Community discussions

MikroTik App

Search found 1685 matches

by tangent
Sat Dec 07, 2024 5:23 am
Forum: Beginner Basics
Topic: Internet Failover on hex lite is possible?
Replies: 4
Views: 429

Re: Internet Failover on hex lite is possible?

The front-panel labels give the default configuration of those ports' Internet/LAN roles. Nothing in RouterOS prevents reassigning those ports to different roles. Contrast the “PoE in” label, which informs you of a hardware limitation. You can’t move that role at will; there is no mere configuration...
by tangent
Mon Dec 02, 2024 5:38 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51527

Re: v7.17rc [testing] is released!

add an ULA address Yes, that's a superior solution, because it solves a second, related problem: what to put in for "/ipv6/nd/set … dns=??" Before, I was using ::1 from my ISP-assigned GUA pool, but now I'm telling peers to send it to the ULA. Because the ULA range isn't advertised, none ...
by tangent
Mon Dec 02, 2024 12:57 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51527

Re: v7.17rc [testing] is released!

In prior versions, this worked: /ipv6/firewall/nat add action=dst-nat chain=dstnat dst-port=53 protocol=udp to-address=::1/128 add action=dst-nat chain=dstnat dst-port=53 protocol=tcp to-address=::1/128 The intent behind this is to redirect all IPv6 DNS requests from the LAN to the local DNS server ...
by tangent
Wed Nov 27, 2024 10:37 am
Forum: Beginner Basics
Topic: bridge has stopped working, all ports marked as not running
Replies: 12
Views: 779

Re: bridge has stopped working, all ports marked as not running

Thank you, @EdPa. I was not looking forward to needing to filter these useless comments from my text backups, and I found no use for these inconsequential complaints in WinBox for each of my currently-unused ports.
by tangent
Tue Nov 26, 2024 2:39 am
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 819

Re: Configuring an additional container to host a local website

there is a "REST API" Better ? MT has mentioned "serial passthrough" in some forum postings, similar to USB passthrough. Is that something that exists, or is merely acknowledged as having made it from our wishlist to theirs? That is, are you asking for serial control to be added...
by tangent
Mon Nov 25, 2024 9:59 pm
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 819

Re: Configuring an additional container to host a local website

I've updated my Container Limitations article to cover these latter details. I chose not to address the topic's primary question since you can cause this same port number conflict under Docker and Podman, too, most easily by giving the --host flag. I can't justify calling this a "limitation&quo...
by tangent
Mon Nov 25, 2024 6:47 am
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 819

Re: Configuring an additional container to host a local website

In a full-featured container engine, you have to do both, but now that you mention it, yeah, container.npk ignores the EXPOSE directive, doesn’t it?
by tangent
Mon Nov 25, 2024 3:50 am
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 819

Re: Configuring an additional container to host a local website

Without having tried it, I’m willing to guess that they’re both trying to bind to the same port, likely 8080. You can’t have two programs (pihole and nginx in this case) binding to the same TCP port on the same IP address. If I’m right, giving one of the two a different port will require rebuilding ...
by tangent
Fri Nov 22, 2024 8:06 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51527

Re: v7.17rc [testing] is released!

Why are all of my unused network ports now marked with red "not running" errors in WinBox and matching comments in "/interface/bridge/export" output? Unused ports is not an error. I'm not going to remove these ports from the bridge just because there isn't something plugged into ...
by tangent
Fri Nov 22, 2024 7:36 pm
Forum: Wireless Networking
Topic: "not responding" - f.k.a. SA Query timeout
Replies: 272
Views: 42526

Re: "not responding" - f.k.a. SA Query timeout

I don´t use Winbox Then that leaves me wondering how you managed to produce eight redundancies in that configuration, plus one outright conflict. This configuration is cleaner and simpler while saying very nearly the same thing: /interface wifi configuration add name=homeapcfg ssid=Kraailook countr...
by tangent
Fri Nov 22, 2024 2:59 am
Forum: Wireless Networking
Topic: "not responding" - f.k.a. SA Query timeout
Replies: 272
Views: 42526

Re: "not responding" - f.k.a. SA Query timeout

@erlinden, I have changed the configuration: You should read my guide more carefully. It goes to some trouble to explain how and why to solve the redundant and conflicting configuration you've got going on here, doubtless owing to use of WinBox instead of the CLI. I wonder if this is part of the re...
by tangent
Wed Nov 20, 2024 7:26 pm
Forum: Containers
Topic: Issue with container not working on new HEX Refresh (E50UG)
Replies: 23
Views: 2050

Re: Issue with container not working on new HEX Refresh (E50UG)

While I see what you're trying there, @baragoon, have you actually made that work on RouterOS short of building a custom image? One of the many limitations of container.npk is that it won't break a command like "tail -f /dev/null" up into three parts for you before calling "tail"...
by tangent
Wed Nov 20, 2024 6:32 pm
Forum: Containers
Topic: Issue with container not working on new HEX Refresh (E50UG)
Replies: 23
Views: 2050

Re: Issue with container not working on new HEX Refresh (E50UG)

That's not how that one is documented as needing to be run. Being a "client" type program, it does start, run briefly, and then stop, quite on purpose. More to the point, if you don't set up logging per those docs, you get no useful output from that run. A better test here is my iperf3 con...
by tangent
Wed Nov 20, 2024 5:08 pm
Forum: Containers
Topic: Issue with container not working on new HEX Refresh (E50UG)
Replies: 23
Views: 2050

Re: Issue with container not working on new HEX Refresh (E50UG)

I don’t see that you’re trying to start it after “add”. That isn’t automatic.

If you continue to have trouble, try one of my several single-static-binary containers. Going straight to Ubuntu or PiHole is playing the game on Hard mode and skipping the game tutorial besides.
by tangent
Wed Nov 20, 2024 4:32 pm
Forum: Containers
Topic: Issue with container not working on new HEX Refresh (E50UG)
Replies: 23
Views: 2050

Re: Issue with container not working on new HEX Refresh (E50UG)

According to a past thread this is a 64-bit CPU, though possibly run in 32-bit mode. You have to target the CPU you’re running, not “ARM” generally. Details of word size affect kernel interfaces, etc. Instead of targeting specific image layers, pull the image by name using “docker pull --platform=li...
by tangent
Wed Nov 20, 2024 12:17 pm
Forum: General
Topic: How do I assign static IPv6 address to devices from the router?
Replies: 3
Views: 412

Re: How do I assign static IPv6 address to devices from the router?

Read this . It not only describes one common way to get exactly what you ask for, it links to the reasons not all IPv6 devices do that. Reflashing proprietary smart plugs with ESPHome and similar isn’t the only option. A lot of these things use mDNS to announce themselves by name, so you no longer ...
by tangent
Wed Nov 20, 2024 9:23 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2218

Re: IPv6 Configuration RB4011

Not really arguing. Just pointing out that while I’m trying to help, there are people with actual clues here, and you might have cause to give their advice more weight than mine.
by tangent
Wed Nov 20, 2024 9:04 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2218

Re: IPv6 Configuration RB4011

In evaluating my replies, realize that I've only ever done a single /64 at a time . I have this loony idea that having eighteen bazillion IPv6 addresses on a single LAN is enough . If you want someone who actually understands IPv6 at a carrier scale, you want to talk to people like @tdw. Y'all have ...
by tangent
Wed Nov 20, 2024 8:51 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2218

Re: IPv6 Configuration RB4011

Yes; those NDP packets have to transit some type of medium to get from ether1 to ether4/6. If not a bridge, then you say what, but a bridge is one of the more sensible options.
by tangent
Wed Nov 20, 2024 8:33 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2218

Re: IPv6 Configuration RB4011

That's getting beyond the scope of the question and into local network design principles, which you are the best authority on. That said, how else did you expect these SLAAC messages to get from the ISP to the individual internal LAN router interfaces? (Serious question! Did you have a different pla...
by tangent
Wed Nov 20, 2024 7:27 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2218

Re: IPv6 Configuration RB4011

This:

/interface bridge port
interface=ether4 unknown-multicast-flood=yes

Do that for every port along the NDP multicast path, from ISP ingress.
by tangent
Wed Nov 20, 2024 7:01 am
Forum: Containers
Topic: Issue with container not working on new HEX Refresh (E50UG)
Replies: 23
Views: 2050

Re: Issue with container not working on new HEX Refresh (E50UG)

From those thin details, my only guess is that you’re trying to instantiate a 32-bit (ARMv6 or v7) OCI tarball on your shiny new 64-bit router. (ARMv8)

If you want better guesses, give more details.
by tangent
Wed Nov 20, 2024 6:23 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2218

Re: IPv6 Configuration RB4011

That can happen due to overzealous multicast filtering, IGMP bugs…

The simplest path is to allow unknown multicast on ports toward the NDP source, same as you’d mark those links “trusted” to get DHCPv4 answers.
by tangent
Tue Nov 19, 2024 7:36 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157411

Re: v7.17beta [testing] is released!

I just had to revert another device from 7.17beta4 to 7.16.1 owing to these DHCP changes. This latest beta utterly wrecked an existing configuration:

7.17beta5 appears to have fixed this symptom.

I've successfully upgraded a hAP ax³, a CRS328-24P, and an RB4011 (wired-only) to beta5.
by tangent
Tue Nov 19, 2024 7:30 pm
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

All RouterOS devices are running 7.17beta2. I doubt this is a beta bug… The NDP+routing misconfiguration identified by @tdw and marked as this thread's "solution" is only part of the solution. The rest did turn out to be a beta bug, fixed in 7.17beta5: *) switch - updated dynamic switch r...
by tangent
Sat Nov 16, 2024 10:54 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157411

Re: v7.17beta [testing] is released!

You always need a target device responding before it does anything.

For TCP, you may be right, but UDP is spoofable unless it takes specific measures to guard against it. (Three-way handshakes, cryptographic authentication, etc.) If not, it’s a potential attack bandwidth amplifier.
by tangent
Sat Nov 16, 2024 9:05 am
Forum: General
Topic: IPv6 Configuration RB4011
Replies: 30
Views: 2218

Re: IPv6 Configuration RB4011

accept-router-advertisements=yes
by tangent
Fri Nov 08, 2024 1:15 pm
Forum: Beginner Basics
Topic: FTP Rules in Firewall are apparently wrong
Replies: 13
Views: 815

Re: FTP Rules in Firewall are apparently wrong

Where did I say you were all wrong with your guidance? Outright, never, but you've now taken this crusade up three different places*, a sign that you're seeking approval to go on doing what you originally planned to do in the face of good advice. Then when people get annoyed, you get defensive. wha...
by tangent
Fri Nov 08, 2024 1:00 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP [SOLVED]
Replies: 15
Views: 1973

Re: From old AirPort Express to cAP [SOLVED]

1- when configured as router with the usual subnet 192.168…. we loose some access to the rest of the network and most importantly all access to Bonjour printers so that in particular people with phones or tablets can’t print. Very frustrating I can't tell from the absence of the setting whether you...
by tangent
Fri Nov 08, 2024 12:44 pm
Forum: Wireless Networking
Topic: "not responding" - f.k.a. SA Query timeout
Replies: 272
Views: 42526

Re: "not responding" - f.k.a. SA Query timeout

Strange, @infabo, maybe you are not running jitter/loss sensitive sessions and you did not look at the logs? I've got logs from my ax³ going back to August, and I see only 55 instances of "not responding" in that time, the first being 41 days ago, so roughly once a day. The only WiFi bug ...
by tangent
Fri Nov 08, 2024 11:55 am
Forum: Beginner Basics
Topic: FTP Rules in Firewall are apparently wrong
Replies: 13
Views: 815

Re: FTP Rules in Firewall are apparently wrong

Why does the router even have an FTP service if we simply should never use it? At a guess, it's because of a combination of RouterOS being a quarter century old and that it isn't always used across the open Internet. Just because a feature is present doesn't mean it is wise to use it in all situati...
by tangent
Fri Nov 08, 2024 9:40 am
Forum: Beginner Basics
Topic: FTP Rules in Firewall are apparently wrong
Replies: 13
Views: 815

