Community discussions

Search found 23128 matches

by normis
Wed Aug 15, 2018 10:48 am
Forum: Beginner Basics
Topic: Updating old versions of RouterOS [SOLVED]
Replies: 3
Views: 143

Re: Updating old versions of RouterOS [SOLVED]

Those are not considered very old, you can directly upgrade to the latest version. Even upgrade from v5 should work OK.
by normis
Tue Aug 07, 2018 10:04 am
Forum: General
Topic: MOAB mother of all blacklists
Replies: 26
Views: 1373

Re: MOAB mother of all blacklists

If it is really just blacklist, you can distribute it as txt/csv list of addresses
Then they can post it on the web, so that others don't need to pay.

But yeah, I think there should be some other way to distribute config. TR-069? Fetch?
by normis
Tue Aug 07, 2018 10:00 am
Forum: RouterBOARD hardware
Topic: LTap mini
Replies: 5
Views: 425

Re: LTap mini

Make a supout.rif file in the device (in Winbox, there is a button for that. Once it's done, from the Files menu, drag the file to desktop) and send to support@mikrotik.com We can check if the reboot is due to power or some other issue. As for the GPS signal, until you have an external antenna, try ...
by normis
Tue Aug 07, 2018 9:42 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Re: Winbox vulnerability: please upgrade

The title of this thread is some misleading: Winbox vulnerability: please upgrade It looks like Winbox is the problem, not the RouterOS. It does not help to upgrade the Winbox :) This is why sometimes reading is important. Quote: vulnerability in the RouterOS Winbox service, that was patched in Rou...
by normis
Tue Aug 07, 2018 8:08 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Re: Winbox vulnerability: please upgrade

I have one remote router (CCR1009 v6.40.7) which infected with "sys" virus/spyware version 30RC9 on 2Aug. This spyware lock my "admin" account to readonly and create "sys account as full read/write policy and also lock the allowed address login from 127.0.0.1 only. The script also change the time o...
by normis
Mon Aug 06, 2018 4:34 pm
Forum: General
Topic: HTTPS & Force to login from devices
Replies: 2
Views: 96

Re: HTTPS & Force to login from devices

Of course you should not block that page, which the devices check. How will they know that a popup must be shown? Apple also uses various domains, so see if you have internet, or there is a login page. This is what makes the popups work, and you won't have the problems with https webpages also. This...
by normis
Mon Aug 06, 2018 4:09 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Re: Winbox vulnerability: please upgrade

CVE numbers don't have owners or publishers. Yes, you can use that CVE number to refer to this vulnerability. We will try to make numbers for any next vulnerability, if such would be discovered.
by normis
Mon Aug 06, 2018 11:15 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Re: Winbox vulnerability: please upgrade

Well, the linked blog does include this information
Versions that include a fix: 6.40.8 [bugfix] or 6.42.1 [current] released on 25-mar-2018
We have added more details, so that it is more clear:

https://blog.mikrotik.com/security/winb ... ility.html
by normis
Mon Aug 06, 2018 11:14 am
Forum: RouterBOARD hardware
Topic: LTap mini
Replies: 5
Views: 425

Re: LTap mini

- about LTE, it would be great if you could make a new topic, with signal levels etc. more info - Internal GPS seems to be very sensitive, so for now, I recommend using the external antenna for GPS - Upgrade/Downgrade could mean you forgot to include the GPS NPK file, which must be added separately,...
by normis
Mon Aug 06, 2018 9:13 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Ltap mini upgraded to RC and GPS dissapear [SOLVED]
Replies: 3
Views: 186

Re: Ltap mini upgraded to RC and GPS dissapear [SOLVED]

The GPS package is not part of the main RouterOS package, it is an extra package. Make sure you install it for your version/architecture:
https://mikrotik.com/download

see the downloads called "extra packages"
by normis
Mon Aug 06, 2018 8:30 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Re: Winbox vulnerability: please upgrade

It's disappointing that both the httpd vulnerability
We did fix and send on day one.
by normis
Fri Aug 03, 2018 2:46 pm
Forum: Beginner Basics
Topic: Axis IP Cameras is not working
Replies: 9
Views: 377

Re: Axis IP Cameras is not working

The first port is for PoE input (powering the router itself).
The last port is for PoE output (powering another router)

But your camera uses a different PoE standard (802.3af), this particular router can't power your camera, it only supports "Passive PoE".
by normis
Fri Aug 03, 2018 2:22 pm
Forum: General
Topic: More hAP AC^2 woes! :(
Replies: 3
Views: 319

