! :shock: :shock: :shock:
He, he :D
by karlisi
Tue Jul 19, 2022 11:23 am
Forum: General
Topic: Mikrotik router act as a PPTP client, and PPTP server
Replies: 6
Views: 1247

Re: Mikrotik router act as a PPTP client, and PPTP server

studies have found that brute-forcing PPTP encryption has become almost trivially simple. At Defcon 2012, hacking group CloudCracker showed that MS-CHAPv2 (the updated CHAP for PPTP) could easily be gamed. There is no need to employ an array of powerful computers, and the process doesn’t take long. ...
by karlisi
Thu May 26, 2022 9:54 am
Forum: General
Topic: I can not join computers to the domain by VPN
Replies: 6
Views: 1895

Re: I can not join computers to the domain by VPN

It is possible to set static DNS entries on remote routers, like this https://askto.pro/question/setting-up-a-redirect-in-mikrotik To avoid problems if one of AD DNS servers goes offline, use script to check servers availability and to disable or enable corresponding entry in static DNS table, and r...
by karlisi
Mon Apr 04, 2022 10:46 am
Forum: General
Topic: What are you using to monitor your network? zabbix or nagios or paid?
Replies: 12
Views: 3735

Re: What are you using to monitor your network? zabbix or nagios or paid?

We have Dude for fast overview, what's working, what's not, and for some Mikrotik management, Zabbix for graphing and alerting, and Graylog (based on Elastic) for logging. We wanted all in one also in beginning, but after some time we realized why there are so much specialized tools available :) All...
by karlisi
Thu Mar 17, 2022 4:44 pm
Forum: General
Topic: Solution for insufficient USB power [SOLVED]
Replies: 12
Views: 2226

Re: Solution for insufficient USB power [SOLVED]

Yes
by karlisi
Thu Mar 17, 2022 3:48 pm
Forum: General
Topic: Solution for insufficient USB power [SOLVED]
Replies: 12
Views: 2226

Re: Solution for insufficient USB power [SOLVED]

Normally USB hub has 1 input which goes to the router in your case and does not provide power to it, and some outputs where power is provided from hub's power adapter
by karlisi
Fri Jan 28, 2022 8:56 am
Forum: Beginner Basics
Topic: L2TP/IPsec connection OK from iOS but not working from Windows 10
Replies: 6
Views: 3266

Re: L2TP/IPsec connection OK from iOS but not working from Windows 10

But I doubt that is the problem, error message is different. Perhaps this
viewtopic.php?t=149863
by karlisi
Fri Jan 28, 2022 8:54 am
Forum: Beginner Basics
Topic: L2TP/IPsec connection OK from iOS but not working from Windows 10
Replies: 6
Views: 3266

Re: L2TP/IPsec connection OK from iOS but not working from Windows 10

Don't uninstall that update, it will be installed again. Just install another one to patch exactly this problem
https://www.catalog.update.microsoft.co ... =KB5010793
On some computers this appears under optional updates, if not, download it manually.
by karlisi
Fri Dec 17, 2021 11:36 am
Forum: Scripting
Topic: Remove all firewall settings before import
Replies: 5
Views: 9537

Re: Remove all firewall settings before import

This should work
/ip firewall filter remove [find dynamic=no]
by karlisi
Wed Dec 15, 2021 11:47 am
Forum: General
Topic: DNS Failed when join host to the AC DC
Replies: 12
Views: 3032

Re: DNS Failed when join host to the AC DC

It seems something wrong with your AD configuration. First fix that. First, it is recommended to use Windows DHCP server in Windows AD network. If you are using third party DHCP, i.e. Mikrotik, you should specify internal DNS servers to clients, not Mikrotik or another third-party DNS. The commonly ...
by karlisi
Mon Dec 06, 2021 8:40 am
Forum: General
Topic: L2TP VPN
Replies: 2
Views: 741

Re: L2TP VPN

Is your router's Internet side connected to bridge1?
by karlisi
Mon Nov 29, 2021 8:44 pm
Forum: General
Topic: Zabbix LTE modem- RSRP with SNMP
Replies: 9
Views: 3795

Re: Zabbix LTE modem- RSRP with SNMP

Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is free of cost. Zabbix is written and distributed under the GPL General Public License version 2. It means that its source code is freely distributed and available for the general public. Commercial support is availab...
by karlisi
Mon Nov 15, 2021 10:46 am
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 65
Views: 102167

Re: WinBox v3.31 released!

i don't want to offend anyone, but i don't really understand the "Dark-Mode" hype !
Agree
by karlisi
Tue Nov 09, 2021 10:25 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 113905

Re: v6.48.5 [long-term] is released!

I dont see the problem.
First 6.41.4 is very old, so some one has missed out many many version.
You are right about this, only partially. In such case changelog should start with "warning, if you upgrade from versions older than..."
by karlisi
Fri Nov 05, 2021 8:33 am
Forum: Forwarding Protocols
Topic: L2TP with Windows Server Radius
Replies: 7
Views: 5919

Re: L2TP with Windows Server Radius

This fix helps for Windows Server 2016, but perhaps it helps for 2012 too: Here’s a fix so that you don’t have to explicitly select allow for all users that you want to connect. Under NPS configuration in Windows Server 2016: Under Policies > Network Policies > Virtual Private Network (VPN) Connecti...
by karlisi
Wed Nov 03, 2021 3:05 pm
Forum: General
Topic: windows 10 machine fails to connect for L2TP VPN [SOLVED]
Replies: 6
Views: 7483

Re: windows 10 machine fails to connect for L2TP VPN [SOLVED]

Start new thread, this was marked as solved, noone will look here
by karlisi
Tue Nov 02, 2021 8:38 am
Forum: Beginner Basics
Topic: Making sure I did not mess up my firewall protection [SOLVED]
Replies: 16
Views: 3684

Re: Making sure I did not mess up my firewall protection [SOLVED]

I believe it's typo, there should be 'add action=allow' Oh just noticed since you do use port forwarding, you will need one additional allow rule in your ADMIN rules for the forward chain and it looks like this... add action=drop chain=forward comment="allow port forwarding" connection-nat...
by karlisi
Mon Nov 01, 2021 3:27 pm
Forum: Beginner Basics
Topic: I can access website from external but not from internal
Replies: 3
Views: 1500

Re: I can access website from external but not from internal

Modify nat rule to this (assuming your bridge is called LAN)
/ip firewall nat add action=masquerade chain=srcnat dst-address=192.168.0.67 src-address=192.168.0.0/24 out-interface=LAN comment="http from LAN"
by karlisi
Mon Oct 25, 2021 2:39 pm
Forum: Beginner Basics
Topic: when port is close in dst nat
Replies: 3
Views: 973

Re: when port is close in dst nat

Last rule drops everything coming to WAN trough router, it's like one way street. BTW, what's the purpose of this rule?
by karlisi
Fri Oct 22, 2021 11:08 am
Forum: Virtualization
Topic: CHR Licence on replicated instance
Replies: 9
Views: 11776

Re: CHR Licence on replicated instance

When a Mikrotik CHR ( with the license ) is moved to another location on the hypervisor or to another hypervisor ( either manually or by automatically ) the new spun-up CHR will no longer retain the original license. I recently moved CHR from Xenserver host to xcp-ng pool (migrate, not copy), it re...
by karlisi
Mon Oct 11, 2021 11:36 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 113905

Re: v6.48.5 [long-term] is released!

