Community discussions

Search found 174 matches

by LatinSuD
Fri Aug 09, 2019 1:15 pm
Forum: Scripting
Topic: Concise list of API supported commands?
Replies: 5
Views: 4589

Re: Concise list of API supported commands?

Sorry, but how do I know the complete list of commands?

I would like to do backups using API, and for that i'd need to enumerate the whole configuration tree.
/interface/ethernet
/interface/queue
/queue/interface
...
Is it possible to know this list in advance using API?
by LatinSuD
Mon Jul 29, 2019 1:10 pm
Forum: General
Topic: Sniffer and MPLS
Replies: 0
Views: 168

Sniffer and MPLS

I have noticed that you cannot properly sniff MPLS packets:
  • IP filters do not work if the packet is MPLS encapsulated
  • IP address are not displayed in the captured list

Could you add an MPLS "dissector" to the packet sniffer?
by LatinSuD
Tue Apr 30, 2019 1:17 pm
Forum: General
Topic: No TX sniffed on hardware offloaded ports
Replies: 3
Views: 227

No TX sniffed on hardware offloaded ports

Hi. I see no traffic when sniffing on a port that belongs to a bridge in "hardware offload" mode. The bridge includes an EoIP tunnel and several Ethernet ports. The packets that I can't see enter from the EoIP and should egress through ether6. I can see incoming packets from the EoIP interface, but ...
by LatinSuD
Thu Apr 25, 2019 10:42 am
Forum: SwOS
Topic: VLan Type enabled vs strict
Replies: 3
Views: 496

VLan Type enabled vs strict

It looks from documentation that for standard VLAN operation you need to set VLAN Type to "strict" instead of just "enabled". If you set VLAN Type on port to "enabled" it will pass ANY VLAN that has been defined on ANY port. The value that only lets pass the VLANs that has been defined for the SPECI...
by LatinSuD
Wed Apr 17, 2019 3:13 pm
Forum: The Dude
Topic: Alerts based on throughput threshold
Replies: 4
Views: 879

Re: Alerts based on throughput threshold

It does not work on 6.39.2

Nor does this:
https://wiki.mikrotik.com/wiki/Manual:S ... imitations
by LatinSuD
Wed Mar 27, 2019 12:30 pm
Forum: General
Topic: Radius status not working
Replies: 1
Views: 390

Re: Radius status not working

Ok, i see. Maybe "status" function is not implemented.

I think this is a duplicate of my issue: viewtopic.php?t=44710
by LatinSuD
Thu Mar 07, 2019 10:21 am
Forum: General
Topic: dst-limit not matching when rate is higher than 5000
Replies: 3
Views: 301

dst-limit not matching when rate is higher than 5000

There is some limit at exactly at the rate of 5000. This one works. That means that if I generate 6000 pps it will eventually pass the rule: /ip firewall mangle add action=accept chain=DDOS dst-limit=5000,5000,dst-address/20s This will never pass. Not at 6000 pps, not at 10000pps: /ip firewall mangl...
by LatinSuD
Tue Mar 05, 2019 10:40 am
Forum: RouterOS v6 RC and v7 BETA
Topic: About NULL in Layer7
Replies: 5
Views: 1018

Re: About NULL in Layer7

I think you can emulate a \x00 with a [^\x01-\xff] -- NO SORRY IT DOES NOT WORK
by LatinSuD
Thu Feb 14, 2019 1:39 pm
Forum: General
Topic: Radius status not working
Replies: 1
Views: 390

Radius status not working

I'm trying to check the status of a PPP client: radclient -f request.txt -r 1 -t 3 -x $IP status $SECRET I get this after a few seconds: radclient: no response from server for ID 139 socket 3 Everything has to be correct, because it works for "disconnect" subcommand. Only the "status" subcommand fai...
by LatinSuD
Tue Nov 13, 2018 11:54 am
Forum: General
Topic: Missing 3 dots in winbox column
Replies: 0
Views: 260

Missing 3 dots in winbox column

In my new PC i cannot see the 3 dots when i shrink a column. This is a comparison of my 2 PC. https://i.imgur.com/q0BUBrt.png The dots are very important, because it is not the same the route "1.2.3.16" than "1.2.3.16/30" for example. I am using Winbox 3.18 and connecting to the same Router. Do you ...
by LatinSuD
Tue Jul 17, 2018 8:23 pm
Forum: General
Topic: A place for poetry
Replies: 32
Views: 133441

Re: A place for poetry

To prevents loops you need to
not only spanning tree enable,
but loop protection enable too
by LatinSuD
Wed Jul 04, 2018 9:36 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: I created an alternative Winbox Launcher
Replies: 3
Views: 1301

I created an alternative Winbox Launcher

You can see it in the video: https://youtu.be/6jYS_PhEiEg Features: Quick search by almost any field (IP, Note, User) Column automatic resize Escape key closes No mouse required It is currently implemented with AutoHotKey. The code: https://gist.github.com/LatinSuD/aab03067add1d92f327795c4586231bb I...
by LatinSuD
Fri Jun 01, 2018 4:52 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 23436

Re: Winbox 3.14 released!

hello, help me find the hotspot on the gui? if i login with romon i can't find the /ip hotspot on the gui.
Check that hotspot package is installed and enabled in System -> Packages.
It should be by default anyway.
by LatinSuD
Wed May 30, 2018 9:55 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 23436

Re: Winbox 3.14 released!

