Community discussions

MikroTik App

Search found 2050 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7
by msatter
Sat Feb 27, 2021 9:54 pm
Forum: Scripting
Topic: Help with Script to read routes and create import file of FW addresses
Replies: 7
Views: 474

Re: Help with Script to read routes and create import file of FW addresses

https://forum.mikrotik.com/viewtopic.php?f=9&t=171135&p=836472&hilit=fetch+upload#p836472 Warning! the source directory and target directory must be the same and rxist. So this is not going to work /disk/file.txt --> /file.txt. See: https://forum.mikrotik.com/viewtopic.php?f=9&t=1549...
by msatter
Fri Feb 26, 2021 11:36 pm
Forum: Scripting
Topic: Help with Script to read routes and create import file of FW addresses
Replies: 7
Views: 474

Re: Help with Script to read routes and create import file of FW addresses

You can write BIGGER files, they really huge...files. ;-) with :execute https://forum.mikrotik.com/viewtopic.php?f=9&t=130448&p=819118&hilit=file#p818939 and here with print environment https://forum.mikrotik.com/viewtopic.php?f=9&t=167594&p=823889&hilit=environment+print+fil...
by msatter
Fri Feb 26, 2021 11:11 am
Forum: General
Topic: Automatically update ipsec peer addresses from script
Replies: 18
Views: 862

Re: Automatically update ipsec peer addresses from script

On which version of routerOS are you and there was an change in 6.48:

*) ipsec - refresh peer's DNS only when phase 1 is down;

To avoid having the used IP address being out-of-sync with the currently used address. This was a problem with DNS using a very short TTL.
by msatter
Mon Feb 22, 2021 8:48 pm
Forum: Scripting
Topic: Two Scripts need deciphering.
Replies: 4
Views: 248

Re: Two Scripts need deciphering.

On $bound it is used in DHCP script.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Client
by msatter
Sat Feb 20, 2021 11:00 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 11008

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

That is encouraged by me because my only interest is to avoid that other to discover the wheel all over again. My search took many months and few support request, Sindy helped me out with this.
by msatter
Sat Feb 20, 2021 1:20 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

I can't stand Amazon stuff anymore, however I posted earlier about other fans.

viewtopic.php?f=3&t=132258&p=811123&hil ... ng#p811167
by msatter
Fri Feb 19, 2021 11:03 pm
Forum: Beginner Basics
Topic: Basic routing
Replies: 11
Views: 713

Re: Basic routing

I think you should look at examples of IPTV that also use two vlans next to each other.
by msatter
Fri Feb 19, 2021 11:00 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

Why 3 wires? I see a + and - on the previous diagram what is the third soldered spot for, closest to the back of the chassis?? I suppose one could check if they are powered by hooking up a multimeter? I wonder if that capacitor close by (11 oclock)is affiliated or not........... The third pin is th...
by msatter
Fri Feb 19, 2021 10:28 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 11008

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

The second screen is a simple export from terminal yes my network is 10.0.0.0/24. I missed the word template in the second screen so the 0.0.0.0/0 is correct. You have to check what is wrong on a other place in the NordVPN setup. You can leave my line in there to avoid any MTU problems. There is an...
by msatter
Fri Feb 19, 2021 9:56 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 11008

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

I wrote dst-address and that should be src-addres and it this one: src-address=10.6.2.22/32 How do generate the second screen, because it does not match the first screen? And is 10.0.0.0/24 your internal network? Please change you personal IP address from your posting above! sa-src-address=XX.XX.XXX...
by msatter
Fri Feb 19, 2021 8:30 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 11008

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

/ip ipsec policy set 0 group=NordVPN proposal=NordVPN add action=none dst-address=10.0.0.0/24 src-address=0.0.0.0/0 add disabled=yes dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN \ src-address=0.0.0.0/0 template=yes First dst-address=0.0.0.0/0 should contain the entry point if the tunnel. Th...
by msatter
Fri Feb 19, 2021 8:12 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

Screenshot_20210219_190901.jpg
I assume the pads in the red squares are connected and in the blue circle you see the fan connectors with some componend soldered.

This is the 1009 with a bigger case and two internal power supplies.
by msatter
Fri Feb 19, 2021 7:50 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

If you are looking for the fan soldering pads and looked at the bigger versions of the 1009 which share the same boards. Just looking at pictures on the internet. Screenshot_20210219_184150.jpg There are no components around those pad so likely also no power on the pads. I would advise a power sourc...
by msatter
Fri Feb 19, 2021 1:14 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

Screenshot_20210219_121343.jpg
by msatter
Thu Feb 18, 2021 12:25 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

No and forum also not know that. But you can add a small fan on outside to suck air out close to the position of the SFP. https://www.cdr.pl/galerie/m/mikrotik-cloud-core-rout_9166.jpg Seen from the back. Front right side. Powering the fan externally. If you also using those HOT copper network SFP p...
by msatter
Thu Feb 18, 2021 12:33 am
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

OK, so before going ahead and ordering cooling equipment I was taking a look at the board for the CRS326-24G using the high res image on the MT website. I cannot see where the connector for the fan is. Can anyone mark it for me on here? From a previous post I had understood that the board was ready...
by msatter
Wed Feb 17, 2021 7:57 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

OK, so before going ahead and ordering cooling equipment I was taking a look at the board for the CRS326-24G using the high res image on the MT website. I cannot see where the connector for the fan is. Can anyone mark it for me on here? From a previous post I had understood that the board was ready...
by msatter
Wed Feb 17, 2021 12:56 pm
Forum: Beginner Basics
Topic: Problem with PCC load balancing
Replies: 2
Views: 183

Re: Problem with PCC load balancing

I like to use 3/1 - 1/1 and 1/1 can be omited because it catches all just as no PCC would do. Set passthrough=no
This will give you 33% on wan 1 and 66% on wan2.
4/1 - 1/1 gives a 25% - 75% split. etc.

When passthrough is needed then use 3/0 - 3/1 - 3/2 Wan 1 - 2 - 2 (33% - 66%)
by msatter
Sun Feb 14, 2021 11:08 pm
Forum: General
Topic: Routing and mangle
Replies: 7
Views: 558

Re: Routing and mangle

My Dreambox satellite receivers are running DreamOS ;-)
by msatter
Sat Feb 13, 2021 9:17 pm
Forum: General
Topic: DNS over HTTPS
Replies: 158
Views: 39929

Re: DNS over HTTPS

Decrease maximum concurrent queries. It limits, so TCP can keep up.
by msatter
Sat Feb 13, 2021 8:47 pm
Forum: General
Topic: Routing and mangle
Replies: 7
Views: 558

Re: Routing and mangle

You do not need the marking in Mangle because NAT is doing the work here and you don't need the extra marking.

https://wiki.mikrotik.com/wiki/Manual%3 ... squerade_2

Marking is needed if both ISP gateway's are on the same ether port.
by msatter
Thu Feb 11, 2021 1:14 pm
Forum: General
Topic: Polling of mikrotik.com [SOLVED]
Replies: 7
Views: 461

Re: Polling of mikrotik.com [SOLVED]

In terminal you can set the update interval.
 /ip cloud> p;rint
          ddns-enabled: no
  ddns-update-interval: none
           update-time: no
Maybe Mikrotik could make a disable "call-home" in QuickSet to disable all earlier mentioned calls, in one go.
by msatter
Wed Feb 10, 2021 11:19 pm
Forum: General
Topic: Polling of mikrotik.com [SOLVED]
Replies: 7
Views: 461

Re: Polling of mikrotik.com [SOLVED]

System - Clock - Auto Timezone: set it to manual in the next tab.
by msatter
Wed Feb 10, 2021 8:14 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2486

Re: Add cooling fan to CRS-326-24P-2S+ ?

Using search delivered a starting point: viewtopic.php?f=3&t=122395&p=775840&hil ... fp#p780464
by msatter
Fri Feb 05, 2021 1:25 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 100
Views: 19588

Re: v6.48.1 [stable] is released!

A fix for SIP related issue is not included in this release, but it is available in the 6.49beta11. If an upgrade to the testing version is not available, try disabling MNDP in neighbor discovery settings, see command below: /ip neighbor discovery-settings set protocol=cdp,lldp i just disabled the ...
by msatter
Wed Feb 03, 2021 4:45 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 45
Views: 9320

Re: v6.49beta [testing] is released!

Many thanks. My IKEv2 download speed increased by over 100 Mbps to almost the maximum download speed I have. It was lower in 6.48 than the previous versions of ROS.
by msatter
Tue Feb 02, 2021 5:03 pm
Forum: General
Topic: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s
Replies: 7
Views: 655

Re: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s

I would expect lower than 10. Your range values should be mentioned in the datasheet of the module.

As you write it works fine and the other module even goes lower.
by msatter
Tue Feb 02, 2021 4:28 pm
Forum: General
Topic: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?
Replies: 2
Views: 242

Re: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?

Luckily you managed to disengage the Caps-Lock key in the end.
by msatter
Mon Feb 01, 2021 2:31 pm
Forum: General
Topic: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s
Replies: 7
Views: 655

Re: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s

The 1.25/2.5 Gbit/s indication is the interface connection between the SFP and the router. The 1 Gbit/s is the interface between the SFP and the fiber. So all is working correct. Your RX power is a bit high and are all connectors all pushed full in. Update: I now see that there are ones that transmi...
by msatter
Sun Jan 31, 2021 5:38 pm
Forum: General
Topic: SRV DNS records
Replies: 5
Views: 543

Re: SRV DNS records

I have just tested it but I did not manage to obtain anything other than NXDOMAIN from the internal domain server. Sorry.
by msatter
Sun Jan 31, 2021 12:31 am
Forum: General
Topic: SRV DNS records
Replies: 5
Views: 543

Re: SRV DNS records

I have never used that but a search on the internet gave the general workings of a SRV record.

Yes, if you use the srv target.
by msatter
Sat Jan 30, 2021 12:39 am
Forum: General
Topic: SRV DNS records
Replies: 5
Views: 543

Re: SRV DNS records

In the srv you don't put an IP but the domain name of the server serving both ports.

srv site1.lan 32400 --> A siteserver.lan 10.10.10.10
srv site2.lan 20020 --> A siteserver.lan 10.10.10.10
by msatter
Wed Jan 27, 2021 9:21 pm
Forum: RouterBOARD hardware
Topic: GPEN21 POE Output
Replies: 2
Views: 233

Re: GPEN21 POE Output

This device always puzzled me. I see it a kind of NTU with POE, to be used on 'remote' locations.

