Community discussions

MikroTik App

Search found 1501 matches

by tangent
Mon Jun 24, 2024 5:49 am
Forum: General
Topic: Regex Format in Conditional DNS forwarding
Replies: 11
Views: 229

Re: Conditional DNS forwarding

/ip dns static add regexp="^(?![\\w]*[-][\\d]{2})(.*[\\.]?ad\\.localdomain)$"… failure: name or regexp required That isn't a "POSIX basic regular expression" (BRE) that this setting is documented as taking . It's vaguely PCRE style, though with odd variations like with the doubl...
by tangent
Sun Jun 23, 2024 2:42 am
Forum: Beginner Basics
Topic: Port forwarding [SOLVED]
Replies: 7
Views: 353

Re: Local Server Firewall [SOLVED]

<moderator-hat> @denzkie1191, please don't post essentially the same thing in multiple forums. I merged my reply to the other thread into this one, below, then deleted the other one. I chose this one only because it has other replies. </moderator-hat> I just want to ask what what firewall rules sho...
by tangent
Fri Jun 21, 2024 10:38 pm
Forum: RouterBOARD hardware
Topic: CRS520-4XS-16XQ-RM (NEW)
Replies: 8
Views: 578

Re: CRS520-4XS-16XQ-RM (NEW)

Never mind…confused on the product naming…
by tangent
Fri Jun 21, 2024 10:29 pm
Forum: RouterBOARD hardware
Topic: [RB5009] "We will have several products in this series"
Replies: 13
Views: 1616

Re: [RB5009] "We will have several products in this series"

I can shop around for and purchase PCIe 4.0 x16 network cards that technically should be able to enable local area network (lan) connections up to 100 to 250 gigabits per second Have you tested whether putting a pair of those into your local computers lets you push 100-250 Gbit/sec between them con...
by tangent
Fri Jun 21, 2024 10:17 pm
Forum: Scripting
Topic: Temperature monitoring script stoped working after v7 upgrade
Replies: 5
Views: 209

Re: Temperature monitoring script stoped working after v7 upgrade

<moderator hat on> Please don't cross-post, @mmdelhajj. I just deleted a duplicate of your post above in the linked thread. If you want this post merged into the other thread, you can ask and have the matter considered, but don't open the same topic in multiple locations. Also, in case you're wonder...
by tangent
Fri Jun 21, 2024 6:27 pm
Forum: Beginner Basics
Topic: NTP server not sync and showing status waiting
Replies: 3
Views: 211

Re: NTP server not sync and showing status waiting

Your NTP configuration relies on DNS working properly due to the use of address pools. What happens when you say… /tool/ping 0.asia.pool.ntp.org By the way, the whole point of NTP pools is that you don't have to list many addresses. I would pare your local NTP configuration back to a single pool add...
by tangent
Fri Jun 21, 2024 4:28 pm
Forum: Beginner Basics
Topic: NTP server not sync and showing status waiting
Replies: 3
Views: 211

Re: NTP server not sync and showing status waiting

Without the rest of the /export output, we're going to have to speculate somewhat. Your issue might have to do with "/ip/firewall/filter" rules, for instance.

Short of that, have you tried the several solutions given in this long thread?
by tangent
Fri Jun 21, 2024 3:09 pm
Forum: Virtualization
Topic: Increase CHR Free license limit to 10 Mbit/s
Replies: 30
Views: 1212

Re: Increase CHR Free license limit to 10 Mbit/s

it probably adds some overhead for Mikrotik You want to talk about overhead, let's talk about what it costs to keep "… more than 280 employees " coming back to the office day after day. You want production-grade software for free because…? Give me a better reason than "because I want...
by tangent
Tue Jun 18, 2024 7:06 pm
Forum: Containers
Topic: Start a container with the net_raw capability
Replies: 2
Views: 324

Re: Start a container with the net_raw capability

Build a child container using the following Dockerfile, then install that:

FROM zabbix/zabbix-proxy-sqlite3:ol-7.0-latest
RUN setcap cap_net_raw=ep /usr/sbin/fping
by tangent
Mon Jun 10, 2024 5:53 am
Forum: RouterBOARD hardware
Topic: Power adapter for Audience
Replies: 1
Views: 230

Re: Power adapter for Audience

The first one initially appears under-powered, but given the Audience's 27W max power draw spec , you come up with 1.125A at 24V, so 1.2A may work. The main worry here is that you're running the PSU right at its limits and thus may shorten its life. I don't have a good sense of how you would make th...
by tangent
Mon Jun 10, 2024 5:43 am
Forum: Beginner Basics
Topic: configuration wireless network not showing up after upgrade to 7.15 [SOLVED]
Replies: 2
Views: 504

Re: configuration wireless network not showing up after upgrade to 7.15 [SOLVED]

I already reflashed the firmware via the netinstall methode, using the -e and -r flags, but it did not change anything. Is there anything i'm missing? The thing you might be missing is that when netinstalling to a WiFi device, it's best to pass both the base "routeros" package and the one...
by tangent
Fri Jun 07, 2024 2:16 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 1224

Re: Password length limit on SwOS? Seriously?

Not only does the same hardware run high-security crypto algorithms just fine (VPN, SSH, HTTPS…) the web login use case is on the order of one per hour. As long as the salt+hash computation completes in ~1 second, it’s fast enough.
by tangent
Thu Jun 06, 2024 2:01 pm
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 15
Views: 744

Re: hap ax3 random wireless disconnects

authentication types - they seem to be ignored from security config, leaving my network "open" This is the kind of thing I meant in my first reply: you're setting it from two different places, creating a conflict: /interface wifi configuration add antenna-gain=0 country="United State...
by tangent
Thu Jun 06, 2024 11:32 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 1224

Re: Password length limit on SwOS? Seriously?

Please stop using passwords use ssh keys instead.

The thread is about SwOS, which doesn't support SSH.
by tangent
Thu Jun 06, 2024 11:32 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 1224

Re: Password length limit on SwOS? Seriously?

BTW the link to the NIST document recommending 8 character passwords, that recommendation is from 2017. I find it hard to belief that anybody would consider that secure today. It depends on what type of rate-limiting is in place in front of it. That's why I bothered to set up fail2ban in front of R...
by tangent
Thu Jun 06, 2024 8:58 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 1224

Re: Password length limit on SwOS? Seriously?

A sensible limit of that type will be based on a buffer size, as I indicated. 256 bytes is sensible. 1k is sensible. 64k is sensible. 18 smacks of a fixed-length plaintext field in a C structure stored as-is in the flash RAM; there are no common 144-bit hash functions. What they ought to use that sp...
by tangent
Thu Jun 06, 2024 5:18 am
Forum: General
Topic: hap ax3 random wireless disconnects
Replies: 15
Views: 744

Re: hap ax3 random wireless disconnects

Here's my config It would be clearer if you posted the sanitized output of "/interface/wifi/export", not "print" because that includes sub-items like the configuration and security sections. One thing this can show more clearly is when you have redundant or conflicting items in ...
by tangent
Thu Jun 06, 2024 1:52 am
Forum: SwOS
Topic: Password length limit on SwOS? Seriously?
Replies: 20
Views: 1224

Re: Seriously?

I don't think that a 18 characters long password can be that much insecure I believe you're missing @mwiesenhaan's point. A length limit implies that they're storing the password in plaintext, thus that it can be retrieved and reused as-is. If they were salting and hashing the password as has been ...
by tangent
Wed Jun 05, 2024 10:34 am
Forum: Scripting
Topic: FTP configuration problems with CRS326
Replies: 2
Views: 261

Re: FTP configuration problems with CRS326

I’ve moved the topic. It beggars belief that the OP could have tried this and gotten that result on SwOS. The true issue must be something else.
by tangent
Tue Jun 04, 2024 8:40 am
Forum: Forwarding Protocols
Topic: PIM-SSM Support
Replies: 7
Views: 2071

Re: PIM-SSM Support

Would someone here please clarify if these German Telekom users want PIM-SM, or SSM, or SSM over a PIM-managed network, or…? It feels like an acronym mashup, but lacking experience with these foreign networks, I can’t disentangle it on my own. Both are features of IP multicast, but PIM Sparse Mode ≠...
by tangent
Tue Jun 04, 2024 8:26 am
Forum: General
Topic: Mikrotik hex S can't handle with 500Mbps - CPU 95%
Replies: 6
Views: 468

Re: Mikrotik hex S can't handle with 500Mbps - CPU 95%

What's the point than to "have" gigabit port?

@anav said it, but to clarify, traffic between wired interfaces in the default configuration’s “LAN” list will go at a full gigabit, being hardware-offloaded.
by tangent
Thu May 30, 2024 6:01 pm
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 23
Views: 1809

Re: Horrible container performance from 7.14 up to 7.15rc2

Maybe it's time to show your config ? That, or a minimal reproducible test case that is expected to show the same result everywhere. It's unreasonable to expect third-party testers to set up complex things like VictoriaMetrics, but if you instead give us something that can be tried in under a minut...
by tangent
Wed May 29, 2024 3:59 pm
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 23
Views: 1809

Re: Horrible container performance from 7.14 up to 7.15rc2

Are you using one of the official container images for this, or is it something you've built locally?
by tangent
Wed May 29, 2024 3:19 pm
Forum: General
Topic: ccr2116 nvme issue
Replies: 1
Views: 356

Re: ccr2116 nvme issue

I tried to find out what the heck a “J.ZAO QL SERIES” was, but I found little that was enlightening. The best of the bunch was this test result, where its ranking of around ¼ that of mainstream top products suggests it’s a cheap PoS at best.

What brand name did this thing come under?
by tangent
Tue May 28, 2024 10:11 pm
Forum: General
Topic: Same subnet but cannot access server HELP!
Replies: 1
Views: 303

Re: Same subnet but cannot access server HELP!

I created 1 network 10.0.0.1/22 and the dhcp gave me ip pool of 10.0.0.100-10.0.1.254. Was it your intention to assign only half the space to DHCP? A /22 subnet spans 10.0.0.1 to 10.0.3.255. Now, we have a linux server from another office in another location which has the ip of 172.16.10.254. What ...
by tangent
Tue May 28, 2024 10:06 pm
Forum: Beginner Basics
Topic: Port forward for Minecraft server 25565
Replies: 3
Views: 488

Re: Port forward for Minecraft server 25565

Port mapping has nothing to do with this.

