Community discussions

MikroTik App

Search found 428 matches

  • 1
  • 2
by marrold
Thu Jun 22, 2023 6:17 pm
Forum: General
Topic: Creating Zerotier like mesh network without Zerotier
Replies: 4
Views: 574

Creating Zerotier like mesh network without Zerotier

Hi all, I have 5 non-ARM Mikrotik Routers I'd like to create a Zerotier like L3 mesh network with. Each router will have its own subnet and should create a tunnel to all the other routers with some dynamic protocol handling the routing. Ideally I'd like to be able to plug them into any existing netw...
by marrold
Fri May 12, 2023 4:18 am
Forum: General
Topic: Feature request: MQTT Subscribe/Publish
Replies: 23
Views: 9552

Re: Feature request: MQTT Subscribe/Publish

+1 for MQTT subscriptions and running scripts
by marrold
Fri Apr 07, 2023 12:27 am
Forum: General
Topic: Issue sending 0x00 to Serial Port
Replies: 6
Views: 485

Re: Issue sending 0x00 to Serial Port

that command is on LTE interface..... not ppp try some of this, hoping RouterOS send NULL... \A0\01\1B\00\A1 \A0\01\1B\40\A1 \A0\01\15\40\A1 They're all sent through as they were sent, without a NULL. Thanks for the recommendations, but it looks like this is a non-starter unless Mikrotik add a feat...
by marrold
Thu Apr 06, 2023 8:11 pm
Forum: General
Topic: Issue sending 0x00 to Serial Port
Replies: 6
Views: 485

Re: Issue sending 0x00 to Serial Port

0x00 on at-chat is null terminating string... "end of the input"??? ( ^@ ).... Ah, that will explain it then... Thanks for the info Perhaps "wait=no" and splitting at the \00's into multiple at-chat commands, might do something here...only thing to try...but highly doubt it. I d...
by marrold
Thu Apr 06, 2023 6:31 pm
Forum: General
Topic: Issue sending 0x00 to Serial Port
Replies: 6
Views: 485

Issue sending 0x00 to Serial Port

Hi all, I'm experimenting with connecting a USB serial relay to a Mikrotik to allow remotely switch off some hardware. The protocol is crude and requires sending Hex to the serial port: On: \A0\01\01\A2 Off: A0\01\00\A1 To send the hex I'm (ab)using at-chat, like so: /interface/ppp-client> at-chat u...
by marrold
Tue Sep 13, 2022 11:34 pm
Forum: Announcements
Topic: v7.6beta [testing] is released!
Replies: 226
Views: 61563

Re: v7.6beta [testing] is released!

dumped-saved-advertisements is broken in 7.5 and 7.6beta6 as per this thread viewtopic.php?p=956793#p956793
by marrold
Tue Sep 13, 2022 11:32 pm
Forum: Forwarding Protocols
Topic: v7: BGP - dump-saved-advertisements
Replies: 24
Views: 7451

Re: v7: BGP - dump-saved-advertisements

I have the same issue. I upgraded to 7.6beta6 and its still present.

Not great...
by marrold
Mon Mar 07, 2022 10:51 am
Forum: RouterOS beta
Topic: ROSv7 equivalent of /routing/bgp/advertisements print
Replies: 49
Views: 25260

Re: ROSv7 equivalent of /routing/bgp/advertisements print

I could really do with this feature.

How Mikrotik can tout their new and improved BGP service and change the routing filter setup without any way to troubleshoot it seems crazy.
by marrold
Wed Feb 09, 2022 4:37 pm
Forum: General
Topic: Mikrotik L2TP and Protocol Field Compression (PFC)
Replies: 3
Views: 2042

Re: Mikrotik L2TP and Protocol Field Compression (PFC)

For anyone wondering I've had a ticket open with support but no response in almost 2 months. (SUP-69140)
by marrold
Thu Dec 30, 2021 1:08 pm
Forum: General
Topic: IPv6 over PPP / L2TP ?
Replies: 1
Views: 965

IPv6 over PPP / L2TP ?

Hello, I am using a Mikrotik as an LNS in a LAC / LNS setup, the config is very similar to the one documented here but I'd like to offer IPv6 to clients. The documentation here suggests its as simple as creating an IPv6 pool and assigning it to the PPP profile, however the (Debian) client is not get...
by marrold
Tue Dec 21, 2021 11:20 pm
Forum: General
Topic: Mikrotik L2TP and Protocol Field Compression (PFC)
Replies: 3
Views: 2042

Re: Mikrotik L2TP and Protocol Field Compression (PFC)

Is anyone else running an L2TP tunnel with a Cisco router as the client and a Mikrotik as the server?

Thanks
by marrold
Tue Dec 21, 2021 1:47 pm
Forum: RouterOS beta
Topic: Feature Request - NAT64/DNS64 CGN
Replies: 27
Views: 21801

Re: Feature Request - NAT64/DNS64 CGN

I'd also love to see NAT64 support, now RouterOS 7 is out it seems like a good opportunity to add it
by marrold
Wed Dec 15, 2021 4:11 pm
Forum: General
Topic: Mikrotik L2TP and Protocol Field Compression (PFC)
Replies: 3
Views: 2042

Mikrotik L2TP and Protocol Field Compression (PFC)

Hello, I am using a Cisco and Mikrotik router in a LAC/LNS configuration. Despite the L2TP tunnel initialising, traffic over the tunnel fails. With l2tp logging enabled on the Mikrotik, I saw the line "received unsupported protocol 0x2145" Ive gone into more detail on my blog but it seems ...
by marrold
Fri Dec 13, 2019 2:34 pm
Forum: General
Topic: Devices are not reliably responding to ARP requests / Wifi Power Saving
Replies: 11
Views: 5798

Re: Devices are not reliably responding to ARP requests / Wifi Power Saving

Really? Do the other vendors quietly enable the equivalent of multicast helper known as MC2UC? That's plausible, yes (and backed up by your other references). It still feels like a work around to me but as it's common amongst vendors I guess I will eat humble pie and enable it. Thanks for the detai...
by marrold
Thu Dec 12, 2019 4:29 pm
Forum: General
Topic: Devices are not reliably responding to ARP requests / Wifi Power Saving
Replies: 11
Views: 5798

Re: Devices are not reliably responding to ARP requests / Wifi Power Saving

It works! What more can you ask for? It's a better kind of best effort! It's concealing a potential issue with Mikrotik Access Points that isn't observed on other vendors. If your device is asleep or suspended during a broadcast and misses it what are you going to do? The Client announces to the AP...
by marrold
Thu Dec 12, 2019 1:14 pm
Forum: Wireless Networking
Topic: WIFI AP Mikrotik with Sonoff Devices
Replies: 16
Views: 7255

Re: WIFI AP Mikrotik with Sonoff Devices

Multiple uses are reporting the same issue. My devices are connected to the primary SSID with the same problem. If you get time please could you confirm your ROS version, redacted wifi config, and possibly redacted the output from `status 0` a the Tasmota device? If you could run an nping test even ...
by marrold
Thu Dec 12, 2019 1:12 pm
Forum: General
Topic: Devices are not reliably responding to ARP requests / Wifi Power Saving
Replies: 11
Views: 5798

Re: Devices are not reliably responding to ARP requests / Wifi Power Saving

Try setting Multicast Helper to Full.
It's a bodge / work around. It does work, but Mikrotik should identify / fix the underlying issue.
by marrold
Mon Dec 09, 2019 9:48 pm
Forum: Wireless Networking
Topic: WIFI AP Mikrotik with Sonoff Devices
Replies: 16
Views: 7255

Re: WIFI AP Mikrotik with Sonoff Devices

> What exactly do you mean by overheat? I won't burn down my house Overheat as in the MCU will reboot and become unstable. It probably won't burn your house down but don't hold me to that. I've seen mixed messages whether this is a general problem or a specific batch of Sonoff Basics. > I read that ...
by marrold
Mon Dec 09, 2019 2:53 pm
Forum: Wireless Networking
Topic: WIFI AP Mikrotik with Sonoff Devices
Replies: 16
Views: 7255

Re: WIFI AP Mikrotik with Sonoff Devices

sleep 0
should be fine I believe.
SetOption60
is only relevant when there's a sleep time configured.
by marrold
Mon Dec 09, 2019 1:40 pm
Forum: General
Topic: Devices are not reliably responding to ARP requests / Wifi Power Saving
Replies: 11
Views: 5798

Re: Devices are not reliably responding to ARP requests / Wifi Power Saving

I have tried with
wmm-support
enabled and disabled and unfortunately the behaviour doesn't change.
by marrold
Mon Dec 09, 2019 11:58 am
Forum: Wireless Networking
Topic: WIFI AP Mikrotik with Sonoff Devices
Replies: 16
Views: 7255

Re: WIFI AP Mikrotik with Sonoff Devices

Disabling sleep with sleep 0 hides the underlying issue but can cause other problems - if devices don't sleep they use more power / release more heat. I've seen one report that the Sonoff Basics will overheat if they do not sleep. If you have time can you run nping and post your redacted wifi config...
by marrold
Mon Dec 09, 2019 11:06 am
Forum: Wireless Networking
Topic: WIFI AP Mikrotik with Sonoff Devices
Replies: 16
Views: 7255

Re: WIFI AP Mikrotik with Sonoff Devices

I would guess it's related to this viewtopic.php?f=2&t=154613

Are you using Tasmota?
by marrold
Mon Dec 09, 2019 10:32 am
Forum: General
Topic: Devices are not reliably responding to ARP requests / Wifi Power Saving
Replies: 11
Views: 5798

Devices are not reliably responding to ARP requests / Wifi Power Saving

I have observed that some devices using WiFi Power Saving features are not reliably responding to ARP. This is affecting an ESP8266, a Huawei P30 and a Samsung Galaxy S9. I am using a hAP AC and have the issue on version 6.44.6 and 6.46 I have configured an un-encrypted wireless network for the purp...
by marrold
Tue Dec 03, 2019 9:38 pm
Forum: General
Topic: Wireless beacon interval and DTIM missing
Replies: 24
Views: 14392

