Community discussions

MikroTik App

Search found 440 matches

  • 1
  • 2
by Cablenut9
Sat Jul 24, 2021 12:02 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 188
Views: 24286

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

CCR2004 trash hardware not usable in a professional network.
What's the alternative? The equivalent Cisco would cost 100 times as much.
by Cablenut9
Fri Jul 23, 2021 7:33 pm
Forum: General
Topic: Feature Request: RouterOS Nightly
Replies: 1
Views: 61

Feature Request: RouterOS Nightly

I think it would be an interesting proposition if we could download and install every new build of ROS to get the latest features, even if they don't even deserve a "beta" release yet. Firefox and lots of other software already has this, so why not RouterOS?
by Cablenut9
Fri Jul 23, 2021 4:30 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 11
Views: 425

Re: Mikrotik - Early Access beta hardware?

Yup ... buy new model devices from your local MT distributor and you're hooked up for beta testing. Or so it seems ...
Sad but true.
by Cablenut9
Thu Jul 22, 2021 8:50 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 36
Views: 2869

Re: MikroTik RB5009UG+S+IN

That mystery pad could also be the NAND as they pointed it out in the video and it was on the other side.
by Cablenut9
Thu Jul 22, 2021 5:37 am
Forum: General
Topic: IPTV Configuration
Replies: 4
Views: 256

Re: IPTV Configuration

Okay, let's bring you up to speed on what some people spend their whole careers on... 🙄

I advise asking only specific questions on huge topics like this. Open-ended ones either result in vague answers or reference manuals.
Go back to Reddit
by Cablenut9
Wed Jul 21, 2021 11:49 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 36
Views: 2869

Re: MikroTik RB5009UG+S+IN

Annapurna Labs AL32400: 4x1.7Ghz Cortex A57.
Looks like the A72 is actually faster than the A57, so that's bad. https://en.wikipedia.org/wiki/ARM_Corte ... prov=sfla1 What's also sad is that it's also used in the Raspberry Pi, so that's also poor value because the Pi can be had for $35.
by Cablenut9
Wed Jul 21, 2021 11:18 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 36
Views: 2869

Re: MikroTik RB5009UG+S+IN

Well, till then...
by Cablenut9
Wed Jul 21, 2021 10:49 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 6
Views: 217

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

This isn't a comment about Wireguard:
You can already get simple port knocking apps that work with any kind of setup, so why add it into the MT app?
by Cablenut9
Wed Jul 21, 2021 10:29 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 36
Views: 2869

Re: MikroTik RB5009UG+S+IN

The video (https://www.youtube.com/watch?v=Cmt33XMLTqI) says that it'll be the cheapest CCR, and that the passive cooling version is coming soon and it'll be 15% slower and have external power supplies.
by Cablenut9
Wed Jul 21, 2021 7:26 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 36
Views: 2869

Re: MikroTik RB5009UG+S+IN

Looks like the Marvell CPU used in the RB5009 is a Cortex A72, but now I need to compare this to the one in the CCR2004. Does anyone know what processor the 2004 uses?
by Cablenut9
Tue Jul 20, 2021 11:47 pm
Forum: RouterOS v7 BETA
Topic: Wireguard on wAP AC
Replies: 6
Views: 361

Re: Wireguard on wAP AC

Make sure the "allowed addresses" setting is set to 0.0.0.0/0. ROS has a bug where you have to set it through the terminal because the GUI keeps deleting it because eit thinks it's not needed.
by Cablenut9
Sun Jul 18, 2021 5:36 pm
Forum: Wireless Networking
Topic: Love MikroTik WISP Setup
Replies: 2
Views: 256

Re: Love MikroTik WISP Setup

What's your main internet connection? How many users will there be? What's the weather like? With Starlink coming faster than ever, there's no reason to offer only a paltry 5Mb/s. If you can, upgrade to the SXTsq lite5 ac so you can get the most out of your mANTBox 15s.
by Cablenut9
Sun Jul 18, 2021 2:35 pm
Forum: Useful user articles
Topic: How to almost get DPI with almost nothing but Mangle rules
Replies: 0
Views: 167

How to almost get DPI with almost nothing but Mangle rules

https://jghuff.com/blog/dpi/
This article shows how to get a DPI-like experience with the Mikrotik firewall by using a bunch of Mangle rules and a couple other firewall filters as well. In short, it filters based on port, TLS host, domain, address, and DNS requests.
by Cablenut9
Sat Jul 17, 2021 2:02 am
Forum: General
Topic: Ethernet Flow Control
Replies: 1
Views: 279

Ethernet Flow Control

Is there a good reason to turn it on in ROS? By default it's off on all of my devices so maybe there's a reason why it's that way.
by Cablenut9
Fri Jul 16, 2021 7:23 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 333

Re: Overriding netmap

All NAT rules try to match before anything in the filter section, so if any of your NAT rules match your traffic, then it gets "taken away" from any accept rules elsewhere. Try adding Dst. Address = !YY.YY.YY.101 to the NAT rule.
by Cablenut9
Fri Jul 16, 2021 6:35 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 333

Re: Overriding netmap

Then add Src. Address = !your-excluded-address to the netmap rule.
by Cablenut9
Fri Jul 16, 2021 6:04 pm
Forum: General
Topic: Overriding netmap
Replies: 6
Views: 333

Re: Overriding netmap

NAT rules come before any "filter" rule, so to fix this, exclude the ports 500 and 4500 from the netmap rule.
by Cablenut9
Fri Jul 16, 2021 2:39 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 101
Views: 11095

Re: v7 launch date

Because they have asked to test filters specifically.
Sorry for my ignorance, but why does anybody need route filters?
by Cablenut9
Fri Jul 16, 2021 2:26 am
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 1098

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

Another solution: My webserver which uses QUIC is protected by Buttflare. Since Buttflare has a set list of IPs that they request from, I can specify the NAT rule for QUIC (and also TCP 443) for only these IPs, and have the VPNs available for all other addresses. This also has a bonus feature of blo...
by Cablenut9
Fri Jul 16, 2021 1:04 am
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 449

Re: Netmetal maximum throughput?

uh, it definitely has 2 chains, or even three on one model.
There's one kind of Netmetal that only has 1 chain, but the others have 2/3. In that case, you can easily get a solid 450Mbps
by Cablenut9
Thu Jul 15, 2021 11:46 pm
Forum: Wireless Networking
Topic: Netmetal maximum throughput?
Replies: 7
Views: 449

Re: Netmetal maximum throughput?

You'll never get above about 300Mbps with the Netmetal because it only has 1-chain 802.11n/ac, and that's best-case!
by Cablenut9
Thu Jul 15, 2021 5:44 pm
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 bandwidth
Replies: 2
Views: 275

Re: wAP 60Gx3 bandwidth

If you do only "internal L2 routing" between the clients and the ap, you can really reach the gigabit sum,
I'm not using the gigabit port at all, but rather L3 routing between stations connected to the wAP itself.
by Cablenut9
Thu Jul 15, 2021 4:40 pm
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 bandwidth
Replies: 2
Views: 275

wAP 60Gx3 bandwidth

How much bandwidth does the wAP 60Gx3 have between the three phase-array antennas? I'm wanting to make a setup where lots of data will be sent to and from these antennas/radios but in the block diagram, there's no speed listed for the link between the CPU and the 60GHz radio. This likely means it's ...
by Cablenut9
Thu Jul 15, 2021 6:14 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 417

Re: Virtual interfaces for 60GHz

But why would you keep changing the MAC on the station side to begin with? Presumably you control both sides?
That's in case someone hacks a station and wants to subtly attack the network.
by Cablenut9
Thu Jul 15, 2021 5:45 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 417

Re: Virtual interfaces for 60GHz

Let's say I have an AP and a station. If the AP assigns slave interfaces based on each station, using the MAC to differentiate between them, then the AP will make a new interface for each MAC it sees. The script on the station changes its MAC to some random value every time it connects. The AP, thin...
by Cablenut9
Thu Jul 15, 2021 5:27 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 417

Re: Virtual interfaces for 60GHz

The station interfaces are only created after connect, but they are not dynamic, so they will stay there even if the far end goes down. Is this really true? If so, then what stops someone from making a script that changes the identity of some station and cramming the AP with a long list of dummy in...
by Cablenut9
Thu Jul 15, 2021 5:06 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 417

Virtual interfaces for 60GHz

Is it possible to have a virtual interface to which 60GHz stations can connect to? I want to have a setup where multiple wAPs connect to a single wAP 60x3 and that wAP 60x3 can create a PtP link from itself to any of the stations. However, I noticed in the MikWiki that the station interfaces are cre...
by Cablenut9
Wed Jul 14, 2021 11:45 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 85
Views: 57697

Re: Point-to-point (/31) addresses

but they fail when you use protocols that expect to be able to use broadcast over a link, like OSPF.
This partially untrue, as OSPF has PtP mode which eliminates address broadcasts, making /32 addresses the absolute simplest and easiest option, but only for PtP mode OSPF.
by Cablenut9
Wed Jul 14, 2021 11:43 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 188
Views: 24286

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

anyone has better results with 6.48.3?
https://tryitands.ee

Anyway, considering all the fixes in 6.48.3, I would expect there to be some improvement with the CCR2004.
by Cablenut9
Wed Jul 14, 2021 4:12 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 85
Views: 57697

Re: Point-to-point (/31) addresses

Normis, it seems /31 works fine on RouterOS v6 stable/long-term though?
/32 really cuts down on addresses though, and it follows the philosophy of "hosts have IP addresses, not interfaces"
by Cablenut9
Wed Jul 14, 2021 4:42 am
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 263

Re: Route traffic through IP tunnel after masquerading

I fixed it! If I add another rule to use the src-nat rule for all IPIP interfaces in addition to the masquerade rule for my other interfaces, it works great. /ip firewall nat add action=src-nat chain=srcnat out-interface-list=IPIP to-addresses=10.0.0.2 add action=masquerade chain=srcnat ipsec-policy...
by Cablenut9
Wed Jul 14, 2021 2:54 am
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 263

