Community discussions

MikroTik App

Search found 548 matches

  • 1
  • 2
by Cablenut9
Sun Dec 05, 2021 5:50 pm
Forum: RouterBOARD hardware
Topic: Convert passive PoE to 802.3af
Replies: 2
Views: 3713

Convert passive PoE to 802.3af

I have a setup where I have a hAP ac3 providing PoE on its 5th port. I need to power a PoE security camera which can take 802.3af. Is there some way that I can convert the passive PoE output from the hAP to 802.3af? I don't want to have to buy yet another power injector.
by Cablenut9
Wed Oct 20, 2021 5:37 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 2567

Re: RB260GS EOL? [SOLVED]

The next best alternative is a cheap TP-Link managed switch, but those aren't even close to Mikrotik's quality.
by Cablenut9
Sun Sep 12, 2021 6:39 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 176
Views: 50620

Re: Feature Request : IPv6 Fasttrack

Still waiting! SOHO routers like Eero have had full IPv6 speeds for years now.
by Cablenut9
Fri Sep 10, 2021 7:30 pm
Forum: General
Topic: RB5009 IPSec Performance
Replies: 33
Views: 15675

Re: RB5009 IPSec Performance

And since it's USB 3.0, you can connect a 2.5 or 5 gigabit ethernet adapter and get a bonus port.
by Cablenut9
Thu Sep 09, 2021 10:55 pm
Forum: General
Topic: MACsec [SOLVED]
Replies: 1
Views: 2833

MACsec [SOLVED]

Is there a way to do MACsec with Mikrotik? I know you can do IPsec, but MACsec works on L2.
by Cablenut9
Thu Sep 09, 2021 10:37 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 78
Views: 17166

Re: Feature request: Make Quickset to be separate package

With how many features are becoming separate packages, why isn't QuickSet one of them?
by Cablenut9
Wed Sep 08, 2021 5:02 pm
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 160226

Re: v7.1rc3 adds Docker (TM) compatible container support

Currently there is no option for interactive console for containers.
This is a deal-breaker for things like PiHole, as many management functions are handled only through the console.
by Cablenut9
Wed Sep 08, 2021 4:44 pm
Forum: RouterOS beta
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 49153

Re: v7.1rc3 [development] is released!

Since privilege escalation is pretty much a given, can we also allow root SSH access to RouterOS directly now? Running a single binary is greatly preferred to running an entire container.
This feature would basically make OpenWRT obsolete
by Cablenut9
Mon Sep 06, 2021 8:32 pm
Forum: General
Topic: mynetname.net is suspended
Replies: 80
Views: 45011

Re: mynetname.net is suspended

Better hope nobody steals the domain and redirects everything to a virus
by Cablenut9
Wed Sep 01, 2021 5:26 pm
Forum: RouterOS beta
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 43364

Re: v7.1rc2 [development] is released!

If you know Cisco, then you know to use ? for help. It should be an option or intelligently checked if you want to type ? or want help instead
by Cablenut9
Tue Aug 31, 2021 4:40 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 308347

Re: ZeroTier added to RouterOS v7rc2

I like this strategy of having extra features available as packages if you want them.
by Cablenut9
Mon Aug 30, 2021 5:39 am
Forum: RouterOS beta
Topic: EIGRP
Replies: 3
Views: 2430

EIGRP

Having EIGRP as a feature in v7 would be a killer feature, as it has more efficient and fast convergence compared to OSPF. And, it's not a proprietary protocol any more, so there's no barriers to implementing it. Does anyone else think it should be added?
by Cablenut9
Sun Aug 29, 2021 6:55 am
Forum: General
Topic: RB5009 IPSec Performance
Replies: 33
Views: 15675

Re: RB5009 IPSec Performance

Why can't the Big Mik take advantage of the "added cryptography and CRC extensions" in the CPU?
by Cablenut9
Sat Aug 28, 2021 9:43 pm
Forum: General
Topic: RB5009 IPSec Performance
Replies: 33
Views: 15675

Re: RB5009 IPSec Performance

~256 Mbit/s
Wimpy!
by Cablenut9
Sat Aug 28, 2021 2:38 am
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

This has to be one of the most active forum posts on any forum on the internet.
by Cablenut9
Sat Aug 28, 2021 1:43 am
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 78
Views: 17166

Re: Feature request: Make Quickset to be separate package

Every time I log into WebFig I have to remind myself that I can't click anything until I enter the "real" non-WF tab.
by Cablenut9
Fri Aug 27, 2021 9:58 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

rc2 uptime: 5 hours so far on my RB4011!
by Cablenut9
Fri Aug 27, 2021 9:52 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Please use your brains and publish a fix that's easily obtainable instead of emailing generic support for the new release that you apparently already have compiled.
Here's a copy of rc2, but only the ARM32 version: https://streetlights.info/nc/s/t7zctZXirrnk2xj
by Cablenut9
Fri Aug 27, 2021 9:25 pm
Forum: RouterOS beta
Topic: CAKE autorate-ingress turns speeds into molasses
Replies: 5
Views: 4860

CAKE autorate-ingress turns speeds into molasses

I just got 7.1rc2 to try out CAKE without crashes. I also wanted to try out the autorate-ingress feature that lets me use CAKE without a bandwidth setting. However, it seems like this is actually slowing everything down to unacceptable levels. Bandwidth-heavy websites like YouTube and speedtest.net ...
by Cablenut9
Fri Aug 27, 2021 6:38 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Please add both root certificate for DigiCert Global Root CA and GTS Root R1 to the Kernel then we have DOH working too.
What about SMIPS?
by Cablenut9
Fri Aug 27, 2021 4:45 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Is fixing CAKE the only notable change with rc2 right now?
by Cablenut9
Fri Aug 27, 2021 7:13 am
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

hw-offload=yes means that this rule can be offloaded to hardware, as long as it supports offloading.
by Cablenut9
Thu Aug 26, 2021 7:51 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

This behaviour was also in previous betas.
Weird, because in beta6, Torch was showing IPv6 traffic for me.
by Cablenut9
Thu Aug 26, 2021 4:48 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 78
Views: 17166

Re: Feature request: Make Quickset to be separate package

What about disabling it in the skin so both WebFig and now WinBox just don't show it?
by Cablenut9
Thu Aug 26, 2021 3:10 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Interestingly, my RB4011 has fq_codel on all interfaces and never crashes because of fq_codel.
by Cablenut9
Thu Aug 26, 2021 3:35 am
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Does this mean that if I want CAKE in v7 without crashes, I just can't use Winbox?
by Cablenut9
Wed Aug 25, 2021 7:17 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Isn't this what autorate-ingress is all about?
I thought so, but the Mik Wiki doesn't say how to enable autorate-ingress.
by Cablenut9
Wed Aug 25, 2021 7:08 am
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Will there be a way to have CAKE without a bandwidth limit? I'd like to see a version where it detects packet loss and automatically enables queueing.
by Cablenut9
Tue Aug 24, 2021 8:03 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

CCR-eOW-12x100G-36x25Gw
CCR-eOW-1x25Gw-2x10G
CCR-eOW-1Gw-1G
What is "Gw" anyway? If there's a CCR with two 1G ports, then that would be interesting.
by Cablenut9
Tue Aug 24, 2021 4:12 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

The change from ? to F1 is pure junk. Cisco is keeping it, so why not The Tik?
by Cablenut9
Mon Aug 23, 2021 7:44 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Netflow now reports an incorrect date of 1970-01-01
How do you know your GR3 isn't time-traveling? After all, with all the new features v7 is bringing, time warping isn't out of the question.
by Cablenut9
Mon Aug 23, 2021 6:38 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

can anyone confirm following fetures also hardware ofload on rb4011
IGMP Snooping
DHCP Snooping
bonding
I tried IGMP and DHCP and those aren't offloaded, only VLAN filtering, port PVIDs, and STP/RSTP/MSTP.
by Cablenut9
Mon Aug 23, 2021 4:07 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

Looks like enabling VLAN offloading on the RB4011 stops inter-VLAN routing, even though there's valid routes for each VLAN. Also, the CLI ? key doesn't work.
by Cablenut9
Mon Aug 23, 2021 3:13 pm
Forum: RouterOS beta
Topic: v7.1rc1 [development] is released!
Replies: 344
Views: 75897

Re: v7.1rc1 [development] is released!

For VLAN filtering, does this mean I can set PVIDs on ports and have it still HW offloaded? Also, will STP/RSTP be supported for offloading as well?
by Cablenut9
Mon Aug 23, 2021 3:40 am
Forum: RouterOS beta
Topic: Roku Ultra disables switch chip on RB4011
Replies: 1
Views: 1115

Roku Ultra disables switch chip on RB4011

Tonight I uploaded a movie to my fileserver on a different VLAN to a Roku Ultra streaming box. When trying to fast forward in the movie, something happens with the Roku that makes one of the switch chips in my RB4011 that is on beta6 just turn off. It only lasts a few seconds, but all ports lose a l...
by Cablenut9
Sun Aug 22, 2021 2:05 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

I don't think cooling will be a problem considering that the Raspberry Pi 4 uses the same model of Cortex CPU and is a tiny circuit board, yet it stays cool just fine.
by Cablenut9
Fri Aug 20, 2021 3:50 am
Forum: General
Topic: export admin password
Replies: 12
Views: 3481

Re: export admin password

This is a reminder that you also can't do this with more mainstream gear like Cisco, as "enable secret" also hashes the password like Mikrotik.
by Cablenut9
Sun Aug 15, 2021 9:38 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 241187

Re: v7.1beta6 [development] is released!

