Community discussions

Search found 6257 matches

by janisk
Mon Dec 03, 2018 12:59 pm
Forum: General
Topic: IP > Cloud stuck on 'updating'
Replies: 10
Views: 641

Re: IP > Cloud stuck on 'updating'

people on long-term version will have to upgrade to the new long-term version.
by janisk
Mon Dec 03, 2018 12:24 pm
Forum: General
Topic: IP > Cloud stuck on 'updating'
Replies: 10
Views: 641

Re: IP > Cloud stuck on 'updating'

As the new IP Cloud implementation enters the bugfix-only stage, the old IP cloud will be disabled. Also, Old IP address will resurface only if you disable DDNS service. Also, before update, you can try to disable DDNS option in the old IP Cloud.
by janisk
Fri Nov 16, 2018 3:04 pm
Forum: General
Topic: How do you use ssh agent forwarding on the routeros ssh client?
Replies: 5
Views: 299

Re: How do you use ssh agent forwarding on the routeros ssh client?

use SSH ProxyCommand to set up SSH login to hosts that are behind the other SSH host.
by janisk
Mon Oct 29, 2018 12:15 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

ManagementVPN as such is not planned for now. The main reason is the security implications.
by janisk
Fri Oct 05, 2018 2:19 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

This actually is not related to the IP Cloud functionality anymore. For the IP Cloud Backup feature, it was important to be able to effortlessly upload the backup file and retrieve it afterwards. There is other stuff coming related to IP Cloud Backup in the future (regarding ease of access) however ...
by janisk
Tue Oct 02, 2018 1:34 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

not really, as restoring backup file will replace MAC addresses and EVERYTHING else. After that you can reset mac addresses of the interfaces on the router. But that is it.
by janisk
Mon Oct 01, 2018 1:38 pm
Forum: General
Topic: Cloud Backup
Replies: 6
Views: 618

Re: Cloud Backup

1) Backups are stored in Latvia
2) No 3rd parties
3) only aes-sha256 encrypted backup files are accepted
by janisk
Mon Oct 01, 2018 9:14 am
Forum: General
Topic: Weird outbound UDP traffic
Replies: 19
Views: 874

Re: Weird outbound UDP traffic

the default configuration is available on wiki.mikrotik.com and on all the routers it is possible to reset this configuration to the one you desire using Netinstall (when Netinstall is used to re-install software on the router it is possible to provide a new default configuration that will replace o...
by janisk
Fri Sep 21, 2018 3:39 pm
Forum: General
Topic: Weird outbound UDP traffic
Replies: 19
Views: 874

Re: Weird outbound UDP traffic

Anything from IP Cloud will be blocked by the firewall.
by janisk
Fri Sep 21, 2018 2:09 pm
Forum: General
Topic: Weird outbound UDP traffic
Replies: 19
Views: 874

Re: Weird outbound UDP traffic

I see two lines here: 1) a completely reset router should never send out anything without consent and configuration; there are defaults that are enabled, like time-zone detection. and other stuff that is not setting/saving any information about you anywhere 2) no setting should require a reboot. Th...
by janisk
Fri Sep 21, 2018 10:46 am
Forum: General
Topic: Weird outbound UDP traffic
Replies: 19
Views: 874

Re: Weird outbound UDP traffic

Also, the problem about disabling IP Cloud DDNS sending packets after disabled - it sent "remove my IP from DDNS" packets to IP Cloud servers. Also, if you print in that menu, it could trigger check - if DDNS is disabled check and if disabled - "delete my IP address" packet was sent once again - wil...
by janisk
Thu Sep 20, 2018 2:57 pm
Forum: General
Topic: Weird outbound UDP traffic
Replies: 19
Views: 874

Re: Weird outbound UDP traffic

UDP#15252 is everything related to cloud - Time-zone detection, time (if not set in SNTP/NTP), DDNS, backup management frames.
TCP#15252 is IP Cloud backup

Did some magic with PTR
by janisk
Thu Sep 20, 2018 8:56 am
Forum: General
Topic: Weird outbound UDP traffic
Replies: 19
Views: 874

