Community discussions

MUM Europe 2020

Search found 134 matches

by MadEngineer
Thu Nov 22, 2018 12:00 am
Forum: Beginner Basics
Topic: Devices can't Ping each-other on local network
Replies: 2
Views: 706

Re: Devices can't Ping each-other on local network

what's the arp setting on your bridge
by MadEngineer
Mon Nov 20, 2017 11:44 am
Forum: Wireless Networking
Topic: BIG BUG- Unicast key exchange timeout
Replies: 120
Views: 95155

Re: BIG BUG- Unicast key exchange timeout

I came across this issue a wee while back. Problem was a single Android mobile phone kept generating this error on a Mikrotik AP while other devices were fine. Cause was another Mikrotik connected to the AP but with a very low signal.
by MadEngineer
Thu Oct 12, 2017 1:37 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 27380

Re: v6.40.4 [current]

Problem with SSTP. RB2011 here. I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool. After downgrade t...
by MadEngineer
Sat May 14, 2016 7:25 am
Forum: General
Topic: Problems with one WiFi Client
Replies: 4
Views: 1862

Re: Problems with one WiFi Client

Try other authentication types/ciphers in your security profile
by MadEngineer
Sat Apr 23, 2016 3:37 am
Forum: Scripting
Topic: Detect new WiFi connection event
Replies: 3
Views: 2499

Re: Detect new WiFi connection event

you could do something like a scheduled check of ( [ /interface wireless registration-table find where mac-address=$"mac_alert" ] ) and /tool fetch $"url_alert"

Hotspot also has an on login/on logout script function in the user profile
by MadEngineer
Tue Feb 02, 2016 2:12 am
Forum: Beginner Basics
Topic: 951g-2hnd - how to reset
Replies: 6
Views: 1839

Re: 951g-2hnd - how to reset

Winbox via MAC is last resort only. Yes to your question. You'll have more luck if you turn off the uptime/memory etc and close all sub-windows. Turn off load previous session It's as if communicating via mac cannot handle the data flow required and it just times out - especially for example on the ...
by MadEngineer
Sat Jan 30, 2016 8:37 am
Forum: Beginner Basics
Topic: 951g-2hnd - how to reset
Replies: 6
Views: 1839

Re: 951g-2hnd - how to reset

I've always found that once I've configured a Mikrotik connecting to it with MAC is unreliable
by MadEngineer
Fri Jan 29, 2016 2:18 am
Forum: General
Topic: Gigabit NAT?
Replies: 2
Views: 602

Re: Gigabit NAT?

Would need to wait for the RB3011UiAS-2HnD-IN
by MadEngineer
Thu Jan 28, 2016 9:21 pm
Forum: General
Topic: Gigabit NAT?
Replies: 2
Views: 602

Gigabit NAT?

So what devices can push Gigabit NAT? I'm of the impression that none of the SOHO range can and you'd need to go for a CCR.

Gigabit fibre is becoming more readily available.
by MadEngineer
Sun Aug 16, 2015 9:47 am
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 144323

Re: FastTrack - New feature in 6.29

Why do I have the "special dummy rule" duplicated three times in Mangle?
by MadEngineer
Thu Jul 09, 2015 12:24 am
Forum: Announcements
Topic: hAP lite
Replies: 392
Views: 169207

Re: hAP lite

Image

Runs for hours off a cell phone charging battery pack
by MadEngineer
Wed Jul 01, 2015 2:36 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 144323

Re: FastTrack - New feature in 6.29

Curious if anyone with battery/solar powered routers with this function enabled have any power usage data to share
by MadEngineer
Thu Jun 18, 2015 2:24 am
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 34498

Re: Dual band AP for home use, SSID same or different?

perhaps as a default and based on above comments, present the two bands as two radios in the quick set, but provide a tick box for band steering that puts them on the one ssid with whatever steering method applied.
by MadEngineer
Wed Jun 17, 2015 1:50 pm
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 34498

Re: Dual band AP for home use, SSID same or different?

That's the idea, but you may not want to blindly kick them off if the signal on the other frequency is worse again. The AP needs to know if a connecting device is dual-band. This could already be done by with a script that builds a list of MAC address of connecting devices that if at any stage they ...
by MadEngineer
Wed Jun 17, 2015 1:30 pm
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 34498

Re: Dual band AP for home use, SSID same or different?

I'd like to see band steering done in the device through some sort of access list rules. This would allow you to set the steering based on signal strength etc
by MadEngineer
Wed Jun 10, 2015 1:59 pm
Forum: General
Topic: DHCP client wont release/renew apon ether link up event
Replies: 3
Views: 766

Re: DHCP client wont release/renew apon ether link up event

Ticket#201506056600​0311 raised with response.
by MadEngineer
Tue May 26, 2015 2:28 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1445

Re: Mikrotik PPTP config.

Input is for data sent to the router Output is for data generated by the router Forward is for data generated by devices communicating through the router. For your pptp service you only need to accept input for pptp traffic, which you have claimed to have done already - this will be enough. PPTP is ...
by MadEngineer
Tue May 26, 2015 12:48 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1445

Re: Mikrotik PPTP config.

Any increasing counts on your drop firewall rules while you try to connect? and I don't see any accept rules? Is that export correct?
by MadEngineer
Tue May 26, 2015 12:16 pm
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1445

Re: Mikrotik PPTP config.

^ No.

What are you seeing in your log when you try to connect? Are any of the drop firewall rules generating traffic (packets/bytes) when you try to connect?

