Community discussions

MikroTik App

Search found 775 matches

by joegoldman
Mon Mar 18, 2024 12:16 am
Forum: Scripting
Topic: Writing to external MySql database
Replies: 2
Views: 260

Re: Writing to external MySql database

External monitoring tools using things like ICMP and SNMP (plus API access to log into the routers and do any extended testing) would be the best way. For real-time alerting I suggest nagios or icinga - trending something like cacti or librenms. If you really want events on router to go to an extern...
by joegoldman
Wed Jan 17, 2024 12:34 am
Forum: General
Topic: User poll about using Winbox
Replies: 100
Views: 62368

Re: User poll about using Winbox

1) Yes, extensively 2) Saves your 'session' or recalls your 'session' between logins 3) It's pretty useful for me - perhaps turning off auto-save when on a specific (non own or none) session, so it doesn't affect everything else - Edit: oh another one I just thought of, is perhaps session syncing or...
by joegoldman
Thu Dec 07, 2023 2:29 am
Forum: Announcements
Topic: Newsletter #115 | November 2023
Replies: 17
Views: 36951

Re: Newsletter #115 | November 2023

Sorry about that. We will report it to the Sales department to sort it out with the company that provided us these photos. As compensation for this misunderstanding, would you be interested in a merch coupon and some mikrotik CHR licenses? If so, please write us to marketing@mikrotik.com <3 I under...
by joegoldman
Sat Dec 02, 2023 4:23 pm
Forum: Announcements
Topic: Newsletter #115 | November 2023
Replies: 17
Views: 36951

Re: Newsletter #115 | November 2023

These photos were provided directly to MikroTik by the copyright owner (the company). Sorry if there was some misunderstanding The feature photo (with the Airfiber + 60ghz Mikrotik) was taken by me personally in Papua New Guinea, and posted to the forums in the post your towers/masts thread. If the...
by joegoldman
Fri Dec 01, 2023 3:37 am
Forum: Announcements
Topic: Newsletter #115 | November 2023
Replies: 17
Views: 36951

Re: Newsletter #115 | November 2023

Would be nice to be credited for photos used in such publications, glad you like it though :D
by joegoldman
Sun Nov 19, 2023 4:05 pm
Forum: Forwarding Protocols
Topic: Status of ROS V7 for BGP, MPLS, VPLS
Replies: 70
Views: 11735

Re: Status of ROS V7 for BGP, MPLS, VPLS

As what everyone should do - set up a testing environment using CHR and GNS3 - should be able to test your desired config and conduct failover/stability testing.
by joegoldman
Sun Nov 19, 2023 4:04 pm
Forum: Beginner Basics
Topic: Blocking discord using address list
Replies: 9
Views: 1762

Re: Blocking discord using address list

You 'may' be able to block some stuff via L7 rules:

https://help.mikrotik.com/docs/display/ROS/Layer7

May require some sleuthing to get all required domains blocked, and its not always going to be perfect. Easily worked around with something like a VPN.
by joegoldman
Sat Nov 11, 2023 10:43 am
Forum: General
Topic: ipv4 & ipv6 dual stack shunt
Replies: 5
Views: 2007

Re: ipv4 & ipv6 dual stack shunt

The correct answer is to apply for your own space, and use providers who can announce it for you, so your IP's are portable between your links.
by joegoldman
Sat Sep 23, 2023 2:08 pm
Forum: RouterBOARD hardware
Topic: sfp support ccr and crs
Replies: 2
Views: 2116

Re: sfp support ccr and crs

I've never really had major issues with Mikrotik accepting different vendors - not personally tried Ubiquiti though. fs.com ones definitely work and are pretty cheap too.
by joegoldman
Fri Sep 22, 2023 2:56 pm
Forum: Beginner Basics
Topic: CAP AX make ether2 "standalone" mgmt port
Replies: 5
Views: 795

Re: CAP AX make ether2 "standalone" mgmt port

You can't use IP address for management interface from the same subnet as any other interfaces on router have ... the address space then overlaps. So use e.g. 192.168.188.1/24 on ether2. Since this is going to become an out-of-band management port, you'll either have to use static settings on manag...
by joegoldman
Tue Sep 19, 2023 2:09 pm
Forum: General
Topic: Mikrotik SUCKS
Replies: 82
Views: 12275

Re: Mikrotik SUCKS

These posts are funny - they smell of people unwilling or unable to research, test, lab, iterate, and find a solution to your problems. All the basic concepts of everything are there, and laid out in the menus if you know where to look or do a quick google. I'd like some good examples of things that...
by joegoldman
Wed Sep 13, 2023 4:32 am
Forum: Beginner Basics
Topic: Plex "Indirect Connection" when connecting outside of network [SOLVED]
Replies: 7
Views: 4447

Re: Plex "Indirect Connection" when connecting outside of network [SOLVED]

When you do the port check inside plex admin panel does it say its OK? Do you get a direct public IP? When you load plex outside of the network, inspect the traffic on the network tab in the dev tools on your browser - one of the URL's it tries to connect to will be a <hash>.something.plex that will...
by joegoldman
Thu Mar 02, 2023 6:15 am
Forum: General
Topic: OID for specific interface
Replies: 2
Views: 576

Re: OID for specific interface

Basically my understanding is the OID is assigned when the interface is added using the next index available. This is correct, and Dynamic interfaces are the same but start at a much higher number The correct way is always to walk the whole interface MIB, using the matching name to figure out the i...
by joegoldman
Wed Mar 01, 2023 12:13 am
Forum: Forwarding Protocols
Topic: BGP multiple peer setup - load balancing
Replies: 7
Views: 4221

Re: BGP multiple peer setup - load balancing

However I have these issues and I'm looking for some recommendation to fix it: 1. When the two BGP peers are UP I have two 0.0.0.0/0 routes and ISP 1 its preferred because AS Path is smaller than ISP 2, but I need to force using ISP 2 as gateway for some of my customer segments This is normal. If y...
by joegoldman
Tue Feb 14, 2023 3:30 am
Forum: Containers
Topic: Anyone using haproxy with let's encrypt?
Replies: 2
Views: 2512

Re: Anyone using haproxy with let's encrypt?

Yes you can run LetsEncrypt on HAProxy frontend (I have done it) - it is not mikrotik specific and I would suggest asking in a community forum based around those technologies for more in-depth answer. - Make your renew script use local server on custom port - Create backend to that webserver in hapr...
by joegoldman
Sat Jan 28, 2023 8:58 am
Forum: General
Topic: Set Mikrotik For Esxi vms firewalls
Replies: 3
Views: 495

Re: Set Mikrotik For Esxi vms firewalls

You could do a physical device physically in front of the VMWare Server You could have a RouterOS VM, and set the VM's to a private network that gateways through the RouterOS VM which has an interface both in the private network and a public network. Configuration beyond that would be best asked on ...
by joegoldman
Mon Jan 16, 2023 1:27 pm
Forum: RouterBOARD hardware
Topic: Mikrotik mlag and switch mode
Replies: 4
Views: 4353

Re: Mikrotik mlag and switch mode

In RouterOS its always in 'router' mode, but you can configure things to use the hardware offload. You will definitely want to do this with MLAG, otherwise the little CPU will be processing all the traffic. I have MLAG running on these switches without issue, and it works fine. There are limitations...
by joegoldman
Tue Nov 08, 2022 12:08 am
Forum: Beginner Basics
Topic: MX204 alternative?
Replies: 7
Views: 1649

Re: MX204 alternative?

They are generally aimed at entirely different segments. A lot of ISPs use Mikrotik but the big boys rarely will because Mikrotik doesn't have a 'proper' support structure (i.e. paid support, warranty, same/next day replacement etc) that big corporate latch onto. Each router on mikrotik's site has b...
by joegoldman
Thu Oct 13, 2022 12:09 pm
Forum: Scripting
Topic: Change gateway distance if RFC1918 address assigned
Replies: 3
Views: 551

Re: Change gateway distance if RFC1918 address assigned

Simplest solution is pay the bill so it doesn't suspend. Many of us here being ISP operators probably aren't super keen to help you circumvent ISP suspensions.

Having said that - you could use a netwatch command to change default gateways - not really scripting just run CLI commands on up/down.
by joegoldman
Tue Oct 11, 2022 12:07 am
Forum: Beginner Basics
Topic: One ISP, 2 public static IP, 2 places, how tunnel over ISP, not over IP?
Replies: 11
Views: 1019

Re: One ISP, 2 public static IP, 2 places, how tunnel over ISP, not over IP?

OK you have a lot of confusing information. Are office 1 and office 2 in 2 completely different locations? Or are they in same building? If same building, are they plugging into the same NTU (same ISP device) for internet? If they are on separate NTU's - or in different locations, then it is entirel...
by joegoldman
Tue Oct 11, 2022 12:00 am
Forum: Forwarding Protocols
Topic: BGP 2+ Million Routes [SOLVED]
Replies: 3
Views: 2079

Re: BGP 2+ Million Routes [SOLVED]

Why a single BGP session is providing 2 million routes is concerning - biggest full table I have across sites is just under 1 million, so it seems high. But - if they do not have multiple providers, only one external provider, then generally a default route is a much more efficient way to do things....
by joegoldman
Thu Oct 06, 2022 12:07 am
Forum: General
Topic: Limit Interface to Specific IP from Address List
Replies: 10
Views: 809

Re: Limit Interface to Specific IP from Address List

Using src-nat instead of masquerade rule, lets you specify which IP you use for outgoing connections (so you'd set to public.ip.12 if thats what you wanted), that will work for NAT and shouldn't affect anything else. The firewall rules are processed in order, so if a packet matches the criteria of a...
by joegoldman
Sun Sep 25, 2022 12:48 am
Forum: General
Topic: Can WebFig use WinBox?
Replies: 4
Views: 497

Re: Can WebFig use WinBox?

WinBox already exist. Yes, hence the pun. The idea was using the aptly named 'winbox' window manager library to make Webfig exist more like Winbox in that you can load more information up side-by-side, vs current webfig annoyance of having to click around different menu items to gather information.
by joegoldman
Sat Sep 24, 2022 10:28 am
Forum: General
Topic: Can WebFig use WinBox?
Replies: 4
Views: 497

Can WebFig use WinBox?

Hey devs, Can you implement WinBox in Webfig? :lol: But seriously I hate webfig for the fact of having to click around everywhere all the time when checking things between 2 sections. The best part of Winbox is having all the data you need displayed at once - if you implemented windows in webfig (li...
by joegoldman
Fri Sep 23, 2022 1:15 pm
Forum: RouterBOARD hardware
Topic: CRS504-4XQ-IN, LTT, LinusTechTips
Replies: 6
Views: 1383

Re: CRS504-4XQ-IN, LTT, LinusTechTips

Ubiquiti is/has been a big sponsor of theirs, they just grab Mikrotik products because they are cheap and fit different needs (like 100gig where ubiquiti doesn't have anything to compare) On top of that, they have a mish-mash of hardware because they take what they can get for free under sponsorship...
by joegoldman
Fri Sep 09, 2022 2:12 pm
Forum: Beginner Basics
Topic: Restrict local port forwarding via SSH
Replies: 10
Views: 1668

Re: Restrict local port forwarding via SSH

No NAT rule necessarily required, they are doing the ssh session with the mik directly and using it as a port forward via ssh tunnel. To answer your question, you can do firewall filter rules on input tcp port 22, but it'll restrict normal SSH access, there's no way to differentiate between an SSH c...
by joegoldman
Thu Sep 08, 2022 2:16 am
Forum: Forwarding Protocols
Topic: Let OSPF ignore the default route [SOLVED]
Replies: 2
Views: 1880

Re: Let OSPF ignore the default route [SOLVED]

I'm not sure I am understanding the problem, you are learning the OSPF route via the ovpn tunnel sure, but it comes at higher distance and is not currently Active in your screenshot, so shouldn't be getting used at all. Or does it sometimes become the active route? Either way, you can filter out def...
by joegoldman
Mon Sep 05, 2022 1:29 am
Forum: Forwarding Protocols
Topic: OSPF routes
Replies: 2
Views: 1298

Re: OSPF routes

Moving up a major version in production is a terrible idea, you need to do this in the lab and research what these things mean. In winbox you can hover over the flags and it'll generally tell you what they are in a tooltip. I can't find anything in the docs about H personally though, but my guess wo...
by joegoldman
Mon Sep 05, 2022 12:34 am
Forum: Beginner Basics
Topic: Subnet Mask 23 Work On Dhcp But Not Fixed Ip
Replies: 5
Views: 1670

Re: Subnet Mask 23 Work On Dhcp But Not Fixed Ip

If you're gateway still has 192.168.1.0 in NETWORK setting it may not work. The subnet/network is 192.168.0.0/23, 192.168.1.0/23 is not valid, but an address of 192.168.1.1/23 is valid - best thing to do is probably post your config export so we can see if there's any misconfiguration on your networ...
by joegoldman
Wed Aug 10, 2022 2:05 pm
Forum: General
Topic: Forgot account for p1 license [SOLVED]
Replies: 1
Views: 358

