Community discussions

Search found 1030 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 21
by msatter
Sun Apr 21, 2019 12:22 pm
Forum: General
Topic: DHCP client on bridge does not work?
Replies: 12
Views: 3487

Re: DHCP client on bridge does not work?

Fast Forward depends on many other setting to be active. See the manual.

https://wiki.mikrotik.com/wiki/Manual:I ... st_Forward
by msatter
Sat Apr 20, 2019 12:42 pm
Forum: General
Topic: Android Mobile App Feature Request
Replies: 2
Views: 161

Re: Android Mobile App Feature Request

There does not appear to be a dedicated forum for the mobile app, so I did not know where else to post this.
There is only one official thread on that and it can be found here:

viewtopic.php?f=21&t=98407
by msatter
Wed Apr 17, 2019 11:22 pm
Forum: General
Topic: Preventing IPSec-less L2TP [SOLVED]
Replies: 23
Views: 802

Re: Preventing IPSec-less L2TP [SOLVED]

That is not a problem and I made it work that way. Some sites, like this forum do not like that approach, I have to use a single IP address ( fixed-vpn ) during a session when I am logged in. Others site I visit block VPN so I have also a addresslist no-vpn . Each list is about 20 entries long so no...
by msatter
Wed Apr 17, 2019 10:45 pm
Forum: General
Topic: Preventing IPSec-less L2TP [SOLVED]
Replies: 23
Views: 802

Re: Preventing IPSec-less L2TP [SOLVED]

I was afraid that I need NAT when using a VPN provider. I have multiple connections which have different public IP addresses on the side of the VPN provider. By example, a webpage is collected by different IP addresses from the VPN provider and on my side I split (initiate) it those request based on...
by msatter
Wed Apr 17, 2019 2:39 pm
Forum: General
Topic: Preventing IPSec-less L2TP [SOLVED]
Replies: 23
Views: 802

Re: Preventing IPSec-less L2TP [SOLVED]

Thanks for your patience and I am looking for a way to skip NAT. I have marked the route in Mangle and it puzzles me why I still need NAT. In the default client setup for L2TP(-IPSEC) the local address is set in the 172.20.12.x range and I changed that to a address that is my local network thinking ...
by msatter
Tue Apr 16, 2019 11:50 am
Forum: General
Topic: Preventing IPSec-less L2TP [SOLVED]
Replies: 23
Views: 802

Re: Preventing IPSec-less L2TP [SOLVED]

Thanks Sindy, I am using mangle to mark connection and route . I hoped to be able skip NAT but I was not able to. I run several VPN side to side and I get overlapping 172.20.12.x as local address. Mangle 33 chain=route-vpn action=mark-routing new-routing-mark=VPN11 passthrough=no connection-mark=VPN...
by msatter
Tue Apr 16, 2019 11:07 am
Forum: General
Topic: Preventing IPSec-less L2TP [SOLVED]
Replies: 23
Views: 802

Re: Preventing IPSec-less L2TP [SOLVED]

I had a look at my VPN and up goes no traffic over port 1701 up but down I traffic on port 1701 coming from the VPN connection and the packey count are almost the same as on ipsec-esp in the line above in RAW. If I disable the accept for 1701 incoming, in RAW, my VPN is death. Is my traffic down enc...
by msatter
Tue Apr 16, 2019 10:52 am
Forum: The Dude
Topic: Where is db cleanup and maintenance info
Replies: 16
Views: 5812

Re: Where is db cleanup and maintenance info

The Wiki on this:

https://wiki.mikrotik.com/wiki/Manual:T ... /db_vacuum

Also have a look at this script to backup and vacuum:

https://github.com/sayajin101/Dude-Backup-Script
by msatter
Mon Apr 08, 2019 2:43 pm
Forum: General
Topic: [Feature request] Address List extension
Replies: 11
Views: 617

Re: [Feature request] Address List extension

That's awesome. It is a good start to making a script that could for example let Google or Facebook in a Walled Garden list or perhaps QoS rule or blocking. I wish I knew how to deduplicate it. It would be great as an online script generator. I tested it and it seemed an effective way to block Face...
by msatter
Tue Apr 02, 2019 11:18 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 172
Views: 17067

Re: Blacklist Filter (Development Topic)

Humans can be truly awfull but using you undergoing your treatment to steal from you then there are no words to describe my feelings about that.

I am sorry to read that you are ill and that the outcome is uncertain. I wish all the strength to overcome this horrible time in your life.
by msatter
Mon Apr 01, 2019 11:15 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 222
Views: 34281

Re: UKNOF 43 CVE

The beta released today, addresses IPv6 route cache using more memory than available. MAJOR CHANGES IN v6.45: ---------------------- !) ipv6 - fixed soft lockup when forwarding IPv6 packets; !) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table; ---------------------- Changes in this...
by msatter
Mon Apr 01, 2019 12:52 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 222
Views: 34281

Re: UKNOF 43 CVE

@bmann has made some very good points which I can relate to. I come from the Cisco camp and I was amazed when I bought my RB1100AHx4 what I was getting for the money... and it's made in Latvia, not China! Personally, I think Mikrotik products are possibly a bit too cheap and I would be happy to pay...
by msatter
Fri Mar 29, 2019 3:35 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 222
Views: 34281

Re: UKNOF 43 CVE

Thanks Maznu for finding this and reporting it to Mikrotik. Good to see that the communications is up-to-speed now so that Mikrotik can handle this correctly and in time for us Mikrotik device owners.
by msatter
Fri Mar 29, 2019 1:53 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 146
Views: 27929

Re: v6.45beta [testing] is released!