The second result for "port forward" in the docs is this: https://help.mikrotik.com/docs/display/ ... forwarding
by tangent
Mon May 27, 2024 8:55 pm
Forum: Forwarding Protocols
Topic: Need a helping hand with port forwarding [SOLVED]
Replies: 7
Views: 765

Re: Need a helping hand with port forwarding [SOLVED]

/ip firewall filter add action=drop chain=input comment="WAN -> FW | Ping blockieren" \ in-interface=ether1 protocol=icmp This is a bad idea . add action=drop chain=forward comment="ALLG. | Alles andere verwerfen" \ connection-nat-state="" connection-state=""...
by tangent
Mon May 27, 2024 6:26 pm
Forum: Forwarding Protocols
Topic: Need a helping hand with port forwarding [SOLVED]
Replies: 7
Views: 765

Re: Need a helping hand with port forwarding [SOLVED]

I don't see what the actual problem is, but this rule needs to go: add action=accept chain=forward comment="ALLG. | Port-Forwarding" connection-nat-state=dstnat in-interface-list=WAN As you can see from this packet flow diagram , it does you no good, the dst-nat chain being part of PREROUT...
by tangent
Sun May 26, 2024 6:16 pm
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 1721

Re: iperf3 in docker container not showing 10Gb/sec speed

to get ~10g routed traffic on my 2004 i have to turn the MTU up to around 8k Across the OP's CRS309, standard-sized Ethernet packets suffice, if we can go by my CRS328 tests here. I have yet to be able to justify jumbo packets with any test I've been able to devise here. That's not to say it isn't ...
by tangent
Sat May 25, 2024 3:12 am
Forum: Beginner Basics
Topic: wireGuard does not work for me on my mikrotik RB750r2
Replies: 15
Views: 1714

Re: wireGuard does not work for me on my mikrotik RB750r2

is rule number 8 well located there or do I have to lower it all the way down? It's as far down as it can get already. Rules apply within a given chain, so with no other "input" chain rules after it, that one is at the end already. Pushing it further down in the list shown by WinBox will ...
by tangent
Fri May 24, 2024 6:34 am
Forum: General
Topic: CRS328 mangle rules [SOLVED]
Replies: 3
Views: 569

Re: CRS328 mangle rules [SOLVED]

You should be looking at something like hardware queues instead. It’s a switch, not a router.
by tangent
Fri May 24, 2024 6:29 am
Forum: Beginner Basics
Topic: wireGuard does not work for me on my mikrotik RB750r2
Replies: 15
Views: 1714

Re: wireGuard does not work for me on my mikrotik RB750r2

This article shows a successful WG config with double NAT. Not ideal, but I ran that way for about a year before I was able to replace the border router with an ax³ and move WG service to it.
by tangent
Thu May 23, 2024 4:18 am
Forum: Wireless Networking
Topic: Apple Airplay not working
Replies: 10
Views: 1491

Re: Apple Airplay not working

.multicast-enhance=enabled
?
by tangent
Wed May 22, 2024 11:16 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 967

Re: Stopped containers respond to ping

If something is little, it doesn’t automatically mean it should be treated as true and correct.

The more smarts you add, the bigger it gets. There isn’t room left even for something the size of crun on some ROS devices that support containers today, much less Podman scale or larger.

TANSTAAFL.
by tangent
Wed May 22, 2024 9:37 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 967

Re: Stopped containers respond to ping

Part of your misapprehension is assuming there is a 1:1 correspondence between IPs and containers. There isn't, and there should not be. Thanks for contributing your time to this issue and writing such a long message. I appreciate your opinion. The part you quoted isn't an opinion. Consider a Kuber...
by tangent
Wed May 22, 2024 6:57 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 967

Re: Stopped containers respond to ping

why should anybody want a VETH independent of any container? I don't think it's a matter of "want" but more a reflection of the bare-bones nature of RouterOS's container runtime. It has no equivalent of " podman network create " for example, much less the even more elaborate beh...
by tangent
Wed May 22, 2024 1:42 pm
Forum: Containers
Topic: Stopped containers respond to ping
Replies: 17
Views: 967

Re: Stopped containers respond to ping

Community , if you use containers, do you think stopped containers should respond to pings? Your question is based on a misapprehension: that started containers respond to pings. They don't. It's the VETH that responds to pings, because it owns the IP you're pinging. Since the VETH lifetime is inde...
by tangent
Wed May 22, 2024 12:14 pm
Forum: Beginner Basics
Topic: [delete]
Replies: 23
Views: 1198

Re: CRS310-8G+S2 reality check on CPU use when using internet traffic

Are you sure ? Because my CRS by default works like a router. Are you sure? 🤓 Become sure by saying "/system/default-configuration/print without-paging" and then stripping away all the conditional logic, unrolling the "for" loops, etc. When I do that here on my CRS328 running 7....
by tangent
Mon May 20, 2024 6:57 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11625

Re: [Discussion] MikroTik configuration abstraction complexity

Ubiquiti is absolutely horseshit. MikroTik should learn from VyOS developers Are you trying to get banned with all these unprofessional tirades? Bad language aside, UBNT's EdgeRouter series were based on a fork of VyOS. ( Source ) If VyOS is the fount of networking wisdom…? The mind boggles attempt...
by tangent
Sun May 19, 2024 5:30 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 1394

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

I think you should keep the CRS310 and extend your existing network like this: https://tangentsoft.com/mikrotik/doc/trunk/images/crs310-rb5009.pikchr?popup The thick arrows represent an aggregation of multiple links, to contrast them with the single-link arrows. This leaves you with a single spare 1...
by tangent
Sun May 19, 2024 5:01 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 1394

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

The overcompensation came because my network is 10G ready, and I don't want to waste money over years upgrading devices. So, I wanted to keep the 10G ready network. This is why I suggested segregating switching from routing, with 10G on the LAN side bottle-necking to 2.5G at the WAN link. Let's use...
by tangent
Sat May 18, 2024 6:18 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 1394

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

Mikrotik, unfortunately, doesn't have competitive routers…Maybe the NETGEAR PR60X would be the best choice at the moment Either you have a strange definition of "competitive," or you're trolling. You offer a $700 NetGear router as an alternative to a $465 MT unit and call the latter non-c...
by tangent
Fri May 17, 2024 11:38 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 1394

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

If the purpose of getting the CRS310 is to have more 10G ports than an RB5009 gets you, you can connect these two together with a short DAC cable. Separating switching from routing is an excellent way to get the best speed. It segregates the 10G LAN traffic from that going out to the Internet throug...
by tangent
Fri May 17, 2024 9:20 pm
Forum: Beginner Basics
Topic: CRS310-8G+2S+IN - Low speed ISP [SOLVED]
Replies: 18
Views: 1394

Re: CRS310-8G+2S+IN - Low speed ISP [SOLVED]

I upgrade the routerboard with CRS310-8G+2S+IN.

No, you downgraded from a router to a switch. Check the test results:


A proper ~2.5 Gbit/sec upgrade for a hEX class router is an RB5009. They've even got a PoE version now.
by tangent
Tue May 14, 2024 5:58 am
Forum: Beginner Basics
Topic: Internal clients DNS over HTTPS
Replies: 6
Views: 622

Re: Internal clients DNS over HTTPS

Seriously? Encrypting DNS across the private LAN is a "huge miss in the entire market space"? That seems a rather niche requirement.

Encrypting over the Internet is the bulk of the market need, and for that, the current facilities suffice.
by tangent
Mon May 13, 2024 11:22 pm
Forum: Beginner Basics
Topic: Internal clients DNS over HTTPS
Replies: 6
Views: 622

Re: Internal clients DNS over HTTPS

The internal hosts don’t use DoH themselves. They ask the router questions via plain old DNS, and it asks Cloudflare (in this case) questions via DoH on their behalf.
by tangent
Mon May 13, 2024 8:56 pm
Forum: Beginner Basics
Topic: Internal clients DNS over HTTPS
Replies: 6
Views: 622

Re: Internal clients DNS over HTTPS

I don't know whether you're overthinking matters or overlooking something obvious, but there's no obscurity here at all. You set the router up to use DoH as documented, enable an externally-responding DNS server on same with your DoH as the upstream, then pass your router's IP out with DHCP requests...
by tangent
Fri May 10, 2024 1:50 pm
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 1721

Re: iperf3 in docker container not showing 10Gb/sec speed

server is 2012 era…Lenovo Thinkstation C 30 That looks like your problem to me. I wasn't in the 10G market in 2012, but I don't remember anything "workstation" grade coming with 10G NICs, not even the top-end Mac Pro. That didn't start happening until 2016-2017. PCI express lanes on my 20...
by tangent
Fri May 10, 2024 4:14 am
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 1721

Re: iperf3 in docker container not showing 10Gb/sec speed

I'm still only getting 3-4gbits/sec across the switch.. isn't that a bit weird? First rule of troubleshooting: test one thing at a time. You've got several unnecessary complexities in this setup: Two fiber links to the Home Server in the lower left corner of the network diagram. Unplug one to give ...
by tangent
Fri May 10, 2024 3:59 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 849

Re: Can't access local web by IP address

listBridge is the exact name from there Yes, that's resulting in unnecessary confusion, for both of us. I reported this issue to MT support, and they've made a whole series of improvements to the First Time Configuration article, and not merely to standardize the article's naming choices relative t...
by tangent
Mon May 06, 2024 2:05 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 110092

Re: v7.15rc [testing] is released!

Hmmm,...the alternative would be to declair those devices "End of Live" or "End of Support"... but would this be the better solution instead of supporting old devices with the newest ROS with concerns? One of the things that pushed me into the RouterOS world is the promise of 5 ...
by tangent
Mon May 06, 2024 3:33 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 849

Re: Can't access local web by IP address

I went this way as it should give me better understanding of how things work In principle, over the long haul, sure, but as we’ve seen, you made a few serious mistakes already. The biggie is putting the WAN and LAN sides in the same interface list. It had no effect in your prior config, but it was ...
by tangent
Sun May 05, 2024 8:27 am
Forum: RouterBOARD hardware
Topic: L009UiGS-2HaxD-IN downgrade routeros v6
Replies: 3
Views: 509

Re: L009UiGS-2HaxD-IN downgrade routeros v6

I can not migrate my config to L009UiGS-2HaxD-IN routeros v7. Apply the config in parts. Most things are unchanged. When you get to the part or parts that fail, you can look for advice in the Upgrading to v7 guide in the manual, or by comparing what doesn't work with what is currently documented el...
by tangent
Sun May 05, 2024 1:05 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 849

Re: Can't access local web by IP address

listBridge is the exact name from there Yes, that's resulting in unnecessary confusion, for both of us. Me because I didn't recognize the alternate configuration and map it back to the defaults, you because this doc leads you to discarding the defaults and starting over from scratch, unnecessarily....
by tangent
Sat May 04, 2024 11:50 am
Forum: Beginner Basics
Topic: Can't access local web by IP address
Replies: 6
Views: 849

Re: Can't access local web by IP address

/interface list add name=listBridge You shouldn't be renaming defaults before you fully understand them. The purpose of the "LAN" interface list isn't to alias the bridge or anything like that. It merely expresses the truth that in the default configuration there is only one "interfa...
by tangent
Fri May 03, 2024 12:17 am
Forum: Beginner Basics
Topic: Looking for clarification on how switch chips and bridging work
Replies: 1
Views: 337

Re: Looking for clarification on how switch chips and bridging work

how does AR8327 Switch know to have all of these ports and bridge port on the same broadcast domain? Because you configured RouterOS to tell it so. If you're asking how switch chips work internally, you might be able to dig up a bootleg copy of the IC manual without signing an NDA, but it'll be a s...
by tangent
Thu May 02, 2024 9:08 am
Forum: Beginner Basics
Topic: Multicast between subnets
Replies: 1
Views: 268

Re: Multicast between subnets

by tangent
Thu May 02, 2024 12:25 am
Forum: General
Topic: iperf3 in docker container not showing 10Gb/sec speed
Replies: 13
Views: 1721

Re: iperf3 in docker container not showing 10Gb/sec speed

a docker container May I ask, whose? Mine is capable of better than that with an RB4011, and an RB5009 should do a smidge better still. See the benchmark results at the bottom of the linked documentation. Partly that's the low-overhead nature of the setup, but also it's careful setup of the test. T...
by tangent
Wed May 01, 2024 8:23 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

MikroTik didn't expose jack. Where's EVPN? The Marvell ASICs on CCR2k supports it, where's the “exposé”? We're arguing two separate points. You're welcome to demand every single feature of the chip in RouterOS, but MT has finite resources, and their priorities likely differ from yours atop that. My...
by tangent
Wed May 01, 2024 6:39 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

That thread linked of mine isn't a Thesis I’m using that word in the “proposition stated as the basis of an argument to be proven” sense, not the “doctoral dissertation” sense. I do assume you are interested in reasoned argumentation over mere argumentativeness, yes? Linux bridge doesn't have good ...
by tangent
Tue Apr 30, 2024 12:13 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

configuration abstraction complexity of MikroTik The way I summarize that thread's application to this one is that there is some RouterOS configuration change that would somehow cause the OP's application to proceed much faster, and the only reason it isn't being done is that there are too many pos...
by tangent
Sun Apr 28, 2024 12:12 am
Forum: General
Topic: Unsquashfs
Replies: 7
Views: 664

Re: Unsquashfs

Does "unsquashfs --help" list xz as an available decompressor?
by tangent
Sat Apr 27, 2024 11:17 pm
Forum: General
Topic: Unsquashfs
Replies: 7
Views: 664

Re: Unsquashfs

What's your version of unsquashfs?
by tangent
Fri Apr 26, 2024 5:37 pm
Forum: Scripting
Topic: Automating configuration of APs [SOLVED]
Replies: 2
Views: 2293

Re: script [SOLVED]

Install an OS designed to be scripted from the ground up, then use that to netinstall your routers. One of many possible expressions of this basic philosophy is this article . This is meant as inspiration, not prescription. No one here is going to design your automated deployment system for you and ...
by tangent
Thu Apr 25, 2024 1:02 am
Forum: Wireless Networking
Topic: hAP ax²: clients connection stability issue
Replies: 36
Views: 2885

Re: hAP ax²: clients connection stability issue

It should be "configuration.ssid" and "datapath.client-isolation=yes" instead.