Re: FTP Rules in Firewall are apparently wrong

I created a separate user for FTP and applied a new group to it that only has FTP access and read/write access. 🤦‍♂️ You just “… grant[ed] write access to the router's configuration …” to that FTP user. I realize that just above this on the same page it says you need ftp+write to allow FTP uploads,...
by tangent
Wed Nov 06, 2024 10:06 pm
Forum: General
Topic: Raspberry Pi -> SSTP/L2TP client -> ROS VPN Server
Replies: 6
Views: 519

Re: Raspberry Pi -> SSTP/L2TP client -> ROS VPN Server

One of the advantages of SSH over WG in cases like this is trivial client isolation. The easy path with WG puts them all on the same LAN, but if the remote Pis don't have good reasons to see each other, now you need to set up barriers between each WG endpoint. With the "ssh -N" option — lo...
by tangent
Wed Nov 06, 2024 5:24 pm
Forum: General
Topic: Raspberry Pi -> SSTP/L2TP client -> ROS VPN Server
Replies: 6
Views: 519

Re: Raspberry Pi -> SSTP/L2TP client -> ROS VPN Server

how to configure the MikroTik x86 server Replace it with a $5/month VPS. That will buy you a terabyte of transfer a month, enough CPU to manage the encryption, and the public IP the remote Raspberry Pis connect to. how do I connect to the remote host? Each Pi gets a serial number, which is either t...
by tangent
Wed Nov 06, 2024 4:22 pm
Forum: General
Topic: Raspberry Pi -> SSTP/L2TP client -> ROS VPN Server
Replies: 6
Views: 519

Re: Raspberry Pi -> SSTP/L2TP client -> ROS VPN Server

Run an SSH tunnel out to a public host, each with a unique port as "serial number" identifying the client location.
by tangent
Wed Nov 06, 2024 1:06 pm
Forum: General
Topic: PPTP no longer working
Replies: 4
Views: 398

Re: PPTP no longer working

The writing has been on the wall warning you to get off PPTP for twenty-six years ! Before we get to what you should do now that it’s an emergency, would you mind saying why didn’t you act while you still had the ability to use PPTP as a bridge to supported technology? I can not get…their admin to a...
by tangent
Wed Nov 06, 2024 12:36 pm
Forum: General
Topic: IPv6 and Comcast
Replies: 3
Views: 457

Re: IPv6 and Comcast

Is your modem in bridge mode?

Try following my guide. It documents what worked here.
by tangent
Sun Nov 03, 2024 10:58 am
Forum: Beginner Basics
Topic: Added 2nd rb5009 to my setup and lost internet connectivity.
Replies: 4
Views: 676

Re: Added 2nd rb5009 to my setup and lost internet connectivity.

The damage from having duplicate IPs can last ~10 minutes after disconnecting the offending device as the ARP caches time out.

When you try this again, you likely want to configure the second RB5009 as a smart switch, not as a router.
by tangent
Fri Nov 01, 2024 10:30 am
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1511

Re: Connecting Two Remote Locations Without Public IP

Those were two separate questions, port-forwarding and public IP. A good many ISP-supplied modems do give port-forwarding capabilities without needing a public IP. Alternately, a good many can be put into bridge mode, allowing your hEX to acquire the public IP from the ISP directly, easing VPN setup...
by tangent
Fri Nov 01, 2024 2:11 am
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1511

Re: Connecting Two Remote Locations Without Public IP

an old hEX, that can offload IPSec encryption, but that is IPSec singular benefit. Granted, no question. It’s just that after you factor your time in, it might net out cheaper to drop in a 2024 hEX. you forgot a loopback and GRE tunnel parts in your list ;). I am planning my next MikroTik Solutions...
by tangent
Thu Oct 31, 2024 11:56 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1511

Re: Connecting Two Remote Locations Without Public IP

IKEv2 is a bit more complex to setup… A bit? Hah! More like 3-10× more complicated, depending. Let's see: Three ports you need to forward through the firewall, not one. The vastly over-engineered X.509 certificate system vs Base64 hex strings for keys. Working out how each third-party vendor has ma...
by tangent
Thu Oct 31, 2024 10:59 pm
Forum: Beginner Basics
Topic: The first microtick in my life. VPN [SOLVED]
Replies: 1
Views: 419

Re: The first microtick in my life. VPN [SOLVED]

As a MikroTik forum, this isn't the best place to get advice on third-party solutions. If your VPN tech of choice is not among those that ship in RouterOS — or at least offer a compatible interface allowing interoperability — then you're risking having your posts deleted as off-topic here. In partic...
by tangent
Thu Oct 31, 2024 10:51 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1511

Re: Connecting Two Remote Locations Without Public IP

There are a bunch of different VPN technologies built into RouterOS, largely because there isn't a single definition for what "VPN" means or why you'd set one up. What's your purpose in having a VPN? Yes, you say you want two sites connected, but why? For what specific purpose? Knowing tha...
by tangent
Thu Oct 31, 2024 10:40 pm
Forum: Beginner Basics
Topic: Help with setting up my first Mikrotik
Replies: 5
Views: 576

Re: Help with setting up my first Mikrotik

Starting over from scratch is either a stunt, a proof of network engineer "manliness," or it is an expression of NIH syndrome . It is perfectly fine to start with the default configuration and work from there. This is the position of my article on the default configuration : don't replace ...
by tangent
Tue Oct 29, 2024 12:21 pm
Forum: Beginner Basics
Topic: Hairpin NAT in v7.10
Replies: 4
Views: 516

Re: Hairpin NAT [can't figure it out]

My Lan network is 172.168.10.0/24. May I ask which division of Microsoft's LAN you run for them, then? ( Ahem …) I'm not able to get to this site from LAN with http://mywebsite:5000. The necessary configuration is documented . Show your work, then we can explain what you've missed. The simplest thi...
by tangent
Fri Oct 25, 2024 3:10 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 8287

Re: Newsletter #121 | October 2024

Block Diagram is available Another strange PoE choice: the PoE-in port is off the switch, a sensible choice for a router-class device, but we then have to ask which ISP modems provide PoE input power? Stretching for a use case, I suppose you could use this to create semi-airgapped small LANs off a ...
by tangent
Fri Oct 25, 2024 2:39 pm
Forum: Beginner Basics
Topic: From old AirPort Express to cAP [SOLVED]
Replies: 15
Views: 1973

Re: From old AirPort Express to cAP [SOLVED]

I do not want a subnet That's an incompatible wish given your prior requirement that it be a router and not a bridge. The IP schemes have to be different on each side for routing to do its thing. There is no this side/ that side distinction otherwise. The wifi would be used for unregistered devices...
by tangent
Fri Oct 25, 2024 1:14 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 8287

Re: Newsletter #121 | October 2024

don't have block diagram too Other open questions: The capabilities of this new switch chip; a doc search for “EN7562CT” turns up nothing. Can it do bridge VLAN filtering, for instance? The “E” prefix isn’t documented in the naming guide . I’d want that explanation to cover the reason why the 2024 ...
by tangent
Fri Oct 25, 2024 12:47 pm
Forum: General
Topic: S-RJ01 installed in server motherboard - not working
Replies: 2
Views: 317

Re: S-RJ01 installed in server motherboard - not working

Try the command at the end of this article. I’ve never had the chance to use this specific variant, but we did use the copper version (X11SPM-TF) for a while, which had a possibly related behavior quirk: you could run them no slower than 1G. If you accidentally plugged them into a 100M port, it woul...
by tangent
Tue Oct 22, 2024 12:01 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157411

Re: v7.17beta [testing] is released!

Depending on what type of router you use

hAP ax³ for the moment, 128 MB.

configure partitioning

Solid plan. Thanks for reminding me of the option.

I set the fallback sequence up for part0 → part1→ Etherboot. Sane?
by tangent
Tue Oct 22, 2024 7:41 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157411

Re: v7.17beta [testing] is released!

I just had to revert another device from 7.17beta4 to 7.16.1 owing to these DHCP changes. This latest beta utterly wrecked an existing configuration: Three independent devices stopped getting their lease renewals: an iPhone 14 running iOS 17.6.1, a cheap WiiM DAC, and an AlmaLinux VM bridged to the ...
by tangent
Sat Oct 19, 2024 10:23 am
Forum: General
Topic: fingerprinting
Replies: 8
Views: 1035

Re: fingerprinting

EAP? One unique fingerprint per device. Yay!
by tangent
Fri Oct 18, 2024 7:11 pm
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

Quick update: the switch is still getting a globally-routable IPv6 address under 7.17beta4 with my variant of @tdw's config fix applied, but it continues to show the NDP multicast regression issue despite a claimed fix in the Changelog. It looks like we'll have to wait for the third beta for a prope...
by tangent
Fri Oct 18, 2024 6:45 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157411

Re: v7.17beta [testing] is released!

/interface/bridge/mdb/add bridge=bridge group=FF02::2 ports=[/interface/bridge/port/find where bridge=bridge] I get "input does not match any value of port" from that command. However, on inspecting the MDB, I do see an entry for that IPv6 multicast group on the CRS328's bridge and on the...
by tangent
Thu Oct 17, 2024 8:52 am
Forum: Beginner Basics
Topic: Cannot connect to Jellyfin (Plex) on LAN
Replies: 3
Views: 604

Re: Cannot connect to Jellyfin (Plex) on LAN

The /16 mask is iffy. That takes over one entire RFC1918 range as a single subnet. If you want a /16, use one of 172.16 thru 172.31.

Since I don’t see .13 in your static DHCP reservation list, I’m going to guess the Plex box is set for /24 (255.255.255.0) That will cause havoc.
by tangent
Wed Oct 16, 2024 10:37 pm
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

/ipv6 settings set accept-router-advertisements=yes-if-forwarding-disabled Aha! This leads me to one of the solutions I was seeking in my top post: /ipv6/settings/set accept-router-advertisements=yes Simpler and more direct for a near-defconf smart-switch config, don't you think? And yes, it does f...
by tangent
Wed Oct 16, 2024 8:19 pm
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

And all clients that are connected via cable are successfully getting IPv6 addresses. Can't we chalk that up to DHCPv6 vs NDP/SLAAC? DHCPv6 has a different role than DHCPv4. I'm running a DHCPv6 client on the border router purely in order to get a PD from my ISP, and I am not running a DHCPv6 serve...
by tangent
Wed Oct 16, 2024 7:45 pm
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

Here is my current home configuration Thanks for sharing! I don't want to use DHCPv6 inside the LAN, but I did try applying your shorter RA lifetimes to the border router which owns the PD, and it didn't help. I also tried disabling ND on the CRS328, per both your advice and @tdw, but that also did...
by tangent
Wed Oct 16, 2024 7:31 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157411

Re: v7.17beta [testing] is released!

