MikroTik

optio

Try with :put [/tool fetch url="http://$ipv6add/index.php" http-header-field="Host:api.myip.com" output=user as-value] Note: use http protocol, https requires (E)SNI host name which is not set from URL when accesing over IP and SSL handshake will fail since certificate is not iss...

optio

Since this thread topic about dynamic rules in general I will just mention UPnP dynamic rules, above conversation is mainly about hotspot rules and this is not related. Yes, if you switch on something that creates the dynamic rules, then those rules must be removed after the feature gets disabled. F...

optio

Not sure if this is already asked, please put configuration change log into separate topic, for eg. system,info,configuration to have ability to filter it out without filtering other logs from system,info topic. When configuration change logging was introduced into system,info topic, log can get blo...

optio

@optio you really need to cut the chunks because you don't know if you get chunk-cuts in the middle of the IP address. So I re-introduced the cut-back of 512 bytes and early ends of 256 bytes in $data. To read the complete list I have added that the last chunk does not end early, when 256 bytes are...

optio

Did you check that script is actually working correctly? Try to find all matching lines from downloaded file with regex ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}.*http.*$ and you will see that 2935 lines are matching for import and from your log count is 2934, as I analized last matching line ...

optio

Removing the file after download should be optional and the file could then be reused on reboot, even before the connection comes up. Depends on usage, in this case if in current script /file remove "$listname.txt" is just removed it will not work anyway, update function needs to be modif...

optio

license.mikrotik.com and (www.)mikrotik.com are using TLS 1.3 (forum.mikrotik.com does not), from Wikipedia : SSL protocols In March 2020, China suddenly started blocking websites using the TLS (Transport Layer Security 1.3) and ESNI (Encrypted Server Name Indicator) for SSL certificates, since ESNI...

optio

In update function after partnumbers :for loop use: :local listCount [:len [find list=$listname dynamic]] And log listCount variable or use as return value of function and use it after function call... Examples: ... :local update do={ ... :local listCount [:len [find list=$listname dynamic]] :put &q...

optio

Script needed some adjustments for single fetch, try with this: # Turris Import by Blacklister # 20210823 new version that directly downloads from the external server # 20240331 rewritten to fetch the whole file and write it to a local file and then import it { # import config - delay for slow route...

optio

I edited above comment meanwhile, this request can be avoided. Order of commands needs to be adapted to get filesize after file is fetched and set other variables and put rest of the code below it which depends on filesize.

optio

maybe src-address argument for fetch is causing the problem? P.S. I think :local filesize ([/tool fetch url=$url src-address=10.10.10.10 keep-result=no as-value]->"total") is not needed, you can get file size from downloaded file, it will avoid double fetching of same content. :local files...

optio

Yes, file chunk read to variable works on ROS 7.14: :local data ([/file read offset=0 chunk-size=2 file=nameservers-all.txt as-value]->"data") :put $data 26 It depends which ROS version @Kataius is using, more optimal is to download whole file and parse its data by chunks than using multip...

optio

For ROS API (not REST) you have Python3 example on MT help page or use pip packages like this or this . For REST API, it should work with any HTTP client (like requests module mentioned above), requests and responses bodies are in JSON format. For eg. here is some Python module which is using REST A...

optio

@Kataius as you can see issue is troubleshooted, override Accept-Encoding header in fetch so that gzip encoding will not be set in it and it should work (it's a server issue).
P.S. use https url scheme since for http server respond with redirect to https, fetch will perform 1 less request.

optio

No gzip support activated on the server? Range on server side is not supported when gzip encoding is set, all gzipped data is retrieved then. This is some issue on Caddy http server, public-dns.info is using Caddy as I see from response headers. curl -s https://public-dns.info/nameservers-all.txt |...

optio

Yes, that's strange, I just checked with local http server and indeed it returns ok: curl -s -H 'Range: bytes=0-1' http://192.168.100.21/info.php <? :put ([/tool fetch url="http://192.168.100.21/info.php" http-header-field="Range: bytes=0-1" output=user as-value]->"data"...

optio

This is server side operation for Range header (server returns bytes depending on Range header value), see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Range That's is my whole point, yes you can extract from these returned bytes some bytes, but you cannot achieve chunked download of al...

optio

Read it like this: Curl wc is word count not bytes. Maybe you missed -c argument... $ wc --help Usage: wc [OPTION]... [FILE]... or: wc [OPTION]... --files0-from=F Print newline, word, and byte counts for each FILE, and a total line if more than one FILE is specified. A word is a non-zero-length seq...

optio

@optio nothing wrong there, Data is a variable and so 64512 bytes is the max.

