Community discussions

Search found 837 matches

by ditonet
Fri Jul 26, 2019 4:46 pm
Forum: General
Topic: RB433 - factory reset failing
Replies: 6
Views: 510

Re: RB433 - factory reset failing

Why do you hold reset button pressed that long?
According to Wiki (https://wiki.mikrotik.com/wiki/Manual:R ... set_button), 5 sec. is enough to reset to factory default.

Regards,
by ditonet
Tue Jun 25, 2019 2:16 am
Forum: Wireless Networking
Topic: LHG LTE kit
Replies: 8
Views: 849

Re: LHG LTE kit

Hi,

My setup is: LHG LTE, RouterOS 6.44.3, RouterBOOT 6.44.3, modem firmware "MikroTik_CP_2.160.000_v011" and pass-through works properly.
Configuration of this LHG LTE is not changed for 8 months, only upgrades are applied.

Regards,
by ditonet
Tue May 28, 2019 3:04 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 69682

Re: v6.45beta [testing] is released!

Thanks, completely forgot about it, it was a few months ago.

Regards,
by ditonet
Tue May 28, 2019 2:39 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 69682

Re: v6.45beta [testing] is released!

Hello Emils,

Could You explain this?
!) user - removed insecure password storage;
Regards,
by ditonet
Mon Apr 15, 2019 1:54 pm
Forum: Announcements
Topic: v6.44.2 [stable] is released!
Replies: 67
Views: 12077

Re: v6.44.2 [stable] is released!

Plenty of devices with IPSec configured upgraded to ver. 6.44.2, no problem at all. That might explain why @emils asks for a supout.rif from the unique case where it failed 😉 You are right. My post is mostly comment for this sentence: Be careful with this before name a version "stable", please!!! R...
by ditonet
Mon Apr 15, 2019 11:46 am
Forum: Announcements
Topic: v6.44.2 [stable] is released!
Replies: 67
Views: 12077

Re: v6.44.2 [stable] is released!

IPSec configuration completely lost after the update! All profiles 'unknown'. It was neccesary downgrade and restore backup previously done! Major bug! Be careful with this before name a version "stable", please!!! Plenty of devices with IPSec configured upgraded to ver. 6.44.2, no problem at all. ...
by ditonet
Fri Mar 22, 2019 12:33 am
Forum: General
Topic: Encryption of backup making in script [SOLVED]
Replies: 1
Views: 241

Re: Encryption of backup making in script [SOLVED]

No, there is 'password' parameter to encrypt backup file, eg:
/system backup save encryption=aes-sha256 name=test password=123
Regards,
by ditonet
Thu Mar 14, 2019 11:54 pm
Forum: General
Topic: Feature requests
Replies: 1159
Views: 204122

Re: Feature requests

It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known. Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping DHCP server lease script can help you: :local leaseHostName;...
by ditonet
Thu Jul 19, 2018 1:04 am
Forum: General
Topic: Feature requests
Replies: 1159
Views: 204122

Re: Feature requests

@TomjNorthIdaho
RoMON
https://wiki.mikrotik.com/wiki/Manual:RoMON

Regards,
by ditonet
Tue May 29, 2018 4:54 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 24484

Re: Winbox 3.14 released!

I winbox to RB751U-2HnD and RB751G-2HnD via rb751gr2(romon), there is no wireless menu.
Same problem was also with previous version 3.13.

Regards,
by ditonet
Mon May 21, 2018 4:17 pm
Forum: Announcements
Topic: v6.42.2 [current]
Replies: 65
Views: 14091

Re: v6.42.2 [current]

IMO it's simple shortcut for those who don't want to create 'all-wireless-interfaces' list, nothing more.

Regards,
by ditonet
Mon May 21, 2018 3:32 pm
Forum: Beginner Basics
Topic: HAP AC performance issues
Replies: 9
Views: 1821

Re: HAP AC performance issues

Hi,

Some additional info. There is a Janis' presentation from MUM in USA (https://mum.mikrotik.com/presentations/ ... 556394.pdf).
I made optimization according to advices from this presentation and now max. CPU usage is ~55% :D
It's definitely worth reading.

Regards,
by ditonet
Mon May 21, 2018 3:19 pm
Forum: Announcements
Topic: v6.42.2 [current]
Replies: 65
Views: 14091

Re: v6.42.2 [current]

@Chupaka
'Any' means any wireless interface
'All' is name of address list, which can also contain other interfaces (ethernet, SFP, etc.)

HTH,
by ditonet
Wed Apr 18, 2018 11:02 pm
Forum: RouterBOARD hardware
Topic: Woobm issues
Replies: 6
Views: 1740

Re: Woobm issues

Same question here: How to upgrade? I just bought WOOBM with firmware 1.0 but Wiki shows firmware ver. 1.1. I noticed same problem as nmglabs: "WoobmUSB terminal. Focus on the webpage and input commands. Additionaly neighbor list is empty, but clicking 'Terminal' make connection to my hAP AC. Does e...
by ditonet
Tue Apr 10, 2018 2:00 am
Forum: Scripting
Topic: on hotspot connect event (not on login)
Replies: 4
Views: 666

Re: on hotspot connect event (not on login)

Use DHCP server 'lease-script'.
This script is triggered when host connect to network and obtain address from DHCP server.
https://wiki.mikrotik.com/wiki/Manual:I ... er#General

HTH,
by ditonet
Fri Apr 06, 2018 10:49 pm
Forum: Beginner Basics
Topic: HAP AC performance issues
Replies: 9
Views: 1821

Re: HAP AC performance issues

Yes, benchmarks provided by MikroTik looks very promising. but real-life results are completely different.
In my case WiFi is OK, no complaints about it.

Regards,
by ditonet
Fri Apr 06, 2018 7:39 pm
Forum: Beginner Basics
Topic: HAP AC performance issues
Replies: 9
Views: 1821

Re: HAP AC performance issues

Hi, Same problem here. I have FTTH 100/100 and similar setup (bridged ethernet and wireless, one simple queue, NAT) with FastTrack enabled. During download/upload CPU is ~95%. Disabling queues reduces CPU usage to ~70%. I've tried almost everything in configuration but without success. Funniest part...
by ditonet
Thu Mar 22, 2018 8:39 pm
Forum: Wireless Networking
Topic: Wireless SNMP values - how to get them? [SOLVED]
Replies: 1
Views: 466

Re: Wireless SNMP values - how to get them? [SOLVED]

print oid
Use this command in terminal, it shows all SNMP OIDs supported, e.g.:
/interface wireless print oid
HTH,
by ditonet
Thu Mar 22, 2018 7:16 pm
Forum: Scripting
Topic: NTP Client Synchronized
Replies: 2
Views: 743

Re: NTP Client Synchronized

@hci
Maybe You should examine 'last-update-before' value?
If is grater than 900s (poll-interval) it indicates that was no synchronization.

HTH,
by ditonet
Mon May 01, 2017 2:15 pm
Forum: Announcements
Topic: v6.39 [current]
Replies: 89
Views: 33401

Re: v6.39 [current]

@FIPTech
:local leaseHostName;
:set leaseHostName $"lease-hostname";
Then use 'leaseHostName' variable instead of 'lease-hostname'.

HTH,
by ditonet
Tue Apr 18, 2017 1:42 pm
Forum: Announcements
Topic: v6.38.5 [current]
Replies: 66
Views: 25389

Re: v6.38.5 [current]

OK, thanks.

Regards,
by ditonet
Tue Apr 18, 2017 12:24 pm
Forum: Announcements
Topic: v6.38.5 [current]
Replies: 66
Views: 25389

Re: v6.38.5 [current]

Address list entry creation time bug ( described here: viewtopic.php?f=21&t=116951&p=579862#p579862) still exists.
It is also not fixed in 6.39rc72.

Regards,
by ditonet
Wed Apr 12, 2017 11:37 pm
Forum: The Dude
Topic: PL fonts in Dudte
Replies: 3
Views: 743

Re: PL fonts in Dudte

This font was downloaded from Google website:
https://fonts.google.com/specimen/Source+Code+Pro
Do you have problem with this font and Polish characters in other apps, e.g. text editor?
Do you see Polish characters when using 'Charater Map' (Tablica znaków) tool?

Regards,
by ditonet
Wed Apr 12, 2017 9:31 pm
Forum: The Dude
Topic: PL fonts in Dudte
Replies: 3
Views: 743

Re: PL fonts in Dudte

Hi,

Upload font which supports Polish characters to 'dude\files' folder, then use it in 'Settings' instead of default Vera fonts.
I use Source Code Pro font:
PL_Chars.png
HTH,
by ditonet
Wed Mar 01, 2017 7:22 pm
Forum: The Dude
Topic: 'General' tab lost in 'Server configuration'
Replies: 1
Views: 474

Re: 'General' tab lost in 'Server configuration'

My bad, email settings from 'General' tab are currently in 'Notifications' :?

Regards,
by ditonet
Wed Mar 01, 2017 3:25 pm
Forum: The Dude
Topic: 'General' tab lost in 'Server configuration'
Replies: 1
Views: 474

'General' tab lost in 'Server configuration'

Hello,

Today I've noticed that "General' tab disapeared from 'Server configuration' window.
Lost_Tab.png
Dude server 6.38.3 running on CHR, client 6.38.3 running on Win 10.
Does anyone noticed similar problem?

Regards,
by ditonet
Fri Feb 10, 2017 11:32 pm
Forum: Scripting
Topic: Check Connections per Host (src-address) for firewall rule/address list
Replies: 7
Views: 2111

Re: Check Connections per Host (src-address) for firewall rule/address list

saved my day :)
I'm glad that I helped.

Regards,
by ditonet
Fri Feb 10, 2017 3:54 pm
Forum: Scripting
Topic: Check Connections per Host (src-address) for firewall rule/address list
Replies: 7
Views: 2111

Re: Check Connections per Host (src-address) for firewall rule/address list

Use firewall/mangle 'connection-limit' matcher to add host to address list.

HTH,
by ditonet
Fri Feb 10, 2017 1:15 pm
Forum: The Dude
Topic: The Dude Storage Space
Replies: 2
Views: 1038

Re: The Dude Storage Space

Hello,
On mentioned site (https://www.digitalocean.com/community/ ... k-routeros) is third script which extends disk space (according to author description, not tested by me).
Did you try this one?

Regards,
by ditonet
Fri Feb 03, 2017 12:44 pm
Forum: Virtualization
Topic: Sucessful Amazon CHR RouterOS Test
Replies: 24
Views: 5990

Re: Sucessful Amazon CHR RouterOS Test

@janisk I made AWS test 2 month ago and don't remember details. There were other small problems/inconveniences due to AWS infrastructure, not with CHR which worked fine. I also tested other cloud services and finally I decided to not run CHR on AWS. Currently I run two CHR using other cloud services...
by ditonet
Thu Feb 02, 2017 11:39 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 81559

Re: v6.39rc [release candidate] is released

@strods
Any info about VLAN belonging to bridge problem described here:
http://forum.mikrotik.com/viewtopic.php ... 37#p578886
Is this bug confirmed by MT staff?

