Community discussions

MikroTik App

Search found 130 matches

by wfburton
Sat Apr 20, 2024 4:02 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 43
Views: 6701

Re: v7.15rc [testing] is released!

I had to manually clear the cache in my browser to get all the icons to show.
Thanks!
by wfburton
Sat Apr 20, 2024 1:24 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 43
Views: 6701

Re: v7.15rc [testing] is released!

Model CRS309-1G-8S+
RouterOS 7.15 branch
Support Ticket SUP-150626

Webfig
Missing icons Wifi Wireguard Dot1X
Missing Partition

Winbox
Missing Partition
Screenshot_20240419_180916.png
Screenshot_20240419_181428.png
by wfburton
Fri Mar 08, 2024 7:15 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

This is what I was asking before. Couldn't you use network address other than 0.0.0.0/0.
by wfburton
Thu Mar 07, 2024 9:30 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

ok Just looking for ideas and a logical way of doing this Static Route With distention route 172.22.0/0 and gateway 172.22.0.1 With distention route 172.33.0.0/0 and gateway 172.33.0.1 Have no idea how wireguard would handle this. Especially on the LAN side. Keep us posted I don't known what version...
by wfburton
Thu Mar 07, 2024 8:59 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

I heard yeah. I know it's the issue of 0.0.0.0/0 being the default distention. So, my question still remains. Could't you put each wan interface meaning WAN2 to have 172.22.0.0/0 with gateway of 172.22.0.1 and have watchguard point to 172.22.0.1 as the gateway. WAN3 172.33.0.0/0 I talking about this...
by wfburton
Thu Mar 07, 2024 6:33 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

yes Also, I was trying to make a bridge to WireGuard but it won't allow me but there is a setting to set the end point maybe a private ip address to say 192.168.2.1 Was seeing if i can basically use the same concept as the way containers are used. Not sure how far you can get maybe going this route....
by wfburton
Thu Mar 07, 2024 6:06 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

Looking at the available services I see ftp is there but there's not one for watchguard. Would adding watchguard to VRF help and do you have to use 0.0.0.0/0 If using public ip's wouldn't this work? set protocols static route 0.0.0.0/0 next-hop 198.51.100.2 distance '2' set protocols static route 0....
by wfburton
Wed Mar 06, 2024 4:41 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

With that said.

The default route 0.0.0.0/0 is pointing to let's say WAN1 but need to point to WAN3. Couldn't you use routing tables to route the traffic?
by wfburton
Wed Mar 06, 2024 3:11 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

Supposably, a working config but it's static. Maybe you can work with this and modify it as needed. Or at the least get it working with static address for now. It's using virtual interfaces, static routes, next hop and metric distance. I have no idea about the tables that may be a problem. May have ...
by wfburton
Wed Mar 06, 2024 12:34 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

Now I see what's going on. It's not the incoming connection but outgoing connection. I totally missed the mark on this one.

Thanks Anav! I totally understand it now.
by wfburton
Tue Mar 05, 2024 11:58 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

I looking too. You would need an authentication server. I believe you can use radius for authentication account. There's got to be a solution for this. I'm sure there is a solution somewhere. As I am, you can look into VPN policy rules authicating on radios. Let me know if your getting anywhere. Can...
by wfburton
Tue Mar 05, 2024 10:10 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

Wouldn't it also include a user/group policy too? User333 belongs to vpn333 group connect to wan333 It would be the initiator establishing the end point and the vpn server would allow the connection. Who are you user333/vpn333 ? Allow rule policy, yes your vaildated. I know I'm over simplify this.
by wfburton
Tue Mar 05, 2024 8:46 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

It must be using the same DNS resolver (e.g. effected by cache size). I'd just prefer it was a generic way to dynamically load a "normal" /etc/host with real hosts – that be useful as "poor man's zone file" to load same hosts on multiple routers. e.g. I don't want 0.0.0.0 as hos...
by wfburton
Tue Mar 05, 2024 8:19 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

As far as cache size, the host file is about 4.8mb. Why is it using 19mb then? And I don't believe changing the cache TTL would help. This is a host file and not different than any host file you would you on your pc. Maybe, MT can change the logic and only cache the local network address and cache ...
by wfburton
Tue Mar 05, 2024 7:36 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

Right. I don't see any hits. But, I'm not currently using it and probably won't. Just to heavy to run on CRS309-1G-8S+
I'm getting 97% coverage according to the top addblock testing site from google. I guess they may add features if it picks up steam?
Thanks for the post!
by wfburton
Tue Mar 05, 2024 7:32 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

As far as cache size, the host file is about 4.8mb. Why is it using 19mb then? And I don't believe changing the cache TTL would help. This is a host file and not different than any host file you would you on your pc. Maybe, MT can change the logic and only cache the local network address and cache ...
by wfburton
Tue Mar 05, 2024 7:21 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

To be clear I am just trying this out. it loads into memory thats all I can tell you so far. as to how it all performs is another question. I have the free memory so why not ? but as stated I would urge people to be carefull. as far as I can see if you don't have enough memory your logs will be flo...
by wfburton
Tue Mar 05, 2024 7:07 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 593
Views: 145403

Re: v7.14 [stable] is released!

Can't use any version in the 7.13 branch.

