Community discussions

MikroTik App

Search found 106 matches

by 5nik
Wed Feb 07, 2024 1:34 pm
Forum: RouterBOARD hardware
Topic: The dream switch for the RB5009
Replies: 5
Views: 1018

Re: The dream switch for the RB5009

I already suggested similar, but only 8 ports switch: viewtopic.php?t=197927. But I personally prefer ROS.
by 5nik
Wed Sep 20, 2023 12:03 am
Forum: General
Topic: Proxy ARP working with IKEv2 VPN
Replies: 0
Views: 641

Proxy ARP working with IKEv2 VPN

I wanted to migrate my home L2TP/SSTP VPN to IKEv2 according this official example . But I'm sharing IP network (same IP pool) for LAN and VPN (using proxy-arp). I tried to setup in IKEv2, but it didn't work, because router didn't set dynamic routes for connected users. If I set route(s) manually, p...
by 5nik
Tue Sep 19, 2023 4:56 pm
Forum: Wireless Networking
Topic: Guest VLAN for wireless 802.1x
Replies: 0
Views: 1353

Guest VLAN for wireless 802.1x

In wired 802.1x implementation, we have possibilities to put rejected or non compatible users / devices into separate (guest or quarantine) vlan. It will be good to have this possibilities in wireless. Something like this:
wifi_dot1x.png
Or does it exist some workaround?
by 5nik
Thu Aug 31, 2023 12:45 am
Forum: RouterBOARD hardware
Topic: MikroTik CRS309-1G-8S+INL -- 10G RJ45 Transceiver?
Replies: 54
Views: 7670

Re: MikroTik CRS309-1G-8S+INL -- 10G RJ45 Transceiver?

I hope Mikrotik will soon update its product portfolio to include 2.5Gb/s where currently 1Gb/s or 10Gb/s exist.
It is here: CRS310-8G+2S+IN
by 5nik
Thu Aug 31, 2023 12:41 am
Forum: RouterBOARD hardware
Topic: Smallest 2.5G Router
Replies: 3
Views: 3194

Re: Smallest 2.5G Router

It is primary a switch, but with full ROS: CRS310-8G+2S+IN
by 5nik
Thu Jul 20, 2023 1:25 am
Forum: RouterBOARD hardware
Topic: HW Suggestion: Switch with x009 form factor
Replies: 8
Views: 3173

Re: HW Suggestion: Switch with x009 form factor

I know that L009 is red and RB5009 is black, so it's a concept or I'm lost? It is an idea and 10 minutes playing in the Gimp with picture of L009 some alternatives already exists: CSS610-8G-2S+IN https://mikrotik.com/product/css610_8g_2s_in CSS610-8P-2S+IN https://mikrotik.com/product/css610_8p_2s_...
by 5nik
Wed Jul 19, 2023 4:19 pm
Forum: RouterBOARD hardware
Topic: HW Suggestion: Switch with x009 form factor
Replies: 8
Views: 3173

HW Suggestion: Switch with x009 form factor

It would be nice to have ROS (based on CRS3xx) switch with same form factor to combine with L009 or RB5009 in (10"/19")
rack.
S010_small.png
by 5nik
Sat Apr 08, 2023 12:01 am
Forum: General
Topic: Native Windows VPN Client doesn't accept response from Mikrotik DHCP server
Replies: 0
Views: 234

Native Windows VPN Client doesn't accept response from Mikrotik DHCP server

Hello, I'm using Mikrotik as VPN concentrator for Windows clients. I'm using external Windows DHCP server to push additional parameters (routes, domain suffix) to native Windows VPN clients (PPTP / L2TP / SSTP). I tried to use DHCP server on Mikrotik, but Windows VPN clients doesn't accept DHCP resp...
by 5nik
Mon Feb 06, 2023 2:20 pm
Forum: RouterBOARD hardware
Topic: MikroTik cAP ax [cAPGi-5HaxD2HaxD] (r2)
Replies: 114
Views: 24796

Re: MikroTik cAP ax [cAPGi-5HaxD2HaxD] (r2)

...
We don't know how it will look like from the top. We don't know if it'll have some alternative casing like cAP ac does. We just have that drawing.
We have also two months old real view: https://www.youtube.com/watch?v=Uz1AUgoFjCo&t=1019s
by 5nik
Thu Sep 29, 2022 5:08 pm
Forum: RouterOS beta
Topic: mDNS repeater feature
Replies: 330
Views: 99462

Re: mDNS repeater feature

+1 vote
I'm facing problem with AirPlay (TV is in different VLAN then computer). Container is not solution for me, because TILE arch.
by 5nik
Wed Aug 10, 2022 3:21 pm
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 66734

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

I have few questions about feautures of new hAP:
  • HW accelerated IPsec?
  • Bridge (L2) offloading?
  • Routing (L3) offloading?
  • All LEDs off?
by 5nik
Tue Aug 09, 2022 10:56 am
Forum: RouterOS beta
Topic: RDP Connection Dying
Replies: 57
Views: 31848