Eth2 and the SFP are either one and you use the Eth2 or the SFP.
by msatter
Wed Jan 27, 2021 1:55 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 27
Views: 4547

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

Because routing is not used it is indeed free to be used as the trigger for the killswitch. I am using several VPN providers and connections so mark IKEv2 traffic with a single routing mark and the distrubution is done be connection marking.

This gives a lot of flexability in the end.
by msatter
Sat Jan 23, 2021 1:19 pm
Forum: General
Topic: DNSpooq
Replies: 3
Views: 390

Re: DNSpooq

This formum and this blog: https://blog.mikrotik.com/security/

There is also an RSS feed: https://blog.mikrotik.com/rss/?cat=security
by msatter
Sat Jan 16, 2021 2:27 pm
Forum: General
Topic: [ASK] Firewall JUMP rule
Replies: 10
Views: 1330

Re: [ASK] Firewall JUMP rule

RAW is introduced to be able to block traffic before it hits connection tracking and so avoid high CPU usage.

UDP/Mangle/Filter need connection tracking and so using the CPU big time.
by msatter
Sat Jan 16, 2021 12:30 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 27
Views: 4547

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

You mark connections in Mangle with the connection mark op the VPN connection.You have so full control of which traffic is going throuh the VPN based on type, port, dest/src address or domain through a addres-list.
by msatter
Fri Jan 08, 2021 8:34 pm
Forum: Announcements
Topic: MikroTik newsletter November 2020 (#98)
Replies: 64
Views: 13834

Re: MikroTik newsletter November 2020 (#98)

You could consider Class C+ gpon from FS. It has a temperature range of -40 to 85 Celcius, normal is 0 to 70 Celcius. https://www.fs.com/de-en/products/64168.html msatter Thanks for the post. Have you tested this product ? No, but you can ask them for for a sample. https://www.fs.com/sample_applica...
by msatter
Fri Jan 08, 2021 2:06 pm
Forum: Announcements
Topic: MikroTik newsletter November 2020 (#98)
Replies: 64
Views: 13834

Re: MikroTik newsletter November 2020 (#98)

You could consider Class C+ gpon from FS. It has a temperature range of -40 to 85 Celcius, normal is 0 to 70 Celcius.

https://www.fs.com/de-en/products/64168.html
by msatter
Fri Jan 08, 2021 1:31 pm
Forum: General
Topic: mangle rules DB?
Replies: 4
Views: 272

Re: mangle rules DB?

You can only filter on the IP address of theclient. If your router is also providing DHCP to the clients then it should be possible.
by msatter
Thu Jan 07, 2021 9:47 pm
Forum: General
Topic: IKEv2 - issues
Replies: 5
Views: 547

Re: IKEv2 - issues

SHA-384 was already supported earlier but then only through the CLI. Now also through Winbox.

The sixt of January 2021 the table in the Wiki was updated for the RB4011 and here the link to that table:

https://wiki.mikrotik.com/wiki/Manual:I ... celeration
by msatter
Fri Jan 01, 2021 3:39 am
Forum: General
Topic: Gre over ipsec
Replies: 10
Views: 925

Re: Gre over ipsec

by msatter
Thu Dec 31, 2020 12:33 pm
Forum: General
Topic: Tis the Season
Replies: 9
Views: 793

Re: Tis the Season

All the good to everyone and stay virus free in 2021. An to ROS, stay bug free and that you soon succeed for you seventh level exam.
by msatter
Tue Dec 29, 2020 10:25 pm
Forum: General
Topic: Tis the Season
Replies: 9
Views: 793

Re: Tis the Season

I expected something more like this.

Image
by msatter
Tue Dec 29, 2020 9:04 pm
Forum: General
Topic: Reading Source IP on my Filtering DNS Server
Replies: 12
Views: 781

Re: Reading Source IP on my Filtering DNS Server

Hot wine...is then not the alcohol already evaporated?
by msatter
Tue Dec 29, 2020 3:31 pm
Forum: General
Topic: Reading Source IP on my Filtering DNS Server
Replies: 12
Views: 781

Re: Reading Source IP on my Filtering DNS Server

Is it something like Pi-hole filtering the domains and block domains not allowed to return 0.0.0.0 IP-address? The problem of the addresses in the log of the DNS server is normal. In the eyes of the DNS server the router is talking to him and can't see the IP address of the client. If you would use ...
by msatter
Tue Dec 29, 2020 2:07 pm
Forum: General
Topic: Reading Source IP on my Filtering DNS Server
Replies: 12
Views: 781

Re: Reading Source IP on my Filtering DNS Server

Look at it differently. Change the rules to to redirect if the clients are making the requests not to you own DNS.

!10.10.10.1 assuming that is your own DNS.
by msatter
Tue Dec 29, 2020 1:09 pm
Forum: Scripting
Topic: How to delete the specified ip connection with a script? [SOLVED]
Replies: 11
Views: 672

Re: How to delete the specified ip connection with a script? [SOLVED]

/ip firewall connection remove [find where reply-dst-address~"1.2.3.4"]
by msatter
Sat Dec 26, 2020 7:55 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 27
Views: 4547

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

It is for sync that is needed and RouterOS does not know where to sent those returning packets to. Those packets are now sent to where they are expected and being processed to lower the MTU till no, please lower the MTU are send anymore. IKEv2/IPsec significantly increases the security and privacy o...
by msatter
Sat Dec 26, 2020 12:20 pm
Forum: General
Topic: 4011iGS+ rack mount screws
Replies: 1
Views: 375

Re: 4011iGS+ rack mount screws

Use duckduckgo.com and you will find: Accessories Package includes the following accessories that come with the device: EU/US Switching Power Supply DC ⎓ 24 V 1.5 A 36 W 87.4% VI 150 cm RA DC plug. K-60 fastening set. DIN965, M3x6 . Mounting kit 4011 rm bracket. There are two included in the K-60 ba...
by msatter
Sat Dec 26, 2020 11:40 am
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 27
Views: 4547

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

I see in the use cases the following line which is obsolete if you do that directly in IPSEC Policy. It is this line in mangle: # Reduce MSS (should be about 1200 to 1400, but 1360 worked for me) /ip firewall mangle add action=change-mss chain=forward new-mss=1360 passthrough=yes protocol=tcp src-ad...
by msatter
Wed Dec 23, 2020 10:15 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 148
Views: 28366

Re: Advanced Routing Failover without Scripting

Try using "ISP 1" and "ISP 2" Nice to see you back....so soon. Greetings matter, I tried to do it with the scripts that you told me by disabling the interface, but it did not work for me, I think that with the use of recursive ways I can achieve that the failover is done and eve...
by msatter
Wed Dec 23, 2020 8:35 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 148
Views: 28366

Re: Advanced Routing Failover without Scripting

Try using "ISP 1" and "ISP 2"

Nice to see you back....so soon.
by msatter
Mon Dec 21, 2020 9:24 pm
Forum: Scripting
Topic: Disable and Enable interface
Replies: 16
Views: 1272

Re: Disable and Enable interface

OK.
{
:if ( [/ping 8.8.8.8 interface= "ETHERT 2" count=6 ] = 0) do={/ip route disable [find comment=ISP2]}
:if ( [/ping 8.8.8.8 interface= "ETHERT 2" count=6 ] != 0) do={/ip route enable [find comment=ISP2]}
}
by msatter
Mon Dec 21, 2020 4:50 pm
Forum: Scripting
Topic: Disable and Enable interface
Replies: 16
Views: 1272

Re: Disable and Enable interface

So if you say this works: :if ( [/ping 8.8.8.8 interface= "ETHERT 2" count=6 ] = 0) do={/interface disable numbers=1} Then the following should work if you add the comment label "ISP2" to the route going to your second provider. ETHERT 2 is not disabled this way, this because you...
by msatter
Mon Dec 21, 2020 2:52 pm
Forum: Announcements
Topic: v6.48rc [testing] is released!
Replies: 18
Views: 5101

Re: v6.48rc [testing] is released!

No reporting of posts possible in this tread?!
by msatter
Mon Dec 21, 2020 12:00 pm
Forum: Scripting
Topic: How do I disable a rule in IP ROUTE? [SOLVED]
Replies: 4
Views: 496

Re: How do I disable a rule in IP ROUTE? [SOLVED]

You can't. If you don't have an active connection to the internet you can't ping anything on the internet.

Please stop with creating postings about this and have a read of what others suggested in answer to your many postings on this.
by msatter
Mon Dec 21, 2020 11:51 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43064

Re: v7.1beta3 [development] is released!

On the subject of export- On my RB4011 it does complete, it just takes an average of 21 minutes. The only errors on the export are: #error exporting /routing/bfd/authentication #error exporting /routing/bfd/configuration But export terse compact file=$fileName does finally complete. See the answer ...
by msatter
Sat Dec 19, 2020 5:46 pm
Forum: General
Topic: RB760iGS - Very Slow transfer speeds vlan to vlan and cpu usage is just 30%
Replies: 7
Views: 735

Re: RB760iGS - Very Slow transfer speeds vlan to vlan and cpu usage is just 30%

Visual of the posting above:

Image

As soon you enable the SFP, one of the 1Gbit get reserved for traffic on the SFP. Leaving half the speed for the Ethernet.

Vlan happens in the CPU so it has a big impact.
by msatter
Fri Dec 18, 2020 9:08 pm
Forum: Beginner Basics
Topic: Mikro + Asterix + One Way Audio
Replies: 4
Views: 411

Re: Mikro + Asterix + One Way Audio

Try with UDP starting at 7000 instead of 10000.
by msatter
Thu Dec 10, 2020 8:06 pm
Forum: General
Topic: DNS over HTTPS, round robin support
Replies: 19
Views: 1315

Re: DNS over HTTPS, round robin support

Well yeah, it seems that I have no other option but to build a test environment for this. And if it turns out that DNS rr is not utilized for failover, then it will have been a waste of time. :-(
At least, you have learned something after that. :-)
by msatter
Thu Dec 10, 2020 1:03 am
Forum: Scripting
Topic: Persistent Environment Variables
Replies: 4
Views: 485

Re: Persistent Environment Variables

No, this was discussed in the 7.1beta3 thread a few days ago.
by msatter
Wed Dec 09, 2020 12:43 pm
Forum: General
Topic: DNS over HTTPS, round robin support
Replies: 19
Views: 1315

Re: DNS over HTTPS, round robin support

Round Robin in on the server side and not the client side. RouterOS is here a client.
by msatter
Fri Dec 04, 2020 4:39 pm
Forum: Scripting
Topic: Fail Variable declaration sintax from manual
Replies: 6
Views: 457

Re: Fail Variable declaration sintax from manual

:set $myVar "my value";
by msatter
Thu Dec 03, 2020 11:26 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43064

Re: v7.1beta3 [development] is released!

