Community discussions

MikroTik App

Search found 2431 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by msatter
Wed Dec 08, 2021 2:48 pm
Forum: Scripting
Topic: Decimals ?
Replies: 8
Views: 4111

Re: Decimals ?

But users can have hope... Myself, I multiply values by a number like 10 or 100 or 1000 etc. and then exectute the calculation. Then I can see number of decimals I defined by the multiplication factor, I defined before. How is this done MTTQ module, there are decimals retrieved from devices are norm...
by msatter
Mon Dec 06, 2021 9:21 pm
Forum: RouterOS v7 BETA
Topic: TWO WIREGUARD INTERFACES WITH SAME PEER!
Replies: 2
Views: 199

Re: TWO WIREGUARD INTERFACES WITH SAME PEER!

Stacking routers could be an option with using different ports. I wished to it could be in done in one router.

The port of the peer is the same but address is different when I look at NordLynx. The multiple clients have the same address but different ports.
by msatter
Mon Dec 06, 2021 8:13 pm
Forum: Scripting
Topic: How to add color to output
Replies: 9
Views: 866

Re: How to add color to output

I did not use tab but wrote the line again, again and again on each letter entered, till it was confirmed with an enter, NEXT line. I had even the option to correct earlier entries with the cursor keys.
by msatter
Mon Dec 06, 2021 7:26 pm
Forum: General
Topic: IPSEC/IKEv2 limit the IPSEC allow rule [SOLVED]
Replies: 8
Views: 294

Re: IPSEC/IKEv2 limit the IPSEC allow rule

This kind of traffic?

It tries to SYNC despite there is not service running on that port. I have this rule in Filter:
add action=drop chain=input connection-state=!established,related dst-port=!xx,xxx,xxx in-interface-list=WAN log=yes log-prefix=NOservices protocol=tcp
by msatter
Mon Dec 06, 2021 6:48 pm
Forum: General
Topic: IPSEC/IKEv2 limit the IPSEC allow rule [SOLVED]
Replies: 8
Views: 294

Re: IPSEC/IKEv2 limit the IPSEC allow rule

VPN traffic is encrypted. If an attacker send you traffic which can't be decrypted by the router. I allow traffic coming from the IP I heve the tunnel up in RAW. I then mark it as no-track and if the encryption has the correct key it will made normal traffic. Sometimes traffic (decrypted) comes in t...
by msatter
Sun Dec 05, 2021 10:59 am
Forum: General
Topic: Winbox - Darkmode - For the love of God, Please. [SOLVED]
Replies: 26
Views: 5080

Re: Winbox - Darkmode - For the love of God, Please. [SOLVED]

I've got dark mode on my phone, dark theme in windows, my terminal windows are all dark, I have chrome extensions, and scripts to force websites that refuse to adapt and evolve to use custom CSS to make them dark... snip.... Blinding screaming hot white light-induced headaches are not a requested n...
by msatter
Fri Dec 03, 2021 5:24 pm
Forum: Scripting
Topic: Is :pick bugged ???
Replies: 6
Views: 332

Re: Is :pick bugged ???

I simplified the output and put a second length-x in to get the correct number returned with a workaround: {... :local drxByteCount "1 234 567 890"; {... :local length [:len $drxByteCount]; {... :put ("drxByteCount variable is of type ".[:typeof $drxByteCount]); {... :put ("...
by msatter
Fri Dec 03, 2021 3:34 pm
Forum: Scripting
Topic: Is :pick bugged ???
Replies: 6
Views: 332

Re: Is :pick bugged ???

You start pick with 0 and I think that should be 1.
by msatter
Thu Dec 02, 2021 9:06 pm
Forum: Announcements
Topic: Newsletter 103
Replies: 25
Views: 6040

Re: Newsletter 103

Image

4x10G to switch chip and 4x10G to CPU. Using then link aggregation.
by msatter
Thu Dec 02, 2021 12:20 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

data len 1492 is normal in mikrotik logs for the lcp echo request & reply with a rfc4638 compliant pppoe. That's also what I see in my logs. ppp-max-payload is 1500 though. And resulting mtu/mru is 1500. I tried several variation but in PPPoE screen the MTU drops to 1492 or when I put in a fixe...
by msatter
Wed Dec 01, 2021 11:54 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

I have 1500 byte MTU on a 4011 with PPPoE connection running over a VLAN on ether1. ether1 has MTU 1592, the VLAN has MTU 1588, the PPPoE is configured with MTU 1500, and remains at that. The SFP+ has MTU 1598 so should be able to do that as well. Remember not all ISPs support it! The fact you can ...
by msatter
Wed Dec 01, 2021 11:31 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

Maybe now Mikrotik van start with device specific fixed already in V6. Like th RB4011 not able to maintain a MTU of 1500 on a PPPoE connection through the SPF interface. It now reaches a MTU 1492. My RB4011 have no problem on PPPoE with MTU 1540 when using the SFP+ port. I use a router-in-a-stick c...
by msatter
Wed Dec 01, 2021 9:43 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

Maybe now Mikrotik van start with device specific fixed already in V6. Like th RB4011 not able to maintain a MTU of 1500 on a PPPoE connection through the SPF interface. It now reaches a MTU 1492.
by msatter
Tue Nov 30, 2021 10:18 pm
Forum: General
Topic: [Let'Encrypt] Allow matched regexp to connect
Replies: 7
Views: 417

Re: [Let'Encrypt] Allow matched regexp to connect

I went also to DNS because then, you only get wildcard.
by msatter
Mon Nov 29, 2021 6:34 pm
Forum: General
Topic: The configuration is not saved
Replies: 1
Views: 195

Re: The configuration is not saved

Here you can see the stored packages: viewtopic.php?t=180675&hilit=package#p893520

How to delete with no space would be difficult.

This is big out-space tread: viewtopic.php?p=824025&hilit=remove+package#p824025
by msatter
Mon Nov 29, 2021 6:29 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

Quickset can have it's use, but limit it then to only unconfigured or only with the default config. If something is changed then you have to confirm twice that wan't use the Quickset config to be applied. In general it seems also to be wise to even request this for unconfigured/default routers. In b...
by msatter
Mon Nov 29, 2021 12:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

In this case quickset did not show a setting that is essential for the workings of a router.
which setting? how can we fix something, if you are so vague?
I wrote that in the next sentence in that posting that just you qouted.
by msatter
Mon Nov 29, 2021 11:57 am
Forum: General
Topic: [Let'Encrypt] Allow matched regexp to connect
Replies: 7
Views: 417

Re: [Let'Encrypt] Allow matched regexp to connect

Not many people know that if you also use IPv6 then you have also populate the IPv6 address-list. Letsencrypt uses outbound servers (only IPv4) to check the challenge: outbound1.letsencrypt.org outbound2.letsencrypt.org https://community.letsencrypt.org/t/whitelist-hostnames-for-certbot-validation/1...
by msatter
Mon Nov 29, 2021 11:07 am
Forum: General
Topic: [Let'Encrypt] Allow matched regexp to connect
Replies: 7
Views: 417

Re: [Let'Encrypt] Allow matched regexp to connect

Why use L7 when the IP addresses are available throught DNS?
by msatter
Mon Nov 29, 2021 10:55 am
Forum: General
Topic: [Let'Encrypt] Allow matched regexp to connect
Replies: 7
Views: 417

Re: [Let'Encrypt] Allow matched regexp to connect

Use an address-list for these domains:

acme-v01.api.letsencrypt.org --> deprecated
acme-staging.api.letsencrypt.org --> deprecated
acme-v02.api.letsencrypt.org
acme-staging-v02.api.letsencrypt.org

https://letsencrypt.status.io/
by msatter
Mon Nov 29, 2021 10:41 am
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

In this case quickset did not show a setting that is essential for the workings of a router. How does a 'Home user' solve it then not knowing how to find the cause of why domains don't work in address-lists and why can't he/she browse the internet. More and more is put behind walls, like the downloa...
by msatter
Sun Nov 28, 2021 12:04 pm
Forum: Beginner Basics
Topic: What does contry "etsy" mean? [SOLVED]
Replies: 5
Views: 645

Re: What does contry "etsy" mean? [SOLVED]

Not always you can (allowed) use a devices in a country. For example the hAP ac²: We have two versions available. - hAP ac²-US (USA) is factory locked for 2412-2462MHz, 5170-5250MHz and 5725-5835MHz frequencies. This lock can not be removed. - hAP ac² (International) supports 2412-2484MHz and 5150MH...
by msatter
Sun Nov 28, 2021 2:06 am
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

I don't agree that the DNS server should set to the same subnet when you change that. I am surprised that on the LTE page DNS is not shown and editable. That is the better way. There are a few other servers that are defined in DHCP, but DNS is extremely important and parts of the router will not fun...
by msatter
Sat Nov 27, 2021 10:42 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

Crossfig converts your 6.x to 7.x and maybe even back to 6.x

As you could read at the beginning of this tread you can load your 6.x backup and Crossfig will convert it to the current version of 7.1rc7.
by msatter
Sat Nov 27, 2021 10:16 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

Do you have by any chance a: *) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;

Crossfig has been improved as you can read in the beginning of this tread.
by msatter
Sat Nov 27, 2021 10:11 pm
Forum: General
Topic: Router unstable with fasttrack on
Replies: 5
Views: 671

Re: Router unstable with fasttrack on

Did you also upgraded the firmware of the router?

Previous versions op ROS can be found here: https://mikrotik.com/download/archive in case you want to downgrade. I think you need the mipsbe type.
by msatter
Sat Nov 27, 2021 12:01 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

Has anyone checked if /routing/bgp/advertisements is implemented on this release?
/routing/bgp/advertisements

Red stands in Terminal for not implemented.
by msatter
Sat Nov 27, 2021 11:56 am
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

On my RB4011 I see RX Drops on all its ports. On the Hex S I manage I don't see any. Both running RC7. What might cause these drops?
I don't see that on my 4011. The SFP port has always a high RX-drop so I won't look at that one.

I have also upgraded the firmware and so had an extra reboot.
by msatter
Sat Nov 27, 2021 1:53 am
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

Was rc7 pulled ?