Re: Wireless beacon interval and DTIM missing

I could do with this - I need to adjust DTIM
by marrold
Tue Oct 30, 2018 11:56 am
Forum: Beginner Basics
Topic: RouterOS freezes if I change the IP
Replies: 11
Views: 2743

Re: RouterOS freezes if I change the IP

You're changing the IP address of the router that you're accessing it via. So as soon as you change the IP your connection to the router is lost. If you change the IP on the router, and then the IP on your PC, you should be able to reconnect. Look into using "safe mode" so you don't get lo...
by marrold
Sat Sep 29, 2018 11:31 pm
Forum: General
Topic: Sending DHCP Option 10 with RouterOS DHCP Server
Replies: 3
Views: 1078

Re: Sending DHCP Option 10 with RouterOS DHCP Server

Thanks, this helped point me in the right direction. The Client requests Option 43 and expects Option 10 in the offer as a "sub" option of 43 So for my case it was: Hex for Option 10: 0A Hex for Len 4: 04 Hex for 95.177.139.87: 5fb18b57 Combined Hex: 0x0A045fb38b56 /ip dhcp-server option a...
by marrold
Sat Sep 29, 2018 1:34 am
Forum: General
Topic: Sending DHCP Option 10 with RouterOS DHCP Server
Replies: 3
Views: 1078

Sending DHCP Option 10 with RouterOS DHCP Server

Hi All, I am trying to send DHCP Option 10 with the inbuilt RouterOS DHCP Server, however if I perform a packet capture, option 10 is not being included in the DHCP offer. However if I set the "code" to 12, its sent as expected. Does anyone have any ideas? My config looks like this: / ip d...
by marrold
Thu Feb 22, 2018 9:32 pm
Forum: General
Topic: Feature Request: zerotier vpn
Replies: 32
Views: 17371

Re: Feature Request: zerotier vpn

+1, ZeroTier would be nice
by marrold
Thu Feb 22, 2018 12:44 pm
Forum: Wireless Networking
Topic: wAP-ac | new bridge solution | 6.41.x
Replies: 7
Views: 2912

Re: wAP-ac | new bridge solution | 6.41.x

Exports are easier to read than verbose text, please include them.
by marrold
Mon Feb 19, 2018 12:49 am
Forum: General
Topic: How to downgrade RouterBoard software?
Replies: 4
Views: 1863

How to downgrade RouterBoard software?

Hi, I experimented with 6.41 but I'd like to go back to the bug fix version. Ive successfully reverted the packages, but I am unable to downgrade the firmware.

Is this possible?

Thanks
by marrold
Tue Feb 13, 2018 11:08 am
Forum: General
Topic: Bridge VLAN [ROS 6.41+]: Dropping untagged packets
Replies: 1
Views: 876

Re: Bridge VLAN [ROS 6.41+]: Dropping untagged packets

Hi, as this is a completely new implementation please could a member of Mikrotik staff comment?

Thanks
by marrold
Mon Feb 12, 2018 3:09 am
Forum: General
Topic: Bridge VLAN [ROS 6.41+]: Dropping untagged packets
Replies: 1
Views: 876

Bridge VLAN [ROS 6.41+]: Dropping untagged packets

Using the latest bridge vlan implementation, is it possible to drop untagged traffic?

If I create tagged ports, ROS is creating dynamic VLANs forcing untagged traffic to the PVID. I'd rather drop it.

Thanks
by marrold
Fri Feb 09, 2018 1:26 am
Forum: General
Topic: SIP ALG doesn't work in a proper way
Replies: 15
Views: 6726

Re: SIP ALG doesn't work in a proper way

SIP ALG's are bad news. Your provider should handle the NAT traversal.
by marrold
Thu Oct 26, 2017 12:57 am
Forum: General
Topic: VoIP - Implemented in RouterOS
Replies: 23
Views: 6056

Re: VoIP - Implemented in RouterOS

I see a market for a basic VoIP client and built in ATA (analog telephone adapter), so an end user can have a single box for Internet and Telephony, but I would object to a full blown PBX - It's unnecessary bloat.
by marrold
Thu Oct 26, 2017 12:48 am
Forum: Beginner Basics
Topic: Allowing 100 sip connection to pbx
Replies: 5
Views: 1895

Re: Allowing 100 sip connection to pbx

What are you trying to achieve?

Limiting to 100 connections in this way makes you susceptible to a DoS attack. Any SIP device on the internet will get scanned multiple times a day by various bots, which could exhaust available connections and block genuine clients.
by marrold
Fri Aug 25, 2017 4:57 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 57579

Re: CHR suggestions for new functionality

I would like to be able to access the virtual BIOs UUID from within the guest CHR. With QEMU / KVM this is unique per VM.

In a linux guest it can be accessed using dmidecode.

I mentioned it in this thread- viewtopic.php?f=15&t=124230
by marrold
Tue Aug 08, 2017 11:51 pm
Forum: Virtualization
Topic: Get UUID from inside guest CHR
Replies: 1
Views: 3397

Re: Get UUID from inside guest CHR

Hi,

Does anyone have any thoughts on this?

Thanks
by marrold
Fri Aug 04, 2017 6:04 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 81
Views: 36930

Re: CHR feature requests

I would like to be able to access the virtual BIOs UUID from within the guest. With QEMU / KVM this is unique per VM.

In a linux guest it can be accessed using dmidecode.

I mentioned it in this thread- viewtopic.php?f=15&t=124230

Thanks
by marrold
Thu Aug 03, 2017 11:07 pm
Forum: Virtualization
Topic: Get UUID from inside guest CHR
Replies: 1
Views: 3397

Get UUID from inside guest CHR

Hi all, I'd like to be able to find out some kind of identifier for the VM the CHR is running inside from the guest itself. The VM Host is KVM / QEMU based. In a linux machine I can run 'dmidecode' to get the UUID of the guest. This doesn't seem to be exposed in RouterOS. Is this possible? Could it ...
by marrold
Fri Jun 23, 2017 1:15 pm
Forum: General
Topic: Discussion about bugfix, current and rc versions
Replies: 29
Views: 11493

Re: v6.38.7 [bugfix] is released!

Or I'm very silly and I do not understand anything.
We are with version 6.39.2 and get bugfix of 6.38.7
How does it apply to 6.39.2?
6.38 = Bugfix, proven to be stable
6.39 = Current, new features, could have bugs
by marrold
Tue Mar 07, 2017 3:45 pm
Forum: RouterBOARD hardware
Topic: Caution Mikrotik hEX PoE lite (RB750UPr2)
Replies: 8
Views: 4283

Re: Caution Mikrotik hEX PoE lite (RB750UPr2)

Was this fixed?
by marrold
Tue Mar 07, 2017 1:03 pm
Forum: Forwarding Protocols
Topic: PIM-SM issue
Replies: 2
Views: 1320

Re: PIM-SM issue

I was able to get PIM-SM working fine between subnets, but I didn't have NAT in between. Why are you using NAT? Furthermore, I cannot see any multicast packet in RB3011 eth1 by packet sniffer. If the RB3011 is in the same subnet as the Multicast source, it should be seeing the traffic unless there's...
by marrold
Fri Mar 03, 2017 10:42 am
Forum: General
Topic: SIP mapping problem
Replies: 2
Views: 927

Re: SIP mapping problem

It would be unusual for a SIP dialog to take over TCP, but not impossible. Do you have the SIP helper enabled? Can you draw a diagram of the network? and as per above, please attach a PCAP.

Thanks
by marrold
Fri Jan 27, 2017 12:29 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 381
Views: 199307

Re: Mikrotik VDSL / DSL Modem?

+1 for an SFP based VDSL module
by marrold
Thu Jan 26, 2017 7:33 pm
Forum: Virtualization
Topic: CHR HDD space increased to 2GB but still shows no enough space ???
Replies: 2
Views: 3050

Re: CHR HDD space increased to 2GB but still shows no enough space ???

When increasing disk sizes for KVM Virtual Machines it's generally necessary to resize the file system with something like resize2fs. I imagine the same applies to the CHR, however I dont know if it has the appropriate tools built in.
by marrold
Mon Jan 16, 2017 11:25 am
Forum: Wireless Networking
Topic: hAP ac lite - lost connection, no beacons received
Replies: 2
Views: 1946

Re: hAP ac lite - lost connection, no beacons received

Hi, it's on the latest, 6.38

Thanks
by marrold
Mon Jan 16, 2017 10:33 am
Forum: Wireless Networking
Topic: hAP ac lite - lost connection, no beacons received
Replies: 2
Views: 1946

hAP ac lite - lost connection, no beacons received

Hi, I have a hAP ac lite that's regularly loosing connection to the wifi. The logs show- 'lost connection, no beacons received' http://wiki.mikrotik.com/wiki/Manual:Wireless_Debug_Logs indicates this means "no beacons received from remote end of WDS link. Most likely weak signal, remote turned ...
by marrold
Thu Jan 12, 2017 11:31 am
Forum: General
Topic: Another MPLS / VPLS MTU question
Replies: 1
Views: 1118

Re: Another MPLS / VPLS MTU question

Please could someone with a proven VPLS / MPLS network try pinging a remote hop with a size greater than the MTU set on the VPLS interface?

Thanks
by marrold
Wed Jan 11, 2017 1:39 am
Forum: General
Topic: Another MPLS / VPLS MTU question
Replies: 1
Views: 1118

Another MPLS / VPLS MTU question

Hi all, I have a MPLS / VPLS question. I know these are quite common so apologies in advance I have the following VPLS interface configured. ltmtu and advertised-l2mtu are configured to 1526 to allow for a 1500 byte frame + MPLS tag + Ethernet Header + VPLS Tag + PW Header - /interface vpls add adve...
by marrold
Thu Jan 05, 2017 1:06 pm
Forum: Virtualization
Topic: Emulate hAP ac and hEX in QEMU
Replies: 3
Views: 2972

Re: Emulate hAP ac and hEX in QEMU

Both those routers support all the packages shown above, so you can install any you require.