Regards,
by ditonet
Wed Feb 01, 2017 10:54 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23820

Re: v6.38.1 [current]

I have problem with 6.38.1 wireless connection between 2 RB. 1 ap bridge, 2 station bridge. Both connected but no traffic. I saw similar problem, There is a traffic, but can't connect via winbox to RB with station-bridge mode set and no response to ping. Unfortunately I haven't free time to deeply ...
by ditonet
Wed Feb 01, 2017 2:05 pm
Forum: Virtualization
Topic: Sucessful Amazon CHR RouterOS Test
Replies: 24
Views: 5990

Re: Sucessful Amazon CHR RouterOS Test

Hi. I succesfully spun up an AWS CHR instance (6.38.1), BUT if I attach a second network interface to the instance, it will show as Running in Interfaces with correctly assigned IP address, but otherwise be completely dead (not reachable neither with www nor Winbox). Eventually the whole instance g...
by ditonet
Thu Jan 26, 2017 12:52 am
Forum: The Dude
Topic: Notification about "partially down" devices?
Replies: 2
Views: 959

Re: Notification about "partially down" devices?

Maybe status change 'up -> unstable' is what are you looking for?

HTH,
by ditonet
Wed Jan 25, 2017 2:49 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23820

Re: v6.38.1 [current]

ditonet - Yes, that is correct. We will try to fix this in next RouterOS release.
Thanks.

Regards,
by ditonet
Wed Jan 25, 2017 2:34 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23820

Re: v6.38.1 [current]

hAP ac, ROS 6.38.1, RouterBOOT 3.34:
Firewall/Address-List/Creation-Time shows GMT time, not time according to time-zone settings.
Can someone confirm this?

Regards,
by ditonet
Tue Jan 24, 2017 2:15 pm
Forum: Beginner Basics
Topic: IPsec problem
Replies: 2
Views: 470

Re: IPsec problem

Properly configured IPSec tunnel automatically brings up when traffic defined in IPSec policies is detected.
I've got IPSec tunnels between MikroTik and ZyXEL USG 300 and works fine.
Check your config on both sides.

Regards,
by ditonet
Tue Jan 24, 2017 12:18 am
Forum: Virtualization
Topic: Sucessful Amazon CHR RouterOS Test
Replies: 24
Views: 5990

Re: Sucessful Amazon CHR RouterOS Test

Default user is 'admin'.
Here is Wiki article about CHR installation on AWS:
http://wiki.mikrotik.com/wiki/Manual:CH ... stallation

HTH,
by ditonet
Tue Jan 24, 2017 12:12 am
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 81559

Re: v6.39rc [release candidate] is released

@strods

Any chance to fix VLAN and bridge problem described here:
http://forum.mikrotik.com/viewtopic.php ... 37#p578951

Regards,
by ditonet
Fri Jan 20, 2017 2:58 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 23820

Re: v6.38.1 [current]

VLAN interfaces that have a bridge declared as a belonging interface don't work anymore. You need to declare a physical interface instead for it to work properly. It worked ok in previous versions. At least in RB951G-2Hnd Same problem with CCR1009-8G-1S-1S+, VLAN port belongs to bridge and doesn't ...
by ditonet
Mon Jan 09, 2017 12:06 am
Forum: Announcements
Topic: The Dude, v6.38 [current] release.
Replies: 77
Views: 23541

Re: The Dude, v6.38 [current] release.

@Micropower
On source map select device (or devices) you want to move, then press Ctrl+C.
Click on destination map, then press Ctrl+V.
Delete unnecessary devices from source map.

HTH,
by ditonet
Sat Jan 07, 2017 2:27 pm
Forum: General
Topic: AAA Command Authorization
Replies: 5
Views: 701

Re: AAA Command Authorization

@Yasir
Use WebFig with skins.

HTH,
by ditonet
Fri Nov 25, 2016 8:45 pm
Forum: Announcements
Topic: v6.37.2 [current] is released!
Replies: 50
Views: 13478

Re: v6.37.2 [current] is released!

*) firewall - improved "time" option (ranges like 22h-10h now are acceptable); Something is broken with this improvement :( I have firewall rule which worked for months: /ip firewall filter add action=drop chain=forward comment="Block" disabled=no src-address-list=Some_List time=19h-1d,sun,mon,tue,...
by ditonet
Tue Nov 22, 2016 2:25 am
Forum: Virtualization
Topic: Sucessful Amazon CHR RouterOS Test
Replies: 24
Views: 5990

Re: Sucessful Amazon CHR RouterOS Test

@killersoft
Did you managed to run CHR with second network interface added?

Regards,
by ditonet
Fri Nov 04, 2016 11:02 am
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 74628

Re: v6.38rc [release candidate] is released

Hi,
Download link for Dude server 6.38rc24 for CHR is broken :(

Regards,
by ditonet
Thu Nov 03, 2016 12:09 am
Forum: Scripting
Topic: Adding dynamic interfaces to interface list.
Replies: 8
Views: 4720

Re: Adding dynamic interfaces to interface list.

Maybe you should change firewall logic from 'interface list' to 'address list'?
It's pretty simple to add dynamic PPTP interface's address to address list.

HTH,
by ditonet
Fri Oct 07, 2016 5:46 pm
Forum: Announcements
Topic: Winbox 3.6 released!
Replies: 25
Views: 8942

Re: Winbox 3.6 released!

It seems that Winbox 3.7 solved my problem :)

Regards,
by ditonet
Fri Oct 07, 2016 10:31 am
Forum: Announcements
Topic: Winbox 3.6 released!
Replies: 25
Views: 8942

Re: Winbox 3.6 released!

Hello, I've CHR (demo) hosted on VirtualBox as my testing enviroment for Dude. CHR version is 6.38rc10, Winbox is ver. 3.6 When I try to connect to CHR, Winbox crashes during 'Downloading plugins...' and Winbox process terminates. Does anybody noticed similar problem? For other devices (more than 50...
by ditonet
Fri Mar 11, 2016 10:39 pm
Forum: Announcements
Topic: v6.34.3 [current] is released!
Replies: 58
Views: 15691

Re: v6.34.3 [current] is released!

CCR1036-12G-4S after update to v6.34.3 lost all IPSec settings. Configuration is empty, even default values. Also is not possible to create new IPSec config using Winbox, SSH or terminal :shock: Terminal gives output: action timed out - try again, if error continues contact MikroTik support and send...
by ditonet
Fri Jan 15, 2016 7:46 pm
Forum: Scripting
Topic: ppp on-up/on-down variables
Replies: 5
Views: 5371

Re: ppp on-up/on-down variables

Hi,

Thanks a lot, it helped me.

Regards,
by ditonet
Fri Jan 15, 2016 5:01 pm
Forum: General
Topic: 6.34 release candidate version topic!
Replies: 201
Views: 42794

Re: 6.34 release candidate version topic!

@mrz
Thanks, I thought that it was separate functionality.

Regards,
by ditonet
Fri Jan 15, 2016 4:14 pm
Forum: General
Topic: 6.34 release candidate version topic!
Replies: 201
Views: 42794

Re: 6.34 release candidate version topic!

@mrz Now you can choose multiple DH groups in phase1 and all the chosen protcols are sorted from strongest to weakest protocol before sending proposals to remote peer. Thanks a lot, it looks that currently this option is supported only from command-line, not from Winbox. And what about *) ipsec - pr...
by ditonet
Fri Jan 15, 2016 10:38 am
Forum: General
Topic: 6.34 release candidate version topic!
Replies: 201
Views: 42794

Re: 6.34 release candidate version topic!

@strods
*) ipsec - prioritize proposals;
*) ipsec - support multiple DH groups for phase 1;
Can you explain it? How it works?

Regards,
by ditonet
Mon Nov 23, 2015 5:51 pm
Forum: Scripting
Topic: How set to variable USB VID & PID?
Replies: 3
Views: 1514

Re: How set to variable USB VID & PID?

Hi, Some time ago I did it this way: # scan for modem :foreach i in=[/system resource usb find] do={ :local venid [/system resource usb get $i vendor-id]; :local devid [/system resource usb get $i device-id]; # log info ("USB Device -> Vendor-ID: $venid, Device-ID: $devid"); :if (($venid="0x12d1") &...
by ditonet
Thu Oct 22, 2015 10:38 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122257

Re: Winbox 3 RC

As for AVG issue - I have tested it myself with rc16 and rc17 version but have not managed to reproduce it. It sound like something specific is configured on your AVG when Winbox is recognized as virus. Please test if issue persist when you use rc17. I don't know what AVG version do you use, in my ...
by ditonet
Mon Oct 05, 2015 10:32 am
Forum: Beginner Basics
Topic: Trying (and failing) at port forwarding.
Replies: 40
Views: 3552

Re: Trying (and failing) at port forwarding.

@LearningCurve
Use 'Tools/Packet Sniffer' to prove that packets from 'yougetsignal.com' arrive on your WAN interface.

HTH,
by ditonet
Sun Oct 04, 2015 11:27 pm
Forum: Beginner Basics
Topic: Trying (and failing) at port forwarding.
Replies: 40
Views: 3552

Re: Trying (and failing) at port forwarding.

@LearningCurve
Does DST-NAT rule's counters increase when you check it with 'yougetsignal.com'?
Maybe your ISP block access to this port?

HTH,
by ditonet
Sun Oct 04, 2015 11:05 pm
Forum: Beginner Basics
Topic: Trying (and failing) at port forwarding.
Replies: 40
Views: 3552

Re: Trying (and failing) at port forwarding.

since it won't work without an accepted forward Unfortunately, you are wrong. the packet gets new dest address and then is considered a forward packet during the route decision phase, and follows the forward path, including the forward filter chain No, packet is directly send to host specified in D...
by ditonet
Sun Oct 04, 2015 3:50 pm
Forum: Beginner Basics
Topic: Trying (and failing) at port forwarding.
Replies: 40
Views: 3552

Re: Trying (and failing) at port forwarding.

Accept port 8096 in forward chain. Yes, create a new rule with action accept on those ports. This advice is useless, because DST-NAT occurs before 'forward' chain firewall rules. Look at packet flow diagram: http://wiki.mikrotik.com/wiki/Manual:Packet_Flow Remove this part of your DST-NAT rule: dst...
by ditonet
Thu Oct 01, 2015 1:26 am
Forum: General
Topic: Port-forwarding to Internal FTP Server
Replies: 2
Views: 860

Re: Port-forwarding to Internal FTP Server

Configure NAT rule for FTP data (check FTP server 'passive ports' settings), not only for FTP command (port 21).

HTH,
by ditonet
Mon Sep 28, 2015 12:46 pm
Forum: General
Topic: DST-NAT allow only from specified SRC address
Replies: 1
Views: 377

Re: DST-NAT allow only from specified SRC address

src-address=1.1.1.1
Regards,
by ditonet
Thu Sep 03, 2015 12:29 am
Forum: Wireless Networking
Topic: Serious issue with noise floor.
Replies: 1
Views: 492

Re: Serious issue with noise floor.

What's wrong with 'noise-floor'=-116dBm?