I could download earlier today but not now (2300 GMT) ?
For which router you tried it? Just downloaded the ARM version without any problem.
https://mikrotik.com/download
by msatter
Fri Nov 26, 2021 9:13 pm
Forum: General
Topic: Protection agains Frag attacks
Replies: 8
Views: 702

Re: Protection agains Frag attacks

Matches fragmented packets. First (starting) fragment does not count. If connection tracking is enabled there will be no fragments as system automatically assembles every packet The first fragment is let through and will sit in connection tracking for a set period = reduce period it will sit in con...
by msatter
Fri Nov 26, 2021 7:48 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

I see the changelog also...however only longterm shows longterm. Stable and testing shows 7rc7.

This on my 4011 and I updated today by placing the update file in files.
by msatter
Fri Nov 26, 2021 7:31 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 62
Views: 3265

Re: socks5 not working in routeros7 !

Kill it, kill it with fire!
What possible use case would one have for socks in 2021? (except winter time).
To hang them from the chimney? To early...
by msatter
Fri Nov 26, 2021 12:16 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 175
Views: 18210

Re: v7.1rc7 [development] is released!

What if Crossfig allowed to import a v6 RSC and write a v7 RSC file in files. Using backup files would require a passwod to be provided.
by msatter
Thu Nov 25, 2021 11:49 pm
Forum: General
Topic: Feature Request: Ed25519 SSH keys
Replies: 18
Views: 6731

Re: Feature Request: Ed25519 SSH keys

I only know the start of the first request and that was more than 5 years ago.
by msatter
Thu Nov 25, 2021 8:47 pm
Forum: RouterOS v7 BETA
Topic: RB5009UG+S+IN SFP+ port not working with version 7.0.5 or 7.1rc6
Replies: 10
Views: 1024

Re: RB5009UG+S+IN SFP+ port not working with version 7.0.5 or 7.1rc6

With going to ROS7 you will lose some fixes that where already implemented in ROS6. The 4011 can't reach a MTU of 1500 over PPPoE under 7 while that was fixed in 6.
Those fixes will be certainly applied also to 7 to but will take a while.
by msatter
Wed Nov 24, 2021 12:35 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 32
Views: 2084

Re: Health readings with v7

The terminal is indeed veeeeeeeeeeery slow. I assume that Mikrotik still have debug/test flag active that slows it that much down.
by msatter
Tue Nov 23, 2021 9:51 pm
Forum: Scripting
Topic: script and json [SOLVED]
Replies: 13
Views: 2420

Re: script and json [SOLVED]

Nice work. Congratulations succeeding in this.
by msatter
Fri Nov 19, 2021 7:38 pm
Forum: Scripting
Topic: Script to keep a NAT rule at top [SOLVED]
Replies: 12
Views: 1783

Re: Script to keep a NAT rule at top [SOLVED]

Add /ip firewall nat print without-paging at the start of the script you have. This will trigger the NAT lines to have number and I don't mean only those you see in Winbox.
by msatter
Wed Nov 17, 2021 8:57 pm
Forum: General
Topic: IPsec ignores connection-mark
Replies: 11
Views: 769

Re: IPsec ignores connection-mark

I never saw a certificate ditrction there: certificate=lets-encrypt-r3.der_0

Put the cerificate in the cerificate store and it will be found. If not found then router will complain.

Roting won't work how Mikrotik implemented it and only if the connection mark matches dynamic ones in NAT.
by msatter
Wed Nov 17, 2021 2:28 pm
Forum: General
Topic: Hide-sensitive shows serial number
Replies: 5
Views: 576

Re: Hide-sensitive shows serial number

Nice of Mikrotik to also provide, if used, the public IP of a router posting here in the forum their serial number. Time to have someone with Mikrotik, to looks at these kind of leaking, vulnerabilities (like last, taking router hostage) from a neutral perspective and advise unasked on this. Now we ...
by msatter
Wed Nov 17, 2021 1:58 pm
Forum: Useful user articles
Topic: tarpit backfiring!
Replies: 2
Views: 452

Re: tarpit backfiring!

A DDoS is not interested in a reply, it just pushes packet in. Drop the packets in RAW or contact you connection provider to mitigate. It could that your provider is watching those packets you send back and mitigate that DDos for you. But a provider to do this this is unknown by me. Then also the pr...
by msatter
Wed Nov 17, 2021 12:58 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 62
Views: 3265

Re: socks5 not working in router os 7 !

You are correct.
by msatter
Wed Nov 17, 2021 12:51 pm
Forum: General
Topic: Hide-sensitive shows serial number
Replies: 5
Views: 576

Hide-sensitive shows serial number

I had just a look at export with hide-sensitive and noticed that the serial number is stated. This can be used to indentify a member here in the forum with other information if present outside this forum. This because, many times in replies to questions, the poster is asked to post an export and thi...
by msatter
Wed Nov 17, 2021 12:32 pm
Forum: RouterOS v7 BETA
Topic: [bug?]Wireguard does work with same interface with many peers
Replies: 6
Views: 829

Re: [bug?]Wireguard does work with same interface with many peers

Have the peers the same public (peer) key?
by msatter
Mon Nov 15, 2021 1:28 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

Look at the 5009, it comes with 7.05. The later versions will have 7.09 as default.
by msatter
Mon Nov 15, 2021 1:13 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

Just an extra, SecureBoot supporting version is sufficient. ROS7.1rc6-SB for example. Edit: ....there is still a chance that, a way is found to activate secure boot. I think it is better that the boot code comes in two versions. ROS should detect if the device supports and so there is only one ROS ...
by msatter
Sun Nov 14, 2021 11:37 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

@XT22 it was suggested to make this a optional package. I suggest to have this for the higher segment. For ISP produce different firmwares that have the protection build-in with also TR-069 build-in. A client of an ISP can't change firmware because of Routerboot and theft is not paying out. ROS-7.x ...
by msatter
Sun Nov 14, 2021 10:55 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

AVM (Fritz!) has implemented the push button a long time ago after setting in routers where made by hackers to call expensive phone numbers abroad. They received the money spend on those calls. They acted swiftly after the it became known that it happened. Now, if you have a phone connected box you ...
by msatter
Fri Nov 12, 2021 10:40 pm
Forum: Scripting
Topic: Script to convert dynamic to static for specfic address list. [SOLVED]
Replies: 9
Views: 1446

Re: Script to convert dynamic to static for specfic address list. [SOLVED]

Suggestion to all, copy limited number of dynamic addresses to temporary list. Then remove the earlier copied dynamic addresses and wait a few seconds for the background refresh. Then rename the temporary adresslist to the original list name and the swap is complete. Code sniplet from from an other ...
by msatter
Fri Nov 12, 2021 5:35 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

in next v6 and v7 versions, protected bootloader function will have to be confirmed with press of a button. Nobody who has your password will be able to set it, if he has no physical access to the device. I want to suggest a extra setting how to enforce. Two possibilities, defined on activation: - ...
by msatter
Fri Nov 12, 2021 5:05 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

No, you need physical acces and access to RouterOS to succesfully change that setting in the future versions of RouterOS. In short, one shot, to set timing and confirm. No confirmation, all protection is blanked and can be set again. On a successfull press button RouterOS should only know that the p...
by msatter
Fri Nov 12, 2021 1:20 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

The huge numbers of evil Mikrotik routers do attacks, every day and those groups even got names.

A chain is as strong as the weakest link and in the past there where many weak links and those are still a pest to us, now and in the far future.
by msatter
Fri Nov 12, 2021 12:44 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

I am a bit irrated by the statement don't blame Mikrotik. Mikrotik had vulnerabilities built in, unintentional , and they only way of those not being used, is not using Mikrotik. That is way building backdoors in, is an invite on time to be hacked/held hostage. So don't do that ever. When introduced...
by msatter
Thu Nov 11, 2021 8:33 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

Bravo, and that after half a bottle Tequila...hIPsssss
by msatter
Thu Nov 11, 2021 12:49 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 50
Views: 28777

Re: Securing your device is important

It a feature that is usefull when it protected against missuse. When you able to reset the router in any case then the feature has become useless. Addition when locking: Lock but able to reset (new), to those who not want to show/edit the config. Hardware theft/reuse is still available Lock and no r...
by msatter
Thu Nov 11, 2021 12:27 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 50
Views: 28777

Re: Securing your device is important

I concur with pe1chl and the less restrictive press button within a minute is easier to accept to users than the my proposal to to press that button after in the just set time. I would also suggest to not be able to set the timespan between start and end-time less than three seconds. And I will repe...
by msatter
Wed Nov 10, 2021 2:18 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

That so one blink every two seconds. For counting the current implementation is perfect.
by msatter
Wed Nov 10, 2021 1:58 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 9071

Re: Mikrotik router Hacked!!!

Has anyone an good idea how to avoid this kind of ransom lockout of router? This reformat protection was introduced as a security factor and is used now to lock out the owner completely. I think this can be avoided to enforce a manual press off the button before the protection is enfcored. My thougt...
by msatter
Tue Nov 09, 2021 12:20 pm
Forum: General
Topic: RB5009 Questions on rackmount kit ? [SOLVED]
Replies: 2
Views: 469

Re: RB5009 Questions on rackmount kit ? [SOLVED]

Looking at the picture you can make short ears and connectors by beaking off/out the parts. If you do that the long ears are destroyed. https://i.mt.lv/cdn/rb_images/2071_l.jpg It looks that there is only one set of ears. It could be that there is simple version included in the box like it is with t...
by msatter
Sat Nov 06, 2021 8:33 pm
Forum: General
Topic: Paste image
Replies: 2
Views: 358

Re: Paste image

Screenshot_20211106_193235.jpg
by msatter
Sat Nov 06, 2021 6:35 pm
Forum: General
Topic: How to drop packets which are not encrypted in IPSec tunnel?
Replies: 3
Views: 512

Re: How to drop packets which are not encrypted in IPSec tunnel?