Re: RDP Connection Dying

Me too:
RDP (TCP+UDP, Win10->Win2012R2) over SSTP VPN terminated on RB1100AHx2 (ROS 7.4). After increase UDP timeout to 20 sec RDP disconnection was fixed.
by 5nik
Wed Aug 03, 2022 4:15 pm
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 66734

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

From Product PDF: Specifications Product code C52iG-5HaxD2HaxD-TC CPU Quad-Core IPQ-6010 864 MHz CPU architecture ARM 64bit Size of RAM 1 GB Storage 128 MB, NAND Number of 1G Ethernet ports 5 Number of 1G Ethernet ports with PoE-out 1 Switch chip model IPQ-6010 Wireless interface model QCN-5052 Wire...
by 5nik
Mon Feb 14, 2022 5:10 pm
Forum: RouterBOARD hardware
Topic: Question about the hAP ac
Replies: 8
Views: 1514

Re: Question about the hAP ac

2 more things: everything RouterOS can do the same, so there are no differences between the hAPs in the SW provided functions.
...
Actually, it's not true in ROS 7.x. hAP AC2/3 is ARM and have more optional packages (zerotier, docker) then MIPSBE in hAP AC. But base functionality are same.
by 5nik
Wed Jan 26, 2022 1:47 pm
Forum: RouterOS beta
Topic: [Feature Request] Dot1x Multiple Host Auth in a single port
Replies: 4
Views: 2175

Re: [Feature Request] Dot1x Multiple Host Auth in a single port

Not sure if this feature was already asked, didn't find anything about this. I already asked this feature in list here . I don't this is even possible. While I never used it myself, from what I know Dot1x uses MAC address to authenticate clients. This means that your MT sees traffic from all client...
by 5nik
Fri Jan 21, 2022 4:27 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

Finally guest-vlan-id (and server-fail-vlan-id) spotted in documentation for v7.2. No more workarounds!
I wish they support more switch chips for Bridge VLAN filtering offload. Even older chips like Atheros8327 and others.
by 5nik
Tue Dec 07, 2021 5:49 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 224754

Re: v7.1 is released!

... 3. ipv6 > fw > cvonnections is empty with none connections 4. ipv6 > fw > filter rules i have accept established/related connections and after that i have drop invalid. With above setup, all connections drop as invalid (tcp syn,ack,syn/ack, udp). The above setup work perfect in 6.x editions. I ...
by 5nik
Tue Nov 16, 2021 2:40 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 219
Views: 95824

Re: v6.49 [stable] is released!

My biggest gripe with netinstall is devices with multiple network interfaces, theres no way to select whch network interface to bind to so i have to manually disable all but my ethernet cross fingers and relaunch netinstall and hope to god it finds the primary ethernet which is a royal pain in the ...
by 5nik
Tue Sep 14, 2021 3:41 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

Next edit: dot1x: guest vlan for clients unsupporting dot1x - founded workaround Which is..? :) I founded this in documentation: auth-types (dot1x | mac-auth; Default: dot1x) Used authentication type on a server interface. When both options are selected at the same time , the server will prefer dot...
by 5nik
Tue Sep 14, 2021 3:03 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

Next edit: dot1x: guest vlan for clients unsupporting dot1x - founded workaround
by 5nik
Tue Sep 14, 2021 2:48 pm
Forum: RouterOS beta
Topic: Feature Request: Source Address List For Route Rule
Replies: 3
Views: 1201

Re: Feature Request: Source Address List For Route Rule

+1
I already requested this in past... viewtopic.php?f=2&t=147497
by 5nik
Wed Aug 11, 2021 8:37 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 202
Views: 91905

Re: MikroTik RB5009UG+S+IN

Is it possible to fit / mount into 10" rack?
by 5nik
Tue Jul 06, 2021 9:38 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

Next wish done - mc-lag in v7 beta 6. Edited wish list
by 5nik
Mon Jan 25, 2021 11:18 am
Forum: General
Topic: Dot1x and Reject-VLAN-ID
Replies: 9
Views: 2278

Re: Dot1x and Reject-VLAN-ID

Deleted, it's not relevant to this topic.
by 5nik
Fri Jun 19, 2020 2:52 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

My features wish list:
  • dns: action redirect requests to external DNS (regex or domain filtering)
This is already in RouterOS as of 6.47 (FWD records in IP->DNS->Static).
I know it. OK, I edited first post. Wish I could edit next items in list when next RoS version comes. :)
by 5nik
Fri Jun 19, 2020 10:31 am
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Re: Feature requests: improve dot1x and others

dns: filtering request based on source IP Do you have a specific purpose here which cannot be achieved with the firewall now? Remember that the UDP IP cannot be trusted anyway. Yes, I have. For example, if I want have local DNS server for multiple LANs with different purpose, when some LANs need so...
by 5nik
Fri May 15, 2020 10:19 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 179716

Re: v6.47beta [testing] is released!