Re: More hAP AC^2 woes! :(

In this specific case, you see short-name and long-name. If you assume that RouterBOARD = RB (no space), then you could update your script accordingly. I will find out why it was changed. Also it seems that "-TC" was dropped (this indicates case type)
by normis
Fri Aug 03, 2018 1:42 pm
Forum: The Dude
Topic: How can I install dude in MIPSBE? [SOLVED]
Replies: 1
Views: 130

Re: How can I install dude in MIPSBE? [SOLVED]

No. Dude only works on the following systems: Tile - CCR series hardware ARM - RB3011, RB1100AHx4 Dude Edition (RB1100Dx4), hAP AC2* mmips - hEX (RB750Gr3)*, M33* RouterOS x86 installations RouterOS CHR environment You can't change packages. The CPU is the one that determines what packages you need....
by normis
Fri Aug 03, 2018 1:00 pm
Forum: Beginner Basics
Topic: Checkbox "Secure Mode"
Replies: 3
Views: 176

Re: Checkbox "Secure Mode"

I updated the manual with this information.
by normis
Fri Aug 03, 2018 12:46 pm
Forum: General
Topic: How to display full time in the winbox log
Replies: 14
Views: 495

Re: How to display full time in the winbox log

It's a known issue that some windows behave this way with non standard size fonts, including HiDP fonts. A workaround is to open "new terminal" and type "/log print". We do know this issue exists and will work on some solution.
by normis
Fri Aug 03, 2018 10:53 am
Forum: General
Topic: Remove all packages and reinstall [SOLVED]
Replies: 5
Views: 228

Re: Remove all packages and reinstall [SOLVED]

Some devices do not support older versions. Check what you have in resources menu [admin@MT] /system resource> print uptime: 1w1d5m19s version: 6.43rc32 (testing) build-time: Jun/19/2018 07:07:02 factory-software: 6.40.5 free-memory: 80.4MiB
by normis
Fri Aug 03, 2018 10:27 am
Forum: RouterBOARD hardware
Topic: Is the MikroTik SXT LTE kit RBSXTR&R11e-LTE Waterproof
Replies: 1
Views: 137

Re: Is the MikroTik SXT LTE kit RBSXTR&R11e-LTE Waterproof

Yes, of course. If you mount it with the cable going down (and cable door on the underside, meaning: not upside down) then the device survives any rain, snow or fog conditions just fine. It was designed to be used outdoors.
by normis
Fri Aug 03, 2018 9:19 am
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 63
Views: 7065

Re: Winbox v3.16 released!

You can't encrypt the passwords without a master password. How would you decrypt them then? This applies to any program, where you have any data that needs to be encrypted. To encrypt something, you need to have a decryption key. This is the master password. Yes, and as above people said, all your m...
by normis
Fri Aug 03, 2018 8:54 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Re: Winbox vulnerability: please upgrade

Hopefully the userdb (and every bit doing anything with passwords in ROS) gets hashes for passwords from now on, and hopefully a modern one. From "now on"? Really? Like stated repeatedly, this has been fixed a long time ago. This is just a reminder AGAIN to please upgrade, where all these things ar...
by normis
Thu Aug 02, 2018 2:42 pm
Forum: General
Topic: Mikrotik in the news..bad news
Replies: 57
Views: 2731

Re: Mikrotik in the news..bad news

Schadom, what do you mean? The default firewall DROPS ALL from internet interface.
by normis
Thu Aug 02, 2018 1:49 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Re: Winbox vulnerability: please upgrade

@normis, hey can you get this on the blog? I'd like the see any complainers cut off at the pass that this announcement didn't end up in the right spots.
it's already in the blog, because it is the same vulnerability.
by normis
Thu Aug 02, 2018 1:34 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 109
Views: 11636

Winbox vulnerability: please upgrade

It has come to our attention that a rogue botnet is currently using the same vulnerability in the RouterOS Winbox service, that was patched in RouterOS v6.42.1 in April 23, 2018 . Since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the "Check...
by normis
Thu Aug 02, 2018 1:01 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6541

Re: Security announcement blog

"Open to public networks", yes. There is an immediate high risk, unless you implement a good firewall, if you really need to access that OpenVPN server from ANY IP address.
by normis
Thu Aug 02, 2018 11:17 am
Forum: Beginner Basics
Topic: Using Hap AC lite with Mobile WiFi [SOLVED]
Replies: 12
Views: 1163

