Community discussions

MikroTik App

Search found 54 matches

by ivanfm
Fri Jan 12, 2024 9:59 pm
Forum: Announcements
Topic: v7.14beta [testing] is released!
Replies: 510
Views: 149958

Re: v7.14beta [testing] is released!

Having a problem with fetch and response with content-length: 0, the behaviour is different from 7.13.1 but does not work. reported as SUP-140354 on 7.13.1 got : failure: ERROR parsing http: there was no content-length or transfer-encoding on 7.14beta6 got : failure: ERROR parsing http: content-leng...
by ivanfm
Fri Dec 15, 2023 4:17 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 257476

Re: v7.13 [stable] is released!

It is probably just me, but upgrading from 7.12 to 7.13 on AWS broke the instance again and it does not boot any longer. I had the same issue upgrading to 7.12 and was forced to recreate the instance. Isn't there anything I can do to just get the upgrade on AWS working properly? --Michael Have you ...
by ivanfm
Thu Jun 15, 2023 3:24 pm
Forum: Announcements
Topic: v7.10, 7.10.1 and more [stable] are released!
Replies: 369
Views: 129380

Re: v7.10 [stable] is released!

Why is a stable version released with a half-hearted implementation of the change in time format? I think it is a good change in principle, but it seems controversial for scripting (discussion elsewhere) and now we have a mix of formats all over the place. Would it not be better to make the complet...
by ivanfm
Wed May 31, 2023 9:44 pm
Forum: Announcements
Topic: v7.10rc is released!
Replies: 183
Views: 52920

Re: v7.10rc is released!

I don't see that behavior on RB5009. All time/date indications are correct for me. Terminal, webfig and winbox. (and before anyone starts about the time diff on terminal output, I did not refresh the terminal screen ...) I'm using RG751G. Now testing to use yout timezone Brussels I found that each ...
by ivanfm
Wed May 31, 2023 9:14 pm
Forum: Announcements
Topic: v7.10rc is released!
Replies: 183
Views: 52920

Re: v7.10rc is released!

The date show in webfig is wrong with this rc1.

Now its showing "2023-05-30" and "/system/clock/print" on console shows correct date 2023-05-31.
by ivanfm
Wed May 03, 2023 6:57 pm
Forum: Announcements
Topic: v7.9 [stable] is released!
Replies: 242
Views: 54465

Re: v7.9 [stable] is released!

Being a person that uses the webfig much more than winbox, this change: . *) webfig - added inline comments; . is plain terrible. I'd love being able to at least choose the old behavior and having the comments on a different line instead of inline. Please consider having this as an option and not f...
by ivanfm
Fri Sep 11, 2020 9:20 pm
Forum: General
Topic: Feature Request: IPv6 NAT support
Replies: 19
Views: 11851

Re: Feature Request: IPv6 NAT support

Prefix translation is very usefull and available on linux kernel.

Not everyone can get an ASN to have fixed ipv6. My home provider changes my /64 ipv6 delegated prefix each week.

Using internal address and prefix translation make very easy to overcome this.
by ivanfm
Fri Nov 01, 2019 6:14 pm
Forum: General
Topic: SSTP & IPv6
Replies: 26
Views: 9782

Re: SSTP & IPv6

The are 6.44.7 where is support of some tunnel over ipv6?
GRE6, EOIP6

I have tested until 6.45.5 and there is a confirmed bug that sometimes just drop big packets.
I did not have tested with 6.45.7 yet.
by ivanfm
Sat Jul 27, 2019 2:06 pm
Forum: General
Topic: PPP Issues after upgrade to v6.45.1
Replies: 5
Views: 2666

Re: PPP Issues after upgrade to v6.45.1

There are a problem with passwords sent to radius in 6.45.1.

The problem is corrected in 6.45.2
by ivanfm
Tue Jul 02, 2019 10:56 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 196428

Re: v6.45.1 [stable] is released!

RouterOS version 6.45.1 (2019-Jun-27 10:23) has broken RADIUS PAP auth!!! We have 500+ clients with Mikrotik devices and 27 june in our RADIUS server we see many errors from Mikrotik devices: Mon Jul 1 11:04:53 2019 : Auth: Login incorrect (rlm_pap: CLEAR TEXT password check failed): [XX-XX-FA-92-1...
by ivanfm
Tue Jul 02, 2019 6:20 pm
Forum: General
Topic: Regression: wireless security-profile radius-mac-mode=as-username-and-password sends garbage
Replies: 1
Views: 1892

Re: Regression: wireless security-profile radius-mac-mode=as-username-and-password sends garbage

Same problem with hotspot, opened ticket with support : #2019070222007151
by ivanfm
Mon Jul 01, 2019 4:47 pm
Forum: Announcements
Topic: v6.43.16 [long-term] is released!
Replies: 12
Views: 22589

Re: v6.43.16 [long-term] is released!