Is next beta/RC being released on 23rd August?
That's what the rumor mill says!
by Cablenut9
Sun Aug 15, 2021 4:24 pm
Forum: RouterOS beta
Topic: IPv6 DHCP Server doesn't work [SOLVED]
Replies: 7
Views: 6510

Re: IPv6 DHCP Server doesn't work [SOLVED]

or if you do not request an address you should only have a link-local address on the port to the upstream device.
This was the fix, I just had to disable getting an address on the DHCP client so the router could add a proper route to the bridge.
by Cablenut9
Sun Aug 15, 2021 5:54 am
Forum: RouterOS beta
Topic: IPv6 DHCP Server doesn't work [SOLVED]
Replies: 7
Views: 6510

Re: IPv6 DHCP Server doesn't work [SOLVED]

Now my devices are getting SLAAC addresses, but now the router can't route IPv6 properly because there is a route for the prefix for both the WAN and LAN ports. Both have the same distance, and I can't get rid of the one that points to WAN. This seems like another v7 bug, so that's sad.
by Cablenut9
Sat Aug 14, 2021 6:37 pm
Forum: RouterOS beta
Topic: IPv6 DHCP Server doesn't work [SOLVED]
Replies: 7
Views: 6510

Re: IPv6 DHCP Server doesn't work [SOLVED]

I'm using it to assign publicly routable IPv6 addresses to LAN devices, using a /64 prefix pool acquired from the router's DHCP client.
by Cablenut9
Sat Aug 14, 2021 4:35 pm
Forum: RouterOS beta
Topic: IPv6 DHCP Server doesn't work [SOLVED]
Replies: 7
Views: 6510

IPv6 DHCP Server doesn't work [SOLVED]

I've tried all the possible remedies like adding an address from the prefix to LAN, but I still can't get IPv6 DHCP to work at all. Is this a known problem or is there something else I haven't tried yet? EDIT: It looks like I can get good IPv6 addresses on clients but nothing shows up in the Binding...
by Cablenut9
Fri Aug 13, 2021 4:53 pm
Forum: RouterOS beta
Topic: Unable to set WG public key on CLI or WebFig
Replies: 12
Views: 4462

Re: Unable to set WG public key on CLI or WebFig

Go. Read. The. Link.
I already did!
by Cablenut9
Fri Aug 13, 2021 4:38 pm
Forum: RouterOS beta
Topic: Unable to set WG public key on CLI or WebFig
Replies: 12
Views: 4462

Re: Unable to set WG public key on CLI or WebFig

If we think about the 5 clients behind the router simply as network connections, this abstracts away the fact that they're all different devices. This still leaves that each device has a unique private key which lets the server know which client is which even though they share the same IP. However, ...
by Cablenut9
Fri Aug 13, 2021 5:53 am
Forum: RouterOS beta
Topic: Unable to set WG public key on CLI or WebFig
Replies: 12
Views: 4462

Re: Unable to set WG public key on CLI or WebFig

All the Wireguard interfaces have different public keys and the server knows about these different public keys. Actually, this is because I'm using Mullvad VPN which uses Wireguard and allows up to 5 "clients" which is a code word for a unique private+public key combo. I want all 5 of thes...
by Cablenut9
Fri Aug 13, 2021 3:19 am
Forum: RouterOS beta
Topic: LTE Modem & FOTA Firmware Over The Air Upgrade - Not working on 7.1beta6
Replies: 2
Views: 2141

Re: LTE Modem & FOTA Firmware Over The Air Upgrade - Not working on 7.1beta6

7.1beta6 doesn't work with LTE so jus stay on a Lowe version or wait until beta7.
by Cablenut9
Fri Aug 13, 2021 3:11 am
Forum: RouterOS beta
Topic: Unable to set WG public key on CLI or WebFig
Replies: 12
Views: 4462

Re: Unable to set WG public key on CLI or WebFig

You can't have two peers with the same public key, by design.
Then why isn't there a way to assign a peer to multiple interfaces? Each interface+peer combo would have a specific connection by design because the source port will be different for each. That's basic CCNA-level stuff!
by Cablenut9
Thu Aug 12, 2021 11:19 pm
Forum: RouterOS beta
Topic: Unable to set WG public key on CLI or WebFig
Replies: 12
Views: 4462

Unable to set WG public key on CLI or WebFig

I'm having a problem where I need to add Wireguard peers that have the same public keys. WebFig and Winbox won't let me add it because there is already another peer with the same key, but it shouldn't matter. In the CLI, it just doesn't want to work at all, even when using a different key. What gives?
by Cablenut9
Thu Aug 12, 2021 7:36 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 241187

Re: v7.1beta6 [development] is released!

On this update
Dial on Demand l2tp connections doesn't work :(
I have the same problem, just use Wireguard until it's fixed.
by Cablenut9
Tue Aug 10, 2021 11:03 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

But this is an interesting info all the same. Is the 5009 supposed to use 7.1 final from the start? Or will it use some 7.1beta?
There's a special v7 that is stable but just for a couple devices, and that's probably what the RB5009 will come with. However, you can also use v7.1 beta instead.
by Cablenut9
Tue Aug 10, 2021 6:01 pm
Forum: General
Topic: Did I miss something? New 4011
Replies: 30
Views: 4957

Re: Did I miss something? New 4011

The RB5009 uses the Cortex A72 which on its own is faster than the A15 used in the RB4011 at the same clock speed, and the DDR4 RAM is another speed boost because the A15 is from 2012 and could only have used DDR3 at the latest.
by Cablenut9
Tue Aug 10, 2021 5:08 pm
Forum: Beginner Basics
Topic: Recommended Upgrade path from RouterOS 5.20?
Replies: 8
Views: 2272

Re: Recommended Upgrade path from RouterOS 5.20?

Just upgrade to the latest stable version and you're done.
by Cablenut9
Sun Aug 08, 2021 9:56 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 1
Views: 2751

IS-IS

Could IS-IS ever become a feature in ROS? Cisco already has it and IS-IS seems like a simpler alternative to OSPF.
by Cablenut9
Fri Aug 06, 2021 6:10 pm
Forum: General
Topic: Shadowsocks
Replies: 2
Views: 10554

Shadowsocks

It would be great if Shadowsocks support was added to ROS because it can masquerade VPN traffic as HTTPS. Does anyone else think so? It seems relatively simple to implement and is a great selling point. Otherwise, I'd have to mess with dst-nat rules to forward it to some server in the network.
by Cablenut9
Fri Aug 06, 2021 5:39 pm
Forum: General
Topic: Did I miss something? New 4011
Replies: 30
Views: 4957

Re: Did I miss something? New 4011

I noticed a lot of new devices don't have IPsec performance listed, so maybe the Big Mik is slacking off when it comes to this.
by Cablenut9
Fri Aug 06, 2021 1:51 am
Forum: Wireless Networking
Topic: SIM NOT INSERTED
Replies: 19
Views: 15639

Re: SIM NOT INSERTED

If the SIM is in an adapter, the connection can get flaky and require a reboot to "refresh" the status of the connection to the SIM itself. Mikrotik devices have a big problem with this, so you're not alone.
by Cablenut9
Thu Aug 05, 2021 10:59 pm
Forum: RouterBOARD hardware
Topic: Tiny RouterOS capable device
Replies: 5
Views: 1903

Re: Tiny RouterOS capable device

hEx lite or hEx classic could be your ticket, as they've got more RAM and processing power. Or, if you need something even faster, a regular hEx has a beefy CPU and is still cheap.
by Cablenut9
Thu Aug 05, 2021 4:58 am
Forum: General
Topic: Feature Request: Add Connection_Routing_Mark
Replies: 7
Views: 926

Re: Feature Request: Add Connection_Routing_Mark

This is a great idea, as I have multiple PCC VPN routes as well as potentially multiple WANs and it would be scary hard to add in QoS as well.
by Cablenut9
Wed Aug 04, 2021 11:38 pm
Forum: Wireless Networking
Topic: Suggest Wireless AP
Replies: 9
Views: 1430

Re: Suggest Wireless AP

If you don't need 2.4GHz, get the 19s version instead because it has an even better antenna and can receive a better signal from the clients.
by Cablenut9
Wed Aug 04, 2021 10:53 pm
Forum: General
Topic: PROBLEMA ANCHO DE BANDA EN LAN [SOLVED]
Replies: 19
Views: 10152

Re: PROBLEMA ANCHO DE BANDA EN LAN [SOLVED]

¿Qué conexión de fibra óptica tienes? Posiblemente no tiene un ancho de banda más de 30 Mbps. También, no puedo ver "/interface wireless" otro de "/interface wireless security-profiles."
by Cablenut9
Wed Aug 04, 2021 10:39 pm
Forum: General
Topic: PROBLEMA ANCHO DE BANDA EN LAN [SOLVED]
Replies: 19
Views: 10152

Re: PROBLEMA ANCHO DE BANDA EN LAN [SOLVED]

Español: Sería que estés usando 2.4GHz en vez de 5GHz, porque 2.5GHz puede hacer ~50 Mbps solamente.

