MikroTik

msatter

Fast Forward depends on many other setting to be active. See the manual.

https://wiki.mikrotik.com/wiki/Manual:I ... st_Forward

msatter

There does not appear to be a dedicated forum for the mobile app, so I did not know where else to post this.

There is only one official thread on that and it can be found here:

viewtopic.php?f=21&t=98407

msatter

That is not a problem and I made it work that way. Some sites, like this forum do not like that approach, I have to use a single IP address ( fixed-vpn ) during a session when I am logged in. Others site I visit block VPN so I have also a addresslist no-vpn . Each list is about 20 entries long so no...

msatter

I was afraid that I need NAT when using a VPN provider. I have multiple connections which have different public IP addresses on the side of the VPN provider. By example, a webpage is collected by different IP addresses from the VPN provider and on my side I split (initiate) it those request based on...

msatter

Thanks for your patience and I am looking for a way to skip NAT. I have marked the route in Mangle and it puzzles me why I still need NAT. In the default client setup for L2TP(-IPSEC) the local address is set in the 172.20.12.x range and I changed that to a address that is my local network thinking ...

msatter

Thanks Sindy, I am using mangle to mark connection and route . I hoped to be able skip NAT but I was not able to. I run several VPN side to side and I get overlapping 172.20.12.x as local address. Mangle 33 chain=route-vpn action=mark-routing new-routing-mark=VPN11 passthrough=no connection-mark=VPN...

msatter

I had a look at my VPN and up goes no traffic over port 1701 up but down I traffic on port 1701 coming from the VPN connection and the packey count are almost the same as on ipsec-esp in the line above in RAW. If I disable the accept for 1701 incoming, in RAW, my VPN is death. Is my traffic down enc...

msatter

The Wiki on this:

https://wiki.mikrotik.com/wiki/Manual:T ... /db_vacuum

Also have a look at this script to backup and vacuum:

https://github.com/sayajin101/Dude-Backup-Script

msatter

That's awesome. It is a good start to making a script that could for example let Google or Facebook in a Walled Garden list or perhaps QoS rule or blocking. I wish I knew how to deduplicate it. It would be great as an online script generator. I tested it and it seemed an effective way to block Face...

msatter

Humans can be truly awfull but using you undergoing your treatment to steal from you then there are no words to describe my feelings about that.

I am sorry to read that you are ill and that the outcome is uncertain. I wish all the strength to overcome this horrible time in your life.

msatter

The beta released today, addresses IPv6 route cache using more memory than available. MAJOR CHANGES IN v6.45: ---------------------- !) ipv6 - fixed soft lockup when forwarding IPv6 packets; !) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table; ---------------------- Changes in this...

msatter

@bmann has made some very good points which I can relate to. I come from the Cisco camp and I was amazed when I bought my RB1100AHx4 what I was getting for the money... and it's made in Latvia, not China! Personally, I think Mikrotik products are possibly a bit too cheap and I would be happy to pay...

msatter

Thanks Maznu for finding this and reporting it to Mikrotik. Good to see that the communications is up-to-speed now so that Mikrotik can handle this correctly and in time for us Mikrotik device owners.

msatter

@markim the creator of the CVE states in the post above yours, that the first CVE 19299 was not fixed by this beta.

When Mikrotik is giving more info about this we will know if it is fixed in their eyes.

msatter

Does MAC telnet travels over the internet?

msatter

Maybe Mikrotik can use internet detecting to switch the rules off when no internet is reachable on that interface. If you make on your side the Internet unreachable it will become a LAN port instead of WAN. This could gives a security risk in the time between switching. https://wiki.mikrotik.com/wik...

msatter

If the exposed host is comprimised then there is access to the internal network. Not with a DMZ if it is separated well.

msatter

Thanks for adding ECDSA certificates!

msatter

Neither of the two apps are in Beta anymore. Delete them, and install them again from the regular stores, if you still see the beta. I uninstalled the APP and installed it again but is still stating beta on the APP page and shows up in my beta list in the Play Store. Got it. I have first to leave t...

msatter

My post has nothing to do with getting the APP. It has everything to do with making sure the APP is up to date and informing MT users which is the latest app version. For example my APP was on version 0.24. I was fat dumb and happy. NO INDICATIONS were provided UNLIKE other apps, that my app was ou...

msatter

I AM NOT DEAF I ONLY CAN'T READ.

msatter

https://mikrotik.com/mobile_app
then you reach
https://play.google.com/store/apps/deta ... oid.tikapp
or
https://itunes.apple.com/app/id1323064830

msatter

RB760iGS (hEX S) with the SFP being cooled. @msatter pray tell how do you cool the SFP on your hEXs ... got a pic? Yes, and I have now only the one between the power cable and the SFP and used a round file to make slight indentation so that not to much force is put on the power connector. When it i...

msatter

Or a coffee LOL.
Remember: sleeping is poor substitute for caffeine.