CRS309-1G-8S+

Both processors run at 60% and the time. Just took notice a few days ago and tried all versions in the 7.13 branch. Same thing cpu 60%

Had to move to 7,14 to get the processors to run normal, about 1%

Can't post in 7.13 since it's locked.
by wfburton
Tue Mar 05, 2024 6:47 pm
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

Thanks for the Addlists function, it all seems to block and work well for me on my Hap AX2. Although I did have to up the Cache Size to 32768KiB to give myself a bit of leg room which at the moment seems to be slowly rising and currently 19211 KiB I might bring the cache TTL down a little lets see....
by wfburton
Tue Mar 05, 2024 5:46 am
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 82
Views: 5129

Re: WireGuard Multi-WAN Policy Routing

I think I understand what yours saying. But, I don't think it's possible with WireGuard. I know you can establish a connection as a backup connection if the primary vpn point is down. But that's not what your looking for. I know it's possible with IPSec VPN and with policies and maybe IkE2 too, but ...
by wfburton
Tue Mar 05, 2024 3:29 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

Can anyone with hAP ac2 confirm that /ip/dns/adlist add url=https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts ssl-verify=no download the list? Name count always remains 0 https://i.postimg.cc/rwHynbp7/temp-Image4b-L74q.avif It's not feching the hosts file. Do it manually. /tools/fetc...
by wfburton
Tue Mar 05, 2024 3:27 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

delete me wrong quoted message
by wfburton
Tue Mar 05, 2024 1:16 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

BGP, OSPF (whole Routing menu?) Yes, let's remove the routing protocols from a router. Great idea! If your needs are so minimal, why don't you roll your own router with Debian or something. Eliminate the other junk that is not routing/router related, but please don't gimp my router from doing the m...
by wfburton
Tue Mar 05, 2024 12:59 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

Upgraded a CHR, hAP ax2, hAP ac2, cAP ac, RB750G (with 64MB flash!) - no problems. But... I could not agree more with everyone asking for split packages... I don't need any of additional "features", like SMB, Hotspot, DLNA, RADIUS, BGP, OSPF (whole Routing menu?), MPLS, Kid control???, mo...
by wfburton
Tue Mar 05, 2024 12:36 am
Forum: Announcements
Topic: v7.15beta [testing] is released!
Replies: 503
Views: 126972

Re: v7.15beta [testing] is released!

*) media - added support for DLNA; I was happy to see SMB leave the default system package, but DLNA is even worse. Why? When I ask support to add a feature. I get routers don't do that or some other excuse. Now, this DLNA. This adds about another 1mb to the bundle release. Please make this an extr...
by wfburton
Sat Feb 03, 2024 12:01 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

DoH is starting too early...
Have you tried changing doh-timeout and query-server-timeout?

Not sure if that will help but try doubling it.
by wfburton
Fri Jan 26, 2024 4:17 am
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 1010
Views: 1128713

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

Tested on CRS309-1G-8S+

Results 54.3 Mbps/514.3 Mbps
ISP service 512 Mbps down 50 Mbps up.

Thanks for providing this service!
by wfburton
Fri Jan 26, 2024 3:51 am
Forum: General
Topic: openvpn conf client unsupported CRL protocol for URL
Replies: 7
Views: 830

Re: openvpn conf client unsupported CRL protocol for URL

You can't import p12 files. RouterOS is linux based.

Also, change the crl url protocol to http. Make a test certificate for this.
Then try importing the new certificates again.

URL should be http://my.server.com/certs/<certificatename>.crl

Hope this helps
by wfburton
Thu Jan 25, 2024 9:46 pm
Forum: General
Topic: Can't ssh from router to LInux server?
Replies: 23
Views: 1530

Re: Can't ssh from router to LInux server?

Try this.

This is what I use.
/system ssh address=<ipaddress> user=<username>
by wfburton
Thu Jan 25, 2024 9:15 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.3 [stable] is released!

7.13.3 change log

Left out

What's new in 7.12.2 (2023-Dec-20 10:41):
(factory only release)

I'll assume 7.12.2 is LTS
by wfburton
Thu Jan 25, 2024 8:28 pm
Forum: General
Topic: openvpn conf client unsupported CRL protocol for URL
Replies: 7
Views: 830

Re: openvpn conf client unsupported CRL protocol for URL

unsupported CRL protocol for URL: ldap?

Just have to ask.
by wfburton
Thu Jan 25, 2024 9:12 am
Forum: Beginner Basics
Topic: Need Help : with DDOS with UDP to My Routers - it takes all my bandwidth
Replies: 16
Views: 1190

Re: Need Help : with DDOS with UDP to My Routers - it takes all my bandwidth

You said from previous post it was the same udp port.
by wfburton
Wed Jan 24, 2024 9:22 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

You can already set a "Cache Max TTL" when you have a lot of DNS cache and are unable to increase the cache size due to memory limitations of the router. E.G. set it to 02:00:00. On typical router models used in heavy-use situations you can easily set the cache size 10x higher than defaul...
by wfburton
Wed Jan 24, 2024 8:41 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

Found it. This tells the name server to remove old, cached records early (i.e., before they're stale) if the size of the cache reaches the limit. If you set this, you may also want to reduce the cleaning interval (the period at which the name server checks for stale records): options { directory &qu...
by wfburton
Wed Jan 24, 2024 8:05 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

Discarding a record early is not a problem. Just keeping it longer than TTL is.
I run a DNS server and don't recall that. Now I have to do some reading on that.
by wfburton
Wed Jan 24, 2024 7:49 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

I had the same thought on the cache... Older items should be discarded, to have newer ones in cache.
I wouldn't like MT to break DNS standards. It's all about TTL and should not be broken.
by wfburton
Wed Jan 24, 2024 7:43 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

Regarding the following item: dns - do not add new entries to cache if "cache-size" is reached; I don't know about you guys (and this is not a written rule), but my standard expectation when talking about a DNS cache is some sort of Most Recently Used (MRU) cache or similar. I would expec...
by wfburton
Tue Jan 23, 2024 6:35 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