To build a IPSEC connection you need UDP 500 and 4500. The you could filter traffic from that and encripted traffic is recognised with ipsec-policy=in,ipsec and traffic not being that is not encrypted.

Secondly you can search this forum for "kill swtch"
by msatter
Fri Nov 05, 2021 7:04 pm
Forum: RouterOS v7 BETA
Topic: Defect: Cannot add Wireguard Peers with same key to different WireGuard Interfaces
Replies: 8
Views: 1158

Re: Defect: Cannot add multiple Wirguard Peers on same IP

The keys is indeed a limitation. For example NordVPN has for all servers in the Netherlands, the same key. Germany has two keys, Berlin and Frankfurt.
by msatter
Thu Nov 04, 2021 10:53 pm
Forum: General
Topic: Fasttrack
Replies: 10
Views: 761

Re: Fasttrack

You want something to be tracked that told earlier to untracked. That makes no sense. Connection state notrack is a special case when RAW firewall rules are used to exclude connection from connection tracking. This one rule would make all forwarded traffic bypass the connection tracking engine speed...
by msatter
Thu Nov 04, 2021 9:22 pm
Forum: General
Topic: Fasttrack
Replies: 10
Views: 761

Re: Fasttrack

Almost, also the first est/rel packet is counted. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,...
by msatter
Thu Nov 04, 2021 4:27 pm
Forum: General
Topic: Fasttrack
Replies: 10
Views: 761

Re: Fasttrack

It is the first establised, related and untracked packet in your case of a connection and the packets that go over the slow path.

Untracked does not really fit in a fastracking rule because that can be unproven connections and you are waving it past the rules.
by msatter
Thu Nov 04, 2021 1:56 pm
Forum: General
Topic: Fasttrack
Replies: 10
Views: 761

Re: Fasttrack

Fastracking is available to have higher speeds archievable on the router. Instead of all traffic going through the each rule, returning traffic that is trusted (marked fasttrack) is redirected at entry point, past all rules, directly to the receiver/client. To check if the traffic is still trusted s...
by msatter
Thu Nov 04, 2021 12:03 pm
Forum: General
Topic: Fasttrack
Replies: 10
Views: 761

Re: Fasttrack

The fasttracking rule marks the connection and then it hits the second rule. Now fastracking will fasttrack most of the subsequend packets of that connection.

So equal numbers is here correct. You can see the actual amount of fastracked packets at top of the table in the dummy fasttrack rules.
by msatter
Mon Nov 01, 2021 7:20 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30262

Re: MikroTik RB5009UG+S+IN

If every 5009 have this then it could be a default value to be increased.
by msatter
Sat Oct 30, 2021 9:15 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 64
Views: 35716

Re: WinBox v3.31 released!

holvoetn, jaxed8 Thanks for reply, so it's only feature..I am glade, ufff.. And I have another problem with rb5009, I wrote mikrotik to describe what happening with first port. When I connect internet, the orange led blink for microseconds, or if you plug just a littlebit, it shines oranges..When i...
by msatter
Fri Oct 29, 2021 7:40 pm
Forum: Beginner Basics
Topic: Fasttrack and Fastpath
Replies: 1
Views: 473

Re: Fasttrack and Fastpath

No, and no. It needs Fastpath but the status and numbers are not active. If you disable fastpath then fasttrack is also disabled.
by msatter
Thu Oct 28, 2021 1:27 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc5 [development] is released!
Replies: 167
Views: 26707

Re: v7.1rc5 [development] is released!

*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu; still Dst.Address in mine This is indeed a incorrect description. What happened is that the second Dst. Address in the list is being renamed to Route Dst. With V7.1RC the Dst.-Address w...
by msatter
Thu Oct 28, 2021 1:11 pm
Forum: General
Topic: How does AutoMTU work for VPN tunnels?
Replies: 5
Views: 1566

Re: How does AutoMTU work for VPN tunnels?

That was indeed a ordeal. I noticed that in the first posting also the AC2 also suffered to a lower MTU.

Does it means that all ARM32 have this problem?
by msatter
Wed Oct 27, 2021 3:30 pm
Forum: General
Topic: IPSEC performance problem
Replies: 17
Views: 4114

Re: IPSEC performance problem

I use multiple streams to obtain maximum results.With Wireguard available this not needed anymore and I get great performance out of the box (RB4011). An UDP tunnel is the best way to encapsulate traffic, any traffic. Inside the tunnel TCP can do it's work as normal. Non tunneled encrypted traffic h...
by msatter
Mon Oct 25, 2021 12:21 pm
Forum: General
Topic: ...in search of the truth ...
Replies: 1
Views: 395

Re: ...in search of the truth ...

And an other elephant in the room: John Tully, CEO of MikroTik comments: “Our collaboration with Facebook will bring more 60 GHz technologies to market, increasing broadband penetration and enabling operators to reduce their costs for last mile access. The Terragraph cloud controller and architectur...
by msatter
Mon Oct 25, 2021 12:08 pm
Forum: General
Topic: Those pesky IoT devices [Tool]
Replies: 0
Views: 456

Those pesky IoT devices [Tool]

What is SPIN (Dutch for spider)? SPIN stands for Security and Privacy for In-home Networks, it is a traffic visualization tool and analysis tool intended to help protect the home network with an eye on the Internet of Things devices and the security problems they might bring. SPIN is the project at...
by msatter
Thu Oct 21, 2021 8:00 pm
Forum: Beginner Basics
Topic: Replace IP address to destination in local network
Replies: 2
Views: 476

Re: Replace IP address to destination in local network

Devices in the same network (/24) communicate directly with each other without, using the router.
by msatter
Tue Oct 19, 2021 4:29 pm
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

Just one more shot. Going back to you first posting: 0 chain=forward action=mark-connection new-connection-mark=MARK passthrough=yes protocol=tcp log=yes log-prefix="MANGLE_MARK_IPSEC_OUT" ipsec-policy=out,ipsec 1 chain=forward action=mark-connection new-connection-mark=MARK passthrough=ye...
by msatter
Tue Oct 19, 2021 2:44 pm
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

Outgoing is when it is known that it is ipsec:out traffic. And that is not possible in Mangle or an other location.

You can use your connection mark for that but you say that does not work.
by msatter
Tue Oct 19, 2021 2:24 pm
Forum: General
Topic: Blocking Blogspot.com ? [SOLVED]
Replies: 17
Views: 1010

Re: Blocking Blogspot.com ? [SOLVED]

Look at DNS filters like Pi-hole.
by msatter
Tue Oct 19, 2021 1:09 pm
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

After processing comes SRC-NAT for outgoing traffic. Update on my previous posting. Maybe you are looking for this. Returning ipsec (unencrypted) traffic setting PMTU chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=no tcp-flags=syn,ack protocol=tcp log=no log-prefix="MSS"...
by msatter
Tue Oct 19, 2021 12:54 pm
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

https://help.mikrotik.com/docs/download/attachments/328227/02d_ipsec_encryption.png?version=1&modificationDate=1570628991706&api=v2 IPSec Policies Let's take a look at another tunnel type - IPSec. This type of VPN does not have logical interfaces but is processed in a similar manner. Instea...
by msatter
Tue Oct 19, 2021 2:59 am
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

So if PMTU is working for you then you can go to the next level and that is to transfer the ICMP 3-4 to the clients and so no need to do anything about the MTU in Mangle and worry about NAT. This is done in IPSEC Policies and this a script to add the needed line. /ip ipsec policy move *ffffff destin...
by msatter
Tue Oct 19, 2021 2:39 am
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

Mode configuration is there to be able to create the dynamic NAT lines. You can use src-address or connection marking or combine those two. I refined my own MSS line and ended up with doing that in Forward, as I wrote about. This avoids the ipsec:out:none. You want to MSS traffic going into the tunn...
by msatter
Tue Oct 19, 2021 2:01 am
Forum: General
Topic: Questions on Wiki's PCC page
Replies: 1
Views: 287

Re: Questions on Wiki's PCC page

With connection marking you mark the connection. Apply it only to new connections. Then looking at second example. !local means addresses not belonging to the router and no-mark all unmarked traffic. All traffic outgoing is here going to be marked, not yet marked traffic is then also New traffic. Es...
by msatter
Tue Oct 19, 2021 12:23 am
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

I looked at it again, and the manual is always correct. Avoid having to look if a packet is already encoded, is not using Postrouting. Your IKEv2 to VPN provider: chain=forward action=change-mss new-mss=1382 passthrough=no tcp-flags=syn protocol=tcp passthrough=no connection-mark=Mark tcp-mss=1383-6...
by msatter
Mon Oct 18, 2021 5:42 pm
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

Once it is natted you can't do mucht more, see Postrouting marked 4: https://help.mikrotik.com/docs/download/attachments/328227/02a_routing_forward_chains.png?version=1&modificationDate=1570627984173&api=v2 SRC-NAT is after Postrouting so you have do the MSS stuff before that.Postrouting the...
by msatter
Mon Oct 18, 2021 2:27 pm
Forum: General
Topic: mangle on IPsec policy out
Replies: 17
Views: 1039

Re: mangle on IPsec policy out

Have a read overhere on that: https://forum.mikrotik.com/viewtopic.php?f=23&t=169273 My contribution: https://forum.mikrotik.com/viewtopic.php?f=23&t=169273#p836389 usin IPSEC Policies. Look where Forward is the flow, before deciding of IPSEC out. So policy is not set then. https://help.mikr...
by msatter
Thu Oct 14, 2021 8:22 pm
Forum: RouterOS v7 BETA
Topic: Running Adguard on RB4011 / disk wear
Replies: 3
Views: 1718

Re: Running Adguard on RB4011 / disk wear

The 4011 does also cache writes 30 seconds, before writing them through to flash.
by msatter
Thu Oct 14, 2021 12:56 am
Forum: General
Topic: Special Character Support
Replies: 3
Views: 539

Re: Special Character Support

Sometimes you have also to escape the escape. Try \\$ From the manual: https://help.mikrotik.com/docs/display/ROS/User#User-RouterUsers name (string; Default: ) User name. Although it must start with an alphanumeric character, it may contain "*", "_", "." and "@&qu...
by msatter
Wed Oct 13, 2021 11:13 pm
Forum: RouterBOARD hardware
Topic: RB5009 ethernet port LED lights [SOLVED]
Replies: 4
Views: 2082

Re: RB5009 ethernet port LED lights [SOLVED]

In two months we can buy that route overhere...if you have time? ;-) I pointed to that tread because it is the tread about the 5009 and there was an unamed and named person who was asking the same. So two rare routers with the same behavior might be an indication that it could be designed that way. ...
by msatter
Wed Oct 13, 2021 9:51 pm
Forum: General
Topic: Output Chain - set source-IP
Replies: 1
Views: 333

Re: Output Chain - set source-IP

Try using postrouting in Mangle instead of output.

https://help.mikrotik.com/docs/display/ ... rOS-Output
by msatter
Wed Oct 13, 2021 12:57 pm
Forum: Beginner Basics
Topic: What does LED on Ether port mean on RB5009 [SOLVED]
Replies: 2
Views: 978

Re: What does LED on Ether port mean on RB5009 [SOLVED]

I am not allowed to post there anymore but you could.

viewtopic.php?t=177008#p885420
by msatter
Wed Oct 13, 2021 12:24 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30262

Re: MikroTik RB5009UG+S+IN

OK, I won't here anymore.

