Community discussions

MikroTik App

Search found 548 matches

  • 1
  • 2
by NAB
Mon Mar 20, 2023 4:00 pm
Forum: Forwarding Protocols
Topic: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]
Replies: 6
Views: 2751

Re: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]

well, you already have your own answer. I know I do. I was just pointing out that you clearly hadn't read my original post. that lte1 plain interface itself has nothing to do with *connected or not connected*. It shows as a connected route. It has everything to do with being connected or not connec...
by NAB
Mon Mar 20, 2023 3:01 pm
Forum: Forwarding Protocols
Topic: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]
Replies: 6
Views: 2751

Re: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]

why did you prefer to distribute connected when you know you will have to filter them out at the end? I am unclear what question you are asking. I am distributing connected routes because that's what I need to do. What I don't want to do is distribute just one of those routes. and, just aside from ...
by NAB
Sat Mar 18, 2023 7:29 pm
Forum: Forwarding Protocols
Topic: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]
Replies: 6
Views: 2751

Re: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]

OK. A solution, of sorts. The more I look at this, the more I think lte routes should be type 'modem' and not 'connected', but in the absence of that behaviour... I knew I was having a brain fart. Problem solved by: /routing filter rule add chain=OSPF_Out disabled=no rule="if (dst-len == 32) {r...
by NAB
Sat Mar 18, 2023 6:22 pm
Forum: Forwarding Protocols
Topic: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]
Replies: 6
Views: 2751

Re: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]

Hi all, An update. If I create a set of 'accept' route filter rules for networks which can be distributed and reject everything else by default, it works and the lte1 /32 is not distributed. In the current case, this solves the immediate problem. However, the reason it works is because I know, broad...
by NAB
Sat Mar 18, 2023 6:07 pm
Forum: Forwarding Protocols
Topic: OSPF - stop 'connected' lte1 address from being distributed [SOLVED]
Replies: 6
Views: 2751

OSPF - stop 'connected' lte1 address from being distributed [SOLVED]

I've been running OSPF for a while, but something bit me today and I wanted to sanity check it and ask for help to solve it. I have a Chateau LTE running v7.8 which creates an interface 'lte1' with a dynamically allocated /32 address on it when mobile data is running. I'm running Wireguard to connec...
by NAB
Wed Feb 08, 2023 1:28 pm
Forum: Forwarding Protocols
Topic: OSPF + Wireguard = "address afi invalid" [SOLVED]
Replies: 1
Views: 2565

Re: OSPF + Wireguard = "address afi invalid" [SOLVED]

Solved. At least partially.

I'm used to IPv6 and so set up the instance as a type 3 without thinking about it.

Changing it to a type 2 for testing with IPv4 addresses and it works fine.

d'Oh!

Leaving this here in case anybody else has the same problem in future!

Nicholas.
by NAB
Wed Feb 08, 2023 1:17 pm
Forum: Forwarding Protocols
Topic: OSPF + Wireguard = "address afi invalid" [SOLVED]
Replies: 1
Views: 2565

OSPF + Wireguard = "address afi invalid" [SOLVED]

Hi all, I want to integrate a Wireguard link into an OSPF enabled network. If I just set up a lab with two routers (v7.7) with a working wireguard link between them and then try to lay OSPF on top, I can't get it to work. I've set the interface template to 'nbma', but adding the static neighbour wit...
by NAB
Wed Nov 30, 2022 6:24 pm
Forum: General
Topic: IPv6 gateway by RA - possible?
Replies: 2
Views: 508

IPv6 gateway by RA - possible?

Hi all, Got a v7.6 ROS x86 box hosted somewhere and need to add IPv6. The address is static (say "2001:DB8::1/64"), but the gateway is dynamic and defined by a RA. In Debian, this is achieved simply by the following /etc/network/interfaces: iface eth0 inet6 static address 2001:DB8::1/64 an...
by NAB
Thu Jun 23, 2022 7:53 pm
Forum: General
Topic: IPSec pre-process PH2 packet
Replies: 9
Views: 2683

Re: IPSec pre-process PH2 packet

I'm now downgrading to v6... We'll see what happens. v6.49.6 worked perfectly straight away with exactly the same configuration. So there are clearly bugs in ROS 7.3 and 7.3.1 on CHR. 1 - Adding a policy with a valid destination may or may not show that policy as invalid. 2 - Rebooting the router t...
by NAB
Thu Jun 23, 2022 3:43 pm
Forum: General
Topic: IPSec pre-process PH2 packet
Replies: 9
Views: 2683

Re: IPSec pre-process PH2 packet

No way. What exactly did you configure? What is the RouterOS version? This definitely doesn't work. ROS 7.3 and 7.3.1 on a CHR. In addition, I am seeing some newly added policies marked as 'invalid' for no apparent reason which only become valid after a reboot. It seems that when I do reboot the 'n...
by NAB
Fri Jun 17, 2022 1:37 pm
Forum: General
Topic: IPSec pre-process PH2 packet
Replies: 9
Views: 2683

Re: IPSec pre-process PH2 packet

So you can put a bunch of action=none policies before the 0.0.0.0/0<=>0.0.0.0/0 one, shadowing the latter for all other subnets than the one you wish to actually get through. Sadly this doesn't appear to work. I have tried it as per your examples and also with source network and also setting the pe...
by NAB
Tue Jun 14, 2022 4:21 pm
Forum: General
Topic: IPSec pre-process PH2 packet
Replies: 9
Views: 2683

Re: IPSec pre-process PH2 packet

OK. Got to the bottom of it. It seems that I'd done everything correctly, but that there's a mis-configuration on the remote site. The remote site appear to have set their proposed phase 2 subnet to 0.0.0.0/0 / 0.0.0.0/0. When I replicate this, the VPN stays up and works perfectly. The problem with ...
by NAB
Tue Jun 14, 2022 1:51 pm
Forum: General
Topic: IPSec pre-process PH2 packet
Replies: 9
Views: 2683

Re: IPSec pre-process PH2 packet

You need to specify networks that are behind Your Cisco and RouterOS for them to establish phase 2. I thought that's what I'd done as phase 2 shows as established (until the error occurs and the SAs are deleted). Where the 0.0.0.0/0 addresses are coming from is, I think, what I am misunderstanding.
by NAB
Tue Jun 14, 2022 1:11 pm
Forum: General
Topic: IPSec pre-process PH2 packet
Replies: 9
Views: 2683

IPSec pre-process PH2 packet

Hi all, I've been asked to replicate one end of a Cisco<-->Cisco IPSec connection so it becomes RouterOS<-->Cisco. The spec. is: S2S VPN Details VPN Parameters Equipment type CISCO ASR 1002-X VPN Peer IP Address 193.X.Y.Z Encryption Domain 193.X.Y.Z (SVTI) IKE Ph I Parameters Authentication Method P...
by NAB
Mon Jun 13, 2022 1:45 pm
Forum: General
Topic: posts not strictly related to: v7.3 and v7.3.1 [stable]
Replies: 52
Views: 5146

Re: v7.3 and v7.3.1 [stable] is released!

Make a backup of anything on .backup and .rsc format
<SNIP>
That worked perfectly. Thank you.
by NAB
Fri Jun 10, 2022 7:19 pm
Forum: General
Topic: posts not strictly related to: v7.3 and v7.3.1 [stable]
Replies: 52
Views: 5146

Re: v7.3 and v7.3.1 [stable] is released!

Trying to upgrade a cAPac from 6.49.6 to 7.3.1 and getting a "not enough space for upgrade" error (as well as warnings that 7.3.1 dhcp and wireless packages are broken). Try to upgrade to 7,3 and I still get the "not enough space for upgrade" error, but at least there are no comp...
by NAB
Wed Dec 29, 2021 6:23 pm
Forum: Announcements
Topic: WinBox v3.32 released!
Replies: 65
Views: 93159

Re: WinBox v3.32 released!

IPv6 route add - routing table selection not available in Winbox, so this has to be done from the command line Packet sniffer - Old packet list not erased when new sniff started Packet sniffer - Source and destination addresses and ports not populated And to that I'll add: Torch doesn't show IPv6 t...
by NAB
Wed Dec 29, 2021 2:00 pm
Forum: Announcements
Topic: WinBox v3.32 released!
Replies: 65
Views: 93159

Re: WinBox v3.32 released!

Thank you for the update. I still have the following problems (7.1 on CHR): IPv6 route add - routing table selection not available in Winbox, so this has to be done from the command line Packet sniffer - Old packet list not erased when new sniff started Packet sniffer - Source and destination addres...
by NAB
Sun Dec 26, 2021 10:58 pm
Forum: General
Topic: IPv6 Ping does not work with domain names
Replies: 59
Views: 46554

Re: IPv6 Ping does not work with domain names

Still not fixed 11 years later.
by NAB
Thu Dec 23, 2021 10:38 am
Forum: Announcements
Topic: v7.2rc1 is released!
Replies: 240
Views: 159340

Re: v7.2rc1 is released!

Packet sniffer - it's been broken in Winbox in v6 for a while, but at least when you closed the packet window down and opened it again the IP addresses and ports became visible. In v7 the IPs/Ports only become visible when you double-click on an entry and on a few machines, the packet list never get...
by NAB
Thu Dec 23, 2021 10:35 am
Forum: Announcements
Topic: v7.2rc1 is released!
Replies: 240
Views: 159340

Re: v7.2rc1 is released!

Hi all, I posted in the 7.1 thread about the CCR1009-8G-1S-1S+ we have that has problems with kernel errors forcing reboots. I upgraded it to 7.2rc1 and it got worse... Screenshot 2021-12-23 082916.png It got to the point that it came half-way back (you could ping it, it would route traffic, but you...
by NAB
Wed Dec 22, 2021 10:05 am
Forum: Announcements
Topic: v7.1.1 is released!
Replies: 443
Views: 223471

Re: v7.1.1 is released!

Still seeing the same "kernel failure" problem on a CCR1009-8G-1S-1S+ every six hours or so under 7.1.1 as under 7.1.
Screenshot 2021-12-22 080425.png
by NAB
Mon Jun 07, 2021 1:06 am
Forum: Wireless Networking
Topic: Migrating CAPSMAN - best practices
Replies: 4
Views: 3689

Re: Migrating CAPSMAN - best practices

<snip> Many thanks for the pointers. Unfortunately I still can't get an export/import working by following them though :-( I suspect that the problem is more likely with the 1100AHx4 I'm using to test all this with - it has major problems I need to report to support anyway. I'll try again with a di...
by NAB
Mon Jun 07, 2021 1:03 am
Forum: Wireless Networking
Topic: Migrating CAPSMAN - best practices
Replies: 4
Views: 3689

Re: Migrating CAPSMAN - best practices

suggest you hire a consultant or a trainer! ;-) So, you could have: a) Said nothing. b) Helped. c) Made an unhelpful comment. You chose option C. What did you think that achieved? Is somebody admitting that they don't know something really worthy of ridicule? Should I just have bulls*****d to my cu...
by NAB
Fri Apr 23, 2021 10:49 am
Forum: Wireless Networking
Topic: Migrating CAPSMAN - best practices
Replies: 4
Views: 3689

Migrating CAPSMAN - best practices

Hi all, We're doing some consultancy for a large organisation with many access points all configured using CAPSMAN. They were originally configured with all services (DHCP/NTP/CAPSMAN/Hotspot/Firewall/LNS etc.) all running on one CCR. We need to split them out to separate boxes (and virtualise some ...
by NAB
Sun Mar 28, 2021 4:15 pm
Forum: RouterOS beta
Topic: v7.1beta5 [development] is released!
Replies: 292
Views: 84781

Re: v7.1beta5 [development] is released!

Use the chr version is better optimize for virtualization and you can transfer license
Indeed. This was a machine I brought up years ago to do various testing with when I had plenty of normal spare licences.
by NAB
Sun Mar 28, 2021 4:01 pm
Forum: RouterOS beta
Topic: v7.1beta5 [development] is released!
Replies: 292
Views: 84781

Re: v7.1beta5 [development] is released!

In the iso version... You can still recovery if you didn't delete the virtual HD...
HD's gone! Managed to delete it when I meant to take a copy of it. It's all going wrong today!
by NAB
Sun Mar 28, 2021 3:04 pm
Forum: RouterOS beta
Topic: v7.1beta5 [development] is released!
Replies: 292
Views: 84781

Re: v7.1beta5 [development] is released!

