Community discussions

Search found 1718 matches

by macgaiver
Fri Sep 06, 2019 12:29 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 195
Views: 36099

Re: RouterOS v7.0beta1 (ARM)

4.14 has longer EOL than 4.19
by macgaiver
Fri Sep 06, 2019 11:06 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 155038

Re: RouterOS v7.0 beta1 - when?

I don't speak Russian but I take it that the beta is now available? mt.lv/v7 ? Yes, only for ARM architecture and only for hap ac^2 and WAPGR LTE/4G/LTE-US testing, to get v7 ready for upcoming 5G products, according to Sergejs. support for remaining boards will gradually come out it has v6.45.5 fe...
by macgaiver
Thu Aug 29, 2019 8:49 am
Forum: General
Topic: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+
Replies: 145
Views: 19504

Re: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+

Has anyone tried the new CRS326-24S+2Q+RM Cloud Router Switch? I am wondering if it has the same port issues when connection at 10GB to other CRS3xx switches as the CRS317. All the sources indicate that is only that specific combination that this topic is affected, and maybe even then only some par...
by macgaiver
Tue Aug 27, 2019 10:58 am
Forum: SwOS
Topic: Performance Issues with CRS 312-4c+8xg
Replies: 5
Views: 793

Re: Performance Issues with CRS 312-4c+8xg

Sounds like you are not switching, but bridging instead So using that little CPU to push data. make sure you have hw=yes on all bridge ports, and all your VLAns are actually configured in bridge settings not as logical interfaces.
by macgaiver
Thu Aug 08, 2019 10:32 am
Forum: Beginner Basics
Topic: Are stateful firewall rules be applied to udp connections?
Replies: 1
Views: 317

Re: Are stateful firewall rules be applied to udp connections?

In RouterOS you operate with connection tracking entry states, not with TCP connection states..
by macgaiver
Fri Jun 21, 2019 3:03 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4289

Re: single IP constantly trying to log to my Mikrotik

Don't you mean NAT? RAW is pre conntrack... NAT only work with first packets of the connection, registers it into conntrack, after that conntrack handles everything. NAT is out of the picture. My understanding is that settings (under https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Connection_trac...
by macgaiver
Wed May 29, 2019 3:28 pm
Forum: General
Topic: Two DHCP server with One interface
Replies: 2
Views: 249

Re: Two DHCP server with One interface

It is not necessary, as one one physical network you should have only one subnet.

if you run out of IPs in /24 you should use /23 instead. and have one DHCP server for whole /23 network
by macgaiver
Wed May 22, 2019 1:01 pm
Forum: General
Topic: Strange RP filter behavior
Replies: 12
Views: 755

Re: Strange RP filter behavior

I haven't done any actual testing, but most likely issue is with connection tracking way to classify traffic, i had similar setup, where traffic was traversing router twice, connection tracking was unable to classify it for some reason. Trying to assign traffic to same conntrack entry so rp-fiter be...
by macgaiver
Tue May 21, 2019 8:41 am
Forum: General
Topic: Strange RP filter behavior
Replies: 12
Views: 755

Re: Strange RP filter behavior

I'm sorry, but i still do not understand - WHY you need this?
I do not know your background, but this is first time i heard about this "know solution of Mangling loopback"..

so please explain functionality that you are trying to achieve
by macgaiver
Tue Apr 16, 2019 11:05 am
Forum: Wireless Networking
Topic: mAP poor performance [SOLVED]
Replies: 4
Views: 659

Re: mAP poor performance [SOLVED]

1) fast-forward=yes
2) disable all the packages you don't use , routing/hotspot/ipv6/security/ppp etc
3) set /queue interface to hardware queue only on both interfaces.
4) bridge ports hw=YES
by macgaiver
Fri Apr 05, 2019 3:16 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 155038

Re: RouterOS v7.0 beta99 - released.

From the video: 7.00beta99 so long past beta1 as the title asks for :) Perhaps MT is counting down ... so next beta from the one shown in video (probably not current any more as @Normis hinted) was beta98 ... and so forth. So v7 will be released to public when count-down reaches beta1 :wink: I have...
by macgaiver
Fri Mar 29, 2019 12:15 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40169

Re: UKNOF 43 CVE

You've had close to a year to work on a fix... If you take a look at original post there is a link and quote. From what i understand original CVE, was not considered a vulnerability until 2nd one come along. And details of that will be revealed on given date. So all this "close to year" shouting is...
by macgaiver
Tue Mar 26, 2019 5:54 pm
Forum: General
Topic: Mangle rule to match https initial packet [SOLVED]
Replies: 9
Views: 509

Re: Mangle rule to match https initial packet [SOLVED]

Well,, maybe you can use "TLS-host" option is some way
by macgaiver
Fri Mar 22, 2019 8:42 am
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 44
Views: 9602

Re: v6.43.13 [long-term] is released!

You can't change username anymore, if you need different username create new, and delete old one. This is feature, not a bug. I disagree, it's a bug. Proof: where is this in any changelog? (because I looked before posting, twice) v6.43 changelog *) user - all passwords are now hashed and encrypted,...
by macgaiver
Thu Mar 21, 2019 6:29 pm
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 44
Views: 9602

Re: v6.43.13 [long-term] is released!

You can't change username anymore, if you need different username create new, and delete old one.
This is feature, not a bug.
by macgaiver
Tue Mar 19, 2019 5:35 pm
Forum: General
Topic: L2TP IPSEC Windows 10 --> Fail
Replies: 6
Views: 576

Re: L2TP IPSEC Windows 10 --> Fail

if there are no logs, then packet doesn't get to that service.
by macgaiver
Tue Mar 19, 2019 5:15 pm
Forum: General
Topic: L2TP IPSEC Windows 10 --> Fail
Replies: 6
Views: 576

Re: L2TP IPSEC Windows 10 --> Fail

There are some that have issue after upgrade to 6.44, but all of them have logs that say what is wrong in ipsec configuration as far as i saw you need to take a look in ipsec peers and ipsec identities for dynamic entries, if they are not there - try rebooting.
by macgaiver
Tue Mar 19, 2019 5:00 pm
Forum: General
Topic: Join two houses to one LAN (VPN?) [SOLVED]
Replies: 3
Views: 403

Re: Join two houses to one LAN (VPN?) [SOLVED]

Setup is unclear what do you mean "all incomming connections is forwarded to Mikrotik" ??? Do you have public IPs on the mikrotiks themselves, if yes setup is easy 1) change local DHCPs to the same network, make sure that pools on one house uses different range than other house. for example: house o...
by macgaiver
Tue Mar 19, 2019 4:38 pm
Forum: General
Topic: L2TP IPSEC Windows 10 --> Fail
Replies: 6
Views: 576

Re: L2TP IPSEC Windows 10 --> Fail

You should have at least some logs about Ipsec there.
If you don't, then ether your windows configuration is wrong, or you drop packets on the way back

btw...It works here just fine
by macgaiver
Tue Mar 12, 2019 4:04 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2019: new hardware
Replies: 61
Views: 12002

Re: MUM Europe 2019: new hardware

Is that why a powerline interface appeared on my mAP since I have upgraded to 6.44? Could someone please explain how to use it over the microUSB port? Thanks! Congratulations! You have unlocked additional secret Fast Ethernet port on your device! This port looks like mikroUSB, but only works over e...
by macgaiver
Mon Mar 11, 2019 1:21 pm
Forum: Wireless Networking
Topic: 10Gb on RB2011 - bad idea?
Replies: 6
Views: 538

Re: 10Gb on RB2011 - bad idea?

Go to the product page, take a look at block diagram, you will be able to see that there are only 1,5Gbps line in connections to CPU
https://mikrotik.com/product/RB2011iLS- ... -downloads
by macgaiver
Fri Mar 01, 2019 2:17 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36424

Re: v6.44 [stable] is released!

speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only) This feature is nice indeed! It wouldn't be me not to ask for more though :D : - Can the time the test run either be adjusted by administrator of just set longer. In ma...
by macgaiver
Wed Feb 27, 2019 7:18 am
Forum: Beginner Basics
Topic: reverse nat in packet flow diagram
Replies: 16
Views: 1288

Re: reverse nat in packet flow diagram

any NAT works only with "connection-state=new" packets, all the other packets, same or returning direction are handled by connection tracking. In order not to break the packet workflow any src-addess/port changes happen around the same place where src-nat is, and any dst-address/port changes happen ...
by macgaiver
Tue Feb 26, 2019 10:43 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36424

Re: v6.44 [stable] is released!

I got new features on my hAP mini! Interface #3, pwr-line1 Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU 0 RS ether1-GW ether 1500 1598 2028 1 RS ether2-Telia ether 1500 1598 2028 2 RS ether3-RaspberryPi ether 1500 1598 2028 3 pwr-line1 ether 1500 1...
by macgaiver
Tue Feb 26, 2019 10:42 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36424

Re: v6.44 [stable] is released!

v6.44 does not contain:
""!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);" ?
It is no information in changelog.
these changes are starting from v6.43.12, this change was already there, so it will not show up in 6.44 changelog
by macgaiver
Fri Feb 22, 2019 8:23 am
Forum: General
Topic: Security issue when Winbox exposed
Replies: 68
Views: 5960

Re: Security issue when Winbox exposed

https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24 That was a bit of a dick move, to publish it just days after release of the version with the patch. if that would happen closer to 90 day limit 1) we would have time to test releases internally and apply them in safe mann...
by macgaiver
Fri Feb 01, 2019 7:13 am
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14567

Re: January Newsletter #87

CRS332-32S+RM
CRS354-48P-4S+2Q+
CRS354-48G-4S+2Q+


still nothing ?
:"(
CRS332-32S+RM + community feedback == CRS326-24S+2Q+RM in latest MUM opening presentations.
https://youtu.be/zMbtmeTm1PI?list=PLXr- ... O2&t=2053s
by macgaiver
Wed Jan 30, 2019 9:57 am
Forum: General
Topic: Simple queue priority
Replies: 2
Views: 373

Re: Simple queue priority

Priority is used to decide what to drop first (There are no packet sequence rearrangement based on priority) , in case of bottleneck. So you need a bottleneck - a parent queue where limits are lower than sum of all child queue limit SUM.
by macgaiver
Tue Jan 29, 2019 12:12 pm
Forum: General
Topic: hAP ac^2 problem
Replies: 7
Views: 963

Re: hAP ac^2 problem

post an /export of your configuration
by macgaiver
Tue Jan 29, 2019 11:47 am
Forum: Beginner Basics
Topic: hAP ac and PCQ not working
Replies: 2
Views: 259

Re: hAP ac and PCQ not working

Are you sure you are not running Fasttrack firewall rule? if that is used queues are skipped. Disable it, reboot to clear it from conntrack table,
by macgaiver
Thu Jan 10, 2019 6:32 pm
Forum: Announcements
Topic: v6.42.11 [long-term] is released!
Replies: 42
Views: 9106

Re: v6.42.11 [long-term] is released!

