MikroTik

Buster2

Many universities use "CAT - the Configuration Assistant Tool for Enterprise Wi-Fi networks such as eduroam" to deploy wireless profiles (including certificates) for mobile phones to endusers. see https://github.com/GEANT/CAT You can provide installers for windows 10 clients and people can...

Buster2

@Buster2 , logging topics have always worked like that. Next time you want to complain about something similar, please do that in a separate topic as it is in no way 7.1rc1 specific. I think you misunderstood me. I'm not complaining about logging in general. Wireguard is a v7 feature and that does ...

Buster2

Log level should be either info or debug, but not both at same time. That's "topic", not "level". They are not equivalent. I don't think there's such thing as log level in RouterOS. You can only specify severity for a certain combination of topics when sending log records to a r...

Buster2

/log/print time=17:21:41 topics=wireguard,info,debug message=wireguard-server1: <key removed>: Handshake for peer did not complete after 5 seconds, retrying (try 20) time=17:21:46 topics=wireguard,info,debug message=wireguard-server1: <key removed>: Handshake for peer did not complete after 20 atte...

Buster2

On my hap ac (RB962UiGS-5HacT2HnT) i don't see any IPv6 connections in torch and in firewall connections table. That also means firewall cant work properly. /ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=establ...

Buster2

I doubt that the link to UNSUBSCRIBE in the newsletter e-mail should have an URL of

http://test.mt.lv/unsubscribe/<id>

. Please fix it.

Buster2

Running hap ac (RB962UiGS-5HacT2HnT) on 7.1beta3 I've seen the following: issue #1: Copying a file via SMB from HP Microserver at ether3 to PC at ether1 in same bridge (both negotiated 1Gbps) leads to slow performance and connection drops only 40-70 MegaBytes/s instead of expected 100+ after about 1...

Buster2

Hello, if you want to have your MikroTik router have a static public ip on your lan interface, but your provider assigns a dynamic prefix, you can do this: /ipv6 address add address=::1 from-pool=telekom-ipv6pool interface=bridge_lan it will automatically change to a valid address as soon as the pre...

Buster2

but device software support should be the MAX 5years. I'm not opposed to what you wrote before, but that sentence made me cry. Sorry, but having a look on climate change and limited ressources of the world it should be MINIMUM 5 years for every hardware/software vendor. There is no reason to ditch ...

Buster2

It is 2FA. You need knowledge (the password) and the 2nd factor - the one-time-password generated by the authenticator app. It's the users responsibility to not have the authenticator app installed on the same system. If you need the authenticator app on the same system, where you want to login to M...

Buster2

MikroTik devs might adopt libpam by Google, that works without network connection and with open-source authenticator apps like Aegis

Buster2

I'll go slightly against the flow. Everyone seems to want things bigger, but I'd rather have them smaller. Or maybe better term would be more condensed. It's about one specific thing, line height. +1 Finally I see someone talking about UI efficiency and not looks! I too want to be able to see as mu...

Buster2

I also have weird perception problems. Works identical on Wine and Windows for me. Don't tell people they have weird perception problems only because you can't reproduce the problem at the first try. You didn't even ask about details or how to reproduce. example: In Linux Mint with MATE desktop the...

Buster2

Hi folks, very interesting thread :) In Germany DTAG (Telekom) started to sell "super vectoring" (G.993.2 Annex Q, profile 35b, DTAG requirements on page 62 ). Are there any experiences out there with modems discussed in this thread? How future proof are these devices? Could there be somet...

Buster2

Simple: do not use the resolver in the MikroTik for clients, but let them directly use 1.1.1.1 or 8.8.8.8 or similar. I think there's a lot of reasons people wouldn't want to do that though. such as when you need to force some domain resolve into specific IP? I can imagine many situations where you...

Buster2

Desired features:
Graceful shutdown/reboot on XenServer

XenMotion between hosts without freezing MikroTik router. (currently will cause MikroTik to lock up)

+1

Buster2

Does live migration work with this setup? I've still issues with XenServer 6.5 and RouterOS 6.38rc52 as described in this post.

Buster2

RouterOS does not need graceful shutdown. OK, except maybe if you added some config and need to turn off immediately. RouterOS might not need it but the virtualization host totally depends on it. No proper hypervisor will kill a VM when it signals all VM to shutdown normally. Killing a VM, as you ...

Buster2

CHR on XenServer 6.5 http://forum.mikrotik.com/viewtopic.php?p=524423#p524423 I can live-migrate... but without the xentools kernel module installed, the CHR is freezing on resume. I've found plenty of posts about the linux kernel freezing the same way then xentools isnt installed. I can't pull anyt...

Buster2

Hi folks, normal RADIUS protocol uses UDP packets and it's security is based on MD5. UDP might not be the best choice for not so reliable wireless networks, but MD5 is definitely a bad choice for any network nowadays. RFC 6614 Transport Layer Security (TLS) Encryption for RADIUS (RadSec) solves both...

Buster2

Why should hundreds of admins convert your base disk image to templates to get it imported properly, when one guy at MikroTik could do this? It's not like only one person asked here.

Buster2

I doesn't matter if the system inside the VM do not care about unclean shutdowns. The host systems do care, because they have to. They wait for signals of clean completed tasks and providing timeouts is only a fallback for unresponsive VM and shouldn't be the normal case. It's their job to provide a...