New install from x86 ISO under ESX. Drive detected and system package installed - on reboot there's just a flashing cursor top left and nothing else happens. It's fair to say that beta5 is well and truly borked. More annoying is that I hadn't been backing up the 7betaX machines as they were just the...
by NAB
Sun Mar 28, 2021 2:31 pm
Forum: RouterOS beta
Topic: v7.1beta5 [development] is released!
Replies: 292
Views: 84781

Re: v7.1beta5 [development] is released!

Upgrading an x86 beta4 VM under ESX, I got...
Capture.PNG
by NAB
Mon Feb 22, 2021 10:37 am
Forum: General
Topic: Problem while creating backup
Replies: 27
Views: 12966

Re: Problem while creating backup

See also https://forum.mikrotik.com/viewtopic.php?f=2&t=133621 /ip ssh regenerate-host-key solved the problem. How bizarre. Just had a RB running 6.45.2 with this problem. Upgraded it to 6.48.1 and the issue didn't go away. Re-generated the SSH key and it started working properly again. Very st...
by NAB
Mon Sep 28, 2020 7:49 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 152891

Re: v7.1beta2 [development] is released!

That is "normal", also for 6.47 versions. It does not always take half an hour but it can take considerable time, being stuck at 7 or 8%.
:-) That shows how long it is since I've needed to generate one then!
by NAB
Mon Sep 28, 2020 5:37 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 152891

Re: v7.1beta2 [development] is released!

I then tried to do a sup-output on the CCR, but that got to 8% and then did nothing more.
Update - after around half an hour, it jumped to 100% and finished!
by NAB
Mon Sep 28, 2020 5:33 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 152891

Re: v7.1beta2 [development] is released!

I appear to have found a problem with WireGuard. From a x86_64 build, I can connect successfully to a Hap AC Lite, a Debian box and various VPN providers. Unfortunately, when I try to bring up a connection to a CCR1009-8G=1S=1S+ (tile) box, the CCR crashes with a kernel failure. I then tried to do a...
by NAB
Thu Sep 24, 2020 5:29 pm
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 152891

Re: v7.1beta2 [development] is released!

I can confirm that WireGuard 'just works'. Did a lab configuration and it was fine, so reconfigured the office anonymous VPN with our preferred supplier ( https://vpn.ac/ ) who we have no hesitation in recommending, and that just worked too. Can't wait for a proper 'stable' release of ROS7 now so we...
by NAB
Thu Jul 23, 2020 10:56 am
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 90
Views: 87058

Re: SwOS version 2.12 released!

Also can I get 2.11 back?
Yes. Find the link for the latest version for your hardware and edit it... So
https://download.mikrotik.com/swos2/css ... 6-2.12.bin
becomes
https://download.mikrotik.com/swos2/css ... 6-2.11.bin
for example.
by NAB
Thu Jul 23, 2020 10:54 am
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 90
Views: 87058

Re: SwOS version 2.12 released!

Thinking I'm going to have to downgrade to 2.11. I did a bit more testing and then decided to downgrade to 2.11. It's all working perfectly again. The only problem is that the end user now needs me to fill in paperwork to document why they're not running the latest stable version. There is a defini...
by NAB
Wed Jul 22, 2020 3:37 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 90
Views: 87058

Re: SwOS version 2.12 released!

So....
Worked perfectly for four hours. Then it started saturating the network again and I had to remove five of the six ports before it went back to normal.
Thinking I'm going to have to downgrade to 2.11.
by NAB
Wed Jul 22, 2020 11:42 am
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 90
Views: 87058

Re: SwOS version 2.12 released!

It's working...
I had to get somebody to site to power-cycle the switches (a remote reboot made no difference) and it's all working as before.
Now that's a bit annoying.
by NAB
Tue Jul 21, 2020 6:03 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 90
Views: 87058

Re: SwOS version 2.12 released!

For lag config you would set both sides to active to have them participate in the group.
Nope. Just tried it. Still saturates the network. So I can't find any combination of active/passive/static that works :-(
by NAB
Tue Jul 21, 2020 5:59 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 90
Views: 87058

Re: SwOS version 2.12 released!

For lag config you would set both sides to active to have them participate in the group.
I'll try it - 2.11 didn't work when they were both active, but worked perfectly with active/passive, so maybe I did it wrong because it was the only thing that was right.
Thank you for the comment.
by NAB
Tue Jul 21, 2020 12:53 pm
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 90
Views: 87058

Re: SwOS version 2.12 released!

Two CSS326-24G-2S+ units with six 1G cables joining them together. All six ports set as 'passive' on router #1 and 'active' on router #2. This worked perfectly with SWOS 2.11. Upgraded both units to 2.12 and did not change the configuration - the network becomes saturated with traffic and unusable. ...
by NAB
Wed Jun 24, 2020 2:13 pm
Forum: The Dude
Topic: Scan of remote network doesn't show all hosts
Replies: 0
Views: 3066

Scan of remote network doesn't show all hosts

I'm setting up a The Dude test machine and have found a problem - Setting up a simple scan of a remote network only displays some of the hosts on the network. Running on a RB100AHx4, ROS version 6.47. In the following examples, real IP addresses are replaced with TEST-NET-x networks. The IP address ...
by NAB
Wed Jun 17, 2020 10:34 am
Forum: RouterBOARD hardware
Topic: RB4xx dodgy capacitors
Replies: 5
Views: 2408

Re: RB4xx dodgy capacitors

Not sure what your point was. Of course some are absolutely fine and of course they can be repaired (although it'll be cheaper for our customer to buy a new one than pay our callout/time to fix the old one). All I was saying was that this is was our last one out there and its failure brought back me...
by NAB
Tue Jun 16, 2020 5:55 pm
Forum: RouterBOARD hardware
Topic: RB4xx dodgy capacitors
Replies: 5
Views: 2408

RB4xx dodgy capacitors

I don't know how many of you have been around long enough to remember the problem with dodgy capacitors in RB4xx series Routerboards, but it was a thing - with us, we'd bought a batch at around the same time and they pretty much all went bang about one month out of warranty. Times moved on and the v...
by NAB
Tue Jun 09, 2020 11:33 am
Forum: General
Topic: [Feature request] Wireguard
Replies: 148
Views: 65521

Re: [Feature request] Wireguard

Just wanted to add my comments and my frustration to this post.

We've just lost a bid to supply equipment for a remote secure VoIP and data project. That's an awful lot of Routerboards and a whole load of consultancy we've lost out on. All because the client wanted to standardise on WireGuard.
by NAB
Wed May 18, 2016 11:37 am
Forum: General
Topic: IPv6 Routing Mark in Firewall > Mangle Rules
Replies: 60
Views: 21738

Re: IPv6 Routing Mark in Firewall > Mangle Rules

One year ago I requested: I'd be grateful if MT could provide the merest hint of a timescale. and still no sight or sound of what is fast becoming a deal-breaker for MT kit. We're now in the process of quoting for a rollout which must include IPv6 and are going to have to heavily caveat our proposal...
by NAB
Tue May 17, 2016 1:28 pm
Forum: Wireless Networking
Topic: CAP on a 751G-2HnD
Replies: 4
Views: 1537

Re: CAP on a 751G-2HnD

Done a bit more testing. The problem seems to be with 751G-2HnD units as a 751U-2HnD provisions perfectly.
by NAB
Tue May 17, 2016 12:06 pm
Forum: Wireless Networking
Topic: CAP on a 751G-2HnD
Replies: 4
Views: 1537

Re: CAP on a 751G-2HnD

I have just swapped out the 751G-2HnD with a 951Ui-2HnD and copied the configuration exactly.

The 951 works.

The 751 does not work.

I'll e-mail support.

Nicholas.
by NAB
Wed May 11, 2016 8:26 am
Forum: Wireless Networking
Topic: CAP on a 751G-2HnD
Replies: 4
Views: 1537

Re: CAP on a 751G-2HnD

Hi, CAPsMan /caps-man configuration add channel.band=2ghz-b/g/n channel.frequency=2412 channel.width=20 name=cfg1 \ security.authentication-types=wpa2-psk security.encryption=aes-ccm \ security.passphrase=12345678 ssid=testing123 /caps-man interface add disabled=no l2mtu=1600 mac-address=D4:CA:6D:21...
by NAB
Tue May 10, 2016 12:07 am
Forum: Wireless Networking
Topic: CAP on a 751G-2HnD
Replies: 4
Views: 1537

CAP on a 751G-2HnD

I've just spent two hours trying to get my head around CAP/CAPsMAN - I set up the configuration exactly as per the wiki page, but it simply refused to work: capsman.PNG Given I'd set up the SSID as "Testing" and the channel as "2412", it was clear that the RB simply wasn't being ...
by NAB
Fri Jun 26, 2015 11:57 am
Forum: Announcements
Topic: Comments about RouterOS release schedule
Replies: 35
Views: 20117

Re: Comments about RouterOS release schedule

Back when I first started using ROS, MikroTik's attitude was "Our software is bug free and you should always be using the latest cutting edge version". The problem is that most people know that all software has bugs and MT's attitude made them a laughing stock in many circles. Over the yea...
by NAB
Thu Jun 11, 2015 1:00 am
Forum: General
Topic: Winbox 3 RC
Replies: 636
Views: 206395

Re: Winbox 3 RC

Just move your session folder to existing location and all will be fixed. No session folder anywhere in sight. Winbox 3.0rc9 continues to work correctly in this regard. Atm you probably somehow deleted in in windows user files, and winbox doesn't have permisions to create anything there. Nope. Not ...
by NAB
Wed Jun 10, 2015 12:35 pm
Forum: General
Topic: Winbox 3 RC
Replies: 636
Views: 206395

Re: Winbox 3 RC

"Unable to create the folder 'sessions\'. The system cannot find the path specified."
Try the new "clear cache" button. Also, do you use Windows and a standard path?
Still get the same error and yes, standard Windows paths.
by NAB
Fri Jun 05, 2015 4:10 pm
Forum: General
Topic: Winbox 3 RC
Replies: 636
Views: 206395

Re: Winbox 3 RC

Ran 3.0rc12 for the first time, opened a session. Clicked 'X' to close session window and got the error message:

"Unable to create the folder 'sessions\'. The system cannot find the path specified."
by NAB
Sun Apr 26, 2015 1:51 pm
Forum: General
Topic: IPv6 Routing Mark in Firewall > Mangle Rules
Replies: 60
Views: 21738

Re: IPv6 Routing Mark in Firewall > Mangle Rules

Just to add a 'me too', we've managed to avoid needing this for a while, but now we do. I'd be grateful if MT could provide the merest hint of a timescale. Please? Pretty please? Pretty please with sugar on?
by NAB
Thu Apr 16, 2015 7:49 pm
Forum: General
Topic: v6.28 will be released this week!
Replies: 72
Views: 27010

Re: v6.28 will be released this week!

Moved router to 6.20 and everything works correctly. Move to 6.21 and later, problem comes back! I tried with both SIP ALG enabled and disabled on 6.21 and later, no differences. SIP and NAT do not work well together. We learned a long time ago never, ever, to run SIP over a NATted connection. When...
by NAB
Wed Feb 18, 2015 9:26 pm
Forum: General
Topic: No IPv6 link local (and no routing) on L2TP interface
Replies: 4
Views: 1919

Re: No IPv6 link local (and no routing) on L2TP interface

Please make sure ipv6 package is enabled
Yes.
and than tunnel is up.
Yes.
Otherwise IPv6 link local should be generated properly.
Definitely isn't.
Contact support with support output file, if it does not work.
Will do.

