Community discussions

MikroTik App

Search found 4690 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 16
by rextended
Sun Jul 25, 2021 6:56 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 12
Views: 184

Re: Network cannot be accessed after L2TP address pool change

Sincerely I have no idea, just you try to reboot the device? You can do two things at the same time, full backup first, save to pc and Upgrade to 6.47.10 last long-term, the upgrade cause RouterBOARD reboot. I ask you a courtesy, if possible, when you found the cause, write back here on forum to hel...
by rextended
Sun Jul 25, 2021 6:34 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 12
Views: 184

Re: Network cannot be accessed after L2TP address pool change

One question, you use radius also for access winbox and CLI on this device? Is set as I describe it. Sorry, on first read I miss those, paste on terminal: { /ip dhcp-server set [find] authoritative=yes /interface bridge port set [find] hw=yes } But at this point for me the RouterBOARD (ignoring old ...
by rextended
Sun Jul 25, 2021 6:25 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 12
Views: 184

Re: Network cannot be accessed after L2TP address pool change

Try to temporarly stop all drop firewall filter rules,
you sure no fixed parameters are set on remote devices?
on radius server, the profiles use the right pool name? from VPN to VPN230?
by rextended
Sun Jul 25, 2021 5:31 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 12
Views: 184

Re: Network cannot be accessed after L2TP address pool change

Paste this on terminal, without omit the { } : { /interface bridge fast-forward=yes /interface ethernet set [ find default-name=ether1 ] speed=1Gbps set [ find default-name=ether2 ] speed=1Gbps set [ find default-name=ether3 ] speed=1Gbps set [ find default-name=ether4 ] speed=1Gbps set [ find defau...
by rextended
Sun Jul 25, 2021 5:15 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 12
Views: 184

Re: Network cannot be accessed after L2TP address pool change

Apart of this problem,
I suggest first to upgrade to 6.47.10, 6.43 is too old and some hack are well know.

Now I read the export and write adout it
by rextended
Sun Jul 25, 2021 4:17 pm
Forum: General
Topic: Network cannot be accessed after L2TP address pool change
Replies: 12
Views: 184

Re: Network cannot be accessed after L2TP address pool change

If the address are real private address and not "censored" for the forum:

Make one /export and find all the occurrencies of "250", probably you miss something.

If do not work, the problem can be one fixed settings on remote machines
by rextended
Sun Jul 25, 2021 4:13 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Sometime I use this hack when I do not have time to VPN or others...
If Gogole is not blocked...
https://translate.google.com/translate? ... krotik.com
by rextended
Sun Jul 25, 2021 4:09 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Can I ask you where you live?
by rextended
Sun Jul 25, 2021 4:08 pm
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1130

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

Well, thanks moderatos/staff to pin this topic.
by rextended
Sun Jul 25, 2021 4:01 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5414

Re: Dude connects to ROS devices every minute and then disconnects

Probably as @mkx explain on another topic my english is not so well...

Smply: Sorry.
by rextended
Sun Jul 25, 2021 3:58 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Thanks @mkx for the courtesy of explaining ;)



@anav, but how do they come to your mind? :)))
by rextended
Sun Jul 25, 2021 2:36 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5414

Re: Dude connects to ROS devices every minute and then disconnects

If you call someone you are a juvenile jerk. I don't understand this sentence, who should I call? This is a user forum , and you keep to not understand, if you do not want opinons, do not write, You still keep this behavior because you do not understand simply this two sentences: It's perfectly nor...
by rextended
Sun Jul 25, 2021 2:25 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5414

Re: Dude connects to ROS devices every minute and then disconnects

Go ahead and write direct posts to the developers, who can't wait to come here on this topic to see what you write, but don't quote others when you do , or it seems that you write to the quoted... I doubt that they will give you the slightest listen if you have not even understood the two bold lines...
by rextended
Sun Jul 25, 2021 2:15 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5414

Re: Dude connects to ROS devices every minute and then disconnects

Everything I wrote does not apply to you Sorry, but I misunderstand, you wroted continuosly without break... Here, look at this beauty. No wonder the dude is going crazy. And now imagine if the dude has a 3000 routerboard. That is the Log of ONE RouterBOARD, not the Log of The Dude, or at most it i...
by rextended
Sun Jul 25, 2021 2:08 pm
Forum: The Dude
Topic: Dude connects to ROS devices every minute and then disconnects
Replies: 39
Views: 5414

Re: Dude connects to ROS devices every minute and then disconnects

Also, how can you write this lie that can't repeat the problem. Who write "can't repeat the problem"??? Are you holding us fools ??? For you there is no need, you already are if you read things that I have not written ... This is a question for developers. And this is a user forum, not a ...
by rextended
Sun Jul 25, 2021 1:54 pm
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

what are you writing? [...] I try to explain better: is for the "troll part", I want to notice to you I already have write possibly helping solution, not one "troll post". also @msatter say "It is really strange and your ISP is keeping an eye on that port because of DDos at...
by rextended
Sun Jul 25, 2021 10:26 am
Forum: Scripting
Topic: Script Not Working
Replies: 1
Views: 88

Re: Script Not Working

why [10.0.0.2] ? Simply write the IP using url "mode" and "http-method" are useless (https url = https mode, ? on ulr = get mode, post is unnecessary) This is based on another script I have revised, send only one messages when status change. :local host 10.0.0.2 :global hoststatu...
by rextended
Sun Jul 25, 2021 10:21 am
Forum: General
Topic: Static Public IP for Private Network
Replies: 3
Views: 130

Re: Static Public IP for Private Network

I do not understan what you ask, Sorry.

If all outbound go to router1 why you need to modify something on route2?
Simply let router1 to do the.. router...
by rextended
Sun Jul 25, 2021 10:05 am
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 8
Views: 416

Re: Different gateway for two PPPoE server instance

Paste this on terminal and use this as start point. I hope I've wroted it correctly. Each line is a failover for the other, if for some reason one of the two ISP go down. /ip route add check-gateway=ping distance=10 gateway=172.16.4.1 routing-mark=PPPoE1 add check-gateway=ping distance=20 gateway=17...
by rextended
Sun Jul 25, 2021 9:43 am
Forum: General
Topic: IPv4 only network DNS issues with mobile devices [SOLVED]
Replies: 11
Views: 277

Re: IPv4 only network DNS issues with mobile devices [SOLVED]

I mean this, not on NAT but on fiilters: 6.6.6.6 is the smartphone IP just for do the test /ip fire filter add action=drop chain=forward dst-address=8.8.8.8 dst-port=53 protocol=tcp src-address=6.6.6.6 add action=drop chain=forward dst-address=8.8.8.8 dst-port=53 protocol=udp src-address=6.6.6.6 add...
by rextended
Sun Jul 25, 2021 2:40 am
Forum: General
Topic: IPv4 only network DNS issues with mobile devices [SOLVED]
Replies: 11
Views: 277

Re: IPv4 only network DNS issues with mobile devices [SOLVED]

Try to instead of redirect,
drop on firewall filter forward the direct connections from "pool of smartphone ip" to the IP 8.8.8.8 and 8.8.4.4
On this way probably the device must be forced to use internal provided IP from DHCP Server
by rextended
Sun Jul 25, 2021 1:52 am
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1130

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

You right, but i do not understand why some basic settings are not set as default like rp-filter=loose instead of no, permit blank/not strong password, still use "admin", just for example.
I hope 7 on new kernel work faster and stronger.
by rextended
Sun Jul 25, 2021 1:28 am
Forum: General
Topic: Route for traffic coming from pptp
Replies: 2
Views: 87

Re: Route for traffic coming from pptp

Is hard if you do not:
draw a schema with necessary data on it,
provide the relevant sections of the /export hide-sensitive from the 3 devices.
by rextended
Sun Jul 25, 2021 1:14 am
Forum: Useful user articles
Topic: How to: Edge router and BNG optimization for ISPs Topic is solved
Replies: 10
Views: 1130

Re: How to: Edge router and BNG optimization for ISPs Topic is solved

Yes, is ancient with no doubt.

6.x use the 3.3.5 May 2012

7.1beta6 use the 5.6.3 Jun 2020

8 years are one abyss on technology...


Ask moderators/staff to pin this topic
by rextended
Sun Jul 25, 2021 1:11 am
Forum: General
Topic: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]
Replies: 8
Views: 238

Re: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]

IF you do not have rebooted the router do /undo , and wait some seconds, sometimes, on router terminal until go back online as before...
by rextended
Sun Jul 25, 2021 1:07 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Okay, I wasn't clear, I was asking you if I bothered you, like mkx want say...
by rextended
Sun Jul 25, 2021 12:50 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

what are you writing? I already suggested the same thing you suggested 13 minutes before...

I have already helped other times @Cablenut9, if I don't remember correctly he can tell you too, I don't seem to have ever bothered him,

@Cablenut9 you make it clear, please...
by rextended
Sun Jul 25, 2021 12:46 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 10
Views: 1123

Re: How to covert int to hex type value and save it in a string?

I really appreciate this:
:local Hex "0123456789abcdef_eworm.de_ABCDEF"
[:find $Hex ... ] % 16

I was very impressed with the simplicity of the solution ....
by rextended
Sun Jul 25, 2021 12:45 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 10
Views: 1123

Re: How to covert int to hex type value and save it in a string?

Now the forum is more rich on functions ;))
by rextended
Sun Jul 25, 2021 12:39 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 10
Views: 1123

Re: How to covert int to hex type value and save it in a string?

You do not notice the request from @rrwakc on previous post? :))
viewtopic.php?f=2&t=57665&p=869033#p868885

I do not know why need that, but is for convert single word signed hex to integer

0xFF85 to -123
by rextended
Sun Jul 25, 2021 12:31 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Move local wireguard on another port and change on dst-nat the incoming port 53 udp from wan to local wireguard port dst-nat is applied before routing, and routing is applied before input chain, the packet change destination port and can reach internal service on another port. https://help.mikrotik....
by rextended
Sun Jul 25, 2021 12:30 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Ah, now with some other details I understand.
by rextended
Sun Jul 25, 2021 12:24 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Not now, not today, but sooner or later ISP notices...