Let's Encrypt problem persists with 7.14beta8.
MT should put out a hotfix for let's Encrypt
by wfburton
Tue Jan 23, 2024 3:47 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

It seems Let's Encrypt doesn't work with 7.14beta7. It returns an error: "progress: [error] http client error, please make sure device is connected to internet and letsencrypt servers are reachable". It worked with 7.13.1 before upgrading to 7.14beta7 and it also works after downgrading t...
by wfburton
Mon Jan 22, 2024 6:25 am
Forum: General
Topic: CHR LICENSING SERVER IS DOWN
Replies: 17
Views: 2070

Re: CHR LICENSING SERVER IS DOWN

sniff *** sniff ***

I smell subscription licensing...

cough up $250 dollars...

Just kidding I'm only joking but you never know!
by wfburton
Mon Jan 22, 2024 6:22 am
Forum: Beginner Basics
Topic: Renew License CHR ERROR: bad http response [SOLVED]
Replies: 24
Views: 3426

Re: Renew License CHR ERROR: bad http response [SOLVED]

sniff *** sniff ***

I smell subscription licensing...

cough up $250 dollars...

Just kidding I'm only joking but you never know!
by wfburton
Mon Jan 22, 2024 2:39 am
Forum: Beginner Basics
Topic: Let's Encrypt certificate automatic renewal in ROS v7
Replies: 11
Views: 3102

Re: Let's Encrypt certificate automatic renewal in ROS v7

Let's Encrypt and dynamic Address List firewall rules

viewtopic.php?t=192147
by wfburton
Mon Jan 22, 2024 1:06 am
Forum: Beginner Basics
Topic: Speed and CPU issue with HEX s
Replies: 28
Views: 2291

Re: Speed and CPU issue with HEX s

What brand/model voip phone do you have?

I'm assuming it only has one ethernet port.

Would it be possible to exchange the ip phone with one that has two ethernet ports?
by wfburton
Tue Jan 16, 2024 8:36 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

What's new in 7.14beta7 (2024-Jan-15 11:37): !) rose-storage - moved SMB service in the RouterOS bundle; !) smb - removed legacy SMB service (replaced with newer and faster ROSE SMB service); *) bth - added simple "Back To Home Users" manager under IP/Cloud menu; *) iot - improvements to ...
by wfburton
Sat Jan 13, 2024 12:55 am
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

preemptive strike https://www.ssl.com/how-to/install-ssl-com-ca-root-certificates/#ftoc-heading-4 SSL_COM_TLS_ECC SSL.com SSL Intermediate CA ECC R2 SSL.com Root Certification Authority ECC According to Cloudflare community Great find! If you look at this link: https://community.cloudflare.com/t/up...
by wfburton
Fri Jan 12, 2024 11:43 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

preemptive strike

https://www.ssl.com/how-to/install-ssl- ... -heading-4

SSL_COM_TLS_ECC

SSL.com SSL Intermediate CA ECC R2
SSL.com Root Certification Authority ECC

According to Cloudflare community
by wfburton
Fri Jan 12, 2024 9:24 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

I think what we were talking about is a preemptive strike so to speak and install SSL.com certificates. The only thing with that is will Cloudflare use current SSL.com certificates or will Cloudflare get a new SSL.com certificate in Cloudflare certificate chain. Case in point. I already had DigiCert...
by wfburton
Fri Jan 12, 2024 5:49 pm
Forum: Beginner Basics
Topic: doh server connection error network is unreachable over DNS 1.1.1.1
Replies: 54
Views: 5745

Re: doh server connection error network is unreachable over DNS 1.1.1.1

I know, that's why I said, there is nothing automatic you could do to prevent this from happening. Maybe y'all should make a NPK extra-package with just the common Linux/whatever root/intermediate certs inside (like a branding package, but certs). So it can be installed as trusted package, rather t...
by wfburton
Fri Jan 12, 2024 5:32 pm
Forum: Beginner Basics
Topic: doh server connection error network is unreachable over DNS 1.1.1.1
Replies: 54
Views: 5745

Re: doh server connection error network is unreachable over DNS 1.1.1.1

You can add the SSL.com root/intermediate certs from SSL.com, without removing the old DigiCert ones (e.g. use both). The DoH certificate check only checks the entire chain is trusted, NOT the root used...so as long as the new SSL.com certs were added to /certificates, transition should be seamless...
by wfburton
Fri Jan 12, 2024 5:19 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

I already have SSL.com certificates. Unless they make a new ssl certificate. Just have to wait and see. Quick and dirty: What I did was just import the latest cacert.pem file from https://curl.se/docs/caextract.html (really not up to date) Better way: latest ubuntu/debian ca-certificates deb package...
by wfburton
Wed Jan 10, 2024 9:42 pm
Forum: Beginner Basics
Topic: doh server connection error network is unreachable over DNS 1.1.1.1
Replies: 54
Views: 5745

Re: doh server connection error network is unreachable over DNS 1.1.1.1

I know, that's why I said, there is nothing automatic you could do to prevent this from happening. Cloudflare changed the certificate, it did not expire. You as the operator are responsible to keep your certificates in the router valid and up to date. MikroTik did not provide you this certificate, ...
by wfburton
Wed Jan 10, 2024 8:49 pm
Forum: Beginner Basics
Topic: doh server connection error network is unreachable over DNS 1.1.1.1
Replies: 54
Views: 5745

