Community discussions

MUM Europe 2020

Search found 40 matches

by friction
Mon May 04, 2015 12:55 pm
Forum: General
Topic: Feature Request: Suricata
Replies: 20
Views: 7246

Re: Feature Request: Suricata

you can use Suricata right now without waiting http://robert.penz.name/849/howto-setup-a-mikrotik-routeros-with-suricata-as-ids/ I use it with Kibana, Elasticsearch and logstash. Take the sniffer tool and make remote logging to your suricata box. Agreed that that is a possible solution, but I actua...
by friction
Mon May 04, 2015 12:52 pm
Forum: General
Topic: Feature Request /31 Subnet
Replies: 30
Views: 11147

Re: Feature Request /31 Subnet

Implementing RFC3021 is long overdue.

I for one simply do not use the Mikrotik /32 method because IP designs should avoid depending on proprietary features when a perfectly good RFC is available, suitable and supported by multiple vendors.
+1
by friction
Fri May 01, 2015 10:50 am
Forum: General
Topic: Feature Request: Suricata
Replies: 20
Views: 7246

Re: Feature Request: Suricata

Ok, I get that Mikrotik is focusing on making routers. But with suricata support for the Tilera architecture, Mikrotik could be exploiting this now to create an IPS. I am sure it will generate extra revenue, people buying this not because it is a router, but because it becomes a capable IPS. What is...
by friction
Thu Feb 19, 2015 3:38 pm
Forum: General
Topic: Feature Request: Suricata
Replies: 20
Views: 7246

Re: Feature Request: Suricata

+1 for suricata on Mikrotik CCR (and x86 I suppose)

If you can bind that into firewall policies... "action=inspect" etc...
That would be totally fine ;)
by friction
Thu Feb 19, 2015 3:11 pm
Forum: Announcements
Topic: hAP lite
Replies: 392
Views: 168485

Re: hAP lite

Nice product for the price! Now I am curious what is coming next! I like this hAP line already ;)

A gigabit PoE-in version would even be better, as others suggested already.
On to a hAP with .ac ;-)
by friction
Sat Nov 22, 2014 6:18 pm
Forum: General
Topic: Feature request: Netinstall on all ports
Replies: 9
Views: 2661

Re: Feature request: Netinstall on all ports

I can see the usefulness of allowing this on additional, if not all, ports.
+1!
by friction
Fri Nov 21, 2014 2:33 am
Forum: General
Topic: Physical Port Name
Replies: 11
Views: 3722

Re: Physical Port Name

It should keep Ethernet/physical port naming conventions; If I run the export command, the configuration of a given physical port looks like the following: set [ find default-name=ether4 ] name=ether04 This should ensure that when transferring the configuration the port naming should remain the same...
by friction
Thu Nov 20, 2014 9:51 pm
Forum: General
Topic: Physical Port Name
Replies: 11
Views: 3722

Re: Physical Port Name

What about working with an alias like system? think symlink(hardlink) of the linux system... But that would turn into a mess as well probably.. but it would be up to the user(administrator). Be aware there is a field "default-name", which, to my knowledge, can't be changed and holds the original nam...
by friction
Fri Oct 17, 2014 9:59 am
Forum: General
Topic: Fritz Box mit Firmware 6.20
Replies: 4
Views: 2280

Re: Fritz Box mit Firmware 6.20

I think you have a better chance of help if you post your questions in English.
I tried to figure it out using Google Translate, but I don't think I understood the question.
by friction
Fri Oct 17, 2014 9:27 am
Forum: General
Topic: Feature Request - nDPI package for Cloud Core Router
Replies: 12
Views: 4269

Re: Feature Request - nDPI package for Cloud Core Router

My opinion is that we will never see such features in ROS. There are much more simple problems and features asked for years never done. There is no reason to ask for these. On the other hand, releasing an affordable platform for IPS/IDS functionality (with suricata perhaps) would be a very nice opp...
by friction
Sun Jul 27, 2014 3:29 pm
Forum: General
Topic: VOTE FOR PACKETFENCE SUPPORT
Replies: 32
Views: 9343

Re: VOTE FOR PACKETFENCE SUPPORT

+1 vote
by friction
Fri Jun 06, 2014 12:12 pm
Forum: General
Topic: Possible Alternative to OpenVPN
Replies: 3
Views: 1797

Re: Possible Alternative to OpenVPN

Well at a first glance it looks very very promising... but I'll need to test it out first in order to form a proper opinion :)
by friction
Sun May 25, 2014 11:40 pm
Forum: General
Topic: Feature request: Stateful HA with Conntrackd
Replies: 30
Views: 7587

Re: Feature request: Stateful HA with Conntrackd

+1 for HA (msrp - mikrotik standby router protocol?)
by friction
Sat Mar 08, 2014 10:50 pm
Forum: General
Topic: Feature Request: NTP & SMTP Hostname
Replies: 3
Views: 1567

Re: Feature Request: NTP & SMTP Hostname

Maybe they`ll add this in a later release?
They did for a lot of other tools...

