Community discussions

MikroTik App

Search found 2105 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8
by msatter
Fri May 14, 2021 8:47 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

I found another problem regarding 6.49beta. I had a hap ac2 running on 6.49beta22 which was not able to upgrade to latest beta version. Error was "not enough space for upgrade". So I ran backup, saved this file and did a netinstall to 6.49beta44. Restoring the backup was not possible. Dow...
by msatter
Sun Apr 25, 2021 1:38 am
Forum: Beginner Basics
Topic: What does the firewall built in counter count?
Replies: 6
Views: 547

Re: What does the firewall built in counter count?

If you are looking for the connection look in connections to find the ones with an F in the status (first one). If you are looking in the firewall screens for traffic that passing through you will see no Fasttracked traffic. You then think, got traffic but the counters don't add. This dummy lines ar...
by msatter
Sat Apr 24, 2021 5:40 pm
Forum: Beginner Basics
Topic: What does the firewall built in counter count?
Replies: 6
Views: 547

Re: What does the firewall built in counter count?

Fasttracked traffic is hit your line once, when is not yet fasttracked. And during the lifetime of the connection, some traffic is also put trough the slow path to see if the connection is still valid. Fastrack, only established traffic so to have it go one time the slow path through the roter befor...
by msatter
Sat Apr 24, 2021 10:49 am
Forum: Beginner Basics
Topic: IPSec/NordVPN tutorial not working for me
Replies: 6
Views: 826

Re: IPSec/NordVPN tutorial not working for me

Same problem here : hanging in EAP. It used to work in the past, and even weirder: its still working fine for US + Canada, eg ca1069.nordvpn.com or us8375.nordvpn.com. Any suggestions ? Found my solution and maybe that goes up for many others. I was using my email and password to use the VPN on the...
by msatter
Fri Apr 23, 2021 1:08 pm
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 923

Re: RB4011 ROS takes up an order of magnitude more space

Inodes take up some space too, for a 512MB partition.
But how would you expect @Cablenut9 to know something about filesystems..
You are a real charm.
by msatter
Fri Apr 23, 2021 12:42 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

Thanks for this: *) rb4011 - fixed SFP+ port MTU setting after link state change;

15464 Can be closed now and I don't need a script anymore to restart the SFP.
by msatter
Thu Apr 22, 2021 2:23 pm
Forum: Beginner Basics
Topic: IPSec/NordVPN tutorial not working for me
Replies: 6
Views: 826

Re: IPSec/NordVPN tutorial not working for me

Same over here and gets stuck on the EAP. Time to invoke support of NordVPN. Apr/23/2021 08:33:08 ipsec -> ike2 reply, exchange: AUTH:4 213.232.87.121[4500] 32061b3dfe12f257:ca15adba805cbf6c Apr/23/2021 08:33:08 ipsec payload seen: ENC (60 bytes) Apr/23/2021 08:33:08 ipsec processing payload: ENC Ap...
by msatter
Thu Apr 22, 2021 1:25 am
Forum: Scripting
Topic: HELP with error in script to import the IPv4 full bogons list from www.team-cymru.org
Replies: 3
Views: 1041

Re: HELP with error in script to import the IPv4 full bogons list from www.team-cymru.org

This does not work because reading the file to the variable is too large. Would work for much smaller file but the bogon list is now over 1300 entries and about 21KB in size.
Less than 64KB file: viewtopic.php?f=9&t=152632&p=758435
by msatter
Wed Apr 21, 2021 1:55 am
Forum: General
Topic: DHCP server script Internal Global variables
Replies: 2
Views: 264

Re: DHCP server script Internal Global variables

Valid characters in variable names are letters and digits. If variable name contains any other character, then variable name should be put in double quotes. Example: #valid variable name :local myVar; #invalid variable name :local my-var; #valid because double quoted :global "my-var"; htt...
by msatter
Mon Apr 19, 2021 7:12 pm
Forum: Scripting
Topic: Create script to clean udp connections
Replies: 5
Views: 464

Re: Create script to clean udp connections

{
/ip firewall connections
remove [find where timeout>60s protocol=UDP]
}
edit: removed the semicolon
by msatter
Mon Apr 12, 2021 8:03 pm
Forum: General
Topic: Mangle or firewall rule
Replies: 2
Views: 266

Re: Mangle or firewall rule

If you use RAW the cost would be the lowest.
by msatter
Thu Apr 08, 2021 3:27 pm
Forum: Scripting
Topic: I need a script to determine if the pppoe-out1 state is connected [SOLVED]
Replies: 2
Views: 378

Re: I need a script to determine if the pppoe-out1 state is connected [SOLVED]

Tested and working to determine if the connection is active: :if (([/interface pppoe-client monitor pppoe-out1 as-value once]->"status") = "connected") do={:put "connected"} { :local limiter while (([/interface pppoe-client monitor pppoe-out1 as-value once]->"statu...
by msatter
Thu Apr 08, 2021 1:20 am
Forum: Beginner Basics
Topic: HELP: access external web page:port
Replies: 4
Views: 435

Re: HELP: access external web page:port

I am a bit puzzled by the dst-nat. You write that an external test-site can connect so it must be a external server somewhere on the internet. Then you you use src-nat or masquerade simplest is in nat add the line: add action=masquerade chain=srcnat dst-port=2222 protocol=tcp You want to replace you...
by msatter
Wed Apr 07, 2021 4:27 pm
Forum: Scripting
Topic: Script to convert ip to address-list
Replies: 14
Views: 6231

Re: Script to convert ip to address-list

Nog een versie die de commentaren in het bestand meeneemt en achter de betreffende IP adressen zet... Oops in English. Underneath a version that also gets the comments from the file and put them in the address list as comments # Written by Shumkov # Adapted by blacklister # 20210407 { /ip firewall a...
by msatter
Wed Apr 07, 2021 3:04 pm
Forum: Scripting
Topic: Script to convert ip to address-list
Replies: 14
Views: 6231

Re: Script to convert ip to address-list

It is more that they are not stored in the flash, so that they are also not put in any backup files. The version that I had my router, which was inactive, used a foreach instead of a while and I got some extra grey hairs before finding that. Some how it is burned-in in my brain array-->foreach. Here...
by msatter
Wed Apr 07, 2021 1:43 am
Forum: Scripting
Topic: Script to convert ip to address-list
Replies: 14
Views: 6231

Re: Script to convert ip to address-list

I have tested it with this version and it works. Run it in terminal and see if it works. If it does not work in script then you have to set the rights. (ftp, read, write, policy, test, password) It could be to much rights but it works for me. # Written by Shumkov # Adapted by blacklister # 20201025 ...
by msatter
Tue Apr 06, 2021 6:15 pm
Forum: Scripting
Topic: Script to convert ip to address-list
Replies: 14
Views: 6231

Re: Script to convert ip to address-list

As long the file is smaller than 64KB you could use the script written by Shumkov:

viewtopic.php?f=9&t=152632&p=758435
by msatter
Mon Apr 05, 2021 3:40 pm
Forum: Scripting
Topic: Random Time Script
Replies: 6
Views: 521

Re: Random Time Script

Thank you! I'll use your version :-) Hmmm I am still in the thinking/design mode for the time part. The main challenge is to transferring and interpreting the parameters. I have already a idea to implement it and it is not that difficult going step by step. I will post when I am ready and in the me...
by msatter
Mon Apr 05, 2021 1:19 pm
Forum: Scripting
Topic: Random Time Script
Replies: 6
Views: 521

Re: Random Time Script

Thank you. I coded this and it seems to work :local otp ([/certificate scep-server otp generate minutes-valid=0 as-value]->"password") :local a :local b :local c :local hour :local min :local sec :local rndTime :set $a [:pick "$otp" 0 1] :set $b [:pick "$otp" 1 2] :set...
by msatter
Sun Apr 04, 2021 9:22 pm
Forum: RouterOS v7 BETA
Topic: RTSP conntrack module
Replies: 2
Views: 482

Re: RTSP conntrack module

Am I having a déjà vu here?
by msatter
Tue Mar 30, 2021 12:18 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 42
Views: 7762

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

I implemented it manually so I could do it all in one line for all expected IKEv2 connections. I use an address list, on which all external addresses are listed. /ip firewall raw add action=notrack chain=prerouting protocol=ipsec-esp src-address-list=IKEVtraffic add action=notrack chain=output proto...
by msatter
Sun Mar 28, 2021 7:59 pm
Forum: RouterOS v7 BETA
Topic: Possible error in DNS canonical name handling
Replies: 7
Views: 790

Re: Possible error in DNS canonical name handling

If your router also provide the DNS for the clients then you put a static entry in the router DNS.

When a client does not use your router DNS then are almost out of luck. You have then to collect all IP addresses Akamie use for this domain and block these in the address list.
by msatter
Sun Mar 28, 2021 5:10 pm
Forum: RouterOS v7 BETA
Topic: Possible error in DNS canonical name handling
Replies: 7
Views: 790

Re: Possible error in DNS canonical name handling

use: [find where address~"akamai"] If you have the correct IP address it should be blocked, however as stated by mkx the addresses may vary due to the usage of could by Akamai determined by geographical and/or load based answers. My resolve: :put [:resolve www.edn.com] 104.73.32.103 Resolv...
by msatter
Sun Mar 28, 2021 4:49 pm
Forum: Beginner Basics
Topic: Does changing configs causes to a Flash write ?
Replies: 6
Views: 616

Re: Does changing configs causes to a Flash write ?

I think that there is an option to not to write direct to the flash by using Safe Mode in Winbox. Left top of the screen and this could also be used as a delayed write. https://forum.mikrotik.com/viewtopic.php?p=545506 https://blog.ligos.net/2018-02-22/Making-Mikrotik-Safe.html https://wiki.mikrotik...
by msatter
Sun Mar 28, 2021 3:34 pm
Forum: RouterOS v7 BETA
Topic: Possible error in DNS canonical name handling
Replies: 7
Views: 790

Re: Possible error in DNS canonical name handling

The CNAME is indeed the cause of this. Looking at Pi-hole it will block www.edn.com.edgekey.net if it is in a list used to block domains. They use Whitelisting and that will match the domain you type and will ignore blocking and you will access that domain. RouterOS DNS will resolve in one go, as it...
by msatter
Sat Mar 27, 2021 1:47 pm
Forum: Beginner Basics
Topic: Does changing configs causes to a Flash write ?
Replies: 6
Views: 616

Re: Does changing configs causes to a Flash write ?

All what is remembered after a reboot has been written into flash. The dynamic (D) items are kept in memory and are lost as soon you reboot. When setting, a item that has already that status then only Mikrotik knows if it just overwrite the current status or that it only overwrites if the status is ...
by msatter
Thu Mar 25, 2021 5:16 pm
Forum: General
Topic: Redirecting or blocking DoH (DNS over HTTPS) requests made by clients
Replies: 3
Views: 530

Re: Redirecting or blocking DoH (DNS over HTTPS) requests made by clients

DoH is a PITA and you canblocj them by using a IP-address. Fasttracking is no problem in this.