*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only); *) dns - added support for multiple type static entries (CLI only); Finally! What will be next? What about optional ip filtering of every DNS record (or forward)? Something like: /ip dns static add ty...
by 5nik
Mon Apr 13, 2020 10:19 pm
Forum: RouterOS beta
Topic: Feature requests: improve dot1x and others
Replies: 18
Views: 10961

Feature requests: improve dot1x and others

My features wish list: Switch bridge: learn-limit per bridge port, counter reset condition (on router reboot, on port down/up, manual etc) dot1x: guest vlan for clients unsupporting dot1x - found workaround impemented in 7.2 dot1x: authentication per host (allow multiple (un)authenticated hosts on o...
by 5nik
Fri Oct 18, 2019 9:56 am
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 106147

Re: v6.46beta [testing] is released!

*) dot1x - added "reject-vlan-id" server parameter (CLI only); Do you have more info? Is it function like quarantine (guest) VLAN -> VLAN for rejected / non compliant clients or just ignore PVID from radius response? So I tested. It is second option - VLAN for rejected clients. Please add...
by 5nik
Thu Sep 19, 2019 10:33 am
Forum: General
Topic: Limit number of MAC addresses per interface
Replies: 15
Views: 9442

Re: Limit number of MAC addresses per interface

CRS125 has that option "learn-limit" https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches#Port_Settings Thanks, this is what I need. Unfortunately, this option is only for CRS1xx/2xx series switches, newer series (CRS3xx) hasn't it. And it is not included generally in bridge o...
by 5nik
Thu Sep 19, 2019 10:26 am
Forum: General
Topic: Limit number of MAC addresses per interface
Replies: 15
Views: 9442

Re: Limit number of MAC addresses per interface

Since many routers do not use switch chip, but bridges instead, this solution my work: :local if "ether1" if ([:len [/interface bridge host find where on-interface=$if]] > 30) do={ /interface ethernet set $if arp=disabled } else={ /interface ethernet set $if arp=enabled } PS not tested. I...
by 5nik
Wed Sep 18, 2019 7:56 pm
Forum: General
Topic: Limit number of MAC addresses per interface
Replies: 15
Views: 9442

Re: Limit number of MAC addresses per interface

This is possible on switch chips that are capable of ACL rules, you can find examples using CRS3xx and non-CRS1xx/CRS2xx devices here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#Port_Security OK, but I need allow 1 non-specific MAC on interface (to prevent users connect switch and...
by 5nik
Fri Sep 13, 2019 3:27 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 106147

Re: v6.46beta [testing] is released!

*) dot1x - added "reject-vlan-id" server parameter (CLI only);
Do you have more info? Is it function like quarantine (guest) VLAN -> VLAN for rejected / non compliant clients or just ignore PVID from radius response?
by 5nik
Sat Jul 06, 2019 10:49 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 106147

Re: v6.46beta [testing] is released!

Wishes for 6.46:
- WinBox => CAPsMAN: Reboot button for CAPs
Yes, I agree. It is annoying in CAPsMAN network to manual restart every AP. APs are updated automatically from CAPsMAN, and all APs have firmware autoupdate=yes, but still required additional manual restart for firmware update.
by 5nik
Wed Apr 10, 2019 11:48 am
Forum: General
Topic: Improvement: Add support for dynamic PPP interfaces in Routing Rules
Replies: 0
Views: 1008

Improvement: Add support for dynamic PPP interfaces in Routing Rules

Please, add 'All ppp' option for Interface property (like in firewall rule), or better - add Interface List property. I need set up routing rules for dynamic ppp interfaces, and I can't do it simple in Routing Rules.
It can be extend with Address List too.
by 5nik
Tue Oct 30, 2018 1:49 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169148

Re: v6.44beta [testing] is released!

*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received; It will be greate to add this feature for PPP tunels too (SSTP, L2TP). Now I'm using forwarding DHCP Info packets to external DHCP server for DHCP option 249 (and another DHCP options for Windows ...
by 5nik
Thu Aug 09, 2018 12:13 pm
Forum: General
Topic: Please add the ability to choose Proposal
Replies: 12
Views: 4531

Re: Please add the ability to choose Proposal

Please add the ability to choose Proposal (in L2tp with "Use IPsec")
It would be better, If it possible to choose IPsec Group for L2TP, IPoIP, EoIP etc.
by 5nik
Thu Aug 09, 2018 11:58 am
Forum: General
Topic: Please add the ability to choose Proposal
Replies: 12
Views: 4531

Re: Please add the ability to choose Proposal

Please explain why. L2TP always uses the default IPsec proposal, you can adjust security parameters for it if necessary. Additionally, you can create separate proposals for other IPsec tunnels. For example: If I fill IPsec Secret in ipip or eoip tunnel, it uses default policies and proposal too. If...
by 5nik
Wed Jun 20, 2018 5:06 pm
Forum: Wireless Networking
Topic: CAMsMAN - radius MAC authentication [SOLVED]
Replies: 2
Views: 2103

Re: CAMsMAN - radius MAC authentication [SOLVED]

Oh, yes. Thank you for navigate.
by 5nik
Sat Jun 16, 2018 9:39 pm
Forum: Wireless Networking
Topic: CAMsMAN - radius MAC authentication [SOLVED]
Replies: 2
Views: 2103

CAMsMAN - radius MAC authentication [SOLVED]

Hello, does exist any way to implement MAC based radius authentication in CAPsMAN? I found solution via
/capsman access-list
(
action=query-radius
), but I can't specify MAC Format and MAC Mode like in
/interface wireless security-profiles
. Is there any other solution?
by 5nik
Fri May 25, 2018 12:03 am
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631697

Re: Feature requests

It is possible add something like Web Aplication Proxy / redirector for HTTPS (SSL/TLS) trafic? Mikrotik will be able DNAT or redirect HTTPS(generaly SSL/TLS connections with SNI) for specific URL to another IP. It will be usable for hiding more HTTPS servers with diferent URL behind one public IP, ...
by 5nik
Mon May 07, 2018 12:29 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631697

Re: Feature requests

Please, implement bandstearing for wifi, especially in CAPsMAN.