Re: Weird outbound UDP traffic

Soon after the upgrade to v6.43.1 I DROP-OUTPUT output: in:(unknown 0) out:ether24, proto UDP, 192.168.255.252:38962-> 159.148.147.201 :15252, len 66 DROP-OUTPUT output: in:(unknown 0) out:ether24, proto UDP, 192.168.255.252:49614-> 159.148.172.251 :15252, len 66 $ host cloud2.mikrotik.com cloud2.m...
by janisk
Tue Sep 18, 2018 11:22 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

yes, 1 file slot per router and it is free for all the platforms that can use IP Cloud
by janisk
Tue Sep 18, 2018 11:02 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 252
Views: 40198

Re: v6.44beta [testing] is released!

https://forum.mikrotik.com/viewtopic.php?f=1&t=135603&p=687001#p687001 *) It is a requirement for the file to be encrypted - see update to backup file encryption, only the new kind is accepted by IP Cloud Backup *) if you save secure-download-key you can retrieve the file from another router *) inte...
by janisk
Tue Sep 18, 2018 10:40 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

Finally a change worth talking about 6.44beta9: !) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only); Some details: *) Only aes-sha265 encrypted files are accepted. *) If you save the secret-download-key, one will be able to download the backup file from another rou...
by janisk
Fri Sep 14, 2018 9:53 am
Forum: General
Topic: IP Cloud
Replies: 113
Views: 60638

Re: IP Cloud

How-to change dns name my mikrotik? It's need for secure access. Dns name my mikrotik has been know other people. Very need help!
if you have your own DNS, you can use router FQDN as a CNAME entry and configure your services to reply to your proper name and ignore the rest.
by janisk
Tue Sep 11, 2018 10:15 am
Forum: General
Topic: Question: Howto get IPv6 DDNS working on 6.43 cloud service
Replies: 5
Views: 398

Re: Question: Howto get IPv6 DDNS working on 6.43 cloud service

for IP Cloud to get your external IPv6 address it has to have a connection to cloud2.mikrotik.com via IPv6. *) you block in fireall cloud2.mikrotik.com IPv6 addresses (that is not that good, because IPv6 still could be used for DNS requests and ns1 and ns2 for ddns names uses same IP addresses. *) Y...
by janisk
Mon Sep 10, 2018 3:44 pm
Forum: General
Topic: Question: Howto get IPv6 DDNS working on 6.43 cloud service
Replies: 5
Views: 398

Re: Question: Howto get IPv6 DDNS working on 6.43 cloud service

you can check now if your router has updated AAAA entry properly.
by janisk
Wed Aug 15, 2018 11:22 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

Currently, there are no plans to bring it to the x86 platform.
by janisk
Fri Aug 10, 2018 11:53 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

Please explain what that would solve? If you have several routers - they all are eligible for the IP Cloud address.

edit: If you have a company and want all routers under same "umbrella", then you can create CNAME entries in your local DNS server for your domain.
by janisk
Wed Aug 08, 2018 12:33 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

coming to the router near you soon:
$ host <serial>.sn.mynetname.net
<serial>.sn.mynetname.net has address 192.168.88.1
<serial>.sn.mynetname.net has IPv6 address 2001:db8:1337:beef::ada
by janisk
Tue Aug 07, 2018 8:23 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Output chain questions
Replies: 7
Views: 723

Re: Output chain questions

ICMP type 3 code 0:
Type 3 - Destination Unreachable
code 0 - Net Unreachable
by janisk
Mon Aug 06, 2018 3:50 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Output chain questions
Replies: 7
Views: 723

Re: Output chain questions

most probably you still have time-zone detection still enabled on your router and that is causing the connection to the cloud.mikrotik.com or 159.148.147.201:15252 (UDP). IP Cloud has these services: *) DDNS - assign domain name to dynamic IP *) auto-time - approximate time so logs make sense when y...
by janisk
Tue Jul 10, 2018 9:57 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

There are some not so clear scenarios. However, in your secnario if your IPv4 fails and router still has connectivity via IPv6 - in about 60 seconds router will register IPv6 address as cloud address and $host command will suddenly return IPv6 AAAA entry. edit: I have some more scenarios in my head ...
by janisk
Wed Jul 04, 2018 11:33 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

Had to make some limitations for whom IP-Cloud is available on CHR. Now that we can auth your CHR you can have the domain and other goodies that are available and ones that are coming down the pipe.
by janisk
Thu Jun 28, 2018 12:21 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