The abbreviation is standard, emitted by RouterOS, not something the user did. You can see an example of it here, in MT's own docs.
by tangent
Wed Apr 24, 2024 6:05 pm
Forum: Beginner Basics
Topic: Pass through / Media Converter
Replies: 4
Views: 430

Re: Pass through / Media Converter

Do you suggest disabling flow control in the slow-to-fast direction?

I would expect it to have no effect either way, but how about you do the test and tell us?
by tangent
Wed Apr 24, 2024 5:32 pm
Forum: General
Topic: Why Mikrotik decided to get rid of their Power Lan devices
Replies: 11
Views: 929

Re: Why Mikrotik decided to get rid of their Power Lan devices

Do you know why? If you're asking for end-user guesswork, I'd say it's because the entire product category sucks , and MT decided they didn't want to play in the mud any more. Does Mikrotik have a plan to bring back this line of devices? Ask MikroTik. This is a user-to-user forum, not a channel for...
by tangent
Wed Apr 24, 2024 5:26 pm
Forum: Beginner Basics
Topic: Pass through / Media Converter
Replies: 4
Views: 430

Re: Pass through / Media Converter

are there any improvements I can make? I don't see any. You've got the main thing there, being the Ethernet flow control, needed with the speed mismatch and protocols like UDP that don't have their own flow control, such as a WG tunnel out to a peer elsewhere on the Internet. Ethernet flow control ...
by tangent
Wed Apr 24, 2024 5:59 am
Forum: Beginner Basics
Topic: Cannot access Apache server from the internet, only get as far as the routeros www server.
Replies: 10
Views: 824

Re: Cannot access Apache server from the internet, only get as far as the routeros www server.

any idea which is best? Mine, unconditionally, always. 😜 The only material difference is "in-interface=pppoe-out1" vs "in-interface-list=WAN". Since the WAN list has exactly one interface in it, pppoe-out1, the two rules mean the same thing. Which you choose is more a matter of ...
by tangent
Tue Apr 23, 2024 2:08 pm
Forum: Beginner Basics
Topic: Cannot access Apache server from the internet, only get as far as the routeros www server.
Replies: 10
Views: 824

Re: Cannot access Apache server from the internet, only get as far as the routeros www server.

/ip firewall nat add action=dst-nat chain=dstnat dst-address=192.168.1.2 dst-port=80 \ in-interface=bridge-local protocol=tcp src-address=192.168.1.253 \ to-addresses=192.168.1.2 to-ports=80 Drop the src-address bit. It's simply wrong. The packets' source addresses will be unpredictable, being that...
by tangent
Mon Apr 22, 2024 3:48 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 110092

Re: v7.15rc [testing] is released!

And what about the upgrade for devices with 15.3MB memory(hapac2) ?

"*) system - general work on optimizing the size of RouterOS packages;"
by tangent
Sun Apr 21, 2024 4:13 pm
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 110092

Re: v7.15rc [testing] is released!

Why force older configs to "short"/10 anyway if the default is "long"/20000? Answers at the top here ; solution in the "Bridge Interface Path Costs" section near the end. As it says, this behavior change is two releases old now. Please keep this thread on-topic. EDIT: ...
by tangent
Sun Apr 21, 2024 4:09 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM
Replies: 3
Views: 555

Re: CRS328-24P-4S+RM

The RB5009UPr+S+IN meets that description, though I assume what you really want is a PoE version of the CRS310-8G+2S+IN. Yeah, me, too; been asking for it for nearly three years now, and I'm not alone.
by tangent
Sun Apr 21, 2024 12:40 pm
Forum: Beginner Basics
Topic: NAT port 443 breaks SSL on webserver [SOLVED]
Replies: 4
Views: 2520

Re: NAT port 443 breaks SSL on webserver [SOLVED]

all I get is 3 to 5 Gb on my 10G hardware You need to have everything dialed in to peg the meters on a 10G link with consumer-grade hardware. Disk, memory, packet sizes, drivers… everything . It's why it's taken so long for 10G to reach the consumer market; most PCs couldn't make decent use of it u...
by tangent
Sun Apr 21, 2024 6:18 am
Forum: General
Topic: Trouble with WireGuard.
Replies: 2
Views: 360

Re: Trouble with WireGuard.

What am I doing wrong? Let's start with the fact that you haven't posted a single relevant detail about your configuration. Post the output of "/interface/wireguard/export" and the Android-side config at minimum, stripped of all keys. (You could technically leave the public keys in, but s...
by tangent
Sun Apr 21, 2024 6:06 am
Forum: Beginner Basics
Topic: NAT port 443 breaks SSL on webserver [SOLVED]
Replies: 4
Views: 2520

Re: NAT port 443 breaks SSL on webserver [SOLVED]

NET:ERR_CERT_COMMON_NAME_INVALID That means the name you put into your browser's address bar doesn't match the CN field of the certificate. Use your browser's certificate inspection tools to cross-check this. This is my current conf (i've been trying random stuff for hours so may be a bit messy) Ye...
by tangent
Sat Apr 20, 2024 8:14 am
Forum: General
Topic: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+
Replies: 220
Views: 72551

Re: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+

…the same port flapping… What makes you believe our flapping is your flapping? I'm serious. The "severe" in this thread's title was correct, at the time, and it is now fixed. It was bad in the early 7.x days. Now it seems any time someone sees more than one flap, it's suddenly "sever...
by tangent
Tue Apr 16, 2024 3:29 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

What's up with this toxicity? That's not the intent. I'm reacting to a combination of things. You currently have a post count of five, and yet you are insisting that you know how RouterOS works internally. I believe my years of experience counts for something here, but at the same time, I've taken ...
by tangent
Tue Apr 16, 2024 9:36 am
Forum: Beginner Basics
Topic: Cannot create a guests Wi-Fi network.
Replies: 28
Views: 2004

Re: Cannot create a guests Wi-Fi network.

But the other ports are not connected phisically to the network, does that matter? There are control freaks here who think you should have to go into the router/switch configuration to explicitly enable the port when plugging a new device in. Me, I just bridge all the LAN-side ports and be done wit...
by tangent
Mon Apr 15, 2024 4:37 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

It's not like each interface is dedicated to it's own single CPU core You’re presuming an implementation. I thought you came here to ask how RouterOS works, not tell us. We forum denizens are fellow end users for the most part, not RouterOS software engineering insiders, but one thing I can confide...
by tangent
Sun Apr 14, 2024 2:08 pm
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

I created this post so somebody who has knowledge about Mikrotik hopefully can explain why the performance is so bad. You already got that, to a lesser extent from me, and then mkx, who's about as knowledgeable as it gets around here. The test seems to be using UDP. I guess that makes things quite ...
by tangent
Sun Apr 14, 2024 9:35 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

I have firewalls upstream, so that would not give me the correct results. So you're measuring the speed of the firewalls, not the speed of the network. Take a look at the RB5009 test results . Your application is the lower rightmost number in the first table, tiny packet sizes, so that almost nothi...
by tangent
Sun Apr 14, 2024 5:07 am
Forum: Beginner Basics
Topic: Low performance on RB5009 with machine behind NAT
Replies: 24
Views: 2416

Re: Low performance on RB5009 with machine behind NAT

I have a server behind NAT Why isn't it bridged to the LAN it needs to examine instead? Why is only 50 % of the packets showing up as FP Because that decision can't be made until after the first SYN is seen, where the default firewall applies the fasttrack-connection flag . This is one of many cost...
by tangent
Sun Apr 14, 2024 4:59 am
Forum: Beginner Basics
Topic: netinstall for ax2
Replies: 7
Views: 570

Re: netinstall for ax2

It is the "Default Router Configuration Script" given immediately below the "-s reset.scr" bit that references it. If you don't like mine, write one that configures the router as you please.
by tangent
Sun Apr 14, 2024 4:45 am
Forum: General
Topic: Where can we see active multicast groups with bridge igmp snooping, external querier, hardware offloaded. CRS326
Replies: 3
Views: 676

Re: Where can we see active multicast groups with bridge igmp snooping, external querier, hardware offloaded. CRS326

My suspicion is that the IGMP snooping happens with hardware offload and the OS isn't pulling all the info from the switch chip. While it is true that IGMP snooping is a layer 2 function best offloaded to the switch chip, that doesn't mean you can only see the MDB on devices configured as the queri...
by tangent
Sun Apr 14, 2024 4:11 am
Forum: Beginner Basics
Topic: netinstall for ax2
Replies: 7
Views: 570

Re: netinstall for ax2

So hard..

It’s easier this way

If nothing else, reading that will give you insights into the necessary complexities in this process, as opposed to the unnecessary ones imposed by pressing a general-purpose Windows laptop into this role instead.
by tangent
Fri Apr 12, 2024 4:07 pm
Forum: Beginner Basics
Topic: Cannot create a guests Wi-Fi network.
Replies: 28
Views: 2004

Re: Cannot create a guests Wi-Fi network.

This one doesn't teach how to do it with CAPsMAN so it doesn't work for me. One of the things that CAPsMAN does is create a single virtual bridge among all the WiFi routers under its control. I've never used CAPsMAN, but doesn't that mean the bridge filtering option at the end of that article would...
by tangent
Fri Apr 12, 2024 3:23 pm
Forum: Beginner Basics
Topic: Cannot create a guests Wi-Fi network.
Replies: 28
Views: 2004

Re: Cannot create a guests Wi-Fi network.

Pease I need an answer guys I need you.🥺

The article I linked you to above gives two different solutions. What was wrong with them?
by tangent
Fri Apr 12, 2024 7:30 am
Forum: Beginner Basics
Topic: DHCP client stuck searching
Replies: 2
Views: 533

Re: DHCP client stuck searching

I just got a Mikrotik CRS112-8G-4S-IN 8 port Gigabit Cloud Router Switch and I need to use it as a router. Postel's ghost help you, then. That's a gigabit switch , not a gigabit router . Yes, it can route, but at tens of megabits per second with a likely configuration, low hundreds at best with a h...
by tangent
Wed Apr 10, 2024 3:00 pm
Forum: Beginner Basics
Topic: Cannot create a guests Wi-Fi network.
Replies: 28
Views: 2004

Re: Cannot create a guests Wi-Fi network.

If the OP was already using VLANs, putting the guest WiFi on another one would be perfectly justified.