Regards,
by ditonet
Mon Apr 27, 2015 9:03 pm
Forum: Announcements
Topic: RouterOS v6.28 released
Replies: 229
Views: 61617

Re: RouterOS v6.28 released

I runned to another case of increasing sector writes at System/Resources. Steps to reproduce: - open winbox. - check sector writes first to check it is not changing. - go to ip --> firewall --> connections. - stay there browse the list. - sector writes start to increase by 1 - 2 every second untill...
by ditonet
Sat Apr 04, 2015 2:03 am
Forum: Wireless Networking
Topic: EAP, Radius and VLAN assignment based on user
Replies: 6
Views: 2262

Re: EAP, Radius and VLAN assignment based on user

@timd93
What wireless package do you use? AFAIK 'wireless-fp' package is necessary to use 'Mikrotik_Wireless_VLANID' and 'Mikrotik_Wireless_VLANIDtype' attributes.

HTH,
by ditonet
Mon Feb 16, 2015 3:12 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122257

Re: Winbox 3 RC

I've got a small, simple suggestion. Please make an option to disable/enable drag and drop of RouterOS configuration entries in Winbox. I'm a cautious user, but from time to time I move some firewall rules and I already locked myself out a few times, or disturbed traffic for multi-thousand-user net...
by ditonet
Sun Feb 15, 2015 4:26 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122257

Re: Winbox 3 RC

AFAIK from technical point of view Winbox's look and functionality depends on DLLs downloaded from router (located in folder AppData/Mikrotik/Winbox). These DLLs are part of ROS, hence my opinion that you don't expect they do something with it. IMHO for MikroTik ROS 5.x is already a past :( . Regards,
by ditonet
Sun Feb 15, 2015 3:35 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122257

Re: Winbox 3 RC

Should it behave this way and why not to unify it ? According to changelog, latest version 5.26 is 17 months old and is pretty stable. IMHO, MikroTik is not interested in changing anything in ROS 5.x and don't expect they do something with it, even if you are asking about adding icons :) . They are...
by ditonet
Sun Feb 15, 2015 12:30 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122257

Re: Winbox 3 RC

3. For RB133C3 WinBox looks different.
It's typical, Winbox internal look (buttons, etc.) depends on ROS version on device connected to.
The same is with ver. 2 of Winbox, e.g. for ROS 6.x buttons have icons, for 5.x don't.

Regards,
by ditonet
Mon Feb 09, 2015 12:51 am
Forum: Wireless Networking
Topic: Wrong MikroTik Documentation (?)
Replies: 2
Views: 571

Re: Wrong MikroTik Documentation (?)

Wiki page mentioned by you also states: alogin.html - page shown after client has logged in. It pops-up status page and redirects browser to originally requested page (before he/she was redirected to the HotSpot login page) flogin.html - shown instead of login.html, if some error has happened (inval...
by ditonet
Sun Jan 18, 2015 1:15 am
Forum: The Dude
Topic: How to monitor remote network?
Replies: 10
Views: 3092

Re: How to monitor remote network?

MikroTik's Dude demonstration system is running ROS 6, it works, and system packages don't include a Dude package. So how is it working? Hopefully I could do mine the same way they are doing theirs now. To be exact ROS 6.16rc3. Maybe this version works fine with Dude package. Here is Normis' answer...
by ditonet
Sun Jan 18, 2015 12:30 am
Forum: The Dude
Topic: How to monitor remote network?
Replies: 10
Views: 3092

Re: How to monitor remote network?

@macsrwe
http://wiki.mikrotik.com/wiki/Manual:The_Dude/Agents
Unforunately MikroTik removed Dude packages (.npk) from web page, due to incompatiblity with ROS 6.x :(

HTH,
by ditonet
Thu Dec 04, 2014 10:53 am
Forum: Beginner Basics
Topic: how to create two lan interfaces?
Replies: 2
Views: 626

Re: how to create two lan interfaces?

There is a list of supported Ethernet chipsets:
http://wiki.mikrotik.com/wiki/Supported ... t_chipsets
Usually Intel is best choice.

HTH,
by ditonet
Sat Nov 15, 2014 3:42 pm
Forum: Beginner Basics
Topic: Block External IP RouterOS Login
Replies: 4
Views: 1886

Re: Block External IP RouterOS Login

Restrict access to router using 'IP/Services' as described here:
http://wiki.mikrotik.com/wiki/Manual:IP/Services

HTH,
by ditonet
Fri Nov 07, 2014 12:59 am
Forum: General
Topic: v6.21.1 released
Replies: 112
Views: 27303

Re: v6.21.1 released

ROS 6.21.1 / RouterBOOT 3.19 on RB951Ui-2HnD.
Profiler permanently shows 'DNS' CPU usage over 80% and DNS resolver stops resolving after few hours.
After downgrade to 6.20 problem disappeared.

Regards,
by ditonet
Fri Nov 07, 2014 12:23 am
Forum: General
Topic: Bug in Export
Replies: 2
Views: 656

Re: Bug in Export

Also, you can use verbose=yes when importing script to see the actual output where might be the problem.
I don't like to complain, but why the heck such useful option for script import is not documented in Wiki??? :(

Regards,
by ditonet
Wed Oct 22, 2014 11:42 pm
Forum: General
Topic: IOS8 Insue Iphone Login
Replies: 14
Views: 8870

Re: IOS8 Insue Iphone Login

bajodel is right, something is wrong with '.local' domain and Apple devices.

Regards,
by ditonet
Mon Oct 20, 2014 11:29 pm
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5767

Re: How to netinstall RB433 with out IP address

@gcs
For succesful netinstall connect your RB via Ether1, on other ports netinstall doesn't work.
I've netinstalled RB433AH in my office two weeks ago, without problems.

HTH,
by ditonet
Tue Oct 14, 2014 4:14 pm
Forum: General
Topic: IOS8 Insue Iphone Login
Replies: 14
Views: 8870

Re: IOS8 Insue Iphone Login

So please remove these entries and see if it works :)
I don't need to remove them, because they don't exist in my hotspots.
But I agree, user eduardi should remove them.

Regards,
by ditonet
Tue Oct 14, 2014 3:27 pm
Forum: General
Topic: IOS8 Insue Iphone Login
Replies: 14
Views: 8870

Re: IOS8 Insue Iphone Login

do this only if you know what you are doing and why
This is general life advice :D

But seriously, eduardi's post shows that he probably follows mentioned above Wiki article.

Regards,
by ditonet
Tue Oct 14, 2014 1:51 pm
Forum: General
Topic: IOS8 Insue Iphone Login
Replies: 14
Views: 8870

Re: IOS8 Insue Iphone Login

why do you put those things in walled garden? this will make hotspot not work. apple checks those sites, and if it detects hotspot, login page is opened. if you put them in walled garden, iphone thinks that you have internet, and doesn't open login. Maybe he did this, because MT Wiki suggest this: ...
by ditonet
Thu Oct 09, 2014 3:46 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58463

Re: v6.20 released!

[grzegorz@Some_Gateway] /ip firewall service-port> export # oct/09/2014 13:38:06 by RouterOS 5.26 # /ip firewall service-port set ftp disabled=no ports=21 set tftp disabled=no ports=69 set irc disabled=no ports=6667 set h323 disabled=no set sip disabled=no ports=5060,5061 sip-direct-media=no set pp...
by ditonet
Wed Oct 08, 2014 6:00 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58463

Re: v6.20 released!

This 'new' option exists even in ROS 5.x and is described here:
http://wiki.mikrotik.com/wiki/Manual:IP ... vice_Ports

Regards,
by ditonet
Mon Oct 06, 2014 12:22 am
Forum: General
Topic: pppoe-server auto MTU feature
Replies: 6
Views: 1775

Re: pppoe-server auto MTU feature

MTU has value "0" and is marked red colour as error!
Yes, you are right, but it's probably Winbox error only.

ros code

/interface pppoe-server print detail
shows proper MTU value.

Regards,
by ditonet
Sun Oct 05, 2014 6:33 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58463

Re: v6.20 released!

pitr wrote: My 6to4 tunnel to tunnelbroker.net broke with 6.20. Can't even get them working again if I redo the configuration completely. Thanks for the heads up. I was too busy the past few days to upgrade mine to 6.20 (they're currently on 6.19). Guess I'll leave them at 6.19 till the problem is ...
by ditonet
Sat Oct 04, 2014 11:47 pm
Forum: General
Topic: pppoe-server auto MTU feature
Replies: 6
Views: 1775

Re: pppoe-server auto MTU feature

ros code

/interface pppoe-server server> set max-mtu=auto
HTH,
by ditonet
Thu Oct 02, 2014 1:44 am
Forum: General
Topic: Mass configuration
Replies: 18
Views: 5354

Re: Mass configuration

@bigcw Probably problem occurs because you invoke command: /system reset-configuration skip-backup=yes no-defaults=yes run-after-reset=second.rsc with option no-defaults=yes . In this case router is not set to factory default configuration, but everything is cleared. http://wiki.mikrotik.com/wiki/Ma...
by ditonet
Tue Sep 30, 2014 12:10 am
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

@rkau045
I made test and you are right.
Now I'm considering what to do to protect 'forward' chain in case of dynamic UPnP NAT rules.

Regards,
by ditonet
Fri Sep 26, 2014 11:11 pm
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

No DST-NAT = INPUT DST-NAT = FORWARD This is obvious for me and always was, read my posts. Few posts earlier I asked you with example: E. g. my WAN interface address is 1.2.3.4 and this interface receives packet with dst-address 5.6.7.8. According to your post this packet will be forwarded by route...
by ditonet
Fri Sep 26, 2014 10:36 pm
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

@rkau045 Your logs clearly shows what I wrote in my previous post. According to packet-flow diagram if SYN packet hits WAN interface, first is checked against DST-NAT rules and router's service ports (Winbox, SSH, etc.). Next this packet flows to 'input' chain, where is dropped (in my case) by filte...
by ditonet
Fri Sep 26, 2014 6:29 pm
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

@rkau045 There is no matcher for SYN packets in these rules. therefore they follow the default policy of ACCEPT. This is how a new connection is established. Are you sure that these SYN packets from WAN side hit 'forward' chain, not 'input'? For what reason? According to packet-flow diagram if SYN p...
by ditonet
Fri Sep 26, 2014 11:59 am
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

you are ACCEPTING ALL TRAFFIC transiting your router via the default ACCEPT policy of the router, i.e. you have no firewall for forwarded traffic. No, I accept established and related connections only and drop invalid. Any packet sent to your router with any destination address that is not the rout...
by ditonet
Fri Sep 26, 2014 12:50 am
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

But am I correct that everything is allowed on the forward chain then? My basic config for 'forward' chain is: Allow if connection-state is 'established' and 'related' Drop if connection-state is 'invalid' /ip firewall filter add chain=forward comment="default configuration - established" connectio...
by ditonet
Fri Sep 26, 2014 12:16 am
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

@rkau045 The problem is that I have devices that should accept New connections on the ports set up by UPnP, but standard firewall rules will drop that traffic without the accept rule added for the local subnet. IMHO 'standard firewall rules' definition is different for every network administrator :)...
by ditonet
Thu Sep 25, 2014 11:22 pm
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

@aya & rkau045 I don't know how your configuration looks like, but my UPnP settings works perfectly without filter allow rule to DST-NAT'ed ports. usually all the last rule in the firewall forward prohibits the passage of incoming connections. Why 'forward' chain, not 'input'? Properly configured fi...
by ditonet
Thu Sep 25, 2014 9:49 pm
Forum: Beginner Basics
Topic: UPnP does not create dynamic rules in ip firewall filter
Replies: 30
Views: 6722

Re: UPnP does not create dynamic rules in ip firewall filter

DST-NAT is done before any firewall filter.
Check packet flow diagram first:
http://wiki.mikrotik.com/wiki/Packet_Flow#Diagram
UPnP works properly on MikroTik routers.

