Community discussions

Search found 44 matches

by ATROX
Mon Mar 25, 2019 7:27 am
Forum: SwOS
Topic: CRS328-24P-4S+ Link Downs, Port Isolation, FAN Error
Replies: 14
Views: 1717

Re: CRS328-24P-4S+ Link Downs, Port Isolation, FAN Error

I confirm. After the update to FirmWare to 6.44 and boot SwOS - all problems are resolved. Uptime 10 days.
by ATROX
Mon Mar 11, 2019 7:29 am
Forum: SwOS
Topic: CRS328-24P-4S+ Link Downs, Port Isolation, FAN Error
Replies: 14
Views: 1717

Re: CRS328-24P-4S+ Link Downs, Port Isolation, FAN Error

Time passes and a critical error is not FIXED!!!
by ATROX
Fri Feb 22, 2019 7:23 am
Forum: SwOS
Topic: CRS328-24P-4S+ Link Downs, Port Isolation, FAN Error
Replies: 14
Views: 1717

Re: CRS328-24P-4S+ Link Downs, Port Isolation, FAN Error

Problem on CRS328-4C-20S-4S+
Everything freezes!
Developers - FIX it!
by ATROX
Fri Sep 21, 2018 6:56 pm
Forum: SwOS
Topic: CSS326-24G-2S+ SwOS 2.8 SFP won't link.
Replies: 2
Views: 836

Re: CSS326-24G-2S+ SwOS 2.8 SFP won't link.

on the model CRS328-4C-20S-4S+ in general, all optical SFP 1G does not work!
I sent an application for support
by ATROX
Thu Apr 12, 2018 8:56 am
Forum: The Dude
Topic: Can not upload files
Replies: 6
Views: 1435

Re: Can not upload files

All. The problem is solved. RTFM ...
by ATROX
Thu Apr 12, 2018 8:17 am
Forum: The Dude
Topic: Can not upload files
Replies: 6
Views: 1435

Re: Can not upload files

I can not upload files to the directory with Doude
icon plus no at all
You must use winbox for that, the client do not upload anything
The same is not possible. Here is the error when moving the file:
Image
by ATROX
Wed Apr 11, 2018 3:07 pm
Forum: The Dude
Topic: Can not upload files
Replies: 6
Views: 1435

Can not upload files

I can not upload files to the directory with Doude
Image
icon plus no at all
by ATROX
Wed Feb 21, 2018 10:50 am
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 125
Views: 27878

Re: v6.41.2 [current]

ap - cAP ac (RouterBOARD cAP Gi-5acD2nD)
ARP table - empty
Current Tx Power 2GHz - empty

OS - 6.41.2

The new chips have a new method of obtaining power data. not yet supported Route OS.
MikroTik support answered
by ATROX
Tue Feb 20, 2018 7:28 am
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 125
Views: 27878

Re: v6.41.2 [current]

ap - cAP ac (RouterBOARD cAP Gi-5acD2nD) OS - 6.41.2 Some clients are disconnected from the point here with such an error: disconnected, extensive data loss and disconnected, received disassoc: sending station leaving (8) I settings many MicroTick AP. The settings are the same everywhere, it's on th...
by ATROX
Mon Feb 19, 2018 11:01 am
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 125
Views: 27878

Re: v6.41.2 [current]

ap - cAP ac (RouterBOARD cAP Gi-5acD2nD) ARP table - empty Current Tx Power 2GHz - empty OS - 6.41.2 https://d.radikal.ru/d14/1802/f1/8e414dc04fc6.jpg https://d.radikal.ru/d08/1802/c3/ffbb80cefeb8.jpg https://b.radikal.ru/b41/1802/46/6239a2d169c0.jpg Real IPQ4019 ??? In specification - IPQ4018. http...
by ATROX
Wed Nov 15, 2017 2:53 pm
Forum: SwOS
Topic: stacking MikroTik on SwOS v2.x or RouteOS v6.x how?
Replies: 2
Views: 734

stacking MikroTik on SwOS v2.x or RouteOS v6.x how?

How to combine multiple devices into a stack?
In cisco it is possible
If the solution is in the wiki or on the forum, please give me a link.
I really need it!
by ATROX
Mon Oct 02, 2017 11:40 am
Forum: General
Topic: How to exclude log from memory?
Replies: 0
Views: 371

How to exclude log from memory?