It shouldn't be since range header is set. 64512 is because full data is fetched and limited to that and that's wrong (it should be 2 as from curl).

optio

I suspect there is a bug on http-header-field argument for fetch command, maybe it is not sent correctly (I didn't check this over local web server to analyse), download data is always 64512 bytes regardles which range is set in header when output=user as-value : :put [:len ([/tool fetch url="h...

optio

replace

:if ($routewan1 = "true") do ={

with

:if ($routewan1 = "true") do={

do (or from, to, else, on-error, ...) with whitespace before = is not correct syntax, but after = whitespace can exists before block brackets.

optio

Here is something similar for VS Code viewtopic.php?t=200228

optio

@clte19ax Maybe there is a issue that containers are not stopped gracefully before system shutdown (or there is short timeout for waiting). On mine device Pi-hole container is in stopping state about 2-3s before goes to stopped when manually stopped, some others a bit shorter, but overall, device sh...

optio

In this case personally I will rather use file in root path which is using tmpfs (assuming ROS is running on device with flash drive) than writing value into some config if presistance is not needed since such file will act as global variable, preserved only in RAM, no flash writes upon setting valu...

optio

From my experience (on Chateau LTE12) when lte antenna is set manually, in Winbox "External Antenna Selected" is empty (this field is only for auto selection as mentioned here for external-antenna-selected ), but from CLI: /interface/lte/settings> print mode: auto firmware-path: firmware e...

optio

Since fetch requires ftp user policy from ROS 7.13+ version it might be a problem as you stated, if ppp up/down events are limited as netwatch, but this is not documented afaik, it needs to be tested to be sure.

optio

It was suggestion if this is really some "secret" algorithm in script, I'm not using PPPoE, so PPP profile scripts for PPPoE cannot execute fetch to some external service on LAN with some static IP (such service doesn't need to be on some server accessed over WAN and actually it is better ...

optio

I think problem is that SNMP service is executing script with different user (some internal system) than ROS login user which created global variable. Users cannot read global variables created by another. Same issue is for eg. with netwatch tool and getting/setting global variables that are used wi...

optio

try with duration argument for fetch: /tool fetch url="http://172.21.0.58:8008/" duration=1m

optio

Or create external service (in PHP or whatever) which will perform same script logic and trigger with fetch external service endpoint in PPP profile up and down scripts with some parameters you need, you can control/fetch data from ROS over its API from that service. Restrict access to server where ...

optio

When I now ping "commander", I got "Name or service not known". The all makes sense, but I want to define the static hosts and DNS entries in my Mikrotik Router. Is there a way I can achieve this? Like using my MT-router as the default DNS server, but all DNS requests which are ...

optio

If resource monitoring is needed then ROS will need to expose per container resource usage otherwise it can be achieved only with custom container image with some resource monitoring service installed along with actual service.

optio

You can create scheduled script that checks if container is running or use external monitoring software that will perform that over ROS API.

optio

And it is also possible to compare checksums from original files is someone is concerned...

optio

Is it $validity string type variable then? Did you try

:local validitytime [:tonum [:totime $validity]]
:log info "validitytime: $validitytime"

?
Or could be ROS version issue, you did not specify on which is this performed, maybe on older versions :tonum from time doesn't work.

optio

warning secured...

optio

Regarding $validity it is already explained in my previous post, but if is hard to understand, here it is: >:local validity 3d00:00:00; :put [:tonum $validity] 259200 >:local validity 01:00:00; :put [:tonum $validity] 3600 >:local validity "3d00:00:00"; :put [:tonum [:totime $validity]] 25...

optio

I think it will not be noticed in some shorter period, mine ISPs did not complain when I did this (device connected to ISP from which I was attacking and ISP on which is router connected). See this post and topic conversation, maybe address lists are not issue but you can test it.

optio

If you are behind CGNAT then you are protected from this attack since attacker cannot reach your WAN IP, your public IP is on another subnet. If you want to test this properly setup WAN connection without CGNAT and attack over WAN. See also how long you can perform attack until address lists are fil...

optio

Maybe there is some limit even if you have free memory for much more bytes... Try with my approach mentioned in previous post if you skilled with scripting to implement it, actually you don't need HEAD method first to get file bytes, it is more optimal but it works only on ROS 7.14+, as I see you ar...

optio

Which rules for TCP SYN flooding protection did you add? From here maybe?
If you are not behind CGNAT try to perform

hping3 -c 15000 -d 120 -S -w 64 -p <TCP_PORT> --flood --rand-source <ROUTER_WAN_IP>

from device using other WAN connection and see how it goes...

optio

Ah ok, just current free memory is limit... but also proposed solution for parsing chunks in prev. post which could work on any device without worrying about free memory, for this case doesn't matter, but for parsing 100Mb file maybe it will and it can be implemented in ROS 7.14 without waiting as-v...

optio

See script in this post , for converting $lastSeenStr (date-time format) into timestamp you can use $datetime2epoch function created by @rextended taken from here , $validity is in time type, to convert it into timestamp you can use ROS global command :tonum , in your case [:tonum $validity] (if is ...

optio

I didn't tested it, strange it is not initially implemented to return value as default, there is no much practical use without value. Btw., regarding your function, are you sure this will work on large files and $thefile will not reach variable size limit or maybe device memory limit, since it appen...