Regards,
by ditonet
Thu Sep 25, 2014 8:21 pm
Forum: General
Topic: Mass configuration
Replies: 18
Views: 5354

Re: Mass configuration

Ok, so even this doesn't work... Code: export verbose file=second.rsc /system reset-configuration skip-backup=yes no-defaults=yes run-after-reset=second.rsc Again, no IP addresses after reboot. Only option is to factory reset. My advice is to divide this into two steps: 1. Reset RB configuration (w...
by ditonet
Wed Sep 24, 2014 11:44 pm
Forum: General
Topic: Mass configuration
Replies: 18
Views: 5354

Re: Mass configuration

Maybe this article will help you solve problem:
http://wiki.mikrotik.com/wiki/Flashfig

HTH,
by ditonet
Sat Sep 20, 2014 2:50 am
Forum: RouterBOARD hardware
Topic: POE over 4 wires (2 pair)
Replies: 18
Views: 16870

Re: POE over 4 wires (2 pair)

@econet
Use Ethernet over VDSL2 Converter (http://www.planet.com.tw/en/product/pro ... p?id=21749).
Only one cable pair is necessery for data transmission, so second cable pair is available for power.

HTH,
by ditonet
Thu Sep 18, 2014 1:56 am
Forum: General
Topic: Mass configuration
Replies: 18
Views: 5354

Re: Mass configuration

I have tried to edit the 'backup' file, but it's mainly binary. You are right, these files are binary and non-editable. Only script files (.rsc) generated by 'export' command are editable. Export your configuration, but use this command: /export verbose file=test Without 'verbose' switch only diffe...
by ditonet
Thu Sep 18, 2014 1:04 am
Forum: Wireless Networking
Topic: Which Mikrotik Router can work with My E3276?
Replies: 1
Views: 767

Re: Which Mikrotik Router can work with My E3276?

One of my customers has this modem working with RB751 (but this is currently EOL product).
IMHO every RouterBoard with USB port should work, e.g. RB951Ui-2HnD.
Do not expect 4G connection, only 3G (PPP client, not LTE).
You must also search Google how to set this modem to work with RouterOS.

HTH,
by ditonet
Thu Sep 18, 2014 12:41 am
Forum: Beginner Basics
Topic: Lost access to RB1100
Replies: 1
Views: 670

Re: Lost access to RB1100

Read Wiki article
http://wiki.mikrotik.com/wiki/Winbox
and access your router using MAC address.

HTH,
by ditonet
Thu Sep 18, 2014 12:32 am
Forum: General
Topic: Mass configuration
Replies: 18
Views: 5354

Re: Mass configuration

I tried exporting the configuration, but that is the same - MAC addresses hard coded in. Removing 'mac-address' and 'orig-mac-address' from exported .rsc file is not enough? You have to do this only once. Below is link to utility which simplify editing of .rsc files: http://wiki.mikrotik.com/wiki/M...
by ditonet
Wed Sep 10, 2014 1:35 pm
Forum: Wireless Networking
Topic: Noise floor
Replies: 3
Views: 1186

Re: Noise floor

My all Point to Point devices currently working with -111, but still I feel latency instability.

Please advise is it good value, if not then what to do to reduce the Noise Floor.
You can't change Noise-Floor value, because it's measured value of enviroment noise.
-111 dBm is good value.

HTH,
by ditonet
Wed Sep 10, 2014 12:21 am
Forum: General
Topic: Mikrotik-Group with Radius
Replies: 6
Views: 1737

Re: Mikrotik-Group with Radius

Did you define MikroTik dictionary (custom VSAs) on your RADIUS server?
http://technet.microsoft.com/en-us/libr ... 10%29.aspx
What are currently defined Access-Accept atributes?

Regards,
by ditonet
Fri Sep 05, 2014 10:58 pm
Forum: General
Topic: Feature Request: adding RADIUS atributtes in 802.1x
Replies: 2
Views: 1860

Re: Feature Request: adding RADIUS atributtes in 802.1x

According to the RFC 2865: 5.30. Called-Station-Id Description This Attribute allows the NAS to send in the Access-Request packet the phone number that the user called, using Dialed Number Identification (DNIS) or similar technology. Note that this may be different from the phone number the call com...
by ditonet
Sun Jun 15, 2014 3:45 pm
Forum: General
Topic: v6.15 released
Replies: 302
Views: 102929

Re: v6.15 released

I notice the CAPsMAN will cause all the connected APs not working when the CAPsMAN is down, is there anyway the CAPs will copy the CAPsMAN configuration and store on it self ? Thank you for the suggestion - we will think about those features. Implement this ASAP, please. CAP must be able to work, e...
by ditonet
Wed Apr 16, 2014 11:41 pm
Forum: Beginner Basics
Topic: Need help with l2l-VPN, MikTik and Watchguard Firebox
Replies: 10
Views: 5043

Re: Need help with l2l-VPN, MikTik and Watchguard Firebox

If the dynamic IP is a problem, I will tell the customer to get a static IP without router as he has in the other offices. Yes, MT should be connect directly to WAN, with static IP address. I found few mistakes in your config: /ip ipsec peer 'local-address' must be your public (WAN) IP address, not...
by ditonet
Wed Apr 16, 2014 10:41 am
Forum: Beginner Basics
Topic: Need help with l2l-VPN, MikTik and Watchguard Firebox
Replies: 10
Views: 5043

Re: Need help with l2l-VPN, MikTik and Watchguard Firebox

phase1 negotiation failed due to time up In RouterOS, phase 1 settings are in 'IPSec/Peer'. According to your previous post on Firebox side PH1 settings are: PH1 transform SHA1-3DES, DH2, SA life 8h On RouterOS side: /ip ipsec peer add address=89.xxx.yyy.196/32 enc-algorithm=aes-256 exchange-mode=a...
by ditonet
Wed Apr 16, 2014 1:05 am
Forum: Beginner Basics
Topic: Need help with l2l-VPN, MikTik and Watchguard Firebox
Replies: 10
Views: 5043

Re: Need help with l2l-VPN, MikTik and Watchguard Firebox

I am far from being a pro, but I think the setting should work. You are wrong, config on MikroTik side is completly messed up. Do not use 'aggressive' mode, use 'main' instead. NAT-Traversal should be 'no'. Why do you have same addresses for 'dst-address' and 'sa-dst-address' ? Same with 'src-addre...
by ditonet
Fri Mar 28, 2014 12:41 am
Forum: General
Topic: Remove SPI firewall in router RB450G
Replies: 14
Views: 3801

Re: Remove SPI firewall in router RB450G

I never noticed any problem with my Xbox.
Firewall is enabled and everything works fine.
Remember to enable and configure UPnP.

Regards,
by ditonet
Sat Mar 22, 2014 12:27 am
Forum: Wireless Networking
Topic: CAPs Manager
Replies: 165
Views: 56174

Re: CAPs Manager

http://www.mikrotik.com/download
Can be downloaded as separate package.

HTH,
by ditonet
Fri Mar 21, 2014 8:22 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 79532

Re: v6.11 released

Some problem but no rule some RB working some not, 433AH working, 433GL no, one Groove is ok other not. Solution: Winbox 1. Open clock 2. Select time zone manual click apply 3. Select back your time zone click apply 4. Click OK (must click ok ) Log time is now ok. Log shows events with GMT time, no...
by ditonet
Fri Mar 21, 2014 7:46 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 79532

Re: v6.11 released

Log shows events with GMT time, not according to timezone.
Tested on RB433AH and RB951-2n with latest RouterOS and RouterBOOT.

Regards,
by ditonet
Fri Mar 14, 2014 12:13 pm
Forum: Scripting
Topic: Auto Updated blacklists from Spamhaus, OpenBL & DShield
Replies: 16
Views: 4661

Re: Auto Updated blacklists from Spamhaus, OpenBL & DShield

So do you scheduled this EXE to run on a regular basis and put the text files on a web accessible server to download into your routers on a regular basis?
Yes, you are right.

Regards,
by ditonet
Fri Mar 14, 2014 12:01 am
Forum: Scripting
Topic: Auto Updated blacklists from Spamhaus, OpenBL & DShield
Replies: 16
Views: 4661

Re: Auto Updated blacklists from Spamhaus, OpenBL & DShield

I wrote similar app almost year ago, it converts SpamHaus and OpenBL lists to RouterOS script file (.rsc).
My app is Windows executable, attached to this post.
List2Script_Conv.zip
Hope you find it useful,
by ditonet
Fri Mar 07, 2014 5:57 pm
Forum: Scripting
Topic: Using variables to find comments - Not working
Replies: 5
Views: 1010

Re: Using variables to find comments - Not working

@marrold
Tested on v.6.10, your code returns IDs of all routes with comment, not only one with specific comment (e.g. 'lala').
You are right, it's probably ROS bug.

Regards,
by ditonet
Fri Mar 07, 2014 1:50 am
Forum: Beginner Basics
Topic: Rogue router
Replies: 4
Views: 1218

Re: Rogue router

Simple, change the TTL of the packet to 1 in the mangle rules. /ip firewall mangle add action=change-ttl chain=forward in-interface=<WAN INTERFACE> new-ttl=set:1 passthrough=no That way when a packet flows over their router, it will decrement the TTL by 1. The router will then see that and drop the...
by ditonet
Fri Feb 28, 2014 5:13 pm
Forum: General
Topic: use Microtik as print server as well
Replies: 42
Views: 22306

Re: use Microtik as print server as well

Hi, virtual usb not needed, they can use IPP http://ru.wikipedia.org/wiki/Internet_Printing_Protocol OK, but in this case all necessary conversion 'IPP -> USB' must be done by router software, because we are talking about printers without network interface. This conversion is printer specific, thus...
by ditonet
Fri Feb 28, 2014 2:02 am
Forum: General
Topic: use Microtik as print server as well
Replies: 42
Views: 22306

Re: use Microtik as print server as well

drivers for printer on the end-user machine If we are talking about drivers, there is also need to provide driver for 'Virtual USB Port' for every operating system. This is another extra work for developers :) . Many manufacturers offer USB print servers and every comes with 'Printer compatibility ...
by ditonet
Thu Feb 27, 2014 2:25 am
Forum: General
Topic: use Microtik as print server as well
Replies: 42
Views: 22306

Re: use Microtik as print server as well

Bad idea.
Every USB Print Server has 'printer compatiblity list'.
Not every printer is supported, only mentioned on that list.
It's a endless work for developers adding support for new printers.
Just my two cents.

Regards,
by ditonet
Mon Feb 24, 2014 11:50 am
Forum: The Dude
Topic: The Dude is dead. Move on.
Replies: 106
Views: 36313

Re: The Dude is dead. Move on.

Not so fast. Some new hope did appear during the MUM.
Normis, more information, please.

