Community discussions

Search found 958 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by jo2jo
Mon Aug 19, 2019 4:53 am
Forum: General
Topic: OVPN Server , move to new mikrotik (certificate export / move ??) [SOLVED]
Replies: 2
Views: 155

Re: OVPN Server , move to new mikrotik (certificate export / move ??) [SOLVED]

>>When exporting the certificate, don't forget to set password. If you don't, only certificate without private key is exported. Sob was correct, in winbox (or cli), you must set a passphrase when exporting the cert. If you dont, then when you go to import the exported cert, it will *not* contain the...
by jo2jo
Sun Aug 18, 2019 2:12 am
Forum: General
Topic: OVPN Server , move to new mikrotik (certificate export / move ??) [SOLVED]
Replies: 2
Views: 155

OVPN Server , move to new mikrotik (certificate export / move ??) [SOLVED]

question: how do you move OVPN Certificates from one mikrotik to another mikrotik ? Info: I have (all working for many months) a routerboard acting as a OVPN server, with certs, and a linux box acting as a OVPN client (ie linux ovpn client connects to mikrotik ovpn server). I now need to upgrade the...
by jo2jo
Mon Jun 03, 2019 12:37 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: ETA on Feature Requests
Replies: 5
Views: 1032

Re: Feature Request: ETA on Feature Requests

i know this thread is a bit old, but i agree with all the posts above (including agree with normis 's reply/ his point). but im hoping that something like this list (or wiki style?) could be implemented on MTs end. even wo dates , a implemented / rejected / being worked on / considered - list (as an...
by jo2jo
Mon Jun 03, 2019 12:32 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: Countdown TIMER on FW / NAT rules
Replies: 2
Views: 438

Re: Feature Request: Countdown TIMER on FW / NAT rules

+1 Even if it's possible to match rules on an adress list with one IP with timeout to get a similar result it is quite cluttered. agreed, this above is one of the "rough" work-arounds i was referring to. but ofcourse this can only be taken so far (as compared to being able to put a countdown on act...
by jo2jo
Tue May 28, 2019 1:50 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1119
Views: 196605

Re: Feature requests - Re Winbox , close all

The suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed).
wrong
oh wow, you are correct, choosing session-> close all windows , does infact accomplish this (wo existing the app). thanks!
by jo2jo
Sun May 26, 2019 11:54 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: Countdown TIMER on FW / NAT rules
Replies: 2
Views: 438

Feature Request: Countdown TIMER on FW / NAT rules

I would really love to see an option added to the various /ip filter XX commands (FW,NAT,MANGLE), that allows you set a timeout= to disable option (ie a countdown). Exactly like we currently have on dynamic IP address-list entries. We often will have to make a quick/temporary FW or NAT rule for a cu...
by jo2jo
Sun May 26, 2019 11:43 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: Logging of all administrator user actions
Replies: 17
Views: 2617

Re: Feature Request: Logging of all administrator user actions

+1 - def need more detailed logging of admin actions, and maybe such that they can be written to the log (thus can go out over remote syslog) and so they will persist through router reboots (if the RB device supports NV memory).
tks
by jo2jo
Sun May 26, 2019 11:42 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1119
Views: 196605

Re: Feature requests - Re Winbox , close all

A feature I would like to see in Winbox is a new selection to close all winbox windows Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session North Idaho Tom Jones I would love to see this also. Often on lower end RBs ...
by jo2jo
Wed May 22, 2019 9:14 pm
Forum: RouterBOARD hardware
Topic: Dual voltage POE on CRS112-8P-4S-IN [SOLVED]
Replies: 4
Views: 833

Re: Dual voltage POE on CRS112-8P-4S-IN [SOLVED]

great news / great solution to this question that ive been having for over 6 months (ever since that first announcement PDF mt news-letter)! it looks like you CAN run a 24v passive device AND a 48v active poe device from these crs112-8p MTs at the same time! there is exactly what i was hoping for, a...
by jo2jo
Wed May 22, 2019 9:09 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 80468

Re: Winbox vulnerability: please upgrade

AFAIK there is no way to extract your config wo an admin password, others (more familiar with netinstall) might chime in otherwise (netinstall has that save config button/checkbox, but i think it requires your password first). You have to consider, MT does not want to make it so that someone with ev...
by jo2jo
Tue May 21, 2019 7:34 am
Forum: RouterBOARD hardware
Topic: Dual voltage POE on CRS112-8P-4S-IN [SOLVED]
Replies: 4
Views: 833