On the RouterOS 5.x support issue, I know that removing support for deprecated systems is always more secure, but...
Have you considered whitelisting all previously released DLL?
It would be something like matching DLL against hardcoded hashes before installing and them.
by LatinSuD
Wed May 30, 2018 9:46 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 23436

Re: Winbox 3.14 released!

Could it display a better error message when trying to connect to RouterOS 5.x?

It currently says:
ERROR: could not fetch index
Maybe something like "Remind that connecting to RouterOS 5.x or lower is not supported anymore" would be better
by LatinSuD
Thu Dec 14, 2017 2:26 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

I finally found the way. You need simple queues (not queue tree ) Target must be the LAN interface. Then you can specify the WAN interface as Dst (or use mangle to mark the upload). /queue simple add dst=WAN max-limit=5M/100M name=PCQ queue=pcq-upload-default/pcq-download-default target=LAN Tested i...
by LatinSuD
Fri Jul 07, 2017 2:50 pm
Forum: General
Topic: Can SSH keys be listed or printed using CLI?
Replies: 3
Views: 472

Can SSH keys be listed or printed using CLI?

Is there a command to print or at least list existing public SSH keys installed?

I cannot see them using /export
by LatinSuD
Fri Jun 02, 2017 8:32 pm
Forum: RouterBOARD hardware
Topic: [solved] Power connector problem in RB2011-RM and RB3011-RM
Replies: 14
Views: 2921

Re: [solved] Power connector problem in RB2011-RM and RB3011-RM

Explanation of how to insert the connector in an image:

Image


You may like it or not, but that worked for me.
by LatinSuD
Thu Jun 01, 2017 3:21 pm
Forum: RouterBOARD hardware
Topic: [solved] Power connector problem in RB2011-RM and RB3011-RM
Replies: 14
Views: 2921

Re: Power connector problem in RB2011-RM and RB3011-RM

The solution is toooo easy, you just have to press it a little further. :D

See video:
https://goo.gl/photos/wr1vGThkBR3Bz2Ps7


Sorry i didn't notice earlier :D
by LatinSuD
Fri May 19, 2017 3:12 pm
Forum: General
Topic: Feature request: Comment for radius value
Replies: 1
Views: 453

Re: Feature request: Comment for radius value

I would like this feature implemented
by LatinSuD
Thu May 18, 2017 3:37 pm
Forum: RouterBOARD hardware
Topic: [solved] Power connector problem in RB2011-RM and RB3011-RM
Replies: 14
Views: 2921

[solved] Power connector problem in RB2011-RM and RB3011-RM

We have a few boards of RB2011 and RB3011 rack mount.
The boards lose power with the slightest move of the connector (not sure if it's a problem of the power adapter or the mainboard connector).

Anyone else?

SOLUTION: Just press to insert the connector a little further.
by LatinSuD
Fri Mar 03, 2017 10:09 am
Forum: General
Topic: Tool>Graphing cannot graph more than 2.1Gbit
Replies: 4
Views: 651

Re: Tool>Graphing cannot graph more than 2.1Gbit

Bump, still happening in 6.36.4 at least.
by LatinSuD
Wed Oct 26, 2016 9:56 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

So we agree that pcq-upload is currently not compatible with masquerade, right?
With connection tracking on, it definitely works
Have you verified it personally in v6?
Can you post a working example?
by LatinSuD
Tue Oct 25, 2016 12:27 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

You may change "action=masquerade" to "action=same to-addresses=your.wan.ip.address" and recheck - this definitely works for me.
I only have 1 WAN IP address, can I use "same"?
by LatinSuD
Mon Oct 24, 2016 10:13 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

So we agree that pcq-upload is currently not compatible with masquerade, right?
by LatinSuD
Fri Oct 21, 2016 7:24 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

and what value you see in '/queue tree print stats', pcq-queues=?

still works fine for me, marking in 'forward', queues are under 'global' :)
It says:
pcq-queues=1
Don't forget to use masquerade on the output interface.