Regards,
by ditonet
Sat Feb 22, 2014 2:41 pm
Forum: RouterBOARD hardware
Topic: CRS226
Replies: 33
Views: 10309

Re: CRS226

Why only 400Mhz? Old CRS have 600Mhz
Probably MT decided that it's mainly switch and router functionality is 'additional feature' :)

Regards,
by ditonet
Fri Feb 21, 2014 9:52 pm
Forum: General
Topic: SSH blocked by ISP, v6.10
Replies: 5
Views: 1493

Re: SSH problem , v6.10

SSH from outside local network works properly.
Probably your firewall config lacks 'accept' rule for SSH in 'input' chain on WAN/PPPoE interface.

HTH,
by ditonet
Thu Feb 20, 2014 12:17 am
Forum: Scripting
Topic: Mikrotik SSH Backup - my solution
Replies: 13
Views: 5104

Re: Mikrotik SSH Backup - my solution

Nice tool, thanks. I have a feature request: 1. add ability to define port used by SSH service, currently is fixed to 22. I always use non-standard port for SSH to prevent automated port scanning. 2. some kind of credentials encryption in 'data.xml' and 'settings.xml' files. Maybe I'm slightly paran...
by ditonet
Tue Feb 18, 2014 6:56 pm
Forum: Wireless Networking
Topic: CAPs Manager
Replies: 165
Views: 56174

CAPs Manager

http://wiki.mikrotik.com/wiki/Manual:CAPs_Manager
So now we probably know what will be announced during MUM :D .
Looks very promising.

Regards,
by ditonet
Sun Feb 16, 2014 4:30 pm
Forum: General
Topic: Can I manually add drivers to Router OS
Replies: 6
Views: 2678

Re: Can I manually add drivers to Router OS

I noticed that the newer ROS version refer to a "firmware" folder (system -> ports -> Firmware). How is this used?
This question is answered here:
http://forum.mikrotik.com/viewtopic.php?f=13&t=70779

Regards,
by ditonet
Fri Feb 14, 2014 9:07 pm
Forum: General
Topic: v6.10 released
Replies: 248
Views: 82008

Re: v6.10 released

Noticed on v6.9 and this is still present is v6.10 as well - Times in log are always in +0 gmt offset even though I have set up another time zone. When going in system->clock it shows correct time, in my case 19:57 at the moment (gmt offset +02:00), but in log it shows 17:57 Very interested, for me...
by ditonet
Tue Feb 11, 2014 1:43 am
Forum: General
Topic: IPSEC - one way SPI SA not installed
Replies: 11
Views: 3474

Re: IPSEC - one way SPI SA not installed

I'm using a 3G stick for WAN that does not have a fixed IP address. That's why I used 0.0.0.0 for source.
It's possible to read WAN IP address and set it in 'IPSec/Policy' using script.

Regards,
by ditonet
Tue Feb 11, 2014 1:08 am
Forum: General
Topic: IPSEC - one way SPI SA not installed
Replies: 11
Views: 3474

Re: IPSEC - one way SPI SA not installed

sa-src-address=0.0.0.0
SA-Src-Address should be set to your public (WAN) IP, and this NAT rule is not necessary:
add chain=srcnat dst-address=192.168.10.0/24 src-address=10.32.0.0/16
BTW, you didn't post your 'IPSec/Proposal' settings.

HTH,
by ditonet
Sat Feb 08, 2014 6:56 pm
Forum: The Dude
Topic: Device password recovery?
Replies: 5
Views: 3871

Re: Device password recovery?

@macsrwe
Run Notepad, next run Dude.
On device list or network map select interesting device, then click 'Copy' button on Dude toolbar.
Switch to Notepad and paste (Ctrl+V).
You should see whole device configuration including password as XML file. That's all :) .

HTH,
by ditonet
Fri Feb 07, 2014 6:21 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013842

Re: CLOUD CORE ROUTER

Currently CCR1036 and CCR1016, both ROS v.6.9, so far so good.

Regards,
by ditonet
Thu Feb 06, 2014 11:23 pm
Forum: The User Manager
Topic: script and character constants
Replies: 4
Views: 1707

Re: script and character constants

Probably it's impossible to use these 'character constans' from script.
Maybe you should make feature request for this.

Regards,
by ditonet
Thu Feb 06, 2014 10:21 pm
Forum: The User Manager
Topic: script and character constants
Replies: 4
Views: 1707

Re: script and character constants

As Wiki says (http://wiki.mikrotik.com/wiki/User_Mana ... _constants),
these 'character constans' are available only for voucher template.
Is not mentioned in any place that they are also available from scripts.

Regards,
by ditonet
Mon Feb 03, 2014 2:15 pm
Forum: General
Topic: Mikrotik and Zabbix SNMP based on interface name
Replies: 5
Views: 6708

Re: Mikrotik and Zabbix SNMP based on interface name

AFAIK last number in these OIDs is physical interface number,
so 'ether-1' is .1.3.6.1.2.1.2.2.1.10.1 and so on.
Maybe your WAN interface on other RouterBoards is not configured on 'ether-1' hence differences.

HTH,
by ditonet
Mon Feb 03, 2014 12:28 pm
Forum: General
Topic: 6.9 released!
Replies: 223
Views: 79285

Re: 6.9 released!

Are you kidding? Wait some days until user reports say it's save and then do it.
It looks that only I was brave enough, to upgrade router located 210 km away from me :D.
But everything went fine, so far so good.

Regards,
by ditonet
Sun Feb 02, 2014 11:19 pm
Forum: General
Topic: problem with nat rule to the upgrade to version 6
Replies: 3
Views: 1946

Re: problem with nat rule to the upgrade to version 6

happens that the second rule is always red
Even between 00:00:00 - 06:00:00 ?
Or you never checked this during mentioned above period of time?
Time rules become red/invalid when they are out of specified time.

HTH,
by ditonet
Sun Feb 02, 2014 2:37 pm
Forum: RouterBOARD hardware
Topic: Making LCD useful.
Replies: 19
Views: 5241

Re: Making LCD useful.

Ability to display custom bitmap and message will be very useful.
+1

Regards,
by ditonet
Fri Jan 31, 2014 11:55 pm
Forum: General
Topic: 6.9 released!
Replies: 223
Views: 79285

Re: 6.9 released!

Just upgraded CCR1036-12G-4S, everything looks good.

Regards,
by ditonet
Fri Jan 31, 2014 12:36 am
Forum: General
Topic: Strange SSH anomaly
Replies: 3
Views: 683

Re: Strange SSH anomaly

The TCP state said "Established"
It only means that SSH client is connected to router, but not authenticated using user name/password.
Maybe someone tried to brute-force SSH service.

HTH,
by ditonet
Thu Jan 30, 2014 10:51 pm
Forum: Wireless Networking
Topic: Radius Server Not responding
Replies: 2
Views: 995

Re: Radius Server Not responding

Increase RADIUS timeout setting. Default value of 300ms sometimes is too low.

HTH,
by ditonet
Thu Jan 30, 2014 10:36 pm
Forum: General
Topic: CRS documentation
Replies: 79
Views: 29998

Re: CRS documentation

It'll be nice if you deploy one CRS as a demo system (similar to demo.mt.lv and demo2.mt.lv) so that the community can see what's the switch management looks like in the UI on a live system.
+1

Regards,
by ditonet
Sat Jan 25, 2014 2:25 pm
Forum: General
Topic: What's new in 6.8rc1
Replies: 106
Views: 22770

Re: What's new in 6.8rc1

AFAIK 'WLC' will be a separated package.
I've compared separated package files,
only 'system-mipsbe.npk' is bigger than usually.

Regards,
by ditonet
Sat Jan 25, 2014 2:05 pm
Forum: General
Topic: What's new in 6.8rc1
Replies: 106
Views: 22770

Re: What's new in 6.8rc1

Did anyone noticed that latest mipsbe .npk file is bigger?
11.6MB instead of usual 9.8MB.
I'm very curious what made such difference.

Regards,
by ditonet
Fri Jan 24, 2014 11:12 pm
Forum: The User Manager
Topic: How to make invisible profile
Replies: 2
Views: 1427

Re: How to make invisible profile

Just create local hotspot 'admin' account. http://wiki.mikrotik.com/wiki/User_Manager/Hotspot_Example Note, first local HotSpot Users database is consulted, then User Manager database. It means that if you have configuration in '/ ip hotspot user print', users will be able to authenticate in HotSpot...
by ditonet
Wed Jan 22, 2014 10:07 pm
Forum: General
Topic: RouterOS Dynamic ARP Timeout Setting?
Replies: 4
Views: 1484

Re: RouterOS Dynamic ARP Timeout Setting?

http://wiki.mikrotik.com/wiki/Manual:IP/Settings
Probably 'ARP-timeout' property is what you are looking for.

HTH,
by ditonet
Wed Jan 22, 2014 12:37 am
Forum: Beginner Basics
Topic: Site to Site IpSec Tunnel Mikrotik with D-Link DFL-860E
Replies: 6
Views: 7892

Re: Site to Site IpSec Tunnel Mikrotik with D-Link DFL-860E

You don't have IPSec policies defined.
For site-to-site IPSec VPN don't use

ros code

generate-policy=yes
but define policy manually.

Also you must change to:

ros code

exchange-mode=main
HTH,
by ditonet
Mon Jan 20, 2014 1:44 am
Forum: General
Topic: Incompatibility with ps4?
Replies: 24
Views: 15310

Re: Incompatibility with ps4?

I have a problem FORWARDING port 80 to my PS4. What if I wish to run a webserver?
Check router's 'IP/Services', probably WWW is enabled.
Disable WWW service (Webfig) or change port used by it.

HTH,
by ditonet
Sun Jan 19, 2014 11:40 pm
Forum: Beginner Basics
Topic: [Solved] User Group permission mismatch ?!
Replies: 5
Views: 2787

Re: User Group permission mismatch ?!

How do you try to change password? Using Winbox, then 'System/Password' I'm able to change it. If You are trying with 'System/Users', double-click on user name, then 'Password' button, it ends with with message 'Couldn`t change Change Password - not permitted (9)'. In first case user is changing it'...
by ditonet
Sun Jan 19, 2014 7:35 pm
Forum: Beginner Basics
Topic: [Solved] User Group permission mismatch ?!
Replies: 5
Views: 2787

Re: User Group permission mismatch ?!

Why this user cannot change own password.
Enable 'password' policy for this user group.

HTH,
by ditonet
Fri Jan 17, 2014 11:02 am
Forum: General
Topic: Cant update routerboard from 3.08 to 3.10
Replies: 3
Views: 1288

Re: Cant update routerboard from 3.08 to 3.10

@rado3105
Try this:

ros code

/system routerboard settings set force-backup-booter=no
/system routerboard upgrade
/system reboot
HTH,
by ditonet
Tue Jan 14, 2014 12:04 am
Forum: Beginner Basics
Topic: USB -> RJ45 console cable for CRS?
Replies: 6
Views: 5545

Re: USB -> RJ45 console cable for CRS?

In case you use Windows 7 and are to buy an USB adapter, make sure to NOT buy a Prolific chip based adapter.
See my post about Serial Connection With Windows 7.
Just FYI, for 3 years I've never noticed problems described by you using Prolific PL-2303 XA/HXA converter on Windows 7.

Regards,
by ditonet
Sat Jan 11, 2014 11:08 am
Forum: General
Topic: Broken DNS
Replies: 5
Views: 2992

Re: Broken DNS

N - negative

HTH,
by ditonet
Tue Dec 31, 2013 8:34 pm
Forum: Scripting
Topic: remove unreplied tcp connections
Replies: 14
Views: 5383

Re: remove unreplied tcp connections

Decrease 'tcp-established-timeout' to 5 minutes.

