Community discussions

Search found 111 matches

by proximus
Wed Oct 02, 2019 10:35 pm
Forum: Wireless Networking
Topic: Audience vs Eero?
Replies: 25
Views: 3557

Re: Audience vs Eero?

Thank you for clarifying this. All good.
by proximus
Wed Oct 02, 2019 8:23 pm
Forum: Wireless Networking
Topic: Audience vs Eero?
Replies: 25
Views: 3557

Re: Audience vs Eero?

What is Eero? :shock: mesh WiFi https://eero.com/ I have 2 in bridge mode. Excellent wireless coverage. I did order Audience to give it a try. Eero is what the guy who has NO BUSINESS AT ALL TOUCHING A NETWORK, is bringing into a commercial install. .... Rather confused why you quoted me and posted...
by proximus
Tue Oct 01, 2019 10:00 pm
Forum: Wireless Networking
Topic: Audience vs Eero?
Replies: 25
Views: 3557

Re: Audience vs Eero?

What is Eero? :shock:
mesh WiFi
https://eero.com/

I have 2 in bridge mode. Excellent wireless coverage. I did order Audience to give it a try.
by proximus
Thu Aug 29, 2019 5:13 pm
Forum: General
Topic: Can't get IPv6 Address via DHCP Client on MikroTik
Replies: 5
Views: 663

Re: Can't get IPv6 Address via DHCP Client on MikroTik

If all you want is a IPv6 host address without PD to populate the pool, then you need to get rid of the pool configuration.
That assumes that the cable modem/router is serving as the v6 dhcp server (which it appears to be based on the client screen shot).
by proximus
Sat Jul 13, 2019 4:02 pm
Forum: General
Topic: help to set ipv6 / 48
Replies: 35
Views: 2438

Re: help to set ipv6 / 48

The /48 is a block of addresses. First step will be to use an IPv6 Subnetting Calculator to obtain the /64 network segments. One of the /64's should then be used for the LAN interface and computers on that segment.

After you have the addressing sorted out, post the config if still having problems.
by proximus
Mon Jul 01, 2019 2:42 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70239

Re: v6.45.1 [stable] is released!

i upgrade my RB433AH after that...i couldn't access with current user and password and with admin???? . My observation is that after a reboot, the first login attempt fails ... subsequent logins are successful. This behavior has been reproducible after every reboot, of the single device I'm testing...
by proximus
Thu Jun 27, 2019 10:00 pm
Forum: General
Topic: IPv6 DHCP Server Not Leasing IP
Replies: 11
Views: 5001

Re: IPv6 DHCP Server Not Leasing IP

So that means you can create a DHCPv6 Server and Bindings and Pool and so on, but it's not working at all yet? So the UI is here but no functions behind implemented? The current DHCPv6 server is for handing out prefixes to other routers (DHCP-PD) .... not host addresses. Refer back to post #2, #4. ...
by proximus
Tue May 28, 2019 9:25 pm
Forum: General
Topic: igmp vs icmp
Replies: 1
Views: 229

Re: igmp vs icmp

icmpv6 (protocol 58) is an option in the IPv6 firewall configuration. (Protocol 1 is IPv4 ICMP ... not v6)

IPv6 is dependent on ICMPv6 and should not be blocked, unless you really understand which types can be.
by proximus
Thu Apr 11, 2019 11:30 pm
Forum: Beginner Basics
Topic: Usermanager with RB450gx2
Replies: 3
Views: 319

Re: Usermanager with RB450gx2

Hi please i need help here, i recently accuired an RB450gx2 router, upgraded it to 6.44 OS.
Just to double check .... This is an x2 and not a RB450Gx4? While the x2 is PPC, the x4 is ARM and it would be a different package.
by proximus
Mon Apr 01, 2019 12:49 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40170

Re: UKNOF 43 CVE

Dumb question, have you validated that this is remotely exploitable outside of a contained lab? . That is certainly a critical question that needs to be answered and understood. The extraordinary amount of "pre-show publicity" has lead many to form strong opinions and responses before the full fact...
by proximus
Thu Mar 28, 2019 10:01 pm
Forum: General
Topic: Running IPv6 on Mikrotik? You're out of business in 12 days time
Replies: 32
Views: 15457

Re: Running IPv6 on Mikrotik? You're out of business in 12 days time

Facts still have to matter. The narrative, response and criticism over this issue has gotten way ahead of the information available. Specially crafted packet / memory exhaustion issues (or any other vulnerability) are nothing new to even the largest network equipment manufacturers. They can be dealt...
by proximus
Tue Mar 05, 2019 2:20 pm
Forum: General
Topic: DHCPv6 Prefix Request Response not happening. How to Trace Debug?
Replies: 9
Views: 676

Re: DHCPv6 Prefix Request Response not happening. How to Trace Debug?

Do not configure anything under "/ipv6 pool" ... only set the pool name in the "/ipv6 dhcp-client" configuration.
by proximus
Sat Feb 23, 2019 5:33 pm
Forum: General
Topic: Mikrotik Cloud Backup
Replies: 1
Views: 446

Re: Mikrotik Cloud Backup


1. For cloud configurations
Copy the code below and paste it into the new terminal

/ ip cloud set ddns-enabled = yes
/ ip cloud set update-time = yes
FWIW ... These two setting are not required to be enabled, for cloud backup to work.
by proximus
Mon Feb 18, 2019 8:58 pm
Forum: Beginner Basics
Topic: hAP ac no Internet on LAN
Replies: 4
Views: 345

Re: hAP ac no Internet on LAN

Include a "in-interface=<Your WAN Interface>" parameter. As it is, the destination 443 rule is catching all 443 traffic.
by proximus
Sun Feb 17, 2019 5:04 pm
Forum: Wireless Networking
Topic: Problem with 5GHz frequency - CAPsMAN
Replies: 7
Views: 1300