This is still present and had this when enabling/disabling logging in RAW rules.

viewtopic.php?f=1&t=165248#p813064

The first rules counter had a life of their own.
by msatter
Thu Dec 03, 2020 10:42 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43064

Re: v7.1beta3 [development] is released!

Hope this will also stop the router crashing when you change the MTU of an interface. I appreciate your test reports as we seem to be having the same issues. I'm with Bell in Canada and they also use baby jumbo frames on a SFP ONT with PPPoE. So I see the same crashing and MTU issues you are seeing...
by msatter
Thu Dec 03, 2020 7:36 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43064

Re: v7.1beta3 [development] is released!

Updated my HAP AC2 from beta2 to beta3 and the device is constantly rebooting at about 1 minute of uptime. There was only one critical log entry, the device restarted because of a kernel failure. Downgraded back to beta2. Please report this to support@mikrotik.com and attach either a supout file fr...
by msatter
Thu Dec 03, 2020 5:07 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43064

Re: v7.1beta3 [development] is released!

256MB of memory: https://mikrotik.com/products?filter&s=c&f=[%22integrated_wireless%22,%22indoors%22]&a=[%22arm%22]&r={%22ram%22:{%22s%22:%22253%22,%22e%22:%22317%22}}#! More than 256MB of memory: https://mikrotik.com/products?filter&s=c&f=[%22integrated_wireless%22,%22indoor...
by msatter
Thu Dec 03, 2020 12:22 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43064

Re: v7.1beta3 [development] is released!

Hope this will also stop the router crashing when you change the MTU of an interface. Update: I could change de MTU but sadly not the one I wanted to. The PPPoE dropped back to 1480 and manually I could set it to 1492 to a bit be closer to the 1500 that I can use in 6.48. Routing was changed (expect...
by msatter
Wed Dec 02, 2020 2:28 pm
Forum: Scripting
Topic: To retain variable's values after reboot
Replies: 20
Views: 5323

Re: To retain variable's values after reboot

This can be adapted to write global variables to a file: https://forum.mikrotik.com/viewtopic.php?f=9&t=167594&p=823889&hilit=environment+print+file#p823683 I advise to only do variables and not scripts due to the 4096 bytes limitation. If you mark functions with the wordpart func in the...
by msatter
Wed Dec 02, 2020 1:22 pm
Forum: Scripting
Topic: Checking the empty value [SOLVED]
Replies: 6
Views: 816

Re: Checking the empty value [SOLVED]

;-)
by msatter
Wed Dec 02, 2020 12:08 pm
Forum: Scripting
Topic: To retain variable's values after reboot
Replies: 20
Views: 5323

Re: To retain variable's values after reboot

Write variables in scheduler startup script is a better option than writing variables in l7 rules and other crazy stuff.
Can we have a scheduler restart/shutdown then?
by msatter
Wed Dec 02, 2020 12:02 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1146

Re: DDOS ATTACK

Allow someone to hold your hand on this.

https://mikrotik.com/consultants
by msatter
Mon Nov 30, 2020 11:38 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65355

Re: v6.48beta [testing] is released!

Hrmm maybe? I downloaded the .zip file with 'all extras' for arm and scp'd the .npk files as normal and validated they were all there and the right size. When that didn't work after two attempts of scp and reboot, I tried the winbox method and it showed download complete and rebooted, but again fai...
by msatter
Mon Nov 30, 2020 11:31 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97297

Re: v7.1beta2 [development] is released!

Mikrotik cares but the Beta has problems with booting the Tile architecture so not released yet.

If your Chateau has problems the ask support if you can have Beta 3 already.
by msatter
Mon Nov 30, 2020 10:09 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65355

Re: v6.48beta [testing] is released!

Maybe this interferes: upgrade - do not try installing packages if download was not completed
by msatter
Mon Nov 30, 2020 9:25 pm
Forum: RouterOS v7 BETA
Topic: Chateau LTE12, Router OS v7.1beta2, packet loss
Replies: 6
Views: 956

Re: Chateau LTE12, Router OS v7.1beta2, packet loss

When you on it, ask also for Beta 3 for your router.
by msatter
Sun Nov 29, 2020 3:42 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1146

Re: DDOS ATTACK

If uou don't want to do it yourself with help of the documentation you can try this page to find someone to do it for you:

https://mikrotik.com/consultants
by msatter
Sun Nov 29, 2020 12:54 pm
Forum: Scripting
Topic: Why are my posts being deleted from this forum?
Replies: 6
Views: 520

Re: Why are my posts being deleted from this forum?

Good luck with contacting an administrator. Messaging is switched off again. It could be that your posting got reported and they are deleted...manually or "automatic". ps. you posted this in scripting and that is not right place post this. I posted in scripting because that’s the forum th...
by msatter
Sat Nov 28, 2020 1:06 pm
Forum: Scripting
Topic: Why are my posts being deleted from this forum?
Replies: 6
Views: 520

Re: Why are my posts being deleted from this forum?

Good luck with contacting an administrator. Messaging is switched off again.

It could be that your posting got reported and they are deleted...manually or "automatic".

ps. you posted this in scripting and that is not right place post this.
by msatter
Fri Nov 27, 2020 8:32 pm
Forum: General
Topic: Why Mikrotik forcibly reset my password for forum account????
Replies: 1
Views: 223

Re: Why Mikrotik forcibly reset my password for forum account????

The day after 9-11 this year, the passwords were reset and members had to provide a new password.

You must have missed that....by a few months.

viewtopic.php?f=21&t=166059
by msatter
Fri Nov 27, 2020 1:01 pm
Forum: General
Topic: ask [main/backup loader]
Replies: 6
Views: 527

Re: ask [main/backup loader]

There is indeed no way to see which version of boot you're using in backup mode. You can look at the factory firmware and then deduct that the backup boot has the same version. This should be valid since Mikrotik synced the version numbers of the boot/firmware and the RouterOS version. Your are righ...
by msatter
Fri Nov 27, 2020 12:25 am
Forum: General
Topic: ask [main/backup loader]
Replies: 6
Views: 527

Re: ask [main/backup loader]

You signature is outdated. https://forum.mikrotik.com/viewtopic.php?f=9&t=169030 On your question: https://help.mikrotik.com/docs/display/ROS/RouterBOARD If to use the backup RouterBOOT. This is only useful if the main loader has become corrupted somehow and cannot be fixed. So that you don't ha...
by msatter
Thu Nov 26, 2020 3:38 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65355

Re: v6.48beta [testing] is released!

*) certificate - properly flush expired SCEP OTP entries [SUP-31328] The flushing works , but when flushed it is made not visible in Winbox until you generate a new OTP hash manually refresh by changing windox in Winbox. It is possible to generate OTP with a lifetime of zero minutes in Terminal and ...
by msatter
Wed Nov 25, 2020 3:05 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 662

Re: Password, Pin and and Hash

I have put a updated version in the second post of this tread. Removed some bugs, corrected typos and changed some incorrect code. Streamlined the removal of generated OTP hashes so that the generated hashes that became obsolete are removed directly. Introduced a dedicated variable $decimalUP to hav...
by msatter
Tue Nov 24, 2020 12:44 am
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

Create a way to delete the generate hash while the auto-removal is still broken in my version of RouterOS: :local createOTPHash [/certificate scep-server otp; ([generate minutes-valid=0 as-value]->"password") [:foreach i in=[find -1] do={:set $lastHash $i}; :do {remove $lastHash} on-error=...
by msatter
Mon Nov 23, 2020 9:43 pm
Forum: Scripting
Topic: Removing Certificate [SOLVED]
Replies: 4
Views: 498

Re: Removing Certificate [SOLVED]

You should never ever use index numbers in scripts. These are just temporary and refer to the last print.
To remove all certificates use this:
/certificate remove [ find ];
You can use print in a script by adding without-paging and as stated using numbers is not the best way to do this.
by msatter
Mon Nov 23, 2020 4:24 pm
Forum: Scripting
Topic: Useful scripts
Replies: 82
Views: 136383

Re: Useful scripts

Please open a new topic about this because this thread is about Useful scripts and you want something specific. You could also use search because this is talked about many many times and yes you can use HUGE lists, but you have to prepare them first on a computer and then import it. See: https://for...
by msatter
Mon Nov 23, 2020 3:35 pm
Forum: Scripting
Topic: Scripting - Asking user for input.
Replies: 9
Views: 4576

Re: Scripting - Asking user for input.

You need to :put $userinput, not :put $read :) :put $userinput is also empty for me after asked for a value (v6.47). If you get actual code then use an extra pair square brackets. :local userinput [$read]; :put [$userinput]; or use :set, instead of local/global :set [userinput [$read]]; :put $useri...
by msatter
Mon Nov 23, 2020 3:21 pm
Forum: Scripting
Topic: Useful scripts
Replies: 82
Views: 136383

Re: Useful scripts

Source: https://forum.mikrotik.com/viewtopic.php?f=9&t=152632&p=796712&hilit=63+kb#p759427 # Written by Shumkov # Adapted by blacklister # 20201025 { /ip firewall address-list :local update do={ :do { :local result [/tool fetch url=$url as-value output=user]; :if ($result->"download...
by msatter
Mon Nov 23, 2020 12:42 pm
Forum: Scripting
Topic: Useful scripts
Replies: 82
Views: 136383

Re: Useful scripts

If it is bigger than 63KB then that is not possible in RouterOS.
by msatter
Sun Nov 22, 2020 7:06 pm
Forum: Scripting
Topic: Checking the empty value [SOLVED]
Replies: 6
Views: 816

Re: Checking the empty value [SOLVED]

Some other ways to check:

([:len $z]=0) works also for array
([:typeof $z] ~ "(nil|nothing)")
I did not knew the =[ ] and that one could replace the :len one for me.
by msatter
Fri Nov 20, 2020 2:47 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 27
Views: 4547

Re: [Guide] How to setup NordVPN (IPSEC/IKEv2) + killswitch

Should I see traffic when I torch the bridge acting as blackhole for the VPN when it is going up or down? The only traffic I saw was ARP. When I re-enable my own killswitch lines (dst 100.69.69.69) then those lines in NAT do catch traffic. Looking in /IP routing the PPPoE-out has a distance of zero ...
by msatter
Thu Nov 19, 2020 5:19 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 662

Re: Password, Pin and and Hash

The code has been updated in posting two of this thread. I added a simple help to code and I could insert it locally in the global function $genpassword because it was less than 45 lines of code including the help text. You can display help by typing: $genpassword -help and displaying the version nu...
by msatter
Thu Nov 19, 2020 11:00 am
Forum: RouterBOARD hardware
Topic: RB4011: SFP power cycle?
Replies: 3
Views: 382

Re: RB4011: SFP power cycle?