Re: Forgot account for p1 license [SOLVED]

Email support@mikrotik.com, they should be able to help you.
by joegoldman
Fri Aug 05, 2022 4:46 am
Forum: General
Topic: CCR2004-1G-2XS-PCIe and FreeBSD
Replies: 29
Views: 3872

Re: CCR2004-1G-2XS-PCIe and FreeBSD

unfortunately the BSD kernel is often forgotten / lagged behind the linux kernel so it wouldn't surprise me if its close but not working. Perhaps email support directly to try get more specific help. I used to use FreeBSD everywhere and got over the management overhead of generally older binaries or...
by joegoldman
Thu Aug 04, 2022 1:34 pm
Forum: RouterOS beta
Topic: Leaking ospf routes between VRFs
Replies: 4
Views: 2447

Re: Leaking ospf routes between VRFs

You've been given the idea, use documentation to go have a go yourself. If you'd like someone to consult for you reach out to some consulting businesses so they can provide config for you to use.
by joegoldman
Wed Aug 03, 2022 12:17 am
Forum: Forwarding Protocols
Topic: MLAG and VLANS [SOLVED]
Replies: 5
Views: 2584

Re: MLAG and VLANS [SOLVED]

Hello, You have to pass that vlan also on peerport in order to have that redundancy: see https://help.mikrotik.com/docs/display/ROS/Multi-chassis+Link+Aggregation+Group the example is done with vlan1, but in your situation you can add vlan 10 (it is needed to be tagged) Best Regards, Diego Hrmm you...
by joegoldman
Wed Aug 03, 2022 12:16 am
Forum: Forwarding Protocols
Topic: MLAG and VLANS [SOLVED]
Replies: 5
Views: 2584

Re: MLAG and VLANS [SOLVED]

It’s not always welcome but when I read scenarios like this I like to raise some questions to make sure that what’s possible is the same as what’s wise. Using cheaper switches (like Mikrotik) to act as port expanders for expensive ASR ports makes sense, but what exactly is the goal of bridging the ...
by joegoldman
Mon Aug 01, 2022 5:42 pm
Forum: Forwarding Protocols
Topic: MLAG and VLANS [SOLVED]
Replies: 5
Views: 2584

MLAG and VLANS [SOLVED]

Hi, Consider the following: Router1->LACP->MLAG->sw1/sw2<-MLAG<-LACP<-Router2 So redundant core, 2 routers MLAG to a set of switches. All ports are in the same one big bridge. The goal is to plug single handoff providers into 1 of the 2 switches. So say ISP1 plugs into sw1, port 5, VLAN10. To access...
by joegoldman
Sat Jul 23, 2022 10:43 am
Forum: General
Topic: CCR2116-12G-4S+ V7.3.1 - Can't break 1 gig overall
Replies: 2
Views: 607

Re: CCR2116-12G-4S+ V7.3.1 - Can't break 1 gig overall

It will most definitely be a config issue (or obscure software bug). People are running multi-gig through these boxes.

Post your /export and people can critique the way you've done the load balancing etc to see if you aren't just hitting the limit of 1 connection or something.
by joegoldman
Fri Jul 15, 2022 8:06 am
Forum: General
Topic: three pppoe client in (switch-mikrotik) [SOLVED]
Replies: 19
Views: 2236

Re: three pppoe client in (switch-mikrotik) [SOLVED]

I'm 99% sure that will be the fact of the ISP limiting one connection per mac. Good way to test, rather then send one into the switch, plug it directly in to another port on the router (or route the VLAN to another port on the router) so you end up with a different client mac. VLANs don't get their ...
by joegoldman
Fri Jul 15, 2022 2:04 am
Forum: General
Topic: three pppoe client in (switch-mikrotik) [SOLVED]
Replies: 19
Views: 2236

Re: three pppoe client in (switch-mikrotik) [SOLVED]

Switching looks fine. It should be untagged on the ingress ports from the ISP's, tagged on the egress port to the router. Are the 3 ISP links using: 1) Same ISP? 2) Same Username? 3) Connecting to the same PPPoE Server somehow like a vISP setup? (Do you get the same service name on each pppoe client...
by joegoldman
Sun Jul 10, 2022 5:14 am
Forum: General
Topic: Mikrotik is halving my wan speed
Replies: 12
Views: 1195

Re: Mikrotik is halving my wan speed

RB3011 likely OK, RB1100 even better, then start moving into cloud cores. You'll have to do some research on mikrotik.com through the different offerings.
by joegoldman
Sun Jul 10, 2022 4:50 am
Forum: General
Topic: Mikrotik is halving my wan speed
Replies: 12
Views: 1195

Re: Mikrotik is halving my wan speed

I've been watching the cpu for a long time and it never goes above 40% on any of the cores. I was even doing speed tests on Speedtest.net and it didn't even exceed 60% in any core. You could still be hitting a bottle neck (on a single core). Try backing up your config, or if you have 2nd of same de...
by joegoldman
Sun Jul 10, 2022 3:21 am
Forum: General
Topic: Mikrotik is halving my wan speed
Replies: 12
Views: 1195

Re: Mikrotik is halving my wan speed

That's a pretty complicated setup in terms of CPU load. When doing your speedtests is your CPU at 100%? You have a lot of mangle and a lot of queues, this means nothing will be going via fastpath and everything will be going via CPU, which will heavily bind your available speed. With a complicated s...
by joegoldman
Tue Jun 21, 2022 1:37 am
Forum: General
Topic: Graphing (192.168.1.1/graphs) does not match the data on mikrotik [SOLVED]
Replies: 2
Views: 885

Re: Graphing (192.168.1.1/graphs) does not match the data on mikrotik [SOLVED]

the data in the graph itself appears correct comparing 1:1 (webfig vs basic page), it may just be a visual time bug. I can assume the time is set correctly since webfig looks correct, but maybe try re-setting the time (timezone is correct, us an NTP server) and if that doesn't help see if its still ...
by joegoldman
Sat Jun 18, 2022 2:55 pm
Forum: RouterBOARD hardware
Topic: Any plans for a small size SoHo router managing Gigabit WAN capacity?
Replies: 19
Views: 2339

Re: Any plans for a small size SoHo router managing Gigabit WAN capacity?

RB4011 wifi model is great home router - use it at my house. Multiple VPN's, a few WAN's totalling about 1.3gbps, complex firewall, mangle, and queue rules. No slowdowns.
by joegoldman
Sun Jun 12, 2022 12:36 pm
Forum: General
Topic: VPN APPs block on Mikrotik
Replies: 15
Views: 4151

Re: VPN APPs block on Mikrotik

As a network professional, you have to realise that there are compromises. Restrict only devices you have full control of OR; understand every block has a workaround. This is a FEATURE. Not a PROBLEM. The same things that help you control devices are what essentially protects private devices. You ca...
by joegoldman
Sun Jun 12, 2022 3:10 am
Forum: General
Topic: VPN APPs block on Mikrotik
Replies: 15
Views: 4151

Re: VPN APPs block on Mikrotik

blocking VPN on public hotspot is also a bad idea - people use VPN's for legitimate reasons when using public hotspots, for things like banking etc. Best solution if you are afraid of people using too much of the hotspot - is time/data based limits or some kind of PCQ config so one person can't netf...
by joegoldman
Sun Jun 12, 2022 2:29 am
Forum: General
Topic: VPN APPs block on Mikrotik
Replies: 15
Views: 4151

Re: VPN APPs block on Mikrotik

You can block certain ports, but then SSL VPNs use 443, certain destination addresses but have to maintain an ever changing list etc.

It is a game of whack-a-mole. There's no overall solution without beefy DPI and mitm decryption.
by joegoldman
Sun Jun 05, 2022 2:25 am
Forum: Forwarding Protocols
Topic: BGP with two ISPs and private AS
Replies: 2
Views: 722

Re: BGP with two ISPs and private AS

You will need a properly assigned public AS and a properly assigned public IP space from your regions NIC.
by joegoldman
Wed Jun 01, 2022 7:58 am
Forum: Beginner Basics
Topic: Can't see the internet - 0.0.0.0
Replies: 11
Views: 2210

Re: Can't see the internet - 0.0.0.0

/ip dhcp-server network add address=0.0.0.0/24 gateway=0.0.0.0 netmask=24 add gateway=0.0.0.1 add address=192.168.10.0/24 gateway=192.168.10.1 I believe these work in order of operation - and if that rule is first it will catch-all and try give a gateway of 0.0.0.0 - which will never work. M ove th...
by joegoldman
Fri May 27, 2022 7:59 am
Forum: General
Topic: Winbox Idle Session Option
Replies: 1
Views: 284

Re: Winbox Idle Session Option

There's no IDLE detection on winbox sessions, but you could essentially have a script that enables a firewall rule for the winbox port for x seconds every y minutes - clunky in that you could kick yourself off in the middle of a job, and possibly lock yourself out of winbox (assuming you have a 2nd ...
by joegoldman
Thu May 12, 2022 7:58 am
Forum: Beginner Basics
Topic: pref src not honored in rOS7
Replies: 13
Views: 1646

Re: pref src not honored in rOS7

Not to help your question but also help anav I use pref-src with my loopback IP for most things. Consider my sites are as follows Internet<-->10.0.0.1<-->10.0.1.1<-->10.0.2.1<-->10.0.3.1<-->Customer In a normal scenario of customer tracerouting to internet, you'd see the IP respond on the interface ...
by joegoldman
Tue May 03, 2022 5:09 am
Forum: General
Topic: My Winbox is using multiple telnet loggins
Replies: 4
Views: 724

Re: My Winbox is using multiple telnet loggins

When you open Terminal, it shows as telnet login (in v6, in v7 it's "local"). So it looks like you have saved session with many open terminals. It's definitely this - if you have autosave session on (which it is by default) and as you go instead of looking for your old terminal window beh...
by joegoldman
Mon May 02, 2022 12:52 am
Forum: RouterBOARD hardware
Topic: CCR2216-1G-12XS-2XQ as 100G NAT device [SOLVED]
Replies: 4
Views: 1981

Re: CCR2216-1G-12XS-2XQ as 100G NAT device [SOLVED]

Another thing to consider is that the CCR2216 supports up to 8k NAT entries in hardware offload - where there's 8k+ IP's in a /19, and you want 2 connections per IP being 16k+ NAT entries... ... So once you have to start processing in software, it may limit your ability to reach 100gbps. This might ...
by joegoldman
Sun Apr 24, 2022 7:24 am
Forum: Beginner Basics
Topic: Switch menu only lists 1 port?
Replies: 4
Views: 478

Re: Switch menu only lists 1 port?

The switch is completely separate vendor and device to the mikrotik and there's no reason the mikrotik would be able to manage the switchports. The switch menu in your mikrotik refers to the 'switch chip' the one ethernet port is using to talk to the CPU etc. You would not be able to achieve what yo...
by joegoldman
Sun Apr 24, 2022 7:08 am
Forum: Beginner Basics
Topic: How to distribute bandwidth equally for an IP range?
Replies: 7
Views: 2728

Re: How to distribute bandwidth equally for an IP range?

A PCQ configuration would do what you are after - specifically with a pcq-rate of 0 and max rate of 10mbps, should mean it shares it around equally as more users try to use the queue.

https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ
by joegoldman
Tue Mar 29, 2022 8:56 am
Forum: General
Topic: What is the best way to prevent internal traffic from leaving? [SOLVED]
Replies: 56
Views: 6781

Re: What is the best way to prevent internal traffic from leaving? [SOLVED]

No, it will only block traffic that has destination IP in the blackhole route. So a) wouldn't acomplish the intended goal and b) will block all internal traffic Internal traffic being traffic not going to the internet.. Because the routes are the supernets - what will actually happen is if there's ...
by joegoldman
Thu Mar 10, 2022 11:08 pm
Forum: General
Topic: Setup Mikrotik Master DNS server
Replies: 2
Views: 376

Re: Setup Mikrotik Master DNS server

RouterOS DNS implementation is purely for relaying, i.e. a client DNS - it caches, you can force some static rules but it is not suitable for nameserver or actual hosting. You could 'almost' hack it by not having any DNS servers configured for it to query, then just static entries, so non-existent e...
by joegoldman
Fri Feb 25, 2022 12:17 am
Forum: Beginner Basics
Topic: Redirect URL to URL with port [SOLVED]
Replies: 1
Views: 1877

Re: Redirect URL to URL with port [SOLVED]

Mikrotik can not listen and route on HTTP Headers. The general consensus to do such things is to host a small webserver behind the mikrotik that 80,443 is forwarded to, and that server itself either reverse proxies to the internal resource, or has a redirect with the correct port number. This 'may' ...
by joegoldman
Thu Feb 24, 2022 11:18 pm
Forum: General
Topic: Restore did not work as expected [SOLVED]
Replies: 5
Views: 1150

Re: Restore did not work as expected [SOLVED]

The other option is partitions, depending on the model of router you have you can partition the disk and have different versions installed to different partitions (and even different configs), set a primary and a failover partition based on watchdogs etc. I've used it successfully before when worrie...
by joegoldman
Sun Feb 20, 2022 2:41 am
Forum: General
Topic: Changing PPPoE Gateway
Replies: 5
Views: 1203

Re: Changing PPPoE Gateway

The downside is that with this scenario I'm not able to manage my ppp connections through pfsense (unfortunately because of the regulations in my country I can't have access to mikrotik router directly so everytime I need to change my ip I should hard reboot the router!). My main goal is to have pp...
by joegoldman
Sun Feb 20, 2022 2:36 am
Forum: Beginner Basics
Topic: Should return action be in top or bottom of the filter rules?
Replies: 3
Views: 613

Re: Should return action be in top or bottom of the filter rules?

