Community discussions

Search found 187 matches

by dynek
Thu May 02, 2019 10:31 am
Forum: Wireless Networking
Topic: hap ac^2 - Group Key Exchange timeout / No Reconnect possible
Replies: 51
Views: 8386

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

That's a pretty weird issue (this one or something related to WiFi) cause everything is working fine but all of a sudden things start disconnecting one after the other. Not sure how to find the root cause / contributing factor but my setup seems to be failing when Sonos speaker need to sync audio. T...
by dynek
Thu Mar 28, 2019 2:18 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 37781

Re: UKNOF 43 CVE

…and sadly @mikrotik_com continue to stonewall me saying this remote unauthenticated denial of service is a “bug” not a “security vulnerability” — which is probably why they haven’t prioritised it for the last 50 weeks.
https://twitter.com/maznu
by dynek
Wed Mar 27, 2019 4:08 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 37781

UKNOF 43 CVE

Hey, Just discovered: https://indico.uknof.org.uk/event/46/contributions/667/ During some research which found CVE-2018-19298 (MikroTik IPv6 Neighbor Discovery Protocol exhaustion), I uncovered a larger problem with MikroTik RouterOS’s handling of IPv6 packets. This led to CVE-2018-19299, an unpubli...
by dynek
Wed Mar 27, 2019 9:55 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

WG is making it soon into the kernel:
https://www.phoronix.com/scan.php?page= ... ot-In-4.20

Mtik first have to update the kernel though or run a version that supports WG module.
Just forget about OpenVPN and go straight to WG guys!
by dynek
Sat Mar 23, 2019 8:05 am
Forum: Wireless Networking
Topic: hap ac^2 - Group Key Exchange timeout / No Reconnect possible
Replies: 51
Views: 8386

Re: hap ac^2 - Group Key Exchange timeout / No Reconnect possible

This is a recurring issue I am having at least with Sonos speakers: 2019-03-23T06:48:46+01:00 router 5C - - - 5C:AA:FD:06:00:11@2.4Ghz-ap_1stfloor-1 disconnected, group key timeout 2019-03-23T06:48:46+01:00 router 5C - - - 5C:AA:FD:06:00:22@2.4Ghz-ap_1stfloor-1 disconnected, group key timeout 2019-0...
by dynek
Fri Mar 22, 2019 9:55 am
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 43917

Re: Statement on Vault 7 document release

How is that different from /exporting the configuration and git it ?
Then compare different commits?

Cause the video on their homepage just looks like it.
by dynek
Wed Mar 06, 2019 11:11 pm
Forum: Beginner Basics
Topic: RB1100AHx2 link switches
Replies: 0
Views: 161

RB1100AHx2 link switches

Hey, I still have a pre 6.41 VLAN config on my RB1100AHx2 and was reading this page to move it into the new way of bridging ports and setup VLANS in there: https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching and a note states "For devices that have multiple switch chips (for example, RB2011, ...
by dynek
Wed Feb 27, 2019 9:51 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 537
Views: 128904

Re: RouterOS v7.0 beta1 - when?

Forget about OpenVPN, go straight to Wireguard :-)
by dynek
Mon Jan 14, 2019 3:46 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

https://youtu.be/qmKkbuS9gRs TCP or UDP is being mentioned in the second part of the video edit: oh and: https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-working-endpoints.html (Optional) By default, the Client VPN server uses the UDP transport protocol. To use the TCP transport protocol ...
by dynek
Sat Oct 13, 2018 8:22 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Aaahhh Wireguard 😍
by dynek
Fri Oct 12, 2018 9:49 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Another solution would be to support and maintain Metarouter.... even on the RB1100AHx2, but that's another story.
by dynek
Sun Jun 17, 2018 3:10 pm
Forum: General
Topic: backup,critical error creating backup file, ROS 6.42.1
Replies: 29
Views: 5368

Re: backup,critical error creating backup file, ROS 6.42.1

In the end, Mikrotik support suggested us to export config using "/export". Note that this is the better advice because export is human readable and compatible between services (minor changes required) and backup is sometimes not, even between same models. Well, it's not compatible between devices ...
by dynek
Sun Jun 17, 2018 9:31 am
Forum: General
Topic: Problem while creating backup
Replies: 25
Views: 6623

Re: Problem while creating backup

Fixed it for my RB1100AHx2 as well. A shame for Mikrotik who suggested to NetInstall the device.