Re: Using Hap AC lite with Mobile WiFi [SOLVED]

If there is a tab in front - there is no USB. Just same case.
MODE button can be configured to launch any script of your choice, it is in RouterOS settings.
by normis
Thu Aug 02, 2018 10:54 am
Forum: General
Topic: winbox exploit
Replies: 11
Views: 1117

Re: winbox exploit

Well it's up to you. Be afraid to upgrade because there might be some unknown bug, or risk your network being hacked. Not really a tough choice actually.
by normis
Thu Aug 02, 2018 10:11 am
Forum: RouterBOARD hardware
Topic: RBM33G - LTE Issue
Replies: 2
Views: 121

Re: RBM33G - LTE Issue

Straight from the manual paper that came with your product: USB jumper. Located right next to the USB 3.0 port. When loaded, the jumper enables the USB 3.0 port. Remove the jumper to switch the USB 2.0 lines to the J10 (central) miniPCIe slot (USB 3.0 lines remain enabled to the USB port). This is r...
by normis
Thu Aug 02, 2018 8:35 am
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 63
Views: 7065

Re: Winbox v3.16 released!

It's even in the manual:
Managed routers list is encrypted, but it can still be loaded in other winbox without problems IF the master password is not set for it!
by normis
Wed Aug 01, 2018 4:01 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6541

Re: Security announcement blog

The point is, we try to improve.
Sending out as many emails as we would have to send, takes a very long time. RSS/Twitter is much faster.
by normis
Wed Aug 01, 2018 3:16 pm
Forum: Beginner Basics
Topic: Does wlan1 need to be part of bridge? [SOLVED]
Replies: 13
Views: 302

Re: Does wlan1 need to be part of bridge? [SOLVED]

Once you add the wlan1 interface to the LAN interface list, you should be able to reach the router, and consequently also be able to open the Hotspot login page (it should pop open automatically, if you browse to some non https page like http://neverssl.com) /interface list member add comment=someth...
by normis
Wed Aug 01, 2018 2:59 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6541

Re: Security announcement blog

If you don't use RSS, you are welcome to use IFTTT service to get an email/call/alert/HUE blink when the RSS gets an update.
by normis
Wed Aug 01, 2018 2:51 pm
Forum: Beginner Basics
Topic: Does wlan1 need to be part of bridge? [SOLVED]
Replies: 13
Views: 302

Re: Does wlan1 need to be part of bridge? [SOLVED]

That is the point of hotspot. Block access until you log in. And yes, the filter rules use interface lists. You can see here: add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN so it drops everything that tries to reach router itself, IF NOT from LAN i...
by normis
Wed Aug 01, 2018 2:40 pm
Forum: Beginner Basics
Topic: Does wlan1 need to be part of bridge? [SOLVED]
Replies: 13
Views: 302

Re: Does wlan1 need to be part of bridge? [SOLVED]

You can't ping the router, because the firewall drops everything not part of the LAN interface list (and inside you only have the Bridge, but you removed your interface from there).
Try pinging mikrotik.com for example.
by normis
Wed Aug 01, 2018 1:55 pm
Forum: Beginner Basics
Topic: Does wlan1 need to be part of bridge? [SOLVED]
Replies: 13
Views: 302

Re: Does wlan1 need to be part of bridge? [SOLVED]

Check if your actual out interface is part of the WAN interface list
by normis
Wed Aug 01, 2018 1:42 pm
Forum: Beginner Basics
Topic: Does wlan1 need to be part of bridge? [SOLVED]
Replies: 13
Views: 302

Re: Does wlan1 need to be part of bridge? [SOLVED]

If you want to reach anything beyond the router without a bridge, you need NAT or routing. Normally SRC-NAT is used. Check in firewall menu if you have any NAT rules, you need a SRCNAT rule with action "masquerade"
by normis
Wed Aug 01, 2018 12:50 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6541

Re: Security announcement blog

Make sure you have not opted-out in your mikrotik.com account.
by normis
Wed Aug 01, 2018 12:36 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6541

Re: Security announcement blog

I know very well that some people are never fully satisfied, but please also try and appreciate the progress in this regard. MikroTik did send an email to everyone in March 30, MikroTik did use forum/socialmedia also. MikroTik did fix it within a few hours of finding out. There is a changelog now wh...
by normis
Wed Aug 01, 2018 11:28 am
Forum: General
Topic: Unexpected start message
Replies: 6
Views: 250

Re: Unexpected start message

Upgrade -> Change password -> Implement a firewall
by normis
Wed Aug 01, 2018 11:24 am
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6541