This upgrade appears to be breaking IPv6 ND (a.k.a. NDP) to wired clients connected to RouterOS switches, when those switches sit between the client and the NDP source. Full saga here , but the tl;dr is that rolling back to 7.16.1 via netinstall fixed the symptom, and re-upgrading to 7.17beta2 broke...
by tangent
Wed Oct 16, 2024 7:25 pm
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

Some bridge settings broke multicast until very recent versions of 7.x which prevented IPv6 from working properly Well, it looks like they've broken it again. After rebuilding my configuration from text backups atop the 7.16.1 netinstall, the client continued to get its NDP messages, but then on up...
by tangent
Wed Oct 16, 2024 5:01 pm
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

Progress: I just netinstalled the switch with 7.16.1 and suddenly the same client machine called out above is getting a globally-routable IPv6 address from the gateway. Next steps: Find out why the CRS328 itself is still not getting one despite "/ipv6 nd prefix default autonomous=yes". Upg...
by tangent
Wed Oct 16, 2024 8:11 am
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

Re: IPv6 distribution within the LAN [SOLVED]

i have similiar setup but a tplink switch instead but all mine work?? Are you telling me that your TPLink switch is getting a globally-routable IPv6 address from your gateway router, and that all of the wired-only clients behind it are, too? i just followed my isp directions like this then rebooted...
by tangent
Wed Oct 16, 2024 5:10 am
Forum: General
Topic: IPv6 distribution within the LAN [SOLVED]
Replies: 16
Views: 1799

IPv6 distribution within the LAN [SOLVED]

I have a working IPv6 configuration to my ISP. It gets a /64 prefix via DHCPv6 and assigns itself an address from that pool. WiFi clients can then connect to that hAP ax³ and get an IPv6 address within that pool. These clients then get successful results when visiting the usual IPv6 test sites. My p...
by tangent
Thu Oct 10, 2024 12:41 am
Forum: General
Topic: New Ubiquiti Multi-gig RJ45 NBASE-T Transceiver not working
Replies: 58
Views: 11908

Re: New Ubiquiti Multi-gig RJ45 NBASE-T Transceiver not working

In my experience coding the SFP(+) for different vendors is only done to get around vendor lock-in. The experience behind the post above is from accidentally ordering a Huawei-coded version of FS.com's SFP-10G-T-30I after being advised that this unit runs far cooler than MikroTik's S+RJ10 , the clo...
by tangent
Wed Oct 09, 2024 11:05 pm
Forum: General
Topic: New Ubiquiti Multi-gig RJ45 NBASE-T Transceiver not working
Replies: 58
Views: 11908

Re: New Ubiquiti Multi-gig RJ45 NBASE-T Transceiver not working

It's SFP. It is an industry standard. You'd think. And you'd think wrong . Why else would FS.com ship a given module matching the rough specs of this thread's topic in 20 different versions plus "Generic," each with a different product ordering attribute? Why would their staff follow up a...
by tangent
Mon Oct 07, 2024 3:28 pm
Forum: Beginner Basics
Topic: Bridge: 100 Mb or 1 G?
Replies: 10
Views: 2914

Re: Bridge: 100 Mb or 1 G?

I'm also having the same issue That's presumptive. You might be having the same symptom but by a different cause . Atop that, you're already telling us that the above solutions didn't work for you, right? I mean, you did try everything listed above, yes? Therefore, how can your problem be "the...
by tangent
Mon Oct 07, 2024 3:03 pm
Forum: General
Topic: Looking for instrction to isolate guest wifi networks
Replies: 12
Views: 765

Re: Looking for instrction to isolate guest wifi networks

Can someone explain the missing part with “…” (two places)
To replace it with properties related to wifi slave configuration…

Also local details like country settings, SSID, PSK… Things I don’t want to reveal about my local config and cannot predict for yours. Fill in the blanks.
by tangent
Mon Oct 07, 2024 2:45 pm
Forum: General
Topic: Looking for instrction to isolate guest wifi networks
Replies: 12
Views: 765

Re: Looking for instrction to isolate guest wifi networks

5g guest network rejects WAN request, so smartphone could not connect to internet. Mikrotik hap AC^2, 7.15.3 That’s a documented feature of my scheme: guests do not get full-service WiFi. I have no desire to prototype an alternative that lifts that restriction for you, but it would involve creating...
by tangent
Wed Oct 02, 2024 5:30 pm
Forum: General
Topic: error DHCP
Replies: 4
Views: 383

Re: error DHCP

I don't know where the problem is

Short of more guessing, neither do we until you post your /export output, as requested.
by tangent
Wed Oct 02, 2024 3:15 pm
Forum: SwOS
Topic: Install SwOS on RouterOS [SOLVED]
Replies: 10
Views: 37660

Re: Install SwOS on RouterOS [SOLVED]

no need any advanced options

You might be surprised at some of the things you lose by booting into SwOS. It’s rarely worth it, IMO.
by tangent
Wed Oct 02, 2024 3:04 pm
Forum: Beginner Basics
Topic: Getting no internet on Hap AC Lite
Replies: 3
Views: 399

Re: Getting no internet on Hap AC Lite

We diagnosed this over on the Discord server. The tl;dr is that on the hAP ac lite, the Reset button has an extra optional capability to trigger the WPS server for a time, and the only thing separating the cases is how long you hold it. Too long, and your intended WPS trigger becomes a reset to defc...
by tangent
Wed Oct 02, 2024 2:51 pm
Forum: General
Topic: error DHCP
Replies: 4
Views: 383

Re: error DHCP

Your question is vague to the point of allowing guessing only. My guess? You need to put the DHCP server on the bridge instead.

If that’s not it, post your sanitized /export output here and explain in more detail what isn’t working.
by tangent
Tue Oct 01, 2024 10:14 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 142
Views: 17368

Re: hap ax3 random wireless disconnects

Ax3 is a single stand-alone device, so there's nowhere to roam.

Sure there is: from 5 GHz to 2.4 and back when both radios have the same SSID. FT does apply in this case!
by tangent
Tue Oct 01, 2024 10:11 pm
Forum: Announcements
Topic: Newsletter #120 | September 2024
Replies: 56
Views: 18585

Re: Newsletter #120 | September 2024

CRS304 (plastic)

Check the other pics: the plastic shell overlays a bottom-half heat sink.

The true distinction here is on price: the CRS304 retails for the cost of a CRS305 plus one copper 10GigE module. Add anything more and the 304 wins.
by tangent
Tue Oct 01, 2024 2:45 am
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 142
Views: 17368

Re: hap ax3 random wireless disconnects

…support guy told me they replicated the problem with Intel AX in their lab I was speaking of Apple devices, which as far as I know, do not include the affected Intel AX chipsets. Regardless, I am not attempting to gainsay the MT engineers on this one; if they say the chipset has a bug that affects...
by tangent
Tue Oct 01, 2024 2:01 am
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 142
Views: 17368

Re: hap ax3 random wireless disconnects

Apple recommends DTIM interval of 4. Where? Their current recommendations do not speak of DTIM at all. For what it's worth, I've gone back and documented my hAP ax³ WiFi configuration in more detail than my post #2 above , which continues to work nicely with several Apple devices, and has done sinc...
by tangent
Sun Sep 29, 2024 10:41 am
Forum: Beginner Basics
Topic: Challenges, Deficiencies, and Constraints in Developing Computer Network Practical Modules Using Mikrotik
Replies: 3
Views: 988

Re: Challenges, Deficiencies, and Constraints in Developing Computer Network Practical Modules Using Mikrotik

While the initial post smacks of "write my curriculum for me," I will repeat this common observation: the best way to learn how something works is to try to teach it to someone else. Therefore, begin writing. Each time you run into a wall, experiment, then write down what you have found ou...
by tangent
Sat Sep 28, 2024 11:56 am
Forum: Wireless Networking
Topic: radius authentication wifi with wifi-qcom-ac 7.13rc3
Replies: 15
Views: 5797

Re: radius authentication wifi with wifi-qcom-ac 7.13rc3

Is there any newby friendly guide I can follow to configure it? That's a big ask for a brand-new feature. Your best bet right now is the official docs . I have no idea how this integrates with the optional (!) on-device RADIUS server called User Manager , available as user-manager-*.npk in the extr...
by tangent
Sat Sep 28, 2024 11:04 am
Forum: Wireless Networking
Topic: radius authentication wifi with wifi-qcom-ac 7.13rc3
Replies: 15
Views: 5797

Re: radius authentication wifi with wifi-qcom-ac 7.13rc3

I want to have per MAC VLAN tagging using external RADIUS server. And this feature seems to be unsupported. Or do I miss something?

That feature was just added in 7.17beta2 as part of the new PPSK feature, but only for ax devices. Details here.
by tangent
Fri Sep 27, 2024 5:34 pm
Forum: Announcements
Topic: Newsletter #120 | September 2024
Replies: 56
Views: 18585

Re: Newsletter #120 | September 2024

Why is the CRS304 not called the CRS305? It has 5 wired interfaces, just like the existing CRS305 does. Management-only ports are excluded from the count, as they aren’t meant for general-purpose I/O. Prior art: CRS312, with 4× combo ports, 8× 10GigE, and a 100M management port. In both cases, the ...
by tangent
Fri Sep 27, 2024 6:09 am
Forum: Beginner Basics
Topic: HDHomeRun broadcast is blocked
Replies: 11
Views: 1033

Re: HDHomeRun broadcast is blocked

It's easy to test @Ammo0's prediction: try hdhomerun_config's discovery command from the Cisco side of the network, on the PC shown on the PDF diagram. If that works, then it's the firewall to blame, as he says. Firewalls almost always block broadcasts. Separately, there's a lot that can be cleaned ...
by tangent
Thu Sep 26, 2024 6:30 am
Forum: Containers
Topic: Containers wont start on RB3011 UiAS Topic is solved
Replies: 29
Views: 3046

Re: Containers wont start on RB3011 UiAS Topic is solved

It's driving me crazy cause it doesnt even log anything...

Setting "logging=yes" isn't enough. You also have to enable the "container" topic:

/system/logging/set topics=container action=memory
by tangent
Wed Sep 25, 2024 9:35 am
Forum: Containers
Topic: Small Ookla Speedtest container
Replies: 16
Views: 10711

Re: Small Ookla Speedtest container

but then /container/start 0 16:58:30 container,info,debug execve: No such file or directory I don't get that error, but I do get a different one, owing to the fact that above, I was echoing "--json" from @toffifee's post above without having tested it. That flag is for a third-party speed...
by tangent
Tue Sep 24, 2024 5:24 am
Forum: Containers
Topic: Small Ookla Speedtest container
Replies: 16
Views: 10711

Re: Small Ookla Speedtest container

add remote-image seems to require to set a registry-url first. what would be the correct one? Quoting the container's README.md file , "Start by installing the container package per MikroTik’s docs …" That link gives you this command: /container/config/set registry-url=https://registry-1....
by tangent
Sun Sep 22, 2024 6:43 am
Forum: Beginner Basics
Topic: Can not Ping New Router
Replies: 3
Views: 1068

Re: Can not Ping New Router

You've given a static IP to the WAN interface but no route to it. Add something like this:

/ip/route/add gateway=sfp-sfpplus1

You should also remove sfp-sfpplus1 from the bridge, not merely disable it.
by tangent
Sat Sep 21, 2024 10:53 am
Forum: General
Topic: [RB5009UG+S+] Wireguard slow speeds
Replies: 3
Views: 955

Re: [RB5009UG+S+] Wireguard slow speeds

What happens when you drop the -R from your test?

Why is the -P argument so high? In my testing, setting it higher than the server’s core count makes it slower, if anything.
by tangent
Sat Sep 21, 2024 6:58 am
Forum: Containers
Topic: Encountering Issues Installing PHP Through Containers
Replies: 1
Views: 995

Re: Encountering Issues Installing PHP Through Containers

No such thing.

You would do well to read the whole article before proceeding with container.npk, freeing you of the weight of your preconceptions dragging behind you.
by tangent
Mon Sep 16, 2024 7:39 am
Forum: General
Topic: Cannot ping from console VETH interface in containers bridge
Replies: 4
Views: 877

Re: Cannot ping from console VETH interface in containers bridge

it is a bug of 7.15.3 or some radical change of approach It sounds like you're describing a change coming in 7.16: *) container - clear VETH address on container exit and mark interface as running only when VETH is in use; It's an intentional answer to a few complaints from people about containers ...
by tangent
Fri Sep 13, 2024 7:03 pm
Forum: Containers
Topic: Container level RAM limit
Replies: 3
Views: 1207

Re: Container level RAM limit

container/config/set ram-high= OP addressed that in the first paragraph; it sets a single aggregate limit for all containers. OP wants a per-container limit. It is one of many reasons calling container.npk “docker” misleads more than helps. The only path forward is to file a formal request for the ...
by tangent
Fri Sep 06, 2024 2:54 pm
Forum: General
Topic: Internet slow with Mikrotik router
Replies: 5
Views: 753

Re: Internet slow with Mikrotik router

It configured using vlan2 and vlan4. Is this a requirement from your ISP? That is, do you need to "join" these two VLANs from your ISP in order to get Internet access? If so, then you should only be using the VLAN virtual interfaces, not the physical interfaces. what I maight have done wr...
by tangent
Wed Sep 04, 2024 4:11 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 15
Views: 5887

Re: Isolated Guest WiFi Sans VLANs

I was wondering if you had any updates, refinements, suggestions, or comments on this solution?