Re: doh server connection error network is unreachable over DNS 1.1.1.1

That certificate has been abandoned (Cessation Of Operation) That's useful to know, but what would be far more useful is if we all had a channel we could monitor that would warn us of this in advance. Plainly a lot of us missed your November post. I think we want something a bit more in the "w...
by wfburton
Wed Jan 10, 2024 8:06 pm
Forum: Beginner Basics
Topic: doh server connection error network is unreachable over DNS 1.1.1.1
Replies: 54
Views: 5745

Re: doh server connection error network is unreachable over DNS 1.1.1.1

Tangent is right. Unless it is expiry, there is no real protection against this. CF messed up this time. @normis Have you read Cloudflare DoH working https://forum.mikrotik.com/viewtopic.php?p=1038911#p1038911 That certificate has been abandoned (Cessation Of Operation) I also know that the certifi...
by wfburton
Wed Jan 10, 2024 6:00 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

Rabbit hole - done
by wfburton
Wed Jan 10, 2024 5:48 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

Then your config is not consuming much space and maybe not running containers on it (not as containers storage, as additional package + large config with a lot of scripts).
On the contrary
Screenshot_20240110_104518.png
by wfburton
Wed Jan 10, 2024 5:20 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

I'm sure users can afford 220KiB
I'm sure you don't own 16MB storage device :)
On the contrary

Model CRS309-1G-8S+
by wfburton
Wed Jan 10, 2024 4:30 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

Possibly a bad idea on devices with limited storage... I prefer to have the certificates around that I need.
I'm sure users can afford 220KiB
by wfburton
Wed Jan 10, 2024 4:27 am
Forum: General
Topic: MikroTik forum - http error 500
Replies: 7
Views: 976

Re: MikroTik forum - http error 500

Been getting it off and on all afternoon and evening long. It's not you; it's them.
I was thinking about downgrading the router. Since, it's was the only thing that changed on my network.
Your a life saver!

Thanks for the reply!
by wfburton
Wed Jan 10, 2024 3:40 am
Forum: General
Topic: MikroTik forum - http error 500
Replies: 7
Views: 976

MikroTik forum - http error 500

Is anyone getting this or is it just me.

This page isn’t working forum.mikrotik.com is currently unable to handle this request.
HTTP ERROR 500

TIA

Edit:

Seems fine now..
by wfburton
Wed Jan 10, 2024 3:19 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

I have 150 certificates in my MikroTik Certificate Store. With 148 imported form ubuntu ca-certificate deb package.
Think out side the box! Grab an official ubuntu/debian package extract and upload to your router and import.

Why do I do such things? Because I can.. lol
by wfburton
Wed Jan 10, 2024 2:54 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

Common Name DigiCert Global Root G2
Serial Number 033af1e6a711a9a0bb2864b11d09fae5
Fingerprint cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
This is what I currently have as well. With this Cloudflare DoH works.
Thanks for the reply!
by wfburton
Wed Jan 10, 2024 1:54 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

Looks like cloudflare just changed their certificate, and they got it from a different issuer. Possibly that is the problem? Correct. It is not a RouterOS bug. You now need DigiCert Global Root G2 instead of DigiCert Global Root CA for Cloudflare DoH. Can you compare this to what I have? Common Nam...
by wfburton
Tue Jan 09, 2024 1:49 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

That's another sample. Nobody understands (without being affected directly by the bug) what this fix for internal service name resolution is all about.
Yeah, I'm at a loss too. Does it mean services running on the router or services running on an internal server like dns or www for example.
by wfburton
Tue Jan 09, 2024 12:20 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13.1 [stable] is released!

*) dns - fixed domain name lookup resolving for internal services; What change? Is there something I need to config? I don't see my DNS server in the routers DNS cache. If I ssh into my dns server then everything gets populated in dns cache. I tried adding static dns entries but it breaks my SOA rec...
by wfburton
Tue Jan 02, 2024 7:42 am
Forum: General
Topic: RADIUS SSO
Replies: 0
Views: 1146

RADIUS SSO

I'll be honest. I have never ran a radius server. I don't know how to tackle this. I didn't see a way to set the accounting server ip address to point to (4) watchguard firewall and (2) being the mikrotik radius server. How do I configure the RADIUS server to forward RADIUS accounting packets to a F...
by wfburton
Thu Dec 28, 2023 9:40 pm
Forum: General
Topic: IPSec Site to Site stopped working
Replies: 13
Views: 973

Re: IPSec Site to Site stopped working

Thanks for the info!
by wfburton
Thu Dec 28, 2023 8:25 pm
Forum: General
Topic: Bug? Password-protected cert import - no interactive prompt
Replies: 11
Views: 962

Re: Bug? Password-protected cert import - no interactive prompt

It's really simple. Imagine that you have certificate with encrypted private key and you want to import it. Don't think about why there's password, perhaps you got it like that from someone else. It doesn't matter. Don't you think that RouterOS should be smart enough to ask for the password if you ...
by wfburton
Thu Dec 28, 2023 7:47 pm
Forum: General
Topic: Bug? Password-protected cert import - no interactive prompt
Replies: 11
Views: 962

Re: Bug? Password-protected cert import - no interactive prompt

Password is necessary to successfully import a certificate which contains password protected private key, no way around it. You're suggesting to create private key file without password protection, but for someone as paranoid as to trip over possibility that somebody sees the command line just exec...
by wfburton
Thu Dec 28, 2023 7:43 pm
Forum: General
Topic: Behind on my upgrades... path forward? [SOLVED]
Replies: 12
Views: 1496

Re: Behind on my upgrades... path forward? [SOLVED]

Did you also check the kernel version updated too?