Yes you can use an address-list and you need to use domain one.one.one.one for Cloudflare.
by msatter
Thu Mar 25, 2021 5:11 pm
Forum: Scripting
Topic: match long domain name [SOLVED]
Replies: 10
Views: 1097

Re: match long domain name [SOLVED]

You have use th "\" because yous wiil also match
abcdefrunraid.net
Then using the "()" with the plussign will only match only multiples of the group.

So not abdcefg.unraid.net but it will match abcdefabcdef.unraid.net

Correct is:
.*......\.unraid\.net$
by msatter
Thu Mar 25, 2021 12:21 am
Forum: Scripting
Topic: match long domain name [SOLVED]
Replies: 10
Views: 1097

Re: match long domain name [SOLVED]

Bummer, really limited.

Quick and dirty and matching any character number or sign
......\.example\.com$
by msatter
Wed Mar 24, 2021 1:32 pm
Forum: Scripting
Topic: match long domain name [SOLVED]
Replies: 10
Views: 1097

Re: match long domain name [SOLVED]

Try this this one: ^[a-z0-9]{6,}\\.example\\.com\$ :put ("xyz.example.com" ~ "^[a-z0-9]{6,}\\.example\\.com\$") = false :put ("xyzxyz.example.com" ~ "^[a-z0-9]{6,}\\.example\\.com\$") = true You need extra "\" when you are inside a string/text in Rou...
by msatter
Tue Mar 23, 2021 2:18 pm
Forum: General
Topic: DDoS force from Mikrotik devices
Replies: 10
Views: 3474

Re: DDoS force from Mikrotik devices

2021 this problem still exist and is wors ever, getting attacked 24/24 The problem won't go away. I just changed from ISP and my previous ISP filtered out incoming traffic that would not be accepted on my side. I was surprised after years of quietness about the huge numbers of scan. I made blocking...
by msatter
Mon Mar 22, 2021 1:50 pm
Forum: General
Topic: NordVPN multi WAN
Replies: 5
Views: 808

Re: NordVPN multi WAN

I never tried it so this is all from how I think it up right now. Mark routing in Mangle UDP/4500 for wan1 and wan2 and then in IP Routes set the route...no my specialty. I think you use Rules in this case to direct to the wished wan port. Looking in ip route rules you can only give one source and d...
by msatter
Mon Mar 22, 2021 10:48 am
Forum: General
Topic: NordVPN multi WAN
Replies: 5
Views: 808

Re: NordVPN multi WAN

The IKEv2 implementation by Mikrotik binds to the WAN and only one. Once the traffic is in the tunnel you can't see anything anymore.

However you could look at balancing the tunnels UDP/4500 in which your traffic is transported.
by msatter
Thu Mar 18, 2021 12:07 pm
Forum: General
Topic: Where to get Stock Firmware and RouterOS 7.0. (no Beta) for Chateau LTE 12
Replies: 5
Views: 654

Re: Where to get Stock Firmware and RouterOS 7.0. (no Beta) for Chateau LTE 12

After Alpha comes Beta then Release Candidate (RC) and then the Release.

RouterOS is on second base now so there is no Router OS 7.0 and maybe it will take some new homeplates to reach 7.X.
by msatter
Tue Mar 16, 2021 12:04 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

Trying to update from 6.49beta22 -- not enough space to upgrade. Try to downgrade from 6.49beta22 to 6.48 -- not enough space to upgrade... Do you want to share which router you are using? Exactly same for me. :-( I am stuck with 6.49beta22 on hap ac^2. No possible to upgrade or downgrade. Log: &qu...
by msatter
Mon Mar 15, 2021 11:14 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

Trying to update from 6.49beta22 -- not enough space to upgrade. Try to downgrade from 6.49beta22 to 6.48 -- not enough space to upgrade...
Do you want to share which router you are using?
by msatter
Mon Mar 15, 2021 11:07 pm
Forum: General
Topic: DNS-over-HTTPS (DoH)
Replies: 4
Views: 648

Re: DNS-over-HTTPS (DoH)

I endorse and use myself DoT. This because in a network using this way of resolving in visible to the administrator without allowing the admin to see the content. DoH is a stealth way and as admin you can't cut that out without cutting in normal HTTPS traffic. The IP addresses of DoH servers can be ...
by msatter
Mon Mar 15, 2021 10:57 pm
Forum: General
Topic: Hot to handle VOIP on multiple WANs/backup
Replies: 21
Views: 1364

Re: Hot to handle VOIP on multiple WANs/backup

You could look at the STUN (UDP/7080-7090)connections before dropping WAN2 and switch back to WAN1. Any ongoing conversations will not be interrupted that way. The risk is that on busy lines the switch back has to wait very long and you could include a timeout after which the line is hard dropped, t...
by msatter
Mon Mar 15, 2021 8:57 pm
Forum: General
Topic: DNS-over-HTTPS (DoH)
Replies: 4
Views: 648

Re: DNS-over-HTTPS (DoH)

Your blacklist can't fix DoH? Weird. I thought a blacklist fixes everything. That is why you should only use DoH in countries that supress free speech. It is not for usage in normal situations. Here in the Netherlands we should start thinking about using it, due to the repression that is going on r...
by msatter
Sat Mar 13, 2021 11:09 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

Thanks for testing and using standalone port one is the best results expected on ports two and four and I went back to my previous setup. I looked in bridge which switch ports are assigned to the physical ports and surprise and that could be caused by me using a hEX-S that also can use an SPF beside...
by msatter
Sat Mar 13, 2021 9:34 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

I switched this afternoon stand alone one to two and two to one. I could not test properly but I saw a lower throughput than before.

I use a hEX-S with no SPF installed. There seems to be something out of wack in that little box.
by msatter
Sat Mar 13, 2021 4:01 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

I noticed that SIP ALG was removed from RouterOS (beta22) and I think that it has to do with NAT slipstreaming. Attacking the router fom a browser on a client of the router. On my test CCR1009 running beta22 SIP ALG is enabled .... Strange that it is then active with you. Do you have by chance MNDP...
by msatter
Sat Mar 13, 2021 12:49 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

I noticed that SIP ALG was removed from RouterOS (beta22) and I think that it has to do with NAT slipstreaming. Attacking the router fom a browser on a client of the router.

github.com/samyk/slipstream
by msatter
Sat Mar 13, 2021 12:41 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

My 500/500 connection costs more then 17 hEX a year.
by msatter
Fri Mar 12, 2021 10:23 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

Glad that we see the same thing and thinking about using eth 5 as WAN. Yes it looks logical and you have a symmetrical distribution of the other ports. However looking again, better is to use port 2 or 4 for WAN. Why? Using one of those tow port give you possible maximum speed on three ports and a l...
by msatter
Fri Mar 12, 2021 8:13 pm
Forum: RouterBOARD hardware
Topic: S-RJ01 SFP Module in RB4011iGS+ flapping
Replies: 12
Views: 1299

Re: S-RJ01 SFP Module in RB4011iGS+ flapping

I've used without any port flapping problems something like this, but my RB4011 still runs on 6.46.7 Had to ditch the S-RJ01 SFP module when I had to use MTU>1500 over it for RFC 4638 (PPPoE MTU 1500). I couldn't get it to work properly, the PPPoE session MRU was working properly with 1500 but MTU ...
by msatter
Fri Mar 12, 2021 7:59 pm
Forum: Beginner Basics
Topic: Forum exact search
Replies: 20
Views: 1170

Re: Forum exact search

Having thick skin and being able to laugh at yourself are two valuable attributes in the life toolbox.
It time to shave your wool, after five years not being shave, and you will much lighter and fit for the summer.

Anyone wanting the whool, to knit a vest?
by msatter
Fri Mar 12, 2021 7:42 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

Exactly. Thank you. Using the SFP port as WAN gives it a full 1Gb/s lane to the CPU while the other 1Gb/s lane is for the remaining 5 ethernet ports. One could buy 1x hEX-S + 1x S-RJ01 just for that if you have only ethernet ports, but at that price you can get the hAP ac2 which has a 2Gb/s lane fr...
by msatter
Fri Mar 12, 2021 7:30 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

Then looking at at the CPU. Two lane go up from the switch to the RBUS and trafic can only return through the right PBUS. Traffic can't flow from the switch through the PBUS to the CPU. According to this schematic, five into two lanes, returning one lane (PBUS) 5->2->1 Gbit/s when forwarding. Screen...
by msatter
Fri Mar 12, 2021 6:46 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

If you take the hEX-S things gets simpler if you insert a SFP. Ports 1-5 share all the same lane and the SFP gets its own private lane to the CPU.

Image
by msatter
Fri Mar 12, 2021 1:26 pm
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

Yes, but we also have the Enabled Switching diagram, which looks like this: https://i.mt.lv/cdn/product_files/RB750Gr3-esw3_190642.png hEX RB750Gr3 - Enabled Switching.PNG How can we use that? I wrote to support about it, we'll see if we can do anything about it. The magic word is "integrated&...
by msatter
Fri Mar 12, 2021 10:41 am
Forum: Beginner Basics
Topic: Forum exact search
Replies: 20
Views: 1170

Re: Forum exact search

The same can be used in Duckduckgo, but a lot more PRIVATE.
by msatter
Fri Mar 12, 2021 10:37 am
Forum: RouterBOARD hardware
Topic: hEX block diagram
Replies: 44
Views: 4622

Re: hEX block diagram

This is the real situation and if you enable switching (bridge) then all work is still done (emulated) in the processor. To the processor you see two lanes of each 1Gbit/s. When using port 1 as WAN then ports two and four provide maximum speed. Ports three and five have to share the 1Gbit/s with por...
by msatter
Thu Mar 11, 2021 1:24 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

Also please MT update the Security blog https://blog.mikrotik.com/security/ *) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014); Either keep this blog up to date (which is not what is happening now) or shut it down. If Mikrotik don't feel to update the page t...
by msatter
Tue Mar 09, 2021 8:21 pm
Forum: Scripting
Topic: Email Script When Interface Status Change (Running or Not Running) [SOLVED]
Replies: 25
Views: 1720

Re: Email Script When Interface Status Change (Running or Not Running) [SOLVED]

geez now everyone will think we are lovers LOL.
But the emails are exchanging bodily bits since then.....
by msatter
Sat Feb 27, 2021 9:54 pm
Forum: Scripting
Topic: Help with Script to read routes and create import file of FW addresses
Replies: 7
Views: 663

Re: Help with Script to read routes and create import file of FW addresses

https://forum.mikrotik.com/viewtopic.php?f=9&t=171135&p=836472&hilit=fetch+upload#p836472 Warning! the source directory and target directory must be the same and rxist. So this is not going to work /disk/file.txt --> /file.txt. See: https://forum.mikrotik.com/viewtopic.php?f=9&t=1549...
by msatter
Fri Feb 26, 2021 11:36 pm
Forum: Scripting
Topic: Help with Script to read routes and create import file of FW addresses
Replies: 7
Views: 663

Re: Help with Script to read routes and create import file of FW addresses

You can write BIGGER files, they really huge...files. ;-) with :execute https://forum.mikrotik.com/viewtopic.php?f=9&t=130448&p=819118&hilit=file#p818939 and here with print environment https://forum.mikrotik.com/viewtopic.php?f=9&t=167594&p=823889&hilit=environment+print+fil...
by msatter
Fri Feb 26, 2021 11:11 am
Forum: General
Topic: Automatically update ipsec peer addresses from script
Replies: 27
Views: 1565

Re: Automatically update ipsec peer addresses from script

On which version of routerOS are you and there was an change in 6.48:

*) ipsec - refresh peer's DNS only when phase 1 is down;

To avoid having the used IP address being out-of-sync with the currently used address. This was a problem with DNS using a very short TTL.
by msatter
Mon Feb 22, 2021 8:48 pm
Forum: Scripting
Topic: Two Scripts need deciphering.
Replies: 4
Views: 405

Re: Two Scripts need deciphering.