English: It could be that you're using 2.4GHz instead of 5GHz because 2.4 can only go up to ~50 Mbps.
by Cablenut9
Wed Aug 04, 2021 6:00 am
Forum: Virtualization
Topic: Can you update CHR with a P1 license to a P Unlimited by purchasing a prepaid key?
Replies: 8
Views: 7348

Re: Can you update CHR with a P1 license to a P Unlimited by purchasing a prepaid key?

Your vendor made an oopsie, as ROS and CHR licenses are totally separate and you got a ROS license instead of a CHR one.
by Cablenut9
Tue Aug 03, 2021 5:20 am
Forum: RouterOS beta
Topic: Can't mark routes in IPv6->Firewall->Mangle
Replies: 1
Views: 1164

Can't mark routes in IPv6->Firewall->Mangle

I was adding mangle rules to the IPv6 firewall mangle section and it turns out there's no way to mark routes in rules. However, in IPv6->Routes->Rules there's an option for routing marks. What gives?
by Cablenut9
Tue Aug 03, 2021 2:13 am
Forum: RouterBOARD hardware
Topic: Broken PSU in CRS328
Replies: 3
Views: 1848

Re: Broken PSU in CRS328

It's impossible to know if you don't have a good version of the power supply, but maybe you do because the CRS328 might be a switch with redundant ones. Also, this doesn't seem to be a widespread issue.
by Cablenut9
Mon Aug 02, 2021 7:34 pm
Forum: General
Topic: PCC load balance not working [help]
Replies: 14
Views: 3262

Re: PCC load balance not working [help]

His method doesn't work well in v7 for some reason, so the fix for me is to condense everything into rules that directly mark routes based on the PCC.
by Cablenut9
Mon Aug 02, 2021 5:54 pm
Forum: General
Topic: Feature Request: Address List use Wildcard FQDN
Replies: 7
Views: 2342

Re: Feature Request: Address List use Wildcard FQDN

I think it is too late to add that kind of "trick" as "everyone" is switching to DoH and DoT and that makes this impossible.
Unless you block all DoH servers in the firewall :)
by Cablenut9
Mon Aug 02, 2021 12:50 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

Is there any news about the new switch chip's L3 features?
by Cablenut9
Sun Aug 01, 2021 3:15 am
Forum: RouterOS beta
Topic: Route lookup rules: Broken?
Replies: 6
Views: 1713

Re: Route lookup rules: Broken?

In other words have you setup something similar on non beta firmware and it works fine? Connection marking tended to work better on non-beta firmware, but the problem I found with it not marking connections is that it couldn't match anything other than broadcasts and multicasts with any in-interfac...
by Cablenut9
Sun Aug 01, 2021 2:31 am
Forum: RouterOS beta
Topic: Route lookup rules: Broken?
Replies: 6
Views: 1713

Re: Route lookup rules: Broken?

Why are you "bumping" same day?
Maybe it has to do with time zones, but I made my first post yesterday night.
by Cablenut9
Sat Jul 31, 2021 11:30 pm
Forum: RouterOS beta
Topic: Route lookup rules: Broken?
Replies: 6
Views: 1713

Re: Route lookup rules: Broken?

Bump! What I'm doing is basically a split tunnel VPN, which used to work but now it isn't. However, the method I previously used was to have a single rule that marks routing and nothing else. Now, I'm marking connections and then marking routes for those connection marks. Update: I fixed it by conve...
by Cablenut9
Sat Jul 31, 2021 2:34 am
Forum: RouterOS beta
Topic: Route lookup rules: Broken?
Replies: 6
Views: 1713

Route lookup rules: Broken?

Here's my configuration: /ip firewall mangle add action=mark-connection chain=prerouting comment="mark all traffic for vpn" connection-mark=no-mark dst-address=!192.168.1.0/24 dst-address-list="!Portforwarded Servers" in-interface-list=LAN ipsec-policy=in,none new-connection-mark...
by Cablenut9
Fri Jul 30, 2021 4:47 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

I do not suppose a "standard" injector with advertised 1G ports will deliver a 2.5 link, or will it? 2.5G uses the same wires as 1G and it was designed to be used with the same cables, so the injector effectively can't tell the difference. Actually, it might be able to do 10G as well as t...
by Cablenut9
Fri Jul 30, 2021 2:28 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 34
Views: 27282

Re: Torrent blocking working in y2020

You can also use a VPN which is even harder to block, if you're using SSTP or Wireguard.
by Cablenut9
Fri Jul 30, 2021 1:58 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

There are not many 2.5G Injectors available, let alone 802.3bt....Oh, TP-Link has them (oups, wrong brand).
You don't need 802.3bt to power the RB5009 (it only supports 802.3af/at), and 2.5G works fine over regular ethernet cables.
by Cablenut9
Fri Jul 30, 2021 1:56 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 34
Views: 27282

Re: Torrent blocking working in y2020

Have a 50Mbps and try to sell 10Mbps to 100 users...
When 5 of 100 users use torrents, the uplink is full and all users complain...
Then you need to upgrade, because the customers are using what they're paying for.
by Cablenut9
Fri Jul 30, 2021 3:56 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

What happened to the console port ??
This is something that I really want before I can buy one.
by Cablenut9
Fri Jul 30, 2021 12:43 am
Forum: General
Topic: R11e-LTE6 Registration Status Denied
Replies: 7
Views: 1501

Re: R11e-LTE6 Registration Status Denied

So it is just saying Registration Status "Denied" because I am not able to see a cell tower anymore?
This happens to me too, so try getting a better signal.
by Cablenut9
Thu Jul 29, 2021 8:51 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

ROAS concept implies that router has only single physical connection to the rest of the network.
Maybe it's a half-ROAS, because to the 10G devices it only has one connection, but to the gigabit it has many.
by Cablenut9
Thu Jul 29, 2021 8:45 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 12
Views: 4541

Re: Block or Limit Torrents

What is worth torrenting these days anyway??
If you need to find something old, weird, or otherwise hard to get the regular way (like the Olympics) then torrenting is a suitable option.
by Cablenut9
Thu Jul 29, 2021 8:10 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

I feel like the RB5009 for me would actually bet a positive gain in performance, as my RB4011 is doing inter-VLAN routing in the CPU for CCTV and RSTP, both of which aren't supported by the wimpy TTL switch chips but likely are by the RB5009's.
by Cablenut9
Thu Jul 29, 2021 7:49 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

I use ROAS where the gigabit ports are used for gigabit devices and the SFP+ is connected to a 10G switch for only 10G devices.
Then it is not a ROAS :)
Technically it is, because the WAN is located in the 10G switch and uses a VLAN to separate it from LAN.
by Cablenut9
Thu Jul 29, 2021 7:16 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 12
Views: 4541

Re: Block or Limit Torrents

:) Let me rephrase the question..I would like to block torrents or Limit their bandwidth usage within my network. Please share some working procedures. thanks
You can't, because torrents can use ports 80 and 443 and then it looks like regular website traffic.
by Cablenut9
Thu Jul 29, 2021 7:03 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

How would it matter in ROAS scenario, as SFP+ will be the only populated port then?
I use ROAS where the gigabit ports are used for gigabit devices and the SFP+ is connected to a 10G switch for only 10G devices.
by Cablenut9
Thu Jul 29, 2021 4:54 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

That RB5009 block diagram makes me think it was oriented around router-on-a-stick because the SFP+ is switched with all the other ports and that's what you'd have a lot of in a ROAS setup. Also, in the document for the switch chip, it claims "L3 routing features" which might be nice to hav...
by Cablenut9
Wed Jul 28, 2021 11:49 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

But is it possible to use this rack-mount kit for mounting single unit? Or 3 units? How stable is the whole thing if there aren't two units stacked vertically?
They want you to buy four, that way they get four times the sales.
by Cablenut9
Wed Jul 28, 2021 9:05 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

It seems like that text about DFS and "local authorities" is just boilerplate filler copied and pasted into every manual.
by Cablenut9
Wed Jul 28, 2021 5:57 pm
Forum: RouterOS beta
Topic: v7 launch date
Replies: 156
Views: 48594

Re: v7 launch date

AFAIK all forum moderators can directly edit all posts. AFAIK all MT staffers present on forum are moderators.
This is scary, as on other sites like Reddit, it was a scandal if even the site owner was able to change someone else's post.
by Cablenut9
Wed Jul 28, 2021 4:30 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 241187

Re: v7.1beta6 [development] is released!

Are you talking about WRT1200/3200 too?
No, only the cAP ac and hAP ac3.
by Cablenut9
Wed Jul 28, 2021 4:05 am
Forum: Wireless Networking
Topic: Wifi net work for home with Iot (50 devices)
Replies: 43
Views: 5731

Re: Wifi net work for home with Iot (50 devices)

Don't touch MT WiFi with a 10 foot pole! The very fastest I can get is 450 Mbps in the best conditions and that's nothing compared to my gigabit Internet connection. You might be able to go faster if you get the RB4011 Wireless Edition but that's several hundred dollars. However, if you're doing a P...
by Cablenut9
Wed Jul 28, 2021 3:25 am
Forum: General
Topic: Locked out due to vlan filtering
Replies: 8
Views: 1676

Re: Locked out due to vlan filtering

Try to connect through all the possible VLANs, so that means multiple ports. Other than that, you might be out of luck.
by Cablenut9
Tue Jul 27, 2021 9:37 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

I also noticed in the YT video that they're saying there's going to be others in the RB5000 series. That means there could be a 10 port version to properly replace the RB4011, because mine is just about filled up and I would have to rearrange my network if I upgrade to the RB5009.
by Cablenut9
Tue Jul 27, 2021 7:06 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 241187

Re: v7.1beta6 [development] is released!