Also I suggest you don't use PPTP and instead follow this guide:
https://www.nasa-security.net/mikrotik/ ... ith-ipsec/
by MadEngineer
Sat May 23, 2015 11:01 am
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 144323

Re: FastTrack - New feature in 6.29

Wow good news, thanks
by MadEngineer
Sat May 23, 2015 10:28 am
Forum: Beginner Basics
Topic: Mikrotik PPTP config.
Replies: 11
Views: 1445

Re: Mikrotik PPTP config.

http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for...
by MadEngineer
Sat May 23, 2015 10:23 am
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 144323

Re: FastTrack - New feature in 6.29

Have another device strip the tagging?
by MadEngineer
Fri May 22, 2015 7:16 am
Forum: General
Topic: DHCP client wont release/renew apon ether link up event
Replies: 3
Views: 766

Re: DHCP client wont release/renew apon ether link up event

That's not a fix and I don't have control over the DHCP server as I'm not the service provider
by MadEngineer
Fri May 22, 2015 4:04 am
Forum: General
Topic: DHCP client wont release/renew apon ether link up event
Replies: 3
Views: 766

DHCP client wont release/renew apon ether link up event

Upgrade your routerOs to 5.10 or higher to fix this bug. What's new in 5.10 (2011-Dec-09 11:49): *) snmp - provide extended interface statistics when availabe; *) dhcpv6 client - use link-scoped multicast address; *) dhcp client - renew dhcp lease on ethernet link up event; *) ipv6 gre tunnel added...
by MadEngineer
Wed May 20, 2015 10:10 am
Forum: Announcements
Topic: hAP lite
Replies: 392
Views: 169207

Re: hAP lite

It seems like a nice Router. Having RouterOS with such a low price is tempting which leads me to buy this very soon. But before buying it, I wanted to ask few questions from those who have it already: 1. My main purpose for buying it is using "hot spot" functionality. I saw npk packages available f...
by MadEngineer
Wed Apr 29, 2015 9:55 am
Forum: General
Topic: IPv6 on pseudobridge not working?
Replies: 4
Views: 721

Re: IPv6 on pseudobridge not working?

I don't want to use an ipv6 dhcp server on my lan as ipv6 is already working fine with stateless. The border router is currently creating a pool from this, and this works to the LAN devices. I am dynamically being assigned a prefix which changes without notice (ie, when the wan connection drops) is ...
by MadEngineer
Tue Apr 28, 2015 10:50 am
Forum: General
Topic: IPv6 on pseudobridge not working?
Replies: 4
Views: 721

Re: IPv6 on pseudobridge not working?

the gateway router gets an ipv6 /56 by dhcp which is dynamically assigned by my isp. it changes when/if the connection drops. LAN devices that are connected directly to this gateway are getting ipv6 via ND - all is well there. I'm not sure how to get ipv6 onto the bridge, which is a second Mikrotik....
by MadEngineer
Mon Apr 27, 2015 11:02 am
Forum: General
Topic: IPv6 on pseudobridge not working?
Replies: 4
Views: 721

IPv6 on pseudobridge not working?

As the subject, is that even possible? Currently I have ipv6 working on this network, but I'm having trouble getting ipv6 to work on this bridge. IPv6 is provided by the ISP with DHCP, then the router feeds IPv6 to the LAN with ND. Devices connected to the LAN via the bridge get correct IPv6 address...
by MadEngineer
Tue Oct 14, 2014 12:25 pm
Forum: Beginner Basics
Topic: IPv6 for vpn session?
Replies: 6
Views: 1797

Re: IPv6 for vpn session?

Perhaps I'm not following, but I already have a /56 pool and I've specified this pool to the ppp profile
by MadEngineer
Tue Oct 14, 2014 5:50 am
Forum: Beginner Basics
Topic: IPv6 for vpn session?
Replies: 6
Views: 1797

Re: IPv6 for vpn session?

I'll add some more information:

The mikrotik (d)ynamically adds a dhcp v6 server to the interface of the connecting clients. I see in ND neighbour discovery (prefixes tab), the clients are getting IPv6 addresses but they're red.
by MadEngineer
Sat Oct 11, 2014 3:45 am
Forum: Beginner Basics
Topic: IPv6 for vpn session?
Replies: 6
Views: 1797

Re: IPv6 for vpn session?

"create l2tp tunnel with ipv6 enabled" - already have l2tp working via ipv4 "Set up dhcp-pd-cleint (ipv6 dhcp-client) assign ip address from the pool you get populated by PD-client to the local interface" - where is the ipv6 server? I already have an ipv6 client on my wan interface "Set up either a...
by MadEngineer
Wed Oct 08, 2014 1:28 pm
Forum: Beginner Basics
Topic: IPv6 for vpn session?
Replies: 6
Views: 1797

IPv6 for vpn session?

I currently get IPv6 via dhcp from my ISP and provide IPv6 to my local interfaces with pd. What's needed to have a connecting l2tp client be given an IPv6 address by pd also? I've tried the obvious but I must be missing something.
by MadEngineer
Sun Sep 14, 2014 2:26 pm
Forum: General
Topic: Problems with Windows and VLANs
Replies: 1
Views: 577

Re: Problems with Windows and VLANs

http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx short version (depending on your network): the MAC address of the gateway. I believe windows does a DNS lookup to test for connectivity. If there's a DNS serve...
by MadEngineer
Wed Sep 10, 2014 1:24 pm
Forum: General
Topic: Slow Internet on Mikrotik
Replies: 3
Views: 927

Re: Slow Internet on Mikrotik

are you able to swap in a mikrotik or configuration out of hours that has a clean configuration?

lots of things can cause this such as queues, limits, proxy, route loops ...
by MadEngineer
Wed Sep 10, 2014 1:21 pm
Forum: General
Topic: I have a real probleme
Replies: 6
Views: 1051