Regards,

P.S. I'm going on New Year's party :D
by ditonet
Tue Dec 31, 2013 7:42 pm
Forum: Scripting
Topic: remove unreplied tcp connections
Replies: 14
Views: 5383

Re: remove unreplied tcp connections

Unreplied is no........................... not yes as would be expected!
This bug was fixed year ago, in ROS v.6.0rc6 if I remember correctly.

Post your conntrack settings:

ros code

/ip firewall connection tracking export
Regards,
by ditonet
Tue Dec 31, 2013 5:27 pm
Forum: Scripting
Topic: remove unreplied tcp connections
Replies: 14
Views: 5383

Re: remove unreplied tcp connections

v5.25 does not have a time out setting for "unreplied" !
I've asked about shown values:
unreplied_timeout.PNG
Regards,
by ditonet
Tue Dec 31, 2013 2:02 pm
Forum: Scripting
Topic: remove unreplied tcp connections
Replies: 14
Views: 5383

Re: remove unreplied tcp connections

Post your conntrack settings, please.
What is higher 'timeout' value for unreplied connections shown by Winbox?

Regards,
by ditonet
Tue Dec 31, 2013 12:29 pm
Forum: Scripting
Topic: remove unreplied tcp connections
Replies: 14
Views: 5383

Re: remove unreplied tcp connections

Did you try to decrease TCP SYN-timeouts in conntrack settings?

Regards,
by ditonet
Mon Dec 30, 2013 7:01 pm
Forum: Scripting
Topic: remove unreplied tcp connections
Replies: 14
Views: 5383

Re: remove unreplied tcp connections

need help here with a script to run every 5 minutes to delete from tracking table all connections that meet the following criteria.
1: tcp+(!SA)+(!local network ip's)+established
Just out of curiosity: Why do you want to remove established connections?

Regards,
by ditonet
Mon Dec 30, 2013 6:53 pm
Forum: General
Topic: anti dos attack rule for forward
Replies: 2
Views: 802

Re: anti dos attack rule for forward

Add 'incoming' and 'outgoing' interfaces as conditions to rule.

HTH,
by ditonet
Tue Sep 17, 2013 11:52 pm
Forum: Wireless Networking
Topic: P2P Unstable
Replies: 4
Views: 1921

Re: P2P Unstable

You have to lower transmitting power on your devices.
Signal strenght should be -60 to -50 dBm for best results.

HTH,
by ditonet
Fri Aug 30, 2013 9:05 pm
Forum: RouterBOARD hardware
Topic: SXT SA (sector antenna)
Replies: 10
Views: 2763

Re: SXT SA (sector antenna)

Strona o podanym adresie nie istnieje
http://www.cdr.pl/p2009,mikrotik-router ... os-l4.html

HTH,
by ditonet
Thu Jun 27, 2013 1:45 am
Forum: General
Topic: Webfig skins (tutorial)
Replies: 100
Views: 93283

Re: Webfig skins (tutorial)

@plankanater
Disable 'policy' permission for this user.

HTH,
by ditonet
Tue Jun 11, 2013 6:49 pm
Forum: General
Topic: NETWATCH issue with DHCP-CLIENT
Replies: 4
Views: 1034

Re: NETWATCH issue with DHCP-CLIENT

Try interface name without quotation marks:

ros code

/ip dhcp-client set [find interface=ether1] disabled=yes
/ip dhcp-client set [find interface=ether1] disabled=no
HTH,
by ditonet
Mon Jun 10, 2013 7:00 pm
Forum: General
Topic: NETWATCH issue with DHCP-CLIENT
Replies: 4
Views: 1034

Re: NETWATCH issue with DHCP-CLIENT

On Up:

ros code

/ip dhcp-client set [find name="ether1"] disabled=yes;
On Down:

ros code

/ip dhcp-client set [find name="ether1"] disabled=no;
HTH,
by ditonet
Fri May 10, 2013 3:22 pm
Forum: RouterBOARD hardware
Topic: Water Sxt
Replies: 74
Views: 12302

Re: Water Sxt

Thanks for info.

Regards,
by ditonet
Fri May 10, 2013 3:15 pm
Forum: RouterBOARD hardware
Topic: Water Sxt
Replies: 74
Views: 12302

Re: Water Sxt

@Normis
Is it possible to recognize newest design devices without unit disassembly?

Regards,
by ditonet
Thu May 09, 2013 11:28 pm
Forum: Beginner Basics
Topic: Can't see USB port, but can see USB modem?
Replies: 2
Views: 2090

Re: Can't see USB port, but can see USB modem?

Your 3G modem is not supported by RouterOS, hence that results.
http://wiki.mikrotik.com/wiki/Supported ... e#3G_cards

Regards,
by ditonet
Mon Apr 29, 2013 12:22 am
Forum: Scripting
Topic: Two counters in loop
Replies: 5
Views: 952

Re: Two counters in loop

@flexus

ros code

#count config
:local start ("100");
:local stop ("250");
:local poolcount;

:global count ($start);
:for count from=$start to=$stop step=1 do={
:set poolcount ($count + 700);
/ip pool add name="pool$poolcount" ranges="10.0.$count.20-10.0.$count.250"}
HTH,
by ditonet
Wed Apr 17, 2013 11:38 pm
Forum: Scripting
Topic: Removing all but default items
Replies: 1
Views: 653

Re: Removing all but default items

ros code

[find default=no]
doesn't work for you?

Regards,
by ditonet
Thu Apr 11, 2013 12:13 pm
Forum: General
Topic: ROS sntp client update
Replies: 1
Views: 369

Re: ROS sntp client update

I've never noticed problem described by you.
Add logging for NTP

ros code

/system logging add action=memory disabled=no prefix="" topics=ntp,!packet
restart router, wait 20 minutes, then log-in and check NTP logs.

HTH,
by ditonet
Wed Apr 10, 2013 6:05 pm
Forum: RouterBOARD hardware
Topic: Dead (can't access) 751G-2HnD
Replies: 10
Views: 2190

Re: Dead (can't access) 751G-2HnD

I assume flash become damaged somehow.
Sad mikrotik doesn't have stronger software restore procedure for such situations.
You are denying yourself. How to restore software in case of hardware failure?
If you can't Netinstall this RB751G, just RMA it.

Regards,
by ditonet
Fri Apr 05, 2013 1:38 am
Forum: Scripting
Topic: sstp IP discovery/address list script help
Replies: 2
Views: 1066

Re: sstp IP discovery/address list script help

:foreach s in=[/interface sstp-server find where disabled=no and running=yes] do={ :local sstpsrvr $s :local clip [/interface sstp-server get $s client-address] :if ([/ip firewall address-list find (list=VPNLINKS && address=$clip)] = "") do={ /ip firewall address-list add list=VPNLINKS address=$cli...
by ditonet
Fri Apr 05, 2013 12:57 am
Forum: Beginner Basics
Topic: Installed
Replies: 2
Views: 490

Re: Installed

As Wiki says:
RouterOS licensing scheme is based on SoftwareID number that is bound to storage media
If you want to install RouterOS on another disk probably you must buy new licence.

Regards,
by ditonet
Fri Mar 29, 2013 11:51 pm
Forum: General
Topic: Stuck at loading kernel
Replies: 6
Views: 3562

Re: Stuck at loading kernel

Connect patchcable to RB's Ether1 port. Unplug power, press reset button and hold it. Power up device and release reset button when green LED stops blinking, or your RB will be visible on Netinstall's routers list. This procedure is described in Quick Setup Guide: http://routerboard.com/pdf/423/rb20...
by ditonet
Fri Mar 29, 2013 9:40 am
Forum: RouterBOARD hardware
Topic: Routerboard with USB hub, 3G and CDMA modem
Replies: 17
Views: 5065

Re: Routerboard with USB hub, 3G and CDMA modem

@jkrepinsky
I have no more ideas what's wrong :(.

Regards,
by ditonet
Tue Mar 26, 2013 12:49 pm
Forum: RouterBOARD hardware
Topic: Routerboard with USB hub, 3G and CDMA modem
Replies: 17
Views: 5065

Re: Routerboard with USB hub, 3G and CDMA modem

@jkrepinsky Does your CDMA modem work properly when is connected directly to PC? I have AnyDATA ADU-895L (notice L , not H) and works fine with ROS 6.0rc12. IMHO, one thing is missed in our considerations, even the same modem type can have different firmware version. Maybe this is reason why for one...
by ditonet
Tue Mar 26, 2013 12:41 pm
Forum: RouterBOARD hardware
Topic: Metal 5SHPn cannot mac-telnet via wlan1...
Replies: 11
Views: 2416

Re: Metal 5SHPn cannot mac-telnet via wlan1...

When you are trying to connect to Metal using MAC-Telnet,
is Metal 'wlan1' interface visible on Neighbor list on RouterBoard you connect from?
(Winbox/IP/Neighbor)

Regards,
by ditonet
Tue Mar 26, 2013 12:39 am
Forum: RouterBOARD hardware
Topic: Routerboard with USB hub, 3G and CDMA modem
Replies: 17
Views: 5065

Re: Routerboard with USB hub, 3G and CDMA modem

@Ivoshiee
IMHO, MT permanently make some improvements, never mentioned in changelog.
As I wrote earlier I had problem (disconnections) with AnyDATA ADU-520L and RC10.
These disconnections never occured with RC12.

@w0lt
http://www.mikrotik.com/download/share/ ... .0rc12.npk

Regards,
by ditonet
Mon Mar 25, 2013 6:36 pm
Forum: RouterBOARD hardware
Topic: Metal 5SHPn cannot mac-telnet via wlan1...
Replies: 11
Views: 2416

Re: Metal 5SHPn cannot mac-telnet via wlan1...

Is 'wlan1' MAC-Address not visible when you click Winbox's [...] button?
Maybe neighbor discovery is disabled on 'wlan1' inteface?
http://wiki.mikrotik.com/wiki/Manual:IP ... _discovery
Or you are not able to connect even if MAC-Address is typed directly into Winbox?

HTH,
by ditonet
Mon Mar 25, 2013 6:07 pm
Forum: General
Topic: Addition Derault route distance for PPP conections.
Replies: 1
Views: 817

Re: Addition Derault route distance for PPP conections.

I've asked support about this two months ago.
According to Sergejs' answer 'distance for default route for PPP clients' is on TODO list, but no exact time frame.

Regards,
by ditonet
Mon Mar 25, 2013 5:12 pm
Forum: RouterBOARD hardware
Topic: Routerboard with USB hub, 3G and CDMA modem
Replies: 17
Views: 5065

Re: Routerboard with USB hub, 3G and CDMA modem

Try latest ROS 6.0rc12

Regards,
by ditonet
Mon Mar 25, 2013 4:52 pm
Forum: RouterBOARD hardware
Topic: Metal 5SHPn cannot mac-telnet via wlan1...
Replies: 11
Views: 2416

Re: Metal 5SHPn cannot mac-telnet via wlan1...

Probably MAC-Server is disabled on 'wlan1' by default.