Ditto on the recent Linux DOS vulnerabilities update - will Long-Term receive it and when. If not, please provide recommended Firewall filter rules. Thank you. The advisory linked to in the blog post suggest blocking TCP traffik with a low MSS, but doesn't mention what this "low MSS" is. ...
by ivanfm
Tue Jun 25, 2019 5:27 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631818

Re: Feature requests

Hey, Mikrotik team! Please extend "netwatch" funtionality a little bit. It is a nice feature, but so undeveloped. It will be nice to have an option to set amount of ping to send before change status to down and at its frequency. ..and the possibility to set source address (e.g. remote ips...
by ivanfm
Fri Mar 29, 2019 8:30 pm
Forum: Wireless Networking
Topic: Mikrotik CAPSMAN + SONOFF(ITEAD) devices
Replies: 10
Views: 7712

Re: Mikrotik CAPSMAN + SONOFF(ITEAD) devices

My home network is capsman based. I got 10 sonoff basic installed in the network without much problems.

I have used the "Compatible Pairing Mode (AP)" from the ewelink app on Android.
The "Quick Pairing mode (Touch)" which is the default mode does not worked.
by ivanfm
Tue Mar 19, 2019 6:45 pm
Forum: General
Topic: tool fetch - 2xx HTTP response codes
Replies: 3
Views: 4598

Re: tool fetch - 2xx HTTP response codes

Hello, I do have a simular problem: I want to implement a digest web authentification. The first step is to do a request to the server. The server will answer with 401 error but addional infos in the response. How to caputure the responce into a textfile or variable? Mikrotik scripting is not accep...
by ivanfm
Fri Mar 01, 2019 4:18 pm
Forum: Scripting
Topic: POST Request with fetch
Replies: 83
Views: 117809

Re: POST Request with fetch

This things will be better when authentications like digest is implemented for fetch command because some new devices are not supporting more the basic authentication.
by ivanfm
Wed Jan 02, 2019 3:24 pm
Forum: Announcements
Topic: Product comparison matrix
Replies: 30
Views: 26391

Re: Product comparison matrix

This javascript library has many functions for filter, sorting and formatting that can be usefull for this matrix : https://mottie.github.io/tablesorter/docs/ Please add the filter and sort2hash modules. This will make very easy to create views of this table and pass the links to "show" on...
by ivanfm
Mon Oct 29, 2018 7:32 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 50777

Re: v6.43.4 [stable] is released!

Hi Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28 It's not MiktoTik problem. All websites I can found show GMT +03:00 for Volgograd today, even Google. If +04:00 is true, it needs to be fixed in TimeZone Database, not in applications. This Volgograd change was ...
by ivanfm
Fri Oct 26, 2018 3:12 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 56230

Re: v6.42.9 [long-term] is released!

Bridge always worked that way and if suddenly bridge with inactive (no ports) will not have running flag, it will break all configurations with loopbacks and other configurations where bridge is used as dummy interface. In the migration from master to bridge you have break an always working configu...
by ivanfm
Tue Oct 23, 2018 1:49 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 56230

Re: v6.42.9 [long-term] is released!

I have posted repeatedly why this is unacceptable. To be honest, never saw such posts. Any links? Anyway, have you reported to support@mikrotik.com? I have found a single post about this : https://forum.mikrotik.com/viewtopic.php?f=21&t=123936&p=626322#p626322 It's a valid use case. But I a...
by ivanfm
Mon Sep 10, 2018 9:27 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70816

Re: v6.43 [current] is released!

