Community discussions

MikroTik App

Search found 46 matches

by Zebble
Tue May 12, 2020 6:37 am
Forum: Scripting
Topic: MQTT client in routerOS
Replies: 6
Views: 3992

Re: MQTT client in routerOS

+1 for this feature. Would love to be able to have Mikrotik devices subscribe to a central MQTT server over TLS/SSL to trigger scripts on topic updates. Perfect for doing lightweight automation and control and not need to poke any inbound holes through firewalls! We currently do this through some sc...
by Zebble
Sun Oct 27, 2019 1:14 am
Forum: General
Topic: Feature Request : Wireless Private Passphrase as a Match in Access-List [SOLVED]
Replies: 19
Views: 5166

Re: Feature Request : Wireless Private Passphrase as a Match in Access-List [SOLVED]

You can always buy an AP that supports it! You will never find all features in all possible devices at all price levels. The problem isn't the AP (we're talking about Mikrotik - they all support EAP), it's the client devices. Not all support EAP, especially consumer devices. The example above of an...
by Zebble
Sat Oct 26, 2019 10:44 pm
Forum: General
Topic: Feature Request : Wireless Private Passphrase as a Match in Access-List [SOLVED]
Replies: 19
Views: 5166

Re: Feature Request : Wireless Private Passphrase as a Match in Access-List [SOLVED]

You can do this standards-based when using WPA2-EAP. Almost every client supports it.
This isn't the same as dynamic PSK. Not all devices support EAP, and DPSK is far simpler from a user perspective.
by Zebble
Fri Oct 18, 2019 12:12 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 70
Views: 16426

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Nice Work!

I added FireHOL Level2 to the script as well, in case you're interested. Just added this line:

$update url=https://raw.githubusercontent.com/ktsao ... el2.netset description="FireHOL Level2" delimiter=("\n")

-zeb
by Zebble
Thu Apr 25, 2019 6:57 pm
Forum: General
Topic: CRS series and reading the FDB by SNMP?
Replies: 2
Views: 1041

Re: CRS series and reading the FDB by SNMP?

This appears to now work, at least with the CRS328 I was testing with. With the change to using bridges for most stuff with regards to switches, this is now available in the BRIDGE-MIB (1.3.6.1.2.1.17).

http://www.oidview.com/mibs/0/BRIDGE-MIB.html

FDB is 1.3.6.1.2.1.17.4.3.
by Zebble
Tue Mar 06, 2018 11:59 pm
Forum: Announcements
Topic: Newsletter #81 (March 2018)
Replies: 23
Views: 14696

Re: Newsletter #81 (March 2018)

CRS328 is definitely an awesome addition! Thanks MT!
by Zebble
Tue Aug 01, 2017 11:08 pm
Forum: Wireless Networking
Topic: CAPsMAN Access List Private Passphrase
Replies: 2
Views: 1444

Re: CAPsMAN Access List Private Passphrase

Did you ever figure this out? We're running into the same challenge. We've also tried a RADIUS server (userman), but it can't handle username pattern matches...
by Zebble
Mon Apr 11, 2016 2:16 am
Forum: Scripting
Topic: Error when trying to clear firewall connections
Replies: 3
Views: 1253

Re: Error when trying to clear firewall connections

You could also just turn off connection tracking to clear the connections, and then turn it back on.

/ip firewall connection tracking set enabled=no
/ip firewall connection tracking set enabled=yes (or auto)

-wade
by Zebble
Mon Apr 04, 2016 12:21 am
Forum: Scripting
Topic: Blocklister WebAPI to get precompiled IP Addresslists
Replies: 10
Views: 4384

Re: Blocklister WebAPI to get precompiled IP Addresslists

Based on experience, you may want to use blackhole routes instead of an Address List. For larger lists, blackhole routes take up less CPU and RAM so they tend to perform much better and on lesser hardware. The only thing you lose is the ability to count the number of "hits" to the blacklists through...
by Zebble
Tue Aug 06, 2013 5:36 pm
Forum: Scripting
Topic: Import script works from CLI, but not from a script?
Replies: 3
Views: 1164

Re: Import script works from CLI, but not from a script?