Re: Route traffic through IP tunnel after masquerading

Here's what I want to do: I need to encapsulate the router's IP two ways, both in the inner IP packet and on the outside IPIP packet so it looks like this: [Router Address][Dst Router Address](Router Address)(Some Dst Internet Address)(IP Packet Content)[IPIP Trailer] Could the regular src-nat actio...
by Cablenut9
Tue Jul 13, 2021 11:47 pm
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 263

Re: Route traffic through IP tunnel after masquerading

Is this possible with some route rule hack?
by Cablenut9
Tue Jul 13, 2021 10:51 pm
Forum: General
Topic: Route traffic through IP tunnel after masquerading
Replies: 3
Views: 263

Route traffic through IP tunnel after masquerading

I have problem where I have an IP tunnel to some other router and a NAT setup. When I try to ping 1.1.1.1 from R1, the IP tunnel interface on R2 shows that it is coming from a LAN address. However, this means that I'm encapsulating the traffic BEFORE the NAT masquerade. Is there a way to double this...
by Cablenut9
Tue Jul 13, 2021 6:26 pm
Forum: Forwarding Protocols
Topic: BGP ECMP (multipathing)
Replies: 53
Views: 20122

Re: BGP ECMP (multipathing)

It's on the roadmap for protocol support in the v7 status page
https://help.mikrotik.com/docs/display/ ... col+Status
I just need OSPF route conversion from v6 and then I'm golden.
by Cablenut9
Mon Jul 12, 2021 9:23 pm
Forum: RouterOS v7 BETA
Topic: IPv6 forwarding not working in 7.1beta6
Replies: 13
Views: 1699

Re: IPv6 forwarding not working in 7.1beta6

7.1beta6 is super buggy on the RB4011, so good thing you made that downgrade.
by Cablenut9
Mon Jul 12, 2021 2:16 am
Forum: RouterBOARD hardware
Topic: LHGG LTE6 reply timeout from modem
Replies: 4
Views: 1161

Re: LHGG LTE6 reply timeout from modem

to check for new version

/interface lte firmware-upgrade lte1

to download new firmware

interface lte firmware-upgrade lte1 upgrade=yes
This doesn't work with v28 because you can only download v27 right now.
by Cablenut9
Sun Jul 11, 2021 7:06 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 320
Views: 41511

Re: v7.1beta6 [development] is released!

It's July and we're due for beta7.
by Cablenut9
Sun Jul 11, 2021 4:48 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

My test network already has MIPS 880MHz 2-core and ARM 716MHz so I just want to see how much slower a SMIPS/MIPSBE device is.
by Cablenut9
Sun Jul 11, 2021 4:38 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

Maybe I should upgrade to a hAP which has 64MB RAM and is MIPSBE so I can get all the good features, or should I get a hAP Lite just for testing?
by Cablenut9
Sun Jul 11, 2021 4:30 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

My network could have a lot of SMIPS devices with OSPF in PtP mode, so each link will have at most 2 MAC addresses.
by Cablenut9
Sun Jul 11, 2021 4:25 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

Is this a real issue with SMIPS or something that can just happen in theory?
by Cablenut9
Sun Jul 11, 2021 4:11 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

Interesting, so how bad of a performance degredation can I expect?
by Cablenut9
Sun Jul 11, 2021 4:02 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

Looks like I don't need any of the things on that list for what I'm doing, so I'm going to try it and see.
by Cablenut9
Sun Jul 11, 2021 3:33 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

there's no explicit snmp, sntp, smb, radius, tftp packages
understand now?
That doesn't tell me what features SMIPS is missing.
by Cablenut9
Sun Jul 11, 2021 2:52 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

do not exist 1 packet for files, 1 paket for address, 1 packet for user, 1 packet for snmp, 1 packet for sntp, etc....
I don't know what this means, you might have gotten your Italian->English translation wrong.
by Cablenut9
Sun Jul 11, 2021 1:29 am
Forum: RouterBOARD hardware
Topic: E3372h-320 USB/lte1 problems constantly LTE1 link up-down
Replies: 56
Views: 20013

Re: E3372h-320 USB/lte1 problems constantly LTE1 link up-down

I don't understand why version 6 is called stable when it makes such a problem
Ironic, because the current v7 doesn't work with LTE at all.
by Cablenut9
Sun Jul 11, 2021 12:54 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

Re: What packages are missing from SMIPS?

Weird, because there's no explicit dot1x package, so it had to included in some other one. I suppose I'll have to buy a router with SMIPS and see.
by Cablenut9
Sun Jul 11, 2021 12:21 am
Forum: RouterBOARD hardware
Topic: What packages are missing from SMIPS?
Replies: 19
Views: 745

What packages are missing from SMIPS?

I know dot1x is missing from SMIPS Mikrotik devices. However, are there any other missing features? Having the routing package is a hard requirement for me, so I need to know in advance.
by Cablenut9
Sat Jul 10, 2021 9:53 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 1098

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

I just realized that I can use port knocking to add myself to an address list that gets redirected to Wireguard, and addresses that don't use port knocking get redirected to QUIC. Solved!
by Cablenut9
Sat Jul 10, 2021 4:28 pm
Forum: General
Topic: Congestion based QoS
Replies: 4
Views: 436

Re: Congestion based QoS

Bump, I think this kind of queue is also called SQM
by Cablenut9
Sat Jul 10, 2021 12:29 am
Forum: RouterOS v7 BETA
Topic: L2TP/IPsec tunnel erases configuration
Replies: 1
Views: 314

L2TP/IPsec tunnel erases configuration

I was setting up a L2TP/IPsec tunnel with a 7.1beta6 device on one end, and a 6.49beta46 on the other. After the interface was created after connecting, the v7.1 router crashed and erased the whole configuration. Luckily for me, I had made a backup the day prior just in case something like this happ...
by Cablenut9
Fri Jul 09, 2021 10:21 pm
Forum: General
Topic: Congestion based QoS
Replies: 4
Views: 436

Re: Congestion based QoS

Is this even possible?
by Cablenut9
Fri Jul 09, 2021 9:19 pm
Forum: General
Topic: Congestion based QoS
Replies: 4
Views: 436

Congestion based QoS

I'm interested in making a QoS setup where the queues come into effect when packets are lost, AKA when interface queues become used. My Mikrotik device uses an LTE interface and depending on where I take it, the speeds can range from 1 to 100 Mbps. If I used queue trees the usual way, I would have t...
by Cablenut9
Fri Jul 09, 2021 5:24 pm
Forum: RouterBOARD hardware
Topic: CCR2004 all port flap
Replies: 4
Views: 600

Re: CCR2004 all port flap

The CCR2004 has issues, so you might be out of luck for now until new software becomes available.
by Cablenut9
Fri Jul 09, 2021 4:42 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

route them via vpn like so: /ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=windows_update new-connection-mark=\ c_windows_update passthrough=yes add action=mark-packet chain=prerouting connection-mark=c_windows_update \ new-packet-mark=p_windows_update passthrough=...
by Cablenut9
Fri Jul 09, 2021 2:39 am
Forum: Wireless Networking
Topic: URGENT HELP remove SIM on wAP ac LTE6 kit
Replies: 20
Views: 841

Re: URGENT HELP remove SIM on wAP ac LTE6 kit

Are you using a SIM adapter? If so, then you might be out of luck.
by Cablenut9
Thu Jul 08, 2021 9:25 pm
Forum: RouterOS v7 BETA
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 1185

Re: OSPF distribute-default option is missing [SOLVED]

Have you tried 7.1beta6?
by Cablenut9
Thu Jul 08, 2021 9:02 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Does this setup look good? /ip firewall mangle add action=jump chain=prerouting comment=*xbox*.com dst-port=80,443 jump-target=tls protocol=tcp tls-host=*xbox*.com add action=jump chain=prerouting comment=*a-msedge.net dst-port=80,443 jump-target=tls protocol=tcp tls-host=*a-msedge.net add action=re...
by Cablenut9
Thu Jul 08, 2021 8:48 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

you would have to reject that packet with a TCP RST reply and also add the destination address to your address list.
I already added the destination address to the address list, but I can't think of a good way to send a TCP RST. Is there some feature or hack in ROS that can do this?
by Cablenut9
Thu Jul 08, 2021 7:11 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

So, here's a new plan: Match TLS hosts and the action is to jump to a custom chain. This custom chain has rules that simply add both the source and destination to address lists. Later in the prerouting chain, have a rule that matches these address lists and marks routes as going to the VPN.
by Cablenut9
Thu Jul 08, 2021 6:51 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

When does a client first send a packet with the TLS host? I forgot how the process works, but if it doesn't send it at first, then I'm definitely going to have to make another address list.
by Cablenut9
Thu Jul 08, 2021 5:52 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

When you catch that, it is too late to setup the TCP session via another path. Technically true, but HTTP(S) has a native 1/RTT feature that automatically restarts the connection if the path changes. And, if it doesn't work, then no data of value would be lost anyway since all I'm matching against ...
by Cablenut9
Thu Jul 08, 2021 3:46 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Now I have a quadruple-whammy setup that is easy on the CPU and the LTE modem. First, I start with rules that redirect ALL traffic on certain ports that only Windows and Apple devices use. If that doesn't work, I match traffic based on address-lists full of IPs and a handful of domains that can't be...
by Cablenut9
Thu Jul 08, 2021 3:36 pm
Forum: RouterOS v7 BETA
Topic: L3HW User Manual Updated
Replies: 16
Views: 1777

Re: L3HW User Manual Updated

How is there a 7.1beta7 listed if it hasn't been released yet, or are you just keeping it as up-to-date as possible?
by Cablenut9
Thu Jul 08, 2021 3:29 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

HELP! After adding all these domains to the address-list, my router is pulling a perpetual 200kb/s through the LTE modem. Is there a way to extend the TTL for DNS so it doesn't use so much data? Here's an alternative idea I just got: Use L7 regex and the big list of IPs together. However, use L7 to ...
by Cablenut9
Thu Jul 08, 2021 1:10 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

I just found this potential list that could work: https://support.apple.com/en-us/HT210060
by Cablenut9
Wed Jul 07, 2021 10:08 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Is there a similar list for Apple?
by Cablenut9
Wed Jul 07, 2021 7:21 pm
Forum: General
Topic: CCR2004-1G-12S+2XS SFP+ Upload issues
Replies: 14
Views: 915

Re: CCR2004-1G-12S+2XS SFP+ Upload issues

I had a similar problem and the issue was the SFP+ not autonegotiating to 1 gigabit, so it stayed on 10 gigabit and kept trying to push that kind of signal through a 1 gigabit interface in the other end.
by Cablenut9
Wed Jul 07, 2021 6:29 pm
Forum: General
Topic: CCR2004-1G-12S+2XS SFP+ Upload issues
Replies: 14
Views: 915

Re: CCR2004-1G-12S+2XS SFP+ Upload issues

The CCR2004 is notoriously bad at switching, so you probably need to use a real switch instead.
by Cablenut9
Wed Jul 07, 2021 6:10 pm
Forum: Beginner Basics
Topic: Disabling2.4GHZ wifi
Replies: 3
Views: 364

Re: Disabling2.4GHZ wifi

/interface wireless disable wlan1
by Cablenut9
Wed Jul 07, 2021 3:14 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 169
Views: 41594

Re: v6.49beta [testing] is released!