Rules are processed in order of placement in the list, but also by chain So if the chains are intermingled think of it as if they were squished together but in the order it shows In your example, the top return rule would jump back to the original chain straight away, you want it to go through the r...
by joegoldman
Sat Feb 19, 2022 2:01 pm
Forum: Forwarding Protocols
Topic: vrf vs. route table ?
Replies: 1
Views: 921

Re: vrf vs. route table ?

A VRF has its own route table, each route table is technically its own VRF in Mikrotik world. How you use them can be very flexible in Mikrotik world, can use them like standard VRF's or with things like mangle rules to force traffic into the 'VRF' or use different route table (mark routing) by traf...
by joegoldman
Sat Feb 19, 2022 11:27 am
Forum: General
Topic: Changing PPPoE Gateway
Replies: 5
Views: 1203

Re: Changing PPPoE Gateway

the endpoints of ppp are defined inside the protocol itself and the /32 installed (whether you install a default route to the other end is up to the client though) having said that, Mikrotik can install the route via interface declaration vs endpoint IP - which although they have same endpoint IP wh...
by joegoldman
Sat Feb 19, 2022 10:49 am
Forum: Beginner Basics
Topic: How can I find the UUID of network devices
Replies: 4
Views: 1099

Re: How can I find the UUID of network devices

That UUID is OS specific and not used in network connectivity - it is actually specific to NetworkManager package and not all systems assign UUID's to connections - that is a unique identifier used for that piece of software to link to the connection and is for internal use only on the machine. It m...
by joegoldman
Sat Feb 19, 2022 3:40 am
Forum: Beginner Basics
Topic: How can I find the UUID of network devices
Replies: 4
Views: 1099

Re: How can I find the UUID of network devices

Which UUID are you trying to find? In network world, "UUID"'s are different per layer of the network stack, Layer 2 = MAC, Layer 3 = IP etc If you are looking for the devices MAC you'd need to look in the ARP table (or DHCP Lease table if you are running DHCP server) Otherwise you'd need t...
by joegoldman
Fri Feb 18, 2022 5:12 am
Forum: General
Topic: Why are there some many duplicates?
Replies: 4
Views: 571

Re: Why are there some many duplicates?

Each entry counts towards total entries, so the "Duplicates" count each one, it has to build ARP entries for every VLAN as they are each considered a separate LAN
by joegoldman
Thu Feb 03, 2022 7:37 am
Forum: Beginner Basics
Topic: Mikrotik CCR 1009 two IP Pools /24 PPOE server
Replies: 7
Views: 1584

Re: Mikrotik CCR 1009 two IP Pools /24 PPOE server

The PPPoE connection actually establishes the IP's on the router so you don't have to physically run any of the IP's for Local (or Remote) in /ip address as they'll get dynamically added when the PPP establishes. You can have 1 profile 1 Pool Then 1 'PPPoE Server' per interface When users dial-in, P...
by joegoldman
Wed Jan 26, 2022 11:31 pm
Forum: General
Topic: Radius management vrf
Replies: 8
Views: 6008

Re: Radius management vrf

The management services in a VRF is only a new addition, its likely they haven't done RADIUS yet and might be something they do in a future release. They call 7.1 a stable release but it is not fully featured yet. The better recommendation is to run management via vrf 'main' and use extra vrfs for c...
by joegoldman
Sat Jan 15, 2022 11:57 am
Forum: Scripting
Topic: ppp sync script
Replies: 4
Views: 2750

Re: ppp sync script

hello
mainly i want to sync all ppp from mikrotik to mysql using php and mikrotik api
thanks
What is the end-goal you are trying to achieve? your explanation so far leads many different ways without context, post your ultimate goal so we can help with the ultimate solution.
by joegoldman
Tue Jan 11, 2022 12:22 pm
Forum: General
Topic: FEATURE REQUEST - Portable Winbox Databases
Replies: 4
Views: 1885

Re: FEATURE REQUEST - Portable Winbox Databases

Yes, you can already do all of the above from the Winbox loader File -> Save As Tools -> Move sessions folder You can even keep the folder on some dropbox and load it from multiple PCs Thats a fundamental difference to my request, that moves just the .viw files not the actual 'Managed' tab database...
by joegoldman
Thu Dec 30, 2021 10:37 am
Forum: RouterBOARD hardware
Topic: NBN Australia
Replies: 1
Views: 3050

Re: NBN Australia

The VDSL SFP cards duxtel sells are NBN compatible (even with the new DLSAM firmware rollout I believe, you may need to manually flash it though) Alternatively you could potentially run the TP-Link in bridge mode so it just does the demodulation and passes the L2 link through to an ethernet port on ...
by joegoldman
Wed Dec 29, 2021 2:38 am
Forum: General
Topic: FEATURE REQUEST - Portable Winbox Databases
Replies: 4
Views: 1885

FEATURE REQUEST - Portable Winbox Databases

So i know that you can export/import winbox databases. This is not that. There are a few aspects of the idea: 1) Define where the database lives - this allows a central filesystem location that we can sync with things like Dropbox, Onedrive, Nextcloud etc - This woul dbe good so I can add a router o...
by joegoldman
Wed Dec 29, 2021 2:32 am
Forum: Announcements
Topic: WinBox v3.32 released!
Replies: 65
Views: 93380

Re: WinBox v3.32 released!

Half of Mikrotik staff using MacOS and Linux, and yet is there still only Windows version, I don't get it, I don't get it at all... Because it would require a full re-write, for something that works perfectly fine in WINE, also offering WebFig which is OS independent GUI. If they ever got to a poin...
by joegoldman
Tue Dec 28, 2021 8:59 am
Forum: RouterOS beta
Topic: BGP signaled VPLS
Replies: 2
Views: 2207

Re: BGP signaled VPLS

According to this compatibility matrix it is only partially supported, but the new documentation system does not seem to have any section for v7 configs. My guess is the config is CLI only and only some features may be working. My suggestion would be to stick with v6.x until v7.x reaches feature par...
by joegoldman
Fri Dec 24, 2021 5:30 am
Forum: General
Topic: How do you configure RouterOS? Poll
Replies: 11
Views: 2189

Re: How do you configure RouterOS? Poll

I have template scripts that do the bulk of the work for new provisioning, but updates etc tend to be winbox gui - just really helps for multi tasking and having visual reference to objects and things you are doing in different parts of config like bridging and interfaces side by side or ppp and que...
by joegoldman
Tue Dec 14, 2021 12:52 am
Forum: General
Topic: mikrotik as Slave DNS server
Replies: 11
Views: 2219

Re: mikrotik as Slave DNS server

Your best bet for this is wait until docker is stable and you move to ROSv7 - run a full DNS server in a docker container.
by joegoldman
Sun Dec 12, 2021 6:09 am
Forum: General
Topic: Cloutik feedback ?
Replies: 20
Views: 5691

Re: Cloutik feedback ?

I dont understand why talking about a product is bad after all this is a forum to discuss its not about promoting here its about discussing issues and questions so making a statement like i will never trial your service is ridiculous and forgive me if I’m wrong but brand awareness is key A thread h...
by joegoldman
Tue Dec 07, 2021 11:51 pm
Forum: Forwarding Protocols
Topic: Can this be done.?
Replies: 1
Views: 1797

Re: Can this be done.?

Yes it should be technically possible - although the time to realise one connection is dead still might be enough to kill 'connections' in the sense of active open connections - but to the world you'll always be 1 public IP address (the CHR)

I can certainly help if you'd like to provide me a contact.
by joegoldman
Tue Dec 07, 2021 11:27 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 224753

Re: v7.1 is released!

News letter has a typo - OSFP at one point - looks like its just as QA'd as ROSv7 :D

I'll be waiting a fair few releases before even considering this. Its not even up to feature parity with v6 correct?
by joegoldman
Tue Nov 30, 2021 12:01 pm
Forum: Forwarding Protocols
Topic: Traffic is being sent to BGP Peer but received from IP Transit provider
Replies: 7
Views: 3517

Re: Traffic is being sent to BGP Peer but received from IP Transit provider

So I tried this. I am now advertising a /24 to Pineapple and the full /22 to Lemon. Yet, Upstream traffic goes via Pineapple, Downstream traffic comes in via Lemon. It is entirely possible that Lemon summary route back to customer routes, or don't accept customer prefixes in at all via Pineapple/IX...
by joegoldman
Tue Nov 30, 2021 1:41 am
Forum: Forwarding Protocols
Topic: Traffic is being sent to BGP Peer but received from IP Transit provider
Replies: 7
Views: 3517

Re: Traffic is being sent to BGP Peer but received from IP Transit provider

No. you said 45.45.0.0/16 is Lemon so not sure why you are filtering them. If you are 46.46.46.0/22, you'll want to have: 1) Filter to lemon, that only allows your 46.46.46.0/22 route at prefix length 22 (or don't define prefix length) 2) Filter to pineapple, that allows your 46.46.46.0/22, with pre...
by joegoldman
Tue Nov 30, 2021 1:36 am
Forum: Beginner Basics
Topic: Winboxing towards a Mikrotik behind NAT [SOLVED]
Replies: 14
Views: 5262

Re: Winboxing towards a Mikrotik behind NAT [SOLVED]

Just good practise - for the one time you do accidentally expose it or some kind of attacker makes it on the trusted side of the network. More like security through obscurity. But I can't deny that to some extent it works. Security is like a puzzle - every little piece comes together to make the fu...
by joegoldman
Mon Nov 29, 2021 11:37 pm
Forum: Beginner Basics
Topic: Winboxing towards a Mikrotik behind NAT [SOLVED]
Replies: 14
Views: 5262

Re: Winboxing towards a Mikrotik behind NAT [SOLVED]

Btw, what's the point of changing WinBox port when it's not exposed? I get it when it is, it's cheap trick that helps to not get attacked by botnets almost immediatelly. But over VPN, when it's not reachable anyway? Just good practise - for the one time you do accidentally expose it or some kind of...
by joegoldman
Mon Nov 29, 2021 11:35 pm
Forum: Forwarding Protocols
Topic: Traffic is being sent to BGP Peer but received from IP Transit provider
Replies: 7
Views: 3517

Re: Traffic is being sent to BGP Peer but received from IP Transit provider

Ultimately you can not control how other networks route traffic from your network. In general, a provider will always prioritise customer routes highest, then IX, then transit. In this case, you are customer, so you would be higher priority than the IX routes. It also commercially makes sense becaus...
by joegoldman
Mon Nov 29, 2021 4:04 am
Forum: General
Topic: Cloutik feedback ?
Replies: 20
Views: 5691

Re: Cloutik feedback ?

Can you go a post WITHOUT mentioning your own product(s)?

This forum isn't your personal sales pitch. In fact, your shameless posting and baiting viewers to your site has influenced my decision to NEVER trial or use your product.
by joegoldman
Wed Nov 17, 2021 9:46 am
Forum: Beginner Basics
Topic: They bruteforce me, how to blacklist ?
Replies: 6
Views: 2185

Re: They bruteforce me, how to blacklist ?

To answer the more real question - as the same problem exists for l2tp (my logs fill up all the time people trying to connect) You can definitely put a whitelist on using an address-list for accepted clients, then only allow connections on TCP/1723 from src-address-list of that whitelist. Or what I ...
by joegoldman
Fri Nov 12, 2021 6:41 am
Forum: General
Topic: it's possible in Nanostaion M2?
Replies: 3
Views: 831

Re: it's possible in Nanostaion M2?

i have no mikrotik device
This is mikrotik forum, go ask vendor or users of the devices you own.
by joegoldman
Wed Nov 10, 2021 11:30 pm
Forum: Beginner Basics
Topic: Accessing "parent" network
Replies: 5
Views: 1504

Re: Accessing "parent" network

We can't tell you the specifics of your network - this is for your network administrator to help you with. In a basic sense, whatever IP's are given out by this new mikrotik either needs to be NAT to your main or 'parent' network, or your router on your parent network needs to have a route back to t...
by joegoldman
Wed Nov 10, 2021 7:35 am
Forum: General
Topic: Why does RouterOS send my ICMP Time Exceeded to the wrong interface and how can I avoid it?
Replies: 2
Views: 1340

Re: Why does RouterOS send my ICMP Time Exceeded to the wrong interface and how can I avoid it?