Some bugs are not bothering users (and they like to call them "features") but are bugs nevertheless. I don't hear anybody complaining that a "non working feature" was fixed. Exatly! To be honest, i was living in a "dreamworld" that by selecting country i automatically apply to country regulations t...
by macgaiver
Wed Dec 19, 2018 3:26 pm
Forum: General
Topic: Omnitik 5 retired from Spain
Replies: 8
Views: 1033

Re: Omnitik 5 retired from Spain

Discussion is happening here
viewtopic.php?f=21&t=139057&start=250
by macgaiver
Tue Dec 18, 2018 2:19 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84151

Re: v6.44beta [testing] is released!

set frequency-mode to regulatory-domain
That works, thanks! Can this be the cause for my trouble with wireless package?
*) package - use bundled package by default if standalone packages are installed as well;
what set of packages did you have? and what did you use to upgrade?
by macgaiver
Tue Dec 04, 2018 12:16 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming
Replies: 47
Views: 24581

Re: RouterBOARD naming

hEX ?
mAP ? micro Access Point ?
home Ethernet eXchange
micro Access Point
by macgaiver
Mon Dec 03, 2018 2:06 pm
Forum: General
Topic: Mikrotik sniffer droped packets
Replies: 4
Views: 366

Re: Mikrotik sniffer droped packets

instead accept or drop, use jump to specific custom Firewall chain, where you can have rule that logs , and rule that accepts or drops.
by macgaiver
Mon Dec 03, 2018 12:15 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84151

Re: v6.44beta [testing] is released!

tested beta version on CCR1072 ?
All deployments that are scheduled for deployment are stress-tested here on the table, it just happens to be bonding setup with pair of CCR1072, at that particular moment.
by macgaiver
Tue Nov 27, 2018 4:11 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84151

Re: v6.44beta [testing] is released!

Average Joe will not know how to use iperf. I think target audience for this feature is defferent from iperf users :) But it is fun anyway: [admin@1072_bonding_test_1] > /tool speed-test 192.168.1.2 test-duration=60 ;;; results can be limited by cpu, note that traffic generation/termination performa...
by macgaiver
Tue Nov 06, 2018 5:44 pm
Forum: General
Topic: CRS125 poor throughput & low cpu load [SOLVED]
Replies: 41
Views: 2413

Re: CRS125 poor throughput & low cpu load [SOLVED]

/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
is your problem - so basically no fastpath and fasttrack.
by macgaiver
Tue Nov 06, 2018 4:21 pm
Forum: Announcements
Topic: Newsletter 85
Replies: 30
Views: 9950

Re: Newsletter 85

Was hoping for some 802.11ax news... really hope there's something coming soon!
your hope is misplaced, any news like that would be saved for MUM Europe anyways, not some monthly newsletter.
by macgaiver
Fri Oct 05, 2018 7:38 am
Forum: General
Topic: S+RJ10: RJ45 SFP+ 10/100/1000M/2.5G/5G/10G copper module
Replies: 14
Views: 1591

Re: S+RJ10: RJ45 SFP+ 10/100/1000M/2.5G/5G/10G copper module

There are 2 modules: S-RJ01 - SFP module that have 1Gbps link to CPU and can handle 10/100/1000 Ethernet S+RJ10 - SFP+ module that have 10Gbps link to CPU and can handle 10/100/1000/2,5G/5G/10G Ethernet There are only limited amount of boards that support both 1Gbps and 10Gbps link to CPU, so you ca...
by macgaiver
Wed Oct 03, 2018 11:04 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70751

Re: RB4011

Isn't this compatible with the S-RJ01 ? Someone might want to use it for some reason.

It is not shown as a related product.
i think you must use S+RJ10 instead.
by macgaiver
Tue Oct 02, 2018 6:42 pm
Forum: Beginner Basics
Topic: WPA2 preshared key brute force attack
Replies: 1
Views: 358

Re: WPA2 preshared key brute force attack

Do you search the google before posting? or at least look in the changelog?

https://blog.mikrotik.com/security/wpa2 ... ttack.html
by macgaiver
Tue Oct 02, 2018 6:40 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26126

Re: v6.42.9 [long-term] is released!

What? You are saying on a 2011 with 6.40.x you could have 4 master ports? Two master ports per switch chip? I have never seen this work with a MikroTik SOHO device, they normally only support one master port per switch chip (so 2 master ports on the 2011). And I could similarly have four bridges on...
by macgaiver
Tue Oct 02, 2018 6:22 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26126

Re: v6.42.9 [long-term] is released!

If you have two bridges on one chip it will only be able to hardware accelerate one of those two bridges (this was also the case before, where you could only have one master port per switch chip). Wrong, both switch chips are have hardware acceleration for traffic that happens within them, if you n...
by macgaiver
Fri Sep 21, 2018 8:31 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70751

Re: RB4011

Is there a recommended SFP+ 10G Copper module that is proven to negotiate to 1G reliably? I believe it's ROS/routerboard issue. Not SFP modules issue. I wonder if S-RJ01 would work on SFP+ cage to take that SFP port into use...? I would really hate to use Switched ports for Uplink due to lack of th...
by macgaiver
Fri Sep 21, 2018 8:16 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39197

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43); It would be really helpful if you listed affected devices or at least product ranges. Is CCR affected? Or just MIPS maybe? Do I have to update wireless wire? This is quite important information you ...
by macgaiver
Thu Sep 20, 2018 4:44 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39197

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

Breaking the bootloader in a "stable" release... :lol:
S..t happens, but i'm loving the reaction time tho.
by macgaiver
Wed Sep 19, 2018 9:44 am
Forum: General
Topic: [ASK] allow-dual-stack-queue
Replies: 4
Views: 3130

Re: [ASK] allow-dual-stack-queue

so you have rate-limit specified? in leases
you have both ipv4 and ipv6 dhcp servers running on router?
you have client that got both ipv4 and ipv6 address?

then you should see dynamic simple queue with target both ipv4 and ipv6 address in the same simple queue, not separately as before.
by macgaiver
Wed Sep 19, 2018 9:27 am
Forum: General
Topic: [ASK] allow-dual-stack-queue
Replies: 4
Views: 3130

Re: [ASK] allow-dual-stack-queue

so that same client can use both ipv4 and ipv6 addresses and get classified under same dynamic simple queue.
by macgaiver
Thu Sep 13, 2018 1:44 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28925

Re: v6.43 [current] is released!

admin password after upgrade EMPTY. Scared the s**t out of me.... But - no it isn't, at least not for me!! 10+ routers no such issue what devices? what version did you upgrade from? there have been rare cases in the past when part of configuration gets lost on upgrade. when was last time you Neinst...
by macgaiver
Thu Sep 13, 2018 12:51 pm
Forum: RouterBOARD hardware
Topic: 100Mb LAN - what's the point?
Replies: 13
Views: 1731

Re: 100Mb LAN - what's the point?

... and then there is rest of the world!! where every cent counts.
by macgaiver
Wed Sep 12, 2018 10:20 am
Forum: General
Topic: FastTrack slow performance
Replies: 11
Views: 1431

Re: FastTrack slow performance

I lost you there - So you fixed the issue by upgrading driver on other device (endpoint of connection), and still thinking about problems in fasttrack??? Give me a break! If your device ethernet driver was flawed, it might have issues on RX buffer, and on specific receive frequency had issues to rep...
by macgaiver
Tue Sep 11, 2018 2:45 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 89091

Re: Winbox vulnerability: please upgrade

in some cases it was reported that device got infected from other infected device from the same (trusted) network.
by macgaiver
Tue Sep 11, 2018 1:51 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84151

Re: v6.44beta [testing] is released!

O_o "beta"!!!! The hell just froze over!! what happened there?
by macgaiver
Fri Sep 07, 2018 4:06 pm
Forum: General
Topic: Queue tree no max and limit-at speeds
Replies: 5
Views: 740

Re: Queue tree no max and limit-at speeds

Only if you base it on some packet header fields like DSCP or TTL
by macgaiver
Fri Sep 07, 2018 12:51 pm
Forum: General
Topic: Queue tree no max and limit-at speeds
Replies: 5
Views: 740

Re: Queue tree no max and limit-at speeds

No, it will not work.

Priority is ONLY used to decide what to drop when limits are reached ( NO!, it does NOT change packet order, it does NOT put higher priority packets first) - if limits are not reached, nothing will be dropped
by macgaiver
Fri Sep 07, 2018 9:25 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70751

Re: RB4011

Just looked up good old CCR1009: https://mikrotik.com/product/CCR1009-7G-1C-1Splus#fndtn-testresults Same way of testing, same type of results, at least they are consistent, and these results also for previous model was around for years, nobody had any issues :) and that was arguable more server roo...
by macgaiver
Fri Sep 07, 2018 8:41 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 89091

Re: Winbox vulnerability: please upgrade

I just recently remembered that i gave MT router to my far relatives, i pre-configured it with just winbox access, it was year ago, just got IP to connect to and this is what i see: Jul/28/2018 08:12:46 system,info,account user macgaiver logged in from 95.154.216.151 via winbox Jul/28/2018 08:12:46 ...
by macgaiver
Fri Sep 07, 2018 7:30 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70751

Re: RB4011

One can argue about "router on a stick" SFP+ setup to lift possible limit to 15Gbps total, but i think those will not be numbers anyone is looking for. Why not? That 15Gbps is exactly the number I'd expected to see as achievable benchmark limit for this block diagram. OK, just give me a real life a...
by macgaiver
Thu Sep 06, 2018 11:04 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70751

Re: RB4011

That looks like beef, not gonna lie :D I wonder where this 10G limit in charts comes from because it doesn't really look like "natural" limit. Connect all wires and run max traffic - logical direction is from SFP to all ethernets and from all ethernets back - in each direction you can get 5gbps s0 ...
by macgaiver
Wed Aug 29, 2018 2:44 pm
Forum: General
Topic: P2P missing on my new RB1100AHx4
Replies: 13
Views: 1351

Re: P2P missing on my new RB1100AHx4

It is working and still working on my old router which I have not yet replaced, it blocks the use of the BitTorrent program, all the Layer7 examples I have tried are doing nothing. download different client and/or enable traffic encryption, and it doesn't work anymore. Do you know what else does it...
by macgaiver
Wed Aug 29, 2018 7:40 am
Forum: General
Topic: P2P missing on my new RB1100AHx4
Replies: 13
Views: 1351

Re: P2P missing on my new RB1100AHx4

There were lots of false positives, some services were not working cause were wrongly captured by this option, so it was removed.
by macgaiver
Thu Aug 23, 2018 5:56 pm
Forum: General
Topic: Please add "Benchmark" button to Winbox IP-IPsec-Proposals
Replies: 1
Views: 474

Re: Please add "Benchmark" button to Winbox IP-IPsec-Proposals

....30MB setup file, while whole RouterOS is <12MB... :) it is not "just a benchmark button" this is whole standalone tool that have no place on the router.
by macgaiver
Thu Aug 23, 2018 5:53 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 31010

Re: v6.42.7 [current] is released!