Post configuration (i.e. example) or it didn't happen. No time to search exact sample, but in stable channel changelogs these 'fixed (or reverting) something, introduced in some previous release' occurs quite often. Why I should trace down all these introduced-fixed-removed I don't understand but M...
by karlisi
Mon Oct 11, 2021 11:33 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 113905

Re: v6.48.5 [long-term] is released!

I think MikroTik should put all changelog items in a database keyed with version number where they are added and version number where they become superseded, and then provide a webpage where you can enter two version numbers and get a customized changelog between those two versions. Channel (stable...
by karlisi
Mon Oct 11, 2021 11:31 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 113905

Re: v6.48.5 [long-term] is released!

Post configuration (i.e. example) or it didn't happen. No time to search exact sample, but in stable channel changelogs these 'fixed (or reverting) something, introduced in some previous release' occurs quite often. Why I should trace down all these introduced-fixed-removed I don't understand but M...
by karlisi
Mon Oct 11, 2021 10:18 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 113905

Re: v6.48.5 [long-term] is released!

Especially since even the changelog references a non-existing long-term release in relation to changes from v6.48.4 and not the actual predecessor v6.47.10 . https://mikrotik.com/download/changelogs/long-term-release-tree So lets see how the actual release notes for long-term v6.48.5 upgrade from v...
by karlisi
Wed Sep 29, 2021 9:07 am
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 147
Views: 70691

Re: ROS 6.38 serious DHCP server problem

Network problems can cause this error too. I had bad network cable between AP and switch, time to time there was this DHCP error for clients on this AP.
by karlisi
Fri Sep 24, 2021 10:23 am
Forum: General
Topic: cap capsman factory reset
Replies: 4
Views: 2350

Re: cap capsman factory reset

What if factory version is newer than 6.42.10?
by karlisi
Fri Aug 27, 2021 10:52 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 39040

Re: WinBox v3.29 released!

Or move Windows button to top, where it resides in other Windows software. Just on right of session or between it and Safe Mode button
by karlisi
Wed Aug 18, 2021 1:02 pm
Forum: Beginner Basics
Topic: Failed IPSEC connection every morning from 216.218.206.106 [SOLVED]
Replies: 2
Views: 1741

Re: Failed IPSEC connection every morning from 216.218.206.106 [SOLVED]

https://www.abuseipdb.com/check/216.218.206.106
You can create blacklist, put it in (and perhaps another abusers later), and drop all connections from blacklist in ip firewall raw prerouting chain
by karlisi
Thu Aug 05, 2021 5:01 pm
Forum: General
Topic: Router config
Replies: 8
Views: 1416

Re: Router config

Yes, it should work as you described.
by karlisi
Thu Aug 05, 2021 10:37 am
Forum: General
Topic: Router config
Replies: 8
Views: 1416

Re: Router config

Default configuration would be good starting point
by karlisi
Tue Jul 20, 2021 9:18 am
Forum: Beginner Basics
Topic: L2tp vpn problem
Replies: 6
Views: 3411

Re: L2tp vpn problem

You can't. I guess clients are Windows, and Windows VPN connection by default uses VPN server as default gateway. Either instruct your clients to disable remote gateway in VPN settings, or make a script to do this (perhaps someone can help with this) and send it to clients.
by karlisi
Mon Jul 19, 2021 8:56 am
Forum: Beginner Basics
Topic: Allow Remote DNS Requests
Replies: 6
Views: 3135

Re: Allow Remote DNS Requests

It's self explanatory: drop all not coming from LAN. PPPoE interface is not LAN. Allow 53/udp from appropriate interfaces exactly before this drop-all rule. And be sure to not allow DNS from entire world.
by karlisi
Wed Jul 07, 2021 11:48 am
Forum: Beginner Basics
Topic: Simple wAP ac setup - beginners help [SOLVED]
Replies: 13
Views: 6558

Re: Simple wAP ac setup - beginners help [SOLVED]

However the connection speed test is around 16Mbps (If connected directly to home router 2.4 GHz it's ~83 Mbps).
How can I investigate this ?
Check speed from cable AP end, to be sure there is no fancy config in router.
by karlisi
Tue Jun 22, 2021 9:18 am
Forum: RouterBOARD hardware
Topic: RB1100AH Power supply?
Replies: 2
Views: 3043

Re: RB1100AH Power supply?

Quick search with G resulted in: Max power consumption without attachments 20W https://mikrotik.com/product/RB1100AH The device supports 110-220V at the built in PSU, and 12-24V when powering directly to the board and not using the provided case/PSU. https://i.mt.lv/cdn/product_files/rb1100AHmA_1305...
by karlisi
Tue Jun 15, 2021 11:33 am
Forum: General
Topic: help with firewall "drop" forward
Replies: 7
Views: 1606

Re: help with firewall "drop" forward

It's not clear why this rule (and similar in input chain): add action=add-src-to-address-list address-list=BlcokConnections address-list-timeout=none-dynamic chain=forward This rule adds every new connection to 'BlcokConnections' list. Every means, both directions - WAN to LAN and LAN to WAN. That's...
by karlisi
Thu Jun 03, 2021 11:38 am
Forum: Beginner Basics
Topic: Port forwarding 443...
Replies: 3
Views: 971

Re: Port forwarding 443...