Re: I have a real probleme

and also connecting with mac :)
by MadEngineer
Wed Sep 10, 2014 1:14 pm
Forum: Beginner Basics
Topic: Automatic transfer to the login page after connecting wifi
Replies: 4
Views: 3118

Re: Automatic transfer to the login page after connecting wi

Welcome to Android. The later versions of their OS may do as you've indicated. Older devices -- which cannot be updated will never have a fix. You need to have instructions provided when they are provided with a login which is no good if your connecting customers are only learning about the hotspot ...
by MadEngineer
Wed Sep 10, 2014 12:52 pm
Forum: General
Topic: Two userman
Replies: 3
Views: 989

Re: Two userman

hmm i wonder what happens if you add a second radius server?

google gives:
http://forum.mikrotik.com/viewtopic.php ... 48#p201925
by MadEngineer
Tue Sep 09, 2014 1:29 pm
Forum: Beginner Basics
Topic: lan folder sharing
Replies: 1
Views: 541

Re: lan folder sharing

turn off default forwarding
by MadEngineer
Tue Sep 09, 2014 1:25 pm
Forum: General
Topic: Two userman
Replies: 3
Views: 989

Re: Two userman

script it. use netwatch to monitor the server and change it if it goes down
by MadEngineer
Tue Sep 09, 2014 1:22 pm
Forum: General
Topic: I have a real probleme
Replies: 6
Views: 1051

Re: I have a real probleme

close the open file? drag and drop instead of paste?
by MadEngineer
Tue Sep 09, 2014 1:21 pm
Forum: General
Topic: Slow Internet on Mikrotik
Replies: 3
Views: 927

Re: Slow Internet on Mikrotik

any duplex issues?
by MadEngineer
Tue Sep 09, 2014 1:12 pm
Forum: General
Topic: how to block hotspot shield ?
Replies: 10
Views: 3255

Re: how to block hotspot shield ?

what firewall rule is allowing the traffic? Do you have proper rules ending with block all other input and forward traffic? The only traffic that should be allowed to traverse to an unauthenticated hotspot user is https, http and DNS. You can do IP over DNS so you need checks in place to block this....
by MadEngineer
Fri Sep 05, 2014 1:32 pm
Forum: Beginner Basics
Topic: Automatic transfer to the login page after connecting wifi
Replies: 4
Views: 3118

Re: Automatic transfer to the login page after connecting wi

Not all devices do this. Apple devices and windows machines will try accessing a website after connecting to a network. If the site doesn't come up as expected, it displays your redirected login page. Windows has a pop-up that additional details may be required. So ensure the issue isn't being cause...
by MadEngineer
Fri Sep 05, 2014 1:27 pm
Forum: General
Topic: Feature Request: VLAN tagged PPPoE
Replies: 5
Views: 1767

Re: Feature Request: VLAN tagged PPPoE

I've also made this request in the past.
by MadEngineer
Tue Sep 02, 2014 11:49 am
Forum: Beginner Basics
Topic: Good lock down firewall rules for a home AP router
Replies: 26
Views: 10970

Re: Good lock down firewall rules for a home AP router

If you can't work it out from my post, buy the book :)
by MadEngineer
Mon Sep 01, 2014 12:23 pm
Forum: Beginner Basics
Topic: Broadcast/Loop prevention
Replies: 3
Views: 1774

Re: Broadcast/Loop prevention

rstp

you could use firewall rules (with bridge and set to use ip firewall), one to accept a limited about of broadcast and a second to drop others.
by MadEngineer
Mon Sep 01, 2014 12:09 pm
Forum: Beginner Basics
Topic: Total Newbee advice Port opening
Replies: 7
Views: 1541

Re: Total Newbee advice Port opening

netmap applies to a whole subnet of addresses.
by MadEngineer
Mon Sep 01, 2014 11:50 am
Forum: Beginner Basics
Topic: Good lock down firewall rules for a home AP router
Replies: 26
Views: 10970

Re: Good lock down firewall rules for a home AP router

I actually prefer what is provided in the book "RouterOS by Example":it has the usual dropping invalid and accepting input from trusted networks then it accepts established, then only accepts NEW forwards from the trusted network, then related forwards then established forwards, finally dropping all...
by MadEngineer
Fri Aug 29, 2014 2:11 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94996

Re: v6.19 released

Bit of an odd one: begin creating a drop rule. Before saving it with OK or Apply, give it a comment and click OK to close the comment entry. You'll see it immediately creates an Accept rule. It correctly changes after hitting OK or Apply to close the already created rule.
by MadEngineer
Fri Aug 29, 2014 1:54 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94996

Re: v6.19 released

Just updated an RB951-2n and all the firewall filter rules were gone. They all came back on a second restart :) Most likely you just had to wait a while, until the list populated i did give it some time, was looking at what backups i had and even i tested a filter rule. the firewall rules were 100%...
by MadEngineer
Wed Aug 27, 2014 1:58 pm
Forum: General
Topic: increase dhcp scope on RB433
Replies: 1
Views: 550

Re: increase dhcp scope on RB433

How many addresses are consumed by wireless devices?
by MadEngineer
Wed Aug 27, 2014 1:51 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94996

Re: v6.19 released

If you check logs after an update it will tell you why the user manager import failed.
by MadEngineer
Wed Aug 27, 2014 1:40 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94996

Re: v6.19 released

Just updated an RB951-2n and all the firewall filter rules were gone. They all came back on a second restart :) Most likely you just had to wait a while, until the list populated i did give it some time, was looking at what backups i had and even i tested a filter rule. the firewall rules were 100%...
by MadEngineer
Wed Aug 27, 2014 1:04 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 94996