Your provider lock all UDP??? (also UDP on 53...)
by rextended
Sun Jul 25, 2021 12:20 am
Forum: General
Topic: Input firewall filter prioritization [SOLVED]
Replies: 29
Views: 577

Re: Input firewall filter prioritization [SOLVED]

Sincerely, is a very bad idea to use wireguard on port 53. As WISP I block all "53" traffic from my clients if is not directed directly to the CPE All Italian ISP are forced to do this for idiot laws wrotten from someone then totally ignore of how internet works. We do not inject or interc...
by rextended
Sun Jul 25, 2021 12:07 am
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 262

Re: Which FW rule permits 'services'

Really.... not..., if MAC access (winbox/telnet) is keeped active on LAN side (better if one port is leaved as MGMT ethernet) [or using CLI on console/serial port] Firewall work on layer 3, MAC on layer 2, only misconfigured layer 2 bridge/vlan/ethernet/802.1x etc. can lock the device (console/seria...
by rextended
Sat Jul 24, 2021 8:21 pm
Forum: Beginner Basics
Topic: Which FW rule permits 'services'
Replies: 9
Views: 262

Re: Which FW rule permits 'services'

The question is missing where services should be reachable, on WAN or on LAN, That rule can't be the answer because do not permit services from WAN and do not block services from LAN (ignoring other rules) I do not wrote accept from LAN , I wrote do not block services from LAN . Very big difference....
by rextended
Sat Jul 24, 2021 8:15 pm
Forum: General
Topic: Feature requests
Replies: 1374
Views: 342260

Re: Feature requests

Right!

+10
by rextended
Sat Jul 24, 2021 2:49 pm
Forum: General
Topic: Static Public IP for Private Network
Replies: 3
Views: 130

Re: Static Public IP for Private Network

If your new ISP provide only Private IP, probbly you are uable to do nothing for accept incoming connections
because you not control the (CG?)NAT of your new provider and ont hat way you are unable to open ports or services for incoming requests.
by rextended
Sat Jul 24, 2021 12:20 pm
Forum: RouterBOARD hardware
Topic: 48-Volt POE-Out switches
Replies: 19
Views: 1988

Re: 48-Volt POE-Out switches

Is for sure a typo of the translator...
by rextended
Sat Jul 24, 2021 4:22 am
Forum: Virtualization
Topic: Is there a guide on how to size the VM for CHR?
Replies: 3
Views: 138

Re: Is there a guide on how to size the VM for CHR?

Well done, nice hint!
by rextended
Sat Jul 24, 2021 4:02 am
Forum: General
Topic: time of last config change
Replies: 3
Views: 142

Re: time of last config change

No, time of last change is not available. Is not true for my point of view, because I know better some aspects of RouterOS... And for sure you know better some others aspects than me. Simply check the history action on memory, if the time of last changed config is different, than something is chang...
by rextended
Sat Jul 24, 2021 3:56 am
Forum: General
Topic: Feature Request: RouterOS Nightly
Replies: 1
Views: 122

Re: Feature Request: RouterOS Nightly

+100000000
by rextended
Sat Jul 24, 2021 3:34 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 10
Views: 1123

Re: How to covert int to hex type value and save it in a string?

search tag # rextended int2hex num2hex integer number hexadecimal convert function Function to convert integer to hex (only positive numbers) :global num2hex do={ :local number [:tonum $1] :local hexadec "0" :local remainder 0 :local hexChars "0123456789ABCDEF" :if ($number > 0) ...
by rextended
Sat Jul 24, 2021 1:19 am
Forum: General
Topic: How to covert int to hex type value and save it in a string?
Replies: 10
Views: 1123

Re: How to covert int to hex type value and save it in a string?

Some reasoning on this... this function already exist on RouterOS, but I don't want to belittle anyone's work, it was just to let find out . using this example, the second line is for simulating one string readed from other variables. :put 0xFF85 :put [:tonum ("0x"."FF85")] The e...
by rextended
Sat Jul 24, 2021 12:49 am
Forum: RouterBOARD hardware
Topic: 48-Volt POE-Out switches
Replies: 19
Views: 1988

Re: 48-Volt POE-Out switches

For MikroTik we use MicroSet... :P This make some CCR devices compatibles with -48V: https://mikrotik.com/product/pw48v_12v85w I use it without problem on my CCR1036-12G-4S I solve the problem of -48V or using fiber or using (sorry I can not translate better) one Galvanic Insulator, it recreate anot...
by rextended
Fri Jul 23, 2021 11:02 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 551

Re: Mikrotik - Early Access beta hardware?

Ok, just a joke for be clear: to sign up for a) early access hardware or b) beta testing? or is or false or true = true if can not "sign up for early access hardware" still can use beta software on any all actual routerboad, new and not new (for sure not on abandoned mipsle architecture fr...
by rextended
Fri Jul 23, 2021 5:00 pm
Forum: Wireless Networking
Topic: wireless redirection
Replies: 4
Views: 208

Re: wireless redirection

Buy some ultra-cheaper tablet.....
Just one example
1024x600 50€

Or put the menu on public server and provide QR code to guests
by rextended
Fri Jul 23, 2021 4:55 pm
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 551

Re: Mikrotik - Early Access beta hardware?

Just one... correction...

Yup ... buy new model any devices from your local MT distributor and you're hooked up for beta testing. Or so it seems ...
by rextended
Fri Jul 23, 2021 4:50 pm
Forum: General
Topic: Auto Run script on reset
Replies: 4
Views: 147

Re: Auto Run script on reset

@mkx described the right way to do this.

But this only works if "No Default Configuration" is not selected during the reset-configuration
by rextended
Fri Jul 23, 2021 4:39 pm
Forum: Beginner Basics
Topic: Allow Remote DNS Requests
Replies: 6
Views: 354

Re: Allow Remote DNS Requests

Would including the dynamic list which I think contains all PPPoE clients in LAN solve this issue? or create the Allow 53/udp for dynamic list and add it before the drop-all-rule be the best option? Simply add before "defconf: drop all not coming from LAN" two rule with chain input (not f...
by rextended
Fri Jul 23, 2021 4:30 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 69
Views: 73817

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

Better if you make an export and share here

do:
/export file=export
and after open it with notepad,
and after censore your identifiable data with *** (not remove anything, just censore),
share the export.rsc
by rextended
Fri Jul 23, 2021 12:01 am
Forum: Wireless Networking
Topic: Weird speed problem, bridged network
Replies: 7
Views: 275

Re: Weird speed problem, bridged network

Well done, thanks.

But really all the credit goes to you,
without your precise description of the problem, I would never have had that intuition.
by rextended
Thu Jul 22, 2021 11:39 pm
Forum: General
Topic: export admin password
Replies: 6
Views: 306

Re: export admin password

Till now you do not answer to me: what you want to do with that password, if you have already full access to the device. If you paid the device, is what you say previously, why the isp company turn off your entire network of towers which is providing internet for 600 houses??? Something smells rotte...
by rextended
Thu Jul 22, 2021 11:28 pm
Forum: Wireless Networking
Topic: Weird speed problem, bridged network
Replies: 7
Views: 275

Re: Weird speed problem, bridged network

I read all posts. What RouterOS version is used? All the same? The bridge are on WDS on on bridge mode or others? (see point 1) I can think two tings: 1) better see the exports of all 5 devices 2) when tested with only one wifi at time, no problem, when tested involving both wifi at same time, both ...
by rextended
Thu Jul 22, 2021 10:54 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 624

Re: RouterOS Rule tester?

No, infected PC (or DVR, or any IoT device, etc.) than send out packet to Internet, like fake ping from 8.8.8.8 to ip like 1.1.1.1... the simply rule "LAN to WAN allowed" if not integrated with some other settings or rules, accept that packet and send it out on internet (if rp-filter= no )...
by rextended
Thu Jul 22, 2021 10:33 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 624

Re: RouterOS Rule tester?

At least all user must enable IP Spoofing block, near all DDoS attack use that vulnerability. Today I discover that what I took for sure (set loose), for my disbelief for default are disabled... /ip settings rp-filter default is no Must be set at least to loose https://forum.mikrotik.com/viewtopic.p...
by rextended
Thu Jul 22, 2021 10:28 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 624

Re: RouterOS Rule tester?

My sense is its the responsibility and possibly within the capabilities of the ISP provider.............. You right, but not all ISP care about this... I think this has a more likely chance, in general, of stopping issues for the homeower....... https://itexpertoncall.com/additional_info/moabpre.ht...
by rextended
Thu Jul 22, 2021 10:24 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 624

Re: RouterOS Rule tester?

And the same is for mark route on mangle, when is not evitable better use routes rules When you make vlan you create more vlan interface in /interface vlan and put all together on bridge, or you directly use bridge/vlan settings (or orther function depending on hardware) ??? Is the same with firewal...
by rextended
Thu Jul 22, 2021 10:19 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 624

Re: RouterOS Rule tester?

One example over all for raw: all incoming IPs presents on blacklist or from DDoS attack.
Why bother with those? In case of attack it also consumes less CPU ...
by rextended
Thu Jul 22, 2021 9:44 pm
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 624

Re: RouterOS Rule tester?

Do not forget "firewall raw" and move more rules as possible on that sections,

and when is possible, do not use mangle for routing, but routing rules.
by rextended
Thu Jul 22, 2021 7:11 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 818

Re: Automatic backup for 100 MKT

Is not possible directly, send the previous and the actual backup and the export to a server, inside the server with some script compare both old and new export, if export are different, except first line containig time and date, send the backup Why export and not directly the backup? Because two co...
by rextended
Thu Jul 22, 2021 6:42 pm
Forum: General
Topic: No skin selectable in Winbox
Replies: 9
Views: 1098

Re: No skin selectable in Winbox

try to create /flash/skins folder and put the skin inside that folder
probably something do not correctly detect how must be called the skins folder (/skins or /flash/skins)?
by rextended
Thu Jul 22, 2021 6:21 pm
Forum: General
Topic: export admin password
Replies: 6
Views: 306

Re: export admin password

Your friend probably doesn't want to be fired... What you write is a perfect try to steal password. As full admin you can change any password. If you not want steal the password to gain fraudolent access to other devices of the same company, why is it a problem not to know or change another user's p...
by rextended
Thu Jul 22, 2021 5:18 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 307

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

You use same global variable name vdsdown on two script or inside another active netwatch???
by rextended
Thu Jul 22, 2021 5:10 pm
Forum: General
Topic: Need to hire consultant, online/remote, to create a configuration asap.
Replies: 7
Views: 290

Re: Need to hire consultant, online/remote, to create a configuration asap.

