Community discussions

Search found 151 matches

by elgo
Fri May 24, 2013 6:03 pm
Forum: RouterBOARD hardware
Topic: OpenWRT for Routerboard
Replies: 10
Views: 14238

Re: OpenWRT for Routerboard

Some update: Lateste stable version, Attitude Adjustment, now works out of the box with the RB450G. I used this procedure twice with success, to migrate from rOS to OpenWRT (backfire then AA): http://blog.poettner.de/2011/05/27/openwrt-trunk-on-mikrotik-routerboard-411750/ The only negative point is...
by elgo
Tue Apr 23, 2013 4:08 pm
Forum: RouterBOARD hardware
Topic: RB450G Maximum speed problem
Replies: 6
Views: 2117

Re: RB450G Maximum speed problem

With OpenWRT, I benched it on a single threaded file transfert (repeatedly, and avoiding any cache effect), and I saw a real small loss in performance. But as for features and stability, it's not even comparable, if you see what I mean... As for 2011 board, I don't know. I know that 1100 though are ...
by elgo
Fri Apr 19, 2013 3:58 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 92164

Re: Feature Request: OpenVPN [ovpn] udp tunnels

what about offering a bounty for OpenVPN to Mikrotik? :-)
You mean like paying a second time for a "feature" you already bought? Mmmmmm... :?
by elgo
Fri Apr 19, 2013 3:29 pm
Forum: RouterBOARD hardware
Topic: RB450G Maximum speed problem
Replies: 6
Views: 2117

Re: RB450G Maximum speed problem

The RB450G is NOT a 5 ports gigabit router. It has 5 ports, yes, but hardware is totally different from what you might think: basically, there is only 2 Gb NICs, one on port 1, and one for the 4 other ports (a switch). +-----------+ +-----------+ | | eth0 | | | +-------+----------5+-Eth1 (POE) | | |...
by elgo
Tue Apr 02, 2013 4:21 pm
Forum: RouterBOARD hardware
Topic: mipsbe boards only allow max MTU of 1520???
Replies: 5
Views: 1980

Re: mipsbe boards only allow max MTU of 1520???

It is basically related to hadware switching chips.
And it is not the only hardware design flaw. Think about having 5 ports but only 2 real "gigabit" interfaces in the SoC of a RB450G...
by elgo
Mon Jan 14, 2013 11:59 am
Forum: General
Topic: OVPN on new versoins ROS 6.0 and 5.1...
Replies: 61
Views: 19749

Re: OVPN on new versoins ROS 6.0 and 5.1...

Can you please explain in a few words to us why mikrotik team does not wish to implement those features nevertheless they are requested by so many users on this forum for quite some time. Stubbornness. OpenVPN/UDP is the by far most requested feature on the forums and in the wiki and MT rather chos...
by elgo
Sat Jan 12, 2013 7:33 pm
Forum: General
Topic: OVPN on new versoins ROS 6.0 and 5.1...
Replies: 61
Views: 19749

Re: OVPN on new versoins ROS 6.0 and 5.1...

Why does everyone want OpenVPN? I've never, ever seen it used in enterprise. It's GRE with IPSec, or just ipsec tunnels. Please explain to me why it's such a wanted feature? :lol: Well, we live in different worlds, as it seems. I just implemented OpenVPN + Token TFA for a worldwide company 2 months...
by elgo
Thu Jan 10, 2013 5:07 pm
Forum: General
Topic: OVPN on new versoins ROS 6.0 and 5.1...
Replies: 61
Views: 19749

Re: OVPN on new versoins ROS 6.0 and 5.1...

Run openwrt on metarouter and set up ovpn from there. That would be the best you can currently do.
You mean the problems that plagued metarouter for months are finally fixed?
I can read there that's not the case.

"Might work" is not acceptable, in the tech world I live in.
by elgo
Thu Jan 10, 2013 1:00 pm
Forum: Beginner Basics
Topic: RB450, openwrt?? Does any know good direction?
Replies: 6
Views: 1631

Re: RB450G, OpenWrt Confirmed Operational!

I've finally installed OpenWrt, and wanted to guide any searchers to this detailed post. https://forum.openwrt.org/viewtopic.php?id=36946 Additionally my second RB450G was delivered! As previously indicated, once I got OpenWrt successfully installed, I'd be purchasing more of these routers. I'm run...
by elgo
Thu Jan 10, 2013 12:51 pm
Forum: General
Topic: OVPN on new versoins ROS 6.0 and 5.1...
Replies: 61
Views: 19749

Re: OVPN on new versoins ROS 6.0 and 5.1...

Christmas is over, no UDP this year either :)

Seriously, if you want a full featured openvpn server so badly on your devices, why not considering alternatives to rOS? Works great and stable.
by elgo
Tue Nov 20, 2012 5:21 pm
Forum: General
Topic: OpenVpn without user end password
Replies: 2
Views: 1071

Re: OpenVpn without user end password

Short answer: no, not with routerOS.
by elgo
Wed Nov 07, 2012 3:47 pm
Forum: RouterBOARD hardware
Topic: Why MIPS not ARM (mostly)?
Replies: 10
Views: 3571

Re: Why MIPS not ARM (mostly)?

by elgo
Wed Sep 26, 2012 2:32 pm
Forum: General
Topic: Mikrotik client OpenVPN
Replies: 8
Views: 4011

Re: Mikrotik client OpenVPN

Plus you can't do proper X509 certificate authentication, as routerOS wants login/pwd so badly.
I tried to implement openvpn server on RB for a hour or so, then I gave up. Took me 15 mins to get a linux ovpn server up, even less on openwrt.
by elgo
Fri Aug 24, 2012 1:04 pm
Forum: General
Topic: OpenVPN CRL [Certificate revocation list]
Replies: 12
Views: 7702

Re: OpenVPN CRL [Certificate revocation list]

Ok, good to know.
I still don't get a freakin bit of MT logic on their OpenVPN topic.
by elgo
Mon Aug 20, 2012 3:58 pm
Forum: General
Topic: Jumbo Frame problem in Bridge
Replies: 2
Views: 1086

Re: Jumbo Frame problem in Bridge

By any chance: have you the same results when you upload and download the file?
by elgo
Mon Aug 20, 2012 3:33 pm
Forum: General
Topic: OpenVPN CRL [Certificate revocation list]
Replies: 12
Views: 7702

Re: OpenVPN CRL [Certificate revocation list]

I've only seen a single post on CRL's for certificates in OpenVPN. [Or CRL's for any certificates anywhere for that matter] It appears there's no functional way to use CRL's in RoS. Is this still the case? --- If so, the only way to block a OpenVPN user is to change/delete their PPP secrets config,...
by elgo
Mon Aug 20, 2012 3:26 pm
Forum: RouterBOARD hardware
Topic: Difference in performance between Intel Core i7 and i5
Replies: 14
Views: 3941

Re: Difference in performance between Intel Core i7 and i5

depending on configuration, if you have a lot of interfaces, you can assign cores to interfaces and distribute load that way
How to assign selected core to work only with selected interface at MikroTik x86 machine?
Interesting question, waiting for the answer too.
by elgo
Tue Aug 14, 2012 4:06 pm
Forum: General
Topic: OpenVPN performance, throughput odd/bad.
Replies: 5
Views: 3542

Re: OpenVPN performance, throughput odd/bad.

