Community discussions

Search found 923 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 19
by msatter
Mon Nov 12, 2018 8:49 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 969
Views: 158932

Re: Feature requests

the line above are repeated X times. When you dealing with external logs, this is something you like to avoid at all cost like here in my Splunk - Mikrotik project: https://forum.mikrotik.com/viewtopic.php?t=137338 When you read logs external programs its hard to understand what is repeated and get...
by msatter
Mon Nov 12, 2018 8:44 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 969
Views: 158932

Re: Feature requests

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log. As long as you have connection tracking, and do not use the log on the "established/related" rul...
by msatter
Mon Nov 12, 2018 5:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 969
Views: 158932

Re: Feature requests

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log. The first two and last one/two lines are writen so the time between lines can by seen. First the ...
by msatter
Mon Nov 12, 2018 4:29 pm
Forum: Scripting
Topic: cannot ssh to mikrotik rb750 with dsa key
Replies: 5
Views: 160

Re: cannot ssh to mikrotik rb750 with dsa key

debug1: kex: host key algorithm: ssh-rsa

I would only use RSA and not DSA anymore.
by msatter
Mon Nov 12, 2018 4:26 pm
Forum: Scripting
Topic: DNS CACHES Problems
Replies: 1
Views: 62

Re: DNS CACHES Problems

Not very special and cloud you can disable if not used under IP-Cloud.

Why do put your public address and port in the Google search machine by showing that here?
Please make those invisible to the gerneral public.
by msatter
Mon Nov 12, 2018 2:04 pm
Forum: Beginner Basics
Topic: Static DNS Table?
Replies: 1
Views: 92

Re: Static DNS Table?

The problem is that you did not a TLD to router. If you add ".lan" to the second name then you can it also from other devices.

Whitout a TLD you can only ping it on yhe router self.
by msatter
Mon Nov 12, 2018 11:31 am
Forum: General
Topic: Detect Internet triggering flood of incoming connections
Replies: 0
Views: 79

Detect Internet triggering flood of incoming connections

I made a posting yesterday about my LOG being flooded by incoming connections from Google DNS ( 8.8.8.8 ) and thanks to mkx I could stop that by disabling the option Detect Internet under interfaces in the Mikrotik router. https://forum.mikrotik.com/viewtopic.php?f=2&t=141454 It looked like an attac...
by msatter
Sun Nov 11, 2018 6:13 pm
Forum: General
Topic: Random beeping
Replies: 2
Views: 125

Re: Random beeping

How recent is your RouterOS version?

https://mikrotik.com/download
by msatter
Sun Nov 11, 2018 12:25 pm
Forum: General
Topic: Killing the Mikrotik Cloud?
Replies: 4
Views: 302

Re: Killing the Mikrotik Cloud?

turn off internet detection
Darn...I switched that on two days ago to see what that did...I was not wiser and wanted to look at it again coming week. It is now switched off and I will not ever touch it again.
by msatter
Sun Nov 11, 2018 12:10 pm
Forum: General
Topic: Killing the Mikrotik Cloud?
Replies: 4
Views: 302

Re: Killing the Mikrotik Cloud?

Thanks mkx. That is now clear to me and the first spoof, triggered the rule that places it on a addreslists to be "dropped" for a long period. I have now changed the RAW for accepting DNS returns so that the next time it would not even reach the spoof check, so it will not be promoted to addresslist...
by msatter
Sun Nov 11, 2018 11:41 am
Forum: General
Topic: Killing the Mikrotik Cloud?
Replies: 4
Views: 302

Killing the Mikrotik Cloud?