After updating on all my devices I see such a picture. https://forum.mikrotik.com/download/file.php?mode=view&id=33580 https://forum.mikrotik.com/download/file.php?mode=view&id=33579 I have found this "setW60Gap" variable in one of my upgraded devices (751G-2HnD). I have not found...
by ivanfm
Fri Aug 10, 2018 5:25 pm
Forum: General
Topic: New IP cloud is coming.
Replies: 84
Views: 46713

Re: New IP cloud is coming.

coming to the router near you soon: $ host <serial>.sn.mynetname.net <serial>.sn.mynetname.net has address 192.168.88.1 <serial>.sn.mynetname.net has IPv6 address 2001:db8:1337:beef::ada Suggestion : add an option in cloud service to add an extra personal prefix. like "xyz" when user defi...
by ivanfm
Wed Jul 25, 2018 1:49 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 222324

Re: v6.43rc [release candidate] is released!

Drop of RADIUS PAP support for ssh logins is a big problem for us too. We're using a one-time password implementation which is impossible to integrate with MS-CHAPv2 - the security appliance only stores the hash of the PIN (fixed part of the password) and because of this cannot support MS-CHAPv2 si...
by ivanfm
Wed May 23, 2018 10:58 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 222324

Re: v6.43rc [release candidate] is released!

*) backup - do not encrypt backup file unless password is provided; I like the current way it works the backup is encrypted with admin password. Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a s...
by ivanfm
Mon Apr 30, 2018 10:49 pm
Forum: General
Topic: Disable DHCP on LTE ?
Replies: 11
Views: 7499

Re: Disable DHCP on LTE ?

I also want to disable this automatic DHCP client.

I want my mikrotik in a fixed IP address to use the DMZ service on LTE modem.

The modem does not have option to specify fixed addresses neither has options to reduce the dhcp range.
by ivanfm
Sun Apr 29, 2018 10:47 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 98654

Re: v6.42.1 [current]

Does 6.42.1 force SSH host key renewal on first login after the upgrade? The SSH host keys are changing on every router I upgrade and I want to rule out the unlikely MITM. A few of my devices have changed keys, many of them retained the old key. I did not find motive to rebuild key in some and not ...
by ivanfm
Mon Apr 23, 2018 6:39 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 203
Views: 258439

Re: Advisory: Vulnerability exploiting the Winbox port

That is true, yes. We have a nice article on how to make your device secure, I suggest everyone read it, as it contains most of the basics: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router normis some of the commands in this article works only in old versions. Like mac-server now uses an ...
by ivanfm
Tue Apr 10, 2018 5:18 pm
Forum: Scripting
Topic: Feature request: tool/fetch new property - no-log
Replies: 17
Views: 8335

Re: Feature request: tool/fetch new property - no-log

will be nice an option to log only on error.

no messages when got and 200 response, but log for connection error or different status code.
by ivanfm
Tue Mar 13, 2018 7:01 pm
Forum: Scripting
Topic: Built in function library
Replies: 132
Views: 134733

Re: Built in function library

My suggestions : ISODateTime - returns date/time in ISO format, great for saving backup files, that can be ordered, currently the ROS date used month as text. FlashPrefix - receive an filename and return it with /flash/ when the device has an /flash directory to keep saved files Function to keep onl...
by ivanfm
Sun Mar 04, 2018 2:21 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 537
Views: 189424

Re: v6.42rc [release candidate] is released!

You can always configure OpenDNS as your DNS server, either as the DNS for the router itself and then advertise the router address as DNS server in DHCP or by advertising the OpenDNS servers in DHCP, and then configure an OpenDNS account on your internet address with the settings you like. You do n...
by ivanfm
Sun Mar 04, 2018 2:03 pm
Forum: Scripting
Topic: disable reset button
Replies: 10
Views: 20260

Re: disable reset button

Is there a way to just disable the backup when doing reset by button ?

The reset can be made, we just don't want the previous configuration to be preserved in any place.
This will be safer for vpn passwords and other private data.
by ivanfm
Sat Jan 20, 2018 11:54 am
Forum: Announcements
Topic: Securing your device is important
Replies: 50
Views: 42647

Re: Securing your device is important

/ip firewall filter # ensure this is at the top of the rule list add action=accept chain=input comment="allow admin access to router from authorized clients" dst-port=22222,8888,8291 in-interface-list=!WAN protocol=tcp Will be very nice if mikrotik add to the dst-address-type an other opt...
by ivanfm
Thu Jan 11, 2018 12:38 pm
Forum: General
Topic: Why is it not possible to login hotspot users via API?
Replies: 16
Views: 7088

Re: Why is it not possible to login hotspot users via API?

Configure your hotspot to use radius.

In your radius server you can decide which users can be logged or not.

