Community discussions

Search found 1713 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 35
by macgaiver
Fri Jun 21, 2019 3:03 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 3564

Re: single IP constantly trying to log to my Mikrotik

Don't you mean NAT? RAW is pre conntrack... NAT only work with first packets of the connection, registers it into conntrack, after that conntrack handles everything. NAT is out of the picture. My understanding is that settings (under https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Connection_trac...
by macgaiver
Wed May 29, 2019 3:28 pm
Forum: General
Topic: Two DHCP server with One interface
Replies: 2
Views: 178

Re: Two DHCP server with One interface

It is not necessary, as one one physical network you should have only one subnet.

if you run out of IPs in /24 you should use /23 instead. and have one DHCP server for whole /23 network
by macgaiver
Wed May 22, 2019 1:01 pm
Forum: General
Topic: Strange RP filter behavior
Replies: 12
Views: 616

Re: Strange RP filter behavior

I haven't done any actual testing, but most likely issue is with connection tracking way to classify traffic, i had similar setup, where traffic was traversing router twice, connection tracking was unable to classify it for some reason. Trying to assign traffic to same conntrack entry so rp-fiter be...
by macgaiver
Tue May 21, 2019 8:41 am
Forum: General
Topic: Strange RP filter behavior
Replies: 12
Views: 616

Re: Strange RP filter behavior

I'm sorry, but i still do not understand - WHY you need this?
I do not know your background, but this is first time i heard about this "know solution of Mangling loopback"..

so please explain functionality that you are trying to achieve
by macgaiver
Tue Apr 16, 2019 11:05 am
Forum: Wireless Networking
Topic: mAP poor performance [SOLVED]
Replies: 4
Views: 544

Re: mAP poor performance [SOLVED]

1) fast-forward=yes
2) disable all the packages you don't use , routing/hotspot/ipv6/security/ppp etc
3) set /queue interface to hardware queue only on both interfaces.
4) bridge ports hw=YES
by macgaiver
Fri Apr 05, 2019 3:16 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 537
Views: 129170

Re: RouterOS v7.0 beta99 - released.

From the video: 7.00beta99 so long past beta1 as the title asks for :) Perhaps MT is counting down ... so next beta from the one shown in video (probably not current any more as @Normis hinted) was beta98 ... and so forth. So v7 will be released to public when count-down reaches beta1 :wink: I have...
by macgaiver
Fri Mar 29, 2019 12:15 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 37827

Re: UKNOF 43 CVE

You've had close to a year to work on a fix... If you take a look at original post there is a link and quote. From what i understand original CVE, was not considered a vulnerability until 2nd one come along. And details of that will be revealed on given date. So all this "close to year" shouting is...
by macgaiver
Tue Mar 26, 2019 5:54 pm
Forum: General
Topic: Mangle rule to match https initial packet [SOLVED]
Replies: 9
Views: 395

Re: Mangle rule to match https initial packet [SOLVED]

Well,, maybe you can use "TLS-host" option is some way
by macgaiver
Fri Mar 22, 2019 8:42 am
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 44
Views: 8798

Re: v6.43.13 [long-term] is released!

You can't change username anymore, if you need different username create new, and delete old one. This is feature, not a bug. I disagree, it's a bug. Proof: where is this in any changelog? (because I looked before posting, twice) v6.43 changelog *) user - all passwords are now hashed and encrypted,...
by macgaiver
Thu Mar 21, 2019 6:29 pm
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 44
Views: 8798

Re: v6.43.13 [long-term] is released!

You can't change username anymore, if you need different username create new, and delete old one.
This is feature, not a bug.
by macgaiver
Tue Mar 19, 2019 5:35 pm
Forum: General
Topic: L2TP IPSEC Windows 10 --> Fail
Replies: 6
Views: 408

Re: L2TP IPSEC Windows 10 --> Fail

if there are no logs, then packet doesn't get to that service.
by macgaiver
Tue Mar 19, 2019 5:15 pm
Forum: General
Topic: L2TP IPSEC Windows 10 --> Fail
Replies: 6
Views: 408

Re: L2TP IPSEC Windows 10 --> Fail

There are some that have issue after upgrade to 6.44, but all of them have logs that say what is wrong in ipsec configuration as far as i saw you need to take a look in ipsec peers and ipsec identities for dynamic entries, if they are not there - try rebooting.
by macgaiver
Tue Mar 19, 2019 5:00 pm
Forum: General
Topic: Join two houses to one LAN (VPN?) [SOLVED]
Replies: 3
Views: 351