Many thanks,
by NAB
Tue Feb 17, 2015 12:48 pm
Forum: General
Topic: No IPv6 link local (and no routing) on L2TP interface
Replies: 4
Views: 1919

No IPv6 link local (and no routing) on L2TP interface

Hi all, Just a quick sanity check before I open a ticket with support. I have a mAP2n running ROS 6.27 which opens an L2TP tunnel to an LNS. The LNS pushes IPv6 down the tunnel. The mAP2n doesn't give the L2TP interface a link local address and adding any IPv6 routes just shows as the interface is u...
by NAB
Thu Feb 12, 2015 4:54 pm
Forum: General
Topic: Torrent
Replies: 43
Views: 15008

Re: Torrent

By the way, torrent did not include those non-standard packages anyway
Then I don't know what I've been downloading because the torrents I've got for 6.22, 6.23, 6.24 and 6.25 all include cm2 (as well as the netinstall-tile which doesn't appear to be on the download page).
by NAB
Thu Feb 12, 2015 2:24 pm
Forum: General
Topic: Torrent
Replies: 43
Views: 15008

Re: RouterOS v6.27 released

OK, but why do you need to download all the files every time by yourself? Why not make a script do it, and you will no longer need to come to the website to check for any new versions. Because I need to be absolutely sure that I have got everything so the output of a script would have to be double-...
by NAB
Thu Feb 12, 2015 1:55 pm
Forum: General
Topic: Torrent
Replies: 43
Views: 15008

Re: RouterOS v6.27 released

So now you have four clicks instead of one. I disagree. Previously it was : click all, click link, click download, click 'save' in torrent app. Click to drag and drop to archive. Now it is : Click 'mipsbe', click download combined package link, click download all package link, click download capsma...
by NAB
Thu Feb 12, 2015 1:24 pm
Forum: General
Topic: Torrent
Replies: 43
Views: 15008

Re: RouterOS v6.27 released

How is torrent related to what you asked for?
Because the ALL package was only available by torrent.
by NAB
Thu Feb 12, 2015 1:14 pm
Forum: General
Topic: Torrent
Replies: 43
Views: 15008

Re: RouterOS v6.27 released

But why has Mikrotik removed the all file torrent link? Because Mikrotik aren't end-users and have no idea why end-users may want this feature. I, for one, want a complete archive of every single version, including the Netinstall which is known to work with every single version. If I don't have the...
by NAB
Mon Jan 26, 2015 1:29 pm
Forum: General
Topic: Antivirus defs not updating on mikrotik 750
Replies: 7
Views: 2750

Re: Antivirus defs not updating on mikrotik 750

I believe it has to do with forwarding specific port on router
Why? Nothing you have said would indicate this as a cause of the problem.
by NAB
Wed Jan 14, 2015 3:38 pm
Forum: General
Topic: IPv6 RAs leaking out of VLANs - IPv6 unusable.
Replies: 5
Views: 2923

Re: IPv6 RAs leaking out of VLANs - IPv6 unusable.

Do any of your Ethernet ports have master-port set (aka, are they running in switch mode)? Ports ether18 to ether 24 all have ether17 as the master, but apart from that, no. There's no output from the "/interface ethernet switch ingress-vlan-translation export compact" command. If I remov...
by NAB
Wed Jan 14, 2015 12:04 pm
Forum: General
Topic: Antivirus defs not updating on mikrotik 750
Replies: 7
Views: 2750

Re: Antivirus defs not updating on mikrotik 750

Hello,

This is not a Mikrotik/RouterOS problem. I suggest you call a local IT consultant.
by NAB
Wed Jan 14, 2015 11:57 am
Forum: General
Topic: IPv6 RAs leaking out of VLANs - IPv6 unusable.
Replies: 5
Views: 2923

IPv6 RAs leaking out of VLANs - IPv6 unusable.

RouterOS: 6.24 Hardware: CRS125-24G-1S Firmware: 3.19 I have a problem with IPv6 RAs leaking out of VLANs. Consider the following configuration: /interface bridge add disabled=no name=bridge9 /interface vlan add disabled=no interface=ether17 name=vlan9 vlan-id=9 /interface bridge port add bridge=bri...
by NAB
Thu Jan 08, 2015 5:33 pm
Forum: General
Topic: openVPN p2pVPN between Tik and Pfsense
Replies: 3
Views: 2228

Re: openVPN p2pVPN between Tik and Pfsense

Hi,

What is your budget for this project?
by NAB
Thu Nov 13, 2014 10:50 pm
Forum: General
Topic: New forum look & feel
Replies: 64
Views: 12995

Re: New forum look & feel

The spacing's all wrong. The horizontal line shows the break between posts where everything's all crammed together and the arrowed area shows white space I didn't create which creates a false break between posts.

The whole thing's horribly clunky.
Capture.PNG
by NAB
Thu Nov 13, 2014 10:45 pm
Forum: General
Topic: New forum look & feel
Replies: 64
Views: 12995

Re: New forum look & feel

Not nice. Not at all nice.

My main bugbear is that posts take up too much space and it's difficult to see where one post ends and the next reply starts.
by NAB
Tue Sep 23, 2014 10:50 am
Forum: General
Topic: running VPN within VPN
Replies: 5
Views: 2321

Re: running VPN within VPN

Select it for what? You just make traffic to the SSTP end point route over the PPTP interface and then make all the other traffic route over the SSTP interface.
by NAB
Mon Sep 22, 2014 5:22 pm
Forum: General
Topic: port forward on a pppoe client
Replies: 1
Views: 1373

Re: port forward on a pppoe client

Depending on what you mean and what you want to achieve, there are several ways of doing it.

Please provide (much) more information.
by NAB
Mon Sep 22, 2014 5:21 pm
Forum: Scripting
Topic: Tips
Replies: 1
Views: 1137

Re: Tips

Do you have a question?
by NAB
Mon Sep 22, 2014 5:20 pm
Forum: General
Topic: running VPN within VPN
Replies: 5
Views: 2321

Re: running VPN within VPN

Yes it's possible - Just route your SSTP tunnel down the PPTP interface.
Not sure I'd recommend it though!
by NAB
Wed Sep 17, 2014 4:39 pm
Forum: Beginner Basics
Topic: l2tp Client not reachable
Replies: 3
Views: 1480

Re: l2tp Client not reachable

You need to ensure that you are routing the correct networks up and down the L2TP link. Do a packet trace or watch the network to see where your packets are going. You will probably find they're not going where you want!
by NAB
Wed Sep 17, 2014 4:37 pm
Forum: General
Topic: Firefox, Chrome - can't start https google services
Replies: 2
Views: 1621

Re: Firefox, Chrome - can't start https google services

1) See which firewall rules are being hit.
2) Look at a packet trace
3) Remember that you can only proxy HTTP, not HTTPS.
by NAB
Wed Sep 17, 2014 11:20 am
Forum: Forwarding Protocols
Topic: Suggestions for hub/spoke routing
Replies: 4
Views: 2322

Re: Suggestions for hub/spoke routing

When you say 'connecting back to A', how is this done? Physical cable/VPN/ISP?
by NAB
Wed Sep 17, 2014 11:18 am
Forum: General
Topic: reset all counters
Replies: 1
Views: 1371

Re: reset all counters

You can't undo resetting counters. Not possible.
by NAB
Wed Sep 17, 2014 11:16 am
Forum: General
Topic: certificate problem 5.26
Replies: 2
Views: 1360

Re: certificate problem 5.26

This is not an error. The browsers are simply stating that they cannot verify that the site is who it says it is. Just click through the warnings - the traffic will still be encrypted. If you really don't want to see this message, you will need to purchase a certificate from a trusted vendor (Google...
by NAB
Wed Sep 17, 2014 11:13 am
Forum: General
Topic: suspicious activity is seen in Torch after DOS attacks
Replies: 1
Views: 1012

Re: suspicious activity is seen in Torch after DOS attacks

You're seeing link-local traffic. Nothing to worry about.
by NAB
Wed Sep 17, 2014 11:11 am
Forum: Beginner Basics
Topic: Redirect to website
Replies: 3
Views: 1394

Re: Redirect to website

we hosted our own website and now we moved it to clouds No. You moved it to somebody else's computer. 'The clouds' don't exist. Somebody else's computer under somebody else's control. So when you go to the domain on our network you are redirected to our old server, all I have right now is a winbox ...
by NAB
Wed Sep 17, 2014 10:46 am
Forum: RouterBOARD hardware
Topic: On the right is the SB6120 modem
Replies: 1
Views: 1399

Re: On the right is the SB6120 modem

I am sorry, but that makes no sense.
by NAB
Wed Sep 17, 2014 10:45 am
Forum: General
Topic: How to backup Mikrotik router board 1000
Replies: 1
Views: 1115

Re: How to backup Mikrotik router board 1000

To fully recover, you need two things: 1) The ROS software from http://www.mikrotik.com/download for the version running on the RB. 2) A backup image taken with '/system backup save name=BACKUPFILENAME' Optionally, I'd also go for: 3) An export taken with '/export verbose file=EXPORTFILENAME' Then i...
by NAB
Wed Sep 17, 2014 12:15 am
Forum: General
Topic: IP-Scan Not Running
Replies: 1
Views: 1696

Re: IP-Scan Not Running

I suggest you contact MikroTik support and send a supout file.
by NAB
Wed Sep 17, 2014 12:14 am
Forum: General
Topic: Possible "Stall" Bug
Replies: 3
Views: 1753

Re: Possible "Stall" Bug

Does it start working again if you disable and then enable the interface?
by NAB
Wed Sep 17, 2014 12:13 am
Forum: General
Topic: Routing between client pptp
Replies: 8
Views: 3680

Re: Routing between client pptp

Do you have a question?
by NAB
Wed Sep 17, 2014 12:12 am
Forum: General
Topic: Loop Ip
Replies: 2
Views: 1354

Re: Loop Ip

I am not sure I understand you. Please explain exactly what you mean.
by NAB
Wed Sep 17, 2014 12:12 am
Forum: General
Topic: Config Review
Replies: 2
Views: 1187

Re: Config Review

There are a number of consultants here who would be more than happy to review your configuration. I suggest you state how much you are willing to offer and see who's interested.
by NAB
Tue Sep 16, 2014 4:13 pm
Forum: RouterBOARD hardware
Topic: Map2n + Branding Maker
Replies: 2
Views: 1895

Re: Map2n + Branding Maker

This could be related to the 'incorrect path' problem I found here - http://forum.mikrotik.com/viewtopic.php?f=2&t=88983
by NAB
Tue Sep 16, 2014 4:11 pm
Forum: RouterBOARD hardware
Topic: On the right is the SB6120 modem
Replies: 1
Views: 1399

Re: On the right is the SB6120 modem

Do you have a question?
by NAB
Tue Sep 16, 2014 4:10 pm
Forum: Beginner Basics
Topic: Change the way Mac Idriss ethers Almaekerotk 1100
Replies: 1
Views: 1059

Re: Change the way Mac Idriss ethers Almaekerotk 1100

/interface ethernet set [find default-name=ether1] mac-address=01:02:03:04:05:06
by NAB
Thu Sep 11, 2014 5:55 pm
Forum: Wireless Networking
Topic: How to unlock Telstra WiFi 4G (Netgear 782s)
Replies: 0
Views: 1316

Re: How to unlock Telstra WiFi 4G (Netgear 782s)

This is a board for Mikrotik products.
by NAB
Thu Sep 11, 2014 5:38 pm
Forum: Scripting
Topic: Import files into /system script
Replies: 1
Views: 1393

Re: Import files into /system script

There are a couple of ways of doing it (wrap them in a script which adds them, or do a HTTP GET to pull them down and then store them). Neither are easy/convenient and both will require yet more scripting!
by NAB
Thu Sep 11, 2014 12:57 pm
Forum: Beginner Basics
Topic: DHCP server always red,Please Help --- solved
Replies: 3
Views: 21341

Re: DHCP server always red,Please Help

wlan2 doesn't have an IP address.
by NAB
Thu Sep 11, 2014 7:40 am
Forum: General
Topic: Routing +Economics Question
Replies: 1
Views: 974

Re: Routing +Economics Question

We have a few cell/data-only modems with the local telco which are servicing some small remote networks. Are these modems in the telco's premesis, at a customer's site or somewhere else? a) place an appliance with each modem, cost: price of hardware + annual license fee Licence fee? Who would this ...
by NAB
Thu Sep 11, 2014 7:36 am
Forum: Beginner Basics
Topic: Help !! assign public ip range for single Interface
Replies: 1
Views: 1023

Re: Help !! assign public ip range for single Interface

Please could you give an example of how you would want to set this up. Please use RFC5737 address space so we can see exactly what IPs you want from which networks where.
by NAB
Thu Sep 11, 2014 7:32 am
Forum: Scripting
Topic: external ip address block
Replies: 2
Views: 1557

Re: external ip address block

Short answer: No. You cannot stop any site from seeing your external IP address and, possibly, showing it to the user. You can block 'whatismyip.com' in several ways: * Add a static DNS entry which points nowhere * Add firewall rules if you know its IP addresses Both methods have disadvantages and/o...
by NAB
Thu Sep 11, 2014 7:25 am
Forum: General
Topic: User time window
Replies: 2
Views: 1252