On $bound it is used in DHCP script.

https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Client
by msatter
Sat Feb 20, 2021 11:00 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 12235

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

That is encouraged by me because my only interest is to avoid that other to discover the wheel all over again. My search took many months and few support request, Sindy helped me out with this.
by msatter
Sat Feb 20, 2021 1:20 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

I can't stand Amazon stuff anymore, however I posted earlier about other fans.

viewtopic.php?f=3&t=132258&p=811123&hil ... ng#p811167
by msatter
Fri Feb 19, 2021 11:03 pm
Forum: Beginner Basics
Topic: Basic routing
Replies: 11
Views: 1082

Re: Basic routing

I think you should look at examples of IPTV that also use two vlans next to each other.
by msatter
Fri Feb 19, 2021 11:00 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

Why 3 wires? I see a + and - on the previous diagram what is the third soldered spot for, closest to the back of the chassis?? I suppose one could check if they are powered by hooking up a multimeter? I wonder if that capacitor close by (11 oclock)is affiliated or not........... The third pin is th...
by msatter
Fri Feb 19, 2021 10:28 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 12235

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

The second screen is a simple export from terminal yes my network is 10.0.0.0/24. I missed the word template in the second screen so the 0.0.0.0/0 is correct. You have to check what is wrong on a other place in the NordVPN setup. You can leave my line in there to avoid any MTU problems. There is an...
by msatter
Fri Feb 19, 2021 9:56 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 12235

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

I wrote dst-address and that should be src-addres and it this one: src-address=10.6.2.22/32 How do generate the second screen, because it does not match the first screen? And is 10.0.0.0/24 your internal network? Please change you personal IP address from your posting above! sa-src-address=XX.XX.XXX...
by msatter
Fri Feb 19, 2021 8:30 pm
Forum: General
Topic: MTU troubles using IKEv2 providers like NordVPN [work around]
Replies: 43
Views: 12235

Re: MTU troubles using IKEv2 providers like NordVPN [work around]

/ip ipsec policy set 0 group=NordVPN proposal=NordVPN add action=none dst-address=10.0.0.0/24 src-address=0.0.0.0/0 add disabled=yes dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN \ src-address=0.0.0.0/0 template=yes First dst-address=0.0.0.0/0 should contain the entry point if the tunnel. Th...
by msatter
Fri Feb 19, 2021 8:12 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

Screenshot_20210219_190901.jpg
I assume the pads in the red squares are connected and in the blue circle you see the fan connectors with some componend soldered.

This is the 1009 with a bigger case and two internal power supplies.
by msatter
Fri Feb 19, 2021 7:50 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

If you are looking for the fan soldering pads and looked at the bigger versions of the 1009 which share the same boards. Just looking at pictures on the internet. Screenshot_20210219_184150.jpg There are no components around those pad so likely also no power on the pads. I would advise a power sourc...
by msatter
Fri Feb 19, 2021 1:14 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

Screenshot_20210219_121343.jpg
by msatter
Thu Feb 18, 2021 12:25 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

No and forum also not know that. But you can add a small fan on outside to suck air out close to the position of the SFP. https://www.cdr.pl/galerie/m/mikrotik-cloud-core-rout_9166.jpg Seen from the back. Front right side. Powering the fan externally. If you also using those HOT copper network SFP p...
by msatter
Thu Feb 18, 2021 12:33 am
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

OK, so before going ahead and ordering cooling equipment I was taking a look at the board for the CRS326-24G using the high res image on the MT website. I cannot see where the connector for the fan is. Can anyone mark it for me on here? From a previous post I had understood that the board was ready...
by msatter
Wed Feb 17, 2021 7:57 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

OK, so before going ahead and ordering cooling equipment I was taking a look at the board for the CRS326-24G using the high res image on the MT website. I cannot see where the connector for the fan is. Can anyone mark it for me on here? From a previous post I had understood that the board was ready...
by msatter
Wed Feb 17, 2021 12:56 pm
Forum: Beginner Basics
Topic: Problem with PCC load balancing
Replies: 2
Views: 319

Re: Problem with PCC load balancing

I like to use 3/1 - 1/1 and 1/1 can be omited because it catches all just as no PCC would do. Set passthrough=no
This will give you 33% on wan 1 and 66% on wan2.
4/1 - 1/1 gives a 25% - 75% split. etc.

When passthrough is needed then use 3/0 - 3/1 - 3/2 Wan 1 - 2 - 2 (33% - 66%)
by msatter
Sun Feb 14, 2021 11:08 pm
Forum: General
Topic: Routing and mangle
Replies: 7
Views: 641

Re: Routing and mangle

My Dreambox satellite receivers are running DreamOS ;-)
by msatter
Sat Feb 13, 2021 9:17 pm
Forum: General
Topic: DNS over HTTPS
Replies: 159
Views: 44670

Re: DNS over HTTPS

Decrease maximum concurrent queries. It limits, so TCP can keep up.
by msatter
Sat Feb 13, 2021 8:47 pm
Forum: General
Topic: Routing and mangle
Replies: 7
Views: 641

Re: Routing and mangle

You do not need the marking in Mangle because NAT is doing the work here and you don't need the extra marking.

https://wiki.mikrotik.com/wiki/Manual%3 ... squerade_2

Marking is needed if both ISP gateway's are on the same ether port.
by msatter
Thu Feb 11, 2021 1:14 pm
Forum: General
Topic: Polling of mikrotik.com [SOLVED]
Replies: 7
Views: 577

Re: Polling of mikrotik.com [SOLVED]

In terminal you can set the update interval.
 /ip cloud> p;rint
          ddns-enabled: no
  ddns-update-interval: none
           update-time: no
Maybe Mikrotik could make a disable "call-home" in QuickSet to disable all earlier mentioned calls, in one go.
by msatter
Wed Feb 10, 2021 11:19 pm
Forum: General
Topic: Polling of mikrotik.com [SOLVED]
Replies: 7
Views: 577

Re: Polling of mikrotik.com [SOLVED]

System - Clock - Auto Timezone: set it to manual in the next tab.
by msatter
Wed Feb 10, 2021 8:14 pm
Forum: General
Topic: Add cooling fan to CRS-326-24P-2S+ ?
Replies: 50
Views: 2791

Re: Add cooling fan to CRS-326-24P-2S+ ?

Using search delivered a starting point: viewtopic.php?f=3&t=122395&p=775840&hil ... fp#p780464
by msatter
Fri Feb 05, 2021 1:25 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 30132

Re: v6.48.1 [stable] is released!

A fix for SIP related issue is not included in this release, but it is available in the 6.49beta11. If an upgrade to the testing version is not available, try disabling MNDP in neighbor discovery settings, see command below: /ip neighbor discovery-settings set protocol=cdp,lldp i just disabled the ...
by msatter
Wed Feb 03, 2021 4:45 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 132
Views: 26625

Re: v6.49beta [testing] is released!

Many thanks. My IKEv2 download speed increased by over 100 Mbps to almost the maximum download speed I have. It was lower in 6.48 than the previous versions of ROS.
by msatter
Tue Feb 02, 2021 5:03 pm
Forum: General
Topic: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s
Replies: 7
Views: 845

Re: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s

I would expect lower than 10. Your range values should be mentioned in the datasheet of the module.

As you write it works fine and the other module even goes lower.
by msatter
Tue Feb 02, 2021 4:28 pm
Forum: General
Topic: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?
Replies: 2
Views: 308

Re: NEW STABLE VERSION 6.47.3 DOES NOT RECEIVE IP FOR INTERFACE AT 10 mbps?

Luckily you managed to disengage the Caps-Lock key in the end.
by msatter
Mon Feb 01, 2021 2:31 pm
Forum: General
Topic: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s
Replies: 7
Views: 845

Re: [Question]: Anyone running a MA5671A GPON ONU at 2.5 GBit/s

The 1.25/2.5 Gbit/s indication is the interface connection between the SFP and the router. The 1 Gbit/s is the interface between the SFP and the fiber. So all is working correct. Your RX power is a bit high and are all connectors all pushed full in. Update: I now see that there are ones that transmi...
by msatter
Sun Jan 31, 2021 5:38 pm
Forum: General
Topic: SRV DNS records
Replies: 5
Views: 682

Re: SRV DNS records

I have just tested it but I did not manage to obtain anything other than NXDOMAIN from the internal domain server. Sorry.
by msatter
Sun Jan 31, 2021 12:31 am
Forum: General
Topic: SRV DNS records
Replies: 5
Views: 682

Re: SRV DNS records

I have never used that but a search on the internet gave the general workings of a SRV record.

Yes, if you use the srv target.
by msatter
Sat Jan 30, 2021 12:39 am
Forum: General
Topic: SRV DNS records
Replies: 5
Views: 682

Re: SRV DNS records

In the srv you don't put an IP but the domain name of the server serving both ports.

srv site1.lan 32400 --> A siteserver.lan 10.10.10.10
srv site2.lan 20020 --> A siteserver.lan 10.10.10.10
by msatter
Wed Jan 27, 2021 9:21 pm
Forum: RouterBOARD hardware
Topic: GPEN21 POE Output
Replies: 2
Views: 436

Re: GPEN21 POE Output

This device always puzzled me. I see it a kind of NTU with POE, to be used on 'remote' locations.

Eth2 and the SFP are either one and you use the Eth2 or the SFP.
by msatter
Wed Jan 27, 2021 1:55 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 42
Views: 7762

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

Because routing is not used it is indeed free to be used as the trigger for the killswitch. I am using several VPN providers and connections so mark IKEv2 traffic with a single routing mark and the distrubution is done be connection marking.

This gives a lot of flexability in the end.
by msatter
Sat Jan 23, 2021 1:19 pm
Forum: General
Topic: DNSpooq
Replies: 3
Views: 458

Re: DNSpooq

This formum and this blog: https://blog.mikrotik.com/security/

There is also an RSS feed: https://blog.mikrotik.com/rss/?cat=security
by msatter
Sat Jan 16, 2021 2:27 pm
Forum: General
Topic: [ASK] Firewall JUMP rule
Replies: 10
Views: 1596

Re: [ASK] Firewall JUMP rule

RAW is introduced to be able to block traffic before it hits connection tracking and so avoid high CPU usage.