TWO.
by msatter
Tue Oct 12, 2021 11:13 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30262

Re: MikroTik RB5009UG+S+IN

This the first time I read a router to be refered to as "phallic". I don't judge you, on get where your kicks.

Warning: adult content: https://en.wikipedia.org/wiki/Phallus
by msatter
Mon Oct 11, 2021 11:19 pm
Forum: General
Topic: Is 6.49 buggy? [SOLVED]
Replies: 7
Views: 1640

Re: Is 6.49 buggy? [SOLVED]

To downgrade you have to also use the downgrade button...I think that is under system - packages.

First make an export and a backup and store those files on a other device.
by msatter
Thu Oct 07, 2021 2:34 pm
Forum: General
Topic: badhosts blocking
Replies: 3
Views: 500

Re: badhosts blocking

by msatter
Thu Oct 07, 2021 2:33 pm
Forum: General
Topic: badhosts blocking
Replies: 3
Views: 500

Re: badhosts blocking

Try starting here: viewtopic.php?p=879181
by msatter
Wed Oct 06, 2021 11:43 pm
Forum: Scripting
Topic: Regex for Numeric Range [SOLVED]
Replies: 5
Views: 1708

Re: Regex for Numeric Range [SOLVED]

Thanks for coming back on this and it is a nice solution you got.
by msatter
Wed Oct 06, 2021 1:56 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 216
Views: 51906

Re: RB4011 and RB1100 AHx4 "bricks" randomly

One of our multiple in the field rb4011 just locked today after about 80days uptime. Mikrotik support are you reading our posts??? do you work to find a f****$ fix? You cant pretend being serious when you leave us alone with this problem. We are running professional network with weak devices such a...
by msatter
Wed Oct 06, 2021 1:41 pm
Forum: RouterBOARD hardware
Topic: RB5009 support
Replies: 17
Views: 3737

Re: RB5009 support

Sorry Normis, the update checker is not mistaken, it Mikrotik who is just sloppy.

I stated this before and it was ignored, as useal.
This I get when click on the RouterOS current release download button on the RB5009 page.

Screenshot_20211006_123556.jpg
by msatter
Mon Oct 04, 2021 10:49 pm
Forum: RouterOS v7 BETA
Topic: Periodic crashes in 7.1rc4
Replies: 25
Views: 3087

Re: Periodic crashes in 7.1rc4

I have the same problem that Netinstall statred but does continue. Have you tried to run it as Administrator on Win10.

I solved the my 4011 being unusable with RC4 was to go back to 6.48.4 and fromntherecupgrade to v7RC4. It running smoothly now.
by msatter
Mon Oct 04, 2021 10:06 pm
Forum: RouterOS v7 BETA
Topic: Periodic crashes in 7.1rc4
Replies: 25
Views: 3087

Re: Periodic crashes in 7.1rc4

That four looks to a pivotal point here. The crashes are about fours apart and your last time set also went back four hours. Then maybe the updating of the time triggered the crashes of TS.
by msatter
Mon Oct 04, 2021 12:53 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 64
Views: 35716

Re: WinBox v3.31 released!

Many MANY thanks: *) made Ctrl+C and Enter right after text selection in "Terminal" window work as copy to clipboard; *) made Ctrl+V work as paste from clipboard; One thing, when I use Ctrl+c it generates an automatic "carriage return" in Terminal . Not handy when you are copying...
by msatter
Sun Oct 03, 2021 7:36 pm
Forum: RouterOS v7 BETA
Topic: Periodic crashes in 7.1rc4
Replies: 25
Views: 3087

Re: Periodic crashes in 7.1rc4

When reboot it will always sync just as when it crashes. The difference is that on a reboot the time is not that far apart, this because of when you reboot the time is written. On a hard crash the current time is not written and is much more in the past. I assume Mirotik left this kind of 'canary' i...
by msatter
Sun Oct 03, 2021 5:02 pm
Forum: RouterOS v7 BETA
Topic: Periodic crashes in 7.1rc4
Replies: 25
Views: 3087

Re: Periodic crashes in 7.1rc4

After an reboot I have a warning in Terminal that the time has been adjusted by the NTP-client. Normal on a reboot the that is 1970-01-01 00:00 and that was on v6. V7 could just like a RaspberryPI save the last know date and time when doing a reboot and use that as start from time. However if you bo...
by msatter
Tue Sep 28, 2021 11:42 am
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

I've asked support for the "stable" rOS, the reply was that the rc4 was more stable than the 7.0.5(it seems that it is not that stable) that came with it. but I haven't got any bugs with it for now. Hi, Thank you so much..They didn't say that to me.. I ask, is this a normal version only r...
by msatter
Tue Sep 28, 2021 11:17 am
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

Hello, I am new here...I have a question, how can I get FW from my routerboard RB5009? Because from support I don't have any answer, what I want. They only told me, so I can download via downloads from mikrotik.. In rourerboard is v7 stable. But if I reinstall to 7rc4, there is no chance to turn ba...
by msatter
Mon Sep 27, 2021 11:42 am
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

msatter , please clarfiy. It was a simple reboot on an already installed rc4 device or an upgrade from previous versions? It was an upgrade to v7RC4 that is running now for some time and was rebooted at least 10 times before over that period. The config was coming from 6.48.4 when it was upgraded t...
by msatter
Mon Sep 27, 2021 2:13 am
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

Darn! After a reboot I lost about 5000 of my 22000 address-list entries. Good that I had a reasonable recent export so I could restore more than 99%. The router is a 4011.
by msatter
Fri Sep 24, 2021 1:05 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 9378

Re: v6.49rc [testing] is released!

I know it's hard to believe, but we do test versions before release. Sometimes for weeks. Both by using them and also in automated tests. I certainly believe that, however this slipped through for several if not all versions of the current Beta. It is like upgrading the firmware of your Tesla for m...
by msatter
Fri Sep 24, 2021 11:45 am
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 9378

Re: v6.49rc [testing] is released!

Good to see that the restore of backups is possible again. A very important function when updating to a next version. I hope that this will be also tested by Mikrotik self, each time a Beta/RC/incremental/main release is made. Not leaving that over to the users, who then are not pleased to go, the l...
by msatter
Fri Sep 24, 2021 12:00 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30262

Re: MikroTik RB5009UG+S+IN

Did anyone test Wireguard performance with the RB4011?
I am not disapointed with WireGuard performance and it comparable to to IKEv2 for which the 4011 has hardware support.
The 5009 on this, is still standing out.
by msatter
Thu Sep 23, 2021 1:07 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 180
Views: 58019

Re: v6.49beta [testing] is released!

Only by restoring you can see that. If the changed rules are still there, the restore did not work.
However, everytime you have the risk that you don't have a config anymore or even worse. Then it wise alway make also an export for manual restoring.
by msatter
Thu Sep 23, 2021 11:08 am
Forum: General
Topic: NordLynx information (NordVPN)
Replies: 1
Views: 754

Re: NordLynx information (NordVPN)

I am thinking about a script that does the following: It checks in connections if there is a incoming connection (timeout/keep alive) with SRC port 51820 because the user has just severed the connection on the client (Linux/Windows). Then grab the DST port and put in the WG profile under listening p...
by msatter
Thu Sep 23, 2021 10:28 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 180
Views: 58019

Re: v6.49beta [testing] is released!

I am told that Mikrotik is still working on it and making a backup of your config is still broken because the generated restore files unusable.
by msatter
Thu Sep 23, 2021 1:26 am
Forum: Beginner Basics
Topic: Issue with HiSense aircon
Replies: 8
Views: 1222

Re: Issue with HiSense aircon

A related note: ports open, from inside to the outside.
by msatter
Wed Sep 22, 2021 9:01 pm
Forum: General
Topic: NordLynx information (NordVPN)
Replies: 1
Views: 754

NordLynx information (NordVPN)

Since a while we have IKEv2 connecting to working fine with different VPN providers and the new kid on the block is WireGuard what named NordLynx by NordVPN. They are using a double NAT to obfuscate your IP address. So far so good. Thanks to this posting and the following postings I also got it work...
by msatter
Tue Sep 21, 2021 3:24 pm
Forum: Scripting
Topic: [Project] SMART configuration export/import
Replies: 3
Views: 1285

Re: [Project] SMART configuration export/import

Got a final answer from support and they can't help more than they already did. Support points to the list of consultants with whivh I can get premium sopport. With help op support I already managed to extract a partial structure, from default config. A complete export is to big to fit in an array s...
by msatter
Tue Sep 21, 2021 2:47 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

Crossfig converted my Mangle route rules wrong.

In the converted rule, the target IP was changed to the gateway IP of the target router. The target router was asking himself where the traffic then should be directed.