Without a full export/supout to know how you are marking packets and how you are using the tables... its likely an inbound packet is using the main table, and whatever the default route is and/or its pref-src is set to, is what it'll respond with. You have to create mangle rules to also tag packets/...
by joegoldman
Sun Nov 07, 2021 2:53 am
Forum: RouterBOARD hardware
Topic: Make VLAN mgmt more easy, please
Replies: 3
Views: 3099

Re: Make VLAN mgmt more easy, please

This looks more like a switch config - routers are very different. SwitchOS has similar style of VLAN management. RouterOS has very flexible options and management interfaces (winbox, webfig, cli etc), and GUI's like this are very restrictive to keeping that common style between the management inter...
by joegoldman
Sun Nov 07, 2021 2:46 am
Forum: Scripting
Topic: Total IP's count
Replies: 3
Views: 2399

Re: Total IP's count

Get the ranges property and extrapolate from that, detect if its CIDR notation or x-y notation and then you can do the maths from then to figure out pool size.
by joegoldman
Sun Nov 07, 2021 2:44 am
Forum: General
Topic: Admin password - CRS125-24G-1S
Replies: 3
Views: 824

Re: Admin password - CRS125-24G-1S

always.take.backups.

Reboot might help if the management interface just gone wonky.

You might be able to pull a config through the boot menu but I don't think you can.

You'll likely have to reset and reconfigure.
by joegoldman
Sun Nov 07, 2021 12:02 am
Forum: RouterOS beta
Topic: delete
Replies: 4
Views: 1903

Re: Cube opened

Antenna's and enclosures are almost always about specific dimensions and shape for rated performance - there will 100% be a reason for it to stick out like that, to help shape the beam either for transmit or receive. It might 'work' without such a big cover but it might not work as well.
by joegoldman
Sat Nov 06, 2021 11:59 pm
Forum: General
Topic: Merge 2 ISP bandwidth into one
Replies: 9
Views: 7617

Re: Merge 2 ISP bandwidth into one

A mandatory pre-requisite for this to work is that none of the ISPs cares about source IP addresses of packets coming from the client...snip In this particular instance using NAT only this is not my experience - I agree it could/would happen this way in non NAT situations but essentially as the con...
by joegoldman
Sat Nov 06, 2021 4:37 am
Forum: General
Topic: Merge 2 ISP bandwidth into one
Replies: 9
Views: 7617

Re: Merge 2 ISP bandwidth into one

Thats funny, never seen load balancing for dual wan setups or more, without mangling. I use my example without mangles just fine, even for a national ambulance service headquarters. I use mangle for inbound establishment (port forwards, VPN etc) to make sure return traffic remains on the same WAN -...
by joegoldman
Sat Nov 06, 2021 4:31 am
Forum: General
Topic: Limit number connections per destination host IP???
Replies: 6
Views: 1981

Re: Limit number connections per destination host IP???

But I need this limit only for one user...rule number 1 will limit all users...
Adjust the rule to suit your needs.
by joegoldman
Thu Nov 04, 2021 8:57 am
Forum: General
Topic: Merge 2 ISP bandwidth into one
Replies: 9
Views: 7617

Re: Merge 2 ISP bandwidth into one

You won't be able to get one user able to use 35mbps without a LOT of work/costs and varied results. If you just want to load-balance, use both at once, its simple - you can add your default route with multiple gateways in an "ECMP" style like this: /ip route add check-gateway=ping distanc...
by joegoldman
Thu Nov 04, 2021 8:33 am
Forum: General
Topic: Limit number connections per destination host IP???
Replies: 6
Views: 1981

Re: Limit number connections per destination host IP???

See the NAT Wiki using the connection-limit option - a bit of syntax explanation can be found in this thread . May take some tinkering to get exactly what you want and using a multitude of rules you should be able to set rules 1) dst-address 0.0.0.0/0 with connection-limit=5,32 meaning it only allow...
by joegoldman
Mon Nov 01, 2021 11:45 pm
Forum: Forwarding Protocols
Topic: OSPF receive one dst-address with two gateway
Replies: 2
Views: 2699

Re: OSPF receive one dst-address with two gateway

You might be able to use filters to adjust distance on one vs the other imported route - as changing the interface cost will affect both. Alternatively, deliver both PE's on a separate ports, or if it must remain single port, split it out in VLANs, this way you can adjust the cost of PE2 slightly hi...
by joegoldman
Wed Oct 27, 2021 1:02 pm
Forum: General
Topic: router send data to Mikrotik?
Replies: 11
Views: 1707

Re: router send data to Mikrotik?

it is likely to be /ip cloud service - disable all of that and you should see it go away.
by joegoldman
Mon Oct 25, 2021 12:44 am
Forum: General
Topic: Setting hostname in winbox [SOLVED]
Replies: 4
Views: 6425

Re: Setting hostname in winbox [SOLVED]

That is based on what the client sends back to the DHCP server, you have no real control on it on the server side - if you have control over the devices, you should see about configuring them correctly to give the hostname in response. Most I see in general do but some definitely don't. What you can...
by joegoldman
Mon Oct 25, 2021 12:35 am
Forum: General
Topic: Block p2p from IP cameras - RB4011iGS+RM
Replies: 22
Views: 4640

Re: Block p2p from IP cameras - RB4011iGS+RM

He provided only example rules, it would require you to modify them to suit your situation.

You'd likely need to post your full config and provide extra information so someone can craft the rules specifically for you.

Use /export hide-sensitive to provide your config.
by joegoldman
Tue Oct 19, 2021 10:31 am
Forum: Beginner Basics
Topic: Help for a beginner
Replies: 5
Views: 881

Re: Help for a beginner

ALL the interfaces? Including physical ethernet ones? If so - if it is a device with console access, you'd have to go through that. Failing that, capture netinstall/routerboot menu usually through ether1 (again this depends on model) which may let you pull the config but without console access to re...
by joegoldman
Mon Oct 18, 2021 2:42 pm
Forum: Forwarding Protocols
Topic: BGP Filters - howto?
Replies: 2
Views: 3040

Re: BGP Filters - howto?

This Wiki will tell you how the filters work.

BGP routes do not carry 'hops', but using bgp-as-path-length you can calculate the how many AS's in the routes path and filter based on that.
by joegoldman
Sun Oct 17, 2021 1:06 am
Forum: RouterOS beta
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 3816

Re: Is MT the worse monitoring router?

Do you mean Netflow by always exporting file and looking what happend in the past? Am I asking to much to allow Tools/Graphs for IP adress? Why mikrotik never thought about it????? Why only ethers are allowed to see the graphs?? I dont know how they think.... Because you are now asking them to buil...
by joegoldman
Sat Oct 16, 2021 1:07 pm
Forum: General
Topic: Make ssh/web reachable from VPN network [SOLVED]
Replies: 8
Views: 1795

Re: Make ssh/web reachable from VPN network [SOLVED]

Mikrotik management services listen on all addresses by default.

What will be stopping access is either IP ACL on the service or username itself
OR
Firewall rules blocking access to anything but specific IP's

Post /export hide-sensitive so we can help determine what the issue is.
by joegoldman
Sat Oct 16, 2021 1:04 pm
Forum: RouterOS beta
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 3816

Re: Is MT the worse monitoring router?

You can definitely do this on torch for real time, use the interface that the LAN gateway IP resides (usually bridge or master port), and untick everything except dst address (or src address depending on flow of traffic) and you can see the cumulative data used by each IP in instant real time. You w...
by joegoldman
Thu Oct 14, 2021 4:54 am
Forum: General
Topic: Bonding | Management Radios
Replies: 1
Views: 553

Re: Bonding | Management Radios

Place either the transit or management on a separate vlan so their packets aren't captured in the bonding interface, but rather processed on the separate sub-if.
by joegoldman
Tue Oct 05, 2021 6:51 am
Forum: General
Topic: winbox can't work correctly if "users" folder moved from disk C:
Replies: 16
Views: 3263

Re: winbox can't work correctly if "users" folder moved from disk C:

I have wanted for a long time to be able to move winbox working dir - I'd like to figure out a way to sync my managed lists database between devices without scripts or copying (using something like Dropbox or Nextcloud. THe session folder is just the .viw files so unfortunately is of little help.
by joegoldman
Tue Oct 05, 2021 12:44 am
Forum: Scripting
Topic: Copy Dynamic ip pptp-out1 to nat address
Replies: 4
Views: 2237

Re: Copy Dynamic ip pptp-out1 to nat address

You can use ppp profiles to create on-up and on-down scripts. on-up script has a variable passed in for Local Address (Address assigned to the interface) as '$local-address' So it'd be something similar to this (untested): /ip firewall nat set [ find comment="PPTP UPDATE" ] to-address=$loc...
by joegoldman
Sun Oct 03, 2021 2:07 pm
Forum: RouterOS beta
Topic: Periodic crashes in 7.1rc4
Replies: 31
Views: 13754

Re: Periodic crashes in 7.1rc4

Bildschirmfoto_2021-10-03_11-59-20.png So that looks fine at least, right? The config is fine - its obviously being set by ntp - but the curious point the other poster was making is that the boot time is always the same to ~2 days ago, all your 'reboot without proper shutdown messages' default back...
by joegoldman
Thu Sep 30, 2021 12:53 am
Forum: Scripting
Topic: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]
Replies: 9
Views: 6119

Re: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]

What I need is that in On down the secret of the user is disabled for 20 seconds. Something like: /ppp secret disable ; Timeout 20s ; / ppp secret enable . But I don't know how to do it so that it applies only to the user who logged out. I gave you that script (just without testing) in my post abov...
by joegoldman
Wed Sep 29, 2021 1:34 am
Forum: Virtualization
Topic: CHR in AWS - Horribly slow
Replies: 2
Views: 4893

Re: CHR in AWS - Horribly slow

Have you applied a license? I believe CHR will only route 1mbps or something very low without an applicable license added.
by joegoldman
Mon Sep 27, 2021 1:42 am
Forum: Scripting
Topic: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]
Replies: 9
Views: 6119

Re: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]

The problem is that many ont's restart up to 10 times in 1 minute filling the mikrotik with pppoe requests, I would like to make the secret of the user when detected in DOWN state is disabled for 10 to 20 seconds until it is valid again. I mean a script on the pppoe server. But I do not know how to...
by joegoldman
Mon Sep 27, 2021 1:04 am
Forum: Scripting
Topic: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]
Replies: 9
Views: 6119

Re: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]

If you are trying to avoid one username logging in multiple times (-1,-2 interfaces) then you can use 'One Session Per Host' option in PPPoE Server, so if there is an active user with that username logged in already (or still timing out) then they will be refused login. Alternatively on the ppp prof...
by joegoldman
Sun Sep 26, 2021 2:54 am
Forum: General
Topic: Anonymous user tried to log in
Replies: 7
Views: 1407

Re: Anonymous user tried to log in

It looks as though it is a hotspot login for anonymous user / guest user when guest/trial accounts aren't enabled. If its still in your buffer, open it in webfig or winbox and get the other topics listed on the log to know where its coming from, but generally a services login says failed to login vi...
by joegoldman
Tue Sep 21, 2021 11:37 am
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 1904

Re: Problem with delivery / looking for alternative [SOLVED]

cAP uses 4W max, meaning max 4 x 21 per switch. That is about 84W + losses, which I factor in as 20% max on a good wire, so ~ 100W. Yes, the older 2.4ghz only cAP only uses 4W, if that is the model you are implementing then 100% your calculations are correct - mine above are with accounting for 13W...
by joegoldman
Tue Sep 21, 2021 5:45 am
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 1904

Re: Problem with delivery / looking for alternative [SOLVED]

I use ubiquiti EdgeSwitch as a decently priced alternative - however 20+ cAP's on a single switch has a max power draw of over 500W (not including the power the switch needs), you can obviously account for much less continuous but if you are playing safe you'd have to go up to 48 port 750W versions ...
by joegoldman
Mon Sep 20, 2021 2:55 am
Forum: General
Topic: Bind Webfig and ssh to a vlan
Replies: 11
Views: 2106

Re: Bind Webfig and ssh to a vlan

The services bind to 0.0.0.0 - meaning any IP address locally on the device (sans IP's in different VRF - which is annoying but totally separate issue) Your problem here appears to be two-fold - in the current export you've provided, you only have 2 IP addresses: /ip address add address=192.168.2.99...
by joegoldman
Sun Sep 19, 2021 11:11 am
Forum: Forwarding Protocols
Topic: Multi-Homed BGP over two Edge Routers
Replies: 4
Views: 4071

Re: Multi-Homed BGP over two Edge Routers

You can never truly control how traffic gets to you, if you provide multiple paths - but the more successful way is definitely via more specific prefixes. You say you have a /21 - so advertise 2x /22's via ISP A and just the /21 via ISP B - a more specific route in pretty much any route table takes ...
by joegoldman
Tue Sep 14, 2021 2:22 am
Forum: Forwarding Protocols
Topic: OSPF Out Filter
Replies: 6
Views: 4788

Re: OSPF Out Filter

is that on backbone area?
As far as i know filters doesn't work on that area
Yes it all runs on a single area.