I suppose you dst-natted to port 443 without specifying in-interface, there should be your WAN interface
by karlisi
Wed May 26, 2021 9:27 am
Forum: General
Topic: NAT rules explained with examples [SOLVED]
Replies: 5
Views: 7186

Re: NAT rules explained with examples [SOLVED]

The order of rules matters. Hairpin NAT rules (2. and 3.) should be before src nat all LAN rule (1.).
by karlisi
Mon May 24, 2021 1:33 pm
Forum: RouterBOARD hardware
Topic: Add +1 here if you liked "white brick" mikrotik design
Replies: 10
Views: 2697

Re: Add +1 here if you liked "white brick" mikrotik design

+1
White color fits most of interiors
by karlisi
Thu May 20, 2021 10:45 am
Forum: General
Topic: NAT rules explained with examples [SOLVED]
Replies: 5
Views: 7186

Re: NAT rules explained with examples [SOLVED]

You are correct in all explanations.
2nd is related to 3rd, hairpin NAT, needed if clients should connect server in same subnet, using public IP.
https://help.mikrotik.com/docs/display/ ... HairpinNAT
3rd and 4th are almost the same, 4th rule restricts access only from src-address
by karlisi
Mon May 17, 2021 4:26 pm
Forum: Beginner Basics
Topic: How do I connect two subnet in a single router? [SOLVED]
Replies: 20
Views: 19733

Re: How do I connect two subnet in single subnet? [SOLVED]

You have wrong gw here, I believe /ip dhcp-server network add address=192.168.188.0/24 comment=pinet gateway=192.168.88.1 netmask=24 should be 192.168.188.1 Not related to connection problems, but last 2 drop rules in forward chain are not needed, the previous rule already dropping all from all inte...
by karlisi
Mon Apr 26, 2021 11:28 am
Forum: Beginner Basics
Topic: DSTNAT doesn't opening port
Replies: 9
Views: 2239

Re: DSTNAT doesn't opening port

curl test from 192.168.60.0/24 or /30 network works?
by karlisi
Fri Apr 23, 2021 9:12 am
Forum: Beginner Basics
Topic: Configuration Restore from RB3011 to RB4011
Replies: 6
Views: 2601

Re: Configuration Restore from RB3011 to RB4011

You can use /import file=thenameoftheconfigfile verbose=yes to see where the import stops. After correcting and re-uploading config file, you can restart import with /import file=thenameoftheconfigfile verbose=yes from-line=errorlinenumber
by karlisi
Fri Apr 23, 2021 9:01 am
Forum: General
Topic: Port 53 attack [SOLVED]
Replies: 3
Views: 1680

Re: Port 53 attack [SOLVED]

Attacker targets router's public address (screened part in log entry), and NAT translates this request to private - 111.7.96.178:36152->10.0.0.1:53, NAT 111.7.96.178:36152->(xx.xxx.xxx.xxx:53->10.0.0.1:53). Attacker don't see internal IP, if request would be answered, it's source IP would be router'...
by karlisi
Mon Mar 22, 2021 3:20 pm
Forum: The Dude
Topic: The Dude and windows 10
Replies: 3
Views: 6800

Re: The Dude and windows 10

Sometimes you need to run Dude client as administrator to perform upgrade even if you are local administrator on your computer.
by karlisi
Wed Mar 17, 2021 3:24 pm
Forum: RouterOS beta
Topic: v7.1beta5 [development] is released!
Replies: 292
Views: 93225

Re: v7.1beta5 [development] is released!

I had a test CHR on VMware ESXi 6.7 running 7.1beta4 with a quite simple config (1 interface, fixed address, a BGP session) I used System->Packages upgrade to load 7.1beta5 It fails to boot now. On the console it says: Load system WARN: GPT: skip truncate ERROR: could not mount disk! Please attach ...
by karlisi
Tue Mar 02, 2021 8:44 am
Forum: Scripting
Topic: Excluding dynamic entries from [ find ]
Replies: 3
Views: 2064

Re: Excluding dynamic entries from [ find ]

or
remove [find dynamic=no]
by karlisi
Thu Feb 25, 2021 11:47 am
Forum: Beginner Basics
Topic: filtering "log print" output (like grep)? [SOLVED]
Replies: 2
Views: 5201

Re: filtering "log print" output (like grep)? [SOLVED]

/log print where message~"AppleWatch"
by karlisi
Mon Feb 22, 2021 1:37 pm
Forum: Beginner Basics
Topic: Rename interface: to what port is it connected to?
Replies: 5
Views: 1845

Re: Rename interface: to what port is it connected to?

It is in winbox using Terminal.
In GUI no, it isn't possible. If renaming, put the default name in comment, it can help sometimes
by karlisi
Mon Feb 22, 2021 11:34 am
Forum: Beginner Basics
Topic: Rename interface: to what port is it connected to?
Replies: 5
Views: 1845

Re: Rename interface: to what port is it connected to?

/interface print detail 
to list all interfaces details or
/interface print where default-name=sfp2
to find default name of one interface
by karlisi
Thu Feb 18, 2021 8:36 am
Forum: General
Topic: Upgrading Mikrotik devices through Dude
Replies: 4
Views: 1127

Re: Upgrading Mikrotik devices through Dude

Upload using Winbox, not the Dude client.
by karlisi
Mon Feb 15, 2021 6:05 pm
Forum: Beginner Basics
Topic: L2TP with Radius Authentication
Replies: 15
Views: 6393

Re: L2TP with Radius Authentication

Sorry, no idea. On Mikrotik my only error was incorrect src-address in radius settings, there should be router's IP address.
by karlisi
Mon Feb 15, 2021 5:59 pm
Forum: Beginner Basics
Topic: L2TP with Radius Authentication
Replies: 15
Views: 6393

Re: L2TP with Radius Authentication

What is on Mikrotik?
by karlisi
Mon Feb 15, 2021 5:05 pm
Forum: Beginner Basics
Topic: L2TP with Radius Authentication
Replies: 15
Views: 6393

Re: L2TP with Radius Authentication

So, Mikrotik is connecting to NPS, but policies not match. The only suggestion is, check all settings thoroughly step by step on both sides, especially on NPS. Or start from scratch.
by karlisi
Mon Feb 15, 2021 4:17 pm
Forum: Beginner Basics
Topic: Malicious VPN connection attempts?
Replies: 12
Views: 6234

Re: Malicious VPN connection attempts?

Also many of them are used only once and never appears again.
by karlisi
Mon Feb 15, 2021 4:16 pm
Forum: Beginner Basics
Topic: L2TP with Radius Authentication
Replies: 15
Views: 6393

Re: L2TP with Radius Authentication

Without RADIUS works? Something in Windows Security Events?
by karlisi
Mon Feb 15, 2021 4:01 pm
Forum: Beginner Basics
Topic: L2TP with Radius Authentication
Replies: 15
Views: 6393

Re: L2TP with Radius Authentication

Also this link from comments on original article
https://mivilisnet.wordpress.com/2019/0 ... s-working/
by karlisi
Mon Feb 15, 2021 3:18 pm
Forum: Beginner Basics
Topic: L2TP with Radius Authentication
Replies: 15
Views: 6393

Re: L2TP with Radius Authentication

by karlisi
Mon Feb 15, 2021 11:07 am
Forum: RouterOS beta
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 61038

Re: v7.1beta4 [development] is released!