Btw, using version 6.32.4
by LatinSuD
Fri Oct 21, 2016 11:16 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Re: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

And yet it fails. /ip firewall mangle add action=mark-packet chain=forward new-packet-mark=prueba out-interface=pppoe-out1 /queue type add kind=pcq name=pcq-upload-prueba pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=1M \ pcq-src-address6-mask=64 /queue tree add name=pcq-upload-prueba...
by LatinSuD
Thu Oct 13, 2016 10:45 am
Forum: General
Topic: Cannot recover EoIP until I disable keepalive
Replies: 0
Views: 355

Cannot recover EoIP until I disable keepalive

We've got several EoIP tunnels running, and sometimes they stop working for no known reason. Once this happens the only way to bring them up again is to disable keepalive in one end (or both) of the tunnel . Disabling and reenabling the whole tunnel doesn't work either, only keepalive works. Sometim...
by LatinSuD
Mon Jun 20, 2016 3:32 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Old Winbox feature: autodetect username and password
Replies: 0
Views: 779

Old Winbox feature: autodetect username and password

I have a script that invokes winbox automatically passing the IP of the board as a parameter, but not specifying username or password. Usernames and passwords have been previously saved in winbox. In Winbox 2.x when you only specified the IP, it would automatically lookup the corresponding username ...
by LatinSuD
Mon Jun 20, 2016 3:29 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Old Winbox feature: close on ESC key
Replies: 3
Views: 988

Old Winbox feature: close on ESC key

On old versions of Winbox you could close welcome screen (the first screen before connecting anywhere) by pressing ESC key.

I liked that behaviour, could it come back?
by LatinSuD
Thu Dec 24, 2015 10:07 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Re: Suggestion: make "PCQ-Upload" compatible with "Maquerade" again

what parent do you use?
I think it doesn't work with any of them (global or interface)
by LatinSuD
Mon Nov 30, 2015 9:24 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: make "PCQ-Upload" compatible with "Masquerade" again
Replies: 15
Views: 2809

Suggestion: make "PCQ-Upload" compatible with "Masquerade" again

The subject is quite descriptive: when using Masquerade PCQ-Upload queues work like standard queues.

It stopped working in V6 due to changes in packet flow.
by LatinSuD
Fri Oct 02, 2015 12:38 pm
Forum: General
Topic: CCR hangs when configuring SSH Keys
Replies: 0
Views: 423

CCR hangs when configuring SSH Keys

Have a CCR 6.32.2 (also happend with 6.29 iirc). Import a couple DSA SSH keys, (the same ones that used to work elsewhere, like on another CCR with 6.25). Try to connect through SSH to the CCR: It wont connect. Try again, it won't even show the "SSH-2.0-ROSSSH" banner. Now try to do a "/user ssh-key...
by LatinSuD
Thu Sep 24, 2015 6:08 pm
Forum: General
Topic: PCQ Upload with NAT not possible in v6?
Replies: 0
Views: 359

PCQ Upload with NAT not possible in v6?

In previous versions of routeros you could put a PCQ-upload queue to handle fair upload bandwidth assignment. In ROS v6 it looks like the queues have moved to postrouting after NAT, this means that you cannot classify by src-address anymore, because you only get the final IP. Is there a way to do th...
by LatinSuD
Mon Sep 14, 2015 1:41 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 1823

Re: Suggestion: Add a button to flush connections

Quickest way
/ ip firewall connection tracking set enabled=no
/ ip firewall connection tracking set enabled=yes
I have tried that and IIRC it didn't work as expected.
by LatinSuD
Thu Sep 10, 2015 3:37 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 1823

Re: Suggestion: Add a button to flush connections

Where can I find a script that works? All my attempts end in random errors about non-existing connections. Also, and how many iterations do I have to try? Remember I can only remove 2048 connections at once, and between iterations new connections can be created and destroyed. Any scripted approach w...
by LatinSuD
Mon Sep 07, 2015 11:49 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 1823

Suggestion: Add a button to flush connections

As we know connection management is a little limited (it shows at most 2048 connections). There are times when you want to flush/clear all connections and it is hard to do it, even with scripts. It would be great if there was a button/command to flush all connections at once. For example, after a ba...
by LatinSuD
Wed Jul 01, 2015 9:05 am
Forum: RouterBOARD hardware
Topic: all CCR crashed
Replies: 40
Views: 7879

Re: all CCR crashed

2 CCR crashed, i hope the bug will get fixed soon.

More details:
  • - CCR1036-12G-4S
  • - version 6.27
  • - NTP package installed. NTP client configured to a public server
by LatinSuD
Wed Jun 03, 2015 12:14 pm
Forum: General
Topic: Hotspot file location in new RB750 error
Replies: 0
Views: 356