UDP/Mangle/Filter need connection tracking and so using the CPU big time.
by msatter
Sat Jan 16, 2021 12:30 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 42
Views: 7762

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

You mark connections in Mangle with the connection mark op the VPN connection.You have so full control of which traffic is going throuh the VPN based on type, port, dest/src address or domain through a addres-list.
by msatter
Fri Jan 08, 2021 8:34 pm
Forum: Announcements
Topic: MikroTik newsletter November 2020 (#98)
Replies: 64
Views: 14997

Re: MikroTik newsletter November 2020 (#98)

You could consider Class C+ gpon from FS. It has a temperature range of -40 to 85 Celcius, normal is 0 to 70 Celcius. https://www.fs.com/de-en/products/64168.html msatter Thanks for the post. Have you tested this product ? No, but you can ask them for for a sample. https://www.fs.com/sample_applica...
by msatter
Fri Jan 08, 2021 2:06 pm
Forum: Announcements
Topic: MikroTik newsletter November 2020 (#98)
Replies: 64
Views: 14997

Re: MikroTik newsletter November 2020 (#98)

You could consider Class C+ gpon from FS. It has a temperature range of -40 to 85 Celcius, normal is 0 to 70 Celcius.

https://www.fs.com/de-en/products/64168.html
by msatter
Fri Jan 08, 2021 1:31 pm
Forum: General
Topic: mangle rules DB?
Replies: 4
Views: 362

Re: mangle rules DB?

You can only filter on the IP address of theclient. If your router is also providing DHCP to the clients then it should be possible.
by msatter
Thu Jan 07, 2021 9:47 pm
Forum: General
Topic: IKEv2 - issues
Replies: 5
Views: 630

Re: IKEv2 - issues

SHA-384 was already supported earlier but then only through the CLI. Now also through Winbox.

The sixt of January 2021 the table in the Wiki was updated for the RB4011 and here the link to that table:

https://wiki.mikrotik.com/wiki/Manual:I ... celeration
by msatter
Fri Jan 01, 2021 3:39 am
Forum: General
Topic: Gre over ipsec
Replies: 10
Views: 1058

Re: Gre over ipsec

by msatter
Thu Dec 31, 2020 12:33 pm
Forum: General
Topic: Tis the Season
Replies: 9
Views: 905

Re: Tis the Season

All the good to everyone and stay virus free in 2021. An to ROS, stay bug free and that you soon succeed for you seventh level exam.
by msatter
Tue Dec 29, 2020 10:25 pm
Forum: General
Topic: Tis the Season
Replies: 9
Views: 905

Re: Tis the Season

I expected something more like this.

Image
by msatter
Tue Dec 29, 2020 9:04 pm
Forum: General
Topic: Reading Source IP on my Filtering DNS Server
Replies: 12
Views: 867

Re: Reading Source IP on my Filtering DNS Server

Hot wine...is then not the alcohol already evaporated?
by msatter
Tue Dec 29, 2020 3:31 pm
Forum: General
Topic: Reading Source IP on my Filtering DNS Server
Replies: 12
Views: 867

Re: Reading Source IP on my Filtering DNS Server

Is it something like Pi-hole filtering the domains and block domains not allowed to return 0.0.0.0 IP-address? The problem of the addresses in the log of the DNS server is normal. In the eyes of the DNS server the router is talking to him and can't see the IP address of the client. If you would use ...
by msatter
Tue Dec 29, 2020 2:07 pm
Forum: General
Topic: Reading Source IP on my Filtering DNS Server
Replies: 12
Views: 867

Re: Reading Source IP on my Filtering DNS Server

Look at it differently. Change the rules to to redirect if the clients are making the requests not to you own DNS.

!10.10.10.1 assuming that is your own DNS.
by msatter
Tue Dec 29, 2020 1:09 pm
Forum: Scripting
Topic: How to delete the specified ip connection with a script? [SOLVED]
Replies: 11
Views: 1026

Re: How to delete the specified ip connection with a script? [SOLVED]

/ip firewall connection remove [find where reply-dst-address~"1.2.3.4"]
by msatter
Sat Dec 26, 2020 7:55 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 42
Views: 7762

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

It is for sync that is needed and RouterOS does not know where to sent those returning packets to. Those packets are now sent to where they are expected and being processed to lower the MTU till no, please lower the MTU are send anymore. IKEv2/IPsec significantly increases the security and privacy o...
by msatter
Sat Dec 26, 2020 12:20 pm
Forum: General
Topic: 4011iGS+ rack mount screws
Replies: 1
Views: 433

Re: 4011iGS+ rack mount screws

Use duckduckgo.com and you will find: Accessories Package includes the following accessories that come with the device: EU/US Switching Power Supply DC ⎓ 24 V 1.5 A 36 W 87.4% VI 150 cm RA DC plug. K-60 fastening set. DIN965, M3x6 . Mounting kit 4011 rm bracket. There are two included in the K-60 ba...
by msatter
Sat Dec 26, 2020 11:40 am
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 42
Views: 7762

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

I see in the use cases the following line which is obsolete if you do that directly in IPSEC Policy. It is this line in mangle: # Reduce MSS (should be about 1200 to 1400, but 1360 worked for me) /ip firewall mangle add action=change-mss chain=forward new-mss=1360 passthrough=yes protocol=tcp src-ad...
by msatter
Wed Dec 23, 2020 10:15 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 153
Views: 33152

Re: Advanced Routing Failover without Scripting

Try using "ISP 1" and "ISP 2" Nice to see you back....so soon. Greetings matter, I tried to do it with the scripts that you told me by disabling the interface, but it did not work for me, I think that with the use of recursive ways I can achieve that the failover is done and eve...
by msatter
Wed Dec 23, 2020 8:35 pm
Forum: Useful user articles
Topic: Advanced Routing Failover without Scripting
Replies: 153
Views: 33152

Re: Advanced Routing Failover without Scripting

Try using "ISP 1" and "ISP 2"

Nice to see you back....so soon.
by msatter
Mon Dec 21, 2020 9:24 pm
Forum: Scripting
Topic: Disable and Enable interface
Replies: 17
Views: 1893

Re: Disable and Enable interface

OK.
{
:if ( [/ping 8.8.8.8 interface= "ETHERT 2" count=6 ] = 0) do={/ip route disable [find comment=ISP2]}
:if ( [/ping 8.8.8.8 interface= "ETHERT 2" count=6 ] != 0) do={/ip route enable [find comment=ISP2]}
}
by msatter
Mon Dec 21, 2020 4:50 pm
Forum: Scripting
Topic: Disable and Enable interface
Replies: 17
Views: 1893

Re: Disable and Enable interface

So if you say this works: :if ( [/ping 8.8.8.8 interface= "ETHERT 2" count=6 ] = 0) do={/interface disable numbers=1} Then the following should work if you add the comment label "ISP2" to the route going to your second provider. ETHERT 2 is not disabled this way, this because you...
by msatter
Mon Dec 21, 2020 2:52 pm
Forum: Announcements
Topic: v6.48rc [testing] is released!
Replies: 18
Views: 5620

Re: v6.48rc [testing] is released!

No reporting of posts possible in this tread?!
by msatter
Mon Dec 21, 2020 12:00 pm
Forum: Scripting
Topic: How do I disable a rule in IP ROUTE? [SOLVED]
Replies: 4
Views: 727

Re: How do I disable a rule in IP ROUTE? [SOLVED]

You can't. If you don't have an active connection to the internet you can't ping anything on the internet.

Please stop with creating postings about this and have a read of what others suggested in answer to your many postings on this.
by msatter
Mon Dec 21, 2020 11:51 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46737

Re: v7.1beta3 [development] is released!

On the subject of export- On my RB4011 it does complete, it just takes an average of 21 minutes. The only errors on the export are: #error exporting /routing/bfd/authentication #error exporting /routing/bfd/configuration But export terse compact file=$fileName does finally complete. See the answer ...
by msatter
Sat Dec 19, 2020 5:46 pm
Forum: General
Topic: RB760iGS - Very Slow transfer speeds vlan to vlan and cpu usage is just 30%
Replies: 7
Views: 876

Re: RB760iGS - Very Slow transfer speeds vlan to vlan and cpu usage is just 30%

Visual of the posting above:

Image

As soon you enable the SFP, one of the 1Gbit get reserved for traffic on the SFP. Leaving half the speed for the Ethernet.

Vlan happens in the CPU so it has a big impact.
by msatter
Fri Dec 18, 2020 9:08 pm
Forum: Beginner Basics
Topic: Mikro + Asterix + One Way Audio
Replies: 4
Views: 503

Re: Mikro + Asterix + One Way Audio

Try with UDP starting at 7000 instead of 10000.
by msatter
Thu Dec 10, 2020 8:06 pm
Forum: General
Topic: DNS over HTTPS, round robin support
Replies: 19
Views: 1539

Re: DNS over HTTPS, round robin support

Well yeah, it seems that I have no other option but to build a test environment for this. And if it turns out that DNS rr is not utilized for failover, then it will have been a waste of time. :-(
At least, you have learned something after that. :-)
by msatter
Thu Dec 10, 2020 1:03 am
Forum: Scripting
Topic: Persistent Environment Variables
Replies: 4
Views: 715

Re: Persistent Environment Variables

No, this was discussed in the 7.1beta3 thread a few days ago.
by msatter
Wed Dec 09, 2020 12:43 pm
Forum: General
Topic: DNS over HTTPS, round robin support
Replies: 19
Views: 1539

Re: DNS over HTTPS, round robin support

Round Robin in on the server side and not the client side. RouterOS is here a client.
by msatter
Fri Dec 04, 2020 4:39 pm
Forum: Scripting
Topic: Fail Variable declaration sintax from manual
Replies: 6
Views: 607

Re: Fail Variable declaration sintax from manual

:set $myVar "my value";
by msatter
Thu Dec 03, 2020 11:26 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46737

Re: v7.1beta3 [development] is released!

This is still present and had this when enabling/disabling logging in RAW rules.

viewtopic.php?f=1&t=165248#p813064

The first rules counter had a life of their own.
by msatter
Thu Dec 03, 2020 10:42 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46737

Re: v7.1beta3 [development] is released!

Hope this will also stop the router crashing when you change the MTU of an interface. I appreciate your test reports as we seem to be having the same issues. I'm with Bell in Canada and they also use baby jumbo frames on a SFP ONT with PPPoE. So I see the same crashing and MTU issues you are seeing...
by msatter
Thu Dec 03, 2020 7:36 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46737

Re: v7.1beta3 [development] is released!

Updated my HAP AC2 from beta2 to beta3 and the device is constantly rebooting at about 1 minute of uptime. There was only one critical log entry, the device restarted because of a kernel failure. Downgraded back to beta2. Please report this to support@mikrotik.com and attach either a supout file fr...
by msatter
Thu Dec 03, 2020 5:07 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46737

Re: v7.1beta3 [development] is released!