In previous betas it was actually completing but after very long time, like 20m.
Actually without 'verbose' it takes exactly 20min. Very interesting.
by karlisi
Fri Jan 15, 2021 1:03 pm
Forum: Beginner Basics
Topic: NAT Loopback / DNS
Replies: 9
Views: 2679

Re: NAT Loopback / DNS

Not sure what to do with the wiki article. How do I make it work for me, though?
Read, understand and implement. What more do you expect from us if we know nothing about your current config.
by karlisi
Fri Jan 08, 2021 10:36 am
Forum: SwOS
Topic: Zabbix template for
Replies: 7
Views: 19577

Re: Zabbix template for

For version 4 download links are here
https://share.zabbix.com/official-templ ... plate-pack
Use SNMPv2 template. And be patient, I received first data after about 30 min.
by karlisi
Thu Jan 07, 2021 5:16 pm
Forum: SwOS
Topic: Zabbix template for
Replies: 7
Views: 19577

Re: Zabbix template for

Use standard 'Network Generic Device SNMP' template (built-in). If needed, download it from https://git.zabbix.com/projects/ZBX/rep ... neric_snmp
Link is for latest Zabbix v.5.2, you can change branch to another if needed.
by karlisi
Mon Jan 04, 2021 9:05 am
Forum: Beginner Basics
Topic: Connection between SFP / SFP+
Replies: 12
Views: 9094

Re: Connection between SFP / SFP+

SFP+ module in SFP cage (RB2011) won't work. SFP module in SFP+ cage should.
by karlisi
Fri Dec 11, 2020 12:15 pm
Forum: General
Topic: Ip addresses through Mikrotik takes the router's ip
Replies: 20
Views: 4115

Re: Ip addresses through Mikrotik takes the router's ip

If your clients are using 192.168.0.33 as DNS server and there is no something special in router's configuration, it shouldn't be so. From your description I assume you configured Mikrotik router as DNS server for clients, and 'allow remote requests' along with 192.168.0.33 as DNS server on Mikrotik...
by karlisi
Fri Nov 06, 2020 10:47 am
Forum: Beginner Basics
Topic: Mysterious "denied winbox/dude connect from 117.202.126.x" log
Replies: 7
Views: 8700

Re: Mysterious "denied winbox/dude connect from 117.202.126.x" log

Interface list LAN is empty? Just guess, You posted only partial configuration.
by karlisi
Fri Nov 06, 2020 10:35 am
Forum: Wireless Networking
Topic: Signal Range
Replies: 3
Views: 1282

Re: Signal Range

RX Signal
by karlisi
Wed Nov 04, 2020 9:23 am
Forum: General
Topic: MKT hEX PoE + WS2K19 DC
Replies: 3
Views: 907

Re: MKT hEX PoE + WS2K19 DC

This is my DNS in MKT:
1.1.1.2 - 1.0.0.2
MKT is DHCP for LAN 192.168.110.0/24
This is DNS where? In IP -> DHCP server -> Networks? Or in IP -> DNS? If only in first, clients never will use AD DNS for resolution.
by karlisi
Wed Oct 07, 2020 9:42 am
Forum: General
Topic: DDoS detection and blocking [SOLVED]
Replies: 9
Views: 6028

Re: DDoS detection and blocking [SOLVED]

That article is almost 10 years old, please use current version
https://help.mikrotik.com/docs/display/ ... Protection
by karlisi
Mon Sep 28, 2020 10:13 am
Forum: General
Topic: CAPsMAN upgrade doubts
Replies: 6
Views: 1483

Re: CAPsMAN upgrade doubts

... CAPs Manager (ARM based hAP ac2 in long-term v6.45.9) and a CAP Slave (MIPSBE mAP Lite 2nD in stable v6.46.6) ... and the upgrade policy to suggest same version. All works as expected, on client there is newer version as on manager, it's why nothing happens. You can do as @mkx suggests, in fact...
by karlisi
Thu Sep 17, 2020 9:49 am
Forum: Beginner Basics
Topic: Forward chain ipsec rule placement
Replies: 2
Views: 910

Re: Forward chain ipsec rule placement

Ipsec rules should be before fasttrack rule, to exclude ipsec traffic from fasttrack. And fasttrack should be before accept established, related, untracked to work properly.
by karlisi
Mon Sep 14, 2020 10:52 am
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 28869

Re: v6.46.7 [long-term] is released!

Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. We already had discussion about that without results https://forum.mikrotik.com/viewtopic.php?f=21&t...
by karlisi
Thu Sep 03, 2020 10:28 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 100
Views: 65118

Re: WinBox v3.27 released!

RB2011 ROS 6.45.9 (long-term), no problems with NAT rules.
by karlisi
Wed Sep 02, 2020 4:42 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 100
Views: 65118

Re: WinBox v3.27 released!

Wow, that was fast! Thank you!
by karlisi
Tue Sep 01, 2020 3:02 pm
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 29512

Re: WinBox v3.25 released!

Or atleast there should be some warning regarding this, when it encounters unsupported (anymore) ROS versions instead of the current unfortunate behaviour. ROS 6.45.9 is supported, this is the latest long-term version. So, while we are waiting for backporting something (we don't know what) from sta...
by karlisi
Tue Sep 01, 2020 1:12 pm
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 29512

Re: WinBox v3.25 released!

IMHO You shold fix WinBox not ROS ASAP as upgrade to ROS > 6.47 is not always possible
And remove Winbox 3.25 from downloads and upgrade ASAP.
by karlisi
Tue Sep 01, 2020 8:49 am
Forum: Announcements
Topic: v6.45.9 [long-term] is released!
Replies: 82
Views: 98754

Re: v6.45.9 [long-term] is released!

Installed on a number of units to notice that the Hotspot Host table is now empty. It appear the Hotspot is still working as clients are able to connect and logon and then appear in the active table. Seen this on all platforms. Also same issue is present in v6.47.2 Is it just me or is anyone else s...
by karlisi
Tue Sep 01, 2020 8:44 am
Forum: RouterBOARD hardware
Topic: CAPSMAN Manager For Medium to Big deployment
Replies: 4
Views: 1652

Re: CAPSMAN Manager For Medium to Big deployment

CCR2004-1G-12S+2XS https://mikrotik.com/product/ccr2004_1g_12s_2xs I have deployed similar medium sized systems using RB4011 and CRS328's. The RB4011 is connected by SFP+ and handles all the CAPSMAN traffic in non-local-forward mode. The benefit of this is all the radios are ports on one common bri...
by karlisi
Tue Sep 01, 2020 8:35 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 29512

Re: WinBox v3.25 released!