This was traffic incoming from the outside.
by msatter
Tue Sep 21, 2021 12:07 am
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

I have a higher MTU on the SFP, PPPoE won't go further than 1492. Even 1501 byte pings do not pass through. Is this working on your side? I did not manage to get any pings through the SFP or through the VLAN in front of it. The packetsize (not fragemented) I can send is 1492 and added is 8 for PPPo...
by msatter
Mon Sep 20, 2021 10:38 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

MTU >1500 on RB4011 SFP+ port still not fixed.
I have a higher MTU on the SFP, PPPoE won't go further than 1492.
by msatter
Mon Sep 20, 2021 8:02 pm
Forum: Scripting
Topic: Fetch json
Replies: 7
Views: 1421

Re: Fetch json

by msatter
Mon Sep 20, 2021 5:01 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 47166

Re: v7.1rc4 [development] is released!

On RC7 my IKEv2 connection to my VPN providers keeps working and it look that I can stay for a while on v7 now. On two routes a automatic ECMP is created while that is not intention and finding the off switch for that is unknown to me. It seems that everything a /24 range is seen as so. Scripting is...
by msatter
Mon Sep 20, 2021 4:13 pm
Forum: Scripting
Topic: Changed scripting coding between V6 and v7
Replies: 2
Views: 1118

Changed scripting coding between V6 and v7

Here we can put the differences in scripting between v6 an v7 so if there thing not working anymore you can take a peek here if it already know. It saves a lot of keyboard from breakage by hitting with them on the monitor....flatscreen. Please no discussions and just state the changes like underneat...
by msatter
Mon Sep 20, 2021 11:24 am
Forum: Scripting
Topic: Script to change NordVPN server address [SOLVED]
Replies: 9
Views: 1659

Re: Script to change NordVPN server address [SOLVED]

And that optimized not tested on your script: { :local newname :local data ([/tool fetch http-header-field="User-Agent: Mozilla/4.0" "https://api.nordvpn.com/v1/servers/recommendations\?limit=2" output=user as-value ]->"data") :do { :local valname "hostname" :...
by msatter
Mon Sep 20, 2021 1:52 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 25217

Re: v7.1rc3 [development] is released!

Strange and very slow/long paste code to terminal:

lVv7Gux1a1.gif
I had the pleasure to see that going on for 20 minutes for one script before I could press enter twice.
by msatter
Mon Sep 20, 2021 1:43 am
Forum: Scripting
Topic: Script to change NordVPN server address [SOLVED]
Replies: 9
Views: 1659

Re: Script to change NordVPN server address [SOLVED]

You past it into a terminal and the press enter twice. It needs DNS and port 443.
by msatter
Mon Sep 20, 2021 1:10 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 25217

Re: v7.1rc3 [development] is released!

Good news, I managed to install a working version of v7RC3 on my 4011. After some problems it worked till the Address-list went berserk. This is an old problem, of not obeying the TTL. V6 obeys an external TTL in of 30 seconds and it counts from 30 to 27 and then it renews. In v7 the TTL displayed i...
by msatter
Mon Sep 20, 2021 12:53 am
Forum: Scripting
Topic: Script to change NordVPN server address [SOLVED]
Replies: 9
Views: 1659

Re: Script to change NordVPN server address [SOLVED]

Not tested but you get intention: { :local update do={ :local dataNordVPN :local data $dataNordVPN :do { :put "Reading and displaying from the JSON file, the values for the $valname field:" :while ([:len $data]!=0) do={ :set $fieldname ($valname."\":\"") :set $delimiter...
by msatter
Mon Sep 20, 2021 12:00 am
Forum: Scripting
Topic: Script to change NordVPN server address [SOLVED]
Replies: 9
Views: 1659

Re: Script to change NordVPN server address [SOLVED]

A small contribution: { :local update do={ :global dataNordVPN :local data $dataNordVPN :do { :put "Reading and displaying from the JSON file, the values for the $valname field:" :while ([:len $data]!=0) do={ :set $fieldname ($valname."\":\"") :set $delimiter "\&qu...
by msatter
Sun Sep 19, 2021 2:40 pm
Forum: Useful user articles
Topic: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)
Replies: 62
Views: 19435

Re: NordVPN (IPSEC/IKEv2) + killswitch (For ROS6)

If you don't use router marking then you could use that, as marker to kill of traffic that is escaping the VPN dynamic SRC-NAT while VPN is being initiated or just have been terminated. I even use one line for SRC-NAT and one for DST-NAT: add action=src-nat chain=srcnat routing-mark=Leak-IKEV to-add...
by msatter
Sun Sep 19, 2021 2:29 pm
Forum: Beginner Basics
Topic: NordVpn extremely slow
Replies: 12
Views: 2240

Re: NordVpn extremely slow

Noone mentioned my guide? https://forum.mikrotik.com/viewtopic.php?f=23&t=169273 The only reason why NordVPN could be slow is because MSS/MTU size issues. All mentioned in the guide. I would have done. However the cause is solely with NordVPN that have some servers of them not sending through I...
by msatter
Sat Sep 18, 2021 2:12 pm
Forum: General
Topic: IPSEC-related configuration of /ip firewall filter input chain
Replies: 3
Views: 481

Re: IPSEC-related configuration of /ip firewall filter input chain

I am not an expert on this but mentioning dynamic rule generation remembered me of this: However, this can add significant load to router's CPU if there is a fair amount of tunnels and significant traffic on each tunnel. Solution is to use IP/Firewall/Raw to bypass connection tracking, that way elim...
by msatter
Wed Sep 15, 2021 12:42 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 63
Views: 51061

Re: Mēris botnet information

I have a firewall on Windows that only allow Winbox to use those ports. If they managed to install a infected version of Winbox the firewall will first ask if I want to allow traffic. This because Winbox itself has changed.

I don't have this kind of protection on Android or IOS.
by msatter
Tue Sep 14, 2021 7:29 pm
Forum: Beginner Basics
Topic: NordVpn extremely slow
Replies: 12
Views: 2240

Re: NordVpn extremely slow

Have fun with the working VPN and let's hope NordVPN will fix it soon and the line can be deactivated again.
by msatter
Tue Sep 14, 2021 12:07 pm
Forum: Beginner Basics
Topic: NordVpn extremely slow
Replies: 12
Views: 2240

Re: NordVpn extremely slow

This posdible when use option 2 of the setup. I don't know if you point traffic to NordVPN based on IP address or connection mark. https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS#Option_2:_Accessing_certain_addresses_over_the_tunnel You can also see if and what connection mark ...
by msatter
Mon Sep 13, 2021 11:40 pm
Forum: Beginner Basics
Topic: NordVpn extremely slow
Replies: 12
Views: 2240

Re: NordVpn extremely slow

I mentioned this and NordVPN did come to me on this. https://forum.mikrotik.com/viewtopic.php?f=2&t=178150&p=877112 I have set to new-mss=1372 but you might start at 1232 and increase from there. The line in /ip ipsec policy normally catches all ICMP 3-4 and convey them to the correct client...
by msatter
Mon Sep 13, 2021 9:41 pm
Forum: Beginner Basics
Topic: NordVpn extremely slow
Replies: 12
Views: 2240

Re: NordVpn extremely slow

Fastrack should be of and just first check by just disbling all fasttraking. NordVPN has troubles with sending back ICMP 3-4 on some servers and the this won't help but always good to have. https://forum.mikrotik.com/viewtopic.php?f=2&t=154449&p=858086 You can set the MTU manually but my mon...
by msatter
Sun Sep 12, 2021 11:51 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 63
Views: 51061

Re: Mēris botnet information

Cybercrime IP Feeds by FireHOL exploits HUNDREDS of lists ... IMO its the most comprehensive system built which is why I use them for MOAB. The code you have been working on would benefit the MikroTik community greatly [and put MOAB out of business] if you adapted the code to exploits the lists tha...
by msatter
Sun Sep 12, 2021 12:03 am
Forum: Announcements
Topic: Mēris botnet information
Replies: 63
Views: 51061

Re: Mēris botnet information

Hahahahaha, I love the HTTP Range header hack! But I think you will agree that it is brittle: it is not guaranteed that the server won't change the file in between your 64K chunk requests and make the internal state of your script inconsistent. There is indeed a delay between the read chunks. The s...
by msatter
Sat Sep 11, 2021 11:09 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 63
Views: 51061

Re: Mēris botnet information

Speaking of the latter point: keeping up to date IP lists is harder than it needs to be. For example, MikroTik script limits file access to 4 kilobytes , and while there is a workaround to load IP lists up to 63K , it leaves little room for growth if your IP lists have comments. Is there a better w...
by msatter
Sat Sep 11, 2021 9:46 pm
Forum: General
Topic: PureVPN Protocol-discontinuation, Mikrotik router useless?!
Replies: 21
Views: 1364

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Stubborn. If i were PureVPN I'd just give you the money back. And you can go choose another VPN provider that deprecates SSTP soon, let them deal with you. I've been using PureVPN for many many many years.... and like I said, I'm sitting with a fresh 5yr account that I bought like last year or some...
by msatter
Sat Sep 11, 2021 8:39 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 63
Views: 51061

Re: Mēris botnet information

Second posting here.
by msatter
Sat Sep 11, 2021 8:31 pm
Forum: General
Topic: PureVPN Protocol-discontinuation, Mikrotik router useless?!
Replies: 21
Views: 1364

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

IKEv2 should be possible on a Mikrotik if they bothered to state what authentication, encryption and hash algorithms they support for IKEv2. IKEv2 works fine and they use LetsEncrypt certificates: DST Root CA X3 (LetsEncryptX3.crt) and USERTrustRSACertificationAuthority.crt Comodo-root.crt https://...
by msatter
Sat Sep 11, 2021 8:25 pm
Forum: General
Topic: PureVPN Protocol-discontinuation, Mikrotik router useless?!
Replies: 21
Views: 1364

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

You are owning one of the shittiest VPNs now and crying that Mikrotik doesn't support specific VPN protocol? How about NordVPN/Surfshark? They do support lots of them, including OpenVPN TCP and IPSEC/IKE2 which works incredibly well and there is a guide too. https://forum.mikrotik.com/viewtopic.php...
by msatter
Sat Sep 11, 2021 8:17 pm
Forum: General
Topic: PureVPN Protocol-discontinuation, Mikrotik router useless?!
Replies: 21
Views: 1364

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

I would not support anyone using Surfshark. They tried to be Woke and canceled their advertisments with And Ngô based on what one person was telling. It was all a lie.

https://mobile.twitter.com/laralogan/st ... 3994076162
by msatter
Sat Sep 11, 2021 2:43 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

A big "Thank you!" towards all contributors!
Especially to profinet who thought of combining the two scripts to create this "Frankenstein".
by msatter
Sat Sep 11, 2021 11:00 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

A new version and I think this is more or less complete now. I have also added a short explanation at the end what all the parameters do. Update: During import is checked if the source file has changed in size and if so the import is retried after a 2 minutes wait. If no successfull import was possi...
by msatter
Fri Sep 10, 2021 3:49 pm
Forum: General
Topic: When is 6.49 going to be released?
Replies: 16
Views: 1352

Re: When is 6.49 going to be released?