The most probable explanation is that mikrotik implementation of openvpn tunneling software is, at least, deficient and slow while unmaintained for ages. Another one could be (to be confirmed) that an openvpn tunnel software is doing crypto computing in userland, while an ipsec implementation could ...
by elgo
Fri Jul 20, 2012 2:36 pm
Forum: General
Topic: linux in mikrotik
Replies: 3
Views: 689

Re: linux in mikrotik

Possible, but not very simple. For some RouterBOARD models there are ready made OpenWRT builds, check their site. Wrong. There is no "ready made" builds as no mikrotik hardware is "officially" supported by OpenWRT by now. If you have some luck, some models are in the "work in progress" state, and m...
by elgo
Thu Jul 19, 2012 3:25 pm
Forum: General
Topic: Generic performance optimisation topic
Replies: 1
Views: 505

Re: Generic performance optimisation topic

So no one knows how queueing works on rOS?
by elgo
Wed Jul 18, 2012 11:10 am
Forum: General
Topic: Feature Request: Clear Logs
Replies: 3
Views: 3837

Re: Feature Request: Clear Logs

The command is not more obvious, I agree. On the other hand, if somebody would log in with your password, you would not want them to clear the logs, you would want to know all activity of any potential security breach. I'm not sure you could rely on any "half-wanna-be-secure-like" feature on a devi...
by elgo
Mon Jul 16, 2012 3:58 pm
Forum: General
Topic: Generic performance optimisation topic
Replies: 1
Views: 505

Generic performance optimisation topic

Hi, It came up to my mind that there is no (at least, not yet) global or generic documentation about tuning routerboard/routerOS for optimal performance. For now, I'm considering queueing (even if I don't do any QoS on my router), because I accidentaly "discovered" ( in this topic ) some new queue t...
by elgo
Tue Jul 03, 2012 2:03 pm
Forum: RouterBOARD hardware
Topic: Is it possible to use SMB service for USB printer sharing?
Replies: 4
Views: 1811

Re: Is it possible to use SMB service for USB printer sharin

Not currently. SMB filesharing was only added recently, so who knows what the future holds, but with the proliferation of wifi capable printers, I don't think this feature would be a priority. Hey, you don't know, who thought files sharing feature would be implemented someday on routers in first pl...
by elgo
Thu Jun 21, 2012 11:40 am
Forum: General
Topic: About Mikrotik
Replies: 4
Views: 832

Re: About Mikrotik

Using MT products is only a viable option if you have required technical skills, have much time and are willing to do MT part of their job: testing and troubleshooting bugs (hoping for fixes of known bugs ("try next release" mantra) and finding out probable regressions). MT and routerOS are in all s...
by elgo
Tue Jun 19, 2012 12:00 pm
Forum: General
Topic: OpenVPN setup problems
Replies: 3
Views: 2223

Re: OpenVPN setup problems

OpenVPN is quite unsupported by MT, no matter what they say: support only parts of ovpn features (forcing use of settings that MT software recognize, that's not a definition of "interoperability"), no proper documentation (wiki page is a shame). It takes me 10 mins to get an openVPN linux server up ...
by elgo
Thu Jun 14, 2012 11:36 am
Forum: RouterBOARD hardware
Topic: ARM based RouterBoard
Replies: 24
Views: 13574

Re: ARM based RouterBoard

The benefit of specific platform support (RouterOS only works on X86 and RouterBOARD(TM)) is that we have control over hardware, and on RouterBOARD - the software is guaranteed to work. [ggnnnhh... can't help myself posting... after this....gnnh...] Well, that's the theory, isn't it? Real world som...
by elgo
Tue Jun 05, 2012 12:27 pm
Forum: General
Topic: RouterOS v5.17 released
Replies: 47
Views: 16872

Re: RouterOS v5.17 released

I cant't wait 2013-2014 so we could end up seeing FQDN as smtp "server" option. Oh yeah.
/tool e-mail send server=[:resolve smtp.gmail.com] ...
Totally irrelevant and useless.
Unless you think people usually fills this field with a random IP address for fun? :shock:
by elgo
Thu May 31, 2012 12:13 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 92164

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I used this tutorial http://blog.poettner.de/2011/05/27/open ... rd-411750/. Don't forget to move to Port 2 after flashing...
Missed this one - thank you, MartinEmrich!
+1, thank you.
by elgo
Thu May 31, 2012 12:10 pm
Forum: General
Topic: RouterOS v5.17 released
Replies: 47
Views: 16872

Re: RouterOS v5.17 released

What's new in 5.17 (2012-May-28 12:34):

*) tool email - added starttls option;
Hourrayh!!
1 year to implement this (at least, I had no routerOS device before...)
I cant't wait 2013-2014 so we could end up seeing FQDN as smtp "server" option. Oh yeah.
by elgo
Thu May 10, 2012 3:09 pm
Forum: General
Topic: Intregrating Anti Virus
Replies: 21
Views: 23703

Re: Intregrating Anti Virus

AV in a router is pointless.
Not if this router is storing files.
Oh wait... a router?
by elgo
Thu May 10, 2012 2:53 pm
Forum: General
Topic: NTP client in ntp package not working but built in client is
Replies: 37
Views: 28609

Re: NTP client in ntp package not working but built in clien

Just for fun, can you extract the configuration of the ntp server part too? /system ntp server print
I may recall some MT guy saying that ntp client without ntp package is a sntp client, and plain ntp client within ntp package.
by elgo
Mon Apr 16, 2012 2:35 pm
Forum: General
Topic: Feature request: NS in static DNS
Replies: 34
Views: 9537

Re: Feature request: NS in static DNS

Keeping it off topic in happyness and love of everyone :) Shouldn't buyers/customers decide if a router is supposed to be a "home router" or... a "networking router"? I mean, is there some distinction that should be made based upon the price the customer paid? If he paid too much, it's not a "home r...
by elgo
Mon Apr 16, 2012 12:32 pm
Forum: General
Topic: Feature request: NS in static DNS
Replies: 34
Views: 9537

Re: Feature request: NS in static DNS

I kind of want to be in the Mikrotik meeting where they decided to add Samba server and not fully functional NS. Just to hear how that conversation went.
:lol:
+1000000
by elgo
Mon Apr 16, 2012 12:27 pm
Forum: General
Topic: gmail with Mikrotik
Replies: 2
Views: 736

Re: gmail with Mikrotik

I'm using precisely a script to refresh periodically the IP address of smtp.gmail.com.
See: http://forum.mikrotik.com/viewtopic.php?f=2&t=60393

Don't forget karma ;)
by elgo
Mon Apr 16, 2012 12:16 pm
Forum: RouterBOARD hardware
Topic: Hardware suggestions for FTTH ISP
Replies: 8
Views: 6296

Re: Hardware suggestions for FTTH ISP

PPPoE over FTTH definitely isn't the norm.
BWAHAHAHA, tell that to Orange, french ISP, welcome to jurassic park telecom version :)
by elgo
Thu Mar 29, 2012 11:51 am
Forum: General
Topic: Effectiveness of a script policy? Scheduler policy?
Replies: 4
Views: 1316

Re: Effectiveness of a script policy? Scheduler policy?

OK, so as far as I can see, nobody uses "scheduler policy" or "script policy" features, because, let's try to guess, it's not working the way it's supposed to be? Because as it's not a widely used feature, so as it usually happens in MT world, regressions aren't detected before long and nobody cares...
by elgo
Thu Mar 29, 2012 11:40 am
Forum: RouterBOARD hardware
Topic: Upgrade to RB450G?
Replies: 9
Views: 2169

Re: Upgrade to RB450G?

