Community discussions

Search found 960 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by msatter
Mon Dec 10, 2018 2:51 pm
Forum: RouterBOARD hardware
Topic: Transceiver S-35LC20D/S-53LC20D - Modulation 10M
Replies: 1
Views: 62

Re: Transceiver S-35LC20D/S-53LC20D - Modulation 10M

Switch off auto negotiation. If possible set to 1000Mb or 1Gb
by msatter
Sun Dec 09, 2018 12:22 pm
Forum: General
Topic: SIP ALG
Replies: 2
Views: 106

Re: SIP ALG

This forum is using English as language so please post in English.
by msatter
Sat Dec 08, 2018 11:54 am
Forum: General
Topic: Using action=route in Mangle
Replies: 4
Views: 142

Re: Using action=route in Mangle

Thanks shiyiqiang08, it did not make it working. I used torch and nothing went over the connection when using the Local Address (gateway). When I used the Remote Address packets were visible but they did not return. Looking at the connection table I see a difference between NAT and Direct. NAT 192.1...
by msatter
Sat Dec 08, 2018 12:04 am
Forum: General
Topic: Using action=route in Mangle
Replies: 4
Views: 142

Re: Using action=route in Mangle

I want to do without the NAT and the SSTP is to a VPN provider.

Because I received (invalid) packets back, pointing to the correct client and port I think the other side is natting.

Next I will look with torch what traffic is passing and what direction.
by msatter
Fri Dec 07, 2018 10:31 pm
Forum: General
Topic: Using action=route in Mangle
Replies: 4
Views: 142

Using action=route in Mangle

I want to use action=route in Mangle with a SSTP connection. And in that rule I put in DST-address, the Local Address of the SSTP connection. It seems to work but the packets returning back from the SSTP are not arriving back at my client. After a few seconds I get (ACK/RST) back on OUTPUT and those...
by msatter
Fri Dec 07, 2018 1:54 pm
Forum: Beginner Basics
Topic: Forwarding Avaya via VPN
Replies: 2
Views: 181

Re: Forwarding Avaya via VPN

How do I route to VPN without NAT?

I only find example with NAT and my im thoughts are that I need the normal entry in IP-Route to the VPN and tag/point in Mangle to the route of theVPN.
Till now I always needed a SRC-NAT to gateway of the VPN.
by msatter
Sun Dec 02, 2018 2:38 pm
Forum: General
Topic: question about no track action in raw firewall rules
Replies: 11
Views: 290

Re: question about no track action in raw firewall rules

By marking them notrack you convey the handling to an other device or an other part of the router. I use notrack for IPSEC because IPSEC can handle itself the connections.

Any traffic, even if dropped, will still use CPU power but not as much as connection tracking would take and terminate it then.
by msatter
Sun Dec 02, 2018 1:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: OpenVPN SHA256 + UDP
Replies: 26
Views: 11266

Re: OpenVPN SHA256 + UDP

I don't think RouterOS v7 is that far away. Some v7 features are already implemented in v6.

On the DNS part there are better programs like Unbound that do that all, in a excellent way.
by msatter
Sun Dec 02, 2018 12:57 pm
Forum: General
Topic: Poor VPN Performance with SSTP VPN
Replies: 9
Views: 381

Re: Poor VPN Performance with SSTP VPN

I am using SSTP as client since a short while and I have my MTU set to 1500. Test yours on this the ping under tools and tag the box df (do not defragment).

I read in wiki examples that the mrru was set to 1600 but that killed my connection also try it with disabled mrru.
by msatter
Sun Dec 02, 2018 12:41 pm
Forum: General
Topic: Position of the firewall rules
Replies: 3
Views: 918

Re: Position of the firewall rules

I have to move the newly created rule not that much. I use copy wich duplicates the rule neighbouring is openend. There could be added a extra button which does the same as copy but defaults all the settings in that new rule. You have still to move the rule one up if you want it at the top of the ru...
by msatter
Sat Dec 01, 2018 10:28 pm
Forum: General
Topic: question about no track action in raw firewall rules
Replies: 11
Views: 290

Re: question about no track action in raw firewall rules

Notrack won't help because connction tracking is already disabled by you.

viewtopic.php?f=2&t=114664&p=599785&hil ... os#p605976
by msatter
Sat Dec 01, 2018 1:24 pm
Forum: Wireless Networking
Topic: lost configuration on every reboot
Replies: 4
Views: 187

Re: lost configuration on every reboot

Just thinking. Do you have them well grounded (earth)?