Re: Dual voltage POE on CRS112-8P-4S-IN [SOLVED]

well ill have one of these units here in a day or two, and will test exactly what my question/reply above states. Ill update here when i know. It would be really nice!, if you are able to power a 24v passive poe device on eth3 , and a active ~48v af/at poe device (ie a IPcam) on eth5 , at the same t...
by jo2jo
Tue May 21, 2019 7:32 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 31
Views: 8813

Re: Please add basic portScan tool ( port scanner scan )

You could just make scan in TheDude and have results in no time. If you do this more than once per year, it is definitely worth it. That is interesting idea, but when we often need to do this, its on random customers/routers , so using dude as a "port scan" tool, would take a fair amount of setup (...
by jo2jo
Thu May 16, 2019 2:23 am
Forum: RouterBOARD hardware
Topic: Dual voltage POE on CRS112-8P-4S-IN [SOLVED]
Replies: 4
Views: 833

Re: Dual voltage POE on CRS112-8P-4S-IN [SOLVED]

what im still not 100% clear on, is assuming you have 2x Power supplies connected to a CRS112-8P-4S (a 48v one and a 24v one), are you then able to power eth connected devices at BOTH 48v (active POE) *AND* devices at 24v (passive poe)? ie: could i connect a IP Camera (802.3af Active POE) to eth3 , ...
by jo2jo
Fri May 10, 2019 1:13 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 31
Views: 8813

Re: Please add basic portScan tool ( port scanner scan )

+1 (for own post), 2x times this week different customers needed us to find a cctv DVR on their system (which is behind our mikrotik). would have been so quick via port scan x/24 for port 80 via a ROS ps tool . but instead had to setup a MT + a VPN setup on both sides and a laptop with nmap (about 2...
by jo2jo
Wed May 01, 2019 1:48 am
Forum: General
Topic: simple queue missing traffic (ie not working) (simple 1 pc setup)
Replies: 4
Views: 338

Re: simple queue missing traffic (ie not working) (simple 1 pc setup)

when i looked at the traffic more closely, i saw some was UDP , which then made me realize that the UDP traffic is mostly what is causing this. (you can only really control TCP , not udp, for the reasons you stated). Will need to look at other sites where i have seen this before to see if there is a...
by jo2jo
Sat Apr 27, 2019 2:23 am
Forum: General
Topic: simple queue missing traffic (ie not working) (simple 1 pc setup)
Replies: 4
Views: 338

Re: simple queue missing traffic (ie not working) (simple 1 pc setup)

thanks for reply, (i have always been seting local 192 IP of the PC as the queue's target) my SS maynot have been in sync as i was trying different queues, but mainly i wanted the export to show that i dont have any other FW or mangle rules that could be interfering. even with 0.01 bucket size, stil...
by jo2jo
Fri Apr 26, 2019 3:24 am
Forum: General
Topic: simple queue missing traffic (ie not working) (simple 1 pc setup)
Replies: 4
Views: 338

simple queue missing traffic (ie not working) (simple 1 pc setup)

i have encountered this before for clients, but now that i have a fiber line at the office im able to reproduce/test this while controlling for everything. this is only MT attached to the fiber line, there is only 1 pc behind the mikrotik (is doing NAT, no fasttrack). the Simple queue, whether on th...
by jo2jo
Tue Mar 19, 2019 5:33 am
Forum: General
Topic: CPU consumption by Horizon?
Replies: 2
Views: 476

Re: CPU consumption by Horizon?

sorry i cant answer, but i do have this same question.

will the use of horizon on a bridge port, cause HW-offload to become disabled?

(another way to ask this- is the bridge port -> horizon feature available in SWos?)
tks
by jo2jo
Sat Mar 02, 2019 3:35 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 31
Views: 8813

Re: Please add basic portScan tool ( port scanner scan )

@dagelf Originally I thought you just came with miracle, but it does not really work. Firstly, it would take huge amount of time as it does not work in parallel and you have to interrupt each connection which gets established, secondly, it actually crashed my winbox and produced autosupout.rif ... ...
by jo2jo
Sat Mar 02, 2019 3:30 am
Forum: RouterOS v6 RC and v7 BETA
Topic: req: (winbox) add COPY to torch tool
Replies: 0
Views: 247

req: (winbox) add COPY to torch tool

it would be very helpful if torch (and other "realtime" tools with similar interfaces) would allow / add the copy ability. ie, in torch, we need the ability to right click on a DST IP address and choose copy (so that you can paste that ip into something else, without having to retype it). this would...
by jo2jo
Wed Feb 27, 2019 10:35 am
Forum: General
Topic: Default Config w Mac-Telnet disabled - Change Needed?
Replies: 7
Views: 1701