You mean linux kernel around which ROS is built? It's the same version in all the latest v6 versions.
Thanks! Like I said it's been so long ago.
by wfburton
Thu Dec 28, 2023 2:40 am
Forum: General
Topic: Behind on my upgrades... path forward? [SOLVED]
Replies: 12
Views: 1496

Re: Behind on my upgrades... path forward? [SOLVED]

Your fine it updated? Just didn't remember if it was automatic.
by wfburton
Thu Dec 28, 2023 1:59 am
Forum: General
Topic: IPSec Site to Site stopped working
Replies: 13
Views: 973

Re: IPSec Site to Site stopped working

I got burned by the magic of MT's DDNS outages a couple times. Now I run a script on my router that updates a DNS record in Cloudflare and I've had 0 issues since. I love MT just not their DDNS service.
Is that free or paid service? Are there anymore free services?
by wfburton
Thu Dec 28, 2023 1:53 am
Forum: General
Topic: Behind on my upgrades... path forward? [SOLVED]
Replies: 12
Views: 1496

Re: Behind on my upgrades... path forward? [SOLVED]

Did you also check the kernel version updated too? It's been to long since I was on version 6 and don't remember if this was automatically updated too.
by wfburton
Thu Dec 28, 2023 1:46 am
Forum: General
Topic: IPSec Site to Site stopped working
Replies: 13
Views: 973

Re: IPSec Site to Site stopped working

I've seen other post about DDNS issues. Looks like it hasn't been all worked out.
You'll have to wait on the DNS God's to fix this. Not populating and caching are not resolved.
If there was a fix put in by MT it might take awhile.
by wfburton
Thu Dec 28, 2023 1:27 am
Forum: General
Topic: Bug? Password-protected cert import - no interactive prompt
Replies: 11
Views: 962

Re: Bug? Password-protected cert import - no interactive prompt

It seems I don't understand you. Passphrase required when you're importing password-protected certificate into RouterOS. Like when you're importing certificate into Azure keyvault, for example. You distribute certificate as password-protected and need to use it when you export this certificate into...
by wfburton
Wed Dec 27, 2023 10:19 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 1637

Re: I Tink i got hacked

eBay?
by wfburton
Wed Dec 27, 2023 10:12 pm
Forum: General
Topic: IPSec Site to Site stopped working
Replies: 13
Views: 973

Re: IPSec Site to Site stopped working

Yes, I can, this is the output for one of the remote sites: I do get correct public IP addresses, so the DDNS names are resolving corectly. I really dont know why it stopped working. It works just fine when adding those public addresses in peer config :( [admin@xxxxxxxxxxxxxx] > ping cloud2.mikroti...
by wfburton
Wed Dec 27, 2023 9:58 pm
Forum: General
Topic: IPSec Site to Site stopped working
Replies: 13
Views: 973

Re: IPSec Site to Site stopped working

Well it's getting there and no, I believe it's just cloud2.mikrotik.com now.

Looks like ns2.kissthenet.net is making it there.

Can you ssh to the remote sites and try there?
by wfburton
Wed Dec 27, 2023 9:36 pm
Forum: General
Topic: Bug? Password-protected cert import - no interactive prompt
Replies: 11
Views: 962

Re: Bug? Password-protected cert import - no interactive prompt

Sorry again, but I consider the need to specify the password as argument to the command as a security issue - in this case it can be visible to people who aren't considered trusted. Accidentally but no matter. The old behavior - ask for password if it's missing in command's arguments - was a good p...
by wfburton
Wed Dec 27, 2023 9:02 pm
Forum: General
Topic: Bug? Password-protected cert import - no interactive prompt
Replies: 11
Views: 962

Re: Bug? Password-protected cert import - no interactive prompt

Yeah, I'm asking why RouterOS do not ask for password interactively if it's omitted in command arguments :-)
Yeah, sorry. I over looked that.

As long as you protect the private key your fine.
by wfburton
Wed Dec 27, 2023 8:46 pm
Forum: General
Topic: IPSec Site to Site stopped working
Replies: 13
Views: 973

Re: IPSec Site to Site stopped working

MT DDNS may be download.

Can you resolve and ping ns1.kissthenet.net ns2.kissthenet.net

And can you trace route to it. May be a route down.
by wfburton
Wed Dec 27, 2023 8:38 pm
Forum: General
Topic: Bug? Password-protected cert import - no interactive prompt
Replies: 11
Views: 962

Re: Bug? Password-protected cert import - no interactive prompt

Hi, I'm using routeros 7.13 and found that it do not ask for password when importing password-protected certificates: [admin@MICL] /> /certificate/import file-name=ttt.pem certificates-imported: 1 private-keys-imported: 0 files-imported: 0 decryption-failures: 0 keys-with-no-certificate: 0 while it...
by wfburton
Wed Dec 27, 2023 8:04 pm
Forum: General
Topic: I Tink i got hacked
Replies: 16
Views: 1637

Re: I Tink i got hacked

Your going to have to do a netinstall. Sorry to say. Even if you connect to the serial port your still going to need a valid user name and password with admin privileges.