I'm getting a memory leak too, my device is already using 75% of 128MB in just a few hours.
by Cablenut9
Wed Jul 07, 2021 4:26 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Too late, I already did it! add address=activity.windows.com list=windows_telemetry add address=tile-service.weather.microsoft.com list=windows_telemetry add address=evoke-windowsservices-tas.msedge.net list=windows_telemetry add address=cdn.onenote.net list=windows_telemetry add address=spclient.wg...
by Cablenut9
Wed Jul 07, 2021 4:07 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Now I have the master list, but I need a good way to transfer it to an address-list. I found the quickest manual way was to get into the terminal and keep entering the last command where the domain is replaced with a new one every time. Would it be a good idea to get rid of the list of IP addresses ...
by Cablenut9
Wed Jul 07, 2021 3:52 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

there are official Micro$oft list of domains... LINK The problem is, this has non-Windows stuff as well (like ad domains) but I only need to masquerade addresses that are a "smoking gun" that there is a Windows machine in the network. I found a few candidates here: https://answers.microso...
by Cablenut9
Wed Jul 07, 2021 3:34 am
Forum: Wireless Networking
Topic: 6ghz and Automated Frequency Coordination
Replies: 3
Views: 463

Re: 6ghz and Automated Frequency Coordination

Looks like they're using HTTPS, which is pretty expected. However, this opens up problems like certificates expiring, and the fix might be to make the devices not care about certs. Then, that means I can bypass AFC checks and get more power over my devices :)
by Cablenut9
Wed Jul 07, 2021 3:21 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

You need to have an address-list, like the one crazy-max provides
What about L7 in addition to or instead of address-list?
by Cablenut9
Wed Jul 07, 2021 3:09 am
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52014

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

Explain it section by section, then give the "whole thing" at the end.
by Cablenut9
Wed Jul 07, 2021 3:08 am
Forum: General
Topic: Dollar sign in password
Replies: 5
Views: 416

Re: Dollar sign in password

Reset button, and of that doesn't work then do Netinstall.
by Cablenut9
Wed Jul 07, 2021 3:01 am
Forum: Beginner Basics
Topic: Tunneling VLAN traffic over Wireguard
Replies: 18
Views: 1112

Re: Tunneling VLAN traffic over Wireguard

Clamping MSS also makes things load faster because there's less fragmentation, so adding that rule is always a good thing.
by Cablenut9
Wed Jul 07, 2021 2:23 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

You have to understand that only the (unencrypted!) dns traffic between your Windows Client and the configured DNS Server (I assumed it's the Mikrotik Router) gets inspected/altered. It doesn't matter if you're using DoH on any upstream DNS Resolver. You didn't even come close to what I'm doing. To...
by Cablenut9
Wed Jul 07, 2021 2:14 am
Forum: Wireless Networking
Topic: wAP ac LTE6 HELP on wifi disconnections
Replies: 2
Views: 307

Re: wAP ac LTE6 HELP on wifi disconnections

Post your config with /export hide-sensitive
by Cablenut9
Wed Jul 07, 2021 1:12 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

only (small) dns packets will be matched against the L7 filter. In this case, the TLS version is unimportant. This is basically useless to me as I'm using DoH which hides all the DNS from attackers, but you already knew this. you'd have to use rextended's solution and mark sessions/packets based on...
by Cablenut9
Wed Jul 07, 2021 12:23 am
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Here's the pros and cons for each policy routing method:

Address list pros: Easy (?) on CPU, works with TLS 1.3
Cons: Changes because of CDNs, requires updates

L7 pros: Doesn't require updates
Cons: Hard (?) on CPU, doesn't work with TLS 1.3
by Cablenut9
Tue Jul 06, 2021 11:37 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Now I don't know what to do, use regex or use the address-lists. I probably shouldn't do both because that'd be a waste of CPU resources.
by Cablenut9
Tue Jul 06, 2021 9:52 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Your solution is useless because on close future DoH and DoT are used...
I'm also doing this, complete with verified certificate.
You always want easy things... :-)
I could make a C++ script to do it for me but I'm low on time. :)
by Cablenut9
Tue Jul 06, 2021 9:24 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

How am I supposed to add that into an address-list?
by Cablenut9
Tue Jul 06, 2021 9:21 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

I'm actually trying to make it so all Windows Update traffic gets redirected to a VPN because the device I'm doing this on is a hotspot and I don't want the cellular ISPs to see any Windows stuff. I also made an address-list with a bunch of Windows Update domains but I'm going to do the L7 regex as ...
by Cablenut9
Tue Jul 06, 2021 8:16 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

Re: "TLS Host" option doesn't work

Any help?
by Cablenut9
Tue Jul 06, 2021 7:17 pm
Forum: General
Topic: wApR and LTE (AT&T sim specifically) DENIED
Replies: 9
Views: 1478

Re: wApR and LTE (AT&T sim specifically) DENIED

I see some post about IMEI what was removed and I think no one write the way here. What are you saying here? Anyway, the way to change the LTE6's IMEI is here: https://www.reddit.com/r/mikrotik/comments/nr22yt/changing_the_imei_on_the_mikrotik_lte6_modem_no/ The website is down but the instructions...
by Cablenut9
Tue Jul 06, 2021 3:10 pm
Forum: General
Topic: "TLS Host" option doesn't work
Replies: 46
Views: 1581

"TLS Host" option doesn't work

I tried setting the TLS Host in a firewall rule to drop packets to download.windowsupdate.com and then in my computer I did this: curl https://download.windowsupdate.com and it worked. In other worlds, the TLS Host setting didn't work. What's the fix?
by Cablenut9
Tue Jul 06, 2021 1:50 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 169
Views: 41594

Re: v6.49beta [testing] is released!

Entries appear in the cache and then disappear a few seconds later, rendering DNS caching useless.
This often happens with things like PiHole where it returns a fake address of 0.0.0.0.
by Cablenut9
Mon Jul 05, 2021 11:55 pm
Forum: RouterBOARD hardware
Topic: Chateaux Firmware
Replies: 14
Views: 2408

Re: Chateaux Firmware

There's a super special v7 STABLE version only for Chateau. However, the regular downloader program doesn't know this and tries to download an incompatible version, but it doesn't tell you this. Chateau is also compatible with v7 BETA that is totally different.
by Cablenut9
Mon Jul 05, 2021 8:48 pm
Forum: General
Topic: Feature Request: Change TCP properties in mangle rules
Replies: 5
Views: 366

Re: Feature Request: Change TCP properties in mangle rules

give the ability to change every single aspect of the packet.
This is what I would love from RouterOS.
by Cablenut9
Mon Jul 05, 2021 8:24 pm
Forum: General
Topic: Feature Request: Change TCP properties in mangle rules
Replies: 5
Views: 366

Re: Feature Request: Change TCP properties in mangle rules

as firewall or as Desktop OS?
Both
by Cablenut9
Mon Jul 05, 2021 2:49 pm
Forum: General
Topic: Feature Request: Change TCP properties in mangle rules
Replies: 5
Views: 366

Feature Request: Change TCP properties in mangle rules

I need to be able to change things like the TCP scaling window and timestamp in the firewall, but I can't find any way to. Linux already has these features available, so what gives?
by Cablenut9
Sun Jul 04, 2021 8:17 pm
Forum: RouterOS v7 BETA
Topic: NTP Client is borked
Replies: 6
Views: 601

NTP Client is borked

I can't get NTP Client to work at all on my RB4011 with 7.1beta6. I set it to Enabled, added addresses in the Servers section, yet it refuses to update. The same addresses worked on a different device with v6, so this is likely a bug with v7
by Cablenut9
Sun Jul 04, 2021 3:22 pm
Forum: RouterBOARD hardware
Topic: Holes at the low end of the CRS product line
Replies: 10
Views: 1041

Re: Holes at the low end of the CSR product line

I just need a simple, cheap CRS with 8-10 1G ethernet ports and only ONE SFP+ port.
by Cablenut9
Sun Jul 04, 2021 3:40 am
Forum: Beginner Basics
Topic: Firewall DNS instead of IP address
Replies: 14
Views: 823

Re: Firewall DNS instead of IP address

There's obviously no way to add it directly to the firewall filter, but address lists have the same exact functionality with an extra step.
by Cablenut9
Sun Jul 04, 2021 3:19 am
Forum: Beginner Basics
Topic: Firewall DNS instead of IP address
Replies: 14
Views: 823

Re: Firewall DNS instead of IP address

@Cablenut9 NO, can't, still impossible to add DNS entry on firewall filter. You can only suggest ANOTHER WAY
How is this possible if I have a 200 entry list with DoH domains?
by Cablenut9
Sun Jul 04, 2021 3:05 am
Forum: Beginner Basics
Topic: Firewall DNS instead of IP address
Replies: 14
Views: 823

Re: Firewall DNS instead of IP address

Is it possible to add an ALLOW entry in the firewall that targets a DNS entry instead of an IP address? If so, how?
You can, but it's weird. To do it, make an entry of the DNS name in Address Lists and give it some name. Then, use that address list in your firewall rule.
by Cablenut9
Sat Jul 03, 2021 8:38 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 1098