Re: User time window

Permit the traffic between 1700-2000 and then block all traffic from that IP outside of these times. /ip firewall filter add \ chain=forward \ out-interface=WAN \ src-address=192.0.2.0/24 \ time=17h-20h,sun,mon,tue,wed,thu,fri,sat \ action=accept add \ chain=forward \ out-interface=WAN \ src-address...
by NAB
Thu Sep 11, 2014 7:13 am
Forum: General
Topic: Blocking internal traffic between 2 DHCP networks
Replies: 3
Views: 1748

Re: Blocking internal traffic between 2 DHCP networks

If the firewall rule isn't working, the chances are it's because either you specified the rule incorrectly or the traffic is not being routed through the RB. Please can you post output of the following commands:

/ip address print
/ip route print
/ip dhcp-server print
/ip dhcp-server network print
by NAB
Thu Sep 11, 2014 7:08 am
Forum: General
Topic: DHCP Server - Block Access
Replies: 1
Views: 7992

Re: DHCP Server - Block Access

DHCP is not an ongoing process - it happens only when an IP is required or must be renewed. Therefore any actions such as block will only take place at the time the DHCP request is received.
To block a client, you must add a firewall rule to block either its IP or MAC.
by NAB
Thu Sep 11, 2014 7:05 am
Forum: General
Topic: SSTP tunnel does not detect connection failure
Replies: 6
Views: 2263

Re: SSTP tunnel does not detect connection failure

We're running straight L2TP where encryption isn't required and L2TP/IPSec where it is. Works flawlessly.
by NAB
Wed Sep 10, 2014 3:29 pm
Forum: General
Topic: Firewall rule filtered on vpn connected clients
Replies: 1
Views: 1120

Re: Firewall rule filtered on vpn connected clients

In the PPP profile, add the names of input and output filters you want to use. Then in Firewall/filter, add rules to these chains.
by NAB
Wed Sep 10, 2014 3:23 pm
Forum: General
Topic: SSTP tunnel does not detect connection failure
Replies: 6
Views: 2263

Re: SSTP tunnel does not detect connection failure

I have had some very bad experiences using SSTP (tunnels staying up when they shouldn't be and massive packet loss).

I would strongly recommend that you avoid SSTP like the plague if at all possible.
by NAB
Wed Sep 10, 2014 2:28 pm
Forum: General
Topic: mAP2n - WebFig saving skins to wrong directory.
Replies: 2
Views: 1932

mAP2n - WebFig saving skins to wrong directory.

Hi, Interesting problem... I have some mAP2n's here I'm wanting to use for a project. This involves implementing a WebFig skin. 1) Taking a mAP2n with no configuration, clicking 'save' under WebFig skin designer does nothing. The skin is not saved. 2) If I FTP into the mAP2n and create a directory '...
by NAB
Fri Aug 15, 2014 3:02 pm
Forum: General
Topic: IP telephony
Replies: 6
Views: 3613

Re: IP telephony

As somebody whose business uses ROS extensively in its VoIP network infrastructure, may I ask exactly what feature(s) you are looking for?
by NAB
Tue Jun 24, 2014 11:14 pm
Forum: RouterBOARD hardware
Topic: RB750 hardware failure
Replies: 5
Views: 4288

Re: RB750 hardware failure

After a couple tries i noticed a very very thin line of smoke.
Once the components have released their magic smoke, there is no option but to return the board to your supplier (assuming it's under warranty) or throw it away.
by NAB
Sun Apr 06, 2014 11:40 am
Forum: General
Topic: Remote Access to 3G with Internal IP Address
Replies: 4
Views: 2351

Re: Remote Access to 3G with Internal IP Address

There is no such thing as an 'external' or 'internal' IP address. An IP address is an IP address. Whether or not it is publically routable is a different matter. I am assuming that you mean the ISP is supplying an IP address which is not routable (probably in RFC1918 address space) and you need to b...
by NAB
Sat Apr 05, 2014 11:18 pm
Forum: General
Topic: pleaaaaaaas help
Replies: 1
Views: 1046

Re: pleaaaaaaas help

If the counters have been reset, they've been reset - they cannot be restored. This wouldn't remove any users though, so perhaps you have done something else?
by NAB
Sat Apr 05, 2014 11:16 pm
Forum: General
Topic: Remote Access to 3G with Internal IP Address
Replies: 4
Views: 2351

Re: Remote Access to 3G with Internal IP Address

I am afraid that I do not understand a) what you are trying to achieve, and b) what your problem is. Perhaps you could post a network diagram?
by NAB
Sat Apr 05, 2014 11:15 pm
Forum: General
Topic: VLAN tagging and forwarding - Help needed!
Replies: 8
Views: 2361

Re: VLAN tagging and forwarding - Help needed!

Plug the Linksys into ether1 and the modem into ether2, then run the following commands: /interface bridge add l2mtu=1600 name=bridge1 /interface vlan add interface=ether2 l2mtu=2286 name=vlan2_100 vlan-id=100 /interface bridge port add bridge=bridge1 interface=ether1 add bridge=bridge1 interface=vl...
by NAB
Sat Apr 05, 2014 11:03 pm
Forum: General
Topic: RB912UAG-2HPnD and Sierra Wireless MC8780
Replies: 5
Views: 2737

Re: RB912UAG-2HPnD and Sierra Wireless MC8780

OK. I have definitely confirmed that despite the compatibility page on the wiki ( http://wiki.mikrotik.com/wiki/Supported_Hardware ) stating that the card works, the MC8780 DOES NOT WORK on RB912 boards as follows: ROS 5.x - Works if wireless is disabled. ROS 6.x - Won't work at all. I requested tha...
by NAB
Sat Apr 05, 2014 10:59 pm
Forum: General
Topic: Dell 5600 WWAN - Gobi1000 - Drivers
Replies: 1
Views: 2460

Dell 5600 WWAN - Gobi1000 - Drivers

Hi all, I have a large project to roll out and am having a problem finding a reliable supply of miniPCIexpress GSM cards which work on RB912s. I have been given a sample of Dell 5600 Gobi1000 cards, which RouterOS detects as: [admin@Test] > /system resource usb print # DEVICE VENDOR NAME SPEED 0 1:1...
by NAB
Wed Mar 12, 2014 12:46 pm
Forum: General
Topic: Adding certain DNS answers to an address list, switch mode!
Replies: 4
Views: 2015

Re: Adding certain DNS answers to an address list, switch mo

Any ideas on that part? :)
I guess I'd have to ask what it is you're trying to achieve.
by NAB
Wed Mar 12, 2014 11:19 am
Forum: General
Topic: RB912UAG-2HPnD and Sierra Wireless MC8780
Replies: 5
Views: 2737

Re: RB912UAG-2HPnD and Sierra Wireless MC8780

I shipped 12 units out to my customer yesterday running 5.26 and with wireless disabled. This will do for the moment - I can stall the customer on the promise of a firmware update, but I do need to get this fixed - the end user requires 50 units a month for the next two years (if everything goes to ...
by NAB
Wed Mar 12, 2014 11:14 am
Forum: Beginner Basics
Topic: Routerboard 1100 Webfig
Replies: 1
Views: 969

Re: Routerboard 1100 Webfig

Now when i go to the web interface I see the old Interface pre-Webfig era but with broken images. Is there any way I can make the new Web interface the default web interface. 1 - Don't use webfig. It will break things in strange ways. 2 - If you must use webfig, try: /system routerboard upgrade /fi...
by NAB
Wed Mar 12, 2014 11:09 am
Forum: Beginner Basics
Topic: Winbox behind firewall
Replies: 3
Views: 1926

Re: Winbox behind firewall

Here the topology (pFsense <> squid3) > my computer (where i use winbox to connect to remote 750gl routerbord) Sorry. That makes no sense. Do you mean: 750GL <--> Internet <--> pfsense <--> Squid3 <--> Computer If your only access to the Internet is through a squid proxy, then you won't be able to ...
by NAB
Wed Mar 12, 2014 11:06 am
Forum: General
Topic: need help, how to make schedule queue?
Replies: 1
Views: 976

Re: need help, how to make schedule queue?

I want to make bandwidth unlimited from 05:01 o'clock to 07:00 o'clock...
Use the time parameter in the mangle rule to ensure that the packets are appropriately marked at the correct time of day. Then queue based on packet marks.
by NAB
Wed Mar 12, 2014 11:04 am
Forum: Scripting
Topic: tool fetch timeout
Replies: 2
Views: 4832

Re: tool fetch timeout

is it possible to add timeout option to fetch tool.
This is something I would find useful. Ideally there should be three timeouts available: DNS lookup, connection and completion.
by NAB
Tue Mar 11, 2014 9:27 pm
Forum: General
Topic: RB912UAG-2HPnD and Sierra Wireless MC8780
Replies: 5
Views: 2737

Re: RB912UAG-2HPnD and Sierra Wireless MC8780

Right. Having done some testing.... MC8780 with ROS 6.10 - Doesn't work at all. Attempting to create a supout file while the port is marked as invalid fails and the board reboots. MC8780 with ROS 5.26 - Occasionally works with WiFi enabled, but when it stops working, it never starts again, even afte...
by NAB
Tue Mar 11, 2014 4:56 pm
Forum: General
Topic: RB912UAG-2HPnD and Sierra Wireless MC8780
Replies: 5
Views: 2737

Re: RB912UAG-2HPnD and Sierra Wireless MC8780

are you sure that this modem works ok also in v5.26 with wireless card enabled?
I have one board it runs fine on, but another doesn't. Disabling wireless does seem to cure the problem though. Is this a known error? Can I not run the MC8780 and WiFi at the same time?
by NAB
Tue Mar 11, 2014 3:53 pm
Forum: General
Topic: RB912UAG-2HPnD and Sierra Wireless MC8780
Replies: 5
Views: 2737

RB912UAG-2HPnD and Sierra Wireless MC8780

Hi, Got a problem with the RB912UAG-2HPnD boards, Sierra Wireless MC8780 cards and ROS 6.x. Under ROS 6.10, every now and again, I can bring up a ppp-client interface on the MC8780, but most of the time all I get is: ppp-out1: resetting link... - could not acquire serial port The port itself is show...
by NAB
Mon Mar 10, 2014 2:46 pm
Forum: General
Topic: issues with ping , routing marks
Replies: 3
Views: 1670

Re: issues with ping , routing marks

Can any one help me with this ?
Please post the relevant portion of your configuration.
by NAB
Mon Mar 10, 2014 2:45 pm
Forum: General
Topic: Adding certain DNS answers to an address list, switch mode!
Replies: 4
Views: 2015

Re: Adding certain DNS answers to an address list, switch mo

it has to be done as a "switch" This is not possible. Any traffic travelling from port to port where those ports are set to switch will not travel through the CPU and so therefore cannot be subject to any rules. There is a way of doing what you require by using a bridge. Create a bridge. ...
by NAB
Sat Mar 08, 2014 2:18 am
Forum: Beginner Basics
Topic: PPPoE - firewall rules - help
Replies: 4
Views: 2810

Re: PPPoE - firewall rules - help

in-interface=unknown and this is bad solution..
Yes - sorry, my mind was elsewhere and you are correct - for you this is not a good solution. Instead, create a new PPP profile for each connection and use the 'incoming filter' to do the check/drop.
by NAB
Sat Mar 08, 2014 2:14 am
Forum: Scripting
Topic: IP Addressing Script
Replies: 7
Views: 2017

Re: IP Addressing Script

Yeee-ouch. That's nasty and I'm surprised it works at all.
by NAB
Sat Mar 08, 2014 2:11 am
Forum: General
Topic: vlan translation
Replies: 7
Views: 2326

Re: vlan translation

my vision Unless I'm really misunderstanding you, I can't see why you need to complicate things by using some sort of translation. Just create the appropriate VLAN interfaces on each of the physical ethernet interfaces and use them - ROS will then tag/de-tag according to which interface the traffic...
by NAB
Sat Mar 08, 2014 2:08 am
Forum: General
Topic: Netwatch script
Replies: 14
Views: 4511

Re: Netwatch script

Can you point me in the right direction on the variables for the name in the comments section? I can't find any info on that at all. Try: [admin@MikroTik] > /tool netwatch add host=10.0.1.20 comment="Printer" interval=1m down-script=printerdown [admin@MikroTik] > :put [/tool netwatch get ...
by NAB
Sat Mar 08, 2014 1:59 am
Forum: General
Topic: Mikrotik not allowing me to use a new internet connection
Replies: 5
Views: 1525