You could try this as scipt running (Terminal) after the router has booted and see if that helps: { disable sfp-sfpplus1 :delay 50ms enable sfp-sfpplus1 } My scipt-code in PPP Profile for not obtaining a MTU of 1500: { :delay 4s /interface :if (([pppoe-client monitor pppoe-out as-value once]->"...
by msatter
Thu Nov 19, 2020 10:48 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 98
Views: 18166

Re: WinBox v3.27 released!

I understand that as of a few winbox versions ago , the entries in the log window were truncated to not take up more than a single line (and there were some users requesting this). however im not clear on how this is a better solution than the prior multi line log window entries (where you could al...
by msatter
Thu Nov 19, 2020 10:37 am
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 662

Re: Password, Pin and and Hash

I made a second update to the code and added the option to only mix a supplied string (minimal length 4) and the code was already is in the genpassword script. To make this also directly available a small function was added next to the already exisisting genpin and dummyhash to call it directly and ...
by msatter
Tue Nov 17, 2020 1:04 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 662

Re: Password, Pin and and Hash

Thanks Jotne and the ";" presence is known and it is due to I tried to find why I could not put the code in :global. In the end it was due to me using multiple TABs to structure the code. I will propose the code to Mikrotik and hope that the will have look at it and be so nice to provide a...
by msatter
Tue Nov 17, 2020 12:57 pm
Forum: Beginner Basics
Topic: Connect HexS with SFP VDSL2 Modem to ISP
Replies: 1
Views: 225

Re: Connect HexS with SFP VDSL2 Modem to ISP

I am affraid that is is a troublesome undergoing. It started 4 years ago:

viewtopic.php?f=3&t=104109&hilit=vdsl
by msatter
Sun Nov 15, 2020 4:17 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 662

Re: Password, Pin and and Hash

################################################################################################### # Written for RouterOS from Mikrotik # Written by Msatter (alias on forum.mikrotik.com) # only for non commercial use # version 20201125-2.58 DO NOT FORGET TO UPDATE ALSO THE :global version undernea...
by msatter
Sun Nov 15, 2020 4:17 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 662

Password, Pin and and Hash

I have completed the script to generate different types of random ranges of characters, numbers or combinations from those. A One-Time-Password hash generator in RouterOS is used to have randomness to be used in the generator. Calling the function is quite flexiable and the ordering of the parameter...
by msatter
Fri Nov 13, 2020 6:09 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

Mixing the base strings is complete after bring on the backburner while I wrote a menu script. Also aound a much faster and absolute way to remove the obsolete OTP hashes.I first had a for next removing the "numbers" one by one. This did not work always and with more that thirdteen thousan...
by msatter
Wed Nov 11, 2020 2:35 am
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 409

Re: :return not as described?

It seems I had them because I had to scare away people looking at their phone wandering into the garden. Never seen them personally so it was a complete surprise to me that I had them in my garden. Those invisible creatures. Not much running scripts here and sometimes the VPN maintainers flashes by....
by msatter
Tue Nov 10, 2020 7:37 pm
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 409

Re: :return not as described?

If there is a second return the that one should supersedes the earlier one and the last one the only one retuned. It is then behaving as variable, which can have only one value.

We have already :error which stops all scripts/and functions.
by msatter
Tue Nov 10, 2020 7:19 pm
Forum: Scripting
Topic: Cant read file large then 4085 bytes
Replies: 15
Views: 5207

Re: Cant read file large then 4085 bytes

A file up to 64KB can be read in one go to an array.

.RSC files can be much larger and I hsve not found yes a limitation other than the memory of the router itself.

I am still searching for a way to include code as insert and not in script or global.
by msatter
Tue Nov 10, 2020 2:59 pm
Forum: Beginner Basics
Topic: Layer 7 Blacklist
Replies: 16
Views: 948

Re: Layer 7 Blacklist

The short answer is yes, it is possible. The problem is making a regex that covers half the internet...
It's like saying that achieving world peace is possible, the problem is just finding how to make all people like each other.
Till .*$

;-)
by msatter
Tue Nov 10, 2020 2:56 pm
Forum: Beginner Basics
Topic: Layer 7 Blacklist
Replies: 16
Views: 948

Re: Layer 7 Blacklist

Not nice to say that about Bidon. Go and was your mouth. Are you drunk?? Not judging, but hopefully not configuring any MT devices jajajajaja I don't drink alcohol only smell it when I disinfect my hands, and that is not enough to get drunk and it is also not the right type of alcohol to use intern...
by msatter
Tue Nov 10, 2020 2:39 pm
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 409

Re: :return not as described?

Thanks SiB and I did not see any other that :returns cuts away from the function despite there could be more instructions to process. Or did I missed it? It has it's chams because you can go in the middle exit a function this way without being concerned about code underneath. It brings the feeling b...
by msatter
Tue Nov 10, 2020 11:51 am
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 409

:return not as described?

I have the problem that :return acts like an :error and terminates the function and does not execute the last command till the end of the function "}" From the Wiki: Starting from v6.2 new syntax is added to easier define such functions and even pass parameters. It is also possible to retu...
by msatter
Mon Nov 09, 2020 9:28 pm
Forum: Scripting
Topic: Find and list filter by comment
Replies: 3
Views: 252

Re: Find and list filter by comment

Let RouterOS do this for you and look at how you normally enable and disable lines.

You are now collecting the lines and that is not needed.
by msatter
Mon Nov 09, 2020 8:53 pm
Forum: Beginner Basics
Topic: Layer 7 Blacklist
Replies: 16
Views: 948

Re: Layer 7 Blacklist

Not nice to say that about Bidon. Go and was your mouth.
by msatter
Mon Nov 09, 2020 8:46 pm
Forum: Scripting
Topic: Find and list filter by comment
Replies: 3
Views: 252

Re: Find and list filter by comment

/ip firewall filter disable [:find comment~"Yoeptube"]; This is in ROS script.

Replace Yoeptube with you use and it can also a partly match like tube because of the ~ instead of a =
by msatter
Mon Nov 09, 2020 11:52 am
Forum: Scripting
Topic: Understanding scripting data types
Replies: 6
Views: 3764

Re: Understanding scripting data types

Really! Old syntax don't support parameters :global fold [:parse ":put \"$param\""] :global fnew do={:put "$param"} :put "Old" $fold param="params work" :put "New" $fnew param="params work" > /system script run test-params Old Ne...
by msatter
Sun Nov 08, 2020 10:45 pm
Forum: Scripting
Topic: Useful scripts
Replies: 82
Views: 136383

Re: Useful scripts

Hi all,

Let me also share my scripts collection with you - maybe you will find few of them helpful or useful as they are to me;)

https://github.com/gbudny93/RouterOS_Useful_Scripts

Greg
Easier append array: viewtopic.php?p=819886#p728850
by msatter
Sat Nov 07, 2020 11:17 am
Forum: Scripting
Topic: Cumbersome fetching the key in an array and duplicating arrays
Replies: 3
Views: 462

Re: Cumbersome fetching the key in an array and duplicating arrays

BTW, I managed to wipe environment when a Array was by mistake looped and the memory start to fill up and after about 20MB it would clear and start again to fill up. In Winbox the environment screen was wiped and in red was displayed something "NOTHING FOUND". Then filtering would engage o...
by msatter
Fri Nov 06, 2020 8:46 pm
Forum: Scripting
Topic: Cumbersome fetching the key in an array and duplicating arrays
Replies: 3
Views: 462

Re: Cumbersome fetching the key in an array

I had a look at 2D array. They are not easy and I stepped in a few beartraps and maybe I even need some new functions to handle them easier. Some things are easier to archive but it is a lot to learn and test. Update: I have converted it from array with a key to a 2D array. Work great and it was a f...
by msatter
Fri Nov 06, 2020 1:46 pm
Forum: General
Topic: How can I make Mikrotik help pages more readable?
Replies: 5
Views: 689

Re: How can I make Mikrotik help pages more readable?

You are right, it does resize badly on small displays. We will work on that.
And it gone. Hoping that mobile device friendly mode will be back soon!
by msatter
Wed Nov 04, 2020 2:57 am
Forum: Scripting
Topic: Cumbersome fetching the key in an array and duplicating arrays
Replies: 3
Views: 462

Cumbersome fetching the key in an array and duplicating arrays

I want to return the key in a array and don't want to use the "foreach k,v in $ar" method. :local ar {"Abcdef"="b";c="d"}; :local a [:tostr [:pick $ar 0 1]]; :put [:pick $a 0 ([:find $a "="])] [:tostr [:pick $ar 0 1]]; is putting out the key and the ...
by msatter
Wed Nov 04, 2020 12:18 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 98
Views: 18166

Re: WinBox v3.27 released!

That will still have one long line, but at least you can drag that window until you see it all. So it's a way, but definitely not good way, just slighly better than nothing. It would be best to optionally support both horizontal scrolling and line wrapping. On scripts, I don't remember where, if yo...
by msatter
Mon Nov 02, 2020 8:33 pm
Forum: General
Topic: Reload Mikrotik OS over WiFiRanger
Replies: 4
Views: 385

Re: Reload Mikrotik OS over WiFiRanger

You'reInHotWaterJoe.
by msatter
Thu Oct 29, 2020 4:09 pm
Forum: Scripting
Topic: Working with string ¿?
Replies: 3
Views: 361

Re: Working with string ¿?

:put is there show humans, an :if does not need to see it, it knows what the result is without seeing. The connections table is table that is shown and you best use "print" to find a value. I had to use also a :pick, which is scanning the lines till it finds what is sought and cut is out. ...
by msatter
Wed Oct 28, 2020 11:37 am
Forum: Scripting
Topic: Working with string ¿?
Replies: 3
Views: 361

Re: Working with string ¿?