Actually this would put the mikrotik in the middleman role. It has to be considered as unsafe. I understand that some people do not care about it, but I rather build my own management network instead of rely on services that I cannot control and that can do whatever I do not know what above what th...
by janisk
Wed Jun 20, 2018 2:34 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

When you have your own DNS, why would you bother with something like "IP cloud"? You can make the router update your own DNS directly. The usability of something like "IP cloud" is for those that want something like this without doing the work themselves. it is all about ease of use. Just check the...
by janisk
Wed Jun 20, 2018 12:26 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

@janisk: I have multiple Clients with IKEv2 Server with RSA (Certificates). Those Certificates are made with ddns hostname (7dgfdghgssaa1.sn.mynetname.net) from IP Cloud.will the hostname remain the same. If not I have a big problem since I have to reissue all certificates to users on multiple site...
by janisk
Fri Jun 15, 2018 11:19 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

Re: New IP cloud is coming.

To give more authoritative weight behind some excellent answers given by other users: 1) do not put RC in production - all new features come to RC, then get into current and only then it is placed into bugfix. 2) backwards compatibility was considered and then removed. So no, to use this, you will n...
by janisk
Tue Jun 12, 2018 3:22 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 14669

New IP cloud is coming.

Starting since 6.43rc21 new ip-cloud implementation is available for the first adopters. The feature set for now is the same as in older versions however that is about to change. It has improvements in security, responsiveness and expandability. Current upgrade path: 1) disable ip-cloud /ip cloud se...
by janisk
Tue Jun 12, 2018 2:46 pm
Forum: General
Topic: problems resolving IP Cloud addresses
Replies: 13
Views: 858

problems resolving IP Cloud addresses

On 12th of June surfaced some problems with nameservers as 3-month-old entries started to propagate through the global DNS servers. If you try to resolve ns1.kissthenet.net and ns2.kissthenet.net and as a result, you get 91.188.51.139 or 81.198.87.240 these are old addresses and get wrong IP address...
by janisk
Fri May 25, 2018 12:37 pm
Forum: General
Topic: Can't get DNSv6 from SLAAC
Replies: 27
Views: 1828

Re: Can't get DNSv6 from SLAAC

To clear some things up: Full DHCPv6 is coming. sorry no ETAs, now with this out of the window. Windows in any form do not support DNS via RA (or SLAAC) you can do whatever you want - MS Windows will not take the address in the advertisement. That is why at the time DHCP-PD server was made to answer...
by janisk
Fri Nov 17, 2017 12:30 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 58766

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

Why Wireless tab is showing into this device, when this device dont have wireless at all ? Pls remove it from menu, its useless.

RoS 6.40.5
it is perfect router to serve as CAPsMAN for a small home network (my case) or small office. As I use APs with reduced TX power to limit self-interference.
by janisk
Mon Nov 06, 2017 11:30 am
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 20375

Re: v6.40.4 [current]

Consult with your ACS provider if they are thinking of fixing the issue of special characters in hostnames, such as spaces. Also, it could be useful if you could sniff the exchange to see what exactly is sent to your ACS and send that to support.
by janisk
Thu Sep 21, 2017 2:11 pm
Forum: Forwarding Protocols
Topic: How to use IPV6
Replies: 4
Views: 1854

Re: How to use IPV6

also, PPPoE is not strictly necessary. In RouterOS you can use DHCPv6-client to acquire the prefix and/or address for clients.
by janisk
Tue Sep 12, 2017 11:02 am
Forum: Scripting
Topic: /export without line wrap?
Replies: 11
Views: 3130

Re: /export without line wrap?

No, output to file cannot be changed. Even with login parameters set.
by janisk
Thu Aug 31, 2017 1:03 pm
Forum: RouterBOARD hardware
Topic: CCR Port Failures
Replies: 2
Views: 442

Re: CCR Port Failures

ports failing on their own is not normal. Please check if you have proper grounding for the router/cables, equipment.
by janisk
Mon Aug 28, 2017 2:43 pm
Forum: General
Topic: IPv6 and DHCP and DNS
Replies: 65
Views: 8434

Re: IPv6 and DHCP and DNS

aren't you talking about these flags in RA configuration in RouterOS? managed-address-configuration=no other-configuration=no there are places where SLAAC is good and should be used. While as an example here - in a corporate network - DHCPv6 is a must. Deploying to end user, however, is IMHO a SLAAC...
by janisk
Mon Aug 28, 2017 2:28 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: REST API v7 Make Our Day ! +1 it Please
Replies: 17
Views: 4272