Re: Join two houses to one LAN (VPN?) [SOLVED]

Setup is unclear what do you mean "all incomming connections is forwarded to Mikrotik" ??? Do you have public IPs on the mikrotiks themselves, if yes setup is easy 1) change local DHCPs to the same network, make sure that pools on one house uses different range than other house. for example: house o...
by macgaiver
Tue Mar 19, 2019 4:38 pm
Forum: General
Topic: L2TP IPSEC Windows 10 --> Fail
Replies: 6
Views: 408

Re: L2TP IPSEC Windows 10 --> Fail

You should have at least some logs about Ipsec there.
If you don't, then ether your windows configuration is wrong, or you drop packets on the way back

btw...It works here just fine
by macgaiver
Tue Mar 12, 2019 4:04 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2019: new hardware
Replies: 61
Views: 9686

Re: MUM Europe 2019: new hardware

Is that why a powerline interface appeared on my mAP since I have upgraded to 6.44? Could someone please explain how to use it over the microUSB port? Thanks! Congratulations! You have unlocked additional secret Fast Ethernet port on your device! This port looks like mikroUSB, but only works over e...
by macgaiver
Mon Mar 11, 2019 1:21 pm
Forum: Wireless Networking
Topic: 10Gb on RB2011 - bad idea?
Replies: 6
Views: 431

Re: 10Gb on RB2011 - bad idea?

Go to the product page, take a look at block diagram, you will be able to see that there are only 1,5Gbps line in connections to CPU
https://mikrotik.com/product/RB2011iLS- ... -downloads
by macgaiver
Fri Mar 01, 2019 2:17 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 32237

Re: v6.44 [stable] is released!

speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only) This feature is nice indeed! It wouldn't be me not to ask for more though :D : - Can the time the test run either be adjusted by administrator of just set longer. In ma...
by macgaiver
Wed Feb 27, 2019 7:18 am
Forum: Beginner Basics
Topic: reverse nat in packet flow diagram
Replies: 16
Views: 1159

Re: reverse nat in packet flow diagram

any NAT works only with "connection-state=new" packets, all the other packets, same or returning direction are handled by connection tracking. In order not to break the packet workflow any src-addess/port changes happen around the same place where src-nat is, and any dst-address/port changes happen ...
by macgaiver
Tue Feb 26, 2019 10:43 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 32237

Re: v6.44 [stable] is released!

I got new features on my hAP mini! Interface #3, pwr-line1 Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU 0 RS ether1-GW ether 1500 1598 2028 1 RS ether2-Telia ether 1500 1598 2028 2 RS ether3-RaspberryPi ether 1500 1598 2028 3 pwr-line1 ether 1500 1...
by macgaiver
Tue Feb 26, 2019 10:42 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 32237

Re: v6.44 [stable] is released!

v6.44 does not contain:
""!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);" ?
It is no information in changelog.
these changes are starting from v6.43.12, this change was already there, so it will not show up in 6.44 changelog
by macgaiver
Fri Feb 22, 2019 8:23 am
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4909

Re: Security issue when Winbox exposed

https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24 That was a bit of a dick move, to publish it just days after release of the version with the patch. if that would happen closer to 90 day limit 1) we would have time to test releases internally and apply them in safe mann...
by macgaiver
Fri Feb 01, 2019 7:13 am
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 13373

Re: January Newsletter #87

CRS332-32S+RM
CRS354-48P-4S+2Q+
CRS354-48G-4S+2Q+


still nothing ?
:"(
CRS332-32S+RM + community feedback == CRS326-24S+2Q+RM in latest MUM opening presentations.
https://youtu.be/zMbtmeTm1PI?list=PLXr- ... O2&t=2053s
by macgaiver
Wed Jan 30, 2019 9:57 am
Forum: General
Topic: Simple queue priority
Replies: 2
Views: 321

Re: Simple queue priority

Priority is used to decide what to drop first (There are no packet sequence rearrangement based on priority) , in case of bottleneck. So you need a bottleneck - a parent queue where limits are lower than sum of all child queue limit SUM.
by macgaiver
Tue Jan 29, 2019 12:12 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: hAP ac^2 problem
Replies: 7
Views: 845

Re: hAP ac^2 problem

post an /export of your configuration
by macgaiver
Tue Jan 29, 2019 11:47 am
Forum: Beginner Basics
Topic: hAP ac and PCQ not working
Replies: 2
Views: 217

Re: hAP ac and PCQ not working

Are you sure you are not running Fasttrack firewall rule? if that is used queues are skipped. Disable it, reboot to clear it from conntrack table,
by macgaiver
Thu Jan 10, 2019 6:32 pm
Forum: Announcements
Topic: v6.42.11 [long-term] is released!
Replies: 42
Views: 8182

Re: v6.42.11 [long-term] is released!