I can only reach 20-24MB/s too. If these are megabytes than this IS gigabit performance since 24MB is 192 Mb/sec, and you can not get more than about 12 MB/sec on a 100Mb/s wire... 1/5 of the gigabit bandwidth, but anyway. Rofl, sure, sure, if you say so, it's "gigabit performance". 1/5 of gigabit....
by elgo
Tue Mar 27, 2012 1:02 pm
Forum: RouterBOARD hardware
Topic: Upgrade to RB450G?
Replies: 9
Views: 2169

Re: Upgrade to RB450G?

I have gotten much better performance from a 450G. How are you testing it? CIFS file transfert between a samba server and a client on 2 different interfaces (FW rules, server is in a DMZ), and some netcat raw tests (one session in listening mode and another as a "client": /dev/zero to generate pack...
by elgo
Mon Mar 26, 2012 12:53 pm
Forum: RouterBOARD hardware
Topic: Upgrade to RB450G?
Replies: 9
Views: 2169

Re: Upgrade to RB450G?

Without QoS (which seems power consuming too, from what you report) and optimized FW rules, I can only reach 20-24MB/s too. Not a problem for 100Mb/s WAN, but it is for LAN (far from "gigabit router" isn't it). Overclocking in a standard Mikrotik 450G case (no cooling at all) in not a option in my c...
by elgo
Mon Mar 26, 2012 12:48 pm
Forum: RouterBOARD hardware
Topic: RB450G problem - system,eror
Replies: 6
Views: 1641

Re: RB450G problem - system,eror

Last time i forgot to mention that i se at system - > resources that i have 0.1% (in 5.14) or 0.1 in 4.17 Bad Blocks i thik that's why it crash's. This is "normal", flash is almost never error free, even from start. Device should be able to deal with it, as do hard disk drives for ages now :) Thank...
by elgo
Fri Mar 23, 2012 1:10 pm
Forum: RouterBOARD hardware
Topic: RB450G problem - system,eror
Replies: 6
Views: 1641

Re: RB450G problem - system,eror

You could open it and have a look on you capacitors.
Beyond that... I have no idea, except watching serial console if you have some more explicit message before rebooting.
by elgo
Thu Mar 22, 2012 3:59 pm
Forum: General
Topic: Effectiveness of a script policy? Scheduler policy?
Replies: 4
Views: 1316

Re: Effectiveness of a script policy? Scheduler policy?

Maybe it's because it needs to "write" a value into the smtp variable.
I may have not been really clear: my script should need the "write" policy (it changes a parameter value), but it hasn't, and still behave like it has it (since the value is finally changed).
by elgo
Thu Mar 22, 2012 12:29 pm
Forum: General
Topic: uPNP
Replies: 1
Views: 1172

Re: uPNP

I have some issues too with this feature (<=v5.9), sometimes it seems like the upnp "deamon" in rOS is dead, I need to set it disabled and enabled again, to get upnp working again.
Sometimes I even see upnp disabling itself after a reboot. Don't know why.
by elgo
Thu Mar 22, 2012 12:16 pm
Forum: General
Topic: Email setting
Replies: 3
Views: 605

Re: Email setting

from my idea input the ip thats much better :) and much faster :D Quiet "short" point of view, aside being wrong (sending a mail, being "so much faster", really? That's a router, not a SMTP relay). FQDN should be possible, not only IP. But I guess that's not a high priority change in routerOS, comp...
by elgo
Tue Mar 20, 2012 2:08 pm
Forum: General
Topic: Effectiveness of a script policy? Scheduler policy?
Replies: 4
Views: 1316

Effectiveness of a script policy? Scheduler policy?

Hi, I just wrote a short script to refresh the SMTP server IP address from its FQDN (since routerOS won't access anything except an @IP...), and see something strange: script policy is "read,test", but it still can change email server setup when run directly from CLI... name="script-SMTPrefresh" own...
by elgo
Thu Mar 08, 2012 12:26 pm
Forum: General
Topic: IPv6: cannot ping across /112
Replies: 2
Views: 672

Re: IPv6: cannot ping across /112

What tool/command are you using to "ping"?
by elgo
Tue Feb 28, 2012 12:44 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 92164

Re: Feature Request: OpenVPN [ovpn] udp tunnels

eastern european developers can be vengeful bunch...
They may have no idea how angry future ex-consumers can cripple a business.
by elgo
Tue Feb 28, 2012 12:19 pm
Forum: Scripting
Topic: DNS-O-Matic update script problem
Replies: 4
Views: 1653

Re: DNS-O-Matic update script problem

Credentials as global variables... seriously?
Do you usually set your passwords as an environnement variable?
by elgo
Thu Feb 23, 2012 1:08 pm
Forum: General
Topic: Feature request: NS in static DNS
Replies: 34
Views: 9537

Re: Feature request: NS in static DNS

Oh well, SMB features are so higher level priority than DNS features for a router, you know... ahem.
by elgo
Wed Feb 22, 2012 12:21 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 92164

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I completly agree with you, MT should remove any mention on routerOS "supporting OpenVPN".
(like in official brochure: Point to point tunneling: OpenVPN,etc)
by elgo
Mon Feb 06, 2012 2:41 pm
Forum: General
Topic: upnp/dlna routing or natting
Replies: 2
Views: 3246

Re: upnp/dlna routing or natting

Hi, I had a deep look with a linux box as a router/FW, and I ended up with a "not possible" for uPnP/AV (I don't know for DLNA, never looked at it). Simply because one of the protocol involved (SSDP) is a pure *****. It uses dynamic ports: server try to connect to client on a port included in the cl...
by elgo
Mon Feb 06, 2012 2:30 pm
Forum: General
Topic: Trojan-Dropper.JS.Agent.fk on mikrotik or not?
Replies: 21
Views: 2622

Re: Trojan-Dropper.JS.Agent.fk on mikrotik or not?

this is not possible. we don't use webserver like other brands of routers. we have our own. it has no such (at least none that have been discovered by anyone) vulnerabilities. So many approximations in this quick reply. :/ "Your own webserver", what does it means? Forked long time ago from other op...
by elgo
Mon Jan 23, 2012 12:18 pm
Forum: General
Topic: RouterOS as OpenVPN client
Replies: 1
Views: 1024

Re: RouterOS as OpenVPN client

Don't switch from OpenWRT to routerOS for OpenVPN!
Read this forum, MT dropped OpenVPN support (missing features, no further development).
by elgo
Mon Jan 23, 2012 12:10 pm
Forum: General
Topic: v5.12 released
Replies: 144
Views: 25458

Re: v5.12 released

Reading 5.12 changelog and can't help thinking:
routerOS evolution: droped openVPN server support and added CIFS server... on a router... OMG! :shock:
...
Looking forward for OpenCL support in forthcoming releases. Half joking there.
by elgo
Wed Jan 18, 2012 11:38 am
Forum: Virtualization
Topic: RB450G + openwrt Metarouter strange problem
Replies: 221
Views: 76738

Re: RB450G + openwrt Metarouter strange problem

I just use MikroTik/ROS for testing and home usage and gave up all planned and realized productive installations. unfortunately, we already paid for mikrotik board, so why are you wondering about no support...? :( this isn`t good way to atract new customers, shame on you MT. i bought RB450G, it was...
by elgo
Mon Jan 16, 2012 11:51 am
Forum: General
Topic: Broken DNS
Replies: 5
Views: 3033

Re: Broken DNS

Maybe not the exact same problem, but I think actual DNS caching implementation needs some attention. Performance are really poor. For example, an HTTP request from an LAN host for a target that has it's DNS record cached by a 450G is taking typically 5 seconds.
by elgo
Mon Jan 16, 2012 11:44 am
Forum: General
Topic: v5.11 released
Replies: 173
Views: 44814