The best is to send a request for support to Mikrotik by e-mail: support@mikrotik.com

Explain what you kind of problem you have, and how you mounted them.
by msatter
Sat Dec 01, 2018 1:14 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

...and bgp multithreading support when?
First the hell has to freeze over. ;-)

viewtopic.php?f=1&t=141920#p699481
by msatter
Fri Nov 30, 2018 3:43 pm
Forum: Beginner Basics
Topic: Firewall what is untracked
Replies: 4
Views: 236

Re: Firewall what is untracked

Untracked are connection that are not steered by Connection Tracking wich looks like a "mother chicken", if those connection are known to ther and were the have to go. When a connection is stray and not know it will not pass her beak (control) and be removed. Untracked traffic is traffic that is mar...
by msatter
Fri Nov 30, 2018 3:28 pm
Forum: General
Topic: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?
Replies: 5
Views: 221

Re: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?

It is indeed meshy. About mixed usage the wiki talks about that, almost at the bottom of the page:
https://wiki.mikrotik.com/wiki/MikroTik ... lity_table
by msatter
Fri Nov 30, 2018 11:59 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

Thanks Emils and this morning I tried drag and drop from the Files window in Winbox and it worked again. :D I hope that it was a temporary problem and downloading/install and clearing the Winbox cache did not work. One thing that is interesting now it working again I could not connect to the router ...
by msatter
Thu Nov 29, 2018 11:38 pm
Forum: Beginner Basics
Topic: ARP List Filter wildcards?
Replies: 6
Views: 165

Re: ARP List Filter wildcards?

Youre welcome and Mikrotik gave us great tools to get insight.
by msatter
Thu Nov 29, 2018 11:35 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

With the last two betas if have Winbox glitching and crashing. I re-downloaded Winbox but it still sometimes does not the windows and while typing all the windows disappear. Only a restart helps and then I have still sometimes manually reload the layout. I find this strange because Winbox always wor...
by msatter
Thu Nov 29, 2018 11:27 pm
Forum: Beginner Basics
Topic: ARP List Filter wildcards?
Replies: 6
Views: 165

Re: ARP List Filter wildcards?

What if you sort on MAC or interface. Also you have the find box in the right top corner with which you can highlight the address you want to track visually.
by msatter
Thu Nov 29, 2018 11:12 pm
Forum: Beginner Basics
Topic: ARP List Filter wildcards?
Replies: 6
Views: 165

Re: ARP List Filter wildcards?

What if you search 10.81.37 or 192.168.3 if you seek that?
by msatter
Thu Nov 29, 2018 1:50 pm
Forum: General
Topic: (ask) how to use two internet connections simultaneously
Replies: 1
Views: 88

Re: (ask) how to use two internet connections simultaneously

You can look in the wiki.mikrotik.com for examples.

Splitting csn be done in Mangle with NTH or PCC and only Routing-mark New connections so that the streams are complete going trough one or the other port.

In IP - Routing you can use that routingmark to select the gateway (ISP) of the connection.
by msatter
Thu Nov 29, 2018 12:28 am
Forum: General
Topic: Having Problems Matching Host with Firewall [SOLVED]
Replies: 3
Views: 128

Re: Having Problems Matching Host with Firewall [SOLVED]

I am not a expert on this but some things are explainable. MAC addresses outside your router are not know so you can only use MAC addresses inside your local network. The device is requesting the traffic and that could be why it is shown as source. I would add the dst-IP to the addresslist on basis ...
by msatter
Wed Nov 28, 2018 2:41 pm
Forum: Scripting
Topic: Hide the fetch log
Replies: 3
Views: 161

Re: Hide the fetch log

Topic: ....gps info kvm.... manual add prefix fetch and toggle !

You can also try with Topic: store and I csn't test it where I am right now.
by msatter
Wed Nov 28, 2018 2:23 pm
Forum: General
Topic: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?
Replies: 5
Views: 221

Re: SFP+ copper module (FS 10G-T) incompatible with Mikrotik CRS 3xx?

Did you disable the auto stuff in the Mikrotik for that SPF.