6.2 update fixed both problems.
Thanks for checking jirif. Confirmed on this end too.
by Zebble
Wed Jul 31, 2013 11:11 pm
Forum: Scripting
Topic: Import script works from CLI, but not from a script?
Replies: 3
Views: 1164

Import script works from CLI, but not from a script?

This seemed to work in a system script, pre-6.x: /import script.rsc Now, any script with an import command works just fine from the CLI (ie. manually entering "/import script.rsc") but does not run within a system script. No error, execution just stops at the import command. Is there a new way to do...
by Zebble
Sat Jul 06, 2013 6:45 pm
Forum: General
Topic: DNS flood answering despite filter rules!
Replies: 7
Views: 2641

Re: DNS flood answering despite filter rules!

We saw exactly the same thing on an RB532 running ROS 6.1. I thought it was a rules issue, but couldn't find the culprit. Refreshed the rules with a new set, rebooted and the problem was gone... I'm now not sure if a simple reboot would have sufficed.
by Zebble
Wed Mar 06, 2013 4:44 pm
Forum: General
Topic: Some RB models not working with some Cisco switch models
Replies: 3
Views: 1001

Re: Some RB models not working with some Cisco switch models

At the risk of starting a flame war, this is fairly common with Cisco equipment and auto-negotiation.

Try locking the ports on both ends (the MikroTik and Cisco) to a specific speed and duplex. That usually works.

-zeb
by Zebble
Wed Sep 26, 2012 5:39 am
Forum: General
Topic: Hairpin NAT with bonded ADSL lines
Replies: 16
Views: 2915

Re: Hairpin NAT with bonded ADSL lines

Unless I'm missing something, this isn't really bonding, but load balancing, right?

Not that it matters, just doing a sanity check for my own benefit.
by Zebble
Thu Sep 06, 2012 6:00 am
Forum: General
Topic: Public block IP routing with pppoe
Replies: 5
Views: 1644

Re: Public block IP routing with pppoe

Yup, definitely works as suggested. We have a PPPoE connection with a static ip, as well as a /28 and /29. We've assigned the first address of each subnet to a physical port on an RB1200, and made the ports standalone (ie. master ports with no slaves) and works great! Definitely nice to have complet...
by Zebble
Thu Sep 06, 2012 5:52 am
Forum: General
Topic: Best Quad NIC for MT server
Replies: 14
Views: 3154

Re: Best Quad NIC for MT server

The RB44Ge looks like its full height. I've never seen a half-height card that can fit 4 full RJ45 ports on its faceplate...
by Zebble
Wed Apr 25, 2012 11:54 pm
Forum: General
Topic: how to select interface for PPTP/SSTP tunnels
Replies: 12
Views: 7761

Re: how to select interface for PPTP/SSTP tunnels

Got it... I wonder if you could mangle using the "Content" field? If you can identify something specific within the packet of each PPTP connection, then you could do what you need to do... Alternatively, if you could change the PPTP server to accept PPTP connections on another port in addition to 17...
by Zebble
Wed Apr 25, 2012 11:25 pm
Forum: General
Topic: how to select interface for PPTP/SSTP tunnels
Replies: 12
Views: 7761

Re: how to select interface for PPTP/SSTP tunnels

That's correct, but the last sentence in the first post indicated you were trying to use PPTP and SSTP and alter routing tables but couldn't figure it out. That's exactly what skillful's response addressed.
by Zebble
Wed Apr 25, 2012 10:56 pm
Forum: General
Topic: how to select interface for PPTP/SSTP tunnels
Replies: 12
Views: 7761