Converting this configuration to VLANs for that single purpose, however, is not. You do not need VLANs to have an isolated guest WiFi network.
by tangent
Tue Apr 09, 2024 6:10 pm
Forum: General
Topic: xz Backdoor CVE-2024-3094
Replies: 23
Views: 35731

Re: xz Backdoor CVE-2024-3094

you can't put that new pest on a 16MB flash anyways :lol: Turns out, you can, but that's about all you can get into that space: $ rpm --queryformat='%6{SIZE:humaniec} %{NAME}\n' -q systemd 12M systemd I realize you're joking, but the on-topic point here for this thread is, "No, there is no sys...
by tangent
Mon Apr 08, 2024 1:07 pm
Forum: General
Topic: UTF-8 representation problem?
Replies: 8
Views: 883

Re: UTF-8 representation problem?

because I don't use Windows. So the winbox will be not an option for me. WINE runs WinBox well. But in fact the behaviour should be uniform. Either everything or nothing escaped. It's not nearly that simple. The stupendous compound complications of human languages are collectively and imperfectly r...
by tangent
Mon Apr 08, 2024 12:48 pm
Forum: SwOS
Topic: CSS610 Multicast IGMP-Snooping parameters
Replies: 3
Views: 1017

Re: CSS610 Multicast IGMP-Snooping parameters

the css610 needs to be working with the ver2? anybody knows the details of the right values? IGMPv3 simply adds features to v2, without breaking compatibility. However, the rules of the protocol are that any IGMPv3 device that sees a v2 packet is supposed to shift into v2 mode, using no v3 features...
by tangent
Mon Apr 08, 2024 4:33 am
Forum: General
Topic: Port Forward based on Destination Interface
Replies: 15
Views: 1093

Re: Port Forward based on Destination Interface

I get the error "outgoing interface matching not possible in input and prerouting chains" when I put out interface That’s why you need the mangle rules and additional routing tables @pimmie initially suggested. Study that PCC doc I linked above. Once you understand it, you will understand...
by tangent
Sun Apr 07, 2024 12:13 am
Forum: General
Topic: vpn servers over wan1 and wifi clients over wan2
Replies: 8
Views: 593

Re: vpn servers over wan1 and wifi clients over wan2

There are a vast number of "cloud services," which is why I did not dare presume your meaning before, but I am now willing to dare a guess that you mean RouterOS's Cloud feature . If that's the case, you simply modify the route command I gave you before to direct packets to the documented ...
by tangent
Sat Apr 06, 2024 11:28 pm
Forum: General
Topic: vpn servers over wan1 and wifi clients over wan2
Replies: 8
Views: 593

Re: vpn servers over wan1 and wifi clients over wan2

I think the part I was missing is the direction of the VPN tunnel establishment. You did not state that, and so I presumed that you were allowing an external network to connect into your VPN server via that public IP you speak of, in which case you get the behavior I predicted. It sounds like the VP...
by tangent
Sat Apr 06, 2024 11:00 pm
Forum: Beginner Basics
Topic: Changing from bridge to router mode via Command Line?
Replies: 3
Views: 459

Re: Changing from bridge to router mode via Command Line?

I don't think it's possible to switch between Router and Bridge mode or do whatever Quickset configuration on the CLI There's nothing QuickSet can do that you cannot do from the CLI. The only tricky bit is doing it in a single step without locking yourself out. For this, you have to rely on RouterO...
by tangent
Sat Apr 06, 2024 10:41 pm
Forum: General
Topic: Where can we see active multicast groups with bridge igmp snooping, external querier, hardware offloaded. CRS326
Replies: 3
Views: 676

Re: Where can we see active multicast groups with bridge igmp snooping, external querier, hardware offloaded. CRS326

one port linked into another network where the igmp querier is configured. By "another network" do you mean another subnet, putting it beyond a routing layer, inside another broadcast domain, or do you mean another segment of the same LAN? There needs to be one querier per subnet; no more...
by tangent
Sat Apr 06, 2024 9:48 pm
Forum: General
Topic: vpn servers over wan1 and wifi clients over wan2
Replies: 8
Views: 593

Re: vpn servers over wan1 and wifi clients over wan2

I’m not seeing that you need to do anything more clever than set the default route to WAN2. That sends local traffic out that direction, but inbound VPN traffic comes in on the public IP bound to WAN1, which means the outbound replies go back out the same direction. What am I missing that makes this...
by tangent
Sat Apr 06, 2024 11:38 am
Forum: General
Topic: Port Forward based on Destination Interface
Replies: 15
Views: 1093

Re: Port Forward based on Destination Interface

I think we’re getting caught up in a confusing use of “client” here. Study the diagram. OP refers to two business client hosts running servers on the same IP. The network clients are across the Internet, if I’m reading this correctly.
by tangent
Sat Apr 06, 2024 9:36 am
Forum: General
Topic: Port Forward based on Destination Interface
Replies: 15
Views: 1093

Re: Port Forward based on Destination Interface

Will have to research this one. @pimmie is essentially proposing the inverse of a typical PCC load-balancing configuration . Instead of one LAN fed by two ISPs, you have two LANs accessed from the one-and-only Internet. They also used default ports like port 80 If all Internet clients connect to po...
by tangent
Fri Apr 05, 2024 4:26 pm
Forum: General
Topic: Port Forward based on Destination Interface
Replies: 15
Views: 1093

Re: Port Forward based on Destination Interface

@pimmie, yes.

The only remaining question is how will they discriminate the incoming connections? Will it be acceptable to port-forward $PUBLIC_IP:8000 to Web Server 1 and :9000 to Server 2, or are they going to want some type of domain name-based routing?
by tangent
Fri Apr 05, 2024 6:24 am
Forum: Beginner Basics
Topic: Help required: slow upload speeds with PPPoE connection
Replies: 6
Views: 1296

Re: Help required: slow upload speeds with PPPoE connection

how did you fix this?

Post #4.
by tangent
Fri Apr 05, 2024 2:42 am
Forum: Beginner Basics
Topic: View DHCP snooping database
Replies: 3
Views: 970

Re: View DHCP snooping database

DHCP snooping is a feature that causes a RouterOS switch to drop DHCP service replies from ports that aren't authorized to send them, to prevent a malefactor from reconfiguring your network one host at a time. There is no "database" or "table" for this, only the per-port trusted ...
by tangent
Wed Apr 03, 2024 4:34 pm
Forum: General
Topic: How to properly block youtube for certain client?
Replies: 5
Views: 475

Re: How to properly block youtube for certain client?

That “example” becomes obsolete in the presence of ECH . A better hope is to try and force all DNS to the router’s caching server, then selectively blackhole the unwanted domain names, but then you stumble on the problem of client-side DoH/DoT. Again, this has all been discussed to death here before...
by tangent
Wed Apr 03, 2024 12:59 am
Forum: Beginner Basics
Topic: Have Problem
Replies: 3
Views: 346

Re: Have Problem

You might need to adjust MTU/MSS then, per the PPPoE docs.

If that doesn't do it, try fixing the other things I mentioned before asking for help again. Ignoring given advice discourages further advice.
by tangent
Wed Apr 03, 2024 12:45 am
Forum: General
Topic: How to properly block youtube for certain client?
Replies: 5
Views: 475

Re: How to properly block youtube for certain client?

That hasn't worked since the Internet went HTTPS-everything and cloud-everything. There is no easy and reliable workaround short of middleboxes that dynamically forge TLS certificates.

Don't argue; search the forum. It's been discussed to death here several times before.
by tangent
Wed Apr 03, 2024 12:41 am
Forum: General
Topic: Enable to log into brand new switch [SOLVED]
Replies: 5
Views: 505

Re: Enable to log into brand new switch [SOLVED]

If you reset the switch, the password is now blank.

What likely happened before that is that you didn't read the near-microscopic 3dpi print on the password label properly, confusing 0 with O or something similar.
by tangent
Wed Apr 03, 2024 12:30 am
Forum: Beginner Basics
Topic: Have Problem
Replies: 3
Views: 346

Re: Have Problem

somes sites don't responde Try to be even more vague next time. We love nothing better than making wild, unsupported guesses here. 🙄 With nothing to go on but your /export, I'll give you a line-by-line critique, with zero expectation that any of this fixes your actual problem, being unstated and il...
by tangent
Tue Apr 02, 2024 9:37 am
Forum: General
Topic: xz Backdoor CVE-2024-3094
Replies: 23
Views: 35731

Re: xz Backdoor CVE-2024-3094

It beggars belief that this exploit could even in principle affect RouterOS. It's a an attack on the liblzma2 underlying the xz utility, and it only affects the patched version of sshd on systemd-based OSes like Debian, where they integrate with its notification system. If any of that exists in Rout...
by tangent
Sat Mar 30, 2024 11:48 pm
Forum: General
Topic: Failed to import certificate [SOLVED]
Replies: 3
Views: 594

Re: Failed to import certificate [SOLVED]

Those are plain-text dumps of the certificates, not the certs themselves. You want the PEM format versions, available here.
by tangent
Fri Mar 29, 2024 2:33 pm
Forum: General
Topic: Precision Time Protocol (ieee 1588) CRS326-24G-2S+
Replies: 6
Views: 2099

Re: Precision Time Protocol (ieee 1588) CRS326-24G-2S+

That info was removed from the doc under the comment “Formatting” in the most recent update. You have to roll back to the prior version or diff them to recover the info.
by tangent
Fri Mar 29, 2024 2:26 pm
Forum: General
Topic: Purchasing on Amazon
Replies: 11
Views: 802

Re: Purchasing on Amazon

The most recent MT item I bought through Amazon came from Getic, one of MT’s primary distributors, possibly even #1.

As always, check your sources. 🧐
by tangent
Thu Mar 28, 2024 12:15 am
Forum: Containers
Topic: Custom DNS reverts after a day
Replies: 1
Views: 338

Re: Custom DNS reverts after a day

That sounds like the expiration of a DHCP lease to me. Updating the DNS addresses in DHCP doesn't apply them instantly throughout your network; each client keeps using the old information from their current lease until it expires. Moreover, if the client reappears and asks for the same lease before ...
by tangent
Mon Mar 25, 2024 10:32 pm
Forum: Beginner Basics
Topic: Same IP on different Ether interfaces
Replies: 10
Views: 788

Re: Same IP on different Ether interfaces

You’re referring indirectly to guides from 2016 and 2018, which would be for RouterOS 6. Presuming you’re on 7, this page in the docs is likely to be on-point.
by tangent
Mon Mar 25, 2024 11:39 am
Forum: Beginner Basics
Topic: Same IP on different Ether interfaces
Replies: 10
Views: 788

Re: Same IP on different Ether interfaces

You aren’t using your routing marks in your three static routes at the end. Without them, the rules are redundant, so that only one takes effect.
by tangent
Sun Mar 24, 2024 9:28 pm
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 1096

Re: CRS317 + CRS328 - InterVLAN routing with L3HW

Are there things…we cannot do in software on Mikrotik?

Go fast. 😛

That's it, as far as I'm aware.
by tangent
Sun Mar 24, 2024 9:21 pm
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 1096

Re: CRS317 + CRS328 - InterVLAN routing with L3HW

Fair question, @anav. The first rule on the page I linked to says "l3-hw-offloading=yes". Where's that in your config, @Dulcow?
by tangent
Sun Mar 24, 2024 8:26 pm
Forum: General
Topic: CRS317 + CRS328 - InterVLAN routing with L3HW
Replies: 15
Views: 1096

Re: CRS317 + CRS328 - InterVLAN routing with L3HW

The CRS317, can route up to about 400Mbps but thats it You're talking software routing. @mkx is talking L3HW routing , where everything gets offloaded to the switch chip. The CRS317 is one of the handful devices in MT's lineup that can do this well, but even then, it isn't capable of much of what y...
by tangent
Fri Mar 22, 2024 2:27 pm
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2787

Re: Many PSU failures in CCR1036

For power regulation, capacitor with larger voltage rating and larger capacitance usually work better, for example, to better smooth ripple. Sure, all else being equal, but all else is not equal, because you've got a fixed area of PCB space to install it in. Greater capacity and higher voltage tole...
by tangent
Thu Mar 21, 2024 8:56 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2787

Re: Many PSU failures in CCR1036

which of the following "health" showing the temperature of the heatsink of the transistors?? I wrote "ballpark" for a reason. It's unreasonable to expect die temp readings on every transistor in the device, but it's equally unreasonable to suppose that the PSU is running at a wi...
by tangent
Thu Mar 21, 2024 8:30 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2787

Re: Many PSU failures in CCR1036

i cannot assess how hot the nearby heatsink of the transistor can be, You work in an industrial setting and nobody around has a DMM with a thermocouple you can borrow? The internal health readings should get you into the ballpark, at least. It’s no accident that this menu is called “health,” by the...
by tangent
Thu Mar 21, 2024 8:25 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2787

Re: Many PSU failures in CCR1036

@kevinds: +30% isn’t “much” in this context.