Re: REST API v7 Make Our Day ! +1 it Please

only offical code is the API client for Python 2. I can expand on how to use that particular client. And list limitations for API commands as such. All the rest, as described by boen_robot, indeed applies to implementers of the actual code. In this case - the REST API would be just a library/an inte...
by janisk
Fri Aug 18, 2017 12:38 pm
Forum: General
Topic: Does this violate RFC?
Replies: 17
Views: 1638

Re: Does this violate RFC?

As far as I remember about DNS - there is an optional thing, not the requirement, to respond to queries with the same capitalization as the request, while the lookup is done using query forced to lower case. There is such feature request filed for "/ip dns". one thing about that lock - I do not real...
by janisk
Wed Aug 16, 2017 3:33 pm
Forum: General
Topic: How to re install CHR on Amazon AWS?
Replies: 1
Views: 332

Re: How to re install CHR on Amazon AWS?

make a new instance, transfer the license to new from old instance. You can easily do that on your account in CHR licensing section.
by janisk
Wed Aug 16, 2017 2:04 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: REST API v7 Make Our Day ! +1 it Please
Replies: 17
Views: 4272

Re: REST API v7 Make Our Day ! +1 it Please

TL;DR REST or any other thing changed will not change the limitations that are brought by RouterOS. Limitations in current RouterOS API are not something artificial or on purpose - those are technical limitations on what can be done at all. Commands that require user sessions like telnet, mac-telnet...
by janisk
Fri Jul 14, 2017 4:02 pm
Forum: General
Topic: My IPv6 Triage List for ROS
Replies: 45
Views: 3402

Re: My IPv6 Triage List for ROS

Pe1chl, proximus and ZeroByte - differences noted. now let us see what can be done about them.
by janisk
Thu Jul 13, 2017 12:45 pm
Forum: General
Topic: My IPv6 Triage List for ROS
Replies: 45
Views: 3402

Re: My IPv6 Triage List for ROS

forum.mirkotik.com has the IPv6 address for several years now.

regarding CHR - we will look into it.

About from-pool - what it is missing when comparing to the ip-token?
if you add IPv6 address like this

Code: Select all

/ipv6 address add address=::1ee7:t00c:ee/64 from-pool=some-pool interface=lala
by janisk
Mon Jul 03, 2017 10:00 am
Forum: General
Topic: IPv6 and DHCP and DNS
Replies: 65
Views: 8434

Re: IPv6 and DHCP and DNS

To chime in thins great discussion on IPv6: First sorry for the "fixed in v7", but this is all we have at the moment. Second more on point about IPv6 features in RouterOS: *) Use CHR to test tings out with minimal investment (like hardware to run GNS3 or anything else capable running CHRs) actually ...
by janisk
Thu Jun 29, 2017 3:54 pm
Forum: Virtualization
Topic: CHR - purchased license not applying on router
Replies: 12
Views: 1211

Re: CHR - purchased license not applying on router

as andrys wrote - just write to the support as they will be able to check all the details and resolve the issue.
by janisk
Thu Jun 29, 2017 11:54 am
Forum: RouterOS v6 RC and v7 BETA
Topic: IPv6 Ping does not work with domain names
Replies: 34
Views: 19890

Re: IPv6 Ping does not work with domain names

the problem will go away when IPv6 is set as a preferred option for the :resolve command and elsewhere where RouterOS attempts to resolve a hostname to IP address. When forced the :resolve command is returning the IPv6 address, hence the workaround of /ping [:resolve ipv6.only.domain] is working.
by janisk
Wed Jun 28, 2017 3:56 pm
Forum: General
Topic: IPv6 /127
Replies: 13
Views: 2731

Re: IPv6 /127

Any address with /127 mask is not working. Also, there is no good reason to use that.
by janisk
Wed Jun 28, 2017 3:53 pm
Forum: Virtualization
Topic: Google Compute Engine
Replies: 18
Views: 3873

Re: Google Compute Engine

We need newer kernel - so v7, sorry. Without the kernel, we do not have critical KVM/VirtIO stuff required for the Google service. As that code that we needed to backport relies on features available in the newer kernel.