This must be the best version in years, as this topic only complains are about changelogs one entry....

Back on topic - solid version most of network spokes upgraded, core routers will be on the weekend.
by macgaiver
Thu Aug 23, 2018 5:50 pm
Forum: General
Topic: Queues Dropped Packet [SOLVED]
Replies: 3
Views: 528

Re: Queues Dropped Packet [SOLVED]

1) queues work by dropping packets, that are over the limit
2) queue size are in bits, so "1000" = "1k", "1000k" = "1M", there are no point of limits 6291456... 6,29Mbps...
by macgaiver
Thu Aug 23, 2018 11:03 am
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 31010

Re: v6.42.7 [current] is released!

I can confirm that the security fixes were added to the notes after the 6.42.7 thread was already posted! Why was this? Think logically, 1) release versions in all channels with the fixes 2) wait for initial customer feedback to be double sure that version doesn't contain unexpected surprizes and i...
by macgaiver
Tue Aug 21, 2018 5:45 pm
Forum: Beginner Basics
Topic: Cannot upgrade Software and Firmware
Replies: 1
Views: 408

Re: Cannot upgrade Software and Firmware

Yes, that is issue in your installed version, AFAIK it was solved, just netinstall with "keep configuration" and all should be fine.
by macgaiver
Fri Aug 17, 2018 2:46 pm
Forum: General
Topic: Why Fast Path not active?
Replies: 4
Views: 1352

Re: Why Fast Path not active?

Fastpath is just a foundation, that you need to use fasttrack.
by macgaiver
Thu Aug 16, 2018 3:15 pm
Forum: General
Topic: I've closed all service ports by mistake [SOLVED]
Replies: 4
Views: 610

Re: I've closed all service ports by mistake [SOLVED]

Yes, and there are no way to save config as disabled services are part of configuration.
https://wiki.mikrotik.com/wiki/Manual:Netinstall
by macgaiver
Tue Aug 14, 2018 4:11 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 26
Views: 25130

Re: WPA2 preshared key brute force attack

What's new in 6.43rc56 (2018-Aug-13 11:13):
...
*) wireless - added option to disable PMKID for WPA2 (CLI only);
...
So far all devices i tried connects just fine.
by macgaiver
Tue Aug 14, 2018 4:09 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113558

Re: v6.43rc [release candidate] is released!

*) wireless - added option to disable PMKID for WPA2 (CLI only);
All my everyday devices still connects just fine.
by macgaiver
Tue Aug 14, 2018 1:25 pm
Forum: General
Topic: Vulnerability CVE-2018-5390 [SOLVED]
Replies: 13
Views: 2299

Re: Vulnerability CVE-2018-5390 [SOLVED]

Just a side note - it is way too easy to create those CVE-2018-xxxx entries.. Anyone stubborn enough can do it, even without any actual knowledge of the subject, i think this should be restricted to companies only, for example MikroTik should do it itself.
by macgaiver
Tue Aug 07, 2018 12:41 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 1229

Re: 100% CPU CCR1072 due DDoS - How to improve?

close port 80 from outside use.
by macgaiver
Thu Aug 02, 2018 6:40 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 547
Views: 63994

Re: LHG 60G experience

FYI 6.43rc51:

*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
by macgaiver
Wed Jul 25, 2018 8:47 am
Forum: General
Topic: Fasttrack only working in one direction?
Replies: 2
Views: 345

Re: Fasttrack only working in one direction?

does the parent receiving interface support fastpath?
by macgaiver
Tue Jul 24, 2018 5:58 pm
Forum: General
Topic: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL
Replies: 17
Views: 1759

Re: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL

without 2) your PCC will override your mark-connection rule for particular IP.
by macgaiver
Tue Jul 24, 2018 3:55 pm
Forum: General
Topic: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL
Replies: 17
Views: 1759

Re: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL

1) implementation is little bit off, first 2 rules should be in prerouting chain not in input chain, like in manual example: https://wiki.mikrotik.com/wiki/Manual:PCC#Application_Example_-_Load_Balancing 2) on your connection-mark rules you do not have check, if that connections hasn't been already ...
by macgaiver
Thu Jul 19, 2018 5:28 pm
Forum: General
Topic: CRS328-24P-4S+ RouterOS upgrade [SOLVED]
Replies: 4
Views: 739

Re: CRS328-24P-4S+ RouterOS upgrade [SOLVED]

Try manually drag and drop packets to winbox file menu, AFAIK on boards with flash memory upgrade packets for upgrade will be stored in the memory not flash.
by macgaiver
Tue Jul 17, 2018 10:53 am
Forum: Wireless Networking
Topic: Secondary-channel?
Replies: 6
Views: 3584

Re: Secondary-channel?

hmm, 80Mhz+80Mhz (wave2), sound like something accidentally or intentionally slipped out about some unannounced, soon to be released hardware.
Exited!!! :D
by macgaiver
Wed Jul 04, 2018 3:15 pm
Forum: Beginner Basics
Topic: Date of last software downgrade
Replies: 6
Views: 774

Re: Date of last software downgrade

If factory version is the same as installed version you can't downgrade, board might not work on lower version, some feature or some part was not supported.

I wonder, what is this mistical version that your ISP supports and what they doesn't. And why? :)
by macgaiver
Tue Jun 05, 2018 12:22 pm
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 44
Views: 13714

Re: MikroTik News June 2018 (Issue #83)

Sadly hAP ac² missed the upgrade. :(
i think, at this moment in time you can squeeze only as much as they did in that form factor.
by macgaiver
Wed May 30, 2018 3:55 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113558

Re: v6.43rc [release candidate] is released!

Version 6.43rc21 has been released. *) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address; *) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only); *) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only); Things, j...
by macgaiver
Wed May 30, 2018 7:57 am
Forum: General
Topic: PCC loadbalace and Failover not correct. [SOLVED]
Replies: 3
Views: 372

Re: PCC loadbalace and Failover not correct. [SOLVED]

1) your implementation doesn't correspond with best practice example in manual 2) this is per address-pair load balancing (almost same as per connection load balancing), one connection can use only one gateway, so you will never be able to get speedtest aggregated on all 7 WANs - you need something ...
by macgaiver
Tue Apr 24, 2018 4:33 pm
Forum: Announcements
Topic: Significant improvement for 60 GHz solutions
Replies: 45
Views: 16026

Re: Significant improvement for 60 GHz solutions

@strods: does this apply to all units, since the beginning of product distributions or is it limited only to some HW version? I know it has been reached by SW modification and phase array patterns, just want to be sure it is not HW dependent. Thank you. Topic is clearly about software improvements
by macgaiver
Thu Mar 29, 2018 5:26 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 64
Views: 30843

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

So far my testing show that only mipsbe devices are getting exploited. Anyone notice other architectures affected?

Also all of the devices actually required reboot to get the exploit part going, from what i read here i had idea that everything will happen straight away...
by macgaiver
Tue Mar 27, 2018 12:54 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 64
Views: 30843

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

@macgaiver Isn't your proposal going hand-in-hand with the new sex trafficking law :-) ? https://www.wired.com/story/how-a-controversial-new-sex-trafficking-law-will-change-the-web/ I'm on the other side of the World, in here torrents and other file sharing is still at large, so some if not most re...
by macgaiver
Mon Mar 26, 2018 3:54 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 64
Views: 30843

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

Don't you have a point in the user agreement, if they use Internet for illegal activities you have the right to disconnect them?

Allow only mikrotik.com domain for them until they have upgraded, and just redirect them to warning page that explains what is the problem.
Works like a charm here.
by macgaiver
Wed Mar 21, 2018 2:16 pm
Forum: RouterBOARD hardware
Topic: Can the CRS317 do LAG in hardware yet?
Replies: 3
Views: 659

Re: Can the CRS317 do LAG in hardware yet?

Thanks. I was trying to avoid using an 'rc' version in production. Can you give any clue as to when 6.42 will be released? When all the new features will be tested and confirmed, you should try it out on your test network, before 6.42 comes out. or else there is a big chance that in your setup some...
by macgaiver
Wed Mar 21, 2018 11:18 am
Forum: General
Topic: Queue tree problm
Replies: 14
Views: 960

Re: Queue tree problm

limit-at is guarantied traffic - it so guarantied that it "ignores" priority, parent's max limits etc. - it is just given to that queue. If some available bandwidth remains then queues will fight it out using priority.
by macgaiver
Wed Mar 21, 2018 10:41 am
Forum: RouterBOARD hardware
Topic: CSS326-24G-2S+RM and S-85DLC05D [SOLVED]
Replies: 1
Views: 452

Re: CSS326-24G-2S+RM and S-85DLC05D [SOLVED]

Yes! it is compatible with both.

in software you can also determine it by default interface names:

"sfp-sfpplus1" support both, "sfpplus1" is only SFP+ and "sfp1" is regular SFP.

as far as i can remember only CCR1016 had 10G only SFP+ port, other MikroTik devices usually support both speeds
by macgaiver
Tue Mar 20, 2018 3:21 pm
Forum: RouterBOARD hardware
Topic: hAP ac² - more RAM than in HW specification [SOLVED]
Replies: 55
Views: 14268

Re: hAP ac² - more RAM than in HW specification [SOLVED]

Please, insert in to Part Number a release code, p.e:
- release 1 with 128MB
- release 2 with 256MB

Like a RB750r2 and RB750Gr3....
Because they are different hardware.
Sure and double your effort with all the certifications all around the world... no thanks.
by macgaiver
Mon Mar 19, 2018 4:05 pm
Forum: RouterBOARD hardware
Topic: hAP ac² - more RAM than in HW specification [SOLVED]
Replies: 55
Views: 14268

Re: hAP ac² - more RAM than in HW specification [SOLVED]

I think you over-complicate things, sometimes it happens that during the manufacturing, some parts didn't arrive on time, doesn't pass the QC, or simply become unavailable. In those cases it is much more reasonable to use other, maybe even more expensive parts, than stop manufacturing process. These...
by macgaiver
Tue Mar 13, 2018 2:31 pm
Forum: General
Topic: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072
Replies: 8
Views: 1624

Re: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072

Bandwidth test is limited to single CPU core, it can't generate more than ~2Gbps and even then with many connections.
by macgaiver
Tue Mar 13, 2018 1:35 pm
Forum: General
Topic: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072
Replies: 8
Views: 1624

Re: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072

There are only one way to test 10Gbps connection in house: https://wiki.mikrotik.com/wiki/Manual:Performance_Testing_with_Traffic_Generator any external single connection tests like speedtest.com etc, because of round trip time will be limited to sub 1Gbps speeds anyway. There are only two ways to g...
by macgaiver
Thu Feb 08, 2018 12:50 pm
Forum: General
Topic: "restrict upgrade from RouterOS older than v5.16" ?
Replies: 8
Views: 910

Re: "restrict upgrade from RouterOS older than v5.16" ?