Re: Problem with 5GHz frequency - CAPsMAN

Since you are provisioning based on hw-supported-modes, I would suggest removing the radio-mac, to get to a more basic config. Are you sure about "control-channel-width=40mhz-turbo" being supported? That may be the source of the no supported channel error. I don't have 4011's to verify. Just elimina...
by proximus
Sun Feb 17, 2019 3:36 pm
Forum: Wireless Networking
Topic: Problem with 5GHz frequency - CAPsMAN
Replies: 7
Views: 1300

Re: Problem with 5GHz frequency - CAPsMAN

I am suspecting that the second provisioning rule should not have the same Radio MAC address as the one that is being used by the 2.4GHz but I do not know what exactly to input as a Radio MAC address. Correct. The CAPsMAN "Radio" tab will show you the radio MAC's for each CAP. If you are not sure w...
by proximus
Sun Feb 10, 2019 7:00 pm
Forum: Beginner Basics
Topic: hAP ac as router only?
Replies: 7
Views: 529

Re: hAP ac as router only?

"direct-input power jack (5.5 mm outside and 2 mm inside, female, pin positive plug) accepts 11-57 V DC."
https://i.mt.lv/cdn/rb_files/1539835625hAP-ac-qg.pdf
by proximus
Sun Feb 03, 2019 7:35 pm
Forum: General
Topic: IPv6 on second VLAN
Replies: 19
Views: 1536

Re: IPv6 on second VLAN

What do you mean by own DHCP server? Like on another machine or what? Or are those commands you posted enough? DHCPv6 server on another machine to provide host addresses. MT's DHCPv6 server does not do host addressing (wish it did!!!) What I posted changes the flags in the Router Advertisement. Tha...
by proximus
Sun Feb 03, 2019 5:36 pm
Forum: General
Topic: IPv6 on second VLAN
Replies: 19
Views: 1536

Re: IPv6 on second VLAN

That error is because SLACC (IPv6 auto config) requires a /64, therefore the error. If you run your own IPv6 DHCP server (or static addresses), you can set advertise=no and may be able to use the /72. Doing this requires settings in ND to advertise the Managed flag. The basic config for not using SL...
by proximus
Sun Feb 03, 2019 3:01 pm
Forum: General
Topic: IPv6 on second VLAN
Replies: 19
Views: 1536

Re: IPv6 on second VLAN

Thank you! I'm getting /64 prefix via DHCP client. I tried your config but second command gives me error "pool exhausted - no more addresses left". Why? Because your pool is a single /64 ... once it is assigned to bridge_vlan10, the pool is exhausted. If your ISP is able to provide you with a /56 o...
by proximus
Thu Jan 17, 2019 10:08 pm
Forum: Beginner Basics
Topic: How to shut down Router before Power Off?
Replies: 19
Views: 3500

Re: How to shut down Router before Power Off?

Normis has commented on shutdown before .... "Shutdown command is not required, it is quite safe to just unplug it." https://forum.mikrotik.com/viewtopic.php?f=3&t=102453&p=518983&hilit=shutdown#p518983 "I have never seen a MikroTik router that has had problems because of improper shutdown. I person...
by proximus
Sat Jan 12, 2019 4:33 am
Forum: General
Topic: hAP ac2 - port knocking doesn't work (kind of)
Replies: 7
Views: 598

Re: hAP ac2 - port knocking doesn't work (kind of)

/ip firewall filter add action=fasttrack-connection chain=forward comment="FastTrack (no-mark connections)" connection-mark=no-mark connection-state=established,related add action=accept chain=forward comment="Accept Established / Related" connection-state=established,related,untracked add action=d...
by proximus
Fri Jan 11, 2019 11:32 pm
Forum: General
Topic: hAP ac2 - port knocking doesn't work (kind of)
Replies: 7
Views: 598

Re: hAP ac2 - port knocking doesn't work (kind of)

I just tried all your scenarios on a RB450Gx4 ( which is also an ARM platform ) running 6.43.8 and they all work. But, FWIW, my knock rules are in reverse order from yours. Meaning it would make your configuration look like: add action=accept chain=input comment="SSH with port knocking" dst-port=xxx...
by proximus
Sun Dec 23, 2018 3:30 pm
Forum: Beginner Basics
Topic: Configure RB3011 to work with Comcast SB6183
Replies: 5
Views: 481

Re: Configure RB3011 to work with Comcast SB6183

Any Mikrotik router will work with any DOCSIS modem on Comcast. You don't need static IP. The router will obtain IPv4/IPv6 addresses via DHCP. IPv4 is just plain vanilla DHCP. IPv6 is a bit more specific. Here is an example of what I use: /ipv6 dhcp-client add add-default-route=yes comment="WAN Cabl...
by proximus
Wed Nov 21, 2018 4:20 pm
Forum: General
Topic: IPV6 Why is my PC get a long list of IPV6 gateway address through Mikrotik DHCP
Replies: 3
Views: 382

Re: IPV6 Why is my PC get a long list of IPV6 gateway address through Mikrotik DHCP

Why is my PC get a long list of IPV6 gateway address through Mikrotik DHCP
.
The premise of the original question is not correct. IPv6 gateways are not obtained via DHCP. They are learned from IPv6 Router Advertisements (RA). So, the source is not MikroTik DHCP.
by proximus
Thu Nov 08, 2018 5:18 am
Forum: General
Topic: IPv6 Prefix Problem with Windows Server DHCPv6
Replies: 1
Views: 326

Re: IPv6 Prefix Problem with Windows Server DHCPv6

Normal behavior.