256MB of memory: https://mikrotik.com/products?filter&s=c&f=[%22integrated_wireless%22,%22indoors%22]&a=[%22arm%22]&r={%22ram%22:{%22s%22:%22253%22,%22e%22:%22317%22}}#! More than 256MB of memory: https://mikrotik.com/products?filter&s=c&f=[%22integrated_wireless%22,%22indoor...
by msatter
Thu Dec 03, 2020 12:22 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46737

Re: v7.1beta3 [development] is released!

Hope this will also stop the router crashing when you change the MTU of an interface. Update: I could change de MTU but sadly not the one I wanted to. The PPPoE dropped back to 1480 and manually I could set it to 1492 to a bit be closer to the 1500 that I can use in 6.48. Routing was changed (expect...
by msatter
Wed Dec 02, 2020 2:28 pm
Forum: Scripting
Topic: To retain variable's values after reboot
Replies: 20
Views: 5650

Re: To retain variable's values after reboot

This can be adapted to write global variables to a file: https://forum.mikrotik.com/viewtopic.php?f=9&t=167594&p=823889&hilit=environment+print+file#p823683 I advise to only do variables and not scripts due to the 4096 bytes limitation. If you mark functions with the wordpart func in the...
by msatter
Wed Dec 02, 2020 1:22 pm
Forum: Scripting
Topic: Checking the empty value [SOLVED]
Replies: 6
Views: 1048

Re: Checking the empty value [SOLVED]

;-)
by msatter
Wed Dec 02, 2020 12:08 pm
Forum: Scripting
Topic: To retain variable's values after reboot
Replies: 20
Views: 5650

Re: To retain variable's values after reboot

Write variables in scheduler startup script is a better option than writing variables in l7 rules and other crazy stuff.
Can we have a scheduler restart/shutdown then?
by msatter
Wed Dec 02, 2020 12:02 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1262

Re: DDOS ATTACK

Allow someone to hold your hand on this.

https://mikrotik.com/consultants
by msatter
Mon Nov 30, 2020 11:38 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67522

Re: v6.48beta [testing] is released!

Hrmm maybe? I downloaded the .zip file with 'all extras' for arm and scp'd the .npk files as normal and validated they were all there and the right size. When that didn't work after two attempts of scp and reboot, I tried the winbox method and it showed download complete and rebooted, but again fai...
by msatter
Mon Nov 30, 2020 11:31 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 102257

Re: v7.1beta2 [development] is released!

Mikrotik cares but the Beta has problems with booting the Tile architecture so not released yet.

If your Chateau has problems the ask support if you can have Beta 3 already.
by msatter
Mon Nov 30, 2020 10:09 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67522

Re: v6.48beta [testing] is released!

Maybe this interferes: upgrade - do not try installing packages if download was not completed
by msatter
Mon Nov 30, 2020 9:25 pm
Forum: RouterOS v7 BETA
Topic: Chateau LTE12, Router OS v7.1beta2, packet loss
Replies: 6
Views: 1162

Re: Chateau LTE12, Router OS v7.1beta2, packet loss

When you on it, ask also for Beta 3 for your router.
by msatter
Sun Nov 29, 2020 3:42 pm
Forum: General
Topic: DDOS ATTACK
Replies: 14
Views: 1262

Re: DDOS ATTACK

If uou don't want to do it yourself with help of the documentation you can try this page to find someone to do it for you:

https://mikrotik.com/consultants
by msatter
Sun Nov 29, 2020 12:54 pm
Forum: Scripting
Topic: Why are my posts being deleted from this forum?
Replies: 6
Views: 679

Re: Why are my posts being deleted from this forum?

Good luck with contacting an administrator. Messaging is switched off again. It could be that your posting got reported and they are deleted...manually or "automatic". ps. you posted this in scripting and that is not right place post this. I posted in scripting because that’s the forum th...
by msatter
Sat Nov 28, 2020 1:06 pm
Forum: Scripting
Topic: Why are my posts being deleted from this forum?
Replies: 6
Views: 679

Re: Why are my posts being deleted from this forum?

Good luck with contacting an administrator. Messaging is switched off again.

It could be that your posting got reported and they are deleted...manually or "automatic".

ps. you posted this in scripting and that is not right place post this.
by msatter
Fri Nov 27, 2020 8:32 pm
Forum: General
Topic: Why Mikrotik forcibly reset my password for forum account????
Replies: 1
Views: 259

Re: Why Mikrotik forcibly reset my password for forum account????

The day after 9-11 this year, the passwords were reset and members had to provide a new password.

You must have missed that....by a few months.

viewtopic.php?f=21&t=166059
by msatter
Fri Nov 27, 2020 1:01 pm
Forum: General
Topic: ask [main/backup loader]
Replies: 6
Views: 587

Re: ask [main/backup loader]

There is indeed no way to see which version of boot you're using in backup mode. You can look at the factory firmware and then deduct that the backup boot has the same version. This should be valid since Mikrotik synced the version numbers of the boot/firmware and the RouterOS version. Your are righ...
by msatter
Fri Nov 27, 2020 12:25 am
Forum: General
Topic: ask [main/backup loader]
Replies: 6
Views: 587

Re: ask [main/backup loader]

You signature is outdated. https://forum.mikrotik.com/viewtopic.php?f=9&t=169030 On your question: https://help.mikrotik.com/docs/display/ROS/RouterBOARD If to use the backup RouterBOOT. This is only useful if the main loader has become corrupted somehow and cannot be fixed. So that you don't ha...
by msatter
Thu Nov 26, 2020 3:38 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67522

Re: v6.48beta [testing] is released!

*) certificate - properly flush expired SCEP OTP entries [SUP-31328] The flushing works , but when flushed it is made not visible in Winbox until you generate a new OTP hash manually refresh by changing windox in Winbox. It is possible to generate OTP with a lifetime of zero minutes in Terminal and ...
by msatter
Wed Nov 25, 2020 3:05 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 960

Re: Password, Pin and and Hash

I have put a updated version in the second post of this tread. Removed some bugs, corrected typos and changed some incorrect code. Streamlined the removal of generated OTP hashes so that the generated hashes that became obsolete are removed directly. Introduced a dedicated variable $decimalUP to hav...
by msatter
Tue Nov 24, 2020 12:44 am
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

Create a way to delete the generate hash while the auto-removal is still broken in my version of RouterOS: :local createOTPHash [/certificate scep-server otp; ([generate minutes-valid=0 as-value]->"password") [:foreach i in=[find -1] do={:set $lastHash $i}; :do {remove $lastHash} on-error=...
by msatter
Mon Nov 23, 2020 9:43 pm
Forum: Scripting
Topic: Removing Certificate [SOLVED]
Replies: 4
Views: 793

Re: Removing Certificate [SOLVED]

You should never ever use index numbers in scripts. These are just temporary and refer to the last print.
To remove all certificates use this:
/certificate remove [ find ];
You can use print in a script by adding without-paging and as stated using numbers is not the best way to do this.
by msatter
Mon Nov 23, 2020 4:24 pm
Forum: Scripting
Topic: Useful scripts
Replies: 83
Views: 140290

Re: Useful scripts

Please open a new topic about this because this thread is about Useful scripts and you want something specific. You could also use search because this is talked about many many times and yes you can use HUGE lists, but you have to prepare them first on a computer and then import it. See: https://for...
by msatter
Mon Nov 23, 2020 3:35 pm
Forum: Scripting
Topic: Scripting - Asking user for input.
Replies: 9
Views: 4841

Re: Scripting - Asking user for input.

You need to :put $userinput, not :put $read :) :put $userinput is also empty for me after asked for a value (v6.47). If you get actual code then use an extra pair square brackets. :local userinput [$read]; :put [$userinput]; or use :set, instead of local/global :set [userinput [$read]]; :put $useri...
by msatter
Mon Nov 23, 2020 3:21 pm
Forum: Scripting
Topic: Useful scripts
Replies: 83
Views: 140290

Re: Useful scripts

Source: https://forum.mikrotik.com/viewtopic.php?f=9&t=152632&p=796712&hilit=63+kb#p759427 # Written by Shumkov # Adapted by blacklister # 20201025 { /ip firewall address-list :local update do={ :do { :local result [/tool fetch url=$url as-value output=user]; :if ($result->"download...
by msatter
Mon Nov 23, 2020 12:42 pm
Forum: Scripting
Topic: Useful scripts
Replies: 83
Views: 140290

Re: Useful scripts

If it is bigger than 63KB then that is not possible in RouterOS.
by msatter
Sun Nov 22, 2020 7:06 pm
Forum: Scripting
Topic: Checking the empty value [SOLVED]
Replies: 6
Views: 1048

Re: Checking the empty value [SOLVED]

Some other ways to check:

([:len $z]=0) works also for array
([:typeof $z] ~ "(nil|nothing)")
I did not knew the =[ ] and that one could replace the :len one for me.
by msatter
Fri Nov 20, 2020 2:47 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 42
Views: 7762

Re: [Guide] How to setup NordVPN (IPSEC/IKEv2) + killswitch

Should I see traffic when I torch the bridge acting as blackhole for the VPN when it is going up or down? The only traffic I saw was ARP. When I re-enable my own killswitch lines (dst 100.69.69.69) then those lines in NAT do catch traffic. Looking in /IP routing the PPPoE-out has a distance of zero ...
by msatter
Thu Nov 19, 2020 5:19 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 960

Re: Password, Pin and and Hash

The code has been updated in posting two of this thread. I added a simple help to code and I could insert it locally in the global function $genpassword because it was less than 45 lines of code including the help text. You can display help by typing: $genpassword -help and displaying the version nu...
by msatter
Thu Nov 19, 2020 11:00 am
Forum: RouterBOARD hardware
Topic: RB4011: SFP power cycle?
Replies: 3
Views: 469

Re: RB4011: SFP power cycle?

You could try this as scipt running (Terminal) after the router has booted and see if that helps: { disable sfp-sfpplus1 :delay 50ms enable sfp-sfpplus1 } My scipt-code in PPP Profile for not obtaining a MTU of 1500: { :delay 4s /interface :if (([pppoe-client monitor pppoe-out as-value once]->"...
by msatter
Thu Nov 19, 2020 10:48 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 104
Views: 24126

Re: WinBox v3.27 released!