Hmmm .. you can't downgrade from 6.49betaX to 6.48.4 without netinstalling device? And you can't get (at least most of) config exported to text file? If answer to both is NO, then I'm surprised. Don't get me wrong, I didn't say that 6.49 is a dead-end, only MT can declare such thing. I was just say...
by msatter
Fri Sep 10, 2021 3:48 pm
Forum: General
Topic: When is 6.49 going to be released?
Replies: 16
Views: 1352

Re: When is 6.49 going to be released?

If 6.49 is declared a dead-end I am in trouble, because I can't go back to 6.48 due to no working backup available in 6.49 and not forward to v7 because the config coversion is not on the radar. If you can't get out of it, then you shouldn't have gone in to it in the first place. If it's that impor...
by msatter
Fri Sep 10, 2021 12:31 pm
Forum: General
Topic: When is 6.49 going to be released?
Replies: 16
Views: 1352

Re: When is 6.49 going to be released?

If 6.49 is declared a dead-end I am in trouble, because I can't go back to 6.48 due to no working backup available in 6.49 and not forward to v7 because the config coversion is not on the radar.
by msatter
Fri Sep 10, 2021 9:59 am
Forum: General
Topic: Error connecting Mikrotik hex RB750Gr3 via Winbox
Replies: 3
Views: 474

Re: Error connecting Mikrotik hex RB750Gr3 via Winbox

Which version of RouterOS have you installed on the device? For newer versions you need also a newer version of Winbox.
by msatter
Fri Sep 10, 2021 9:57 am
Forum: General
Topic: When is 6.49 going to be released?
Replies: 16
Views: 1352

Re: When is 6.49 going to be released?

I assume a version that is already six months in development should be somehow stable and certainly, not have the most important part in testing being broken. This is the next release in v6 and instructions for updating to v7 did not include the notice to only update from version 6.48. In the beta M...
by msatter
Thu Sep 09, 2021 8:48 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 8297

Re: WinBox v3.30 released!

Many MANY thanks: *) made Ctrl+C and Enter right after text selection in "Terminal" window work as copy to clipboard; *) made Ctrl+V work as paste from clipboard; One thing, when I use Ctrl+c it generates an automatic "carriage return" in Terminal . Not handy when you are copying...
by msatter
Thu Sep 09, 2021 8:38 pm
Forum: General
Topic: Locked myself out
Replies: 2
Views: 313

Re: Locked myself out

Just use neighbors.
by msatter
Thu Sep 09, 2021 4:44 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

[Auto find delimiter] Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I have implemented the determination of the delimiter. This should make the import script more flexible and no need anymore to specify the different delimiters for each list. A version that also recognizes what kind of format is used, IPv4/IPv4 with range/domain names/IPv6. A list can then only cont...
by msatter
Thu Sep 09, 2021 4:00 pm
Forum: General
Topic: When is 6.49 going to be released?
Replies: 16
Views: 1352

Re: When is 6.49 going to be released?

Sorry, backup is broken in 6.49beta. THAT IS A BIG THING!!!

v7 Is for me a thing I can't try without BIG risks because I can't go back v6 without having to take a troublesome road of manually restoring the export.
by msatter
Thu Sep 09, 2021 11:26 am
Forum: General
Topic: RB5009 IPSec Performance
Replies: 20
Views: 3962

Re: RB5009 IPSec Performance

We know! It's just an informative post for people to give an indication what can be expected from this model in terms of ipsec (software) performance. It's not a rant against Mikrotik or the product itself. I still think it's a good choice for a Homelab Router. What's new in 7.1rc3 (2021-Sep-08 13:...
by msatter
Thu Sep 09, 2021 11:21 am
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 42937

Re: v6.48.4 [stable] is released!

Strange that this version is offered as default version to install on v7 only devices!

https://mikrotik.com/product/rb5009ug_s ... -downloads
by msatter
Thu Sep 09, 2021 2:11 am
Forum: General
Topic: hEX en ports all slaves but en1 & 2, how to send to freedom? [SOLVED]
Replies: 10
Views: 840

Re: hEX en ports all slaves but en1 & 2, how to send to freedom? [SOLVED]

Slavery was abolished a long time ago. Please take measured steps to modernise your equipment.
by msatter
Thu Sep 09, 2021 12:07 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 25217

Re: v7.1rc3 [development] is released!

The problem different. Under v6 you could restart the SFP and it would allow an higher MTU. Now it appears you can't increase the MTU higer than 1500 and so the PPPoE has to git in that MTU by using a lower MTU than 1500. If you set a higher MTU is that displayed in v7? And if so try it with restar...
by msatter
Wed Sep 08, 2021 11:55 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 25217

Re: v7.1rc3 [development] is released!

I think Mikrotik has significant problems with development "scope creep". They need to focus on releasing a stable version of 7.1 without introducing new features to troubleshoot. Just get 7.1 working with routing protocols, firewalls, NAT, IPSec VPN, PPPoE, traffic shaping, etc. The core...
by msatter
Wed Sep 08, 2021 11:47 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 25217

Re: v7.1rc3 [development] is released!

In case someone still doesn't understand the problem. I won't bother with downgrading to 6.x for some nice copy/paste comparison, so you'll just need to trust me on the fact, that this will work perfectly on 6.x - but you (mikrotik) yourself confirmed, that you've repeated the problem on your side,...
by msatter
Wed Sep 08, 2021 11:39 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 25217

Re: v7.1rc3 [development] is released!

I would like to invoke @msatter for our obligatory PPPoE / SFP+ MTU > 1500 on RB4011 test :P I assume it's still broken unless it's covered under " *) other minor fixes and improvements;" Would test myself but I just started my workday and can't mess up my Internet right now :D It's still...
by msatter
Wed Sep 08, 2021 8:35 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 25217

Re: v7.1rc3 [development] is released!

I would like to invoke @msatter for our obligatory PPPoE / SFP+ MTU > 1500 on RB4011 test :P I assume it's still broken unless it's covered under " *) other minor fixes and improvements;" Would test myself but I just started my workday and can't mess up my Internet right now :D I can't te...
by msatter
Wed Sep 08, 2021 12:45 pm
Forum: Announcements
Topic: MikroTik cloud is back online
Replies: 25
Views: 5099

Re: MikroTik cloud is back online

A freeman addicted to a cloud....
by msatter
Wed Sep 08, 2021 12:24 am
Forum: General
Topic: Damaged wireless@ package: bad image(6) [SOLVED]
Replies: 6
Views: 1627

Re: Damaged wireless@ package: bad image(6) [SOLVED]

As you can read your screen captures (4) you are out of disk space.

Why do you download all packages? Only add the ones you need and according to you you need wireless.
by msatter
Tue Sep 07, 2021 7:55 pm
Forum: Announcements
Topic: MikroTik cloud is back online
Replies: 25
Views: 5099

Re: MikroTik cloud is back online

And please don't use twitter as sole communication method.
by msatter
Tue Sep 07, 2021 6:27 pm
Forum: General
Topic: IP CLOUD Down [SOLVED]
Replies: 5
Views: 781

Re: IP CLOUD Down [SOLVED]

I did not see any angry responses.....o, I see now why. ;-)
by msatter
Tue Sep 07, 2021 4:31 pm
Forum: General
Topic: Mikrotik Cloud mynetname.net suspended
Replies: 3
Views: 580

Re: Mikrotik Cloud mynetname.net suspended

Only twitter knows.
by msatter
Tue Sep 07, 2021 4:30 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

They just look like two brains. One smart walnut.
by msatter
Tue Sep 07, 2021 4:27 pm
Forum: General
Topic: IT SEEMS LIKE THE CLOUD is not working
Replies: 3
Views: 538

Re: IT SEEMS LIKE THE CLOUD is not working

Cloud what?
by msatter
Tue Sep 07, 2021 1:44 pm
Forum: General
Topic: mynetname.net is suspended
Replies: 79
Views: 23616

Re: mynetname.net is suspended

Klembord = clipboard.
by msatter
Tue Sep 07, 2021 12:54 pm
Forum: General
Topic: sn.mynetname.net not resolve from others DNS
Replies: 4
Views: 1506

Re: sn.mynetname.net not resolve from others DNS

Must be popular to use.
by msatter
Sun Sep 05, 2021 7:03 pm
Forum: RouterOS v7 BETA
Topic: Howto use Let's Encrypt command on 7.1rc2?
Replies: 6
Views: 1705

Re: Howto use Let's Encrypt command on 7.1rc2?

I think that the word "synology" was the trigger for the many login attempts.
by msatter
Sun Sep 05, 2021 5:37 pm
Forum: RouterOS v7 BETA
Topic: Howto use Let's Encrypt command on 7.1rc2?
Replies: 6
Views: 1705

Re: Howto use Let's Encrypt command on 7.1rc2?

Using indeed Wildcard for years and you need a verification DNS sever to be able to use it.

