MikroTik

dksoft

On CCR2216. E.g. the router before the test server CHR#2.

I can en- and disable the VETH and the performance drops/rises. It does not care which IP-address the VETH has or if it's just empty. Only it's existence causes the problem.

dksoft

I digged some more hours into the problem at it's curious, right when I enable a VETH interface in the bridge, the problem appears.
Disabling it, even while a benchmark, brings performance back.

dksoft

Dear Mikrotik-lovers, maybe somebody could give me a brain storming: I am happy to provide more information about my configuration. For now, here is just the beef. Setup: <CHR#1 P10> - <CCR2004> - fiber 1000/500 (MTU 1500) ...Internet... fiber 1000/200 (MTU 1492) - <CCR2216> - <CHR#2 P10> There is a...

dksoft

Thanks for your input, you both. There are some limitations: - I must configure this at every device in my local network. But have no access to all devices on remote network. - There is no such option on Switch OS, like on my CSS610p devices. - I will still receive remote MNDP packages when popping ...

dksoft

For completeness, I have attached my bridge configuration below. The point is that I do have a VLAN 400 across an EOIP connection to another installation. To and from the remote installation, the router sends/receives MikroTik Neighbor Discovery protocol (MNDP). The aim is to block that procotol wit...

dksoft

Dear mkx,

thanks for your explanation!
I tried it and now have a much better understanding how it works.

dksoft

I would like to use VLAN tags with my SSIDs on AC devices using "wifi-qcom-ac" and the new WiFi CAPsMAN. The way before WiFi CAPsMAN was to simply add a VLAN tag to the datapath. This is still working on AX devices but on AC devices, I get the error message "vlan-id configured, but in...

dksoft

Yes, runs really nicely for me: Packages -> wireless -> uninstall. Files -> add wifi-qcom-ac. Reboot. Connect over cable, fix ports in the bridge, new interfaces are wifi1 and wifi2. Configure basic stuff using oneliner from https://help.mikrotik.com/docs/display/ROS/WiFi#WiFi-BasicConfiguration: T...

dksoft

Quick question before I waste more time: Is RBcAPGi-5acD2nD (cAP ac) supported by wifi-qcom-ac ? Yes, runs really nicely for me: Packages -> wireless -> uninstall. Files -> add wifi-qcom-ac. Reboot. Connect over cable, fix ports in the bridge, new interfaces are wifi1 and wifi2. Configure basic stu...

dksoft

Quick question before I waste more time: Is RBcAPGi-5acD2nD (cAP ac) supported by wifi-qcom-ac ? The device works with 7.13rc3 and wireless. But the wifi-qcom-ac is always greyed out and can not be enabled. Reading the new manual at https://help.mikrotik.com/docs/display/ROS/WiFi, it's in the compat...

dksoft

Is there any counterpart to the script variable "gateway-address" from IPv4 dhcp-client in the IPv6 dhcp-client? I would like to setup routing tables but the "options" variable does not contain the gateway nor does the variable "gateway-address" exist in IPv6 dhcp-clien...

dksoft

If I create a SUPOUT.RIF, all scripts are included. In my case they contain passwords for e.g. Telegram or DYDNS service that I do not want to reveal. For now I write the passwords in environment variables but their contents get lost after reboot. Therefore must be set in a startup script as well. A...

dksoft

Is there any clever way to prevent clients to redirect privileged ports (e.g. 22, 80, 443) if the UPnP service is enabled?

Thanks for any input
dksoft

dksoft

This is the solution I was looking for. It was not working right from the beginning because even I disabled WG and cleared all connections, there where open connections via the first and default WAN1. Rebooting the router made it work right away. DG_rt is routing table and mark for my WAN2. @Anav an...

dksoft

What's new in 7.11beta5 (2023-Jul-17 10:07): *) container - added IPv6 support for VETH interface; Can you please provide some instructions how to add dual-stack IPv4+IPv6 address to a container? Thanks dksoft /interface veth add address=10.0.0.6/20,fd00::6/64 comment="Docker container" g...

dksoft

Thanks for your quick input. I try to explain further my setup: I have two WAN. WAN1 has global IPv4. Is therefore reachable from outside and is default route. My router is WG server here, some road warriers are connecting. WAN2 is IPv4 CGNAT. Therefore outgoing only and should offload WAN1 for Wire...

dksoft

My setup has 2 WAN. For simplitifaction only IPv4, no incoming connections, both are masqueraded for outgoing only. Now I would like to route two (fixed IPv4 address based) outgoing WireGuard peers through the second WAN. All others through the first WAN. Any idea, how the mangle rule should look li...

dksoft

What's new in 7.11beta5 (2023-Jul-17 10:07):

*) container - added IPv6 support for VETH interface;

Can you please provide some instructions how to add dual-stack IPv4+IPv6 address to a container?
Thanks
dksoft

dksoft

Now, with 7.9, the transfer goes down to 1MByte/s. So 1GByte takes 10 minutes to transfer.

I installed rose-storage, reformatted the NVMe to ext4. No difference.
It can't be SFTP because transfer via Winbox is at the same speed.