Re: Mikrotik not allowing me to use a new internet connectio

Hi, when I changed the address to 203.153.240.26/30, the network below changes to 203.153.240.24, this IP does not exist, but in the route list it shows up as reachable. You said that the subnetmask was 255.255.255.252. This equates to 30 bits. This means that your network address is 203.153.240.24...
by NAB
Fri Mar 07, 2014 12:18 pm
Forum: Beginner Basics
Topic: Need help with first 951G Install
Replies: 5
Views: 2108

Re: Need help with first 951G Install

Just received my new RouterBOARD 951G-2HnD. Am very confused. From reading your post, I too am very confused. I think the thing you need to get clear in your head is what, exactly do you expect/want the RouterBoard to do? From your description, it seems that you just want to use it as a switch - if...
by NAB
Thu Mar 06, 2014 5:14 pm
Forum: General
Topic: VPN
Replies: 3
Views: 1574

Re: VPN

Please advice
What do you want to know?
by NAB
Thu Mar 06, 2014 4:58 pm
Forum: General
Topic: Netwatch script
Replies: 14
Views: 4511

Re: Netwatch script

Ok, can you show me a similar script so I can learn from it and try to reverse engineer it? In a word, no - I'd pretty much have to write it for you. However, the wiki pages on scripting should give you enough information to be able to write it yourself. If you can't grok it from them, then I am af...
by NAB
Thu Mar 06, 2014 12:28 pm
Forum: Beginner Basics
Topic: PPPoE - firewall rules - help
Replies: 4
Views: 2810

Re: PPPoE - firewall rules - help

0 ;;; access-list eth1 chain=forward action=accept src-address=x.y.z.160/27 in-interface=ether1 1 chain=forward action=accept out-interface=ether1 chain=forward action=drop in-interface=ether1 You won't see the data on etherX - you need to be using the PPPoE interface not the physical Ethernet inte...
by NAB
Thu Mar 06, 2014 12:07 pm
Forum: Beginner Basics
Topic: cannot ping management interface via trunk port
Replies: 1
Views: 1968

Re: cannot ping management interface via trunk port

ETH2 is in a bridge. Why? I connect a ubiquiti toughswitch to the ETH2 physical interface on the mikrotik and the UBNT cannot ping the Mikrotik and the Mikrotik cannot ping the UBNT toughswitch. Toughswitch has the management interface configured and tagged with the proper vlan. Which VLAN? What IP...
by NAB
Thu Mar 06, 2014 11:57 am
Forum: General
Topic: Help please
Replies: 3
Views: 1061

Re: Help please

i have 2 ppoe accounts, i succeed to make a ppoe server from the first account, but now i need to make 2 ppoe servers, so each server provide internet from diffrent accounts.
I am afraid I have no idea what you mean. Maybe it would help if you could draw a network diagram.
by NAB
Thu Mar 06, 2014 11:54 am
Forum: General
Topic: PPPoE multilink
Replies: 4
Views: 1497

Re: PPPoE multilink

Can anyone help me
It is very unlikely that anybody will be able to guess what your configuration is. I don't think you will get any sensible answers until you provide sample configurations, debug/log messages and possibly a network diagram.
by NAB
Thu Mar 06, 2014 11:52 am
Forum: Beginner Basics
Topic: RB2011 Setup Help
Replies: 2
Views: 1314

Re: RB2011 Setup Help

my setup is
Sorry. That's way too confusing. I am afraid that I have no idea what you are trying to achieve. Perhaps you could provide a network diagram?
by NAB
Thu Mar 06, 2014 11:48 am
Forum: Scripting
Topic: IP Addressing Script
Replies: 7
Views: 2017

Re: IP Addressing Script

Hi, I am trying to come up with a script that will get whatever the IP address is on Port 1 (dynamically assigned by my ISP) and then assign this same address to the device I have on Port 5. You can't have the same address on two different devices (at least, this is a very very very wrong way of do...
by NAB
Thu Mar 06, 2014 11:47 am
Forum: General
Topic: multi WAN NAT for different LANs
Replies: 5
Views: 2745

Re: multi WAN NAT for different LANs

What should I do to make the setup work.
Mangle rules, mark connections and routes. Then route according to the routing marks. This should all be covered in an MTCNA course.
by NAB
Thu Mar 06, 2014 11:44 am
Forum: General
Topic: User details database can be use with static ip
Replies: 1
Views: 1181

Re: User details database can be use with static ip

User details database and postpaid billing can be use with static ip ??
I am afraid you haven't given enough information for us to answer your question. I suggest detailing exactly what you want to achieve (preferably with some network diagrams) and somebody may be able to help.
by NAB
Thu Mar 06, 2014 11:42 am
Forum: Scripting
Topic: Ping results to log
Replies: 3
Views: 8976

Re: Ping results to log

Is that correct? Because I got different result with "flood-ping" and "ping" from terminal.
The code looks fine to me. I am pretty sure that avg-rtt is only available from flood-ping and I would certainly use flood-ping.
by NAB
Thu Mar 06, 2014 11:35 am
Forum: General
Topic: vlan translation
Replies: 7
Views: 2326

Re: vlan translation

My ISP gives me vlan 372, but I have a vlan with same vlan id. Cisco has a vlan translation technology. Does Mikrotik has same technology? Not sure what you're trying to achieve here - are you saying that you want to run your own VLAN tags to your ISP or just that you run your own VLAN tags on the ...
by NAB
Thu Mar 06, 2014 11:32 am
Forum: General
Topic: Netwatch script
Replies: 14
Views: 4511

Re: Netwatch script

Is this something that can be done within the Mikrotik OS?
Yes. Have each netwatch run a unique script on up/down which sets some variables (name, up/down, date/time etc. etc.), then each of these scripts calls one script which does the e-mailing. Easy-peasy.
by NAB
Thu Mar 06, 2014 11:30 am
Forum: General
Topic: Mikrotik not allowing me to use a new internet connection
Replies: 5
Views: 1525

Re: Mikrotik not allowing me to use a new internet connectio

IP Address: 203.153.240.26
Subnet Mask: 255.255.255.252
In my address list I have added a new address:
address: 203.153.240.26/24
Shouldn't this be
address: 203.153.240.26/30
Also, are you NATting (src-nat) traffic egressing on ether1?
by NAB
Thu Mar 06, 2014 11:19 am
Forum: General
Topic: RADIUS and service types...
Replies: 0
Views: 864

RADIUS and service types...

I have a problem. We have a RB which acts as a concentrator/LNS and uses RADIUS. We have some people connecting who should only use L2TP, some who may use SSTP or L2TP and some who may use PPTP Using RADIUS, is there a way of limiting the service type permitted for a specific user? I've done a load ...
by NAB
Thu Feb 20, 2014 11:32 pm
Forum: General
Topic: MUM Europe 2014 - Italy, Venice, February 20-21
Replies: 145
Views: 73324

Re: MUM Europe 2014 - Italy, Venice, February 20-21

Schedule is only for order of events, the time changes all the time, because people don't stick to assigned length of presentations. And this is something which, in my humble opinion, needs addressing. Today, for instance, a number of the presenters were very disrespectful of both the audience's ti...
by NAB
Fri Nov 15, 2013 7:20 pm
Forum: General
Topic: MUM Italy - The British contingent...
Replies: 3
Views: 1578

Re: MUM Italy - The British contingent...

I'm sorry to hear that. I would have imagined that Venice is a popular tourist destination. It is and there are direct flights (although not, sadly, from my local airport). I think, perhaps, that the school holidays have pushed the prices up well beyond what we have paid for flights into Eastern Eu...
by NAB
Wed Nov 13, 2013 3:46 pm
Forum: General
Topic: MUM Italy - The British contingent...
Replies: 3
Views: 1578

MUM Italy - The British contingent...

OK, so flights and hotel booked - the flights are at nasty times, are expensive and involve changing in Paris - Venice is surprisingly difficult to get to from the UK. It also doesn't help that next year's MUM takes place during the UK school holidays :-(

Anyway, who else is going from the UK?
by NAB
Wed Nov 13, 2013 2:50 pm
Forum: General
Topic: MUM Italy ticket prices - USD30 or USD50?
Replies: 1
Views: 861

MUM Italy ticket prices - USD30 or USD50?

Hi,

The page http://mum.mikrotik.com/2014/IT/info says "If you wish to also receive a free RouterOS license, and free lunch - Entry price is $30 (US)", however on booking, it asks for "50 USD".

Which is correct?

Cheers.
by NAB
Tue Nov 12, 2013 12:17 am
Forum: General
Topic: CRS default configuration
Replies: 4
Views: 2089

CRS default configuration

Just received a CRS125-24G-1S.

When 'remove configuration' is selected from the pop-up window that appears in Winbox, the default configuration is not removed.

When '/system reset-configuration no-defaults=yes' is run, the box returns without the default configuration as one would expect.
by NAB
Wed Sep 04, 2013 3:18 pm
Forum: General
Topic: 6.3 Released
Replies: 95
Views: 28872

Re: 6.3 Released

I seem to have a problem with Netinstall 6.3 on Windows 8. When I select either the configuration script or the package source directory, neither the "browse for folder" and "select script" dialog windows show mapped network drives - that is, I can see drive C: (boot/OS drive) an...
by NAB
Mon Dec 10, 2012 12:42 pm
Forum: General
Topic: How do I push the DNS section into DHCPv6
Replies: 4
Views: 1492

Re: How do I push the DNS section into DHCPv6

I try to find a textbox which can fill with IPv6 DNS What, exactly, do you want to achieve? If you want to tell ROS about IPv6 DNS servers then this is done as follows: /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \ max-udp-packet-size=512 servers=\ 8.8.4.4,8.8.8.8,2001...
by NAB
Tue Nov 20, 2012 1:19 pm
Forum: General
Topic: [solved] L2TP/IPSec client to site configuration
Replies: 6
Views: 2005

Re: [ask] L2TP/IPSec client to site configuration

is it necessary? because i don't have any privilege to do that. :(
4.3 is incredibly old. Assuming that you have read the wiki section on IPSec and have set your configuration correctly, then this would be my first course of action.
by NAB
Tue Nov 20, 2012 1:16 pm
Forum: General
Topic: Panasonic behind Mikrotik... SIP
Replies: 7
Views: 6617

Re: Panasonic behind Mikrotik... SIP

In packets i see internal IP of Panasonic, i need to change it to external ip The PBX/server they are registering to may be able to flag registrations as from a NATted source. Asterisk, for example, lets you state "nat=yes" in sip.conf in which case the address within the SIP packets is i...
by NAB
Mon Nov 19, 2012 12:01 pm
Forum: General
Topic: Panasonic behind Mikrotik... SIP
Replies: 7
Views: 6617

Re: Panasonic behind Mikrotik... SIP

sip is such a terrible service when mixed with NAT As a VoIP telco, I have to agree. Don't expect it to work. Expect niggles, glitches and strange things. Personally, I am sick to the back teeth of telecoms companies installing systems without having the first clue how the Internet works... That ha...
by NAB
Sat Nov 17, 2012 12:20 pm
Forum: General
Topic: route 80 traffic
Replies: 1
Views: 1076

Re: route 80 traffic

Do you any examples how to mark port 80 (http) to 2nd ISP.
The Wiki is your friend. Start with http://wiki.mikrotik.com/wiki/Manual:IP ... ng_packets and then have a look at routing.
by NAB
Sat Nov 17, 2012 12:16 pm
Forum: General
Topic: Use Mikrotik RouterOS to block sites.
Replies: 2
Views: 1451

Re: Use Mikrotik RouterOS to block sites.

Is there a way we can use mikrotik router OS as a solution to this as they are already using it as a router? Maybe block the sites based on IP addresses of the LAN users as they all use static IPs.
Yes. That's exactly what I'd do. Address lists are your friend.
by NAB
Fri Nov 16, 2012 5:35 pm
Forum: General
Topic: MUM 2013 - The British Contingent
Replies: 15
Views: 5717

Re: MUM 2013 - The British Contingent

Easyjet
Travelled Easyjet every other weekend for three years when I worked in Zurich. Swore I'd never fly with them again!
by NAB
Fri Nov 16, 2012 3:47 pm
Forum: Beginner Basics
Topic: PPPOE
Replies: 7
Views: 2308

Re: PPPOE

I am sorry - I completely misread your initial post. For some strange reason I got it into my head that you wanted to run two PPPoE sessions on on interface. Doh! Now that I've read it properly, what you want to do is a piece of cake - in fact it's what we I do at home right now. You just plug your ...
by NAB
Fri Nov 16, 2012 3:24 pm
Forum: General
Topic: European MUM 2013: Croatia!
Replies: 51
Views: 23015

Re: European MUM 2013: Croatia!