It's still working here, as originally presented.

Were you hoping for some change, or just confirming the article's published history, that nothing has changed in half a year?
by tangent
Sat Aug 31, 2024 4:15 pm
Forum: Beginner Basics
Topic: Default conf
Replies: 1
Views: 595

Re: Default conf

What's the difficulty? Change the 1 to a 2 in "ether1" and vice versa, like so.
by tangent
Tue Aug 27, 2024 9:30 pm
Forum: Beginner Basics
Topic: Troubleshooting Wireguard connection
Replies: 5
Views: 1090

Re: Troubleshooting Wireguard connection

However if the OP wants to use the internet of the ISP router, thats a different story. It's not an "if". OP stated it explicitly, else I wouldn't have pointed him to my double-NAT WG guide. One would suspect that anything leaving the MT is going out the LANIP of the MT on the ISP router ...
by tangent
Tue Aug 27, 2024 12:42 pm
Forum: Beginner Basics
Topic: Troubleshooting Wireguard connection
Replies: 5
Views: 1090

Re: Troubleshooting Wireguard connection

You're probably neglecting to NAT the reply traffic on its way back out of the network.

Try this guide.
by tangent
Tue Aug 27, 2024 12:39 pm
Forum: Beginner Basics
Topic: Hotspot User Expiry Date Not Displaying
Replies: 1
Views: 2034

Re: Hotspot User Expiry Date Not Displaying

I have another MikroTik router with the same configuration running on ARM architecture with RouterOS v7.9.2, and it displays the expiry date correctly. The RB4011 is running the default firmware version (v7.10), and unfortunately, I cannot downgrade it to v7.9.2. Quoting the 7.10 changelog entry: &...
by tangent
Wed Aug 21, 2024 2:15 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 13176

Re: Default password Frustration

If your point is that we cannot know how many of those 250k attack bots were set up using default or easily-guessed passwords, then yes, we indeed do not know that. But this is a side issue. The point is, we have data showing that a whole lot of historical RouterOS boxes have no password (the old de...
by tangent
Wed Aug 21, 2024 1:28 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 13176

Re: Default password Frustration

But, if I recall correctly, the 250,000 of Meris were connected to a router os bug/vulnerability, not to 250,000 compromised passwords. That's the 2018 attack. While many remained unpatched by the time of the 2021 attack, the first linked article says, "…compromised devices that…use the defaul...
by tangent
Wed Aug 21, 2024 12:35 am
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 13176

Re: Default password Frustration

Well, if some fella is sloppy… That's the thing: it isn't "some fella." There were around 250k compromised MT boxes in the 2021 Meris attack alone , creating enough traffic to nearly double Cloudflare's normal load . This isn't a problem for "some fella," it's a problem for ever...
by tangent
Tue Aug 20, 2024 10:19 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 13176

Re: Default password Frustration

among all other tasks we now have to also keep a record of all RBs deployed “Also”? You weren’t already assigning random passwords to each RB and storing them in a password manager? If you were, then this change merely means you have two passwords to store per device: the one you generate locally a...
by tangent
Tue Aug 20, 2024 5:23 am
Forum: General
Topic: hap ac2 issue after not successful upgrade
Replies: 4
Views: 659

Re: hap ac2 issue after not successful upgrade

I've been trying to upgrade my router from routeros v6.4 up to 7.15 (stable). Please tell me you mean a recent 6.4x.yy, not literally 6.4 from 2013 ? It seems that I did download wrong package ( https://download.mikrotik.com/routeros/7.15.3/routeros-7.15.3-arm.npk ) and as an instruction said uploa...
by tangent
Tue Aug 20, 2024 5:05 am
Forum: General
Topic: Home Assistant container does not starts
Replies: 29
Views: 3462

Re: Home Assistant container does not starts

PS C:\Users\allan> docker save -o ha_arm64.tar Even if "ha_arm64.tar" wasn't bound as the option to the -o flag, making it unavailable to be interpreted as the "IMAGE" argument, it it isn't an "IMAGE" in the context of that command at all. The -o flag names an OCI imag...
by tangent
Thu Aug 15, 2024 5:58 am
Forum: The Dude
Topic: Any RTSP probe via TCP port 554 available?
Replies: 1
Views: 1602

Re: Any RTSP probe via TCP port 554 available?

RTSP isn’t “a” stream. It is a control protocol for negotiating other streams, at least one, often two. (Separate audio + video.) Atop that, RTSP is TCP, but the other streams are typically UDP. Dig into the RTSP negotiation, and then typically the SIP negotiation beneath that . Only then will you h...
by tangent
Wed Aug 14, 2024 9:29 pm
Forum: Beginner Basics
Topic: Does this setup makes sense?
Replies: 6
Views: 1062

Re: Does this setup makes sense?

Yes, and if you find yourself needing to do any serious firewalling, you can bounce the packets up from the CRS328 to the RB5009 for a decision. This duplicates the I/O, but that shouldn't be a significant concern since it's a full-duplex connection. The RB5009 is capable of making these decisions a...
by tangent
Tue Aug 13, 2024 10:00 pm
Forum: Beginner Basics
Topic: Does this setup makes sense?
Replies: 6
Views: 1062

Re: Does this setup makes sense?

what happens when vlanX needs to hit VLANY, is this somehow routed between subnets at wirespeed then??

Use some combination of hardware inter-VLAN routing and hardware VLAN filtering. This takes up precious ACL rule space, but 128 rules is enough for a home lab, no problem.
by tangent
Tue Aug 13, 2024 8:22 pm
Forum: Beginner Basics
Topic: Does this setup makes sense?
Replies: 6
Views: 1062

Re: Does this setup makes sense?

That should perform admirably.

I wish more people would think to offload switching to a dedicated switch like that.
by tangent
Sun Aug 11, 2024 5:19 pm
Forum: Beginner Basics
Topic: Weird filtering issue on 7.15.3
Replies: 2
Views: 768

Re: Weird filtering issue on 7.15.3

"All LANs" implies VLANs are in use. Does your "LANS" interface list contain the raw interface names (e.g. "ether1") or the VLAN virtual interfaces (e.g. "vlan99")? Also, are you aware of — and happy with — the fact that this rule catches only traffic destined...
by tangent
Sun Aug 11, 2024 1:06 pm
Forum: Containers
Topic: Container usb3?
Replies: 15
Views: 5183

Re: Container usb3?

1024M - 256M + 128M = 640MB

🤦‍♂️

1024M - 256M + 128M = 896M
1024M - (256M + 128M) = 640M
1024M - 256M - 128M = 640M
by tangent
Sun Aug 11, 2024 12:33 pm
Forum: RouterBOARD hardware
Topic: hAP ax lite
Replies: 95
Views: 22869

Re: hAP ax lite

They should call it a Type-C port if they aren't going to support any of the USB protocols. I know of a pair of competing vendors in a section of the computing hardware world far outside of networking that use Type-C connectors for data transfer, but with a proprietary non-USB protocol. Both of them...
by tangent
Sat Aug 10, 2024 7:53 pm
Forum: Containers
Topic: Mounted folder gets cleared when removing Container
Replies: 15
Views: 7395

Re: Mounted folder gets cleared when removing Container

All I'm saying is that if you make it as simple as "copy from Jira, paste to CHR, then look here" the support people will have no cause to bounce the report back to you with a bogus won't-fix explanation or a second-guessing of your intent. They'll have no choice but to send it on to the d...
by tangent
Sat Aug 10, 2024 7:24 pm
Forum: Containers
Topic: Mounted folder gets cleared when removing Container
Replies: 15
Views: 7395

Re: Mounted folder gets cleared when removing Container

I would distill that even further before filing a bug with MikroTik. Your "/export" has both far more info than needed (e.g. ether1 config, dude, time zone…) and also not enough to replicate the symptom. The "/container add" line in particular doesn't show the remote image name. ...
by tangent
Sat Aug 10, 2024 5:50 pm
Forum: Containers
Topic: Mounted folder gets cleared when removing Container
Replies: 15
Views: 7395

Re: Mounted folder gets cleared when removing Container

I guess it will be the same for any container using mount pattern like that...

And if not, then you will have learned something interesting, possibly even important.
by tangent
Sat Aug 10, 2024 5:40 pm
Forum: Containers
Topic: non-root container and volume
Replies: 12
Views: 5883

Re: non-root container and volume

non-root user process write to mounted dir This is one of the many reasons I continue to castigate container.npk for being thinly-documented. The mechanism it uses for UID mapping is important to understand in cases like this, but the word "user" scarcely appears in the single-page docume...
by tangent
Sat Aug 10, 2024 5:33 pm
Forum: Containers
Topic: Mounted folder gets cleared when removing Container
Replies: 15
Views: 7395

Re: Mounted folder gets cleared when removing Container

it seems it is ROS bug. Boil it down to a simple example like I have above with Podman and Alpine, and you will have solid grounds for filing a bug report . The easier you make it to reproduce the symptom, the faster it will be fixed. Dragging Unbound into it complicates matters to no useful end. C...
by tangent
Sat Aug 10, 2024 5:26 pm
Forum: Containers
Topic: non-root container and volume
Replies: 12
Views: 5883

Re: non-root container and volume

I'm deploying a non-root container No such thing in RouterOS . (I suggest reading the whole article. This is only one area where thinking of container.npk as "Docker" will lead you into grief.) I need to write file as the container user (non-root) but the volume is always mounted as root....
by tangent
Sat Aug 10, 2024 4:28 pm
Forum: Containers
Topic: Mounted folder gets cleared when removing Container
Replies: 15
Views: 7395

Re: Mounted folder gets cleared when removing Container

/container/mounts> print ... 5 name="unbound_etc_unbound" src="/usb1/containers/mounts/unbound/etc/unbound" dst="/etc/unbound" 7 name="unbound_etc_unbound_zonefiles" src="/tmpfs1/containers/mounts/unbound/etc/unbound/zonefiles" This looks like a bug...
by tangent
Thu Aug 08, 2024 8:47 pm
Forum: RouterBOARD hardware
Topic: hAP ax lite
Replies: 95
Views: 22869

Re: hAP ax lite

adding two tiny resistors to the Ax lite is enough I will happily pay $0.02 more per ax Lite to get the freedom of carrying only one USB-C power supply with me on trips. While they're in there redesigning, I want a version that will plug into the laptop's second USB-C port and not only vampire powe...
by tangent
Mon Aug 05, 2024 9:09 pm
Forum: Beginner Basics
Topic: Wi-FI Connection issues
Replies: 11
Views: 1685

Re: Wi-FI Connection issues

What is strange is that the Mikrotik DHCP server assign leases (usually) starting from the highest address in the range ISC dhcpd did that. At the time I was last using it, it was the most popular FOSS DHCP server in the world. I don't remember what order dnsmasq assigns leases in, the most common ...
by tangent
Mon Aug 05, 2024 6:03 pm
Forum: Beginner Basics
Topic: Wi-FI Connection issues
Replies: 11
Views: 1685

Re: Wi-FI Connection issues

I decided to change the diapason… We borrowed that word into English, but it's used in reference to tuning forks and such, getting an orchestra into tune. What application does it have here, in this context? …everything started working! Why? You don't give enough details for more than speculation. ...
by tangent
Mon Aug 05, 2024 3:45 pm
Forum: Containers
Topic: how to install debian os on mikrotik container?
Replies: 3
Views: 4739

Re: how to install debian os on mikrotik container?

anyone here can help me with this. As the others have said, containers are not VMs . Atop that, you are also likely to run repeatedly into the several inherent limitations of container.npk , some of which may prevent it from working, others of which will merely make this scheme unsatisfactory.
by tangent
Sun Aug 04, 2024 2:24 pm
Forum: RouterBOARD hardware
Topic: How to intentionally make cable that will negotiate at 10 mbps?
Replies: 16
Views: 2432

Re: How to intentionally make cable that will negotiate at 10 mbps?

inserting a 10Mbps switch Sneaky plan: buy a box of bulk cable, pull a few meters out from each end, terminate them, and pass the assembly off to your students as “a really long cable, portably packaged.” But inside, there are two cables joined by a PoE-powered CSS106 tucked into one corner. (Fallb...
by tangent
Fri Aug 02, 2024 12:44 pm
Forum: RouterBOARD hardware
Topic: How to intentionally make cable that will negotiate at 10 mbps?
Replies: 16
Views: 2432

Re: How to intentionally make cable that will negotiate at 10 mbps?