Anyone experiencing the same problem?

dksoft

... Is it possible to add cap ax to an existing wifi network that is running on capsman with a lot of cap ac devices? ... - yes but not using old capsman. How can you handle a CAP AC device with the "new" CAPsMAN, e.g. the wifiwave2 based one? My understanding is that wifiwave2 package is...

dksoft

Legacy wifi APs (using wireless package) and wifiwave2 APs (like AC3, Chateau, ... but also all AX devices) are not compatible. Thanks for the clarification. Do I understand correctly, that I need two CAPsMAN installations if I want to use CAP AC XL and CAP AX in one network? Two installations mean...

dksoft

I though it might be as easy as before to integrate a CAP AX into my CAPSMAN network, but it is not. Any hint how to add a CAP AX into my existing CAPSMAN configuration to replace CAP AC XLs? My understanding is that wifiwave2 has to be installed on the CAPSMAN server, which is a CCR2216 on my site,...

dksoft

You can rename the disk to something of your liking, and then it will not change again. That is why this change was made (disk1 wasn't a stable name). Can you please advice how to rename the disk? I habe usb1 or nvme1 and if I change the name, the error "can not change device type (6)" ap...

dksoft

I guess you could confirm if your original code worked in 7.8beta2...

Can't as I switched to 7.8b3 because of the DNS/NOERR fix from 7.7.

dksoft

I think "output=none" is clearer, and theoretically avoids creation of the results array in memory from using "as-value output=user" (to then not use the array created). We are getting nearer: I changed "as-value output=user" to "output=none" and it failed. E...

dksoft

/tool fetch keep-result=no mode=https url="$FURL&hostname=host.boo.bar&myip=$IPv4" Well the difference between is "keep-result=no" vs "output=none". In theory... keep-result=no should have ignored the default output=file & do the same thing... At least in m...

dksoft

What did the /tool fetch line have before your change?

/tool fetch keep-result=no mode=https url="$FURL&hostname=host.boo.bar&myip=$IPv4"

dksoft

Before investigate if is roueros problem or not, is better write script correctly...

Does not care. If you read about the problem, it appears above.

dksoft

Same here, I changed to /tool fetch url="..." as-value output=user and things worked again. Could you share full script as you got working now if its not a problem ? Here is my he.net DDNS update script for IPv4 and IPv6. It was not running on 7.8b3 before I made the above change. :global...

dksoft

And another issue I just noticed on beta 3 my Dyndns script cant finish updating IP, it doesn't come to part where it writes to disk, but If I manually run script instead scheduler it finishes. I noticed same issue here. My dyndns script doesn't update anymore from on scheduler (although the "...

dksoft

For rsync - please read rose manual page. Please give me a help: All I find is this page: https://help.mikrotik.com/docs/display/ROS/ROSE-storage It only tells that rsync is support. I can't more searching the manual pages with keyword "rsync". Also, I can not find any information about &...

dksoft

dksoft - We will see about that...

This was about rsync support in ROSE-package as statet out in the online documentation.
All I found is /rsync-daemon set enabled=yes.

Any update how to use it?

dksoft

dksoft - We will see about that... New packages are included in stable versions when we can consider them "stable". At the moment we can not promise that ROSE-storage will be included in v7.8, but we will do our best in order to make that happen. Of course, even if it will not be released...

dksoft

The ROSE documentation tells about rsync support.
Is there any information how to use it?
Also, will ROSE be available with final 7.8 (asking because of experiences with container in the past) ?

Regards
dksoft

dksoft

Fixed in 7.8b3

dksoft

Hi,

there is a NVMe connected to my CCR2116. Using SFTP I get a transfer speed of around 15 MByte/s.
What might cause that slow transfer speed? I tested with SMB but this is even slower.

Best regards
dksoft

dksoft

Now we have containers, there is a lot of data on the external storage.
For now I use "scp" to backup that storage but it takes long and is always a complete backup.

Any idea for a good practice how to backup the external storage?

dksoft

My problem is with Alpine Linux v3.16 because the RouterOS 7.7 DNS server returns NXDOMAIN if an IPv6 entry does not exist, even that an IPv4 does exist. I tried other DNS, like DNSMASQ/Pi-hole in a Docker container and they return NOERROR instead. Unfortunately Alpine always asks for A and AAAA rec...

dksoft

Dear mkx, it took some time to answer because I tried more things regarding your suggestion and have a working solution now. Thanks for your input. The solution is very simple and I actually tried this before. Maybe the reboot did fix something. add bridge=LAN frame-types=admit-only-untagged-and-pri...

dksoft

Dear friends of MT, I do have to sites which are connected via EOIP. EOIP transports several tagged VLAN (100,200) between the two bridges of the sites. The default untagged (VLAN 1) network is not bridges between those sites. Here is an example of one site: /interface eoip add local-address=10.5.0....

dksoft

Hi,

all my mounts are mounted like:

/dev/nvme0n1p1 on /srv type ext4 (rw,nosuid,nodev,noexec,relatime)

Any idea how to mount without noexec?

dksoft

Dear Elico, thanks for taking care of my problem. I was using your container as referenced above. I noticed that you set "USER 101" in the Dockerfile before you start the daemon. That is the daemon is not running as root and I guess that it therefore can note write to /var/log and can not ...

dksoft

Any idea what is going wrong here? Maybe the user is not root? Thanks, dksoft Nov 17 21:02:55 router container,info,debug INFO: /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration Nov 17 21:02:55 router container,info,debug INFO: /docker-entrypoint.sh: Lo...