optio

You can delete messages using modem AT command and executing it over ROS CLI command /interface/lte/at-chat lte1 input="<SOME_AT_COMMAND>" <wait=yes>, see more in ROS LTE manual how to use at-chat . AT commands depends on modem used by device, for your modem ( EG18-EA ) see this manual . F...

optio

Can't tell where is the issue regarding removing SMS, try to upgrade ROS to 7.14, there is some fix in 7.14 regarding SMS removal: *) modem - fixed SMS removal (introduced in v7.13); here is script that retries removing SMS in recursion until no error with max retry count 10, controlled by maxRetry ...

optio

chateau seized up and had to cut the power as connectivity was lost, replugged into mains again, storage went to 0 so have zero free space - have opened support ticket to find out how to clean up (what I suspect was probably a temp file in /tmp somewhere or a core dump) Had similar issues with 7.13...

optio

Irony was lost when I migrated from wireless package to this wifi-qcom-ac *) package - reduced "wireless" package size for ARM, ARM64, MIPSBE, MMIPS devices; I'm using same device as yours, but continued to use "wireless" package and actually gain 36KiB (500KiB -> 536KiB free) a...

optio

It will work until Youtube hosts implements ESNI. After that you can only block by address list with resolved Youtube hosts and hoping that some of that resolved Youtube host IPs are not shared with some other hosts that are on same IP that shouldn't be blocked (some Google service for eg.). There a...

optio

Local function can call other local function if passed as argument, see script in this post , all local functions and variables. Like from that script: $escapeValue $v escapeStr=$escapeStr arrayToStr=$arrayToStr , of course you need to pass as argument to root function all functions called from all ...

optio

From ROS version 7.13 there is /file/read command (currently undocumented) which you can use to read file chunked with arguments chunk-size and offset . First, fetch command will need to download whole file on to FS and not be used to return response data as value to variable. This can be useful for...

optio

Personally I will go with strict as possible rule just for DoH and block all DoT - 1st option, without dst-address-list in DoT rules to block all DoT but to avoid potential blocking other service ports (if maybe I will need them) for addresses in DNS-DOH list which is in DoH rule (unlike DoH rule in...

optio

Ah yes, I forgot about Rosetta is not supporting Linux bootstrapping. Well we will need to wait CHR ROS for aarch64 then...

optio

Great work @Amm0

chr_utm_i.png

Didn't try yet over Rosetta on M, but it could be issues with FS corruption as I mentioned in my previous post (or is just native ARM issue). Too bad there is no USB passthrough support.

optio

Or you don't need to use global variable at all and pass local variable as function argument... :local afraidSyncURL "http://sync.afraid.org/u/random_token/" :local updateDDNS do={ :local result [/tool fetch url=$1 as-value output=user] ... $updateDDNS $afraidSyncURL :log info "FreeDN...

optio

I meant if you will using this SMS check along with logic from my past script which you tried and which goes out of sync for some reason... But if you want just to check SMS inbox, from first look your script maybe needs some corrections but something like that can be put in scheduler event. Maybe o...

optio

If that's works for you ok, if WAN network is not blocked in between scheduler interval (provider gives some grace bandwidth or time until SMS is sent when quota is reached)... or you want to put this function in logic of an existing script? If you want better message cleanup match with "10 GB&...

optio

Are you sure that provider is not resetting quota after limit is reached and not immediately after SMS is sent which causes unsync? In such case you will need first to reach quota limit and then calibrate script, but it will still require small change in script to add diff from quota limit and thres...

optio

I don't have such issue with queue tree, ip firewall enabled on bridge, no bridge filters, fastrack rule enabled for packets without mark and when I set max limit to queue items it limits, tested with some lower value than actual current bandwidh (since my bandwith varries over LTE so I used some lo...

optio

Just be careful with that and don't and use short scheduler intervals since flash has limited sector writes, setting comment writes config on flash and also when using file on flash/* path. Using USB drive is alternative to avoid flash wear-out since USB drive is easier to replace when its wear-out ...

optio

@ludycro, @hafte You can use one of these two scripts in scheduler event (startup with some interval, eg. 5min). Script with interface rx/tx bytes with persistence in interface comment :local smsSendThresholdMiB 9216 :local smsNumber "13880" :local smsMessage "NASTAVI" :local wan...

optio

I forgot to mention @RadckM or quote, I was referring to statement: Anyway - Since there is no other option I will end up doing the ethernet and one of the options of controlling the router over API, using USB to Serial or anything like that is not an option fo rme . But I see now that problem is re...

optio

Idk why USB to serial is not an option for you, but if is because you already have device connected to USB, you can use USB hub connected to MT device and connect multiple USB devices including USB to serial into hub. There are also devices such this and you don't need another USB to serial on lapto...

optio

Could be on MNO side since users are reporting issues regarding PDU Session modification to Open5GS using Chateau 5G and it was fixed on Open5GS side, like this issue.

optio

For me VFM and VirtioFS seems to be stable using with Docker on M1, have some databases running with it in containers (even some with x86_64 arch using Rosetta), so I guess UTM needs to improve stability and it will be great free VM alternative on Macs.

optio

Sorry I don't have experience with sstp, especially not in such setup, maybe some others have, but if nobody is replying you're out of luck here.

optio

Did you experienced any FS corruption running on UTM with Apple Virtualization Framework? Related to this still open issue for UTM -> https://github.com/utmapp/UTM/issues/4840 I tried with Debian 12.5 (arm64, without Rosetta) which installation is using kernel 6.1 and FS gets corrupted eventually on...

optio

I think this is related to ROS version, not sure on which is introduced, I have latest 7.13.5

wg-peer.png

optio

Is there any solution for QR code in wireguard without BTH???