Why wouldn't filters work on backbone thats weird - i use ospf-in extensibly to re-write the pref-source without issue - do you have source on this? I can't find it in the wiki.
by joegoldman
Tue Sep 14, 2021 1:49 am
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 161537

Re: v7.1rc3 adds Docker (TM) compatible container support

Is https://hub.docker.com/r/frrouting/frr supported? Because it supports protocols that RouterOS doesn't? As someone else alluded to - it runs contained so it won't affect the RouterOS routing table directly, but you could use a diff protocol to talk between your router and container, then the cont...
by joegoldman
Tue Sep 14, 2021 1:44 am
Forum: General
Topic: Who has the biggest uptime ?
Replies: 22
Views: 4856

Re: Who has the biggest uptime ?

I printed it years ago before switching off the server due to office reorganization. It was standard small factor form desktop, not a "server beast", sitting under the desk on a box of drawers. This piece of memories is still on my pin board. If we going server / non mik uptimes - my bigg...
by joegoldman
Tue Sep 14, 2021 12:18 am
Forum: Forwarding Protocols
Topic: OSPF Out Filter
Replies: 6
Views: 4788

OSPF Out Filter

Hi forum, I have a router that gets a connected route via ppp which is pretty standard. The issue is its redistributing that route (as connected route so lower cost) to other peers - its just a router ID so it does not affect customer traffic but causes weird issues and traceroutes when we monitor b...
by joegoldman
Thu Sep 09, 2021 9:23 am
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 161537

Re: v7.1rc3 adds Docker (TM) compatible container support

HAHA omg the first docker im going to use is likely to be.... ....unifi controller! This is actually super handy. Clients can have unifi controller in the router - maybe small pbx if required Bottom of tower can have local nagios,cacti or other monitoring tools Self hosted dynamic hotspot login webs...
by joegoldman
Thu Sep 09, 2021 2:55 am
Forum: General
Topic: Something must be really wrong on my configuration. Needs real help here! [SOLVED]
Replies: 23
Views: 3215

Re: Something must be really wrong on my configuration. Needs real help here! [SOLVED]

The bridge is not needed. Each port has it's own network... if you may, amigo. how do I get rid of hEX ports 3-5 from slavery? is there a special script to convert them to nothing or something away and send them to their freedom? this is 2021 for heavens! If they are not part of a bridge port - the...
by joegoldman
Wed Sep 08, 2021 3:43 am
Forum: General
Topic: Can Someone Explain this!!!!
Replies: 20
Views: 2189

Re: Can Someone Explain this!!!!

What does your NMS say? You should be able to look at your netflow stats to determine what the excess traffic is, or just torch the interface see whats happening that is not being forwarded to ether4. Likely dropped/queued packets or traffic to unused IP's in a subnet you are using but not actively ...
by joegoldman
Tue Sep 07, 2021 3:05 pm
Forum: Wireless Networking
Topic: Migration of RADIUS, need 2 RADIUS for some time
Replies: 3
Views: 1319

Re: Migration of RADIUS, need 2 RADIUS for some time

Hmmm... no answer? Impossible? You can have multiple servers - but if both are required for 'wireless' i'm not sure you can specify which wireless network uses which server. My solution - if NPS supports it (have only used it a little bit) if all rules / policies fail/dont apply on the new server ,...
by joegoldman
Tue Sep 07, 2021 5:48 am
Forum: Forwarding Protocols
Topic: OSPF Effective Load Balancing
Replies: 3
Views: 3302

Re: OSPF Effective Load Balancing

When you have a larger link and a smaller one, just make point-to-point VLAN on the larger link, put IP, advertise the network in OSPF and it will do ex 75 / 25 Thanks for the tip - seems hacky and annoying (and will waste IPv4 since i still use that on my ptp links, but might change this to privat...
by joegoldman
Mon Sep 06, 2021 2:00 am
Forum: Forwarding Protocols
Topic: OSPF Effective Load Balancing
Replies: 3
Views: 3302

Re: OSPF Effective Load Balancing

I answered this for myself with a solution that I didn't think would work based on an article i read. Basically matching the cost at the originating router will automatically trigger ECMP (50/50 split), my understanding was it also took into account router hops for ECMP but it doesn't, just cost - s...
by joegoldman
Tue Aug 31, 2021 7:37 am
Forum: General
Topic: Who has the biggest uptime ?
Replies: 22
Views: 4856

Re: Who has the biggest uptime ?

Current highest in my network is 465 days. Its in a site we are not allowed to get easy access to - but it is firewalled out the wazoo (running 6.45.5) - most of my others have been rebooted either due to upgrades or power issues I think the next highest is about 100d.
by joegoldman
Tue Aug 31, 2021 7:29 am
Forum: General
Topic: L2 Connection controll
Replies: 4
Views: 812

Re: Mikrotik

No, you can't control what IP it has if its not listening for DHCP, so you could try broadcasting DHCP and see if it picks one up?

You can add an IP in common subnets and do an IP scan to see if it shows (ICMP or ARP)

You can google the device and see if its noted down anywhere its default details.
by joegoldman
Tue Aug 31, 2021 7:27 am
Forum: General
Topic: Trouble Passing static IP's from ISP through RB1100 to 3rd party router
Replies: 5
Views: 927

Re: Trouble Passing static IP's from ISP through RB1100 to 3rd party router

There are many options - depending on how you want to use your resources. You can setup a LAN, using gw address in the block and hand the rest out having all the 3rd party routers in that LAN You can use a system like PPPoE and hand them out on the ppp interface You can use private IP addresses to '...
by joegoldman
Tue Aug 31, 2021 2:15 am
Forum: Forwarding Protocols
Topic: OSPF Effective Load Balancing
Replies: 3
Views: 3302

OSPF Effective Load Balancing

Hi Forum Say I have a triangle of sites - internet comes in to Site A and distributes it to Site B and Site C Site C and Site B also have a link between them in case a primary link goes down. Site B is significantly larger than Site C - so we are using a lot of bandwidth on Site A <-> Site B - I'd l...
by joegoldman
Thu Aug 26, 2021 2:11 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35347

Re: WinBox v3.29 released!

I keep hoping that one day MikroTik will put all winbox functionality in webfig so that we can maintain our routers without having to install winbox. A separate service program (available for Windows and also native for Linux and MacOS) would serve as a relay for MAC access and Netinstall functions...
by joegoldman
Thu Aug 26, 2021 2:07 am
Forum: General
Topic: Switch high CPU VLAN
Replies: 17
Views: 2725

Re: Switch high CPU VLAN

Thank you, yes the CSR is kind of already coming to its knees with just 200mb of traffic. I would have actually used port isolation if it was port, but this being VLAN i cannot use that. I want to test the VLAN under bridge, is there any example related to what I want, I tried looking but nothing s...
by joegoldman
Thu Aug 26, 2021 12:23 am
Forum: RouterOS beta
Topic: v7.1rc1 reasonable for production for my usecase?
Replies: 15
Views: 3116

Re: v7.1rc1 reasonable for production for my usecase?

Only worth moving to v7 if there's a feature you absolutely NEED for some reason - even then its a silly idea. I'll be on 6.x LT releases for probably quite a while (like 7.10 stable) - as also with the fundamental changes in a lot of the logic and objects, it'll be a 'whole network migration' plan ...
by joegoldman
Thu Aug 26, 2021 12:21 am
Forum: General
Topic: Switch high CPU VLAN
Replies: 17
Views: 2725

Re: Switch high CPU VLAN

You are essentially creating a CPU bridge and plopping the 3 physicals and the 3 VLANs into one 'broadcast' bridge together - this requires CPU access and is more a router functionality (of which the CRS series has very basic routing power) You want to only add the physical interfaces to a single br...
by joegoldman
Tue Aug 24, 2021 12:51 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35347

Re: WinBox v3.29 released!

This is a great update! Being able to re-organise columns and the new column selector is a godsend! Along with the windows option for those busy busy troubleshooting sessions. I have asked this before, and had it previously working - but is it possible in the main winbox view to have 'show categorie...
by joegoldman
Tue Aug 24, 2021 12:47 pm
Forum: Beginner Basics
Topic: Username reset
Replies: 1
Views: 677

Re: Username reset

If its a default config device - then you'd log in with admin and <blank> password (i.e. nothing) If its an already setup device, you would need a username/password that works to login and change the password of another user (or your own). If neither of those options are available to you, then you w...
by joegoldman
Fri Aug 20, 2021 3:06 am
Forum: General
Topic: How to deliver Public IP to a client? [SOLVED]
Replies: 8
Views: 1849

Re: How to deliver Public IP to a client? [SOLVED]

I ment why does OP want to deliver not using the /29 Ah ok. Because it would be wasteful. /29 has 8 addresses 1x Network 1x Broadcast 1x Gateway = 5 Usable addresses He would then need to bridge all customers to use same gateway assuming they'll all connect to same router - or extend L2 to other si...
by joegoldman
Fri Aug 20, 2021 2:53 am
Forum: General
Topic: How to deliver Public IP to a client? [SOLVED]
Replies: 8
Views: 1849

Re: How to deliver Public IP to a client? [SOLVED]

Why? Depending on the situation and config - it is possible that one of the routers will respond with the private addressing and if you are outside of that network, you won't receive that reply as its not 'routeable' to you - its small, and just shows a blank spot within the traceroute (traceroute ...
by joegoldman
Thu Aug 19, 2021 5:39 am
Forum: General
Topic: How to deliver Public IP to a client? [SOLVED]
Replies: 8
Views: 1849

Re: How to deliver Public IP to a client? [SOLVED]

You can split the /29 into /30's - but you'll only be able to serve 2 customers that way with network and broadcast addresses. You can kind of use /31's very hackabout - but again still only 4 customers. You can use a point-to-point protocol like PPPoE to establish it You can use private addressing ...
by joegoldman
Wed Aug 18, 2021 3:34 am
Forum: General
Topic: if 5 times try to connect ssh, src address deny !
Replies: 2
Views: 608

Re: if 5 times try to connect ssh, src address deny !

Yes possible, using 'dst-limit' on the 'new' connection state in ip firewall filter or an old, long way is to create staged address-lists with short timeoutes. Management stuff - as rextended suggested, is much better over VPN with maybe some kind of port-knock system to get in - in those rare insta...
by joegoldman
Wed Aug 18, 2021 2:26 am
Forum: General
Topic: What is MikroTik working on?
Replies: 3
Views: 835

Re: What is MikroTik working on?

Work on 6.x has stagnated, and work on 7.x is a BIG job. It'd be hard having your development resources split between 2 large projects. Alongside that - real world issues like you linked along with chip shortages and pandemic in general causes the whole world to slow down realistically. 6.X is mostl...
by joegoldman
Fri Aug 13, 2021 1:03 am
Forum: General
Topic: Issues upgrading ROS v5.26 on x86 pc
Replies: 4
Views: 906

Re: Issues upgrading ROS v5.26 on x86 pc

Given its age - i think your better option is to backup the configurations and rebuild it fresh - Given the age I'd say there's a few steppings you'd likely need to take as latest might not support full conversion from something so old. If you understand the config enough then I would take the expor...
by joegoldman
Sat Aug 07, 2021 9:23 am
Forum: Forwarding Protocols
Topic: BGP is not sending default routed
Replies: 4
Views: 2902

Re: BGP is not sending default routed

What does the Andy-out filter look like, do you have an allow rule for the default route or a deny rule that'd count it out?
by joegoldman
Fri Aug 06, 2021 5:04 am
Forum: RouterBOARD hardware
Topic: Tiny RouterOS capable device
Replies: 5
Views: 1910

Re: Tiny RouterOS capable device

more along the line of the dimensions 90x60x20mm. At that size - no. Not without looking at the bare boards and finding/making your own enclosure. That said - if hAP Mini serves your purpose - just turn the wifi off. The standard hEX case is used by many models and is their default 'compact' case a...
by joegoldman
Thu Jul 22, 2021 5:01 am
Forum: Forwarding Protocols
Topic: Can only ping 1 direction, but it gets weirder...
Replies: 1
Views: 3199

Re: Can only ping 1 direction, but it gets weirder...