Some bugs are not bothering users (and they like to call them "features") but are bugs nevertheless. I don't hear anybody complaining that a "non working feature" was fixed. Exatly! To be honest, i was living in a "dreamworld" that by selecting country i automatically apply to country regulations t...
by macgaiver
Wed Dec 19, 2018 3:26 pm
Forum: General
Topic: Omnitik 5 retired from Spain
Replies: 8
Views: 918

Re: Omnitik 5 retired from Spain

Discussion is happening here
viewtopic.php?f=21&t=139057&start=250
by macgaiver
Tue Dec 18, 2018 2:19 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 78910

Re: v6.44beta [testing] is released!

set frequency-mode to regulatory-domain
That works, thanks! Can this be the cause for my trouble with wireless package?
*) package - use bundled package by default if standalone packages are installed as well;
what set of packages did you have? and what did you use to upgrade?
by macgaiver
Tue Dec 04, 2018 12:16 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming
Replies: 40
Views: 21888

Re: RouterBOARD naming

hEX ?
mAP ? micro Access Point ?
home Ethernet eXchange
micro Access Point
by macgaiver
Mon Dec 03, 2018 2:06 pm
Forum: General
Topic: Mikrotik sniffer droped packets
Replies: 4
Views: 314

Re: Mikrotik sniffer droped packets

instead accept or drop, use jump to specific custom Firewall chain, where you can have rule that logs , and rule that accepts or drops.
by macgaiver
Mon Dec 03, 2018 12:15 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 78910

Re: v6.44beta [testing] is released!

tested beta version on CCR1072 ?
All deployments that are scheduled for deployment are stress-tested here on the table, it just happens to be bonding setup with pair of CCR1072, at that particular moment.
by macgaiver
Tue Nov 27, 2018 4:11 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 78910

Re: v6.44beta [testing] is released!

Average Joe will not know how to use iperf. I think target audience for this feature is defferent from iperf users :) But it is fun anyway: [admin@1072_bonding_test_1] > /tool speed-test 192.168.1.2 test-duration=60 ;;; results can be limited by cpu, note that traffic generation/termination performa...
by macgaiver
Tue Nov 06, 2018 5:44 pm
Forum: General
Topic: CRS125 poor throughput & low cpu load [SOLVED]
Replies: 41
Views: 2115

Re: CRS125 poor throughput & low cpu load [SOLVED]

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
is your problem - so basically no fastpath and fasttrack.
by macgaiver
Tue Nov 06, 2018 4:21 pm
Forum: Announcements
Topic: Newsletter 85
Replies: 30
Views: 9392

Re: Newsletter 85

Was hoping for some 802.11ax news... really hope there's something coming soon!
your hope is misplaced, any news like that would be saved for MUM Europe anyways, not some monthly newsletter.
by macgaiver
Fri Oct 05, 2018 7:38 am
Forum: General
Topic: S+RJ10: RJ45 SFP+ 10/100/1000M/2.5G/5G/10G copper module
Replies: 14
Views: 1417

Re: S+RJ10: RJ45 SFP+ 10/100/1000M/2.5G/5G/10G copper module

There are 2 modules: S-RJ01 - SFP module that have 1Gbps link to CPU and can handle 10/100/1000 Ethernet S+RJ10 - SFP+ module that have 10Gbps link to CPU and can handle 10/100/1000/2,5G/5G/10G Ethernet There are only limited amount of boards that support both 1Gbps and 10Gbps link to CPU, so you ca...
by macgaiver
Wed Oct 03, 2018 11:04 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 354
Views: 60651

Re: RB4011

Isn't this compatible with the S-RJ01 ? Someone might want to use it for some reason.

