MikroTik

Well, we are getting a bit off-topic here... To be clear, I'm not saying that the documentation as it is now is perfect. You are right in that it may and should be improved in lots of rather reasonable ways. However complaining about the fasttrack page not telling about "lags when mangle activated" ...

This article doesn't have any mentions about lags when mangle activated. Should it? What you call "lags" are symptoms, not the problem itself. The main thing that article tells you is the following: Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will n...

Please read the documentation.
ok. where?

Here: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

Disabling fasttrack helps.Hope Mikrotik fix it soon

This is not a bug and cannot be fixed. This is how fasttrack works. Please read the documentation.

i4ko, EIRP is not so much about the power as about the density of radiation, so for directional antennas the gain may easily be much higher than 1.

This is normal ? It is. Absolutely. You have simply added a rule to a custom (user-defined) chain named 'perouting' that you can now jump to using 'action=jump' rules. And, by the say, this is in no way version-specific, so in the future please refrain from posting such questions to version-specifi...

Darman, how do you think an update will know what socks entries are legitimate and what are not?

Mutator , in a previous post you wrote yourself that the problem is also reproducible on an earlier versions of RouterOS (6.42.x), so it is NOT a 6.43.8 specific regression. The release topics are meant for version-specific issues only. Also you have already reported the problem in another thread, ...

why dont have WinBox + MAC WinBox button?

That's probably because WinBox has neighbor discovery capability builtin.

doush Nobody except you complains, which means it's either faulty hardware or a configuration specific issue. A couple of posts ago you said you are not willing to supply support@ with the info they asked you for. Being software developer myself, I can assure you this is a road to nowhere...

pranoy1083, the problem is likely in the queues themselves and not specific to this particular version. Please start a new topic for this and/or (better yet) report it to support@.

It would be useful if the matrix contains some information about the hardware-accelerated encryption support.

I get that. But the webfig torch NEVER shows more than the two lines to be seen in the screenshot, no matter what traffic is to be seen via winbox. Just tried it myself. Right after opening the Torch screen I can see the same two lines as shown on your screenshots, but after clicking on the "Start"...

roughly the same time.

I guess this likely is the point. Torch is a "right now" tool, not a "historical data" tool.

Just wondering why two versions have been skipped? Never seen that before

It has become a rather common situation lately.
The obvious reason might be the skipped releases not passing the QA.

When I set comment for PPTP client, it reconnect ! New feature ? It has always been like that. Changing comment on any interface brings that interface down and then back up. PS. The next time you post to a release topic please make sure you are reporting a problems that is specific to (was introduc...

Any chance of 6.42.10 with the IP Traffic Flow NAT fixes ?

Can you provide more details (or a link) of what's broken, please?

This IPsec bug still not fixed https://forum.mikrotik.com/viewtopic.php?f=2&t=136445 What is the purpose of writing this in all version-specific topics? This is clearly not a regression since the previous version, so please stop. Have you written to support, by the way? In case you have, did they a...

Ah, nice suggestion but, all my laptops are Pro type and I have real serial ports on them :-) The key here is that TTL serial and RS232 are somewhat different beasts- they differ at least in the voltage levels (while on the protocol level they must be compatible). You can easily damage TTL serial p...

I really hope that the new iPhone Xs/XsMax 5GHz AC problem is resolved before the 6.44 production release. https://forum.mikrotik.com/viewtopic.php?f=7&t=139608&sid=c812125039cd5699bb02c1cae5c96b71 Reading through the topic you've linked to makes me think it is an iPhone's problem, not Mikrotik's o...

After upgrading to 6.43.2 from 6.42.7 you can no longer have multiple IPsec peers to the same destination IP but with different source addresses. This regression is said to be fixed in 6.44beta14. Please check the change log in the post here . And I'd expect this kind fix to be merged to 6.42.x lat...

... that the plaintext password file was not replaced/deleted ... Sure it was not. Do you read the release notes? What's new in 6.43 (2018-Sep-06 12:44): ... *) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades) ;

The ROS is changing the actual MTU if I change the method, ... , but If a Mikrotik document doesnt write other (please link it for me if exists), It should work, but it doesnt. The IPIP wiki page says the default is 1500. Nothing is said about MTU being automatically/dynamically adjusted, so I assu...

It seems that bridge gets it's MAC automatically from the first port connected to it - dynamically changing this whenever the config change is made....