Re: v6.19 released

Just updated an RB951-2n and all the firewall filter rules were gone. They all came back on a second restart :)
by MadEngineer
Sat Aug 23, 2014 1:19 am
Forum: General
Topic: Pptp performance issues
Replies: 4
Views: 1048

Re: Pptp performance issues

All router boards and os's that I've used in the last several years, CPE classes mind you. CPU usage I'll have to check but never noticed anything untoward in graphs over time. I'll have to check for exact figure.
by MadEngineer
Thu Aug 14, 2014 12:28 pm
Forum: Wireless Networking
Topic: Not so good reception
Replies: 5
Views: 1086

Re: Not so good reception

My previous router was a Linksys WRT320N
Number of Antennas 3
RF Pwr (EIRP) in dBm 17 dBm
Antenna Gain in dBi Main Antenna*: 1.5 dBi
Third Antenna: 2.2 dBi
how does that compare to the model of CRS you have?
by MadEngineer
Wed Aug 13, 2014 4:02 am
Forum: Wireless Networking
Topic: Not so good reception
Replies: 5
Views: 1086

Re: Not so good reception

What was the model of the device you were using before with good reception?
by MadEngineer
Wed Aug 13, 2014 3:58 am
Forum: Beginner Basics
Topic: RouterBOARD is not detected
Replies: 6
Views: 1649

Re: RouterBOARD is not detected

Sounds like he's trying to enter the motherboards bios setup but ROS is booting, then displaying that message -- del might not be the bios setup key for that motherboard or it's not being pressed early enough after power up
by MadEngineer
Wed Aug 13, 2014 3:50 am
Forum: General
Topic: Pptp performance issues
Replies: 4
Views: 1048

Re: Pptp performance issues

Short answer: no, increasing the license level won't increase vpn performance

Increasing the level only increases the tunnel limit
http://wiki.mikrotik.com/wiki/Manual:Li ... nse_Levels

Long answer: I too would like to know why vpn performance is only a small fraction of available bandwidth.
by MadEngineer
Wed Aug 13, 2014 3:44 am
Forum: General
Topic: Add ARP for leases, what does it do?
Replies: 8
Views: 19981

Re: Add ARP for leases, what does it do?

Are you asking what arp is? You'll want an understanding of what an arp table is
by MadEngineer
Tue Aug 12, 2014 2:23 pm
Forum: Beginner Basics
Topic: Share vlan on wifi and ether port
Replies: 8
Views: 1209

Re: Share vlan on wifi and ether port

don't bridge the ether port

bridge the vlan
by MadEngineer
Fri Jul 18, 2014 7:38 am
Forum: Beginner Basics
Topic: Autoassign ipv6 /64 address to LAN interface?
Replies: 3
Views: 787

Re: Autoassign ipv6 /64 address to LAN interface?

thanks for the reply.

I ended up doing exactly that, and had already enabled ND.

I noticed when setting it to ::/64 it repopulates the address and the IP address has a status of G - I haven't tried it yet but I trust that it will update on the next reboot
by MadEngineer
Thu Jul 17, 2014 2:06 pm
Forum: Beginner Basics
Topic: Autoassign ipv6 /64 address to LAN interface?
Replies: 3
Views: 787

Autoassign ipv6 /64 address to LAN interface?

Any ideas on how to autoassign the first /64 of the WAN ip to my LAN interface? Do I need to script it or can it be done through autoconfigure?
by MadEngineer
Wed Jul 16, 2014 2:25 pm
Forum: Beginner Basics
Topic: IPV6 howto?
Replies: 2
Views: 705

Re: IPV6 howto?

OK, turned off ND broadcast on all, left it on on the LAN interface and its working: Ethernet adapter Ethernet: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : xyzz:xyzz:xyzz:x01:abcd:eeee:bbbb:yyyy Temporary IPv6 Address. . . . . . : xyzz:xyzz:xyzz:x01:zzzz:zzzz:eeee:yyyy Lin...
by MadEngineer
Wed Jul 16, 2014 2:11 pm
Forum: Beginner Basics
Topic: IPV6 howto?
Replies: 2
Views: 705

Re: IPV6 howto?

So, it looks like ipv6 is working fine n dandy on the Mikrotik. I get an ipv6 address of xyzz:xyzz:xyzz:x00::/56 so added an ip of xyzz:xyzz:xyzz:x01::/64 to the LAN interface. No idea if that's the right thing to do, but it works as far as the Mikrotik is concerned (i'm firewalling it off in betwee...
by MadEngineer
Wed Jul 16, 2014 12:03 pm
Forum: Beginner Basics
Topic: IPV6 howto?
Replies: 2
Views: 705

IPV6 howto?

So, for some time now I've had a Mikrotik running in place of my ISP provided CPE which works great. Basic configuration for IPv4 is vlan10 tagged dhcp client on ether1 to get an internet connection (WAN), wireless and ether3 bridged as a LAN interface on which sits a dhcp server with NAT enabled - ...
by MadEngineer
Fri Jun 20, 2014 3:39 am
Forum: General
Topic: Please add logging for /ip cloud
Replies: 1
Views: 878

Please add logging for /ip cloud

As subject. There is currently (in 6.15) no logging for cloud, nor any topic for the log.
by MadEngineer
Tue Jun 17, 2014 10:06 am
Forum: Wireless Networking
Topic: Mikrotik band steering
Replies: 5
Views: 3308

Re: Mikrotik band steering

Has anyone tried doing this with scripting? Say for example, every time a device connects to the 5Ghz interface, add an access list rule that denies it from authenticating with the 2Ghz interface. Unfortunately, amongst other side effects, I suspect that this would result in every connection droppin...
by MadEngineer
Tue Jun 03, 2014 12:23 pm
Forum: Wireless Networking
Topic: hotspot + account manager
Replies: 8
Views: 7033

Re: hotspot + account manager

thanks, got this sorted quite some time ago. was probably one of the above answers, thanks.
by MadEngineer
Thu May 22, 2014 2:06 pm
Forum: General
Topic: Unknown Traffic from router
Replies: 2
Views: 656

Re: Unknown Traffic from router

Mikrotik devices don't phone home or the likes on their own.