Sleep helps me to solve problems and caffeine makes me run in circles around it and not solving the problem. Some problem can't be solved and the you have learn with them.

msatter

Which is my point. Post it in the phucking putty forum. Do you want me to start effing posting everytime there is a windows update, a linux update, a macos update, an avast update, etc etc etc............ I might as well post everytime I pop a zit, and pluck a nose hair. ;-) And yes, I have been he...

msatter

Our trusty Putty has been updated to version 0.71. A time ago a vulnerability was discovered and through the EU-funded bounty program a few more were shared. The latest version can be downloaded from: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Change log: https://www.chiark.green...

msatter

No, I am using Pi-hole.

msatter

Beta 6.45

*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);

msatter

It seems that the MAC address is programmed in the hardware which appears when you erase the restored MAC.

It is config backup and the setting you mention a for the same device or if you want to duplicste a device.

msatter

Copy and past your MAC reset script in the export.rsc file.

msatter

Time for an e-mail to support@mikrotik.com

msatter

Should be fixed in 6.44

*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;

msatter

viewtopic.php?f=7&t=145820

msatter

Hi anyone had read this ?

https://medium.com/tenable-techblog/mik ... d46398bf24

https://medium.com/tenable-techblog/mak ... 0705459bc6

You missed this: viewtopic.php?f=2&t=145600

msatter

Led me shine a bright beam of blue light to what you missed to see:

viewtopic.php?f=3&t=144860

msatter

It was fixed before Tenable made the issue public. MikroTik and Tenable gave users time to upgrade before making any announcements.

That is not a direct answer to my question however a indirect one, like this will do.

msatter

Because the most common question is, when you will fix this. It's already fixed. So it was already fixed before Tenable contacted Mikrotik? I just noticed that my Dect phone was blinking red and it was the Mikrotik RSS feed that was updated about this. I still urge to state minimal safe patch level...

msatter

@msatter To me Tenable went public to soon. Absolutely agree, however, I wonder why would they do it... This is pure hypothesis : Maybe Tenable originally agreed to keep it secret for some period of time, but after they saw that the security fix was silently released as "improvement", they decided ...

msatter

Statement https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html I understand that Mikrotik wants to speak in a positive way about this but why include the in bold words? Tenable had previously contacted MikroTik about this issue, so a fix has already been released on Februar...

msatter

It takes a bit longer and if you don't have any response from support during this monday then send a reminder.

msatter

State minimal safe RouterOS and let the bad boys guess what vulnerability is. Agree with the ones bringing the 'problem' under attention of Mikrotik to have a delay of 30 days after patching, before going public so that users can upgrade in that time. To me Tenable went public to soon. If Mikrotik t...

msatter

Would I see the day that Mikrotik just states current, minimal RouterOS version is x.xx in plain sight for us!?!?

We have now a security blog which not telling anything about this even not the current minimal version.

Excellent that it was fixed that fast however we are left in the dark.

msatter

I also use black tape to block those tiny flashlights from lighting up the whole room.

msatter

Looks realy good and the addresslists works now and the APP does not crash anymore on reading the lists.

msatter

Is connection tracking enabled? There is in mangle also a option to accept fragmentend (following) packages.

Matches fragmented packets. First (starting) fragment does not count. If connection tracking is enabled there will be no fragments as system automatically assembles every packet

msatter

security by obscurity Anyway management interfaces, be it Winbox, APIs, ssh, web and whatnot should never be exposed without proper filtering. So the version display is harmless in my opinion. I agree. If the untrusted person can see your TELNET interface, you are in much bigger trouble than an exp...

msatter

And then you have return that also stops the processing in not only the chain but also all the chains that page just like no passthrough.

msatter

All software/interfaces by Mikrotik mention the software version before login, including the Android app.

Then this must be something Mikrotik wants to communicate up front. So you can think to have RouterOS not share the current version of it and state a null value.

msatter

NordVPN says no. RouterOS is getting outdated.

msatter

I just checked and it is not going to happen till ROS 7.

viewtopic.php?p=650295

Search found 1030 matches