dksoft

Hi, I would like to restart pihole after I updated the custom.list via scp. E.g. execute the command "pihole restartdns" in the container. But there is no SSH enabled in the Docker image. One solution is to restart the container but there must be a better way. Is there any way to run a com...

dksoft

someone can help me to find error(s)? I stumbled into the same problem. For reference, here is my IPv4 and IPv6 configuration to route incoming package correctly back to my second WAN interface: /ip firewall mangle add action=mark-connection chain=prerouting connection-state=new \ in-interface=HETZ...

dksoft

My configuration uses a PPPoE client "dialin" to Deutsche Telekom FTTH with a MTU of 1492. If I tick "Change TCP MSS" in the PPP profile, things work much better. E.g. YouTube videos start and skip faster. But loading of Telegram Media like Images is very slow, e.g. take 10-15 se...

dksoft

Luky me: I installed a Linux netinstall-cli in the network and the WAP AC was in a state, that it network booted right after PoE reset.
WAP AC is recovered and online again.

dksoft

Lesson learned today: I chained a CAP AC and WAP AC over PoE. CAPsMAN was configured to "suggest same version" update the firmware. Now the first CAP updated, rebooted and interrupted PoE while the chained WAP was also updating. The result is a briked WAP AC which I could netinstall but th...

dksoft

*) firewall - added support for RTSP helper;
What is a "RTSP-Helper"? I know RTSP is some kind of Video-Straming Protocol. Why do I need a "helper" and for what reason?

-> viewtopic.php?t=172168

dksoft

The new RTSP helper in 7.5b4 works fine for me and solved my problems with Reolink cameras.

dksoft

*) firewall - added support for RTSP helper; Works! Great, thank you. I will try with multiple cameras and come back. Edit: I have multiple cams on the camera site (7.4) which are NATed with different ports x, y, z ... By simply adding all the ports in the "rtsp" entry under "service ...

dksoft

Doesn't seem so, still broken here with 7.2rc2

I checked back with support and the rc2/rc3 do not address the problem yet.

dksoft

Known issue, see the 7.2rc1 thread. More than 32 entries cause the problem.
Mikrotik acknowledged to work on that.

dksoft

Does the veth network range must be only 172.17.0.0/16 to get container to work?

You can use any address but you must remove and re-create the container after you changed any configuration including network configuration.

dksoft

0) Is it possible to try setup without VLAN? Does it work then? Yes. If you tag on an external device, in my case on a CRS317, things work. Some users report that a bridge on the RB5009 which adds the tag, works. Me an some others can not confirm this. 2) and support output file from router, that h...

dksoft

The ARM devices are nice, you should get one. I love my RB4011.
Use the MIPS device for something else

Regarding home routers I agree but if you go automative with the LtAP series, there is no choice. And ZeroZier makes much sense to reach the device from outside.

dksoft

Unfortunately the issue with RB5009 DHCPv6-PD over pppoe on tagged ethernet link is not fixed

It's not mentioned to be address in the release notes. But I want to confirm that I have the same result over here.

dksoft

I'm able to generate a kernel panic on a CCR2004-1G-12S+2XS (capsman controller) when I enable caps-mode on a 951Ui-2HnD. If I leave this enabled, the CCR is rebooting in a loop. Cap certificate was just generated, capsman controller is reached via IP, not discovery interface. There's nothing in th...

dksoft

Yep, still a problem on the RB5009 This could be related to the issue with DSCP in combination with PPPoE over VLAN described above. For me, the DCHPv6-PD over PPPoE over VLAN works, on a RB4011. But DSCP-marked traffic over PPPoE over VLAN (certain DSCP values) does not. Maybe in your case the DHC...

dksoft

Doest this testing version fix the DHCP-PD over PPPoE VLAN interface?

No, RB5009 fails. CCR2004 works.

dksoft

I ran into the same problem using Linux with a CCR2004. Was working smoothly before. The only solution I found was using a Windows 10 PC, with fixed IP 192.168.88.2 set to the ethernet interface, WLAN disabled and the netboot client IP set to 192.168.88.199. Also it was essential that a switch was c...

dksoft

If found that L2TP client login reboots my CCR2004. Have to disable L2TP-server for stable system.
This did not happen with rc4.

dksoft

I have upgraded rc4 to rc5 on ccr2004-16g-2s and everything looks normal. But when the l2tp client wants to connect, all the LED lights on the machine seem to be off, I don’t know if it is, restart it? And client failed to connect. When donwgrade to rc4, it returns to normal. I can confirm this on ...

dksoft

Known issue, they are working on it. Meanwhile you can use untagged and tag the VLAN on an external switch.

dksoft

Export creates code, that import can not read (starting with 7.1rc3): Unfortunately true. However, /export show-sensitive terse produces export code that can be imported successfully, for a full config restore. I can not confirm that. If there is a script in the command, as in my example above, it ...

dksoft

@dksoft, have you set use-ipv6=yes in your pppoe profile?