@markim the creator of the CVE states in the post above yours, that the first CVE 19299 was not fixed by this beta.

When Mikrotik is giving more info about this we will know if it is fixed in their eyes.
by msatter
Thu Mar 28, 2019 12:43 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Mikrotik: Change the default Powerbox config!
Replies: 15
Views: 856

Re: Mikrotik: Change the default Powerbox config!

Does MAC telnet travels over the internet?
by msatter
Thu Mar 28, 2019 12:36 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Mikrotik: Change the default Powerbox config!
Replies: 15
Views: 856

Re: Mikrotik: Change the default Powerbox config!

Maybe Mikrotik can use internet detecting to switch the rules off when no internet is reachable on that interface. If you make on your side the Internet unreachable it will become a LAN port instead of WAN. This could gives a security risk in the time between switching. https://wiki.mikrotik.com/wik...
by msatter
Wed Mar 27, 2019 2:14 pm
Forum: Beginner Basics
Topic: How do you turn on hEX's DMZ?
Replies: 16
Views: 1333

Re: How do you turn on hEX's DMZ?

If the exposed host is comprimised then there is access to the internal network. Not with a DMZ if it is separated well.
by msatter
Sun Mar 24, 2019 11:33 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 146
Views: 27929

Re: v6.45beta [testing] is released!

Thanks for adding ECDSA certificates!
by msatter
Wed Mar 20, 2019 1:07 pm
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 399
Views: 130346

Re: Tik App, MikroTik android utility ALPHA test

Neither of the two apps are in Beta anymore. Delete them, and install them again from the regular stores, if you still see the beta. I uninstalled the APP and installed it again but is still stating beta on the APP page and shows up in my beta list in the Play Store. Got it. I have first to leave t...
by msatter
Wed Mar 20, 2019 12:17 pm
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 399
Views: 130346

Re: Tik App, MikroTik android utility ALPHA test

My post has nothing to do with getting the APP. It has everything to do with making sure the APP is up to date and informing MT users which is the latest app version. For example my APP was on version 0.24. I was fat dumb and happy. NO INDICATIONS were provided UNLIKE other apps, that my app was ou...
by msatter
Tue Mar 19, 2019 7:08 pm
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 399
Views: 130346

Re: Tik App, MikroTik android utility ALPHA test

I AM NOT DEAF I ONLY CAN'T READ.
by msatter
Mon Mar 18, 2019 9:01 pm
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 524

Re: Putty updated to 0.71

RB760iGS (hEX S) with the SFP being cooled. @msatter pray tell how do you cool the SFP on your hEXs ... got a pic? Yes, and I have now only the one between the power cable and the SFP and used a round file to make slight indentation so that not to much force is put on the power connector. When it i...
by msatter
Mon Mar 18, 2019 3:07 pm
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 524

Re: Putty updated to 0.71

Or a coffee LOL.
Remember: sleeping is poor substitute for caffeine.
Sleep helps me to solve problems and caffeine makes me run in circles around it and not solving the problem. Some problem can't be solved and the you have learn with them.
by msatter
Mon Mar 18, 2019 3:04 pm
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 524

Re: Putty updated to 0.71

Which is my point. Post it in the phucking putty forum. Do you want me to start effing posting everytime there is a windows update, a linux update, a macos update, an avast update, etc etc etc............ I might as well post everytime I pop a zit, and pluck a nose hair. ;-) And yes, I have been he...
by msatter
Mon Mar 18, 2019 2:15 am
Forum: General
Topic: Putty updated to 0.71
Replies: 12
Views: 524

Putty updated to 0.71

Our trusty Putty has been updated to version 0.71. A time ago a vulnerability was discovered and through the EU-funded bounty program a few more were shared. The latest version can be downloaded from: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Change log: https://www.chiark.green...
by msatter
Sun Mar 17, 2019 1:47 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 9
Views: 427

Re: Recommend way to block Ads with Mikrotik

No, I am using Pi-hole.
by msatter
Sun Mar 17, 2019 12:58 pm
Forum: Scripting
Topic: Bypass mobile phones to different dhcp pool
Replies: 4
Views: 230

Re: Bypass mobile phones to different dhcp pool

Beta 6.45

*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
by msatter
Thu Mar 14, 2019 2:35 pm
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 620

Re: How to really make backups (by script) ?

It seems that the MAC address is programmed in the hardware which appears when you erase the restored MAC.

It is config backup and the setting you mention a for the same device or if you want to duplicste a device.
by msatter
Wed Mar 13, 2019 2:52 pm
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 620

Re: How to really make backups (by script) ?