Please, add support 802.1x for wire interfaces.
by 5nik
Thu Jan 04, 2018 1:59 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 139491

Re: v6.41 [current]

Hello, after upgrade 6.40.5 -> 6.41 on hAP ac IPIP6 tunel interfaces not running. Reset configuration doesn't help.
by 5nik
Thu Jun 01, 2017 12:58 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631697

Re: Feature requests

Please add support for DHCPInform for PPP link. It is usefull for Windows VPN clients (push additional info such as domain name, classless routes etc.). Now I must redirect DHCPInform request from PPP to external DHCP server.
by 5nik
Mon Feb 13, 2017 1:00 am
Forum: General
Topic: Feature request: DHCP for VPN (PPP) links - additional parametres to VPN client
Replies: 1
Views: 1749

Re: Feature request: DHCP for VPN (PPP) links - additional parametres to VPN client

Does exist any other way how to push routes (for split tunneling) to VPN clients?
by 5nik
Sat Jan 21, 2017 11:34 pm
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 98012

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

Switch chip currently doesn't support any rules. It is hardware or software (ROS) restrictions?
by 5nik
Sun Nov 13, 2016 12:08 am
Forum: RouterBOARD hardware
Topic: MC7710 exact procedure to get it working with Routerboard
Replies: 6
Views: 3770

Re: MC7710 exact procedure to get it working with Routerboard

Hello, Mikrotik shows you ppp interface, because card is probably in QMI Mode. For LTE interface, you must switch card to DIP mode. Look for PID of your card. 68A2 means QMI mode, 68A3 means DIP mode. You can switch mode by AT commands. I done it twice in the past on laptop. AT command to switch mod...
by 5nik
Thu May 26, 2016 10:31 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 106716

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-interface-list matcher in firewall; Why structure of "/interface list" menu is different from "/address list" in WinBox? Why they haven't same logic? Please...
by 5nik
Sun May 15, 2016 12:19 am
Forum: General
Topic: Feature request: DHCP for VPN (PPP) links - additional parametres to VPN client
Replies: 1
Views: 1749

Feature request: DHCP for VPN (PPP) links - additional parametres to VPN client

Microsoft uses DHCP Info for getting additional parametres to client after established VPN (PPTP and others). Is it possible to add support (answering) for this requests? Example of DHCP Info packet from Windows client: Frame 1: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) Ethernet ...
by 5nik
Thu May 12, 2016 9:39 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 106716

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

Version 6.36rc12 has been released. ... *) usb - implement possibility to recognize usb hubs/ethernet-dongles; (if usb hubs/ethernet-dongles shows up as LTE interface with this version - send supout.rif file) ... Is it possible add support for ASIX USB3 Ethernet? Chip: AX88179 VID: 0x0b95 PID: 0x1790
by 5nik
Fri Apr 29, 2016 11:57 am
Forum: General
Topic: Feature request: Select PPP profile from radius response
Replies: 0
Views: 1015

Feature request: Select PPP profile from radius response

Please add posibility to choose ppp profile in radius response. It will be good in case of VPN segmentation. More info and example in older post.
by 5nik
Fri Apr 29, 2016 9:58 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 106716

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) firewall - added "/interface list" menu which allows to create list of interfaces which can be used as in/out-zone matcher in firewall (CLI only); Why new matcher? It is not posibble to integrate into In-Interface and Out-Interface? Address list should be too integrate into Src-Address...
by 5nik
Mon Sep 14, 2015 12:47 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 202
Views: 64984

Re: v6.33rc release candidate

*) ppp - added new option under "ppp aaa" - "use-circuit-id-in-nas-port-id";
Any details? Please update documentation or post some explanation.
by 5nik
Fri Sep 11, 2015 12:06 am
Forum: General
Topic: Suggestion: VPN profile selected from radius response
Replies: 4
Views: 3240

Suggestion: VPN profile selected from radius response

When I use radius server for VPN authentication, it would be great if I could choose vpn profile in radius response. For example: I 'm using Mikrotik as VPN concentrator for AD users. I want use different vpn profile for management users (AD groups), for "normal" users and for domain admin...
by 5nik
Wed Jun 10, 2015 1:17 pm
Forum: RouterBOARD hardware
Topic: POE plugged into non POE Port
Replies: 10
Views: 3895