Junk grade is 1000 hours @ 85ºC. And yes, they really exist, even from top-tier name-brand suppliers like Panasonic.
by tangent
Thu Mar 21, 2024 8:07 am
Forum: RouterBOARD hardware
Topic: Many PSU failures in CCR1036
Replies: 43
Views: 2787

Re: Many PSU failures in CCR1036

the same 105 Celsius, 7,000 hours roughly equal to 291 days only. Only under a naive reading of the specs. First, those two specs are inextricably paired. If you drop the temp, the lifetime rises proportionately. The accepted rule of thumb is that lifetime is expected to double for every 10ºC drop ...
by tangent
Wed Mar 20, 2024 2:27 pm
Forum: Wireless Networking
Topic: hap ax - 5g wifi not visible for any device
Replies: 3
Views: 477

Re: hap ax - 5g wifi not visible for any device

I split the topic because what you wrote was what's in this thread's title, "hap ax" not "cap ax". (I copy-pasted it without change.) I therefore considered it a distinct topic, not "the same problem" as is often claimed. Instead of bumping that topic again without addi...
by tangent
Wed Mar 20, 2024 1:58 pm
Forum: Wireless Networking
Topic: hap ax - 5g wifi not visible for any device
Replies: 3
Views: 477

Re: hap ax - 5g wifi not visible for any device

There is no product called a "hap ax". What exists: hAP ax lite and its LTE sister ; hAP ax² ; and hAP ax³ Which one do you mean? I'm going to guess one of the two "lite" versions, because that gives a simple solution: there is no 5GHz radio inside them at all. Check the specs on...
by tangent
Wed Mar 20, 2024 8:57 am
Forum: Beginner Basics
Topic: Issues with DNS on router [SOLVED]
Replies: 7
Views: 3974

Re: Issues with DNS on router [SOLVED]

Yes, this now I believe. :)

@dmconde, you might want to read my guide on the default configuration. It was that way on purpose. Dropping that rule was not a good idea.
by tangent
Wed Mar 20, 2024 7:25 am
Forum: Beginner Basics
Topic: I'm just not feeling Mikrotik's current product line-up
Replies: 20
Views: 1484

Re: I'm just not feeling Mikrotik's current product line-up

Even if we posit an ISP modem/antenna/whatever uplink that gets powered by the ax³, do you really want that to be your lone 2.5 Gbit/sec link? If your ISP download rate is over a gigabit, none of your other ax³ clients can pull more than a gigabit with this arrangement. Until you get 2 of them actin...
by tangent
Wed Mar 20, 2024 7:08 am
Forum: Beginner Basics
Topic: Issues with DNS on router [SOLVED]
Replies: 7
Views: 3974

Re: Issues with DNS on router [SOLVED]

The order of these two lines should be switched

No. Ordering is immaterial for rules in different chains.
by tangent
Tue Mar 19, 2024 9:46 am
Forum: Wireless Networking
Topic: hAP ax3 vs cAP ax as access point?
Replies: 7
Views: 816

Re: hAP ax3 vs cAP ax as access point?

That's sensible given that there is less clutter in a typical household at the ceiling or near-ceiling wall level. One must then ask, though, what happens if you use the wall mount included with the hAP ax³ to stick it up near ceiling level? I'm tempted to try it For Science! but not that tempted. I...
by tangent
Tue Mar 19, 2024 9:16 am
Forum: Containers
Topic: Homeassistant as container and homekitbridge setup
Replies: 14
Views: 1645

Re: Homeassistant as container and homekitbridge setup

I'm no expert on VLANs, but as far as I can tell, RouterOS's veth mechanism has no awareness of VLANs. Indeed, we have a nearly-opposite statement in the first caution box in the MACVLAN section of the docs . I presume packets from a VETH arrive at the routing layer untagged, and you could then add ...
by tangent
Tue Mar 19, 2024 8:53 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1549

Re: 'IPv6-only' connectivity issue

Maybe Xfinity follows different policies in different regions?

You don't change any single thing on a nation-scale network all at once. Can't be done.

Nevertheless, I've updated the article to recommend using RA to get the default route first, and only if that fails fall back to DHCPv6.
by tangent
Mon Mar 18, 2024 10:02 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1549

Re: 'IPv6-only' connectivity issue

I hear you, @mkx, but my guide reports what worked here on the same ISP as the OP's, and it doesn't work as you say it should. I tried it both ways.

If swapping these settings fixes it, it means part of Xfinity's network works the way you think it ought to and the rest doesn't!
by tangent
Mon Mar 18, 2024 8:26 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1549

Re: 'IPv6-only' connectivity issue

You can try accept-router-advertisements=yes. That shouldn't be necessary (or even advisable) on networks where you get the default route from DHCP, so if it works, you'd set add-default-route=no in consequence. One or the other, never both.
by tangent
Mon Mar 18, 2024 6:24 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1549

Re: 'IPv6-only' connectivity issue

No idea; it all looks sensible to me.

The only suggestion I have is to post the static configuration as well, being the output of "/ipv6/export".
by tangent
Sun Mar 17, 2024 3:49 pm
Forum: General
Topic: Mikrotik Router as Firewall only, how to verify the source?
Replies: 8
Views: 844

Re: Mikrotik Router as Firewall only, how to verify the source?

It seems like the Bridge Filters also only work if Hardware Offload is turned off. I expect that to depend on the switch model . That table does remind us that there's also the option of switch chip rules . This is even lower-level, and some switch chips put a sharp limit on the number of active ru...
by tangent
Sun Mar 17, 2024 2:47 pm
Forum: General
Topic: Mikrotik Router as Firewall only, how to verify the source?
Replies: 8
Views: 844

Re: Mikrotik Router as Firewall only, how to verify the source?

Replacing every switch was not planned. Port isolation isn't a proprietary MikroTik technology. Your existing switches may support it. as soon as i enable hardware offload on the Bridge-Ports the IP filter rules will not working anymore. Yes, which is why I referred you to the bridge packet filter ...
by tangent
Sun Mar 17, 2024 2:32 pm
Forum: Beginner Basics
Topic: IPv6 defconf ORCHID firewall rule is obsolete
Replies: 1
Views: 324

Re: IPv6 defconf ORCHID firewall rule is obsolete

I'm not sure about "instead". The old v1 protocol's reservation remains "deprecated" in the IANA IPv6 Special-Purpose Address Registry , so if traffic arrives at my router using an address from that space, continuing to treat it as "bad_ipv6" sounds right to me. Given t...
by tangent
Sun Mar 17, 2024 1:38 pm
Forum: Beginner Basics
Topic: CRS326 stuck waiting for installation server
Replies: 3
Views: 396

Re: CRS326 stuck waiting for installation server

I find a Linux VM helpful, as it simplifies the networking without needing you to reconfigure the host stack each time. I’ve posted detailed instructions for that, including a tip that might solve your current problem under Windows.
by tangent
Sun Mar 17, 2024 1:07 pm
Forum: General
Topic: GUIDE: Running Netinstall Server on a Tik
Replies: 54
Views: 5947

Re: GUIDE: Running Netinstall Server on a Tik

The last time I tried UPX in a container, I ran into compatibility errors when doing cross-CPU testing like running the ARM version on x86_64 under Docker, which uses QEMU under the hood. This container does the opposite, running x86_64 netinstall on ARM under QEMU, but is that double emulation when...
by tangent
Sun Mar 17, 2024 6:43 am
Forum: General
Topic: After enabling containers on hap-ax3 not showing up in menu
Replies: 1
Views: 342

Re: After enabling containers on hap-ax3 not showing up in menu

You didn’t install container.npk.
by tangent
Sun Mar 17, 2024 1:43 am
Forum: General
Topic: Mikrotik Router as Firewall only, how to verify the source?
Replies: 8
Views: 844

Re: Mikrotik Router as Firewall only, how to verify the source?

Port isolation works at the port level, as you should've been able to guess from the name, so no, a 9-port router isn't going to be able to isolate 100+ hosts. A cascade like this might work, though: https://tangentsoft.com/mikrotik/doc/trunk/images/crs-fanout.pikchr?popup If you enable port isolati...
by tangent
Sat Mar 16, 2024 11:04 pm
Forum: General
Topic: Mikrotik Router as Firewall only, how to verify the source?
Replies: 8
Views: 844

Re: Mikrotik Router as Firewall only, how to verify the source?

On the "Mikrotik-Firewall" all Interfaces are in a Bridge…I want…Linux1 & Linux2 are not able to connect to each other. These two choices are in conflict. The primary and original point of bridging is to create a single broadcast domain, where all hosts can see each other. There are o...
by tangent
Sat Mar 16, 2024 10:34 pm
Forum: General
Topic: MLAG configuration in CRS326-24s
Replies: 5
Views: 1259

Re: MLAG configuration in CRS326-24s

But when I run the last step in "/interface bridge mlag" to create mlag it shows the message: "not hw offloaded". The answer is in the first caution box on the documentation page you linked to: "The MLAG is not compatible with L3 hardware offloading. When using MLAG, the L3...
by tangent
Sat Mar 16, 2024 10:32 pm
Forum: Beginner Basics
Topic: Docker - pihole
Replies: 33
Views: 12838

Re: Docker - pihole

I noticed strange behaviours adding a static entry for the veth on the ARP list (I then understood this is because after every reboot it changes the MAC), adding a static entry on the DNS for its IP If you want to keep static DHCP assignments of IPs for that switch, another option is to disable the...
by tangent
Sat Mar 16, 2024 4:22 am
Forum: Beginner Basics
Topic: Newbie trying to setup 2.4wifi on Mikrotik RB921GS-5HPacD-15S
Replies: 8
Views: 763

Re: Newbie trying to setup 2.4wifi on Mikrotik RB921GS-5HPacD-15S

Try this.