If any Brits are planning on going, see this forum topic.
by NAB
Fri Nov 16, 2012 2:57 pm
Forum: General
Topic: MUM 2013 - The British Contingent
Replies: 15
Views: 5717

Re: MUM 2013 - The British Contingent

OK. I'm all booked up now.

Flying with Croatian Airlines from Heathrow. Out on the 13th at 1050 (OU491) and back on the 16th at 1435 (OU492).

I'll be driving from Warwick to Heathrow following this route, so if anybody wants a lift, just shout.
by NAB
Fri Nov 16, 2012 1:58 pm
Forum: General
Topic: MUM 2013 - The British Contingent
Replies: 15
Views: 5717

Re: MUM 2013 - The British Contingent

Announced now.

The first MUM in Croatia (Zagreb), March 14-15, 2013.

Hotel is the Sheraton in the centre.

http://www.tripadvisor.co.uk/Hotel_Revi ... agreb.html
by NAB
Fri Nov 16, 2012 1:38 pm
Forum: The Dude
Topic: Pay for DUDE ?
Replies: 19
Views: 7620

Re: Pay for DUDE ?

I think they should charge for The Dude. Why? At the moment, The Dude is a loss-leader for other MT products since it is so tightly integrated/bound. If you've got a The Dude installation, then surely you're more likely to buy MT products rather than a competitor's? If there was a licence charge, w...
by NAB
Fri Nov 16, 2012 12:17 pm
Forum: General
Topic: You cannot make another post so soon after your last.
Replies: 4
Views: 1664

Re: You cannot make another post so soon after your last.

Many thanks for the speedy response.
by NAB
Fri Nov 16, 2012 11:54 am
Forum: Wireless Networking
Topic: Access Point Monitoring
Replies: 1
Views: 1387

Re: Access Point Monitoring

Have a look at The Dude (MT's own monitoring tool) or, if you want something bigger and better (and significantly more difficult to configure), Nagios.
by NAB
Fri Nov 16, 2012 11:51 am
Forum: General
Topic: You cannot make another post so soon after your last.
Replies: 4
Views: 1664

Re: You cannot make another post so soon after your last.

This was done to prevent spamming bots?
Indeed. Hence the request to lower (or remove) this limit once somebody has passed the Turing test!
by NAB
Fri Nov 16, 2012 11:49 am
Forum: Forwarding Protocols
Topic: Problem in forwarding port80 when mangle rule is enabled
Replies: 1
Views: 1507

Re: Problem in forwarding port80 when mangle rule is enabled

my port80 forwarding(hair pin code)
You forgot to attach your code. I don't think anybody here is psychic, so you're probably not going to get any help unless you can post details of your configuration!
by NAB
Fri Nov 16, 2012 11:47 am
Forum: General
Topic: Same network on different interfaces
Replies: 2
Views: 1582

Re: Same network on different interfaces

Somebody could spend a while going through all this with you, but there are better ways of doing things - what you are trying is definitely non-standard!

Do you mind if I ask why you want to use the same address space over all the interfaces and why you can't do it any other way?
by NAB
Fri Nov 16, 2012 11:44 am
Forum: General
Topic: You cannot make another post so soon after your last.
Replies: 4
Views: 1664

You cannot make another post so soon after your last.

Having a few free moments, I thought I'd have a look at some of the unanswered posts. Unfortunately, I keep getting stymied by the "You cannot make another post so soon after your last." limit on postings. Is there any way this limit can be lowered for, say, people who've posted more than ...
by NAB
Fri Nov 16, 2012 11:40 am
Forum: Beginner Basics
Topic: PPPOE
Replies: 7
Views: 2308

Re: PPPOE

I suspect that you're not going to be able to do that. If one PPPoE connection is to your ISP (DSL), where is the second one connected?
by NAB
Fri Nov 16, 2012 11:38 am
Forum: Forwarding Protocols
Topic: How to route Vlans
Replies: 1
Views: 1445

Re: How to route Vlans

How can I route all those vlans on my mikrotik router? VLAN interfaces are (to all intents and purposes) treated exactly the same as physical interfaces. This means you have to set things up exactly as though you had a cabled connection, so 1) IP addresses/networks defined on the VLAN interfaces. 2...
by NAB
Fri Nov 16, 2012 11:34 am
Forum: General
Topic: NTP
Replies: 2
Views: 1053

Re: NTP

After upgrading to 5.21 lost NTP server
What does this mean? Can you show the output of:
/system package print
/system ntp export
/system ntp client print
/system clock print
by NAB
Fri Nov 16, 2012 11:28 am
Forum: General
Topic: How can be excluded a site from Web proxy Redirect Rule ?
Replies: 6
Views: 3779

Re: How can be excluded a site from Web proxy Redirect Rule

Something like the following should do the trick: /ip firewall address-list add address=203.0.113.0/24 disabled=no list=donotproxy add address=198.51.100.0/24 disabled=no list=donotproxy /ip firewall nat add action=redirect chain=dstnat disabled=no dst-address-list=!donotproxy \ dst-port=80 protocol...
by NAB
Fri Nov 16, 2012 11:11 am
Forum: General
Topic: [solved] L2TP/IPSec client to site configuration
Replies: 6
Views: 2005

Re: [ask] L2TP/IPSec client to site configuration

i use RouterOS v4.3 ... what should i do next?
Upgrade to ROS 5.x.
by NAB
Fri Nov 16, 2012 11:05 am
Forum: General
Topic: Facebook Limit
Replies: 2
Views: 1639

Re: Facebook Limit

Something like this should do it, but you will need to check the address lists are correct. /ip firewall address-list add list=facebook address=173.252.64.0/18 /ipv6 firewall address-list add address=2a03:2880:2040:1f01:face:b00c::/128 disabled=no list=facebook /ip firewall filter add action=drop ch...
by NAB
Fri Nov 16, 2012 10:54 am
Forum: General
Topic: How to reboot the routerOS without rebooting the computer?
Replies: 3
Views: 1237

Re: How to reboot the routerOS without rebooting the compute

There wouldnt be any problem if the ROS wouldnt freeze in such a way I have described.
What I am saying is that I suspect your ROS is freezing because the USB or USB disk is failing. Seriously, put an IDE/SATA drive inside the box and don't use USB.
by NAB
Thu Nov 15, 2012 1:49 pm
Forum: General
Topic: How to reboot the routerOS without rebooting the computer?
Replies: 3
Views: 1237

Re: How to reboot the routerOS without rebooting the compute

Is there any possibility to reboot running routerOS without rebooting the whole computer? If ROS is running on the bare metal, then no. but my computer(core i5 2400) sometimes doesnt see USB disk after reboot so it cant load the routeros software from it and stays stuck. My guess is that your probl...
by NAB
Thu Nov 15, 2012 1:45 pm
Forum: General
Topic: IPv6 Ping does not work with domain names
Replies: 59
Views: 46554

Re: IPv6 Ping does not work with domain names

So the change is coming.
It's been over eleven months now, is this change any closer?
by NAB
Thu Nov 15, 2012 1:36 pm
Forum: The Dude
Topic: IPv6 support in Dude
Replies: 24
Views: 17990

Re: IPv6 support in Dude

Year passed and still no response.
Another 11 months and still no response.

We've just started using The Dude, but how do we monitor our IPv6 hosts?
by NAB
Thu Nov 15, 2012 1:34 am
Forum: Scripting
Topic: hotspot reseller
Replies: 1
Views: 1157

Re: hotspot reseller

i want to know if it is possible.
Yes. RADIUS is your friend.
by NAB
Thu Nov 15, 2012 1:32 am
Forum: General
Topic: Help .. Routerboard generating own traffic on internet side
Replies: 2
Views: 1295

Re: Help .. Routerboard generating own traffic on internet s

I'd suggest you see if you have "/ip proxy" enabled - if you do, firewall it so only your interal IPs can get to it.
Likewise, check you don't have an open DNS resolver (may be being used for an amplification attack).
by NAB
Wed Nov 14, 2012 9:29 pm
Forum: RouterBOARD hardware
Topic: Poor gigabit on RB/493G
Replies: 7
Views: 3195

Re: Poor gigabit on RB/493G

But the troughput is just at 50-60 MBs.
From what to what? Wireless to Ethernet? Ethernet to Ethernet (which interfaces) or wireless to wireless?
by NAB
Wed Nov 14, 2012 9:14 pm
Forum: General
Topic: Private IP address usage statistics
Replies: 13
Views: 87105

Re: Private IP address usage statistics

1 Class C network equals a /24 prefix CIDR One 'old' class C network is now a /24 CIDR. Correct. I never said otherwise. and is still a commonly used (and valid) terminology. It may be commonly used (although I haven't heard any network professionals use the term for many years), but in the context...
by NAB
Wed Nov 14, 2012 7:48 pm
Forum: Beginner Basics
Topic: sample configuration
Replies: 1
Views: 1563

Re: sample configuration

Running "/system reset-configuration" gives the same result - the router is inaccessible.
Silly question, but is your Ethernet cable plugged into ether1? If so, try again in one of ether2 to ether5.
by NAB
Wed Nov 14, 2012 7:00 pm
Forum: General
Topic: Private IP address usage statistics
Replies: 13
Views: 87105

Re: Private IP address usage statistics

I'm looking for private ip address usage statistics, preferably divided in class C networks. I need it for selecting address ranges, so it only needs to be approximate numbers. There are over 2 million class C networks (24 bit networks in the 192.0.0.0 to 223.255.255.255 range). This includes some ...
by NAB
Wed Nov 14, 2012 6:45 pm
Forum: Scripting
Topic: script that send mail whwm Ip cahnge
Replies: 7
Views: 3520

Re: script that send mail whwm Ip cahnge

my problem is how to save the old ip \where to put him
Easiest place is in a comment field. In my experience, the best place is on the interface the DHCP server is running on (/interface etherX set comment="1.2.3.4") - that way it survives reboots and power cuts.
by NAB
Wed Nov 14, 2012 6:40 pm
Forum: General
Topic: DHCP Server per each port and independent WAN IPs
Replies: 2
Views: 1477

Re: DHCP Server per each port and independent WAN IPs

...the second part is to configure 4 DHCP Clients (with one IP to be masquerade for each LAN port) on the WAN port.
Can't be done. You can only have one DHCP client on each interface. You need to do this with static IPs on the WAN interface.
by NAB
Wed Nov 14, 2012 6:37 pm
Forum: General
Topic: Need Advice on Network
Replies: 12
Views: 2797

Re: Need Advice on Network

The ether3 I want to give : 192.168.2.1 (gateway ) and DHCP range: 192.168.2.2 - 192.168.2.254 1 - Remove ether3 from the bridge 2 - Add the address 192.168.2.254/24 (or whatever you want) to ether3 3 - Set up a DHCP server on ether3 (click on the button and follow the prompts) 4 - Ensure your VoIP...
by NAB
Wed Nov 14, 2012 3:53 pm
Forum: General
Topic: New MT download pages
Replies: 28
Views: 5218

Re: New MT download pages

based on statistics, this is in fact a garage item :)
My Routerboard at home is in the garage - is this what you meant? :lol:
by NAB
Wed Nov 14, 2012 2:29 pm
Forum: General
Topic: MUM 2013 - The British Contingent
Replies: 15
Views: 5717

MUM 2013 - The British Contingent

Firstly, the dates and location for MUM haven't been officially released and as they're subject to change, I won't leak anything here. For the purposes of planning dates, however, I believe MT now prefer the week after CeBIT. Anyway, I've been to MUM for the past four years or so and the number of B...
by NAB
Wed Nov 07, 2012 12:35 pm
Forum: General
Topic: New MT download pages
Replies: 28
Views: 5218

Re: New MT download pages

Do you really use that many MIPS-LE devices? Since we bought a whole jobload of miniRouters on eBay, yes we do! Usually 90% of network consists of similar architecture. Sounds about right. Ours is about 80% mipsbe, 10% ppc, 5% mipsle and 5% x86. However, just because something is rarely used doesn'...
by NAB
Wed Nov 07, 2012 11:49 am
Forum: General
Topic: New MT download pages
Replies: 28
Views: 5218