Tweaking around with channels (I am alone on landside, no other used channels) and stuff I finally reached speeds like 180mbit/s with iperf3. Again, 5m meters distance. A real useless AP it was. This is pure BS, as I can get a solid 450 Mbps with my old Linux laptop at the same distance. Then again...
by Cablenut9
Tue Jul 27, 2021 7:02 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

If you watched the video introduction, there they said RB5009 will NOT be compatible with v6. I already knew this. If we have a RB4011 with v6 and a RB5009 with v7, then both have about the same routing speed. What would be nice is if we could get the RB5009 with v6, but we can't. Assuming this set...
by Cablenut9
Tue Jul 27, 2021 6:36 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

FastPath requires specific hooks in the NIC drivers as well as a number of other optimizations. Previous technique may not work with a more modern kernel, or their may be newer more efficient ways to perform FastPath on the 5.x kernel that Mikrotik are not fully utilizing yet. Assuming they don't i...
by Cablenut9
Tue Jul 27, 2021 4:16 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

I am just guessing, but I would say it is due to FastPath modules not being optimized in RouterOS v7 yet.
That's interesting, as ROS v7 is currently more optimized then v6 for routing processes like SPF and BGP downloading.
by Cablenut9
Mon Jul 26, 2021 4:03 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

If you just compare the RB4011 and RB5009 based on CPU alone, the A72 is light-years ahead of the A15, so it's strange this isn't reflected in the performance data.
by Cablenut9
Mon Jul 26, 2021 5:59 am
Forum: Wireless Networking
Topic: 5.915 Ghz on LHG AC?
Replies: 2
Views: 1770

Re: 5.915 Ghz on LHG AC?

From what I know, all International AC devices support that frequency because the effective range actually goes into the 6GHz band.
by Cablenut9
Sun Jul 25, 2021 7:35 pm
Forum: Scripting
Topic: hacked script
Replies: 4
Views: 3605

Re: hacked script

Post the script content here and let's see what there is, because I don't want to go to that website to find out.
by Cablenut9
Sun Jul 25, 2021 4:23 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Re: Input firewall filter prioritization [SOLVED]

Can I ask you where you live?
The Southeast US, but I've only seen these firewalls a couple times. I know Walmarts block L2TP/IPSec and they mess with TLS certificates leading to HSTS errors. However, a port 443 WG VPN works just fine, so it's this one place that blocks almost everything.
by Cablenut9
Sun Jul 25, 2021 4:09 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Re: Input firewall filter prioritization [SOLVED]

Just so you know how restrictive some of these firewalls are, I sometimes can't visit forum.mikrotik.com without a VPN because of this: "Sonicwall: Connection blocked to Latvia (GeoIP block)"
by Cablenut9
Sun Jul 25, 2021 5:09 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Re: Input firewall filter prioritization [SOLVED]

I was asking you if I bothered you, like mkx want say...
Maybe, but I can see why the ISP would want to block DNS.
by Cablenut9
Sun Jul 25, 2021 12:58 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Re: Input firewall filter prioritization [SOLVED]

@Cablenut9 you make it clear, please...
You gave me the dst-nat solution before mkx did, but mkx explained how my original setup might actually work.
by Cablenut9
Sun Jul 25, 2021 12:28 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Re: Input firewall filter prioritization [SOLVED]

Your provider lock all UDP??? (also UDP on 53...)
Not my provider, but at some places like a coffee shop, they have those restrictions.
by Cablenut9
Sun Jul 25, 2021 12:23 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Re: Input firewall filter prioritization [SOLVED]

I have to use port 53 to bypass firewalls which block everything except ICMP, TCP port 80/443, and DNS. My ISP doesn't care that much about "weird" traffic.
by Cablenut9
Sun Jul 25, 2021 12:11 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Re: Input firewall filter prioritization [SOLVED]

If you want to block it in RAW on TCP/UDP(53) traffic coming from the WAN.
This won't work because then I won't be able to use Wireguard with a listen port of 53.
by Cablenut9
Sun Jul 25, 2021 12:05 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 3070

Input firewall filter prioritization [SOLVED]

I have a setup where my main router has a DNS server accessible to clients on LAN. On the outside, there will be a Wireguard tunnel on port 53, the same port as DNS. If I add an input rule for port 53 from WAN, which router service will come first? Is there a way to disallow DNS from WAN and only al...
by Cablenut9
Sun Jul 25, 2021 12:00 am
Forum: Beginner Basics
Topic: layer 7 port forwarding
Replies: 17
Views: 4401

Re: layer 7 port forwarding

If you have a restrictive firewall that blocks most traffic, UDP WG on 443 has a higher chance of getting through.
by Cablenut9
Sat Jul 24, 2021 11:51 pm
Forum: Beginner Basics
Topic: layer 7 port forwarding
Replies: 17
Views: 4401

Re: layer 7 port forwarding

But not so much for WireGuard since it only uses UDP as a transport...
QUIC traffic also uses UDP
by Cablenut9
Sat Jul 24, 2021 11:44 pm
Forum: Beginner Basics
Topic: layer 7 port forwarding
Replies: 17
Views: 4401

Re: layer 7 port forwarding

In that case setting up some kind of a VPN would have been a much easier, cleaner and more flexible solution...
This is hilarious, because all my solutions were originally made for me to differentiate between HTTPS and a Wireguard/SSTP VPN tunnel.
by Cablenut9
Sat Jul 24, 2021 11:18 pm
Forum: Beginner Basics
Topic: layer 7 port forwarding
Replies: 17
Views: 4401

Re: layer 7 port forwarding

I had a similar problem, and the fixes are: 1. Use port knocking to manually choose which thing you connect to. 2. Use source address filters to exclude a certain address from the blog and then connect to the NAS, maybe use IP Cloud DDNS to do this? Or, you can use something like Cloudflare instead....
by Cablenut9
Sat Jul 24, 2021 10:57 pm
Forum: Beginner Basics
Topic: layer 7 port forwarding
Replies: 17
Views: 4401

Re: layer 7 port forwarding

Put your domain in an address list. Then, make the NAT rule so it matches based on that domain address list.
by Cablenut9
Sat Jul 24, 2021 12:02 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 146175

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

CCR2004 trash hardware not usable in a professional network.
What's the alternative? The equivalent Cisco would cost 100 times as much.
by Cablenut9
Fri Jul 23, 2021 7:33 pm
Forum: General
Topic: Feature Request: RouterOS Nightly
Replies: 4
Views: 999

Feature Request: RouterOS Nightly

I think it would be an interesting proposition if we could download and install every new build of ROS to get the latest features, even if they don't even deserve a "beta" release yet. Firefox and lots of other software already has this, so why not RouterOS?
by Cablenut9
Fri Jul 23, 2021 4:30 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 2082

Re: Mikrotik - Early Access beta hardware?

Yup ... buy new model devices from your local MT distributor and you're hooked up for beta testing. Or so it seems ...
Sad but true.
by Cablenut9
Thu Jul 22, 2021 8:50 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

That mystery pad could also be the NAND as they pointed it out in the video and it was on the other side.
by Cablenut9
Thu Jul 22, 2021 5:37 am
Forum: General
Topic: IPTV Configuration
Replies: 5
Views: 4111

Re: IPTV Configuration

Okay, let's bring you up to speed on what some people spend their whole careers on... 🙄

I advise asking only specific questions on huge topics like this. Open-ended ones either result in vague answers or reference manuals.
Go back to Reddit
by Cablenut9
Wed Jul 21, 2021 11:49 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

Annapurna Labs AL32400: 4x1.7Ghz Cortex A57.
Looks like the A72 is actually faster than the A57, so that's bad. https://en.wikipedia.org/wiki/ARM_Corte ... prov=sfla1 What's also sad is that it's also used in the Raspberry Pi, so that's also poor value because the Pi can be had for $35.
by Cablenut9
Wed Jul 21, 2021 11:18 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

Well, till then...
by Cablenut9
Wed Jul 21, 2021 10:49 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 1240

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

This isn't a comment about Wireguard:
You can already get simple port knocking apps that work with any kind of setup, so why add it into the MT app?
by Cablenut9
Wed Jul 21, 2021 10:29 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

The video (https://www.youtube.com/watch?v=Cmt33XMLTqI) says that it'll be the cheapest CCR, and that the passive cooling version is coming soon and it'll be 15% slower and have external power supplies.
by Cablenut9
Wed Jul 21, 2021 7:26 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91278

Re: MikroTik RB5009UG+S+IN

Looks like the Marvell CPU used in the RB5009 is a Cortex A72, but now I need to compare this to the one in the CCR2004. Does anyone know what processor the 2004 uses?
by Cablenut9
Tue Jul 20, 2021 11:47 pm
Forum: RouterOS beta
Topic: Wireguard on wAP AC
Replies: 6
Views: 1867

Re: Wireguard on wAP AC

Make sure the "allowed addresses" setting is set to 0.0.0.0/0. ROS has a bug where you have to set it through the terminal because the GUI keeps deleting it because eit thinks it's not needed.
by Cablenut9
Sun Jul 18, 2021 5:36 pm
Forum: Wireless Networking
Topic: Love MikroTik WISP Setup
Replies: 2
Views: 1073