Re: how to select interface for PPTP/SSTP tunnels

Hi syadnom,

skillful's response is what you want. Marking the outbound packets through mangling, based on the characteristics of PPTP and SSTP, and then applying policy routing based on those marks will force PPTP out the "DSL_Uplink" interface, and SSTP out the "cable_Uplink" interface.
by Zebble
Wed Mar 28, 2012 4:03 pm
Forum: Beginner Basics
Topic: SSTP Site to Site Routing won't work
Replies: 8
Views: 5722

Re: SSTP Site to Site Routing won't work

Certificates are optional if you're connecting between Mikrotik's using SSTP.
by Zebble
Thu Mar 22, 2012 6:31 pm
Forum: General
Topic: Block Torrents & p2p Traffic 100% working on all versions
Replies: 59
Views: 164306

Re: Block Torrents & p2p Traffic 100% working on all version

ulikroessin, that will depend on how you setup your firewall rules that use the layer7 protocol filter. You can specific specific addresses, or not and have everything filtered...
by Zebble
Thu Mar 22, 2012 3:05 pm
Forum: General
Topic: Block Torrents & p2p Traffic 100% working on all versions
Replies: 59
Views: 164306

Re: Block Torrents & p2p Traffic 100% working on all version

Copy and paste the regexp into IP -> Firewall -> Layer 7 protocols, or use this export: /ip firewall layer7-protocol add name=torrentsites regexp="^.*(get|GET).+(torrent|\ thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|\ torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes...
by Zebble
Tue Mar 13, 2012 3:55 pm
Forum: Beginner Basics
Topic: SSTP Site to Site Routing won't work
Replies: 8
Views: 5722

Re: SSTP Site to Site Routing won't work

SSTP doesn't do any routing, it's simply a VPN pipe. We've been using SSTP from site-to-site, as you've described, without any issues. Your issue is either a rule problem, or a routes problem. Your routes look ok, so I suspect it's a rule problem and the logs should indicate what's being dropped and...
by Zebble
Mon Mar 12, 2012 6:00 am
Forum: Beginner Basics
Topic: SSTP Site to Site Routing won't work
Replies: 8
Views: 5722

Re: SSTP Site to Site Routing won't work

It's a firewall rule. Try adding a "log" action, identical to your drop rules, just before the drop rules, then try your tests again and check the logs. You should see where the packets are getting last and be able to add a rule to compensate. If you're still stuck, send the relevant portions of the...
by Zebble
Mon Mar 05, 2012 10:56 pm
Forum: General
Topic: problem "checkip.dyndns.org detect local ip"
Replies: 4
Views: 1459

Re: problem "checkip.dyndns.org detect local ip"

That possibly means your MikroTik is behind another NAT device.
by Zebble
Sun Mar 04, 2012 4:23 am
Forum: General
Topic: RB450G strange 100% spikes on CPU resource graph
Replies: 3
Views: 1257

Re: RB450G strange 100% spikes on CPU resource graph

We had something similar happen with our monitoring tool. The tool would grab all SNMP values except the CPU first, which would load the CPU. We fixed this by changing the order of what SNMP values were polled, polling CPU first to avoid this issue. Not sure if this is related, as your issue seems t...
by Zebble
Tue Feb 21, 2012 7:15 pm
Forum: Scripting
Topic: Dyndns
Replies: 1
Views: 1053

Re: Dyndns

I've used the same script on an RB750GL with no problems for at least a few months, non-stop. From your logs, it looks like the fetch command might have hung/lost communication with the dyndns ip fetch site at some point? If that's the case, you can modify the script to check the IP of the WAN inter...
by Zebble
Tue Feb 21, 2012 7:06 pm
Forum: General
Topic: i wont 1 more adsl to my hotspot...
Replies: 3
Views: 971

Re: i wont 1 more adsl to my hotspot...