Warning: that guy use and suggest "TCP flag filter" and "drop port 0" taken from the link on my signature, https://www.daryllswer.com/edge-router-bng-optimisation-guide-for-isps/ can "Breaks the web" as DarkNate say!!! they come to forum posts etc, see some bad config w...
by rextended
Thu Jul 22, 2021 5:05 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

Maybe you can see it as a hint that you need to adjust your behavior?
You're right,
it can serve me as a lesson,
but without exaggerating ...
by rextended
Thu Jul 22, 2021 4:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 321
Views: 42268

Re: v7.1beta6 [development] is released!

Thanks for reply.

Replace 6 with 4 or 5 on beta6 download link
by rextended
Thu Jul 22, 2021 4:31 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 307

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

RouterOS version? I try on 6.47.10 and my version work as expected, the script do not create useless log. 10 seconds are too close, can overlap the executin. Use 20 seconds at least. Try to paste it directly on scheduler but... the $ after :set is still present!!! :global vdsdown :local host 192.168...
by rextended
Thu Jul 22, 2021 3:53 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 307

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

what's exactly is wroted inside script and scheduler?

/sys script export

/sys scheduler export
by rextended
Thu Jul 22, 2021 3:38 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 675

Re: Can't reach Winbox if Dual WAN in failover mode

@gotsprings do not worry, the forum is frequented by users who are so insolent and know-it-all, who, instead of helping, offend and compete with "who has it bigger", not caring if they go off topic, obviously those who are offended respond in turn and this full the topic with garbage that ...
by rextended
Thu Jul 22, 2021 3:24 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 321
Views: 42268

Re: v7.1beta6 [development] is released!

What device you use?
by rextended
Thu Jul 22, 2021 2:35 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

To do this, there is no need to offend or be rude.

I don't want another friend, I just want you to stop offending and be more polite.

It is against the rules of any forum to offend.

Am I asking too much?
by rextended
Thu Jul 22, 2021 2:31 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

I do not want defend my rules,
I want you to stop offend and be more polite.
by rextended
Thu Jul 22, 2021 2:25 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

@ pe1chl expressed his thoughts in a non-offensive manner. The forum is full of worst things, like you, for example, why don't you ask the staff to delete them all? Instead of being here to offend on the forum, why can't you find a job with your very high knowledge, perhaps as a teacher of the "...
by rextended
Thu Jul 22, 2021 2:15 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

You are still rude and offensive, you have to be really frustrated in your private life to offend in such a free way here on the forum. Maybe there is someone who commands you and you can't do anything about it, then try to do the same here on the forum. This does not justify offenses and bad words....
by rextended
Thu Jul 22, 2021 2:02 pm
Forum: General
Topic: Mikrotik Chateau LTE12 External Antenna problems
Replies: 15
Views: 762

Re: Mikrotik Chateau LTE12 External Antenna problems

Ok,
so it means that instead of using quickset, with the risk of accidentally changing configuration,

just simply paste this on the terminal:
/interface lte settings
set external-antenna=auto
by rextended
Thu Jul 22, 2021 1:14 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

6. Thousands of ISPs especially in Asia-Pacific, South America, South Africa etc lack knowledge and technically competent network engineers, they come to forum posts etc, see some bad config with a beautiful headline, copy/paste it and viola! Breaks the web. Why you do not ask Juniper to remove tha...
by rextended
Thu Jul 22, 2021 12:17 pm
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

The topic is work in progress AND I accept your criticism AND I understand exactly PMTUD, your observation are considered. from RFC 8900 for example: 6. Recommendations 6.1. For Application and Protocol Developers Developers SHOULD NOT develop new protocols or applications that rely on IP fragmentat...
by rextended
Thu Jul 22, 2021 11:52 am
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

@DarkNate Where is the page on the forum where you teach to change the default "no" in the rp-filter and set it to "strict"? I asked everyone for constructive criticism, not unnecessary controversy. And about ICMP, all is start for a request about this Juniper feature https://www...
by rextended
Thu Jul 22, 2021 11:05 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 675

Re: Can't reach Winbox if Dual WAN in failover mode

(Please, let's not begin to see who has it longer) From the link on my signature: IP Spoofing (...) All ISPs should do this and 95% of DDoS attacks wouldn't exist ... Not all know this setting on "/ip settings" Incredibly, the default settings is rp-filter= no (probably because can't be ch...
by rextended
Thu Jul 22, 2021 10:53 am
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 818

Re: Automatic backup for 100 MKT

Actually this option on export do not exist :((
Is better if RouterOS permit to export internal users.db and cert.db for perfect backup and export to other devices...

Also why not include the internal user export when /export are done instead to
do /user export, not all users know this...
by rextended
Thu Jul 22, 2021 10:47 am
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 442

Re: Need to find older swOS

Sorry, but why you not try to use "iexplore" from start / run or on command prompt, if is windows,
or download firefox?
by rextended
Thu Jul 22, 2021 1:00 am
Forum: RouterBOARD hardware
Topic: recommendation to x86 hardware?
Replies: 6
Views: 1017

Re: recommendation to x86 hardware?

If he work with that device, he do not have time to lost with beta software
by rextended
Thu Jul 22, 2021 12:53 am
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 675

Re: Can't reach Winbox if Dual WAN in failover mode

...until i hear professionals I trust, with deep experience in MT, like MKX or sindy for example...
sindy: 2017 user #110.692
mkx: 2016 user #87.277




rextended: 2014 user #68.609
😢
by rextended
Thu Jul 22, 2021 12:45 am
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 818

Re: Automatic backup for 100 MKT

Last update: 5 years ago, really recent...
by rextended
Wed Jul 21, 2021 10:54 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 244

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

...into the MT app... (and WinBox) Simply because is all in one place, instead use multiple apps, is possible to export simply the database from pc to app on more device, instead to configure two apps for device, for say just two reason. Simpler than that... Is not like some other demanding request...
by rextended
Wed Jul 21, 2021 10:43 pm
Forum: Wireless Networking
Topic: Nv2 AP Synchronization
Replies: 1
Views: 145

Re: Nv2 AP Synchronization

YES
by rextended
Wed Jul 21, 2021 10:37 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 244

Re: Feature Request: Add Port Knocking on MikroTik App and WinBox

If someone ask you one beer can, and begs you not to give him H₂O, you give it a glass of water because is easier?

I have update the OP at the end, adding the Wireguard word.
by rextended
Wed Jul 21, 2021 10:21 pm
Forum: General
Topic: Feature Request: Add Port Knocking on MikroTik App and WinBox
Replies: 5
Views: 244

Feature Request: Add Port Knocking on MikroTik App and WinBox

Feature Request: Add Port Knocking on MikroTik App and WinBox https://en.wikipedia.org/wiki/Port_knocking DOES NOT MATTER IF ROUTEROS SUPPORT IT OR NOT leave us to do our rules on firewall , if possible, add it LATER direct support, for that. Example: add one field on login page for set some port co...
by rextended
Wed Jul 21, 2021 10:09 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 442

Re: Need to find older swOS

Now users can use (for free!) our hAP ac² provided as a basic router,
or if they don't want to use our router (for free!), but want buy one,
they have as a requirement that it be a MikroTik RouterBOARD!!! (not SMPIS and recent) :)))
by rextended
Wed Jul 21, 2021 10:01 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 442

Re: Need to find older swOS

Oh, now I understand perfectly your situation...

When we start to be WISP we don't want control over what users buy,
to try to please them as much as possible, because we have to increase the "user base"...

Now with a some thousand users, we can afford to choose and ban any sh!t... :P
by rextended
Wed Jul 21, 2021 9:33 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 818

Re: Automatic backup for 100 MKT

Must clearly specified: backup = ...backup! but for a) same device, b) same software version and c) same packages active, export certificates, ssh host key, login users internal database , but not the dude database , export partially the user-manager (do not exports assigned profiles and other user-...
by rextended
Wed Jul 21, 2021 9:24 pm
Forum: Wireless Networking
Topic: nRAY vs LHG 60G
Replies: 12
Views: 1018

Re: nRAY vs LHG 60G

Why you use beta software on things than be act to simply as ethernet cable?
by rextended
Wed Jul 21, 2021 9:15 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 442

Re: Need to find older swOS

MT update procedure failed with so many basic manufacturers' browsers 2.4 has some years... came out in 2016... and in 2016 "modern" browsers do not exist... all another era... The true question is, why on 6 years you try to update the device only now... (reading the changelog) For exampl...
by rextended
Wed Jul 21, 2021 8:32 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 818

Re: Automatic backup for 100 MKT

Better put one scheduled script on each routerboard than send you every night at random time the email with EXPORT, not backup, or upload the export on one ftp.
by rextended
Wed Jul 21, 2021 7:52 pm
Forum: Scripting
Topic: Incomprehensible behavior of Netwatch and a script that imitates it.
Replies: 10
Views: 307

Re: Incomprehensible behavior of Netwatch and a script that imitates it.

search tag # rextended check host status evidenced errors on your script: :global vdsdown :local host 192.168.1.252 # better put the editable things up :local checkvds [/ping $host count=3] :if ( $ checkvds = 0) do={ # $ must used for call variables :if ($vdsdown != true) do={ /log warning "Hos...
by rextended
Wed Jul 21, 2021 7:09 pm
Forum: Beginner Basics
Topic: [hap ac2] - After enabling VPN client Internet goes down [SOLVED]
Replies: 2
Views: 207

Re: [hap ac2] - After enabling VPN client Internet goes down [SOLVED]

Set "Default Route Distance" to 20 on L2TP Client or disable "Add Default Route" on L2TP Client.