Re: Default Config w Mac-Telnet disabled - Change Needed?

boy, do we still run into this issue constantly! im talking 5-10 times a month, or more! we have mikrotik everywhere, and this default-config "update/change" a few yrs ago, really is a problem. its the difference between having customers, or non-tech (less $ / hr) installers, do installs VS needing ...
by jo2jo
Wed Feb 27, 2019 7:57 am
Forum: Scripting
Topic: [CONTRIB] UPDATED Automated Batch Commands...
Replies: 2
Views: 1964

Re: [CONTRIB] UPDATED Automated Batch Commands...

thank you for this. im gong to try it out, and hope it still works (13 yrs later, and this is still the only solution i know of to mass config/update config of many MTs)
by jo2jo
Fri Feb 22, 2019 9:54 am
Forum: General
Topic: could not make socket
Replies: 7
Views: 2032

Re: could not make socket

I actually saw this same error myself, for the first time ever (on mikrotik). I had lost a few connections on my PC so i connected to winbox, and my internet connections was fine (other VPNs were connected and 4-8mbit of BW was flowing over my internet/isp uplink) but when i tried to ping a few rand...
by jo2jo
Wed Jan 23, 2019 10:41 am
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature Request] Changing SNMP port
Replies: 2
Views: 1498

Re: [Feature Request] Changing SNMP port

I agree, i have a handful of locations where the ISP blocks udp 161. It would be nice if we could change this in the winbox interface directly. but do keep in mind you can accomplish this same thing via a NAT rule (depending upon your setup/layout). here is what im using for a MT that has a public i...
by jo2jo
Mon Dec 31, 2018 10:03 am
Forum: Wireless Networking
Topic: real p2p performance of DISC Lite5 ac
Replies: 3
Views: 545

real p2p performance of DISC Lite5 ac

hi, Can anyone please provide some examples of real performance they are getting between two DISC Lite5 ac , in a p2p link ( RBDiscG-5acD , this product: https://mikrotik.com/product/disc_lite5_ac). I realize there are alot of factors for any wireless 5g p2p link, but im mainly looking to replace a ...
by jo2jo
Mon Dec 31, 2018 9:52 am
Forum: RouterBOARD hardware
Topic: DISC Lite5 ac
Replies: 2
Views: 507

Re: DISC Lite5 ac

or for that short distance, the newer mikrotik 60ghz panel radios. 1gbit full duplex is possible.
by jo2jo
Wed Dec 19, 2018 9:35 pm
Forum: General
Topic: LCD Display causing packet loss... what???
Replies: 14
Views: 1727

Re: LCD Display causing packet loss... what???

as i posted above (about a year or 2 ago) i fully confirm this issue on seveal different RB2011 and rb3011s (and one other RB with an LCD screen that im forgetting). fix is always to disable/turn off LCD screen (which i do on all devices now, unfortunately) I can say that on a few CCR1009-7G-1C-1S+ ...
by jo2jo
Mon Dec 17, 2018 10:07 pm
Forum: General
Topic: IP CLOUD is down
Replies: 61
Views: 9953

Re: IP CLOUD is down

same issue here (this is 18hours now). Ive updated some routers from 6.42.7 to 6.43.7 (to new cloud system as directed) , but the issue is the same. the problem is that myhnetname.net WILL NOT resolve (ie a dns problem , not a /ip cloud problem). this is really unacceptable- only because ip cloud ha...
by jo2jo
Mon Dec 10, 2018 2:23 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: Remove fasttrack dummy rule
Replies: 33
Views: 37502

Re: Feature request: Remove fasttrack dummy rule

i like the FT dummy rule. there have been a few times ive added fasttrack to older RBs that DONT support it, the ONLY way i was able to notice this was by seeing the dummy rule was not increment at all.
by jo2jo
Thu Nov 29, 2018 1:23 am
Forum: General
Topic: ros Traceroute STD DEV calculation incorrect?
Replies: 0
Views: 232

ros Traceroute STD DEV calculation incorrect?