What you have now is likely the Quick Set version discussed at the end, but I have yet to be talked out of preferring my version, described in the bulk of the article's text.
by tangent
Sat Mar 16, 2024 2:36 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

The important thing to realize is that "bridge" in this context is another way of saying "Ethernet switch", and there's no reason for a host plugged into the walk-up ether3 port to see hosts down the ether2 leg, nor vice versa. Contrast the singular bridge in this configuration, ...
by tangent
Sat Mar 16, 2024 1:54 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

You might need to add a drawing to this thread, because one of us is confused, maybe both. There's nothing stopping you from putting multiple DHCP clients and servers on a CRS310. As best I can discern from your prose description, you can get everything you want by putting a DHCP client directly on ...
by tangent
Sat Mar 16, 2024 12:55 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

Exactly as in my post #4 above : leave them off the bridge (singular) entirely. The only reason to bridge them together at all is if the hosts visible thru ether2 and ether3 have to intercommunicate through this switch. If instead those hosts do nothing other than talk to the switch, they don't need...
by tangent
Sat Mar 16, 2024 12:37 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

/interface bridge add name=MGMT_BRIDGE add name=WAN_BRIDGE This risks a huge performance hit. The CRS310 is among the majority of devices that supports only one hardware-offloaded bridge per switch chip. By configuring two bridges, you're giving RouterOS freedom to offload the ether2+ether3 bridge ...
by tangent
Fri Mar 15, 2024 11:57 am
Forum: General
Topic: GUIDE: Running Netinstall Server on a Tik
Replies: 54
Views: 5947

Re: GUIDE: Running Netinstall Server on a Tik

It's your most popular repo on Docker Hub, with 306 pulls. Those stats aren't unique users, but clearly someone cares about what you've produced.
by tangent
Fri Mar 15, 2024 11:52 am
Forum: Containers
Topic: Small Ookla Speedtest container
Replies: 11
Views: 4396

Re: Small Ookla Speedtest container

For a single parameter: /container add remote-image=tangentsoft/speedtest-cli:latest \ interface=veth1 cmd="--json" logging=yes For multiple parameters, RouterOS' container feature won't break arguments up by spaces, and there is no shell inside to do the work for us, so you have to rebuil...
by tangent
Fri Mar 15, 2024 8:45 am
Forum: General
Topic: GUIDE: Running Netinstall Server on a Tik
Replies: 54
Views: 5947

Re: GUIDE: Running Netinstall Server on a Tik

Then I see version 7.5 (netinstall version used for this container ?) Yup. The container hasn't been updated since September 2022 . One must wonder if @semaja2 is even among us any more. 07:07:26 container,info,debug /entrypoint.sh: line 8: [: /app/images/routeros-7.15beta6-mipsbe.npk: binary opera...
by tangent
Fri Mar 15, 2024 7:42 am
Forum: General
Topic: GUIDE: Running Netinstall Server on a Tik
Replies: 54
Views: 5947

Re: GUIDE: Running Netinstall Server on a Tik

This is what I meant about there being no shell to premasticate the command line for you. For containers that don't pass CMD or ENTRYPOINT through a shell, this gets sent as a single string to the container's entrypoint. This container does happen to pass things through a shell, specifically via its...
by tangent
Fri Mar 15, 2024 6:37 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

Yes, I did inadvertently leave off the TCP qualifier. WebFig, WinBox, and SSH are all TCP-only protocols. If that's all that's listening on the router, that's all you need to block. But maybe you want something more generic like this: /interface bridge filter add action=drop chain=input in-interface...
by tangent
Fri Mar 15, 2024 6:26 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1549

Re: 'IPv6-only' connectivity issue

Why do we add the <my_prefex>::1 IPv6 address on the bridge interface Without it, the only LAN-side IPv6 addresses you'd have are of the link-local sort, which aren't routable. If you list your interfaces' IPs, you'll find a bunch of fe80:: stuff ; that's fine for host-to-host comms on the LAN, but...
by tangent
Fri Mar 15, 2024 6:07 am
Forum: General
Topic: RB4011 HWoffload + vlan aware bridge issues [SOLVED]
Replies: 7
Views: 1774

Re: RB4011 HWoffload + vlan aware bridge issues [SOLVED]

Yes, that's much cleaner now. The main thing I'd suggest after this is to get rid of the interface lists, which aren't carrying any weight in your new configuration: /interface bridge add igmp-snooping=yes name=bridge vlan-filtering=yes /interface bonding add comment="proxmox link aggregate eth...
by tangent
Fri Mar 15, 2024 5:55 am
Forum: General
Topic: GUIDE: Running Netinstall Server on a Tik
Replies: 54
Views: 5947

Re: GUIDE: Running Netinstall Server on a Tik

It's probably best if someone — ideally, @semaja2; I have no desire to take over this container's maintenance — rebuilt this container along the glob pattern scheme I suggest, since ROS 7 does seem to be increasingly broken back up again. Of my several MT devices here at home, half run with at least...
by tangent
Fri Mar 15, 2024 5:29 am
Forum: General
Topic: GUIDE: Running Netinstall Server on a Tik
Replies: 54
Views: 5947

Re: GUIDE: Running Netinstall Server on a Tik

Unlike Docker, RouterOS’ container feature doesn’t have a shell to preinterpret the command line, breaking it up by spaces, modulo quoting rules and such. You’re going to need to rebuild the container from source, which then lets you pass the list of NPKs as an array. Alternately, the container coul...
by tangent
Thu Mar 14, 2024 9:34 pm
Forum: Containers
Topic: Small Ookla Speedtest container
Replies: 11
Views: 4396

Re: Small Ookla Speedtest container

Is it possible to use ENV in mikrotik container solution to bypass parameters to the speedtest-call in your container. With ENV? No, but I don’t see any reason it has to be done that particular way. Note the split between ENTRYPOINT and CMD in the Dockerfile . That’s on purpose; it lets you keep EN...
by tangent
Thu Mar 14, 2024 9:24 pm
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 46
Views: 3672

Re: v7.15beta broke backup file naming

Windows defaults to UTF-16 as its internal representation but has strong support for working with UTF-8 in addition to the legacy CP-1252 and similar encodings. All true, but irrelevant in this thread's context, where we're talking about file names, because they are always encoded as UTF-16 on NTFS...
by tangent
Thu Mar 14, 2024 3:51 pm
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 46
Views: 3672

Re: v7.15beta broke backup file naming

Windows…utilize UTF-8 It's actually UTF-16 , but the real issue is that it has far more special characters than any other OS, primarily owing to its ancestry, its path scheme being a mongrel mashup of CP/M, Unix, and LAN Manager rules. Most POSIX flavors have only two special characters: slash and ...
by tangent
Thu Mar 14, 2024 11:04 am
Forum: Scripting
Topic: Mikrotik script syntax highlight [SOLVED]
Replies: 10
Views: 3561

Re: Mikrotik script syntax highlight [SOLVED]

by tangent
Thu Mar 14, 2024 9:12 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

Instead of bridge filtering to keep the routers from chatting across the shared broadcast domain, port isolation might be a better plan: /interface ethernet switch port-isolation set ether4 forwarding-override=sfp-sfpplus1 set ether5 forwarding-override=sfp-sfpplus1 set ether6 forwarding-override=sf...
by tangent
Thu Mar 14, 2024 8:59 am
Forum: Beginner Basics
Topic: My first config Mikrotik
Replies: 2
Views: 687

Re: My first config Mikrotik

It's my first mikrotik (hAP ax3) and I'm a little saturated with so much information. And so you invite more input? 🫨 Metcalfe help you! I can't ping from PC to mobile Presuming you could before — it's common enough for "client" type devices/OSes to block pings — then I would guess it's b...
by tangent
Thu Mar 14, 2024 5:15 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

What you failed to point out to the OP is that ports 4-8 would entail 5 WANs and 5 routers You're missing the point of my configuration, then. It puts the fiber modem and the four downstream routers into a single broadcast domain on purpose . Each router broadcasts a DHCP request, the fiber modem f...
by tangent
Thu Mar 14, 2024 3:51 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

using basic math if you have four routers you need four ports 4,5,6,7 [ including port 8 would make 5 there tangent ;-) I have no idea what point you're trying to make, anav. I didn't use the word "four" in either of my replies above, and I don't see anything that can be counted to 4 but ...
by tangent
Thu Mar 14, 2024 1:54 am
Forum: Scripting
Topic: Xen provision/script. not enough permissions
Replies: 7
Views: 984

Re: Xen provision/script. not enough permissions

This forum is a user-to-user channel. If you want a direct-to-MikroTik support channel, it's here.
by tangent
Thu Mar 14, 2024 1:48 am
Forum: General
Topic: v7.15beta broke backup file naming
Replies: 46
Views: 3672

Re: v7.15beta broke backup file naming

"console" is RouterOS-speak for any command you can type at the CLI. This includes your backup commands, but also scripting, etc.
by tangent
Thu Mar 14, 2024 1:43 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

There aren't any hidden "modes" here. Every variable behavior in a RouterOS device is configurable. If your switch behaves like a router, it is because you told it to do that. I think you can get your expressed intent with as little as this: /interface bridge add admin-mac=[REMOVED] auto-m...
by tangent
Thu Mar 14, 2024 1:28 am
Forum: General
Topic: RB4011 HWoffload + vlan aware bridge issues [SOLVED]
Replies: 7
Views: 1774

Re: RB4011 HWoffload + vlan aware bridge issues [SOLVED]

It's best to post your new configuration whole rather than simply report that it's "fixed" by some standard, so we don't have to mentally integrate my partially-mistargeted advice with your prior configuration. It lets us start from the same basis point again. In the meantime, I suggest th...
by tangent
Thu Mar 14, 2024 1:09 am
Forum: General
Topic: Can Hex backup be loaded on Hex POE?
Replies: 3
Views: 404

Re: Can Hex backup be loaded on Hex POE?

How does one cope with a failed unit…?

Like this.

You don't have to use my backup system to get practical use out of its documented advice. Take both text and binary backups, supplement the text backup as necessary, etc.
by tangent
Thu Mar 14, 2024 1:03 am
Forum: General
Topic: CRS310-8G+2S to split WAN connection
Replies: 29
Views: 1669

Re: CRS310-8G+2S to split WAN connection

At some point, the switch is somehow changed from switch mode to router mode Magically? All by itself? No. The CRS310 is not a great router even within its limitations, and certainly not at the speeds implied by "fiber". It is, by far, best used as a smart switch. I think what you want is...
by tangent
Thu Mar 14, 2024 12:31 am
Forum: Beginner Basics
Topic: Load Balance for LAN
Replies: 13
Views: 1031

Re: Load Balance for LAN

I'm just starting my journey with networking and also Mikrotik :) Welcome! /ip firewall mangle add action=mark-packet…passthrough=no I know next to nothing about load-balancing trickery, but that seems very wrong to me. Stopping the packet after marking it drops it on the floor. Surely you want it ...
by tangent
Thu Mar 14, 2024 12:27 am
Forum: General
Topic: Is there a bug with Temperature Sensing in RouterOS 6.49.8?
Replies: 7
Views: 895

Re: Is there a bug with Temperature Sensing in RouterOS 6.49.8?

Which router models are we talking about, specifically? There are no reported improvements to health monitoring on the 6.x line in the .9 and .10 releases you have yet to install, but there have been some in the 7.x line that would not necessarily have been backported. Are you concerned with the var...
by tangent
Thu Mar 14, 2024 12:16 am
Forum: General
Topic: RB4011 HWoffload + vlan aware bridge issues [SOLVED]
Replies: 7
Views: 1774

Re: RB4011 HWoffload + vlan aware bridge issues [SOLVED]

I'm far from the best to help you with your stated HW offload and VLAN issues, but I have to post anyway about several problems in your configuration, on the basis that despite being unable to help with your immediate concerns, I can't help but wonder if clearing some of them up will incidentally im...
by tangent
Wed Mar 13, 2024 11:29 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

These guesses about ISP filtering are testable. The easiest is to check the clients behind the router to see if they’re also losing time synch when pointed at their default NTP pools, not the router as their sync point. On Linux, “ntpdate -q pool.ntp.org” tests that on a one-shot basis. The OP claim...
by tangent
Wed Mar 13, 2024 11:18 pm
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 11
Views: 4174

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

Sure, it will run, but it destroys the admin’s hand-assigned static reservations. If they’re wrong, they need to be fixed by hand, not destroyed.

That’s why I didn’t write an unqualified “[find]”.
by tangent
Wed Mar 13, 2024 11:09 am
Forum: Beginner Basics
Topic: 'IPv6-only' connectivity issue
Replies: 13
Views: 1549

Re: 'IPv6-only' connectivity issue

Give this a try.