From screenshot:
https://www.abuseipdb.com/check/82.202.167.182
by rextended
Wed Jul 21, 2021 7:02 pm
Forum: Wireless Networking
Topic: Compatibility of mini-PCI interface wireless network card
Replies: 2
Views: 128

Re: Compatibility of mini-PCI interface wireless network card

...in our country...
...Atheros manufacturer chips...
...chip Atheros 9220...
...made in our country...
...chip also is Atheros 9220...
But all the chips are maded on China, your country....
by rextended
Wed Jul 21, 2021 6:52 pm
Forum: Wireless Networking
Topic: WiFi apple problems
Replies: 2
Views: 225

Re: WiFi apple problems

Yes, if from my android device i can access internet pages and can also load internal corporate site and this operation from windows laptop - also all works fine and from apple device (i try two different iPad and mac Mini) do not work as expected then WiFi apple problems must be solved from Apple s...
by rextended
Wed Jul 21, 2021 6:47 pm
Forum: RouterBOARD hardware
Topic: old WAP AC extreme temperatur
Replies: 3
Views: 214

Re: old WAP AC extreme temperatur

Is not the only two pieces missing... see at N-E of -42 (on picture)

Also -23 and -24 do not looking good....
by rextended
Wed Jul 21, 2021 6:19 pm
Forum: The Dude
Topic: Dude crashed, having trouble restoring data base
Replies: 10
Views: 1266

Re: Dude crashed, having trouble restoring data base

try this on file from DOS command line: C:\Users\Rextended\Desktop\BACKUP\dude>sqlite3 dude.db VACUUM C:\Users\Rextended\Desktop\BACKUP\dude>sqlite3 dude.db SQLite version 3.33.0 2020-08-14 13:23:32 Enter ".help" for usage hints. sqlite> delete from outages; sqlite> delete from chart_value...
by rextended
Wed Jul 21, 2021 6:13 pm
Forum: Scripting
Topic: hotspot add [SOLVED]
Replies: 6
Views: 240

Re: hotspot add [SOLVED]

Sorry Sir, but I can not help you.
What I have writed is only for advise you than with this few detail you hardly find someone to help you.
I'm not English and I struggle to understand...

Anyway, I wish you the best of luck, Sir.
by rextended
Wed Jul 21, 2021 6:08 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 675

Re: Can't reach Winbox if Dual WAN in failover mode

Is about "Good luck hacking that.", not for the WAN ;)
by rextended
Wed Jul 21, 2021 5:52 pm
Forum: General
Topic: Can't reach Winbox if Dual WAN in failover mode
Replies: 25
Views: 675

Re: Can't reach Winbox if Dual WAN in failover mode

@DarkNate... It's too easy for you to say that... you're not the OP...
by rextended
Wed Jul 21, 2021 5:43 pm
Forum: Beginner Basics
Topic: MikroTik Groove 52 ac not able to reset [SOLVED]
Replies: 6
Views: 181

Re: MikroTik Groove 52 ac not able to reset [SOLVED]

Sorry, but for me is broken :(
by rextended
Wed Jul 21, 2021 5:18 pm
Forum: Beginner Basics
Topic: MikroTik Groove 52 ac not able to reset [SOLVED]
Replies: 6
Views: 181

Re: MikroTik Groove 52 ac not able to reset [SOLVED]

If you "simply" power up the device, something blink?
by rextended
Wed Jul 21, 2021 5:15 pm
Forum: Beginner Basics
Topic: MikroTik Groove 52 ac not able to reset [SOLVED]
Replies: 6
Views: 181

Re: MikroTik Groove 52 ac not able to reset [SOLVED]

Answer
From what you describe, your device appear broken...
by rextended
Wed Jul 21, 2021 4:48 pm
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 442

Re: Need to find older swOS

This doesn't appear to be a helpful suggestion. Thanks, very kind, this is just an asshole answer for anyone trying to help you. But, no problem, I still try to help you. More to the point, if 2.9 and up fail to upgrade from a local file, and also fail to upgrade from over the web, it's logical to ...
by rextended
Wed Jul 21, 2021 4:39 pm
Forum: General
Topic: export admin password
Replies: 6
Views: 306

Re: export admin password

Who are you trying to fool?

Do you try to steal someone else's password to try to rip him off,
if he used the same password for his bank account, e-mail or whatever?

Nobody will help you steal this information.

A password is secret and must remain so.

At the most, if you have lost it, change it.
by rextended
Wed Jul 21, 2021 3:29 pm
Forum: Scripting
Topic: hotspot add [SOLVED]
Replies: 6
Views: 240

Re: hotspot add [SOLVED]

He was sarcastic,
I didn't understand anything.
by rextended
Wed Jul 21, 2021 3:12 pm
Forum: Scripting
Topic: hotspot add [SOLVED]
Replies: 6
Views: 240

Re: hotspot add [SOLVED]

All clear, surely...
by rextended
Wed Jul 21, 2021 3:05 pm
Forum: Beginner Basics
Topic: CHATEAU LTE12 MIMO1 and MIMO2
Replies: 32
Views: 8274

Re: CHATEAU LTE12 MIMO1 and MIMO2

@BillyVan

PLEASE
you can make two /export:

disable (on quickset) the ext antenna,
on terminal:
/export file=before

after that enable (on quickset) the ext antenna,
on terminal do again:
/export file=after

compare the two files and put the differencies on forum, please?
by rextended
Wed Jul 21, 2021 3:02 pm
Forum: General
Topic: Mikrotik Chateau LTE12 External Antenna problems
Replies: 15
Views: 762

Re: Mikrotik Chateau LTE12 External Antenna problems

Even with stable version same results (no ext ant)
What you mean for "stable version"?
You use exactly the 7.0.3 "non-beta" and the only firmware supported for that device?
by rextended
Wed Jul 21, 2021 2:40 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1003

Re: stopping login attempt to user admin [SOLVED]

For example this: # Strip the net mask off the IP address :for i from=( [:len $currentIP] - 1) to=0 do={ :if ( [:pick $currentIP $i] = "/") do={ :set currentIP [:pick $currentIP 0 $i] } } Errors: Why complicate an easy thing? It doesn't stop at the first occurrence of "/" current...
by rextended
Wed Jul 21, 2021 2:32 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1003

Re: stopping login attempt to user admin [SOLVED]

:local inetinterface $[/int eth get [find default-name=ether1] name] this is automatic? so it will search ether1 for the inetinterface or if the modem uses ether2 it will change to ether2 also ? No, is still manual the change for ether1 / 2 / 3 etc., but it works regardless the name you use for eth...
by rextended
Wed Jul 21, 2021 1:56 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1003

Re: stopping login attempt to user admin [SOLVED]

One question: you are forced to use 74:DA:DA:83:AB:FE as MAC address??? Duplicate logging, the prefix do not "choice" anything, you simply log two time the same thing. Better remove prefix and set the prefix only on firewall rules: /system logging add prefix=PortForwardedTraffic topics=fir...
by rextended
Wed Jul 21, 2021 10:36 am
Forum: General
Topic: Mikrotik Chateau LTE12 External Antenna problems
Replies: 15
Views: 762

Re: Mikrotik Chateau LTE12 External Antenna problems

same problem here
RouterOS version?
You use the 7.0.3?
by rextended
Wed Jul 21, 2021 10:30 am
Forum: General
Topic: Need to find older swOS
Replies: 11
Views: 442

Re: Need to find older swOS

you can use tftp procedure to upgrade the device

https://wiki.mikrotik.com/wiki/SwOS/RB2 ... S_firmware
by rextended
Wed Jul 21, 2021 10:26 am
Forum: The Dude
Topic: Dude crashed, having trouble restoring data base
Replies: 10
Views: 1266

Re: Dude crashed, having trouble restoring data base

The db contain IP, username and password of all devices, is a security risk share it on forum.
And find a MikroTik consultant do not guarantee his knowledge is sufficent for recovery a SQLite database.

Sono in difficoltà, non so come consigliarvi...
by rextended
Tue Jul 20, 2021 9:13 pm
Forum: Scripting
Topic: Export and Import on backup and clone device problem !
Replies: 4
Views: 297

Re: Export and Import on backup and clone device problem !

READ THIS: I want help you, but you must post the "the WORKING config from the router" instead, only censored, not with deleted parts. ************************************** you can only write "DOESN'T work"? PLEASE READ THE POST COMPLETELY and UNDERSTAND IT before replying to it...
by rextended
Tue Jul 20, 2021 8:34 pm
Forum: Wireless Networking
Topic: Feature Request - Zigbee
Replies: 8
Views: 1266

Re: Feature Request - Zigbee

Echo Plus has one integrated ZigBee hub inside
by rextended
Tue Jul 20, 2021 8:32 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 376
Views: 291676

Re: Metarouter images

Did anyone managed to make a stable minimal metarouter with mqtt broker (OpenWrt or other).
Use CHR or x86 to.... ops, but at that point you can directly virtualize OpenWRT...
by rextended
Tue Jul 20, 2021 8:19 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1003

Re: stopping login attempt to user admin [SOLVED]

oh well, have to change user name...... :(
it was a veiled suggestion ... correct your post by removing it from the writings and the various exports...

/system script
owner=dermawas
by rextended
Tue Jul 20, 2021 8:18 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1003

Re: stopping login attempt to user admin [SOLVED]

this is useless ---->add action=drop chain=input comment="Drop Winbox on WAN" dst-port=8291 in-interface=1modem protocol=tcp because this exist: add action=drop chain=input you do not need to specify nothig less general before that rule, drop "all"! There is a typo! must be set t...
by rextended
Tue Jul 20, 2021 8:09 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 23632

Re: v6.48.3 [stable] is released!

True, I lost to think that, thanks!!!
by rextended
Tue Jul 20, 2021 7:58 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 23632

Re: v6.48.3 [stable] is released!