See this: https://serverfault.com/questions/91847 ... -in-ubuntu

Also, when I look at my iOS devices and Mac's, their DHCPv6 assigned IPv6 addresses all show /128.
by proximus
Thu Oct 04, 2018 3:38 pm
Forum: General
Topic: IPv6 SLAAC, Router Solicitation
Replies: 8
Views: 803

Re: IPv6 SLAAC, Router Solicitation

If all you want to do is disable to use of SLAAC and IPv6 on specific hosts, would it not be much easier to just disable IPv6 SLAAC at the OS level on the desired hosts? Just seems like you are taking the much harder approach that will probably result in unintended consequences. From what I've found...
by proximus
Thu Oct 04, 2018 3:02 pm
Forum: General
Topic: IPv6 SLAAC, Router Solicitation
Replies: 8
Views: 803

Re: IPv6 SLAAC, Router Solicitation

I tried to set up the network in such a way as to block the announcements from the mikrotik (inside mikrotik) to the multicast listeners, but in this case SLAAC does not work at all. For the curious ... why would you want to do this in a SLAAC environment anyway? The intended function of Router Sol...
by proximus
Fri Sep 14, 2018 2:20 pm
Forum: General
Topic: Can't Log in After Upgrade
Replies: 21
Views: 4365

Re: Can't Log in After Upgrade

Winbox 3.18 just released.
viewtopic.php?f=21&t=139189

Have you tried that version?
by proximus
Sun Sep 09, 2018 11:09 pm
Forum: General
Topic: Transferring L4 license from dead rb411 to new rb411
Replies: 8
Views: 731

Re: Transferring L4 license from dead rb411 to new rb411

The RB411 DOES NOT come with L4 license. It comes with L3 license. Look here: https://mikrotik.com/product/RB411

I still need and answer to my question.
The product you referenced has been discontinued. The CURRENT RB411 variants come with L4 license.
by proximus
Fri Sep 07, 2018 8:13 pm
Forum: General
Topic: RB450Gx4 WAN throughput decreases
Replies: 7
Views: 952

Re: RB450Gx4 WAN throughput decreases

@proximus - It appears the WebFig issues is resolved in the release candidate. I prefer to stay with the stable release, but since this is a SOHO device and I don't have any Windows clients I had to upgrade to rc66. Seems to have resolved the WebFig issue. Just FYI, since you are new to MT ... If y...
by proximus
Fri Sep 07, 2018 6:11 pm
Forum: RouterBOARD hardware
Topic: RB450Gx4 "kernel not found or data is corrupted", re-install OS didn't help
Replies: 12
Views: 1600

Re: RB450Gx4 "kernel not found or data is corrupted", re-install OS didn't help

, but it seems as though RouterBOOT can memorize the offset of the kernel on the boot partition and in certain circumstances continue to attempt to load the kernel from that offset even if it isn't located there anymore. Nathan ... Question for ya .... If you have created a primary and fallback par...
by proximus
Fri Sep 07, 2018 3:34 pm
Forum: General
Topic: RB450Gx4 WAN throughput decreases
Replies: 7
Views: 952

Re: RB450Gx4 WAN throughput decreases

New Issue: WebFig freezing appears to be related to using the logout in WebFig. Whenever I logout of WebFig it throws an error in red on the main landing page. Then I can't log back into WebFig until I power cycle. Great that the throughput issue has been resolved. For the WebFig problem, I would s...
by proximus
Fri Sep 07, 2018 2:43 am
Forum: General
Topic: Transferring L4 license from dead rb411 to new rb411
Replies: 8
Views: 731

Re: Transferring L4 license from dead rb411 to new rb411

Just browsing the product line ... all current RB411 models come with a L4 license. So, maybe non-issue?
by proximus
Fri Sep 07, 2018 2:31 am
Forum: General
Topic: RB450Gx4 WAN throughput decreases
Replies: 7
Views: 952

Re: RB450Gx4 WAN throughput decreases

IP > Address default LAN address is set to ether2 instead of bridge0. Is this correct? Interfaces ether 2 - 5 are in bridge and in the switch. How can I verify the interfaces are using the switch chip and not software bridging? If 2 -5 are in the Bridge, the IP address should be on the Bridge. The ...
by proximus
Sun Sep 02, 2018 5:30 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1001

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Copy-and-paste into terminal one section at a time. Also .. Do each section in Safe Mode. Once that section is successfully entered, exit Safe Mode to save it. Then do the next section. That way you don't have to start from scratch each time, if it blows up. And you'll know exactly where the proble...
by proximus
Sun Sep 02, 2018 5:04 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1001

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Copy-and-paste into terminal one section at a time.
by proximus
Fri Aug 31, 2018 3:50 pm
Forum: General
Topic: Switch Chip on CRS106-1C-5S
Replies: 19
Views: 1665

Re: Switch Chip on CRS106-1C-5S

The last step in the guide is to add:
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=
https://wiki.mikrotik.com/wiki/Manual:C ... figuration

I don't see that in your config.
by proximus
Thu Aug 30, 2018 7:28 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70755

Re: RB4011

Expected Delivery: October 2018

Hum
by proximus
Thu Aug 30, 2018 6:25 pm
Forum: RouterBOARD hardware
Topic: Suggestion: release routers with preinstalled Factory Software from Bugfix release chain
Replies: 6
Views: 662

Re: Suggestion: release routers with preinstalled Factory Software from Bugfix release chain

The Bugfix release chain may not have the hardware support for the latest models. That is probably why you cannot downgrade lower than the minimum release, as in your other thread.
by proximus
Thu Aug 30, 2018 3:26 pm
Forum: Beginner Basics
Topic: Locked Out of Mikrotik
Replies: 29
Views: 3425

Re: Locked Out of Mikrotik

Are you using WinBox on a Windows VM?

