Community discussions

Search found 39 matches

by midenok
Mon Apr 22, 2019 11:48 pm
Forum: General
Topic: How to Self-Sign SSL Certificate and Activate HTTPS
Replies: 4
Views: 10731

Re: How to Self-Sign SSL Certificate and Activate HTTPS

Is it possible to do passwordless login via certificates?
by midenok
Thu Jul 14, 2016 7:47 pm
Forum: General
Topic: Bug? Putting bridge to mesh disconnects 2 switches.
Replies: 0
Views: 331

Bug? Putting bridge to mesh disconnects 2 switches.

Just to note, may be a bug or may be not. 2 switches connected to bridge. Work fine, ping goes from switch A to switch B. Now we add bridge to mesh -- ping stops from switch A to switch B, but goes fine to other devices in mesh (f.ex from switch A to wlan0, from switch B to wlan0).
by midenok
Tue Apr 26, 2016 8:37 am
Forum: Scripting
Topic: Cant read file large then 4085 bytes
Replies: 9
Views: 3998

Re: Cant read file large then 4085 bytes

Hey, this means I can't parse files??? No other ways to read by chunks? I want to parse http://txt.proxyspy.net/proxy.txt Unfortunately not if the contents is > 4kb. You could setup an external service to transform the data into a RouterOS string via local variable. This would allow you to consume ...
by midenok
Mon Apr 25, 2016 7:47 pm
Forum: General
Topic: Feature request: Scripting language improvement
Replies: 18
Views: 4255

Re: Feature request: Scripting language improvement

At least, make the ability to parse any size of text files (by removing 4k limitation or reading by chunks).
Or make /tool fetch to output into array of lines.
Fix this bug.
Or if you don't want to fix any the above, make LUA available!
by midenok
Mon Apr 25, 2016 7:40 pm
Forum: Scripting
Topic: Cant read file large then 4085 bytes
Replies: 9
Views: 3998

Re: Cant read file large then 4085 bytes

Hey, this means I can't parse files??? No other ways to read by chunks? I want to parse http://txt.proxyspy.net/proxy.txt
by midenok
Tue Mar 29, 2016 6:04 am
Forum: Wireless Networking
Topic: What is WDS limitaiton with Wireless N
Replies: 22
Views: 6434

Re: What is WDS limitaiton with Wireless N

Thanks! One more question: can AP work at different speeds simultaneously? F.ex. at 54m with client and at 300m P-to-P. Or it is the same restriction: one radio module -- one tx speed?
by midenok
Mon Mar 28, 2016 7:43 am
Forum: Wireless Networking
Topic: What is WDS limitaiton with Wireless N
Replies: 22
Views: 6434

Re: What is WDS limitaiton with Wireless N

But keep in mind Nstreme is a lot faster. 802.11n is not that effective algorithm.
Can I use Nstreme for Point-to-Point and 802.11 for regular client connection simultaneously?
by midenok
Sun Mar 27, 2016 4:20 pm
Forum: Wireless Networking
Topic: What is WDS limitaiton with Wireless N
Replies: 22
Views: 6434

Re: What is WDS limitaiton with Wireless N

try udp test
Mmm... This was udp test (of course)/
by midenok
Sat Mar 26, 2016 2:01 pm
Forum: Wireless Networking
Topic: What is WDS limitaiton with Wireless N
Replies: 22
Views: 6434

Re: What is WDS limitaiton with Wireless N

WDS over every hop cuts the bandwidth in half. Could you explain your problem. I have WDS-mesh between 2 hops (SXT 2nD r2, 2011UAS-2HnD), WPA2, distance 20 meters. hop A: 0 interface=wlan1 radio-name="D4CA6DAB65F0" mac-address=D4:CA:6D:AB:65:F0 ap=yes wds=yes bridge=no rx-rate="300Mbps-40MHz/2S/SGI...
by midenok
Sat Mar 26, 2016 3:16 am
Forum: Wireless Networking
Topic: What is WDS limitaiton with Wireless N
Replies: 22
Views: 6434

Re: What is WDS limitaiton with Wireless N

Is this ever going to be fixed? I can only get 30 Mbps of advertised 300 Mbps.
by midenok
Tue Mar 22, 2016 2:28 pm
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

Re: WDS WPA2 problems

Dynamic Mesh automatically creates WDS tunnel and it somehow works fine!!! From yesterday 0 link downs!!!
by midenok
Tue Mar 22, 2016 6:29 am
Forum: Scripting
Topic: Bug? '/system ssh' asks for password ignoring private key file!
Replies: 1
Views: 967

Bug? '/system ssh' asks for password ignoring private key file!