There are many mini radius servers that can be used to make this happens with small adjustments.
by ivanfm
Wed Jan 03, 2018 5:37 pm
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 53298

Re: Dual band AP for home use, SSID same or different?

Standard users does not understand 2.4G and 5G, but they can understand that network XX-2.4G are better in some places of the house than the XX-5G. When I had used same ssid for two networks was very difficult to troubleshot remotely. Using different ssid make easier even for non technical users to ...
by ivanfm
Thu Nov 02, 2017 2:09 pm
Forum: General
Topic: Feature Request: RADIUS 'test'
Replies: 26
Views: 21054

Re: Feature Request: RADIUS 'test'

+1

I think we should have two options :

1. Just send the request following the radius order
2. Send the request for one specific radius server
by ivanfm
Thu Nov 02, 2017 1:18 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 207613

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc50 (2017-Oct-30 10:13):
*) radius - limited RADIUS timeout maximum value to 3 seconds;
do not do this, our system on average 1~5 seconds to process the radius package
please leave this field customizable

We also have to use 5 seconds.
by ivanfm
Thu Sep 07, 2017 7:30 pm
Forum: General
Topic: Olivetti Olicard 500 4G USB Modem not detected
Replies: 9
Views: 3257

Re: Olivetti Olicard 500 4G USB Modem not detected

For ppp you should enable ipv6 in the ppp profile selected in the ppp connection.

Look this :

https://wiki.mikrotik.com/wiki/3G_confi ... with_Tele2
https://wiki.mikrotik.com/wiki/Manual:P ... r_Profiles

If your provider gives PD you should configure PD.
by ivanfm
Wed Sep 06, 2017 7:06 am
Forum: General
Topic: Olivetti Olicard 500 4G USB Modem not detected
Replies: 9
Views: 3257

Re: Olivetti Olicard 500 4G USB Modem not detected

brunoeco do you know if this modem works with ipv6 ?

Thanks
by ivanfm
Mon Aug 28, 2017 6:44 pm
Forum: Scripting
Topic: Valid Ip in conection ppp-out 3g/4g Vivo
Replies: 11
Views: 3741

Re: Valid Ip in conection ppp-out 3g/4g Vivo

There are many tutorials in the wiki showing how to make VPN using mikrotik. https://wiki.mikrotik.com/wiki/Category:VPN https://wiki.mikrotik.com/wiki/Tunnels You could use an standard linux or an Mikrotik CHR at AWS . For best performance try to use ipsec To work from any place the sstp is the bes...
by ivanfm
Mon Aug 28, 2017 5:08 pm
Forum: Scripting
Topic: Valid Ip in conection ppp-out 3g/4g Vivo
Replies: 11
Views: 3741

Re: Valid Ip in conection ppp-out 3g/4g Vivo

In some places the providers are giving only the CGNAT addresses, you can try to change operator. I use TIM and got valid IPV4 address, and IPv6 (São Paulo). Another solution which I use to keep access and to be away from port blocking is to create a VPN from the router to a place where you have an ...
by ivanfm
Sat Apr 29, 2017 6:00 pm
Forum: Announcements
Topic: v6.39 [current]
Replies: 89
Views: 53721

Re: v6.39 [current]

Updated some devices :

RouterBOARD wAP 2nD r2 : all configuration was lost, the device had to be reconfigured from scratch.
RB951 and 751 : without trouble.
by ivanfm
Mon Feb 20, 2017 5:43 pm
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 9128

Re: HTTPS URLs not working in hotspot walled garden

Maybe that's how it happens, but it's not the best way. Maybe that's why I'm having multiple domains of google released incorrectly. Today, HTTPS requests use TLS and browsers support SNI existem, in which the name of the server is sent. Https://en.wikipedia.org/wiki/Server_Name_Indication Can you ...
by ivanfm
Fri Feb 17, 2017 6:38 pm
Forum: General
Topic: socks service with IPV6
Replies: 2
Views: 1599

socks service with IPV6

Hi, anyone has tried to use the mikrotik socks service via IPV6 ? I have the service enabled, it accept connections on ipv4, but I got connection refused when trying to connect via ipv6 address. The firewall is correct and connections are enabled. I want to use the socks service to make some IPV4 se...
by ivanfm
Mon Jan 23, 2017 3:21 pm
Forum: RouterBOARD hardware
Topic: Choosing Mikrotik HW for my house
Replies: 12
Views: 4317