Re: v5.11 released

added support for unannounced products.
whats unclear about this sentence? you wanted us to publish the names of future products in a changelog?
I think, he wanted to say "Why do you release firmware for unreleased hardware?" :)
Exactly.
by elgo
Fri Jan 13, 2012 12:18 pm
Forum: General
Topic: v5.11 released
Replies: 173
Views: 44814

Re: v5.11 released

can you please update http://wiki.mikrotik.com/wiki/RouterBOOT_changelog for example RB433 now has RouterBoot v2.39 and on the web page there is still 2.37 as the last one described. Thank you in advance!! there are no public changes. added support for unannounced products. ... "No public changes" ...
by elgo
Thu Jan 12, 2012 11:58 am
Forum: Scripting
Topic: dynDNS Update Script
Replies: 158
Views: 109723

Re: dynDNS Update Script

dimdjd: so every minute you have data written on your flash. Bad. Better scripts exist for the same purpose.
by elgo
Wed Jan 11, 2012 11:41 am
Forum: General
Topic: intermittently loss on a RB450G interface
Replies: 3
Views: 626

Re: intermittently loss on a RB450G interface

i hope mikrotik sets a beta tester team, and testing the OS on many different hardware, including its own ROUTERBOARD, before releasing it to the public.
Kinda doing it M$ style, every MT user is a beta tester (especially those participating in this forum)...
by elgo
Wed Dec 28, 2011 11:42 am
Forum: RouterBOARD hardware
Topic: OpenWRT for Routerboard
Replies: 10
Views: 14238

Re: OpenWRT for Routerboard

Hi,

I see that 10.03.1 final version is out.
OpenWRT patches for Routerboad compatibility are now integrated or not yet?
by elgo
Wed Dec 28, 2011 11:22 am
Forum: General
Topic: client computer's name
Replies: 1
Views: 1143

Re: client computer's name

See "hostname" field: > ip dhcp-server lease print Flags: X - disabled, R - radius, D - dynamic, B - blocked # ADDRESS MAC-ADDRESS HOST-NAME SERVER RATE-LIMIT STATUS 0 192.168.10.1 00:30:18:AA:F5:0D srv_D... 1 192.168.0.1 F4:6D:04:59:2B:1D kraken srv_D... bound 2 192.168.0.2 1C:6F:65:C9:B8:B5 crabma...
by elgo
Wed Dec 28, 2011 11:14 am
Forum: RouterBOARD hardware
Topic: New hardware found, but is it better?
Replies: 6
Views: 1567

Re: New hardware found, but is it better?

We are building serious telecommunications networks!!!! We need reliable HW, not cheap Low LEGOs. *Ahem* (sorry by advance but) why using routerboard (many failures and hardware reliability issues) + routerOS (many bugs and software reliability issues) then? If you want serious networking, why not ...
by elgo
Mon Dec 19, 2011 12:18 pm
Forum: Scripting
Topic: dynDNS Update Script
Replies: 158
Views: 109723

Re: dynDNS Update Script

@Cris@usai.net:
Ugly workaround: add a temporary specific route to dyndns.org? :)
by elgo
Mon Dec 19, 2011 12:14 pm
Forum: RouterBOARD hardware
Topic: [ASK] RB450G vs Intel ATOM D945GCLF2(dual core)
Replies: 3
Views: 1681

Re: [ASK] RB450G vs Intel ATOM D945GCLF2(dual core)

Before using a 450G, I had a N330 dual core Atom with 4 NICs... There is no possible comparison, Atom is way faster (I can't believe I say that from an Atom CPU...) and can do much more than a routerboard without any hardware or software limit. I do hope they will bring affordable dual-core or even...
by elgo
Tue Dec 13, 2011 11:36 am
Forum: General
Topic: How to configure native vlan
Replies: 3
Views: 2081

Re: How to configure native vlan

Give an IP address to your ether2 interface? :)
by elgo
Tue Dec 06, 2011 1:10 pm
Forum: General
Topic: bad "Cable testing" results on routerboard ports
Replies: 7
Views: 1636

Re: bad "Cable testing" results on routerboard ports

Yes please, try some other boards. Depending on the results this can be interesting! (port flap / many Ethernet port issues) Mmmm, I noticed something: LEDs on etherports (green and orange ones) are less and less "bright" when going from ether1 to ether5. I mean, they seem to get like less current ...
by elgo
Wed Nov 30, 2011 12:10 pm
Forum: General
Topic: graphs deleted after reboot on v.5.0 / slow NTP sync
Replies: 52
Views: 15095

Re: graphs deleted after reboot on v.5.0 / slow NTP sync

What's new in 5.9 (2011-Nov-29 14:32):

*) ntp client - faster initial synchronization;
Sooooo, anyone who upgraded to report if graphs issue is finally resolved?
by elgo
Tue Nov 29, 2011 12:48 pm
Forum: General
Topic: UPnP and NAT-PMP
Replies: 13
Views: 6482

Re: UPnP and NAT-PMP

Would be a damn good idea.
by elgo
Tue Nov 29, 2011 12:44 pm
Forum: General
Topic: bad "Cable testing" results on routerboard ports
Replies: 7
Views: 1636

Re: bad "Cable testing" results on routerboard ports

they are weak, can't even work with 80-120m of good ftp cable, only at 10mbps. Al the 10$ switches work without problems. Try using http cable instead of ftp cable :) Seriously though, why are you trying to run cat5 more than 100m? 100m is the official max distance. Thanks for making this topic fun...
by elgo
Mon Nov 28, 2011 4:37 pm
Forum: RouterBOARD hardware
Topic: I need to reach a NAS in another room at maximum speed
Replies: 4
Views: 874

Re: I need to reach a NAS in another room at maximum speed

- can someone with experience in bonding tell me if balanced-rr improves performance with only one tcp connection? And how would you setup this? With a routerboard on one side and another one to the other side, next to your NAS? A bonding of different links with various speeds and latencies? Seems ...
by elgo
Mon Nov 28, 2011 4:30 pm
Forum: General
Topic: Did anyone tried AMD Zacate
Replies: 5
Views: 1219

Re: Did anyone tried AMD Zacate

For the time I used an Atom N330 with 4 NICs as a linux router, it wasn't struggling to route packet at gigabit speed with firewall rules on it.
With a 450G, it wont go past 30MB/s for the same network.

This is a totally different scale. 450G supposely consumes <10W, my old Atom N330 was 25W.
by elgo
Mon Nov 28, 2011 4:16 pm
Forum: General
Topic: bad "Cable testing" results on routerboard ports
Replies: 7
Views: 1636

Re: bad "Cable testing" results on routerboard ports

Sorry guys, I only have one unit, and I feel like there won't be another one any time soon :)
by elgo
Sun Nov 27, 2011 12:33 pm
Forum: General
Topic: bad "Cable testing" results on routerboard ports
Replies: 7
Views: 1636

bad "Cable testing" results on routerboard ports

Hi, I just tested the link layer with a PC host equiped with an Intel NIC. These NICs are able to report signal quality via driver's troubleshooting tools. I ran it when host is connected to a netgear switch, signal is reported to be good, good cable and good harmonic response. I then take the same ...
by elgo
Mon Nov 21, 2011 12:05 pm
Forum: General
Topic: OpenVPN - TCP
Replies: 8
Views: 1939

Re: OpenVPN - TCP

in v5.9, they fixed some conntrack bug with disappearing UDP packets - maybe it was among those stopping reasons, and now there's possibility to return to UDP OVPN? :lol: That would explain why my last "forwarding" bandwith test (a simple iperf) gave me 1MB/s UDP and 22MB/s TCP :D I won't lose time...
by elgo
Wed Nov 02, 2011 12:39 pm
Forum: General
Topic: Graphing
Replies: 4
Views: 627

Re: Graphing

See this long time known and unfixed issue: graphs deleted after reboot on v.5.0 / slow NTP sync
by elgo
Thu Oct 27, 2011 12:53 pm
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 67658

Re: RouterOS v5.7 released

i have problem in one of my x86 routers: it stops routing. It can be pingable, it can ping others routers, i can connect to it, reboot fix problem. Last time it happened i was unable create supout file beacause i have to fix it quickly. If it happens again i will create supout file. This exactly ha...
by elgo
Tue Oct 25, 2011 3:13 pm
Forum: General
Topic: OpenVPN why not support UDP ?!
Replies: 4
Views: 1064

Re: OpenVPN why not support UDP ?!