Check ip -> firewall -> connections for active connections. also ensure the firewall has been properly configured.
by MadEngineer
Mon Apr 21, 2014 10:41 am
Forum: General
Topic: v6.12 released
Replies: 237
Views: 58914

Re: v6.12 released

/log print shows current time (time of log in) as 07:xx:xx /system clock shows time of 19:xx:xx Timezone (pacific/auckland), GMT Offset (+12), SNTP Client and dates on newly created files are all correct. Checked with another Mikrotik device on an earlier release and it shows the log times as being ...
by MadEngineer
Wed Mar 12, 2014 12:03 am
Forum: Wireless Networking
Topic: MikroTik shows up in discovery, but unable to connect
Replies: 3
Views: 793

Re: MikroTik shows up in discovery, but unable to connect

Yes, it means they're alive or at least responding to that scan function. See: http://wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery - anything that shows up from the "MNDP button" scan has neighbor discovery enabled on the interface shared between you and the Mikrotik. If you can't reach it by...
by MadEngineer
Tue Mar 11, 2014 4:53 am
Forum: Wireless Networking
Topic: MikroTik shows up in discovery, but unable to connect
Replies: 3
Views: 793

Re: MikroTik shows up in discovery, but unable to connect

likely a firewall or service setting, if the list you're talking about is the "..." scan button. the list at the bottom of the window are ones you've clicked save for. can you connect via its web interface?
by MadEngineer
Wed Feb 12, 2014 3:33 am
Forum: Beginner Basics
Topic: IP Service "available from" not working as expected
Replies: 1
Views: 1562

Re: IP Service "available from" not working as expected

haha, should be 192.168.101.240 not 192.168.101.0

*facepalm*
by MadEngineer
Wed Feb 12, 2014 2:53 am
Forum: Beginner Basics
Topic: IP Service "available from" not working as expected
Replies: 1
Views: 1562

IP Service "available from" not working as expected

Setting any IP service to be available from 192.168.101.0/28 is blocking that service altogether, even when when trying to access it from that network (255.255.255.240) It works as expected when setting it to another /24 network, limiting access to that network only. I noticed that when I entered th...
by MadEngineer
Sat Dec 21, 2013 10:13 am
Forum: Beginner Basics
Topic: Set Time and Days for a Rule
Replies: 1
Views: 520

Re: Set Time and Days for a Rule

You can create a rule with times and days of the week easily. To toggle it every 10 days, use the scheduler function to disable/enable the rule every/after 240 hours
by MadEngineer
Sat Dec 21, 2013 10:02 am
Forum: General
Topic: Mikrotik + Freeradius Issue + MSSql (Platypus)
Replies: 4
Views: 1347

Re: Mikrotik + Freeradius Issue + MSSql (Platypus)

there should be an entry in the log along with a reason for the login failure on the web page
by MadEngineer
Fri Dec 20, 2013 2:48 am
Forum: General
Topic: IP hangs, but I still can access via MAC address
Replies: 9
Views: 1565

Re: IP hangs, but I still can access via MAC address

Are any supout files being generated?
by MadEngineer
Fri Dec 20, 2013 1:42 am
Forum: General
Topic: IP hangs, but I still can access via MAC address
Replies: 9
Views: 1565

Re: IP hangs, but I still can access via MAC address

Profile probably won't show when using mac winbox

Can it ping itself when it dies? What interface is the ip you're trying to access it on - is it a bridge or a port?
by MadEngineer
Thu Dec 19, 2013 5:41 am
Forum: Wireless Networking
Topic: Create fake wireless client
Replies: 16
Views: 3435

Re: Create fake wireless client

Not sure exactly what you're after but you could add that address to the board however the data won't be broadcasted over wireless, if that's what you're trying to achieve. You need a physical layer for data flow
by MadEngineer
Thu Dec 19, 2013 5:30 am
Forum: General
Topic: IP hangs, but I still can access via MAC address
Replies: 9
Views: 1565

Re: IP hangs, but I still can access via MAC address

Restarting solves the problem? For how long? What's the cpu usage?
by MadEngineer
Thu Dec 19, 2013 3:40 am
Forum: General
Topic: problem pinging pppoe and hotspot users
Replies: 9
Views: 1993

Re: problem pinging pppoe and hotspot users

Would be worth investigating the impact of that change. For example you should have done so already but check again that hotspot users can't get access to internal resources. Worth adding a rule to deny it anyway, at least for logging/counting any attempts
by MadEngineer
Wed Dec 18, 2013 1:45 am
Forum: General
Topic: problem pinging pppoe and hotspot users
Replies: 9
Views: 1993

Re: problem pinging pppoe and hotspot users

is there a route for destination 172.16.0.0/24? What is the routing table on the device you're trying to ping them from?
by MadEngineer
Fri Nov 29, 2013 12:14 pm
Forum: General
Topic: problem pinging pppoe and hotspot users
Replies: 9
Views: 1993

Re: problem pinging pppoe and hotspot users

so you want to ping your hotspot clients?
by MadEngineer
Fri Nov 29, 2013 12:10 pm
Forum: General
Topic: Hotspot via VPN
Replies: 4
Views: 1286