I don't think that such a miniaturized low pass filter is something that can be done at home I would not reach for active filters or IC passives here unless you had to have something that worked every time, across all manufacturers and devices. The thing is, @jaclaz's ferrite bead idea is a DIYable...
by tangent
Fri Aug 02, 2024 11:23 am
Forum: Virtualization
Topic: Router Os 7.15.3 on Qnap Nas
Replies: 14
Views: 2041

Re: Router Os 7.15.3 on Qnap Nas

https://tangentsoft.com/mikrotik/wiki?name=Containers+Are+Not+VMs&p (section: CHR Complications) I thank you for thinking of my article, @holvoetn, but I think it's misapplied in the context of this thread. First, a nit: you'll want to remove the "&p" bit from the end of the bookm...
by tangent
Fri Aug 02, 2024 11:01 am
Forum: RouterBOARD hardware
Topic: How to intentionally make cable that will negotiate at 10 mbps?
Replies: 16
Views: 2432

Re: How to intentionally make cable that will negotiate at 10 mbps?

miswiring the cable (not the correct color sequence, but of course the same on both ends) will do it. I held off suggesting this because I have successfully run gigabit over "rainbow-wired" cables. (e.g. Orange, white-orange, green, green-white, blue, blue-white, brown, brown-white.) Purp...
by tangent
Fri Aug 02, 2024 9:01 am
Forum: Scripting
Topic: If the uptime was more than 1 minute
Replies: 14
Views: 1776

Re: If the uptime was more than 1 minute

You’re not reading @holvoetn’s post carefully. His scheme will cause the script to run one minute after boot, as you asked. If the system goes down before then, it will be “cancelled,” hard.

It’s both elegant and correct.
by tangent
Fri Aug 02, 2024 8:46 am
Forum: RouterBOARD hardware
Topic: How to intentionally make cable that will negotiate at 10 mbps?
Replies: 16
Views: 2432

Re: How to intentionally make cable that will negotiate at 10 mbps?

a little box on the cable Chokes and caps are bulky, but we aren’t building power supplies here. Properly engineered for the tiny currents involved, they might be surprisingly small. We live in a world where Thunderbolt cables look identical to USB-C cables despite one having a complicated IC embed...
by tangent
Thu Jul 25, 2024 9:23 am
Forum: General
Topic: no PTP for CRS320-8P-8B-4S+RM
Replies: 5
Views: 782

Re: no PTP for CRS320-8P-8B-4S+RM

I wonder what's your use case for CRS320 which asks for (explicit) PTP support? It's used in any area where distributed precision time matters. In addition to A/V cases exemplified by the OP's Dante use case, there are things like LXI that depend on it for accurate timing of measurements. The deskt...
by tangent
Thu Jul 25, 2024 9:18 am
Forum: General
Topic: PIM / one Client ends Multicast for other Clients?!
Replies: 2
Views: 445

Re: PIM / one Client ends Multicast for other Clients?!

Are the MDB tables populated properly on both sides of the PIM link? If not, there's no way for it to realize N-1 > 0 when N=2.
by tangent
Thu Jul 25, 2024 9:10 am
Forum: Announcements
Topic: WinBox v3.41 released!
Replies: 41
Views: 21482

Re: WinBox v3.41 released!

Why not use webfig Because you can't rearrange the windows into a dashboard, it can't MAC-WinBox into a RouterOS device that has no IP yet (or a broken IP), it doesn't do neighbor discovery, refreshing the browser logs you out… While I'm here, allow me to mention the option of Crossover , which for...
by tangent
Tue Jul 23, 2024 11:44 pm
Forum: Beginner Basics
Topic: NTP server configuration [SOLVED]
Replies: 9
Views: 6915

Re: NTP server configuration [SOLVED]

NTP hates step-changes. It is specifically engineered to slew slowly forward in time, only, always. If you start off far enough out of sync, it can indeed take days to get in sync.
by tangent
Mon Jul 22, 2024 11:38 pm
Forum: General
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 92
Views: 56082

Re: Please add basic portScan tool ( port scanner scan )

just chuck in a linux container …or use one that's already there , as there's a high chance it either can already do this or can be extended on an ad hoc basis to do this. This feature idea has legs anywhere container.npk isn't installed, won't ever be installed, or cannot be installed. if your rea...
by tangent
Mon Jul 22, 2024 8:46 pm
Forum: General
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 92
Views: 56082

Re: Please add basic portScan tool ( port scanner scan )

I expect you have the recent bandwidth test abuse in mind when you write that, @rextended, but if our goal is to make all RouterOS boxes useless to an intruder, we'd also have to remove nearly everything under /tools, including your favorite in scripting, /fetch. And also scripting , period. No; the...
by tangent
Mon Jul 22, 2024 8:07 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 13176

Re: Default password Frustration

And people still arguing for empty admin password should really go to hell. That's like lobbying for cars without seatbelts...

Difference being, these MikroTik "cars" drive over global-scale highways and can "crash" into thousands of other "cars" per minute.
by tangent
Mon Jul 22, 2024 8:02 pm
Forum: Beginner Basics
Topic: NTP server configuration [SOLVED]
Replies: 9
Views: 6915

Re: NTP server configuration [SOLVED]

ntpdate -q Hmm, that does give better error messages: You've apparently got the minimalist " ntpsec " version of these tools installed. I had in mind the more mainstream ntp.org ones, which give more readable output. For reference, here is its output when run against my properly-functioni...
by tangent
Sun Jul 21, 2024 5:12 pm
Forum: Beginner Basics
Topic: I'm just ready to tear my hair out...
Replies: 21
Views: 1706

Re: I'm just ready to tear my hair out...

Cards on the table; show your config.
by tangent
Sun Jul 21, 2024 9:46 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

So you'll be able to test if the config works on the US version then :wink: I've taken enough risks with my home IT core for one Saturday. Maybe tomorrow, but probably not, and definitely not during the week; I work from home. I also have a pet theory that some of these weird ax3s are coming from A...
by tangent
Sun Jul 21, 2024 8:57 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

'monitor' command from cli. Thank you. My 5 GHz radio is on 5500/ax/Ceee at the moment, which according to the Freq. Scan tool in WinBox has 0% usage on all four of the 20 MHz sub-channels. I take that as validation that it did a good job choosing automatically even with a fair bit of competition a...
by tangent
Sun Jul 21, 2024 8:38 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

I have the international version of the hAP ax3. Mine's the "-US" variant even though it came to me through Getic. It auto-chose frequency 5745 How do you make it admit that truth, please? All I can get is a long list of available channels, plus the "Scan" function, which doesn'...
by tangent
Sun Jul 21, 2024 8:19 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

I had to dangle an RB1100 from an Ethernet cable Fun coincidence: my ax³ was dangling from its Ethernet cables at one point in the above testing, too, and it was due to a design error I'll happily lay at MT's feet: putting only one PoE port on it, and making it the same one for in and out. I power ...
by tangent
Sun Jul 21, 2024 6:33 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

naming SSIDs …might hide the problem, by the means of clients learning to roam away from the slow 5GHz radio If that were happening here, I wouldn't be getting 656 Mbit/sec with iperf3. That's plain impossible on 2.4 GHz, particularly since I took the OP's implicit hint and switched off 40 MHz chan...
by tangent
Sun Jul 21, 2024 5:32 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

Having 2.4 GHz and 5 GHz networks separate is a matter of preference. You're telling me that bridging the two wifi networks has no effect on the original problem statement, where one side works and the other doesn't? You don't think it's even worth trying to see if it suddenly starts working when y...
by tangent
Sun Jul 21, 2024 2:45 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

Here you go Tangent: That isn't at all what I asked you for. It isn't… …the default configuration, but instead this heavily-changed AP bridge thing you're trying to set up. While it is highly useful to see what you're trying to do, I want you to realize that the reason I asked for the defconf was s...
by tangent
Sat Jul 20, 2024 9:00 am
Forum: Wireless Networking
Topic: The most arduous access point ever: hAP ax³
Replies: 48
Views: 3918

Re: The most arduous access point ever: hAP ax³

…my near 20 years of using Mikrotik products… …may be leading you astray, because these new ax routers' behavior differs in quite a number of ways from the old ones. If all you did was copy your RB4011 config over, it's no wonder you're having trouble. (Details: 1 , 2 ) I literally want to take thi...
by tangent
Fri Jul 19, 2024 8:54 am
Forum: Beginner Basics
Topic: NTP server configuration [SOLVED]
Replies: 9
Views: 6915

Re: NTP server configuration [SOLVED]

It was more the NAT I was reacting to, but sure, we’re singing from the same hymn book, mkx.

But if I wanted input firewalling on a CRS305, I’d reach for bridge filters first, switch rules second, and the software IP firewall last.
by tangent
Fri Jul 19, 2024 7:35 am
Forum: Beginner Basics
Topic: I'm just ready to tear my hair out...
Replies: 21
Views: 1706

Re: I'm just ready to tear my hair out...

It isn't meant to be intuitive. It's meant to be powerful. Great power comes with great responsibility, including a willingness to learn the tool's capabilities lest you end up causing more damage than handicraft. As for the "Windows" thing, WinBox runs just fine under Wine. To be frank, t...
by tangent
Fri Jul 19, 2024 7:29 am
Forum: Beginner Basics
Topic: NTP server configuration [SOLVED]
Replies: 9
Views: 6915

Re: NTP server configuration [SOLVED]

123/tcp closed ntp NTP is a UDP protocol; nmap's default TCP port scan is correct to show it closed. While there is a UDP port-scanning option , I'd prefer a tool like ntpdate -q for testing availability. Your own choice of ntpq should also work, though lacking experience with it, I cannot reassure...
by tangent
Fri Jul 19, 2024 6:09 am
Forum: Beginner Basics
Topic: I'm just ready to tear my hair out...
Replies: 21
Views: 1706

Re: I'm just ready to tear my hair out...

I do NOT want the Microtik routers giving out 192.168.88.xxx address to devices So get its competing DHCP server out of the way, then. The fastest way is to give this CLI command: /ip/dhcp-server/disable 0 There's a GUI alternative, and if you want to be really thorough you will remove it entirely,...
by tangent
Wed Jul 17, 2024 5:17 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 5621

Re: Wireguard and iOS [SOLVED]

get rid of the 128 too..... not sure why thats there It's a somewhat dirty trick to ensure that the WG tunnel becomes the default route of choice even when other default routes exist. 0.0.0.0/1 is the lower half of the IPv4 space, and 128.0.0.0/1 is the upper half. Together, they cover the same ran...
by tangent
Wed Jul 17, 2024 2:07 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 5621

Re: Wireguard and iOS [SOLVED]

AllowedIPs = 0.0.0.0/1, 128.0.0.0/1 Have you tried 0.0.0.0/0? Yes, I'm aware of the longest-prefix /1 trick, but the question stands. Alternately, try checking the WG client's "Exclude private IPs" box, which will change this value to a long list that avoids tunneling access to RFC1918 ad...
by tangent
Wed Jul 17, 2024 8:08 am
Forum: Beginner Basics
Topic: Two MicroTik routers...
Replies: 4
Views: 961

Re: Two MicroTik routers...