Might be easier if you can find a DSL provider that supports MLPPP and simply bond the two (or more) DSL connections? Works very well on the RouterBoards... The only other way would be load balancing the two DSL connections using Policy Routing: http://wiki.mikrotik.com/wiki/Load_Balancing_over_Mult...
by Zebble
Wed Feb 15, 2012 10:51 pm
Forum: Scripting
Topic: Getting Dynamic WAN IP
Replies: 2
Views: 3048

Re: Getting Dynamic WAN IP

The Mikrotik appends the subnet to the result of [/ip address get [/ip address find where interface=WAN] address], so you may need to remove it first. This is what I've used: :local currentIP :local externalInterface "ether1-wan" # get the current IP address from the external interface :set currentI...
by Zebble
Wed Feb 15, 2012 10:38 pm
Forum: General
Topic: Two remote LAN connected via PPTP - Bonjour Problem
Replies: 4
Views: 1452

Re: Two remote LAN connected via PPTP - Bonjour Problem

Hi Fredgr, You partially answered your own question. Bonjour is multicast, so you'd need to use something that facilitates a bridge (like EoIP) or does multicast routing. MikroTik appears to support Multicast routing, but I'm not sure if Bonjour will support it. http://wiki.mikrotik.com/wiki/Manual:...
by Zebble
Mon Feb 13, 2012 4:02 pm
Forum: General
Topic: Mikrotik Switch/Routing RB750GL
Replies: 6
Views: 1634

Re: Mikrotik Switch/Routing RB750GL

Glad it worked out, and I could help!

I'd appreciate forum Karma if you think I helped enough!
by Zebble
Wed Feb 08, 2012 11:58 pm
Forum: General
Topic: Mikrotik Switch/Routing RB750GL
Replies: 6
Views: 1634

Re: Mikrotik Switch/Routing RB750GL

Hi Mat, Restored your backup to our own RB750GL and everything works as expected. I can ping both ways, and connect to a file share to/from either system. The only things I can think of now is: - Check that MAC addresses are valid on your equipment and on the MikroTik's interfaces (ie. I've seen str...
by Zebble
Wed Feb 08, 2012 5:05 am
Forum: General
Topic: Mikrotik Switch/Routing RB750GL
Replies: 6
Views: 1634

Re: Mikrotik Switch/Routing RB750GL

Interesting... Are you sure there aren't any NAT rules doing something strange?

If you want to send me a backup/export, I can test on some RB750GL's we have in stock.
by Zebble
Sun Feb 05, 2012 4:41 pm
Forum: General
Topic: PPTP site to site - slow traffic flow...
Replies: 1
Views: 797

Re: PPTP site to site - slow traffic flow...

20-25kbytes/sec is about right since your lowest link speed is 256kbits/sec (2m/256k).
by Zebble
Fri Feb 03, 2012 6:46 pm
Forum: Scripting
Topic: Public interest in blacklist service w/ MikroTik script?
Replies: 6
Views: 10079

Re: Public interest in blacklist service w/ MikroTik script?

Good point ditonet, which lead me to digging... I found that our script was only pulling in just over 1000 entries instead of the full ~23K due to a bug! It was only pulling in OpenBL entries that started with a 9 in the last octet! Whoops... I've loaded the full list on a reasonably loaded RB1200, ...
by Zebble
Thu Jan 26, 2012 4:28 pm
Forum: General
Topic: MLPPP Reassembly Algorithm Issue
Replies: 6
Views: 1950

Re: MLPPP Reassembly Algorithm Issue

Thanks again trm3, I think I'm getting it now. Your setup is a little different from ours. We're using MLPPP to our ISP, and then VPN to our centrally hosted MikroTik. I believe what you're describing is that you were using MLPPP to a centrally hosted MikroTik, and have now opted for EoIP. If I'm ri...
by Zebble
Thu Jan 26, 2012 7:26 am
Forum: General
Topic: MLPPP Reassembly Algorithm Issue
Replies: 6
Views: 1950