You can't use put there:
:if (:put ([/ip firewall

Use:
/ip firewall connection remove [find where dst-address="15.15.15.1:9987"] 
by msatter
Tue Oct 27, 2020 6:40 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

Should line 17 be like this? :set ($arrayString->"mixedpin") "8923176504" ; :set ($arrayString->"mixednumbers") "8923176504" ("mixednumbers" -> "mixedpin") Thanks, I think I will do away with static mixed and replace that by dynamic mixing...
by msatter
Tue Oct 27, 2020 1:12 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

That would be great and Mikrotik could also use the encryption engine to hash the password generated, with a salt added to it. Then the admin only has to store the hash and the salt. I have busy on a scripts and when syntax and error checking it is wise to not be in the root but off-root (like: /ip)...
by msatter
Mon Oct 26, 2020 10:48 pm
Forum: General
Topic: How can I make Mikrotik help pages more readable?
Replies: 5
Views: 689

Re: How can I make Mikrotik help pages more readable?

You are right, it does resize badly on small displays. We will work on that.
First looks great. Many thanks for the mobile view!

Update: :-) ....reads like a old fashion manual, but better.
by msatter
Mon Oct 26, 2020 10:35 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 12781

Re: understanding and fixing MTU/MSS/PMTU with IPsec

I did not see a way to reduce the MTU except for the SYNC. NAT is not a problem because a tunnel is used. UDP/4500.

Despite my IKEv2 is eorking great and MSS is never triggered I have sometimes problems retrieving TLS certificates when browsing.
by msatter
Mon Oct 26, 2020 8:57 pm
Forum: Scripting
Topic: Script Telnet
Replies: 8
Views: 13898

Re: Script Telnet

As written much earlier that does not work with telnet. You need to use SSH and yhese dsys we use RSA instead of DSA.
by msatter
Mon Oct 26, 2020 6:04 pm
Forum: Scripting
Topic: Mikrotik Scripting needs to be useful! Requests!
Replies: 5
Views: 473

Re: Mikrotik Scripting needs to be useful! Requests!

Of course You can do anything with a network of Mikrotik routers if you put a big computer next to them and use PHP/PERL/Delphi/Putty/Whatever to control them using API/Telnet/FTP; But thats not the power of Mikrotik. It's the only router that I know of (apart from a LInux box) that can be scripted...
by msatter
Sun Oct 25, 2020 11:59 pm
Forum: General
Topic: enable/disable a Firewall rule in terminal or script
Replies: 6
Views: 804

Re: enable/disable a Firewall rule in terminal or script

Before you can use the (rules) line numbers you first have to fixate them in a script. print without-paging; # to have a correct location of numbers in the table Then determine the dynamic lines to skip. :local dynamicLines [:len [ find dynamic]]; :do { add place-before=($dynamicLines) action=..... ...
by msatter
Sun Oct 25, 2020 8:42 pm
Forum: Scripting
Topic: IP address list export script
Replies: 5
Views: 8142

Re: IP address list export script

There are several ways to do this and I have written a backup and restore especially for interchanging between different routers. The focus is on keeping the filesize as low as possible. It is close to RC and I was distacted by other projects so it went down the pile of other things. If you want you...
by msatter
Sun Oct 25, 2020 1:47 pm
Forum: Scripting
Topic: useful scripts and simple functions
Replies: 2
Views: 2196

Re: useful scripts and simple functions

Very interesting and they look very good.
by msatter
Sun Oct 25, 2020 10:36 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65355

Re: v6.48beta [testing] is released!

Tried 6.48beta48 L2TP IPSec using certificates is still broken for my clients. Searched the forums, but haven't found any resolution. My L2TP/IPSec clients failed after 6.47, was able to downgrade back to 6.46.6 and everything worked ok again. Did you already contact Mikrotik support on this? e-mai...
by msatter
Sun Oct 25, 2020 10:05 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 20936

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Update: I see that all omit this "/" and this works if you are already in the root of the menus. I always put a "/" in front to be sure I land where I need, every time, where ever I am. Thank you, i add the "/" to the first line but with the same result. All lists cant...
by msatter
Sun Oct 25, 2020 1:33 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 20936

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Quick check. The first line you are changing to / ip firewall address-list but you not copied the needed a "/" in front when already being already in a menu. Update: I see that all omit this "/" and this works if you are already in the root of the menus. I always put a "/&qu...
by msatter
Sun Oct 25, 2020 12:08 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 20936

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

It is indeed a bit confusing. Original there was one address-list named blacklist and the desciption/comment separated the different imported address-list.

Please post the scipt you use then can have a look at it.
by msatter
Sat Oct 24, 2020 10:35 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 12781

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Can you post what Sindy ask you to post? Looking at the picture I don't see a ptoblem but often a picture does not show all. An export will. Update: I am now behind a Winbox and to me only the line in IPsec-Policy works and disabling it and enabling a MSS change line in Mangle does not work for me.....
by msatter
Sat Oct 24, 2020 9:29 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 20936

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Hi
i tryed the different scripts but get on all lists "Address list <name of the list> update failed"
CCR1009 v6.46.7
What could be wrong?
-faxxe
Do you have by any chance spaces or special characters in the names of the lists?
by msatter
Sat Oct 24, 2020 9:16 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 12781

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Have you done the click/tap post preview test on this site?

@Sindy *ffffff is the .id of the default. I do not know if that is needed anymore. This because of auto sort that implemented not that long ago.

But then auto sort could be taking care of that now and that would make it much much simpler.
by msatter
Sat Oct 24, 2020 5:17 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

An other further development. Made it so that only the names and strings are hard-coded and all depending on those are dynamic. The default string should be named "default" and that is the only variable/key that is hard-coded. It was a lot of work for someone who inexperienced in programmi...
by msatter
Sat Oct 24, 2020 5:06 pm
Forum: General
Topic: Nordvpn IPsec Mikrotik Routing
Replies: 15
Views: 2251

Re: Nordvpn IPsec Mikrotik Routing

OMG, it works now! Thank you so much! I actualy saw earlier your linked topis and by advice there, I tryed to press "Preview" my written post, and it opens in very short time, so I had no doubt in MTU. Obviously, I did not done this throughly. Thanks again, but beware; More questions are ...
by msatter
Sat Oct 24, 2020 3:37 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 12781

Re: understanding and fixing MTU/MSS/PMTU with IPsec

See: viewtopic.php?f=2&t=161967#p824619

Your line should work but maybe 1382 is still to big for your connection. Try again with 1200 and the work your eay up.

Or try the better sollution. for IKEv2.
by msatter
Sat Oct 24, 2020 3:27 pm
Forum: General
Topic: Nordvpn IPsec Mikrotik Routing
Replies: 15
Views: 2251

Re: Nordvpn IPsec Mikrotik Routing

/ip ipsec policy
move *ffffff destination=0
add action=none dst-address=168.192.88.0/24 src-address=0.0.0.0/0 place-before=1
Replace 168.192.88.0/24 by your own local network.

viewtopic.php?f=2&t=154449&p=763404#p763404
by msatter
Fri Oct 23, 2020 2:02 am
Forum: General
Topic: Optical cable and SFP advice
Replies: 8
Views: 788

Re: Optical cable and SFP advice

You could go for a LC connector on both sides of the cable. If you use the panel then use what already have and that SC connectors and if the SFP comes with a LC connector then use the cable LC-APC as the two posters above also suggested. SC/APC = Green and SC/PC = Blue and this picture shows the di...
by msatter
Fri Oct 23, 2020 1:16 am
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

An other step and the strings are stored in a array so that selection is easier and is now also a function that can be called with extra parameters: $genpassword {length} {string} {string} {string} -- length is size of the password, string can be normal, mixed, letters, mixletters, numbers, mixnumbe...
by msatter
Thu Oct 22, 2020 2:32 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

Your're welcome and many thanks Jotne for the clean up. All those ; in just to be sure that it would not complain about those missing in other settings. The / was there to go to the root of the menu. It could be adapted to meet minimal password requerements by having several compose of strings and n...
by msatter
Thu Oct 22, 2020 2:09 pm
Forum: General
Topic: Optical cable and SFP advice
Replies: 8
Views: 788

Re: Optical cable and SFP advice

I assume by "streched" that have two cable that are connected in the middle by a adaptor? That is normally called "extended". 200 meter military grade, can be even put in the ground, cost about 160 Euro and armoured around 110 Euro. If you all indoor and protected a fibre cost ar...
by msatter
Thu Oct 22, 2020 12:05 pm
Forum: General
Topic: Optical cable and SFP advice
Replies: 8
Views: 788

Re: Optical cable and SFP advice

You need two different SFP. Example one R1310nm T1490nm and the second one R1490nm T1310nm and one fiber. You can use a standard fibre and you can also get Armoured fibre cables that are robuster. Or even military grade ones. Length can be adjusted to the length you need + extra by clicking the cust...
by msatter
Thu Oct 22, 2020 12:41 am
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

Simple password generator based on Mikrotik OTP. # generate password: { :set $pwdLength 10; # From this string the password is formed. :set $pwdComposedOff "!&()*+/0123456789:;<=>@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]abcdefghijklmnopqrstuvwxyz{}"; :set $pwdLoops ((255 + [:len $pwdComposedOff]) ...
by msatter
Wed Oct 21, 2020 4:45 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

That did not work for me and the generated passwords stay in the list despite it has counted down to zero. OTP.jpg It is not that easy to remove those passwords and the problem is that sometimes the generated password is not yet displayed in the list. Then I get the error that the item does not exis...
by msatter
Wed Oct 21, 2020 2:16 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 1809

Re: One line password generation without fetch tool

And removes the full password directly after generating it.
{
:local hash ([/certificate scep-server otp generate minutes-valid=0 as-value]->"password");
/certificate scep-server otp remove [:find $hash];
:local pwd [:pick $hash 0 8];
:put $pwd;
}
by msatter
Tue Oct 20, 2020 12:18 am
Forum: General
Topic: [feature request] Blocking a special kind of DDoS
Replies: 17
Views: 5028

Re: [feature request] Blocking a special kind of DDoS

Hello Could you please share the updated script for ddos and TCP syn flood protection for mikrotik This script is made for a special kind of DDOS and is optimized as much as I am possible to do. In many cases psd is your friend when TCP is used to avoid loading connection up. UDP or other protocols...
by msatter
Mon Oct 19, 2020 5:00 pm
Forum: Scripting
Topic: Example: Showing help, on parameters used in a function
Replies: 0
Views: 182

Example: Showing help, on parameters used in a function

This is a part of bigger script and I share this as a building block to provide help on parameters in a simple way, for a function. It can display the whole help text if you only enter $myFunc -help and if only a specific help on a parameter is needed then $myFunc 1parameter -help. Providing help on...
by msatter
Sat Oct 17, 2020 1:10 am
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 8227

Re: NTH load balancing

@DarkNate try Nth 3-1 2-1 - which is the same as 3-1 3-2 3-3 and I think, less processor intensive. Nth 3,1 - 2,1 is likely not the same as Nth 3,1 - 3,2 - 3,3 and if I remember correctly from some MikroTik presentation files, it has to be in that order for either PCC/Nth where 2 means two WAN, 3 m...
by msatter
Fri Oct 16, 2020 10:34 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 8227

Re: NTH load balancing

Then, you don't know up-front how much traffic will go over a marked connection. I could look in NAT which connection, had not much traffic yet and then prefer that link. In real time, that is only possible if Mikrotik implement a distribution by clean switching of the source port. Maybe that is alr...
by msatter
Fri Oct 16, 2020 2:43 pm
Forum: General
Topic: How can I make Mikrotik help pages more readable?
Replies: 5
Views: 689

How can I make Mikrotik help pages more readable?