When version gap is so large, you are better out with full Netinstall and configuration from 0 anyway.
by macgaiver
Tue Jan 23, 2018 6:03 pm
Forum: General
Topic: Help with No track Raw rule
Replies: 1
Views: 1176

Re: Help with No track Raw rule

I usually do this
1) action=accept all traffic that needs NAT ( usually it is only traffic from local private subnets) in RAW table (it will send traffic to connection tracking - even if it is disabled)
2) disable connection tracking
3) build stateless firewall
by macgaiver
Tue Jan 23, 2018 2:54 pm
Forum: General
Topic: selective accept before fasttrack does not disable fasttrack, what am I doing wrong? [SOLVED]
Replies: 3
Views: 460

Re: selective accept before fasttrack does not disable fasttrack, what am I doing wrong? [SOLVED]

Are you talking about dynamic one? or static one? Dynamic is not actually a rule it is just a placeholder to indicate that some of the packets doesn't get to your firewall at all as they are fasttracked. you need to find action=fasttrack-connection rule and place your rules before it. then you need ...
by macgaiver
Wed Jan 10, 2018 2:05 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77986

Re: v6.41 [current]

Just want to say good job on the HW offload functions. I managed to get this onto my "old" RB750 which sits on my desk at work and the offload makes a huge difference from 1 interface to another so hopefully this amazing performance increase scales up to far larger switches. CPU usage was also down...
by macgaiver
Mon Dec 18, 2017 10:41 am
Forum: Wireless Networking
Topic: Can't change country
Replies: 9
Views: 2337

Re: Can't change country

Just a hint :) - Netinstall, have a nice feature to un-check "keep old configuration " and "Apply default config" option ;)
by macgaiver
Thu Dec 14, 2017 4:52 pm
Forum: General
Topic: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service
Replies: 16
Views: 3596

Re: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service

I'm sorry, for jumping in, but there are few points i would like to contribute. 1) There are 2 kinds of routers out there - a) hardware accelerated - limited number of features, but @ wire speed b) regular processing - many features, limited CPU and RAM processing resoursces Fasttrack is software fe...
by macgaiver
Wed Dec 13, 2017 12:49 pm
Forum: General
Topic: TCP Port NAT log
Replies: 1
Views: 286

Re: TCP Port NAT log

UDP/443 is Google QUIC protocol
https://en.wikipedia.org/wiki/QUIC
by macgaiver
Fri Dec 08, 2017 8:08 am
Forum: General
Topic: Interface packet Drops on an octacore xeon with intel nics
Replies: 31
Views: 14363

Re: Interface packet Drops on an octacore xeon with intel ni

What about Tx Drops ? OMG that was 5 years old post :) TX drop is much more rare, imagine you have 1Gbps and 100Mbps interfaces on your router and you are trying to receive 200Mbps on Gbps interface and send it out on 100Mbps interface, 1Gpbs will have no problem receiving 200Mbps, and at that poin...
by macgaiver
Wed Dec 06, 2017 7:13 am
Forum: General
Topic: Fasttrack & queue tree non-global queues
Replies: 4
Views: 1671

Re: Fasttrack & queue tree non-global queues

AS manual stated - firewall rules (including your packet marks) are skipped, only mark you can use is default "no-mark"
by macgaiver
Mon Nov 27, 2017 7:58 am
Forum: General
Topic: Simple queue drop question
Replies: 18
Views: 1914

Re: Simple queue drop question

p2p option was capturing lots of false positives, so it was removed, i suggest to get rid of any configuration that uses those options.
by macgaiver
Tue Oct 17, 2017 1:20 pm
Forum: General
Topic: Did Fasttrack break with recent updates?
Replies: 6
Views: 1095

Re: Did Fasttrack break with recent updates?

Routing mark doesn't work on fasttracked traffic, it need to be excluded from the fasttrack-connection rule.
by macgaiver
Tue Oct 17, 2017 12:23 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 105598

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

802.11/nstreme client (all station modes)
So all client that use nstreme in station-bridge mode need to be upgraded too??
Thanks
Sorry, but "all station modes" mean "all station modes" :)
by macgaiver
Tue Oct 03, 2017 5:58 pm
Forum: General
Topic: CCR 100% on all cores, Queue tree -PCQ
Replies: 5
Views: 2926

Re: CCR 100% on all cores, Queue tree -PCQ

Separate your local network in separate smaller subnets, and have queue for each subnet.
by macgaiver
Thu Sep 14, 2017 5:20 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 29330

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

I would really prefer if you did not announce the prices ... Local distributors here are selling Mikrotik gear way times more expensive, for example RB1100AHX4 is currently 570$ or 475$ before taxes, so it is pretty announcing to find out that we are being robbed like that, it is better just not to...
by macgaiver
Thu Sep 14, 2017 4:28 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 29330

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

Wow some awesome new products :) The S+RJ10 SFP module is pretty interesting for the price.I remember buying a ProLabs one , for about 10 times the price last year. Indeed!!! Just to be sure - MT didn't you forget to add one digit ("1", "2" or even "3") in front of S+RJ10 "$65" price??? I got pair ...
by macgaiver
Tue Sep 05, 2017 2:56 pm
Forum: RouterBOARD hardware
Topic: 10G switch with RJ45?
Replies: 13
Views: 4949

Re: 10G switch with RJ45?

I think only thing that is missing is (100M/1G/2.5G/5G/10GBASE-T) RJ45 SFP+ module, then we can use any SFP+ only device.
by macgaiver
Tue Aug 29, 2017 3:30 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123761

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc20 (2017-Aug-29 06:41):
uuuu, winbox support for new bridge implementation....
by macgaiver
Tue Aug 22, 2017 8:22 am
Forum: General
Topic: EoIP tunnel not getting 1500 MTU [SOLVED]
Replies: 13
Views: 6214

Re: EoIP tunnel not getting 1500 MTU [SOLVED]

Set MTU on your EOIP tunnels interfaces to 1500.
by macgaiver
Wed Aug 16, 2017 12:16 pm
Forum: General
Topic: RB1200 NAT performance (throughput)
Replies: 10
Views: 2291

Re: RB1200 NAT performance (throughput)

Hello guys! I manage a RB1200 router, and since it has all GigE ports I assumed it has enough routing capacity for them. But once we upgraded our WAN link to 500 Mbps, RB1200 started hitting the CPU peak (100%) at approximately 200 Mbps. I tested the same link with Apple AirPort (a home router!) - ...
by macgaiver
Tue Aug 15, 2017 1:22 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 140164

Re: FastTrack - New feature in 6.29

New ISSUE: Fasttrack causes errors with IPTV HLS. If is used Fasttrack , IPTV does not Work.... in all versions.of RoS vhere is it What do you mean by "IPTV HLS"? can you be more precise? i have no issues with my IPTV and Fastpath? If you use Fasttrack then this traffic is NATed?? There are not eno...
by macgaiver
Thu Aug 03, 2017 3:55 pm
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 67
Views: 31724

Re: Wireless link calculator updated

1) Manual height override for both points (or mast height)

2) on the sea don't allow to go into negative height :)

3) allow to place link on left-mouse click, so you don't have to search where did you left your link previously :)
by macgaiver
Mon Jul 31, 2017 9:13 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 vs CCR series for core/distribution?
Replies: 10
Views: 4358

Re: RB1100AHx4 vs CCR series for core/distribution?

Ok, let's start again. Blank standard RB1100AHx4 routers. Router1 - port 6 (IP address: 10.0.0.1/30) connected to Router 2 - port 6 (IP address: 10.0.0.2/30), Cat6 patch. Nothing else configured. Router 1 -> Tools -> BTest Server -> Enabled Router 2 -> Tools -> Bandwidth Test -> Test to: 10.0.0.1 (...
by macgaiver
Mon Jul 31, 2017 6:49 am
Forum: General
Topic: CCR1036-8G-2s+ RAW firewall area not appearing
Replies: 2
Views: 552

Re: CCR1036-8G-2s+ RAW firewall area not appearing

Old RouterOS version???
by macgaiver
Thu Jul 13, 2017 7:12 am
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 36207

Re: v6.40rc [release candidate] is released! (New bridge implementation)

*) mmips - added support for NVME disks; what possible current mmips based router has slot/interface to get an nvme ssd attached to it? afaik nvme is pcie, and the hexR3 (the sole mmips based mikrotik device) doesn’t have anything similar... Maybe M33 ?? https://mum.mikrotik.com/presentations/EU17/...
by macgaiver
Wed Jul 12, 2017 4:19 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 36207

Re: v6.40rc [release candidate] is released! (New bridge implementation)

It doesn't work on RB850Gx2.
RB850Gx2 Ethernets doesn't have fastpath support, MT doesn't have their own driver there, they use ones provided by CPU manufactures so that IPsec hardware acceleration works. I asked about this at the MUM.
by macgaiver
Fri Jul 07, 2017 3:31 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 36207

Re: v6.40rc [release candidate] is released! (New bridge implementation)

... looks like my weekend just become much more interesting!
by macgaiver
Thu Jul 06, 2017 8:16 am
Forum: General
Topic: If FastTrack is useful for VPN?
Replies: 6
Views: 2008

Re: If FastTrack is useful for VPN?