This is an old topic. I still have the same issue! Reproduce sequence: ssh-keygen -q -t dsa -f script.dsa -C "Mikrotik script" -N 'abcdef' cp script.dsa.pub script.dsa.x.pub scp script.dsa* router: /user remove [find name="script"] group remove [find name="script"] ssh-keys remove [find user="script...
by midenok
Mon Mar 21, 2016 5:30 pm
Forum: General
Topic: Conditional DNS forwarding
Replies: 17
Views: 35312

Re: Conditional DNS forwarding

Hi, This is definitely not a beta issue (actually not issue at all) and this topic is also quite old, but I reuse it anyway.. Explained method really works (although I would really appreciate more straightforward way to do this), but is it possible (I pretty sure it is, but my regexp-skilz are just...
by midenok
Wed Dec 09, 2015 6:19 pm
Forum: General
Topic: mark-packet action can skip packets!
Replies: 6
Views: 676

Re: mark-packet action can skip packets!

Good imagination, but no. I see all counters, none of them gets increased (and no such rule 'established').
by midenok
Wed Dec 09, 2015 12:10 am
Forum: General
Topic: mark-packet action can skip packets!
Replies: 6
Views: 676

Re: mark-packet action can skip packets!

This can't catch anything: chain=forward action=accept p2p=bit-torrent protocol=udp log=no log-prefix="" It catched 1724 bytes from total of 120 Mb download. I had encryption disabled in my client. And this catches well (all bytes were catched): chain=forward action=accept protocol=udp port=6871-688...
by midenok
Mon Dec 07, 2015 9:57 pm
Forum: General
Topic: mark-packet action can skip packets!
Replies: 6
Views: 676

Re: mark-packet action can skip packets!

I checked both variants. Router doesn't do conntrack on UDP, at least for bittorrent. Anyway, what is UDP connection in terms of conntrack? I don't fully understand...
by midenok
Mon Dec 07, 2015 9:39 pm
Forum: General
Topic: mark-packet action can skip packets!
Replies: 6
Views: 676

mark-packet action can skip packets!

I test rule which catches torrent traffic (udp packets). When rule action is 'accept' everything is ok -- bytes counter is adequate to downloaded torrent. But when I change action to mark-packet -- rule byte counter is >90% lower than actual download. So, it skips >90% of packets!
by midenok
Sat Dec 05, 2015 3:43 pm
Forum: Beginner Basics
Topic: Prioritize traffic going to different interfaces
Replies: 0
Views: 418

Prioritize traffic going to different interfaces

For example, we have regular clients sitting on wlan1 and Bittorrent client sitting on eth2. They access Internet via eth1. Bittorrent download traffic should be given lowest priority. So, that Bittorrent download on eth2 will not hinder regular traffic on wlan1. Of course, we cannot prioritize it o...
by midenok
Fri Dec 04, 2015 2:15 pm
Forum: Scripting
Topic: Command to create directory?
Replies: 4
Views: 9201

Command to create directory?

I just don't get it. Isn't there a straight way to create a directory except "shaman dance" that Google suggests?
by midenok
Tue Nov 17, 2015 10:07 pm
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

Re: WDS WPA2 problems

Some more discoveries: 1. 'Security Profile: none' in Connection List means Security Profile from wlan interface is used. Somehow, it connects much better when 'Security Profile: none' is in Connection. The link in Registration still shows WPA2. 2. There should be Connection List entry only on one s...
by midenok
Tue Nov 17, 2015 1:32 pm
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

Re:

My wds links between APs work with wpa2. I just do not use the physical interface at all (not member of bridges, no ip) just running virtual APs with their own mac addresses different from physical wlan. Try this too. This just proves the instability of WPA code in Mikrotik firmware. I synchronized...
by midenok
Mon Nov 16, 2015 2:46 pm
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

Re: WDS WPA2 problems

It's too early to celebrate... Though it scarcely connects, the connection is very unstable! There were no any problems with clients, the signal is very strong, SNR > 40 dB, distance between points is several meters. Nevertheless, points cant hold stable WDS connection. Tried too many variations: AP...
by midenok
Sun Nov 15, 2015 8:29 pm
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

Re: WDS WPA2 problems

Finally, I managed to establish WDS WPA2 link. Here are my conlusions: 1. SSIDs of WDS-enabled interfaces must match. WDS Ignore SSID flag doesn't help ! This is not true for non-WPA links, I guess. 2. Security profiles of APs and WDSs must be identical including pre-shared key! So, it is impossible...
by midenok
Sun Nov 15, 2015 4:52 pm
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

Re:

Sorry. I meant group key. My bad memory...
The message about "timeout" is not the actual timeout but plain authentication failure. Group key timeout have nothing to do with this! Did your WDS use pre-shared key or EAP?
by midenok
Sun Nov 15, 2015 9:53 am
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

Re:

Set the unicast key timeout to 1hour in all security profiles. I am using wds with wpa2 without any problems. Try to avoid mesh if you can. There is no unicast key timeout in security profiles: 1 name="wds" mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=tkip,aes-ccm group-ciphers=t...
by midenok
Sun Nov 15, 2015 8:47 am
Forum: General
Topic: Ways to make your router inaccessible
Replies: 5
Views: 995

Ways to make your router inaccessible

Ok, guys, let's compile a list of areas of danger where it is possible to lock-up your router. The first, what goes to head is firewall filter. This is plain simple for everyone I think. But there are places when you don't expect it, so the unawareness may lead to some sort of surprise. :lol: The 2 ...
by midenok
Sun Nov 15, 2015 7:44 am
Forum: Wireless Networking
Topic: WDS WPA2 problems
Replies: 11
Views: 3324

WDS WPA2 problems

I have two routers in 'ap bridge' mode with WDS mode 'static'. I've added 'wds1' interface with WDS address of the opposite side to both routers and set connection in Connection List with special security profile 'wds_profile'. APs have different SSID and 'WDS ignore SSID' is on. When I make Mode 'n...
by midenok
Sat Aug 08, 2015 9:37 am
Forum: Scripting
Topic: Handling expected errors?
Replies: 15
Views: 9188

Re: Handling expected errors?

With v6.2 the state of things have been changed! Look in Scripting Manual for Catch run-time errors:
:do {
      :put [:resolve www.example.com];
} on-error={ :put "resolver failed"};
:put "lala" 

output:

resolver failed
lala
by midenok
Sat Jul 18, 2015 12:05 am
Forum: General
Topic: TFTP with no configuration
Replies: 1
Views: 384

Re: TFTP with no configuration

I had to figure out by myself. It disables access by default. To enable full read access one should use this command:
/ip tftp add allow=yes
by midenok
Fri Jul 17, 2015 6:47 pm
Forum: General
Topic: TFTP with no configuration
Replies: 1
Views: 384

TFTP with no configuration

Documentation doesn't say whether TFTP is open or closed by default. How it behaves if '/ip tftp' is empty?
by midenok
Thu Mar 19, 2015 7:45 pm
Forum: RouterBOARD hardware
Topic: UAS vs UiAS: what's the difference?
Replies: 2
Views: 1013

UAS vs UiAS: what's the difference?

Apart from that UiAS is newer what's the real difference? What does 'i' mean anyway?
by midenok
Thu Mar 19, 2015 7:40 pm
Forum: RouterBOARD hardware
Topic: RB2011 UiAS-2HnD-IN - SLOW TRANSFER
Replies: 18
Views: 8184

Re: RB2011 UiAS-2HnD-IN - SLOW TRANSFER

What is the difference between UAS and UiAS?
by midenok
Mon Dec 01, 2014 12:28 pm
Forum: General
Topic: IPSec server can't find static policy on client connection
Replies: 1
Views: 1202

Re: IPSec can't find static policy

bump

Though enabling static policy turns off access from home network (192.168.35.0/24). This means, that policy actually works. Only it can't be matched by connected IPSec client.

It is not chicken and egg problem, because dynamic policy works perfectly well when static policy is ON.
by midenok
Fri Nov 21, 2014 11:36 am
Forum: General
Topic: IPSec server can't find static policy on client connection
Replies: 1
Views: 1202

IPSec server can't find static policy on client connection

/ip ipsec peer> print 0 address=0.0.0.0/0 local-address=0.0.0.0 passive=yes port=500 auth-method=rsa-signature certificate=limbo-ipsec remote-certificate=sip-ipsec generate-policy=no exchange-mode=main send-initial-contact=no nat-traversal=yes proposal-check=obey hash-algorithm=sha1 enc-algorithm=a...
by midenok
Sat May 31, 2014 5:12 am
Forum: General
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 94141

Re: Feature request: OpenVPN compression LZO and UDP

+1 udp!!!!!!!!!!!!!
by midenok
Fri Dec 27, 2013 5:40 pm
Forum: Scripting
Topic: Wget Afraid - FREEDNS script help
Replies: 17
Views: 15855

Re: Wget Afraid - FREEDNS script help

Or you can try this script.
by midenok
Fri Dec 27, 2013 5:37 pm
Forum: Scripting
Topic: Wget Afraid - FREEDNS script help
Replies: 17
Views: 15855

Re: Wget Afraid - FREEDNS script help

Or you can try this script.