However, you will not be able to emulate the actual hardware performance of those devices.
by marrold
Wed Dec 28, 2016 1:50 pm
Forum: The Dude
Topic: Can we have a Linux Client Please ?
Replies: 2
Views: 2026

Re: Can we have a Linux Client Please ?

I think it's assumed that if you've got the skills to use Linux you can figure out the CLI
Normis has pointed out which area of forum I'm in.. apologies
by marrold
Mon Dec 26, 2016 12:04 pm
Forum: General
Topic: Amazon Echo Dot losing connection
Replies: 1
Views: 2162

Re: Amazon Echo Dot losing connection

A user on reddit suggested increasing the DHCP lease time, and it looks like the issue is now resolved.

It was set to 1 minute (!) due to some previous testing and Id forgot to set it back.

Thanks
by marrold
Mon Dec 26, 2016 2:35 am
Forum: General
Topic: Amazon Echo Dot losing connection
Replies: 1
Views: 2162

Amazon Echo Dot losing connection

Hi, I have an Amazon Echo Dot that's frequently losing connection to a hAP AC Access Point. The logs indicate that the Echo is de-authenticating. http://i.imgur.com/grs4Jws.png This is occuring on 2.4 and 5Ghz. The Dot is in the the room next to the the AP, so I don't think it's a signal issue- http...
by marrold
Sun Dec 18, 2016 1:08 pm
Forum: General
Topic: Upload use all my bandwidth
Replies: 2
Views: 1087

Re: Upload use all my bandwidth

This usually means your router is being used in a DDOS attack. Please make sure extenal services such as DNS and NTP are disabled or firewalled from the internet
by marrold
Sat Dec 17, 2016 8:58 pm
Forum: Forwarding Protocols
Topic: MPLS BGP VPNv4 with OSPF as PE-CPE
Replies: 18
Views: 6199

Re: MPLS BGP VPNv4 with OSPF as PE-CPE

I'm afraid I can't assist but I'm having the same issue. I've mirrored the configuration shown on the Wiki , which is also very similar to this Blog post . Both clearly show the PE routers responding in a traceroute, however I only see the final destination respond- [admin@RouterA] > / tool tracerou...
by marrold
Wed Dec 14, 2016 8:33 pm
Forum: General
Topic: Telnet bruteforcers - firewall doesn't work - read my firewall config
Replies: 3
Views: 1576

Re: Telnet bruteforcers - firewall doesn't work - read my firewall config

You dont seem to have a default drop rule at the end of your filter rules?
by marrold
Sun Dec 11, 2016 2:59 pm
Forum: General
Topic: VPLS Best Practise
Replies: 0
Views: 801

VPLS Best Practise

Hi, Ive been experimenting with VPLS and I've got a couple of questions on best practises. It's my understanding that in the simplified diagram below, traffic will traverse from Router 1 to Router 3 without requiring a bridge configured on Router 2. http://i.imgur.com/GeeTEtN.png However, I have a c...
by marrold
Tue Nov 29, 2016 4:47 pm
Forum: General
Topic: VoIP call causes extreme lag
Replies: 12
Views: 3246

Re: VoIP call causes extreme lag (wtf?)

Do you have a packet capture?
by marrold
Tue Nov 15, 2016 2:46 pm
Forum: General
Topic: Mikrotik Wireless IGMP support
Replies: 1
Views: 1093

Mikrotik Wireless IGMP support

Hi,

Does Mikrotik Wireless support IGMP?

E.G - Multicast traffic is only sent to client accessing the stream rather than broadcast to every Wifi client

Thanks
by marrold
Tue Nov 15, 2016 2:43 pm
Forum: General
Topic: Feature Request: Fake 'wireless' interfaces on CHR for use in a lab.
Replies: 5
Views: 2214

Re: Feature Request: Fake 'wireless' interfaces on CHR for use in a lab.

> Rather real ones.

In a VM?

faked wireless interfaces would allow you to play with Capsman and view the `/ interfaces wireless` settings
by marrold
Tue Nov 15, 2016 2:47 am
Forum: General
Topic: Feature Request: Fake 'wireless' interfaces on CHR for use in a lab.
Replies: 5
Views: 2214

Feature Request: Fake 'wireless' interfaces on CHR for use in a lab.

Hi,

It would be nice to see some fake wireless interfaces on the CHR for lab purposes, for playing with CAPsMAN etc.

Thanks
by marrold
Tue Nov 15, 2016 2:45 am
Forum: General
Topic: London UK MUM 2016 - Nov 14th
Replies: 40
Views: 8161

Re: London UK MUM 2016 - Nov 14th

Thanks to the Mikrotik Team and all those that presented talks today! I'm hoping there will be another next year.
by marrold
Tue Nov 08, 2016 12:22 pm
Forum: General
Topic: Efficient Wireless Bridging
Replies: 7
Views: 2252

Re: Efficient Wireless Bridging

You cannot bridge mode-station.
You can't, but you can bridge an EoIP tunnel layered over it.
by marrold
Tue Nov 08, 2016 2:28 am
Forum: General
Topic: Efficient Wireless Bridging
Replies: 7
Views: 2252

Efficient Wireless Bridging

Hi all, Please could you advise the most efficient method to layer 2 bridge a Wireless and Wired network using all Mikrotik equipment in terms of CPU, Radio time, max MTU etc? From the wiki- If L2 bridging over wireless link is not necessary - as in case of routed or MPLS switched network, basic mod...
by marrold
Mon Jul 11, 2016 3:48 pm
Forum: General
Topic: Unable to SSH into router from LAN when internet is down.
Replies: 2
Views: 1098

Unable to SSH into router from LAN when internet is down.

Hi all, I've recently observed I'm unable to SSH into my router from the LAN when the router has no internet connection. I've upgraded to 6.34.6 but the issue is still present. Does anyone have any ideas what's causing this? I don't have any obvious firewall rules that would be effecting this, the o...
by marrold
Wed May 04, 2016 7:50 pm
Forum: Forwarding Protocols
Topic: Does BGP support dynamic neighbours?
Replies: 5
Views: 2121

Does BGP support dynamic neighbours?

Hi, Does RouterOS's BGP implementation support 'dynamic neighbors'? (I.E not setting IP for remote-address) Cisco equivalent - http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3sg/irg-xe-3sg-book/irg-dynamic-neighbor.html#GUID-40C1CA4F-5669-4495-8FEE-2D641E916858 Thanks
by marrold
Tue May 03, 2016 7:54 pm
Forum: Beginner Basics
Topic: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2
Replies: 43
Views: 8462

Re: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2

This appears to be from the LAN side only, do you also have a trace from the WAN side? I can see your device is sending REGISTER requests but doesn't receive a response. This could be because your provider is not implementing NAT traversal and the responses are going back to 192.168.1.22, or it coul...
by marrold
Tue May 03, 2016 2:26 pm
Forum: Beginner Basics
Topic: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2
Replies: 43
Views: 8462

Re: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2

Please can you post a proper .pcap packet capture?
by marrold
Wed Apr 27, 2016 1:16 pm
Forum: Beginner Basics
Topic: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2
Replies: 43
Views: 8462

Re: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2

What I am trying to determine is if the C610 -> SIP server passes double or multiple NAT stages, as that will give you problems with SIP. It may cause issues, but the SIP provider should have NAT traversal in place that can work around these issues. Please can you post a proper .pcap packet capture...
by marrold
Mon Apr 25, 2016 12:21 pm
Forum: Beginner Basics
Topic: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2
Replies: 43
Views: 8462

Re: Another SIP (Gigaset C610 A IP) is not registering with RB1100AHx2

I'd suggest disabling the SIP helper, and as mentioned above grab a packet trace, ideally from the LAN and WAN side of your router.

Im happy to take a look.
by marrold
Thu Mar 17, 2016 1:54 pm
Forum: General
Topic: RESOLVED: How to load drivers?
Replies: 9
Views: 3035

Re: How to load drivers?

To clarify, you have multiple IP's that MUST be assigned to the same MAC?

Who is your host?
by marrold
Sat Mar 12, 2016 6:26 pm
Forum: General
Topic: Export file troubleshooting tips. What else to add?
Replies: 4
Views: 2066

Re: Export file troubleshooting tips. What else to add?

Would it nor be sensible to fix the export / import rather than producing a page of things to avoid?
by marrold
Tue Mar 08, 2016 12:05 pm
Forum: General
Topic: MitM - Mikrotik in the Middle as Analyzer
Replies: 4
Views: 3066

Re: MitM - Mikrotik in the Middle as Analyzer

Personally I'd firewall at the L3 edge rather than L2. However, I'm curious what project you're working on? I'm working on something similar myself.
by marrold
Thu Jan 28, 2016 4:19 pm
Forum: RouterBOARD hardware
Topic: Any new CRS switches comming out soon?
Replies: 4
Views: 1875

Re: Any new CRS switches comming out soon?

802.3af would be nice. Even better if it was fanless (Even if this means less ports)
by marrold
Wed Jan 27, 2016 4:07 pm
Forum: General
Topic: Central management options?
Replies: 4
Views: 4260

Re: Central management options?

There was a thread a while ago about adding TR-069 support, that might help

http://forum.mikrotik.com/viewtopic.php ... 69#p507352
by marrold
Wed Jan 27, 2016 4:06 pm
Forum: General
Topic: Manage hundreds of Mikrotik clients - what is the best method
Replies: 3
Views: 1269

Re: Manage hundreds of Mikrotik clients - what is the best method

There was a thread a while ago about adding TR-069 support, that might help

http://forum.mikrotik.com/viewtopic.php ... 69#p507352
by marrold
Wed Jan 27, 2016 2:19 am
Forum: Beginner Basics
Topic: Why can't VLAN tags be assigned to a GRE interface?
Replies: 8
Views: 3389

Re: Why can't VLAN tags be assigned to a GRE interface?

I attempted to add the L2TP interface to the bridge and it failed, so a little bit of Googling revealed BCP which worked as planned.

Thanks again for the nudge in the right direction
by marrold
Tue Jan 26, 2016 2:39 pm
Forum: Beginner Basics
Topic: Why can't VLAN tags be assigned to a GRE interface?
Replies: 8
Views: 3389

Re: Why can't VLAN tags be assigned to a GRE interface?

