I was hoping there would be a simpler way to see the DNS requests passing through my router. It's actually pretty easy! Just create your own logging action (output), for example called DNSLOG , and then add a logging rule for DNS requests using that action. After that, check all DNS requests by ope...

You can use Tools/Packer Sniffer to record traffic, save to Wireshard compatible format (pcap) and analyze later. Well, my use case was to see those domains live from my phone (MikroTik app), like you can do with Cloudflare's Warp app 😅 If I have to sit in front of my PC I might as well bring up th...

Log to disk? It has to be (temporarily) stored somewhere. Wouldn't that cause excessive wear on the NAND if every single DNS request is logged? I wouldn't want to set up an external logging server just to check out 10 seconds of DNS logs every other week. Is there any way to just temporarily make a...

Hi all. I'm looking for a way to monitor the DNS requests that are being received by the router, which is configured as DHCP and DNS server for all devices. I know I could log them, but that would massively clutter the logs and I don't need to keep persistent DNS logs anyway. All I need is a quick w...

Right, it's settled then. Once I finish playing around I'll just delete the current container, plug a tiny pendrive into my RB5009 and create the long term setup from scratch, this time inside the default LAN bridge.

Thanks again!

A RB5009 is around 220 $. If the built in storage wears out, you need - besides the cost of replacing the chip, some 40-45 $ for a new licence, all in all 100 $, not counting the costs effects of the downtime.. A small USB stick of re-known/reliable brand is what? 5$ or so. Yes, I'm well aware of t...

Hi all. I'm going through my first foray into containers, and I have a question regarding internal vs external storage. I'm aware that MikroTik strongly advises to use external storage for all things containers whenever possible, and my understanding is that this has to do with potential NAND degrad...

Okay great answers except for the vagueness CLEAR 1. Send all the traffic with destination 192.168.1.0/24 through the tunnel. This is the subnet used by the LAN at the remote site, so by doing this I can easily access the LAN resources at that location. This works perfectly fine. VAGUE 2. Selective...

Maybe you need a 0.0.0.0/0 with gateway 10.184.203.4/32 (or something similar) in that VPN-Remote-table? Oh god, that was it! I had missed adding the actual route so that generic internet traffic could also find its way out through the tunnel. I actually added the wireguard interface as gateway: ad...

Ok, step by step: So it is these two mangle rules: add action=mark-connection chain=prerouting connection-state=new \ new-connection-mark=remote-vpn-traffic-mark src-mac-address=\ [mac_address_of_target_device] add action=mark-routing chain=prerouting connection-mark=\ remote-vpn-traffic-mark dst-ad...

Thanks for your tips. Yeah I'll try to clean those asterisks up, I did a lot of changes back and forth trying to make this work and recreated the VPN a few times, so there's probably some leftovers from that. Regarding the routing rule, as said it should only capture the traffic going to 192.168.1.0...

Hi all. I have a Hex S with a Wireguard interface that works as a "client", so that I can selectively send traffic out through the tunnel whenever I want. This interface is called "VPN-Remote" in my export. The Wireguard config itself seems to be OK, as I am also using a simple I...

Hi all. Apologies for not following up. At least in my case, it turned out it was MY fault. IP addresses were configured in a way that they could clash for different peers. By some kind of amazing coincidence, IPs had NEVER clashed for over a year of using Wireguard, so I was convinced nothing was w...

Same issue here. Had the Wireguard server working flawlessly for months on my MikroTik Hex S, and then all of a sudden, my clients stopped working. Logs both on the client devices and the MikroTik itself show the same as yours regarding the failed handshake. I've updated to the latest beta test vers...

Same here. Connections to the Wireguard VPN running on my Hex S suddenly stopped working a few days ago. Incoming clients seem to "establish" the connection from the client side (the Wireguard app shows up as "Active", green circle), but in reality no traffic flows through and cl...

I'm experiencing the same issue on 7.14 here (see attached image). My Hex S keeps trying to complete the handshake with my Pixel 7 Pro, even though my phone has been disconnected from the VPN for hours. Persistent keepalive is NOT enabled in any of the devices, and it has never been. Also, I'm not s...

Oops, I see. Missed that!

Wow, not good! If those 3 APs are too much for the RB5009, my 2 APs might be as well... might have to reconsider and get the non-PoE version + a PoE switch from the start. Out of curiosity, why the CSS610-8P and not, say, the RB260GSP ? Were you planning to power half of the devices with the RB5009'...

That's very interesting! So, if I'm understanding this right: If the PoE version is powered with its stock 48V PSU, it uses 2-2,5W more idle power than the non-PoE version. If the PoE version is powered with the 24V PSU, it probably uses the same power as the non-PoE version. We would need to test t...

Yep, agreed. Also prefer the other format, as I would keep this in a closet with other equipment and the power strip sockets will get easily blocked by this kind of PSUs.

Thanks again for your help

Ah I got your point now, that's interesting. So from a PSU perspective, it would probably be more efficient to run maybe 1 or 2 PoE devices off the RB5009, so that the PSU is running closer to 50% load, and leave the rest to feed off a separate PoE switch. Assuming, of course, that the switch's PSU ...

Thanks jaciaz.

So, short of an official response from MikroTik staff, I think it's safe to assume that the PoE version should be just as cool and efficient as the non-PoE version when not used to power other devices.

Sounds like I'll go for it then.

Thanks again!

Hi all. I'm trying to decide between the RB5009UPr+S+IN and the RB5009GUG+S+IN, and my main doubt revolves around temperature. I like my network equipment to run cool, so once I have a significant number of devices to power over ethernet, I plan to get a dedicated PoE switch that will act as power s...

Thanks Sob.

Won't be able to really verify this until/if I get another drop on the PPPoE tunnel obviously, but it makes total sense so I'll accept your solution.

Cheers!

Hell of a necro post, apologies for that, but this is exactly the place to ask my question. I have a setup RB2011-RM serving as a PPPOE server (Radius behind that) 40 CPE's connected to the RB2011-RM (Hap Lite's) Each CPE has 2 PPPoE clients set up, 1 is for internet, 2nd is for management What I h...

I rarely use PPPoE, so I don't know if there are any special requirements for that, but try to set its keepalive-timeout. There's nothing in log about PPPoE, so it didn't notice any problem. Keepalive should help with that. Thanks Sob! If I understand correctly, what the keep-alive will do is just ...

Hello! I'm a brand new Mikrotik user and this is my first post. I hope I'm not breaking any rules here! I set up my Hex S last Thursday (5 days ago) and everything has been smooth sailing so far. Connectivity has been rock-solid and I've had no issues. What an amazing little box :o However, this mor...