Yes, QR code is visible in Winbox/WebFig in WG peer configuration

optio

I have static public IP. I no need BTH. You don't need BTH because you have public static IP (and guessing not behind CGNAT) or you don't need BTH because you don't need internet connection routed over home VPN? BTH VPN will not use MT cloud server for VPN connection if VPN port is accessible from ...

optio

downloaded the Oct '23 ver from another site which shows 3.40.

That's brave (or...?), running router admin software downloaded from non official site

optio

Download button on that page has the same URL linked, so clicking there returns to same page. No way to download Winbox. From WinBox menu on download page: https://mt.lv/winbox64 vs https://mt.lv/winbox - how is this same URL? How does a user identify which version of Winbox is in use? Can't find t...

optio

There is also MT "Back To Home" mobile app for iOS and Android which simplifies VPN (Wireguard) configuration process.

optio

This doesn't make sense since have hairpin dst-nat NAT rule for all outgoing DNS traffic from LAN to Pi-hole unless Chrome is performing DoH request to Google DNS when is set manually and that bypasses router NAT rules. Did you try with other browsers? Since dig is unable to connect due to NAT rules...

optio

@jfernandezr ignore it, this is some bot answer

optio

it's annoying on a Intel Mac as it requires a VM...

It is possible to run it with crossover wine because it supports 32bit emulation

dude-mac.png

optio

Afaik all Chateau models have Quectel modems (maybe other LTE MT devices too or all), in MT devices brochures you can find modem model, like for this device where LTE modem model is stated R11mL-RG520F , strip MT model prefix up to dash you will get RG520F , Googling quectel RG520F AT command manual...

optio

@Favazza if you still have issue with tilde, you can try with this Applescript run by Quick Action (Service): on run {input, parameters} tell application "System Events" to keystroke (ASCII character 126) & " " return input end run run Automator app->Quick Action->drag "...

optio

1) "real" tilde, Ascii and Unicode 126 or 0x0E : https://www.compart.com/en/unicode/U+007E No, it's 0x7E hex (as on link) And yes, on some layouts Opt+n can produce different character (non ascii) since this shortcut is for adding diacritic on supported character, as I mentioned Still c/p...

optio

Could be, but from my experience using external BT Magic Keyboard and keyboard on MBP never had such issues, but I'm not on US layout.

optio

If you have Android device you can try with WiFi Analyzer

optio

Not on all layouts, try on German for eg... For US you have much simpler shortcut, shift+` prints ~

optio

Opt+n is actualy shortcut to put tilde as diacritic on character that can have such diacritic, like Opt+n n prints ñ, or for ˆ diacritic Opt+i (on US) o to get ô, etc... But it can be used with space to print standalone diacritic. When Keyboard Viewer is active it shows which character supports diac...

optio

This means that his system/browser replaces ascii tilde to *whatever* tilde from my prev. post and also in any other app like some plain text editors? How is possible to work on that?

optio

Yeah but when you copy plain ascii character (~) from some text to cliboard (cmd+c) and paste it (cmd+v) it should be the same plain text character. Command with pbcopy is doing same thing but from bytes and it seems on paste there is no problem, I don't get it. Check with c/p command echo -n "...

optio

Something is wrong in on that macOS if copy from bytes is needed to get plain text character anyway... How is not possible to just simply c/p character from plain text, is some utility software running that intercepts clipboard which alters characters?

optio

https://discussions.apple.com/browse, sign in, ask question there, maybe you get response

optio

Digest (Auth) is not used for GCM ciphers (always null), imho Auth selection should be disabled in window form when only GCM ciphers are selected to avoid confusion.

optio

This doesn't make sense, UPnP on ROS is creating dynamic dst-nat rules only (convenient for UPnP clients that randomizes/or some range that cannot be controlled/ open port or local client IP is not static) which are also possible to create manually, no need to spoof anything if si dst-nat issue. Whi...

optio

As I understand it is plain ~, for me it's same combination in any app for selected keyboard layout. Maybe it's something in Terminal Settings to set, if it's ~ in combination with Option key and there is Terminal Settings option in Keyboard tab "Use Option as Meta key", if checked it will...

optio

How is this ROS related topic? Key combination for such character can depend on keyboard layout for specific language or you can get tilde in other apps on text input, like TextEdit, but you cannot in Terminal? Anyway, this is macOS topic for some other forum, I'm using macOS and I don't have such i...