Thank you!
by dynek
Sun Jun 17, 2018 9:30 am
Forum: General
Topic: backup,critical error creating backup file, ROS 6.42.1
Replies: 29
Views: 5368

Re: backup,critical error creating backup file, ROS 6.42.1

Fixed it for my RB1100AHx2 as well. A shame for Mikrotik who suggested to NetInstall the device.

Thank you!
by dynek
Thu Jun 14, 2018 11:28 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Huh huh what about Metarouter on RB1100AHx2 :-)
by dynek
Thu Jun 14, 2018 7:34 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I very disappointed to read this topic after i brought MikroTik hAP ac². :( :(
Did you really buy an access point to establish OpenVPN connection(s) ?!
by dynek
Tue May 08, 2018 9:15 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42268

Re: v6.42.1 [current]

No one else has this problem?
DHCP does not log to external server any more: viewtopic.php?f=2&t=134092&sid=345291ea ... d0515cef3e
Should I post a support ticket?
Answered your thread - It did work for me.
by dynek
Tue May 08, 2018 9:13 am
Forum: General
Topic: [6.42.1] DHCP does not send log to remote syslog
Replies: 6
Views: 749

Re: [6.42.1] DHCP does not send log to remote syslog

I just tested it on 6.42.1 (remote for dhcp) and I do see logs coming in (syslog)
by dynek
Mon May 07, 2018 9:15 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42268

Re: v6.42.1 [current]

Regarding message poping up when generating a backup file, same problem, same answer (netinstall) but I don't feel like it honestly...
viewtopic.php?f=2&t=73610&p=658544#p658544
by dynek
Mon Apr 30, 2018 8:34 pm
Forum: General
Topic: Problem while creating backup
Replies: 25
Views: 6623

Re: Problem while creating backup

They asked if /export seemed to be complete (it does), then supout.rif and they could not reproduce the issue with it.
So now I am supposed to move the device out of its rack to netinstall it, I feel like it would be done before a couple of weeks, not so easy! :-/
by dynek
Thu Apr 19, 2018 2:59 pm
Forum: General
Topic: Problem while creating backup
Replies: 25
Views: 6623

Re: Problem while creating backup

Undigging an old thread, sorry for that. On a RB1100AHx2 that never had any problem I started seeing "error creating backup file: could not read all configuration file" while creating a backup. No clue if it's related or not but I recently updated to 6.42 and I never saw this message before. Also me...
by dynek
Wed Apr 18, 2018 9:33 pm
Forum: Wireless Networking
Topic: Requests wrong RSN group cipher
Replies: 10
Views: 1071

Requests wrong RSN group cipher

Hello, I have setup capsman with hap ac^2 devices and a couple of devices connect fine to the wireless network(s). However my macbook seems to be triggering one odd thing... "2.4Ghz-AP_Basement-1-1 rejected, requests wrong RSN group cipher". Google doesn't say much about that - what can I do ? Thank...
by dynek
Wed Apr 18, 2018 11:42 am
Forum: Wireless Networking
Topic: capsman local bridge as datapath
Replies: 9
Views: 2975

Re: capsman local bridge as datapath

Thank you for your answers sindy, much appreciated.

I ended up creating a scheduled job setting "tagged" interfaces on a regular basis - fixed!

Thank you.
by dynek
Wed Apr 18, 2018 8:29 am
Forum: Wireless Networking
Topic: capsman local bridge as datapath
Replies: 9
Views: 2975

Re: capsman local bridge as datapath

I already tried splitting the entry in three different ones for each vlan.
BTW, would you / anyone know the difference between adding them to a single entry vs multiple ones? Is there any?
by dynek
Tue Apr 17, 2018 7:31 pm
Forum: Wireless Networking
Topic: capsman local bridge as datapath
Replies: 9
Views: 2975

Re: capsman local bridge as datapath

OK got it. But it only works if I manually add wlan interfaces into /interface bridge vlan:

add bridge=br0 tagged=br0,ether1-upstream,wlan1,wlan2,wlan3,wlan4,wlan5,wlan6 vlan-ids=100,200,300

wlan[N] have been added manually. Should I expect these interfaces to get into "tagged"?
by dynek
Tue Apr 17, 2018 3:34 pm
Forum: Wireless Networking
Topic: capsman local bridge as datapath
Replies: 9
Views: 2975

Re: capsman local bridge as datapath

Hello,

I have been looking for this solution for quite some time, finally here is the answer, thanks.
However :-) I am unable to add PVID to wlan interface added inside the bridge CAP side.
They always end up untagged with PVID 1.