Re: POE plugged into non POE Port

Maybe, you can try "intelligent" PoE source (802.3 af), that first checks connected devices if is PoE capable. For example some PoE smart switch. RB 600 works with them, I think RB 800 as well.
by 5nik
Wed Jan 28, 2015 3:14 pm
Forum: General
Topic: Feature Request: DNS package
Replies: 13
Views: 5238

Re: Feature Request: DNS package

-1 rb is a router, not a server, if you gyus are too lazy to get metarouter or vm or some cheap box installed, hire someone! 8) I disagree with your opinion. What about DHCP server, NTP server, VPN server, CAPsMAN? They are 'server' too and they are present in RoS. I don't want make DNS server (for...
by 5nik
Wed Jan 28, 2015 1:09 pm
Forum: General
Topic: Feature Request: DNS package
Replies: 13
Views: 5238

Re: Feature Request: DNS package

to Sob:
I'm talking about implementing of existing linux DNS server application such as Bind to RoS package. Not developing own solution / application.
by 5nik
Sun Jan 25, 2015 1:25 pm
Forum: General
Topic: Feature Request: DNS package
Replies: 13
Views: 5238

Feature Request: DNS package

It would be nice and useful to have fully functional DNS server as additional package like NTP server. Example of expected function: ip address / interface binding definition of zones master / slave function more type of records (PTR, MX, SRV, TXT, etc.) zone / conditional forwarding support for dyn...
by 5nik
Tue Jul 22, 2014 11:52 am
Forum: General
Topic: v6.16/v6.17
Replies: 187
Views: 63040

Re: v6.16/v6.17

Update RB951G-2HnD 6.15->6.16 OK, upgrade firmware to 3.18 OK, after 6.16->6.17 no response, no working. After netinstall 6.17 working OK.
Update RB751-2HnD 6.15->6.17 OK, upgrade firmware to 3.18 OK.
by 5nik
Mon Jun 30, 2014 10:31 pm
Forum: Beginner Basics
Topic: What's wrong in this config? No LAN-2-WAN connection...
Replies: 11
Views: 3205

Re: What's wrong in this config? No LAN-2-WAN connection...

Ok, for internet working behind router, you need configured on router: WAN IP - you have static IP: 88.15.16.19/23 /ip address add address=88.15.16.19/23 comment=ISP interface=ether1 network=88.15.16.0 You can delete/disable dhcp client LAN IP - you have static IP: 192.168.1.252/24, but with incorre...
by 5nik
Sat Jun 28, 2014 8:56 pm
Forum: Beginner Basics
Topic: RouterOS as core network router blocking AD authentication?
Replies: 7
Views: 2990

Re: RouterOS as core network router blocking AD authenticati

How would one verify that the router is not blocking/dropping packets to port 445 for SMB share access (or any other protocols)? You can use packet sniffer in Mikrotik. Capture packets on all interfaces, and if you see same packet (same dst+src IP and port) received on "in" interface and ...
by 5nik
Fri Jun 27, 2014 12:40 am
Forum: Beginner Basics
Topic: What's wrong in this config? No LAN-2-WAN connection...
Replies: 11
Views: 3205

Re: What's wrong in this config? No LAN-2-WAN connection...

Thank you. Everything looks good configured. Did you try factory reset and set RB again? You can try newer ROS too (latest is 6.15).
by 5nik
Thu Jun 26, 2014 10:45 pm
Forum: Beginner Basics
Topic: What's wrong in this config? No LAN-2-WAN connection...
Replies: 11
Views: 3205

Re: What's wrong in this config? No LAN-2-WAN connection...

Can you please post your network config on laptop? (ip/mask/default route?)
You can always do factory-reset and configure RB again from zero. In some cases, it helped for me.
by 5nik
Thu Jun 26, 2014 9:05 pm
Forum: Beginner Basics
Topic: RouterOS as core network router blocking AD authentication?
Replies: 7
Views: 2990

Re: RouterOS as core network router blocking AD authenticati

If you have Windows firewall, be sure that you have correctly allowed necessary firewall rules. Networks behind router Windows classifies as public network (it is not same subnet as server) and system applies another firewall rules (for public networks).
Did you check this?
by 5nik
Thu Jun 26, 2014 12:17 am
Forum: Beginner Basics
Topic: What's wrong in this config? No LAN-2-WAN connection...
Replies: 11
Views: 3205

Re: What's wrong in this config? No LAN-2-WAN connection...

Little advice: I see, you have static WAN IP. It is better to use snat instead of masquerade. In some cases masquerade may not work as you expect.
by 5nik
Thu Jun 26, 2014 12:06 am
Forum: Beginner Basics
Topic: What's wrong in this config? No LAN-2-WAN connection...
Replies: 11
Views: 3205

Re: What's wrong in this config? No LAN-2-WAN connection...

Which IP has your computer? Static or dynamic? Because your RB hasn't DHCP server properly configured.
by 5nik
Tue Feb 11, 2014 12:27 am
Forum: General
Topic: v5.X uptime challenge
Replies: 12
Views: 3918

Re: v5.X uptime challenge

Here is our recordTik :) and without any UPS.
by 5nik
Thu Oct 17, 2013 1:17 pm
Forum: General
Topic: 6.5 released!
Replies: 185
Views: 87477

Re: 6.5 released!