Seriously, It's a joke :P
by rextended
Tue Jul 20, 2021 7:47 pm
Forum: Beginner Basics
Topic: stopping login attempt to user admin [SOLVED]
Replies: 30
Views: 1003

Re: stopping login attempt to user admin [SOLVED]

dermawas , one hint: /interface detect-internet set detect-interface-list= none without checking if they are right or not, or something is missing, this is the correct order of the one already written: /ip firewall filter add action=accept chain=input comment="default configuration - Establish...
by rextended
Tue Jul 20, 2021 7:41 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 23632

Re: v6.48.3 [stable] is released!

@eworm you are an authenticated remote user? :P
by rextended
Tue Jul 20, 2021 7:41 pm
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 23632

Re: v6.48.3 [stable] is released!

Is a "an authenticated remote user" problem, do not give remote acces to everyone...
by rextended
Tue Jul 20, 2021 6:05 pm
Forum: Scripting
Topic: Export and Import on backup and clone device problem !
Replies: 4
Views: 297

Re: Export and Import on backup and clone device problem !

IT: E adesso che fai, ti rifai vivo tra qualche anno come il solito? EN: And now what are you doing, will you come back in a few years as usual? ************************************ Everything you've written is just nonsense. the "bug with dhcp-client on reset-config" it has nothing to do ...
by rextended
Tue Jul 20, 2021 5:51 pm
Forum: General
Topic: Different gateway for two PPPoE server instance
Replies: 8
Views: 416

Re: Different gateway for two PPPoE server instance

You practically did not provide any detailed description, data, or export of the configuration, just for example

Nobody is interested in being a detective, with dozens of questions before being told anything useful.

No answer to your question? How to write posts
by rextended
Tue Jul 20, 2021 4:02 pm
Forum: RouterBOARD hardware
Topic: R11 LTE/5G
Replies: 1
Views: 201

Re: R11 LTE/5G

Just look on the MikroTik site, right?
https://mikrotik.com/product/chateau_5g

Chateau 5G = Chateau + 5G = D53G-5HacD2HnD-TC + RG502Q-EA

maximum data rates up to 5.0 Gbps downlink and 900 Mbps uplink

Quectel RG502Q-EA
by rextended
Tue Jul 20, 2021 3:53 pm
Forum: General
Topic: Mikrotik generate CRL for revoked certs
Replies: 3
Views: 225

Re: Mikrotik generate CRL for revoked certs

For get internal ID (.id) /certificate :put [pri as-value] .id=*1;common-name=CAPsMAN-CA-.........................;.id=*2;common-name=CAPsMAN-......................... the value is hexadecimal, must converted to decimal, for example obviously the crl list file (as already wroted from @jprietove ) is...
by rextended
Tue Jul 20, 2021 1:02 pm
Forum: General
Topic: CRS-3xx Learn Limit/Lock on first
Replies: 6
Views: 1935

Re: CRS-3xx Learn Limit/Lock on first

...I'm trying to guard against is a customer connecting multiple devices via a switch and being able to exhaust a DHCP pool... DHCP Server with only one address on pool??? (or backwards router) If use a Router with internal NAT you can not distinguish the devices with IP or with MAC, is everytime t...
by rextended
Tue Jul 20, 2021 12:43 am
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 41
Views: 8607

Re: Hotspot Apple Login Page HELP!

Ask the awesome, mega-galactic, formidable, foolproof, matchless, super-cool, innovative, mega-super...
Apple...
...mind thinking for you,
what you need to do or not with a device,
what you need to click, you don't have to be compatible with others, and you don't have to ask.
by rextended
Tue Jul 20, 2021 12:06 am
Forum: General
Topic: Site to site Layer 2 VPN with full ethernet MTU -- over IPv6
Replies: 11
Views: 710

Re: Site to site Layer 2 VPN with full ethernet MTU -- over IPv6

For my headache also you suggest BCP?
by rextended
Tue Jul 20, 2021 12:01 am
Forum: General
Topic: CAPS Man & different WIFI channel config
Replies: 22
Views: 996

Re: CAPS Man & different WIFI channel config

What have you miss???
You haven't studied post #2 yet, you see, you persist in ignoring it but everything is written in there, even the answer to these other questions...
the 5180-5240 (Ceee 36-40-44-48) is the only range usable without dfs and also detected from devices
by rextended
Mon Jul 19, 2021 11:50 pm
Forum: The Dude
Topic: Function Request
Replies: 3
Views: 294

Re: Function Request

https://wiki.mikrotik.com/wiki/Manual:Tools/Fetch#Return_value_to_a_variable I literally wrote you what needs to be done, and let you think, rather than just copy & paste... :put ([/tool fetch url="http://x.x.x.x/devices/statistics/online-count" as-value output=user]->"data")
by rextended
Mon Jul 19, 2021 8:18 pm
Forum: The Dude
Topic: Function Request
Replies: 3
Views: 294

Re: Function Request

Search the forum, already explained with examples how to save the "get" from fetch to file and after that read the file content as value.
by rextended
Mon Jul 19, 2021 6:14 pm
Forum: General
Topic: How to connect 2 networks
Replies: 7
Views: 335

Re: How to connect 2 networks

What you try to achieve is really complicated,
is more simple to add 2nd ethernet on both and place one cable directly between the two PC (and MikroTik).
by rextended
Mon Jul 19, 2021 6:09 pm
Forum: General
Topic: default route prevents use of additional LTE passthrough WAN
Replies: 22
Views: 1490

Re: default route prevents use of additional LTE passthrough WAN

Without working directly on machine, by forum all is useless...
Are just examples.
by rextended
Mon Jul 19, 2021 5:50 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

...read the link and then be relieved that the example provided is so simple in comparison to the Russian complex methods LOL...
Um, sometimes I take too many things for granted...
How can I explain it better?
by rextended
Mon Jul 19, 2021 5:44 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

Thank you!!!

When the stable v7 comes out in 2023, I will update all my tagged scripts.
by rextended
Mon Jul 19, 2021 5:22 pm
Forum: General
Topic: default route prevents use of additional LTE passthrough WAN
Replies: 22
Views: 1490

Re: default route prevents use of additional LTE passthrough WAN

Notice for be clear: I do not use 7 beta My is just a hint, obviously. I use everytime the "rule", but sometime for granularity must be force to still use mangle All can be a personal choice, until the traffic is low... See this example for pptp: /ip route rule add action=lookup-only-in-ta...
by rextended
Mon Jul 19, 2021 5:09 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

Did I miss something?
Yes... you run beta 7, the script and route are for 6.46+ version,
on beta7 the routing is totally different....

You wrote in beginner basics section ,the question for 7 beta must be go on adequate section...
by rextended
Mon Jul 19, 2021 5:06 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

I like your method more,
it's the one I usually use,
but explaining and applying it on the forum is more complicated than a copy and paste... :)))
by rextended
Mon Jul 19, 2021 4:54 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

I provide the simplest solution A-B-C and the DHCP Client scripts for "Dual DHCP WAN Failover",
no matter if one or two are static or dynamic.
by rextended
Mon Jul 19, 2021 4:34 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

search tag # rextended dual dhcp wan failover This works only on 6.46.8+ and not in v7+ REMEMBER TO REMOVE "ADD DEFAULT ROUTE" ON DHCP CLIENTs and add those scripts on "script" section script for DHCP Client 1 = MAIN /ip route set [find where comment~"ISP1"] gateway=$&q...
by rextended
Mon Jul 19, 2021 4:24 pm
Forum: General
Topic: Automating backup links in a bridged network
Replies: 2
Views: 166

Re: Automating backup links in a bridged network

Have you considerered to use MPLS / OSPF?
by rextended
Mon Jul 19, 2021 3:44 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

Pinging the Gateway won't guarantee Internet access! Do not try to explain that to me, instead read... You have not even read what I linked, it does not ping the Gateway, but only the remote Endpoint ... >>> check ping 1.1.1.1 instead of ISP1 IP <<< That methot perfectly work, simply put (already w...
by rextended
Mon Jul 19, 2021 3:40 pm
Forum: Scripting
Topic: Useful scripts
Replies: 87
Views: 145001

Re: Useful scripts

The script can be used for read OID value(s) from other system (or unusefully to itself) because the standard function /tool snmp-get address=192.168.1.60 community=public version=2c oid="1.3.6.1.4.1.14988.1.1.3.8.0" can only print to video the results. The script save the "video"...
by rextended
Mon Jul 19, 2021 3:34 pm
Forum: Scripting
Topic: Useful scripts
Replies: 87
Views: 145001

Re: Useful scripts

:if ([:len [/file find where name="temp.txt"]] > 0) do={ /file remove [find where name="temp.txt"] } :foreach test in={"address";"comm";"id";"ver"} do={ :if ([:len [/system script environment find where name=$test]] > 0) do={ /system scrip...
by rextended
Mon Jul 19, 2021 3:05 pm
Forum: Beginner Basics
Topic: Youtube block works for 1 PC but not working for other pc
Replies: 2
Views: 189

Re: Youtube block works for 1 PC but not working for other pc

Probably the other computer have TLS 1.3+ compatible browser, or use QUIK Protocol, and you can not longer spy the connection.
by rextended
Mon Jul 19, 2021 3:00 pm
Forum: Beginner Basics
Topic: Dual WAN Failover Script Ping Command [SOLVED]
Replies: 21
Views: 752

Re: Dual WAN Failover Script Ping Command [SOLVED]

Your topic title is "Dual WAN Failover"

You must use search before open new topic, with same words and...

viewtopic.php?f=2&t=176574&p=865665&hil ... er#p865665
by rextended
Mon Jul 19, 2021 2:52 pm
Forum: RouterBOARD hardware
Topic: Can't read Voltage via SNMP on CRS112-8P-4S
Replies: 41
Views: 9406