Unlike other OSes — there's one from Redmond Washington I'm thinking of in particular — RouterOS doesn't make it any more difficult to add 50 addresses to an interface than to add one. Moreover, it doesn't care about the mix of dynamic and static addresses. Therefore, you can keep the defconf static...
by tangent
Fri Jul 12, 2024 7:57 am
Forum: General
Topic: Error when comment has a space when executing from ssh
Replies: 8
Views: 738

Re: error cuando en comment tiene un espacio al ejecutar desde ssh

This is an English speaking forum. So please write in English If you want help. Where is that rule written? I can't find it in either the registration agreement or the stock phpBB FAQ. While I do think it's moderately foolish to post in other languages since it limits the number of people who are l...
by tangent
Fri Jul 12, 2024 7:49 am
Forum: General
Topic: Error when comment has a space when executing from ssh
Replies: 8
Views: 738

Re: error cuando en comment tiene un espacio al ejecutar desde ssh

/usr/bin/ssh -i ~/.ssh/pass admin@100.255.255.205 ":put [/user-manager/user add name=pepe group=premium comment="jose perez mikrotik 2024"]" This isn't a RouterOS problem; it's a misunderstanding of how your OS's shell works. Simply put, if you try nesting quotes like that, your...
by tangent
Fri Jul 12, 2024 6:23 am
Forum: General
Topic: What changed with SSH on 6.49?
Replies: 6
Views: 743

Re: What changed with SSH on 6.49?

I would prefer to do it as this instead: Much easier if you combine those two steps into one: ssh username@router-address /export terse show-sensitive > backup.rsc Bonus 1: You don't add any wear to the device's flash. Bonus 2: It's immune to the terminal I/O strangeness that the OP's send/expect m...
by tangent
Fri Jul 12, 2024 12:41 am
Forum: Beginner Basics
Topic: MAAS PXE Boot with external Mikrotik DHCP Server.
Replies: 3
Views: 1404

Re: MAAS PXE Boot with external Mikrotik DHCP Server.

next-server=192.168.88.11

I've never set up PXE, but isn't next-server the TFTP server's address? Why is it inside your DHCP reservation range?
by tangent
Mon Jul 08, 2024 12:55 pm
Forum: General
Topic: Internet suddenly stopped working for inner network - [SOLVED]
Replies: 11
Views: 3870

Re: Internet suddenly stopped working for inner network - [SOLVED]

I hope that any DoS attacks will be prevented more by out of the box features of the router That's not any more likely than stopping yourself from asphyxiating when someone stuffs a firehose down your throat by begging time from your attacker to install a dental dam first. It'll do about as much go...
by tangent
Sun Jul 07, 2024 11:53 pm
Forum: General
Topic: Adding veth slows internet
Replies: 30
Views: 3217

Re: Adding veth slows internet

No WiFi. It's connected via the 2.5Gb ethernet port.

Then I'm stuck.

If the problem is as simple as you claim, why do I get 7 Gbit/sec to my iperf3 container when bridged to an RB4011?
by tangent
Sun Jul 07, 2024 9:46 pm
Forum: Beginner Basics
Topic: why does this rule interfere with my doing "apt update"?
Replies: 11
Views: 1042

Re: why does this rule interfere with my doing "apt update"?

Thanks for that! Not so fast…I think it's me hallucinating now. Going back to your original post, there's this: /ip dhcp-server add address-pool=default-dhcp interface=bridge name=defconf I saw that in red here when diffing it against the fully-stock default configuration file I have here, meaning ...
by tangent
Sun Jul 07, 2024 9:29 pm
Forum: Forwarding Protocols
Topic: PIM-SM problem
Replies: 8
Views: 2292

Re: PIM-SM problem

Why are you trying to save IP addresses? RFC1918 sets aside tens of millions of them for your use in applications like this. Furthermore, PIM is designed to work in the presence of regular routing, not NAT. Therefore, make these senders 10.0.0.1 thru 10.0.0.3, and then configure PIM to forward their...
by tangent
Sun Jul 07, 2024 9:25 pm
Forum: Containers
Topic: Nextcloud / owncloud Container. is it a bad idea?
Replies: 1
Views: 4723

Re: Nextcloud / owncloud Container. is it a bad idea?

Bad idea? Yes. Can it work anyway? Maybe. Try it and let us know, okay? 🤓
by tangent
Sun Jul 07, 2024 9:09 pm
Forum: Beginner Basics
Topic: why does this rule interfere with my doing "apt update"?
Replies: 11
Views: 1042

Re: why does this rule interfere with my doing "apt update"?

While we're nit-picking, this:

/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1

…is useless now that you've removed the default DHCP server.
by tangent
Sun Jul 07, 2024 4:16 pm
Forum: General
Topic: Help me setup WiFi 6
Replies: 1
Views: 313

Re: Help me setup WiFi 6

My router model is LTE 18. No, it isn't. That's one non-unique fragment of the product name, and it refers to LTE user equipment category 18 . There are at least three different MikroTik products with "LTE18" in their name. Fortunately, only one appears to also have WiFi in it. Are you sp...
by tangent
Sun Jul 07, 2024 2:35 pm
Forum: General
Topic: Adding veth slows internet
Replies: 30
Views: 3217

Re: Adding veth slows internet

otherwise I would see the same problem when I run the client on a different PC That's a detail you should have led with, not needed to have dragged out after days worth of back-and-forth. This thread's initial post implies that it affects all hosts on the network, and then you come along and claim ...
by tangent
Sun Jul 07, 2024 5:47 am
Forum: General
Topic: Adding veth slows internet
Replies: 30
Views: 3217

Re: Adding veth slows internet

I doubt there are many people in a position to "download from newsgroups" for you as a test, and even if there was one willing and able, that's not what I'd call a repeatable test. Which file, which group, which platform…? Here's what a repeatable test looks like: go to this page and downl...
by tangent
Sat Jul 06, 2024 7:57 pm
Forum: General
Topic: Adding veth slows internet
Replies: 30
Views: 3217

Re: Adding veth slows internet

If I add the veth to my single bridge, it completely tanks my download speeds, although speed tests are at full speed for some reason. That doesn't happen here, but then, you haven't told us how you're determining this slowdown in a repeatable manner. You can tell us it's repeatable where you are, ...
by tangent
Sat Jul 06, 2024 5:15 pm
Forum: General
Topic: Adding veth slows internet
Replies: 30
Views: 3217

Re: Adding veth slows internet

Is there an alternative way to use containers without resorting to a second bridge?

Yes.
by tangent
Fri Jul 05, 2024 3:12 pm
Forum: General
Topic: OCHcloud: When Core Routers Turn Evil
Replies: 12
Views: 1352

Re: OCHcloud: When Core Routers Turn Evil

an easily accessible repository with the "standard" (or "factory") configuration .rsc files, one for each model Here's a start . Consider this an open solicitation for more files. I'm willing to take: Descriptive diffs, e.g. "the RB5009 is like the RB4011 but with these few...
by tangent
Fri Jul 05, 2024 9:51 am
Forum: General
Topic: OCHcloud: When Core Routers Turn Evil
Replies: 12
Views: 1352

Re: OCHcloud: When Core Routers Turn Evil

Would have been nice with a better hardened default config out of the box. Such as…? If that includes a wish that the recent policy of random default passwords started much earlier, then I agree. But, go read all the threads here moaning about how terrible a burden it was when it finally did land. ...
by tangent
Fri Jul 05, 2024 12:49 am
Forum: General
Topic: import Address-list
Replies: 2
Views: 1452

Re: import Address-list

I'd write a short sed/awk/perl/whatever command/script to recast your input data into the proper format:

/ip firewall address-list add address=192.168.88.1 list=MyListName

So, what does the input format look like?
by tangent
Fri Jul 05, 2024 12:37 am
Forum: General
Topic: Simulate a dummy interface with a bridge interface?
Replies: 1
Views: 296

Re: Simulate a dummy interface with a bridge interface?

In 7.14, they exposed the actual underlying network stack's "lo" interface.

Whether that's what you need or not, I can only speculate, since you haven't said why you want to have a dummy interface.
by tangent
Thu Jul 04, 2024 7:49 pm
Forum: General
Topic: Firewall routing help
Replies: 9
Views: 738

Re: Firewall routing help

A) Purchase MikroTik products only if you are an expert in TCP/IP …or mean to become one through experience, which is why I so often lead with links to relevant docs. If the poster shows evidence that they either won't read or won't attempt to understand and apply what they did read, then that fall...
by tangent
Thu Jul 04, 2024 6:46 pm
Forum: General
Topic: Firewall routing help
Replies: 9
Views: 738

Re: Firewall routing help

handled by Mikrotik They've explicitly ruled out this category in point 6, here : "Technical support does not include training on TCP/IP." I'll readily grant that this is a poor-quality question, but as the mod who approved it, I'll tell you why: rejecting it would not have helped the OP....
by tangent
Wed Jul 03, 2024 3:44 pm
Forum: General
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 92
Views: 56082

Re: Please add basic portScan tool ( port scanner scan )

that works but i would say half. The "-t 10" bit in my command example overrides the default port scan timeout of 5 seconds (5000 ms) to just 10 ms, suitable for scanning fast hosts on a quiet LAN. Your next-hop may be more than 10 ms away, meaning it times out too fast to get any results.
by tangent
Wed Jul 03, 2024 7:31 am
Forum: General
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 92
Views: 56082

Re: Please add basic portScan tool ( port scanner scan )

It would be incredibly useful to be able to scan for live devices and available ports (similar to a very basic NMAP) You mean like the pscan tool built into Busybox, thus into every Alpine Linux based container? 🤓 > /interface/veth > add address=192.168.88.3/24 gateway=192.168.88.1 > /interface/bri...
by tangent
Wed Jul 03, 2024 7:20 am
Forum: General
Topic: Socks5 client setup in Mikrotik
Replies: 1
Views: 629

Re: Socks5 client setup in Mikrotik

This feels like an XY problem . Tell us your end goal, in detail, not about your difficulties achieving the goal given the current contents of your mental toolbox. One or another of the various VPN features in RouterOS will probably do what you want. Realize also that "VPN" is a broader cl...
by tangent
Wed Jul 03, 2024 6:44 am
Forum: Forwarding Protocols
Topic: send udp packet with destination 255.255.255.255 to other subnet In router
Replies: 5
Views: 1525

Re: send udp packet with destination 255.255.255.255 to other subnet In router

I was using it for Wake on Lan. I have two different WoL clients here, and both support setting a directed broadcast address. At that point, your routing rules should transport the WoL packet across the boundary without any extra help. If it's being blocked, that's likely a firewall configuration l...
by tangent
Wed Jul 03, 2024 5:12 am
Forum: General
Topic: Is RouterOS Affected by CVE-2024-6387?
Replies: 9
Views: 2651

Re: Is RouterOS Affected by CVE-2024-6387?

Who uses SSH??? Approximately the entirety of The Cloud . How else do you suppose all those zillions of remote Linux boxes are managed? I mean SSH1 as that is what Open SSH was based on?? Completely incorrect, but off-topic, so I won't chase it further here. Instead, read this , then realize that R...
by tangent
Mon Jul 01, 2024 4:27 am
Forum: Beginner Basics
Topic: Need Help on the IP Firewall Filter
Replies: 4
Views: 827

Re: Need Help on the IP Firewall Filter

I moved and re-titled your post because the term scripting has an unrelated meaning to what you posted above. But as for that post, I'm not sure what type of "sorting" you're wanting. At a quick glance, it looks like nearly all of it can be sorted directly into the round file . There is ze...
by tangent
Sun Jun 30, 2024 1:51 pm
Forum: General
Topic: Load Balancing
Replies: 4
Views: 433

Re: Load Balancing

by tangent
Sat Jun 29, 2024 10:15 am
Forum: Useful user articles
Topic: IPv6 with Xfinity
Replies: 5
Views: 4959

Re: IPv6 with Xfinity

Kept telling me that there is no pool name ipv6. That pool is dynamically created by the first step in the article, "/ipv6 dhcp-client add …" Note that the command can be given on one line without the line breaks and the backslash, or it can be given on two lines, with "/ipv6 dhcp-cl...
by tangent
Sat Jun 29, 2024 9:59 am
Forum: Scripting
Topic: Update Cloudflare DNS with script
Replies: 5
Views: 3380

Re: Update Cloudflare DNS with script

Do you have an interface called “wan1”? If not, the script will of course fail. Either change the name to that of your actual WAN interface or rename it to wan1 to placate the script.
by tangent
Thu Jun 27, 2024 7:25 pm
Forum: Beginner Basics
Topic: Which dstnat rules?
Replies: 3
Views: 694

Re: Which dstnat rules?