You can say that this version has a killer feature. Open CAPsMAN, click on "Radio" tab and watch all your CAPs disconnect. Also keeping that tab open will not let any CAP connect back. "failed to connect, timeout". LE: they do come back eventualy but nothing shows up on the Radi...
by karlisi
Fri Aug 28, 2020 11:21 am
Forum: Beginner Basics
Topic: MikroTik LtAP LTE6 kit Config for Latvia LMT mobile network
Replies: 8
Views: 2606

Re: MikroTik LtAP LTE6 kit Config for Latvia LMT mobile network

And don't compare router with phone, they are using different frequencies, so there can be different load on tower. Would be interesting to see the same RSRP, RSRQ and SINR from Huawei router.
by karlisi
Fri Aug 28, 2020 11:15 am
Forum: Beginner Basics
Topic: MikroTik LtAP LTE6 kit Config for Latvia LMT mobile network
Replies: 8
Views: 2606

Re: MikroTik LtAP LTE6 kit Config for Latvia LMT mobile network

How are your signal levels (RSRP, RSRQ, etc.)

Regards.
RSRP: -106 dBm
RsRQ: -13.0 dB
SINR 7dB ( changing in limits from 5 to 10 )
Very poor signal, according to this
https://wiki.teltonika-networks.com/vie ... _.28LTE.29
by karlisi
Fri Aug 21, 2020 1:19 pm
Forum: General
Topic: I can't see traffic on the NAT, it uses the main bridge
Replies: 6
Views: 1663

Re: I can't see traffic on the NAT, it uses the main bridge

You want to restrict access from bridge-public to bridge by this rule? add action=src-nat chain=srcnat dst-address=!192.168.88.0/24 \ out-interface-list=WAN src-address=10.0.0.0/22 to-addresses=\ 192.168.88.250 IMHO, this will not work, requests to 192.168.88.0/24 misses this rule and will be routed...
by karlisi
Thu Aug 20, 2020 10:07 am
Forum: Beginner Basics
Topic: Точка - многоточка
Replies: 9
Views: 1654

Re: Точка - многоточка

Yes, RB711-5HnD comes with L4 (AP) license.
https://mikrotik.com/product/RB711GA-5HnD
by karlisi
Mon Aug 17, 2020 5:13 pm
Forum: Beginner Basics
Topic: Transfer configuration between identical hardware [SOLVED]
Replies: 4
Views: 2387

Re: Transfer configuration between identical hardware [SOLVED]

And yes, you should remove unwanted MAC addresses from exported configuration.
by karlisi
Mon Aug 17, 2020 1:09 pm
Forum: Beginner Basics
Topic: My LAN won't work, what are all the essential actions I need to take in order to set up a LAN?
Replies: 27
Views: 6777

Re: My LAN won't work, what are all the essential actions I need to take in order to set up a LAN?

You can use 'verbose' switch on import, sometimes output to screen helps to spot the problem, because you will see exactly where the script stops. And there is another one useful switch 'from-line' which you can use to continue import after correcting errors.
by karlisi
Fri Aug 14, 2020 8:56 am
Forum: Beginner Basics
Topic: My LAN won't work, what are all the essential actions I need to take in order to set up a LAN?
Replies: 27
Views: 6777

Re: My LAN won't work, what are all the essential actions I need to take in order to set up a LAN?

Last row says: 19:48, 21 May 2008 (EEST)
I believe most of it is obsolete. As said before, the default ruleset is the best starting point.
by karlisi
Thu Aug 13, 2020 3:40 pm
Forum: Beginner Basics
Topic: VNC with MikroTik LMT LTE18 router
Replies: 20
Views: 7002

Re: VNC with MikroTik LMT LTE18 router

So you haven't public IP address, this IP is from LMT internal network for clients, which is behind some NAT. Because they haven't dst-nat from real public IP to your router's external LTE interface, you can't establish VNC connection. You should ask LMT for real public IP. It can be dynamic, you ca...
by karlisi
Thu Aug 13, 2020 1:38 pm
Forum: Beginner Basics
Topic: VNC with MikroTik LMT LTE18 router
Replies: 20
Views: 7002

Re: VNC with MikroTik LMT LTE18 router

Do you have public IP address on LTE interface? Or from 10.0.0.0/8 network (smth like 10.44.28.53)?
by karlisi
Wed Aug 12, 2020 5:02 pm
Forum: Beginner Basics
Topic: Can't create l2tp and other vpn servers
Replies: 4
Views: 1725

Re: Can't create l2tp and other vpn servers

Sure, it shouldn't work. You have no incoming firewall rules for VPN, no L2TP profiles and secrets defined, only enabled L2TP server. That's why I linked wiki and one of the many step-by-steps found by Google.
by karlisi
Mon Aug 03, 2020 3:49 pm
Forum: Beginner Basics
Topic: Am I protected with this settings?
Replies: 34
Views: 9984

Re: Am I protected with this settings?

System: hAP Ac. Os. 6.47.1. I Have only added a few rules to the default firewall rules. Do i Need to add anything else to make my hAp Ac secure? My configuration is as given below. /ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interf...
by karlisi
Mon Aug 03, 2020 8:16 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 134
Views: 76246

Re: CSS326-24G-2S+RM hangs until power cycle

On first test problem was not resolved, but we will test it more thoroughly this week.
by karlisi
Thu Jul 30, 2020 4:49 pm
Forum: General
Topic: Fix NTP Client to use FQDN
Replies: 1
Views: 1098

Re: Fix NTP Client to use FQDN

"Server DNS Names" field is for FQDN of NTP servers.
by karlisi
Mon Jul 27, 2020 9:21 am
Forum: Scripting
Topic: Script to Reboot Routerboard
Replies: 16
Views: 50152

Re: Script to Reboot Routerboard

You don't need a script. Simply write in scheduler field 'On Event' /system reboot
by karlisi
Thu Jul 16, 2020 1:40 pm
Forum: General
Topic: Winbox [SOLVED]
Replies: 2
Views: 2505

Re: Winbox [SOLVED]

by karlisi
Wed Jul 08, 2020 9:16 am
Forum: The Dude
Topic: winbox problem with dude [SOLVED]
Replies: 2
Views: 7394

Re: winbox problem with dude [SOLVED]

You should edit path to Winbox in Dude client to actual Winbox location
https://wiki.mikrotik.com/wiki/Manual:The_Dude_v6/Tools
by karlisi
Tue Jul 07, 2020 8:30 am
Forum: The Dude
Topic: Admin Password
Replies: 11
Views: 7518

Re: Admin Password

If you are speaking about CHR, you can use free version without registration, the only restriction is -
The free license level allows CHR to run indefinitely. It is limited to 1Mbps upload per interface.
https://wiki.mikrotik.com/wiki/Manual:CHR#free
by karlisi
Mon Jul 06, 2020 5:10 pm
Forum: The Dude
Topic: Admin Password
Replies: 11
Views: 7518