Re: New MT download pages

We will include it, sorry about that, but why do you need it? Because it's a damn-sight easier to download one file with everything you could possibly need in it than click through several links on a web page to get the files, then put them all in one folder hierarchy. We now host files in the amaz...
by NAB
Tue Nov 06, 2012 5:05 pm
Forum: General
Topic: L2TP keep alive - where is it?
Replies: 20
Views: 14276

Re: L2TP keep alive - where is it?

are you saying it's idle timeout is actually set to something and you can't change it? No. Ive got tunnels that have been up for months with barely any traffic traversing them. The problem is NAT traversal and connection timeouts. Sometimes traffic has to flow just to keep the NAT state tables up t...
by NAB
Tue Nov 06, 2012 4:34 pm
Forum: General
Topic: New MT download pages
Replies: 28
Views: 5218

Re: New MT download pages

Found it: http://www.mikrotik.com/download/routeros-ALL-5.21.torrent So, looks like http://www.mikrotik.com/download --> download.mikrotik.com Except that the files haven't been copied over and the 'ALL' torrent has been discontinued. Presumably any new versions (5.22 onwards) will only be on downlo...
by NAB
Tue Nov 06, 2012 4:26 pm
Forum: General
Topic: New MT download pages
Replies: 28
Views: 5218

New MT download pages

Hi all, It seems that the download pages have been changed since I last had a look. There no longer appears to be a link for a .torrent of all the versions - it is now split into the various architectures. Unfortunately, the following links: http://download.mikrotik.com/routeros-mipsbe-5.21.torrent ...
by NAB
Fri Oct 12, 2012 11:38 pm
Forum: General
Topic: IPv6 Ping does not work with domain names
Replies: 59
Views: 46554

Re: IPv6 Ping does not work with domain names

So the change is coming.
It's been almost ten months now, is this change any closer?
by NAB
Fri Apr 20, 2012 9:58 pm
Forum: General
Topic: v5.15 released!
Replies: 150
Views: 40845

Re: v5.15 released!

*) added support for usb forwarding over tcp;
Tell me more...
by NAB
Thu Mar 22, 2012 12:01 pm
Forum: General
Topic: MUM Europe 2012 in Poland
Replies: 88
Views: 22936

Re: MUM Europe 2012 in Poland

To come back to the Mazurkas Hotel is what i call a really good adventure... I printed out your instructions and I'm really glad I did - It seems that the timetables in Warsaw don't show the stations the train stops at, just their final destinations. This means you have to have intimate knowledge o...
by NAB
Thu Mar 22, 2012 11:39 am
Forum: General
Topic: Dynamic firewall rules question
Replies: 2
Views: 1173

Re: Dynamic firewall rules question

/ip firewall filter add chain=smtp src-address-list=LIST1 dst-address-list=LIST1 protocol=tcp dst-port=25 action=accept works for me - what part of this didn't work for you? Wouldn't it be easier to set up your own SMTP relay/spam filter/whatever internally and only permit your hosts to talk to that?
by NAB
Mon Mar 19, 2012 1:42 pm
Forum: General
Topic: How to check the SECOND next hop to see if a route is up?
Replies: 7
Views: 8764

Re: How to check the SECOND next hop to see if a route is up

Is there something similar in Mikrotik? Yes... It takes a bit of thinking to get your head around though. Essentially, you create a route to the target gateway that's two hops away and set the gateway for that route to be the device one hop away. You also set the scope for that route to be '10'. Th...
by NAB
Sun Mar 18, 2012 10:44 pm
Forum: General
Topic: MUM Europe 2012 in Poland
Replies: 88
Views: 22936

Re: MUM Europe 2012 in Poland

I'm back home safe and sound after a great few days away. I would like to thank Mikrotik for putting together a great conference with some interesting and informative presentations. I would also like to thank Mikrotik for the two free routers. I had a great time, met some nice people, renewed acquai...
by NAB
Sun Mar 11, 2012 9:21 am
Forum: General
Topic: MUM Europe 2012 in Poland
Replies: 88
Views: 22936

Re: MUM Europe 2012 in Poland

I've now arrived and can report some potentially useful info...
But what we all really want to know is... What is the water park like? :D

See you late Wednesday.
by NAB
Mon Mar 05, 2012 12:17 pm
Forum: General
Topic: IPv6 Neighbour solicitations not sent to PPP interfaces
Replies: 0
Views: 841

IPv6 Neighbour solicitations not sent to PPP interfaces

I've got a problem with IPv6... I have been allocated a /48. For the sake of argument, let's assume it's 2001:0DB8:FFFF::/48. The gateway is 2001:0DB8:FFFF::1. I have allocated the RouterBoard (ROS v5.14) 2001:0DB8:FFFF::/64 and it can quite happily communicate with anything in the outside world. Li...
by NAB
Tue Feb 21, 2012 10:38 pm
Forum: General
Topic: Magazines and publications
Replies: 32
Views: 6309

Re: Magazines and publications

What kinds of magazines do you read? Routers/servers/networking/webhosting/internet? 'Wired' is the only techy magazine I read now. Do you still read printed media? Very rarely. If yes - what do you read. If no - what do you read instead? I don't tend to read an awful lot of publications. Having a ...
by NAB
Fri Feb 10, 2012 7:13 pm
Forum: General
Topic: MUM entry tickets for most helpful forum users!
Replies: 9
Views: 5893

Re: MUM entry tickets for most helpful forum users!

All sorted.

For anybody else doing this, send your Mikrotik login as well - apparently it's needed.
by NAB
Thu Feb 09, 2012 8:13 pm
Forum: General
Topic: MUM entry tickets for most helpful forum users!
Replies: 9
Views: 5893

Re: MUM entry tickets for most helpful forum users!

I've received email answer with vouchers within 15 min.
E-mail must have been lost in the post then!! I've resent.

Thank you.
by NAB
Thu Feb 09, 2012 5:29 pm
Forum: General
Topic: MUM entry tickets for most helpful forum users!
Replies: 9
Views: 5893

Re: MUM entry tickets for most helpful forum users!

simply email training@mikrotik.com Just to stop me worrying about not receiving a reply (I sent an e-mail shortly after you posted this announcement), should I expect a reply/confirmation/voucher by e-mail or should I just trust that my mail's been received and pick something up when I get to the r...
by NAB
Mon Jan 30, 2012 12:23 pm
Forum: General
Topic: Multiple L2TP links to the same IP via different routes...
Replies: 3
Views: 1214

Re: Multiple L2TP links to the same IP via different routes.

Yup, that's the dirty solution. I was hoping to do it on one physical and virtual box.
by NAB
Fri Jan 27, 2012 12:24 pm
Forum: General
Topic: Multiple L2TP links to the same IP via different routes...
Replies: 3
Views: 1214

Multiple L2TP links to the same IP via different routes...

Hi all, Got an interesting problem. I have a solution, but it's horribly clunky, so I wonder if anybody knows a better way of doing it. I have a RouterBoard with two IP addresses and two gateways, let's call the IPs 1.1.1.1 and 2.2.2.1 and the gateways 1.1.1.2 and 2.2.2.2 Everything beyond the RB is...
by NAB
Mon Jan 16, 2012 12:25 pm
Forum: General
Topic: MUM Europe 2012 in Poland
Replies: 88
Views: 22936

Re: MUM Europe 2012 in Poland

We have published an extensive travel guide on the MUM site now Excellent. Thank you. Just out of interest, what does enter at your own risk mean in the sentence: There are also couple of bars nearby (enter at your own risk). 1 - We haven't checked them, 2 - This area is known for violence/prostitu...
by NAB
Fri Jan 13, 2012 1:05 pm
Forum: General
Topic: MUM Europe 2012 in Poland
Replies: 88
Views: 22936

Re: MUM Europe 2012 in Poland

Couple of things... 1 - I land Warsaw at 1910 on the 14th. Is there anybody landing about then who wants to share a taxi? 2 - I'm going to spend the Saturday having a looksee around Warsaw (specifically the Gestapo HQ museum and probably then a wander around the shops), but if somebody wants to meet...
by NAB
Fri Dec 16, 2011 6:03 pm
Forum: General
Topic: MUM Europe 2012 in Poland
Replies: 88
Views: 22936

Re: MUM Europe 2012 in Poland

Welcome cocktail will be held the evening before MUM (March 14, from 6.00PM)
Damn. Flight doesn't land until 1900 so it'll be at least 2030 by the time I get to the hotel.

:-(
by NAB
Tue Nov 08, 2011 10:28 am
Forum: General
Topic: Interface marked as invalid - RB1200, ROS5.7
Replies: 2
Views: 1163

Re: Interface marked as invalid - RB1200, ROS5.7

In ROS v5.7 there is a know issue, where bridge could crash and appear as "unknown" interface. This bug is fixed in ROS v5.8.
Thank you, but unfortunately in this case it wasn't a bridge...
by NAB
Thu Nov 03, 2011 7:08 pm
Forum: General
Topic: Interface marked as invalid - RB1200, ROS5.7
Replies: 2
Views: 1163

Interface marked as invalid - RB1200, ROS5.7

Got an interesting problem with a RB1200. Twice it has stopped responding to TCP/UDP traffic - to all intents and purposes it has just hung. It happened again today, but luckily I got to it before somebody simply pulled the plug. I found I could mac-telnet into it, but all IP routing was up the spou...
by NAB
Tue Oct 11, 2011 12:27 pm
Forum: General
Topic: 750G won't upgrade
Replies: 1
Views: 1324

750G won't upgrade

Hi all,

Got a problem with a 750G I've not seen before.

It's currently running 4.13 and needs upgrading. Drag and drop 5.7 firmware (mipsbe!) and reboot.

Nothing in the logs and it doesn't upgrade.

Any ideas before I drive to the customer's site and nuke the box?
by NAB
Sat Sep 24, 2011 8:09 pm
Forum: General
Topic: Erase Default Configuration Script
Replies: 6
Views: 9843

Re: Erase Default Configuration Script

At a guess that script is baked in as part of the OS image and can't be changed other than as part of it.
Nope. You can provision your own default script if you use NetInstall. This then becomes the script that survives a reset.
by NAB
Sat Sep 24, 2011 6:46 pm
Forum: General
Topic: New Ethernet port flap issue enquiery, PLS JOIN!
Replies: 247
Views: 113611

Re: New Ethernet port flap issue enquiery, PLS JOIN!

The bug is also present if ... I think I have another case which would explain what happened this morning... I was messing about with VLANs on the home router (RB750). Added, removed and tried various things. In the course of this, a DHCP server was set up on a VLAN interface which was disabled. Ev...
by NAB
Fri Sep 23, 2011 6:02 pm
Forum: General
Topic: CITY FOR NEXT EUROPEAN MUM 2012
Replies: 49
Views: 10228

Re: CITY FOR NEXT EUROPEAN MUM 2012

isn't the exchange rate to euro the same in all "eurozone" countries :D ? what's the difference, euro is the same in all of them.
That's exactly why I don't want to go to any country that uses the Euro. I only mentioned Germany specifically after your suggestion.
by NAB
Fri Sep 23, 2011 1:29 pm
Forum: General
Topic: CITY FOR NEXT EUROPEAN MUM 2012
Replies: 49
Views: 10228

Re: CITY FOR NEXT EUROPEAN MUM 2012

What about somewhere in southern Germany?
As nice as Germany is, for purely selfish reasons (i.e. the GBP:EUR exchange rate), I'd rather not do anywhere in the EuroZone.
by NAB
Fri Sep 23, 2011 1:27 pm
Forum: General
Topic: CITY FOR NEXT EUROPEAN MUM 2012
Replies: 49
Views: 10228

Re: CITY FOR NEXT EUROPEAN MUM 2012

can you confirm the most likely dates
I'll second that - we're about to book next year's ski holiday and another clash with MUM would be annoying (unless, of course, you don't want me there...!).
by NAB
Tue Sep 13, 2011 11:01 am
Forum: General
Topic: CITY FOR NEXT EUROPEAN MUM 2012
Replies: 49
Views: 10228

Re: CITY FOR NEXT EUROPEAN MUM 2012

Can I request somewhere outside the Eurozone? Eastern Europe is good - not seen much of that and enjoyed Wroclaw and Prague. What about (in no particular order): Lodz Gdansk Skopje Bucharest Dubrovnik Split Brno Poznan Belgrade Personally, I'd like Gdansk - having grown up hearing about Lech Walesa ...
by NAB
Mon Sep 12, 2011 12:48 pm
Forum: General
Topic: L2TP and proxy-arp
Replies: 2
Views: 2964

L2TP and proxy-arp

Hi all, Bit of a problem here... Got a RB acting as a LNS in a data centre with a /24. I would like to allocate one address from this pool to an L2TP client. Both the LNS and the client are running ROS 5.6. Both have only one ethernet port. LNS: IP 198.51.100.254/24 gw 198.51.100.1 Client: ether1 IP...
by NAB
Mon Jul 25, 2011 6:43 pm
Forum: General
Topic: How can I block access from Winbox.
Replies: 2
Views: 6951

Re: How can I block access from Winbox.

