MikroTik

zentavr

> *) x86 - fixed VLAN tagged packet transmit for igb (introduced in v7.12);
Unfortunately this had not been fixed. My VLANs at IGB and x86 not work at all :(

zentavr

DHCP served over a VLAN trunk is still a problem on x86. Rolled back to 7.11.2.

See here, and here (post 99) and SUP-134483.

Confirming that!

zentavr

mine also suffering the same problem...try to investigate further...it seems like there is a problem with outgoing dhcp offer packet tagging...wireshark on client not seeing any incoming dhcp packet...yet the if torch/sniff on mikrotik side, the outgoing dhcp packet exist... Confirming that - DHCP ...

zentavr

I'd caught the same issue after upgraded the x86 router from 7.11.2 to 7.13.1.
Nothing had been changed in the ROS config and/or the switches.

zentavr

I had to set up 127.0.0.1 as a CAPsMAN address at the router which should manage itself. It had been worked for years before without that.

zentavr

Tells me: `CAP did not find suitable CAPsMAN` CapsMAN setup: /interface wireless cap # set bridge=bridge-lan caps-man-addresses="" caps-man-certificate-common-names="" \ caps-man-names="" certificate=none discovery-interfaces=bridge-lan enabled=yes \ interfaces=wlan1,wl...

zentavr

I have RB4011iGS+5HacQ2Hnd and cAp ac at one building. I'd upgraded both to v7.13. CAPSMAN was installed at 4011. The problem is that wireless interfaces at cAP connected successfully to 4011, but 4011 cannot manage its own interfaces. The same issue with the standalone router RB2011UiAS-2HnD - it c...

zentavr

@zentavr - very helpful post. I am trying to emulate your recommendation, however I am confused about the parameters in the "if statement" - see below what does the ($hostname,'mtik-gw[0-9]+.example.com') reference? My host name is Mikrotik but I am not sure what 'mtik-gw[0-9] + example.c...

zentavr

You should be using BGP communities + RFC9234 to prevent route leaks. Not via AS-PATH.

Hello @DarkNate. How this could be realised with Mikrotik?

zentavr

Have the same issue with the regexp

zentavr

I'd think the check-gateway=ping on the 4.2.2.2 is enough with the recursive routing. e.g. check-gateway likely doesn't be on the starlink interface itself. The CGNAT will drop if there is no starlink & 4.2.2.2 recursive route is already checking internet connectivity. As for the check-gateway:...

zentavr

Put the Starlink in a separate VRF and work from there?
You could issue some health-check to eg. 8.8.8.8 across the Starlink-vrf and make some decisions from there?

Frankly speaking I hadn't worked with VRF at all. Would you be so kind to submit any recommendations to start with?

zentavr

Could care less about the config because more important are the requirements. What is WAn1 and what is WAn2 is it primary and failover? WAN is the PON connection which might be down because of electricity power loss. Starlink is the backup channel (we have Ecoflow battery for this kind of power out...

zentavr

Hi, I'm trying to set up Multi WAN mikrotik router where the second ISP is Starlink with ethernet adapter. The issue is that Starlink provides the default gateway 100.64.0.1 (mac address `00:00:5E:00:01:01`) which does not reply at icmp requests. I guess that they use some kind of a load balancing/o...

zentavr

We had sent the supout file to the support and they advised us to replace the device

zentavr

Your Radio MAC is set to 00 so the default script does not work. It looks like a hardware problem, please contact technical support. The error message says that you cannot set the universal MAC 00 must be set individually. The interface MAC and radio MAC are the same from the factory. Try to set MA...

zentavr

I would:

Uninstall wifiwav2 package and install it next

Reset, no default configuration

Netinstall

RMA

did that - no luck. I'd formatted the drive and used NetInstall - did not help as well

zentavr

Saying at this video (10:24) the guy just upgraded the firmware to v7.10 and enabled 2 interfaces. When I enable 2.4Ghz wlan - it fails.

zentavr

I would: Uninstall wifiwav2 package and install it next Reset, no default configuration Netinstall RMA When I’d uninstalled wifiwave2, there were no wifi interfaces at all. When I put the npk package back I had the same problem. What I hadn’t tried is to do the reset without wifiwave2 package. Offi...

zentavr

Dont have a capax but suspect tha wlan1 is 2.4ghz and cant be changed and wlan2 is 5ghz and cant be changed. If you need virtual wlans, 2.4ghz master is wlan1 and 5ghz master is wlan2 etc... If not happy with capax, I will pay postage to send to me, what to make a video (demolishing capAX products ...

zentavr

Looks broken, I'd RMA.