A few times now I see the Evil Google DNS trying to connect endless to my DNS port which is blocked to by a RAW rule. In this way I can fill my log files very fast by only that log entry repeating and repeating endlessly. Nov/11/2018 08:29:06 firewall,info Drop RAW - Probe prerouting: in:pppoe-out1 ...
by msatter
Wed Nov 07, 2018 12:49 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 37937

Re: Winbox vulnerability: please upgrade

The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already. https://www.zdnet.com/google-amp/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/ Owners being angry at him should th...
by msatter
Wed Nov 07, 2018 12:23 pm
Forum: General
Topic: Multi PPPoE sessions
Replies: 3
Views: 205

Re: Multi PPPoE sessions

Do you use a profile on those connection? I the profile you can set hard time limit to end a connection. There is also a option to use 'only one' and then you could use a profile for each three connections.
by msatter
Sun Nov 04, 2018 1:32 pm
Forum: General
Topic: 750Gr3 HW VLAN support
Replies: 1
Views: 130

Re: 750Gr3 HW VLAN support

I am affraid that this will not even be part of RouterOS 7.
by msatter
Sat Nov 03, 2018 11:07 pm
Forum: General
Topic: Any way to log all DNS lookups from users?
Replies: 9
Views: 328

Re: Any way to log all DNS lookups from users?

You are talking about different things.

If you put a dedicated DNS server like dnsmasq/unbound/pihole then you can log requests and even control resolved requests.

I am using Pi-hole for that.
by msatter
Thu Nov 01, 2018 12:29 pm
Forum: General
Topic: Fastest VPN to use
Replies: 8
Views: 1672

Re: Fastest VPN to use

Through a reseller of IPvanish I get on L2TP/IPsec about 90Mbit/s and OpenVPN on my PC 200Mbit/s.

Saddly OpenVPN is not possible through Mikrotik for this provider and many many others.

I tried NordVPN but they were too slow for me.
by msatter
Tue Oct 30, 2018 7:28 pm
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 355
Views: 112589

Re: Tik App, MikroTik android utility ALPHA test

WOW....I am speechless, good that I can still type. :wink: Looks great and blistering fast. For the firstime I could see the Addresslist in Firewall. It timed out but still I could see addresses. Now don't have to start the computer to use Winbox and now I trust myself to do stuff from the tablet. M...
by msatter
Tue Oct 30, 2018 5:36 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 166
Views: 28553

Re: v6.44beta [testing] is released!

Proposal: choice, to omit not on backup but on restore . So you will have allways a full backup and can select on restore if certain values should not be restored. Let's imagine the internals of this restoration process. There's a database table with the list of interfaces, their parameters, their ...
by msatter
Tue Oct 30, 2018 1:16 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 166
Views: 28553

Re: v6.44beta [testing] is released!

Why can't device-specific stuff like MAC-addresses simply be removed from the backup files? Because it is whole system backup. Proposal: choice, to omit not on backup but on restore . So you will have allways a full backup and can select on restore if certain values should not be restored. Workings ...
by msatter
Thu Oct 25, 2018 2:14 pm
Forum: General
Topic: Connection tracking - timeout values
Replies: 12
Views: 13827

Re: Connection tracking - timeout values

When you have a Voip you can call and the onnection is build up. Now if you are being called the connection has to be active and your Voip server renews the connection each minute. It is not stale it us waiting for a call. Now you set the timeout to 30 secs what means that you are unreachable for al...
by msatter
Wed Oct 24, 2018 9:44 pm
Forum: General
Topic: Connection tracking - timeout values
Replies: 12
Views: 13827

Re: Connection tracking - timeout values

Is that SIP connection on TCP or UDP?

TCP knows 'keep alive'
by msatter
Tue Oct 23, 2018 9:49 pm
Forum: General
Topic: My Mikrotik Routerboard is hacked
Replies: 3
Views: 269

Re: My Mikrotik Routerboard is hacked

by msatter
Sun Oct 14, 2018 11:39 am
Forum: Beginner Basics
Topic: Looking up cloud.mikrotik.com every second
Replies: 11
Views: 862

Re: Looking up cloud.mikrotik.com every second

I had that with two other domains in the past weeks and will try to make a support file when it happens again.
by msatter
Sat Oct 13, 2018 1:03 am
Forum: General
Topic: Jailbreak for RouterOS 6.43.2 released [SOLVED]
Replies: 16
Views: 1324

Re: Jailbreak for RouterOS 6.43.2 released [SOLVED]

I am against giving giving root access. If you want to experiment thrn you have to get a other product.