Re: MLPPP Reassembly Algorithm Issue

Hi Trm3, To clarify, you were using L2TP/PPTP/OpenVPN -> MLPPP, and now you're using L2TP/PPTP/OpenVPN -> EoIP -> MLPPP, or did I miss something? How many connections were you bonding with MLPPP and what type (ie. DSL?). Was the MLPPP connection itself showing around 2 to 3% packet loss due to I ass...
by Zebble
Wed Jan 25, 2012 4:50 pm
Forum: Scripting
Topic: Public interest in blacklist service w/ MikroTik script?
Replies: 6
Views: 10079

Re: Public interest in blacklist service w/ MikroTik script?

ChangeIp: That method is very interesting to me! I'm a bit of a BGP newb, so any advice/howto you can offer would be appreciated. In the meantime, here's the relevant portion of the linux-side script that produces the Mikrotik code to update a "blacklist" address-list, in case anyone wants to use it...
by Zebble
Sun Jan 15, 2012 9:24 pm
Forum: General
Topic: v5.11 released
Replies: 173
Views: 48510

Re: v5.11 released

When we last had our x86 box crash, it was responding to pings but not forwarding any traffic. Console was completely black. Pressing any keys didn't change that, so can't help with a screenshot.

Been up just fine for over 2 weeks now.
by Zebble
Thu Jan 12, 2012 5:11 pm
Forum: Scripting
Topic: Public interest in blacklist service w/ MikroTik script?
Replies: 6
Views: 10079

Public interest in blacklist service w/ MikroTik script?

We have a central server that creates a MikroTik .rsc script every night that creates a blacklist address-list using lists from OpenBL, DShield and SpamHaus. A script on the MikroTik then does a "fetch" of this script on a nightly basis and runs it. Corresponding firewall rules then block connection...
by Zebble
Wed Jan 11, 2012 5:27 pm
Forum: General
Topic: v5.11 released
Replies: 173
Views: 48510

Re: v5.11 released

I can personally confirm that the latest RB1200 firmware included with 5.11 (2.37) resolved the rebooting issue.
by Zebble
Mon Jan 09, 2012 4:27 pm
Forum: General
Topic: v5.11 released
Replies: 173
Views: 48510

Re: v5.11 released

Quick update that we've had our x86 5.11 VM running flawlessly except for an SSTP problem for almost 2 weeks now.
The ONLY change made was to have ALL logs go to disk instead if memory. Could memory-based logging or overall memory allocation be the source of the problem?
by Zebble
Fri Jan 06, 2012 6:33 pm
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23561

Re: Routing between two subnets

The routes you have should be more than enough, and the gateway on each subnet appears to be fine.

Have you tried looking at the Torch for each interface on the MikroTik while pinging, to see where the packet(s) might be getting lost?
by Zebble
Fri Jan 06, 2012 6:18 pm
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23561

Re: Routing between two subnets

Do you have any NAT rules enabled?
Can you ping to all subnets including the internet from the router itself?
by Zebble
Sat Dec 24, 2011 4:59 am
Forum: General
Topic: SSTP stops passing traffic and doesn't try to reconnect
Replies: 0
Views: 539

SSTP stops passing traffic and doesn't try to reconnect

We have an x86 version if ROS 5.11 running in a vmware esxi VM with 2 cpu's and 1GB of vram. It is acting as an SSTP server for 3 RB750GL clients running 5.11. We are using user name/password (64 characters) instead of certs for SSTP. Periodically the SSTP connection will stop passing traffic. It st...
by Zebble
Sat Dec 24, 2011 4:34 am
Forum: General
Topic: v5.11 released
Replies: 173
Views: 48510

Re: v5.11 released

Had 5.11 lock up on an esxi VM after about 2 days. A reset brought it back up, and its been up for just over 6 days. ONLY change made was for all logs to go to disk instead of memory or console, so I could catch what was in the logs before the next lock up. Config: 2 vCPU's (xeon e5420) 1GB vRAM 80G...