I see where this can be handy... Most utilities should support this.
by friction
Sun Nov 24, 2013 5:01 pm
Forum: General
Topic: Feature Request: DHCP-Client On Lease Script...
Replies: 14
Views: 4056

Re: Feature Request: DHCP-Client On Lease Script...

In general, it would be nice that more events get an on-event hook for launching scripts...

+1 for dhcp-client on lease script.
by friction
Fri Nov 15, 2013 10:28 am
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 95454

Re: Feature request: OpenVPN compression LZO and UDP

so... If Metarouter can run some virtual router with OSPF we should ditch the OSPF feature in Mikrotik as well?
Metarouter is not the solution.

+1 for LZO and UDP in ROS.
by friction
Tue Oct 01, 2013 11:54 am
Forum: Beginner Basics
Topic: How to route between networks without using NAT
Replies: 5
Views: 1687

Re: How to route between networks without using NAT

Your assumptions are correct :) They should autodiscover, as RIP uses broadcast by default, so no need to define each other as 'neighbors'. You only need to add the networks you want to route for on both routers. On the mikrotik you will need to add your default LAN network (192.168.0.0) and your ot...
by friction
Mon Sep 30, 2013 11:11 am
Forum: Beginner Basics
Topic: How to route between networks without using NAT
Replies: 5
Views: 1687

Re: How to route between networks without using NAT

When you use NAT to connect to a host in the same network as the 192.168.0.26 interface, your connection appears to be originating from 192.168.0.26, so devices know how to reach your mikrotik. (because they are in the same network) If you turn NAT off, and you are trying to reach 192.168.0.10 for e...
by friction
Sun Sep 29, 2013 1:36 pm
Forum: Beginner Basics
Topic: Comodo TrustConnect, openvpn
Replies: 1
Views: 831

Re: Comodo TrustConnect, openvpn

The client config of the linux client is as follows: client dev tap proto tcp remote us1.vpn.comodo.com 443 remote us2.vpn.comodo.com 443 remote uk1.vpn.comodo.com 443 remote-random auth-user-pass resolv-retry infinite nobind persist-key persist-tun pull remap-usr1 SIGTERM ca ca.crt ns-cert-type ser...
by friction
Sat Sep 21, 2013 1:45 pm
Forum: Beginner Basics
Topic: OpenVPN
Replies: 1
Views: 525

Re: OpenVPN

Your VPN clients need to know how to reach your network (192.168.0.0 255.255.255.0 I presume). On a linux (or windows) ovpn server, you push routes to your clients. This is not possible on a mikrotik, so you will have to add a route towards your VPN gateway yourself on your client machine. Another w...
by friction
Thu Sep 19, 2013 5:41 am
Forum: Beginner Basics
Topic: Help configuring RB2011L-IN
Replies: 2
Views: 1058

Re: Help configuring RB2011L-IN

1:1 NAT seems to be the easiest. You can add each IP address you own on the router's WAN interface and add specific NAT rules. You could still use vlans however, if you're a bit adventurous. I know the switch has no configuration options, but that is not a dealbreaker per se . If'm not mistaken, a d...
by friction
Fri Sep 13, 2013 6:09 pm
Forum: General
Topic: Routes / Masquerading
Replies: 7
Views: 1572

Re: Routes / Masquerading

I did it like this, you can do it without dst-address:
add action=dst-nat chain=dstnat dst-port=2161 in-interface=\
    br-WAN protocol=udp src-address-list=NXXS-mgmt to-ports=\
    161
br-WAN is the gateway interface... I used an address list for source, security-wise.
by friction
Fri Sep 13, 2013 4:16 pm
Forum: General
Topic: Feature request: DNS based address resolution for tools
Replies: 10
Views: 4083

Re: Feature request: DNS based address resolution for tools

I see in 6.3 you added this for pptp, l2tp and sstp, and now in 6.4 for ovpn as well. Thanks!
by friction
Thu Sep 05, 2013 3:26 pm
Forum: General
Topic: Reproducible crash&reboot using inject-pcap
Replies: 8
Views: 2958

Re: Reproducible crash&reboot using inject-pcap

EDIT: This post might not be related at all, as cimMT pointed out below. I can confirm similar issues. I have an RB2011 and an RB751G with vlan trunking between them. I have not investigated more closely, but the RB2011 with 6.x used to crash every 20-40 minutes with the same log entry: "router was ...
by friction
Fri Aug 09, 2013 9:13 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 91219

Re: v6.2 released

Anyone else experiencing this on a RB2011UAS-2HnD or similar? It keeps crashing continuously since last firmware upgrade towards ROS 6.2 (two days ago): (28 messages not shown) aug/09/2013 15:54:39 system,error,critical router was rebooted without proper shutdown by watchdog timer aug/09/2013 16:39:...
by friction
Wed Aug 07, 2013 6:55 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 91219

Re: v6.2 released

Darn, you're right, it was not the final 6.2... Works perfectly now. +1 to you sir. (hours lost...)
Works for me. Are you running final build (not pre-release)? Because this problem was fixed in one of the last builds
by friction
Wed Aug 07, 2013 5:05 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 91219