HTH,
by ditonet
Mon Mar 25, 2013 3:23 pm
Forum: RouterBOARD hardware
Topic: Routerboard with USB hub, 3G and CDMA modem
Replies: 17
Views: 5065

Re: Routerboard with USB hub, 3G and CDMA modem

What CDMA modem do you use?
I had similar problem with AnyDATA ADU-520L.
Upgrade RouterOS and RuoterBOOT to latest version and observe what happend.

HTH,
by ditonet
Sun Mar 24, 2013 11:38 pm
Forum: RouterBOARD hardware
Topic: Routerboard with USB hub, 3G and CDMA modem
Replies: 17
Views: 5065

Re: Routerboard with USB hub, 3G and CDMA modem

Do you think that this home-made powering might be problem?
I've asked because USB port is limited to 500mA and two modems connected to hub without external PSU overload USB port.
As I wrote earlier, not every USB hub works properly with RouterBoard.
Try another one with different chipset.

HTH,
by ditonet
Fri Mar 22, 2013 10:10 pm
Forum: RouterBOARD hardware
Topic: Routerboard with USB hub, 3G and CDMA modem
Replies: 17
Views: 5065

Re: Routerboard with USB hub, 3G and CDMA modem

@jkrepinsky
Is your USB hub powered by external PSU?
Two month ago I made similar config (hub + 2 modems) and everything was OK.
I've tested two different hubs and finally worked one built using NEC chip.
Unfortunately, I don't remember what exactly chip it was.

HTH,
by ditonet
Thu Mar 21, 2013 10:18 am
Forum: Beginner Basics
Topic: Create new routing table
Replies: 4
Views: 11635

Re: Create new routing table

Run Winbox, then 'IP/Routes/Rules tab'. Add new rule, Table='new table name', action=lookup. http://wiki.mikrotik.com/manual//ip/route/rule#table But new table is still useless without routing mark, because 'routing mark name' is 'routing table name'. Packets without routing mark are checked against...
by ditonet
Thu Mar 21, 2013 12:20 am
Forum: Wireless Networking
Topic: 3x3 & 6x6 MIMO
Replies: 21
Views: 9010

Re: 3x3 & 6x6 MIMO

Complete solution made by Cyberbajt http://www.cyberbajt.pl/produkt/5003/

HTH,
by ditonet
Wed Mar 20, 2013 11:50 pm
Forum: Beginner Basics
Topic: Create new routing table
Replies: 4
Views: 11635

Re: Create new routing table

Use 'routing-mark' when adding new route as described here:
http://wiki.mikrotik.com/wiki/Manual:IP ... properties

HTH,
by ditonet
Tue Mar 19, 2013 5:20 pm
Forum: Beginner Basics
Topic: install certificate
Replies: 3
Views: 640

Re: install certificate

Here is manual how to create self-signed certificates:
http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates

HTH,
by ditonet
Sat Mar 16, 2013 2:13 pm
Forum: RouterBOARD hardware
Topic: LCD pin diagram using DB9 connector
Replies: 13
Views: 3138

Re: LCD pin diagram using DB9 connector

You are trying to connect LCD with parallel data input to serial data output.
It's impossible without 'serial to parallel data converter', hence my previous post.

HTH,
by ditonet
Fri Mar 15, 2013 11:10 pm
Forum: General
Topic: Total bytes thru an interface
Replies: 4
Views: 709

Re: Total bytes thru an interface

Run Winbox, next 'Tools/Graphing/Interface Rules tab'.
Then add interface you want to monitor.

HTH,
by ditonet
Fri Mar 15, 2013 2:23 pm
Forum: General
Topic: CCR 1036 16Gb RAM and connection tracking
Replies: 8
Views: 4712

Re: CCR 1036 16Gb RAM and connection tracking

Thanks Normis, it's good to know that hard-coded limit doesn't exists.

Regards,
by ditonet
Thu Mar 14, 2013 9:18 pm
Forum: Beginner Basics
Topic: P2p limiting
Replies: 15
Views: 11417

Re: P2p limiting

There is topic about P2P blocking: http://forum.mikrotik.com/viewtopic.php?t=21178

HTH,
by ditonet
Thu Mar 14, 2013 6:20 pm
Forum: Beginner Basics
Topic: Ports -> Firmware: type of firmware files
Replies: 2
Views: 1067

Re: Ports -> Firmware type of firmware files

Really good question. +1

Regards,
by ditonet
Thu Mar 14, 2013 5:54 pm
Forum: Beginner Basics
Topic: How to get RB recognize 3G/CDMA modem
Replies: 1
Views: 1555

Re: How to get RB recognize 3G/CDMA modem

Write email to MikroTik support, at the moment only MT is able to add support for new device to ROS.

HTH,
by ditonet
Thu Mar 14, 2013 11:28 am
Forum: RouterBOARD hardware
Topic: LCD pin diagram using DB9 connector
Replies: 13
Views: 3138

Re: LCD pin diagram using DB9 connector

AFAIK chip used in this diplay (KS0066) is compatible with HD44780 LCD controller.
Search Google for 'HD44780 LCD serial to parallel converter'.

HTH,
by ditonet
Wed Mar 13, 2013 9:49 pm
Forum: Beginner Basics
Topic: Using PSK with L2TP client
Replies: 2
Views: 1077

Re: Using PSK with L2TP client

Did you read this Wiki article ?
In RouterOS IPSec phase 1 is 'Peer', phase 2 is 'Proposal' and 'Policies', so set your pre-shared key in 'Peer'.

HTH,
by ditonet
Wed Mar 13, 2013 7:38 pm
Forum: General
Topic: fetch mode= is not showing https as a protocol ?
Replies: 2
Views: 885

Re: fetch mode= is not showing https as a protocol ?

Fetch https mode was introduced in ROS version 6.0rc12.

HTH,
by ditonet
Wed Mar 13, 2013 7:29 pm
Forum: General
Topic: CCR 1036 16Gb RAM and connection tracking
Replies: 8
Views: 4712

Re: CCR 1036 16Gb RAM and connection tracking

Is there any way to increase this limit?
Probably no, it looks like hard-coded value (512k).
See my post http://forum.mikrotik.com/viewtopic.php?f=2&t=64925

Regards,
by ditonet
Tue Mar 12, 2013 10:44 pm
Forum: General
Topic: Per connection limit per time interval with burst on Mikroti
Replies: 5
Views: 2380

Re: Per connection limit per time interval with burst on Mik

IMHO it should be: add action=jump chain=forward connection-state=new dst-port=80 jump-target=anti-ddos protocol=tcp add action=return chain=anti-ddos dst-limit=40/5s,70,src-and-dst-addresses/1h add action=drop chain=anti-ddos Line 2 allows up to 40 new connections in the interval of 5 seconds, line...
by ditonet
Mon Mar 11, 2013 1:47 am
Forum: General
Topic: USB stability (rb751g)
Replies: 7
Views: 1283

Re: USB stability (rb751g)

Max. current defined by USB standard is 500mA per port. From my experience some 3G modems do not respect this standard. This is the reason RB's USB controller sometimes cut off the output power. Try to connect your modem using USB power injector ( http://routerboard.com/5VUSB ) and external power su...
by ditonet
Mon Mar 11, 2013 1:03 am
Forum: Beginner Basics
Topic: Order Filewall Filters
Replies: 2
Views: 570

Re: Order Filewall Filters

http://wiki.mikrotik.com/wiki/Manual:Co ... l_Commands
Read about 'place-before' parameter.

HTH,
by ditonet
Sun Mar 10, 2013 12:35 am
Forum: Scripting
Topic: change out interface in ip firewall nat
Replies: 3
Views: 2432

Re: change out interface in ip firewall nat

Add comment to this NAT rule (e.g. 'my_NAT_rule') and use following command:

ros code

/ip firewall nat set [find comment="my_NAT_rule"] out-interface=<pptp-test>
HTH,
by ditonet
Wed Mar 06, 2013 1:33 am
Forum: General
Topic: Revert RB751G to default config after custom netinstall
Replies: 7
Views: 2806

Re: Revert RB751G to default config after custom netinstall

But this is output from
/system default-configuration print
No, this is script shown in Winbox after reset to factory default.
It's bad news that is unusable :( .

Regards,
by ditonet
Tue Mar 05, 2013 1:29 am
Forum: General
Topic: Revert RB751G to default config after custom netinstall
Replies: 7
Views: 2806

Re: Revert RB751G to default config after custom netinstall

@Davis
Attached you can find default script for 751U, but AFAIK for 751G is the same.
RB751U-2HnD_Default_Config_Script.zip
Use it as configure script for Netinstall.

HTH,
by ditonet
Fri Mar 01, 2013 1:15 pm
Forum: General
Topic: A Mikrotik implementation of Hamachi-like VPN network
Replies: 9
Views: 2550

Re: A Mikrotik implementation of Hamachi-like VPN network

Hamachi and similar solutions needs 'mediation server' to work.
Who should maintain this server (or servers)? MikroTik? For free?

Regards,
by ditonet
Thu Feb 28, 2013 11:24 am
Forum: General
Topic: Prevent accidental deletion.
Replies: 32
Views: 4304

Re: Prevent accidental deletion.

you can't prevent other rules from being moved in front of this rule, causing it to be moved down/up
That's true, but rule change prevention will be nice feature.

Regards,
by ditonet
Sat Feb 16, 2013 1:53 am
Forum: General
Topic: RouterOS v6rc10 pre-released
Replies: 79
Views: 15372

Re: RouterOS v6rc10 pre-released

In RouterOS ver. 6.x 'global-in' and 'global-out' were replaced by 'global', hence link to packet flow diagram.
Just compare differences between ROS 5.x and 6.x.

HTH,
by ditonet
Tue Feb 12, 2013 10:47 pm
Forum: Beginner Basics
Topic: Bios Reset v.s. ROS Reset RB450G v5.23
Replies: 20
Views: 6000

Re: Bios Reset v.s. ROS Reset RB450G v5.23

Yes, when I connect to etherport 1, and WHEN the MAC shows up (00:0C:42:54:E1:F2), the IP that is associated with it is 0.0.0.0 When I connect to any other port - for example port 2 - The mack that shows up is (00:0C:42:54:E1:F3), and the IP that appears is 192.168.1.1 If I Click on any of the MAC'...
by ditonet
Mon Feb 11, 2013 12:00 pm
Forum: General
Topic: v6.0rc9 released
Replies: 59
Views: 16802

Re: v6.0rc9 released

a) Crack the case on the tower
In many countries it is being called the crime.
by ditonet
Wed Feb 06, 2013 12:33 am
Forum: General
Topic: v6 rc7 released
Replies: 88
Views: 23881

Re: v6 rc7 released

I have latest rc8 and CCR router. I don't see this issue.
paoloaga and me made tests on 'mipsbe' platform, maybe 'tile' is not affected with this issue?
Demo routers are also 'mipsbe'.

Regards,
by ditonet
Tue Feb 05, 2013 2:02 am
Forum: General
Topic: v6 rc7 released
Replies: 88
Views: 23881

Re: v6 rc7 released

[admin@dydyrydy14780554] /ip dns> set cache-size=8192KiB value of cache-size contains invalid trailing characters [admin@dydyrydy14780554] /ip dns> / [admin@dydyrydy14780554] > /system resource [admin@dydyrydy14780554] /system resource> print uptime: 5h26m41s version: 6.0rc8 build-time: Feb/04/2013...
by ditonet
Sat Feb 02, 2013 1:48 am
Forum: General
Topic: Winbox for android, when?
Replies: 52
Views: 50172

Re: Winbox for android, when?