The first is best, being straightforward, yet flexible. If the second succeeds, it is only by the accident that there is no service at port 1234 on the router itself. It would not work for port-forwarding external HTTP conns to your public IP while still allowing WebFig access from the LAN, for exam...
by tangent
Mon Jun 24, 2024 5:49 am
Forum: General
Topic: Regex Format in Conditional DNS forwarding
Replies: 24
Views: 2053

Re: Conditional DNS forwarding

/ip dns static add regexp="^(?![\\w]*[-][\\d]{2})(.*[\\.]?ad\\.localdomain)$"… failure: name or regexp required That isn't a "POSIX basic regular expression" (BRE) that this setting is documented as taking . It's vaguely PCRE style, though with odd variations like with the doubl...
by tangent
Sun Jun 23, 2024 2:42 am
Forum: Beginner Basics
Topic: Port forwarding [SOLVED]
Replies: 7
Views: 4095

Re: Local Server Firewall [SOLVED]

<moderator-hat> @denzkie1191, please don't post essentially the same thing in multiple forums. I merged my reply to the other thread into this one, below, then deleted the other one. I chose this one only because it has other replies. </moderator-hat> I just want to ask what what firewall rules sho...
by tangent
Fri Jun 21, 2024 10:38 pm
Forum: RouterBOARD hardware
Topic: CRS520-4XS-16XQ-RM (NEW)
Replies: 20
Views: 4087

Re: CRS520-4XS-16XQ-RM (NEW)

Never mind…confused on the product naming…
by tangent
Fri Jun 21, 2024 10:29 pm
Forum: RouterBOARD hardware
Topic: [RB5009] "We will have several products in this series"
Replies: 13
Views: 3368

Re: [RB5009] "We will have several products in this series"

I can shop around for and purchase PCIe 4.0 x16 network cards that technically should be able to enable local area network (lan) connections up to 100 to 250 gigabits per second Have you tested whether putting a pair of those into your local computers lets you push 100-250 Gbit/sec between them con...
by tangent
Fri Jun 21, 2024 10:17 pm
Forum: Scripting
Topic: Temperature monitoring script stoped working after v7 upgrade
Replies: 10
Views: 1522

Re: Temperature monitoring script stoped working after v7 upgrade

<moderator hat on> Please don't cross-post, @mmdelhajj. I just deleted a duplicate of your post above in the linked thread. If you want this post merged into the other thread, you can ask and have the matter considered, but don't open the same topic in multiple locations. Also, in case you're wonder...
by tangent
Fri Jun 21, 2024 6:27 pm
Forum: Beginner Basics
Topic: NTP server not sync and showing status waiting
Replies: 3
Views: 1278

Re: NTP server not sync and showing status waiting

Your NTP configuration relies on DNS working properly due to the use of address pools. What happens when you say… /tool/ping 0.asia.pool.ntp.org By the way, the whole point of NTP pools is that you don't have to list many addresses. I would pare your local NTP configuration back to a single pool add...
by tangent
Fri Jun 21, 2024 4:28 pm
Forum: Beginner Basics
Topic: NTP server not sync and showing status waiting
Replies: 3
Views: 1278

Re: NTP server not sync and showing status waiting

Without the rest of the /export output, we're going to have to speculate somewhat. Your issue might have to do with "/ip/firewall/filter" rules, for instance.

Short of that, have you tried the several solutions given in this long thread?
by tangent
Fri Jun 21, 2024 3:09 pm
Forum: Virtualization
Topic: Increase CHR Free license limit to 10 Mbit/s
Replies: 33
Views: 4536

Re: Increase CHR Free license limit to 10 Mbit/s

it probably adds some overhead for Mikrotik You want to talk about overhead, let's talk about what it costs to keep "… more than 280 employees " coming back to the office day after day. You want production-grade software for free because…? Give me a better reason than "because I want...
by tangent
Tue Jun 18, 2024 7:06 pm
Forum: Containers
Topic: Start a container with the net_raw capability
Replies: 3
Views: 5003

Re: Start a container with the net_raw capability

Build a child container using the following Dockerfile, then install that:

FROM zabbix/zabbix-proxy-sqlite3:ol-7.0-latest
RUN setcap cap_net_raw=ep /usr/sbin/fping
by tangent
Mon Jun 10, 2024 5:53 am
Forum: RouterBOARD hardware
Topic: Power adapter for Audience
Replies: 1
Views: 1256

Re: Power adapter for Audience

The first one initially appears under-powered, but given the Audience's 27W max power draw spec , you come up with 1.125A at 24V, so 1.2A may work. The main worry here is that you're running the PSU right at its limits and thus may shorten its life. I don't have a good sense of how you would make th...
by tangent
Mon Jun 10, 2024 5:43 am
Forum: Beginner Basics
Topic: configuration wireless network not showing up after upgrade to 7.15 [SOLVED]
Replies: 2
Views: 5917

Re: configuration wireless network not showing up after upgrade to 7.15 [SOLVED]

I already reflashed the firmware via the netinstall methode, using the -e and -r flags, but it did not change anything. Is there anything i'm missing? The thing you might be missing is that when netinstalling to a WiFi device, it's best to pass both the base "routeros" package and the one...
by tangent
Fri Jun 07, 2024 2:16 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 3143

Re: Password length limit on SwOS? Seriously?

Not only does the same hardware run high-security crypto algorithms just fine (VPN, SSH, HTTPS…) the web login use case is on the order of one per hour. As long as the salt+hash computation completes in ~1 second, it’s fast enough.
by tangent
Thu Jun 06, 2024 2:01 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 142
Views: 17368

Re: hap ax3 random wireless disconnects

authentication types - they seem to be ignored from security config, leaving my network "open" This is the kind of thing I meant in my first reply: you're setting it from two different places, creating a conflict: /interface wifi configuration add antenna-gain=0 country="United State...
by tangent
Thu Jun 06, 2024 11:32 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 3143

Re: Password length limit on SwOS? Seriously?

Please stop using passwords use ssh keys instead.

The thread is about SwOS, which doesn't support SSH.
by tangent
Thu Jun 06, 2024 11:32 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 3143

Re: Password length limit on SwOS? Seriously?

BTW the link to the NIST document recommending 8 character passwords, that recommendation is from 2017. I find it hard to belief that anybody would consider that secure today. It depends on what type of rate-limiting is in place in front of it. That's why I bothered to set up fail2ban in front of R...
by tangent
Thu Jun 06, 2024 8:58 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 3143

Re: Password length limit on SwOS? Seriously?

A sensible limit of that type will be based on a buffer size, as I indicated. 256 bytes is sensible. 1k is sensible. 64k is sensible. 18 smacks of a fixed-length plaintext field in a C structure stored as-is in the flash RAM; there are no common 144-bit hash functions. What they ought to use that sp...
by tangent
Thu Jun 06, 2024 5:18 am
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 142
Views: 17368

Re: hap ax3 random wireless disconnects

Here's my config It would be clearer if you posted the sanitized output of "/interface/wifi/export", not "print" because that includes sub-items like the configuration and security sections. One thing this can show more clearly is when you have redundant or conflicting items in ...
by tangent
Thu Jun 06, 2024 1:52 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 3143

Re: Seriously?

I don't think that a 18 characters long password can be that much insecure I believe you're missing @mwiesenhaan's point. A length limit implies that they're storing the password in plaintext, thus that it can be retrieved and reused as-is. If they were salting and hashing the password as has been ...
by tangent
Wed Jun 05, 2024 10:34 am
Forum: Scripting
Topic: FTP configuration problems with CRS326
Replies: 2
Views: 998

Re: FTP configuration problems with CRS326

I’ve moved the topic. It beggars belief that the OP could have tried this and gotten that result on SwOS. The true issue must be something else.
by tangent
Tue Jun 04, 2024 8:40 am
Forum: Forwarding Protocols
Topic: PIM-SSM Support
Replies: 7
Views: 2777

Re: PIM-SSM Support

Would someone here please clarify if these German Telekom users want PIM-SM, or SSM, or SSM over a PIM-managed network, or…? It feels like an acronym mashup, but lacking experience with these foreign networks, I can’t disentangle it on my own. Both are features of IP multicast, but PIM Sparse Mode ≠...
by tangent
Tue Jun 04, 2024 8:26 am
Forum: General
Topic: Mikrotik hex S can't handle with 500Mbps - CPU 95%
Replies: 6
Views: 674

Re: Mikrotik hex S can't handle with 500Mbps - CPU 95%

What's the point than to "have" gigabit port?

@anav said it, but to clarify, traffic between wired interfaces in the default configuration’s “LAN” list will go at a full gigabit, being hardware-offloaded.
by tangent
Thu May 30, 2024 6:01 pm
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 29
Views: 7763

Re: Horrible container performance from 7.14 up to 7.15rc2

Maybe it's time to show your config ? That, or a minimal reproducible test case that is expected to show the same result everywhere. It's unreasonable to expect third-party testers to set up complex things like VictoriaMetrics, but if you instead give us something that can be tried in under a minut...
by tangent
Wed May 29, 2024 3:59 pm
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 29
Views: 7763

Re: Horrible container performance from 7.14 up to 7.15rc2

Are you using one of the official container images for this, or is it something you've built locally?
by tangent
Wed May 29, 2024 3:19 pm
Forum: General
Topic: ccr2116 nvme issue
Replies: 1
Views: 444

Re: ccr2116 nvme issue

I tried to find out what the heck a “J.ZAO QL SERIES” was, but I found little that was enlightening. The best of the bunch was this test result, where its ranking of around ¼ that of mainstream top products suggests it’s a cheap PoS at best.

What brand name did this thing come under?
by tangent
Tue May 28, 2024 10:11 pm
Forum: General
Topic: Same subnet but cannot access server HELP!
Replies: 1
Views: 387

Re: Same subnet but cannot access server HELP!

I created 1 network 10.0.0.1/22 and the dhcp gave me ip pool of 10.0.0.100-10.0.1.254. Was it your intention to assign only half the space to DHCP? A /22 subnet spans 10.0.0.1 to 10.0.3.255. Now, we have a linux server from another office in another location which has the ip of 172.16.10.254. What ...
by tangent
Tue May 28, 2024 10:06 pm
Forum: Beginner Basics
Topic: Port forward for Minecraft server 25565
Replies: 3
Views: 1169

Re: Port forward for Minecraft server 25565

Port mapping has nothing to do with this.

The second result for "port forward" in the docs is this: https://help.mikrotik.com/docs/display/ ... forwarding
by tangent
Mon May 27, 2024 8:55 pm
Forum: Forwarding Protocols
Topic: Need a helping hand with port forwarding [SOLVED]
Replies: 7
Views: 5088

Re: Need a helping hand with port forwarding [SOLVED]

/ip firewall filter add action=drop chain=input comment="WAN -> FW | Ping blockieren" \ in-interface=ether1 protocol=icmp This is a bad idea . add action=drop chain=forward comment="ALLG. | Alles andere verwerfen" \ connection-nat-state="" connection-state=""...
by tangent
Mon May 27, 2024 6:26 pm
Forum: Forwarding Protocols
Topic: Need a helping hand with port forwarding [SOLVED]
Replies: 7
Views: 5088

Re: Need a helping hand with port forwarding [SOLVED]

I don't see what the actual problem is, but this rule needs to go: add action=accept chain=forward comment="ALLG. | Port-Forwarding" connection-nat-state=dstnat in-interface-list=WAN As you can see from this packet flow diagram , it does you no good, the dst-nat chain being part of PREROUT...
by tangent
Sun May 26, 2024 6:16 pm
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 2265

Re: iperf3 in docker container not showing 10Gb/sec speed

to get ~10g routed traffic on my 2004 i have to turn the MTU up to around 8k Across the OP's CRS309, standard-sized Ethernet packets suffice, if we can go by my CRS328 tests here. I have yet to be able to justify jumbo packets with any test I've been able to devise here. That's not to say it isn't ...
by tangent
Sat May 25, 2024 3:12 am
Forum: Beginner Basics
Topic: wireGuard does not work for me on my mikrotik RB750r2
Replies: 15
Views: 2160

Re: wireGuard does not work for me on my mikrotik RB750r2

is rule number 8 well located there or do I have to lower it all the way down? It's as far down as it can get already. Rules apply within a given chain, so with no other "input" chain rules after it, that one is at the end already. Pushing it further down in the list shown by WinBox will ...
by tangent
Fri May 24, 2024 6:34 am
Forum: General
Topic: CRS328 mangle rules [SOLVED]
Replies: 3
Views: 1127

Re: CRS328 mangle rules [SOLVED]

You should be looking at something like hardware queues instead. It’s a switch, not a router.
by tangent
Fri May 24, 2024 6:29 am
Forum: Beginner Basics
Topic: wireGuard does not work for me on my mikrotik RB750r2
Replies: 15
Views: 2160

Re: wireGuard does not work for me on my mikrotik RB750r2

This article shows a successful WG config with double NAT. Not ideal, but I ran that way for about a year before I was able to replace the border router with an ax³ and move WG service to it.
by tangent
Thu May 23, 2024 4:18 am
Forum: Wireless Networking
Topic: Apple Airplay not working
Replies: 11
Views: 3015

Re: Apple Airplay not working

.multicast-enhance=enabled
?
by tangent
Wed May 22, 2024 11:16 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 18
Views: 5812

Re: Stopped containers respond to ping

If something is little, it doesn’t automatically mean it should be treated as true and correct.