Re: v6.2 released

I can confirm global variables are somewhat broken, even with all policies assigned: Scripts: 2 name="add-global" owner="admin" policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api last-started=aug/07/2013 15:07:38 run-count=1 source= :global arandomglobal "This is the value ...
by friction
Thu Aug 01, 2013 9:33 am
Forum: General
Topic: Mikrotik GPS Sync just like Airfiber
Replies: 124
Views: 30771

Re: Mikrotik GPS Sync just like Airfiber

+1 for GPS sync
by friction
Tue Jul 30, 2013 11:16 pm
Forum: General
Topic: 6.2 Bug - Switch Type "Unknown" for Switch 1 on RB2011
Replies: 18
Views: 5258

Re: 6.2 Bug - Switch Type "Unknown" for Switch 1 on RB2011

Currently it is not planned. Those 3 settings are available only for AR8316 switch-chip.
Thank you for your clear answer!
by friction
Tue Jul 30, 2013 11:29 am
Forum: General
Topic: 6.2 Bug - Switch Type "Unknown" for Switch 1 on RB2011
Replies: 18
Views: 5258

Re: 6.2 Bug - Switch Type "Unknown" for Switch 1 on RB2011

But is is planned? If I'm correct, right now, it is only available on older routerboards, which are not even produced anymore.
by friction
Mon Jul 29, 2013 2:39 am
Forum: General
Topic: 6.2 Bug - Switch Type "Unknown" for Switch 1 on RB2011
Replies: 18
Views: 5258

Re: 6.2 Bug - Switch Type "Unknown" for Switch 1 on RB2011

I've tried the 6.2 linked above, and on my RB2011UAS-2HnD the chip is showing as an Atheros 8327. It was displayed correctly as well in version 6.1.
The vlan rule gives the same error though.
by friction
Thu Jul 25, 2013 8:35 am
Forum: General
Topic: Feature request: DNS based address resolution for tools
Replies: 10
Views: 4083

Re: Feature request: DNS based address resolution for tools

Bump

As many other things I would really like to see this happen, seems not so hard to implement.
by friction
Thu May 16, 2013 7:17 am
Forum: General
Topic: Feature request: DNS based address resolution for tools
Replies: 10
Views: 4083

Feature request: DNS based address resolution for tools

Would it be possible to add domain name resolution to certain tools and services? like ping and OpenVPN Clients? Right now I need to specify an IP address, but it would be more dynamic if you just could specify a domain name like "vpn.yourdomain.net" and let your dns-servers resolve the IP address. ...
by friction
Mon Apr 22, 2013 12:06 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1021138

Re: CLOUD CORE ROUTER

Does anyone get long pauses on the CCR? Almost like it's timing out? We've noticed we get this outage for about 5 seconds. If you are trying to login to the router at that time, the login hangs as well. Had this on all versions so far. I've got no CCR to compare this and I think I haven't got this ...
by friction
Sun Apr 21, 2013 11:43 pm
Forum: General
Topic: Vlan features in Atheros 8327 and 8227 based routerboards
Replies: 2
Views: 2788

Vlan features in Atheros 8327 and 8227 based routerboards

Are there any plans to fully support all vlan features in the Ar 8327 and Ar8227? like in the Atheros 8316? This would make the RB2011, RB751GL/G-2HnD and 951G-2HnD a little bit more complete, and more performing... the RB2011 would be a nice L3 bridge/switch http://wiki.mikrotik.com/wiki/Manual:Swi...
by friction
Thu Apr 18, 2013 12:07 pm
Forum: General
Topic: Feature Request: MTR
Replies: 72
Views: 25796

Re: Feature Request: MTR

Sometimes you don't have access to hosts on a remote network, but you do have access to the router. MTR Can be implemented as a replacement for traceroute, to reduce the 'bloatware-effect'

+1 for MTR
by friction
Tue Apr 09, 2013 9:36 am
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 95192

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thank for bringing up a thread more than a year old. What about automatically locking topic after let say 6 months of inactivity? not all topics get irrelevant after 6 months For me this topic will never become irrelevant as long it is not implemented. There is simply no alternative as flexible as ...
by friction
Mon Feb 18, 2013 4:37 pm
Forum: General
Topic: When Open VPN with UDP support and compression comes
Replies: 2
Views: 1775

Re: When Open VPN with UDP support and compression comes

I also wonder why this hasn't been implemented yet... To me it seems like it needs to be recompiled with more options and add a mapping between the Ros functions/commandline/api and the OpenVPN Configuration... It may be it is more difficult than this, but please, provide us with an exact reason Why...
by friction
Mon Jan 21, 2013 9:52 pm
Forum: General
Topic: OVPN on new versoins ROS 6.0 and 5.1...
Replies: 61
Views: 20148

Re: OVPN on new versoins ROS 6.0 and 5.1...

I would also like to see a real reason why OpenVPN's UDP feature has not yet been implemented in rOS...
One of the advantages of the UDP-version is that it creates less overhead for both the connection and the router...
Running a metarouter only to get the UDP version seems kinda ridiculous.