Fastpath/Fasttrack can't and never will be used for input "traffic". Fastpath/Fasttrack allow to skip packet processing when it is not necessary, it uses routing cache ( in case of fastpath) and conntrack (in case of fasttrack) to determine what out-interface packet should end up to. and sends that ...
by macgaiver
Thu Jun 29, 2017 1:45 pm
Forum: Beginner Basics
Topic: Fasttrack on input chain?
Replies: 4
Views: 978

Re: Fasttrack on input chain?

Running SSTP it seems like a lot of packets are going through fasttrak on the input chain once I enabled it, and the connection quality improved. packets that is going through the router from SSTP to other interface are going via forward, that is why you see increase, only SSTP managment packets go...
by macgaiver
Thu Jun 29, 2017 7:11 am
Forum: Beginner Basics
Topic: Fasttrack on input chain?
Replies: 4
Views: 978

Re: Fasttrack on input chain?

it only work for forward, all input/output traffic needs to be in slowpath as it always requires some kind of processing.
by macgaiver
Wed Jun 28, 2017 10:09 am
Forum: General
Topic: Discussion about bugfix, current and rc versions
Replies: 29
Views: 6702

Re: v6.38.7 [bugfix] is released!

Actually major does need to correspond to kernel and minor and subminor do not need to correspond to feature set or patch too. Just see the release notes and you will find that subminor is adding new features too while minor is patching old problems also... feature set - all features old and new th...
by macgaiver
Wed Jun 28, 2017 7:18 am
Forum: General
Topic: Discussion about bugfix, current and rc versions
Replies: 29
Views: 6702

Re: v6.38.7 [bugfix] is released!

Why are you always confusing download channels and versions?? Current/bugfix/RC in download page is download channel, is whatever version MikroTik choose to position there, v6.39.2 can be placed in bugfix also, if MikroTik sees it fit. So these channels is nothing more as MikroTik's suggestions for ...
by macgaiver
Fri Jun 16, 2017 1:54 pm
Forum: General
Topic: (EMERGENCY) ECMP LOAD BALANCE
Replies: 10
Views: 1094

Re: (EMERGENCY) ECMP LOAD BALANCE

Please anybody I need help
You need to move away from 5,5year old version, then you can use examples from the manual.
by macgaiver
Wed Jun 14, 2017 4:00 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released!
Replies: 231
Views: 45823

Re: v6.40rc [release candidate] is released!

Version 6.40rc21 has been released. !) wireless - added Nv2 AP synchronization feature (for experimental use)(CLI only); Visit this link in order to find out more about new wireless feature: https://wiki.mikrotik.com/wiki/Manual:Nv2#Nv2_AP_Synchronization And that is one unexpected development.... ...
by macgaiver
Tue Jun 13, 2017 7:49 am
Forum: Announcements
Topic: Newsletter 76
Replies: 50
Views: 14937

Re: Newsletter 76

ARM v7 Dual-Core @ 800 MHz
As far as i know it is single core, at least routerboard.com backs me up on that.
by macgaiver
Mon Jun 12, 2017 10:48 am
Forum: General
Topic: Testing 10g equipment?
Replies: 3
Views: 751

Re: Testing 10g equipment?

Traffic generator offer you additional statistics if traffic returns to the same device it is created, like latency and jitter and packet loss.
by macgaiver
Fri Jun 09, 2017 10:56 am
Forum: General
Topic: Testing 10g equipment?
Replies: 3
Views: 751

Re: Testing 10g equipment?

Take X86/x64 hardware with at least 2x 10G interfaces,
install free 24h demo RouterOS license,
connect all 10G ports to device, use this setup:
https://wiki.mikrotik.com/wiki/Manual:P ... _Generator
by macgaiver
Thu Jun 08, 2017 5:28 pm
Forum: General
Topic: CRS326-24G-2S+RM speed test?
Replies: 4
Views: 1474

Re: CRS326-24G-2S+RM speed test?

CPUs on CRS series are there to run RouterOS and use some ROuterOS features not to generate 10G of traffic :)
For 10G traffic generation you need full out CCR device and use Traffic Generator.
by macgaiver
Thu Jun 08, 2017 4:55 pm
Forum: General
Topic: CRS326-24G-2S+RM speed test?
Replies: 4
Views: 1474

Re: CRS326-24G-2S+RM speed test?

Really, are you running Btest from the switch??

You need to run it from 1 x86 to other x86 through the switch.
by macgaiver
Thu Jun 08, 2017 9:08 am
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 15607

Re: RE: Re: The deal with change mss

Could you see, please, if all PPPoE interfaces has same MTU? I want to test it when MTU is not the same for all interfaces, just to see if will work in that case, or if is considering the minimal mtu to run this "new" algorithm. Thank you for your time It looks like packet get adjustment MSS when i...
by macgaiver
Wed Jun 07, 2017 2:56 pm
Forum: General
Topic: Mikrotik vs FortiGate
Replies: 3
Views: 5135

Re: Mikrotik vs FortiGate

IF they promise same performance with any size of the packets, i can tell you for sure it is hardware abased solution, so your biggest problem will be feature set, usually hardware based solutions have limited feature set. Those performance numbers are worst case scenario numbers, when software need...
by macgaiver
Wed Jun 07, 2017 2:51 pm
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 15607

Re: The deal with change mss

Just updated whole my pppoe site to 6.39.2, you can forget about change-mss rules, it all is now nicely build-in into ppp interfaces, even with MRU now it works fine.
by macgaiver
Tue Jun 06, 2017 3:57 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 35031

Re: v6.39.2 [current]

Neither of those things happened on my 1000AHx2 - PPPoE client and IPv6 are still there and enabled.
same here - so far so good.
by macgaiver
Thu Jun 01, 2017 8:08 am
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 15607

Re: The deal with change mss

no connection tracking, fastpath possible - everything much better.
For us this is irrelevant, since we need to do some NATing for some customers... which breaks fastpath.[/quote]

well fasttrack enables you to use fastpath with NAT.
by macgaiver
Wed May 31, 2017 12:06 pm
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 15607

Re: The deal with change mss

Before this change there was dynamic mange change-mss rules created, this enables connection tracking, disables fastpath making everything slow. Now this functionality is build-in into ppp interfaces themselves, this way no mangle rules are necessary, no connection tracking, fastpath possible - ever...
by macgaiver
Tue May 30, 2017 8:54 am
Forum: General
Topic: The deal with change mss
Replies: 24
Views: 15607

Re: The deal with change mss

v6.40rc13 have this line in changelog:
*) ppp - fixed "change-mss" functionality (introduced in 6.39);

so i assume when it is confirmed to test your issue it will be included in v6.39.2
by macgaiver
Tue May 02, 2017 11:54 am
Forum: General
Topic: MSS Clamping 6.39
Replies: 9
Views: 4079

Re: MSS Clamping 6.39

Just write to support@mikrotik.com
by macgaiver
Tue Apr 25, 2017 2:24 pm
Forum: General
Topic: v6.39rc80 [release candidate] is released!
Replies: 63
Views: 11001

Re: v6.39rc79 [release candidate] is released!

!) bridge - reverted bridge BPDU processing back to pre-v6.38 behaviour; (v6.40 will have another separate VLAN-aware bridge implementation);
Very nice to see that you actually listen to us :)
by macgaiver
Fri Apr 21, 2017 2:57 pm
Forum: General
Topic: v6.39rc80 [release candidate] is released!
Replies: 63
Views: 11001

Re: v6.39rc76 [release candidate] is released!

Unable to open any HTTPS site, unless the fasttrack rule is disabled.
meanwhile, HTTP site is not affected, even if the fasttrack rule is enabled.
No problems here. usually problems like this are with policy routing, but policy roluting and fasttrack is mutually exclusive....
by macgaiver
Wed Apr 19, 2017 4:15 pm
Forum: Beginner Basics
Topic: Product recomandation
Replies: 12
Views: 1116

Re: Product recomandation

wonderfull. But i still dont understand why switching result page show lower value : Switching Non blocking Layer 1 capacity 37,202.4 50,000.0 5,874.1 50,000.0 2,031.9 50,000.0 thank you In Ethernet, packets are seperated by IPG (Inter packet gap) usually 20bytes so on small packets 64byte packet -...
by macgaiver
Fri Apr 07, 2017 6:08 pm
Forum: General
Topic: no internet after forwarding ports
Replies: 9
Views: 964

Re: no internet after forwarding ports

in-interface on dst-nat rules needed.

Currently these rules are dst-natting ALL connections back to local hosts - even those that are generated by those hosts themselves
by macgaiver
Wed Apr 05, 2017 2:08 pm
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12225

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

I think it's important to remember that a substantial amount of traffic is needed to have any sort of effect on your devices. You won't be able to bring down a CCR using a residential xDSL line that only has a couple Mbit/s upload speed, or have one of your WiFi customers kill your network because ...
by macgaiver
Wed Apr 05, 2017 10:20 am
Forum: General
Topic: Problem RouterOS 6.38.5 - Denial of Service
Replies: 67
Views: 12225

Re: Vulnerability RouterOS 6.38.5 - Denial of Service

if you send any traffic to software based network device (one that runs with central CPU, not hardware based dumb device) you will generate load, live with it that is set in stone, you can't change that. Thing you can do is configure your software based network device in a way load is minimized. in ...
by macgaiver
Fri Mar 17, 2017 3:55 pm
Forum: RouterBOARD hardware
Topic: Ethernet Test Results
Replies: 3
Views: 965

Re: Ethernet Test Results

That board have switch chip and there are only 2 x 1Gbps lines that go to CPU, as indicated in block diagram: https://i.mt.lv/routerboard/files/RB962UiGS-160210082257.png so max on 2x 1Gbps lines is 2Gbps (Layer1-speed) if you count out 20 byte Inter Packet Gaps on Ethernet you will end up with 1,96...
by macgaiver
Thu Mar 16, 2017 9:07 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

Just a note - this topic is officially successfully drowned by you two... I hope that fact alone smytht indicate that your "method of delivery" seriously lacks something.. my personal standpoint is very simple - i think Linux Kernel development has the highest standards in the world (especially secu...
by macgaiver
Wed Mar 15, 2017 1:09 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

5 posts in a row is some kind of record in this forum smytht . Don't get me wrong, am all about getting rid of "bugs", but sometimes all that is needed is just "step on that bug", not to start "MIT project to introduce high frequency sonic bug defense for whole building". i also had a bet with sever...
by macgaiver
Mon Mar 13, 2017 3:57 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82415