Any idea?

Cheers
by dynek
Mon Apr 16, 2018 3:51 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 537
Views: 128904

Re: RouterOS v7.0 beta1 - when?

Well if they say they backported most (all ?) v7 functionalities into v6, I don't really see a problem here.
by dynek
Mon Apr 16, 2018 12:20 pm
Forum: General
Topic: [SOLVED] CAPsMan, Local forwarding and VLANs
Replies: 0
Views: 589

[SOLVED] CAPsMan, Local forwarding and VLANs

Hey all, I was wondering if anyone has been implementing local forwarding capsman with VLANs? Got a bridge managing VLANs for physical ports of an HAP ac² and wanted provisioned virtual APs to sit in the same bridge as well as being able to set different APs as "access ports". Doesn't look like CAPs...
by dynek
Tue Mar 27, 2018 11:49 am
Forum: General
Topic: HAP AC Lite bricked (3rd one?)
Replies: 11
Views: 1744

Re: HAP AC Lite bricked (3rd one?)

Oddly enough I just encountered a similar situation, HAP ac^2 running all-in-one 6.41.3 (upgraded through /system packages and rebooted). Later I wanted to get rid of some packages so I scp'ed advanced-tools, dhcp, ipv6, multicast, ntp, routing, security, system & wireless ver. 6.41.3 (ARM) to move ...
by dynek
Wed Dec 20, 2017 9:02 pm
Forum: General
Topic: Routing broadcast between VLANs
Replies: 5
Views: 1550

Re: Routing broadcast between VLANs

Hello,

Nope I did not want to waste too much time.
I installed a raspberry with both vlans trunked and used avahi reflector.

Cheers
by dynek
Fri Sep 08, 2017 2:11 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Cool thing - Thanks for the info.
by dynek
Sun May 14, 2017 7:46 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43024

Re: CIA exploits against Mikrotik hardware

Even though a regular firewall (the default config, in fact) will protect you against the CIA malware, this is an excellent guide to follow for any public RouterOS device: https://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-hardening I see you posted a link to one of my articles - if ...
by dynek
Mon May 08, 2017 2:45 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New OID for CPU
Replies: 7
Views: 4125

Re: New OID for CPU

Hello tomaskir and thank you for your answer,

On a RB1100AHx2 .1.3.6.1.2.1.25.3.3.1.2 exposes both CPUs (.1.3.6.1.2.1.25.3.3.1.2.1 and .1.3.6.1.2.1.25.3.3.1.2.2)
However .1.3.6.1.4.1.2021.11.10 only exposes a single value. Would that be the average of both CPUs?

Thank you
by dynek
Sat Apr 01, 2017 2:30 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New OID for CPU
Replies: 7
Views: 4125

Re: New OID for CPU

I don't quite understand what the Mikrotik is exposing via SNMP. There are the regular IF info: http://www.oidview.com/mibs/0/IF-MIB.html Duplicated at a different place? http://www.oidview.com/mibs/14988/MIKROTIK-MIB.html The odd thing is I can find correct values for a bridge & ovpn in IF-MIB but ...
by dynek
Fri Mar 31, 2017 10:44 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New OID for CPU
Replies: 7
Views: 4125

Re: New OID for CPU

Hello, Pretty much the same question so I'm exhuming this thread :-) As far as I was able to see on my RB1100AHx2, I can query CPU usage using: - .1.3.6.1.2.1.25.3.3.1.2.1 (cpu1) - .1.3.6.1.2.1.25.3.3.1.2.2 (cpu2) - .1.3.6.1.4.1.2021.11.10.0 (1min average?) However none of this value reports what I ...
by dynek
Thu Mar 30, 2017 9:43 am
Forum: Beginner Basics
Topic: ICMP log always saying it's NATed
Replies: 3
Views: 787

Re: ICMP log always saying it's NATed

Thanks for confirming Sob! Much appreciated.