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

The Fix: I just changed the WG port to 80 so it uses the same one as HTTP and this will work for now.
by Cablenut9
Sat Jul 03, 2021 7:18 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 1098

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

WG actually used to work before my RB4011 "bricked" and had to be rebooted, but not it doesn't. :( I can't find any differences between then and now, including the keys.
by Cablenut9
Sat Jul 03, 2021 6:41 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 1098

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

I'm setting the source port in my WG client to 4430 and I excluded source port 4430 from the NAT, but it's still not working. Is there another way to differentiate them? The WG is hosted on the router.
by Cablenut9
Sat Jul 03, 2021 5:50 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 1098

Re: Separate Wireguard and QUIC in firewall rules [SOLVED]

So, all I need to do to do QUIC NAT is to add a rule where dst-port=443 and src-port=1000-65000? Then I add a firewall input accept rule for src-port=443 and dst-port=443.
by Cablenut9
Sat Jul 03, 2021 4:07 pm
Forum: General
Topic: Separate Wireguard and QUIC in firewall rules [SOLVED]
Replies: 10
Views: 1098

Separate Wireguard and QUIC in firewall rules [SOLVED]

I have a setup where I have a webserver that supports QUIC (UDP port 443) and Wireguard which can be any port. To bypass restrictive firewalls, I want it so that both WG and QUIC can work with my NAT but I need some way to differentiate between them. Could L7 filters work or is there a simpler way?
by Cablenut9
Sat Jul 03, 2021 4:10 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 101
Views: 11095

Re: v7 launch date

As 7.1beta7 runs stable for a month already I can't complain at the moment.
There's a beta7? Also, if there is a beta7, then I need it soon because my RB4011 keeps bricking itself with Wireguard.
by Cablenut9
Sat Jul 03, 2021 3:14 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 207
Views: 46158

Re: RB4011 and RB1100 AHx4 "bricks" randomly

I just had to spend 30 minutes on a video chat to reboot my RB4011 away form home, and I had the R2 version!
by Cablenut9
Sat Jul 03, 2021 12:04 am
Forum: General
Topic: RBwAPG-5HacT2HnD (WAP AC) discontinued?, what are my options? [SOLVED]
Replies: 3
Views: 441

Re: RBwAPG-5HacT2HnD (WAP AC) discontinued?, what are my options? [SOLVED]

The antennas are beefed up, but I'm not sure how the transmit power compares.
by Cablenut9
Sat Jul 03, 2021 12:01 am
Forum: Beginner Basics
Topic: Sailboat secondary Router issue
Replies: 10
Views: 630

Re: Sailboat secondary Router issue

I would also upgrade the Groove to a Metal because you'll get better performance.
by Cablenut9
Fri Jul 02, 2021 1:35 am
Forum: Wireless Networking
Topic: LHG 60G Wireless Pipeline Throughput Dopbs by Half
Replies: 3
Views: 456

Re: LHG 60G Wireless Pipeline Throughput Dopbs by Half

Make sure all the antennas are using different frequencies because at the end of the line, the data has to go through all of them and there could be signal leakage. Also, make sure your MCS values are good enough to sustain a fast enough connection.
by Cablenut9
Fri Jul 02, 2021 1:16 am
Forum: RouterOS v7 BETA
Topic: WebFig does not display all routes
Replies: 5
Views: 558

Re: WebFig does not display all routes

This is just yet another issue with v7, so you'll have to wait.
by Cablenut9
Thu Jul 01, 2021 11:07 pm
Forum: RouterOS v7 BETA
Topic: Firewall TCP rules are missing
Replies: 1
Views: 442

Firewall TCP rules are missing

I can't seem to add filters for TCP or IGMP flags/options in v7. However, my v6 devices have options galore for these filters. Will they be added in v7?
by Cablenut9
Thu Jul 01, 2021 8:40 pm
Forum: Wireless Networking
Topic: 60Ghz, it's your turn Mikrotik
Replies: 2
Views: 442

Re: 60Ghz, it's your turn Mikrotik

802.11ay is coming, but the Big Mik at least still has a monopoly on low-cost 802.11ad (Wireless Wire).
by Cablenut9
Thu Jul 01, 2021 8:21 pm
Forum: RouterOS v7 BETA
Topic: RouterOS v7.1beta6: GRE/IPIP tunnel doesn't work [SOLVED]
Replies: 2
Views: 586

Re: RouterOS v7.1beta6: GRE/IPIP tunnel doesn't work [SOLVED]

Mikrotik has a Mik-only keepalive mechanism, so try disabling that.
by Cablenut9
Thu Jul 01, 2021 5:17 pm
Forum: RouterBOARD hardware
Topic: CCR 2004 All SFP Crash
Replies: 8
Views: 890

Re: CCR 2004 All SFP Crash

Contact the Big Mik's support because this sounds like a hardware problem.
by Cablenut9
Thu Jul 01, 2021 4:12 am
Forum: RouterBOARD hardware
Topic: Powerful hardware quality
Replies: 1
Views: 564

Re: Powerful hardware quality

What else is not worth buy it?
https://youtu.be/8Gv0H-vPoDc
by Cablenut9
Wed Jun 30, 2021 11:23 pm
Forum: RouterBOARD hardware
Topic: CCR 2004 All SFP Crash
Replies: 8
Views: 890

Re: CCR 2004 All SFP Crash

Give us the result of this: /export hide-sensitive
by Cablenut9
Wed Jun 30, 2021 7:42 pm
Forum: Beginner Basics
Topic: L2TP Question
Replies: 2
Views: 340

Re: L2TP Question

You can't, but you can work around that by using different profiles for the server.
by Cablenut9
Wed Jun 30, 2021 6:05 am
Forum: General
Topic: PCC with different send and return interfaces
Replies: 7
Views: 433

Re: PCC with different send and return interfaces

who's there
The (fire) Wall
by Cablenut9
Tue Jun 29, 2021 11:17 pm
Forum: Beginner Basics
Topic: Dual WAN selective routing; PCC or IP Routing rules?
Replies: 1
Views: 311

Re: Dual WAN selective routing; PCC or IP Routing rules?

PCC is just special IP routing rules, so I would try PCC and see if that works. You can specify any kind of traffic you want to go through any route you want.
by Cablenut9
Tue Jun 29, 2021 7:07 pm
Forum: General
Topic: PCC with different send and return interfaces
Replies: 7
Views: 433

Re: PCC with different send and return interfaces

Do I even need to add the extra rules?
by Cablenut9
Tue Jun 29, 2021 2:59 pm
Forum: General
Topic: PCC with different send and return interfaces
Replies: 7
Views: 433

PCC with different send and return interfaces

I'm using this presentation https://mum.mikrotik.com/presentations/US12/steve.pdf to do PCC. However, I'm getting stuck at the step where I add mangle rules to mark returning packets from WAN interfaces. In my network, I'm using IPIP tunnels to send data out, but due to the way I'm routing the netwo...
by Cablenut9
Tue Jun 29, 2021 2:51 pm
Forum: General
Topic: Allow IPIP from any address in network
Replies: 6
Views: 431

Re: Allow IPIP from any address in network

I guess I would have to do what you said, but in my case about 50 of them.
by Cablenut9
Tue Jun 29, 2021 2:02 am
Forum: General
Topic: Allow IPIP from any address in network
Replies: 6
Views: 431

Re: Allow IPIP from any address in network

Bump
by Cablenut9
Mon Jun 28, 2021 6:38 pm
Forum: General
Topic: Allow IPIP from any address in network
Replies: 6
Views: 431

Allow IPIP from any address in network

I need to make an IPIP tunnel where it can receive packets from any address in a particular network, say 10.0.0.0/8. Is there a way to do this?
by Cablenut9
Mon Jun 28, 2021 5:03 pm
Forum: General
Topic: Can Someone Explain this!!!!
Replies: 7
Views: 588

Re: Can Someone Explain this!!!!

The input traffic is higher because there's some housekeeping stuff happening.
by Cablenut9
Mon Jun 28, 2021 1:23 am
Forum: SwOS
Topic: IPv6 support for SwOS
Replies: 2
Views: 715

Re: IPv6 support for SwOS

RouterOS is only just now getting good IPv6 support, so it's going to be a while before you can do that with SwOS.
by Cablenut9
Sun Jun 27, 2021 7:44 pm
Forum: General
Topic: What is rx-code-error?
Replies: 4
Views: 441

Re: What is rx-code-error?

How does it compare to the FCS system used in L2? It seems like 4B/5B and MLT-3 errors are essentially layer-1 errors and FCS can be affected by this "code error."
by Cablenut9
Sun Jun 27, 2021 6:58 pm
Forum: General
Topic: ARRIS TM822
Replies: 1
Views: 249

Re: ARRIS TM822

Post your configuration here with
/export hide-sensitive
by Cablenut9
Sun Jun 27, 2021 6:37 pm
Forum: General
Topic: What is rx-code-error?
Replies: 4
Views: 441

Re: What is rx-code-error?

Bump
by Cablenut9
Sun Jun 27, 2021 5:03 pm
Forum: RouterBOARD hardware
Topic: Going above 1Gbps - should I replace my router?
Replies: 2
Views: 667

Re: Going above 1Gbps - should I replace my router?

Just get a CRS305 and use router-on-a-stick to give you 3 SFP+ ports to do anything with.
by Cablenut9
Sun Jun 27, 2021 2:42 pm
Forum: Wireless Networking
Topic: Mikrotik equipments to deploy small WISP
Replies: 6
Views: 632

Re: Mikrotik equipments to deploy small WISP

Watch out, because raising the tower to 20 meters might make the project more expensive overall.
by Cablenut9
Sun Jun 27, 2021 2:05 am
Forum: Wireless Networking
Topic: Mikrotik equipments to deploy small WISP
Replies: 6
Views: 632

Re: Mikrotik equipments to deploy small WISP

The closest thing that would be cheaper is the mANT 15s, although that might not be enough to hold a good link at the very edges of the village. Another even cheaper alternative is to get a Netmetal 5SHP and connect that to a single omnidirectional antenna like this one: https://multilink.us/ubiquit...
by Cablenut9
Sun Jun 27, 2021 1:11 am
Forum: Wireless Networking
Topic: Mikrotik equipments to deploy small WISP
Replies: 6
Views: 632

Re: Mikrotik equipments to deploy small WISP

I would swap out the hAP lites with hAP minis since your speeds are so slow. They are cheaper and have the same specs except for 1 fewer ethernet port and no 802.11ac. To help make up for routing speed, I would use the SXTsq as the actual router and the hAP is just a WiFi access point. If a customer...
by Cablenut9
Sat Jun 26, 2021 4:14 pm
Forum: Beginner Basics
Topic: Is 50% CPU @ 50 MBps reasonable for RB2011 firewall/NAT/queue?
Replies: 5
Views: 672

Re: Is 50% CPU @ 50 MBps reasonable for RB2011 firewall/NAT/queue?