Good luck
by wfburton
Wed Dec 27, 2023 7:45 pm
Forum: General
Topic: crl force update
Replies: 2
Views: 1189

Re: crl force update

[admin@MikroTik] > /certificate/crl flush

[admin@MikroTik] /certificate/settings> set crl-download=yes crl-store=system crl-use=yes

Webcfg System - Certificates - settings

If set to ram you will lose the revoke list if you reboot. Set to system to save between reboots.
by wfburton
Wed Dec 27, 2023 2:03 am
Forum: General
Topic: IP Firewall/NAT Input and Output Chain
Replies: 16
Views: 1528

Re: IP Firewall/NAT Input and Output Chain

I have them open for a reason. Since, I'm behind a firewall I have access to those ports if need. Plus I was playing with MT api's and allow MikroTik support to log in to work on the CRL issues I was having. And I only allowed access for MT support by they're network mask. Your right thou about thos...
by wfburton
Tue Dec 26, 2023 8:38 pm
Forum: General
Topic: IP Firewall/NAT Input and Output Chain
Replies: 16
Views: 1528

Re: IP Firewall/NAT Input and Output Chain

i'm not going to argue the point. What makes you say it's reckless? Only the services that you have enable available will pass. If you do a nmap it will show what's ports are open. It's not like you have unrestricted access. I'm not saying what you said was wrong. It's good advice. I allow all to ma...
by wfburton
Tue Dec 26, 2023 7:50 pm
Forum: Beginner Basics
Topic: How to block specific Youtube url ?
Replies: 5
Views: 1027

Re: How to block specific Youtube url ?

Even a proxy server may not help with "specific channels" since the channel isn't in URL. You might be able to use some "child safe" DNS servers (OpenDNS FamilyShield, etc) on the Mikrotik... But that will only help filter generic categories of stuff, not specific YouTube channe...
by wfburton
Tue Dec 26, 2023 7:00 pm
Forum: General
Topic: IP Firewall/NAT Input and Output Chain
Replies: 16
Views: 1528

Re: IP Firewall/NAT Input and Output Chain

Yeah I'm just saying...
by wfburton
Tue Dec 26, 2023 6:47 pm
Forum: General
Topic: IP Firewall/NAT Input and Output Chain
Replies: 16
Views: 1528

Re: IP Firewall/NAT Input and Output Chain

If you don't need anything pacific you can just use action, input , accept to allow everything.
by wfburton
Tue Dec 26, 2023 6:27 pm
Forum: Beginner Basics
Topic: How to block specific Youtube url ?
Replies: 5
Views: 1027

Re: How to block specific Youtube url ?

Hi there everyone, Can someone tell me how to block specific youtube links. I do not wish to block whole youtube, but there are some channels that i would like my children not being able to see. Thank's in advance. You would have to have a web blocker server on your network and have your router do ...
by wfburton
Tue Dec 26, 2023 4:58 pm
Forum: Beginner Basics
Topic: Need help with NAT for home server(s)
Replies: 12
Views: 2719

Re: Need help with NAT for home server(s)

I am very thankful for reply, @wfburton, but I am having a hard time understanding it properly. I blame my inexperience with networking … nslookup monolith.wheremymonkeyis.at 192.168.88.1 produces the following, when ran from within the same ((W)LAN) network as the server: Server: 192.168.88.1 Addr...
by wfburton
Tue Dec 26, 2023 4:26 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

That is why I am for splitting into different packages again, so users of wireless do not get the management part of wifi-qcom my post to this: https://forum.mikrotik.com/viewtopic.php?p=1036269#p1036269 MT, please overthink your decision. Userbase is going mad about having a wifi config section ev...
by wfburton
Mon Dec 25, 2023 5:44 pm
Forum: General
Topic: RB4011iGS+ won't upgrade from 7.6 to 7.12
Replies: 5
Views: 2545

Re: RB4011iGS+ won't upgrade from 7.6 to 7.12

Do you have additional packages installed?

If so, you'll have to uninstall them.
by wfburton
Sat Dec 23, 2023 9:43 pm
Forum: General
Topic: Installing linux packet on MikroTik Router
Replies: 6
Views: 951

Re: Installing linux packet on MikroTik Router

OK I'm just saying.

So what's SSH ping and fetch then?

Would fetch be a implementation of curl?

TIA
by wfburton
Sat Dec 23, 2023 9:19 pm
Forum: General
Topic: What is the packets coming from cable modem to router
Replies: 19
Views: 2731

Re: What is the packets coming from cable modem to router

Did you setup the cable modem yourself or did your ISP set it up? I'm assuming you had to put the cable modem into bridge mode. When it's in router mode it has a web interface to connect to and make configuration change like dhcp or whatever. So I'm thinking it's a firmare issue when it comes to web...
by wfburton
Sat Dec 23, 2023 8:55 pm
Forum: General
Topic: Installing linux packet on MikroTik Router
Replies: 6
Views: 951

Re: Installing linux packet on MikroTik Router

RouterOS isn't Linux, so no Linux packages. But +1 for "netem" — although it more a queue type, than "package". Mikrotik did add fq_codel and CAKE qdisc's recent. And another /queue/type with netem's "delay" be nice option in /queue. Since they don't support it, I thin...
by wfburton
Sat Dec 23, 2023 8:44 pm
Forum: General
Topic: Merry Christmas and Happy New Year!
Replies: 2
Views: 642

Re: Merry Christmas and Happy New Year!

Nice!
by wfburton
Sat Dec 23, 2023 4:11 am
Forum: General
Topic: Merry Christmas and Happy New Year!
Replies: 2
Views: 642

Merry Christmas and Happy New Year!

Merry Christmas and Happy New Year!
giphy.gif
by wfburton
Fri Dec 22, 2023 4:55 am
Forum: Beginner Basics
Topic: Need help with NAT for home server(s)
Replies: 12
Views: 2719

Re: Need help with NAT for home server(s)

Have you tried doing a nslookup to see if it will populate the mikrotik routers dns cache? i.e nslookup <FQDN> <MikroTik gateway address> If it caches what you need arpa record. You can also try. nslookup -q=SOA <domain.com> <MikroTIk gateway address> Then just make it a DNS static entry. Sometimes ...
by wfburton
Fri Dec 22, 2023 12:23 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

Build 7.14alpha53 works but 7.14beta3 breaks CRL updates.