Still not working SMB with Android (4.x). Mikrotik (RB951) generates autosupout.riff. Linux (Ubuntu) and Windows work.
by 5nik
Sun Oct 13, 2013 1:02 am
Forum: General
Topic: changelog ROS 6.5
Replies: 32
Views: 18619

Re: changelog ROS 6.5

Hmm, in 6.5 (2013-Oct-10 09:28) still can't access to SMB share from Android (4.x). Unable open share and Mikrotik generates autosupout.rif. From linux (Ubuntu) and Windows SMB works correctly.
by 5nik
Sun Oct 06, 2013 1:35 am
Forum: Scripting
Topic: Converter from Nokia ringtones to Mikrotik script
Replies: 1
Views: 4143

Converter from Nokia ringtones to Mikrotik script

Hello everybody, I wrote VB Script that convert Nokia ringtones in RTTTL format to Mikrotik script. VB script reads song in RTTTL from StdIn and generate Mikrotik script to StdOut. Zip includes: rtttl2mikrotik.vbs - VB script rtttl2mikrotik.cmd - help CMD script for user-friendly converting test.txt...
by 5nik
Tue Sep 24, 2013 6:54 pm
Forum: General
Topic: Filter rule for L2TP (but only from IPsec!)
Replies: 3
Views: 1438

Re: Filter rule for L2TP (but only from IPsec!)

You can try to improve your suggestion by connection-state=related, but I'm not sure, if it will work with IPsec.
by 5nik
Mon Sep 16, 2013 1:16 pm
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 6499

Re: RB1200 IPsec latency

At last, I tested ROS 6.2 and nothing change. I plan to reclaim all RB1200. But due EoL of RB1200, I don't know which box replace RB1200 (see my topic).
by 5nik
Mon Sep 16, 2013 1:12 am
Forum: General
Topic: Mikrotik SMB share not working with Android
Replies: 0
Views: 1132

Mikrotik SMB share not working with Android

I'm trying to set up sharing USB flash over network via SMB protocol in RB751G-2HnD (and also in RB751U-2HnD), ROS 6.2 and 6.4. When I connect to share from Windows - sharing works as I expect. When I try to connect from Android (LAN plugin for TC and ES File Explorer, Adroid 4.0.3, Android 4.1), I ...
by 5nik
Wed Sep 04, 2013 12:45 am
Forum: General
Topic: Public IP addresses to some PC on internal LAN
Replies: 3
Views: 1788

Re: Public IP addresses to some PC on internal LAN

I solved this by creating bridge br1_WAN which connects eth_WAN and eth(s)_PUBLIC-IP (for computer with public IP) and second bridge br2_PRIVATE-IP (for computer with private IP, NATted). Router routes/nates pakets between WAN (br1_WAN) and private LAN (br2_PRIVATE-IP). Router switches packets betwe...
by 5nik
Mon Sep 02, 2013 2:06 am
Forum: Beginner Basics
Topic: OpenVPN ethernet bridge requires an IP? Why?
Replies: 3
Views: 3704

Re: OpenVPN ethernet bridge requires an IP? Why?

I tried OpenVPN in bridge mode in ROS v6.1 and IP is still required.

It really doesn't make sense. :(
by 5nik
Sat Aug 17, 2013 12:42 pm
Forum: General
Topic: Excuse me, why not make a list of ports?
Replies: 5
Views: 2253

Re: Excuse me, why not make a list of ports?

It is possible define multiple ports in one rule. Why you need port list? Only for convenience?
by 5nik
Mon Aug 12, 2013 12:19 pm
Forum: RouterBOARD hardware
Topic: List of EoL products
Replies: 21
Views: 16783

Re: List of EoL products

Yes, but office PC and laptop has often bigger fans (80 - 120 mm) and lower speed => lower noise than 40mm fans in 1U devices. I need replace fanless RB1200 with some equivalent devices, but actualy I don't know about any equivalent RB.
Is there any successor of RB1200? What Mikrotik recommends?
by 5nik
Thu Aug 08, 2013 9:19 pm
Forum: RouterBOARD hardware
Topic: List of EoL products
Replies: 21
Views: 16783

Re: List of EoL products

Last week I found, that RB1200 is the past. What RB is the successor of RB1200? RB1200 had/has bugs, but for small office was ideal (10 Gb ports, fanless). RB2011 is weaker then RB1200, RB1100Hx2 has fans (and is more then twice stronger). If I want replace RB1200 with similar performance RB, I can ...
by 5nik
Wed Aug 07, 2013 12:23 pm
Forum: RouterBOARD hardware
Topic: List of EoL products
Replies: 21
Views: 16783

Re: List of EoL products

Thank you Normis,
routerboard.com shows me actual products status, but no roadmap (plan) for next (1 - 6?) months.
by 5nik
Wed Aug 07, 2013 11:55 am
Forum: RouterBOARD hardware
Topic: List of EoL products
Replies: 21
Views: 16783

List of EoL products

Hello, is it possible to specify all EoL (end of life) products? Is anywhere list of this products (timetable)?