I'm still wondering if ovpn or ssh in routerOS are MT own implementation (then why?) or some weird port of some sort (forked back... when?).
by elgo
Tue Oct 25, 2011 3:05 pm
Forum: General
Topic: Minimizing writes to CF
Replies: 1
Views: 353

Re: Minimizing writes to CF

proxy? scripts?
by elgo
Fri Oct 21, 2011 11:01 am
Forum: RouterBOARD hardware
Topic: Jumbo frames 493g
Replies: 3
Views: 1140

Re: Jumbo frames 493g

@pakjebakmeel: interesting question.
@janisk: what piece of harware induce this limitation?
by elgo
Tue Oct 04, 2011 2:27 pm
Forum: General
Topic: RB450G Switch Configuration
Replies: 4
Views: 903

Re: RB450G Switch Configuration

I'm still thinking about some filtering somewhere, if you disabled FW personnal devices then... I would check your routerboard filter rules. I suppose VPN tunnel has it's own (sub)interface so must have it's own ruleset if you wanna some flow to enter your LAN?
by elgo
Tue Sep 27, 2011 11:02 am
Forum: General
Topic: RB450G Switch Configuration
Replies: 4
Views: 903

Re: RB450G Switch Configuration

Check firewall rules on each side of the VPN? On hosts you're testing from?
by elgo
Sat Sep 24, 2011 4:36 pm
Forum: RouterBOARD hardware
Topic: OpenWRT for Routerboard
Replies: 10
Views: 14238

Re: OpenWRT for Routerboard

took me quite a while to figure out and if somebody knows why I can't use "vlan0" on the switch than please write back Well, vlan ID 0 is sometimes not valid for a real VLAN configuration. It is sometime associated with "untagged' frames... although a real frame can be tagged with 0 as an ID... Jus...
by elgo
Sat Sep 24, 2011 2:03 pm
Forum: RouterBOARD hardware
Topic: OpenWRT for Routerboard
Replies: 10
Views: 14238

Re: OpenWRT for Routerboard

Mmmm, great news and thanks for proposing this release :)
Switch chip is manageable through cli too?

Did you managed to do some basic bench?
by elgo
Fri Sep 16, 2011 11:34 am
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 67658

Re: RouterOS v5.7 released

ssh - fix possible server crash when connection is interrupted; Is it me, or didn't I read this type of fix recently in a changelog of a previous release? :) ( some console and ssh crash related issue ) Nah, I'm not complaining, I just thought when reading this " hey, they fixed frontstab again ", ...
by elgo
Fri Sep 09, 2011 12:40 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 92164

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thank for bringing up a thread more than a year old. The answer was clear - We will not make new OpenVPN features. Yes, it was "clear" (not satisfying but not the point here :)) but in a general manner I'm wondering why you would "implement" this. What is the relation between openvpn server code in...
by elgo
Thu Sep 08, 2011 12:22 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 92164

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I don't like these kind of behaviour from MT crew when a user ask for a standard feature ("do you really need it? why won't you do something different like use this non-standard thing that we MT like?"). But what I hate beyond anything is bullsh..ing. OpenVPN hard to configure, really? Anyway, for u...
by elgo
Tue Aug 30, 2011 5:45 pm
Forum: Scripting
Topic: Dyndns script that DOESN'T write to flash every minute.
Replies: 8
Views: 3081

Re: Dyndns script that DOESN'T write to flash every minute.

OMG, there a PLENTY of dyndns variant scripts! Choose one which doesn't need a flash write for getting its address. # Set needed variables :local username "fiosdfhgsdfg" :local password "koikerterteroi" :local hostname "tertertger.dyndns.org" :local waninterface "pppoe-fibre" :local pingTarget 8.8.8...
by elgo
Tue Aug 30, 2011 12:17 pm
Forum: Scripting
Topic: [FAIL2BAN] add banned IP's to addr list on remote RouterOS
Replies: 13
Views: 9540

Re: Remote SSH commands

Well why didn't you say you could have fail2ban run an "unban" event. Well, I'm not the OP, I just joined the conversation :) /ip firewall address-list remove [find address=X.X.X.X list=remote_evilhosts] Owww, thank you very much, I was looking in /ip firewall filter section... @janisk: luckily fai...
by elgo
Fri Aug 26, 2011 12:42 pm
Forum: Scripting
Topic: [FAIL2BAN] add banned IP's to addr list on remote RouterOS
Replies: 13
Views: 9540

Re: Remote SSH commands

I'm also interested in making a (gentoo, what a coincidence :)) fail2ban server interact with a mikrotik router/firewall. I see how to add an address to a list, but not how to remove an address from a list. I only see how to remove a whole list. Basic Idea would not be to use any timeout on mikrotik...
by elgo
Thu Aug 25, 2011 2:38 pm
Forum: General
Topic: New Ethernet port flap issue enquiery, PLS JOIN!
Replies: 247
Views: 86094

Re: New Ethernet port flap issue enquiery, PLS JOIN!

post deleted, not related.
by elgo
Sun Aug 14, 2011 6:05 pm
Forum: Scripting
Topic: dynDNS Update Script
Replies: 158
Views: 109723

Re: dynDNS Update Script

Look on this forum or wiki, there are different versions of this script that get their IP adress by different means (static interface name specification, etc).
by elgo
Fri Aug 12, 2011 11:10 am
Forum: RouterBOARD hardware
Topic: [ASK] RB450G vs Intel ATOM D945GCLF2(dual core)
Replies: 3
Views: 1681

Re: [ASK] RB450G vs Intel ATOM D945GCLF2(dual core)

Before using a 450G, I had a N330 dual core Atom with 4 NICs... There is no possible comparison, Atom is way faster (I can't believe I say that from an Atom CPU...) and can do much more than a routerboard without any hardware or software limit. BUT, that's comparing oranges with apples, RB is 6W, do...
by elgo
Fri Aug 12, 2011 11:02 am
Forum: RouterBOARD hardware
Topic: can i install ROS into microSD on my RB433AH?
Replies: 19
Views: 3442

Re: can i install ROS into microSD on my RB433AH?

that will not happen, we have no plans to have multi-boot options. you can use MetaRouter for this purpose.
That's not gonna happen either, as metarouter users on 450G seems to have unsolved issues yet. :/
Plus, you don't have the benefit of having OS independant of each others.
by elgo
Thu Aug 11, 2011 12:16 pm
Forum: RouterBOARD hardware
Topic: can i install ROS into microSD on my RB433AH?
Replies: 19
Views: 3442

Re: can i install ROS into microSD on my RB433AH?