Re: Can't read Voltage via SNMP on CRS112-8P-4S

And you're a trainer???
And are you a civic and polite person?
by rextended
Mon Jul 19, 2021 6:01 am
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

if i add it to my firewall everything on IP-layer breaks down Have you set the IP_used_on_LAN address list? add action=drop chain=prerouting comment="IP Spoofing protection from LAN" in-interface-list=LAN src-address-list=!IP_used_on_LAN \ src-address=!0.0.0.0 dst-address=!255.255.255.255...
by rextended
Mon Jul 19, 2021 5:56 am
Forum: General
Topic: default route prevents use of additional LTE passthrough WAN
Replies: 22
Views: 1490

Re: default route prevents use of additional LTE passthrough WAN

Better to do routing things on routing than on firewall... Use routes / rules instead routing mark, when possible. You know how? For Example /ip route rule add action=lookup-only-in-table src-address=<WAN1-IP> table=to-WAN1 add action=lookup-only-in-table dst-address=<WAN1-IP> table=to-WAN1 add acti...
by rextended
Mon Jul 19, 2021 5:47 am
Forum: Scripting
Topic: Error Sending Email via Terminal and Script
Replies: 8
Views: 424

Re: Error Sending Email via Terminal and Script

server="mail.domain.com:587" ???

server="mail.domain.com" port=587 ???
by rextended
Sat Jul 17, 2021 6:17 pm
Forum: RouterBOARD hardware
Topic: Can't read Voltage via SNMP on CRS112-8P-4S
Replies: 41
Views: 9406

Re: Can't read Voltage via SNMP on CRS112-8P-4S

do not use . at start of oid the OID for PS1 and PS2 work from 6.47.9+ version oid("iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrHealth.100.1.3.7201") and oid("iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule....
by rextended
Sat Jul 17, 2021 1:22 pm
Forum: General
Topic: Could'nt remove file action failed
Replies: 2
Views: 629

Re: Could'nt remove file action failed

The file are on SD card, USB, SDD, or internal nand/flash?
by rextended
Sat Jul 17, 2021 1:17 pm
Forum: Beginner Basics
Topic: manage config with subversion
Replies: 8
Views: 454

Re: manage config with subversion

@bee
use this post as example
viewtopic.php?f=1&t=175360&p=858564#p858564
by rextended
Sat Jul 17, 2021 1:00 pm
Forum: Announcements
Topic: WinBox v3.28 released!
Replies: 33
Views: 11969

Re: WinBox v3.28 released!

Is it so hard to add Dark Mode feature? :|
When WinBox was released the "dark mode" does not exist.
If one day someone invents the "rainbow mode" does WinBox still have to adapt?

WinBox is for work, not for fancy things.
by rextended
Fri Jul 16, 2021 3:08 pm
Forum: RouterBOARD hardware
Topic: hAP ac RB962UiGS-5HacT2HnT PoE question [SOLVED]
Replies: 5
Views: 401

Re: hAP ac RB962UiGS-5HacT2HnT PoE question [SOLVED]

Uh.. I correct the post immediately
by rextended
Fri Jul 16, 2021 3:02 pm
Forum: RouterBOARD hardware
Topic: hAP ac RB962UiGS-5HacT2HnT PoE question [SOLVED]
Replies: 5
Views: 401

Re: hAP ac RB962UiGS-5HacT2HnT PoE question [SOLVED]

the "i" on model say unique PoE out (approximative values) The common voltages used: If the hAP ac is powered with 12V or 24V the max out on PoE is 700mA If the hAP ac is powered with 48 or 56V the max out on PoE is 350mA if you power the hAP ac with adequate power: @12V max 8W device (and...
by rextended
Fri Jul 16, 2021 2:07 pm
Forum: Beginner Basics
Topic: simple client setup
Replies: 12
Views: 533

Re: simple client setup

You wrote it:
my main problem is that i cant ping or access the web interface
by rextended
Fri Jul 16, 2021 11:26 am
Forum: Beginner Basics
Topic: Why does "Quick Set" only allow for Internet on Eth1 or SFP1 [SOLVED]
Replies: 6
Views: 396

Re: Why does "Quick Set" only allow for Internet on Eth1 or SFP1 [SOLVED]

Why you can not use ether1 instead of ether24?
Is broken?
by rextended
Fri Jul 16, 2021 2:50 am
Forum: General
Topic: CAPS Man & different WIFI channel config
Replies: 22
Views: 996

Re: CAPS Man & different WIFI channel config

you are not reading my email
What email? :?
by rextended
Fri Jul 16, 2021 2:46 am
Forum: Scripting
Topic: Monitor Mikrotik log by Telegram
Replies: 19
Views: 10871

Re: Monitor Mikrotik log by Telegram

Someone help the user, please. I do not have telegram (and I do not want have it) # LOG FILTER TO TELEGRAM # BEGIN SETUP Edit Here :local myserver ([/system identity get name]) :local scheduleName "LogFilter" :local bot "941325023:AAH-pNTxLr021Av_C7bc9IGVdZDchDlwGb0" :local ChatI...
by rextended
Fri Jul 16, 2021 2:44 am
Forum: General
Topic: No Neighbors entries
Replies: 10
Views: 493

Re: No Neighbors entries

I do not reach to understand why do not work,
send supout.rif to support@mikrotik.com asking for help explain all the problem
by rextended
Fri Jul 16, 2021 2:42 am
Forum: Scripting
Topic: Create an .exe for restarting the mikrotik
Replies: 14
Views: 646

Re: Create an .exe for restarting the mikrotik

Honestly, it sounds bullshit to me.

If you wrote bullshit (except last post) I could agree,
but are you a person who has qualities and do you think I'm stupid enough to deprive me of what you write?

I will be an idiot but not stupid ...
by rextended
Fri Jul 16, 2021 2:26 am
Forum: Beginner Basics
Topic: Help checking Firewall
Replies: 5
Views: 652

Re: Help checking Firewall

on firewall raw remove first add action=log chain=prerouting log=yes log-prefix="Not TCP protocol" protocol=!tcp is duplicated 1) Thanks, each rule must be the first for each chain, the guide is not finished and the descriptions not revised. Thanks to you now I fix that text. 2) you can fi...
by rextended
Fri Jul 16, 2021 2:17 am
Forum: Scripting
Topic: Create an .exe for restarting the mikrotik
Replies: 14
Views: 646

Re: Create an .exe for restarting the mikrotik

Uhm, don't be offended...

*********************************

For one of your reply seem than you do not have readed the first line on post #2
viewtopic.php?f=9&t=176884#p867611
by rextended
Fri Jul 16, 2021 2:04 am
Forum: Beginner Basics
Topic: simple client setup
Replies: 12
Views: 533

Re: simple client setup

Please read again: winbox is not an option for me, i néed ip and web interface like any other normal router...and changing the ip back to default wont make it reachable, tried it. FIrst: RouterBOARD is not a "normal router". Second: You know than you can set a static ip on your ethernet i...
by rextended
Fri Jul 16, 2021 1:50 am
Forum: Scripting
Topic: Create an .exe for restarting the mikrotik
Replies: 14
Views: 646

Re: Create an .exe for restarting the mikrotik

To @all: If you read the first post correctly, wants an .exe to give to anybody to restart their (own?) router ... [...] if there is a possibility a mikrotik to be restarted from a .exe file which has inside a script doing that. The idea is that the user whom has a mikrotik device , justs double cli...
by rextended
Thu Jul 15, 2021 7:19 pm
Forum: General
Topic: CAPS Man & different WIFI channel config
Replies: 22
Views: 996

Re: CAPS Man & different WIFI channel config

You still have some solution and explanation in post #2 https://forum.mikrotik.com/viewtopic.php?f=2&t=176802&p=867648#p867127 and is like you still to not have readed it... And do not seem to me that you consider too the other Users that much... The current config was suggested by someone w...
by rextended
Thu Jul 15, 2021 7:06 pm
Forum: Beginner Basics
Topic: simple client setup
Replies: 12
Views: 533

Re: simple client setup

use winbox, do not need an IP,

or paste this on terminal
/ip add add interface=ether1 address=192.168.88.1/24
by rextended
Thu Jul 15, 2021 6:18 pm
Forum: Beginner Basics
Topic: simple client setup
Replies: 12
Views: 533

Re: simple client setup

For example, UPnP must be off on ap and client, the only network device than must have UPnP active is the Vdsl Router
reset again without remove the defaults for have a base to work.
by rextended
Thu Jul 15, 2021 6:10 pm
Forum: General
Topic: Firmware mirror and automatic updates
Replies: 23
Views: 1266

Re: Firmware mirror and automatic updates

@TomjNorthIdaho The OP don't want opinions.

Read what he wrote to me:
FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment.
That isn't the topic of this thread. No thread jacking please.
by rextended
Thu Jul 15, 2021 5:17 pm
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 bandwidth
Replies: 2
Views: 309

Re: wAP 60Gx3 bandwidth

If you do only "internal L2 routing" between the clients and the ap, you can really reach the gigabit sum,
but if your AP must do also NAT, firewall, etc. do not expect more than 150Mbps for station...
by rextended
Thu Jul 15, 2021 4:05 pm
Forum: Scripting
Topic: Create an .exe for restarting the mikrotik
Replies: 14
Views: 646

Re: Create an .exe for restarting the mikrotik

On 3 secs reverse enginered the .exe reveal username, password, certificate, etc. of the account used for reboot...

Yes, is feasible leaving API / SSH active on RouterOS and complinig .exe from Python or other language capable to do that.
by rextended
Thu Jul 15, 2021 3:56 pm
Forum: General
Topic: Adding Multiple IP blocks to IP-->Addresses
Replies: 3
Views: 301

Re: Adding Multiple IP blocks to IP-->Addresses

What's the reason?