It is not shown as a related product.
i think you must use S+RJ10 instead.
by macgaiver
Tue Oct 02, 2018 6:42 pm
Forum: Beginner Basics
Topic: WPA2 preshared key brute force attack
Replies: 1
Views: 313

Re: WPA2 preshared key brute force attack

Do you search the google before posting? or at least look in the changelog?

https://blog.mikrotik.com/security/wpa2 ... ttack.html
by macgaiver
Tue Oct 02, 2018 6:40 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 24607

Re: v6.42.9 [long-term] is released!

What? You are saying on a 2011 with 6.40.x you could have 4 master ports? Two master ports per switch chip? I have never seen this work with a MikroTik SOHO device, they normally only support one master port per switch chip (so 2 master ports on the 2011). And I could similarly have four bridges on...
by macgaiver
Tue Oct 02, 2018 6:22 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 24607

Re: v6.42.9 [long-term] is released!

If you have two bridges on one chip it will only be able to hardware accelerate one of those two bridges (this was also the case before, where you could only have one master port per switch chip). Wrong, both switch chips are have hardware acceleration for traffic that happens within them, if you n...
by macgaiver
Fri Sep 21, 2018 8:31 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 354
Views: 60651

Re: RB4011

Is there a recommended SFP+ 10G Copper module that is proven to negotiate to 1G reliably? I believe it's ROS/routerboard issue. Not SFP modules issue. I wonder if S-RJ01 would work on SFP+ cage to take that SFP port into use...? I would really hate to use Switched ports for Uplink due to lack of th...
by macgaiver
Fri Sep 21, 2018 8:16 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 36406

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43); It would be really helpful if you listed affected devices or at least product ranges. Is CCR affected? Or just MIPS maybe? Do I have to update wireless wire? This is quite important information you ...
by macgaiver
Thu Sep 20, 2018 4:44 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 36406

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

Breaking the bootloader in a "stable" release... :lol:
S..t happens, but i'm loving the reaction time tho.
by macgaiver
Wed Sep 19, 2018 9:44 am
Forum: General
Topic: [ASK] allow-dual-stack-queue
Replies: 4
Views: 2518

Re: [ASK] allow-dual-stack-queue

so you have rate-limit specified? in leases
you have both ipv4 and ipv6 dhcp servers running on router?
you have client that got both ipv4 and ipv6 address?

then you should see dynamic simple queue with target both ipv4 and ipv6 address in the same simple queue, not separately as before.
by macgaiver
Wed Sep 19, 2018 9:27 am
Forum: General
Topic: [ASK] allow-dual-stack-queue
Replies: 4
Views: 2518

Re: [ASK] allow-dual-stack-queue

so that same client can use both ipv4 and ipv6 addresses and get classified under same dynamic simple queue.
by macgaiver
Thu Sep 13, 2018 1:44 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26749

Re: v6.43 [current] is released!

admin password after upgrade EMPTY. Scared the s**t out of me.... But - no it isn't, at least not for me!! 10+ routers no such issue what devices? what version did you upgrade from? there have been rare cases in the past when part of configuration gets lost on upgrade. when was last time you Neinst...
by macgaiver
Thu Sep 13, 2018 12:51 pm
Forum: RouterBOARD hardware
Topic: 100Mb LAN - what's the point?
Replies: 13
Views: 1585

Re: 100Mb LAN - what's the point?

... and then there is rest of the world!! where every cent counts.
by macgaiver
Wed Sep 12, 2018 10:20 am
Forum: General
Topic: FastTrack slow performance
Replies: 11
Views: 1274

Re: FastTrack slow performance

I lost you there - So you fixed the issue by upgrading driver on other device (endpoint of connection), and still thinking about problems in fasttrack??? Give me a break! If your device ethernet driver was flawed, it might have issues on RX buffer, and on specific receive frequency had issues to rep...
by macgaiver
Tue Sep 11, 2018 2:45 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 330
Views: 72637

Re: Winbox vulnerability: please upgrade

in some cases it was reported that device got infected from other infected device from the same (trusted) network.
by macgaiver
Tue Sep 11, 2018 1:51 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 78910

Re: v6.44beta [testing] is released!

O_o "beta"!!!! The hell just froze over!! what happened there?
by macgaiver
Fri Sep 07, 2018 4:06 pm
Forum: General
Topic: Queue tree no max and limit-at speeds
Replies: 5
Views: 615

Re: Queue tree no max and limit-at speeds

Only if you base it on some packet header fields like DSCP or TTL
  • 1
  • 2
  • 3
  • 4
  • 5
  • 35