I just sent their support a mail with a reference to this thread.
by dynek
Thu Mar 30, 2017 12:20 am
Forum: Beginner Basics
Topic: ICMP log always saying it's NATed
Replies: 3
Views: 787

ICMP log always saying it's NATed

Hello all, Today I took some time to review my firewall filtering when I came across something weird. Every time I ping across vlans (going through router), client -> router, router -> client and even router -> router I always see NAT implied: forward: in:bridge-vlan100-management out:bridge-vlan200...
by dynek
Sat Mar 25, 2017 8:58 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Probably because of RouterOS 7.x :-)
by dynek
Wed Mar 15, 2017 2:16 pm
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43024

Re: CIA exploits against Mikrotik hardware

have you watched the video ? Cracker have logged into ROS via WWW with known password and then issued prepared http string .... Erm, yes. This is what is called a CSRF. What must be assumed here is that the call to change the password is issued by the very same user (the one that logs into the admi...
by dynek
Wed Mar 15, 2017 11:51 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43024

Re: CIA exploits against Mikrotik hardware

2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik, How much are you willing to pay for that? Did you notice Mikrotik is really cheap compared to competitors? You can't ask a company to be low-priced and ...
by dynek
Wed Mar 15, 2017 9:56 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 43024

Re: CIA exploits against Mikrotik hardware

2) I would like to see a bug bounty program from MikroTik and crowd source expertise and reward responsible security issue disclosure to MikroTik, How much are you willing to pay for that? Did you notice Mikrotik is really cheap compared to competitors? You can't ask a company to be low-priced and ...
by dynek
Fri Feb 10, 2017 4:33 pm
Forum: General
Topic: Weird 129.0.0.x IPs ?
Replies: 30
Views: 4370

Re: Weird 129.0.0.x IPs ?

Good to hear! Having the same issue on my RB1100AHx2.
by dynek
Mon Jan 30, 2017 11:36 am
Forum: Forwarding Protocols
Topic: Where is this 169.254 IP coming from?
Replies: 4
Views: 1806

Re: Where is this 169.254 IP coming from?

Hello cdiedrich,

Thank you for your message.

Before reading your answer, I tried using packet sniffer to find out the guilty machine but it did not shed a light.
Adding a filter rule as you mentioned it doesn't help either - counter don't increment.

Cheers
by dynek
Fri Jan 27, 2017 5:21 pm
Forum: General
Topic: Bridge IPv6 while routing IPv4
Replies: 16
Views: 6281

Re: Bridge IPv6 while routing IPv4

No more news ? I'm in the same situation and expected to be able to create an IPv6-only bridge.
by dynek
Fri Jan 27, 2017 1:49 pm
Forum: Forwarding Protocols
Topic: Where is this 169.254 IP coming from?
Replies: 4
Views: 1806

Re: Where is this 169.254 IP coming from?

Hello,

I know what these kind of addresses are. I am just wondering what device/interface is using it.
Cause Mikrotik can't ping it.

I don't have a single machine running Windows in my LAN.

Thank you
by dynek
Fri Jan 27, 2017 1:22 pm
Forum: Forwarding Protocols
Topic: Where is this 169.254 IP coming from?
Replies: 4
Views: 1806

Where is this 169.254 IP coming from?

Hello,

I have enabled PIM between two vlans that both have their IP address.
Now log show:

RX IGMP_V2_MEMBERSHIP_REPORT from 169.254.134.72 to 239.255.255.250 on vif vlan100-management: source must be directly connected

Where could this link-local address be coming from?

Thanks
by dynek
Fri Jan 27, 2017 10:21 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: Proxy-ndp alongside proxy-arp
Replies: 3
Views: 2186

Re: Feature request: Proxy-ndp alongside proxy-arp

Hello,

2.5 years later - Has this been taken into account? Is it under evaluation?

Thank you
by dynek
Mon Dec 05, 2016 8:59 pm
Forum: Virtualization
Topic: Metarouter on RB1100AHx2
Replies: 22
Views: 9366

Re: Metarouter on RB1100AHx2

Hello Mikrotik :-)

Still no progress on this?

Thanks!
by dynek
Wed Nov 23, 2016 11:36 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 85511

Re: Feature Request: OpenVPN [ovpn] udp tunnels

+100999500100999500100999500100999500100999500 for ovpn udp lzo

pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz

ok just kidding. As stated before nobody cares about +1, please, whatsoever.
by dynek
Tue Jul 12, 2016 7:09 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: OpenVPN compression LZO and UDP
Replies: 200
Views: 91464

Re: Feature request: OpenVPN compression LZO and UDP

I honestly do wonder what's so complicated about it... I mean implementation wise.