Yes. The configuration works if you remove the VLAN tag and tag outside, e.g. with a switch between RB5009 and modem.
The root of the problem is VLAN on RB5009.

dksoft

Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009: Have you tried to attach the vlan interface to the bridge and use the vlan filtering to allow only this vlan on that particular port? Yes, same result. As it works on CCR2004-1G-12X-2XS and RB4011, it might be something wi...

dksoft

Export creates code, that import can not read (starting with 7.1rc3): Export: /ip dhcp-client add add-default-route=no disabled=yes interface=FFNK script=":if (\$bound = \"\ Import: [admin@router] > import file-name=export.rsc verbose=yes #line 1 /ip dhcp-client #line 2 add add-default-rou...

dksoft

Still no IPv6 prefix via DHCPv6 if PPPoE interface is VLAN tagged on RB5009: /interface vlan add interface=ether1 name=FTTH vlan-id=7 /interface pppoe-client add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de /ipv6 dhcp-client add interface=TELEKOM pool-name=GUA-pool6 re...

dksoft

Try using docker pull --platform arm pihole/pihole instead of hash code. It doesn't help, it still shows amd64, I will try on another PC with fresh docker install Check with docker images and remove all before pulling a cross platform one. That helped me getting it the other way, e.g. from arm to a...

dksoft

Another bug:
Using "root-dir" expands a huge number of files. When "/files" starts, the CPU load becomes 100% and either WinBox crashes or the VM is completely overloaded.

Spoiler: Fixed in rc4

dksoft

Try using docker pull --platform arm pihole/pihole instead of hash code.

dksoft

viewtopic.php?f=1&t=178057

dksoft

It only happens when running pppoe over a tagged vlan. It works on an untagged link.

Hi noradtux,

very nice, thank you so much!

I created a bridge in my CRS317 that tags the traffic. It worked right away.
Now I update my support request and come back, if I receive any information.

dksoft

There is another problem: If you install a container to USB like root-dir=disk1/containers/pihole, a whole bunch of files are extracted. Now if you want to add another container you get as far as "/container/add file=" then the shell hangs. I guess this is because the command line completi...

dksoft

@dksoft Please send us a supout.rif file to support@mikrotik.com (referencing this forum discussion) so we can have look into this, as on "/container/remove" container data should have been cleared. Thanks for taking care of this. Please see SUP-59989. But the device is already netinstall...

dksoft

I did reset the configuration and the router was empty but the space still allocated.
Then I netinstalled the device and now the space is back again.

Looks like container and variables are only added but never purged if you chance or remove them.

dksoft

... the best way is to clean up containers occasionally: remove containers and remove also container images (directly in /file). No chance: /file is empty. Usage says 941.9 of 1025 used. Any no containers installed: [admin@router] /container> export # sep/09/2021 16:27:45 by RouterOS 7.1rc3 # softw...

dksoft

from what I've seen - anytime you change variable, you need to remove and create new container. Right, that helped. Thank you! But it's still strange. I have the tar on a USB stick and create a container using: add envlist=pihole file=disk1/docker/pihole.tar hostname=PiHole interface=veth1 logging=...

dksoft

Can it be that envs variables are not updated internally, when their value changes? E.g. I have changed the variable "ServerIP" and it now looks like: [admin@router] /container/envs> print 0 list="pihole" name="TZ" value="Europe/Berlin" 1 list="pihole&quo...

dksoft

RouterOS version 7.1rc3 has been released in public "development" channel!

dhcpv6-client is not working over PPPoE on RB5009.
Can you please have a look at this: viewtopic.php?f=1&t=178350&p=878495#p878495 ?

dksoft

I netinstalled a RB5009 to rc2 and rc3. The problem still exists. Here is my minimal configuration: /interface vlan add interface=ether1 name=FTTH vlan-id=7 /interface pppoe-client add add-default-route=yes interface=FTTH name=TELEKOM user=xxx#0001@t-online.de /ipv6 dhcp-client add interface=TELEKOM...

dksoft

As noted here You can use external storage (via USB ports) to keep .tar files (which can be deleted after container has been created) and container data itself (by using "root-dir=" when creating a container) So a CCR2004-16G-2S+ would be able to execute a 400MB docker image from an attac...

dksoft

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage.
CCR1s are Tile based.

Will there be any use of the Docker feature on the Cloud Core Router devices?

dksoft

That is really curious and maybe some one has an idea: Using 7.1rc2 and rc3 I can not get an IPv6 prefix using dhcpv6-client. It's stuck at searching. The exact same configuration (export/import) works seamless on a CCR2004 and RB4011! I even replaced the RB5009 with another one and created a minima...

dksoft

Using the new Let's Encrypt command creates a certificate like "letsencrypt-autogen_2021-09-03T09:39:38Z". Do I need to setup a schedule in order to renew it after 60 days? The certificate is renamed after each renewal. Can I rename it to something constant, so it's easier to integrate int...

dksoft

IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though. Must set the use IPv6 flag in the PPP Profile, also if you enabled default route in the PPPoE login, do not set it in dhcpv6-client. IPv6 actually works but I also had many problems after migration from v6.

dksoft

I had the same problem, so I rollback to rc1.
Can you both please send your supout.rif files to support@mikrotik.com?