This is actually a documented behavior...

If I change the keying method from SHA1 to SHA256, the IPIPv6 reconnect and after thet the new TCP connections are broken, but ping works. What next now? Check if the MTU settings on your tunnel interfaces are correct. In case you rely on RouterOS to calculate it automatically try setting it to the...

Rather then doing MSS clamping you'd better fix your firewall to allow PMTUD to function properly across your tunnel...

Can you provide link to the documentation

Look at the very bottom of this wiki page (in the "Winbox" section).

Current TX Power = 0dBm

Current TX power readings are not supported for 802.11ac-capable wireless cards. That's a known (and documented!) limitation that has always been there.

ssbaksa, what is in /tool profile?

bugfix-only/long-term named 'stable' instead?

I have a theory that they may want to support 6.40.x line (the last release branch before the bridge overhaul) for an extended period of time, hence the "long-term". This does not justify, however, renaming "current" to "stable".

Perhaps "current" really was the correct name.

Indeed!

No it does not, unless you scheduled automatic restarts. It's getting a bit off-topic, but still. The default behavior of Windows 10 is to always install updates automatically as soon as they become available, and then force automatic reboot somewhen outside of a (somewhat) configurable "activity p...

Even your "beloved" Microsoft does not force reboots.

In Windows 10 it does, actually.

Where is bugreport page or bugtracker?

Write an email to support@mikrotik.com

!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);

Two questions:

Can this cloud backup be encrypted?
Since Mikrotik cloud services are bound to the device's serial number, is there any way to retrieve a backup when the original device is lost?

I want to confirm if Mikrotik has enabled in the RouterOS to leverage the HW encryption / decryption for AES algorithm used in IPSec Acceleration also applied to OpenVPN Acceleration (aside the issue that only TCP is supported and is slower). What's the point in asking the same question again and a...

I'll bet their market share in the WISP industry today is much smaller then it was 10 years ago.

There are lots of other markets other then WISP...

Hardware Acceleration for AES (OpenVPN protocol)?

As I understand, RouterOS only supports in-kernel HW crypto acceleration, which means it works for IPsec phase2 only. OpenVPN is currently out of luck no matter what board you have.

I have been using these switches

What switches? Please specify exact model(s).
Some small switches (like the RB260 series) are known to have a rather weak CPU which can easily be maxed out when being constantly monitored via ICMP.

What are you talking about?
v6.40.8 includes patches to fix known vulnerabilities including latest winbox port vulnerability.

We are talking about this: viewtopic.php?t=121039#p595087

No, it is not.

Even if you are right with this one it is still vulnerability which is known and is not applied in current/bugfix. Well, the fact that the previous versions of WinBox (even in secure mode) were susceptible to MITM attacks was well-known for years. Many users were concerned and raised questions here...

But that was done because there were bugs that allowed the retrieval of the unencrypted passwords (and thus the quick retrieval of valid user/password combinations as shown) That's correct. And I must admit this change had to be implemented years ago without waiting for bugs like this one to pop up...

in 6.43rc17, something was changed in winbox service (thats why every RC since then has to use Winbox 3.14) to prevent MITM attack. No. And the purpose of this change has been explained here on the forum somewhere, and it has nothing with preventing MITM attacks. RouterOS used to store local user c...

I decided to buy another cloud core and it continues with the same problem says:

Have you tried writing to support@ ? Just curious.

Why the router tries to connect to ip 224.0.0.22?

This is a multicast address that has something to do with IGMPv3. May be related to IGMP proxy or UPnP.

Ive been doing RCs for 8+ years. For 7+ years the RCs were as stable as the stable version. You are exaggerating "a bit". Mikrotik started releasing public RCs since mid-2015 (since v6.32 or 6.31, but definitely not earlier), which means you could not have been using RCs for more then 3 years. And ...

Do you respond to requests from the forum or bugfix create a new bug ?

This is a user forum. Mikrotik staff responds on forum occasionally, but in general all (potential) bugs should be reported to support@ via email.

msatter , another solution to your task would be introducing a separate custom chain for your dynamic rules, then jumping to this custom chain at the point where you currently insert your dynamic rules. In the script you then simply add your dynamic rules to the top of your custom chain not worryin...

Let's see how many client we can hook up.

Please note that it is currently limited to only 8 clients at a time. See page 16 of the 60G presentation from the MUM in Berlin.

Search found 1052 matches