Re: Love MikroTik WISP Setup

What's your main internet connection? How many users will there be? What's the weather like? With Starlink coming faster than ever, there's no reason to offer only a paltry 5Mb/s. If you can, upgrade to the SXTsq lite5 ac so you can get the most out of your mANTBox 15s.
by Cablenut9
Sat Jul 17, 2021 2:02 am
Forum: General
Topic: Ethernet Flow Control
Replies: 1
Views: 832

Ethernet Flow Control

Is there a good reason to turn it on in ROS? By default it's off on all of my devices so maybe there's a reason why it's that way.
by Cablenut9
Fri Jul 16, 2021 7:23 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 1132

Re: Overriding netmap

All NAT rules try to match before anything in the filter section, so if any of your NAT rules match your traffic, then it gets "taken away" from any accept rules elsewhere. Try adding Dst. Address = !YY.YY.YY.101 to the NAT rule.
by Cablenut9
Fri Jul 16, 2021 6:35 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 1132

Re: Overriding netmap

Then add Src. Address = !your-excluded-address to the netmap rule.
by Cablenut9
Fri Jul 16, 2021 6:04 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 1132

Re: Overriding netmap

NAT rules come before any "filter" rule, so to fix this, exclude the ports 500 and 4500 from the netmap rule.
by Cablenut9
Fri Jul 16, 2021 2:39 am
Forum: RouterOS beta
Topic: v7 launch date
Replies: 156
Views: 48594

Re: v7 launch date

Because they have asked to test filters specifically.
Sorry for my ignorance, but why does anybody need route filters?
by Cablenut9
Fri Jul 16, 2021 2:26 am
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 2813

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

Another solution: My webserver which uses QUIC is protected by Buttflare. Since Buttflare has a set list of IPs that they request from, I can specify the NAT rule for QUIC (and also TCP 443) for only these IPs, and have the VPNs available for all other addresses. This also has a bonus feature of blo...
by Cablenut9
Fri Jul 16, 2021 1:04 am
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 1848

Re: Netmetal maximum throughput?

uh, it definitely has 2 chains, or even three on one model.
There's one kind of Netmetal that only has 1 chain, but the others have 2/3. In that case, you can easily get a solid 450Mbps
by Cablenut9
Thu Jul 15, 2021 11:46 pm
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 1848

Re: Netmetal maximum throughput?

You'll never get above about 300Mbps with the Netmetal because it only has 1-chain 802.11n/ac, and that's best-case!
by Cablenut9
Thu Jul 15, 2021 5:44 pm
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 bandwidth
Replies: 2
Views: 1578

Re: wAP 60Gx3 bandwidth

If you do only "internal L2 routing" between the clients and the ap, you can really reach the gigabit sum,
I'm not using the gigabit port at all, but rather L3 routing between stations connected to the wAP itself.
by Cablenut9
Thu Jul 15, 2021 4:40 pm
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 bandwidth
Replies: 2
Views: 1578

wAP 60Gx3 bandwidth

How much bandwidth does the wAP 60Gx3 have between the three phase-array antennas? I'm wanting to make a setup where lots of data will be sent to and from these antennas/radios but in the block diagram, there's no speed listed for the link between the CPU and the 60GHz radio. This likely means it's ...
by Cablenut9
Thu Jul 15, 2021 6:14 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 1881

Re: Virtual interfaces for 60GHz

But why would you keep changing the MAC on the station side to begin with? Presumably you control both sides?
That's in case someone hacks a station and wants to subtly attack the network.
by Cablenut9
Thu Jul 15, 2021 5:45 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 1881

Re: Virtual interfaces for 60GHz

Let's say I have an AP and a station. If the AP assigns slave interfaces based on each station, using the MAC to differentiate between them, then the AP will make a new interface for each MAC it sees. The script on the station changes its MAC to some random value every time it connects. The AP, thin...
by Cablenut9
Thu Jul 15, 2021 5:27 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 1881

Re: Virtual interfaces for 60GHz

The station interfaces are only created after connect, but they are not dynamic, so they will stay there even if the far end goes down. Is this really true? If so, then what stops someone from making a script that changes the identity of some station and cramming the AP with a long list of dummy in...
by Cablenut9
Thu Jul 15, 2021 5:06 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 1881

Virtual interfaces for 60GHz

Is it possible to have a virtual interface to which 60GHz stations can connect to? I want to have a setup where multiple wAPs connect to a single wAP 60x3 and that wAP 60x3 can create a PtP link from itself to any of the stations. However, I noticed in the MikWiki that the station interfaces are cre...
by Cablenut9
Wed Jul 14, 2021 11:45 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 86
Views: 79532

Re: Point-to-point (/31) addresses

but they fail when you use protocols that expect to be able to use broadcast over a link, like OSPF.
This partially untrue, as OSPF has PtP mode which eliminates address broadcasts, making /32 addresses the absolute simplest and easiest option, but only for PtP mode OSPF.
by Cablenut9
Wed Jul 14, 2021 11:43 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 146175

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

anyone has better results with 6.48.3?
https://tryitands.ee

Anyway, considering all the fixes in 6.48.3, I would expect there to be some improvement with the CCR2004.
by Cablenut9
Wed Jul 14, 2021 4:12 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 86
Views: 79532

Re: Point-to-point (/31) addresses

Normis, it seems /31 works fine on RouterOS v6 stable/long-term though?
/32 really cuts down on addresses though, and it follows the philosophy of "hosts have IP addresses, not interfaces"
by Cablenut9
Wed Jul 14, 2021 4:42 am
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 970

Re: Route traffic through IP tunnel after masquerading

I fixed it! If I add another rule to use the src-nat rule for all IPIP interfaces in addition to the masquerade rule for my other interfaces, it works great. /ip firewall nat add action=src-nat chain=srcnat out-interface-list=IPIP to-addresses=10.0.0.2 add action=masquerade chain=srcnat ipsec-policy...
by Cablenut9
Wed Jul 14, 2021 2:54 am
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 970

Re: Route traffic through IP tunnel after masquerading

Here's what I want to do: I need to encapsulate the router's IP two ways, both in the inner IP packet and on the outside IPIP packet so it looks like this: [Router Address][Dst Router Address](Router Address)(Some Dst Internet Address)(IP Packet Content)[IPIP Trailer] Could the regular src-nat actio...
by Cablenut9
Tue Jul 13, 2021 11:47 pm
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 970

Re: Route traffic through IP tunnel after masquerading

Is this possible with some route rule hack?
by Cablenut9
Tue Jul 13, 2021 10:51 pm
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 970

Route traffic through IP tunnel after masquerading

I have problem where I have an IP tunnel to some other router and a NAT setup. When I try to ping 1.1.1.1 from R1, the IP tunnel interface on R2 shows that it is coming from a LAN address. However, this means that I'm encapsulating the traffic BEFORE the NAT masquerade. Is there a way to double this...
by Cablenut9
Tue Jul 13, 2021 6:26 pm
Forum: Forwarding Protocols
Topic: BGP ECMP (multipathing)
Replies: 58
Views: 39878

Re: BGP ECMP (multipathing)

It's on the roadmap for protocol support in the v7 status page
https://help.mikrotik.com/docs/display/ ... col+Status
I just need OSPF route conversion from v6 and then I'm golden.
by Cablenut9
Mon Jul 12, 2021 9:23 pm
Forum: RouterOS beta
Topic: IPv6 forwarding not working in 7.1beta6
Replies: 21
Views: 11858

Re: IPv6 forwarding not working in 7.1beta6

7.1beta6 is super buggy on the RB4011, so good thing you made that downgrade.
by Cablenut9
Mon Jul 12, 2021 2:16 am
Forum: RouterBOARD hardware
Topic: LHGG LTE6 reply timeout from modem
Replies: 7
Views: 6889

Re: LHGG LTE6 reply timeout from modem

to check for new version

/interface lte firmware-upgrade lte1

to download new firmware

interface lte firmware-upgrade lte1 upgrade=yes
This doesn't work with v28 because you can only download v27 right now.
by Cablenut9
Sun Jul 11, 2021 7:06 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 241187

Re: v7.1beta6 [development] is released!

It's July and we're due for beta7.
by Cablenut9
Sun Jul 11, 2021 4:48 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

My test network already has MIPS 880MHz 2-core and ARM 716MHz so I just want to see how much slower a SMIPS/MIPSBE device is.
by Cablenut9
Sun Jul 11, 2021 4:38 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

Maybe I should upgrade to a hAP which has 64MB RAM and is MIPSBE so I can get all the good features, or should I get a hAP Lite just for testing?
by Cablenut9
Sun Jul 11, 2021 4:30 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

My network could have a lot of SMIPS devices with OSPF in PtP mode, so each link will have at most 2 MAC addresses.
by Cablenut9
Sun Jul 11, 2021 4:25 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

Is this a real issue with SMIPS or something that can just happen in theory?
by Cablenut9
Sun Jul 11, 2021 4:11 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

Interesting, so how bad of a performance degredation can I expect?
by Cablenut9
Sun Jul 11, 2021 4:02 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

Looks like I don't need any of the things on that list for what I'm doing, so I'm going to try it and see.
by Cablenut9
Sun Jul 11, 2021 3:33 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

there's no explicit snmp, sntp, smb, radius, tftp packages
understand now?
That doesn't tell me what features SMIPS is missing.
by Cablenut9
Sun Jul 11, 2021 2:52 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

do not exist 1 packet for files, 1 paket for address, 1 packet for user, 1 packet for snmp, 1 packet for sntp, etc....
I don't know what this means, you might have gotten your Italian->English translation wrong.
by Cablenut9
Sun Jul 11, 2021 1:29 am
Forum: RouterBOARD hardware
Topic: E3372h-320 USB/lte1 problems constantly LTE1 link up-down
Replies: 68
Views: 56766

Re: E3372h-320 USB/lte1 problems constantly LTE1 link up-down

I don't understand why version 6 is called stable when it makes such a problem
Ironic, because the current v7 doesn't work with LTE at all.
by Cablenut9
Sun Jul 11, 2021 12:54 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

Re: What packages are missing from SMIPS?