I can't add VLAN tags to an L2TP interface either, so what's the recommend way to bridge VLAN's over a WAN?

I'm aware EoIP works, but ideally I'd like to use an 'open' protocol.
by marrold
Tue Jan 26, 2016 2:04 pm
Forum: Beginner Basics
Topic: Why can't VLAN tags be assigned to a GRE interface?
Replies: 8
Views: 3389

Re: Why can't VLAN tags be assigned to a GRE interface?

*face palm*

Its kind of obvious now you mention it, thanks
by marrold
Mon Jan 25, 2016 2:18 am
Forum: Beginner Basics
Topic: Why can't VLAN tags be assigned to a GRE interface?
Replies: 8
Views: 3389

Why can't VLAN tags be assigned to a GRE interface?

Hi all,

I'm curious why VLAN tags can't be assigned to a GRE interface. What's the proper way to do this?

I'm doing it using EoIP but there must be away to send VLAN'd traffic over a GRE tunnel, right?

Thanks
by marrold
Sun Jan 24, 2016 10:24 pm
Forum: Forwarding Protocols
Topic: Put 500,000+ BGP routes in your MikroTik for testing with this VM
Replies: 9
Views: 4366

Re: Put 500,000+ BGP routes in your MikroTik for testing with this VM

Nice. It's great to see a business giving something back to community :D
by marrold
Sun Jan 24, 2016 9:05 pm
Forum: Scripting
Topic: Voltage Monitoring
Replies: 22
Views: 21108

Re: Voltage Monitoring

I have try this script and indeed it don't work.
Who can help us?
Run it line by line and see where it fails, or add some lines to indicate where if fails, e.g -
:put "The script has made it this far [1]"
:put "The script has made it this far [2]"
by marrold
Mon Jan 04, 2016 11:53 am
Forum: General
Topic: SSH stopped working on CCR1072
Replies: 5
Views: 1694

Re: SSH stopped working on CCR1072

I've had a similar issue in the past on older ROS versions. I also observed when SSH stopped working, the following command would hang and eventually timeout and suggest sending a SUPOUT to support
/ ip ssh print
by marrold
Mon Dec 07, 2015 11:51 pm
Forum: Beginner Basics
Topic: Logging to remote AND memory [SOLVED]
Replies: 3
Views: 1564

Re: Logging to remote AND memory

Turns out you can add a topic more than once- [admin@router] /system logging> print Flags: X - disabled, I - invalid, * - default # TOPICS ACTION PREFIX 0 * info remote 1 * error remote 2 * warning remote 3 * critical echo 4 l2tp remote !packet 5 ipsec remote 6 info memory 7 error memory 8 warning m...
by marrold
Mon Dec 07, 2015 11:59 am
Forum: Beginner Basics
Topic: Logging to remote AND memory [SOLVED]
Replies: 3
Views: 1564

Re: Logging to remote AND memory

How? [admin@router] /system logging> print Flags: X - disabled, I - invalid, * - default # TOPICS ACTION PREFIX 0 * info remote 1 * error remote 2 * warning remote 3 * critical echo [admin@router] /system logging> set 0 action=memory,remote input does not match any value of action
by marrold
Mon Dec 07, 2015 12:14 am
Forum: Beginner Basics
Topic: Logging to remote AND memory [SOLVED]
Replies: 3
Views: 1564

Logging to remote AND memory [SOLVED]

Hi all,

Is it possible to log to a remote syslog server AND the memory?

Thanks
by marrold
Tue Nov 10, 2015 10:37 pm
Forum: Announcements
Topic: Newsletter 68
Replies: 57
Views: 26499

Re: Newsletter 68

Any update on documentation for the LNS function?
by marrold
Sat Nov 07, 2015 3:24 pm
Forum: Announcements
Topic: Newsletter 68
Replies: 57
Views: 26499

Re: Newsletter 68

Is there any documentation on using the LNS function?
What do you want to know ?

We have tested successfully with IOS & IOS-XE LAC.
I'm curious about the config and topology
by marrold
Fri Nov 06, 2015 5:12 pm
Forum: Announcements
Topic: Newsletter 68
Replies: 57
Views: 26499

Re: Newsletter 68

Is there any documentation on using the LNS function?
by marrold
Thu Nov 05, 2015 11:05 am
Forum: General
Topic: LTE Interface Hijacking my Default Route
Replies: 3
Views: 1622

Re: LTE Interface Hijacking my Default Route

Somewhere in the config for the LTE modem I'd expect it to say add-default-route. Turn it off.
by marrold
Fri Oct 30, 2015 4:52 pm
Forum: General
Topic: Disable announcing NTP server in DHCP
Replies: 6
Views: 3581

Disable announcing NTP server in DHCP

A friend is currently trying to prevent NTP servers being announced to DHCP clients. The NTP sever is disabled, and no NTP server is set in the DHCP network section, but clients are still receiving NTP servers via DHCP (Its using those setup in the NTP client section) Any ideas? Thanks. [matthew@HQ]...
by marrold
Thu Oct 22, 2015 2:38 pm
Forum: Scripting
Topic: Restart up to 16 AP's with one script ?
Replies: 8
Views: 2911

Re: Restart up to 16 AP's with one script ?

Sounds err, risky.
by marrold
Wed Oct 21, 2015 10:26 am
Forum: General
Topic: xinet.d analog on RouterOS?
Replies: 3
Views: 1235

Re: xinet.d analog on RouterOS?

I don't understand I'm afraid. Could you perhaps draw a diagram, or explain what you want to go where?
by marrold
Mon Oct 19, 2015 10:43 am
Forum: Beginner Basics
Topic: SIP Phones not registering
Replies: 5
Views: 3010

Re: SIP Phones not registering

A packet capture should help.
by marrold
Sun Oct 18, 2015 6:24 pm
Forum: Beginner Basics
Topic: Some websites do not open
Replies: 13
Views: 5641

Re: Some websites do not open

You've not really provided any information.

I suspect this is a config error
by marrold
Thu Oct 15, 2015 10:24 pm
Forum: General
Topic: install on x86
Replies: 6
Views: 1438

Re: install on x86

This sounds like a hardware issue, rather than a RouterOS issue
by marrold
Tue Oct 13, 2015 12:07 pm
Forum: General
Topic: Service Ports, SIP Direct Media, SDP
Replies: 10
Views: 17250

Re: Service Ports, SIP Direct Media, SDP

No problem, I'm glad it's fixed.
by marrold
Mon Oct 12, 2015 4:48 pm
Forum: General
Topic: Service Ports, SIP Direct Media, SDP
Replies: 10
Views: 17250

Re: Service Ports, SIP Direct Media, SDP

I believe you are seeing a private IP in the SDP because you have set 'SIP Direct Media' I'd try disabling it.

Ultimately, all SIP ALG's are usually not that great, and you should avoid using them where possible.
by marrold
Sat Oct 10, 2015 12:46 am
Forum: Virtualization
Topic: CHR features from tool packages
Replies: 12
Views: 9811

Re: CHR features from tool packages

ACPI shutdown is a big one for me.
by marrold
Mon Oct 05, 2015 10:11 pm
Forum: General
Topic: please
Replies: 4
Views: 1382

Re: please

> please

Please try and give your posts a relevant title. It may get more attention and assistance, and it means something to other forum users.
by marrold
Sun Oct 04, 2015 5:42 pm
Forum: Scripting
Topic: Reading/Writing Encrypted Scripts
Replies: 20
Views: 12948

Re: Reading/Writing Encrypted Scripts

Why not just prevent the user accessing RouterOS at all?
by marrold
Fri Oct 02, 2015 10:54 pm
Forum: General
Topic: IPSEC to Fortinet Issue
Replies: 6
Views: 2565

Re: IPSEC to Fortinet Issue

Post config + logs
by marrold
Fri Oct 02, 2015 10:53 pm
Forum: General
Topic: hAP Lite for IPSec Tunnel + trivial BGP
Replies: 4
Views: 1517

Re: hAP Lite for IPSec Tunnel + trivial BGP

For 10 routes why not use Ospf? Either way, I'm sure sure the HAP will cope
by marrold
Thu Oct 01, 2015 6:35 pm
Forum: Beginner Basics
Topic: Load Balancing
Replies: 7
Views: 2414

Re: Load Balancing

You have to mangle inbound traffic and make sure it routes back out via the same IP as it arrived on.
by marrold
Wed Sep 30, 2015 5:43 pm
Forum: Beginner Basics
Topic: please explain a default firewall rule
Replies: 3
Views: 1160

Re: please explain a default firewall rule

I have never considered this, I've always added separate NAT and filter rules.

Good to know
by marrold
Tue Sep 29, 2015 7:06 pm
Forum: General
Topic: Local address Asterix to specific SIP public address and vice versa , how?
Replies: 2
Views: 1069

Re: Local address Asterix to specific SIP public address and vice versa , how?

You will need NAT and Filter rules in the firewall.
by marrold
Tue Sep 29, 2015 6:05 pm
Forum: General
Topic: [Feature Request] HTTPS Hotspot
Replies: 8
Views: 3157

Re: [Feature Request] HTTPS Hotspot

What are you trying to achieve?
by marrold
Tue Sep 29, 2015 10:15 am
Forum: General
Topic: sticky firewall rules even if you delete it
Replies: 3
Views: 1967

Re: sticky firewall rules even if you delete it

You'd have to post a full export for better diagnosis
by marrold
Mon Sep 28, 2015 11:12 pm
Forum: Beginner Basics
Topic: How to run multiple scripts with one scheduler?
Replies: 2
Views: 1904

Re: How to run multiple scripts with one scheduler?

Make a script, that calls the scripts.
by marrold
Mon Sep 28, 2015 10:10 pm
Forum: General
Topic: sticky firewall rules even if you delete it
Replies: 3
Views: 1967

Re: sticky firewall rules even if you delete it

You probably have the following rule or similar in your config-
/ ip firewall filter add action=accept connection-state=established
by marrold
Mon Sep 28, 2015 5:04 pm
Forum: General
Topic: Hotspot auth with Radius Throw VPN
Replies: 2
Views: 1080

Re: Hotspot auth with Radius Throw VPN

Just run RADIUS over an Encrypted tunnel, it should work fine.
by marrold
Mon Sep 28, 2015 3:11 pm
Forum: General
Topic: L2TP tunnel authentication support
Replies: 7
Views: 2867

Re: L2TP tunnel authentication support

For my own curiosity, please could you explain what this does that the Mikrotik can't do?

