Community discussions

Search found 35 matches

by Trema
Tue Mar 26, 2019 10:39 am
Forum: General
Topic: IPv6 PPPoE+DHCPv6 Client Pool Rebind BUG
Replies: 10
Views: 2400

Re: IPv6 PPPoE+DHCPv6 Client Pool Rebind BUG

Excuse me, can you guide me with this script, I have no idea how to make it right for my config. Do I need anything else in the ppp config or just insert those line of script? This script is supposed to go into the ppp-profile for your connection. You can just copy and paste it as is (if you use We...
by Trema
Thu Oct 04, 2018 11:24 am
Forum: General
Topic: IPv6 PPPoE+DHCPv6 Client Pool Rebind BUG
Replies: 10
Views: 2400

Re: IPv6 PPPoE+DHCPv6 Client Pool Rebind BUG

This workaround works for me. Create an on-up script under the PPP profile. This will force a release (and subsequent renewal). This is mine: :local interfaceName [/interface get $interface name]; :delay 10 :log info "profile-pppoe-isp client up: ipv6 dhcp-client release"; /ipv6 dhcp-client release ...
by Trema
Mon Oct 01, 2018 2:31 pm
Forum: General
Topic: Setting up public IPv6 addresses - best approach
Replies: 5
Views: 482

Re: Setting up public IPv6 addresses - best approach

Actually your question is about preparing an IPv6 address plan. Maybe this document from Surfnet can help with that https://www.surf.nl/binaries/content/assets/surf/nl/kennisbank/2013/rapport_201309_ipv6_numplan_en.pdf , or at least provide some pointers on what you are looking for. You'll find prob...
by Trema
Fri Sep 28, 2018 12:43 pm
Forum: General
Topic: IPV6 over PPPoE prefix expiry longer than IPv4 lease
Replies: 5
Views: 593

Re: IPV6 over PPPoE prefix expiry longer than IPv4 lease

You can maybe script it - under PPP->profiles you can define on-up and on-down scripts that should be run when PPPoE establishes a connection. And yes I have seen that issue before with the DHCPv6 client, not sure what the cause is, but it is annoying I agree. This is a known and very annoying prob...
by Trema
Mon Sep 24, 2018 6:18 pm
Forum: Wireless Networking
Topic: May i have your attention, please? [SOLVED]
Replies: 7
Views: 966

Re: May i have your attention, please? [SOLVED]

If you want to do your guest users a favour, apply WPA2-security and embed the password in the SSID, e.g. The password is: free internet why do you say that ? From https://security.stackexchange.com/questions/68748/free-hotspot-open-wifi-vs-wpa2-wifi-with-known-password : A wireless network that is...
by Trema
Fri Sep 21, 2018 2:52 pm
Forum: Wireless Networking
Topic: May i have your attention, please? [SOLVED]
Replies: 7
Views: 966

Re: May i have your attention, please? [SOLVED]

If you want to do your guest users a favour, apply WPA2-security and embed the password in the SSID, e.g. The password is: free internet Furthermore, you may want to set default-forwarding to no for each wireless interface, to prevent clients to be able to send frames to each other. If you connect m...
by Trema
Fri Jun 08, 2018 1:18 pm
Forum: General
Topic: IPv6 WAN links fail over
Replies: 9
Views: 1625

Re: IPv6 WAN links fail over

I guess nothing changed with that yet?
Nope, nothing yet. See also this topic ("My IPv6 Triage List for ROS") with a wishlist of many more IPv6 enhancements in RouterOS.
by Trema
Thu Jun 07, 2018 12:34 am
Forum: General
Topic: cloud problem
Replies: 7
Views: 1280

Re: cloud problem

The 100.64.0.0/10 address block is reserved for Carrier Grade NAT applications ( RFC 6598 ). Now that the IPv4 address space is more or less depleted, ISP's revert to CG-NAT when they need to connect new customers. Hopefully they give them IPv6 addresses as well. Only when a customer starts complain...
by Trema
Mon Dec 11, 2017 6:07 pm
Forum: Announcements
Topic: v6.39.3 [bugfix] is released!
Replies: 47
Views: 16231

Re: v6.39.3 [bugfix] is released!

I have a problem with address lists under the IPv4 firewall since upgrading to 6.39.3. This is on both an RB2011 and a hAP AC. If I make an entry with a timeout it is deleted much sooner than it should be. Entries seem to last about 7 minutes for every 12 hours of timeout, or 14 minutes for 24 hour...
by Trema
Tue Jul 11, 2017 12:19 am
Forum: General
Topic: My IPv6 Triage List for ROS
Replies: 48
Views: 5464

Re: My IPv6 Triage List for ROS

It's perfectly feasible to use both a (static) ULA addressing scheme and distribute the daily changing global prefix through DHCPv6-PD. It has some drawbacks but it can be done today, with MT's. I agree that this seems to be the most in line with "natless world" IPv6 vision, and was what I also wan...
by Trema
Sat Jul 08, 2017 12:32 am
Forum: General
Topic: My IPv6 Triage List for ROS
Replies: 48
Views: 5464