The fix is to just switch to the RB4011 which is literally orders of magnitude more powerful and a lot newer than the RB2011.
by Cablenut9
Sat Jun 26, 2021 3:24 am
Forum: General
Topic: What is rx-code-error?
Replies: 4
Views: 441

What is rx-code-error?

The Mik Wiki says the ethernet "rx-code-error" statistic is just the number of frames with a code error. What does this actually mean? I can't find anything about "ethernet code errors" anywhere.
by Cablenut9
Fri Jun 25, 2021 10:01 pm
Forum: General
Topic: Under flood attack, how resolve this ? [SOLVED]
Replies: 107
Views: 4274

Re: Under flood attack, how resolve this ? [SOLVED]

What's your native language?
by Cablenut9
Fri Jun 25, 2021 3:59 pm
Forum: General
Topic: Under flood attack, how resolve this ? [SOLVED]
Replies: 107
Views: 4274

Re: Under flood attack, how resolve this ? [SOLVED]

Did you get the RB4011?
by Cablenut9
Fri Jun 25, 2021 4:31 am
Forum: General
Topic: From Mikrotik to Ubiquiti UniFi and back to Mikrotik
Replies: 43
Views: 3632

Re: From Mikrotik to Ubiquiti UniFi and back to Mikrotik

If you got Mikrotik APs, you might be able to have all those SSIDs by creating "virtual interfaces" which you then link the VLANs to.
by Cablenut9
Fri Jun 25, 2021 3:03 am
Forum: General
Topic: Under flood attack, how resolve this ? [SOLVED]
Replies: 107
Views: 4274

Re: Under flood attack, how resolve this ? [SOLVED]

Get the RB4011, and maybe you can add a firewall rule in the Raw section that just blocks all UDP except for DNS and QUIC.
by Cablenut9
Thu Jun 24, 2021 9:28 pm
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 54
Views: 13561

Re: Newsletter June 2021 (#100)

Sure there often are workarounds possible but apparently it still is the protocol of choice for large-scale ISPs.
Weird, as my provider (AT&T) only does DHCP with public IPs. Is this something that's especially popular with WISPs?
by Cablenut9
Thu Jun 24, 2021 9:00 pm
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 54
Views: 13561

Re: Newsletter June 2021 (#100)

PPPoE is a "funky setup"? 100% of our deployments are PPPoE. PPPoE became pointless as soon as dialup got replaced by cable modems and optic fibers. Today, DHCP and plain old ethernet work just as well and you have no PPPoE limitations to deal with. (aka a login that is limited specific t...
by Cablenut9
Thu Jun 24, 2021 8:05 pm
Forum: RouterOS v7 BETA
Topic: USB ethernet NIC is reported as LTE interface
Replies: 3
Views: 698

Re: USB ethernet NIC is reported as LTE interface

Many LTE modems appear as USB ethernet adapter. It's likely someone reported LTE modem that wasn't appearing as such and they just assigned same USB class to be LTE modems... This is pretty lazy, as basically all LTE modems support AT commands and other cellular function and no USB Ethernet adapter...
by Cablenut9
Thu Jun 24, 2021 4:09 am
Forum: RouterBOARD hardware
Topic: Block diagram "1 Gb/s": full or half duplex? [SOLVED]
Replies: 1
Views: 1090

Block diagram "1 Gb/s": full or half duplex? [SOLVED]

I noticed that the Wireless Wire can do a full duplex gigabit connection, yet the wAP 60G's block diagram shows a "1 Gb/s" link between the CPU and the ethernet port. Therefore, is a 1 gigabit link in a block diagram actually 2 gigabits because it can go either way? It would be nice if thi...
by Cablenut9
Thu Jun 24, 2021 2:22 am
Forum: RouterOS v7 BETA
Topic: Adding 3rd party packages
Replies: 5
Views: 832

Adding 3rd party packages

I just checked out OpenWRT's gigantic list of optional packages and it's scary how many there are and how many extra features you can get. Meanwhile, with Mikrotik, you only get what comes with RouterOS. Would it be possible to add the ability to install 3rd party packages in ROS v7?
by Cablenut9
Wed Jun 23, 2021 6:45 pm
Forum: General
Topic: to many winbox/dude sessions
Replies: 13
Views: 3438

Re: to many winbox/dude sessions

What license level do you have? Depending on it, you can only have so many sessions at one time.
by Cablenut9
Wed Jun 23, 2021 1:53 am
Forum: The User Manager
Topic: PROBLEM WITH MULTIPLE SAME USER PPPOE - HELP PLEASE
Replies: 3
Views: 1019

Re: PROBLEM WITH MULTIPLE SAME USER PPPOE - HELP PLEASE

Why is that spam-type posts are always about PPPoE?
by Cablenut9
Tue Jun 22, 2021 4:15 am
Forum: General
Topic: VLANs and address assignment
Replies: 8
Views: 504

Re: VLANs and address assignment

I'm actually thinking of making a ROAS setup where none of the ports are on a bridge, so they're all routed and can either have the same or different addresses.
by Cablenut9
Mon Jun 21, 2021 11:46 pm
Forum: RouterOS v7 BETA
Topic: USB ethernet NIC is reported as LTE interface
Replies: 3
Views: 698

USB ethernet NIC is reported as LTE interface

I'm using a hAP ac3 with a USB->Ethernet dongle and for some reason, v7beta6 thinks it's an LTE interface. It seems to work just fine, but almost nothing can be changed other than the MTU. I also can't add this interface to a bridge. The chip used inside the dongle is a common Realtek NIC, so what g...
by Cablenut9
Mon Jun 21, 2021 6:52 pm
Forum: General
Topic: VLANs and address assignment
Replies: 8
Views: 504

VLANs and address assignment

If I have some interface, like ether1, and a bunch of VLAN interfaces on it, like vlan2 and vlan3, does ether1's IP address "carry over" to the VLANs? If so, is there a way to disable this?
by Cablenut9
Mon Jun 21, 2021 4:59 pm
Forum: General
Topic: Lte passthrough not working...
Replies: 5
Views: 366

Re: Lte passthrough not working...

What version are you using?
by Cablenut9
Sun Jun 20, 2021 8:41 pm
Forum: Wireless Networking
Topic: P2P Link with SXTsq 5 AC for 3.5 KM link
Replies: 6
Views: 617

Re: P2P Link with SXTsq 5 AC for 3.5 KM link

There's no way to say for sure, so if you already have the SXTsq then it's worth a shot.
by Cablenut9
Sun Jun 20, 2021 8:37 pm
Forum: Wireless Networking
Topic: P2P Link with SXTsq 5 AC for 3.5 KM link
Replies: 6
Views: 617

Re: P2P Link with SXTsq 5 AC for 3.5 KM link

You can try it, but you won't get full speed. They have a chart showing what speed you can expect and to get the full 802.11ac speed, you'd have to stay within about 2km or 4km for the Disc.
by Cablenut9
Sun Jun 20, 2021 7:09 pm
Forum: RouterOS v7 BETA
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 1185

Re: OSPF distribute-default option is missing [SOLVED]

They did away with the default route as part of the instance configuration. From the help docs: All route distribution control is now done purely with routing filter select, no more redistribution knobs in the instance. This gives greater flexibility on what routes from which protocols you want to ...
by Cablenut9
Sun Jun 20, 2021 7:05 pm
Forum: Wireless Networking
Topic: P2P Link with SXTsq 5 AC for 3.5 KM link
Replies: 6
Views: 617

Re: P2P Link with SXTsq 5 AC for 3.5 KM link

You should get a Disc Lite5 ac instead, as the SXTsq is just plain wimpy for a 3.5KM connection.
by Cablenut9
Sun Jun 20, 2021 6:30 am
Forum: RouterOS v7 BETA
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 1185

Re: OSPF distribute-default option is missing [SOLVED]

They did away with the default route as part of the instance configuration. From the help docs: All route distribution control is now done purely with routing filter select, no more redistribution knobs in the instance. This gives greater flexibility on what routes from which protocols you want to ...
by Cablenut9
Sun Jun 20, 2021 3:36 am
Forum: General
Topic: /31 addresses
Replies: 1
Views: 296

/31 addresses

What's the deal with /31 subnets and Mikrotik support? I heard that you can't use them with ROS, although this might have been only a v7 thing.
by Cablenut9
Sat Jun 19, 2021 5:59 am
Forum: RouterOS v7 BETA
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 1185

OSPF distribute-default option is missing [SOLVED]

Yet another problem with v7 OSPF! I can't find a distribute-default setting anywhere for creating a default OSPF route. I need this for a network I want to build, but since it's not available in v7 yet, I'm out of luck. Will it ever be added again?
by Cablenut9
Sat Jun 19, 2021 3:25 am
Forum: Forwarding Protocols
Topic: Use OSPF with /32 subnets
Replies: 5
Views: 669

Re: Use OSPF with /32 subnets

I already selected the PtP network type, but it didn't work. I also set up loopback interfaces and added them to the interface templates. For some reason, I can't ping the other routers with /32 addresses even though all that connects them is a simple ethernet cable, and there's no firewall rules a...
by Cablenut9
Sat Jun 19, 2021 2:49 am
Forum: Forwarding Protocols
Topic: Use OSPF with /32 subnets
Replies: 5
Views: 669