Thanks
by marrold
Mon Sep 28, 2015 3:10 pm
Forum: General
Topic: My settings Reset to factory default every time after reboot the router
Replies: 7
Views: 6527

Re: My settings Reset to factory default every time after reboot the router

Maybe something is bridging the reset pads on the PCB?
by marrold
Mon Sep 28, 2015 9:24 am
Forum: Scripting
Topic: AUTOMATIC BRIDGE FILTER
Replies: 8
Views: 2682

Re: AUTOMATIC BRIDGE FILTER

Can you advise why you're trying to achieve this?
by marrold
Mon Sep 28, 2015 9:22 am
Forum: General
Topic: [Features Request] on CapsManager
Replies: 3
Views: 2055

Re:

Have the frequencies pretyped like when setting a plain AP without capsman instead of a text box.

Sent from my Nexus 4 using Tapatalk
You can set the channel rather than the frequency
by marrold
Mon Sep 28, 2015 9:18 am
Forum: General
Topic: Unable to work out command to find specific property set
Replies: 2
Views: 913

Re: Unable to work out command to find specific property set

I don't have the code to hand, but you might be best using a for loop and running :typeof dst-address
by marrold
Mon Sep 28, 2015 9:15 am
Forum: Wireless Networking
Topic: Good signal but very poor throughput....
Replies: 11
Views: 2937

Re: Good signal but very poor throughput....

Have you tried the proposed fix in this thread?
by marrold
Sat Sep 26, 2015 11:07 pm
Forum: Wireless Networking
Topic: CAPsMAN provisioning - what am I missing?
Replies: 7
Views: 13006

Re: CAPsMAN provisioning - what am I missing?

Interesting, I may well of had the same issue. I tried adding a new SSID to an existing Cap, and I couldn't get it to work.

If it's not possible to update settings, I am a sad panda...
by marrold
Fri Sep 25, 2015 9:27 pm
Forum: General
Topic: Why is MikroTik malicously violating GPL
Replies: 18
Views: 7876

Re: Why is MikroTik malicously violating GPL

Still no actual sources...
by marrold
Fri Sep 25, 2015 4:18 pm
Forum: General
Topic: Why is MikroTik malicously violating GPL
Replies: 18
Views: 7876

Re: Why is MikroTik malicously violating GPL

Have you ordered the CD containing the GPL licensed source code, and verified it violates the GPL ? http://www.mikrotik.com/downloadterms.html You mean to say that GPL community is lying deliberately to hurt MikroTik? Because there is (or at least there was) a lot of complaints from GPL fans about ...
by marrold
Fri Sep 25, 2015 2:01 pm
Forum: General
Topic: Why is MikroTik malicously violating GPL
Replies: 18
Views: 7876

Re: Why is MikroTik malicously violating GPL

Have you ordered the CD containing the GPL licensed source code, and verified it violates the GPL ?

http://www.mikrotik.com/downloadterms.html
by marrold
Fri Sep 25, 2015 11:33 am
Forum: RouterBOARD hardware
Topic: dual-band WiFi for office
Replies: 13
Views: 3456

Re: dual-band WiFi for office

Till November, guys.
Do you have a source for this info?
by marrold
Fri Sep 25, 2015 2:13 am
Forum: Beginner Basics
Topic: VPN Security
Replies: 8
Views: 1984

Re:

It depends on what side should be dynamic...
No it doesnt...
by marrold
Thu Sep 24, 2015 10:46 pm
Forum: RouterBOARD hardware
Topic: dual-band WiFi for office
Replies: 13
Views: 3456

Re: dual-band WiFi for office

We're all still waiting, patiently!
by marrold
Thu Sep 24, 2015 6:47 pm
Forum: Beginner Basics
Topic: VPN Security
Replies: 8
Views: 1984

Re:

Drop everything except whitelist is the right approach. If you need dynamic whitelist you would need to implement port knocking.
Port Knocking is not the right approach. It's a nasty hacky bodge.

The correct approach for VPN servers with roaming clients is to black list repeat offenders.
by marrold
Thu Sep 24, 2015 4:38 pm
Forum: Beginner Basics
Topic: VPN Security
Replies: 8
Views: 1984

Re: VPN Security

Unfortunately I haven't found a good way to do this with RouterOS alone. Using Certificate Auth will in theory make it incredibly hard to hack, but I'd still like more protection. One way that would work is syslogging logs to another linux server running Fail2ban, and detecting brute force attempts ...
by marrold
Wed Sep 23, 2015 11:41 am
Forum: Wireless Networking
Topic: Wlan take IP address automatically
Replies: 1
Views: 891

Re: Wlan take IP address automatically

Run a packet capture, see if DHCP is giving the IP
by marrold
Mon Sep 21, 2015 8:31 pm
Forum: General
Topic: outgoing smtp
Replies: 8
Views: 1893

Re: outgoing smtp

Have you done a packet capture?
by marrold
Mon Sep 21, 2015 10:53 am
Forum: Beginner Basics
Topic: Connecting more geographic sites: wich vpn ?
Replies: 13
Views: 3088

Re: Connecting more geographic sites: wich vpn ?

We need more info on number of sites, topology, etc
by marrold
Mon Sep 21, 2015 10:50 am
Forum: General
Topic: My ISP is offering IPv6 through DHCP: how can I use it?
Replies: 8
Views: 4352

Re: My ISP is offering IPv6 through DHCP: how can I use it?

Could someone help me understand how this is routed / delivered to the CPE? Traditionally with IPv4 I've always had a routed block (E.G a /28) delivered over a /30.

If you're only allocated an IPv6 /64 from your ISP, how do you route it?
by marrold
Fri Sep 18, 2015 6:41 pm
Forum: General
Topic: Router management software
Replies: 3
Views: 1499

Re: Router management software

It's called 'The Dude', but don't get too excited. Most people seem to complain it's not kept up to date.
by marrold
Thu Sep 17, 2015 11:16 am
Forum: General
Topic: UDP connection and NAT
Replies: 4
Views: 2418

Re: UDP connection and NAT

Setup your masq rules separately, one for each out-interface? Then only NAT new connections? that way 'invalid' connections will die off on their own and start new ones?
But UDP connections don't 'die' as such?
by marrold
Wed Sep 16, 2015 6:28 pm
Forum: General
Topic: DNS server and cache server
Replies: 4
Views: 1549

Re: DNS server and cache server

It's unlikely a DNS server will make anything blazingly fast. It may shave a few milliseconds off...
by marrold
Wed Sep 16, 2015 4:20 pm
Forum: General
Topic: Request for New Product !
Replies: 1
Views: 945

Re: Request for New Product !

Is this for termination / demarc, on the customers site but managed by the provider? These sort of devices are quite common in the UK and allow the provider to monitor both ends of the last mile.

Image
by marrold
Wed Sep 16, 2015 4:04 pm
Forum: General
Topic: UDP connection and NAT
Replies: 4
Views: 2418

Re: UDP connection and NAT

I have found the same 'issue'. It doesn't just affect VPN connections, it also affects Multi-WAN setups. If a connection fails over to the secondary WAN link, then recovers to the primary, it will have the wrong IP. As you've discovered, you have to clear the connections. The best way to automate th...
by marrold
Wed Sep 16, 2015 3:04 pm
Forum: General
Topic: Remove a connection via script
Replies: 10
Views: 4951

Re: Remove a connection via script

Do not use '=' , use instead '~' to match dst-address and use double quotes .. /ip firewall connection remove [/ ip firewall connection find dst-address~"111.222.333.444:5060"] I'm curious, what benefit is this? You may, thanks. Setup a tik for WAN fail over using netwatch. I want to see ...
by marrold
Wed Sep 16, 2015 11:38 am
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN lcd upside down
Replies: 7
Views: 1998

Re: RB2011UiAS-2HnD-IN lcd upside down

Whilst we're proposing changes to the LCD, could we also add the ability to add custom image or text?
by marrold
Wed Sep 16, 2015 9:11 am
Forum: General
Topic: securing L2TP/IPsec server connection
Replies: 15
Views: 11117

Re: securing L2TP/IPsec server connection

Hey guys!!! :D Same thing here, setup the L2TP IPSEC with the MKT and realised people can connect without using the ipsec at all... making it not secure at all :p Found anything on how to "force" it ? Thanks ;) Check out the newish IPSEC policy matcher rules. Make sure you're on a new ver...
by marrold
Wed Sep 16, 2015 9:06 am
Forum: General
Topic: Cloud Router License ?
Replies: 6
Views: 1255

Re: Cloud Router License ?

Sounds like you got ripped off
by marrold
Wed Sep 16, 2015 9:01 am
Forum: Beginner Basics
Topic: IP>Services: Safe to disable?
Replies: 10
Views: 12309

Re: IP>Services: Safe to disable?

The services run locally on the firewall, I.E, The SSH service allows you to SSH into the router itself. Disabling it will prevent you using SSH to access the router.