Besides, some people may want to install many OS on a routerboard (let's say like a legacy and a "stable" rOS version, or openWRT for example).
by elgo
Wed Aug 10, 2011 12:14 pm
Forum: General
Topic: v5.6 released
Replies: 91
Views: 20958

Re: v5.6 released

i've just updated to v5.6 yesterday, and now i got CPU resource load 100%. it's been hours like this [...] somebody help please before the router crash for overheating Seriously, what kind of help are you expecting with this post? :) Unless you do some proper support request with a supout file, I b...
by elgo
Tue Jul 12, 2011 11:21 am
Forum: General
Topic: graphs deleted after reboot on v.5.0 / slow NTP sync
Replies: 52
Views: 15095

Re: graphs deleted after reboot on v.5.0 / slow NTP sync

Is it sure it's a ntp "slowlyness" related problem? I mean, NTP, ok, but for what I've seen, graphes are deleted right when NTP sync occurs...
(NTP package installed)
by elgo
Thu Jul 07, 2011 2:08 am
Forum: General
Topic: NTP Client
Replies: 16
Views: 2614

Re: NTP Client

@petrn: thanks, great idea :)
by elgo
Mon Jun 27, 2011 10:23 pm
Forum: RouterBOARD hardware
Topic: Jumbo Frames: MIPS RB hardware support?
Replies: 13
Views: 7536

Re: Jumbo Frames: MIPS RB hardware support?

Thank you for this answer, Normis.
You are following chips evolution, pretty simple...
If 750GL (cheaper router if there is) has 4k, let's hope for a future generalisation of this on every other mips-be boards.
by elgo
Sat Jun 25, 2011 2:51 am
Forum: RouterBOARD hardware
Topic: Jumbo Frames: MIPS RB hardware support?
Replies: 13
Views: 7536

Re: Jumbo Frames: MIPS RB hardware support?

:shock: :lol: @Sanity: Because you don't use jumbo frame support on your routerboard means the world shouldn't? This feature is crucial, even you are using it too on your LAN... Moreover what you say doesn't make sense at all... Who would buy a 450G (1G) over a simple 450 (100Mb) only to share an in...
by elgo
Fri Jun 24, 2011 11:57 am
Forum: RouterBOARD hardware
Topic: Jumbo Frames: MIPS RB hardware support?
Replies: 13
Views: 7536

Jumbo Frames: MIPS RB hardware support?

Hi, When I discovered that my RB450G was hardware limited to 1500 MTU, I almost felt off my chair :). I bought a gigabit router, and I was stuck to 1500 MTU on my whole LAN because of it... When I discovered that all MIPS routerboard were ... waw. Actually only PPC routerboards don't have this incre...
by elgo
Fri Jun 24, 2011 11:43 am
Forum: General
Topic: upgrade to 5.5 failing
Replies: 7
Views: 1342

Re: upgrade to 5.5 failing

what log says about update?
Errr, isn't update output happening before routerOS even loads? I'm not sure there won't be any entry except on console itself.
Logs do get entered for upgrade error messages and are available once the router has fully booted.
Ok, thanks.
by elgo
Fri Jun 24, 2011 11:41 am
Forum: General
Topic: MT as L3 Switch?
Replies: 1
Views: 492

Re: MT as L3 Switch?

Be carefull, it's not really a level 3 switch, more a routeur with hardware switching capabilities on some chosen ports (number of hardware "L2 switch" you can have depending of the RB model). See the this wiki page: http://wiki.mikrotik.com/wiki/Switch_Chip_Features. It may be sufficient for some u...
by elgo
Thu Jun 23, 2011 4:00 pm
Forum: General
Topic: upgrade to 5.5 failing
Replies: 7
Views: 1342

Re: upgrade to 5.5 failing

what log says about update?
Errr, isn't update output happening before routerOS even loads? I'm not sure there won't be any entry except on console itself.
by elgo
Wed Jun 22, 2011 5:07 pm
Forum: General
Topic: RouterOS and e-mail of failed logins and other system info
Replies: 7
Views: 2749

Re: RouterOS and e-mail of failed logins and other system in

I'm still on V4.16, but I hear rumors that the "/tool e-mail" settings in V5.x has a tls setting. Negative: v5.4: /tool e-mail set address from password port user ADD: You don't need tls to send email to a gmail account. You need tls to relay email to a non-gmail account using your gmail account. Y...
by elgo
Wed Jun 22, 2011 2:45 pm
Forum: General
Topic: RouterOS and e-mail of failed logins and other system info
Replies: 7
Views: 2749

Re: RouterOS and e-mail of failed logins and other system in

That's why having the "tls=yes" parameter in the server declaration section would have been so usefull. Actually, it's only available on the "send" command line, so it wouldn't work in my case (gmail).
by elgo
Wed Jun 22, 2011 11:36 am
Forum: General
Topic: RB450G could not find switch chip features
Replies: 2
Views: 762

Re: RB450G could not find switch chip features

You mean, you have nothing there? /interface ethernet switch print Flags: I - invalid # NAME TYPE MIRROR-SOURCE MIRROR-TARGET SWITCH-ALL-PORTS 0 switch1 Atheros-8316 none none no
by elgo
Tue Jun 14, 2011 7:36 pm
Forum: RouterBOARD hardware
Topic: New Products
Replies: 188
Views: 28920

Re: New Products

The most useful stat is a higher MTU.
Is there any plan for a gigabit router (450G-like) supporting jumbo frames? I mean, seriously, a Gb network device that is limited to 1500 mtu :D
by elgo
Mon Jun 06, 2011 7:11 pm
Forum: General
Topic: graphs deleted after reboot on v.5.0 / slow NTP sync
Replies: 52
Views: 15095

Re: graphs deleted after reboot on v.5.0 / slow NTP sync

Anyone tried the new 5.4 and graphs? Do they still disappear?
I recently updated from v4.17 to v5.4 and still graphs resetted after each reboot of my 450G (NTP servers on internet, need pppoe interface to come up first).
by elgo
Mon Jun 06, 2011 6:59 pm
Forum: RouterBOARD hardware
Topic: Routerboard 450G temperature is way up there
Replies: 5
Views: 1540

Re: Routerboard 450G temperature is way up there

Hi, I was thinking about this just yesterday :) My 450G was operating @ 66-67°C for 3 days, when it suddently "rebooted" all by itself (and complained about a unclean shutdown sequence... O'Rly?!) I don't know if it's related, as I upgraded from v4.17 to v5.4 a couple of days before. The 450G docume...
by elgo
Wed Jun 01, 2011 6:40 pm
Forum: Scripting
Topic: tracking IP addr change: scripting best practices?
Replies: 1
Views: 858

Re: tracking IP addr change: scripting best practices?

Hmmmm, I made a slight change, I wonder if that could be the reason of the possible crash: /tool fetch user=$username password=$password mode=http address="members.dyndns.org" src-path="/nic/update?hostname=$hostname&myip=$currentIP" dst-p> I escaped the "?" character: /tool fetch user=$username pas...
by elgo
Wed May 25, 2011 3:13 pm
Forum: Scripting
Topic: tracking IP addr change: scripting best practices?
Replies: 1
Views: 858

tracking IP addr change: scripting best practices?