Weird, because there's no explicit dot1x package, so it had to included in some other one. I suppose I'll have to buy a router with SMIPS and see.
by Cablenut9
Sun Jul 11, 2021 12:21 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 2988

What packages are missing from SMIPS?

I know dot1x is missing from SMIPS Mikrotik devices. However, are there any other missing features? Having the routing package is a hard requirement for me, so I need to know in advance.
by Cablenut9
Sat Jul 10, 2021 9:53 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 2813

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

I just realized that I can use port knocking to add myself to an address list that gets redirected to Wireguard, and addresses that don't use port knocking get redirected to QUIC. Solved!
by Cablenut9
Sat Jul 10, 2021 4:28 pm
Forum: General
Topic: Congestion based QoS
Replies: 4
Views: 1157

Re: Congestion based QoS

Bump, I think this kind of queue is also called SQM
by Cablenut9
Sat Jul 10, 2021 12:29 am
Forum: RouterOS beta
Topic: L2TP/IPsec tunnel erases configuration
Replies: 1
Views: 1195

L2TP/IPsec tunnel erases configuration

I was setting up a L2TP/IPsec tunnel with a 7.1beta6 device on one end, and a 6.49beta46 on the other. After the interface was created after connecting, the v7.1 router crashed and erased the whole configuration. Luckily for me, I had made a backup the day prior just in case something like this happ...
by Cablenut9
Fri Jul 09, 2021 10:21 pm
Forum: General
Topic: Congestion based QoS
Replies: 4
Views: 1157

Re: Congestion based QoS

Is this even possible?
by Cablenut9
Fri Jul 09, 2021 9:19 pm
Forum: General
Topic: Congestion based QoS
Replies: 4
Views: 1157

Congestion based QoS

I'm interested in making a QoS setup where the queues come into effect when packets are lost, AKA when interface queues become used. My Mikrotik device uses an LTE interface and depending on where I take it, the speeds can range from 1 to 100 Mbps. If I used queue trees the usual way, I would have t...
by Cablenut9
Fri Jul 09, 2021 5:24 pm
Forum: RouterBOARD hardware
Topic: CCR2004 all port flap
Replies: 5
Views: 7269

Re: CCR2004 all port flap

The CCR2004 has issues, so you might be out of luck for now until new software becomes available.
by Cablenut9
Fri Jul 09, 2021 4:42 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

route them via vpn like so: /ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=windows_update new-connection-mark=\ c_windows_update passthrough=yes add action=mark-packet chain=prerouting connection-mark=c_windows_update \ new-packet-mark=p_windows_update passthrough=...
by Cablenut9
Fri Jul 09, 2021 2:39 am
Forum: Wireless Networking
Topic: URGENT HELP remove SIM on wAP ac LTE6 kit
Replies: 20
Views: 3278

Re: URGENT HELP remove SIM on wAP ac LTE6 kit

Are you using a SIM adapter? If so, then you might be out of luck.
by Cablenut9
Thu Jul 08, 2021 9:25 pm
Forum: RouterOS beta
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 3854

Re: OSPF distribute-default option is missing [SOLVED]

Have you tried 7.1beta6?
by Cablenut9
Thu Jul 08, 2021 9:02 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Does this setup look good? /ip firewall mangle add action=jump chain=prerouting comment=*xbox*.com dst-port=80,443 jump-target=tls protocol=tcp tls-host=*xbox*.com add action=jump chain=prerouting comment=*a-msedge.net dst-port=80,443 jump-target=tls protocol=tcp tls-host=*a-msedge.net add action=re...
by Cablenut9
Thu Jul 08, 2021 8:48 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

you would have to reject that packet with a TCP RST reply and also add the destination address to your address list.
I already added the destination address to the address list, but I can't think of a good way to send a TCP RST. Is there some feature or hack in ROS that can do this?
by Cablenut9
Thu Jul 08, 2021 7:11 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

So, here's a new plan: Match TLS hosts and the action is to jump to a custom chain. This custom chain has rules that simply add both the source and destination to address lists. Later in the prerouting chain, have a rule that matches these address lists and marks routes as going to the VPN.
by Cablenut9
Thu Jul 08, 2021 6:51 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

When does a client first send a packet with the TLS host? I forgot how the process works, but if it doesn't send it at first, then I'm definitely going to have to make another address list.
by Cablenut9
Thu Jul 08, 2021 5:52 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

When you catch that, it is too late to setup the TCP session via another path. Technically true, but HTTP(S) has a native 1/RTT feature that automatically restarts the connection if the path changes. And, if it doesn't work, then no data of value would be lost anyway since all I'm matching against ...
by Cablenut9
Thu Jul 08, 2021 3:46 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Now I have a quadruple-whammy setup that is easy on the CPU and the LTE modem. First, I start with rules that redirect ALL traffic on certain ports that only Windows and Apple devices use. If that doesn't work, I match traffic based on address-lists full of IPs and a handful of domains that can't be...
by Cablenut9
Thu Jul 08, 2021 3:36 pm
Forum: RouterOS beta
Topic: L3HW User Manual Updated
Replies: 16
Views: 4404

Re: L3HW User Manual Updated

How is there a 7.1beta7 listed if it hasn't been released yet, or are you just keeping it as up-to-date as possible?
by Cablenut9
Thu Jul 08, 2021 3:29 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

HELP! After adding all these domains to the address-list, my router is pulling a perpetual 200kb/s through the LTE modem. Is there a way to extend the TTL for DNS so it doesn't use so much data? Here's an alternative idea I just got: Use L7 regex and the big list of IPs together. However, use L7 to ...
by Cablenut9
Thu Jul 08, 2021 1:10 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

I just found this potential list that could work: https://support.apple.com/en-us/HT210060
by Cablenut9
Wed Jul 07, 2021 10:08 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Is there a similar list for Apple?
by Cablenut9
Wed Jul 07, 2021 7:21 pm
Forum: General
Topic: CCR2004-1G-12S+2XS SFP+ Upload issues
Replies: 16
Views: 2821

Re: CCR2004-1G-12S+2XS SFP+ Upload issues

I had a similar problem and the issue was the SFP+ not autonegotiating to 1 gigabit, so it stayed on 10 gigabit and kept trying to push that kind of signal through a 1 gigabit interface in the other end.
by Cablenut9
Wed Jul 07, 2021 6:29 pm
Forum: General
Topic: CCR2004-1G-12S+2XS SFP+ Upload issues
Replies: 16
Views: 2821

Re: CCR2004-1G-12S+2XS SFP+ Upload issues

The CCR2004 is notoriously bad at switching, so you probably need to use a real switch instead.
by Cablenut9
Wed Jul 07, 2021 6:10 pm
Forum: Beginner Basics
Topic: Disabling2.4GHZ wifi
Replies: 3
Views: 1210

Re: Disabling2.4GHZ wifi

/interface wireless disable wlan1
by Cablenut9
Wed Jul 07, 2021 3:14 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 89095

Re: v6.49beta [testing] is released!

I'm getting a memory leak too, my device is already using 75% of 128MB in just a few hours.
by Cablenut9
Wed Jul 07, 2021 4:26 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Too late, I already did it! add address=activity.windows.com list=windows_telemetry add address=tile-service.weather.microsoft.com list=windows_telemetry add address=evoke-windowsservices-tas.msedge.net list=windows_telemetry add address=cdn.onenote.net list=windows_telemetry add address=spclient.wg...
by Cablenut9
Wed Jul 07, 2021 4:07 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Now I have the master list, but I need a good way to transfer it to an address-list. I found the quickest manual way was to get into the terminal and keep entering the last command where the domain is replaced with a new one every time. Would it be a good idea to get rid of the list of IP addresses ...
by Cablenut9
Wed Jul 07, 2021 3:52 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

there are official Micro$oft list of domains... LINK The problem is, this has non-Windows stuff as well (like ad domains) but I only need to masquerade addresses that are a "smoking gun" that there is a Windows machine in the network. I found a few candidates here: https://answers.microso...
by Cablenut9
Wed Jul 07, 2021 3:34 am
Forum: Wireless Networking
Topic: 6ghz and Automated Frequency Coordination
Replies: 3
Views: 1243

Re: 6ghz and Automated Frequency Coordination

Looks like they're using HTTPS, which is pretty expected. However, this opens up problems like certificates expiring, and the fix might be to make the devices not care about certs. Then, that means I can bypass AFC checks and get more power over my devices :)
by Cablenut9
Wed Jul 07, 2021 3:21 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

You need to have an address-list, like the one crazy-max provides
What about L7 in addition to or instead of address-list?
by Cablenut9
Wed Jul 07, 2021 3:08 am
Forum: General
Topic: Dollar sign in password
Replies: 5
Views: 1358