Asking because I have not been able to make MAC connections work from a Windows VM on Fusion. Have to use WinBox directly on the Mac OS X host system.
by proximus
Wed Aug 29, 2018 4:27 am
Forum: General
Topic: P2P missing on my new RB1100AHx4
Replies: 13
Views: 1351

Re: P2P missing on my new RB1100AHx4

It was blocking, it was showing next to the filter how much traffic it was blocking,
See this: viewtopic.php?f=21&t=121196&p=596405&hi ... is#p596278

It would be wrong to keep it when it wasn't doing anything. False sense of security.
by proximus
Sat Aug 25, 2018 10:20 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 21229

Re: bridge vlan setup (new way) [SOLVED]

Keep in mind that if you enable VLAN filtering on bridge (and without that VLANs essentially don't work), you loose HW offload and every packet passes CPU. This kills performance on slower routerboards, such as RG951G. I advise you to configure your Powerbox pro in the old way by using /interface e...
by proximus
Thu Aug 23, 2018 11:27 pm
Forum: RouterBOARD hardware
Topic: Hap ac2 vs. Hex S
Replies: 8
Views: 7308

Re: Hap ac2 vs. Hex S

Is the Hap ac2 the same board as the RB450Gx4 just without the wireless module? The key difference, other than the wireless, is that the RB450Gx4 has more memory, more and different type of storage, as well as microSD slot. I replaced my RB750Gr3 with a RB450Gx4 for the much larger NAND storage, wh...
by proximus
Wed Aug 22, 2018 11:03 pm
Forum: Beginner Basics
Topic: Slightly Unrelated Problem [SOLVED]
Replies: 7
Views: 549

Re: Slightly Unrelated Problem [SOLVED]

The M20 running DD-WRT .... do you want that to be a wireless access point only? Then I suspect DD-WRT has an option to place it in Bridge Mode. Then give it a static IP address / gateway / DNS ... and you are done.
by proximus
Wed Aug 22, 2018 10:36 pm
Forum: Beginner Basics
Topic: Slightly Unrelated Problem [SOLVED]
Replies: 7
Views: 549

Re: Slightly Unrelated Problem [SOLVED]

Does the M20 have the appropriate default route pointing to the MT?
Is the problem with IP subnets on the M20 not getting out? If so, then does the MT have routes for these subnets pointing back to the M20?
by proximus
Wed Aug 22, 2018 10:11 pm
Forum: Beginner Basics
Topic: No internet [SOLVED]
Replies: 6
Views: 574

Re: No internet [SOLVED]

Does your modem hand out DHCP or did you forget to setup a PPPoE-Client on the Mikrotik? Yes i believe so, i did manage to fix the problem by unplugging the modem. Not sure why a modem would require MAC addresses to match but it does. So the cable companies can charge you for additional IP addresse...
by proximus
Tue Aug 21, 2018 3:43 pm
Forum: Beginner Basics
Topic: No internet [SOLVED]
Replies: 6
Views: 574

Re: No internet [SOLVED]

This a cable modem? When you change the attached device, you need to either clone the MAC from the current one, or just reboot the modem.
by proximus
Sun Aug 19, 2018 4:59 pm
Forum: General
Topic: CRS Egress Tag Removal
Replies: 5
Views: 579

Re: CRS Egress Tag Removal

Current (6.41+) CRS documentation is to configure CRS1xx/CRS2xx VLANs via the switch menu. CRS3xx on the bridge menu. https://wiki.mikrotik.com/wiki/Manual:CRS_Router Also, this thread with MT input discusses the VLAN filtering differences. https://forum.mikrotik.com/viewtopic.php?t=133129 I wish MT...
by proximus
Fri Aug 10, 2018 3:47 pm
Forum: Beginner Basics
Topic: Open Ports
Replies: 7
Views: 857

Re: Open Ports

That's not a valid scan. Avast is intercepting the nmap scan and reporting open ports, but almost all of them are not on the router .. they are local to the host.

The "proxy" ones are self evident. Another example .. tcp/563 is the Avast service itself. Google and see what the others are.
by proximus
Thu Aug 09, 2018 6:15 pm
Forum: Beginner Basics
Topic: Issue with NAT and internal Subnets
Replies: 6
Views: 582

Re: Issue with NAT and internal Subnets

Given the issue as you describe it, give this a try ....
add action=masquerade chain=srcnat comment="masquerade LAN->WAN" out-interface-list=WAN src-address-type=!multicast 
by proximus
Sat Aug 04, 2018 3:36 pm
Forum: Beginner Basics
Topic: Where can i see all used IPv6 configured via advert
Replies: 1
Views: 373

Re: Where can i see all used IPv6 configured via advert

IPv6 --> Neighbors https://wiki.mikrotik.com/wiki/Manual:IPv6/Neighbors The hosts are auto configuring the IPv6 address via SLACC. The address used will change often if the host has Privacy Extensions on (which is most likely the case). Note that the DHCPv6 server in the MT currently only supports P...
by proximus
Thu Aug 03, 2017 5:07 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123761

Re: v6.41rc [release candidate] is released! New bridge implementation!

LED's on RB2011 were working again on rc7. With rc9, there are on solid (with link), no activity blinking.
by proximus
Wed Aug 02, 2017 6:32 pm
Forum: Beginner Basics
Topic: Backup All Mikrotik Configuration
Replies: 13
Views: 84557

Re: Backup All Mikrotik Configuration

A new entry to the market is Unimus. Does config backup and diff's for MikroTik and many other platforms. 3 devices for free, reasonable pricing for additional.
by proximus
Tue Aug 01, 2017 4:19 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude Edition cooling
Replies: 11
Views: 2307

Re: RB1100AHx4 Dude Edition cooling

In the brochure: "It uses passive cooling and is absolutely quiet."
https://i.mt.lv/routerboard/files/RB110 ... 110855.pdf
by proximus
Sun Jul 30, 2017 3:32 pm
Forum: Beginner Basics
Topic: RB750Gr3 - WLAN missing?
Replies: 6
Views: 3846

Re: RB750Gr3 - WLAN missing?