Posted via IPv6 over Xfinity thru a MikroTik router.
by tangent
Wed Mar 13, 2024 9:29 am
Forum: Beginner Basics
Topic: Failover Issue
Replies: 7
Views: 622

Re: Failover Issue

There are three IPv4 blocks set aside for examples.
by tangent
Wed Mar 13, 2024 8:00 am
Forum: RouterBOARD hardware
Topic: How to [not] blow a port on CSR328 (and a hex poe) in easy 2 steps
Replies: 8
Views: 1423

Re: How to [not] blow a port on CSR328 (and a hex poe) in easy 2 steps

I've heard of these Ethernet PHrY things. Yours appears to be based on SET technology…smoke-emitting transformer. 🤣
by tangent
Wed Mar 13, 2024 7:52 am
Forum: Wireless Networking
Topic: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]
Replies: 31
Views: 5643

Re: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]

WiFi 6, lightweight, touchscreen, works well with linux, very long battery life, and cheap enough that I don't worry of it being stolen or damaged. Sounds like a mid-range Chromebook. Mine manages to push 180 Mbit/sec to the Internet through the ax³ from a few rooms away. It's a 2021 model, so one ...
by tangent
Wed Mar 13, 2024 5:22 am
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 11
Views: 4174

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

/ip/dhcp-server/lease/remove [find where dynamic]

Bewm! Badness-be-gone.
by tangent
Wed Mar 13, 2024 4:57 am
Forum: Wireless Networking
Topic: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]
Replies: 31
Views: 5643

Re: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]

One of the reasons I suggested using an /export command instead of /print is that it suppresses sensitive info like your WiFi password by default. I've edited that out of your postings above, but you can't count on us moderators to backstop you like that every single time. Other than local details l...
by tangent
Wed Mar 13, 2024 4:33 am
Forum: Wireless Networking
Topic: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]
Replies: 31
Views: 5643

Re: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]

I repeat: show your configuration. At minimum, the output of: /interface/wifi/export For comparison, here's a boiled-down version of my ax³ config, which gets me near a gigabit right on top of the router with an ax client, and 200-300 Mbit/sec a few rooms away. /interface wifi configuration add chan...
by tangent
Wed Mar 13, 2024 3:52 am
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 11
Views: 4174

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

Maybe the bad leases persisted through reboots? Sure; the RouterOS DHCP server does indeed remember what it assigned previously, so that persistent clients can keep getting the same assignments as long as they keep renewing their leases on time. I just didn't think it would reapply prior bad config...
by tangent
Wed Mar 13, 2024 3:45 am
Forum: Wireless Networking
Topic: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]
Replies: 31
Views: 5643

Re: hAP ax3 + Realtek RTL8821CE 802.11ac = bad wifi speed [SOLVED]

I tried using 2.4 GHz Unlike ax, ac isn't defined for both 2.4 and 5GHz. You would have fallen down to "n" at best. If it fell down to "g" instead, that would explain your speeds. Assuming both radios are using the same SSID, I'd try turning on FT mode on them both, giving the l...
by tangent
Wed Mar 13, 2024 3:10 am
Forum: Scripting
Topic: Network address instead of IP address
Replies: 5
Views: 504

Re: Network address instead of IP address

the current IP of ether1 What does that actually mean to you? In the standard RouterOS configurations, ether1 is often a WAN uplink, placed into the "WAN" interface list, giving you little need to specify a particular IP. Is there a good reason you can't simply say something like in-inter...
by tangent
Wed Mar 13, 2024 2:02 am
Forum: Virtualization
Topic: SR-IOV with CHR - What hypervisors are you using ?
Replies: 22
Views: 2869

Re: SR-IOV with CHR - What hypervisors are you using ?

Berkeley Packet Filter…user-land network drivers and libraries. While BPF may have started out as a helper for tcpdump, it was to offload packet filtering to the kernel, to limit the number of transitions to userspace to only those packets deemed "interesting," determined by your tcpdump ...
by tangent
Tue Mar 12, 2024 12:08 pm
Forum: Beginner Basics
Topic: MikroTik switch and Unifi Switch can no longer negotiate 10Gb connection over SFP+
Replies: 6
Views: 1089

Re: MikroTik switch and Unifi Switch can no longer negotiate 10Gb connection over SFP+

While the Quick Set menu showed the system was properly updated, the terminal (/system routerboard print) did not.. There are two parts to the upgrade: OS and firmware. There’s a setting that auto-updates the firmware after a successful OS upgrade, but you must still do the second reboot manually.
by tangent
Tue Mar 12, 2024 12:03 pm
Forum: Scripting
Topic: bridge admin-mac on terminal
Replies: 2
Views: 304

Re: bridge admin-mac on terminal

It’s “set”, not “edit”.
by tangent
Tue Mar 12, 2024 8:07 am
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 11
Views: 4174

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

It sounds like you’re running on the same stale DHCP config on the switch, from before you fixed things. Presuming you don’t want to wait out the bad DHCP lease, you can restart the switch.

It will work for the same reason your laptop now works.
by tangent
Tue Mar 12, 2024 5:23 am
Forum: Beginner Basics
Topic: Stuck no internet on CRS326 behind RB4011 [SOLVED]
Replies: 11
Views: 4174

Re: Stuck no internet on CRS326 behind RB4011 [SOLVED]

/interface list add name=WAN You can drop that. Nothing refers to it. /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik You can get rid of that flotsam by upgrading to 7.13+. /ip dns set allow-remote-requests=yes You aren't running a DNS server on the switc...
by tangent
Tue Mar 12, 2024 1:02 am
Forum: Scripting
Topic: Is it possible to respond to a specific ping
Replies: 6
Views: 524

Re: Is it possible to respond to a specific ping

So wrap the call to the Windows player GUI in a script that sends the SSH "wake" call to the router first. If you're worried about handing out SSH logins to allow this, you can put the call into a *.rsc file and set the dont-require-permissions flag on it, so read-only users can call it. M...
by tangent
Mon Mar 11, 2024 11:29 pm
Forum: Scripting
Topic: Is it possible to respond to a specific ping
Replies: 6
Views: 524

Re: Is it possible to respond to a specific ping

Okay, new solution: use Home Assistant to react to a TV "power-on" event and send the WoL packet/SSH call from there. How exactly you go about that depends on the type(s) of displays involved, what type of set-back boxes you've got running, whether there's an active CEC link you can tap in...
by tangent
Mon Mar 11, 2024 10:44 pm
Forum: Scripting
Topic: Is it possible to respond to a specific ping
Replies: 6
Views: 524

Re: Is it possible to respond to a specific ping

You might think that WoL is a unicast protocol given the MAC address, but it's not; it's based on a subnet-directed broadcast packet. It has to work that way because it can't rely on ARP mappings, the FDB, etc. That much is true inside network B, but even more so in network A, where it couldn't see ...
by tangent
Mon Mar 11, 2024 7:47 am
Forum: RouterBOARD hardware
Topic: map2nd mAP serial port
Replies: 4
Views: 567

Re: map2nd mAP serial port

RS232 levels (which is 5V)

±3-15. The -3 to +3V band is invalid.
by tangent
Mon Mar 11, 2024 7:41 am
Forum: General
Topic: UPnP and Hairpin NAT
Replies: 7
Views: 884

Re: UPnP and Hairpin NAT

by tangent
Sun Mar 10, 2024 10:43 am
Forum: Wireless Networking
Topic: iOS Devices Connecting but no internet
Replies: 12
Views: 4390

Re: iOS Devices Connecting but no internet

hAP ax3, iPhone can connect to both 2.4ghz and 5ghz, but doesn't get any access to the internet.

My iPhone connects to the Internet through my ax³ just fine. Post your sanitized configuration /export in a "code" block. You've almost certainly got something configured improperly.
by tangent
Sun Mar 10, 2024 5:48 am
Forum: General
Topic: Can't connect to web UI via hostname
Replies: 2
Views: 484

Re: Can't connect to web UI via hostname

It works here, but only once I got DNS properly configured. You don't say which local DNS server you're using, but since the only on-topic one here would be RouterOS's built-in offering, the configuration needs to look like this: /ip dns static add address=10.10.64.7 name=switch00.mylocaldomain.com ...
by tangent
Sat Mar 09, 2024 3:21 am
Forum: Beginner Basics
Topic: Slow Throughput CHR virtual within Proxmox [SOLVED]
Replies: 8
Views: 3695

Re: Slow Throughput CHR virtual within Proxmox [SOLVED]

I watched multiple videos on youtube, to include https://www.youtube.com/@mikrotik

The first search result for "CHR" from that page brings up this video, where Normunds speaks of the same limitation 30 seconds in.
by tangent
Sat Mar 09, 2024 2:45 am
Forum: Beginner Basics
Topic: Slow Throughput CHR virtual within Proxmox [SOLVED]
Replies: 8
Views: 3695

Re: Slow Throughput CHR virtual within Proxmox [SOLVED]

WOW... sarcasm so soon. Read my reply again. Is it correct? Would you not have been sure of the answer had you properly skimmed the single most relevant documentation page to your problem? Yes, you would. Did my answer point you directly to the section you would have found had you done that? Yes, i...
by tangent
Sat Mar 09, 2024 2:09 am
Forum: Beginner Basics
Topic: Slow Throughput CHR virtual within Proxmox [SOLVED]
Replies: 8
Views: 3695

Re: Slow Throughput CHR virtual within Proxmox [SOLVED]

I'm not sure If the Mikrotik VM is intentionally 'throttled'

You would be sure if you’d taken the time to skim the docs before posting. You’ve plainly got a “free” license installed. 128kByte = 1Mbit.
by tangent
Thu Mar 07, 2024 6:58 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

You’ve got enough to take to tech support now. All the due diligence done, all the diagnostic data needed taken.

Let us know what they say, will ya?
by tangent
Wed Mar 06, 2024 6:09 pm
Forum: Scripting
Topic: Mikrotik SSH Backup - my solution
Replies: 15
Views: 9032

Re: Mikrotik SSH Backup - my solution

Do I need a separate piece of software to run this tool from cmd in windows? With the binaries having gone missing on Dropbox in the decade (!) since this thread was last active, you'd have to build this C# program from the sources on GitHub, or find someone to do it for you. Personally, I wouldn't...
by tangent
Wed Mar 06, 2024 4:12 am
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

As I said, it's supposed to slew, not jump instantaneously. If it jumps forward by a big amount, it's bad. If it jumps backward by any amount, it's extra-bad.
by tangent
Wed Mar 06, 2024 3:13 am
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

Yes, and the docs tell you that it repeats that lookup each time it tries to sync with SNTP on ROS v6 when you set it via server-dns-names. This is what allows it to be evergreen; as public NTP servers come and go, the round-robin results of a DNS lookup on that name change accordingly.
by tangent
Wed Mar 06, 2024 2:59 am
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

I think I did this right... I would have also removed the software ID and MAC addresses as potential PII, but opinions differ on how big a risk that is. /system ntp client set enabled=yes primary-ntp=96.43.63.9 secondary-ntp=129.6.15.32 Those servers time out for me, too. Why not use something like...
by tangent
Wed Mar 06, 2024 2:38 am
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

I'm wondering if I just don't have something configured correctly.

My visual configuration debugging skills work better than my psychic ones. Post the sanitized output of "/export hide-sensitive" into a "code" block.
by tangent
Wed Mar 06, 2024 2:29 am
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

That sounds like your ISP is dropping them. Ask. Maybe they have a nearby NTP server they'd prefer you use instead.
by tangent
Wed Mar 06, 2024 12:18 am
Forum: Beginner Basics
Topic: ipv6 help please
Replies: 7
Views: 790

Re: ipv6 help please

"/tool/traceroute" works for IPv6 as well. What do you get with a well-known address like "2606:4700:4700::1111"? (Cloudflare DNS.)