Re: Dollar sign in password

Reset button, and of that doesn't work then do Netinstall.
by Cablenut9
Wed Jul 07, 2021 3:01 am
Forum: Beginner Basics
Topic: Tunneling VLAN traffic over Wireguard
Replies: 18
Views: 9152

Re: Tunneling VLAN traffic over Wireguard

Clamping MSS also makes things load faster because there's less fragmentation, so adding that rule is always a good thing.
by Cablenut9
Wed Jul 07, 2021 2:23 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

You have to understand that only the (unencrypted!) dns traffic between your Windows Client and the configured DNS Server (I assumed it's the Mikrotik Router) gets inspected/altered. It doesn't matter if you're using DoH on any upstream DNS Resolver. You didn't even come close to what I'm doing. To...
by Cablenut9
Wed Jul 07, 2021 2:14 am
Forum: Wireless Networking
Topic: wAP ac LTE6 HELP on wifi disconnections
Replies: 2
Views: 978

Re: wAP ac LTE6 HELP on wifi disconnections

Post your config with /export hide-sensitive
by Cablenut9
Wed Jul 07, 2021 1:12 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

only (small) dns packets will be matched against the L7 filter. In this case, the TLS version is unimportant. This is basically useless to me as I'm using DoH which hides all the DNS from attackers, but you already knew this. you'd have to use rextended's solution and mark sessions/packets based on...
by Cablenut9
Wed Jul 07, 2021 12:23 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Here's the pros and cons for each policy routing method:

Address list pros: Easy (?) on CPU, works with TLS 1.3
Cons: Changes because of CDNs, requires updates

L7 pros: Doesn't require updates
Cons: Hard (?) on CPU, doesn't work with TLS 1.3
by Cablenut9
Tue Jul 06, 2021 11:37 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Now I don't know what to do, use regex or use the address-lists. I probably shouldn't do both because that'd be a waste of CPU resources.
by Cablenut9
Tue Jul 06, 2021 9:52 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Your solution is useless because on close future DoH and DoT are used...
I'm also doing this, complete with verified certificate.
You always want easy things... :-)
I could make a C++ script to do it for me but I'm low on time. :)
by Cablenut9
Tue Jul 06, 2021 9:24 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

How am I supposed to add that into an address-list?
by Cablenut9
Tue Jul 06, 2021 9:21 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

I'm actually trying to make it so all Windows Update traffic gets redirected to a VPN because the device I'm doing this on is a hotspot and I don't want the cellular ISPs to see any Windows stuff. I also made an address-list with a bunch of Windows Update domains but I'm going to do the L7 regex as ...
by Cablenut9
Tue Jul 06, 2021 8:16 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

Re: "TLS Host" option doesn't work

Any help?
by Cablenut9
Tue Jul 06, 2021 7:17 pm
Forum: General
Topic: wApR and LTE (AT&T sim specifically) DENIED
Replies: 9
Views: 2723

Re: wApR and LTE (AT&T sim specifically) DENIED

I see some post about IMEI what was removed and I think no one write the way here. What are you saying here? Anyway, the way to change the LTE6's IMEI is here: https://www.reddit.com/r/mikrotik/comments/nr22yt/changing_the_imei_on_the_mikrotik_lte6_modem_no/ The website is down but the instructions...
by Cablenut9
Tue Jul 06, 2021 3:10 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 47
Views: 9561

"TLS Host" option doesn't work

I tried setting the TLS Host in a firewall rule to drop packets to download.windowsupdate.com and then in my computer I did this: curl https://download.windowsupdate.com and it worked. In other worlds, the TLS Host setting didn't work. What's the fix?
by Cablenut9
Tue Jul 06, 2021 1:50 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 89095

Re: v6.49beta [testing] is released!

Entries appear in the cache and then disappear a few seconds later, rendering DNS caching useless.
This often happens with things like PiHole where it returns a fake address of 0.0.0.0.
by Cablenut9
Mon Jul 05, 2021 11:55 pm
Forum: RouterBOARD hardware
Topic: Chateaux Firmware
Replies: 14
Views: 4630

Re: Chateaux Firmware

There's a super special v7 STABLE version only for Chateau. However, the regular downloader program doesn't know this and tries to download an incompatible version, but it doesn't tell you this. Chateau is also compatible with v7 BETA that is totally different.
by Cablenut9
Mon Jul 05, 2021 8:48 pm
Forum: General
Topic: Feature Request: Change TCP properties in mangle rules
Replies: 5
Views: 733

Re: Feature Request: Change TCP properties in mangle rules

give the ability to change every single aspect of the packet.
This is what I would love from RouterOS.
by Cablenut9
Mon Jul 05, 2021 8:24 pm
Forum: General
Topic: Feature Request: Change TCP properties in mangle rules
Replies: 5
Views: 733

Re: Feature Request: Change TCP properties in mangle rules

as firewall or as Desktop OS?
Both
by Cablenut9
Mon Jul 05, 2021 2:49 pm
Forum: General
Topic: Feature Request: Change TCP properties in mangle rules
Replies: 5
Views: 733

Feature Request: Change TCP properties in mangle rules

I need to be able to change things like the TCP scaling window and timestamp in the firewall, but I can't find any way to. Linux already has these features available, so what gives?
by Cablenut9
Sun Jul 04, 2021 8:17 pm
Forum: RouterOS beta
Topic: NTP Client is borked
Replies: 6
Views: 1917

NTP Client is borked

I can't get NTP Client to work at all on my RB4011 with 7.1beta6. I set it to Enabled, added addresses in the Servers section, yet it refuses to update. The same addresses worked on a different device with v6, so this is likely a bug with v7
by Cablenut9
Sun Jul 04, 2021 3:22 pm
Forum: RouterBOARD hardware
Topic: Holes at the low end of the CRS product line
Replies: 10
Views: 2921

Re: Holes at the low end of the CSR product line

I just need a simple, cheap CRS with 8-10 1G ethernet ports and only ONE SFP+ port.
by Cablenut9
Sun Jul 04, 2021 3:40 am
Forum: Beginner Basics
Topic: Firewall DNS instead of IP address
Replies: 14
Views: 3383

Re: Firewall DNS instead of IP address

There's obviously no way to add it directly to the firewall filter, but address lists have the same exact functionality with an extra step.
by Cablenut9
Sun Jul 04, 2021 3:19 am
Forum: Beginner Basics
Topic: Firewall DNS instead of IP address
Replies: 14
Views: 3383

Re: Firewall DNS instead of IP address

@Cablenut9 NO, can't, still impossible to add DNS entry on firewall filter. You can only suggest ANOTHER WAY
How is this possible if I have a 200 entry list with DoH domains?
by Cablenut9
Sun Jul 04, 2021 3:05 am
Forum: Beginner Basics
Topic: Firewall DNS instead of IP address
Replies: 14
Views: 3383

Re: Firewall DNS instead of IP address

Is it possible to add an ALLOW entry in the firewall that targets a DNS entry instead of an IP address? If so, how?
You can, but it's weird. To do it, make an entry of the DNS name in Address Lists and give it some name. Then, use that address list in your firewall rule.
by Cablenut9
Sat Jul 03, 2021 8:38 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 2813

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

The Fix: I just changed the WG port to 80 so it uses the same one as HTTP and this will work for now.
by Cablenut9
Sat Jul 03, 2021 7:18 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 2813

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

WG actually used to work before my RB4011 "bricked" and had to be rebooted, but not it doesn't. :( I can't find any differences between then and now, including the keys.
by Cablenut9
Sat Jul 03, 2021 6:41 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 2813

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

I'm setting the source port in my WG client to 4430 and I excluded source port 4430 from the NAT, but it's still not working. Is there another way to differentiate them? The WG is hosted on the router.
by Cablenut9
Sat Jul 03, 2021 5:50 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 2813

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

So, all I need to do to do QUIC NAT is to add a rule where dst-port=443 and src-port=1000-65000? Then I add a firewall input accept rule for src-port=443 and dst-port=443.
by Cablenut9
Sat Jul 03, 2021 4:07 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 2813

Separate Wireguard and QUIC in firewall rules [SOLVED]

I have a setup where I have a webserver that supports QUIC (UDP port 443) and Wireguard which can be any port. To bypass restrictive firewalls, I want it so that both WG and QUIC can work with my NAT but I need some way to differentiate between them. Could L7 filters work or is there a simpler way?
by Cablenut9
Sat Jul 03, 2021 4:10 am
Forum: RouterOS beta
Topic: v7 launch date
Replies: 156
Views: 48594

Re: v7 launch date

As 7.1beta7 runs stable for a month already I can't complain at the moment.
There's a beta7? Also, if there is a beta7, then I need it soon because my RB4011 keeps bricking itself with Wireguard.
by Cablenut9
Sat Jul 03, 2021 3:14 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 222
Views: 77760

Re: RB4011 and RB1100 AHx4 "bricks" randomly

I just had to spend 30 minutes on a video chat to reboot my RB4011 away form home, and I had the R2 version!
by Cablenut9
Sat Jul 03, 2021 12:04 am
Forum: General
Topic: RBwAPG-5HacT2HnD (WAP AC) discontinued?, what are my options? [SOLVED]
Replies: 3
Views: 929

Re: RBwAPG-5HacT2HnD (WAP AC) discontinued?, what are my options? [SOLVED]