Hi, I'm relatively new to MT scripting. I got from this forum a dynDNS script that I adapted to be more flash compliant, but I still see it sometimes going "into a loop", I mean it doesn't end. Too bad when it happens because I then lost my MT device on the interweb :) (450G v4.17) Then I came to th...
by elgo
Thu May 12, 2011 1:16 pm
Forum: RouterBOARD hardware
Topic: RB450G bridging speed varies on ROS versions
Replies: 1
Views: 556

Re: RB450G bridging speed varies on ROS versions

These OS are very different, even only kernel change could explain it (different drivers). I would not enter the debate about v5 being stable or not, but it "may" not be fully mature yet by opposite to v4.17. I honnestly don't know, but I saw myself a small drop in routing perf between 2 hosts with ...
by elgo
Thu May 12, 2011 1:11 pm
Forum: RouterBOARD hardware
Topic: 450G Dead?
Replies: 14
Views: 3577

Re: 450G Dead?

Had two 450Gs give up the ghost, appears to be the same problem as in this thread. Any idea where to get 620uf/6.3V OS-CON? I can't seem to find any online. Alternatives? Look at this website and forums , lots of very valuable data ( like where to buy ), or soldering guides. I saved my 22" screen t...
by elgo
Thu May 12, 2011 1:05 pm
Forum: General
Topic: My RouterOS was hacked?
Replies: 13
Views: 2542

Re: My RouterOS was hacked?

Don't get surprise if you see bruteforce attack on port 22!
That's very common.
To leverage the problem, you can change the port to something else (let's say... why not 2222?), bots won't bother you anymore.

And ultimatly, use SSH keys authentication only (well, I stil have to do that myself ;))
by elgo
Mon May 09, 2011 5:29 pm
Forum: RouterBOARD hardware
Topic: RB450 Switch
Replies: 4
Views: 1191

Re: RB450 Switch

Still missing switch config, port config, port vlan config, etc.
by elgo
Sat May 07, 2011 5:48 pm
Forum: General
Topic: VLAN Header Priority
Replies: 1
Views: 407

Re: VLAN Header Priority

Yes, but only through the "interface ethernet switch rule". Which means you can set vlan-priority header only on frames entering a physical port of the switch.
by elgo
Sat May 07, 2011 5:37 pm
Forum: General
Topic: switching to routerboard, mcast problem
Replies: 4
Views: 1144

Re: switching to routerboard, mcast problem

Did this for a french ISP: enable multicast (after installing multicast.npk package on MT router) on the IPTV interface (which may be a bridge of the vlan from your ISP and the ethernet port you plug your IPTV media device in). Usually, people with same ISP as you have done similar setup with differ...
by elgo
Sat May 07, 2011 5:24 pm
Forum: RouterBOARD hardware
Topic: RB450 Switch
Replies: 4
Views: 1191

Re: RB450 Switch

need more info like version and config.
by elgo
Thu May 05, 2011 6:43 pm
Forum: General
Topic: WARNING upgrade 4.16->5.2
Replies: 1
Views: 698

Re: WARNING upgrade 4.16->5.2

Mmmmm, I was told this issue would be fixed in v5.1 when I pointed this out there (amongst other things): http://forum.mikrotik.com/viewtopic.php?f=2&t=50538

But I reverted back to 4.17 and never went to 5.x again after that, so I can't really help you :/
by elgo
Wed Apr 20, 2011 11:54 am
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

Re: RouterBoard: lvl 2 switching threatening lvl 3 security

Owww, I may have been so frightened by my previous "biased" tests I maybe didn't realized something: hardware switching isn't occuring at all unless master-port feature is used, and then occurs only within this defined virtual switch? So basically, no need to do port-vlan for isolating ether ports w...
by elgo
Wed Apr 20, 2011 11:30 am
Forum: General
Topic: Rb750G act as a layer 2 firewall like a netscreen or ASA?
Replies: 6
Views: 2224

Re: Rb750G act as a layer 2 firewall like a netscreen or ASA

Did you put a general drop rule at bottom of your list?
by elgo
Tue Apr 19, 2011 4:57 pm
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

Re: RouterBoard: lvl 2 switching threatening lvl 3 security

mmmm, I see. Thank you for this explanation sergejs. :) I then have 2 questions: Should "vlan-mode=secure" be considered as "best practice" or not? Ok, right now it may raise some problems on a routerboard, but I somehow fail to see how a security device could tolerate "fallback" setting (vlan hopin...
by elgo
Sun Apr 17, 2011 7:19 pm
Forum: General
Topic: [Fixed]ssh can not be enabled on RB450G with ROS 4.17
Replies: 3
Views: 1401

Re: ssh can not be enabled on RB450G with ROS 4.17

if it was true, what if I want to downgrade to 3.30,that many versions I have to do it one by one?
Sorry, I'm relatively new to routerOS, I don't know any version before 4.17, so I can't deduce some general tip from this.
by elgo
Sun Apr 17, 2011 4:55 pm
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

If you can make a setup without the UPNP variable which leaks broadcasts, I'll setup my router the exact same way for verification. I'll think bout this. Just to be clear as we possibly can: esstentially, setting the master port for certain ports, creates a 'mini-switch' containing only these ports...
by elgo
Sun Apr 17, 2011 11:09 am
Forum: Beginner Basics
Topic: RB450G configure 2 virtual switches
Replies: 5
Views: 1548

Re: RB450G configure 2 virtual switches

In case you don't know, bridge is processed @ cpu level, vlan switching is done by switch chip (dedicated hardware).
Performance issue should be obvious now.
by elgo
Sun Apr 17, 2011 11:04 am
Forum: General
Topic: [Fixed]ssh can not be enabled on RB450G with ROS 4.17
Replies: 3
Views: 1401

Re: ssh can not be enabled on RB450G with ROS 4.17

I had this problem (same hardware) when testing v5.x and going forth & back to v4.17. ssh service was declared invalid. One difference with you, IP range for clients wasn't limited for ssh. When rebooting with v4, I notice some message one console about ssh server keys being generated... each boot. ...
by elgo
Sun Apr 17, 2011 12:56 am
Forum: Beginner Basics
Topic: RB450G configure 2 virtual switches
Replies: 5
Views: 1548

Re: RB450G configure 2 virtual switches

Erk... And why not using vlans?
by elgo
Sun Apr 17, 2011 12:47 am
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

Re: RouterBoard: lvl 2 switching threatening lvl 3 security

I'll assume vlan 10 is your internal and bridge your external uPnP interface (strange, a bridge with an IP address? well ok :)) Then upnp multicast is send through vlan 10 interface. 2 points: is switch-all-ports=no? You see where I'm going in this case, no switching on ether1 at all :) Let's say sw...
by elgo
Sat Apr 16, 2011 3:50 pm
Forum: General
Topic: how to configure untagged vlan
Replies: 6
Views: 13609

Re: how to configure untagged vlan

At this very moment, I'm afraid you can't do that. Look for other posts from Jeroen1000, he got interested in the vlan management issue on a routerboard for a moment now. We are actually discussing this in another thread. I invite you to read the wiki page dedicated to "switching feature". In router...
by elgo
Sat Apr 16, 2011 3:40 pm
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

Re: RouterBoard: lvl 2 switching threatening lvl 3 security

I'll read this thoroughly. Looks like this may be an issue. Hmm ^^ Seeing I'm not a network specialiast or anything I'll voice some wild guess first thought. It is a bug and UPNP gets enabled on every interface? Can you also get normal broadcast traffic to show up on the TEST interface? Rough answe...
by elgo
Fri Apr 15, 2011 6:27 pm
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

Re: RouterBoard: lvl 2 switching threatening lvl 3 security

So, let me explain the "multicast" test, that points out that switching can be a security hole on a routerboard. I plug a host sniffing on ether5-TEST port. Neither this routerboard port nor the host do have IP address assigned to them on this segment. I do insert on top of my routerboard firewall r...
by elgo
Thu Apr 14, 2011 8:26 pm
Forum: General
Topic: Wake On Lan (magic packet) - how is it getting through?
Replies: 39
Views: 13956

Re: Wake On Lan (magic packet) - how is it getting through?