Downgraded to 7.13 Stable version works too.

Support didn't give me a download link for alpha builds

TIA
by wfburton
Thu Dec 21, 2023 5:42 am
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13 [stable] is released!

Did it just started today?

There's been dns issues all day. But it seems to be workig itself out with the DNS God's.

TIA
by wfburton
Thu Dec 21, 2023 5:32 am
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 155044

Re: v7.14beta [testing] is released!

Is this a re-release version?
by wfburton
Sat Dec 16, 2023 4:39 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 266432

Re: v7.13 [stable] is released!

Updated CRS309-1G-8S+

Working

TIA
by wfburton
Wed Dec 13, 2023 3:40 pm
Forum: Announcements
Topic: v7.13rc [testing] is released!
Replies: 178
Views: 52016

Re: v7.13rc [testing] is released!

What's new in 7.13rc4 (2023-Dec-12 15:16): *) certificate - fixed CRL updating; *) console - improved stability when removing script (introduced in v7.13beta3); *) defconf - fixed configuration for Audience with "wifi-qcom-ac" package; *) defconf - improved wifi interface detection after ...
by wfburton
Thu Dec 07, 2023 9:29 pm
Forum: Beginner Basics
Topic: Turned off NAT, now can't get into WebFig
Replies: 13
Views: 2020

Re: Turned off NAT, now can't get into WebFig

Did you manually configure your ethernet address?

Changed your ipv4 address to be 192.168.88.2, mask 255.255.255.0, gateway 192.168.88.1
by wfburton
Thu Dec 07, 2023 7:16 pm
Forum: Beginner Basics
Topic: Turned off NAT, now can't get into WebFig
Replies: 13
Views: 2020

Re: Turned off NAT, now can't get into WebFig

Have you tried using VMware?

https://www.vmware.com/products/workstation-player.html

Then get an evaluation of windows vm image.

You'll need to track down on the internet.

I think someone has a copies on GitHub.

Good luck!
by wfburton
Fri Dec 01, 2023 12:48 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 93143

Re: v7.13beta [testing] is released!

Still having issues with CRL

See attached
log.txt
supout.rif.txt
TIA
by wfburton
Fri Dec 01, 2023 12:17 am
Forum: General
Topic: IKEv2 VPN Certificate issues on Windows
Replies: 3
Views: 1759

Re: IKEv2 VPN Certificate issues on Windows

Will this help?

https://www.pcwrt.com/2019/10/how-to-se ... ntication/

Use machine certificate
by wfburton
Thu Nov 30, 2023 9:57 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 93143

Re: v7.13beta [testing] is released!

What is that site? http://x1.c.lencr.org/ It doesn't work for me too. Try other sites maybe ;) Does this work? http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl Certificate cloudflare-dns.crt I running ubuntu and works just fine. I also run an internal DNS server. I wonder if the mik...
by wfburton
Wed Nov 29, 2023 5:38 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 93143

Re: v7.13beta [testing] is released!

*) certificate - fixed CRL check Still getting CRL fetch failed: http error: Network unreachable for: http://x1.c.lencr.org/ When the router is completely up and running I can toggle crl to system to ram and back again manually and it works fine. On bootup or reboot not working. The service is start...
by wfburton
Wed Nov 29, 2023 12:18 am
Forum: General
Topic: How can Mikrotik/RouterOS send emails using Gmail?
Replies: 12
Views: 2890

Re: How can Mikrotik/RouterOS send emails using Gmail?

You need to log into your gmail account and create a app password. Go to Security then 2-Step Verification and App passwords. At the bottom create a app password like mikrotik. You will get a pop-up with your app password. Copy and paste that for you password in you router e-mail password. Make sure...
by wfburton
Tue Nov 28, 2023 11:32 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

I was playing with crl's yesterday and certificate revocation list (CRL) I was getting some parse errors on some crl's. I'm not sure if RouterOS is handling cessation of operation. Basically, the cert is abandoned. I.E. openssl crl -in d-trust_root_class_3_ca_2_2009.crl -inform DER -text -noout Cert...
by wfburton
Tue Nov 28, 2023 11:09 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

Thanks! Downloaded. Those match what I have for Cloudflare. What is the Teams certificate? I use Teams daily with no issue without that certificate
Can you attach that! I like to take a look at it.
by wfburton
Tue Nov 28, 2023 11:05 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

i downloaded it right from cloudflare. I believe it can be used for WARP(vpn) - DoH - Dot

https://developers.cloudflare.com/cloud ... lare-cert/

I run ubuntu and Dot is built in. I can go Dot which is pretty cool!

TIA
by wfburton
Tue Nov 28, 2023 10:57 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 93143

Re: v7.13beta [testing] is released!

Problem with CRL update (Next Update)
Now I have to update it with a script
7.13b2.JPG
I tried manually downloading the CRL and got a 404 error. My guess is that the certificate I no longer valid.
by wfburton
Tue Nov 28, 2023 10:54 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 93143

Re: v7.13beta [testing] is released!