Mikrotik is switching from the Wiki to the Help pages and I can't read it good brcause the rext area is very narrow. Examples and tables have to be scrolled horizontal all the time. I have to tap the two vertical bars in the left column and directly after that the book icon that is then displayed. O...
by msatter
Thu Oct 15, 2020 11:22 pm
Forum: General
Topic: Dynamic firewall filter rule added when IPsec peer is down to avoid unencrypted LAN leaking.
Replies: 5
Views: 308

Re: Dynamic firewall filter rule added when IPsec peer is down to avoid unencrypted LAN leaking.

Even stronger. Most user don't know that their IKEv2 is leaking during the connection is coming up. I use marking all IKEv2 traffic with a routing mark which in NAT is redirected to nothing. This in NAT is not static nor are the connection marking in Mangle. It is a complex script handeling that for...
by msatter
Wed Oct 14, 2020 9:40 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 8227

Re: NTH load balancing

When we mark-connection using Nth, it marks the connection based on the Nth classier which is more random (more deeper) as it's per packet (of that particular unmarked connection), hence increasing the chances that the connection to passthrough to the next mangle rule. A connection is a connection ...
by msatter
Wed Oct 14, 2020 6:34 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 8227

Re: NTH load balancing

Dude, in the real world connection tracking ( or connection NTH ) is the best way for browsing the internet. NTH is predictable and a listener knows which connection is used next to sent the packet. I am using this for my web browser and a new connection, even to same site, uses a 'unpredictable' pa...
by msatter
Wed Oct 14, 2020 2:49 pm
Forum: Scripting
Topic: Script to save file to disk1 [SOLVED]
Replies: 2
Views: 375

Re: Script to save file to disk1 [SOLVED]

="disk1/$backupfile"
by msatter
Sun Oct 11, 2020 10:59 pm
Forum: General
Topic: Safety Fallback for Script Error
Replies: 2
Views: 280

Re: Safety Fallback for Script Error

You can activate safe mode before starting the script and at the end of the script you deactivate the safe mode and so making the changes permanent. In environment you can see if that script is still running. You can check if the with a schedule if the script/special user is taking to long and the r...
by msatter
Sun Oct 11, 2020 3:41 pm
Forum: RouterBOARD hardware
Topic: Hex gr3 suddenly lost power
Replies: 5
Views: 451

Re: Hex gr3 suddenly lost power

There are two diodes D1 and D3 close to the power connector.

You can also try PPoE in if you have the cable for that.
by msatter
Sun Oct 11, 2020 3:26 pm
Forum: Scripting
Topic: Combine two IP4 address lists to create a /24 list
Replies: 4
Views: 387

Re: Combine two IP4 address lists to create a /24 list

:local AgregateMask 24 :local AgregatedList :local i :local j :local net :local ReversMask (32-$AgregateMask) :foreach i in=$list1 do={ :foreach j in=$list2 do={ :put "$i and $j" :set net (($i>>$ReversMask)<<$ReversMask) :set net ($net . "/$AgregateMask") :if ($j in $net) do={ :...
by msatter
Sun Oct 11, 2020 1:11 am
Forum: RouterOS v7 BETA
Topic: v7.2 beta & mt7621
Replies: 2
Views: 636

Re: v7.2 beta & mt7621

Those devices are released to be used with new bridge setup, that replaced the Master-Slave default, in RouterOS 6.xx and higher. Hardware switching (HW) is only active on the first bridge in ROS 6.xx+
by msatter
Sat Oct 10, 2020 8:37 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 8227

Re: NTH load balancing

A while ago I created a write-up about NTH;
viewtopic.php?f=2&t=159174&p=781975
by msatter
Sat Oct 10, 2020 5:48 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 5
Views: 679

Re: Importing IP List from file

Reading pure IP adresses is possible up to 64KB large files.

viewtopic.php?f=9&t=152632

I am on the moment busy to create backup/restore for adresslists present in the router and it will export a .RSC file that smaller than the normal export.
by msatter
Thu Oct 08, 2020 1:51 pm
Forum: General
Topic: Why I can't download latest version RouterOS from mikrotik.com/download?
Replies: 8
Views: 432

Re: Why I can't download latest version RouterOS from mikrotik.com/download?

I see nothing wrong and the Common Name is mikrotik.com and that is also present in the SAN:

DNS Name: *.mikrotik.com
DNS Name: mikrotik.com
by msatter
Tue Oct 06, 2020 11:43 pm
Forum: RouterBOARD hardware
Topic: Are the antennas on the RB4011 detachable?
Replies: 4
Views: 481

Re: Are the antennas on the RB4011 detachable?

Sounds right.

Image

Image
by msatter
Tue Oct 06, 2020 9:28 pm
Forum: RouterBOARD hardware
Topic: Are the antennas on the RB4011 detachable?
Replies: 4
Views: 481

Re: Are the antennas on the RB4011 detachable?

No, or you have to make your own cables.
Image
by msatter
Fri Oct 02, 2020 11:13 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 198
Views: 39853

Re: RB4011 and RB1100 AHx4 "bricks" randomly

Ask before you buy if you will receive revision 2 of the device.

viewtopic.php?f=2&t=149062&p=820138#p817223
by msatter
Wed Sep 30, 2020 1:52 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97297

Re: v7.1beta2 [development] is released!

Friday is not a good day being the start of the Mikrotik weekend.

Sorry, couldn't resist.
by msatter
Sat Sep 26, 2020 2:55 am
Forum: Scripting
Topic: send script output to a file
Replies: 13
Views: 4738

Re: send script output to a file

Many many many thanks! I was looking for a way to write LARGE files for a long long time. This also works in the 6.4X version of ROS. You can test your code easier in the Terminal and here I save a very lean import file for an address list: :execute {:put "script - function - comment"; /ip...
by msatter
Sat Sep 26, 2020 12:31 am
Forum: Beginner Basics
Topic: Command aliases
Replies: 7
Views: 629

Re: Command aliases

:global domail do={/system script run wrme} on-error={log warning "Mail could not be send"};

$domail;

https://wiki.mikrotik.com/wiki/Manual:S ... #Functions
by msatter
Mon Sep 21, 2020 3:26 pm
Forum: General
Topic: How to obtain inventory/usage of SFP modules?
Replies: 2
Views: 968

Re: How to obtain inventory/usage of SFP modules?

Showing only the interfaces where the default names contain "sfp": :foreach i in=([/interface ethernet find default-name~"sfp" ]) do={ :local iterfacename [/interface ethernet get $i default-name ] :/interface ethernet monitor $iterfacename once without-paging } And a bit shorter...
by msatter
Mon Sep 21, 2020 12:50 am
Forum: General
Topic: hAP ac2 over heated vent holes mod
Replies: 16
Views: 1203

Re: hAP ac2 over heated vent holes mod

I think MK should offer mesh cages for extra cooling. Normis could do it with a 3D printer while he is sleeping!!
Clinging it? ;-)
by msatter
Thu Sep 17, 2020 6:20 pm
Forum: General
Topic: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)
Replies: 30
Views: 2861

Re: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)

No when I look at the subject of this thread. There is a workaround wich can be used till the fix by Mikrotik trickels down to the other versions.

The topic linked to is tackling a different problem of ROS not able return a icmp 3-4 to the correct client when using IKEv2.
by msatter
Thu Sep 17, 2020 12:48 pm
Forum: Scripting
Topic: Built in function library
Replies: 87
Views: 35050

Re: Built in function library

This I am using to read up to 64KB from a file. Sadly always the first up to 64KB from a file. :local result [/tool fetch url=$url as-value output=user]; :if ($result->"downloaded" < 64) do={ :local data ($result->"data") If a file is bigger then that, then the result is not tran...
by msatter
Thu Sep 17, 2020 12:03 pm
Forum: Scripting
Topic: Built in function library
Replies: 87
Views: 35050

Re: Built in function library

What if you use multiple array's in the foreach? Till now I read/stores up to 64KB files using one array.
When one array is full then switch to the next one.
by msatter
Wed Sep 16, 2020 3:31 pm
Forum: General
Topic: Can't login here with my password from 12 September 2020
Replies: 4
Views: 461

Re: Can't login here with my password from 12 September 2020

False statement there about what passwords were "declared invalid". 1. My password had lower case and upper case characters + numbers and I also had to reset it. 2. I doubt that any forum stores passwords the way you think that are stored, it should be (almost) impossible to recover the p...
by msatter
Wed Sep 16, 2020 2:45 pm
Forum: RouterOS v7 BETA
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 521

Re: Scripted firewall rule ordering fails

It is not possible to use ordering sequence numbers in a script! These are only valid in terminal sessions, and only after a print command. When you do a print on the terminal, it shows you the lines with the numbers and at the same time builds a table of numbers and the corresponding line. Then yo...
by msatter
Wed Sep 16, 2020 2:33 pm
Forum: RouterOS v7 BETA
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 521

Re: Scripted firewall rule ordering fails

The "print without-paging" (runs in script) and comment tagging I have used in the past, however I am doing it differently by using "find dynamic" rule as list generator and it works as dream. I think it will also work when no dynamic rules are present and then it would be 0+2=2 ...
by msatter
Wed Sep 16, 2020 1:21 pm
Forum: General
Topic: Scripting/Testing workflow
Replies: 1
Views: 200

Re: Scripting/Testing workflow

If you use the search function you will find several topics about this. You can even scroll throught the script after it displays where the syntax is incorrect and correct it. Past in tertminal after pressing F5 (clearing window). Put your code between { and } and it will be not executed so you can ...
by msatter
Wed Sep 16, 2020 11:19 am
Forum: RouterOS v7 BETA
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 521

Re: Scripted firewall rule ordering fails

When I look at your result, the order is the same as you pushed it in, so try it in reverse order and see what the result is then.
by msatter
Wed Sep 16, 2020 12:03 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 198
Views: 39853

Re: RB4011 and RB1100 AHx4 "bricks" randomly

The build-time refects the build-time of the software and not the hardware.
by msatter
Tue Sep 15, 2020 9:41 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 198
Views: 39853

Re: RB4011 and RB1100 AHx4 "bricks" randomly

If there is no specific mention of the revision then you can assume that you have the first revision. Look also at the factory firmware number can be an indication but then you have to know the version that was shipped with the second revision.
by msatter
Tue Sep 15, 2020 10:21 am
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 5606

Re: Expected down time for this forum SEPT 11

Please stop implementing/releasing things at the end of the week or in the weekend because we have to wait then till the next week starts before Mikrotik can start fixing things!
by msatter
Mon Sep 14, 2020 12:07 pm
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 11572

Re: v6.46.7 [long-term] is released!

Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. Yes, that would be logical. Mikrotik fought the Logic and Mikrotik won. Flawless victory. Lost buyers of...
by msatter
Mon Sep 14, 2020 12:04 pm
Forum: RouterBOARD hardware
Topic: hEX RB750Gr3 micro SD not recognized
Replies: 8
Views: 774

Re: hEX RB750Gr3 micro SD not recognized

And it sticks out so you can grab it, to take it out again.
by msatter
Mon Sep 14, 2020 11:50 am
Forum: General
Topic: CVE-2020-11881 PATCH [SOLVED]
Replies: 16
Views: 1572

Re: CVE-2020-11881 PATCH [SOLVED]

Communication could use improvements on the side of Mikrotik. It is not lying but just not telling. - the fixed version was ready last week but that was not communicated with the CVE publishers. - in this thread Mikrotik should have written, "it was fixed last week and fix was released today&qu...
by msatter
Mon Sep 14, 2020 10:40 am
Forum: Scripting
Topic: help to solve issue in script " dns to address lists scripts " [SOLVED]
Replies: 9
Views: 990

Re: help to solve issue in script " dns to address lists scripts " [SOLVED]

You can optimize it a bit if you leave out the check and logging and then I can compress the write to one line: :foreach i in=[/ip dns cache find name~"(facebook|youtube)" ] do={ :do {/ip firewall address-list add address=[/ip dns cache get $i data] list=restricted comment=[/ip dns cache g...
by msatter
Mon Sep 14, 2020 10:23 am
Forum: General
Topic: Blocking Facebook, Tiktok and other websites
Replies: 7
Views: 932

Re: Blocking Facebook, Tiktok and other websites

That was in 2012 and now 'they' use HTTPS instead of HTTP.
by msatter
Sat Sep 12, 2020 8:41 pm
Forum: Scripting
Topic: save export to variable
Replies: 16
Views: 21569

Re: save export to variable

Files up to 64KB can read into an array.

viewtopic.php?f=9&t=152632&p=759468&hilit=cidr#p759468
by msatter
Sat Sep 12, 2020 8:33 pm
Forum: General
Topic: A place for poetry
Replies: 46
Views: 196155

Re: A place for poetry

Poultry hope to find
Llama found
glasses needed
by msatter
Sat Sep 12, 2020 6:13 pm
Forum: Beginner Basics
Topic: Routing mark bug?
Replies: 33
Views: 1504

Re: Routing mark bug?

I have looked at your other thread. You stated that you created a interface vpn with address 10.121.241.126. You need to use NAT then to set she source address because otherwise the packet can't find the way back to your VPN starting point. By directly routing you also set a route back. This not my ...
by msatter
Sat Sep 12, 2020 4:00 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

ehmmmm I did not see that earlier. You are a gmail user (port 587, normal 25) so you should use inbound The only secure documented method of sending mail via Googles SMTP servers for non-GSuite users is via smtp.gmail.con:587 with TLS I can't get anything on port 587 for gmail.com https://network-t...
by msatter
Sat Sep 12, 2020 3:55 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

Else go the SMTP/25 way.
Plain text / no encryption?
I think that it is only the checking on Mikrotiks side that is disabled. Used it before on IKEv2 connections of which I had no certificates installed.
by msatter
Sat Sep 12, 2020 3:42 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

ehmmmm I did not see that earlier. You are a gmail user (port 587, normal 25) so you should use inbound....if I am correct.

Use this server: aspmx.l.google.com and if not works try it with TLS off.

Else go the SMTP/25 way.
by msatter
Sat Sep 12, 2020 3:36 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

CRL seems only be possible for certificates you generate on your Router.

This what I remembered reading your posting: viewtopic.php?f=21&t=163482&p=805719&hilit=crl#p805719
by msatter
Sat Sep 12, 2020 3:22 pm
Forum: Beginner Basics
Topic: Routing mark bug?
Replies: 33
Views: 1504

Re: Routing mark bug?

I have tested it and I can use ping from the tools menu and I put in the routing mark and source addres and I can block traffic by blackholing it. Setting: distance=1 dst-address=0.0.0.0/0 routing-mark=test gateway=pppoe-out Export: /ip route add distance=1 routing-mark=test gateway=pppoe-out type=b...
by msatter
Sat Sep 12, 2020 2:56 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

I have gone to my computer and looked up the used certificate, both are using the same root cert depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign . The root cert is on the first line. I am not a expert on this and Mikrotik checking a cert is a also a PITA. openssl s_client -conn...
by msatter
Sat Sep 12, 2020 2:16 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

Delivering a e-mail to them is a PITA and the best chance is using the relay.

In the middle of the linked page is a PEM file and have a look at that.

I can't test anything being on my tablet.
by msatter
Sat Sep 12, 2020 1:40 pm
Forum: Scripting
Topic: Googlevideo DNS to Address-list
Replies: 8
Views: 1628

Re: Googlevideo DNS to Address-list

The number of IP addresses are limited but the names are "endless".

https://discourse.pi-hole.net/t/how-do- ... be/253/145
by msatter
Sat Sep 12, 2020 1:34 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

Have you tried: smtp-relay.gmail.com
by msatter
Sat Sep 12, 2020 1:20 pm
Forum: RouterOS v7 BETA
Topic: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]
Replies: 22
Views: 1571

Re: TLS handshake failed when relaying via smtp.gmail.com [SOLVED]

There are no certificates present by default in Mikrotik routers so you have to install them to use TLS.

https://support.google.com/a/answer/6180220?hl=en
by msatter
Sat Sep 12, 2020 12:55 pm
Forum: General
Topic: Can't login here with my password from 12 September 2020
Replies: 4
Views: 461

Can't login here with my password from 12 September 2020

The forum was moved and the day after that the 'forum' cache was cleared by Mikrotik and so all older passwords not containing a capital and number were declared invalid. https://forum.mikrotik.com/viewtopic.php?f=21&t=166059 You have to reset your now invalid password and create a new one with ...
by msatter
Sat Sep 12, 2020 12:29 pm
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 5606

Re: Expected down time for this forum SEPT 11

Darn I had to change my password because it needs now a capital and a number in it after the cleaning of the PHP/forum cache, I assume. Before that I could login. If you have a problem during login you can contact the board administrator....yeah works great. The board administrator contact page has ...
by msatter
Sat Sep 12, 2020 1:52 am
Forum: RouterBOARD hardware
Topic: hEX RB750Gr3 micro SD not recognized
Replies: 8
Views: 774

Re: hEX RB750Gr3 micro SD not recognized

Ehmmm I recovered my card by formatting it in a photo camera. Then could use it again.

Found my posting about that: viewtopic.php?f=2&t=149609&p=736646&hilit=card#p736646
by msatter
Fri Sep 11, 2020 11:14 pm
Forum: Beginner Basics
Topic: How can block all except Address list?
Replies: 11
Views: 1040

Re: How can block all except Address list?

Assertive?
by msatter
Fri Sep 11, 2020 11:08 pm
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 5606

Re: Expected down time for this forum SEPT 11

So, are we having a Mikrotik weekend?
by msatter
Fri Sep 11, 2020 10:28 pm
Forum: Beginner Basics
Topic: How can block all except Address list?
Replies: 11
Views: 1040

Re: How can block all except Address list?

I was talking source address-list. ;-)

Input would "lock" you out of the router. Forward would lock you out from the world outside the router.

BTW your avatar is donkey and not a llama who have no upper theeth. Llama was expected.
by msatter
Fri Sep 11, 2020 9:12 pm
Forum: Beginner Basics
Topic: How can block all except Address list?
Replies: 11
Views: 1040

Re: How can block all except Address list?

If you are on source addresses then don't forget to include yoursef or you will have to use MAC communication to the router to control it.
by msatter
Thu Sep 10, 2020 9:24 pm
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 5606

Re: Expected down time for this forum SEPT 11

So, on 9-11 we are going to update the forum. Great timing.

I remember it as yesterday that we sat in front a small TV in the firm with the staff looking, with disbelieve what was happening in New York.
by msatter
Thu Sep 10, 2020 1:45 pm
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 5606

Re: Expected down time for this forum SEPT 11

It will bit earlier when you are on CET at 11:00 or GMT 10:00 (both still on summertime)

Advantage it will also be ready on a earlier time. ;-)
by msatter
Mon Sep 07, 2020 5:08 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 98
Views: 18166

Re: WinBox v3.27 released!

I see it again on on my other router.

Half hidden bottom line when the counter in the bottom bar is a even number, when the counter is a uneven number window will scroll up making all lines visible again.
by msatter
Sun Sep 06, 2020 6:50 pm
Forum: General
Topic: 2nd DNS is not working in CRS125-24G-1S-2HnD
Replies: 1
Views: 223

Re: 2nd DNS is not working in CRS125-24G-1S-2HnD

Only when the first one does not answers several times (about 15 times) then the second DNS is used till that one does not answers.