Try explaining,
probably,
for to do the same thing that forces you to do this,
there is a better way to do it ...
by rextended
Thu Jul 15, 2021 3:48 pm
Forum: Scripting
Topic: Error Sending Email via Terminal and Script
Replies: 8
Views: 424

Re: Error Sending Email via Terminal and Script

Try with start-tls=no (or =tls-only) ?
by rextended
Thu Jul 15, 2021 3:43 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 102
Views: 11295

Re: v7 launch date

Rextended, our download page is automated, we have no ability to manually add something there. If version is not released in all channels, we can only give it out manually. I have one idea: read user-agent when is requested LATEST.6 on upgrade site. If the user-agent is "RouterOS 7.0.3" /...
by rextended
Thu Jul 15, 2021 3:32 pm
Forum: Scripting
Topic: Error Sending Email via Terminal and Script
Replies: 8
Views: 424

Re: Error Sending Email via Terminal and Script

First: upgrade your device, is ridicoulusly old... 6.43.16 from 2019/05/15 and full of backdoor. I suggest everytime the long-term 6.47.10 Second: on picture you use different settings for sending test mail... You do not think to use THAT settings on main settings? start-tls=yes ≠ start-tls=tls-only
by rextended
Thu Jul 15, 2021 12:54 pm
Forum: General
Topic: Firmware mirror and automatic updates
Replies: 23
Views: 1266

Re: Firmware mirror and automatic updates

@pe1chl Don't give him advice, he doesn't give a damn. Read what he replied to a piece of advice about this ... FOR ME is very bad practice to do auto-upgrade/auto-update , or for be more clear, doing unattended updates is just madness in the production environment. That isn't the topic of this thre...
by rextended
Thu Jul 15, 2021 12:47 pm
Forum: General
Topic: primary and secondary IP address
Replies: 3
Views: 321

Re: primary and secondary IP address

Do not offend, but if you do not put an "/export hide-sensitive" on forum, with censoring, not deleting, sensible data like username and true IP how "we" can help you?

Must be used the crystal ball...
by rextended
Thu Jul 15, 2021 10:10 am
Forum: RouterBOARD hardware
Topic: Can't read Voltage via SNMP on CRS112-8P-4S
Replies: 41
Views: 9406

Re: Can't read Voltage via SNMP on CRS112-8P-4S

I try to read the voltages both of PSU1 and PSU2 plugged into CRS112-8P-4S using OID but still fail. Have you update the CRS112-8P-4S to latest 6.47.10? If not, you can't with oid. PSU1 oid("iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrHealth.100...
by rextended
Thu Jul 15, 2021 10:05 am
Forum: General
Topic: Site to site Layer 2 VPN with full ethernet MTU -- over IPv6
Replies: 11
Views: 710

Re: Site to site Layer 2 VPN with full ethernet MTU -- over IPv6

Something between block fragmented packet? EoIPv6 for reach 1500 can fragment packet, but reassemble it on correct order on other side without the destination see the differences. If something inside are encapsulated: Leave disabled "Clamp TCP MSS" and set MTU to 1600, if still no trffic, ...
by rextended
Thu Jul 15, 2021 10:00 am
Forum: General
Topic: Firmware mirror and automatic updates
Replies: 23
Views: 1266

Re: Firmware mirror and automatic updates

Is that the question from start but no one reply, or reply with something other. Must be really two questions: 1) How duplicate RouterOS repository, all type of architecture, the long-term and stable version (I hope no testing and no development) on another machine [And choice what be considerered t...
by rextended
Thu Jul 15, 2021 3:07 am
Forum: General
Topic: primary and secondary IP address
Replies: 3
Views: 321

Re: primary and secondary IP address

Let me see...

Image
by rextended
Thu Jul 15, 2021 1:38 am
Forum: Beginner Basics
Topic: (RouterOS 6.47.2) DHCP "defconf offering lease without success"
Replies: 5
Views: 1619

Re: (RouterOS 6.47.2) DHCP "defconf offering lease without success"

1) WDS is not one standard, each manufacturer do what want.
2) The OP last access is 28 Oct 2020 and you bring up this topic for what?
by rextended
Wed Jul 14, 2021 7:43 pm
Forum: Virtualization
Topic: routeros sending radius auth request after login
Replies: 1
Views: 217

Re: routeros sending radius auth request after login

Check if the user still have the right to be logged in.
If someone disable the user on radius, must can not wait next login, drop fastly the connection.
by rextended
Wed Jul 14, 2021 7:35 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 779

Re: Firewall drop all !LAN is not the same as drop all WAN

Sorry, my english is not well...

Probably I make one there is an exception for you, if you are my client, because you know what you do... (I hope...?)
by rextended
Wed Jul 14, 2021 7:26 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 779

Re: Firewall drop all !LAN is not the same as drop all WAN

Probably there is an exception for you, because you know what you do... (I hope...?)

How you solve from continuos "attack" from Internet?
IP range?
Rate limit?
by rextended
Wed Jul 14, 2021 7:11 pm
Forum: General
Topic: Firewall drop all !LAN is not the same as drop all WAN
Replies: 15
Views: 779

Re: Firewall drop all !LAN is not the same as drop all WAN

When I started doing the "WISP" in 2007 every single bit made a difference. I was in constant "war" with p2p to limit them. And firewall rules tended to be "block everything". Then at some point, when I broke my balls, I gave up, I switched to a "pass it all" ...
by rextended
Wed Jul 14, 2021 6:45 pm
Forum: Wireless Networking
Topic: Purpose of using Bridge for CAP
Replies: 3
Views: 361

Re: Purpose of using Bridge for CAP

Simply because for put tunnel on ether1, you must use... a bridge!
by rextended
Wed Jul 14, 2021 5:50 pm
Forum: General
Topic: Smb error when trying to copy large file to usb flash drive
Replies: 2
Views: 376

Re: Smb error when trying to copy large file to usb flash drive

1-post-and-go ask to anoter user 1-post-and-go something...
You expect any reply to 1-post-and-go user, online only the 17 Oct 2020?
by rextended
Wed Jul 14, 2021 5:47 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 102
Views: 11295

Re: v7 launch date

... frustrated by incompetent users who can't read warnings, written with letters of usual size and colour...
+10
by rextended
Wed Jul 14, 2021 4:53 pm
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

For me, no thanks, you still reach me on forum if you write on topic where I have posted, like this.

I'm happy you have apreciated the hints.
by rextended
Wed Jul 14, 2021 4:47 pm
Forum: General
Topic: No Neighbors entries
Replies: 10
Views: 493

Re: No Neighbors entries

I can't reach to find anything strange...

You try to reboot? Probably is only locked???
by rextended
Wed Jul 14, 2021 4:11 pm
Forum: General
Topic: No Neighbors entries
Replies: 10
Views: 493

Re: No Neighbors entries

You still not specify:
The censored "/export hide-sensitive" result without cut off what you think.
by rextended
Wed Jul 14, 2021 3:48 pm
Forum: RouterBOARD hardware
Topic: microSD vs USB
Replies: 3
Views: 383

Re: microSD vs USD

...
by rextended
Wed Jul 14, 2021 3:45 pm
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

 
Let me know what you think, please.
by rextended
Wed Jul 14, 2021 3:42 pm
Forum: General
Topic: CRS328-4C-20S-4S High CPU
Replies: 3
Views: 323

Re: CRS328-4C-20S-4S High CPU

Obvious, but NOT the beta. Use long-term 6.47.10
by rextended
Wed Jul 14, 2021 3:38 pm
Forum: Beginner Basics
Topic: Problem to see source address - port forward
Replies: 3
Views: 240

Re: Problem to see source address - port forward

Is not possible, if are your RouterBOARD than NATranslate, you can see only the IP of the RouterBOARD. For see also the IP, you must set one Public IP address on your server, and leave conect directly from out to your server. Why this? add action=masquerade chain=srcnat src-address=192.168.100.0/24 ...
by rextended
Wed Jul 14, 2021 3:34 pm
Forum: General
Topic: No Neighbors entries
Replies: 10
Views: 493

Re: No Neighbors entries

You do not specify:
RouterBOARD model and RouterOS version
If is the only routerboard device on the network
The censored "/export hide-sensitive" result without cut off what you think.
by rextended
Wed Jul 14, 2021 3:13 pm
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

I suggest you to check RouterOS version at start (i do not know you already do that or not) because some syntax change on the years. this: /system routerboard :do {:set model ([get model])} on-error={:set model na} :do {:set serial ([get serial-number])} on-error={:set serial na} :do {:set ffirmware...
by rextended
Wed Jul 14, 2021 10:55 am
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52164

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

1) My preference are to see exactly what happen, on older version of routeros do not are present raw and "any", When I revise the rule I keep your suggestion, thanks. 2) Sometime error happen... On this base config, I do not want to risk to lock other router, but if you like address-list n...
by rextended
Wed Jul 14, 2021 10:48 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

:do {\r\ \n /interface wireless remove \$wlanname;\r\ \n } on-error={ \r\ \n :log info (\"Wifi Interface not removed ===>>\");\r\ \n };\r\ \n :log info (\"Removed Wifi Interface wlan\", \$wifinumber);\r\ for example this write two times in the log in case of failure "not re...
by rextended
Wed Jul 14, 2021 10:34 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

For example, for reading purpose remove ";" at the end, is not necessary: :global topUrl "https://.ispapp.co:8550/"; :global topClientInfo "RouterOS-v0.25"; :global topKey ""; to: :global topUrl "https://.ispapp.co:8550/" :global topClientInfo "...
by rextended
Wed Jul 14, 2021 10:29 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

I do not see the code at all, but if the author need some hints...
by rextended
Wed Jul 14, 2021 10:19 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

What is the "right" way.
First check if is a RouterBOARD or not...

The solution is already on previous post (i do not finish to translate all on time, sorry)

For sure dozen of other thing must be done with on-error, but when possible,
I like to prevent errors than manage it...
by rextended
Wed Jul 14, 2021 10:13 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

on-error
Again with on-error instead of using the right way?