I understand that as of a few winbox versions ago , the entries in the log window were truncated to not take up more than a single line (and there were some users requesting this). however im not clear on how this is a better solution than the prior multi line log window entries (where you could al...
by msatter
Thu Nov 19, 2020 10:37 am
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 960

Re: Password, Pin and and Hash

I made a second update to the code and added the option to only mix a supplied string (minimal length 4) and the code was already is in the genpassword script. To make this also directly available a small function was added next to the already exisisting genpin and dummyhash to call it directly and ...
by msatter
Tue Nov 17, 2020 1:04 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 960

Re: Password, Pin and and Hash

Thanks Jotne and the ";" presence is known and it is due to I tried to find why I could not put the code in :global. In the end it was due to me using multiple TABs to structure the code. I will propose the code to Mikrotik and hope that the will have look at it and be so nice to provide a...
by msatter
Tue Nov 17, 2020 12:57 pm
Forum: Beginner Basics
Topic: Connect HexS with SFP VDSL2 Modem to ISP
Replies: 1
Views: 354

Re: Connect HexS with SFP VDSL2 Modem to ISP

I am affraid that is is a troublesome undergoing. It started 4 years ago:

viewtopic.php?f=3&t=104109&hilit=vdsl
by msatter
Sun Nov 15, 2020 4:17 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 960

Re: Password, Pin and and Hash

################################################################################################### # Written for RouterOS from Mikrotik # Written by Msatter (alias on forum.mikrotik.com) # only for non commercial use # version 20201125-2.58 DO NOT FORGET TO UPDATE ALSO THE :global version undernea...
by msatter
Sun Nov 15, 2020 4:17 pm
Forum: Scripting
Topic: Password, Pin and and Hash
Replies: 6
Views: 960

Password, Pin and and Hash

I have completed the script to generate different types of random ranges of characters, numbers or combinations from those. A One-Time-Password hash generator in RouterOS is used to have randomness to be used in the generator. Calling the function is quite flexiable and the ordering of the parameter...
by msatter
Fri Nov 13, 2020 6:09 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

Mixing the base strings is complete after bring on the backburner while I wrote a menu script. Also aound a much faster and absolute way to remove the obsolete OTP hashes.I first had a for next removing the "numbers" one by one. This did not work always and with more that thirdteen thousan...
by msatter
Wed Nov 11, 2020 2:35 am
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 528

Re: :return not as described?

It seems I had them because I had to scare away people looking at their phone wandering into the garden. Never seen them personally so it was a complete surprise to me that I had them in my garden. Those invisible creatures. Not much running scripts here and sometimes the VPN maintainers flashes by....
by msatter
Tue Nov 10, 2020 7:37 pm
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 528

Re: :return not as described?

If there is a second return the that one should supersedes the earlier one and the last one the only one retuned. It is then behaving as variable, which can have only one value.

We have already :error which stops all scripts/and functions.
by msatter
Tue Nov 10, 2020 7:19 pm
Forum: Scripting
Topic: Cant read file large then 4085 bytes
Replies: 15
Views: 5405

Re: Cant read file large then 4085 bytes

A file up to 64KB can be read in one go to an array.

.RSC files can be much larger and I hsve not found yes a limitation other than the memory of the router itself.

I am still searching for a way to include code as insert and not in script or global.
by msatter
Tue Nov 10, 2020 2:59 pm
Forum: Beginner Basics
Topic: Layer 7 Blacklist
Replies: 16
Views: 1104

Re: Layer 7 Blacklist

The short answer is yes, it is possible. The problem is making a regex that covers half the internet...
It's like saying that achieving world peace is possible, the problem is just finding how to make all people like each other.
Till .*$

;-)
by msatter
Tue Nov 10, 2020 2:56 pm
Forum: Beginner Basics
Topic: Layer 7 Blacklist
Replies: 16
Views: 1104

Re: Layer 7 Blacklist

Not nice to say that about Bidon. Go and was your mouth. Are you drunk?? Not judging, but hopefully not configuring any MT devices jajajajaja I don't drink alcohol only smell it when I disinfect my hands, and that is not enough to get drunk and it is also not the right type of alcohol to use intern...
by msatter
Tue Nov 10, 2020 2:39 pm
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 528

Re: :return not as described?

Thanks SiB and I did not see any other that :returns cuts away from the function despite there could be more instructions to process. Or did I missed it? It has it's chams because you can go in the middle exit a function this way without being concerned about code underneath. It brings the feeling b...
by msatter
Tue Nov 10, 2020 11:51 am
Forum: Scripting
Topic: :return not as described?
Replies: 7
Views: 528

:return not as described?

I have the problem that :return acts like an :error and terminates the function and does not execute the last command till the end of the function "}" From the Wiki: Starting from v6.2 new syntax is added to easier define such functions and even pass parameters. It is also possible to retu...
by msatter
Mon Nov 09, 2020 9:28 pm
Forum: Scripting
Topic: Find and list filter by comment
Replies: 3
Views: 325

Re: Find and list filter by comment

Let RouterOS do this for you and look at how you normally enable and disable lines.

You are now collecting the lines and that is not needed.
by msatter
Mon Nov 09, 2020 8:53 pm
Forum: Beginner Basics
Topic: Layer 7 Blacklist
Replies: 16
Views: 1104

Re: Layer 7 Blacklist

Not nice to say that about Bidon. Go and was your mouth.
by msatter
Mon Nov 09, 2020 8:46 pm
Forum: Scripting
Topic: Find and list filter by comment
Replies: 3
Views: 325

Re: Find and list filter by comment

/ip firewall filter disable [:find comment~"Yoeptube"]; This is in ROS script.

Replace Yoeptube with you use and it can also a partly match like tube because of the ~ instead of a =
by msatter
Mon Nov 09, 2020 11:52 am
Forum: Scripting
Topic: Understanding scripting data types
Replies: 6
Views: 3936

Re: Understanding scripting data types

Really! Old syntax don't support parameters :global fold [:parse ":put \"$param\""] :global fnew do={:put "$param"} :put "Old" $fold param="params work" :put "New" $fnew param="params work" > /system script run test-params Old Ne...
by msatter
Sun Nov 08, 2020 10:45 pm
Forum: Scripting
Topic: Useful scripts
Replies: 83
Views: 140290

Re: Useful scripts

Hi all,

Let me also share my scripts collection with you - maybe you will find few of them helpful or useful as they are to me;)

https://github.com/gbudny93/RouterOS_Useful_Scripts

Greg
Easier append array: viewtopic.php?p=819886#p728850
by msatter
Sat Nov 07, 2020 11:17 am
Forum: Scripting
Topic: Cumbersome fetching the key in an array and duplicating arrays
Replies: 3
Views: 559

Re: Cumbersome fetching the key in an array and duplicating arrays

BTW, I managed to wipe environment when a Array was by mistake looped and the memory start to fill up and after about 20MB it would clear and start again to fill up. In Winbox the environment screen was wiped and in red was displayed something "NOTHING FOUND". Then filtering would engage o...
by msatter
Fri Nov 06, 2020 8:46 pm
Forum: Scripting
Topic: Cumbersome fetching the key in an array and duplicating arrays
Replies: 3
Views: 559

Re: Cumbersome fetching the key in an array

I had a look at 2D array. They are not easy and I stepped in a few beartraps and maybe I even need some new functions to handle them easier. Some things are easier to archive but it is a lot to learn and test. Update: I have converted it from array with a key to a 2D array. Work great and it was a f...
by msatter
Fri Nov 06, 2020 1:46 pm
Forum: General
Topic: How can I make Mikrotik help pages more readable?
Replies: 5
Views: 784

Re: How can I make Mikrotik help pages more readable?

You are right, it does resize badly on small displays. We will work on that.
And it gone. Hoping that mobile device friendly mode will be back soon!
by msatter
Wed Nov 04, 2020 2:57 am
Forum: Scripting
Topic: Cumbersome fetching the key in an array and duplicating arrays
Replies: 3
Views: 559

Cumbersome fetching the key in an array and duplicating arrays

I want to return the key in a array and don't want to use the "foreach k,v in $ar" method. :local ar {"Abcdef"="b";c="d"}; :local a [:tostr [:pick $ar 0 1]]; :put [:pick $a 0 ([:find $a "="])] [:tostr [:pick $ar 0 1]]; is putting out the key and the ...
by msatter
Wed Nov 04, 2020 12:18 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 104
Views: 24126

Re: WinBox v3.27 released!

That will still have one long line, but at least you can drag that window until you see it all. So it's a way, but definitely not good way, just slighly better than nothing. It would be best to optionally support both horizontal scrolling and line wrapping. On scripts, I don't remember where, if yo...
by msatter
Mon Nov 02, 2020 8:33 pm
Forum: General
Topic: Reload Mikrotik OS over WiFiRanger
Replies: 4
Views: 446

Re: Reload Mikrotik OS over WiFiRanger

You'reInHotWaterJoe.
by msatter
Thu Oct 29, 2020 4:09 pm
Forum: Scripting
Topic: Working with string ¿?
Replies: 3
Views: 425

Re: Working with string ¿?

:put is there show humans, an :if does not need to see it, it knows what the result is without seeing. The connections table is table that is shown and you best use "print" to find a value. I had to use also a :pick, which is scanning the lines till it finds what is sought and cut is out. ...
by msatter
Wed Oct 28, 2020 11:37 am
Forum: Scripting
Topic: Working with string ¿?
Replies: 3
Views: 425

Re: Working with string ¿?

You can't use put there:
:if (:put ([/ip firewall

Use:
/ip firewall connection remove [find where dst-address="15.15.15.1:9987"] 
by msatter
Tue Oct 27, 2020 6:40 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

Should line 17 be like this? :set ($arrayString->"mixedpin") "8923176504" ; :set ($arrayString->"mixednumbers") "8923176504" ("mixednumbers" -> "mixedpin") Thanks, I think I will do away with static mixed and replace that by dynamic mixing...
by msatter
Tue Oct 27, 2020 1:12 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

That would be great and Mikrotik could also use the encryption engine to hash the password generated, with a salt added to it. Then the admin only has to store the hash and the salt. I have busy on a scripts and when syntax and error checking it is wise to not be in the root but off-root (like: /ip)...
by msatter
Mon Oct 26, 2020 10:48 pm
Forum: General
Topic: How can I make Mikrotik help pages more readable?
Replies: 5
Views: 784

Re: How can I make Mikrotik help pages more readable?

You are right, it does resize badly on small displays. We will work on that.
First looks great. Many thanks for the mobile view!

Update: :-) ....reads like a old fashion manual, but better.
by msatter
Mon Oct 26, 2020 10:35 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 14509

Re: understanding and fixing MTU/MSS/PMTU with IPsec

I did not see a way to reduce the MTU except for the SYNC. NAT is not a problem because a tunnel is used. UDP/4500.

Despite my IKEv2 is eorking great and MSS is never triggered I have sometimes problems retrieving TLS certificates when browsing.
by msatter
Mon Oct 26, 2020 8:57 pm
Forum: Scripting
Topic: Script Telnet
Replies: 8
Views: 14231

Re: Script Telnet

As written much earlier that does not work with telnet. You need to use SSH and yhese dsys we use RSA instead of DSA.
by msatter
Mon Oct 26, 2020 6:04 pm
Forum: Scripting
Topic: Mikrotik Scripting needs to be useful! Requests!
Replies: 5
Views: 768

Re: Mikrotik Scripting needs to be useful! Requests!