optio

This maybe? viewtopic.php?t=196205#p1002536

optio

:put [:typeof ($x->10)]
this is "nothing" because the 11th element (is 0 based, so 0 i s the first) do not exist

and in most other languages this is index out of bounds error/exception...

optio

You can find deleted topics on web.archive.org, http://web.archive.org/web/202302010600 ... p?t=182340

optio

Maybe is some memory stack issue with large history on that device... Regarding code, you can optimize loop using :while instead :foreach to iterate while condition $f!=1

optio

Problem is that you can combine all in single array, you can have single element, k/v element and inner array element in single array. See "Operations with Arrays" in documentation . You can iterate array and check its elements type to determine this or just use 1st element as reference, b...

optio

@abdalgalil this should do: 1. Add new script with name: scheduler_helpers : :global GschedulerHelpersInit :if (!$GschedulerHelpersInit) do={ :set GschedulerHelpersInit true :global GupdateSchedulerStartDate do={ /system/scheduler :local sched [find name="$1"] :if ($sched = "") d...

optio

I'm more in favor using Google for advanced search since forum posts are public, with Google you can combine keywords with and/or/not logic, search sentence, etc.., just add site:forum.mikrotik.com in query to search only MT forum site, eg. for this https://www.google.com/search?q=lte+disappear+site...

optio

Same here, "Open in New Window" never worked in wine on Mac as expected and I'm not using it, if I want multiple WinBox instances I just run again winbox64 or "New WinBox" if already connected.

optio

WebFig in mobile browser...

optio

ROS "7.3.12"? Is it maybe 7.13.2? I noticed this issue using legacy drivers after 7.13 update when wireless package split is introduced, issue is reported in different topics. No updates released for iOS app yet, Android app doesn't have such issue. iOS app shows only WiFi section, while A...

optio

I did not check this, so I will ask, is next-run in the past if scheduler is not triggered while device is off? If yes, you can just check if next-run is the past from current date and run schedulers from other startup scheduler that checks next-run date on them. You can search forum how to create t...

optio

https://web.archive.org/web/20230201060 ... p?t=182340

optio

I guess something went wrongv with image extraction or there is some problem with accessing usb disk partition; remove container, check if root directory is deleted and delete mount directories if exists, remove leading / in src mount directories (eg. /usb1-part1/etc -> usb1-part1/etc) and create ne...

optio

If you search the forums, someone has made a docker container for the cli netinstall program. They have put in a (x64 I think) emulator into the container (it is smaller than the netinstall executable) Well if you put in container image QEMU build for ROS device CPU architecture and run service wit...

optio

Try to enable logging for container (/container set 0 logging=yes), start and see if anything is logged from container in ROS logs.

optio

@nkourtzis If OS is supporting emulation Docker can run image for different architecture for supported OS emulation, like on Mac OS, Macs can run arm64 and amd64 images. But this not related to ROS, under ROS you can run only CPU supported architecture images in containers. FYI ROS doesn't use Docke...

optio

Script is cloning current container config (ROS container config, don't mix with service ( Pi-hole ) config in container) into new, preserving service config in container it's up to you how is container configured, as I wrote: ...you will not need to use this after each update if configuration dirs ...

optio

It is possible to add it as exception for HTTPS-Only Mode in FF settings and for other web sites will be used (there is no need to globally turn off). If local WebFig IP (or hostname if is accessed by it in url) is added there it will work (for me is working in FF on Mac when using url with http:// ...

optio

@hennotaht some update, it seems you can use acme.sh with non standard HTTP port with --httpport param and --tlsport param for HTTPS as documented here , these params can added to container CMD and existing service on ROS can work on standard port. Edit: it seems this is feature just for reverse pro...

optio

Answered here: viewtopic.php?t=196025#p1054172

optio

No, on-error needs its own block with code where you can expect error:

:if ($newip != $oldip) do={
  :do {
    :set newip [:resolve $comment]
    /ip firewall address-list set $i address=$newip
  } on-error={
# do error handling or log here if needed...
  }
}

optio

Did you put code in :do { } block before on-error={}? I don't see that in your commented code and that is probably causing syntax error.

optio

This is not correct way to update container. You first need to delete old one (wait a bit to ROS delete its root dir) and create new one with same config, you cannot have 2 or more containers on same root-dir . I think ROS needs improvement for creating containers and not allow to create new one wit...

optio

See viewtopic.php?t=203890#p1052816

optio

It's possible to have 2 Ip for two containers and send theses 2 ip to the clients....