Re: Use OSPF with /32 subnets

I already selected the PtP network type, but it didn't work. I also set up loopback interfaces and added them to the interface templates. For some reason, I can't ping the other routers with /32 addresses even though all that connects them is a simple ethernet cable, and there's no firewall rules at...
by Cablenut9
Sat Jun 19, 2021 12:02 am
Forum: Forwarding Protocols
Topic: Use OSPF with /32 subnets
Replies: 5
Views: 669

Use OSPF with /32 subnets

Is there a way to get OSPF working with Mikrotik routers that have /32 addresses? I'm interested in having a network where every router has only ONE unique address. If I used /24 or even /30 subnets, each router has multiple addresses I can route to. However, I only want one (1) address per router a...
by Cablenut9
Fri Jun 18, 2021 6:26 pm
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 25
Views: 1384

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

What if there was a special user available that had access to WebFig but with a "barebones" skin? Then all they can do is look at the logs to help support and add port-forward rules and nothing else.
by Cablenut9
Fri Jun 18, 2021 5:36 pm
Forum: RouterOS v7 BETA
Topic: OSPF interface templates don't properly match
Replies: 0
Views: 669

OSPF interface templates don't properly match

I'm setting up a barebones OSPF network between 2 hEXes with 7.1beta6 and using the OSPF interface templates, it can't match the instance to either an interface or network, but rather only when both the interfaces and networks are set. In the official Mikrotik Wiki, it shows this working with only o...
by Cablenut9
Fri Jun 18, 2021 2:29 am
Forum: Forwarding Protocols
Topic: Networking Education
Replies: 15
Views: 4059

Re: Networking Education

like one serial number and corresponding license?
This is genius, because the only people who post on this forum have at least 1 Mikrotik device.
by Cablenut9
Thu Jun 17, 2021 10:32 pm
Forum: Forwarding Protocols
Topic: Networking Education
Replies: 15
Views: 4059

Re: Networking Education

good post like it
the rain wets
It's a bot
by Cablenut9
Thu Jun 17, 2021 7:58 pm
Forum: SwOS
Topic: CSS106: Bricked? [SOLVED]
Replies: 1
Views: 1085

Re: CSS106: Bricked? [SOLVED]

Update: I fixed it by setting up a ping on my computer and by restarting it until the backup firmware loaded. Then, I set up a good static IP on the switch and let it download the new firmware.
by Cablenut9
Thu Jun 17, 2021 6:21 pm
Forum: SwOS
Topic: CSS106: Bricked? [SOLVED]
Replies: 1
Views: 1085

CSS106: Bricked? [SOLVED]

I just got a CSS106 and tried to upgrade the firmware. After waiting a few minutes, I rebooted and noticed that the version is unchanged. I tried it again and now the firmware is 2.7p. I kept trying this again a few more times, and now the switch can't get DHCP or have its webpage accessible. I can ...
by Cablenut9
Thu Jun 17, 2021 5:02 pm
Forum: General
Topic: Make a user group with specific permissions [SOLVED]
Replies: 3
Views: 418

Re: Make a user group with specific permissions [SOLVED]

I made an ultra-limited skin in WebFig and as it turns out, the new user group I made can't change the skin, so this is just what I needed. :)
by Cablenut9
Thu Jun 17, 2021 5:40 am
Forum: General
Topic: Make a user group with specific permissions [SOLVED]
Replies: 3
Views: 418

Make a user group with specific permissions [SOLVED]

Is it possible to make a user group that can read and write certain things only? If I give someone a router that I can control, I want them to be able to add dst-nat rules so they can port forward without needing to contact someone. However, I don't want them to be able to do anything else. I saw th...
by Cablenut9
Thu Jun 17, 2021 1:36 am
Forum: Wireless Networking
Topic: Which Outdoor Directional AP should i choose for my backyard? [SOLVED]
Replies: 5
Views: 930

Re: Which Outdoor Directional AP should i choose for my backyard? [SOLVED]

The mANTBOX 12s is better because it can receive signals better than the SXT2, and that's important with devices that can't send much out to begin with.
by Cablenut9
Thu Jun 17, 2021 12:43 am
Forum: Wireless Networking
Topic: Which Outdoor Directional AP should i choose for my backyard? [SOLVED]
Replies: 5
Views: 930

Re: Which Outdoor Directional AP should i choose for my backyard? [SOLVED]

If you can afford it, get a mANTBox 52 15s which has both 2.4 and 5GHz, giant antennas, high transmit power, and a slick-looking package in one.
by Cablenut9
Wed Jun 16, 2021 8:30 pm
Forum: General
Topic: 1:1 NAT DDoS protection?
Replies: 7
Views: 523

Re: 1:1 NAT DDoS protection?

If the router at the datacenter is equal to or less powerful than the one at the real network, then I can still do stuff at the protected network and I only have to think about the one at the datacenter. That basically means the NAT is a sacrificial setup that simply protects me from giant attacks.
by Cablenut9
Wed Jun 16, 2021 7:55 pm
Forum: General
Topic: 1:1 NAT DDoS protection?
Replies: 7
Views: 523

Re: 1:1 NAT DDoS protection?

The idea is to use the NAT as a choke point so the "real" network only gets as much as the router can pass through. That's actually what Cloudflare does, but on a bigger scale. Also, it's to help hide the real IP so it can't be targeted directly.
by Cablenut9
Wed Jun 16, 2021 5:42 pm
Forum: General
Topic: I want to use ISP2 for populair speedtest sites and also android apps
Replies: 2
Views: 302

Re: I want to use ISP2 for populair speedtest sites and also android apps

You can't do this if they use HTTPS, which most sites are, so you're probably out of luck. However, you could make a hack solution that checks how much data each connection is using and add that address to a list that ensures that they are used by ISP2.
by Cablenut9
Wed Jun 16, 2021 5:29 pm
Forum: General
Topic: Hardware recommendation for routing up to 2Gb/s
Replies: 6
Views: 556

Re: Hardware recommendation for routing up to 2Gb/s

You could combine a CRS305 and a RB4011 and get great routing with multiple SFP+ ports, and that's the next cheapest option after getting a CCR1036 with only 2 SFP+ ports.
by Cablenut9
Wed Jun 16, 2021 4:40 pm
Forum: General
Topic: 1:1 NAT DDoS protection?
Replies: 7
Views: 523

1:1 NAT DDoS protection?

Is it possible for me to use 1:1 NAT as a DDoS protection system? If I had some Mikrotik router colocated in a datacenter that had one firewall rule that creates a 1:1 NAT to my real IP address, then all people would see is the Mikrotik's address. However, this seems too simple to work, so will it?
by Cablenut9
Tue Jun 15, 2021 9:02 pm
Forum: Wireless Networking
Topic: 6.47.10 failure: frequency 66960 not supported on this interface
Replies: 4
Views: 1034

Re: 6.47.10 failure: frequency 66960 not supported on this interface

Mikrotik support wrote

this will be available on new 802.11ay hardware.
Unfortunately this cannot be used reliably on our existing 802.11ad devices - that is why this frequency support is removed
Sad, because Ubiquiti supports 71GHz on their 802.11ad hardware, which is way higher.
by Cablenut9
Mon Jun 14, 2021 8:42 pm
Forum: Wireless Networking
Topic: WIFI 6 Roadmap
Replies: 97
Views: 58696

Re: WIFI 6 Roadmap

Another thing with 6E is that the AFC system for outdoor usage won't be working until 2022, but of course I'll be working on a way to bypass it (through dst-nat rules!) when it goes live.
by Cablenut9
Mon Jun 14, 2021 5:27 am
Forum: General
Topic: Selective 1:1 NAT
Replies: 1
Views: 294

Selective 1:1 NAT

I have a weird setup I want to try. Let's say I have two routers and some client on some network. R1 (DHCP server) | R2 (switch/DHCP-proxy) | Client (LAN) I want R2 to act like a layer-2 passthrough, so basically a switch between the two ports that connect it to R1 and LAN. However, I want some rule...
by Cablenut9
Mon Jun 14, 2021 1:00 am
Forum: General
Topic: CCR smart cards
Replies: 1
Views: 310

CCR smart cards

Why do a few of the CCR models have a slot for a smart card? I can only think that they could be used for user authentication, but I don't know why you'd need to do that.
by Cablenut9
Mon Jun 14, 2021 12:20 am
Forum: RouterOS v7 BETA
Topic: R11e-LTE6 not working in 7.1beta6
Replies: 8
Views: 1091

Re: R11e-LTE6 not working in 7.1beta6

There are lot of reports with beta6 not working with LTE, do the fix is to either to go to beta5 or switch to v6.
by Cablenut9
Sun Jun 13, 2021 3:41 pm
Forum: General
Topic: wApR and LTE (AT&T sim specifically) DENIED
Replies: 9
Views: 1478

Re: wApR and LTE (AT&T sim specifically) DENIED

You can't send PMs on this forum.
by Cablenut9
Sun Jun 13, 2021 3:28 pm
Forum: Wireless Networking
Topic: Can't register SIM of mobinnet
Replies: 5
Views: 861

Re: Can't register SIM of mobinnet

I sometime have the same problem, but the fix was to simply get better reception of a tower.
by Cablenut9
Sat Jun 12, 2021 7:43 pm
Forum: RouterOS v7 BETA
Topic: R11e-LTE6 not working in 7.1beta6
Replies: 8
Views: 1091

Re: R11e-LTE6 not working in 7.1beta6

This is a common issue with beta6, go back to beta5.
by Cablenut9
Fri Jun 11, 2021 3:48 am
Forum: RouterOS v7 BETA
Topic: Feature Request : IPv6 Fasttrack
Replies: 19
Views: 2338

Re: Feature Request : IPv6 Fasttrack

Why isn't this a thing yet?
by Cablenut9
Wed Jun 09, 2021 4:24 am
Forum: Scripting
Topic: Some Music
Replies: 16
Views: 25495

Re: Some Music

RB4011 doesn't have a beeper :)
by Cablenut9
Sun Jun 06, 2021 2:45 am
Forum: Forwarding Protocols
Topic: A weird routing problem
Replies: 4
Views: 871