Be careful when disabling services. I'd use safe mode.
by marrold
Tue Sep 15, 2015 9:21 pm
Forum: General
Topic: Remove a connection via script
Replies: 10
Views: 4951

Re: Remove a connection via script

I think it should be
 /ip firewall connection remove [/ ip firewall connection find dst-address=111.222.333.444:5060]
What's the reason you're doing this by the way? I work as a VoIP engineer so maybe I can help.
by marrold
Tue Sep 15, 2015 8:37 pm
Forum: General
Topic: Weird IP scan
Replies: 2
Views: 1062

Re: Weird IP scan

Sounds like some form of proxy-arp going on.
Yup
by marrold
Tue Sep 15, 2015 8:36 pm
Forum: General
Topic: Remove a connection via script
Replies: 10
Views: 4951

Re: Remove a connection via script

How do you manually remove the connection?
by marrold
Tue Sep 15, 2015 4:27 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 579
Views: 274408

Re: Cloud Hosted Router

normis, any word on when we might be able to get a trial license w.o the 1mb restriction? would like to see how mikrotik handles 56gbe and 100gbe interfaces. Mikrotik answered this 3 weeks ago - All the details of the licensing scheme are not yet known or cannot be disclosed. For now, you have limi...
by marrold
Tue Sep 15, 2015 2:03 pm
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 18907

Re: WOL from WAN

Use a VPN to become a member of the local LAN, and send your WOL packets that way. This is one method. Or you could setup an SSH client to remote into the router and you could run the inbuilt WOL tool on the router. You could probably automate this using something like JuiceSSH http://wiki.mikrotik...
by marrold
Tue Sep 15, 2015 1:05 pm
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN lcd upside down
Replies: 7
Views: 1998

Re: RB2011UiAS-2HnD-IN lcd upside down

I dont think this is possible. But, chances are you won't use it any way.
by marrold
Tue Sep 15, 2015 11:30 am
Forum: Forwarding Protocols
Topic: freepbx / asterisk firewall and nat rules
Replies: 17
Views: 19655

Re: freepbx / asterisk firewall and nat rules

I only have these 2 rules in place for outside access + I have Faill2Ban configured on freepbx to protect against authentication attacks.
Fail2Ban won't catch everything. Be careful
by marrold
Tue Sep 15, 2015 10:15 am
Forum: General
Topic: SIP VOIP optimization
Replies: 2
Views: 1323

Re: SIP VOIP optimization

Ideally we'd need packet captures to be able to diagnose this.
by marrold
Tue Sep 15, 2015 9:38 am
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

I will have to read the RFC's, but Im pretty sure it's Softether that's at fault and needs to be fixed.
by marrold
Tue Sep 15, 2015 2:01 am
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

It looks like your server is sending the value 1.0.0.1

Please see packet 19 in your PCAP

Image

Googling "softether 1.0.0.1" suggests this is a common problem for SoftEther
by marrold
Mon Sep 14, 2015 10:14 pm
Forum: Forwarding Protocols
Topic: freepbx / asterisk firewall and nat rules
Replies: 17
Views: 19655

Re: freepbx / asterisk firewall and nat rules

I'm glad that's worked. However if you leave your PBX open to the world, you're likely to get hacked.
by marrold
Mon Sep 14, 2015 6:44 pm
Forum: Forwarding Protocols
Topic: Is it possible for a customer router to announce routes to the provider edge of an MPLS / VRF network?
Replies: 5
Views: 1619

Re: Is it possible for a customer router to announce routes to the provider edge of an MPLS / VRF network?

Thanks for the pointers. One more question if you don't mind, is there any reason to put public transit inside a VRF?
by marrold
Mon Sep 14, 2015 6:30 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

Ok, least we've clarified and confirmed the issue. I think the next step would be to capture packets of the L2TP tunnel negotiation itself, and see what's different. I can capture packets from a Mikrotik to Mikrotik L2TP tunnel, and we can compare the two.
by marrold
Mon Sep 14, 2015 6:16 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

Ok, the #1 packet in the sniffer log shows the packet is leaving the Ether2 interface, which is bad news.

Please could you post the output from-

/ ip route print
by marrold
Mon Sep 14, 2015 5:36 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

Before we can attempt to fix it, we need to know what's causing the issue, and what affect it has. This generally requires packet captures and some detailed diagnosis. Unfortunately this can be time consuming.

If you know a better way, please go ahead and let us know how you fix it.
by marrold
Mon Sep 14, 2015 5:26 pm
Forum: Forwarding Protocols
Topic: Is it possible for a customer router to announce routes to the provider edge of an MPLS / VRF network?
Replies: 5
Views: 1619

Re: Is it possible for a customer router to announce routes to the provider edge of an MPLS / VRF network?

I found this entry in the wiki which covers how to set this up - http://wiki.mikrotik.com/wiki/Manual:EBGP_as_PE-CE_routing_protocol I'm interested in both options, private and public transit. This is just for labbing currently, to get a better understanding of the technologies. I guess ideally I'd ...
by marrold
Mon Sep 14, 2015 5:24 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

Thanks. It could be getting dropped by a firewall, or maybe it's going out the wrong interface due to the incorrect network field. What happens if you run the sniffer on all interfaces? Do you see replies going out?
by marrold
Mon Sep 14, 2015 5:00 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

I'm afraid that file host site is a bit confusing as there's about 2000 download links, and most of them probably lead to some kind of Malware. Is there somewhere else you can host the file, like Dropbox or Google Drive?
by marrold
Mon Sep 14, 2015 3:55 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

Which interface did you run the sniffer on? Please could you provide a proper .pcap ?
by marrold
Mon Sep 14, 2015 3:17 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

When you ping from the VPN server, do you get a response?

Id like to see a packet capture of attempting to ping a remote address
by marrold
Mon Sep 14, 2015 1:09 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

Moreover, when I'm trying to ping IP address which was assigned to RouterOS client from VPN server side I see that ICMP packets is arriving RouterOS side according to packet sniffering logs. But connection doesn't work as it should (for example I can't ping remote gateway address) - I guess because...
by marrold
Mon Sep 14, 2015 12:41 pm
Forum: Forwarding Protocols
Topic: Is it possible for a customer router to announce routes to the provider edge of an MPLS / VRF network?
Replies: 5
Views: 1619

Is it possible for a customer router to announce routes to the provider edge of an MPLS / VRF network?

Hi all,

I've setup a BGP / MPLS / VRF network as per the wiki http://wiki.mikrotik.com/wiki/Manual:La ... PN_example , where customers announce their routes via OSPF.

Is it possible for a customer to announce their routes via BGP?

Also, what is the 'proper', real world way to do this?
by marrold
Mon Sep 14, 2015 12:38 pm
Forum: Forwarding Protocols
Topic: freepbx / asterisk firewall and nat rules
Replies: 17
Views: 19655

Re: freepbx / asterisk firewall and nat rules

add chain=input dst-port=5060 log=yes protocol=udp
add chain=input dst-port=10000-20000 log=yes protocol=udp
These rules should be in the forward chain.
by marrold
Mon Sep 14, 2015 9:53 am
Forum: General
Topic: hAP issue
Replies: 10
Views: 2221

Re: hAP issue

I'm not 100% sure, but I belive you need to place files you want to survive a reboot in the /flash dir
by marrold
Mon Sep 14, 2015 9:52 am
Forum: General
Topic: hAP issue
Replies: 10
Views: 2221

Re: hAP issue

I'm not 100% sure, but I belive you need to place files youbwajtbto survive a reboot in the /flash dir
by marrold
Mon Sep 14, 2015 2:26 am
Forum: The User Manager
Topic: Paypal about to update certificates again!!
Replies: 11
Views: 3264

Re: Paypal about to update certificates again!!

Bumping for visibility
by marrold
Fri Sep 11, 2015 10:41 pm
Forum: RouterBOARD hardware
Topic: No free space on disk
Replies: 2
Views: 1424

Re: No free space on disk

Please post

/ file print
by marrold
Fri Sep 11, 2015 5:53 pm
Forum: Forwarding Protocols
Topic: freepbx / asterisk firewall and nat rules
Replies: 17
Views: 19655

Re: freepbx / asterisk firewall and nat rules

voip + nat = problem
Complete bullshit. It can be a problem, but 9 out of 10 times it can be made to work.

Especially with a Mikrotik 8)
by marrold
Fri Sep 11, 2015 4:34 pm
Forum: Forwarding Protocols
Topic: freepbx / asterisk firewall and nat rules
Replies: 17
Views: 19655

Re: freepbx / asterisk firewall and nat rules

it doesn't seem to work
This is incredibly vague, we need more info.
by marrold
Fri Sep 11, 2015 4:33 pm
Forum: General
Topic: force ip cloud to update from WAN1
Replies: 8
Views: 2984

Re: force ip cloud to update from WAN1

you can easily create an issue where trafic comes in the one interface and leaves the other.
If this happens unintentionally, you've made a mistake I'm your config.
by marrold
Thu Sep 10, 2015 8:26 pm
Forum: General
Topic: rsa key support in ssh?
Replies: 16
Views: 20706

Re: rsa key support in ssh?

This was added recently but I can't find the relevant change log
by marrold
Thu Sep 10, 2015 3:51 pm
Forum: General
Topic: force ip cloud to update from WAN1
Replies: 8
Views: 2984

Re: force ip cloud to update from WAN1

The statement is true, but I dont understand how it applies to forcing IP Cloud to use a specific interface? Traffic would go in and out the same IP.
by marrold
Thu Sep 10, 2015 3:49 pm
Forum: General
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 3546

Re: Suggestion: Add a button to flush connections

I've not come across the 2048 limit but I deal with a low number of connections usually.


Quickest way
/ ip firewall connection tracking set enabled=no
/ ip firewall connection tracking set enabled=yes
by marrold
Thu Sep 10, 2015 3:21 pm
Forum: General
Topic: force ip cloud to update from WAN1
Replies: 8
Views: 2984

Re: force ip cloud to update from WAN1

If that option existed you would very easily force cyclic data, Its better for the Tik to communicate back out the interface it receives the data especially for secure data.
I dont understand what you're saying, sorry
by marrold
Thu Sep 10, 2015 12:14 pm
Forum: Beginner Basics
Topic: ipsec error spam
Replies: 3
Views: 1450

Re: ipsec error spam

It could be someone attempting to brute force your VPN
by marrold
Wed Sep 09, 2015 5:13 pm
Forum: RouterBOARD hardware
Topic: Backup file compatibility
Replies: 8
Views: 3035

Re: Backup file compatibility

Only on old Firmware Versions.