What does your ip route show for that particular route ? Does it specificy a bad src-address? Torch the interface without a src-address and see what src/dst its trying to use.
by joegoldman
Fri Jul 16, 2021 1:27 am
Forum: Scripting
Topic: Create an .exe for restarting the mikrotik
Replies: 14
Views: 2643

Re: Create an .exe for restarting the mikrotik

In any case, the comment was made in response to the claim up-thread that "the EXE will have to contain the username and password". The SSH executable doesn't contain user names or passwords, and as we've seen, there are ways to protect its external key. The ultimate idea behind the comme...
by joegoldman
Wed Jul 14, 2021 4:09 am
Forum: Forwarding Protocols
Topic: BGP ECMP (multipathing)
Replies: 58
Views: 40119

Re: BGP ECMP (multipathing)

Thanks. Not very hopeful on it being any time soon since v7 has been in the works for years now :'( Mikrotik spent years putting the groundwork in place, building the framework for the new routing engine to ensure it would scale and be easy to maintain. They also hired a bunch more developers. You ...
by joegoldman
Mon Jul 12, 2021 7:06 am
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 2896

Re: Block internet from all but one user

Thank you. I'll try that. I'm still curious why my way did not work. Is that address reserved for them? Did it pull a new address from DHCP before midnight? What does the rest of the rule say? Might be some other matcher. Use /export (or /ip firewall filter export) to get the exact config of the ru...
by joegoldman
Tue Jul 06, 2021 6:44 am
Forum: Scripting
Topic: How to determine if a setting is available
Replies: 3
Views: 1416

Re: How to determine if a setting is available

Depending on the devices you need to support, you could always base it on /system routerboard model - from which you can pre-program on what to do for that model. This could be a bit more tedious if you are supporting a LARGE amount if different models but if its between 2 or 3 then its not bad.
by joegoldman
Fri Jul 02, 2021 3:02 am
Forum: RouterBOARD hardware
Topic: Holes at the low end of the CRS product line
Replies: 10
Views: 2941

Re: Holes at the low end of the CSR product line

There's unlimited number of port configurations. You'll almost always never get the exact port config you need - but why would you ? what about growth? What if your 2 camera system turns into 4? Or VoIP phones wanting PoE? You have a minimum requirement - and you should look at a future minimum requ...
by joegoldman
Wed Jun 30, 2021 11:16 am
Forum: Beginner Basics
Topic: How do I find the IP address of my WAP? [SOLVED]
Replies: 6
Views: 1549

Re: How do I find the IP address of my WAP? [SOLVED]

My goal with the wide netmask is to be able to identify devices by IP address quickly. I want to assign my WAPs and my gateway router: 10.0.1.1, 10.0.2.1, 10.0.3.1, etc. In conjunction with this, I would like to assign IP addresses via DHCP depending on the WAP that the host attached to. So if it a...
by joegoldman
Sat Jun 26, 2021 1:57 am
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 43
Views: 11607

Re: Feature Request: SAFE MODE time based

If you lose connection, how do you expect safe mode to remain activated? We are asking for a way to 'resume' safe mode by reconnecting after loss of connection. A more simple example: Say you are helping configure a remote CPE with new username and password in PPPoE, you are connecting via the WAN....
by joegoldman
Tue Jun 22, 2021 1:45 pm
Forum: Beginner Basics
Topic: Three same-distance routes
Replies: 5
Views: 1886

Re: Three same-distance routes

How are these last packets routed once delivered to these equal-distance default route ? Whichever route is currently Active - and likely it is the first to be installed assuming all same distance, scope etc. There is a way to do ECMP by having the gateways in the SAME route if that is what you are...
by joegoldman
Tue Jun 22, 2021 1:38 pm
Forum: General
Topic: PPPOE performance degradation
Replies: 1
Views: 684

Re: PPPOE performance degradation

My main guess would be - is traffic building up overtime causing congestion on the link? MIkrotiks can run a vast array of services if not secured correctly will end up being used for amplify attacks and other things. A copy of your config may help us - but I'd be checking throughput on the ppp inte...
by joegoldman
Mon Jun 21, 2021 6:15 am
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 54
Views: 34777

Re: Newsletter June 2021 (#100)

Home app - goes thorugh nothing to do with WAN setup. What if its PPPoE? Does this just purely rely on a DHCP WAN? For any kind of funky setups, surely you need the normal MikroTik app, where a lot more options are available. This is for home users with no configuration needs. PPPoE is still widely...
by joegoldman
Fri Jun 18, 2021 3:27 am
Forum: General
Topic: Multiple pppoe with same name and simple queues problem [SOLVED]
Replies: 10
Views: 1821

Re: Multiple pppoe with same name and simple queues problem [SOLVED]

You can use ppp interface instead where it uses interface name - you can cross reference session by caller ID from ppp active via ppp interface to get interface name then reference that to simple queues.

Best way to do it depends on what you are trying to achieve.
by joegoldman
Thu Jun 17, 2021 1:48 am
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 54
Views: 34777

Re: Newsletter June 2021 (#100)

Home app - goes thorugh nothing to do with WAN setup.

What if its PPPoE? Does this just purely rely on a DHCP WAN?
by joegoldman
Thu Jun 10, 2021 12:06 pm
Forum: Beginner Basics
Topic: Unstable connection BGP L2TP IPSec
Replies: 2
Views: 999

Re: Unstable connection BGP L2TP IPSec

I assume you are using L2TP because you are traversing many networks and want to create a single-hop tunnel? If so - the performance issues could very well be any network from source to endpoint of the L2TP tunnel - and may not reflect a configuration issue at all. Is the poor performance also shown...
by joegoldman
Thu Jun 10, 2021 4:10 am
Forum: General
Topic: Multiple RADIUS servers
Replies: 8
Views: 3659

Re: Multiple RADIUS servers

It probably needs some testing - it isn't clear if that setting adds a realm / user domain if none is present in the username, and/or will direct requests for a realm / user domain to a particular server. It adds it as an extra domain attribute for Windows servers that require domain validation (fr...
by joegoldman
Mon May 31, 2021 2:50 pm
Forum: General
Topic: Freedarius to g suite using mikrotik does it possible?
Replies: 5
Views: 2057

Re: Freedarius to g suite using mikrotik does it possible?

Mikrotik supports RADIUS. FreeRADIUS talking to G Suite is not in Mikrotik's purview - if there is a problem, and you know that FreeRADIUS to G Suite is working, you need to debug why Mikrotik to FreeRADIUS is not - you can set Mikrotik logs down to debug level for Radius and see the raw radius pack...
by joegoldman
Fri May 28, 2021 2:04 am
Forum: Beginner Basics
Topic: L2TP server to use same pool as LAN
Replies: 5
Views: 1966

Re: L2TP server to use same pool as LAN

What people tend to forget - VPN interfaces are L3 interfaces not L2 - dialing in is not the same as plugging into the local network, the L2 protocols are largely lost. Things like proxy-arp help, so the router is doing the work for you, but beyond using tech like vpls or eoip, you have to consider ...
by joegoldman
Sat May 22, 2021 3:52 am
Forum: Beginner Basics
Topic: Difference between Simple Queue and Queue tree [SOLVED]
Replies: 2
Views: 4943

Re: Difference between Simple Queue and Queue tree [SOLVED]

Hi this is your personal google service: https://wiki.mikrotik.com/wiki/Manual:Queue There are two different ways how to configure queues in RouterOS: /queue simple menu - designed to ease configuration of simple, everyday queuing tasks (such as single client upload/download limitation, p2p traffic ...
by joegoldman
Sat May 22, 2021 1:51 am
Forum: General
Topic: Winbox for linux
Replies: 17
Views: 64877

Re: Winbox for linux

Looking at the repo its just running winbox.exe in wine anyways - just seems another step in the process (or you might find it easier for you). Winbox runs pretty much perfect in WINE - there's little to no reason to port it to a cross-compatible library for *nix. There's also WebFig if you struggle...
by joegoldman
Mon May 17, 2021 3:10 pm
Forum: General
Topic: ISP says that I can't connect my ONT device [SOLVED]
Replies: 2
Views: 1503

Re: ISP says that I can't connect my ONT device [SOLVED]

If the ISP says no, then no. Sure there may be technical compatibilities - but more goes into it then that. Their provisioning and other network tools may be based around using their own GPON device (GPON on NBNCo in Australia, the national network, requires their ONU for provisioning and then hande...
by joegoldman
Mon May 17, 2021 3:33 am
Forum: General
Topic: Owncloud port 80
Replies: 6
Views: 1459

Re: Owncloud port 80

https://prnt.sc/12vfby3 https://prnt.sc/12vfcdd https://prnt.sc/12vfd0w https://prnt.sc/12vfdb3 When i make for example port 800 i can ofcors enter webpages normal but my host is like xxxxx.ddns.net:800/owncloud Read my post above - this is a web server configuration error. You say yourself the sit...
by joegoldman
Wed May 12, 2021 5:36 am
Forum: General
Topic: external Radius server and mikrotik ???
Replies: 11
Views: 4539

Re: external Radius server and mikrotik ???

@joegoldman are you using foxpass? No I am using Radiator on a cloud hosted Dedicated Server in a different country from most of my routers. You can run debug radius log to get the packets being sent and any received to really drill down into the problem (And do the same level on the cloud end) thi...
by joegoldman
Tue May 11, 2021 11:11 am
Forum: General
Topic: external Radius server and mikrotik ???
Replies: 11
Views: 4539

Re: external Radius server and mikrotik ???

What are you trying to use the radius client for? Hotspot, PPP, Local Auth etc? Provide an /export (or at least /radius export and config of the service you want using it) so we can help. Personally I connect all our mikrotiks to a 'cloud hosted' Radius server in a different country for ppp auth wit...
by joegoldman
Fri May 07, 2021 10:41 am
Forum: General
Topic: Owncloud port 80
Replies: 6
Views: 1459

Re: Owncloud port 80

I wanna finish with "myddnsname.somethink" now its work on myddnsname.somethink/owncloud This is to do with your Raspberry Pi / OwnCloud installation. It is not recognizing the URL as a host-header to point to /var/www/owncloud (or wherever its located on your Pi), but likely being caught...
by joegoldman
Sun May 02, 2021 2:15 pm
Forum: General
Topic: Assign static IP's from ARP not DHCP Leases to stop MAC Clonning
Replies: 7
Views: 2535

Re: Assign static IP's from ARP not DHCP Leases

Another option is port security depending on what switching you are using - where you restrict MAC down to the physical port on the switch, so they'd need to spoof and repatch/move desks.
by joegoldman
Sun May 02, 2021 2:06 pm
Forum: Scripting
Topic: Change bytes to mb or gb in simple queue for telegram bots
Replies: 5
Views: 2749

Re: Change bytes to mb or gb in simple queue for telegram bots

You can use simple arithmetic operators on returned values i.e. bytes -> kilobytes is divide bytes by 1024 (( [bytes] / 1024) for instance), where 5120 bytes becomes 5kilobytes, continue up the chain by dividing 1024 t o get to desired value bytes / 1024 = kilobytes kb / 1024 = megabytes mb / 1024 =...
by joegoldman
Fri Apr 30, 2021 2:31 am
Forum: General
Topic: VPN OPTIONS @ HELP with MUDI
Replies: 3
Views: 779

Re: VPN OPTIONS @ HELP with MUDI

Mikrotik supports OVPN server - but only supports certain parts of the spec, so you'll need to read through both documentations to get configuration right.
by joegoldman
Fri Apr 30, 2021 2:24 am
Forum: RouterOS beta
Topic: VRRP connection tracking and preemption mode
Replies: 12
Views: 7708

Re: VRRP connection tracking and preemption mode

the master does not have connections synced from the backup router yet! Great post and explanation! THis is the #1 reason I had in my head why it would be that way but great to get confirmation. To address OP's situation -w hich I assume is NAT Even though the connections are synced to the 2nd rout...
by joegoldman
Thu Apr 29, 2021 4:15 am
Forum: RouterOS beta
Topic: VRRP connection tracking and preemption mode
Replies: 12
Views: 7708

Re: VRRP connection tracking and preemption mode

as some of the users in the home where this is being used complain about their internet suddenly going out, which tracking might help a little with.
No - tracking won't really help a notice-able amount. I'd fore-go it and use preemptive mode.
by joegoldman
Thu Apr 29, 2021 1:44 am
Forum: RouterOS beta
Topic: VRRP connection tracking and preemption mode
Replies: 12
Views: 7708

Re: VRRP connection tracking and preemption mode

Mikrotik explicitly state that pre-emption mode must be off for connection sync as it currently stands - unknown if this is a temporary limitation or not. But - it looks like you should still be able to use priorities etc to force master back to being master (which I thought was VRRP default anyways...
by joegoldman
Wed Apr 21, 2021 5:59 am
Forum: General
Topic: Downloading from ONE interface
Replies: 4
Views: 947

Re: Downloading from ONE interface

IDM is still just a downloader - it may just chunk it out and try get multiple streams going - which can help depending on features of your firewall or ISP in what they might do for rate limiting (PCQ etc) A lot of variables at play here, and you'd need to isolate down to which device/port/portion i...
by joegoldman
Wed Apr 21, 2021 5:55 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 3136

Re: VRRP trigger from lost internet connection

If you have Static IP hand-off, you could try pinging your gateway as netwatch, which shouldn't be pingable if internet was to swap to other router The problem with this is, the gateway would always be powered up and pingable even when the internet is down (hurricane knocks out outdoor fiber lines)...
by joegoldman
Wed Apr 21, 2021 3:16 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 3136

Re: VRRP trigger from lost internet connection

You'd have to put some checks and balances in there. This is why I said it is setup specific. If you have PPPoE - you could try using on/off scripts in the ppp profile section so a script is run as PPPoE Client goes online and offline. If you have Static IP hand-off, you could try pinging your gatew...
by joegoldman
Wed Apr 21, 2021 3:12 am
Forum: General
Topic: cacti monitoring interface bandwidth
Replies: 1
Views: 2449

Re: cacti monitoring interface bandwidth

While the Mikrotik template comes with an interface graph - you can use the cacti inbuilt NET-SNMP templates for interface counters too which do include Megabits per second (in 64bit as well). All my interfaces are using the default cacti SNMP graphs - and I use the Mikrotik template to get stats fo...
by joegoldman
Mon Apr 19, 2021 3:56 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 3136

Re: VRRP trigger from lost internet connection

Depending on how your internet works - probably a Netwatch script that then modifies VRRP priorities to force the other one to take over Master
by joegoldman
Fri Apr 16, 2021 2:40 am
Forum: General
Topic: Cloutik feedback ?
Replies: 20
Views: 5691

Re: Cloutik feedback ?

