This is a deal-breaker for things like PiHole, as many management functions are handled only through the console.Currently there is no option for interactive console for containers.
This feature would basically make OpenWRT obsoleteSince privilege escalation is pretty much a given, can we also allow root SSH access to RouterOS directly now? Running a single binary is greatly preferred to running an entire container.
Here's a copy of rc2, but only the ARM32 version: https://streetlights.info/nc/s/t7zctZXirrnk2xjPlease use your brains and publish a fix that's easily obtainable instead of emailing generic support for the new release that you apparently already have compiled.
What about SMIPS?Please add both root certificate for DigiCert Global Root CA and GTS Root R1 to the Kernel then we have DOH working too.
What is "Gw" anyway? If there's a CCR with two 1G ports, then that would be interesting.CCR-eOW-12x100G-36x25Gw
How do you know your GR3 isn't time-traveling? After all, with all the new features v7 is bringing, time warping isn't out of the question.Netflow now reports an incorrect date of 1970-01-01
I tried IGMP and DHCP and those aren't offloaded, only VLAN filtering, port PVIDs, and STP/RSTP/MSTP.can anyone confirm following fetures also hardware ofload on rb4011
This was the fix, I just had to disable getting an address on the DHCP client so the router could add a proper route to the bridge.or if you do not request an address you should only have a link-local address on the port to the upstream device.
Then why isn't there a way to assign a peer to multiple interfaces? Each interface+peer combo would have a specific connection by design because the source port will be different for each. That's basic CCNA-level stuff!You can't have two peers with the same public key, by design.
There's a special v7 that is stable but just for a couple devices, and that's probably what the RB5009 will come with. However, you can also use v7.1 beta instead.But this is an interesting info all the same. Is the 5009 supposed to use 7.1 final from the start? Or will it use some 7.1beta?
His method doesn't work well in v7 for some reason, so the fix for me is to condense everything into rules that directly mark routes based on the PCC.
Unless you block all DoH servers in the firewallI think it is too late to add that kind of "trick" as "everyone" is switching to DoH and DoT and that makes this impossible.
You don't need 802.3bt to power the RB5009 (it only supports 802.3af/at), and 2.5G works fine over regular ethernet cables.There are not many 2.5G Injectors available, let alone 802.3bt....Oh, TP-Link has them (oups, wrong brand).
Then you need to upgrade, because the customers are using what they're paying for.Have a 50Mbps and try to sell 10Mbps to 100 users...
When 5 of 100 users use torrents, the uplink is full and all users complain...
This happens to me too, so try getting a better signal.So it is just saying Registration Status "Denied" because I am not able to see a cell tower anymore?
Maybe it's a half-ROAS, because to the 10G devices it only has one connection, but to the gigabit it has many.ROAS concept implies that router has only single physical connection to the rest of the network.
If you need to find something old, weird, or otherwise hard to get the regular way (like the Olympics) then torrenting is a suitable option.What is worth torrenting these days anyway??
Technically it is, because the WAN is located in the 10G switch and uses a VLAN to separate it from LAN.Then it is not a ROAS :)I use ROAS where the gigabit ports are used for gigabit devices and the SFP+ is connected to a 10G switch for only 10G devices.
You can't, because torrents can use ports 80 and 443 and then it looks like regular website traffic.:) Let me rephrase the question..I would like to block torrents or Limit their bandwidth usage within my network. Please share some working procedures. thanks
I use ROAS where the gigabit ports are used for gigabit devices and the SFP+ is connected to a 10G switch for only 10G devices.How would it matter in ROAS scenario, as SFP+ will be the only populated port then?
They want you to buy four, that way they get four times the sales.But is it possible to use this rack-mount kit for mounting single unit? Or 3 units? How stable is the whole thing if there aren't two units stacked vertically?
This is scary, as on other sites like Reddit, it was a scandal if even the site owner was able to change someone else's post.AFAIK all forum moderators can directly edit all posts. AFAIK all MT staffers present on forum are moderators.
That's interesting, as ROS v7 is currently more optimized then v6 for routing processes like SPF and BGP downloading.I am just guessing, but I would say it is due to FastPath modules not being optimized in RouterOS v7 yet.
The Southeast US, but I've only seen these firewalls a couple times. I know Walmarts block L2TP/IPSec and they mess with TLS certificates leading to HSTS errors. However, a port 443 WG VPN works just fine, so it's this one place that blocks almost everything.Can I ask you where you live?