I created a rule for logging in a firewall. http://s010.radikal.ru/i314/1710/ab/54dad76e2cc3.jpg I also created a logging rule for this prefix (it-02) on the remote host. http://s46.radikal.ru/i111/1710/32/8e238d7722fb.jpg But, since these logs have also the status of info they are written in the me...
by ATROX
Fri Sep 08, 2017 4:32 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

My great gratitude to tomfisk.
Thanks to his article, I received a powerful and flexible system.
Just what I wanted.
Thank you to the MicroTik team for their RouteOS.
In general, thank you guys!
by ATROX
Wed Aug 30, 2017 5:02 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

It's me again ... I run suricata_block.pxp from the command line: php -f /usr/bin/suricata_block.php He gives me this in the console: PHP Warning: mysqli_free_result() expects parameter 1 to be mysqli_result, boolean given in /usr/bin/suricata_block.php on line 157 sh: /usr/sbin/sendmail: No such f...
by ATROX
Wed Aug 30, 2017 5:01 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

suricata_block.php adds the following addresses to MikroTik: But it's not right! http://s015.radikal.ru/i333/1708/ee/dde1c09213e9.png How to fix? I decided it myself. I did not use the correct trigger. The correct trigger (the contents of the trigger_code.sql file): DELIMITER ;; CREATE TRIGGER `aft...
by ATROX
Wed Aug 30, 2017 4:05 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

suricata_block.php adds the following addresses to MikroTik:
But it's not right!
Image
How to fix?
by ATROX
Wed Aug 30, 2017 3:59 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

It's me again ... I run suricata_block.pxp from the command line: php -f /usr/bin/suricata_block.php He gives me this in the console: PHP Warning: mysqli_free_result() expects parameter 1 to be mysqli_result, boolean given in /usr/bin/suricata_block.php on line 157 sh: /usr/sbin/sendmail: No such fi...
by ATROX
Wed Aug 30, 2017 3:25 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

You must have MySQL version 5.7.5 or greater. I believe you will need to disable the ONLY_FULL_GROUP_BY sql_mode with the following: sudo nano /etc/mysql/my.cnf Add this to the end of the file [mysqld] sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_C...
by ATROX
Wed Aug 30, 2017 2:33 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

OK. I drop trigger: mysql> use snorby; mysql> drop trigger `after_iphdr_insert`; run barnyard2. Everything is great. He works! Aug 30 14:22:47 sv-ips-01 barnyard2: --== Initialization Complete ==-- Aug 30 14:22:47 sv-ips-01 barnyard2: Barnyard2 initialization completed successfully (pid=11329) Aug 3...
by ATROX
Wed Aug 30, 2017 12:46 pm
Forum: General
Topic: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)
Replies: 183
Views: 73473

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

Very much I ask - help! Everything was done step by step. After creating the table, sigs_to_block and TRIGGER barnyard2 stopped writing to the database. Ends with an error: Aug 30 11:43:14 sv-ips-01 barnyard2: FATAL ERROR: database mysql_error: In aggregated query without GROUP BY, expression #2 of ...
by ATROX
Tue Jan 10, 2017 8:45 am
Forum: General
Topic: OpenVPN client reports expired certificate even it is valid almost 10 years
Replies: 24
Views: 7501

Re: OpenVPN client reports expired certificate even it is valid almost 10 years

No certificates are printed: # CERT LAST-UPDATE NUM REVOKED URL OK. All right. Check CRL distribution point of root certificates and server and users. And read this: https://en.wikipedia.org/wiki/Certificate_revocation_list
by ATROX
Mon Jan 09, 2017 1:39 pm
Forum: General
Topic: OpenVPN client reports expired certificate even it is valid almost 10 years
Replies: 24
Views: 7501

Re: OpenVPN client reports expired certificate even it is valid almost 10 years

No. Comand certificate crl print !!... Thu Dec 22 13:16:45 2016 us=67242 OpenSSL: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired See CRL settings in your root certificate and users! He expired! NewTerminal. >certificate crl print E - expired I printed all certificates wi...
by ATROX
Thu Dec 29, 2016 3:56 pm
Forum: General
Topic: OpenVPN client reports expired certificate even it is valid almost 10 years
Replies: 24
Views: 7501

Re: OpenVPN client reports expired certificate even it is valid almost 10 years

Thu Dec 22 13:16:45 2016 us=67242 OpenSSL: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired

See CRL settings in your root certificate and users! He expired!
NewTerminal.
>certificate crl print
E - expired
by ATROX
Mon Jul 25, 2016 11:16 am
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 41214

Re: v6.36 [current] is released!