Unless you have some special requirements ... If you love the RB750Gr3, just use that as the router and put the Netgear r7000 in bridge mode. https://kb.netgear.com/24105/What-is-bridge-mode-and-how-do-I-set-it-up-on-my-Nighthawk-router That way, you get the much more robust networking power of the ...
by proximus
Fri Jul 28, 2017 11:13 pm
Forum: Beginner Basics
Topic: Newbie confused over RouterBOARD 750G r2 - PoE In
Replies: 3
Views: 662

Re: Newbie confused over RouterBOARD 750G r2 - PoE In

The ones on Amazon pass power as in the bottom diagram on the product page. Power is not coming out the RJ45 data connection.
Just get the MT one: https://mikrotik.com/product/RBGPOE or equivalent.
by proximus
Thu Jul 27, 2017 4:43 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123761

Re: v6.41rc [release candidate] is released! New bridge implementation!

Upgrade from 6.40 last rc to 6.41.3 my 2011UiAS-2HnD all leds on active interfaces are off,
Same here, LED's are dead (RB2011UiAS).
by proximus
Wed Jul 19, 2017 10:44 pm
Forum: General
Topic: What dynamic DNS are you using and why? (Free or not)
Replies: 9
Views: 2304

Re: What dynamic DNS are you using and why? (Free or not)

MT script (based on ones found here) to DNS-O-Matic. From there, you can then pass along the IP to many other DDNS services.
by proximus
Thu Jul 13, 2017 5:05 pm
Forum: General
Topic: My IPv6 Triage List for ROS
Replies: 48
Views: 5508

Re: My IPv6 Triage List for ROS

E.g. you have a /56 or /48 pool from the provider. You can set "[64 bits]/64 from pool" but you cannot control WHICH /64 from the pool it will assign to WHICH interface. It should be possible to select the subnet number (8 or 16 bits in the above cases) for each interface, so every time the same ad...
by proximus
Wed Jun 21, 2017 7:00 pm
Forum: General
Topic: IPv6 and DHCP and DNS
Replies: 65
Views: 11246

Re: IPv6 and DHCP and DNS

2) what would be the point of a ipv6 dhcp server if this can be setup dynamically without one? Just record keeping maybe? The benefit of assigning IPv6 addresses via DHCPv6 is so any given device will always have a known address (if assigning persistent leases based on the DUID). Or even dynamic DH...
by proximus
Tue Jun 13, 2017 4:14 am
Forum: Beginner Basics
Topic: ipv6 firewall question [SOLVED]
Replies: 1
Views: 440

Re: ipv6 firewall question [SOLVED]

Sounds like you are applying IPv4 NAT concepts to IPv6. Where in IPv4 NAT, connections on the input chain are TO the router (the NAT address) .. this is the established return traffic to a LAN device request that has been NAT'ed to the WAN address. In IPv6, there is typically no NAT and practically ...
by proximus
Mon Jun 12, 2017 6:52 pm
Forum: General
Topic: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?
Replies: 20
Views: 2543

Re: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?

If IPv6 is so problematic in your environment, why even have it enabled? Do you have IPv6-only sites you have to connect to?
by proximus
Fri Mar 31, 2017 8:13 pm
Forum: General
Topic: IPv6 Address Assignment Hint
Replies: 4
Views: 2160

Re: IPv6 Address Assignment Hint

I see this as a major feature gap that can cause a lot of frustrations. There is no "ipv6hint", "IPv6 Prefix ID" or similar named function to "pin" a prefix from the PD pool to a specified interface. It is essentially random. Add/delete/change an interface and the IPv6 address can change on all inte...
by proximus
Fri Mar 24, 2017 6:06 pm
Forum: General
Topic: How to properly request an IPv6 prefix larger than /64?
Replies: 4
Views: 1075

Re: How to properly request an IPv6 prefix larger than /64?

Yes, typically a 'hint', if supported by your ISP
pool-name="comcast-ipv6" pool-prefix-length=64 prefix-hint=::/60 
by proximus
Tue Jan 31, 2017 1:00 am
Forum: General
Topic: Need IPv6 help getting DHCP v6 working
Replies: 6
Views: 1104

Re: Need IPv6 help getting DHCP v6 working

How would I get the pool into a separate dhcp v6 server to supply my hosts? Manually. I use dnsmasq on ubuntu. dnsmasq will pickup the IPv6 prefix from the interface configuration and use that for the DHCPv6 server. I just do this on my main LAN. Others are stateless auto config. Of course, if your...
by proximus
Mon Jan 30, 2017 4:41 pm
Forum: General
Topic: Need IPv6 help getting DHCP v6 working
Replies: 6
Views: 1104

Re: Need IPv6 help getting DHCP v6 working

Please clarify what you want to use the DHCPv6 server for. It is not a DHCPv6 server for hosts on your LAN (wish it was!), it is a DHCP-PD server to hand out prefixes to other routers. Also, I noticed that your interfaces do not have global IPv6 addresses. This is not handled by the DHCPv6 server. T...
by proximus
Thu Jan 12, 2017 11:11 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 106046

Re: Blacklist Filter update script

If external USB or SD disk available, NAND wearing can be avoided by write temporary files to them. PS. Downloading and executing rsc from not own server and/or by insecure channel look dangerous. May I please be so bold, whats the commands to change the temporary file storage location? I use a RB7...
by proximus
Wed Jan 04, 2017 10:31 pm
Forum: General
Topic: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.
Replies: 5
Views: 1816

Re: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.