Yes, you can set multiple DNS server IPs for DHCP network.

optio

Created some more generic approach for updating containers from remote repository since I have various with different config set: :local contComment "<CONTAINER_COMMENT>" :local logPrefix "Container update: " :local abortWithMessage do={ :log error "$($logPrefix)Error - $1&q...

optio

I'm upgrading Pihole regularly when update is avaiable (visible on web gui at bottom). How it breaks in your case?

optio

Temporary while acme.sh script in container is performing, after is done port forward can be disabled and enabled for other service, this can be handled by ROS script or manually since you cannot have same port open for other services. If you have port 443 used by other service and must be always ac...

optio

Mac priorities default route by network services order, but VPN connections have priority regardless of that order: https://support.apple.com/guide/mac-help/mchlp2711/mac You can’t change the order of virtual private network (VPN) connections because they already take priority over non-VPN connectio...

optio

Some can have other config properties set to container like CMD, host, DNS, etc... Why just not find current container by comment variable, read all its config properties and set it for new container?

optio

Fact: The design used for that processor prevented it from using more than 640kB of memory.

So someone decided that limit, it could be there, but the worst thing was that it was FORCED TO MAINTAIN IT even afterwards, for "decades"...

We need DOS/4G solution for ROS :)

optio

Problem is that npk install script is dumb copy all files process from package to ROS fs location, when having all Qcom drivers in single package it will need to first check device peripherals and copy only needed driver files (it will be the same at the end like installing ac or ax separately), in ...

optio

Suggestion is to have 2 packages, Legacy and Qcom, not forcing new Qcom drivers. Qcom bundle can contain ax+ac drivers and upgrade process can install drivers only needed for device, device will not have both ax and ac drivers on flash storage if upgrade process is a bit "smarter".

optio

Chateau LTE18 ax Suggested price $299.00 vs Chateau 5G R16 Suggested price $485.00 Why such price difference considering that Chateau LTE18 ax is more powerful than Chateau 5G R16 in every aspect except modem (I don't want to even comment 16MB storage size)? Comparing retail modem prices Quectel EG...

optio

Yes, a bit more RAM usage for larger npk (Qcom ax+ac), but it I think all devices should be able to handle that, it will be more cleaner process for upgrade. Upgrade process should be able to detect which drivers you need for device and install them.

optio

Np, not ideal, some icons are black and doesn't look distinctive on dark bg, also dashboard and status text items is always black no matter what color is for certain text type in scheme.

optio

Also there is Windows dark color scheme which can be used for WInbox: https://gist.github.com/Zeinok/ceaf6ff2 ... nt-4567145

optio

Yes, just checked issue (long time passed when I switched to ufw firewall wrapper) is that iptables doesn't support multiple protocols like -[p/m] udp,tcp in combination with --[s/d]port(s) , it has all but you cannot combine it with ports, like ROS rule doesn't allow entering port without protocol ...

optio

I doubt it will reduce number rules it they are correctly written, since you can literally add list of ports and range in single rule, unless you mean that port list can contain protocol also, but this imho can create configuration mess for rules, I would rather have multiprotocol rule for such case...

optio

From 7.13 changelog : *) fetch - require "ftp" user policy; Generally, if you are only user which have access to router, add all policies to scripts and dont-require-permissions=yes and you will not have problems like this. I'm setting this to scripts from beginning and never had such issu...

optio

this?

/interface/wireless/registration-table reset-counters [find]

optio

Idk, It's introduced in 7.13 and it was even worse, but now is reduced in 7.13.3, see changelog, I muted all from fetch in that way.

optio

Edit in system logging info topic log rule and add !fetch there.

optio

try with in loop:

/tool/fetch url="https://api.telegram.org/bot$bot/sendmessage%5C?chat_id=$chat&text=$useroff" output=none as-value

optio

See viewtopic.php?t=197754

optio

Parsing such large JSON (1.6MB) in ROS script won't work anyway due to variables size limitation. If you want all on single device solution you will need to use container for that if your device supports it. You can build container image with minimal Alpine Linux image + depended packages for script...

optio

Generally, if something worked before and after upgrade not and also nothing is mentioned in release changelog(s) which affects non-working something - create support ticket to MT.

optio

Make feature request for ROS to add for log action script trigger event like scheduler or netwatch have (eg. on-event ). Then it will possible immediately perform some rsc code (beep, led...) for log record with specified action without need iterating log records in scheduler. Also will be good to h...

optio

Agree, example https://blocklister.gefoo.org/
Especially HTTP fetch can be problematic where attacker can perform MITM attack and modify response even if site is providing non malicious response.

optio

I have setup with Shadowsocks server in ROS container with v2ray plugin over TLS and with port tunnel setup, using ss-tunnel client on computer to open local port tunneled to ss-server I'm able to connect local Wireguard to ROS Wireguard. Trough that Wireguard connection I have internet connection o...

optio

Like The Dude, while it works you can use it :)

optio

Well you can always develop on older version library which has better performance. :) Fingers crossed, they will not do anything and keep it just the (perfect) way it currently is. For windows users yes, over wine is even bigger performance impact. On my Mac (M1) Winbox startup is approx. 5s (On Int...

optio

I worked with Qt, it can be styled to have similar current look, https://doc.qt.io/qt-6/gallery.html . Regarding performance impact I doubt it will noticeable if developed using native Qt Widgets (unless someone is executing on 486/Pentium I machines), using QML/JS framework is different thing and i...