Re: A weird routing problem

Update: I think IPIP might work for this because it simply puts an IP header on top of the original IP packet. Then, the outer layer can be processed as if it were regular inter-network traffic, so normal routing will work for that. When the packet reaches the destination router, the inside gets ext...
by Cablenut9
Sun Jun 06, 2021 12:01 am
Forum: Forwarding Protocols
Topic: A weird routing problem
Replies: 4
Views: 871

Re: A weird routing problem

If I add R3 as the default route on the R2 VRF, does that mean I can't use R2 as a gateway for some traffic from R1?
by Cablenut9
Sat Jun 05, 2021 10:49 pm
Forum: Forwarding Protocols
Topic: A weird routing problem
Replies: 4
Views: 871

A weird routing problem

Let's say I have three Mikrotik routers, and each router has its own route to to to the Internet. R1 --- Internet | R2 --- Internet | R3 --- Internet I can set up OSPF so each router knows the best path to any destination on this routed network. However, I need a way for some traffic on R1 to reach ...
by Cablenut9
Thu Jun 03, 2021 5:17 am
Forum: Wireless Networking
Topic: R11e-4G change IMEI
Replies: 2
Views: 1934

Re: R11e-4G change IMEI

What error do you get with the 4G? If it has to do with "Production Mode" then this article might be handy: https://jghuff.com/blog/modem/
by Cablenut9
Thu Jun 03, 2021 2:05 am
Forum: General
Topic: Weighted load balancing
Replies: 1
Views: 332

Weighted load balancing

Is there a way to use PCC to give some routes more weight over another? It looks like PCC only does equal-weight which means each route has an equal Cha ce of being picked, but I'd like to have a setup where it prioritizes one gateway over another, so that if one is slower yah nthe other it doesn't ...
by Cablenut9
Mon May 31, 2021 2:17 am
Forum: Wireless Networking
Topic: USA Regulatory Domain - UNII-4 and UNII-2
Replies: 7
Views: 820

Re: USA Regulatory Domain - UNII-4 and UNII-2

That was a lot of words that boil down to "I don't agree with the laws so I choose to ignore them." That was the whole point of my post, as sometimes you have to do what you have to do. The firmware frequency/power locks requirement went into effect a bit over 5 years ago, so this is not ...
by Cablenut9
Sun May 30, 2021 9:50 pm
Forum: Wireless Networking
Topic: USA Regulatory Domain - UNII-4 and UNII-2
Replies: 7
Views: 820

Re: USA Regulatory Domain - UNII-4 and UNII-2

As such, what you're suggesting is illegal in the US, unfortunately. To clarify, not illegal to posess but illegal to use. Like clockwork, I get this boilerplate line every time something like this is brought up. However, there are a couple counterpoints: -> Many FCC rules are outdated or aren't en...
by Cablenut9
Sun May 30, 2021 6:44 pm
Forum: Forwarding Protocols
Topic: Setting OSPF interface cost by speed
Replies: 2
Views: 841

Setting OSPF interface cost by speed

On Cisco routers, you can change OSPF cost based on a couple bandwidth numbers and an equation based on those numbers. Is there a way to do this with Mikrotik?
by Cablenut9
Sun May 30, 2021 3:46 pm
Forum: Wireless Networking
Topic: USA Regulatory Domain - UNII-4 and UNII-2
Replies: 7
Views: 820

Re: USA Regulatory Domain - UNII-4 and UNII-2

Your idea would absolutely work for the standard/international version of the hardware! This inflexibility is a regulatory restriction that caused Mikrotik to have to ship a completely separate version of every device: the standard models that are completely configurable to the limits of the actual...
by Cablenut9
Sun May 30, 2021 4:03 am
Forum: Wireless Networking
Topic: USA Regulatory Domain - UNII-4 and UNII-2
Replies: 7
Views: 820

Re: USA Regulatory Domain - UNII-4 and UNII-2

Hotfix: Use Superchannel mode to get these new frequencies without having to upgrade to some future version for now. Mikrotik is usually sloooow to add new features, so it may be a while.
by Cablenut9
Fri May 28, 2021 2:55 am
Forum: Beginner Basics
Topic: L2TP server to use same pool as LAN
Replies: 5
Views: 451

Re: L2TP server to use same pool as LAN

Actually, you could use L2TP BCP to get a DHCP address, but only things like routers support it.
by Cablenut9
Wed May 26, 2021 8:04 pm
Forum: General
Topic: Block everything EXCEPT PPPoE
Replies: 6
Views: 438

Re: Block everything EXCEPT PPPoE

What is the use case for this setup? Ensuring only PPPOE traffic reaches my ISP. It would also be a use case for ISPs in the forum to secure their PPPOE ACs, they might not want to put their ACs in a bridge. What's the point? Route everything that comes into the router over PPPoE and than you don't...
by Cablenut9
Wed May 26, 2021 5:11 pm
Forum: RouterOS v7 BETA
Topic: L2TP/IPSec crashes RB4011
Replies: 5
Views: 791

Re: L2TP/IPSec crashes RB4011

You might better post this in the version specific topic:
viewtopic.php?f=1&t=175369
I already did, but this forum section is also specifically to report issues with v7.
by Cablenut9
Wed May 26, 2021 4:45 pm
Forum: RouterOS v7 BETA
Topic: L2TP/IPSec crashes RB4011
Replies: 5
Views: 791

Re: L2TP/IPSec crashes RB4011

Just to confirm: on a "loadtest" using VPN your RB4011 reboots?

Perhaps you can share your configuration to have a better understanding of your environment?
/export hide-sensitive file=anythingyoulike
It reboots on a load test, and here's my whole configuration.
by Cablenut9
Wed May 26, 2021 4:06 pm
Forum: RouterOS v7 BETA
Topic: L2TP/IPSec crashes RB4011
Replies: 5
Views: 791

L2TP/IPSec crashes RB4011

I have a L2TP/IPSec setup with my RB4011 and an Android 11 device. When my phone was using Android 10, I could connect to the VPN and do whatever I needed. However, with the new update, it crashes whenever I push some "real data" through. This means that speedtests result in a reboot, even...
by Cablenut9
Wed May 26, 2021 5:41 am
Forum: Beginner Basics
Topic: New to Mikrotik
Replies: 14
Views: 1395

Re: New to Mikrotik

Mikrotik isn't even close to being as automatic as you might think it is, unlike erro and those junk mesh WiFi systems. Follow the guides above and you'll have a head start in the "real world" of networking!
by Cablenut9
Mon May 24, 2021 11:00 pm
Forum: General
Topic: Bandwidth issues with WireGuard and 7.1beta6
Replies: 9
Views: 710

Re: Bandwidth issues with WireGuard and 7.1beta6

Try a regular bandwidth test so you can rule out anything that isn't WG.
by Cablenut9
Sat May 22, 2021 8:05 pm
Forum: RouterOS v7 BETA
Topic: RB3011 memory leak and random crash
Replies: 5
Views: 794

Re: RB3011 memory leak and random crash

Latest Beta v7.1 b6.
Image
by Cablenut9
Sat May 22, 2021 3:55 am
Forum: General
Topic: 802.1aq
Replies: 2
Views: 385

Re: 802.1aq

Bump
by Cablenut9
Fri May 21, 2021 7:02 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 320
Views: 41511

Re: v7.1beta6 [development] is released!

If you want the latest features and have reliability, go to Cisco and pay an enormous amount per year for licensing.
by Cablenut9
Fri May 21, 2021 6:00 am
Forum: General
Topic: 802.1aq
Replies: 2
Views: 385

802.1aq

Now that we have MLAG, the next step for RouterOS is to add in 802.1aq support. This means that we won't have to ever configure RSTP or MLAG ever again because it .1aq automatically handles it all by distributing traffic over redundant links. Will it ever be added?
by Cablenut9
Fri May 21, 2021 5:25 am
Forum: Wireless Networking
Topic: Best Wireless Router for Warehouse
Replies: 11
Views: 1241

Re: Best Wireless Router for Warehouse

If you need to receive some weak signal from far away, I would try a mANTBox 19s or 52 15s.
by Cablenut9
Thu May 20, 2021 2:38 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 320
Views: 41511

Re: v7.1beta6 [development] is released!

my LTE stopped working after upgrading (from beta3). This is simply ridiculous. board: rbm33g modem: R11e-LTE6 firmware: R11e-LTE6_V026 after upgrading the board it booted with "A newer version of modem firmware is available!" sign at the top of the modem page. pin status is ok but "...
by Cablenut9
Wed May 19, 2021 5:03 pm
Forum: Beginner Basics
Topic: Dst-nat don't work
Replies: 4
Views: 539

Re: Dst-nat don't work

Do this:
/export hide-sensitive
by Cablenut9
Wed May 19, 2021 4:52 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 320
Views: 41511

Re: v7.1beta6 [development] is released!

I just noticed that MPLS is back in Winbox! Also, I keep getting crashes with L2TP and Android 11.
by Cablenut9
Wed May 19, 2021 6:25 am
Forum: General
Topic: Is there a fiber-optic Mikrotik modem?
Replies: 4
Views: 477

Re: Is there a fiber-optic Mikrotik modem?