Sorry, I didn’t catch that.

zentavr

At least the MAC address is incorrect...can you correct that?

When I’m trying to change the MAC, I have an error “ must specify exactly one of radio-mac and master interface”

zentavr

When I perform reset without any configuration - I cannot enable the interface as well.

02.png

zentavr

I have cAp ax router and cannot understand how to enable 2.4GHz interface. There are 2 interfaces in the wifiwave2 list, but the second is disabled. When I reset the router - the default script apply process fails. 01.jpg When I try to set up the interface manually (saying, put the mac-address manua...

zentavr

Instead use wireguard for mobile users coming in, reduce conflict.

Franly speaking it's not an option for less advanced users. IKEv2 is available from the box on iOS, Windows, MacOS and Linux if needed.

zentavr

I was able to fix that by setting up none as pfs-group in ipsec proposals. /ip ipsec mode-config add address-pool=ipsec-pool address-prefix-length=32 name=ipsec-user-networks split-dns=192.168.10.1 split-include=192.168.10.0/24,172.16.8.0/24 /ip ipsec policy group add name=office /ip ipsec profile a...

zentavr

Hi. I have a picture of something like this: Users (Windows/Mac/Linux) ==> Mikrotik (Has Own IPSec in passive mode with NAT-T enabled, Also does NAT) ===> Internet ====> Some Other IPSec servers out of our control Road-warriors which work from home could connect to my Mikrotik without any problems b...

zentavr

So... The MBRs of CHR and x86 differ: 1. At 0x00000100 there are 12 bytes of serial+something. 10 bytes of serial itself (the value without newline) is a hex (just text string) locates in ${ROS_DIR}/nova/etc/serial 2. At 0x00000150 CHR has 01 , x68 has 00 3 At 0x000001db There are 2 bytes.. x86 has ...

zentavr

It looks like the CHR image does not have anything related to the serial numbers. I'd compared first 1024 bytes of both disks and there is a serial number (10 bytes) at the offset 0x0000100 + 2 other bytes (checksum? signature?) is available at the disk which was created by the installer.

zentavr

It's better to do install locally in a VM (use same size/type of virtual disk as later in real machine) then after setup finishes, shut it down and DD the disk contents to a real machine disk. It should boot and even without any special autorun.scr it should be accessible over LAN for further confi...

zentavr

It's better to do install locally in a VM (use same size/type of virtual disk as later in real machine) then after setup finishes, shut it down and DD the disk contents to a real machine disk. It should boot and even without any special autorun.scr it should be accessible over LAN for further confi...

zentavr

Hello, I have a server somewhere in the overseas office where I need to Install RouterOS 7. It has Ubuntu 22.04 currently. I wonder if there is a method which I can use and do an unattended installation? I have no KVM there unfortunately. I downloaded install-image-7.11.2.zip , mounted and can see: ...

zentavr

@heney99079 - where had you set that? on RouterOS side or on Apple side?

zentavr

We have Mikrotik on x86 server. There are also 3 BGPv4 full views and approximately 2k users behind the router.

Periodiaclly server either hangs or gets rebooted itself because out of RAM. Is it any specific way to make it see more than 2Gb of RAM?

zentavr

If someone has a BGP session with the peer - you can try to set up BGP blackholes and ban the IPs at the upstreams.
I wrote a helper to do that: viewtopic.php?f=9&p=833482#p833482

zentavr

There is a wiki article , help article and a forum topic regarding how to detect DDoS attack. The problem is that if you have 1Gbps/1Gbps Tx/Rx pipe with your provider and ban someone at your router - that does not help much if someone strikes from the canon with 2G to your /32 of /24 network space....

zentavr

There is also a feature which allows you to set up the icon: https://apple.stackexchange.com/questio ... tor-script

The icon could be downloaded from here: https://imgbin.com/download-png/j73uNt7L

zentavr

We are aware and are working on all of that.