As for me, I would like to see "your" /interface ethernet switch print please.
# apr/14/2011 15:26:42 by RouterOS 5.1
/interface ethernet switch port
[...]
Fail :)
/interface ethernet switch print
and not
/interface ethernet switch port print
please :)
by elgo
Thu Apr 14, 2011 4:57 pm
Forum: General
Topic: Wake On Lan (magic packet) - how is it getting through?
Replies: 39
Views: 13956

Re: Wake On Lan (magic packet) - how is it getting through?

As for me, I would like to see "your" /interface ethernet switch print please.
by elgo
Thu Apr 14, 2011 2:49 pm
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

Re: RouterBoard: lvl 2 switching threatening lvl 3 security

In fact, I did read you post, I clearly remember this taged & untaged issue, Jeroen1000 :) I think that is was you are trying to say in the text I quote, but I'm not sure what exactly you are explaining there. You're right, after all we are talking about the same thing :) As for level 2, yes, I tota...
by elgo
Thu Apr 14, 2011 11:36 am
Forum: General
Topic: Backup over e-mail help?
Replies: 13
Views: 1934

Re: Backup over e-mail help?

smtp.gmail.com: don't forget to enable TLS (tls=yes)?
I wish this setting could be set in server section, and not each time an email has to be sent.
by elgo
Thu Apr 14, 2011 11:32 am
Forum: General
Topic: Wake On Lan (magic packet) - how is it getting through?
Replies: 39
Views: 13956

Re: Wake On Lan (magic packet) - how is it getting through?

Can you confirm that you have "switch-all-ports=yes"?
I may have an idea, that bothers me for a couple of time now.
by elgo
Wed Apr 13, 2011 6:54 pm
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

Re: RouterBoard: lvl 3 switch but how to control lvl 2 switc

After reading again MT switching documentation, I decided to conduct some more tests. I've enabled uPnP on LAN interface (declared as internal interface). So routeur is sending multicast packets to LAN zone. BUT I CAN SNIFF THEM ON TEST PORT! Yeah, right, as they are sent with a multicast MAC adress...
by elgo
Tue Apr 12, 2011 5:43 pm
Forum: General
Topic: RouterBoard: lvl 2 switching threatening lvl 3 security
Replies: 16
Views: 2820

RouterBoard: lvl 2 switching threatening lvl 3 security

Hi, I'm mainly using a RB 450G (v4.17 so far) as a firewall, with 4 defined security zones (each on a level 3 interface): WAN, DMZ, LAN, TEST. As I've 5 ports available, I've allocated 2 ports to LAN zone, by defining the first LAN port as master-port for the second LAN port. So this result in this,...
by elgo
Mon Apr 11, 2011 5:27 pm
Forum: General
Topic: OS v5.0 - VLAN bugs - No GO
Replies: 26
Views: 3834

Re: OS v5.0 - VLAN bugs - No GO

only 2 dynamic host in host table 1 in a ether interface (winbox desktop mac) and another on UNKNOWN interface (it may be this is the switch-cpu interface, but named (unknown)
Yeah, I'm thinking about this too, I observed that in v5.0.
by elgo
Sun Apr 10, 2011 2:46 am
Forum: General
Topic: OS v5.0 - VLAN bugs - No GO
Replies: 26
Views: 3834

Re: OS v5.0 - VLAN bugs - No GO

Is the VLAN-bug fixed now? I see no mention of it in the ROS 5.1 changelog. This bug is fixed. Currently it needs to be tested internally. This issue will be resolved in v5.1. No reference to the 2 bugs mentioned in my OP in 5.1 changelog , is it normal? Fixes were postponed to 5.2? those bugs shou...
by elgo
Sun Apr 10, 2011 1:55 am
Forum: General
Topic: RoS 5.0 fixed VLANs on bridge interface that did not work?
Replies: 2
Views: 450

Re: RoS 5.0 fixed VLANs on bridge interface that did not wor

It may refer to a problem in a previous 5.0RC version of routerOS.
by elgo
Sat Apr 09, 2011 7:16 pm
Forum: General
Topic: OS v5.0 - VLAN bugs - No GO
Replies: 26
Views: 3834

Re: rOS v5.0 - VLAN bugs - No GO

WARNING! Please DO NOT install 5.1 if you have Atheros-8316 switch chip in use! Board ssh communication stopped immediately after you type "interface ethernet switch p" (not able to write after to terminal) (issued on p as port or print, and h as host) (winbox works) Does this SSH problem only occu...
by elgo
Fri Apr 08, 2011 9:45 pm
Forum: General
Topic: RouterOS 5.0 is out!
Replies: 153
Views: 27259

Re: RouterOS 5.0 is out!

Torrent files seems to be "borked" at least for mipsbe architecture, mipsbe torrent is stalled @ 99%. "ALL" architecture torrent is fully available. BUT, if you take mipsbe files from "all" and tries to seed them in "mipsbe" torrent, you still haven't all files complete. Of course, files concerned a...
by elgo
Fri Apr 08, 2011 5:18 pm
Forum: General
Topic: OS v5.0 - VLAN bugs - No GO
Replies: 26
Views: 3834

Re: OS v5.0 - VLAN bugs - No GO

No reference to the 2 bugs mentioned in my OP in 5.1 changelog, is it normal?
Fixes were postponed to 5.2?
by elgo
Fri Apr 08, 2011 2:37 pm
Forum: General
Topic: downgrade version from 5 to 4.16
Replies: 3
Views: 1938

Re: downgrade version from 5 to 4.16

You need to use the netinstall to downgrade
Is it the only officially supported way to downgrade, or is it at least the safest?

Because I used to downgrade through "/system packages downgrade".
by elgo
Wed Apr 06, 2011 4:12 pm
Forum: General
Topic: Flash sucking CPU cycles
Replies: 25
Views: 7224

Re: Flash sucking CPU cycles

How does it come you have so many flash NAND access?
I tried to reduce NAND write to a minimum level on my own 450G (though no hotspot).
by elgo
Tue Apr 05, 2011 4:56 pm
Forum: General
Topic: OS v5.0 - VLAN bugs - No GO
Replies: 26
Views: 3834

Re: OS v5.0 - VLAN bugs - No GO

Hello! Krishteins: i received a mail from you about 3 weeks ago with same content. What is the state of this bug? This bug is fixed. Currently it needs to be tested internally. This issue will be resolved in v5.1. Thanks for this clear status report. Should I open a separate thread for the switch b...
by elgo
Mon Apr 04, 2011 6:33 pm
Forum: General
Topic: OS v5.0 - VLAN bugs - No GO
Replies: 26
Views: 3834

Re: OS v5.0 bugs still around - No GO

Well, after thinking a bit, there may not be any pppoe-client related problem, if it's simply VLAN management by cpu port which is deficient.
Both problems may have the same cause.
by elgo
Sun Apr 03, 2011 1:55 pm
Forum: General
Topic: OS v5.0 - VLAN bugs - No GO
Replies: 26
Views: 3834

OS v5.0 - VLAN bugs - No GO

Hi, My 450G is fully operationnal with 4.17. This are 3 problems that prevent my board to be operationnal on 5.0: cant modify switch-all-ports, answer is "mirror-source does not belong to switch", and "none" isnt recognized, so that if you define a valid interface there, you wont be able to "undo". ...