Of course You can do anything with a network of Mikrotik routers if you put a big computer next to them and use PHP/PERL/Delphi/Putty/Whatever to control them using API/Telnet/FTP; But thats not the power of Mikrotik. It's the only router that I know of (apart from a LInux box) that can be scripted...
by msatter
Sun Oct 25, 2020 11:59 pm
Forum: General
Topic: enable/disable a Firewall rule in terminal or script
Replies: 6
Views: 1426

Re: enable/disable a Firewall rule in terminal or script

Before you can use the (rules) line numbers you first have to fixate them in a script. print without-paging; # to have a correct location of numbers in the table Then determine the dynamic lines to skip. :local dynamicLines [:len [ find dynamic]]; :do { add place-before=($dynamicLines) action=..... ...
by msatter
Sun Oct 25, 2020 8:42 pm
Forum: Scripting
Topic: IP address list export script
Replies: 5
Views: 9204

Re: IP address list export script

There are several ways to do this and I have written a backup and restore especially for interchanging between different routers. The focus is on keeping the filesize as low as possible. It is close to RC and I was distacted by other projects so it went down the pile of other things. If you want you...
by msatter
Sun Oct 25, 2020 1:47 pm
Forum: Scripting
Topic: useful scripts and simple functions
Replies: 2
Views: 2289

Re: useful scripts and simple functions

Very interesting and they look very good.
by msatter
Sun Oct 25, 2020 10:36 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67522

Re: v6.48beta [testing] is released!

Tried 6.48beta48 L2TP IPSec using certificates is still broken for my clients. Searched the forums, but haven't found any resolution. My L2TP/IPSec clients failed after 6.47, was able to downgrade back to 6.46.6 and everything worked ok again. Did you already contact Mikrotik support on this? e-mai...
by msatter
Sun Oct 25, 2020 10:05 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 22826

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Update: I see that all omit this "/" and this works if you are already in the root of the menus. I always put a "/" in front to be sure I land where I need, every time, where ever I am. Thank you, i add the "/" to the first line but with the same result. All lists cant...
by msatter
Sun Oct 25, 2020 1:33 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 22826

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Quick check. The first line you are changing to / ip firewall address-list but you not copied the needed a "/" in front when already being already in a menu. Update: I see that all omit this "/" and this works if you are already in the root of the menus. I always put a "/&qu...
by msatter
Sun Oct 25, 2020 12:08 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 22826

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

It is indeed a bit confusing. Original there was one address-list named blacklist and the desciption/comment separated the different imported address-list.

Please post the scipt you use then can have a look at it.
by msatter
Sat Oct 24, 2020 10:35 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 14509

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Can you post what Sindy ask you to post? Looking at the picture I don't see a ptoblem but often a picture does not show all. An export will. Update: I am now behind a Winbox and to me only the line in IPsec-Policy works and disabling it and enabling a MSS change line in Mangle does not work for me.....
by msatter
Sat Oct 24, 2020 9:29 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 82
Views: 22826

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Hi
i tryed the different scripts but get on all lists "Address list <name of the list> update failed"
CCR1009 v6.46.7
What could be wrong?
-faxxe
Do you have by any chance spaces or special characters in the names of the lists?
by msatter
Sat Oct 24, 2020 9:16 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 14509

Re: understanding and fixing MTU/MSS/PMTU with IPsec

Have you done the click/tap post preview test on this site?

@Sindy *ffffff is the .id of the default. I do not know if that is needed anymore. This because of auto sort that implemented not that long ago.

But then auto sort could be taking care of that now and that would make it much much simpler.
by msatter
Sat Oct 24, 2020 5:17 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

An other further development. Made it so that only the names and strings are hard-coded and all depending on those are dynamic. The default string should be named "default" and that is the only variable/key that is hard-coded. It was a lot of work for someone who inexperienced in programmi...
by msatter
Sat Oct 24, 2020 5:06 pm
Forum: General
Topic: Nordvpn IPsec Mikrotik Routing
Replies: 15
Views: 2674

Re: Nordvpn IPsec Mikrotik Routing

OMG, it works now! Thank you so much! I actualy saw earlier your linked topis and by advice there, I tryed to press "Preview" my written post, and it opens in very short time, so I had no doubt in MTU. Obviously, I did not done this throughly. Thanks again, but beware; More questions are ...
by msatter
Sat Oct 24, 2020 3:37 pm
Forum: General
Topic: understanding and fixing MTU/MSS/PMTU with IPsec
Replies: 33
Views: 14509

Re: understanding and fixing MTU/MSS/PMTU with IPsec

See: viewtopic.php?f=2&t=161967#p824619

Your line should work but maybe 1382 is still to big for your connection. Try again with 1200 and the work your eay up.

Or try the better sollution. for IKEv2.
by msatter
Sat Oct 24, 2020 3:27 pm
Forum: General
Topic: Nordvpn IPsec Mikrotik Routing
Replies: 15
Views: 2674

Re: Nordvpn IPsec Mikrotik Routing

/ip ipsec policy
move *ffffff destination=0
add action=none dst-address=168.192.88.0/24 src-address=0.0.0.0/0 place-before=1
Replace 168.192.88.0/24 by your own local network.

viewtopic.php?f=2&t=154449&p=763404#p763404
by msatter
Fri Oct 23, 2020 2:02 am
Forum: General
Topic: Optical cable and SFP advice
Replies: 8
Views: 984

Re: Optical cable and SFP advice

You could go for a LC connector on both sides of the cable. If you use the panel then use what already have and that SC connectors and if the SFP comes with a LC connector then use the cable LC-APC as the two posters above also suggested. SC/APC = Green and SC/PC = Blue and this picture shows the di...
by msatter
Fri Oct 23, 2020 1:16 am
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

An other step and the strings are stored in a array so that selection is easier and is now also a function that can be called with extra parameters: $genpassword {length} {string} {string} {string} -- length is size of the password, string can be normal, mixed, letters, mixletters, numbers, mixnumbe...
by msatter
Thu Oct 22, 2020 2:32 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

Your're welcome and many thanks Jotne for the clean up. All those ; in just to be sure that it would not complain about those missing in other settings. The / was there to go to the root of the menu. It could be adapted to meet minimal password requerements by having several compose of strings and n...
by msatter
Thu Oct 22, 2020 2:09 pm
Forum: General
Topic: Optical cable and SFP advice
Replies: 8
Views: 984

Re: Optical cable and SFP advice

I assume by "streched" that have two cable that are connected in the middle by a adaptor? That is normally called "extended". 200 meter military grade, can be even put in the ground, cost about 160 Euro and armoured around 110 Euro. If you all indoor and protected a fibre cost ar...
by msatter
Thu Oct 22, 2020 12:05 pm
Forum: General
Topic: Optical cable and SFP advice
Replies: 8
Views: 984

Re: Optical cable and SFP advice

You need two different SFP. Example one R1310nm T1490nm and the second one R1490nm T1310nm and one fiber. You can use a standard fibre and you can also get Armoured fibre cables that are robuster. Or even military grade ones. Length can be adjusted to the length you need + extra by clicking the cust...
by msatter
Thu Oct 22, 2020 12:41 am
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

Simple password generator based on Mikrotik OTP. # generate password: { :set $pwdLength 10; # From this string the password is formed. :set $pwdComposedOff "!&()*+/0123456789:;<=>@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]abcdefghijklmnopqrstuvwxyz{}"; :set $pwdLoops ((255 + [:len $pwdComposedOff]) ...
by msatter
Wed Oct 21, 2020 4:45 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

That did not work for me and the generated passwords stay in the list despite it has counted down to zero. OTP.jpg It is not that easy to remove those passwords and the problem is that sometimes the generated password is not yet displayed in the list. Then I get the error that the item does not exis...
by msatter
Wed Oct 21, 2020 2:16 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 16
Views: 2285

Re: One line password generation without fetch tool

And removes the full password directly after generating it.
{
:local hash ([/certificate scep-server otp generate minutes-valid=0 as-value]->"password");
/certificate scep-server otp remove [:find $hash];
:local pwd [:pick $hash 0 8];
:put $pwd;
}
by msatter
Tue Oct 20, 2020 12:18 am
Forum: General
Topic: [feature request] Blocking a special kind of DDoS
Replies: 17
Views: 5330

Re: [feature request] Blocking a special kind of DDoS

Hello Could you please share the updated script for ddos and TCP syn flood protection for mikrotik This script is made for a special kind of DDOS and is optimized as much as I am possible to do. In many cases psd is your friend when TCP is used to avoid loading connection up. UDP or other protocols...
by msatter
Mon Oct 19, 2020 5:00 pm
Forum: Scripting
Topic: Example: Showing help, on parameters used in a function
Replies: 0
Views: 227

Example: Showing help, on parameters used in a function

This is a part of bigger script and I share this as a building block to provide help on parameters in a simple way, for a function. It can display the whole help text if you only enter $myFunc -help and if only a specific help on a parameter is needed then $myFunc 1parameter -help. Providing help on...
by msatter
Sat Oct 17, 2020 1:10 am
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 9149

Re: NTH load balancing

@DarkNate try Nth 3-1 2-1 - which is the same as 3-1 3-2 3-3 and I think, less processor intensive. Nth 3,1 - 2,1 is likely not the same as Nth 3,1 - 3,2 - 3,3 and if I remember correctly from some MikroTik presentation files, it has to be in that order for either PCC/Nth where 2 means two WAN, 3 m...
by msatter
Fri Oct 16, 2020 10:34 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 9149

Re: NTH load balancing

Then, you don't know up-front how much traffic will go over a marked connection. I could look in NAT which connection, had not much traffic yet and then prefer that link. In real time, that is only possible if Mikrotik implement a distribution by clean switching of the source port. Maybe that is alr...
by msatter
Fri Oct 16, 2020 2:43 pm
Forum: General
Topic: How can I make Mikrotik help pages more readable?
Replies: 5
Views: 784

How can I make Mikrotik help pages more readable?

Mikrotik is switching from the Wiki to the Help pages and I can't read it good brcause the rext area is very narrow. Examples and tables have to be scrolled horizontal all the time. I have to tap the two vertical bars in the left column and directly after that the book icon that is then displayed. O...
by msatter
Thu Oct 15, 2020 11:22 pm
Forum: General
Topic: Dynamic firewall filter rule added when IPsec peer is down to avoid unencrypted LAN leaking.
Replies: 5
Views: 370

Re: Dynamic firewall filter rule added when IPsec peer is down to avoid unencrypted LAN leaking.

Even stronger. Most user don't know that their IKEv2 is leaking during the connection is coming up. I use marking all IKEv2 traffic with a routing mark which in NAT is redirected to nothing. This in NAT is not static nor are the connection marking in Mangle. It is a complex script handeling that for...
by msatter
Wed Oct 14, 2020 9:40 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 9149

Re: NTH load balancing

When we mark-connection using Nth, it marks the connection based on the Nth classier which is more random (more deeper) as it's per packet (of that particular unmarked connection), hence increasing the chances that the connection to passthrough to the next mangle rule. A connection is a connection ...
by msatter
Wed Oct 14, 2020 6:34 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 9149

Re: NTH load balancing

Dude, in the real world connection tracking ( or connection NTH ) is the best way for browsing the internet. NTH is predictable and a listener knows which connection is used next to sent the packet. I am using this for my web browser and a new connection, even to same site, uses a 'unpredictable' pa...
by msatter
Wed Oct 14, 2020 2:49 pm
Forum: Scripting
Topic: Script to save file to disk1 [SOLVED]
Replies: 2
Views: 459

Re: Script to save file to disk1 [SOLVED]

="disk1/$backupfile"
by msatter
Sun Oct 11, 2020 10:59 pm
Forum: General
Topic: Safety Fallback for Script Error
Replies: 2
Views: 319

Re: Safety Fallback for Script Error

You can activate safe mode before starting the script and at the end of the script you deactivate the safe mode and so making the changes permanent. In environment you can see if that script is still running. You can check if the with a schedule if the script/special user is taking to long and the r...
by msatter
Sun Oct 11, 2020 3:41 pm
Forum: RouterBOARD hardware
Topic: Hex gr3 suddenly lost power
Replies: 5
Views: 553

Re: Hex gr3 suddenly lost power

There are two diodes D1 and D3 close to the power connector.