I found where the problem is caused from. Please see here: viewtopic.php?f=1&t=178133#p876697

dksoft

May someone of the bridge-gurus please have a look and advice, what I am doing wrong here? Till v7.1rc1 my configuration worked well, starting with rc2 the following error appears when clients connect via L2TP Sep 2 16:14:04 router ipsec,info INFO: respond new phase 1 (Identity Protection): 84.166.2...

dksoft

Maybe it's the problem I am having: The router reboots endless. It helped to unplug the cables und re-insert after 20 seconds. Problem is based on CAPsMAN. If CAPs connect very early and create interfaces, the router reboots. As the problem still exists, my current fix is to disable CAPsMAN and re-e...

dksoft

And do not do something like this: /ipv6 pool add name=LLA-pool6 prefix=fe80::/56 prefix-length=64 add name=ULA-pool6 prefix=fd00::/64 prefix-length=64 /ipv6 address add address=::1 from-pool=ULA-pool6 interface=LAN add address=::1 from-pool=GUA-pool6 interface=LAN ROS thinks the addresses are equal...

dksoft

Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
hi @dksoft

did you upgrade client or server to rc2 ?

I upgraded the server to rc2. Clients are on 6.48.4.

dksoft

If I understand right, you're setting IPv6 address to PPPoE interface from pool of IPv6 addresses, assigned by ISP? Yes but on the LAN bridge and not the PPPoE interface. Maybe this describes what I am currently doing on 7.1. The GUA-pool6 is created by the dhcpv6-client. I am not advertising the G...

dksoft

I am playing around with IPv6NAT on 7.1rc1, which is much cooler than I first though. Hopefully this starts no discussion about use or don't use of IPv6NAT! Now all local clients have fd00::xxx addresses and the router at fd00::1 does IPv6NAT/port forwarding. Works fine on MacOS, Linux and IOS. I ca...

dksoft

Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2? I do receive a message "l2tp,info INFO: first L2TP UDP packet received from 3911:3f65:551f:861e:54a6:d222:cd76:6a5" many times. Reverting back to rc1 makes L2TP login possible right away, upgrading to rc2 a...

dksoft

...If you enabled PPPoE to add a default route and enabled the DHCP client to add a default route, then yes you will have two default routes... That's it, thank you mrz! I noticed the "Use IPv6" flag in the PPP profiles is set to "yes" on ROS7 but did not care about it. Now I kn...

dksoft

I wounder if someone has the same problem that two default IPv6 routes are created and IPv6 does not route anything outside. Removing the second route makes thinks works instantly. So I added a script to the dhcpv6-client. Does someone have a clue, why two routes are created and what the 'v - vpn' o...

dksoft

... (free to post here or write to us to support@mikrotik.com).

Can you please have a look at SUP-56377 or at post viewtopic.php?f=1&t=177803
Still happens on 7.1rc1 and is a show stopper for me.

Thanks
dksoft

dksoft

I spent some more hours to trace the problem and it looks like existing EOIP channels are causing the problem. E.g. I can have multiple L2TP dialups from clients to the CCR1009 and creating an EOIP tunnel over that connection: Works fine. I can have an IPSEC or wireguard tunnel from the CCR1009 to a...

dksoft

Hi, may someone have a clue why my CCR1009 (also RB4011 and CCR2004) reboots right after a l2tp login? I can see on the log: Aug 23 14:07:55 router.intra l2tp,ppp,info INFO: <l2tp-router-esp>: authenticated Aug 23 14:07:55 router.intra l2tp,ppp,info INFO: <l2tp-router-esp>: connected Aug 23 14:07:55...

dksoft

I am not sure what the problem is here. Right now it looks as if I remove multiple routes to fast after each other, the routing table gets broken. The result is that the default route gets lost, also the router is no longer accessible via Winbox, even MAC access. After about 10 seconds the router is...

dksoft

Re: WireGuard interface shuts down when bandwith test runs on 7.1b6 Hi, I created a WireGuard tunnel between a CHR (7.1b6) and CCR1009 (7.1b6). Simple configuration, all IP addresses allowed, no fast path/track. CHR server is 192.168.178.1, the CCR1009 client is 192.168.178.2. Ping works fine, but i...

dksoft

Re: CCR1009 reboots at startup using 7.1b6 Hi, does anybody have an idea, why my CCR1009 does reboot just after start? It shows "loading services", double beeps and then reboots. Over and over. If I remove the SFP+ which is the only connection, the router comes up and if I replug the SFP+ ...

dksoft

I didn't notice any issue. U have this issue still? I can start it and test.

Yes, I still have the problem on all of my Linux installations. Kernel is 5.4.106. It only appears on installations with IPv4 and IPv6, which is causing the problem.

dksoft

Yes I did it, and now I have found what was the problem. I have to uncheck "Advertise DNS" from RA as well. You can leave "Advertise DNS" checked in RA in most cases, but you have to enable "Other configuration". There is still a problem in ROS where RA advertises the ...

dksoft

I'll confirm it. ... Alternatively, you can set directive "options single-request" into resolv.conf, it causes the system will not try ipv6 resolve because the request is resolved in the first (ipv6) request. (not recommended) Is there any update to this problem? I can only use the Mikrot...

dksoft

Such issues can be caused by incorrect MTU somewhere in the path. E.g. when you have PPPoE to internet and the MTU there is 1492, but on LAN you incorrectly advertise 1500 byte MTU. It would be nice when RouterOS could copy actual MTU from one interface into advertised MTU of another, but for now y...

dksoft

May someone please give me a hint what might cause this problem: [admin@router] > ping 2a00:1450:4001:801::2003 SEQ HOST SIZE TTL TIME STATUS 0 22 (Invalid argument) After upgrading to 7.1b5 my router does no longer ping to global addresses nor forward IPv6. Local addresses like fd00::2 work fine. H...

dksoft

Using remote logging, eg.