After updating to version 6.36 router reboots endlessly
CCR1036-12G-4S
Now version 6.35rc21

Image
by ATROX
Wed Jun 03, 2015 1:47 pm
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 49005

Re: v6.29 released

Dear MikroTik Support.
After upgrading to v6.29.1 IPsec automatically not UP. Only after Kill Connections.
Fix please!
In v6.28 the same situation.
In v6.27 - good, IPsec auto UP.
by ATROX
Tue Mar 24, 2015 1:24 pm
Forum: Announcements
Topic: v6.28 final RC testing
Replies: 92
Views: 31093

Re: v6.28 final RC testing

I have 15 IPsec tunnels.
Sometimes IPsec tunnels is down!
Kill connections, flush installed SAs, reboot - no help!!!
Please fix IPsec!
Image
Developers big request - fix IPsec errors...
by ATROX
Mon Mar 16, 2015 9:41 am
Forum: Announcements
Topic: RouterOS v6.27 released
Replies: 273
Views: 99271

Re: RouterOS v6.27 released

I use about 15 IPsec tunnels
Sometimes IPsec is down. Reboot, kill connetctions and flush SAs do not help. Rarely identify problems. Developers - Check the IPsec please!
Router OS v6.27
CCR1036-12G-4S and RB951G-2HnD
by ATROX
Mon Jul 07, 2014 9:31 am
Forum: General
Topic: BUG was found. IPsec works not stable
Replies: 12
Views: 1792

Re: BUG was found. IPsec works not stable

Error repeated exactly. Sending log files. The tunnel not up.
Fix please!
by ATROX
Thu Jun 26, 2014 8:09 am
Forum: General
Topic: BUG was found. IPsec works not stable
Replies: 12
Views: 1792

Re: BUG was found. IPsec works not stable

What was the ticket number?
Ticket#2014062566000221
by ATROX
Wed Jun 25, 2014 2:08 pm
Forum: General
Topic: BUG was found. IPsec works not stable
Replies: 12
Views: 1792

Re: BUG was found. IPsec works not stable

Well, this is by 'design' and not a bug. You should explicitly take precautions to keep the tunnel up. On Juniper and Cisco you need to do the same thing. An IPSEC tunnel only stays up when there is traffic. Yes, IPsec tunnel stays down if there is no traffic. But he must stays up if traffic starts...
by ATROX
Wed Jun 25, 2014 1:50 pm
Forum: General
Topic: BUG was found. IPsec works not stable
Replies: 12
Views: 1792

Re: BUG was found. IPsec works not stable

set a ping script like /ping <remote private IP> src-address=<local private IP> count=10 and run it every 5 minutes or so... I've had the same issue when there was no traffic through the tunnels and that sorted it cheers Thank you. But this is not the solution. Tunnel should work without this scrip...
by ATROX
Wed Jun 25, 2014 9:56 am
Forum: General
Topic: BUG was found. IPsec works not stable
Replies: 12
Views: 1792

Re: BUG was found. IPsec works not stable

Duplicate topic? Have you sent message to support?
Sute on a separate issue. I really left the same message in another topic. But it is to discuss the new version. Yes, I sent a message to support.
by ATROX
Wed Jun 25, 2014 9:00 am
Forum: General
Topic: BUG was found. IPsec works not stable
Replies: 12
Views: 1792

Re: BUG was found. IPsec works not stable

I updated every 6.15.
6.15 between the same problem.
by ATROX
Wed Jun 25, 2014 8:57 am
Forum: General
Topic: v6.15 released
Replies: 302
Views: 102552