Re: Admin Password

Before the dude can watching all server or devices... likes windows os, linux os, HP switch or cisco routeur etc... not now is watch only MikroTik ? No, you can monitor everything as before. The only difference is, now Dude server can run on RouterOS only. It can be Mikrotik device or CHR virtual m...
by karlisi
Mon Jul 06, 2020 4:16 pm
Forum: The Dude
Topic: Admin Password
Replies: 11
Views: 7518

Re: Admin Password

Mikrotik, where Dude server part is installed.
by karlisi
Tue May 26, 2020 4:18 pm
Forum: General
Topic: Backup / Restore [SOLVED]
Replies: 10
Views: 26542

Re: Backup / Restore [SOLVED]

For rsc file, use /import instead of /system backup. Nothing changed in terms of backup and export usage, you should not use backup to restore it on another machine, even if it works.
by karlisi
Tue May 26, 2020 11:31 am
Forum: Beginner Basics
Topic: Firewall Problem
Replies: 4
Views: 1728

Re: Firewall Problem

If this is all your firewall and if you disable last drop rule, your forward chain is fully open. BTW, last drop rule seems wrong, it drops all not-dstnatted connections coming from any interface, typically you want to drop this only from WAN.
by karlisi
Tue May 26, 2020 8:35 am
Forum: General
Topic: Move configuration from old to new router
Replies: 5
Views: 7174

Re: Move configuration from old to new router

You can use configuration export not the backup. It is recommended to edit exported configuration, there can be i.e. some MAC addresses You don't want to transfer to new router.
by karlisi
Mon May 25, 2020 8:58 am
Forum: Wireless Networking
Topic: Setting Time in Capac from main router. [SOLVED]
Replies: 7
Views: 7202

Re: Setting Time in Capac from main router. [SOLVED]

I doubt your gateway works as NTP server. Set ntp server DNS name to pool.ntp.org
by karlisi
Fri May 22, 2020 1:25 pm
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 103
Views: 93403

Re: Winbox v3.24 released!

With Log window opened, minimize WinBox, then Restore. Log is always reverted to the beginning. Anyone else seeing this? Yes, the same here Just tried it on several routers, but only see this behavior on a single device. A differentiating factor appears to be the number of records kept in the log. ...
by karlisi
Wed May 20, 2020 10:15 am
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 103
Views: 93403

Re: Winbox v3.24 released!

Hello

With Log window opened, minimize WinBox, then Restore. Log is always reverted to the beginning.
Anyone else seeing this?

Regards
Yes, the same here
by karlisi
Tue May 19, 2020 3:30 pm
Forum: General
Topic: Accessing external IP from LAN without hairpin NAT
Replies: 12
Views: 4896

Re: Accessing external IP from LAN without hairpin NAT

Quick answer is - yes, if you use second IP for webserver, you don't need hairpin-nat. And you don't need the internal DNS server point to DMZ IP, point it to external IP. Be sure to not use default masquerade, use src-nat to appropriate extarnal IPs instead.
by karlisi
Mon May 18, 2020 8:38 am
Forum: Beginner Basics
Topic: VPN L2TP7IPSEC
Replies: 1
Views: 935

Re: VPN L2TP7IPSEC

Read this
viewtopic.php?f=2&t=149863#p738129
or this (although article is about Windows Vista, it applies to newer Windows versions too)
https://support.microsoft.com/en-us/hel ... in-windows
by karlisi
Wed May 06, 2020 8:23 am
Forum: Forwarding Protocols
Topic: access my webserver in local network
Replies: 7
Views: 9094

Re: access my webserver in local network

I supposed OP has static public IP, because
i access my web server from internet all thing work fine
by karlisi
Tue May 05, 2020 4:18 pm
Forum: Forwarding Protocols
Topic: access my webserver in local network
Replies: 7
Views: 9094

Re: access my webserver in local network

Did you read that at all? Look in /ip firewall nat If you have default config, you already have this add chain=srcnat out-interface=WAN action=masquerade If you can access your webserver from outside of LAN, add this and all should work add chain=dstnat dst-address=<your-public-ip-address-here> prot...
by karlisi
Tue May 05, 2020 8:38 am
Forum: Beginner Basics
Topic: L2TP/IPsec to Windows Client
Replies: 1
Views: 1301

Re: L2TP/IPsec to Windows Client

by karlisi
Thu Mar 12, 2020 3:52 pm
Forum: Beginner Basics
Topic: RB1100AHx2 upgrade 6.32.4 to 6.46.4
Replies: 6
Views: 2710

Re: RB1100AHx2 upgrade 6.32.4 to 6.46.4

I'm not really sure if the RB1100 is in the "default settings are completely empty" category (like the CCR)...
Yes it is completely empty.
by karlisi
Thu Mar 12, 2020 8:48 am
Forum: Announcements
Topic: v6.46.4 [stable] is released!
Replies: 106
Views: 81754

Re: v6.46.4 [stable] is released!

I have Dude 6.46.4 and many RBs 6.44.6, and they all are talking with Dude.
by karlisi
Mon Feb 24, 2020 10:07 am
Forum: Forwarding Protocols
Topic: Problem with a VPN Server Router behind Mikrotik
Replies: 4
Views: 5390

Re: Problem with a VPN Server Router behind Mikrotik

You don't need all UDP rules and all input chain rules. And the last 2 dst-nat rules too.
Try to add this (if you have default firewall ruleset you don't need it)
/ip firewall filter
add action=accept chain=frorward dst-port=1723 protocol=tcp
by karlisi
Fri Feb 14, 2020 8:34 am
Forum: RouterBOARD hardware
Topic: Ccr 1009 power issue
Replies: 12
Views: 6654

Re: Ccr 1009 power issue

I suspect there is much more problems if this resistor, in fact simple wire, is blown. Search for shorts somewhere after this resistor.
by karlisi
Mon Feb 10, 2020 3:56 pm
Forum: Beginner Basics
Topic: Help me fix my crappy firewall
Replies: 11
Views: 11062

Re: Help me fix my crappy firewall

About other firewall rules. Rule #11 is unneeded because rule #21 already does that 11 ;;; Allow portforward chain=forward action=accept connection-state=new connection-nat-state=dstnat in-interface=ether1_UPLINK 21 ;;; drop all from WAN not DSTNATed chain=forward action=drop connection-state=new co...
by karlisi
Mon Feb 10, 2020 3:47 pm
Forum: Beginner Basics
Topic: Help me fix my crappy firewall
Replies: 11
Views: 11062

Re: Help me fix my crappy firewall

At the end of this journey, nothing known should reach the last rule on the firewall (chain=input action=drop log=yes). This log will (in distant future) be sent to a central logging service with alerts attached to it. Not exactly. These SYN packets are dropped in input chain, they are coming to ro...
by karlisi
Wed Jan 29, 2020 4:44 pm
Forum: Announcements
Topic: v6.45.8 [long-term] is released!
Replies: 86
Views: 96039

Re: v6.45.8 [long-term] is released!