On newer Firmware only with verbose the Mac Address will be copied.
Wow, I didn't know this. Is there a source / link ?
by marrold
Wed Sep 09, 2015 12:15 pm
Forum: Beginner Basics
Topic: Drop established connections after gateway in reachable
Replies: 3
Views: 1279

Re: Drop established connections after gateway in reachable

Please could you post your config?
by marrold
Tue Sep 08, 2015 10:27 pm
Forum: Wireless Networking
Topic: WPS & Mikrotik
Replies: 13
Views: 39083

Re: WPS & Mikrotik

This option exists but I can't test it -
/interface wireless wps-push-button
The hAP lite also has a WPS button
by marrold
Tue Sep 08, 2015 10:21 pm
Forum: RouterBOARD hardware
Topic: Mikrotik policy on the announcement and production of new products
Replies: 7
Views: 2360

Re: Mikrotik policy on the announcement and production of new products

Do you know any other manufacturer that has an open forum to debate and discuss new products? Apple release the same handset in a slightly different case with a handful of extra features that other handsets have had for years, and people go crazy and queue up to buy one. So long as Mikrotik are prof...
by marrold
Tue Sep 08, 2015 10:17 pm
Forum: Beginner Basics
Topic: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.
Replies: 26
Views: 7191

Re: L2TP client don't get a network settings from VPN server correctly - routing doesn't work.

I think it's a bit early to be screaming for Mikrotik Support.

What methods have you used to debug this issue? Do you have packet Captures?

What aren't you able to access on the remote side? Do you have a diagram?
by marrold
Tue Sep 08, 2015 8:53 pm
Forum: General
Topic: IPSec client without public IP
Replies: 7
Views: 3869

Re: IPSec client without public IP

basically you have a DynDNS style service for your remote site... run a script on your main site to grab the new IP and then update the IPSec policy, proposal, etc
The IPSEC server could generate a dynamic policy.

We could do with more information, or a network diagram ideally.
by marrold
Tue Sep 08, 2015 4:09 pm
Forum: General
Topic: IPSEC Policy doesn't seem to be matching - traffic is going out of default route.
Replies: 2
Views: 1012

Re: IPSEC Policy doesn't seem to be matching - traffic is going out of default route.

So I've made some more progress, the GRE tunnel isnt hitting the IPSEC Policy because it's coming from the wrong IP address. Does anyone know why this is? /tool sniffer> packet print # TIME INTERFACE SRC-ADDRESS DST-ADDRESS IP-PROTOCOL SIZE 0 0.322 WAN01 80.229.147.168 198.18.0.1 gre 84
by marrold
Tue Sep 08, 2015 1:04 pm
Forum: General
Topic: IPSEC Policy doesn't seem to be matching - traffic is going out of default route.
Replies: 2
Views: 1012

IPSEC Policy doesn't seem to be matching - traffic is going out of default route.

Hi all, Ive spotted an issue with my IPSEC policy matching and Im struggling to fix it. Currently traffic that should hit the policy is being sent out the default route. This same configuration is working on another router, and was working previously. The intention is that a IPSEC tunnel is configur...
by marrold
Tue Sep 08, 2015 2:23 am
Forum: Wireless Networking
Topic: [REQUEST] Raspberry Pi
Replies: 29
Views: 66071

Re: [REQUEST] Raspberry Pi

@marrold: Why ? Whats wrong with sandwich-like router+server. People are asking MikroTik for WWW, HSF+, print-server, AFP, barbecue grill, coffe-machine etc. integrated into RB. RB mAP 2n seems to be good start for such project. If you want a 'sandwich-like' router + server, get some half decent ha...
by marrold
Tue Sep 08, 2015 2:16 am
Forum: General
Topic: IPSec client without public IP
Replies: 7
Views: 3869

Re: IPSec client without public IP

I use something similar to the below, scheduled to run at a regular interval. The script assumes your "WAN" interface is called "01 - WAN". It also sets the policy src-address and dst-address to /32's assuming an L2TP connection is encrypted between the two. You could edit this i...
by marrold
Mon Sep 07, 2015 9:15 pm
Forum: General
Topic: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?
Replies: 17
Views: 3844

Re: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?

Sure, I'd only be updating the IP address everynow and then, but I'd also be querying it every 10 seconds too
by marrold
Mon Sep 07, 2015 9:01 pm
Forum: Wireless Networking
Topic: [REQUEST] Raspberry Pi
Replies: 29
Views: 66071

Re: [REQUEST] Raspberry Pi

Therefore we need directly connectable daughter RB board with all ROS features and RPi as backend/frontend...
Is this a joke?
by marrold
Mon Sep 07, 2015 7:12 pm
Forum: General
Topic: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?
Replies: 17
Views: 3844

Re: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?

This is essentially the plan, but it will need to integrate with a DNS server. I was hoping there was a semi made or partially made solution.
by marrold
Mon Sep 07, 2015 6:21 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 631780

Re: Feature requests

Ability to 'fetch' and save into variable without saving to file.

E.G -

$ curl ifconfig.co
45.212.4.56
by marrold
Mon Sep 07, 2015 6:18 pm
Forum: General
Topic: Nac or Nap Solution ?
Replies: 6
Views: 3244

Re: Nac or Nap Solution ?

Some kind of hack of Radius / 802.1x / user manager / LDAP / AD.

It would need scripts on both the PC and the Router, and probably else where.

It wouldn't be easy, but Im sure its achievable with the correct knowledge.
by marrold
Mon Sep 07, 2015 4:28 pm
Forum: General
Topic: 100% CPU load on Mikrotik RB2011 (download 280Mbps)
Replies: 9
Views: 5641

Re: 100% CPU load on Mikrotik RB2011 (download 280Mbps)

Vortex needs to post his configuration before his value has any relevance.
by marrold
Mon Sep 07, 2015 4:14 pm
Forum: Wireless Networking
Topic: [REQUEST] Raspberry Pi
Replies: 29
Views: 66071

Re: [REQUEST] Raspberry Pi

I doubt it will happen. Networking performance isn't great, it only has a single interface... what's the point?
by marrold
Mon Sep 07, 2015 2:55 pm
Forum: General
Topic: 100% CPU load on Mikrotik RB2011 (download 280Mbps)
Replies: 9
Views: 5641

Re: 100% CPU load on Mikrotik RB2011 (download 280Mbps)

That performance sounds realistic. The most I've seen is around 300 Mbps. You could see if FastPath / FastTrack will squeeze a few more MB/s out of it. Below are the performance test results visible on the routerboard.com website. In future Id suggest checking these to pick the correct router. http:...
by marrold
Mon Sep 07, 2015 2:09 pm
Forum: General
Topic: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?
Replies: 17
Views: 3844

Re: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?

I'm planning on going down the BIND route, but the dns-update command needs to know the address, which I can't discover without writing to a file, which I'm trying to avoid.
by marrold
Mon Sep 07, 2015 1:03 pm
Forum: General
Topic: Suggestion: Add a button to flush connections
Replies: 8
Views: 3546

Re: Suggestion: Add a button to flush connections

There are times when you want to flush/clear all connections and it is hard to do it, even with scripts.
What issues are you having with scripting this?
by marrold
Mon Sep 07, 2015 12:41 pm
Forum: General
Topic: ipsec + l2tp newbie Q.
Replies: 5
Views: 1403

Re: ipsec + l2tp newbie Q.

Please post your IPSEC configuration, and your external / internal IPs. A diagram would be great!
by marrold
Mon Sep 07, 2015 12:39 pm
Forum: General
Topic: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?
Replies: 17
Views: 3844

Re: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?

Every 10 seconds or so. I need to be able to check the external IP without / tool fetch writing to disk.

As far as I can tell, the best way to do this will be to run a Dynamic DNS server I can update with / tool fetch, then resolve the address.
by marrold
Mon Sep 07, 2015 10:23 am
Forum: General
Topic: Nac or Nap Solution ?
Replies: 6
Views: 3244

Re:

No. There is no such feature.
This is a pretty broad statement. There is no built-in feature, but it may be possible to add scripts etc that make it possible.
by marrold
Mon Sep 07, 2015 10:06 am
Forum: General
Topic: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?
Replies: 17
Views: 3844

Re: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?

I'm looking for self-hosted. A few scripts I've written in the past have hammered dynamic DNS services and they've either asked me to lower the requests, or asked for more money.
by marrold
Mon Sep 07, 2015 9:08 am
Forum: General
Topic: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?
Replies: 17
Views: 3844

Re: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?

Unfortunately the device has 3 WAN connections, so IP cloud won't work for all of them.
by marrold
Mon Sep 07, 2015 2:20 am
Forum: General
Topic: Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?
Replies: 17
Views: 3844

Are there any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT?

Hi All, Is anyone aware of any self-hosted (Open Source) Dynamic DNS services, that support devices behind NAT? I'm aware that RouterOS supports DNS updates using the below, but you have to supply the IP. /tool dns-update I'm not sure how I can discover the external IP without fetching a file and sa...
by marrold
Sun Sep 06, 2015 7:12 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 579
Views: 274408

Re: Cloud Hosted Router

Dear,
Can the Cloud Hosted Router itself be a Virtual Router with KVM?
I suppose this will depend in the future on the hosted provider.
Thanks,
Patrick
Yes it can. I'm using it in both KVM and QEMU.
by marrold
Sun Sep 06, 2015 1:27 pm
Forum: Announcements
Topic: Newsletter 67
Replies: 25
Views: 15752

Re: Newsletter 67

It looks like the wAP can replace the cAP entirely? Dual chain instead of single, 802.3af/at instead of passive, and we can install outdoors. Are there any advantages to the cAP?
Looks wise, the cAP would look a little nicer on the ceiling.
by marrold
Sun Sep 06, 2015 1:25 pm
Forum: General
Topic: Redundant Routers Help Needed....
Replies: 7
Views: 1779

Re: Redundant Routers Help Needed....

One other note, I'm unsure why the MAC would need to be the same on both WAN interfaces. I used to have a Virgin Media (UK) DOCSIS modem, and it would assign an IP to any MAC requesting it (Limited to one IP). The IP would change however.
by marrold
Sat Sep 05, 2015 11:09 pm
Forum: General
Topic: Redundant Routers Help Needed....
Replies: 7
Views: 1779

Re: Redundant Routers Help Needed....