/system logging action
set 3 bsd-syslog=yes remote=10.0.0.2 syslog-severity=info

leads to only \00 characters on the syslog server.
This worked well on 6.48.1

dksoft

Dear Mikrotik-lovers, I am using a CRS317r2 with ROS 4.68.1. The effect is that if I use S+RJ10r2 in them, I do see the temperature via DDM monitoring which leads to the problem that the fans run all of the time at 8000 rpm. The temperature at /system health gauges is always the highest of all insta...

dksoft

Dear Sindy,

thanks, it worked right away and is exactly what I was looking for!

Do I understand correctly that this solution does not support road warriors unless I find a method to set the actual peer address before the client connects?

dksoft

Dear Mikrotik friends,

is there a way to define the Proposal and Profile when using EOIP with IPSEC?
My understanding is that the EOIP/IPSEC initiator automatically uses the setting based on the responder's default settings.

Thanks for your input
dksoft

dksoft

I would like to ask a question about the "Huawei MA5671A GPON ONU" Is the GPON SFP module currently working in your GPON network ? How long has it been on-line ? Is it mounted outside in a Nema air-tight enclosure ? Yes, works on FTTH Deutsche Telekom in Germany. A couple of days. Others ...

dksoft

Your RX power is a bit high and are all connectors all pushed full in. Dear msatter, thanks for answering and pointing me to the RX power. Which value do you expect here? I replaced all my fiber cables and nothing changed. Also I replaced the Huawei SFP by a CarlitoxxPro V2. The CarlitoxxPro works ...

dksoft

Dear Mikrotik-lovers, is anyone able to run a Huawei MA5671A GPON ONU with 2.5 GBit/s in the SFP+ port of a RB4011 or CRS328? Mine is only connecting at 1.0 GBit/s: /interface ethernet monitor s04-GPON-ONU name: s04-GPON-ONU status: link-ok auto-negotiation: done rate: 1Gbps full-duplex: yes tx-flow...

dksoft

How exactly you do it? This works, I hope it's the Mikrotik way: /ip firewall mangle add action=mark-connection chain=prerouting comment="Mark outgoing Amazon AWS connection" connection-mark=no-mark connection-state=new \ dst-address-list=AmazonAWS new-connection-mark=WAN2_con passthrough...

dksoft

Dear forum members, I would like to mark traffic that goes to Amazon AWS, e.g. github-production-release-asset-2e65be.s3.amazonaws.com, so that routing goes throw my second WAN. Usually I use an address list and then mark the traffic via a mangle rule. The problem with Amazon AWS is that the IP-addr...

dksoft

Dear Mikrotik-friends,

may somebody please point me to a passive 12V PoE splitter, that works on the RB4011 and supports 1GBit?
So far I can only find 1G devices based on 802.3xx, 1G passive with 24V or 12V devices that connect only with 100M.

Thanks for you help and best regards
dksoft

dksoft

Dear Metod, thank you very much again. I am happy with your help and solution. Now I stripped down my bridges from 5 to 1 and your security tip is very usefull as I have not though about that problem. Best regards, dksoft Update: 2020-09-03 13:15 I made one essential addition, which is to set the EO...

dksoft

Dear mkx, thank you very much for pointing me to that document and creating the configuration. It works perfectly! May I asked another question about bridging an EOIP interface into VLAN 400 and getting an IP address for the router? My understanding is that a transparent bridge, as below, is the rec...

dksoft

Dear Mikrotik-lovers, reading the "Layer2 misconfiguration" paper, I understand that my configuration may lead to problems as I bridge VLAN interfaces instead of using the VLAN filter option. May someone please translate my current configuration into a "new-style" VLAN filter con...

dksoft

Dear eworm and Sob,

thanks for looking after my problem so quickly.
In the meanwhile I implemented "@eworm's IPv4-mapped address" solution. So far this works perfectly. I will do more testing and come back if anything fails to update the status.

Thanks again for your help,
dksoft

dksoft

Hi, with 6.47.1 there was a change "*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;" in the DNS which is causing me a problem. On 6.47 I was able to set an AAAA record with zero IP address and the DNS replied with an NXDOMAIN. Thus I wa...

dksoft

Dear Mikrotik lovers, when I set "Basic Rates" and "Supported Rates" to a value of 12Mbps on g/n and 24Mbps on ac, it's ignored at the CAP. E.g. I can see that the CAP starts at 6Mbps. Is there any reason or regulation, why the settings are ignored? Thanks for you help and best r...

dksoft

Hi Mikrotik-friends,

can please someone point me how to do dual WAN on IPv6?
E.g. on IPv4 is very simple by mangling the connection via the incoming interface and multiple routing tables.

On IPv6 I do not have any clue as there are no multiple routing tables.

Thanks and best regards,
dksoft

dksoft

Back to the initial topic that IPv6 is not resolved: it suddenly works.
I don't know why, but the public-address-ipv6 is now displayed and resolved.
It might be solved as I disabled and re-enabled the ip cloud ddns service as recommended in the Wiki.