Cool, thanks. That seems to rule out something platform specific to the RB750Gr3. Guess I'll need to strip the config down a bit more and see if it will kick in.

Oh well, the little hAP Lite does 17Mbps with OVPN .. ok for proof-of-concept.
by proximus
Wed Jan 04, 2017 8:42 pm
Forum: General
Topic: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.
Replies: 5
Views: 1816

Re: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.

The default 1500 MTU works fine on the RB2011 and hAP Lite. But, just to be sure, I have already tried various 1300 and 1400 MTU sizes on the RB750Gr3 with no change in behavior.

Here is a functional tunnel on the hAP:
mtu.jpg
by proximus
Tue Jan 03, 2017 4:25 am
Forum: General
Topic: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.
Replies: 5
Views: 1816

RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.

I have been attempting to use the OpenVPN Client on the RB750Gr3, per this setup: https://support.hidemyass.com/hc/en-us/articles/204558497-Mikrotik-Client-Setup This works perfectly on a RB2011. This works perfectly on a hAP Lite (RB941-2nD). This does not work on a RB750Gr3. * The OVPN Client esta...
by proximus
Wed Dec 21, 2016 2:58 pm
Forum: General
Topic: ipv6 /56 split to /64
Replies: 1
Views: 613

Re: ipv6 /56 split to /64

The one thing that stands out is that there is no interface specified in the default route. Such as: /ipv6 route> print detail Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable 0 ADS dst-address=::/0 gateway=fe80::201:5cff:fe96:4c46%et...
by proximus
Thu Dec 08, 2016 5:43 pm
Forum: Beginner Basics
Topic: ObiTalk - Portforwarding
Replies: 5
Views: 703

Re: ObiTalk - Portforwarding

Nothing special, pure "plug-n-play". No specific NAT or FW rules. All those src-nat and dst-nat rules should not be required.
by proximus
Thu Dec 08, 2016 4:51 pm
Forum: Beginner Basics
Topic: ObiTalk - Portforwarding
Replies: 5
Views: 703

Re: ObiTalk - Portforwarding

FWIW ... I have 3 Obi's and they work with no special configuration whatsoever. Inbound and outbound calling. Have you tried it with just the default MikroTik NAT/FW configuration? Also ... "Allow" should not be interpreted to mean Port Forwarding. It is pretty rare these days to have to configure p...
by proximus
Sat Nov 19, 2016 11:40 pm
Forum: General
Topic: IPv6 ND Fails when forward=yes
Replies: 30
Views: 4823

Re: IPv6 ND Fails when forward=yes

Put the IPv6 Settings back to default.
What is the output of:
/ipv6 route> print
/ipv6 nd prefix> print
/ipv6 address> print
by proximus
Thu Nov 17, 2016 9:45 pm
Forum: RouterBOARD hardware
Topic: hEX PoE (RB960PGS) - Need 48V Power Supply
Replies: 8
Views: 3996

Re: hEX PoE (RB960PGS) - Need 48V Power Supply

My guess is that when using 48V power supply you cannot get 24V passive PoE on this device, that would be the reason to ship with a 24V supply (or else you would destroy most passive PoE devices). You are correct. I just tried it. With the 24V, passive PoE works. With the 48V, passive no longer wor...
by proximus
Thu Nov 17, 2016 7:32 pm
Forum: RouterBOARD hardware
Topic: hEX PoE (RB960PGS) - Need 48V Power Supply
Replies: 8
Views: 3996

Re: hEX PoE (RB960PGS) - Need 48V Power Supply

Thanks. My MikroTik 48POW 48V power supply just arrived. The 802.3af phones came up pretty quickly. Now for some valued customer feedback to MikroTik: Why on earth would you not ship the product with a power supply that supports the 802.3at capability? I have purchased various other PoE switches and...
by proximus
Mon Nov 14, 2016 2:25 pm
Forum: RouterBOARD hardware
Topic: hEX PoE (RB960PGS) - Need 48V Power Supply
Replies: 8
Views: 3996

hEX PoE (RB960PGS) - Need 48V Power Supply

Could somebody please confirm that the MikroTik 48POW 48V power supply will work with the RB960PGS? If not, suggested alternative? I would prefer a power brick over a PoE injector. I was hoping that the 48V power supply from my Netgear PoE switches would work. But the barrel connector is just bit to...
by proximus
Sat Nov 12, 2016 11:57 pm
Forum: General
Topic: replacing cable modem router with mikrotik router
Replies: 7
Views: 3054

Re: replacing cable modem router with mikrotik router

You need a DOCSIS cable modem. There is no way around this. A MoCA bridge is not a cable modem.
You need either a standalone cable modem, or gateway (combo modem / router). A gateway works best if you place it in bridge mode and let the MT do all the routing functions.
by proximus
Thu Nov 10, 2016 3:35 pm
Forum: Scripting
Topic: SD card backup
Replies: 6
Views: 1920

Re: SD card backup

/system backup save name="/disk1/backup_name" Even better, this nice backup script continues on to ftp the backup to another destination. http://harry.subnetworx.de/2013/12/27/automated-routeros-backup-ftp/ But, you could strip out the the ftp and local file delete parts. That would leave you with ...
by proximus
Mon Nov 07, 2016 3:24 pm
Forum: Beginner Basics
Topic: Forward Ports for OpenVPN
Replies: 6
Views: 6941

Re: Forward Ports for OpenVPN

Proximus - do you have a "Drop All" rule at the bottom of your forward chain? The bottom of my forward chain has "drop invalid" followed by "accept established / related". But, looking at a default config script, it would be more proper to construct it as.: filter add chain=forward action=accept co...
by proximus
Mon Nov 07, 2016 2:56 pm
Forum: Beginner Basics
Topic: Forward Ports for OpenVPN
Replies: 6
Views: 6941