VRRP won't do this on it's own. You'd probably have to script the DHCP lease renewal, and use VRRP internally.
by marrold
Sat Sep 05, 2015 5:49 pm
Forum: Announcements
Topic: Newsletter 67
Replies: 25
Views: 15752

Re: Newsletter 67

wAP : Single Band device in 2015? :-((
I suspect as per the hAP range, we should expect additional wAP announcements in the future
by marrold
Fri Sep 04, 2015 6:26 pm
Forum: RouterBOARD hardware
Topic: hAP lite housing
Replies: 21
Views: 6901

Re: hAP lite housing

Please, at least do not put hAP ac in such case...
My thoughts exactly
by marrold
Fri Sep 04, 2015 6:00 pm
Forum: Scripting
Topic: Maximum script character limitation
Replies: 5
Views: 3052

Re: Maximum script character limitation

I'm intrigued what your 30,000 line script is doing.
by marrold
Fri Sep 04, 2015 5:56 pm
Forum: RouterBOARD hardware
Topic: hAP lite housing
Replies: 21
Views: 6901

Re: hAP lite housing

I like the look of the new hAP lite case, but personally I prefer something that can rack mount, wall mount, or sit flat on a shelf. However for the hAP lite target market I think it's ideal.

But please, dont make the hAP Pro this upright design.
by marrold
Fri Sep 04, 2015 1:33 pm
Forum: Announcements
Topic: Newsletter 67
Replies: 25
Views: 15752

Re: Newsletter 67

Is the wAP directional?
by marrold
Fri Sep 04, 2015 10:50 am
Forum: Beginner Basics
Topic: Tagged abd Untagged VLAN on same port RB250GS
Replies: 4
Views: 2251

Re: Tagged abd Untagged VLAN on same port RB250GS

Is it possible in RouterOS? I have seen mixed information.

Thanks
by marrold
Fri Sep 04, 2015 1:46 am
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 202
Views: 64984

Re: v6.33rc1 release candidate

Maybe this would make people happy: Call rc Beta Call Current RC Call Bugfix Stable Surely if you want to use the word 'beta' then 'RC' should be 'alpha'? Personally I think people should stop b*tching about the new release schedule, be greatful on the fact it's better than the old system, and give...
by marrold
Thu Sep 03, 2015 4:35 pm
Forum: RouterBOARD hardware
Topic: Is any where still selling indoor enclosures / cases for the RB532 - ideally in Europe ?
Replies: 6
Views: 1934

Re: Is any where still selling indoor enclosures / cases for the RB532 - ideally in Europe ?

Thanks Honzam. Postage to the UK looks a little... expensive. But I will see what I can do.
by marrold
Thu Sep 03, 2015 4:32 pm
Forum: General
Topic: Bad Experience with Mikrotik regarding License Key ! ! !
Replies: 9
Views: 2278

Re: Bad Experience with Mikrotik regarding License Key ! ! !

License is bound to hard disk. If you need a license on a new disk, you need to buy a new license anyway. What support can offer, is discount for the new one, if you provide a clear description how or why your disk failed. I know this is not very good news, but this is how RouterOS licenses work. A...
by marrold
Thu Sep 03, 2015 4:27 pm
Forum: General
Topic: SNMP queries for MAC->port mapping table
Replies: 19
Views: 7859

Re: SNMP queries for MAC->port mapping table

/ interface bridge host print Shows which MAC address is attached to which bridged interface. But it doesn't look like you can pull this via SNMP [admin@#########] > / interface bridge host print Flags: L - local, E - external-fdb BRIDGE MAC-ADDRESS ON-INTERFACE AGE L Br-V129 D4:CA:6D:E7:58:73 Rest...
by marrold
Thu Sep 03, 2015 4:24 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 538
Views: 196616

Re: HAP AC

The excitement is building
by marrold
Thu Sep 03, 2015 2:42 pm
Forum: RouterBOARD hardware
Topic: Is any where still selling indoor enclosures / cases for the RB532 - ideally in Europe ?
Replies: 6
Views: 1934

Is any where still selling indoor enclosures / cases for the RB532 - ideally in Europe ?

Hi all,

A couple of RouterBoard 532's have turned up at work in outdoor cases that have been battered by the elements. Is there anywhere I can find new indoor enclosures? - ideally in Europe ?

Thanks
by marrold
Thu Sep 03, 2015 11:16 am
Forum: General
Topic: Bad Experience with Mikrotik regarding License Key ! ! !
Replies: 9
Views: 2278

Re: Bad Experience with Mikrotik regarding License Key ! ! !

Whilst I try to avoid negativity towards Mikrotik, this doesn't sound like a great experience. A recovery license may be required almost immediately to minimize down time and waiting weeks for a new one is baaad. As far as I know even buying a new license can take a while if your card is not verified.
by marrold
Thu Sep 03, 2015 2:46 am
Forum: Wireless Networking
Topic: Set Wireless to Station + AP Mode Simultaneous? WISP Client?
Replies: 78
Views: 80607

Re: Set Wireless to Station + AP Mode Simultaneous? WISP Client?

Has there been any change on this? I'm not overly familiar with the back-end of wireless, but is it not possible to utilize 1 'chain' of a dual chain wireless interface as a 'station' and the other as an 'ap' ?

I have an RB2011

Thanks
by marrold
Wed Sep 02, 2015 3:02 pm
Forum: Scripting
Topic: Failover with ADSL and 3G Modem
Replies: 1
Views: 1457

Re: Failover with ADSL and 3G Modem

Your configuration lists 8.8.8.8 as a gateway. As this is a Google DNS server, I don't think it's correct. It looks like you're behind double NAT which complicates matters. By default RouterOS will ping the gatway to check it's up, but in this case it's pinging your modem / router rather than the IS...
by marrold
Wed Sep 02, 2015 1:03 pm
Forum: General
Topic: Preventing IPSEC VPN Brute forcing
Replies: 3
Views: 3409

Re: Preventing IPSEC VPN Brute forcing

As an update, I've switched to rsa-signature authentication for the VPN, which is presumably almost impossible to brute force. I've also set L2TP to only be allowed from ipsec-policy=in,ipsec, so only IPSEC clients can connect. I'd still feel more comfortable if there was some form of brute force pr...
by marrold
Tue Sep 01, 2015 12:54 pm
Forum: General
Topic: Preventing IPSEC VPN Brute forcing
Replies: 3
Views: 3409

Re: Preventing IPSEC VPN Brute forcing

Thanks, unfortunately I'm not able to lock it down by IP address.
by marrold
Tue Sep 01, 2015 1:24 am
Forum: General
Topic: Preventing IPSEC VPN Brute forcing
Replies: 3
Views: 3409

Preventing IPSEC VPN Brute forcing

Hi,

Is there any way to help prevent IPSEC VPN or L2TP brute forcing?

Any thoughts appreciated.
by marrold
Tue Sep 01, 2015 1:05 am
Forum: Beginner Basics
Topic: Need to Know about?
Replies: 2
Views: 950

Re: Need to Know about?

Mikrotik does support SIP ALG -
/ ip firewall service-port set sip disabled=no
by marrold
Mon Aug 31, 2015 11:17 pm
Forum: General
Topic: /interface ethernet speed = 100Mbps???
Replies: 7
Views: 24868

Re: /interface ethernet speed = 100Mbps???

Try
/ Interface Ethernet Monitor 
It will show the speed the interface has auto-negotiated
by marrold
Thu Aug 27, 2015 11:58 pm
Forum: General
Topic: VLANs are the enemy of CCRs? CCR 1036 SFP+ 16gb
Replies: 2
Views: 1037

Re: VLANs are the enemy of CCRs? CCR 1036 SFP+ 16gb

How are you adding the VLANs?
by marrold
Wed Aug 26, 2015 5:41 pm
Forum: General
Topic: SIP phones - No audio between extensions. Inbound and outbound calls are fine.
Replies: 12
Views: 3801

Re: SIP phones - No audio between extensions. Inbound and outbound calls are fine.

Have you tried adding the below?
/ip firewall service-port set sip disabled=yes
by marrold
Wed Aug 26, 2015 4:22 pm
Forum: General
Topic: SIP phones - No audio between extensions. Inbound and outbound calls are fine.
Replies: 12
Views: 3801

Re: SIP phones - No audio between extensions. Inbound and outbound calls are fine.

I generally try and capture as much as possible but obviously in a high traffic environment it may be better to filter it by IP to minimize the size of the pcap. I usually recommend an internal and external packet capture in case the router is manipulating the traffic in anyway. Do you know what pla...
by marrold
Wed Aug 26, 2015 9:58 am
Forum: General
Topic: SIP phones - No audio between extensions. Inbound and outbound calls are fine.
Replies: 12
Views: 3801

Re: SIP phones - No audio between extensions. Inbound and outbound calls are fine.

It's impossible to fix the issue efficiently without diagnosing the cause. Do you have any SIP traces? I would expect your provider to of gathered these. I would suggest gathering a SIP trace either side of your router, using the below instructions, opening it in Wireshark and filtering out everythi...
by marrold
Tue Aug 25, 2015 12:31 am
Forum: Scripting
Topic: Problem with global variables with Scripts running from the scheduler
Replies: 5
Views: 4525

Re: Problem with global variables with Scripts running from the scheduler

I don't have this issue, but I have no evidence currently to back it up...
by marrold
Sun Aug 23, 2015 10:03 pm
Forum: General
Topic: ERROR in virtio disk driver in 6.31
Replies: 3
Views: 3126

Re: ERROR in virtio disk driver in 6.31

It works fine for me in QEMU / KVM. The supplied image is in .img format, I see you're using .qcow2. Did you convert it?
by marrold
Sat Aug 22, 2015 10:39 pm
Forum: Beginner Basics
Topic: Need Help: Switching and Vlans
Replies: 1
Views: 976

Re: Need Help: Switching and Vlans

If you want tagged vlan traffic on more than one interface, you need to use bridging. Here's an example for vlan 5 / interface vlan add interface=Ether1 vlan-id=5 name="Guest VLAN [Ether1]" / interface vlan add interface=sfpplus1 vlan-id=5 name="Guest VLAN [sfpplus1]" / interface...
  • 1
  • 2