Anyway, I am happy.

dksoft

Hi,

can please someone point how to configure the /ip cloud service to resolve IPv6 address?

I am running 6.43 on CHR and IPv4 resolves well. IPv6 is learned via DHCPv6 on the PPPoE interface where IPv4 is bound to.

Thanks,
dksoft

dksoft

Hi, I would like to ask if anyone has the same problem and might know a solution: Using CHR on Proxmox and the standard Linux bridge on the Proxmox hypervisor leads to the problem that EoIP is not working. So far I am able to torch that GRE packages are not passed through the Linux bridge to the CHR...

dksoft

Dear Mikrotik friends, I setup an EoIP tunnel between two CHR. Both endpoints are bridges. It's working fine. I can ping and transfer between the routers and the networks directly connected to the bridges. What I can not do is ping or reach a device inside the networks from outside, e.g. internet. W...

dksoft

Yes, it does support sending and receiving (/tool sms receive-enabled=yes). The port is what you named the interface in /interface. Make shure it's enabled. You can use this feature to remotely trigger your device to book a daily datarate via SMS and go online by sending a SMS to the device. That's ...

dksoft

Hi,

are there any examples available, how to setup a transparent HTTP proxy that works on IPv6 too?

Thanks,
dksoft

dksoft

I have been allocated a /56 IPV6 from my ISP... Michael, are you using Dt. Telekom? You must take care on the dynamic IPv6 prefix change (Zwangstrennung). It's better to internally address via ULA address. Also you must decrease the GUA lifetime by hand as RouterOS does not care about the lifetime ...

dksoft

deleted

dksoft

Hi,

is there any known plan, when the MUM USA videos will be available?

Thanks,
dksoft

dksoft

Hi,

on IPv4 I redirect port 444 to 443 in order make it harder to find my RouterOS login.
Can something equal be done with IPv6? E.g. I want to redirect all traffic from the WAN arriving on port 444 to 443 on my router?

Thanks,
dksoft

dksoft

I tried with 6.42rc56 and 6.42. It's no problem to additionally install the hotspot.npk even there is already the bundled one installed.

dksoft

Solved, netinstall did the trick.

dksoft

Hi, I accidentially installed the hotspot.npk. Now I have it twice, one bundled and one additionally installed. Trying to disable one or both, to uninstall them or to reset the configuration does not help. I loaded the 6.42 packages onto the disk's root directory and rebooted, also via Downgrade. 6....

dksoft

DELETED

dksoft

There is no need for scripting if you use ULA-addressing instead of GUA-addressing based on the IPv6 prefix from your ISP as ULA-addresses remain static. E.g. create an ULA-pool: /ipv6 pool add name=ULA-pool6 prefix=fd00::/64 prefix-length=64 Assign an address to your router: /ipv6 address add addre...

dksoft

Per CPU, I think. Check with
Code: Select all
/system resource irq print where users~"virtio"

Good tip, thanks.
It does automatically detect how many queues are configured. No need to change anything in RouterOS.

dksoft

*) chr - added support for "multi-queue" feature for "virtio-net" driver;
I've been waiting for this! Thanks!

Me too.
How do I tell RouterOS how many queues I have allocated on the hypervisor or does RouterOS set them equal to the number of CPU cores?

dksoft

*) chr - added support for booting from NVMe disks;

Does this mean, that RouterOS can now be installed on UEFI devices?

dksoft

For us it's usually SMB, we have had to return to 2.3. I can confirm the performance problem since 2.5. We read half the speed from a 10GB port than we can write. E.g. reading is about 50MByte/s, writing is > 100MByte/s. This is independend on the protocol. Appears on SMB, FTP, SFTP. According to M...

dksoft

There now is support for "band=5ghz-n/ac" in the GUI but none in the capsman GUI.

dksoft

We are aware of dhcp client problem on bridge interface, we will fix it in future RC versions. Disable/enable bridge or dhcp client and it will get an address. Thanks, I added this to make my CAPs work again: /system scheduler add name=DHCP-restart on-event=DHCP-restart policy=ftp,reboot,read,write...

dksoft

Anybody willing to share experiences with WAP AC vs CAP AC? I did a quick bench and the CAP AC is much faster running bandwidth test. But the WiFi throughput is about 30% poorer in my setup with a MacBook Pro (802.11ac only, 3 chain) with the CAP (802.11ac only, 2 chain) than the faster WAP (802.11a...

dksoft

What's new in 6.42rc37 (2018-Mar-01 09:29): Since rc35 CAPs do no longer get an DHCP IP-address if the DHCP client runs on a bridge. Disabling and enabling the bridge brings DHCP back into live. But after reboot DHCP client keep trying as before. The DHCP server does see a DHCP request and replies ...

dksoft

Seems partially fixed in 6.42rc9

I can not confirm that. Read speed went up from 25MByte/s to around 50MByte/s with 6.42rc* but it's still far away from 1GBit/s.
Write speed is at full speed.

dksoft

dksoft - Are you running CRS on SwOS or on RouterOS?