Re: Forward Ports for OpenVPN

A couple of thoughts: 1) Since you are not translating ports, you do not need the "to-port=1194" 2) I'm forwarding to an internal OpenVPN server and it works fine without any other additional forward chain firewall rules. But, if all else fails, give it a shot. I work with just this (using tcp) /ip ...
by proximus
Sat Nov 05, 2016 2:27 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 33035

Re: RB750Gr3 - Report and questions

I like A-B booting in principle (e.g on Chromebooks), but how would it work in this case, would revert to old partition be automated or manual - how would it be triggered? A software watchdog? A hardware watchdog? A switch on the outside? Would an admin need to confirm new version is alright by iss...
by proximus
Tue Nov 01, 2016 11:07 pm
Forum: General
Topic: no traffic on cablemodem
Replies: 5
Views: 481

Re: no traffic on cablemodem

When changing the device connected to the cable modem, are you power cycling the CM? You need to do this to clear the MAC address that it first learned. If not, the new device will not work. Alternatively, you can clone the original MAC to the MikroTik: /interface ethernet set [ find default-name=et...
by proximus
Tue Nov 01, 2016 2:38 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 33035

Re: RB750Gr3 - Report and questions

Definitely met expectations of better CPU performance. Below we have the my original RB2011 replaced with the RB750Gr3, same config. The hourly CPU spikes are a Talos IP block list updating (currently around 46,000 address list entries). This resulted in a significant and measurable impact on throug...
by proximus
Sun Oct 30, 2016 2:16 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 33035

Re: RB750Gr3 - Report and questions

I suspect that your issue is more likely related to 6.38.rc19. I have been trying to build a config on an old RB750GL, in preparation for a new RB750Gr3, and it was giving me fits taking some configuration elements (mostly IPv6 related). The router becomes inaccessible an eventually restarts with co...
by proximus
Tue Oct 18, 2016 12:16 am
Forum: General
Topic: Traffic Monitoring tool
Replies: 3
Views: 1165

Re: Traffic Monitoring tool

PRTG Network Monitor gives you 100 sensors for free. A very nice commercial network management system.
https://www.paessler.com/howto-free-network-monitoring

Windows only :(
by proximus
Fri Oct 07, 2016 10:21 pm
Forum: General
Topic: IPv6 testing, some help required
Replies: 14
Views: 2124

Re: IPv6 testing, some help required

My ISP uses DHCPv6-PD and I can simply assign addresses from the pool to internal interfaces, but unfortunately MikroTik has no option to lock a certain subnet to a certain interface. When configuration is changed or software behaviour changes, the addresses move around at random, which is not nice...
by proximus
Thu Oct 06, 2016 5:33 pm
Forum: General
Topic: IPv6: clients do not get a default route
Replies: 8
Views: 2432

Re: IPv6: clients do not get a default route

the Router Advertisement messages (via radvdump) remain exactly the same, specifically "AdvRouterAddr" is still off. lilit That is correct and expected. The RouterAddr is not set, it is typically used in mobile IPv6 networks. What does your config look like here: /ipv6 nd> print interface=bridge-lo...
by proximus
Thu Aug 25, 2016 2:04 pm
Forum: Announcements
Topic: v6.36.2 [current] is released!
Replies: 54
Views: 14976

Re: v6.36.2 [current] is released!

proximus - Please write to support@mikrotik.com and report this issue. I am not being able to reproduce issue like this right away. . Hum, the issue seems to have resolved itself. An old empty address-list from several months ago started showing up in the drop downs. It disappeared right after I ge...
by proximus
Thu Aug 25, 2016 1:09 am
Forum: Announcements
Topic: v6.36.2 [current] is released!
Replies: 54
Views: 14976

Re: v6.36.2 [current] is released!

*) address-list - properly remove unused address-lists from drop-downs;
This issue had been fixed in 6.32.4, but has now returned in 6.36.2.
by proximus
Thu Jul 21, 2016 10:07 pm
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 42130

Re: v6.36 [current] is released!

Please explain how domain name to address-lists works? Does it resolve it just once while address list created or on every query? Ouchy!  Just to see what would happen, I read in a 390 entry domain block list  (sourced from https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt ).   Hit 85% CPU ...
by proximus
Thu Jul 21, 2016 4:29 am
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22144

Re: v6.35.4 [current] is released!

Why, please explain us why is the dynamic addres-list option read-only now? All scripts broken. Need to rollback. And no workaround nor alternatives, how should it be done in order to keep big address lists dynamic without flash writing? Ya, I fought this for a while since it broke all my scripts, ...
by proximus
Wed Jun 22, 2016 3:47 am
Forum: General
Topic: Dynamic items unchangeable - why?
Replies: 44
Views: 7572

Re: Dynamic items unchangeable - why?

So, I was using 6.30.2 and I had a simple script that would add dynamic address-list entries. I added them dynamic so they wouldn't persist on reboot. How can I had non persistent entries now? On Queues, Address-list, etc.? MT removed the ability to add dynamic address-list entries as of 6.35.4 / 6...
by proximus
Tue Jun 14, 2016 3:36 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65215

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) address-list - make "dynamic=yes" as read-only option; why-y-y?.. how to add dynamic entry in this version? the goal is excluding such entries from export and NOT writing them to NAND EXACTLY!  This change was also made in 6.35.4.   It makes no sense to eliminate a configuration capability that ...
by proximus
Tue Jun 14, 2016 2:21 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22144

Re: v6.35.4 [current] is released!

As far as I know it is not possible to create dynamic rule by static command from console. Though dynamic address-list entries are displayed after /ip firewall address-list print. huh? All "load and block current bogus IP addresses on startup" scripts are useless now?? It makes no sense to save the...
by proximus
Mon Jun 13, 2016 6:11 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22144

Re: v6.35.4 [current] is released!