MAC-winbox runs on layer 2
Argh. Major attack of the stupids. I knew this, I know I knew this. I just got caught up with the incrementing packet counts and stopped thinking.

Thank you!
by NAB
Mon Jul 25, 2011 6:05 pm
Forum: General
Topic: How can I block access from Winbox.
Replies: 2
Views: 6951

How can I block access from Winbox.

Hi, I have a RB493. It's running ROS 5.5. I want to block all access from WinBox clients on 'ether4', unfortunately I don't seem to be able to do so. If I create the following three rules: /ip firewall filter add action=drop chain=input disabled=no in-interface=ether4 add action=drop chain=output di...
by NAB
Wed May 11, 2011 2:08 pm
Forum: Forwarding Protocols
Topic: Network Routing
Replies: 5
Views: 2397

Re: Network Routing

Tips:

1 - Get rid of NAT at the SXT level (do it at the 433).
2 - Rationalise IP networks.
3 - Change 'Router' to do source based routing.

If that's not enough to get you going, there are many people here who offer commercial consultancy and who may be willing to help.
by NAB
Fri Apr 01, 2011 6:20 pm
Forum: SwOS
Topic: SwOS 1.2 not reporting SNMP correctly
Replies: 11
Views: 8408

Re: SwOS 1.2 not reporting SNMP correctly

Hi,
this is not correct
and
There is a bug in the bandwith values
So I was correct then - SNMP is borked. It's just that the borkedness can be overcome with a manual tweak... :)
by NAB
Fri Apr 01, 2011 11:35 am
Forum: SwOS
Topic: SwOS 1.2 not reporting SNMP correctly
Replies: 11
Views: 8408

Re: SwOS 1.2 not reporting SNMP correctly

I've been trying SwOS out at home before we even think about selling it to our customers.... I'm definitely seeing strange SNMP data coming back from SwOS (1.4). Typically: Data simply not being reported - this is my NAS which typically shifts several GB a day: RB250G-NAS-Nodata.png Data being mis-r...
by NAB
Fri Mar 18, 2011 6:58 pm
Forum: General
Topic: BUG: 5.0rc11 crashes with 'int ether print' command
Replies: 2
Views: 1592

Re: BUG: 5.0rc11 crashes with 'int ether print' command

What do you mean 'crashes'? Does the whole box become inoperative, or is is only the command line session?
by NAB
Fri Mar 18, 2011 6:57 pm
Forum: General
Topic: weird problem:WAN-IP becomes unreachable [solved]
Replies: 3
Views: 2206

Re: weird problem:WAN-IP becomes unreachable

Can I ask you to clarify (because your post doesn't make it 100% clear) whether the box continues to work perfectly in all other respects even when it can't be pinged?
by NAB
Fri Feb 25, 2011 5:15 pm
Forum: RouterBOARD hardware
Topic: 450g with the hotspot setup
Replies: 3
Views: 2196

Re: 450g with the hotspot setup

Or, alternatively, a number of ROS consultants frequent this board and will, for a consideration, be more than happy to help you.
by NAB
Mon Feb 21, 2011 2:59 pm
Forum: General
Topic: Mikrotik IPv6 addresses
Replies: 33
Views: 5850

Re: Mikrotik IPv6 addresses

They told us that IPv6 is still in testing stage, and we shouldn't be surprised that stuff breaks
That's fine, but then you shouldn't have created AAAA records for your existing FQDNs - perhaps 6.www.mikrotik.com and 6.forum.mikrotik.com (or whatever) should have been used until testing's complete?
by NAB
Mon Feb 21, 2011 2:04 pm
Forum: General
Topic: Mikrotik IPv6 addresses
Replies: 33
Views: 5850

Re: Mikrotik IPv6 addresses

Seems that our problem is somewhere else: $ traceroute6 www.mikrotik.com traceroute to www.mikrotik.com (2a02:610:7501:1000::2) from 2001:8b0:fff1:0:20e:2eff:fe6d:ba68, 30 hops max, 24 byte packets 1 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.f.f.f.0.b.8.0.1.0.0.2.ip6.arpa (2001:8b0:fff1::) 0.447 ms ...
by NAB
Mon Feb 21, 2011 11:51 am
Forum: General
Topic: Mikrotik IPv6 addresses
Replies: 33
Views: 5850

Re: Mikrotik IPv6 addresses

10/10 on test-ipv6.com and no problem tracerouting to our gateway - 2001:8b0:fff1::
by NAB
Mon Feb 21, 2011 11:34 am
Forum: General
Topic: Mikrotik IPv6 addresses
Replies: 33
Views: 5850

Mikrotik IPv6 addresses

I see that Mikrotik have allocated IPv6 addresses to their web server (www.mikrotik.com --> 2a02:610:7501:1000::2), forum (forum.mikrotik.com --> 2a02:610:7501:1000::201) and primary MX (mailgw.mikrotik.com --> 2a02:610:7501:1000::199). Unfortunately, none of the addresses in question are responding...
by NAB
Mon Jan 24, 2011 2:03 pm
Forum: General
Topic: only mail is allowed
Replies: 8
Views: 3602

Re: only mail is allowed

You may also want to allow DNS lookups too. Assuming the ROS box is configured to permit DNS requests, add the following rule: /ip firewall filter add chain=input src-address=192.168.120.0/24 protocol=udp dst-port=53 action=accept add chain=input src-address=192.168.120.0/24 action=drop And then you...
by NAB
Tue Nov 30, 2010 9:44 pm
Forum: General
Topic: Where Europe MUM'11 will TakePlace?SOLVED.10-11marchBudapest
Replies: 64
Views: 12761

Re: Where Europe MUM'11 will TakePlace?SOLVED.10-11marchBuda

Bah.

'snot fair.

I'll be skiing in France that week.

Oh well, see you all in 2012.

And next time, will somebody check with me first please? ;-)
by NAB
Thu Nov 04, 2010 6:56 pm
Forum: General
Topic: IPSec - invalid length of payload
Replies: 6
Views: 6003

Re: IPSec - invalid length of payload

I'm seeing this with ROS 5.0rc3 connecting to a Fortinet Fortigate.

Should I downgrade to the latest 4.x?
by NAB
Mon Oct 18, 2010 10:52 am
Forum: General
Topic: asking about.. my routerboard rb750 ability
Replies: 8
Views: 1879

Re: asking about.. my routerboard rb750 ability

upthere The point I was trying to make was that if somebody hasn't answered your question, it's likely because they don't understand what the question was. Re-reading your original post, I am still not clear that fewi answered your question - after all, if you'd have just RTFM you would have known ...
by NAB
Sun Oct 17, 2010 12:12 pm
Forum: General
Topic: asking about.. my routerboard rb750 ability
Replies: 8
Views: 1879

Re: asking about.. my routerboard rb750 ability

Help with what? What's the question?
by NAB
Thu Oct 07, 2010 7:58 pm
Forum: General
Topic: PPP over serial port is dialing additional digits.
Replies: 1
Views: 990

PPP over serial port is dialing additional digits.

Hi, RB411U ROS 4.11 I have a PPP session configured as follows /interface ppp-client add \ add-default-route=no allow="" data-channel=0 dial-command=ATDT1234567890 dial-on-demand=no \ disabled=no info-channel=0 keepalive-timeout=10 max-mru=1500 max-mtu=1500 modem-init=ATZ \ mrru=disabled n...
by NAB
Wed Oct 06, 2010 11:48 pm
Forum: RouterBOARD hardware
Topic: RB450 Capacitors problem?
Replies: 121
Views: 60997

Re: RB450 Capacitors problem?

In the UK, the Sale of Goods Act pretty much covers you (see http://www.berr.gov.uk/whatwedo/consumers/fact-sheets/page38311.html for a reasonable summary). The problem as I see it is that it's the reseller which is going to take the hit for this and since MT's liability has ended. It seems to me th...
by NAB
Mon Oct 04, 2010 7:48 pm
Forum: RouterBOARD hardware
Topic: RB450 Capacitors problem?
Replies: 121
Views: 60997

Re: RB450 Capacitors problem?

Oh great.

Just had my first 450 die with this problem.

Am now waiting for more to die and more unhappy customers as a result.

Great.
by NAB
Tue Sep 28, 2010 9:18 pm
Forum: RouterBOARD hardware
Topic: Hack/mod to RB411UAHR to switch relay....?
Replies: 6
Views: 3587

Re: Hack/mod to RB411UAHR to switch relay....?

OK. Problem solved. I couldn't find any nice way of getting signals out of the board, so I've decided to use the serial port instead. Creating a special-user and then SSHing into the box works a treat. I've built a proof of concept Arduino based prototype which offers a simple menu on a serial port ...
by NAB
Tue Sep 28, 2010 3:32 pm
Forum: RouterBOARD hardware
Topic: Hack/mod to RB411UAHR to switch relay....?
Replies: 6
Views: 3587

Re: Hack/mod to RB411UAHR to switch relay....?

Hmm.

Setting DTR and/or RTS high and low seems to have absolutely no effect at all.

Ideas anybody?
by NAB
Mon Sep 27, 2010 11:33 pm
Forum: RouterBOARD hardware
Topic: Hack/mod to RB411UAHR to switch relay....?
Replies: 6
Views: 3587

Re: Hack/mod to RB411UAHR to switch relay....?

Hmmm. Looks like I can set DTR and RTS on the serial port, so I could use that with a much less complicated microprocessor configuration. I'll get the multimeter out tomorrow and have a poke about to see what happens....
by NAB
Mon Sep 27, 2010 8:12 pm
Forum: RouterBOARD hardware
Topic: Hack/mod to RB411UAHR to switch relay....?
Replies: 6
Views: 3587

Hack/mod to RB411UAHR to switch relay....?

Hi, I have a new customer with an interesting project: At remote sites, there will be a RB411UAHR tunnelling back to a central concentrator. The RBs will be connected to the Internet via a GSM modems and a black box device will be connected to each RBs Ethernet port. That is the only equipment at th...
by NAB
Fri Sep 24, 2010 7:21 pm
Forum: Scripting
Topic: Automatically provisioning RBs
Replies: 8
Views: 12532

Re: Automatically provisioning RBs

then push it via the API, telnet, or SSH. I like that. The main problem I was having was how to determine whether the request for provisioning is correct or not. I thought I'd got around the problem by having the RB bring up a L2TP tunnel using a combination of a 'secret' as well as its MAC and ser...
by NAB
Fri Sep 24, 2010 7:13 pm
Forum: Scripting
Topic: Automatically provisioning RBs
Replies: 8
Views: 12532

Re: Automatically provisioning RBs

you can use scripts .rsc file at the time of installation or u can also use Flashfig feature in netinstall.
Neither of these methods would work on a large scale deployment - imagine rolling out 100 RBs, each of them requiring a (slightly) different configuration.
by NAB
Sun Sep 19, 2010 4:26 pm
Forum: General
Topic: L2TP keep alive - where is it?
Replies: 20
Views: 14276

Re: L2TP keep alive - where is it?

If client can reach the server it will establish new session right away. So I don't see any problems. Where all communications are initiated by the client, then this may well work. However in the real world (and particularly for the purposes L2TP is put to), communications are often initiated from ...
by NAB
Sat Sep 18, 2010 1:42 am
Forum: Scripting
Topic: updating dynamic l2tp client "connect-to" IP address
Replies: 3
Views: 1527

Re: updating dynamic l2tp client "connect-to" IP address

Have a look on the wiki for the NTP address management script I wrote. Should do exactly what you need with only a little tweaking.
  • 1
  • 2