Ive been running several long traceroutes (long = ~ 12 hours) on various RBs i have located at different providers (im trying to gather info on ISP quality/routes/latency for future purchase decisions). However im seeing that the STD DEV value provided by the traceroute tool differs big time from wh...
by jo2jo
Thu Nov 29, 2018 1:13 am
Forum: Announcements
Topic: Newsletter 85
Replies: 30
Views: 9567

Re: Newsletter 85

i like the 4x port SFP+ switch! Also, personally, i feel the complaints about no gig eth on the new LTE product are a bit overblown. its very rare to get 100m+ on a lte C3/C4 device of any kind. Also for those saying what about using this device in a city to improve a decent lte signal to better- it...
by jo2jo
Mon Nov 26, 2018 12:52 am
Forum: Scripting
Topic: Bandwidth test daily
Replies: 9
Views: 2718

Re: Bandwidth test daily

cool, see this thread too, at the bottom i made a tiny modification to make it so repeated/scheduled BW test results can be pulled via SNMP (ie so they can be graphed over time).
viewtopic.php?f=9&t=129513&p=699739
by jo2jo
Sun Nov 25, 2018 1:48 am
Forum: Scripting
Topic: script to run manual bandwidth test and save to file
Replies: 6
Views: 3322

Re: script to run manual bandwidth test and save to file

thank you for posting this! I already had a script that ran a BW test every 5 minutes, but i was then just using SNMP to "grab" the results (ie snmp traffic with short interval, and looking for the spike). I can add this- for some of my mt scripts, one way to retrieve the value of a variable (or res...
by jo2jo
Thu Oct 18, 2018 12:46 am
Forum: General
Topic: /ip dns servers= (cache) - how are multiple servers used?
Replies: 18
Views: 1653

Re: /ip dns servers= (cache) - how are multiple servers used?

to update everyone, i received this reply from MT support (email): Yes, once DNS servers are responding properly, the same weight is applied. In case one DNS server is not responding, its weight is decreased, then router check again if server is responding and weight is decreased or increased (wheth...
by jo2jo
Sun Oct 14, 2018 12:00 am
Forum: General
Topic: optimize FW rule by using connection-state=new ?
Replies: 6
Views: 607

Re: optimize FW rule by using connection-state=new ?

Thanks for the replies and inputs, I do realize the pros/cons of how im doing FW vs the more standard (even default-config) of add rules to accept what you want, then DROP ALL ELSE. In regards to my main question of performance / efficiency, my idea/theory was that in using connection-state=new , th...
by jo2jo
Sat Oct 13, 2018 4:51 am
Forum: Scripting
Topic: Portknocking by script.
Replies: 9
Views: 2508

Re: Portknocking by script.

/tool fetch host=<DYNIPHOST> src-path=SOMERANDOMSTRING mode=http port=9119 keep-result=no /tool fetch host=<DYNIPHOST> src-path=ANOTHERRANDOMSTRING mode=http port=9229 keep-result=no This is a good idea to trigger the dst device of your port-knocking, however be sure to do it like this: :do {/tool ...
by jo2jo
Sun Sep 30, 2018 11:15 pm
Forum: General
Topic: /ip dns servers= (cache) - how are multiple servers used?
Replies: 18
Views: 1653

Re: /ip dns servers= (cache) - how are multiple servers used?

sob, this thread exactly shows why we NEED a formal answer to this. At some locations where 100x or 1000x users are at risk, i need a formal / official answer to something that can cause everyone internet to "stop" (or appear dead), ie DNS. The most fundamental / critical part of the services we pro...
by jo2jo
Sat Sep 29, 2018 10:50 pm
Forum: General
Topic: /ip dns servers= (cache) - how are multiple servers used?
Replies: 18
Views: 1653

/ip dns servers= (cache) - how are multiple servers used?

This question does not have a clear answer from mikrotik (and the manual has very little data on /ip dns , and does not specifically address this important question): With this setting how does rOS use the multiple DNS servers? (ie equal weight? failover? ratio?): /ip dns set allow-remote-requests=y...
by jo2jo
Thu Sep 27, 2018 5:33 am
Forum: General
Topic: DNS utilization
Replies: 15
Views: 4763

Re: DNS utilization

And regarding how servers for queries are chosen that is correct - router will use 1 cache server and only if it starts to not respond will go to next entry and change only if current one is not responding. guys, please add this to the manual. was searching for it for about 10 minutes because it's ...
by jo2jo
Sat Sep 22, 2018 11:46 pm
Forum: General
Topic: How control several Mikrotik`s not one by one
Replies: 24
Views: 2381

Re: How control several Mikrotik`s not one by one

davidw - do you all still offer this tool? i see the site is down ,but can see that its something we would like to use / buy (by looking at site on wayback machine). (if the tool is not around anymore, do you offer paid api development?) lmk pls , thanks (sorry there was no way to msg you directly t...
by jo2jo
Sat Sep 22, 2018 11:13 pm
Forum: General
Topic: optimize FW rule by using connection-state=new ?
Replies: 6
Views: 607

optimize FW rule by using connection-state=new ?