FS offers to program the settings in the recognisation section with wished information.
by msatter
Wed Nov 28, 2018 2:08 pm
Forum: Scripting
Topic: Hide the fetch log
Replies: 3
Views: 161

Re: Hide the fetch log

Try onder System-Logging to add under Rules - Topic info Prefix line !fetch
by msatter
Wed Nov 28, 2018 1:45 pm
Forum: Beginner Basics
Topic: Route all traffic through NordVPN?
Replies: 11
Views: 605

Re: Route all traffic through NordVPN?

NordVPN dropped support of l2tp.
Is going to drop support for it on the 1st of December.

https://nordvpn.com/blog/l2tp-pptp-protocol-update/

Come on Mikrotik. We can't use OpenVPN or IKEv2 with NordVPN so which protocol are we going to use? SSTP is only possible with a few providers.
by msatter
Wed Nov 28, 2018 12:38 pm
Forum: General
Topic: How to sniff traffic between wifi clients (same subnet)
Replies: 8
Views: 306

Re: Packet sniffer does not sniff UDP packets

Did you take in account that traffic between devices in the same network is not going through the router but are connected through the switch? This switching is often done on hardware level and so invisible for the sniffer. The funny thing is that I have to place filters to keep out that local traff...
by msatter
Tue Nov 27, 2018 8:54 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

Isn't the answer two posts above?.. i use this config in 6.4.34 in all clients, in the new beta no work the peer, the port-override and main-l2tp no work if upgrade to next version all vpn l2tp/ipsec with this config will they stop working? . . /ip ipsec peer add exchange-mode=main-l2tp generate-po...
by msatter
Tue Nov 27, 2018 4:49 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

I have L2PT/IPSEC connections that are "dail on demand" and those are displayed in IPSEC-Peers as entries that are unreachable. This is true, however after the connection is up they are still seen as unreachable (colour red).
by msatter
Tue Nov 27, 2018 4:12 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

I have my DNS cache being flooded with I think IP coming from the Addresslists. Screen content of DNS Cache N IP:xxx.xxx.xxx.xxx type: unknown Data: 0.0.0.0 TTL: 24H Update: After a reboot it worked again as expected. I think the firmware had to be updated too and that update was already standing re...
by msatter
Tue Nov 27, 2018 1:48 pm
Forum: Beginner Basics
Topic: Route all traffic through NordVPN?
Replies: 11
Views: 605

Re: Route all traffic through NordVPN?

Mikrotik does not yet support the features needed to make use those kind of OpenVPN services.
L2TP/IPSEC is fully supported.
by msatter
Tue Nov 27, 2018 1:40 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

We are now all sitting on the edge of our seats.
by msatter
Tue Nov 20, 2018 7:34 pm
Forum: General
Topic: 1500 L3 MTU on a Mikrotik PPPoE Server
Replies: 4
Views: 219

Re: 1500 L3 MTU on a Mikrotik PPPoE Server

No support for: https://tools.ietf.org/html/rfc4638 when being a server.
by msatter
Sun Nov 18, 2018 8:53 pm
Forum: General
Topic: DNS Root-servers and VPN
Replies: 1
Views: 141

Re: DNS Root-servers and VPN

I am using now DNS over TCP for the time being and can now fetch the Anchor through IPv4 UDP and the problem seems that the DNS reply for iana dot org is very long. I have now hard coded the IP address in the helper file for unbound.
by msatter
Sun Nov 18, 2018 4:39 pm
Forum: General
Topic: DNS Root-servers and VPN
Replies: 1
Views: 141

DNS Root-servers and VPN

I am using Unbound which is drawing information on startup from the a-to-m-root-servers dot net. The problem is that the return UDP packets are cut off at 548 bytes and Wireshark is signaling them as malformed. So I changed the MTU of the l2tp/ipsec and whendid not help also the edns in the config t...
by msatter
Sat Nov 17, 2018 12:58 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature Request] :resolve DNS Client Improvements
Replies: 2
Views: 327

Re: [Feature Request] :resolve DNS Client Improvements

I don't see a problem with :resolve, it just resolves to which address to go. Not every one has IPv6 so IPv4 is the safest to go. If there are multiple addresses then rotation is steered by the DNS server. Several parts in RouterOS already read the complete list, see addresslists. I would prefer a n...
by msatter
Thu Nov 15, 2018 1:34 pm
Forum: General
Topic: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)
Replies: 10
Views: 857

Re: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)

Privacy in my eyes a very high good and we are tracked everywhere on the Internet and also in real life. Having protected datastreams against peeking eyes is good but the time is not right because we are to early. Big Data is working well with data from who the request comes and where it wants to go...
by msatter
Mon Nov 12, 2018 8:49 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 989
Views: 162535