Re: v6.39rc [release candidate] is released

well, since "3.2 and above(up to 4.11?)" listed as "vulnerable" unless "particular security fix" delivered - it IS VULNERABLE, i guess. how do you Know(!) that ROS lack "drivers/tty/n_hdlc" in it ? do you had ROS source-code access ? have you seen HDLC protocol frames anywhere in RouterOS? I haven'...
by macgaiver
Mon Mar 13, 2017 11:22 am
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82415

Re: v6.39rc [release candidate] is released

is any chance for fix for recent linux breach ?
eg this one:
https://security-tracker.debian.org/tra ... -2017-2636
... in the Linux kernel through 4.10.1... 
RouterOS v6 uses v3.3.6 and don't have hdlc ...you are safe.
by macgaiver
Fri Mar 10, 2017 1:05 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

One of my concerns, and what I certainly don't want to continue, is that we all treat this as a single vulnerability and and that 6.37.5 / 6.38.5 solves it... cause it doesn't, Welcome back to the forum Tom!! I see you continue where you left off, when you last time were active on forum. Conspiracy...
by macgaiver
Thu Mar 09, 2017 6:40 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

Sure, but you still need to wait for Wikileaks to release all information and tools, to know for sure :) . I'm not sitting and waiting on that to happen . Tonight is an update night - hardest decision is to 6.37.5 or 6.38.5...
by macgaiver
Thu Mar 09, 2017 6:04 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

The reason for such tools are inability to release properly patched versions in time. Cisco release cycle and bug fixing cycle takes years. MT just updated all their versions with a fix. Also nobody knows how compromised router actually looks like, so how can you create tool for that? Normis replied...
by macgaiver
Thu Mar 09, 2017 12:06 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43998

Re: CIA exploits against Mikrotik hardware

Guys, i would relax about your RouterOS devices, at this point it looks like you need to leave your "key in ignition" so your car "got stolen" and start worry about other devices, just look at size of this directory: https://wikileaks.org/ciav7p1/cms/index.html Especially those of you who are using ...
by macgaiver
Wed Mar 08, 2017 6:46 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

... it is currently unclear if the malware tries to exploit any vulnerability in current RouterOS releases (6.38.4 'current' and 6.37.5 'bugfix' or newer)... FYI, the current download page still indicates the bugfix version as 6.37.4. Not sure if 6.37.5 was a typo, or if the page needs to be update...
by macgaiver
Wed Mar 08, 2017 6:43 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45662

Re: Statement on Vault 7 document release

Any way how can I find if, how or ''supposedly'' my router is infected with so called "ChimayRed"? From what i read: There is no solid information about that yet, without hacking tools themselves, they need to have 'supposedly'' hacked router on their hands to determine and create precise method of...
by macgaiver
Wed Feb 22, 2017 6:18 pm
Forum: General
Topic: Mikrotik & Lightning
Replies: 13
Views: 1214

Re: Mikrotik & Lightning

I'm not the wireless guy at the company, but i can say that 80% of our problems with lightening were solved by using Fiber to the tower instead of Ethernet cable. What about power - you are still using some copper Fiber will help protect your switch ports - however - a lightning strike can still de...
by macgaiver
Mon Feb 20, 2017 6:38 pm
Forum: General
Topic: Mikrotik & Lightning
Replies: 13
Views: 1214

Re: Mikrotik & Lightning

I'm not the wireless guy at the company, but i can say that 80% of our problems with lightening were solved by using Fiber to the tower instead of Ethernet cable.
by macgaiver
Fri Feb 17, 2017 6:48 pm
Forum: General
Topic: socks service with IPV6
Replies: 2
Views: 698

Re: socks service with IPV6

Does anyone really uses SOCKS in modern age?
by macgaiver
Wed Feb 08, 2017 5:48 pm
Forum: General
Topic: There are days I consider MT as lame
Replies: 9
Views: 1232

Re: There are days I consider MT as lame

Yup, lets switch to other vendor, pay 20x more and have exactly the same problems only 10x bigger time intervals, and software updates/patches once a year, etc,etc. By the money you saved you should have 2 devices on all locations in case one goes bust... Sorry , nothing personal, simply working wit...
by macgaiver
Wed Feb 08, 2017 11:52 am
Forum: Wireless Networking
Topic: MU-MIMO?
Replies: 24
Views: 8064

Re: MU-MIMO?

I think that MU-MIMO hype is overrated, you can find lots of information about this on the net, For example: http://www.networkcomputing.com/wireless-infrastructure/mu-mimo-reality-check/1263574300 Most people think that this will just solve all of their problems, but in fact it will not. Most probl...
by macgaiver
Mon Feb 06, 2017 12:58 pm
Forum: General
Topic: RB 3011 asymmetric cpu load
Replies: 10
Views: 1332

Re: RB 3011 asymmetric cpu load

Ideal situation in packets path over router is to stick to one CPU core as long as possible ( until 100% load) , this is due the fact that transferring something between cores is very expensive (resource and time wise) in Linux Kernel. Second, in these small multi-core CPUs manufactures are not very...
by macgaiver
Thu Feb 02, 2017 3:05 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82415

Re: v6.39rc [release candidate] is released

fast-forward is an exciting development
i did some tests with traffic generator on first board i could find (RB750Gr2) - ~20% increase in max throughput, not bad, not bad at all.
by macgaiver
Fri Jan 27, 2017 1:35 pm
Forum: Forwarding Protocols
Topic: Where is this 169.254 IP coming from?
Replies: 4
Views: 2037

Re: Where is this 169.254 IP coming from?

It is Microsoft!!!!
Just google for it :)

RFC 3927
Automatic Private Internet Protocol Addressing (APIPA)
or simply 169.254.0.0/16
by macgaiver
Fri Jan 27, 2017 12:39 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82415

Re: v6.39rc [release candidate] is released

!) filesystem - fixed rare situation when filesystem went into read-only mode (some configuration might have gotten lost on reboot); !) filesystem - fixed rare situation when filesystem failed to read all configuration on startup; Any more detailed explanation on these? Is this the one that caused ...
by macgaiver
Thu Jan 26, 2017 1:30 pm
Forum: Beginner Basics
Topic: Restriction Level
Replies: 6
Views: 809

Re: Restriction Level

v5.20 .... that was built ~September 2012!!!!! Have at least some descency!! get up-to-date. Upgrades are free!! Or are you pirate?
by macgaiver
Tue Jan 24, 2017 3:06 pm
Forum: General
Topic: PPPoE (client) stopped working after 6.38 upgrade
Replies: 11
Views: 3391

Re: PPPoE (client) stopped working after 6.38 upgrade

I'm 99% sure that this is unrelated to pppoe, but related to hardware STP on bridges. They were fixed in exatly the same versions and should be working fine with 6.38.1 also.
by macgaiver
Tue Jan 24, 2017 7:33 am
Forum: Announcements
Topic: Winbox 3.10 released!
Replies: 70
Views: 39939

Re: Winbox 3.10 released!

When I click check for update of winbox then message show "There are no new versions", My current winbox version is 3.9
you can download it from webpage directly. Check-for-update delays are usually down to proxies (cloud) - ether yours or ones that MikroTIk uses for version discribution.
by macgaiver
Mon Jan 23, 2017 12:10 pm
Forum: General
Topic: Possibly infected routerboard?
Replies: 9
Views: 1008

Re: Possibly infected routerboard?

OK, thx for info. Now i'm trying to break password by brute force. I will write if I find something.
... several months later...


Just use Netinstall and start over.
by macgaiver
Mon Jan 23, 2017 11:40 am
Forum: General
Topic: Possibly infected routerboard?
Replies: 9
Views: 1008

Re: Possibly infected routerboard?

All devices was unplugged from routerboard, only routerboard was connected, and routerboard sends about 20 mbps during few hours.
And what does /tool torch or /tool packet-sniffer did show? what kind od traffic was that?
by macgaiver
Wed Jan 18, 2017 6:38 pm
Forum: General
Topic: how can I route differnats packets?
Replies: 7
Views: 683

Re: how can I route differnats packets?

WRONG! Will not work with NAT and it is from 2008. I already asked MT to fix it

use this
http://wiki.mikrotik.com/wiki/Manual:PCC
by macgaiver
Wed Jan 18, 2017 6:25 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82415

Re: v6.39rc [release candidate] is released

so they are all stuck at 6.36.4? I'm sorry, but what is wrong with that? Very good and recent version. I have some applications that are restricted to v5.26 for similar reasons. Or all the mipsle devices that are stuck @ v6.32.4 It is impossible to support all the legacy stuff all the time - at som...
by macgaiver
Wed Jan 18, 2017 11:18 am
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 24088

Re: v6.38.1 [current]

Migrated portion of Work network to v6.38.1, around 30 routers, wifi PtP and PtMP, Some GW and some switches. One device had to be netinstalled for some unknown reason (happens time to time), found 2 loops thanks to hardware STP feature. Is there or will be there a way to set STP roles to dynamic sw...
by macgaiver
Tue Jan 17, 2017 12:43 pm
Forum: RouterBOARD hardware
Topic: STP Alternatives ?
Replies: 5
Views: 861

Re: STP Alternatives ?

Try to use "horizon" feature in bridge ports.
by macgaiver
Mon Jan 16, 2017 5:38 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 24088

Re: v6.38.1 [current]

I have strange excitement about version that was build on the Friday 13th and with full moon (at least where i'm from).

Just upgraded my home network CRS226, RB750Gr2 and few WAP ac, so far so good. Tomorrow will play with test network @ work.
by macgaiver
Fri Jan 13, 2017 3:22 pm
Forum: Announcements
Topic: Winbox 3.8 released!
Replies: 47
Views: 18198

Re: Winbox 3.8 released!

Winbox 3.8, RB750GL 6.39rc12 - can not change/set firewall NAT rule's dst-port, src-port by winbox. Fields are grayed out/disabled whatever I do. On existing NAT rules and new ones as well. Already reported to support@mikrotik.com did you specified a protocol?? I upgraded Winbox on 3 Win10 Home (up...
by macgaiver
Thu Jan 12, 2017 7:58 am
Forum: General
Topic: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?
Replies: 7
Views: 2249

Re: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?

fastest way to get packet through - FASTPATH

if you need connection tracking (NAT in most cases) , and nothing else - FASTTRACK.