You know the differencies between GPON (XGS-PON, AON and other "dialup" technology) and "regular" SFP ethernet transceiver?
The difference is that GPON SFPs are harder to find for sale, while regular ethernet ones are basically everywhere.
by Cablenut9
Mon May 17, 2021 4:24 pm
Forum: Beginner Basics
Topic: LTE Monitor
Replies: 1
Views: 381

Re: LTE Monitor

Use Tool -> Torch and that gives you a big list of all the traffic going through that interface.
by Cablenut9
Sat May 15, 2021 12:01 am
Forum: General
Topic: DFS is making me nuts
Replies: 4
Views: 547

Re: DFS is making me nuts

I can select USA as the country and then use super channel to bypass the regulations, but I really don't like doing that.
Take it or leave it
by Cablenut9
Fri May 14, 2021 5:26 pm
Forum: RouterOS v7 BETA
Topic: L2TP/IPsec crashes with Android 11 client
Replies: 2
Views: 825

Re: L2TP/IPsec crashes with Android 11 client

They don't want supout files with beta versions, only v6 right now.
by Cablenut9
Fri May 14, 2021 6:15 am
Forum: RouterOS v7 BETA
Topic: L2TP/IPsec crashes with Android 11 client
Replies: 2
Views: 825

L2TP/IPsec crashes with Android 11 client

After updating my phone to Android 11, I can't connect to my RB4011 running 7.1beta5 for more than 30 seconds before the RB crashes and reboots. I don't get anything in the logs other than a regular reboot message. And, I can't just downgrade to a lower ROS version because I need Wireguard.
by Cablenut9
Thu May 13, 2021 10:32 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 101
Views: 11095

Re: v7 launch date

If the older routing protocols and engine were not designed around route caching, we probably would be on a much more modern kernel already.
Why did they do this?
by Cablenut9
Wed May 12, 2021 7:06 pm
Forum: Wireless Networking
Topic: Forcing Mobile phone to Prioritize Connection on Mikrotik Hotspot
Replies: 2
Views: 600

Re: Forcing Mobile phone to Prioritize Connection on Mikrotik Hotspot

Is your phone connecting to other hotspots but you don't want it to?
by Cablenut9
Tue May 11, 2021 12:57 am
Forum: General
Topic: wApR and LTE (AT&T sim specifically) DENIED
Replies: 9
Views: 1478

Re: wApR and LTE (AT&T sim specifically) DENIED

There's a way to change the IMEI if AT&T restricts it (and they do for a couple special plans) but since it's a bit of a secret, I'm not sure how I can share it because there are no PMs in this forum. I sometimes have my wAP denied if it can't find a good enough tower to connect to, so that coul...
by Cablenut9
Fri May 07, 2021 6:13 pm
Forum: General
Topic: The Dude: Is it still supported? [SOLVED]
Replies: 4
Views: 603

Re: The Dude: Is it still supported? [SOLVED]

If you're desperate for something newer, try Zabbix.
by Cablenut9
Fri May 07, 2021 3:32 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1666

Re: Decrease in software quality from mikrotik?

I just make sure my equipment is the "International" version so I can select superchannel mode and never get any false positives in my APs. However, it shouldn't interfere with radar much because all the APs are in a location that is hostile to signals getting anywhere.
by Cablenut9
Fri May 07, 2021 6:44 am
Forum: General
Topic: How to change SXT LTE imei?
Replies: 17
Views: 7690

Re: How to change SXT LTE imei?

There's actually a way to change the IMEI with the LTE and LTE6 modem, but it involves a secret AT command and some reboot procedure.
by Cablenut9
Thu May 06, 2021 7:51 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 1128

Re: VPN L2TP/IPSEC RouterOS 6.11

pptp vpn
Image
by Cablenut9
Wed May 05, 2021 2:38 pm
Forum: Beginner Basics
Topic: MIKROTIK wAP ac LTE6 kit [SOLVED]
Replies: 1
Views: 428

Re: MIKROTIK wAP ac LTE6 kit [SOLVED]

Sounds like you got a dud, either try to fix it or get a new one.
by Cablenut9
Tue May 04, 2021 9:46 pm
Forum: Beginner Basics
Topic: Wireguard IPv6 configuration
Replies: 2
Views: 489

Re: Wireguard IPv6 configuration

I'm suspecting that ROS doesn't support Wireguard over IPv6. Wait until the next beta release to see if it changes
by Cablenut9
Tue May 04, 2021 1:59 pm
Forum: General
Topic: Remove old bandwidth= feature
Replies: 3
Views: 319

Re: Remove old bandwidth= feature

Try using a simple queue instead.
by Cablenut9
Mon May 03, 2021 7:37 pm
Forum: Beginner Basics
Topic: Opening SXT Case?
Replies: 6
Views: 495

Re: Opening SXT Case?

If it breaks then you haven't damaged anything of value.
I haven't? A brand next SXT kit/case?
Well yeah, you're not likely to break a brand new SXT, but if you do, then maybe it wasn't worth much to begin with.
by Cablenut9
Mon May 03, 2021 7:25 pm
Forum: Beginner Basics
Topic: Opening SXT Case?
Replies: 6
Views: 495

Re: Opening SXT Case?

If it breaks then you haven't damaged anything of value.
by Cablenut9
Mon May 03, 2021 7:07 pm
Forum: Beginner Basics
Topic: Opening SXT Case?
Replies: 6
Views: 495

Re: Opening SXT Case?

Get a set of tiny screwdrivers. Now pry the SXT open at the little gaps they leave on the seam where the two halves of the case meet.
by Cablenut9
Mon May 03, 2021 7:03 pm
Forum: Beginner Basics
Topic: RB4011 router-on-a-stick
Replies: 6
Views: 799

Re: RB4011 router-on-a-stick

Your setup is almost exactly how I do mine, but MAKE SURE your PHY rates make sense on all sides, as I had that happen and my internet speeds got sliced 20x.
by Cablenut9
Sun May 02, 2021 3:42 pm
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 10
Views: 1397

Re: Wifi between concrete walls

I would start with this: https://mikrotik.com/product/lhg_xl_2
by Cablenut9
Fri Apr 30, 2021 5:08 pm
Forum: General
Topic: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t
Replies: 5
Views: 464

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Switch to 7.1beta5 and enjoy that 64 bit time.
by Cablenut9
Thu Apr 29, 2021 6:21 pm
Forum: General
Topic: Mikrotik,pihole & unbound. [SOLVED]
Replies: 19
Views: 2618

Re: Mikrotik,pihole & unbound. [SOLVED]

You can't use a Mikrotik device as a DoH server, only a client. Here are some good things you can do to make a better DNS setup: -> Set up a Netwatch to disable the redirect when the PiHole goes down. -> Exclude the PiHole's address from the DNS redirect. -> Set up a backup PiHole that gets used whe...
by Cablenut9
Thu Apr 29, 2021 4:25 am
Forum: Scripting
Topic: Send SMS from different router
Replies: 2
Views: 713

Re: Send SMS from different router

That said... You could use ssh for you solution with sms.
How could this be done in ROS?
by Cablenut9
Thu Apr 29, 2021 1:52 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1136

Re: VRRP connection tracking and preemption mode

The problem with using an Owner router is that ROS simply doesn't support it. I'd like for connection switching to be as seamless as possible, as some of the users in the home where this is being used complain about their internet suddenly going out, which tracking might help a little with.
by Cablenut9
Thu Apr 29, 2021 12:06 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1136

VRRP connection tracking and preemption mode

I want to set up VRRP with preemption mode and connection tracking sync at the same time. However, both my routers complain that these settings are mutually exclusive. The goal is to have a "main router" connected to fiber internet that we want as much as possible. It should sync its conne...
by Cablenut9
Tue Apr 27, 2021 4:13 am
Forum: General
Topic: L2TP IPSEC site to site behind NAT [SOLVED]
Replies: 17
Views: 1953

Re: L2TP IPSEC site to site behind NAT [SOLVED]

In IP -> IPsec, is the traverse-nat option enabled in IPsec settings?
by Cablenut9
Tue Apr 27, 2021 3:41 am
Forum: RouterOS v7 BETA
Topic: Interface setting proxy-arp could be broken
Replies: 1
Views: 743

Interface setting proxy-arp could be broken

With my L2TP/IPsec tunnels I can't get proxy-arp working with 7.1beta5, as I can't get ARP from any devices on the local network. Regular websites work just fine and I can connect to the router itself, but nothing else. It's sad that so much stuff is broken in the 7.1 betas and I can't just not use ...
by Cablenut9
Tue Apr 27, 2021 1:43 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47047

Re: v7.1beta5 [development] is released!

I just got a random reboot on my RB4011 running 7.1b5, all I get in the log is that it was rebooted without a proper shutdown. Memory usage was normal beforehand so it likely wasn't a memory leak.
by Cablenut9
Mon Apr 26, 2021 10:31 pm
Forum: Scripting
Topic: Send SMS from different router
Replies: 2
Views: 713

Send SMS from different router

I have a setup where I have two redundant routers with VRRP, and one has a fiber internet connection and the other has LTE. Is there a way to make a script send an SMS from the LTE device, but have that message be initiated by the other router? I'd like to be able to get text messages when some even...
by Cablenut9
Sun Apr 25, 2021 5:30 am
Forum: Forwarding Protocols
Topic: MPLS Queue Problem.
Replies: 1
Views: 759

Re: MPLS Queue Problem.

Give us the results of this:
/export hide-sensitive
by Cablenut9
Fri Apr 23, 2021 5:02 pm
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 1179

Re: RB4011 ROS takes up an order of magnitude more space

Ironic, because back when I was running The Dude on a 2GB MicroSD on a hEX S, the total used space was less than whatever space the inodes are taking up here. ROS should let you know what kinds of things are using up the space, not a generic "space used/available"
by Cablenut9
Fri Apr 23, 2021 5:28 am
Forum: General
Topic: Massive slowdown after upgrading to routeros 6.48.2
Replies: 5
Views: 771

Re: Massive slowdown after upgrading to routeros 6.48.2

If you're getting limited to 90 Mbps, check the "link rate" of your WAN connection. If it's 100 Mbps, then there's your problem.
by Cablenut9
Fri Apr 23, 2021 1:16 am
Forum: Wireless Networking
Topic: DISC Lite5 AC 9dB only?
Replies: 12
Views: 1038

Re: DISC Lite5 AC 9dB only?

well, it really didn't. I can lie about the antenna gain to get more output, but I shouldn't have to. I have 42dB available but I'm definitely limited to 30. If I set the gain to 21, I get 9dB output. 19 and I get 11dB. Is this an error in the U-NII-1 coding for UnitedStates3? They don't know what ...
by Cablenut9
Fri Apr 23, 2021 12:43 am
Forum: Wireless Networking
Topic: DISC Lite5 AC 9dB only?
Replies: 12
Views: 1038

Re: DISC Lite5 AC 9dB only?

Try this:
/interface wireless set [find] antenna-gain=0
because your antenna gain is likely set to a gigantic number.
by Cablenut9
Thu Apr 22, 2021 11:20 pm
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 1179

Re: RB4011 ROS takes up an order of magnitude more space

I found out that it's not just the system package that takes up space but other files as well. However, I still don't know what those other files are.
  • 1
  • 2