I tried both. RouterOS 6.40 - 6.41, SwOS from 2.3 - 2.7.
Configuration is reset to default after each update. So there are no firewall rules. All ports are switched.

dksoft

>*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs; >*) crs326 - improved transmit performance from SFP+ to Ethernet ports; Sorry, I can not confirm this. Write performance is 105MByte/s, read performance is about 50MByte/s. It has increased from former v...

dksoft

That's a known problem.

RouterOS 6.41rc66 and the upcoming SwOS 2.7 do not fix it on my CRS326/CSS326.
You can downgrade to SwOS 2.3 or 2.4. This will restore performance but might put your router into an endless reboot loop if SFP+ is inserted at boot.

dksoft

Can you recommend a (german) retailer that has this SFP in stock?

Hi, send me an DM if you want to buy my SFP.

dksoft

Hi, you can do this by scripting. E.g. I change the IPv6 prefix for DNS and IPv6 firewall after every reconnect. Anyway you will run into the next problem, which is caused by Mikrotik's RADV implemenation. First ND advertises the DNS server set in "/ip dns", therefore you will not be able ...

dksoft

Does it work with German T-Com VDSL? Yes. You need to disable auto-neg, set 1Gb fixed and create an interface with VLAN ID 7. The "/interface dsl" menu is gone in 6.40.5 and 6.41rc56 on a CCR1009. Can someone confirm this? Transfer rates are rather pour. On a 100/40 VDSL I get: ZyXEL VMG1...

dksoft

I just received an answer from Mikrotik support that the 10G<->1G performance issue will be fixed in the next release (current is 2.6).

dksoft

It‘s a known problem that ssh does not run from scripts. Regarding to Mikrotik Support this might be fixed in a further version of RouterOS.

dksoft

Ok, you are too late! I received one...
Does it work with German T-Com VDSL?

I am waiting for delivery and post results in about 10-14 days from now.

dksoft

They are available shipped from Germany, see above.

Thanks, due to current reconstructions the new link is: http://www.mikrotik-shop.de/Interfaces/ ... :2192.html
Currently (2017-11-14) out of stock. 10-14 days delivery.

dksoft

Hello!
I´m located in Austria and I also got a Procend 180T this Friday.
Klaus

Grüß Gott, Klaus!

Where did you order the part to be shipped to europe?

Best regards,
dksoft

dksoft

Currently ND and DHCPv6 advertise only the IPv6 DNS servers set in "/ip dns" which are the upstream DNS servers. Therefore it is not possible to use the internal RouterOS DNS server as IPv6 DNS server. Please make the DNS server configurable in the same way, as it's already done on the IPv...

dksoft

It would be great, if "/system ssh" would work again in scripts.
The problem ist known, that it works fine on command line, but fails in scripts.

dksoft

Hi, I am using 6.40.3 on CCR. When I enable "Advertise DNS" under IPv6, the upstream DNS server of the ISP is advertised and not the router's builtin DNS server. I would like to make static entries in my DNS server first and forward all unresolved to my ISPs DNS server. Actually as it work...

dksoft

Yes, good idea. I implemented it the way, that each rule in the IPv6 firewall that has a magic ID "(PrEfIx)" in the comment get's updated by my script. The script is run by the DHCPv6 client whenever it renews it's IPv6 pool that I named "WAN-pool6". Here is my script. It's the f...

dksoft

Hi, my ISP gives me a new prefix with every new connection. Therefore I do not have a static IPv6 address, that I could use in my firewall rules. Is there a way to have the firewall automatically extended the IPv6 address by the current prefix, so I only put the interface identifier into the firewal...

dksoft

I "torched" somewhat deeper into the problem and found that disabling "Allow Fast Path" on the CCR bridge that bridges my LAN and the CAPs solves the problem. Also "Local forward" on the CAPs solves the problem as expected, but I want to use the CAPsMAN forwarding. Yes,...

dksoft

Thanks for your reply. Below are my configurations. I noticed, that the CAPsMAN forwarding channel shuts down if I connect to the 2.4GHz network. When I connect to 5GHz, the channel works and the display "channel: 2412/20-Ce/gn(20dBm), SSID: MTIK-24, CAPsMAN forwarding" and "channel: ...

dksoft

Hi, I have a CCR1009 and several wap AC, all with 6.39RC72 and CAPsMAN. Clients can connect via 5GHz but not via 2.4GHz if the configuration is set via CAPsMAN. Clients do not get an IP address via DHCP. Using torch on the wap AC 2.4GHz interface, I can see that DHCP packages go and come from the CC...

dksoft

Hi, I setup the Mikrotik hotspot solution together with the Mikrotik User Manager but would rather use WPA Enterprise instead. Is there a HOWTO available, that shows how to use an iPhone with username/password (EAP-TLS ?) to logon to a RB751 that uses the Mikrotik User Manager for managing the users...

dksoft

A possible solution to this is to simply drop/reject all traffic from 10.1.1.0/24 to 192.168.1.0/24 (IP>Firewall; you'll need a forward chain rule) - make sure you first allow connections to 192.168.1.1, otherwise they'll get no internet.

This worked right away. Many thanks for your help!

dksoft

Hi, and welcome to all forum members as this is my first posting to the community. I setup a RB751 with two SSID. One is WPA protected and used to access to complete network. The other SSID is on a virtual AP and used as a hotspot with login. That works fine, but people which are connected to the ho...

Search found 171 matches