Re: Hotspot via VPN

yes, but use a more secure option if you can
by MadEngineer
Wed Nov 27, 2013 3:32 am
Forum: General
Topic: Hotspot via VPN
Replies: 4
Views: 1286

Re: Hotspot via VPN

run the hotspot on a bridge, then on this bridge include an interface that terminates your vpn along with the interface of the intended hotspot (ie wlan)

the vpn must take all traffic from what your logging in from
by MadEngineer
Fri Nov 22, 2013 10:37 pm
Forum: General
Topic: Tutorials blogs and other helpful RouterOS resources
Replies: 65
Views: 57787

Re: Tutorials blogs and other helpful RouterOS resources

I'm doing my MTCNA next week and it was suggested to purchase the popular routeros by example book. I had looked at buying the boom in the past but reviews of the book suggested it was very simplistic whereas I was after something with a bit more teeth. After the suggestion I purchased it anyway and...
by MadEngineer
Thu Nov 14, 2013 2:06 am
Forum: Beginner Basics
Topic: can trial user change mac address and use the internet aga !
Replies: 9
Views: 1462

Re: can trial user change mac address and use the internet a

You'll need to "think outside the box" to achieve this, eg disable trial user function and on the login screen publish an account that is restricted down. You can then control the account better.
by MadEngineer
Sat Nov 09, 2013 12:11 am
Forum: Beginner Basics
Topic: can trial user change mac address and use the internet aga !
Replies: 9
Views: 1462

Re: can trial user change mac address and use the internet a

Require an email sign up with radius. Sure, they can create multiple email accounts but it would at least add some work to their efforts.
by MadEngineer
Tue Oct 08, 2013 12:47 am
Forum: Beginner Basics
Topic: Unable to send mikrotik backup file to email address
Replies: 5
Views: 2351

Re: Unable to send mikrotik backup file to email address

Is there a requirement that you're specifying the email settings everytime that you're running that script? Take the line out for /tool email, you only need to do it once.
by MadEngineer
Tue Aug 27, 2013 2:06 pm
Forum: General
Topic: Basic script fails
Replies: 3
Views: 651

Re: Basic script fails

:global gip1 "0.0.0.0"
by MadEngineer
Tue Aug 27, 2013 1:57 pm
Forum: General
Topic: Winbox search option
Replies: 3
Views: 1342

Re: Winbox search option

the filter option is no good?
by MadEngineer
Tue Aug 27, 2013 1:55 pm
Forum: General
Topic: Mikrotik logo broken when there is echo into console
Replies: 2
Views: 1068

Re: Mikrotik logo broken when there is echo into console

i get similar when using the winbox console. when reaching the end of a line sometimes it doesn't seem to LF and you end up typing back over the same line. probably a known issue, has done it for years.
by MadEngineer
Mon Aug 26, 2013 10:02 am
Forum: General
Topic: Request: Advanced Mode for Quick Set
Replies: 1
Views: 1077

Request: Advanced Mode for Quick Set

... for setting for example VLAN tagging on the WAN port, which is a requirement here (tag as 10). It seems if you use the quickset to configure a router and then attempt to edit the configuration to add a vlan afterwards it just doesn't work. The router needs to be reset to default and the vlan etc...
by MadEngineer
Fri Aug 23, 2013 12:39 pm
Forum: General
Topic: Connect through L2TP
Replies: 13
Views: 2220

Re: Connect through L2TP

^ this. i was supposed to have asked it in my first post :)

you need to test that the device or interface that receives the request from the world can route back to the intended server (and that replies go back as expected)
by MadEngineer
Fri Aug 23, 2013 6:51 am
Forum: Scripting
Topic: Errors on the script samples?
Replies: 2
Views: 747

Re: Errors on the script samples?

Have requested ...
by MadEngineer
Fri Aug 23, 2013 3:57 am
Forum: General
Topic: Connect through L2TP
Replies: 13
Views: 2220

Re: Connect through L2TP

Add a rule to the mikrotik at 88.1 to passthrough any traffic that matches any such connection coming in and also watch its counters. Also add the two reply columns in winbox so you can see how it's natting the connection.
by MadEngineer
Thu Aug 22, 2013 2:54 pm
Forum: General
Topic: Connect through L2TP
Replies: 13
Views: 2220

Re: Connect through L2TP

i trust you're testing this from the internet, rather than from a device on one of those networks.

are the packet/byte counts at zero for that nat rule? are they increasing as you test?
by MadEngineer
Thu Aug 22, 2013 1:54 pm
Forum: General
Topic: Connect through L2TP
Replies: 13
Views: 2220

Re: Connect through L2TP

add action=dst-nat chain=dstnat dst-port=8181 protocol=tcp to-addresses=192.168.88.150 to-ports=8181 dst-address=78.84.162.nnn
by MadEngineer
Thu Aug 22, 2013 11:59 am
Forum: General
Topic: Change in scripting syntax from v5.25 to v6.2
Replies: 1
Views: 780

Re: Change in scripting syntax from v5.25 to v6.2

always break down the script to its simplest form to make debugging easier eg typing the following into the console ...

/ip hotspot host find !