Re: Security announcement blog

Doesn't that contradict with the other point made?
there are people who examine security updates to see what exactly was fixed and quickly write exploits for them
to use the time window between release of the updates and installation by the majority of users
by normis
Wed Aug 01, 2018 9:51 am
Forum: General
Topic: Router vs AP
Replies: 2
Views: 137

Re: Router vs AP

There is no difference. AP is simply a router with a WiFi device and antennas. The software is the same.
Any of the hAP series devices will be great for an apartment. Just plug the ISP cable into the first port and set a wifi password, no other devices needed.
by normis
Wed Aug 01, 2018 8:44 am
Forum: Announcements
Topic: Security announcement blog
Replies: 60
Views: 6541

Re: Security announcement blog

I'm sorry you have not received that email, because we did send it on March 30, with specifically the content you asked for.
EDIT: Please add newsletter widget to this "BLOG". I don't use RSS feeds.
Please clarify what you mean by that.
by normis
Tue Jul 31, 2018 4:49 pm
Forum: Beginner Basics
Topic: About "I am not a robot"
Replies: 5
Views: 600

Re: About "I am not a robot"

Answer is right above your post. Please read before posting.
by normis
Tue Jul 31, 2018 4:31 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS 7 Beta
Replies: 41
Views: 6796

Re: ROS 7 Beta

No, that is definitely a misinterpretation of things. The answer is often "This could only be fixed in v7". That is different. We don't have a secret version where all your issues are fixed. v7 simply has a slightly newer Linux Kernel that allows some things that are not possible in v6. It does not ...
by normis
Tue Jul 31, 2018 3:23 pm
Forum: Beginner Basics
Topic: RouterOS key for learning [SOLVED]
Replies: 4
Views: 233

Re: RouterOS key for learning [SOLVED]

Yes of course, for all intents and purposes, RouterOS is the same in all systems.

CHR is different in that it has specific drivers for virtual machines and cloud systems, and it has no license keys in traditional sense.
by normis
Tue Jul 31, 2018 2:41 pm
Forum: Wireless Networking
Topic: unlicensed spectrum regulatory survey
Replies: 15
Views: 631

Re: unlicensed spectrum regulatory survey

You can do that in RouterOS too: [admin@MikroTik] /interface wireless info> country-info country: latvia ranges: 2402-2482/b,g,gn20,gn40(20dBm) 2417-2457/g-turbo(20dBm) 5170-5250/a,an20,an40,ac20,ac40,ac80,ac160(23dBm)/passive 5250-5330/a,an20,an40,ac20,ac40,ac80,ac160(20dBm)/dfs,passive 5490-5710/a...
by normis
Tue Jul 31, 2018 2:08 pm
Forum: RouterBOARD hardware
Topic: how to upgrade the software of the RB532
Replies: 10
Views: 359

Re: how to upgrade the software of the RB532

mipsle is the name of the architecture, or the name of the CPU family
you can only use packages that are made for the specific CPU. mipsle is for your device.
by normis
Tue Jul 31, 2018 1:54 pm
Forum: Beginner Basics
Topic: RouterOS key for learning [SOLVED]
Replies: 4
Views: 233

Re: RouterOS key for learning [SOLVED]

Do not use the ISO for the Virtual Machine. Use the CHR image instead. The CHR image has no license keys, and can be used in limited speed mode (1Mbit) forever, or in unlimited mode for up to 60 days (afterwards, no more upgrading, although the system will continue to work). https://wiki.mikrotik.co...
by normis
Tue Jul 31, 2018 9:07 am
Forum: General
Topic: MT Forum problems (posting/upload)
Replies: 4
Views: 235

Re: MT Forum problems (posting/upload)

It is fixed now
by normis
Mon Jul 30, 2018 4:09 pm
Forum: The User Manager
Topic: Paypal
Replies: 21
Views: 1032

Re: Paypal

I suggest reading the posts, before posting same question again. Version 6.43rc40 Hi Normis, i don't understand ... 6.43rc40 hmm, 6.43rc45 is now available for download or you mean something different? Yes, of course that all newer versions also include the fix. 6.43rc40, 6.43rc41, 6.43rc42, 6.43rc...
by normis
Mon Jul 30, 2018 12:15 pm
Forum: The User Manager
Topic: Paypal
Replies: 21
Views: 1032

Re: Paypal

You can tell by the RC name, that the "Current release" with the fix is going to be v6.43, not 6.42.x