You gave me the dst-nat solution before mkx did, but mkx explained how my original setup might actually work.@Cablenut9 you make it clear, please...
Not my provider, but at some places like a coffee shop, they have those restrictions.Your provider lock all UDP??? (also UDP on 53...)
This won't work because then I won't be able to use Wireguard with a listen port of 53.If you want to block it in RAW on TCP/UDP(53) traffic coming from the WAN.
This is hilarious, because all my solutions were originally made for me to differentiate between HTTPS and a Wireguard/SSTP VPN tunnel.In that case setting up some kind of a VPN would have been a much easier, cleaner and more flexible solution...
What's the alternative? The equivalent Cisco would cost 100 times as much.CCR2004 trash hardware not usable in a professional network.
Sad but true.Yup ... buy new model devices from your local MT distributor and you're hooked up for beta testing. Or so it seems ...
Go back to RedditOkay, let's bring you up to speed on what some people spend their whole careers on... 🙄
I advise asking only specific questions on huge topics like this. Open-ended ones either result in vague answers or reference manuals.
Looks like the A72 is actually faster than the A57, so that's bad. https://en.wikipedia.org/wiki/ARM_Corte ... prov=sfla1 What's also sad is that it's also used in the Raspberry Pi, so that's also poor value because the Pi can be had for $35.Annapurna Labs AL32400: 4x1.7Ghz Cortex A57.
There's one kind of Netmetal that only has 1 chain, but the others have 2/3. In that case, you can easily get a solid 450Mbpsuh, it definitely has 2 chains, or even three on one model.
I'm not using the gigabit port at all, but rather L3 routing between stations connected to the wAP itself.If you do only "internal L2 routing" between the clients and the ap, you can really reach the gigabit sum,
That's in case someone hacks a station and wants to subtly attack the network.But why would you keep changing the MAC on the station side to begin with? Presumably you control both sides?
https://www.youtube.com/watch?v=ALo0ISzz4IAThey have women in Latvia?
This partially untrue, as OSPF has PtP mode which eliminates address broadcasts, making /32 addresses the absolute simplest and easiest option, but only for PtP mode OSPF.but they fail when you use protocols that expect to be able to use broadcast over a link, like OSPF.
https://tryitands.eeanyone has better results with 6.48.3?
/32 really cuts down on addresses though, and it follows the philosophy of "hosts have IP addresses, not interfaces"Normis, it seems /31 works fine on RouterOS v6 stable/long-term though?
I just need OSPF route conversion from v6 and then I'm golden.It's on the roadmap for protocol support in the v7 status page
https://help.mikrotik.com/docs/display/ ... col+Status
This doesn't work with v28 because you can only download v27 right now.to check for new version
/interface lte firmware-upgrade lte1
to download new firmware
interface lte firmware-upgrade lte1 upgrade=yes
That doesn't tell me what features SMIPS is missing.there's no explicit snmp, sntp, smb, radius, tftp packages
I don't know what this means, you might have gotten your Italian->English translation wrong.do not exist 1 packet for files, 1 paket for address, 1 packet for user, 1 packet for snmp, 1 packet for sntp, etc....
Ironic, because the current v7 doesn't work with LTE at all.I don't understand why version 6 is called stable when it makes such a problem
I already added the destination address to the address list, but I can't think of a good way to send a TCP RST. Is there some feature or hack in ROS that can do this?you would have to reject that packet with a TCP RST reply and also add the destination address to your address list.
I'm also doing this, complete with verified certificate.Your solution is useless because on close future DoH and DoT are used...
I could make a C++ script to do it for me but I'm low on time. :)You always want easy things... :-)
This often happens with things like PiHole where it returns a fake address of 0.0.0.0.Entries appear in the cache and then disappear a few seconds later, rendering DNS caching useless.
This is what I would love from RouterOS.give the ability to change every single aspect of the packet.
Bothas firewall or as Desktop OS?
How is this possible if I have a 200 entry list with DoH domains?@Cablenut9 NO, can't, still impossible to add DNS entry on firewall filter. You can only suggest ANOTHER WAY
You can, but it's weird. To do it, make an entry of the DNS name in Address Lists and give it some name. Then, use that address list in your firewall rule.Is it possible to add an ALLOW entry in the firewall that targets a DNS entry instead of an IP address? If so, how?
There's a beta7? Also, if there is a beta7, then I need it soon because my RB4011 keeps bricking itself with Wireguard.As 7.1beta7 runs stable for a month already I can't complain at the moment.