... shows you that it's not going to work. from there you should discover that you can instead use

/ip hotspot host find (!authorized)
by MadEngineer
Thu Aug 22, 2013 11:33 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD VPN working, DNS settings won't stick
Replies: 2
Views: 1262

Re: RB751U-2HnD VPN working, DNS settings won't stick

on the server end,


/ppp profile set PROFILE-NAME dns-server=192.168.2.4
by MadEngineer
Thu Aug 22, 2013 11:24 am
Forum: General
Topic: Feature request: Timeout and Uptime columns in Address-Lists
Replies: 5
Views: 1740

Re: Feature request: Timeout and Uptime columns in Address-L

+1

I was thinking about this the other day where I have a addresses added to block-lists due to whatever reason. This would make manual monitoring much easier and allow you to see addresses that stay on the list as their timeout keeps refreshing
by MadEngineer
Thu Aug 22, 2013 11:15 am
Forum: General
Topic: Connect through L2TP
Replies: 13
Views: 2220

Re: Connect through L2TP

can 192.116.1.0/24 communicate with 192.168.88.150?
by MadEngineer
Thu Aug 22, 2013 10:26 am
Forum: Wireless Networking
Topic: virus trap
Replies: 2
Views: 1494

Re: virus trap

ok, 149.20.56.32 is hosting a virus according to google results :) /ip firewall filter add address-list=infected action=drop chain=forward /ip firewall filter add dst-address=149.20.56.32 action=add-src-to-address-list chain=forward address-list=infected address-list-timeout=1h /ip firewall filter a...
by MadEngineer
Thu Aug 22, 2013 10:08 am
Forum: Wireless Networking
Topic: virus trap
Replies: 2
Views: 1494

Re: virus trap

can you clarify that a bit more? is the traffic coming FROM that IP, from 1308 to you at :80? (edit, actually, i'm assuming you have an infected machine talking to that ip) use shieldsup to scan your address (google it) plenty of guides out there about firewalling. firewall should be set to allow lo...
by MadEngineer
Tue Aug 20, 2013 12:41 pm
Forum: Scripting
Topic: need a script to move users from one profile to another
Replies: 2
Views: 1124

Re: need a script to move users from one profile to another

have you tested that line by line?

if i create a test secret with profile "to be deleted 0400" and do:

/ppp secret find profile="to be deleted 0400"

... i get nothing

looks like you need to use foreach
by MadEngineer
Tue Aug 20, 2013 12:20 pm
Forum: Scripting
Topic: Errors on the script samples?
Replies: 2
Views: 747

Errors on the script samples?

example http://wiki.mikrotik.com/wiki/Sending_your_self_an_e-mail_with_DSL_interface_IP_address :if ([ :typeof $ddnslastip ] = nil ) do={ :global ddnslastip "0" } should be :if ([ :typeof $ddnslastip ] = "nil" ) do={ :global ddnslastip "0" } Does someone maintain these examples so they work in the c...
by MadEngineer
Tue Aug 06, 2013 11:51 am
Forum: General
Topic: V6.2 Winbox from cant drag and drop files
Replies: 9
Views: 5667

Re: V6.2 Winbox from cant drag and drop files

make sure you're 'dropping' onto the winbox window and not say the firewall sub-window. The latter must have some other function for drag n drop.
by MadEngineer
Mon Jul 29, 2013 8:46 am
Forum: Beginner Basics
Topic: QoS for sip (VoIP) connection type
Replies: 1
Views: 1597

Re: QoS for sip (VoIP) connection type

*bump* How can I ensure that any QoS tagging that this router does gets passed through? If I find the router always connecting with a particular IP for VoIP (ie during a call) how would I manually tag it? Perhaps I worded this wrong ... the ISP's router may or may not have 'tagged' the traffic but i...
by MadEngineer
Sun Jul 28, 2013 12:44 pm
Forum: Beginner Basics
Topic: 2011 with iphone 5
Replies: 13
Views: 3229

Re: 2011 with iphone 5

try setting the protocol to 802.11

set the security profile to wpa2 psk, aes ccm with tkip turned off
by MadEngineer
Mon Jun 24, 2013 11:36 am
Forum: Beginner Basics
Topic: need help with mikrotik tutorial.
Replies: 3
Views: 1193

Re: need help with mikrotik tutorial.

don't worry - the more frustrating it is the more rewarding it is when things start to click :)
by MadEngineer
Mon Jun 24, 2013 10:02 am
Forum: Beginner Basics
Topic: QoS for sip (VoIP) connection type
Replies: 1
Views: 1597

QoS for sip (VoIP) connection type

My ISP has provided me with a somewhat rubbish router however it's required if I want a phone connection so I've managed to place an rb433 between the fibre ONT box and the ISP's router. Setup is basically as follows: ONT -> ether1 VoIP Router WAN port -> ether2 LAN -> ether3 vlan added to ether1 ta...
by MadEngineer
Thu Nov 22, 2012 1:54 am
Forum: Wireless Networking
Topic: has anyone played with rxa-txb / txa-rxb antenna modes?
Replies: 5
Views: 2106

Re: has anyone played with rxa-txb / txa-rxb antenna modes?

Yes, rather than creating a new topic for one that has already been created and "works fine" isn't much info and doesn't mention anything about any improvement.
by MadEngineer
Thu Nov 22, 2012 12:32 am
Forum: Wireless Networking
Topic: has anyone played with rxa-txb / txa-rxb antenna modes?
Replies: 5
Views: 2106

Re: has anyone played with rxa-txb / txa-rxb antenna modes?