Re: v6.15 released

I saw the same between 6.13 and 6.15.
I updated every 6.15.
6.15 between the same problem.
by ATROX
Wed Jun 25, 2014 8:47 am
Forum: General
Topic: v6.15 released
Replies: 302
Views: 102552

Re: v6.15 released

BUG was found. IPsec works not stable There are several tunnels IPsec. Regardless of time and without changing any settings tunnels stop working. In the settings you can see that the key exchange in one direction occurs, but the traffic flow is not (IP->IPsec->Installed SAs-> some key->Current Bytes...
by ATROX
Wed Jun 25, 2014 8:45 am
Forum: General
Topic: BUG was found. IPsec works not stable
Replies: 12
Views: 1792

BUG was found. IPsec works not stable

There are several tunnels IPsec. Regardless of time and without changing any settings tunnels stop working. In the settings you can see that the key exchange in one direction occurs, but the traffic flow is not (IP->IPsec->Installed SAs-> some key->Current Bytes=0 ) . After several reboots tunnel re...
by ATROX
Thu Nov 14, 2013 9:28 am
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72210

Re: RouterOS v6.6 released

Bug found. If i connected over SSTP in my Enterprise LAN, and begining download file over 400 MByte - my connection is lost. And i can not connection over SSTP - system messages: wrong login or password. After 10-20 minutes is OK, i can connection over SSTP. Fix please. Over PPTP connection - no err...
by ATROX
Wed Nov 06, 2013 1:27 pm
Forum: General
Topic: 6.5 released!
Replies: 185
Views: 68917

Re: 6.5 released!

what is "Hw. Fast Path"? What RouterBoard supports it? Look This (on wiki of mikrotik) Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly. For fast path to work, interface support and specific configuration conditions a...
by ATROX
Wed Nov 06, 2013 8:27 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Changelog RouterOS 6.6
Replies: 33
Views: 14719

Re: Changelog RouterOS 6.6

  • What's new in 6.6 (2013-Nov-01 15:16):
    ...
    *) fixed arp-reply only with more than one ip address on interface;
    ...
MT team, can you tell me if the problem here fixed or not?

Thank you
Thank you!!!
And more...
Thank you!!!
by ATROX
Tue Nov 05, 2013 2:40 pm
Forum: General
Topic: 6.5 released!
Replies: 185
Views: 68917

Re: 6.5 released!

Something has seriously got to be done about how these are released. I killed a brand new 2011 upgrading it before a new installation this week. Please, please stop releasing features until what exists now works 100%. It's killing my faith in the stuff, and I'm starting to have fond memories of Cis...
by ATROX
Fri Oct 25, 2013 9:09 am
Forum: General
Topic: 6.5 released!
Replies: 185
Views: 68917

Re: 6.5 released!

PPP (VPN) Bag - Fix Please!
After some time, all of the accounts disappear in the PPP-> Secrets. Users can not install the VPN connection. Appear after the restart.
CCR1016-12G
MikroTik RouterOS v6.5
by ATROX
Fri Oct 25, 2013 9:05 am
Forum: General
Topic: PPP (VPN) Bag - Fix Please!
Replies: 1
Views: 594

PPP (VPN) Bag - Fix Please!

After some time, all of the accounts disappear in the PPP-> Secrets. Users can not install the VPN connection. Appear after the restart.
CCR1016-12G
MikroTik RouterOS v6.5
by ATROX
Tue Oct 15, 2013 9:25 am
Forum: General
Topic: Multiple IP addresses on ISP NIC Problem!
Replies: 0
Views: 339

Multiple IP addresses on ISP NIC Problem!

Multiple IP addresses on ISP NIC Problem! I add multiple addresses per interface (WAN) on the same subnet. I used IPv4. Only one IP (first) available from global network (ping, traceroute etc). I desable all IP addresses on nic and enable only one. This IP becomes available from global network. So d...
by ATROX
Mon Oct 14, 2013 2:37 pm
Forum: General
Topic: Multiple IP addresses on ISP NIC Problem!
Replies: 0
Views: 351

Multiple IP addresses on ISP NIC Problem!

I add multiple addresses per interface (WAN) on the same subnet. Only one IP (first) available from global network (ping, traceroute etc). I desable all IP addresses on nic and enable only one. This IP becomes available from global network. So do all in turn Then turn on all. All IP becomes availabl...