The more smarts you add, the bigger it gets. There isn’t room left even for something the size of crun on some ROS devices that support containers today, much less Podman scale or larger.

TANSTAAFL.
by tangent
Wed May 22, 2024 9:37 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 18
Views: 5812

Re: Stopped containers respond to ping

Part of your misapprehension is assuming there is a 1:1 correspondence between IPs and containers. There isn't, and there should not be. Thanks for contributing your time to this issue and writing such a long message. I appreciate your opinion. The part you quoted isn't an opinion. Consider a Kuber...
by tangent
Wed May 22, 2024 6:57 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 18
Views: 5812

Re: Stopped containers respond to ping

why should anybody want a VETH independent of any container? I don't think it's a matter of "want" but more a reflection of the bare-bones nature of RouterOS's container runtime. It has no equivalent of " podman network create " for example, much less the even more elaborate beh...
by tangent
Wed May 22, 2024 1:42 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 18
Views: 5812

Re: Stopped containers respond to ping

Community , if you use containers, do you think stopped containers should respond to pings? Your question is based on a misapprehension: that started containers respond to pings. They don't. It's the VETH that responds to pings, because it owns the IP you're pinging. Since the VETH lifetime is inde...
by tangent
Wed May 22, 2024 12:14 pm
Forum: Beginner Basics
Topic: [delete]
Replies: 23
Views: 1735

Re: CRS310-8G+S2 reality check on CPU use when using internet traffic

Are you sure ? Because my CRS by default works like a router. Are you sure? 🤓 Become sure by saying "/system/default-configuration/print without-paging" and then stripping away all the conditional logic, unrolling the "for" loops, etc. When I do that here on my CRS328 running 7....
by tangent
Mon May 20, 2024 6:57 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 15881

Re: [Discussion] MikroTik configuration abstraction complexity

Ubiquiti is absolutely horseshit. MikroTik should learn from VyOS developers Are you trying to get banned with all these unprofessional tirades? Bad language aside, UBNT's EdgeRouter series were based on a fork of VyOS. ( Source ) If VyOS is the fount of networking wisdom…? The mind boggles attempt...
by tangent
Sun May 19, 2024 5:30 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 4507

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

I think you should keep the CRS310 and extend your existing network like this: https://tangentsoft.com/mikrotik/doc/trunk/images/crs310-rb5009.pikchr?popup The thick arrows represent an aggregation of multiple links, to contrast them with the single-link arrows. This leaves you with a single spare 1...
by tangent
Sun May 19, 2024 5:01 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 4507

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

The overcompensation came because my network is 10G ready, and I don't want to waste money over years upgrading devices. So, I wanted to keep the 10G ready network. This is why I suggested segregating switching from routing, with 10G on the LAN side bottle-necking to 2.5G at the WAN link. Let's use...
by tangent
Sat May 18, 2024 6:18 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 4507

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

Mikrotik, unfortunately, doesn't have competitive routers…Maybe the NETGEAR PR60X would be the best choice at the moment Either you have a strange definition of "competitive," or you're trolling. You offer a $700 NetGear router as an alternative to a $465 MT unit and call the latter non-c...
by tangent
Fri May 17, 2024 11:38 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 4507

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

If the purpose of getting the CRS310 is to have more 10G ports than an RB5009 gets you, you can connect these two together with a short DAC cable. Separating switching from routing is an excellent way to get the best speed. It segregates the 10G LAN traffic from that going out to the Internet throug...
by tangent
Fri May 17, 2024 9:20 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 4507

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

I upgrade the routerboard with CRS310-8G+2S+IN.

No, you downgraded from a router to a switch. Check the test results:


A proper ~2.5 Gbit/sec upgrade for a hEX class router is an RB5009. They've even got a PoE version now.
by tangent
Tue May 14, 2024 5:58 am
Forum: Beginner Basics
Topic: Internal clients DNS over HTTPS
Replies: 6
Views: 1643

Re: Internal clients DNS over HTTPS

Seriously? Encrypting DNS across the private LAN is a "huge miss in the entire market space"? That seems a rather niche requirement.

Encrypting over the Internet is the bulk of the market need, and for that, the current facilities suffice.
by tangent
Mon May 13, 2024 11:22 pm
Forum: Beginner Basics
Topic: Internal clients DNS over HTTPS
Replies: 6
Views: 1643

Re: Internal clients DNS over HTTPS

The internal hosts don’t use DoH themselves. They ask the router questions via plain old DNS, and it asks Cloudflare (in this case) questions via DoH on their behalf.
by tangent
Mon May 13, 2024 8:56 pm
Forum: Beginner Basics
Topic: Internal clients DNS over HTTPS
Replies: 6
Views: 1643

Re: Internal clients DNS over HTTPS

I don't know whether you're overthinking matters or overlooking something obvious, but there's no obscurity here at all. You set the router up to use DoH as documented, enable an externally-responding DNS server on same with your DoH as the upstream, then pass your router's IP out with DHCP requests...
by tangent
Fri May 10, 2024 1:50 pm
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 2265

Re: iperf3 in docker container not showing 10Gb/sec speed

server is 2012 era…Lenovo Thinkstation C 30 That looks like your problem to me. I wasn't in the 10G market in 2012, but I don't remember anything "workstation" grade coming with 10G NICs, not even the top-end Mac Pro. That didn't start happening until 2016-2017. PCI express lanes on my 20...
by tangent
Fri May 10, 2024 4:14 am
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 2265

Re: iperf3 in docker container not showing 10Gb/sec speed

I'm still only getting 3-4gbits/sec across the switch.. isn't that a bit weird? First rule of troubleshooting: test one thing at a time. You've got several unnecessary complexities in this setup: Two fiber links to the Home Server in the lower left corner of the network diagram. Unplug one to give ...
by tangent
Fri May 10, 2024 3:59 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 1251

Re: Can't access local web by IP address

listBridge is the exact name from there Yes, that's resulting in unnecessary confusion, for both of us. I reported this issue to MT support, and they've made a whole series of improvements to the First Time Configuration article, and not merely to standardize the article's naming choices relative t...
by tangent
Mon May 06, 2024 2:05 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 340
Views: 119550

Re: v7.15rc [testing] is released!

Hmmm,...the alternative would be to declair those devices "End of Live" or "End of Support"... but would this be the better solution instead of supporting old devices with the newest ROS with concerns? One of the things that pushed me into the RouterOS world is the promise of 5 ...
by tangent
Mon May 06, 2024 3:33 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 1251

Re: Can't access local web by IP address

I went this way as it should give me better understanding of how things work In principle, over the long haul, sure, but as we’ve seen, you made a few serious mistakes already. The biggie is putting the WAN and LAN sides in the same interface list. It had no effect in your prior config, but it was ...
by tangent
Sun May 05, 2024 8:27 am
Forum: RouterBOARD hardware
Topic: L009UiGS-2HaxD-IN downgrade routeros v6
Replies: 3
Views: 1761

Re: L009UiGS-2HaxD-IN downgrade routeros v6

I can not migrate my config to L009UiGS-2HaxD-IN routeros v7. Apply the config in parts. Most things are unchanged. When you get to the part or parts that fail, you can look for advice in the Upgrading to v7 guide in the manual, or by comparing what doesn't work with what is currently documented el...
by tangent
Sun May 05, 2024 1:05 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 1251

Re: Can't access local web by IP address

listBridge is the exact name from there Yes, that's resulting in unnecessary confusion, for both of us. Me because I didn't recognize the alternate configuration and map it back to the defaults, you because this doc leads you to discarding the defaults and starting over from scratch, unnecessarily....
by tangent
Sat May 04, 2024 11:50 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 1251

Re: Can't access local web by IP address

/interface list add name=listBridge You shouldn't be renaming defaults before you fully understand them. The purpose of the "LAN" interface list isn't to alias the bridge or anything like that. It merely expresses the truth that in the default configuration there is only one "interfa...
by tangent
Fri May 03, 2024 12:17 am
Forum: Beginner Basics
Topic: Looking for clarification on how switch chips and bridging work
Replies: 1
Views: 691

Re: Looking for clarification on how switch chips and bridging work

how does AR8327 Switch know to have all of these ports and bridge port on the same broadcast domain? Because you configured RouterOS to tell it so. If you're asking how switch chips work internally, you might be able to dig up a bootleg copy of the IC manual without signing an NDA, but it'll be a s...
by tangent
Thu May 02, 2024 9:08 am
Forum: Beginner Basics
Topic: Multicast between subnets
Replies: 1
Views: 399

Re: Multicast between subnets

by tangent
Thu May 02, 2024 12:25 am
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 2265

Re: iperf3 in docker container not showing 10Gb/sec speed

a docker container May I ask, whose? Mine is capable of better than that with an RB4011, and an RB5009 should do a smidge better still. See the benchmark results at the bottom of the linked documentation. Partly that's the low-overhead nature of the setup, but also it's careful setup of the test. T...
by tangent
Wed May 01, 2024 8:23 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 3506

Re: Low performance on RB5009 with machine behind NAT

MikroTik didn't expose jack. Where's EVPN? The Marvell ASICs on CCR2k supports it, where's the “exposé”? We're arguing two separate points. You're welcome to demand every single feature of the chip in RouterOS, but MT has finite resources, and their priorities likely differ from yours atop that. My...
by tangent
Wed May 01, 2024 6:39 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 3506

Re: Low performance on RB5009 with machine behind NAT

That thread linked of mine isn't a Thesis I’m using that word in the “proposition stated as the basis of an argument to be proven” sense, not the “doctoral dissertation” sense. I do assume you are interested in reasoned argumentation over mere argumentativeness, yes? Linux bridge doesn't have good ...
by tangent
Tue Apr 30, 2024 12:13 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 3506

Re: Low performance on RB5009 with machine behind NAT

configuration abstraction complexity of MikroTik The way I summarize that thread's application to this one is that there is some RouterOS configuration change that would somehow cause the OP's application to proceed much faster, and the only reason it isn't being done is that there are too many pos...
by tangent
Sun Apr 28, 2024 12:12 am
Forum: General
Topic: Unsquashfs
Replies: 7
Views: 870

Re: Unsquashfs

Does "unsquashfs --help" list xz as an available decompressor?
by tangent
Sat Apr 27, 2024 11:17 pm
Forum: General
Topic: Unsquashfs
Replies: 7
Views: 870

Re: Unsquashfs

What's your version of unsquashfs?
by tangent
Fri Apr 26, 2024 5:37 pm
Forum: Scripting
Topic: Automating configuration of APs [SOLVED]
Replies: 2
Views: 6502

Re: script [SOLVED]

Install an OS designed to be scripted from the ground up, then use that to netinstall your routers. One of many possible expressions of this basic philosophy is this article . This is meant as inspiration, not prescription. No one here is going to design your automated deployment system for you and ...