"wildcard identifiers must be validated by a DNS-01 challenge"
by msatter
Sun Sep 05, 2021 12:18 pm
Forum: Scripting
Topic: [Project] SMART configuration export/import
Replies: 3
Views: 1285

Re: [Project] SMART configuration export/import

1 This for later and if it comes with the export script by Mikrotik then it is handled in one go. 2 The keywords are now in a string but the should be in an array so matching is unique 3 See point one. 4 The onset is to have this for internal use and if for external, then for export also keywords th...
by msatter
Sun Sep 05, 2021 8:36 am
Forum: Scripting
Topic: [Project] SMART configuration export/import
Replies: 3
Views: 1285

[Project] SMART configuration export/import

I want to start a project which tackles the export not being flexible enough to be used as basic backup and restore option. The current full backup option provided by Mikrotik is sometimes broken and then all the backups made are binned. It is wise to make always also exports on big changes so you c...
by msatter
Sun Sep 05, 2021 1:51 am
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

I would rather use a script to convert the RSC export. It can can then be more delicate in what the target export should be to fit the it. Using keywords to skip certain sections. I worked on an export/import script for single address-lists that can do conversions of the data source data and be sele...
by msatter
Sat Sep 04, 2021 11:51 pm
Forum: General
Topic: NordVPN troubles [SOLVED]
Replies: 10
Views: 1192

Re: NordVPN troubles [SOLVED]

Since a week.
by msatter
Sat Sep 04, 2021 10:52 pm
Forum: General
Topic: NordVPN troubles [SOLVED]
Replies: 10
Views: 1192

Re: NordVPN troubles [SOLVED]

I am having some "wonky" Problems with NordVPN too. Sooo.. You are not alone =) I just tried it out.. Mikrotik + NordVPN: I was able to resolve the duckduckgo.com and security.nl domains with the NordVPN-DNS servers But wasn't able to connect via HTTP/HTTPS Firefox + NordVPN Plugin: Every...
by msatter
Sat Sep 04, 2021 10:50 pm
Forum: General
Topic: NordVPN troubles [SOLVED]
Replies: 10
Views: 1192

Re: NordVPN troubles [SOLVED]

OK this is not good. I tested it and looking into it with Wireshark I noticed that there where no ICMP 3-4 were returned by NordVPN. They seem to block it and as result the MTU is to big. I set not in Mangle my outgoing MTU to 1372 (could be in your case lower) and then al is working again. The othe...
by msatter
Sat Sep 04, 2021 8:56 pm
Forum: Beginner Basics
Topic: Good switch for home use or RB4011 RB5009?
Replies: 16
Views: 1978

Re: Good switch for home use or RB4011 RB5009?

That is the 4011 on ROS 7.x as is the 5009 os from the start on ROS 7.x
by msatter
Sat Sep 04, 2021 6:53 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import. As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops...
by msatter
Sat Sep 04, 2021 6:30 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 14047

Re: WinBox v3.29 released!

Request delay on start. I have happening when I double click the line in the list of devices in Winbox that I often happens that the second click also clicks a menu button on the left in main Winbox screen. The result is that for example the Make support.rif or any other button that is positioned un...
by msatter
Fri Sep 03, 2021 11:27 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

MTU >1500 is still unsupported on RB4011 on sfp+ port.
I did not noticed that. That is maybe the cause the PPPoE dropped back to 1480 after connecting at 1500.
by msatter
Fri Sep 03, 2021 9:03 pm
Forum: General
Topic: NordVPN troubles [SOLVED]
Replies: 10
Views: 1192

Re: NordVPN troubles [SOLVED]

I have done a quick check if it is limited to countries and it is.

Does work: Iceland, Ireland, UK, Norway, Denmark and Latvia.
Does NOT work: Belgium and the Netherlands

This tested directly from the client on the PC and not from the router.
by msatter
Fri Sep 03, 2021 7:48 pm
Forum: General
Topic: NordVPN troubles [SOLVED]
Replies: 10
Views: 1192

Re: NordVPN troubles [SOLVED]

Thanks eworm. Duckduckgo was always a bit tricky but the other site should work.

It could be a geographical and I will try an other country to connect to.
by msatter
Fri Sep 03, 2021 5:18 pm
Forum: General
Topic: Filter Content in Firewall with DOT (.) in string [SOLVED]
Replies: 19
Views: 1308

Re: Filter Content in Firewall with DOT (.) in string [SOLVED]

For non-dns traffic you could try example\\.com
by msatter
Fri Sep 03, 2021 2:47 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 180
Views: 58019

Re: v6.49beta [testing] is released!

It is futile to make backups in the beta because they are not usable. Mikrotik is working on a fix so I assume there will be an update to look forward to.
by msatter
Fri Sep 03, 2021 2:40 pm
Forum: RouterOS v7 BETA
Topic: 7.1RC2 expired password can be ignored
Replies: 8
Views: 1897

Re: 7.1RC2 expired password can be ignored

But it "costs" the user to set a password. "Better not set it now - I MAYBE forget it and then I am locked out and have to netinstall." *user has flashbacks about last netinstall and clicks CANCEL* How about Netinstall and a password. I did not see that in the Wiki being mention...
by msatter
Fri Sep 03, 2021 2:35 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

RB2011 still locked in 7.1beta6 (no upgrade path) :( In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a local winbox connected to the MAC address. (so you can wipe it entirely before importing...
by msatter
Fri Sep 03, 2021 1:54 am
Forum: General
Topic: NordVPN troubles [SOLVED]
Replies: 10
Views: 1192

Re: NordVPN troubles [SOLVED]

I am going to ask support with NordVPN now I know I am not the only one. Thank you for confirming this.

Update: support request sent to NordVPN. I will post here their response.
by msatter
Fri Sep 03, 2021 1:17 am
Forum: General
Topic: NordVPN troubles [SOLVED]
Replies: 10
Views: 1192

NordVPN troubles [SOLVED]

Since Mikrotik supported IKEv2 to ISP I am using NordVPN and I always was very pleased with it. Since the implemented a separate username and password for router implementations things got sometimes wonky. The latest is that it appears that some sites become unreachable through the VPN and the lates...
by msatter
Thu Sep 02, 2021 12:26 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

I have the impression the backups are OK but the router denies import them. I had four months of backups being denied despite they where from the same router with the same ROS version 6.49beta36. Going back to 6.48.2 I could restore and then go the working 6.49beta36. From there the RSC helped me to...
by msatter
Thu Sep 02, 2021 10:25 am
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

What is bad in this picture? ROS7.1rc2.JPG 10.10.10.2 Is the router sitting in front of this router and between the internal network. As soon I installed the RC the IP address of the router became unresponsive even when it was a default config. The router was only reachable by using the MAC/RoMon. T...
by msatter
Wed Sep 01, 2021 8:23 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

I went an other way and installed 6.48.2 of which I had backup. Then went up to my latest beta again 6.49beta36. I tried to restore 4 backups that I made in last months and no one want to stick despite they were made on the 6.49beta36. I just stayed on the 6.48.2 backup. I have the feeling that some...
by msatter
Wed Sep 01, 2021 6:01 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

I am online again thanks to my Hex-S. The 4011 won't accept Netinstall and I can now at least read up on Netinstall. Going back to 6.49Beta36 did not help this time and the I have no access through IP and no Internet. When I start Netinstall it sees the router and when I press install it says offeri...
by msatter
Wed Sep 01, 2021 12:58 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 21017

Re: v7.1rc2 [development] is released!

Tried this one too and to no avail. All gateway's are unreachable and I only can reach the 4011 through MAC. The PPPoE through a SFP still drops back to a MTU of 1480...it was fixed in Beta 6.49 so please patch ROS 7.x also. Can I read my 6.49beta backup directly back into ROS 7 or do I first make a...
by msatter
Tue Aug 31, 2021 12:25 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I have added support for domain names beside IP addresses. Not tested yet but it should work. In bold the changes an I hope the '+' is supported. Else it could be replaced by a '*'. :if ( ( $line~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}" || $line~"^.+\\.[a-z.]{2,7}" ) ...
by msatter
Sun Aug 29, 2021 4:18 pm
Forum: General
Topic: RB5009 IPSec Performance
Replies: 20
Views: 3962

Re: RB5009 IPSec Performance

That is a lot of repeats in the first part of a tread. That all without hardware support from Mikrotik. ;-)
by msatter
Sun Aug 29, 2021 12:49 am
Forum: Scripting
Topic: Script placement of firewall rules to the first position. [SOLVED]
Replies: 2
Views: 984

Re: Script placement of firewall rules to the first position. [SOLVED]

https://forum.mikrotik.com/viewtopic.php?f=2&t=168080&p=824863&hilit=print#p824863 I found also the support request to Mikrotik on this: Thank you for contacting MikroTik Support. Adding print to the script is the correct way of letting the script know which line is currently used and ba...
by msatter
Sun Aug 29, 2021 12:39 am
Forum: General
Topic: RB5009 IPSec Performance
Replies: 20
Views: 3962

Re: RB5009 IPSec Performance

Yes we know, however Mikrotik did not want officially put the numbers up because there is only software IPSEC. Then we have it do it ourselves.

Also not impressed and the 4011 is running circles around the 5009 when using IPSEC.
by msatter
Thu Aug 26, 2021 4:06 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 39247

Re: v7.1rc1 [development] is released!