Long term: Released rarely, and includes only the most important fixes, upgrades within one number branch not add new features.
https://wiki.mikrotik.com/wiki/Manual:U ... _numbering
by karlisi
Tue Jan 28, 2020 8:52 am
Forum: General
Topic: L2TP IPSec behind Internet
Replies: 3
Views: 1920

Re: L2TP IPSec behind Internet

First solution not usable only for clients which all are behind one NAT.
by karlisi
Fri Jan 24, 2020 2:22 pm
Forum: General
Topic: L2TP IPSec behind Internet
Replies: 3
Views: 1920

Re: L2TP IPSec behind Internet

Read this, it works very well https://forum.mikrotik.com/viewtopic.php?f=2&t=149863#p738129 Another solution is to modify Windows client registry: http://woshub.com/l2tp-ipsec-vpn-server-behind/ Original MS article about this solution (works also on latest Windows versions) https://support.micro...
by karlisi
Fri Jan 24, 2020 1:59 pm
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 66233

Re: v6.46.2 [stable] is released!

P.S. All the "verification is a useless step", "we know better" answers are really ābols-style and it's sad to see that MikroTik has started going in this direction (a direction that is not very appreciated by IT people who might be a very notable share of current MikroTik users...
by karlisi
Thu Jan 23, 2020 10:09 am
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 66233

Re: v6.46.2 [stable] is released!

What to do, if I want to cancel upgrade? - Use "/system package update cancel" feature What to do if I do not realize there is an upgrade present that needs to be cancelled, because I can't see it, and therefore fail to cancel it? Use /system package update print to check, this is what th...
by karlisi
Thu Jan 23, 2020 10:07 am
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 66233

Re: v6.46.2 [stable] is released!

Regarding verification of packages after download, this is of course about actually seeing the file in /file. That is not the same as doing a hash check or something, but that is not what this is about IMHO half of complaints would be eliminated, if there would be text in File window status bar, li...
by karlisi
Thu Jan 23, 2020 9:48 am
Forum: Beginner Basics
Topic: Per Port DHCP Address
Replies: 3
Views: 1646

Re: Per Port DHCP Address

It depends. Using switch alone - no.
by karlisi
Tue Jan 21, 2020 4:01 pm
Forum: Beginner Basics
Topic: Cable test [SOLVED]
Replies: 24
Views: 13524

Re: Cable test [SOLVED]

This is one fiber module, there is nothing to reverse, unlike in modules with separate tx and rx fibers.
by karlisi
Mon Jan 20, 2020 4:16 pm
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 66233

Re: v6.46.2 [stable] is released!

3) If actual upgrade at reboot fails (due to missing packages or whatever), how does the admin know what packages are leftover in Files, and how does he remove them if Files is going to pretend to him that they don't exist? There will be no leftovers, on reboot they delete all npk files in file roo...
by karlisi
Mon Jan 20, 2020 4:12 pm
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 66233

Re: v6.46.2 [stable] is released!

Can anyone post reasonable reason why it's important? Because such changes (non-cosmetic, without clear reason) are introduced without warning. BTW there is unmet side effect. Usually after ROS upgrade I uploaded additional packages to CAPsMAN for another platforms, to remote upgrade CAPs, storing ...
by karlisi
Mon Jan 20, 2020 11:15 am
Forum: Announcements
Topic: v6.46.2 [stable] is released!
Replies: 120
Views: 66233

Re: v6.46.2 [stable] is released!

System files have always been hidden / not accessible for a user in RouterOS. Packages are now following the same principle. Please undo this change, it serves no useful purpose and has many disadvantages. Please revert this change. +++ I totally agree with pe1chl , macsrwe and r00t . Please revert...
by karlisi
Fri Jan 10, 2020 9:40 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 134
Views: 76246

Re: CSS326-24G-2S+RM hangs until power cycle

IGMP Snooping is already off.
by karlisi
Thu Jan 09, 2020 10:46 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 134
Views: 76246

Re: CSS326-24G-2S+RM hangs until power cycle

For now, try to disable the Flow Control for all interfaces under the "Link" menu in SwOS. Also, try to verify that other devices connected to the switch are not using any Flow Control settings. Keep an eye for any counters on the "Errors" menu. Let us know whether the switch st...
by karlisi
Tue Jan 07, 2020 9:45 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 134
Views: 76246

Re: CSS326-24G-2S+RM hangs until power cycle

This just happened to my CSS326-24G-2S+ running 2.10. It started balking after 17 days of uptime. Pings were fine, but any serious traffic would hang after a packet or two. Wow, it seems I'm not alone. My problem though is a little bit specific. There is no problem with wired clients, but if I conn...
by karlisi
Fri Dec 20, 2019 10:06 am
Forum: General
Topic: MT Router and Suricata as a IDS [SOLVED]
Replies: 2
Views: 3096

Re: MT Router and Suricata as a IDS [SOLVED]

Have you read this?
viewtopic.php?f=2&t=111727
by karlisi
Tue Dec 17, 2019 10:25 am
Forum: Announcements
Topic: v6.46 [stable] is released!
Replies: 113
Views: 72728

Re: v6.46 [stable] is released!

It's an old and very clever rule for every software - never put in production new release before first bugfix subrelease, so in this case wait for 6.46.1 at least.
by karlisi
Tue Dec 17, 2019 10:20 am
Forum: Beginner Basics
Topic: VPN PPTP [SOLVED]
Replies: 6
Views: 3069

Re: VPN PPTP [SOLVED]

I added: /ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment="Allow IN PPTP/TCP1723" disabled=no /ip firewall filter add chain=output protocol=tcp dst-port=1723 action=accept comment="Allow OUT PPTP/TCP1723" disabled=no /ip firewall filter add ch...
by karlisi
Tue Dec 10, 2019 10:52 am
Forum: General
Topic: /interface ethernet set [ find default-name=ether1 ] speed=100Mbps
Replies: 5
Views: 5114

Re: /interface ethernet set [ find default-name=ether1 ] speed=100Mbps

Seems like bug in /export, some versions back interface export was clean.
by karlisi
Tue Dec 10, 2019 10:41 am
Forum: General
Topic: Problem with RouterOS Updating
Replies: 6
Views: 1954