optio

Yes, http and json processing for such bulk requests is not much applicable.

optio

Great to have that, I'm personally more in favor using libcurl and some JSON C library with ROS REST API.

optio

It "just" needs rewrite to use some cross-platform GUI library like Qt or GTK.

optio

"Teaser" - lol

wb_mac.png

under that...

wb_contents.png

optio

Mentioned long term in release topic viewtopic.php?t=202423#p1042578 but no response... Maybe it should be replied to this viewtopic.php?t=201378#p1035120

optio

See BIND9 docs, https://bind9.readthedocs.io/en/v9.18.21/chapter6.html#dynamic-update for how to setup your zone file (not rdnc.conf) for it to work with RouterOS's dns-update (which follows RFC-2136): Dynamic update is enabled by including an allow-update or an update-policy clause in the zone sta...

optio

Yes, but this statement "By default the DNS server listens on port 953..." not sure is correct (unless bind config is modified for DNS service to listen on that port, but then it is not default), it's default for RNDC port and if is even remapped to that port with nat /tool/dns-update will...

optio

TCP port 953 is RNDC port not DNS service port. All DNS clients uses standard DNS port (UDP/TCP 53) for queries or update request and that port must be accesible for DNS service to work.

optio

While this topic is marked as solved using letsencrypt-routeros.sh shell script on external system, it is possible to do that all inside ROS if device support containers , see Run-acme.sh-in-docker , image on docker hub: neilpang/acme.sh . Acme.sh config dir must be mounted for this container ( --co...

optio

You can have multiple routes per IP, you can iterate find like this: /ip/route :foreach routeId in=[find where 8.8.8.8 in dst-address and active and routing-table=main] do={ :local immediateGateway ([get $routeId]->"immediate-gw") :put "immediateGateway: $immediateGateway" }

optio

Example: :local filename "scan.txt" :local records "" :foreach scan in=[/tool/ip-scan duration=10s as-value] do={ :local record "IP: $($scan->"address"), MAC: $($scan->"mac-address")" :put $record :set records "$records$record\n" } :if ([:l...

optio

Add additional command argument as-value and output then can be passed to variable or other command argument. It will not be same output as printed on CLI, as-value returns key-value array, but that can be formatted for some file output if needed.

optio

On my Mac (M2Pro, Sonoma), winbox 3.40 runs without issues using Gcenx wine builds ...

Except it crashes on some cases viewtopic.php?t=203174#p1047711, not sure if is related to that wine build or is generally Winbox issue.

optio

Does :execute command exists in ROS6? You try with it if does, :if ([/system package get 0 version] ~ "^6") do={:execute "/export terse" as-string} else={:execute "/export terse show-sensitive" as-string} Syntax will not be checked in string for execute, it will only br...

optio

Also Winbox crashes when trying to open large script (35KB), Winbox64 running with wine-8.0.1 (WineskinCX 23.7.1), attached log.

optio

Yesterday was extremely slow, today is faster but occasional server error 500 occurs.

optio

Yes it's annoying, for eg. UPnP dynamic NAT rules can be left after power loss on device or software did not shut down gracefully, etc... I have scheduled cleanup script that checks if device is up by performing arp ping to host ip in dynamic NAT rule and when removing dynamic rules was allowed scri...

optio

As I suspected, adding both as-string and file arguments on :execute doesn't create file output, which means if you add as-string you can also use commands wihout :execute for sync calls, unless there is a need to dynamically generate commands in string for execution by some logic or commands are lo...

optio

I see now, your device doesn't have wifi, that's why... There are a lot of devices with wifi and 16MB storage.

optio

Then your config is not consuming much space and maybe not running containers on it (not as containers storage, as additional package + large config with a lot of scripts).

optio

Winbox is simply more stable, faster and works even if there is no IP. So it is not more complicated, it is only more reliable.

Try to paste large script to Winbox GUI script form field... Had to use WebFIg for this.

optio

Yes generally usb3 device can interfere 2.4-2.5GHz spectrum if not properly shielded (like some low cost usb-c to usb-a adapters), doesn't need to be radio transmitting device in purpose.

optio

I'm sure users can afford 220KiB

I'm sure you don't own 16MB storage device :)

optio

It seems that the final goal is to have that file, not to print something on screen...