Simply check if is a RouterBOARD or not? (true/false)
:global isRouterboard [/system routerboard get routerboard]
by rextended
Wed Jul 14, 2021 10:04 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 749

Re: Cloud hosted routers and value/identifier not being available

And what's the problem? There is no firmware-type in /system routerboard on cloud hosted routers Obviously, is not a RouterBOARD, how can have a RouterBOOT firmware? The program on GitHub is not MikroTik (is yours?), is a developer problem (your problem) if is unable coding in right way, not MikroTi...
by rextended
Tue Jul 13, 2021 8:03 pm
Forum: Beginner Basics
Topic: RB1100AH - Blocked ports [SOLVED]
Replies: 5
Views: 540

Re: RB1100AH - Blocked ports [SOLVED]

MAC winbox and MAC telnet work on UDP 20561, if you do not have locked that port, use winbox or another mikrotik devices If the routerboard do not appear on winbox neigbours, try to open the 1st mac address on product label, placing the cable of pc on ether1 What model of RB1100AH? If really is that...
by rextended
Tue Jul 13, 2021 7:57 pm
Forum: RouterBOARD hardware
Topic: new AP - cAP XL ac - spotted on fcc site
Replies: 4
Views: 627

Re: new AP - cAP XL ac - spotted on fcc site

inside chassis are some reflector to concentrate antenna emission/gain....

P.S.: the dBm are for US market, not for the unlocked version.....

The antenna gain is 5.5 on both 5GHz and 2,4GHz

If like other model with same chip, max TX power is near 26dBm unlocked...
by rextended
Tue Jul 13, 2021 7:51 pm
Forum: RouterBOARD hardware
Topic: new AP - cAP XL ac - spotted on fcc site
Replies: 4
Views: 627

Re: new AP - cAP XL ac - spotted on fcc site

RB cAP G i - 5acD 2nD - XL (- US)
Gigabit
PoE out 500mA
5GHz ac 2 Chain
2Ghz n 2 Chain
XL eXtra-Large

WLAN 2400-2483.5 MHz / 18.87 dBm
RLAN 5150-5250 MHz / 17.81 dBm
RLAN 5250-5350 MHz / 16.85 dBm
RLAN 5470-5725 MHz / 15.11 dBm
by rextended
Tue Jul 13, 2021 7:38 pm
Forum: General
Topic: Simple Queues for Prioritization
Replies: 4
Views: 422

Re: Simple Queues for Prioritization

The device can not know the max bandwidth you have. for examle your two queue: /queue simple add name="Internal Queue" priority=4/4 queue=default/default target=10.1.10.0/24 add name="Guest Queue" priority=6/6 queue=pcq-upload-default/pcq-download-default target=10.10.10.0/24 app...
by rextended
Tue Jul 13, 2021 7:22 pm
Forum: General
Topic: Dual ISP Bandwidth Configuration
Replies: 3
Views: 337

Re: Dual ISP Bandwidth Configuration

For example, but is not all: ...and prefer using some cheap Tenda... Than sometime enable DHCP server on itself for no reason, also if apparently correct installed... Removed ether2 from the bridge What bridge? If the user (than till now has not replied about) has old RouterOS with master and slave ...
by rextended
Tue Jul 13, 2021 5:44 pm
Forum: General
Topic: Firmware mirror and automatic updates
Replies: 23
Views: 1266

Re: Firmware mirror and automatic updates

You know what Unimus use for connect to every single RouterBOARD?
by rextended
Tue Jul 13, 2021 5:33 pm
Forum: General
Topic: Firmware mirror and automatic updates
Replies: 23
Views: 1266

Re: Firmware mirror and automatic updates

If the OP easy can "Create a user on each MT box that has a full-capability user with an authorized SSH key" and "Putting this into a loop to iterate over all available routers" has already the soluction to do "/sys pack up in" without think about architecture arm, mips...
by rextended
Tue Jul 13, 2021 5:09 pm
Forum: General
Topic: Firmware mirror and automatic updates
Replies: 23
Views: 1266

Re: Firmware mirror and automatic updates

1) I want to create a local firmware mirror that can be scripted. 2) At the moment, the only way to do so is via manual firmware updates from the Mikrotik site. 3) When an org has many devices, the best practice is to cache it locally and serve from that mirror rather than download the firmware ove...
by rextended
Tue Jul 13, 2021 4:09 pm
Forum: General
Topic: Dual ISP Bandwidth Configuration
Replies: 3
Views: 337

Re: Dual ISP Bandwidth Configuration

The word "bonding" on your post makes me write: You understand than (bandwidth ISP1) + (bandwidth ISP2) ≠ (sum of bandwidth of both ISP) Your max speed for single connection can be only the faster (or the slower, for config) ISP The word "master" on your post makes me write: Your...
by rextended
Tue Jul 13, 2021 3:52 pm
Forum: General
Topic: Block strange outgoing ssh connections
Replies: 12
Views: 501

Re: Block strange outgoing ssh connections

Ok, all those is a big novel, but the end is simple:

(With great probability) your router is compromised.

Is virtual?
If you can:
Stop vm, export to disk, backup with 7zip and share the vm on forum for further analysis the file and folder inside the image.
by rextended
Tue Jul 13, 2021 3:43 pm
Forum: General
Topic: ASK[CAPsMAN]
Replies: 13
Views: 742

Re: ASK[CAPsMAN]

nichky code

Now is it clear or do you still need help?
I hope you have solved
by rextended
Tue Jul 13, 2021 3:28 pm
Forum: Useful user articles
Topic: ISP Host name
Replies: 1
Views: 275

Re: ISP Host name

Some other user can reply over than me, but I provide you the short and the shortest answer possible: Short: buy and use the IPs and they will be yours (after 2 or 3 months), 20€/IP is a reasonable price. Shortest: get IPs assigned by your connection provider. Do not cost nothing, but your provider ...
by rextended
Tue Jul 13, 2021 3:13 pm
Forum: RouterBOARD hardware
Topic: Accessing serial console on RB260GS
Replies: 3
Views: 372

Re: Accessing serial console on RB260GS

False, is not SwOS (SwitchOS) to have or not a serial console, but the hardware. The RB260GS "BIOS" do not have support for use UART port as serial console. The CRS326-24G-2S+RM "BIOS" has the support for serial console, and have directly one "TRUE" serial console port ...
by rextended
Tue Jul 13, 2021 3:01 pm
Forum: General
Topic: PPPOE Hang up
Replies: 24
Views: 1294

Re: PPPOE Hang up

(Please do not quote on that useless way, use "+ Post Reply" button.)

Ah, I misunderstand the author of OP (you) .
You reply to @Tiesto

Sorry....
by rextended
Tue Jul 13, 2021 2:52 pm
Forum: General
Topic: Block strange outgoing ssh connections
Replies: 12
Views: 501

Re: Block strange outgoing ssh connections

You accept VPN...
Not just "VPN," but PPTP
Please... I know the differencies, The reply is for OP, not for you...


I don't know why anyone is still teaching how to set it up
Yourself reply: "kiddies are lazy" :P
by rextended
Tue Jul 13, 2021 2:44 pm
Forum: General
Topic: Site to site Layer 2 VPN with full ethernet MTU -- over IPv6
Replies: 11
Views: 710

Re: Site to site Layer 2 VPN with full ethernet MTU -- over IPv6

Disable "Clamp TCP MSS" and set MTU to 1500 on EoIP interface,
leave MikroTik do his works.
by rextended
Tue Jul 13, 2021 2:36 pm
Forum: RouterBOARD hardware
Topic: Accessing serial console on RB260GS
Replies: 3
Views: 372

Re: Accessing serial console on RB260GS

Currently SwOS (SwitchOS) for that device does not include (or update) the "BIOS" for support on UART port the serial console.

EDIT: now the grammar is correct?
by rextended
Tue Jul 13, 2021 2:33 pm
Forum: General
Topic: Block strange outgoing ssh connections
Replies: 12
Views: 501

Re: Block strange outgoing ssh connections

I can't write obviously some thing on this forum...
But if you leave open WinBox port...........
Use your imagination..........
by rextended
Tue Jul 13, 2021 2:31 pm
Forum: The Dude
Topic: Dude client crashing
Replies: 1
Views: 295

Re: Dude client crashing

Simply launch The Dude as Administrator when is needing update, or set program property to start everytime as Administrator. You solve all on this way. Hint: If you can not or if you do not want update/upgrade all the RB to 6.48.3, Install various dude on separate directory called with version numbe...
by rextended
Tue Jul 13, 2021 2:28 pm
Forum: General
Topic: Block strange outgoing ssh connections
Replies: 12
Views: 501

Re: Block strange outgoing ssh connections

really review your access-policy.
= leave the default firewall rules, and services only on LAN
by rextended
Tue Jul 13, 2021 2:18 pm
Forum: General
Topic: Block strange outgoing ssh connections
Replies: 12
Views: 501

Re: Block strange outgoing ssh connections

You accept VPN, WinBox and SSH (all on default ports!) from all the world:
add action=accept chain=input dst-port=22 protocol=tcp
I'm not surprised if someone has take the control of your routerboard and use it for DDoS/Brute Force attacks or port scan
by rextended
Tue Jul 13, 2021 2:17 pm
Forum: General
Topic: PPPOE Hang up
Replies: 24
Views: 1294

Re: PPPOE Hang up

(Please do not quote on that useless way, use "+ Post Reply" button.)

And what suggestion would that be?
by rextended
Tue Jul 13, 2021 1:50 pm
Forum: General
Topic: Block strange outgoing ssh connections
Replies: 12
Views: 501

Re: Block strange outgoing ssh connections

If IS TRUE, or your router is compromised, or you have done a mess with NAT rules.
by rextended
Tue Jul 13, 2021 1:03 pm
Forum: General
Topic: RouterOS shows 0 items
Replies: 4
Views: 317

Re: RouterOS shows 0 items

leave it as is now until work
by rextended
Tue Jul 13, 2021 10:44 am
Forum: General
Topic: RouterOS shows 0 items
Replies: 4
Views: 317

Re: RouterOS shows 0 items

reboot, seriously
by rextended
Tue Jul 13, 2021 10:37 am
Forum: General
Topic: CAPS Man & different WIFI channel config
Replies: 22
Views: 996

Re: CAPS Man & different WIFI channel config

Okay, you haven't even read and understood post #2, you're acting worse than a troll.
You don't want help, just create discussion. You are a lost cause.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 16