Out of curiousity, how are the "real pro" handling this when you have hundreds of devices to maintain ? All by custom, self developed scripting ? I have self-developed scripts to help with management - but I wouldn't be closed to an application like Cloutik that you linked - but my requir...
by joegoldman
Wed Apr 14, 2021 1:45 am
Forum: General
Topic: Cloutik feedback ?
Replies: 20
Views: 5691

Re: Cloutik feedback ?

You could do the same, by essentially running a VPS and having all your mikrotiks VPN back to it or send info / run scripts. Its putting control (And a lot of information) in someone elses hands If you are having large outages - then its useless Cost is not great - website is poorly made which doesn...
by joegoldman
Wed Apr 14, 2021 1:41 am
Forum: Beginner Basics
Topic: How do I disable (allow all) the firewall completely?
Replies: 1
Views: 5243

Re: How do I disable (allow all) the firewall completely?

You can just disable ALL rules in /ip firewall filter - as a stop gap to disable any and all firewall rules related to blocking access. Disabling all shouldn't be an issue - but RouterOS also has a safe mode (For every management type except API) where by you can make these changes and if you are ki...
by joegoldman
Mon Apr 12, 2021 5:28 am
Forum: Forwarding Protocols
Topic: PBR - issues
Replies: 3
Views: 2526

Re: PBR - issues

Please post full /export (hide any info you feel you need to) so people can review it
by joegoldman
Thu Apr 01, 2021 12:46 am
Forum: Forwarding Protocols
Topic: BGP STATIC ROUTE BUG
Replies: 1
Views: 1721

Re: BGP STATIC ROUTE BUG

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Thu Apr 01, 2021 12:45 am
Forum: General
Topic: Simple queue is detecting traffic but not limiting it
Replies: 2
Views: 857

Re: Simple queue is detecting traffic but not limiting it

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Fri Mar 26, 2021 1:21 am
Forum: General
Topic: How to search a large IP Firewall Address List?
Replies: 8
Views: 3396

Re: How to search a large IP Firewall Address List?

Its not so much a bug as it is just a missing feature. The filter list in winbox gui only allows the order of the command one way - set out by the way the fields are set out i.e. "where address in 1.2.3.4" vs the opposite way that you actually want "where 1.2.3.4 in address" So t...
by joegoldman
Wed Mar 24, 2021 11:44 pm
Forum: RouterOS beta
Topic: OSPF Cost
Replies: 4
Views: 2719

Re: OSPF Cost

You can also set default cost under instance - which will be the cost given to 'Dynamic' interfaces (entries under routing -> ospf -> interfaces created dynamically due to network statements etc) - to set individual cost per interface you'll have to move them to being a static entry.
by joegoldman
Wed Mar 24, 2021 11:43 pm
Forum: Beginner Basics
Topic: Prevent Created Hotspot Users from using trial
Replies: 4
Views: 1090

Re: Prevent Created Hotspot Users from using trial

Ideally you can't - if trial is available then registered users could potentially use the trial period over and over - or you could move to something like MAC based auth/cookies to help avoid it - but then any secondary devices etc may need their own account - or in cases like iphones where they cha...
by joegoldman
Thu Mar 18, 2021 7:39 am
Forum: General
Topic: Down Interface responds to ping?
Replies: 0
Views: 591

Down Interface responds to ping?

Hi Team, I applied an IP address (in a /30) to a downed interface on an RB1100x4 (running long-term 6.47.9) - the route was listed as DC (not active), the whole /24 that this IP happens to be in is routed to this router, but before the cable was plugged in the IP started responding to ping - i.e. th...
by joegoldman
Thu Mar 11, 2021 3:04 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 1466

Re: OSPF force gateway from BGP

Hope this makes sense - and happy to learn of some possible solutions. This might be a solution for you: https://www.computerweekly.com/tip/Scale-your-backbone-with-core-MPLS-BGP-on-the-edge The article is old but the information is still correct. Thats a pretty big network wide change -we have pla...
by joegoldman
Thu Mar 11, 2021 1:35 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 1466

OSPF force gateway from BGP

Hi Forum, Not sure I worded the title right - but looking for a solution to my issue. Consider a WISP network map of various towers linked together (not a 'FULL MESH' but rather random PtP links to create some triangles / loops etc) We run OSPF between all these sites - and it runs quite well - and ...
by joegoldman
Thu Mar 04, 2021 12:07 am
Forum: Beginner Basics
Topic: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management
Replies: 6
Views: 2994

Re: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management

If it needs a separate default route and you can't use NAT or other rules for OOB to 'trick' it - then you'll need to use VRFs Keep in mind that management services DO NOT listen in VRF's - so you'll need to make the 'main' route table your management one, and create a separate vrf for normal/custom...
by joegoldman
Tue Mar 02, 2021 10:57 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 1882

Re: ASK [vpls PW]

pretend is long cable but virtual.
by joegoldman
Tue Mar 02, 2021 7:51 am
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 1992

Re: OSPF priority for dynamic Interfaces

If there is no static entry in OSPF interface configuration, then parameters are taken from "all" entry. So you can adjust priority there to have all dynamic interfaces needed priority,
Would be good if we could make rules based on interface lists ;)
by joegoldman
Tue Mar 02, 2021 7:48 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 1882

Re: ASK [vpls PW]

https://en.wikipedia.org/wiki/Virtual_private_network Pseudowire on there refers more to old technologies (such as ATM) but same principal applies (and is kind of in the name) pseudo - not genuine; spurious or sham So psuedo wire is 'not a real wire' meaning it emulates as if you had a direct connec...
by joegoldman
Tue Mar 02, 2021 2:50 am
Forum: Beginner Basics
Topic: Mikrotik - Enable Split Tunnel on L2TP VPN
Replies: 7
Views: 6726

Re: Mikrotik - Enable Split Tunnel on L2TP VPN

L2TP VPN is a PPP style protocol in which the IP handed out is not a subnet but a /32 technically - so no broadcast and ARP learning exists, and the client machine does not generally enable a route for the remote subnet. If you clear use remote default gateway - you'll need to add routes specificall...
by joegoldman
Tue Mar 02, 2021 2:45 am
Forum: General
Topic: winbox multiple instances/databases
Replies: 5
Views: 822

Re: winbox multiple instances/databases

Someone on here successfully modified winbox in a hex editor to change default port - you could potentially modify the default database path and run one unmodified and one modified Beyond that - keeping your databases separate and import the right one each time you wanna swap between them is the onl...
by joegoldman
Sat Feb 27, 2021 3:14 am
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 2066

Re: Default Route advertisement eBGP failover

Only suggestion (which shouldn't change much) dont specify a prefix length on your default route accept rules - currently it appears to be '0' but try it with nothing specified / that field disabled (can't remember how to do this CLI but can change that on Winbox/Webfig) Other than that it'd require...
by joegoldman
Fri Feb 26, 2021 2:16 am
Forum: General
Topic: Winbox glitch
Replies: 15
Views: 3456

Re: Winbox glitch

Is this on a laptop using a trackpad?

If so - does the problem still happen if you plug in a mouse and try that way?
by joegoldman
Thu Feb 25, 2021 11:10 pm
Forum: General
Topic: Winbox glitch
Replies: 15
Views: 3456

Re: Winbox glitch

Are you using it on windows? Or another OS with WINE? Never had the problem with Windows - but have had 'similar' problems on WINE based installs (such as on my Ubuntu laptop) - nothing as bad as your describing - but generally updating WINE to the latest stable tends to help especially if you haven...
by joegoldman
Thu Feb 25, 2021 11:08 pm
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 1992

Re: OSPF priority for dynamic Interfaces

Depends what you mean by dynamic in OSPF - a dynamic interface can be created within OSPF based on Network addition (including physical interfaces) - is this the dynamic interface you mean? If so you will need to move the physical interfaces to 'static' and add your path cost etc. If you are talking...
by joegoldman
Thu Feb 25, 2021 11:04 pm
Forum: General
Topic: Cannot Use Multiple IPs
Replies: 13
Views: 2895

Re: Cannot Use Multiple IPs

No, it should not... If you try to ping "internet" from your broadcast address it works! Hrmm - can depend on vendor - some simply won't pass traffic to the defined network or broadcast address when actually configured as that subnet. If x.x.x.248/29 was actually routed via an interconnec...
by joegoldman
Thu Feb 25, 2021 10:28 pm
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 2066

Re: Default Route advertisement eBGP failover

You'd need to show your export (of at least /routing (including bgp and filters)) for us to start to understand what and why it should happen - and why it may not be. You may be filtering it out. You may have peer config slightly off. In a general scenario - Tower3 should still install a default rou...
by joegoldman
Mon Feb 22, 2021 10:59 pm
Forum: Beginner Basics
Topic: Rename interface: to what port is it connected to?
Replies: 5
Views: 1407

Re: Rename interface: to what port is it connected to?

You can also use MAC address to determine - lowest will be first port, highest will be last port. But I find it better practice to have a naming scheme - where ether1 is the port - change it to 'ether1-WAN' or 'ether1-ISP' or 'ether1-Haus' - or some combo of the same to keep the interface type and n...
by joegoldman
Mon Feb 22, 2021 6:11 am
Forum: General
Topic: IP > Service > winbox/www - Not Able to Use DNS?
Replies: 3
Views: 727

Re: IP > Service > winbox/www - Not Able to Use DNS?

because people don't come 'from' DNS - i suppose sure you could put DNS record in there and have it resolve forward at a specific time or in intervals - or its possible to have it perhaps lookup PTR on an IP to see if it matches that field - but this is used primarily as a 'firewall' to stop auth fr...
by joegoldman
Mon Feb 22, 2021 1:12 am
Forum: General
Topic: Mikrotik BOX
Replies: 1
Views: 527

Re: Mikrotik BOX

I believe its an internal tool used by the staff - it is a self-hosted 'dropbox' style program where staff can give unique, expirable links etc for quick links to test versions or other files in the course of support tickets etc. I use something similar for my personal stuff using Nextcloud - not su...
by joegoldman
Mon Feb 08, 2021 12:09 am
Forum: Forwarding Protocols
Topic: BGP-Prefix anncouning problem
Replies: 1
Views: 1009

Re: BGP-Prefix anncouning problem

We would need to see an export of your /routing bgp and /routing filters to start to help. Are you using summary routes? BGP Networks tab? Does the /22 exist in your route table? Does the /24 exist in your route table? If the /24 is learned by other BGP, does your instance have redistribute other BG...
by joegoldman
Sun Feb 07, 2021 1:32 am
Forum: Wireless Networking
Topic: Mikrotik LHG60 can be used 70.20 GHz frequency?
Replies: 5
Views: 1561

Re: Mikrotik LHG60 can be used 70.20 GHz frequency

I hope that Mikrotik will unlock more frequencies for LHG60, considering that the frequencies that are at 70 GHz have considerably less attenuation of radio waves in dB/km. And it is possible to achieve a more stable link at greater distances. The better frequencies are also generally reserved for ...
by joegoldman
Wed Jan 27, 2021 10:52 pm
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 2257

Re: BGP Advertise specific route only to a specific peer

As a side note, instance out filter (bgp-out) is not working as it should. Normally it should be the global bgp-out filter, but it is not working at all when peers have different out filters set. I hope it gets fixed or maybe I am doing something wrong. Thanks a lot for the help. From the wiki : Ou...
by joegoldman
Fri Jan 22, 2021 5:59 am
Forum: General
Topic: Problem with IP/address and IP/route pref-source need some help
Replies: 2
Views: 1055

Re: Problem with IP/address and IP/route pref-source need some help

On the connecting device (the other end of the wireless link) can you use mac-telnet or similar to achieve CLI access? the mac-protocols do not require active and correct subnetting to see their neighbors. Alternatively, you could configure yourself on the other end within the same subnet you placed...
by joegoldman
Thu Jan 21, 2021 10:59 pm
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 2173

Re: [Request] Winbox Default Port

The idea was to set in winbox the default port it will try to connect to. This way I could still use the same old method that is typing only IP address in the "Connect To:" field without saving the host in the Managed list (for security reasons) Whats insecure about having it in the manag...
by joegoldman
Wed Jan 20, 2021 6:55 am
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 2173

Re: [Request] Winbox Default Port

Without defining the port it will always use the default - but you can save your devices in the managed list with the port specified - you can save without password and add it in when you want to connect.
by joegoldman
Tue Jan 19, 2021 8:13 am
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 2257

Re: BGP Advertise specific route only to a specific peer

Ok thanks. So for that specific prefix in filters; I will just make chain = peer2-out , prefix= x.x.x.x/24, action = accept ? And chain = peer1-out, prefix = x.x.x.x/24, action = discard ? Essentially yes - but if i remember correctly if there's no rule to 'reject' your other prefixes then they wil...
by joegoldman
Tue Jan 19, 2021 5:39 am
Forum: RouterBOARD hardware
Topic: CSS610-8G-2S+IN - POE Version planned ?
Replies: 2
Views: 1316

Re: CSS610-8G-2S+IN - POE Version planned ?