Copy and past your MAC reset script in the export.rsc file.
by msatter
Thu Mar 07, 2019 7:08 pm
Forum: General
Topic: hEX S shows activity on disabled SFP port without a link
Replies: 6
Views: 245

Re: hEX S shows activity on disabled SFP port without a link

Should be fixed in 6.44

*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
by msatter
Fri Feb 22, 2019 7:28 pm
Forum: Beginner Basics
Topic: Turn off system LED
Replies: 1
Views: 147

Re: Turn off system LED

Led me shine a bright beam of blue light to what you missed to see:

viewtopic.php?f=3&t=144860
by msatter
Fri Feb 22, 2019 2:32 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4250

Re: Security issue when Winbox exposed

It was fixed before Tenable made the issue public. MikroTik and Tenable gave users time to upgrade before making any announcements.
That is not a direct answer to my question however a indirect one, like this will do. :-)
by msatter
Fri Feb 22, 2019 1:31 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4250

Re: Security issue when Winbox exposed

Because the most common question is, when you will fix this. It's already fixed. So it was already fixed before Tenable contacted Mikrotik? I just noticed that my Dect phone was blinking red and it was the Mikrotik RSS feed that was updated about this. I still urge to state minimal safe patch level...
by msatter
Fri Feb 22, 2019 1:30 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4250

Re: Security issue when Winbox exposed

@msatter To me Tenable went public to soon. Absolutely agree, however, I wonder why would they do it... This is pure hypothesis : Maybe Tenable originally agreed to keep it secret for some period of time, but after they saw that the security fix was silently released as "improvement", they decided ...
by msatter
Fri Feb 22, 2019 1:20 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4250

Re: Security issue when Winbox exposed

Statement https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html I understand that Mikrotik wants to speak in a positive way about this but why include the in bold words? Tenable had previously contacted MikroTik about this issue, so a fix has already been released on Februar...
by msatter
Fri Feb 22, 2019 1:25 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 10570

Re: v6.44rc [testing] is released!

It takes a bit longer and if you don't have any response from support during this monday then send a reminder.
by msatter
Fri Feb 22, 2019 1:21 am
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4250

Re: Security issue when Winbox exposed

State minimal safe RouterOS and let the bad boys guess what vulnerability is. Agree with the ones bringing the 'problem' under attention of Mikrotik to have a delay of 30 days after patching, before going public so that users can upgrade in that time. To me Tenable went public to soon. If Mikrotik t...
by msatter
Thu Feb 21, 2019 10:17 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4250

Re: Security issue when Winbox exposed

Would I see the day that Mikrotik just states current, minimal RouterOS version is x.xx in plain sight for us!?!?

We have now a security blog which not telling anything about this even not the current minimal version.

Excellent that it was fixed that fast however we are left in the dark.
by msatter
Mon Feb 04, 2019 12:01 am
Forum: RouterBOARD hardware
Topic: For real, what is with these blinding power leds?
Replies: 11
Views: 997

Re: For real, what is with these blinding power leds?

I also use black tape to block those tiny flashlights from lighting up the whole room.
by msatter
Thu Jan 31, 2019 11:24 pm
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 399
Views: 130346

Re: Tik App, MikroTik android utility ALPHA test

Looks realy good and the addresslists works now and the APP does not crash anymore on reading the lists.
by msatter
Wed Jan 23, 2019 1:59 pm
Forum: General
Topic: UDP SIP INVITEs fragmenting through EoIP
Replies: 8
Views: 371

Re: UDP SIP INVITEs fragmenting through EoIP

Is connection tracking enabled? There is in mangle also a option to accept fragmentend (following) packages.

Matches fragmented packets. First (starting) fragment does not count. If connection tracking is enabled there will be no fragments as system automatically assembles every packet
by msatter
Tue Jan 22, 2019 12:44 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 73236

Re: v6.44beta [testing] is released!

security by obscurity Anyway management interfaces, be it Winbox, APIs, ssh, web and whatnot should never be exposed without proper filtering. So the version display is harmless in my opinion. I agree. If the untrusted person can see your TELNET interface, you are in much bigger trouble than an exp...
by msatter
Mon Jan 21, 2019 11:35 pm
Forum: General
Topic: Mangle Dilemma: PassThrough Vs Jump
Replies: 3
Views: 248

Re: Mangle Dilemma: PassThrough Vs Jump

And then you have return that also stops the processing in not only the chain but also all the chains that page just like no passthrough.
by msatter
Sat Jan 19, 2019 1:17 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 73236

Re: v6.44beta [testing] is released!

All software/interfaces by Mikrotik mention the software version before login, including the Android app.

Then this must be something Mikrotik wants to communicate up front. So you can think to have RouterOS not share the current version of it and state a null value.
by msatter
Mon Dec 31, 2018 6:23 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 233
Views: 78327

Re: Feature Request: OpenVPN [ovpn] udp tunnels

NordVPN says no. RouterOS is getting outdated.
by msatter
Sun Dec 30, 2018 9:09 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 1704

Re: NordVpn and mikrotik?

I just checked and it is not going to happen till ROS 7.

viewtopic.php?p=650295
  • 1
  • 2
  • 3
  • 4
  • 5
  • 21