You can also try PPoE in if you have the cable for that.
by msatter
Sun Oct 11, 2020 3:26 pm
Forum: Scripting
Topic: Combine two IP4 address lists to create a /24 list
Replies: 4
Views: 461

Re: Combine two IP4 address lists to create a /24 list

:local AgregateMask 24 :local AgregatedList :local i :local j :local net :local ReversMask (32-$AgregateMask) :foreach i in=$list1 do={ :foreach j in=$list2 do={ :put "$i and $j" :set net (($i>>$ReversMask)<<$ReversMask) :set net ($net . "/$AgregateMask") :if ($j in $net) do={ :...
by msatter
Sun Oct 11, 2020 1:11 am
Forum: RouterOS v7 BETA
Topic: v7.2 beta & mt7621
Replies: 2
Views: 808

Re: v7.2 beta & mt7621

Those devices are released to be used with new bridge setup, that replaced the Master-Slave default, in RouterOS 6.xx and higher. Hardware switching (HW) is only active on the first bridge in ROS 6.xx+
by msatter
Sat Oct 10, 2020 8:37 pm
Forum: Forwarding Protocols
Topic: NTH load balancing
Replies: 63
Views: 9149

Re: NTH load balancing

A while ago I created a write-up about NTH;
viewtopic.php?f=2&t=159174&p=781975
by msatter
Sat Oct 10, 2020 5:48 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 8
Views: 1407

Re: Importing IP List from file

Reading pure IP adresses is possible up to 64KB large files.

viewtopic.php?f=9&t=152632

I am on the moment busy to create backup/restore for adresslists present in the router and it will export a .RSC file that smaller than the normal export.
by msatter
Thu Oct 08, 2020 1:51 pm
Forum: General
Topic: Why I can't download latest version RouterOS from mikrotik.com/download?
Replies: 8
Views: 509

Re: Why I can't download latest version RouterOS from mikrotik.com/download?

I see nothing wrong and the Common Name is mikrotik.com and that is also present in the SAN:

DNS Name: *.mikrotik.com
DNS Name: mikrotik.com
by msatter
Tue Oct 06, 2020 11:43 pm
Forum: RouterBOARD hardware
Topic: Are the antennas on the RB4011 detachable?
Replies: 5
Views: 767

Re: Are the antennas on the RB4011 detachable?

Sounds right.

Image

Image
by msatter
Tue Oct 06, 2020 9:28 pm
Forum: RouterBOARD hardware
Topic: Are the antennas on the RB4011 detachable?
Replies: 5
Views: 767

Re: Are the antennas on the RB4011 detachable?

No, or you have to make your own cables.
Image
by msatter
Fri Oct 02, 2020 11:13 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 205
Views: 43136

Re: RB4011 and RB1100 AHx4 "bricks" randomly

Ask before you buy if you will receive revision 2 of the device.

viewtopic.php?f=2&t=149062&p=820138#p817223
by msatter
Wed Sep 30, 2020 1:52 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 102257

Re: v7.1beta2 [development] is released!

Friday is not a good day being the start of the Mikrotik weekend.

Sorry, couldn't resist.
by msatter
Sat Sep 26, 2020 2:55 am
Forum: Scripting
Topic: send script output to a file
Replies: 13
Views: 5160

Re: send script output to a file

Many many many thanks! I was looking for a way to write LARGE files for a long long time. This also works in the 6.4X version of ROS. You can test your code easier in the Terminal and here I save a very lean import file for an address list: :execute {:put "script - function - comment"; /ip...
by msatter
Sat Sep 26, 2020 12:31 am
Forum: Beginner Basics
Topic: Command aliases
Replies: 7
Views: 726

Re: Command aliases

:global domail do={/system script run wrme} on-error={log warning "Mail could not be send"};

$domail;

https://wiki.mikrotik.com/wiki/Manual:S ... #Functions
by msatter
Mon Sep 21, 2020 3:26 pm
Forum: General
Topic: How to obtain inventory/usage of SFP modules?
Replies: 2
Views: 1098

Re: How to obtain inventory/usage of SFP modules?

Showing only the interfaces where the default names contain "sfp": :foreach i in=([/interface ethernet find default-name~"sfp" ]) do={ :local iterfacename [/interface ethernet get $i default-name ] :/interface ethernet monitor $iterfacename once without-paging } And a bit shorter...
by msatter
Mon Sep 21, 2020 12:50 am
Forum: General
Topic: hAP ac2 over heated vent holes mod
Replies: 16
Views: 1331

Re: hAP ac2 over heated vent holes mod

I think MK should offer mesh cages for extra cooling. Normis could do it with a 3D printer while he is sleeping!!
Clinging it? ;-)
by msatter
Thu Sep 17, 2020 6:20 pm
Forum: General
Topic: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)
Replies: 30
Views: 3333

Re: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)

No when I look at the subject of this thread. There is a workaround wich can be used till the fix by Mikrotik trickels down to the other versions.

The topic linked to is tackling a different problem of ROS not able return a icmp 3-4 to the correct client when using IKEv2.
by msatter
Thu Sep 17, 2020 12:48 pm
Forum: Scripting
Topic: Built in function library
Replies: 87
Views: 36340

Re: Built in function library

This I am using to read up to 64KB from a file. Sadly always the first up to 64KB from a file. :local result [/tool fetch url=$url as-value output=user]; :if ($result->"downloaded" < 64) do={ :local data ($result->"data") If a file is bigger then that, then the result is not tran...
by msatter
Thu Sep 17, 2020 12:03 pm
Forum: Scripting
Topic: Built in function library
Replies: 87
Views: 36340

Re: Built in function library

What if you use multiple array's in the foreach? Till now I read/stores up to 64KB files using one array.
When one array is full then switch to the next one.
by msatter
Wed Sep 16, 2020 3:31 pm
Forum: General
Topic: Can't login here with my password from 12 September 2020
Replies: 4
Views: 525

Re: Can't login here with my password from 12 September 2020

False statement there about what passwords were "declared invalid". 1. My password had lower case and upper case characters + numbers and I also had to reset it. 2. I doubt that any forum stores passwords the way you think that are stored, it should be (almost) impossible to recover the p...
by msatter
Wed Sep 16, 2020 2:45 pm
Forum: RouterOS v7 BETA
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 685

Re: Scripted firewall rule ordering fails

It is not possible to use ordering sequence numbers in a script! These are only valid in terminal sessions, and only after a print command. When you do a print on the terminal, it shows you the lines with the numbers and at the same time builds a table of numbers and the corresponding line. Then yo...
by msatter
Wed Sep 16, 2020 2:33 pm
Forum: RouterOS v7 BETA
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 685

Re: Scripted firewall rule ordering fails

The "print without-paging" (runs in script) and comment tagging I have used in the past, however I am doing it differently by using "find dynamic" rule as list generator and it works as dream. I think it will also work when no dynamic rules are present and then it would be 0+2=2 ...
by msatter
Wed Sep 16, 2020 1:21 pm
Forum: General
Topic: Scripting/Testing workflow
Replies: 1
Views: 239

Re: Scripting/Testing workflow

If you use the search function you will find several topics about this. You can even scroll throught the script after it displays where the syntax is incorrect and correct it. Past in tertminal after pressing F5 (clearing window). Put your code between { and } and it will be not executed so you can ...
by msatter
Wed Sep 16, 2020 11:19 am
Forum: RouterOS v7 BETA
Topic: Scripted firewall rule ordering fails
Replies: 7
Views: 685

Re: Scripted firewall rule ordering fails

When I look at your result, the order is the same as you pushed it in, so try it in reverse order and see what the result is then.
by msatter
Wed Sep 16, 2020 12:03 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 205
Views: 43136

Re: RB4011 and RB1100 AHx4 "bricks" randomly

The build-time refects the build-time of the software and not the hardware.
by msatter
Tue Sep 15, 2020 9:41 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 205
Views: 43136

Re: RB4011 and RB1100 AHx4 "bricks" randomly

If there is no specific mention of the revision then you can assume that you have the first revision. Look also at the factory firmware number can be an indication but then you have to know the version that was shipped with the second revision.
by msatter
Tue Sep 15, 2020 10:21 am
Forum: Announcements
Topic: Expected down time for this forum SEPT 11
Replies: 42
Views: 6221

Re: Expected down time for this forum SEPT 11

Please stop implementing/releasing things at the end of the week or in the weekend because we have to wait then till the next week starts before Mikrotik can start fixing things!
by msatter
Mon Sep 14, 2020 12:07 pm
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 12320

Re: v6.46.7 [long-term] is released!

Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. Yes, that would be logical. Mikrotik fought the Logic and Mikrotik won. Flawless victory. Lost buyers of...
by msatter
Mon Sep 14, 2020 12:04 pm
Forum: RouterBOARD hardware
Topic: hEX RB750Gr3 micro SD not recognized
Replies: 8
Views: 959

Re: hEX RB750Gr3 micro SD not recognized

And it sticks out so you can grab it, to take it out again.
by msatter
Mon Sep 14, 2020 11:50 am
Forum: General
Topic: CVE-2020-11881 PATCH [SOLVED]
Replies: 16
Views: 1909

Re: CVE-2020-11881 PATCH [SOLVED]

Communication could use improvements on the side of Mikrotik. It is not lying but just not telling. - the fixed version was ready last week but that was not communicated with the CVE publishers. - in this thread Mikrotik should have written, "it was fixed last week and fix was released today&qu...
by msatter
Mon Sep 14, 2020 10:40 am
Forum: Scripting
Topic: help to solve issue in script " dns to address lists scripts " [SOLVED]
Replies: 9
Views: 1341

Re: help to solve issue in script " dns to address lists scripts " [SOLVED]

You can optimize it a bit if you leave out the check and logging and then I can compress the write to one line: :foreach i in=[/ip dns cache find name~"(facebook|youtube)" ] do={ :do {/ip firewall address-list add address=[/ip dns cache get $i data] list=restricted comment=[/ip dns cache g...
by msatter
Mon Sep 14, 2020 10:23 am
Forum: General
Topic: Blocking Facebook, Tiktok and other websites
Replies: 7
Views: 1447

Re: Blocking Facebook, Tiktok and other websites

That was in 2012 and now 'they' use HTTPS instead of HTTP.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 8