If you want a more open router then have a look at Turris. I like their approach of a modular router that you can click together with the modules you need.
by msatter
Fri Oct 12, 2018 1:41 pm
Forum: General
Topic: Jailbreak for RouterOS 6.43.2 released [SOLVED]
Replies: 16
Views: 1324

Re: Jailbreak for RouterOS 6.43.2 released [SOLVED]

Gaining more access on your own device is these days called jailbreak/rooting. To be able to do this you need a opening/vulnerability in your device. A important criteria is the the manufacturer does not sell the device with this option default active. Apple is playing catch up all the time and Goog...
by msatter
Fri Oct 12, 2018 1:21 pm
Forum: General
Topic: Whats the difference between long term and stable?
Replies: 2
Views: 364

Re: Whats the difference between long term and stable?

release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing"; "testing" release channel now can contain "beta" together with "release-candidate" versions; Would it not be a wonderful world if we had a bugfree version but we have to do with a bugfixed...
by msatter
Thu Oct 11, 2018 11:38 pm
Forum: General
Topic: Hex S SFP no link
Replies: 20
Views: 1668

Re: Hex S SFP no link

I have same problem.
I broght two HEX S devices, one is working withount any problems. On another SFP port is showing "no link".
Did you try also with auto negotiate off and speed set to 1Gb/s?
by msatter
Wed Oct 10, 2018 1:39 pm
Forum: General
Topic: SFP+ S+85DLC03DI
Replies: 8
Views: 600

Re: SFP+ S+85DLC03DI

I know, I received confirmation but no response from Mikrotik team :(
Sent your request again with the word "repeat:" as first word the subject.
by msatter
Mon Oct 08, 2018 3:57 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 267

Re: Policy Base Routing not working [SOLVED]

I am also not that good in this. If you only use routing then you have route also the returning package.

I use connection marking for this because I am lazy. ;-)
by msatter
Mon Oct 08, 2018 3:46 pm
Forum: General
Topic: SFP+ S+85DLC03DI
Replies: 8
Views: 600

Re: SFP+ S+85DLC03DI

That is not normal you should have receive a confirmation e-mail and after a few days a response from them.

I put a request last Friday and received today my answer. Yours is more complicated because it involves hardware so the have to check that first.
by msatter
Mon Oct 08, 2018 3:42 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 59691

Re: VPNfilter official statement

[sarcasm]Mikrotik patched RouterOS so all is safe now....[/sarcasm] If it is possible to retake compromised routers, then the correct correct RouterOS can be installed and clean out the bad stuff. I a one leaves it's router open to attacks from the outside why not 'attack' it to make it safe again. ...
by msatter
Mon Oct 08, 2018 3:19 pm
Forum: General
Topic: SFP+ S+85DLC03DI
Replies: 8
Views: 600

Re: SFP+ S+85DLC03DI

The Mikrotik team can be reached at support@mikrotik.com

ps. the auto-negotiation disabled and set link speed 1G setting is commonly used by owners of Mikrotik stuff to get it working.
by msatter
Mon Oct 08, 2018 3:12 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 59691

Re: VPNfilter official statement

And the saga continues and this time by Tenable:

https://github.com/tenable/routeros

These are already patched so check if you are using a safe RouterOS.
by msatter
Sun Oct 07, 2018 10:27 pm
Forum: General
Topic: Unable to get full gigabit speed on RB750Gr3
Replies: 28
Views: 1457

Re: Unable to get full gigabit speed on RB750Gr3

And don't forget the three location where FastPath is defined. I the one in the Bridge was off and my upload dropped from 750Mbit/s to 120Mbit/s and download was not affected by that and stayed at 520Mbit/s all the time. There is one also in IP Setting and don't forget to enable route cache there be...
by msatter
Tue Oct 02, 2018 5:42 pm
Forum: General
Topic: hardware acceleration on only one bridge?
Replies: 13
Views: 563

Re: hardware acceleration on only one bridge?