Re: Choosing Mikrotik HW for my house

Thanks for all the info! ;) I have an good offer for RB951G-2HnD, which should be used as router (for some time, later changed for RB750Gr3 probably), RB751U-2HnD also used but great price. Connected by Ethernet together and where needed I will buy mAP/cAP/hAP/*lite and decrease power for RB951/RB7...
by ivanfm
Sat Dec 17, 2016 1:23 pm
Forum: General
Topic: LTE modem not detected
Replies: 13
Views: 9443

Re: LTE modem not detected

Same Issue - ZTE MF823L modem, sim unlocked, works fine direct on a linux machine as an ethernet device. Detected correctly in mAP 2n ----------------- routerboard: yes model: RouterBOARD mAP 2n firmware-type: ar9330L factory-firmware: 3.17 current-firmware: 3.24 upgrade-firmware: 3.24 -------------...
by ivanfm
Sat Oct 22, 2016 4:48 am
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 9128

Re: HTTPS URLs not working in hotspot walled garden

If two names with different rules resolve to the same IP, then what do you expect the Mikrotik to do?

Considering that it connect check inside the https , it should permit both names, because the IP is permitted.
by ivanfm
Tue Oct 18, 2016 9:35 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 2633

Re: IPv6 Tunnel over https

Create your SSTP VPN as documented here : http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP on client add static ip on the interface and the route /ipv6 address add interface=CLIENT_VPN_INTERFACE address=CLIENT_IPV6_ADDRESS advertise=no /ipv6 route add dst-address=THE_ADRESSESS_TO_ROUTE gateway=CL...
by ivanfm
Sun Oct 16, 2016 4:08 am
Forum: General
Topic: is possible to generate certificates with SHA1 fingerprint ?
Replies: 2
Views: 1664

Re: is possible to generate certificates with SHA1 fingerprint ?

I known it will be phase out, but the official client does not support in Android and Windows, this can be a big problem how we can have a very secure server if most of clients connect to it.
by ivanfm
Sun Oct 16, 2016 12:04 am
Forum: Wireless Networking
Topic: wifi scan disabling the broadcast ssid
Replies: 1
Views: 1483

wifi scan disabling the broadcast ssid

I was testing the wireless scan and found a problem. using version 6.37.1 After doing wireless scan : /interface wireless scan wlan1 duration=10s save-file=wireless-scan the device stops broadcasting the SSID, if I disable/enable the wlan1 on webfig interface it returns, or if I just enable by comma...
by ivanfm
Sat Oct 15, 2016 11:09 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 2633

Re: IPv6 Tunnel over https

I'm using IPV6 on SSTP VPN with mikrotik.

The server does not pull the address for client, but if you configure static address and routes the ipv6 traffic goes fine.

Will be very nice if mikrotik get the IP from radius and pull to the client.
by ivanfm
Sat Oct 15, 2016 10:28 pm
Forum: General
Topic: is possible to generate certificates with SHA1 fingerprint ?
Replies: 2
Views: 1664

is possible to generate certificates with SHA1 fingerprint ?

According to the docs http://wiki.mikrotik.com/wiki/Manual:System/Certificates "All certificate fingerprints are SHA1. Starting from v6.18 sha256 is used for certificate fingerprints and hashes" I'm using internal generated certificates with openvpn, and the "OpenVPN Connect" cli...
by ivanfm
Sat Oct 15, 2016 10:22 pm
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 9128

Re: HTTPS URLs not working in hotspot walled garden

I understand that mikrotik cannot lookup inside the packets to see the real request destination by Host header. But the hotspot code can have an option to check the DNS resolutions (yes All DNS resolutions are being made by the mikrotik) and when there are an resolution for a name in walled garden f...
by ivanfm
Sat Oct 01, 2016 1:18 am
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 9128

Re: HTTPS URLs not working in hotspot walled garden

I have found this problem in my tests with version 6.36 and 6.37. What I have discovered (replaced original domains ) : http://www.xyz.com works https://www.xyz.com does not work the walled garden have the www.xyz.com host with allow entry. Currently the www.xyz.com is not an A record in DNS but an ...
by ivanfm
Sat Jun 15, 2013 3:38 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 74837

Re: RouterOS 6.1 released

I have upgraded from 5.25 to 6.1.
After upgrade I cannot login using web interface using Chrome 27.0.1453.110(Linux).

I got the message "ERROR: Internal Server Error"

I can connect to web interface using firefox, and I can connect using ssh.