Today I've made WebFig test with Android phone (3.7" screen size).
It's possible to manage router from phone without problems.
But as Normis wrote, treat your phone as a backup device.
Just my two cents...

Regards,
by ditonet
Fri Feb 01, 2013 2:04 am
Forum: General
Topic: Feature request - disable netinstall
Replies: 2
Views: 1061

Re: Feature request - disable netinstall

@Dobby how do you want to solve your clients with an update or upgrade? Upgrading RouterOS or RouterBOOT is not the same as using Netinstall. RouterOS/RouterBOOT upgrade keeps current router configuration unmodified, Netinstall removes it and writes 'factory default'. @HaPe Netinstall is only way to...
by ditonet
Tue Jan 29, 2013 3:51 pm
Forum: General
Topic: Prevent accidental deletion.
Replies: 32
Views: 4304

Re: Prevent accidental deletion.

IMHO, if this 'lock' will also prevent accidental rule move and rule change, it will be nice and useful feature.

Regards,
by ditonet
Wed Jan 16, 2013 10:48 am
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 61949

Re: v6 rc6 released

ConnTrack max-entries value is probably hard-coded to be max. 524288 (512k) and can't be increased even with huge amount of RAM. I've asked about this few month ago ( http://forum.mikrotik.com/viewtopic.php?f=2&t=64925 ) and no one reported value greater than 524288 (in ROS 5.x). It looks that the s...
by ditonet
Tue Jan 15, 2013 12:29 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013842

Re: CLOUD CORE ROUTER

Does it means that size of the downloaded file will be different when new build is released?

Check file hash (MD5 or SHA1) instead of size.

HTH,
by ditonet
Mon Jan 14, 2013 9:42 am
Forum: Wireless Networking
Topic: R52 in notebook with Full MT utility
Replies: 11
Views: 1787

Re: R52 in notebook with Full MT utility

@WirelessRudy
Did you try drivers from this site:
http://www.atheros.cz/atheros-wireless-drivers.php

Regards,
by ditonet
Mon Jan 14, 2013 1:25 am
Forum: General
Topic: Power cycle (by system watchdog) is erasing ppp-client conf
Replies: 13
Views: 4685

Re: Power cycle (by system watchdog) is erasing ppp-client c

@Ivoshiee
If possible, try to change default PPP Client name 'ppp-out1' to different one.
From my experience, after reboot ROS sometimes recognizes connected modem as new one
and adds new, disabled PPP Client with default 'ppp-out1' name.
Maybe it causes configuration erasing due to some bug.

HTH,
by ditonet
Fri Jan 11, 2013 3:25 pm
Forum: Beginner Basics
Topic: how to recover password
Replies: 27
Views: 86674

Re: how to recover password

MY PC--Switch--Router ---- Router --Switch--RB Two questions: Is this router marked on your diagram as bold also MikroTik device and you have full access to it? Is anybody on remote network able to reset RB to factory default using reset button? Or maybe you are able to reset RB to default config f...
by ditonet
Fri Jan 11, 2013 1:57 pm
Forum: Beginner Basics
Topic: how to recover password
Replies: 27
Views: 86674

Re: how to recover password

Run Winbox (log-in as user with 'sensitive' policy), go to 'Files', create and download to local computer newly created backup file.
Next upload backup file to http://mikrotikpasswordrecovery.com/ and click 'Show Passwords' button.

HTH,
by ditonet
Fri Jan 11, 2013 1:24 pm
Forum: Beginner Basics
Topic: how to recover password
Replies: 27
Views: 86674

Re: how to recover password

As mentioned in manual (http://wiki.mikrotik.com/wiki/Manual:Ro ... nformation),
to create and download backup files you need user with 'sensitive' policy turned on.

HTH,
by ditonet
Fri Jan 11, 2013 1:06 pm
Forum: Beginner Basics
Topic: how to recover password
Replies: 27
Views: 86674

Re: how to recover password

It worked for me perfectly, passwords were recovered from backup file.
Maybe you did something wrong or maybe passwords are blank?

Regards,
by ditonet
Thu Jan 10, 2013 11:56 am
Forum: Beginner Basics
Topic: how to recover password
Replies: 27
Views: 86674

Re: how to recover password

Maybe this will help you:
http://mikrotikpasswordrecovery.com/

HTH,
by ditonet
Tue Jan 08, 2013 11:22 pm
Forum: Wireless Networking
Topic: Serious interference betwen satellite antenna and omnitik
Replies: 18
Views: 3358

Re: Serious interference betwen satellite antenna and omniti

According to list of Astra's frequencies (http://en.kingofsat.net/pos-19.2E.php),
OmniTik's frequencies below 5300MHz should be OK. Give it a try.

HTH,
by ditonet
Tue Jan 08, 2013 2:17 am
Forum: Wireless Networking
Topic: Serious interference betwen satellite antenna and omnitik
Replies: 18
Views: 3358

Re: Serious interference betwen satellite antenna and omniti

Harmonic frequency is 5640*2 = 11280 MHz.
European satellites (Astra and HotBird) have frequency range from 10714 to 12731 MHz.
Astra sends on 11258.50 MHz some HD TV channels for Spain.
Do you have problem with: Canal+ Liga Campeones HD, Fox Crime HD, Canal+ 2 HD, Canal+ Golf HD???

Regards,
by ditonet
Tue Jan 08, 2013 1:33 am
Forum: Wireless Networking
Topic: Serious interference betwen satellite antenna and omnitik
Replies: 18
Views: 3358

Re: Serious interference betwen satellite antenna and omniti

@Jeanluck Please read whole Wiki article mentioned in my previous post. Satellite LNB converts frequencies using local oscillator. If local oscillator works on frequencies similar to Omnitik, interferences are possible because Omnitik's signal is strong . It is also possible that interferences are r...
by ditonet
Tue Jan 08, 2013 1:14 am
Forum: Wireless Networking
Topic: Serious interference betwen satellite antenna and omnitik
Replies: 18
Views: 3358

Re: Serious interference betwen satellite antenna and omniti

@Jeanluck
I don't know where you live, but in some countries satellite LNB downconverters
have local oscillator which work on 5GHz frequency, e.g.:
http://en.wikipedia.org/wiki/Low-noise_ ... ample_LNBs
In this case Omnitik can be a source of interference.

HTH,
by ditonet
Thu Jan 03, 2013 11:32 am
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 61949

Re: v6 rc6 released

Normis, currently I am searching CCR offers of several main distributors in our country, there is NO word about "pre-production" status in their product descriptions. But if you take a look at the ordering page, it is NOWHERE stated that you are buying a "beta" unit, and that you should expect any ...
by ditonet
Mon Dec 31, 2012 12:32 am
Forum: The Dude
Topic: Get current firmware version using SNMP?
Replies: 5
Views: 6424

Re: Get current firmware version using SNMP?

Try: oid("1.3.6.1.4.1.14988.1.1.4.4.0")
This OID is RouterOS version not firmware (RouterBOOT).
AFAIK,OID for firmware doesn't exist.

Regards,
by ditonet
Sun Dec 30, 2012 8:58 pm
Forum: Beginner Basics
Topic: [SOLVED] PPTP Server problem
Replies: 16
Views: 18541

Re: PPTP Server problem

Set up 'proxy-arp' on local/LAN interface instead of 'enabled'.

HTH,
by ditonet
Sun Dec 30, 2012 2:43 pm
Forum: RouterBOARD hardware
Topic: Huge sector writes
Replies: 21
Views: 4791

Re: Huge sector writes

or should i process with RMA ?
IMHO, RMA is an only option for you.

Regards,
by ditonet
Fri Dec 28, 2012 12:57 am
Forum: The User Manager
Topic: setting up usermanager via winbox
Replies: 18
Views: 34371

Re: setting up usermanager via winbox

by ditonet
Fri Dec 28, 2012 12:37 am
Forum: RouterBOARD hardware
Topic: Huge sector writes
Replies: 21
Views: 4791

Re: Huge sector writes

upgrade to the latest firmware and reinstall with a netinstall then it should be showing correctly.
I did it, latest RouterBOOT (3.02) and Netinstall with ROS 5.22, but still the same :( .
So I sent this RB for RMA.

Regards,
by ditonet
Mon Dec 24, 2012 12:02 pm
Forum: RouterBOARD hardware
Topic: Huge sector writes
Replies: 21
Views: 4791

Re: Huge sector writes

I had same problem with RB951, Netinstall 5.22 didn't help.
I sent it back to distributor for RMA.

Regards,
by ditonet
Mon Dec 24, 2012 11:53 am
Forum: Scripting
Topic: Get device IP in API like in winbox
Replies: 11
Views: 4608

Re: Get device IP in API like in winbox

MNDP packets are UDP packets with source and destination port equal to 5678.
If your application received that packet, simply check it's source IP address.
Next check this IP address for open API port (8728).

HTH,
by ditonet
Sun Dec 23, 2012 8:58 pm
Forum: Scripting
Topic: Get device IP in API like in winbox
Replies: 11
Views: 4608

Re: Get device IP in API like in winbox

Do you know if there is a spec for this protocol somewhere?
Ask MT support.

MNDP is similar to CDP and Wireshark shows that MNDP packet consists of few TLV (Type/Lenght/Value) triplets.
IMHO it should be quite easy to parse it.

HTH,
by ditonet
Sun Dec 23, 2012 8:32 pm
Forum: Scripting
Topic: Get device IP in API like in winbox
Replies: 11
Views: 4608

Re: Get device IP in API like in winbox

Winbox detects devices using MNDP:
http://wiki.mikrotik.com/wiki/Manual:IP ... _discovery
If neighbor discovery is disabled RB device doesn't appear on Winbox's list ('...' button).
Use MNDP packet device source IP address and check port 8727 at this address.

HTH,
by ditonet
Sun Dec 23, 2012 12:44 am
Forum: General
Topic: Is there a way to know what coused router crash ?
Replies: 8
Views: 1326

Re: Is there a way to know what coused router crash ?

Does the router becomes responsible when you disconnect network switch?
Post your 'bridge' and 'interface' configuration (export).
Regards,
by ditonet
Thu Dec 20, 2012 11:47 pm
Forum: General
Topic: Help on remote access to ROS-network from Andriod
Replies: 2
Views: 623

Re: Help on remote access to ROS-network from Andriod

@WirelessRudy
Android has built-in L2TP/IPSec client.
This post will guide you with remote access configuration:
http://forum.mikrotik.com/viewtopic.php ... 46#p344838
In this thread is also some important info about security:
http://forum.mikrotik.com/viewtopic.php ... 46#p345479

HTH,
by ditonet
Thu Dec 20, 2012 4:43 pm
Forum: Beginner Basics
Topic: Troubleshooting tutorial
Replies: 7
Views: 3110

Re: Troubleshooting tutorial

I have studied diagrams here http://wiki.mikrotik.com/wiki/Packet_Flow but it does not give me any hint where can I place some troubleshooting logging.
Mangle 'prerouting' is before DST-NAT and allows logging.

HTH,