If you watch this video:

https://www.youtube.com/watch?v=Xh3oQKcMOmg

He indicates that the PCB has blank spots for extra POE components and theorises there's likely a POE version to come (shows the PCB as well)
by joegoldman
Tue Jan 19, 2021 5:37 am
Forum: The User Manager
Topic: Transparent Proxy
Replies: 1
Views: 6010

Re: Transparent Proxy

web proxy can not blacklist domain names for ssl/https transparently - which most modern sites use now no matter what. Non-transparent proxy gets around this by inspecting the CONNECT request sent to proxy-aware clients - but then can only filter based on domain (not subdir/querystring, e.g. 'facebo...
by joegoldman
Tue Jan 19, 2021 5:21 am
Forum: General
Topic: RouterOS .backup to .rsc/text
Replies: 4
Views: 3127

Re: RouterOS .backup to .rsc/text

https://github.com/BigNerd95/RouterOS-Backup-Tools

Might help - other then that I believe support may have internal tools to extract info from backup as long as it isn't encrypted.
by joegoldman
Thu Jan 14, 2021 7:21 am
Forum: General
Topic: Has RouterOS been ripped off?
Replies: 2
Views: 803

Re: Has RouterOS been ripped off?

There is licensing - and branding packages available to routeros users. Depending how much you want to spend - im sure there's no limit to the amount of customisation you can ask for. It is more likely this is branded RouterOS as a commercial customer - and they are using integrated boards in their ...
by joegoldman
Tue Jan 05, 2021 11:02 pm
Forum: Forwarding Protocols
Topic: OSPF Default Route
Replies: 4
Views: 1659

Re: OSPF Default Route

Depending on the setup - VRF's are also another option, where if the (many) subnets are on their own subinterfaces you could potentially have vrf1 using gw1, vrf2 using gw2, and assign the sub interface to the appropriate vrf based on which gateway they need to use. This introduces other issues such...
by joegoldman
Tue Jan 05, 2021 10:58 pm
Forum: General
Topic: ip flow ingress cisco and Mikrotik
Replies: 1
Views: 755

Re: ip flow ingress cisco and Mikrotik

ip flow command is just telling the cisco router what interfaces to watch for netflow/sflow exporting and has no bearing on the connection itself. You'd have to supply config for both the Cisco interface (sh run int <intname>) And the Mikrotik interface (/int gre export) Then we might be able to hel...
by joegoldman
Tue Jan 05, 2021 8:14 am
Forum: Scripting
Topic: Search and select best AP !!!
Replies: 3
Views: 1032

Re: Search and select best AP !!!

What your asking is very vague. What are the client device types? What values do you want to compare, and what weight are each given? (i.e. how do you define the 'best' AP) For values that aren't detectable by an unconnected client, how do you intend to transmit those values to them? There's a lot o...
by joegoldman
Mon Nov 16, 2020 11:20 pm
Forum: General
Topic: Uptime rollover bug/SNMP
Replies: 6
Views: 2787

Re: Uptime rollover bug/SNMP

497 days is a long time to go without security upgrades etc. Perhaps set up a yearly maintenance and upgrade cycle. Or at the least - have SNMP monitoring start warning at day 450, and become critical at day 480. Who knows - maybe uptime is 64bit int in newer version of RouterOS - a lot of new versi...
by joegoldman
Wed Oct 14, 2020 3:59 am
Forum: Beginner Basics
Topic: Accidently, I removed Interface ether1.
Replies: 5
Views: 1497

Re: Accidently, I removed Interface ether1.


Is that even possible Normis? To remove the ethernet interface itself?
One would possibly assume accidentally removed it from the default bridge - which is why the device model is important - might be best to factory reset the device.
by joegoldman
Thu Oct 01, 2020 3:35 am
Forum: RouterBOARD hardware
Topic: NBN router for Australia
Replies: 4
Views: 3331

Re: NBN router for Australia

Hi Lui, RBM33G is an odd choice - and more an integrator part - Mikrotik have much more fully fledged Home/SOHO offerings (see hAP range) NBN in Australia is not a ubiquitous network (no not ubiquiti :P) in that it uses a mix of technologies from Fixed Wireless, to VDSL (FTTN,FTTC), HFC, Satellite a...
by joegoldman
Tue Sep 29, 2020 7:22 am
Forum: General
Topic: Reverse proxy (like nginx) in Mikrotik
Replies: 2
Views: 14586

Re: Reverse proxy (like nginx) in Mikrotik

No. Well maybe with L7 rules but I don't think so. And its not best to put reverse proxy in a router. Its not an all-in-one box, its a router. If you have control over both servers (nginx or apache) set one as the primary, and create a virtualhost for the other and reverse proxy from server 1 to ser...
by joegoldman
Tue Sep 22, 2020 3:33 am
Forum: General
Topic: PPPoE creation and PPPoE scan
Replies: 7
Views: 2786

Re: PPPoE creation and PPPoE scan

you 100% can run multiple PPPoE servers on a single downstream interface - this is precisely why 'Service Name' was invented - so based on which service tag was issued it'd know which PPPoE server it was for. Why you are only seeing one, I don't know - might have something to do with the scan tool o...
by joegoldman
Fri Sep 18, 2020 9:04 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 1382

Re: Scheduler Reboot features not executing [SOLVED]

Which will suck if Cloudflare DNS ever has a outage in their area :P Gotta be careful with watchdog ping - something in your control that you can move around is usually better, for instance I use a VRRP IP on 2 of my core routers so if a remote routers watchdog ping to that goes down either my whole...
by joegoldman
Fri Sep 18, 2020 5:17 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 1382

Re: Scheduler Reboot features not executing [SOLVED]

Those checkboxes are the scripts 'permissions' so to speak, so you've given that script permission to do a reboot, but you still must have a script to do the reboot.
/system reboot
edit: You'll probably also want to set the interval to 1d as well if im not mistaken.
by joegoldman
Mon Sep 14, 2020 10:26 am
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 26379

Re: v6.46.7 [long-term] is released!

Hi Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. Also what is the process for 'upgrading' a routerboard that does not have direct internet access from ...
by joegoldman
Wed Sep 09, 2020 2:09 pm
Forum: General
Topic: Multiple queues for pppoe user
Replies: 5
Views: 1752

Re: Multiple queues for pppoe user

Because you are dynamically creating queue from ppp profile - traffic matches that first and is used so never hits the other queue. I haven't tried this solution before but your better bet is probably to make both queue's 'static' i.e. created and packet mark individually (or packet mark one then ha...
by joegoldman
Tue Sep 01, 2020 3:02 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 26706

Re: WinBox v3.25 released!

Problems with Winbox UI I'd like to see fixed 1) Category Grouping Happening for quite a while, it used to work as expected - the 'Show Categories' grouping only bases and groups based on 'First Character' (on any field), for instance if I have 5 routers with Username 'joe' and 5 routes with usernam...
by joegoldman
Thu Aug 27, 2020 1:12 am
Forum: RouterOS beta
Topic: Y u no can specify an interface in routers like you used to be able to?
Replies: 5
Views: 1486

Re: Y u no can specify an interface in routers like you used to be able to?

More info required. What are you trying to do. What version are you running. What hardware are you running.
by joegoldman
Wed Aug 26, 2020 2:36 am
Forum: General
Topic: Router overhead
Replies: 2
Views: 792

Re: Router overhead

Its not just the router - remember that those speedtests generally show your average speed over the span of the test, so if you took a few seconds to ramp up to 100mbps, then the few seconds at lower speeds are then factored into your average. Along with that you have overhead in whatever protocol t...
by joegoldman
Wed Aug 26, 2020 2:30 am
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 2741

Re: Architecture and growth - how to know when to change

I think you are also expecting too much of sub-set services. The CCR's are not made to be an ISP grade DNS resolver. DNS server is mostly built in to do its own lookups - and recursive for local cache in the stance of home/smb/corporate. When you are talking 100's or 1000's of clients, and waterfall...
by joegoldman
Mon Aug 24, 2020 2:12 am
Forum: General
Topic: 2 BRAS With Same IP pool LIST
Replies: 7
Views: 2557

Re: 2 BRAS With Same IP pool LIST

RADIUS is the only answer if you want to use overlapping pool on both BRAS - which is common if using public IPv4 due to IP availability. You could potentially have scripts running to help manage this but it'd be messy and not fool proof so not great. RADIUS can manage a pool though if you don't wan...
by joegoldman
Fri Aug 14, 2020 7:48 am
Forum: Beginner Basics
Topic: Aggregate 2 CRS 125 24G 1S switches
Replies: 2
Views: 1232

Re: Aggregate 2 CRS 125 24G 1S switches

They do not support stacking. You design this as a L2 network with whats required. Safest way is probably to plug 2nd switch into next port on router place the 2 switch uplinks on the router into a bridge and move any sub-interfaces(vlans) to that bridge interface, so the VLAN's span across the 2 sw...
by joegoldman
Wed Aug 12, 2020 9:41 am
Forum: General
Topic: Nth Load balancing -Slow speed
Replies: 7
Views: 2064

Re: Nth Load balancing -Slow speed

As said above - load balancing per packet or similar systems won't work well on jittery connections - your best bet to use the 6mbit combined is to do it per connection, so a stream always uses only 1 SIM, and yes means that one stream is limited to 3mb, but as more connections happen it will balanc...
by joegoldman
Thu Aug 06, 2020 1:57 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 147439

Re: 2004 hardware issues?

Something like this is better sent to support@mikrotik.com to start a real case - this is a discussion forum not a proper support channel.
by joegoldman
Wed Jul 29, 2020 12:52 am
Forum: Beginner Basics
Topic: Different VLAN SVIs?
Replies: 3
Views: 1904

Re: Different VLAN SVIs?

SVI, from my understanding, is jut a L3 interface for L2 VLAN to attach. Similar concept in RouterOS would be bridges, and assigning ports/vlan interfaces to the bridge, the bridge interface is now the 'SVI'. Depending on your device depends on how you'd do this though. Your better bet would be to s...
by joegoldman
Wed Jun 10, 2020 5:58 am
Forum: General
Topic: ccr1036 shutdown with smart plug - schedule on/off
Replies: 2
Views: 893

Re: ccr1036 shutdown with smart plug - schedule on/off

Will not damage turning off an on too bad. There is a shutdown process in RouterOS that you could use 10 mins before you turn off smart plug, but it sounds like a residential install which a 1036 is SUPER overpowered for, why not replace with a 3011 or ccr1009 that has passive cooling only or someth...
by joegoldman
Thu May 28, 2020 2:51 am
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 103
Views: 89024

Re: Winbox v3.24 released!

It'd be really great if you can fix group sorting I put all my routers into groups, then I sort by group and go 'Show Categories' - this used to work in that it would be unique per group, but for the last few releases it does it by first letter, so if I have a heap of Client1 Client1 Client2 Client2...
by joegoldman
Wed Apr 29, 2020 2:09 pm
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 50
Views: 43396

Re: MikroTik newsletter May 2020 (#95)

Will CCR2X series come out straight with ROSv7 or will it be part of the v6 family first?
by joegoldman
Wed Apr 29, 2020 4:48 am
Forum: Beginner Basics
Topic: pleas help me [SOLVED]
Replies: 5
Views: 7046

Re: pleas help me [SOLVED]

It is always Best practice not to use your real Public IPs as an example... Your ISP gave you a /30 Subnet Block, lets say X.Y.Z.136/30 ... One of there addresses, usually the first one, so the 176.74.123.137 will be used by your ISP. The second one 176.74.123.138 must be used by you and setup on t...
by joegoldman
Mon Apr 06, 2020 2:36 pm
Forum: General
Topic: Fighting spam with a standard firewall
Replies: 10
Views: 3340

Re: Fighting spam with a standard firewall

Can you be more specific on what type of spam you are concerned about?? How to autodetect infected or spammer users what criteria do you want to be blocking them based on? You could monitor connection limits on standard ports and block users if they are connecting too much, but usually spam is dete...
by joegoldman
Mon Apr 06, 2020 2:22 pm
Forum: General
Topic: VRF basics - layer 3 separation
Replies: 2
Views: 1748

Re: VRF basics - layer 3 separation

In outside relation to your actual issue - please be aware that management services in RouterOS are not VRF aware and will not talk back to you via the VRF even if you can connect to it via that.

Your best bet is to leave main as management and create customer VRF's on top.
by joegoldman
Sun Mar 29, 2020 7:26 am
Forum: General
Topic: why
Replies: 4
Views: 2113

Re: why

Using quick set - you are correct changing subnet will delete the existing IP on it that you are likely connected through. You can get around this with mac-winbox (connect via MAC address not IP) that way IP's changing doesn't matter Or do it manually, dualstacking both IP's until you have the new o...