I'll be happy, if Mikrotik will inform me (newsletter) with information about discontinuing product some time before it will happen.
by 5nik
Mon Jul 01, 2013 3:21 pm
Forum: RouterBOARD hardware
Topic: RB2011iL-RM - new HW revision of RB2011L-RM?
Replies: 12
Views: 6624

Re: RB2011iL-RM - new HW revision of RB2011L-RM?

Nice feature, thank you Normis for explaining.
by 5nik
Mon Jul 01, 2013 2:01 pm
Forum: RouterBOARD hardware
Topic: RB2011iL-RM - new HW revision of RB2011L-RM?
Replies: 12
Views: 6624

RB2011iL-RM - new HW revision of RB2011L-RM?

Hello, today I found in our reseller's eshop routers with name RB2011iL-RM, it is also on routerboard.com. What does "i" means in model name?
by 5nik
Mon Apr 08, 2013 12:25 pm
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

@aeon
You're welcome, interesting case. :)
by 5nik
Sun Apr 07, 2013 9:02 pm
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

Managed switch has IP address, it is not unusualy. I think, if you want DNAT function (which is normaly router's funcion) IP address is necessary. You can set dynamic ip address (dhcp client).
by 5nik
Sun Apr 07, 2013 5:37 pm
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

Try to add default gateway to Mtik:

ros code

/ip route  add dst-address=0.0.0.0/0 gateway=10.0.0.10
Mtik after DNAT of packet from A reroutes packets (as if Mtik sends packet). Without default gateway Mtik doesn't know, where it should send packets.
by 5nik
Sun Apr 07, 2013 5:05 pm
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

No, default route has dst-address=0.0.0.0/0

Can you briefly describe IP settings of your LAN ? (gw, switch, who is DHCP server etc.)
by 5nik
Sat Apr 06, 2013 10:53 pm
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

@aeon
Ok, simulation succesfully done.

Try modify firewall rule:

ros code

add action=dst-nat chain=dstnat disabled=no dst-address=8.8.8.8 in-interface=bridge-4-5 in-bridge-port=ether4-slave-local \
    to-addresses=9.9.9.9
And add default route to your LAN gateway in Mtik. It should start working.
by 5nik
Sat Apr 06, 2013 12:55 am
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

@aeon: I don't see problem in your script, it should work. At least, you should see packets on gateway. I don't see reason, why Mtik blocks packets. On weekend, I'll try to simulate your problem in virtual environment and I'll post the results. In your case (8.8.8.8 -> 9.9.9.9) "DMAT" is n...
by 5nik
Fri Mar 22, 2013 11:17 am
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

the main task is to rewrite IP on same subnet, i switched to 8.8.8.8 only to simplify testing. By transparent i mean ip level transparent. I do not understand why do i need mac address rewrite. But for now i can not even rewrite ip destination. Within same subnet, packets are routed by switches (br...
by 5nik
Thu Mar 21, 2013 11:37 am
Forum: Beginner Basics
Topic: rewrite packets on bridge (or do i need nat?)
Replies: 23
Views: 8431

Re: rewrite packets on bridge (or do i need nat?)

IMHO, if you want reroute packet to different IP in same subnet (for ex. 10.0.0.x), you must also do DST MAC address translation ("DMAT") and maybe "SMAT" in bridge tables. Because mtik must L2 reroutes packet to diferent MAC address, only L3 DNAT doesn't revoke change of DST MAC...
by 5nik
Sat Feb 23, 2013 2:10 pm
Forum: General
Topic: RouterOS v6rc11
Replies: 115
Views: 47616

Re: RouterOS v6rc11

In RC10 and RC11 I can't rename or delete SSTP Server Interface. Winbox said "Feature is not implemented",
terminal said: error - contact MikroTik support and send a supout file (3).
by 5nik
Fri Feb 15, 2013 12:42 pm
Forum: General
Topic: v6.0rc9 released
Replies: 59
Views: 22900

Re: v6.0rc9 released

The change MSS rules are in the "Mangle" table, while the other forward rules go into the "Filter" table. According to the netfilter metamodel, mangle rules are applied before filter and NAT rules. I means rules in mangle table, in forward chain. I have packet marking rules (due...
by 5nik
Fri Feb 15, 2013 12:40 am
Forum: RouterBOARD hardware
Topic: RB260GS
Replies: 23
Views: 11266

Re: RB260GS

SWOS with simple winbox support to change all mikrotik device via winbox
+1
Yes, one config tool for all Mikrotik products. It would be great.
by 5nik
Fri Feb 15, 2013 12:29 am
Forum: General
Topic: v6.0rc9 released
Replies: 59
Views: 22900

Re: v6.0rc9 released

Hello all, I found this problem in RC9: When PPP tunnel was established, two mangle rules (changing MTU) are added. But on the end (not at first position) of existing rules in chain forward. When some rule before them accepts packet, they avoid changing MTU and communication is faulty. I must manual...
by 5nik
Tue Jan 22, 2013 4:11 pm
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 6499

Re: RB1200 IPsec latency

Thank you ChrisP for link.