What's new in 7.13beta3 (2023-Nov-24 13:52): *) bridge - added automatic "path-cost" values depending on interface rate; *) bridge - fixed HW offload enable with multiple switches (introduced in v7.13beta1); *) bridge - improved HW offload enable; *) certificate - fixed CRL check (introdu...
by wfburton
Tue Nov 28, 2023 10:15 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

Yes your right! My bad! I had to re-import cloudflare-dns.crt file. These are the certificates I imported to mikrotik certificate store. removed link Cloudflare for Teams ECC Certificate Authority - Root CA DigiCert TLS Hybrid ECC SHA384 2020 CA1 - CN=cloudflare-dns.com DigiCert Assured ID Root CA D...
by wfburton
Mon Nov 27, 2023 11:43 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

Thanks for the reply! I get the certificates from official sources. I also build some them from official source code repositories. (Mozilla) I also build CA myself and I know how to verify certificates by looking at the fingerprint SHA key. I just want to make my life easier and just get them all an...
by wfburton
Mon Nov 27, 2023 12:22 am
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 95091

Re: v7.12.1 [stable] is released!

Cant get webfig login prompt after updating to 7.12. I was at 7.6 on my RB450Gx4. Performed a package update to 7.12. After initiating the webpage did not update. I waited for 10 minutes and then tried to go to the webfig login. All I got was a "Connecting" in the webpage. Waited overnite...
by wfburton
Sun Nov 26, 2023 9:04 pm
Forum: Beginner Basics
Topic: Cloudflare DoH working
Replies: 15
Views: 10658

Re: Cloudflare DoH working

it would be easier to just download and install the Certificates. https://www.digicert.com/kb/digicert-root-certificates.htm#roots I believe the two that you will need are DigiCert Assured ID Root CA, Valid until: 10/Nov/2031 and DigiCert TLS Hybrid ECC SHA384 2020 CA1, Valid until: 13/Apr/2031. Dow...
by wfburton
Wed Nov 15, 2023 12:23 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 93143

Re: v7.13beta [testing] is released!

Yes please make wifi a wperate package. My mikrotik router doesn't supoort wifi! CRS309-1G-8S+ It may not have wifi interface ... but it still support being a CAPsMAN2 controller ...so it appears just like <least favorite> routing protocol you're not using... You shouldn't get a the "messy&quo...
by wfburton
Wed Nov 15, 2023 12:08 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 93143

Re: v7.13beta [testing] is released!

I welcome the partial split into separate packages as we knew it in v6, but maybe the "WiFi" menu should go into a separate "wifi" package so we can uninstall that as well. +1, it's a mess currently 2023-11-13 at 18.41.17.png Yes please make wifi a wperate package. My mikrotik r...
by wfburton
Wed Nov 01, 2023 10:44 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 93613

Re: v7.12rc is released!

While we're at it. It would be nice to be able to disable Winbox Graphics Licence and Help for the RouterOS login screen. And also the note You have connected to a router. Administrative access only. If this device is not in your possession, please contact your local network administrator. Plus mayb...
by wfburton
Sun Oct 29, 2023 1:34 am
Forum: General
Topic: OpenSSL Generated Root CA For MikroTik certificate import
Replies: 1
Views: 650

Re: OpenSSL Generated Root CA For MikroTik certificate import

I made some changes to the config file. I comment out the default key and sha384 When using the command to generate the root CA just add -key and -sha384 with the command I.E. openssl req -config make_root_CA.conf -key root_CA.key -new -nodes -x509 -days 10960 -sha384 -out root_CA.pem I would also s...
by wfburton
Sat Oct 28, 2023 11:33 am
Forum: General
Topic: OpenSSL Generated Root CA For MikroTik certificate import
Replies: 1
Views: 650

OpenSSL Generated Root CA For MikroTik certificate import

I'm running this on ubuntu but should be the same for windows too. Procedure Create the CA working directory. Your home directory is fine. mkdir ca && cd ca Generate the private key of the root CA openssl genrsa -aes256-out root_CA.key 4096 This will generate a RSA key length of 4096 and wil...
by wfburton
Sat Jul 15, 2023 6:11 am
Forum: RouterOS beta
Topic: Remote Syslog
Replies: 9
Views: 3111

Re: Remote Syslog

If you like to play around and graph the logs, see my post using Splunk here: https://forum.mikrotik.com/viewtopic.php?t=179960 I'm also working on SNMP and have that working and came across Observium apache2 frontend and have it running my syslogs. Splunk looks interesting! I'll be sure to check i...
by wfburton
Fri Jul 14, 2023 1:33 am
Forum: RouterOS beta
Topic: Remote Syslog
Replies: 9
Views: 3111

Re: Remote Syslog

I did some digging and look at the actual raw logs. The complete ip addresses are there. 192.168.0.252 and 224.0.1.1 is in the actual logs. Now the question is why only from MikroTik logs. Anyone have any suggestions or recommendation on this one? I'm running KSystemLog as a viewer. Thanks. ***Edit*...
by wfburton
Thu Jul 13, 2023 3:17 am
Forum: RouterOS beta
Topic: Remote Syslog
Replies: 9
Views: 3111

Re: Remote Syslog

Well apparently I'm not allowed to post in v7.10 and 7.10.1 [stable] is released! It was posted there. Anyway, to answer your question. I'm running rsyslog log on ubuntu and receiving logs from my firewall and and my Mikrotik Model CRS309-1G-8S+ running RouterOS 7.10.2 This is what I'm seeing in my ...
by wfburton
Tue Jul 11, 2023 2:36 am
Forum: RouterOS beta
Topic: Remote Syslog
Replies: 9
Views: 3111

Remote Syslog

7/10/23 7:24 PM MikroTik rx src 92.168.0.252 dst:192.168.0.2
7/10/23 7:24 PM MikroTik CLIENT message received
7/10/23 7:24 PM MikroTik tx dst 92.168.0.252

Should be 192.168.0.252

Missing the leading 1

Thanks!