If you need to use other features, but some traffic doesn't require connection tracking - RAW table
by macgaiver
Thu Jan 12, 2017 7:33 am
Forum: Scripting
Topic: Some Music
Replies: 10
Views: 13965

Re: Some Music

This is on completely another level compared to all other PC speaker music we had here - really impressed!
by macgaiver
Wed Jan 11, 2017 6:45 pm
Forum: General
Topic: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?
Replies: 7
Views: 2249

Re: Raw Accept vs IP Firewall FastTrack, which one is faster and light weight?

IP RAW - feature that allows traffic to skip Connection tracking fasttrack-connection - feature that allows traffic to skip everything else except Connection tracking. No - you can't have both at the same time :) Biggest minus of connection tracking is that if it captures packet fragments in NEEDS t...
by macgaiver
Wed Jan 11, 2017 6:32 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 37223

Re: v6.38 [current] is released!

hi guys,

does anyone of you encountered problems in PCC after upgrading their Mikrotik OS?

PCC currently is not working anymore after upgrading . please help.
Just a guess - did you enable fasttrack?
by macgaiver
Wed Jan 11, 2017 1:50 pm
Forum: RouterBOARD hardware
Topic: New product : HAP Mini (RB931-2ND)
Replies: 15
Views: 7965

Re: New product : HAP Mini (RB931-2ND)

I like all nice little devices (emphasis on little), but this brings only one question - why? Are there really that many customers waiting for yet a little cheaper RB? "Oh yeah, under $20, now I'll get one!" :) There is a whole world outside the North America and Europe that tries to by everything ...
by macgaiver
Tue Jan 03, 2017 5:04 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 37223

Re: v6.38 [current] is released!

RE: Important note!!! To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations. I sure wish I would of known about this issue prior to upgrading a dozen Mikrotiks last month. Because of spanning-tree...
by macgaiver
Thu Dec 22, 2016 12:24 pm
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75239

Re: v6.38rc [release candidate] is released

At the log console MT6.38rc52: "package channel changed by admin" - wtat's that?! I have never seen that log before. I hav NO wireless package at this RB493G. So - what does mean that log info? It's "system,info" category message. you changed channel in "/system package update set channel=" or in w...
by macgaiver
Wed Dec 21, 2016 5:53 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 33034

Re: RB750Gr3 - Report and questions

(cpu usage ~50%, probably limited to 1 core?)
/system resources cpu shows you per core load
/tool profile allows you to see what is taking total CPU time and each core individually what is doing - make sure you run latest 6.38RC, profiler was fixed there
by macgaiver
Tue Dec 20, 2016 6:35 pm
Forum: Beginner Basics
Topic: Noob NAT question
Replies: 4
Views: 632

Re: Noob NAT question

Why NAT local to local IPs? That is fundamentally wrong
Why load mAPs with firewall ?

use simple routing (or bridging) and filter everything on your CCR.

Make sure that connection-nat-state=!src-nat packets are dropped if coming from public network in firewall forward.
by macgaiver
Tue Dec 20, 2016 6:28 pm
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75239

Re: v6.38rc [release candidate] is released

Version 6.38rc51 has been released. Changes since previous version: ... *) ipsec - various additional work on IKEv1/IKEv2 support; .... Seems that IKE polishing is taking some hard time and effort, to my memory this is first time RC have reached 50+ EVER!!! Note: hardware RSTP is finally working as...
by macgaiver
Tue Dec 20, 2016 6:22 pm
Forum: Announcements
Topic: MikroTik News December 2016 (Issue #74)
Replies: 94
Views: 22257

Re: MikroTik News December 2016 (Issue #74)

Not only one distributor. Exactly!! So you need to direct your questions to source of information - those distributors. Why ask here? When MT will be ready to announce something publicly, you will get new newsletter. Maybe MT is building stock, or ensures that product is shipped to all around the w...
by macgaiver
Tue Dec 20, 2016 6:10 pm
Forum: RouterBOARD hardware
Topic: CCR1072 - DC PSU
Replies: 4
Views: 801

Re: CCR1072 - DC PSU

I asked about this at last MUM i attended - reply was, "YES, should be available somewhere in 2017!" they were unable to give more information.
by macgaiver
Wed Dec 14, 2016 11:36 am
Forum: RouterBOARD hardware
Topic: CCR1076
Replies: 8
Views: 1402

Re: CCR1076


It looks like you could optimise your firewall policies a lot. Are you using jump actions, and are you using FastTrack ?
+1 and consider new RAW feature that allow some traffic to skip conntrack "notrack"
by macgaiver
Tue Dec 13, 2016 4:01 pm
Forum: RouterBOARD hardware
Topic: CCR1076
Replies: 8
Views: 1402

Re: CCR1076

what does the /tool profile shows as your main source of CPU load?
by macgaiver
Fri Dec 02, 2016 6:39 pm
Forum: General
Topic: Am i being hacked?
Replies: 8
Views: 1473

Re: Am i being hacked?

why does the telnet port is open on WAN. You might need only winbox/ssh port opened from WAN, maybe some VPN server ports, but all other - drop it.
by macgaiver
Thu Dec 01, 2016 7:34 am
Forum: Announcements
Topic: v6.37.3 [current] is released!
Replies: 58
Views: 20143

Re: v6.37.3 [current] is released!

MAJOR issue!!! Log in via winbox, loads new plugins, then acts like its about launch the window then disappears/closes out!! Downgrade back to 6.37.2 and fixed.

GOOD thing I had HTTP/WEB enabled on this one so that I could log in and downgrade!!!
what winbox loader version are you running?
by macgaiver
Wed Nov 23, 2016 2:53 pm
Forum: Announcements
Topic: v6.37.2 [current] is released!
Replies: 50
Views: 13690

Re: v6.37.2 [current] is released!

On wapAC after upgrading from 6.37.1, it was unable to get a dhcp address lease. I needed to downgrade back to make it have a lease again. It's a wAPac so no master slave ports !!! my wAPac is configured as a CAP. eth1 is configured as dhcp-client. 6.37.1 i get a dhcp lease 6.37.2 i don't get a dhc...
by macgaiver
Tue Nov 22, 2016 9:45 am
Forum: Announcements
Topic: v6.37.2 [current] is released!
Replies: 50
Views: 13690

Re: v6.37.2 [current] is released!

There is still EXPORT bug at some x86 boards: /interface ethernet set [ find default-name=ether1 ] comment=LAN speed=100Mbps set [ find default-name=ether2 ] comment=WAN1 set [ find default-name=ether3 ] comment=WAN2 The "ether1" is connected at 1Gbit! and "ether2", "ether3" - are 100Mbit ports exp...
by macgaiver
Tue Nov 22, 2016 8:48 am
Forum: The Dude
Topic: 6.37.2 Warning Dude doesn't work! Wait for 37.3?
Replies: 10
Views: 1735

Re: 6.37.2 Warning Dude doesn't work! Wait for 37.3?

BTW Dude does work in this version !!!!
by macgaiver
Tue Nov 22, 2016 7:02 am
Forum: The Dude
Topic: 6.37.2 Warning Dude doesn't work! Wait for 37.3?
Replies: 10
Views: 1735

Re: 6.37.2 Warning Dude doesn't work! Wait for 37.3?

Well, from where i stand - better Dude than firewall (37.1 was actually breaking existing firewall configuration), all proper Dude users are on RC version anyway.
by macgaiver
Fri Nov 11, 2016 2:31 pm
Forum: General
Topic: 6.37.1 and 6.36.4 100% CPU usage on Firewall
Replies: 7
Views: 1176

Re: 6.37.1 and 6.36.4 100% CPU usage on Firewall

this is guesswork at this point. in changelog there are at least few entries that can explain that. usually 100% is down to some kind of crash.
by macgaiver
Thu Nov 10, 2016 2:13 pm
Forum: General
Topic: Feature Request: L2TPv3 Client
Replies: 18
Views: 7448

Re: Feature Request: L2TPv3 Client

It is miraculous how all the dormant forum users just waked up to write something in this topic :)

Could you all be so kind and be more precise where and in what configurations are you planing to use it?
by macgaiver
Tue Nov 08, 2016 9:07 am
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75239

Re: v6.38rc [release candidate] is released

I can understand summarizing in final release notes, but nice in rc changelog to know if fixes or updates were made relating to that line item, right? Changelog line is moved to latest RC, so there are fixes or updates :). One can argue, that it would be nice to know what exactly are those changes,...
by macgaiver
Tue Nov 08, 2016 8:24 am
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75239

Re: v6.38rc [release candidate] is released

*) discovery - added LLDP support; I thought LLDP was already added? AFAIK this is RC changelog, there is no point to add new line for every fix/update for features that was introduced in this RC, when released in current it will still be just one changelog entry about feature introduction. So thos...
by macgaiver
Fri Nov 04, 2016 11:38 am
Forum: General
Topic: Simpe question about MT product naming
Replies: 2
Views: 415

Re: Simpe question about MT product naming

hEX - home Ethernet eXchange, not sure about SXT, my best guess it is short of Sextant, as SXT products are down-scaled Sextant products.
by macgaiver
Fri Oct 28, 2016 11:40 am
Forum: General
Topic: about L2MTU
Replies: 3
Views: 815

Re: about L2MTU

Put same version on both devices, there must be some change in changelog that does that.
by macgaiver
Wed Oct 26, 2016 2:11 pm
Forum: Announcements
Topic: v6.36.4 [bugfix] is released!
Replies: 51
Views: 15023

Re: v6.36.4 [bugfix] is released!

Build date and release date separation in this version is encouraging. I assume some proper testing was done?
by macgaiver
Tue Oct 25, 2016 2:03 pm
Forum: General
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2898

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

So we agree that pcq-upload is currently not compatible with masquerade, right?
With connection tracking on, it definitely works
by macgaiver
Thu Oct 13, 2016 8:29 am
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

popular p2p, I think
You have to really try to get even in 5 digit number of connections per client using any current p2p.
by macgaiver
Wed Oct 12, 2016 4:56 pm
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

well, I know people who add new routers just because they approach 500k limit, not because the router is overloaded by CPU or bandwidth
What is the source of such amount? DDoS?
by macgaiver
Wed Oct 12, 2016 3:40 pm
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

Well, now it's official. There's hard limit on the number of entries in connection tracking table: http://forum.mikrotik.com/viewtopic.php?p=562410#p562410 So, no 16G can be used =) 1M connections with conntrack on - amount of used RAM will be the less of your problems :) there are many other ways,...
by macgaiver
Tue Oct 11, 2016 2:15 pm
Forum: General
Topic: Unclassified profile CPU Usage
Replies: 1
Views: 1494

Re: Unclassified profile CPU Usage

write to support@mikrotik.com, with all the info requested in auto-reply. They need to classify that load.
by macgaiver
Tue Oct 11, 2016 2:12 pm
Forum: General
Topic: DHCP Sub-options
Replies: 4
Views: 648

Re: DHCP Sub-options

This looks like too much of coincidence, for such specific problem :) same user, multiple accounts??