Each client uses it's own counter. If your Mikrotik is the sole DNS for the clients then you have one counter.
by msatter
Sun Sep 06, 2020 3:19 pm
Forum: General
Topic: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)
Replies: 30
Views: 2861

Re: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)

The titile stated that the connection are killed because of the short TTL of the DNS resolve. You have problem that your VPN connection is slowing down and that is a different problem.
by msatter
Sun Sep 06, 2020 12:03 pm
Forum: General
Topic: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)
Replies: 30
Views: 2861

Re: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)

i have same problem with surfshark ikev2 , every few second killing ikev.. the getting new 1

hope mikrotik fix it.
Did you read the thread?
by msatter
Sat Sep 05, 2020 9:50 am
Forum: Scripting
Topic: scripting with for each loop
Replies: 10
Views: 3286

Re: scripting with for each loop

{ :local fileName :foreach fileCounter in=[/file find name~"routeros-mipsbe"] do={ :set $fileName [/file get $fileCounter name] :do { /tool fetch mode=ftp upload=no address=x.x.x.x port=x user="x" password="x" src-path="/$fileName" dst-path="/$fileName&q...
by msatter
Fri Sep 04, 2020 10:48 pm
Forum: Scripting
Topic: scripting with for each loop
Replies: 10
Views: 3286

Re: scripting with for each loop

My adaptation needs a extra "}" in the last line.

You have to check what value is in $fileName:
:set $fileName [/file get $fileCounter name]; :put $fileName;
So you can check if yuo have to also a "/" in front of the src-path

src-path="/$fileName"
by msatter
Fri Sep 04, 2020 8:05 pm
Forum: Scripting
Topic: scripting with for each loop
Replies: 10
Views: 3286

Re: scripting with for each loop

{ :local fileName; :foreach fileCounter in=[/file find where name~"routeros-mipsbe"] do={ :set $fileName [/file get $fileCounter name]; /tool fetch mode=ftp upload=no address=x.x.x.x port=x user="x" password="x" src-path=$fileName dst-path=$fileName keep-result=yes } I...
by msatter
Fri Sep 04, 2020 7:56 pm
Forum: Scripting
Topic: scripting with for each loop
Replies: 10
Views: 3286

Re: scripting with for each loop

I only brought forward a logical error.

The next error you make is using foreach and it's counter is changed in the loop to an other value.

Thirdly, you can't use variable names that are already used by RouterOS.

You should check you code better and make you variable names unique.
by msatter
Fri Sep 04, 2020 3:04 pm
Forum: Scripting
Topic: scripting with for each loop
Replies: 10
Views: 3286

Re: scripting with for each loop

Hello, Could you please provide me your script, as Im working on my own with no success, below my script: :local filename; :foreach filename in=[/file find where name~"routeros-mipsbe"] do={ :set $filename [/file get $file name]; /tool fetch mode=ftp upload=no address=x.x.x.x port=x user=...
by msatter
Fri Sep 04, 2020 2:55 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 98
Views: 18166

Re: WinBox v3.27 released!

Another issue that I see now I use 3.27 for a while (but I think it has been introduced in 3.22 or later): When the log window is displayed, and the number of lines in the window is not a whole number, new log lines at the bottom are not readable. They become readable when the window is scrolled do...
by msatter
Fri Sep 04, 2020 12:29 pm
Forum: General
Topic: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)
Replies: 30
Views: 2861

Re: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)

Fixing MSS for forward packages /ip firewall mangle add action=change-mss chain=forward new-mss=1360 protocol=tcp tcp-flags=syn tcp-mss=1453-65535 There is a better way than this just limiting to a MTU of 1360 There is a problem of RouterOS not sending the ICMP 3-4 to the client using a IKEv2 conne...
by msatter
Thu Sep 03, 2020 6:58 pm
Forum: Announcements
Topic: v6.47.3 [stable] is released!
Replies: 50
Views: 11408

Re: v6.47.3 [stable] is released!

Of course, tried it with two different Mikoritik product and different fw version, everywhere do the same. In other branded network device (like TPlink, Dahua) works well but no more in Mikrotik. Three pieces of SFPs was in the device while firware upgrade was running, all of these do the same. Did...
by msatter
Thu Sep 03, 2020 4:17 pm
Forum: Announcements
Topic: v6.47.3 [stable] is released!
Replies: 50
Views: 11408

Re: v6.47.3 [stable] is released!

Did you tried that SFP in a other device? It could be read error.

Or did you downgraded to the previous version to see if the SFP worked again?
by msatter
Thu Sep 03, 2020 1:13 am
Forum: Scripting
Topic: How to add color to output
Replies: 2
Views: 318

Re: How to add color to output

by msatter
Wed Sep 02, 2020 9:53 pm
Forum: General
Topic: WireGuard Released !
Replies: 41
Views: 28799

Re: WireGuard Released !

If Mikrotik had made a short manual then that could have avoided some irritations. I would love to see that Mikrotik would update their opening post with information that came forward in posting in that thread. And not have the users find out on their selves where that additional information can be ...
by msatter
Wed Sep 02, 2020 4:02 pm
Forum: Beginner Basics
Topic: HEX Poe Block Diagram
Replies: 2
Views: 311

Re: HEX Poe Block Diagram

All the traffic, that is not local (switched), on eth1-eth5 share a 1Gb/s line. The SFP has its on dedicated 1Gb/s line. I think bonding won't help you and as I wrote, local traffic is switched and does not need to go through the CPU unless is routed or exits through the SFP and vise versa. Exit poi...
by msatter
Tue Sep 01, 2020 8:45 pm
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 7462

Re: WinBox v3.25 released!

I faced the same problem. When I downgraded to 3.34 everything works fine... When I update to Winbox v3.25, on the Hotspot>Active tab, everything is ok, the connection is ok. But in the event when turn to Hotspot>Host tab, everything is gone wrong, everybody in the hotspot has been disconnected, th...
by msatter
Tue Sep 01, 2020 7:39 pm
Forum: General
Topic: IPSec IKEv2 to NordVPN - can't go higher than 42/5 Mbps on powerful hardware, despite a WAN capable of much more
Replies: 2
Views: 475

Re: IPSec IKEv2 to NordVPN - can't go higher than 42/5 Mbps on powerful hardware, despite a WAN capable of much more

I run close to 500 down and 600+ on the up on my 4011. So the 4011 is not the problem. There could be a bottleneck from you ISP to the VPN server you use from NordVPN. MTU can be a problem and you can test that by pressing the preview button when you are creating a posting here. Slow or no preview t...
by msatter
Tue Sep 01, 2020 12:10 pm
Forum: Announcements
Topic: v6.47.2 [stable] is released!
Replies: 90
Views: 18400

Re: v6.47.2 [stable] is released!

Hmmmm Winbox traffic makes more sence to me than Winbox network traffic . The Wiki label indeed shows that the green box is only shows traffic between the addressed router/device and Winbox. However it can be mistaken as CPU , not in any way accurate, because that also increases to generate the traf...
by msatter
Mon Aug 31, 2020 6:54 pm
Forum: Announcements
Topic: v6.47.2 [stable] is released!
Replies: 90
Views: 18400

Re: v6.47.2 [stable] is released!

It's still not about CPU: https://forum.mikrotik.com/viewtopic.php?f=2&t=27814&p=134483#p134483 That was more than a decade ago and that it is a long time. I can reproduce every time at any time so Mikrotik must be playing a cruel trick on me. The with multiple core processors a little tota...
by msatter
Mon Aug 31, 2020 2:42 pm
Forum: Announcements
Topic: v6.47.2 [stable] is released!
Replies: 90
Views: 18400

Re: v6.47.2 [stable] is released!

Do anyone experience opening the address-list in Winbox causes the cpu to get loaded? I mean the green graph keeps spiking per second and the cpu stucks at 1%-2% without throughput load. Even turning off all entries in address-list it still happens also turning off all my firewall and mangle rules....
by msatter
Mon Aug 31, 2020 10:52 am
Forum: Scripting
Topic: help to solve issue in script " dns to address lists scripts " [SOLVED]
Replies: 9
Views: 990

Re: help to solve issue in script " dns to address lists scripts " [SOLVED]

An example and it contains the assumption that the IP address is labeled address but it data in real: :foreach i in=[/ip dns cache all find where name~"tiktok" && static=no] do={ :local tmpIP [/ip dns cache get $i data] if ([:len [/ip firewall address-list find where address=$tmpIP...
by msatter
Mon Aug 31, 2020 10:21 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 7462

Re: WinBox v3.25 released!

A it's the other - and + keys that we normally use. Never thought of that being different but clearly it is here.

It now works even on a keyboard with a numeric keypad using the other keys. While holding the CTRL key you tend to use the outer - and + keys on the keyboard.
by msatter
Mon Aug 31, 2020 10:10 am
Forum: General
Topic: Forum redirect to https://forum.mikrotik.com:80/
Replies: 8
Views: 647

Re: Forum redirect to https://forum.mikrotik.com:80/

Testing testing testing if the weekend is over.

Update: it's over and it works again. :-) or :-( depending on your view.
by msatter
Sun Aug 30, 2020 5:25 pm
Forum: Scripting
Topic: help to solve issue in script " dns to address lists scripts " [SOLVED]
Replies: 9
Views: 990

Re: help to solve issue in script " dns to address lists scripts " [SOLVED]

Try this:
:foreach i in=[/ip dns cache find name~("facebook"|"youtube") type="A"] 
by msatter
Sun Aug 30, 2020 1:26 pm
Forum: General
Topic: TLS problem with this forum since a few hours.
Replies: 14
Views: 974

Re: TLS problem with this forum since a few hours.

I believe that I can speak for many wishing you a fasttrack recovery.
by msatter
Sun Aug 30, 2020 10:48 am
Forum: General
Topic: TLS problem with this forum since a few hours.
Replies: 14
Views: 974

Re: TLS problem with this forum since a few hours.

You misunderstood my question. It was aimed towards administrators, it was meant like who of the admins does care... I wrote in a other thread that it was a typical "Mikrotik weekend" just like when I am ill...always in the weekend....and not from intoxication as one of your smart-asses i...
by msatter
Sat Aug 29, 2020 10:06 pm
Forum: Beginner Basics
Topic: Version mismatch
Replies: 4
Views: 245

Re: Version mismatch

You could. Atleast if you get to terms with the different function op a Operating system and Firmware. OS is ROS snd version 46.7.1 Firmware is used to start the router and ROS is running on top off that. Those two can have different versions like a older BIOS in your PC and running the latest Windo...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7