Re: Feature requests

the line above are repeated X times. When you dealing with external logs, this is something you like to avoid at all cost like here in my Splunk - Mikrotik project: https://forum.mikrotik.com/viewtopic.php?t=137338 When you read logs external programs its hard to understand what is repeated and get...
by msatter
Mon Nov 12, 2018 8:44 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 989
Views: 162535

Re: Feature requests

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log. As long as you have connection tracking, and do not use the log on the "established/related" rul...
by msatter
Mon Nov 12, 2018 5:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 989
Views: 162535

Re: Feature requests

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log. The first two and last one/two lines are writen so the time between lines can by seen. First the ...
by msatter
Mon Nov 12, 2018 4:29 pm
Forum: Scripting
Topic: cannot ssh to mikrotik rb750 with dsa key
Replies: 5
Views: 235

Re: cannot ssh to mikrotik rb750 with dsa key

debug1: kex: host key algorithm: ssh-rsa

I would only use RSA and not DSA anymore.
by msatter
Mon Nov 12, 2018 4:26 pm
Forum: Scripting
Topic: DNS CACHES Problems
Replies: 1
Views: 128

Re: DNS CACHES Problems

Not very special and cloud you can disable if not used under IP-Cloud.

Why do put your public address and port in the Google search machine by showing that here?
Please make those invisible to the gerneral public.
by msatter
Mon Nov 12, 2018 2:04 pm
Forum: Beginner Basics
Topic: Static DNS Table?
Replies: 1
Views: 143

Re: Static DNS Table?

The problem is that you did not a TLD to router. If you add ".lan" to the second name then you can it also from other devices.

Whitout a TLD you can only ping it on yhe router self.
by msatter
Mon Nov 12, 2018 11:31 am
Forum: General
Topic: Detect Internet triggering flood of incoming connections
Replies: 0
Views: 143

Detect Internet triggering flood of incoming connections

I made a posting yesterday about my LOG being flooded by incoming connections from Google DNS ( 8.8.8.8 ) and thanks to mkx I could stop that by disabling the option Detect Internet under interfaces in the Mikrotik router. https://forum.mikrotik.com/viewtopic.php?f=2&t=141454 It looked like an attac...
by msatter
Sun Nov 11, 2018 6:13 pm
Forum: General
Topic: Random beeping
Replies: 2
Views: 178

Re: Random beeping

How recent is your RouterOS version?

https://mikrotik.com/download
by msatter
Sun Nov 11, 2018 12:25 pm
Forum: General
Topic: Killing the Mikrotik Cloud?
Replies: 4
Views: 394

Re: Killing the Mikrotik Cloud?

turn off internet detection
Darn...I switched that on two days ago to see what that did...I was not wiser and wanted to look at it again coming week. It is now switched off and I will not ever touch it again.
by msatter
Sun Nov 11, 2018 12:10 pm
Forum: General
Topic: Killing the Mikrotik Cloud?
Replies: 4
Views: 394

Re: Killing the Mikrotik Cloud?

Thanks mkx. That is now clear to me and the first spoof, triggered the rule that places it on a addreslists to be "dropped" for a long period. I have now changed the RAW for accepting DNS returns so that the next time it would not even reach the spoof check, so it will not be promoted to addresslist...
by msatter
Sun Nov 11, 2018 11:41 am
Forum: General
Topic: Killing the Mikrotik Cloud?
Replies: 4
Views: 394

Killing the Mikrotik Cloud?

A few times now I see the Evil Google DNS trying to connect endless to my DNS port which is blocked to by a RAW rule. In this way I can fill my log files very fast by only that log entry repeating and repeating endlessly. Nov/11/2018 08:29:06 firewall,info Drop RAW - Probe prerouting: in:pppoe-out1 ...
by msatter
Wed Nov 07, 2018 12:49 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 40533

Re: Winbox vulnerability: please upgrade

The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already. https://www.zdnet.com/google-amp/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/ Owners being angry at him should th...
by msatter
Wed Nov 07, 2018 12:23 pm
Forum: General
Topic: Multi PPPoE sessions
Replies: 3
Views: 223

Re: Multi PPPoE sessions

Do you use a profile on those connection? I the profile you can set hard time limit to end a connection. There is also a option to use 'only one' and then you could use a profile for each three connections.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20