Only one bridge can use hardware acceleration at the same time.
by msatter
Tue Oct 02, 2018 2:02 pm
Forum: General
Topic: MikroTik hEX S high temperature
Replies: 6
Views: 288

Re: MikroTik hEX S high temperature

I run it under the same circumstances and I use also a SFP for the fiber connection to my ISP. I have mounted my RB760iGS (hEX S) and the temperature is in the 40 to 50 degrees. Check if the ventilation openings of the router are not blocked. If you look in my signature you find a link about cooling...
by msatter
Fri Sep 28, 2018 10:55 pm
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 707

Re: Hardware offload on sfp port in hEX S mmips

What happens if you don't put the SPF into the bridge. I never put the upstream/downstream in the master/slave or these days bridge.

If I look at the CPU usage I could reach 2Gbit/s if the CPU is maxed.
by msatter
Thu Sep 27, 2018 4:58 pm
Forum: General
Topic: Information about SSTP encryption
Replies: 4
Views: 216

Re: Information about SSTP encryption

It is still being encrypted as you state and otherwise it would not deserve the first "s" in SSTP. ;-)

The difference is that there is no proof that the client is talking to server the client wanted to talk to.
by msatter
Thu Sep 27, 2018 2:34 pm
Forum: General
Topic: Information about SSTP encryption
Replies: 4
Views: 216

Re: Information about SSTP encryption

From the WiKi; Between two Mikrotik routers it is also possible to set up an insecure tunnel by not using certificates at all. In this case data going through SSTP tunnel is using anonymous DH and Man-in-the-Middle attacks are easily accomplished. This scenario is not compatible with Windows clients...
by msatter
Thu Sep 27, 2018 11:37 am
Forum: General
Topic: Waiting time for new members to post links
Replies: 5
Views: 250

Re: Waiting time for new members to post links

The spam is pleasantly low and I am not a moderator but had three posts yesterday by a spanking new member posting spam or even worse, infecting links. I put warnings underneath to have not other users clicking the link and. My warnings and the BAD postings are now removed so that is good. I still s...
by msatter
Wed Sep 26, 2018 10:34 pm
Forum: General
Topic: Waiting time for new members to post links
Replies: 5
Views: 250

Waiting time for new members to post links

I propose to introduce a waiting time to post links of a to be determined period after the first posting. Ignoring subscription date to not have accounts to be created in advance.
by msatter
Wed Sep 26, 2018 9:03 pm
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 707

Re: Hardware offload on sfp port in hEX S mmips

Let us other owners of the hEX S know what Mikrotik state to you so we don't have to write Mikrotik separately on this.
by msatter
Sun Sep 23, 2018 1:04 am
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 966

Re: restore back to identical devices never works :(

In the backup the MAC are different then those in the restored to device. It could be so that restore always respect the devices MAC and use them.
by msatter
Wed Sep 19, 2018 2:15 pm
Forum: General
Topic: IPSec with preshared key security warning os. 6.43.1
Replies: 6
Views: 354

Re: IPSec with preshared key security warning os. 6.43.1

This is mainly used for VPN services and if we want to avoid this we could change to OpenVPN or IKE2 but that are not fully or not supported in RouterOS.

So we have to bear with these warnings for some time longer.
by msatter
Tue Sep 18, 2018 12:48 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 166
Views: 28553

Re: v6.44beta [testing] is released!

Remember that in MikroTik RouterOS, backup file is for restoring past configuration on the same device, not a safeguard against a lost or damaged device, for restoring on other devices, you should be using "export" config files. Export config files is death for me. Tried everything what is mentione...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 19