Yes, as OP is written, but can then as-string and file arguments be mixed to be sync call since is suggested? Don't have time to test that now.

optio

Regardless, maybe someone from MT has read this viewtopic.php?p=1000982#p1000982 and implemented :onerror

optio

Or just

:return [:set resp [/tool/fetch url=$url output=user as-value]]

It just needs return, but it's not documented like that and imho it shuldn't expect return from this scope.

optio

Seem to be it, clearly a bug.

optio

Why not just perform commands without :execute then?

optio

This is also strange behaviour: { :local urls ("https://httpstat.us/400", "https://httpstat.us/500", "https://httpstat.us/200", "https://httpstat.us/404") :local l [:len $urls] :local idx 0 :local resp "" :while ($resp = "" && $idx ...

optio

Execute is async command.

optio

You wrote script for your needs I just corrected it to work... Hard to guess what result you are expecting from it if not specified.

optio

what's your experience like with running containers on Chateau (owner of same device here... :) ) ? Positive after some ROS version upgrades, at beginning was troubles due to some bugs related to containers. I had to tweak configurations to have small RAM usage, on Pi-hole DNS cache is disabled sin...

optio

Do you even READ what is written? Again: when an RB4011 (or any device) is upgraded from 7.12.1 to 7.13, an unusable WiFi menu is added. This takes up space on the device (a real problem on e.g. the hAP ac2!!!) and also it causes winbox to fail saving sessions. Reported before. So to be clear again...

optio

You need to escape " and $ characters, also ; is missing after /ip dhcp-server lease to separate command. :local stringexec "/ip dhcp-server lease; :foreach i in=[find] do={ :put ([get \$i comment].\",\".[get \$i address].\",\".[get \$i mac-address].\",\".[get...

optio

I'm running containers on Chateau LTE12 which has 256MB RAM size but just 16MB flash, have no problem with RAM while containers are running, constantly 2 are running as DNS service (Pi-hole and Unbound - recursive) and periodically starting some others, so far RAM is not issue but flash is. Afaik fo...

optio

Try find them on https://www.cellmapper.net and you will see to which provider belongs.

optio

then to be rushed and have bugs be introduced in what is supposed to be a "Stable" release.

Someone said "It must be released before end of year!" and that happens...

optio

If you are already on 7.13 it will update, I'm also short on disk space (456 KiB free) and update passed.

optio

I had to remain on legacy wireless package to have container package because it not fit with wifi-qcom-ac and my config.

optio

Maybe basic routing stuff should remain like Filters, Nexthops, RouterID, Rules, Settings and Tables but other parts as part of extended routing optional package and also Dot1X and RADIUS can be optional.

optio

...or offer to purchase ROS compatible flash memory to replace it on board

optio

https://patorjk.com/software/taag/#p=testall&t=Mikrotik

optio

@tin9 You can create filter rule to add IP which connecting to DNS port into address list for blocking and create raw filter rule that drops all packets in prerouting chain for IPs in that address list. You can also consider setting up recursive DNS for your network if you don't want to rely on ISP ...

optio

@t0mm13b https://www.gbmb.org/mb-to-mib Afaik any storage device is advertised in MB/GB/TB sizes, not in MiB/GiB/TiB.

optio

As mentioned here you will need to mount /opt/adguardhome/work and /opt/adguardhome/conf to persist data and config.

optio

You can see from my post on 8.8.8.8 it was masked, it seems it is not reliable, depends maybe from which authoritative DNS is requested. Currently also for me is responding with full answer.

Edit: Performed 10 queries and 1 was masked again.

optio

Using whitehouse.gov as an example, some servers respond, other don't.

Which server responds answer for that domain and is not masked by RFC 8482? Masked responses are useless (example in my previous post).

optio

From ROS container help page : Containers use up a lot of disk space, USB/SATA,NVMe attached media is highly recommended. For devices with USB ports - USB to SATA adapters can be used with 2.5" drives - for extra storage and faster file operations. I'm running 5 containers on 16Mb storage devic...

optio

Yes, remote-access can be used also, then it's also possible with socat to create PTY for remote serial connection. https://www.wut.de/e-58www-29-apus-000.php

optio

Works without problem, but I'm missing the option to upload the firmware over serial of RB951. It will be same on Chateau, it's same ROS on both. You can try to setup on RB951 special login over serial port and connect over ssh to it with option to allocate pseudo TTY (-tt) in contaner from other d...

optio

As I see packets counts are showing in queue. You are expecting queued packets/bytes count? In my queue tree configuration it is also 0, but I'm sure that packet prioritization is working.

optio

You won't get reliable answers with ANY for some domains anyway, see rfc8482 ; <<>> DiG 9.10.6 <<>> any whitehouse.gov @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31249 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; ...

optio

try with

add action=mark-connection chain=prerouting connection-mark=ServiceHI in-interface=lte1 new-connection-mark=ServiceHI passthrough=yes protocol=icmp src-address-list=LANHQ

optio

mark-connection icmp rule should rise count but mark-packet not, because you have dst-address-list=LANHQ set there, unless 8.8.8.8 is in that addr. list. not mark to queue tree ServiceHIGH_DL why ? Queue tree works with packet marks. See my comment above. Why all your download rules have dst-addres...

optio

And it doesn't rise packets count for that mangle rule (mark-connection)?
mark-connection icmp rule should rise count but mark-packet not, because you have dst-address-list=LANHQ set there, unless 8.8.8.8 is in that addr. list.
Btw. config doesn't match screenshot.

optio

It can work with fastrack if fastrack filter rule has connection-mark=no-mark set.

Search found 703 matches