Hotspot file location in new RB750 error

It looks like I can configure "html-directory" in two ways:
- "myoriginaldirectory"
- "flash/myoriginaldirectory"

During configuration Winbox suggests that I should use the second form, but it DOES NOT WORK. When trying it It gives a 404 error.
by LatinSuD
Sun May 31, 2015 10:52 pm
Forum: Announcements
Topic: hAP lite
Replies: 385
Views: 161870

Re: hAP lite

Got strange expression for this small device: it have no flash to downgrade ROS version!
I think upgrades (and maybe downgrades too) are made from ram.
Just put the NPK into the main folder (instead of /flash) and there you go.
by LatinSuD
Thu May 28, 2015 5:21 pm
Forum: Announcements
Topic: hAP lite
Replies: 385
Views: 161870

Re: hAP lite

Will it do VPN and custom firewall (filter, nat)?

We need a cheap router for casual remote support.
by LatinSuD
Wed May 13, 2015 12:58 pm
Forum: General
Topic: Old RB750 upgraded to RB 750r2 Hex Lite?
Replies: 10
Views: 12705

Re: Old RB750 upgraded to RB 750r2 Hex Lite?

What's WRONG with these new boards? - It looks like we now have to use "flash/" subdirectory and the root filesystem is some kind of ram disk (nobody told me, and had to find out the hard way). - We've got four of them and for some of them they just don't work. Or after resetting tens of times they ...
by LatinSuD
Thu Apr 09, 2015 8:27 pm
Forum: General
Topic: PPPoE subinterface traffic counted twice
Replies: 0
Views: 358

PPPoE subinterface traffic counted twice

We're seeing this interface report about 200Mb of Tx traffic, while we estimate it to be transporting about 100Mb of PPPoE traffic only. We have come to the conclusion that it is counting the traffic twice (once for the physical interface, and again for the sum of the PPPoE subinterfaces). This beha...
by LatinSuD
Mon Mar 16, 2015 11:58 am
Forum: General
Topic: Export to file fun
Replies: 0
Views: 395

Export to file fun

This is a ROS 6.27 x86. When I export the configuration to a file the section "/ip pool" gets divided into two parts. While it is arguably a valid export I just cannot imagine what's happening inside. Eg: /ip pool add name=hs-pool-1 ranges="...." add name=wifiPublico ranges=... add name=provisional ...
by LatinSuD
Tue Feb 24, 2015 6:29 pm
Forum: General
Topic: CCR 6.27 unstable
Replies: 1
Views: 604

CCR 6.27 unstable

We got this CCR1036-12G-4S with many PPPoE and hotspot users.

After a few minutes of activity the system becomes very unstable, IP->Routes doesn't even show

With version 6.25 this didn't happen.
by LatinSuD
Mon Oct 07, 2013 3:24 pm
Forum: General
Topic: NAT Protection
Replies: 2
Views: 875

Re: NAT Protection

Check if the attack is saturating all your bandwidth. In that case there few little things you can do.
by LatinSuD
Mon Oct 07, 2013 3:20 pm
Forum: General
Topic: Total connections limit?
Replies: 12
Views: 2846

Re: Total connections limit?

Is there a way to override this display limit, even temporarily?
by LatinSuD
Mon May 27, 2013 2:13 pm
Forum: General
Topic: First time config CCR-1036-12G-4S
Replies: 4
Views: 5484

Re: First time config CCR-1036-12G-4S

After a reset the calibration of my display is completely wrong, like if it had been flipped 180º. The upper right corner is swapped with the bottom left corner. Upper left and bottom right corners work fine though. After recalibration everything is ok. Seen that, what the system REALLY SHOULD DO is...
by LatinSuD
Tue Oct 30, 2012 3:44 pm
Forum: Beginner Basics
Topic: HOTSPOT - issues with secure web pages.
Replies: 22
Views: 12444

Re: HOTSPOT - issues with secure web pages.

This problem basically has no solution. And it only got worse as Google now defaults to https. Hotspots work in a kind of intrusive way, and HTTPS is secure enough to prevent this and other intrusions. Even if you redirected HTTPS, which can be technically done, it would fail at verifying the certif...
by LatinSuD
Wed Sep 26, 2012 2:06 pm
Forum: General
Topic: Problems SSH and terminal (x86 ros 5.18 and up)
Replies: 26
Views: 10853

Re: Problems SSH and terminal (x86 ros 5.18 and up)

This script used to work in 4.x. Now I tested in 5.19 and 5.20 and does not. echo "/ip hotspot user print terse from=[/ip hotspot user find ];" | ssh admin@192.168.88.1 This script does work in all versions (but is not what i want to run): echo "/ip hotspot user print terse;" | ssh admin@192.168.88....