I found that RB1200 still has two problems: packet latency on ports 9 and 10 and IPsec latency generally on all ports. And as ChrisP wrote, without any satisfactory explanation yet. :?
by 5nik
Mon Jan 21, 2013 4:50 pm
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 6499

Re: RB1200 IPsec latency

Today I tested RB1200 (port 1, no load) with ROS 6rc7 and IPsec latency is same :(
Tested SHA1+AES and null+DES ciphers.
by 5nik
Sun Jan 20, 2013 4:09 am
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 6499

Re: RB1200 IPsec latency

I don´t want encrypt traffic higher then 5 Mbit. I'm testing IPsec latency without other trafic through IPsec (only ping). CPU load during test is <5% (no load). I tested old RB600A, older and slower CPU, same architecture (no AES acceleration). And IPsec latency was 0 ms (RoS 5.22 and 6rc5). There ...
by 5nik
Sat Jan 19, 2013 12:28 am
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 6499

Re: RB1200 IPsec latency

I tested IPsec on RB1200 with other ciphers than AES, and IPsec latency were same (10-12 ms) even when I used less-CPU-consum ciphers like DES. With null cipher latency fell to normal 0-1 ms. Thank you ChrisP for links. It is sad, that last post on linked topic is 7 months old and problem is still c...
by 5nik
Fri Jan 18, 2013 10:49 am
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 6499

Re: RB1200 IPsec latency

Hello Dobby, I know about HW accelerated AES support in 1100AH, our core routers (VPN concetrators) are 1100AH and x2. On some small department, I often need encrypt max 5Mbit/s, and 1100AH is a little more for this purpose. My topic is not about performance (throughput) but about latency. As JanezF...
by 5nik
Thu Jan 17, 2013 7:26 pm
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 6499

RB1200 IPsec latency

Hello, I found, that RB1200 add 10 -12 ms latency to packet procesing during IPsec enc/decrypting. For example RTT of ICMP packet without ipsec is 2-3 ms, with IPsec is 13-14 ms. If I tested same configuration on RB2011L, additional IPsec latency is 0-1 ms. Tested against RB1100AH. ROS 5.21 and 5.22...
by 5nik
Sat Dec 22, 2012 6:19 pm
Forum: RouterBOARD hardware
Topic: RB2011L incompatible with SMC switches?
Replies: 8
Views: 4494

Re: RB2011L incompatible with SMC switches?

Thank you Dobby. Today I tested RB2011L (5.22) with SMCGS24C-Smart and found the problem. The problem is firmware of SMC switch. When I use latest 2 firmwares (v2.5.0.1 and v2.5.1.5 downloaded from SMC site), Mikrotik not able to communicate with switch. When I use factory firmware (v2.2), all work ...
by 5nik
Thu Dec 20, 2012 7:21 pm
Forum: RouterBOARD hardware
Topic: RB2011L incompatible with SMC switches?
Replies: 8
Views: 4494

Re: RB2011L incompatible with SMC switches?

Interface status says normally link up, on 1Gbit (or 100Mbit). Everything looks as usually. Mikrotiks and switches are factory defaults, no VLANs or another configurations. I register this problem on 3 factory new mikrotiks (2011L-IN, 2011L-RM, Omnitik), and tested with factory new SMCGS18C and old ...
by 5nik
Thu Dec 20, 2012 1:19 pm
Forum: RouterBOARD hardware
Topic: RB2011L incompatible with SMC switches?
Replies: 8
Views: 4494

RB2011L incompatible with SMC switches?

Last week I installed new RB2011L-RM and Omnitik. Both connected to SMC switches. Both not working with them. SMC switches were old model SMCGS24C-Smart and new SMCGS18C, both with latest firmwares. I have another RB2011L(-IN) for testing on the table, problem is the same. Link status LED indicate l...
by 5nik
Sat Nov 10, 2012 8:44 pm
Forum: General
Topic: SSTP Questions in RoS5beta1 (bug?)
Replies: 11
Views: 12827

Re: SSTP Questions in RoS5beta1 (bug?)

Hello everyone! I have some issues with SSTP server right now. I want to connect to the SSTP server with Windows 7 and Windows Server 2008R2 built-in client. I have a certificate installed on the router, it's decrypted (shows KR before the cert) and the SSTP server is using that certificate. The pr...
by 5nik
Tue May 22, 2012 4:19 am
Forum: General
Topic: Feature request: VRRP sync groups
Replies: 7
Views: 6078

Re: Feature request: VRRP sync groups

+1
Yes, in case of many networks and interfaces (VLANs etc.), it should be very useful.
by 5nik
Fri May 11, 2012 1:07 am
Forum: General
Topic: RouterOS v5.16 released
Replies: 69
Views: 23238

Re: RouterOS v5.16 released

*) reset packet mark when encapsulating/decapsulating from eoip,ipip,gre,eoipv6,ipipv6,gre6 tunnels Why? I'm using this behavior to marking packet for traffic shaping. For example if I have two ipip tunnels over one ethernet interface, I can mark SQL packets in both tunnels and then shape in tree q...