make sure that you don't NAT over the VPN tunnel.
no sound or one-way-audio typically also means that the audio is hitting a firewall rule, check those as well

It is likely that your provider is filtering traffic originating from a peering IP Provider already created a out filter for accepting my prefix. Did you specify a source IP from inside your prefix? Didn't understand this. with /tool traceroute you can specify a source IP or interface from which th...

Did you specify a source IP from inside your prefix?
It is likely that your provider is filtering traffic originating from a peering IP

Today I wanted to upgrade some production routers to 6.43.4 after having tested it at some less critical sites and found that the stable version has just been updated to 6.43.7 Normally I do not want to upgrade production routers to a version released an hour ago. I know it is possible to upload an...

Today I wanted to upgrade some production routers to 6.43.4 after having tested it at some less critical sites and found that the stable version has just been updated to 6.43.7 Normally I do not want to upgrade production routers to a version released an hour ago. I know it is possible to upload an...

v6.44beta37 will have: *) gps - added "coordinate-format" parameter (CLI only); ddmm will be an option. Sweet! Is there some way of extracting or generating a datetime timestamp ? Timestamp issue solved with a script from forum user adeeadee https://forum.mikrotik.com/viewtopic.php?t=75555 script u...

v6.44beta37 will have:

*) gps - added "coordinate-format" parameter (CLI only);

ddmm will be an option.

Sweet!
Is there some way of extracting or generating a datetime timestamp ?

I've got a working script since last night. Started working on it and took some code snips from other scripts, including a github page I've found to be very helpfull, and the script translates the coordinates - outputted by /gps monitor - to decimal coordinates. I've uploaded the script to github, b...

The problem is that the values returned by the tik GPS are not in a decimal value. You need the data in a decimal value to post to traccar. Same with altitude and speed. For those you need to remove m and km/h from the data. Just tested with Postman and after converting the latitude and longtitude t...

my take on remote accessible device management - and some may be behind a "one-way" access medium, like NAT or 3G/4G, where you can't just connect to the device from the outside - is to have a VPS running routeros. and there's no ports exposed there, but only IPSec. so the managed devices shall con...

!) winbox - fixed vulnerability that allowed to gain access to an unsecured router; Shifting of the blame onto users... what else are we supposed to use for remote management? why would you let everyone have possible access to your router? EVERY router needs to be secured. You would not want anyone...

Just FYI, in logs I saw login attemps, but they all seems to failed, not one of them is successfull. This is from Web. Most likely unrelated. Maybe, but this is strange. Web interface indeed is available from Internet, but I changed default port from 80 to something else, and there was 5 attemps in...

Just FYI,

in logs I saw login attemps, but they all seems to failed, not one of them is successfull.

This is from Web. Most likely unrelated.

but should still be firewalled

What is happening here is downloading files from a router without the password. Over a port that normally doesn't even allow downloading those files. I find it hard to believe that this is simply "a bug". There must be base functionality of downloading, and the bug is only that it can be done witho...

Concur this is a serious issue and glad Mikrotik is addressing it promptly. However it appears, (not 100% sure) that the failure by an admin to ensure WINBOX is not accessible from the outside is what allows this exploit to be used. Most experienced admins would use vpn to access the router and the...

Even with the later versions or ROS, you can download a backup, restore it on a virtual machine running same software version As a user without insight in the internals, you can download a backup only from a router when you know the password already, right? What is happening here is downloading fil...

On the other hand, when you are the one that set the password and you can't log in to your own router, even though you could just reset to defaults or Netinstall to fix it, it's sometimes nice to be able to recover it so that the question of "what on EARTH could I have possibly set the password to?...

On Czech forum is user which have winbox in IP services allowed only for his private range and is hacked :-( https://ispforum.cz/viewtopic.php?p=228863#p228863 It's possible the attack came from his LAN I would also tend to agree. If you firewall all services on your WAN unless it comes from truste...

How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file. They gain access on a file within the router, right? What kind of information is stored in there? You don't know what is stored in the system user database file ???? :lol...

How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file. They gain access on a file within the router, right? What kind of information is stored in there? You don't know what is stored in the system user database file ???? :lol:

topology subnet is working for me, however, when connection with openvpn for windows to my linux openvpn server, I cannot contact the mikrotik clients connecting to that same openvpn server. from linux or from the server itself, the mikrotik clients and subnets are reachable, so this is something st...