Nope still not running. I tried RC1 on my 4011 and the setup is transferred but no IKEv2 connection comes up. I have to connect trough RoMon to the box. The PPPoE drops from MTU 1500 to 1480 after a few seconds and restarting the SFP does not help this time. That could cause that the IKEv2 is not be...
by msatter
Tue Aug 24, 2021 10:37 pm
Forum: Wireless Networking
Topic: Wifi sucks in an outside garage
Replies: 16
Views: 1877

Re: Wifi sucks in an outside garage

I hope you have a permit for your WiFi doing that in the outdoor garage. The neighbors might complain to the police, about the waiting men in the driveway.
by msatter
Tue Aug 24, 2021 10:32 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I have removed the first version of the script to avoid this happening to others. The first version was more a prove of concept that the Frankenstein, two parts joined, script worked.
by msatter
Tue Aug 24, 2021 10:13 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I have trouble following you on this. If you read about the Greylist by Turris you will see that is updated once a week. They know that. If you keep hammering the proxy they might put you in SRC-IP adress jail. ;-) BTW you are using an old verdion of the scipt that keeps the list active for one day....
by msatter
Tue Aug 24, 2021 9:19 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30262

Re: MikroTik RB5009UG+S+IN

It is likely assumed that in a rack where you want 2 or 4 of these routers, you already have some air circulation and cooling. Some air cooling would certainly help... And for stand alone or wall mounting you can attach a small fan like I did on the 4011. In the summer it keeps the 4011 cool. https...
by msatter
Tue Aug 24, 2021 2:09 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

The packet towards the Alibaba IP was "ICMP" , only a single instance. The packet towards another Turris marked IP is also found in the abuseIP database. This packet was dropped trying to creep out of my LAN coming from "something" on my NAS, source-port 6800 > dst-port tcp/4888...
by msatter
Mon Aug 23, 2021 8:48 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

It is a weekly list so just update it at 06H30 am and polling it will only create mor load on their side. No wonder there is now a proxy in front. ;-) Also nice is that you can select certain kinds of list. This could be a second selector beside the IP address presence. Legend for current Hei rules ...
by msatter
Mon Aug 23, 2021 12:55 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 14047

Re: WinBox v3.29 released!

I went from 3.27 to 3.29 so it was very tempting to make the step. Thanks for the new stuff making things easier especially the Windows button to find my lost windows.
by msatter
Sun Aug 22, 2021 11:21 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Ping
"Give me a ping, Vasili. One ping only, please."
by msatter
Sun Aug 22, 2021 8:45 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

The RegEX is only there to detect if there is a valid IP adress on the line. This version only allows one list and there are different versions that can do more. Even a version that allows you to provide login credentials if needed. I made this Frankenstein version to see if it worked. About huge li...
by msatter
Sun Aug 22, 2021 1:48 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Thank you @msatter. I posted this two scripts in another post, but i didn't know how combinated it. It is possible added a delimiter option for import spamhaus database or another in one script? Those use a range (example: /22) and then the RegEX has to be adapted/extended. On second thought, I thi...
by msatter
Sun Aug 22, 2021 12:05 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I've test against the Project Turris list and it obtained 9058 entries ? Did you get similar values ? Yes, the first line of the file is ignored and the last 6 are IPv6 addresses. The script is still in the workings, however the first results are promising. Update: Script is updated to avoid import...
by msatter
Sun Aug 22, 2021 3:51 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 119
Views: 31876

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

A Frankenstein script using HTTP chunking. It is not perfect because it can't predict where the splits are made so you will miss some data or data is wrong . But is a start and certainly it can be improved. This ofcourse only usable if the HTTP server supports chunking. USE LATER VERSION PUBLISHED B...
by msatter
Sat Aug 21, 2021 11:40 pm
Forum: General
Topic: Getting replacement parts?
Replies: 6
Views: 693

Re: Getting replacement parts?

It is a special cable however I would have cut the blue release part off. If you fit the panel it would pushes down the blue tab which releases the connector.

I hope your reseller can get a replacement panel for you and till then, tape it off.
by msatter
Fri Aug 20, 2021 10:24 pm
Forum: Announcements
Topic: Newsletter 101
Replies: 43
Views: 9437

Re: Newsletter 101

Looking at the thickness of the ears you will be needing to put one side in a vice to be able to breaking-wiggle it off. It would be nice if Mikrotik would also cover the 10" racks with one extra ear that is a bit longer.
by msatter
Fri Aug 20, 2021 7:00 pm
Forum: RouterBOARD hardware
Topic: RB5009UG+S+IN form factor
Replies: 9
Views: 1695

Re: RB5009UG+S+IN form factor

Interesting idea, something like the Turris Mox. I see the power distribution on the side but what about some kind of standard interface between the devices on the side. So you don't have use the present external interfaces.
by msatter
Fri Aug 20, 2021 12:56 pm
Forum: Announcements
Topic: Newsletter 101
Replies: 43
Views: 9437

Re: Newsletter 101

NordVPN does provide Wireguard but I have not seen a working config for RouterOS. To me IKEv2 is still relevant in combination with my 4011. It does work, I have a config on a test box. But the setup es not straight forward, you have to extract your private key and the server's key from a Linux box...
by msatter
Thu Aug 19, 2021 10:36 pm
Forum: Announcements
Topic: Newsletter 101
Replies: 43
Views: 9437

Re: Newsletter 101

….. will the 5009 be populated with IPsec results, seem to be missing? No need for IPSec because Wireguard rules the world now … the RB5009 is not enterprise gear where IPSec is the standard … home users love WireGuard. SMB will also love wireguard …. It’s becoming a WireGuard world. NordVPN does p...
by msatter
Wed Aug 18, 2021 2:06 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 187
Views: 30262

Re: MikroTik RB5009UG+S+IN

The bottom is used as a heatsink and it tranfers the heat to the back where the cooling ribs sit.

Heat is transfered also between multiple devices and spread this way.
by msatter
Wed Aug 18, 2021 1:54 pm
Forum: General
Topic: CCR2004-16G-2S+ shipped with 7.0.4 STABLE is that for real?
Replies: 11
Views: 1387

Re: CCR2004-16G-2S+ shipped with 7.0.4 STABLE is that for real?

Screenshot_20210818_125338.jpg
by msatter
Wed Aug 18, 2021 1:02 am
Forum: General
Topic: What is MikroTik working on?
Replies: 3
Views: 568

Re: What is MikroTik working on?

Not much. And those migrants are there to piss off Europe.

Using people as weapons is not very classy to get back at other countries while the problem is with you, Turkey and Belarus.
by msatter
Tue Aug 17, 2021 12:47 am
Forum: Beginner Basics
Topic: use-local-address ip>cloud
Replies: 7
Views: 2606

Re: use-local-address ip>cloud

Do you feel any urge to elaborate on that?
by msatter
Mon Aug 16, 2021 8:35 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 30230

Re: v7 launch date

You called it gold but many expierence it as being made of the same material as a tin can.
by msatter
Mon Aug 16, 2021 5:36 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 30230

Re: v7 launch date

Pouring gold into a tin can?
by msatter
Mon Aug 16, 2021 2:01 pm
Forum: General
Topic: Better way to hide "duplicate packet, dropping" log message
Replies: 1
Views: 307

Re: Better way to hide "duplicate packet, dropping" log message

/system logging add action=disk disabled=no prefix="" topics=info,!ovpn add action=disk disabled=no prefix="" topics=error,!ovpn add action=memory disabled=no prefix="" topics=error,ovpn Memory is the default situation andwhat if you replace that with echo? remember (y...
by msatter
Mon Aug 16, 2021 1:23 pm
Forum: Beginner Basics
Topic: use-local-address ip>cloud
Replies: 7
Views: 2606

Re: use-local-address ip>cloud

Only a few day a member was connecting through a VPN and with this he could still supply his external address to Mikrotik cloud.
by msatter
Sun Aug 15, 2021 7:18 pm
Forum: General
Topic: Large blacklists for firewall
Replies: 37
Views: 4755

Re: Large blacklists for firewall

yes yes anav, we know you keep pushing people to use his services, we know. chill. Any service that appears to be of good value I will always recommend, its called communicating. There is nothing in it for me. Whatever personal issues you may have, get over it. I have to admit that I can only admir...
by msatter
Sun Aug 15, 2021 7:06 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 55
Views: 7927

Re: Importing IP List from file

************************************** @msatter wrote I have later written a way to exchange separate lists be exchanged between router based on this way of working. But now, I keep that also for myself, no interest anymore on my side to share that. I find this " I have it and I don't give it ...
by msatter
Sun Aug 15, 2021 2:11 pm
Forum: General
Topic: Large blacklists for firewall
Replies: 37
Views: 4755

Re: Large blacklists for firewall

@Mozerd I read that you where also providing protection for VOIP. From the site: https://itexpertoncall.com/promotional/moab.html#prime : Engineered for MikroTik RouterOS Firewall. voipTIK - "Wow ...its working ...a perfect voip shield" a direct quote from one of our clients Is your public...
by msatter
Sun Aug 15, 2021 1:03 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 55
Views: 7927

Re: Importing IP List from file

This all has been adressed in one of the largest treads her about blacklisting.Then we got the flexible way by Shumkov but it limited to 64 KB file. https://forum.mikrotik.com/viewtopic.php?t=98804https://forum.mikrotik.com/viewtopic.php?t=98804 No one link longer work, all is abandoned because no ...
by msatter
Sat Aug 14, 2021 12:32 pm
Forum: General
Topic: Large blacklists for firewall
Replies: 37
Views: 4755

Re: Large blacklists for firewall

PS, Your ignore list doesnt work very well. I am sure rextended has a script for you that will work.
The ignore function works very well here. If you want to read a ingnored posting, it depends on which one of the two fingers you use for the screen.
by msatter
Sat Aug 14, 2021 1:52 am
Forum: General
Topic: Large blacklists for firewall
Replies: 37
Views: 4755

Re: Large blacklists for firewall

We are sending truckloads of Euro's to Italy despite they are richer than we are in the Netherlands. We are buying that country without owning it after sending all our money.
by msatter
Fri Aug 13, 2021 11:21 pm
Forum: General
Topic: Large blacklists for firewall
Replies: 37
Views: 4755

Re: Large blacklists for firewall

@rextended you are on my ignore list so I don't read your postings anymore. Really sad that I had to resort to that. So with no explanation and no reason? Of course there are really idiotic people in the world... For me the dawn will continue to be there tomorrow, even for you, but you will miss a ...
by msatter
Fri Aug 13, 2021 2:04 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 55
Views: 7927

Re: Importing IP List from file

A few years logging this was being addressed in a tread about large list import. Then the way was to specific disable logging causing these entries.

Search result: search.php?keywords=logging&t=98804&sf=msgonly
by msatter
Thu Aug 12, 2021 3:03 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 55
Views: 7927

Re: Importing IP List from file

@rextended, "ignore list" means I can't see and won't open the hidden content, being your postings.

Over and out.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9