*bump*
as requested by the first post, anyone able to advise if they've done this with an ap and noted if there's been an improvement?
by MadEngineer
Mon Sep 03, 2012 9:25 am
Forum: General
Topic: Help with Mikrotik RB433 ether1
Replies: 2
Views: 535

Re: Help with Mikrotik RB433 ether1

How do you know "the link" is 20mb? I'm guessing that whatever is reporting that is showing you have a duplex link at 10mbit/s so you can 'push' 10mbit while also 'pulling' 10mbit, making 20.
by MadEngineer
Tue Jul 10, 2012 5:16 am
Forum: General
Topic: Two Mikrotiks wont talk
Replies: 1
Views: 327

Re: Two Mikrotiks wont talk

Found the cause: Each mikrotik has a wifi vlan which I'd used the same MAC on ... have done this with 5 mikrotiks already and didn't see this issue after testing each one for a week, mind you there have been new OS updates since then ... oops. I was hoping to have wifi devices see the same mac addre...
by MadEngineer
Tue Jul 10, 2012 4:54 am
Forum: General
Topic: Two Mikrotiks wont talk
Replies: 1
Views: 327

Two Mikrotiks wont talk

Two Mikrotiks wont ping each other - how can I diagnose this? After rebooting the one that has usermanager running on it I can ping between the two for a few minutes then it stops. Rebooting the client doesn't. Other devices/mikrotiks can ping either mikrotik without issue so there must be something...
by MadEngineer
Sun Jun 03, 2012 4:18 pm
Forum: General
Topic: openvpn client trouble
Replies: 8
Views: 1367

Re: openvpn client trouble

proxy-arp on the bridge?
by MadEngineer
Sun Jun 03, 2012 4:14 pm
Forum: Beginner Basics
Topic: LAN / WDS configuration
Replies: 15
Views: 20031

Re: LAN / WDS configuration

use trial3, but add a virtualap. infact clients should (ideally?) connect using a virtualap
by MadEngineer
Mon Mar 19, 2012 1:41 am
Forum: Wireless Networking
Topic: hotspot + account manager
Replies: 8
Views: 7033

Re: hotspot + account manager

"access denied at this time" - still getting this and I can't for the life of me resolve it. I believe this is related to the user profile somehow but even after removing users and profiles and adding them from scratch I can't get past this error when tying to connect to the hotspot.

using 5.14
by MadEngineer
Tue Mar 06, 2012 10:17 pm
Forum: Wireless Networking
Topic: AP ACCESS RULE CONFIGURATION
Replies: 3
Views: 3142

Re: AP ACCESS RULE CONFIGURATION

*bump* thank janisk, this has worked well. Each connecting device doesn't need to be added if the mac address is left blank. Once set up in this fashion, under wireless tables/access list the MAC address is listed as <-> so it applies to all. Ticking off the current day and clicking apply while conn...
by MadEngineer
Sat Mar 03, 2012 1:21 pm
Forum: Scripting
Topic: Whats wrong with my regex expression?
Replies: 2
Views: 1457

Re: Whats wrong with my regex expression?

facebook has 8 letters, twitter does not.
by MadEngineer
Wed Feb 29, 2012 11:00 pm
Forum: Wireless Networking
Topic: hotspot + account manager
Replies: 8
Views: 7033

Re: hotspot + account manager

:( more issues ... still haven't found how to create a valid profile. notice that when adding a restriction, old restrictions appear, such as one with a date/time range that i'd set previously and deleted but there are no limitations on it - only the date/time range. clicking to save the profile doe...
by MadEngineer
Tue Feb 28, 2012 4:29 am
Forum: Wireless Networking
Topic: hotspot + account manager
Replies: 8
Views: 7033

Re: hotspot + account manager

getting closer to sorting this, i think. I got a different error: "access denied at this time" and couldn't for the life of me figure out what was causing that (check time zone, date/time etc - am using ntp and time is correct). I then trashed both the test user and the profile, created a new test u...
by MadEngineer
Tue Feb 28, 2012 3:45 am
Forum: Wireless Networking
Topic: hotspot + account manager
Replies: 8
Views: 7033

Re: hotspot + account manager

even attempting to follow this guide i get no joy: http://wiki.mikrotik.com/wiki/User_Manager/Hotspot_Example also: / tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456 ... isn't valid: [admin@MikroTik] > /tool user-manager router add coa-port copy-from log shar...
by MadEngineer
Mon Feb 27, 2012 11:48 pm
Forum: Wireless Networking
Topic: hotspot + account manager
Replies: 8
Views: 7033

hotspot + account manager

I've setup an rb433 by following this page: http://wiki.mikrotik.com/wiki/User_Manager/Hotspot_Example The problem I have is that when attempting to log in via wifi, I get the error: hotspot info debug wifitest (192.168.30.99): trying to login by http-chap hotspot info debug wifitest (192.168.30.99)...
by MadEngineer
Sun Jul 03, 2011 7:41 am
Forum: Scripting
Topic: Read and write a file.txt
Replies: 5
Views: 35044

Re: Read and write a file.txt

^ thanks for that /tool fetch url="http://automation.whatismyip.com/######.asp" mode=http; global getIP [/file get ######.asp contents]; global currentIP if ($getIP != $currentIP) do={ /tool e-mail send to="thenexus@ihug.co.nz" subject="address" body=[$getIP]; :set currentIP $getIP; } seems to work ...
by MadEngineer
Sat Jul 02, 2011 4:57 pm
Forum: Scripting
Topic: Read and write a file.txt
Replies: 5
Views: 35044

Re: Read and write a file.txt

ok, I've spent an age reading that page and trying different things but for the life of me I can't work out how to read a file. Closest I can find is /file print detail where name="file.ext" from http://wiki.mikrotik.com/wiki/Manual:System/File as it at least echos amongst other detail "contents=" i...
by MadEngineer
Mon May 02, 2011 11:01 am
Forum: Beginner Basics
Topic: pptp - connects but no traffic
Replies: 1
Views: 674

pptp - connects but no traffic

pptp will auth, mikrotik can ping local and remote address, pptp client can ping mikrotik but the LAN can't. Also I have a problem where if the mikrotik isn't a dhcp client of the adsl router then pptp passthrough doesn't seem to work