I wonder if there is any 64-bit executable of WinBox available? 32-bit executable cannot be executed with wine at Catalina

zentavr

Noticed that Mikrotik's counter in RADIUS tab increases. When the amount of pending requests goes really high (~23k) - the server stops to origin any requests.

zentavr

* Fixed a bug with BGP disabled peer monitoring
* Added a module which shows the counters for bytes/packets for Firewall rules (rules must have a comment which should start with ZBX word).

zentavr

We have RouterOS at x86 server installed and using that as a HotSpot instance for our customers. We have up to 2000 customers at peaks. We use: * HotSpot with RADIUS (radius as a standalone server) * DHCP with Radius * Shaping * Netflow export via UDP After some time (from 7 to 14 days) the server b...

zentavr

First of all - tune your Mikrotik to be able to forward the logs to the remote syslog server (check Mikrotik's firewall as well). At the syslog side (in my case it was Ubuntu 16.04 with rsyslog 8.x) set up rsyslog to be able to accept the remote events. Add/uncomment at rsyslog.conf : # provides UDP...

zentavr

Added IRQ monitoring and charts yesterday.

zentavr

I have implemented the code for BGP and RADIUS monitoring in Python.
You can find the details in this topic.

zentavr

I have implemented the code for BGP and RADIUS monitoring in Python.
You can find the details in this topic.

zentavr

Hi there, I have implemented the code in Python 2.7.13 which fetch the BGP Counters and RADIUS Client Counters via API. The main reason is why this code was born is that Mikrotik's vendor does not hurry with implementing SNMP OIDs for the certain interesting counters :(. SSL and plain API connection...

zentavr

I have implemented the code in Python 2.7.13 which fetch the BGP Counters via API. SSL and plain API connections are supported. The code is available on Github or Bitbucket The next BGP counters are being monitored: * Remote AS * Prefix Count * Administrative status of the peer: enabled/disabled * P...

zentavr

Seems like Mikrotik-Address-List could be populated during the login but not CoA.
CoA gets failed with "Radius CoA already in progress" in the logs.

Mikrotik 6.42.4 x86

zentavr

Ok, I set up MTU of 1300 for vif interface, which is attached to that virtual machine. Probably this is an another error, but the machine hanged too :( [Ctrl-A is the prefix key] [ 0.000000] Linux version 3.10.49 (zentavr@zentavr-ig) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r44162) ) #2 Su...

zentavr

virtual machine dies periodically with hangings or kernel panic. I have RB951G-2HnD (mipsbe) — RouterOS 6.25 as a host system. root@OpenWrt:/# passwd Changing password for root New password: Retype password: Password for root changed by root root@OpenWrt:/# [ 0.000000] skbuff: skb_over_panic: text:c...

zentavr

Upgrading to the latest 6.17 didn't help

zentavr

...I wonder: how oftenly are the posts being approved?
I posted a big explanation before and it is still does not there

zentavr

Here is more description: network_schema.PNG FreeBSD 10.0 Stable has racoon onboard. Firewall is done in that way: [root@secure1 ~]# ipfw sh ipfw: DEPRECATED: 'sh' matched 'show' as a sub-string 00001 28412 55074783 allow ip from any to any via lo0 00002 0 0 deny ip from any to 127.0.0.0/8 00003 0 0...

zentavr

I have two offices which I want to connect using IPSec tunneling. Main office has FreeBSD 10 as a gateway (10.10.8.0/21), my office has Mikrotik device (6.16rc18) (172.16.30.0/24). Remote office has several networks inside, so i need to use BGP sessions in order to let remote side know my networks. ...

Search found 54 matches