Sorry I just edited my original post.  Sure it is possible.

[dave@MikroTik] /ip firewall address-list> add list=compromised address=1.212.157.221 dynamic=yes timeout=172800
[dave@MikroTik] /ip firewall address-list>
by proximus
Mon Jun 13, 2016 6:00 pm
Forum: Announcements
Topic: v6.35.4 [current] is released!
Replies: 51
Views: 22144

Re: v6.35.4 [current] is released!

*) address-list - make "dynamic=yes" as read-only option;

Why would you do that? 

I import block lists as dynamic so they don't have to be written to disk every day.  I currently have over 27,000 entries.  This just broke all my scripts.
by proximus
Thu Apr 28, 2016 4:21 am
Forum: General
Topic: [SOLVED] Mikrotik dhcpv6 client vs. Comcast - who's broken?
Replies: 11
Views: 970

Re: Mikrotik dhcpv6 client vs. Comcast - who's broken?

I've just disabled DHCPv6-client for now and will wait until Sunday evening to re-activate IPv6. That will work. Or, go to the Comcast Direct support and request they release that /64. https://www.dslreports.com/forum/comcastdirect I have done that before. IIRC, they can do it by just giving them t...
by proximus
Thu Apr 07, 2016 4:56 pm
Forum: General
Topic: flipping of IPv6 prefixes on interfaces between restarts
Replies: 1
Views: 390

Re: flipping of IPv6 prefixes on interfaces between restarts

I have seen this too. Rather inconvenient, at the least! I know it also happens in 6.34. And seem to recall it happening in prior releases, but can't be certain. However, I have only seen this behavior after adding/deleting an IPv6 interface and rebooting. Then it may reassign the prefixes. As in ot...
by proximus
Tue Feb 16, 2016 4:56 pm
Forum: General
Topic: 6.34 - DHCPv6 Rapid Commit Breaks "prefix hint"
Replies: 1
Views: 694

Re: 6.34 - DHCPv6 Rapid Commit Breaks "prefix hint"

The issue has been resolved in 6.35rc10.
*) dhcpv6 client - fix pd hint with empty address

Thanks for the fast resolution!
by proximus
Mon Feb 15, 2016 5:14 pm
Forum: General
Topic: 6.34 - DHCPv6 Rapid Commit Breaks "prefix hint"
Replies: 1
Views: 694

6.34 - DHCPv6 Rapid Commit Breaks "prefix hint"

I have sent the following to support (Ticket#2016021566000655). Posting here for general awareness. Summary : The change to the DHCPv6 Client making Rapid Commit the default, in 6.34, has broken "prefix-hint". The hint request never gets sent and the requested prefix size cannot be obtained. Config:...
by proximus
Sun Feb 07, 2016 4:40 am
Forum: Scripting
Topic: Spamhaus + Dshield + Malc0de + OpenBL Malicious Ip Blacklists!
Replies: 15
Views: 9036

Re: Spamhaus + Dshield Malicious Ip Blacklist For RouterOS Now Availalable GRATIS!

Thank you for providing this. However, the script is currently (as of 2/6/16) exiting to an error after the spamhaus1 import update. It appears to be missing the following: :log info "drop.spamhaus2 script import started" :foreach subnet in [/ip firewall address-list find list=drop.spamhaus2] do={ /...
by proximus
Mon Feb 01, 2016 11:43 pm
Forum: Announcements
Topic: v6.34 [current] is released!
Replies: 91
Views: 22955

Re: v6.34 [current] is released!

There seems to be an issue with the DHCPv6-Client. ... This issue occurs in 6.34 for the first time. Until 6.33.5 there are no problems. 6.33.6 not tested. I've seen another problem with the DHCPv6-Client in 6.34 and Prefix Delegation. The "prefix-hint" doesn't appear to be functioning correctly. I...
by proximus
Thu Sep 27, 2012 4:50 pm
Forum: General
Topic: RouterOS v6 release candidate 1
Replies: 96
Views: 30036

Re: RouterOS v6 release candidate 1

On RB 750:
jan/02/1970 02:00:14 system,error,critical System rebooted because of kernel fai
lure
jan/02/1970 02:00:14 system,error,critical router was rebooted without proper sh
utdown
I have experienced the same failure on a RB750GL.

autosupout.rif sent to support.
by proximus
Wed Aug 15, 2012 6:18 pm
Forum: General
Topic: Comcast/DHCPv6-PD problems with 5.19
Replies: 4
Views: 3373

Re: Comcast/DHCPv6-PD problems with 5.19

Default route problem will be fixed in v5.20.
Verified resolved in v5.20.

Thanks!
by proximus
Wed Aug 08, 2012 9:07 pm
Forum: General
Topic: IPv6 G.K. Question.
Replies: 1
Views: 565

Re: IPv6 G.K. Question.

I've read on several pages that, a website hosted on a IPv6 address will not be accessible from any PC with IPv4. Is it so? Correct. If the website is IPv6 only and the PC is IPv4 only , then they cannot communicate directly. IPv4 and IPv6 run independently of each other. And what about accessing a...
by proximus
Mon Jul 30, 2012 5:41 pm
Forum: General
Topic: Comcast/DHCPv6-PD problems with 5.19
Replies: 4
Views: 3373

Re: Comcast/DHCPv6-PD problems with 5.19

FWIW, I haven't been able to get my RB750GL (5.19) working on Comcast either (it's not a pilot anymore, it's production). I put on a D-Link (DIR-655 B1) or Netgear (WNR3500Lv2) router and Native Dual-Stack IPv6 works just fine. The RB is getting the IPv6 prefix, RA's are sent on the LAN and hosts ad...