Buster2

in 6.33rc7 (2015-Sep-11 17:13): *) ppp - added CoA support to PPPoE, PPTP & L2TP (Mikrotik-Recv-Limit, Mikrotik-Xmit-Limit, Mikrotik-Rate-Limit, Ascend-Data-Rate, Ascend-XMit-Rate, Session-Timeout); MT very thanks for this. Very thanks for this. We are waiting for this function. For a long time...

Buster2

new images for CHR http://www.mikrotik.com/download/share/chr_6_32.img http://www.mikrotik.com/download/share/chr_6_32.vmdk Any news for XenServer users? The following is still valid for 6.32 on XenServer6.5: Will this work on XenServer 6.5? I imported the vmdk, gave it 512Mb RAM and got the follow...

Buster2

Janisk: would you include Xen PV-HVM drivers as well, please? - KVM works now - HyperV works now - VmWare works now - Xen still not :-* I am told that CHR will not have its PV-HVM drivers added for XEN, use non-para virtualized environment instead. That would make it useless for XenServer setups. X...

Buster2

self-signed certificate -> browser warning server without certificate is http, not https -> browser connect error because TLS expected - in most browsers this looks more like server unreachable. Imho, any browser warning instead of showing the original page won't help you. It doesn't matter what the...

Buster2

How do I do that? I'm especially interested in how I configure it to use a TCP reset. In firewall rules use action "reject" instead of "drop". "Drop" means silently discard the packet without sending any notice to the requests origin. "Reject" means actively ...

Buster2

I can comfirm that issue. Using export command on root level does not export the whole config to get a new identical device up and running without further manual steps. I prefer export over backup because it is humand readable and we put exports in a version control system on a daily basis and let i...

Buster2

It can't be done by design. The certificate system is designed to not allow intercepting traffic that is planned to go to facebook.com without notice . The only way to intercept that traffic without a browser warning would be to create a new certificate for facebook.com. This new certificate needs ...

Buster2

What detail you do not understand or where did you get an error and which one?

Buster2

We ran into a similiar problem and couldn't solve it yet. We wrote a perl script that got device information from mysql, fetches config via ssh and put it into a subversion repository. We expect the resulting backup file to be bigger than 1000 bytes and ssh reponse should not be "closed by remo...

Buster2

Nice comprehensive graphics! May I suggest to stick with english grammar rules for questions: auxiliary verb, then subject, then verb Decapsulation is needed? -> Is decapsulation needed? Encapsulation is needed? -> Is encapsulation needed? It's IP Traffic? -> Is it IP traffic? ("It is IP Traffi...

Buster2

We normally wait 3-5 releases before upgrading. We have another unit on standby with the same config incase anything goes wrong. We also test it on another piece of identical hardware before upgrading. So, your advantage is to wait for others to find the failures of that specific versions. If every...

Buster2

Strange, in my last tests several weeks ago I experienced exactly what you wished and was worried about not being able to login with private key and with password at the same time.

Buster2

In the last RouterOS version my network problem vanished (only tested 5.24 before). Currently my test VM loses 2-4 pings during live migration. Other linux vm's are down to 0-1 lost packets. In general XenServer supports live migration of HVM guests. But XenCenter doesn't show any buttons to migrate...

Buster2

+1 for HA (msrp - mikrotik standby router protocol?)

CARP and pfsync to the rescue!

Buster2

MT just need to change their license code from being hard disk dependant. It's not very clever anyways.

Buster2

Hi, Regarding the point where the filter table would be empty when tables flushed, I see your concern, and it is valid. beside MikroTik we run a linux debian based loadbalancer with multipath routing and there we use "iptables -F" to flush rules for routing marks and set new ones as needed...

Buster2

On connect ppp daemon can apply radius authorization extension values (e.g. bandwith limits) to users. Change-of-Authorization messages are sent by radius to ppp daemon (I'd like to see it for l2tp too) without the ppp daemon asking. Using CoA RADIUS can tell PPP daemon to apply new authorization ex...

Buster2

if only problem was with the network - check mac addresses and interfaces of the "router"

What do you mean by this? Live migration doesn't change any interface nor mac in the virtual machine.

Buster2

I don't see this behaviour on my machines that were upgraded from 6.7 to 6.9. That public hotspot system is like 99% idle in tool/profile. Do you have any complex packet handling within the firewall/routing? In other threads people say resetting and reconfiguring might help and that some problems wi...

Buster2

+1

I didn't check - but if its missing - add SNR too, please.

Buster2

Thank you. Works like a charm.

Buster2

Why should you need any kind of NAT in IPv6? Protecting users from incoming connections? That will do any rule like "drop incoming connection if not related to any outgoing connection from client ip" you can built in iptables and ROS since ages.

Buster2

All you need is one programmer who doesn't feel like doing anything big after dinner and he can write the rest before he goes home. ;) omg, I Hope that is not the service we should expect from you, nor from MT. That might be the attitude that lead to v6 and we see in these forums how many bugs went...

Buster2

Hello, we have several ROS 5.26 installations on XenServer 6.2 in HVM mode running fine (support for xen/vmware/openvm tools would be superior for live migration support). But upgrading to 6.4 or doing a fresh install of 6.4 from ISO image leads to 100% cpu load during boot process and VM's boot pro...

Buster2

Hello, we have several ROS 5.26 installations on XenServer 6.2 in HVM mode running fine (support for xen/vmware/openvm tools would be superior for live migration support). But upgrading to 6.4 or doing a fresh install of 6.4 from ISO image leads to 100% cpu load during boot process and VM's boot pro...

Search found 47 matches