Re: Problem with RouterOS Updating

Pay attention if there are no other architecture package uploaded on the device! And this is really annoying. Some time ago it was possible to upload to CAPsMAN device packages for device itself and for CAPs and upgrade entire network by one reboot. Now I should first upgrade manager, then CAPs. So...
by karlisi
Mon Dec 02, 2019 4:02 pm
Forum: General
Topic: Site to Site VPN (13 Sites & 2 remote Laptops)
Replies: 18
Views: 6338

Re: Site to Site VPN (13 Sites & 2 remote Laptops)

On Windows client it can be done manually, using Powershell or GUI.
http://eyonic.blogspot.com/2016/06/how- ... ng-in.html
by karlisi
Thu Nov 28, 2019 4:44 pm
Forum: General
Topic: PPTP VPN - access file server
Replies: 3
Views: 1503

Re: PPTP VPN - access file server

Router 1 should know where to send replies.
by karlisi
Wed Nov 27, 2019 3:11 pm
Forum: General
Topic: Port 8000 forwarding for HIKVISION camera not working
Replies: 9
Views: 10722

Re: Port 8000 forwarding for HIKVISION camera not working

My public IP is dynamic It's OK with dst-nat rules. You don't need 554/tcp or 8000/udp for iVMS application. How do you connect to external address? From inside the LAN? If so, you need additional hairpin-nat rule. I do not connect to an external address. Do you mean to my public IP? I connect it f...
by karlisi
Tue Nov 26, 2019 4:47 pm
Forum: General
Topic: Port 8000 forwarding for HIKVISION camera not working
Replies: 9
Views: 10722

Re: Port 8000 forwarding for HIKVISION camera not working

It's OK with dst-nat rules. You don't need 554/tcp or 8000/udp for iVMS application.
How do you connect to external address? From inside the LAN? If so, you need additional hairpin-nat rule.
by karlisi
Tue Nov 19, 2019 4:13 pm
Forum: RouterBOARD hardware
Topic: RB951Ui-2HnD Mikrotik 5th Poe Port
Replies: 1
Views: 3072

Re: RB951Ui-2HnD Mikrotik 5th Poe Port

PoE-Out LEDs Models with dependant voltage output PoE-Out LED behaviour can differ between models, but most of them will indicate PoE-Out state on one additional LED. Devices with one voltage output will light: Red colour LED - PoE-Out port state is powered-on (auto or forced-on mode). Blinking Red ...
by karlisi
Tue Nov 19, 2019 11:08 am
Forum: General
Topic: Sudden lost of all admin passwords and admin users
Replies: 18
Views: 10756

Re: Sudden lost of all admin passwords and admin users

I suspect security holes in configuration. Post '/export hide-sensitive' here, perhaps we will see something in it.
by karlisi
Fri Nov 15, 2019 10:02 am
Forum: General
Topic: Sudden lost of all admin passwords and admin users
Replies: 18
Views: 10756

Re: Sudden lost of all admin passwords and admin users

Without details there is not much to recommend. https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router First, be sure to have latest RouterOS (long-term or stable channel, it doesn't matter). Second, disallow access to router from Internet (including winbox, ssh, webfig), if such access is neded...
by karlisi
Wed Nov 06, 2019 8:11 am
Forum: Announcements
Topic: Winbox v3.20 released!
Replies: 42
Views: 63735

Re: Winbox v3.20 released!

What's new in v3.20: 1) Does the program Winbox use encryption to connect to hardware device? 2) Сan I use Winbox without fear in adverse networks? 3) Is there any protection in the connection from the Man in the middle (MITM) attack? From Winbox v3.14, the following security features are used: Win...
by karlisi
Wed Oct 30, 2019 11:43 am
Forum: Beginner Basics
Topic: DST-NAT to internal multiple IP Adresses
Replies: 5
Views: 3472

Re: DST-NAT to internal multiple IP Adresses

Try this add action=dst-nat chain=dstnat dst-address=192.168.0.2 dst-port=443 protocol=tcp \ to-addresses=193.0.8.248 to-ports=443 add action=dst-nat chain=dstnat dst-address=192.168.0.2 dst-port=25 protocol=tcp \ to-addresses=193.0.8.248 to-ports=25 add action=dst-nat chain=dstnat dst-address=192.1...
by karlisi
Mon Oct 21, 2019 4:09 pm
Forum: Beginner Basics
Topic: Redirecting the IP address to name
Replies: 10
Views: 2635

Re: Redirecting the IP address to name

IMHO, no, you need both, hostname and domain name.
Something about this problem here
https://superuser.com/questions/1211416 ... be-ignored
by karlisi
Fri Oct 11, 2019 10:48 am
Forum: General
Topic: ESET AV detect PHP/Obfuscated.E at this forum
Replies: 1
Views: 1856

Re: ESET AV detect PHP/Obfuscated.E at this forum

I am using ESET Endpoint Antivirus and have no problems with Mikrotik forum.
by karlisi
Mon Oct 07, 2019 10:20 am
Forum: General
Topic: L2TP/IPSec - Works from Android and Mikrotik but not Windows?
Replies: 3
Views: 3304

Re: L2TP/IPSec - Works from Android and Mikrotik but not Windows?

L2tp/IPSec client on Windows can work withour registry mod. NAT device in this case is whatever you want, all magic is made on Mikrotik VPN server
viewtopic.php?f=2&t=149863#p738129
by karlisi
Mon Sep 16, 2019 9:24 am
Forum: General
Topic: Laptops are trying to hack my router
Replies: 8
Views: 3277

Re: Laptops are trying to hack my router

Start with this
https://wiki.mikrotik.com/wiki/Manual:S ... our_Router
If you want to block access to router from guest network, block in firewall input chain all from this interface or IP range, allowing only needed services, i.e. DHCP, DNS, etc.
by karlisi
Fri Aug 09, 2019 1:25 pm
Forum: RouterBOARD hardware
Topic: Cant connect to RB951G-2HnD [SOLVED]
Replies: 2
Views: 4926

Re: Cant connect to RB951G-2HnD [SOLVED]

Hold the reset button about 5 sec, until ACT LED starts flashing. If holded for 10 sec or more and LED stays lit or turns off, it's too long.
https://wiki.mikrotik.com/wiki/Manual:Reset
by karlisi
Mon Aug 05, 2019 5:56 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 64425

Re: v6.45.3 [stable] is released!

I don't know what smips device is, I have hAP and two hAP lites. Maybe I don't need the whole smips package.
Processor architecture, hAP is mipsbe, hAP Lite is smips.
by karlisi
Fri Aug 02, 2019 3:28 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 205
Views: 91520

Re: v6.45.2 [stable] is released!

my RB750Gr3 with 6.41.5 version. After reboot it must be upgraded. But after that he did not start correctly, i can not seen him in winbox
Check Winbox version, it must be at least 3.19
  • 1
  • 2