Each DHCP option can be defined only once, so if you need some sub-options you need to create regexp when both are specified together in one take.
by macgaiver
Fri Oct 07, 2016 2:28 pm
Forum: General
Topic: PCC side effect on Mikrotik Forum
Replies: 4
Views: 868

Re: PCC side effect on Mikrotik Forum

looks like you misconfigured your PCC.
by macgaiver
Thu Oct 06, 2016 8:34 am
Forum: Wireless Networking
Topic: How many device need for wifi full coverage?
Replies: 22
Views: 2311

Re: How many device need for wifi full coverage?

You need to change your thinking, you need to start from weakest point in this setup - as it is park, it is client devices - mobile phones and tablets. You need to find out what is average distance they can transmit data back to AP. remember that Wi-Fi communication is bidirectional, not only phone ...
by macgaiver
Wed Oct 05, 2016 6:14 pm
Forum: The Dude
Topic: The Dude, v6.38rc test builds.
Replies: 189
Views: 39508

Re: The Dude, v6.38rc test builds.

by macgaiver
Wed Oct 05, 2016 5:33 pm
Forum: The Dude
Topic: The Dude, v6.38rc test builds.
Replies: 189
Views: 39508

Re: The Dude, v6.38rc test builds.

ERROR: missing dude-6.37.1-tile.npk (on Current/Stable channel)
ERROR: missing dude-6.38rc8-tile.npk (on Release Candidate channel)
you know there are old fashion way of upgrading - downloading packages manually, uploading them to the router and rebooting :)
by macgaiver
Wed Oct 05, 2016 3:35 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67482

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

That is nice. I still think it is a mistake to cut down the flash to 16MB, this is going to bite you/us sooner or later.
"external micro SD slot and card support"
by macgaiver
Wed Oct 05, 2016 1:49 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67482

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

Buy from roc-noc.com as he is the original poster it is pretty certain that he sold all Gr2 out already :)
by macgaiver
Wed Oct 05, 2016 12:07 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 67482

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

Ok I see that hEX is RB750Gr2... a little confusing, those marketing names, especially when there is no 1:1 mapping between marketing names and technical names. Would it not be better to call it "hEX plus" or something? When you look at the cars - "BMW 320" marketing name also remains unchanged dur...
by macgaiver
Tue Oct 04, 2016 6:31 pm
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 38166

Re: v6.37.1 [current] is released!

I was asking something more like --- If there is no second package showing up, then is a 2nd reboot still necessary ?
No it is not necessary.
by macgaiver
Tue Oct 04, 2016 4:44 pm
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 38166

Re: v6.37.1 [current] is released!

RE: !) package - fixed wireless package status after upgrade to 6.37 (extra reboot after upgrade is necessary); Are the two reboots necessary ? Or is the second reboot only required/needed if there is a 2'nd wireless package that shows up with a different version ? North Idaho Tom Jones upgrade, if...
by macgaiver
Tue Oct 04, 2016 4:40 pm
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 38166

Re: v6.37.1 [current] is released!

... wouldn't it be logical to disable fasttrack for connection that depend on mangle rules during connection set-up?

Exactly!!! - add "routing-mark=no-mark" to your fasttrack rule, and everything will be fine. That rule is created manually, you can adjust it as you like.
by macgaiver
Fri Sep 23, 2016 12:45 pm
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34935

Re: v6.37 [current] is released!

Sorry, for this upgrade error. Simply changelog is too long :)

We will fix it as soon as possible.
LOL
by macgaiver
Tue Sep 20, 2016 2:59 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!

6.37rc38 on hAP AC

Trying to use QuickSet from Winbox in Home AP Dual mode - unable to save config as 'Band' always stays red whatever settings for 2GHz and 5GHz are chosen. Works ok from Web config page though.
what winbox loader version are you using?
by macgaiver
Wed Sep 14, 2016 5:21 pm
Forum: General
Topic: DNS troubles in Mikrotik
Replies: 8
Views: 5894

Re: DNS troubles in Mikrotik

Try traceroute to see where the timeout comes into play
by macgaiver
Tue Sep 13, 2016 4:02 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!

Hi Sergejs + Team, Can you please provide more detail on this fix. Specifically what the triggers for the memory leak were, this way we can know exactly what problems it will solve. Thanks! Lately changelog is as precise as they are willing/allowed to answer. for example - you wouldn't like them to...
by macgaiver
Wed Sep 07, 2016 3:36 pm
Forum: Announcements
Topic: v6.36.3 [current] is released!
Replies: 43
Views: 13519

Re: v6.36.3 [current] is released!

Hi guys,

I still miss Hardware Support for Supermicro SYS-5018A-MLTN4 with C2000 SoC I354 Quad GbE controllers (MACs)....
Please let me know if there is any Change in the next Releases.

Thx
Steve
AFAIK you will have to wait till RouterOS v7, all newest drivers require newest linux kernel.
by macgaiver
Tue Sep 06, 2016 3:36 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!

All known wireless package issues after system upgrade should be fixed now. Just upgraded board from 6.35.4, with 4 wireless packages on it -fp and -cm2 (in bundle) -cm2 and -rep separately, enabled -rep. Upgrade went without issues have one "wireless" in the bundle, enabled, with configuration int...
by macgaiver
Fri Sep 02, 2016 2:45 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!

Can you at least indicate where this feature can be found in the command structure?
I have been looking in /system script and in /snmp but I have been unable to find any command or option referring to a script table.
under interfaces.
/interface ethernet set <tab><tab> 
by macgaiver
Thu Aug 25, 2016 2:03 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!

*) simple queues - fixed issue which caused additional/unnecessary CPU load;
Can you be more specific? What simple queue configurations are affected? how much?
by macgaiver
Wed Aug 24, 2016 5:49 pm
Forum: Announcements
Topic: v6.36.2 [current] is released!
Replies: 54
Views: 14976

Re: v6.36.2 [current] is released!

*) partitions - fixed crash on repartition when there is not enough free space; Well - that would explain my bricked 2011 when I tried to repartition to remove a DD-WRT image that I wasn't using..... If only I'd waited two more days to mess with it. :( This change was in RC for some time already!. ...
by macgaiver
Fri Aug 19, 2016 10:26 am
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!


You most definately need to send supout.rif file from rc19 to support@mikrotik.com
macgaiver: why he wrote it? post+1? your is spamer
Cause only ones that can help you are reachable via that mail, to make sure that RC20 doesn't have this problem.
by macgaiver
Thu Aug 18, 2016 5:33 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 42129

Re: v6.36 [current] is released!

I had about 5 devices most of them 2011UiAS-2HnD and one CRS125-24G-1S out of 300 devices that I monitor that where malfunctioning on upgrade to 6.36. Not all menus would show data and even terminal wouldn't work. All I managed to do was to paste a file to the files and do a downgrade. I used 6.35....
by macgaiver
Thu Aug 18, 2016 5:30 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!

It's not this way
wireless packages activate build 6.37rc19 ( wireless AP view air)
build 6.37rc15 upgrade to 6.37rc19 > downgrade 6.37rc15 (works)
You most definately need to send supout.rif file from rc19 to support@mikrotik.com
by macgaiver
Mon Aug 08, 2016 5:00 pm
Forum: Beginner Basics
Topic: Still gonna kill myself....Please help
Replies: 2
Views: 495

Re: Still gonna kill myself....Please help

add a queue with those exception IPs as target in front of all dynamic queues.
by macgaiver
Mon Aug 08, 2016 3:08 pm
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

I'm 99,999% sure you will be fine with 500k
by macgaiver
Mon Aug 08, 2016 2:36 pm
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

BGP is managing it for me :)

PCC is fine for client's network if you use NAT.
by macgaiver
Mon Aug 08, 2016 2:14 pm
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

First of all putting a state-full firewall on such large network is stupid. on almost all my routers that work with 100+ clients i have connection tracking off. But after i got a call that i'm source of DDoS attack, i had to turn it on for some "special" clients. Now with new RAW table - especially ...
by macgaiver
Mon Aug 08, 2016 1:52 pm
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

Sorry, but what planet are you from? i have /22 network full with clients, and only time i run into problems with amount of connections was when i was under DDoS attack(to be more precise - some of the clients were infected to be a part of DDoS attack to somewhere). it is 500k, it is 500 connections...
by macgaiver
Mon Aug 08, 2016 1:20 pm
Forum: RouterBOARD hardware
Topic: CCR RAM SCAM!?
Replies: 31
Views: 3457

Re: CCR RAM SCAM!?

What does it have to do with RAM??? It looks like amount of connections in conntrack is simply limited to half a million, and together with RAW table (firewall filter that happens before connection tracking) added to latest versions, i do not see the reason why there should be more. memory is utiliz...
by macgaiver
Wed Aug 03, 2016 3:37 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 42129

Re: v6.36 [current] is released!

Hi there ... I had disabled Fast Path at IP settings ... why FP counters still showing almost the same traffic as TX/RX ?? Is this a 6.36 issue? Regards; Ip settings only disables routing fastpath, there are still bridging fastpath and interface fastpath. If i'm not mistaken, in interface driver su...
by macgaiver
Fri Jul 29, 2016 12:45 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57316

Re: v6.37rc [release candidate] is released, only one wireless package!

That changelog thing is starting to get out of hand....

Are there any plans for mandatory county specification, or automatic discovery via /ip cloud?
by macgaiver
Tue Jul 19, 2016 10:43 am
Forum: General
Topic: dst-limit possible problem
Replies: 4
Views: 891

Re: dst-limit possible problem

First of all, showing your real IP in public forums will be the first thing that will get you DoS DDoS attack :)

what is your CPU load on that test?
by macgaiver
Tue Jul 12, 2016 12:08 pm
Forum: Wireless Networking
Topic: Mikrotik wAP_ac low throughput in 5ghz
Replies: 3
Views: 799

Re: Mikrotik wAP_ac low throughput in 5ghz

Not enough information to work with. paste your wireless config for that interface, use command line /wireless export command and delete/replace all sensitive information
by macgaiver
Mon Jul 11, 2016 3:36 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134442

Re: HAP AC

Hi, macgaiver
 What encryption you mean? Those mschap/pap/... under pppoe client settings?
Security profile need to be without encryption.