Also, be careful posting public IPs. Are you sure you want to publish the link between this forum account and your VPS's public address?
by tangent
Wed Mar 06, 2024 12:03 am
Forum: Scripting
Topic: Netwatch Script Failing After ROS 7.2.2
Replies: 1
Views: 284

Re: Netwatch Script Failing After ROS 7.2.2

Why are we talking about "upgrading" to a version from April 2022? There were netwatch improvements in 7.13, 7.12, 7.11, 7.10, 7.9… That's where I gave up searching; there may be more. The broader point is, why are you complaining about an old version of a facility that has received so muc...
by tangent
Tue Mar 05, 2024 11:38 pm
Forum: General
Topic: Hex Lite and NTP client updates
Replies: 28
Views: 2113

Re: Hex Lite and NTP client updates

Are you certain the NTP server is open to your traffic? Old reliable servers stop providing service from time to time, some ISPs block NTP access to third-party servers to make you use their server instead, etc. Torch the WAN link on port 123 to find out; don't guess, don't assume. Even if you've go...
by tangent
Tue Mar 05, 2024 11:31 pm
Forum: Beginner Basics
Topic: Help required: slow upload speeds with PPPoE connection
Replies: 6
Views: 1296

Re: Help required: slow upload speeds with PPPoE connection

Two different srcnat rules is weird, and though not likely your immediate culprit, one of the two is unhelpful. Pick one. My bet for your actual problem is having both ether1 and pppoe-out1 in the WAN list, giving your router two paths to the Internet when only one works. Drop ether1 from this list....
by tangent
Tue Mar 05, 2024 11:17 pm
Forum: Beginner Basics
Topic: ipv6 help please
Replies: 7
Views: 790

Re: ipv6 help please

/ipv6 address add address=ip::/64 inteface=ether1 advertise=yes Is "inteface" a typo here on the forum, there on the CHR, or both? Secondly, you don't speak of having a peer VPS on the same virtual network at your hosting provider, so who are you "advertising" to? If this virtua...
by tangent
Tue Mar 05, 2024 3:20 pm
Forum: General
Topic: Wireguard on a dumb ap [SOLVED]
Replies: 4
Views: 488

Re: Wireguard on a dumb ap [SOLVED]

Yup.
by tangent
Tue Mar 05, 2024 2:34 pm
Forum: General
Topic: Wireguard on a dumb ap [SOLVED]
Replies: 4
Views: 488

Re: Wireguard on a dumb ap [SOLVED]

Since there's no NAT…

There needs to be.
by tangent
Tue Mar 05, 2024 1:44 pm
Forum: Beginner Basics
Topic: 4 different VLAN on 1 ether port
Replies: 10
Views: 625

Re: 4 different VLAN on 1 ether port

Static IP aliasing works on WiFi interfaces, too.

And I repeat: nothing about this is RouterOS-specific. This is generic Windows networking. The same solution would work with any network equipment, from any vendor. You're off-topic here.
by tangent
Tue Mar 05, 2024 12:18 pm
Forum: Beginner Basics
Topic: 4 different VLAN on 1 ether port
Replies: 10
Views: 625

Re: 4 different VLAN on 1 ether port

I don't need to have DHCP set up on my PC. Then why did you bring it up above? So the best option is to always change ranges No, the best option is to multi-home your PC. Put one IP for each subnet into the computer, on the same interface. If you give it 10.10.10.2, 192.168.66.2, 192.168.64.2, and ...
by tangent
Tue Mar 05, 2024 11:48 am
Forum: Beginner Basics
Topic: 4 different VLAN on 1 ether port
Replies: 10
Views: 625

Re: 4 different VLAN on 1 ether port

So how to describe the name? Multihoming in general, IP aliasing when the multiple networks are on a single L2 interface, without something like VLANs or VPNs to split them up at L2. I need to connect using WIFI That has no relevance as long as the WiFi interfaces are on the same bridge as ether1. ...
by tangent
Tue Mar 05, 2024 7:59 am
Forum: Beginner Basics
Topic: 4 different VLAN on 1 ether port
Replies: 10
Views: 625

Re: 4 different VLAN on 1 ether port

I need to set multiple static IP for ether1. I doubt it, but without a network diagram, I'm relegated to a position of basing that on past experience with other related problems, not the complete particulars of your actual problem. I work with 4 computers in the network. So I have to constantly cha...
by tangent
Tue Mar 05, 2024 5:08 am
Forum: Beginner Basics
Topic: my RB4011 is on v7.14 but firmware says 6.44.3 [SOLVED]
Replies: 3
Views: 633

Re: my RB4011 is on v7.14 but firmware says 6.44.3 [SOLVED]

Yes, upgrade that, too.

Think of it like the difference between the OS and UEFI, except in this case, it’s best that they be upgraded in lockstep.
by tangent
Mon Mar 04, 2024 10:08 am
Forum: General
Topic: secure IPv6 and port forwarding?
Replies: 3
Views: 565

Re: secure IPv6 and port forwarding?

or you'll have to set IPv6 addresses on server-like devices manually.

If you use SLAAC/NDP on the LAN side, won’t these server-like devices get the same v6 address each time?
by tangent
Mon Mar 04, 2024 12:33 am
Forum: Wireless Networking
Topic: SA Query timeout
Replies: 69
Views: 16835

Re: SA Query timeout

What's FT?

Fast Transitions, a recently added feature. Disabled by default. “FT” is the tab name in WinBox.
by tangent
Sun Mar 03, 2024 1:43 pm
Forum: Beginner Basics
Topic: No internet connection to LAN yet router connects
Replies: 5
Views: 555

Re: No internet connection to LAN yet router connects

Put vlan1 into the WAN interface list.
by tangent
Tue Feb 27, 2024 1:33 am
Forum: Containers
Topic: Small Ookla Speedtest container
Replies: 11
Views: 4396

Re: Small Ookla Speedtest container

Try it again; I've added that flag to the command line.

It doesn't demand that here, but perhaps it skips that when it doesn't detect that you are in the EU.
by tangent
Mon Feb 26, 2024 6:20 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 1313

Re: Isolated Guest WiFi Sans VLANs

Personal remark: it was a bit hard to understand the password ... :lol: Although I do realize you're joking, I took it as a hint that the PSK example should be clearer that it is an example and not passphrase selection advice to be taken literally. It's there because I don't want the opposite misun...
by tangent
Mon Feb 26, 2024 12:59 am
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 1313

Re: Isolated Guest WiFi Sans VLANs

you put too much emphasis on how much you loathe VLANs It's a few paragraphs in the "motivation" section. It answers the question, "but why don't you do it with VLANs instead?" Now you know why. Consider it a personality quirk, a matter of taste, if that helps you understand me....
by tangent
Mon Feb 26, 2024 12:54 am
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 1313

Re: Isolated Guest WiFi Sans VLANs

But this is only because the wifi2g is a 'slave' interface to the bridge. It kept yelling at me about slave this and slave that, so I gave up and did as you saw. But, as ever when someone assures you the limitation isn't hard-and-fast, it gave me the encouragement I needed to go try again. I've got...
by tangent
Sun Feb 25, 2024 11:16 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 1313

Re: Isolated Guest WiFi Sans VLANs

it very much depends on the rest of configuration of the wireless device itself and on overall topology of your network I thought I made it clear in the article that we're talking about a home Internet gateway. That puts it on the border between LAN and WAN, with the intent that traffic originating...
by tangent
Sun Feb 25, 2024 10:54 pm
Forum: Useful user articles
Topic: Isolated Guest WiFi Sans VLANs
Replies: 12
Views: 1313

Isolated Guest WiFi Sans VLANs

One of several reasons I have yet to replace my non-MikroTik gateway router until this weekend despite being the biggest RouterOS fanboy evar [/b] — like, totally! — is that every guide I've seen on setting up guest/IoT WiFi thus far relies on VLANs, and that's simply a non-starter here. Maybe one d...
by tangent
Sun Feb 25, 2024 8:57 pm
Forum: Useful user articles
Topic: IPv6 with Xfinity
Replies: 2
Views: 551

Re: IPv6 with Xfinity

I doesn't surprise me at all that my working configuration is contingent on local NAN-scale engineering decisions.

(NAN = nuke-area-network. Smaller than the Internet, bigger than a typical WAN.)
by tangent
Sun Feb 25, 2024 7:26 pm
Forum: Useful user articles
Topic: IPv6 with Xfinity
Replies: 2
Views: 551

IPv6 with Xfinity

There's a lot of advice floating about the Internet on configuring IPv6 on Xfinity/Comcast networks, but none of it applied 100% to my local situation. I therefore wrote up what worked here with RouterOS 7.14. While I welcome advice from the IPv6 gurus here, do keep in mind that what you see in that...
by tangent
Sun Feb 25, 2024 6:46 pm
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 51782

Re: v7.14rc [testing] is released!

I think you have to set both, with comma in between.

Indeed; thank you! I've updated the article.
by tangent
Sun Feb 25, 2024 1:11 am
Forum: Announcements
Topic: v7.14rc [testing] is released!
Replies: 176
Views: 51782

Re: v7.14rc [testing] is released!

As usual, there's new configuration flotsam in this release. Removal methods for the ones affecting this release begin here , but I'm stuck on one: /interface sstp-server server set ciphers=aes256-sha That can take only one other value, but setting it to aes256-gcm-sha384 doesn't make the line go aw...
by tangent
Fri Feb 23, 2024 8:56 pm
Forum: Beginner Basics
Topic: firewall filters - solid?
Replies: 5
Views: 646

Re: firewall filters - solid?

used a static DNS entry for time.nist.gov and time.windows.com to point to my local NTP server. Hope that is the way to go :)

Ick. Set ntp-server in the DHCP server’s network configuration instead. Any reasonable network stack will obey that in preference to its default.
by tangent
Fri Feb 23, 2024 4:50 pm
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

I just wanted to know if MT is willing to publish the *container.npk*, if not then there is no point in trying to do anything as was said in some posts before. I don't see a reason to be that black-and-white about it. All we need at this early stage is a pledge from MT that once someone produces a ...
by tangent
Fri Feb 23, 2024 9:41 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

TILE CPUs are no longer manufactured True, but your customers have bought them, and some number of them still work. I believe the motivation behind this thread is that some subset of these customers want to stretch their useful lifetimes by using them as container runners. (For what it's worth, I d...
by tangent
Fri Feb 23, 2024 9:24 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

AFAIK such tools does not exist I outlined all the details for this above. The QEMU emulator for tilegx exists, but is bitrotted; it could be resurrected. A port of Clang to tilegx exists and probably works fine as-is, once built. With those two, one could then cross-compile the Linux distro needed...
by tangent
Fri Feb 23, 2024 9:04 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

If the tools described above existed, you could cross-compile anything. Your own PiHole example, for starters. In case anyone is confused on this point, I'm in support of this idea in principle. My primary question is simply, who's going to do all the work needed to make it happen, given all of what...
by tangent
Fri Feb 23, 2024 7:04 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

As I said in the beginning.. Chicken-Egg... I don't buy that analogy. If that were the case, no one could ever bootstrap a new CPU architecture. Bootstrapping proceeds in small steps. It's a lot of work — enough that there have been entire companies founded on doing that type of work — but there is...
by tangent
Fri Feb 23, 2024 4:43 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

Without it there is no reason to put in the effort. The reasons are independent of the existence of a TILE build of container.npk. I predict that if you take your gadfly routine to the QEMU and Alpine project fora and try to get them to include TILE support, you'll get zero traction, regardless of ...
by tangent
Fri Feb 23, 2024 4:01 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

They could build container.npk for TILE today, and it would still not get you containers on TILE. Maybe, but without it, it CAN'T happen. The same argument applies to QEMU TILE support and the requisite base container image needed to bootstrap the first practical image. Why is MT to blame for not p...
by tangent
Fri Feb 23, 2024 3:34 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

I am still disappointed in the decision. What I am trying to get across to you is that it isn't MikroTik's decision . They could build container.npk for TILE today, and it would still not get you containers on TILE. Mikrotik pulled support for containers for the Tile architecture.. "Pulled?&qu...
by tangent
Fri Feb 23, 2024 2:43 am
Forum: Containers
Topic: CCR1xxx with containers
Replies: 35
Views: 2698

Re: CCR1xxx with containers

No one is going to undertake that for that maybe eventually. Then this "no one" is going to get exactly what they deserve: nothing. MT's incentive to do all that work is zero. If you don't show MT that it can be done, they won't take the final step of building container.npk on TILE for yo...