The antennas are beefed up, but I'm not sure how the transmit power compares.
by Cablenut9
Sat Jul 03, 2021 12:01 am
Forum: Beginner Basics
Topic: Sailboat secondary Router issue
Replies: 10
Views: 1709

Re: Sailboat secondary Router issue

I would also upgrade the Groove to a Metal because you'll get better performance.
by Cablenut9
Fri Jul 02, 2021 1:35 am
Forum: Wireless Networking
Topic: LHG 60G Wireless Pipeline Throughput Dopbs by Half
Replies: 3
Views: 1150

Re: LHG 60G Wireless Pipeline Throughput Dopbs by Half

Make sure all the antennas are using different frequencies because at the end of the line, the data has to go through all of them and there could be signal leakage. Also, make sure your MCS values are good enough to sustain a fast enough connection.
by Cablenut9
Fri Jul 02, 2021 1:16 am
Forum: RouterOS beta
Topic: WebFig does not display all routes
Replies: 9
Views: 5700

Re: WebFig does not display all routes

This is just yet another issue with v7, so you'll have to wait.
by Cablenut9
Thu Jul 01, 2021 11:07 pm
Forum: RouterOS beta
Topic: Firewall TCP rules are missing
Replies: 1
Views: 1701

Firewall TCP rules are missing

I can't seem to add filters for TCP or IGMP flags/options in v7. However, my v6 devices have options galore for these filters. Will they be added in v7?
by Cablenut9
Thu Jul 01, 2021 8:40 pm
Forum: Wireless Networking
Topic: 60Ghz, it's your turn Mikrotik
Replies: 2
Views: 1120

Re: 60Ghz, it's your turn Mikrotik

802.11ay is coming, but the Big Mik at least still has a monopoly on low-cost 802.11ad (Wireless Wire).
by Cablenut9
Thu Jul 01, 2021 8:21 pm
Forum: RouterOS beta
Topic: RouterOS v7.1beta6: GRE/IPIP tunnel doesn't work [SOLVED]
Replies: 2
Views: 3047

Re: RouterOS v7.1beta6: GRE/IPIP tunnel doesn't work [SOLVED]

Mikrotik has a Mik-only keepalive mechanism, so try disabling that.
by Cablenut9
Thu Jul 01, 2021 5:17 pm
Forum: RouterBOARD hardware
Topic: CCR 2004 All SFP Crash
Replies: 8
Views: 4055

Re: CCR 2004 All SFP Crash

Contact the Big Mik's support because this sounds like a hardware problem.
by Cablenut9
Thu Jul 01, 2021 4:12 am
Forum: RouterBOARD hardware
Topic: Powerful hardware quality
Replies: 1
Views: 1332

Re: Powerful hardware quality

What else is not worth buy it?
https://youtu.be/8Gv0H-vPoDc
by Cablenut9
Wed Jun 30, 2021 11:23 pm
Forum: RouterBOARD hardware
Topic: CCR 2004 All SFP Crash
Replies: 8
Views: 4055

Re: CCR 2004 All SFP Crash

Give us the result of this: /export hide-sensitive
by Cablenut9
Wed Jun 30, 2021 7:42 pm
Forum: Beginner Basics
Topic: L2TP Question
Replies: 2
Views: 613

Re: L2TP Question

You can't, but you can work around that by using different profiles for the server.
by Cablenut9
Wed Jun 30, 2021 6:05 am
Forum: General
Topic: PCC with different send and return interfaces
Replies: 7
Views: 917

Re: PCC with different send and return interfaces

who's there
The (fire) Wall
by Cablenut9
Tue Jun 29, 2021 11:17 pm
Forum: Beginner Basics
Topic: Dual WAN selective routing; PCC or IP Routing rules?
Replies: 1
Views: 619

Re: Dual WAN selective routing; PCC or IP Routing rules?

PCC is just special IP routing rules, so I would try PCC and see if that works. You can specify any kind of traffic you want to go through any route you want.
by Cablenut9
Tue Jun 29, 2021 7:07 pm
Forum: General
Topic: PCC with different send and return interfaces
Replies: 7
Views: 917

Re: PCC with different send and return interfaces

Do I even need to add the extra rules?
by Cablenut9
Tue Jun 29, 2021 2:59 pm
Forum: General
Topic: PCC with different send and return interfaces
Replies: 7
Views: 917

PCC with different send and return interfaces

I'm using this presentation https://mum.mikrotik.com/presentations/US12/steve.pdf to do PCC. However, I'm getting stuck at the step where I add mangle rules to mark returning packets from WAN interfaces. In my network, I'm using IPIP tunnels to send data out, but due to the way I'm routing the netwo...
by Cablenut9
Tue Jun 29, 2021 2:51 pm
Forum: General
Topic: Allow IPIP from any address in network
Replies: 6
Views: 1077

Re: Allow IPIP from any address in network

I guess I would have to do what you said, but in my case about 50 of them.
by Cablenut9
Tue Jun 29, 2021 2:02 am
Forum: General
Topic: Allow IPIP from any address in network
Replies: 6
Views: 1077

Re: Allow IPIP from any address in network

Bump
by Cablenut9
Mon Jun 28, 2021 6:38 pm
Forum: General
Topic: Allow IPIP from any address in network
Replies: 6
Views: 1077

Allow IPIP from any address in network

I need to make an IPIP tunnel where it can receive packets from any address in a particular network, say 10.0.0.0/8. Is there a way to do this?
by Cablenut9
Mon Jun 28, 2021 5:03 pm
Forum: General
Topic: Can Someone Explain this!!!!
Replies: 20
Views: 2176

Re: Can Someone Explain this!!!!

The input traffic is higher because there's some housekeeping stuff happening.
by Cablenut9
Mon Jun 28, 2021 1:23 am
Forum: SwOS
Topic: IPv6 support for SwOS
Replies: 3
Views: 6525

Re: IPv6 support for SwOS

RouterOS is only just now getting good IPv6 support, so it's going to be a while before you can do that with SwOS.
by Cablenut9
Sun Jun 27, 2021 7:44 pm
Forum: General
Topic: What is rx-code-error?
Replies: 4
Views: 2645

Re: What is rx-code-error?

How does it compare to the FCS system used in L2? It seems like 4B/5B and MLT-3 errors are essentially layer-1 errors and FCS can be affected by this "code error."
by Cablenut9
Sun Jun 27, 2021 6:58 pm
Forum: General
Topic: ARRIS TM822
Replies: 1
Views: 490

Re: ARRIS TM822

Post your configuration here with
/export hide-sensitive
by Cablenut9
Sun Jun 27, 2021 6:37 pm
Forum: General
Topic: What is rx-code-error?
Replies: 4
Views: 2645

Re: What is rx-code-error?

Bump
by Cablenut9
Sun Jun 27, 2021 5:03 pm
Forum: RouterBOARD hardware
Topic: Going above 1Gbps - should I replace my router?
Replies: 7
Views: 3270

Re: Going above 1Gbps - should I replace my router?

Just get a CRS305 and use router-on-a-stick to give you 3 SFP+ ports to do anything with.
by Cablenut9
Sun Jun 27, 2021 2:42 pm
Forum: Wireless Networking
Topic: Mikrotik equipments to deploy small WISP
Replies: 6
Views: 1961

Re: Mikrotik equipments to deploy small WISP

Watch out, because raising the tower to 20 meters might make the project more expensive overall.
by Cablenut9
Sun Jun 27, 2021 2:05 am
Forum: Wireless Networking
Topic: Mikrotik equipments to deploy small WISP
Replies: 6
Views: 1961

Re: Mikrotik equipments to deploy small WISP

The closest thing that would be cheaper is the mANT 15s, although that might not be enough to hold a good link at the very edges of the village. Another even cheaper alternative is to get a Netmetal 5SHP and connect that to a single omnidirectional antenna like this one: https://multilink.us/ubiquit...
by Cablenut9
Sun Jun 27, 2021 1:11 am
Forum: Wireless Networking
Topic: Mikrotik equipments to deploy small WISP
Replies: 6
Views: 1961

Re: Mikrotik equipments to deploy small WISP

I would swap out the hAP lites with hAP minis since your speeds are so slow. They are cheaper and have the same specs except for 1 fewer ethernet port and no 802.11ac. To help make up for routing speed, I would use the SXTsq as the actual router and the hAP is just a WiFi access point. If a customer...
by Cablenut9
Sat Jun 26, 2021 4:14 pm
Forum: Beginner Basics
Topic: Is 50% CPU @ 50 MBps reasonable for RB2011 firewall/NAT/queue?
Replies: 5
Views: 1623

Re: Is 50% CPU @ 50 MBps reasonable for RB2011 firewall/NAT/queue?

The fix is to just switch to the RB4011 which is literally orders of magnitude more powerful and a lot newer than the RB2011.
by Cablenut9
Sat Jun 26, 2021 3:24 am
Forum: General
Topic: What is rx-code-error?
Replies: 4
Views: 2645

What is rx-code-error?

The Mik Wiki says the ethernet "rx-code-error" statistic is just the number of frames with a code error. What does this actually mean? I can't find anything about "ethernet code errors" anywhere.
by Cablenut9
Fri Jun 25, 2021 10:01 pm
Forum: General
Topic: Under flood attack, how resolve this ? [SOLVED]
Replies: 107
Views: 16978

Re: Under flood attack, how resolve this ? [SOLVED]

What's your native language?
  • 1
  • 2