i have 2 rules like this to protect management ports (ros management ports, as well as for other dst-nat ports for devices on network). /ip firewall filter add action=drop chain=input in-interface=ether1-ISP dst-port=20-55,80-445,2000,8022-8729 protocol=tcp src-address-list=!adminPublicIPs /ip firew...
by jo2jo
Sat Sep 22, 2018 10:39 pm
Forum: General
Topic: How do we filter torrent now?
Replies: 19
Views: 2819

Re: How do we filter torrent now?

2 ways come to mind (have used both w decent success). 1- assuming all your customers are using a dns server you control (ie the mt dns), you can use regex static entries, and normal static entries (and use a rule to redirect all udp 53 dns to your mt dns, to keep ppl from setting their own customer...
by jo2jo
Sat Sep 22, 2018 1:29 am
Forum: RouterOS v6 RC and v7 BETA
Topic: 6.43rc5 bricked RB1100AHx4
Replies: 16
Views: 2212

Re: 6.43rc5 bricked RB1100AHx4

is this related to / a fix for the issue u encountered possibly ? :

What's new in 6.43.2 (2018-Sep-18 12:12):
Changes in this release:
*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
by jo2jo
Wed Sep 12, 2018 1:48 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 12427

Re: Newsletter #84

Is it possible to do a license upgrade on the SXTsq Lite60 and connect two of them for a short link? They look physically a bit more suitable for outdoor mast mounting than the wAP 60G AP. That's always possible without an upgrade of the license. Just set the 'master' or AP in 'bridge' mode instead...
by jo2jo
Mon Sep 10, 2018 5:39 am
Forum: General
Topic: Simple accounting per internal address
Replies: 5
Views: 2864

Re: Simple accounting per internal address

hi, another *rough* way to do this is to add a simple queue for each internal IP (w speed 500m/500m or something very high so it wont queue the users). (you can use script + a for loop to generate many queues quickly, ie 254 of them for a /24 ), then in winbox add the columns for total-tx-bytes / rx...
by jo2jo
Wed Sep 05, 2018 11:24 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: WInbox feature request: drag and drop column order and right click column menu
Replies: 18
Views: 3099

Re: WInbox feature request: drag and drop column order and right click column menu

+1 for this in winbox (ability to change column order). While most of the columns (especially extra "non-standard columns) do have a pretty good default column order, there are some that are way out of place . thus ability in winbox to re-arrange or change the column order would be very helpful. tha...
by jo2jo
Wed Sep 05, 2018 5:19 am
Forum: General
Topic: FastTrack slow performance
Replies: 11
Views: 1323

Re: FastTrack slow performance

ive never experienced anything similar, but it would help to know what is your source of internet and its speed. Have you tried connecting to that directly (use a FW/becareful if its a modem or ISP device that directly gives your PC a public IP). Have you changed the cat patch cables? (im sure you h...
by jo2jo
Wed Sep 05, 2018 4:39 am
Forum: General
Topic: remotely manage MT's
Replies: 4
Views: 678

Re: remotely manage MT's

You could have all remote / cpe MT's run a VPN client (add vpn interface) back to a central MT (either in a Datacenter or a cloud MT), then only allow management via the VPN network. All of this can be done in ROS at no additional charge (FYI if your new to mt / ros). The use of VPN client is nice a...
by jo2jo
Sat Sep 01, 2018 11:12 pm
Forum: Wireless Networking
Topic: RouterOS station roaming at specified signal level
Replies: 1
Views: 840

Re: RouterOS station roaming at specified signal level

I know this is an old thread, but if you are still looking for a solution, you may want to look for APs that support 802.11k (roaming/neighbor reports). (and maybe also 802.11r) . these protocols, if the AP and client support them, allow the AP to give the client a list of "offical similar" aps near...
by jo2jo
Fri Aug 31, 2018 12:39 am
Forum: RouterOS v6 RC and v7 BETA
Topic: enhance "check-gateway" feature - use arbitrary check IP
Replies: 29
Views: 27734

Re: enhance "check-gateway" feature - use arbitrary check IP

xqx: thanks for explination , 2 questions: 1- assuming you dont have any other static routes (ie no other entries in /ip route), could you use: add distance=3 gateway=192.168.2.254 instead of: add distance=10 gateway=192.168.2.254 (im just trying to fully understand if there is a link between the sc...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20