Re: My IPv6 Triage List for ROS

NAT66 prefix translation We're not all lucky enough to have forward-thinking ISPs willing to statically assign our address blocks to us. Some of us have a different routing prefix every other day, and it sure sucks if your print driver has a static IPv6 address for a network-attached printer, and t...
by Trema
Sat Jul 08, 2017 12:12 am
Forum: General
Topic: DSCP Question
Replies: 8
Views: 956

Re: DSCP Question

You can achieve that with "connection-bytes" in the mangle rules: add action=mark-connection chain=forward comment=\ "smtp, submission up/down - mark connection small" connection-mark=\ no-mark dst-port=25,587 new-connection-mark=smtp-up-dn-s passthrough=yes \ protocol=tcp add action=mark-connection...
by Trema
Fri Jun 23, 2017 1:44 am
Forum: General
Topic: IPv6 and DHCP and DNS
Replies: 65
Views: 11199

Re: IPv6 and DHCP and DNS

I believe that handing out at least a /56 to each customer is recommended (source?). In the Netherlands the ISP's have agreed that they will follow this guideline. Some (XS4ALL, Solcon) even give /48's. Anyway, at least take a look here: http://www.internetsociety.org/deploy360/ipv6/ . Also interest...
by Trema
Fri May 12, 2017 4:17 pm
Forum: General
Topic: Mikrotik USB keyboard support
Replies: 3
Views: 714

Re: Mikrotik USB keyboard support

I suppose the idea is to have it trigger a script, e.g. to turn on/off the wifi, shutdown the router, etc.
by Trema
Sun Feb 05, 2017 5:20 pm
Forum: General
Topic: 6.38.1 pppoe link up/down time wrong
Replies: 18
Views: 2097

Re: 6.38.1 pppoe link up/down time wrong

Has anyone else noticed anything like this?
I observed the same behaviour on two different routers (750GL and 751G-2HnD), both running the current bugfix version 6.37.4.
by Trema
Mon Jan 30, 2017 12:57 am
Forum: General
Topic: DHCPv6-PD client subnet not routed
Replies: 23
Views: 2928

Re: DHCPv6-PD client subnet not routed

This is my version of the on-up script now: :local interfaceName [/interface get $interface name]; :local localAddr $"local-address"; :local remoteAddr $"remote-address"; :log info "profile-xs4all-pppoe client up: interface: $interfaceName local address: $localAddr remote address: $remoteAddr"; /ipv...
by Trema
Wed Sep 14, 2016 10:35 am
Forum: General
Topic: IPv6 - Two prefixes on one network
Replies: 1
Views: 367

Re: IPv6 - Two prefixes on one network

You probably could. You face, however, a much more serious problem: how are you going to route the packets to HE and your ISP? (Your ISP won't accept IPv6 packets with a source address from your Hurricane Electric prefix and vice versa.) Unlike the IPv4 side, RouterOS doesn't offer Policy Based Rout...
by Trema
Fri Sep 02, 2016 10:47 am
Forum: General
Topic: IPv6 local subnet notation?
Replies: 4
Views: 637

Re: IPv6 local subnet notation?

Do you need these explicit checks if you have
/ip settings
set rp-filter=strict
by Trema
Tue Jun 28, 2016 11:23 am
Forum: General
Topic: Shall we block all those ports if a ISP ?
Replies: 19
Views: 1674

Re: Shall we block all those ports if a ISP ?

Blocking port 53 ? DNS will stop working.  Of course they allow the use of their own DNS-servers. (This obstructs malware that diverts DNS-requests to DNS-servers operated by the bad guys.) I see,  so in address list allow they only keep the DNS IP of their DNS server.  so, everything else is block...
by Trema
Tue Jun 28, 2016 11:16 am
Forum: General
Topic: Shall we block all those ports if a ISP ?
Replies: 19
Views: 1674

Re: Shall we block all those ports if a ISP ?

Dutch ISP XS4ALL offers its customers customizable firewall settings. Customers can choose the level of protection they want through their support portal. This ranges from Level 0 (all ports open) to Level 4, where all the ports that are susceptible to abuse are blocked (i.e. 25, 53, 136, 137, 139,...
by Trema
Tue Jun 28, 2016 11:05 am
Forum: General
Topic: Shall we block all those ports if a ISP ?
Replies: 19
Views: 1674

Re: Shall we block all those ports if a ISP ?

Dutch ISP XS4ALL offers its customers customizable firewall settings. Customers can choose the level of protection they want through their support portal. This ranges from Level 0 (all ports open) to Level 4, where all the ports that are susceptible to abuse are blocked (i.e. 25, 53, 136, 137, 139, ...
by Trema
Wed Jun 22, 2016 9:51 am
Forum: General
Topic: IPv6 connection lost between to MT-routers
Replies: 6
Views: 783

Re: IPv6 connection lost between to MT-routers

I don't see why it would be a good idea to change the DSCP of all output. Add some matching to that...   Now you change the DSCP of ICMPv6 output and I bet that is what is making it fail. Admittedly, in hindsight it probably wasn't a good idea, but that is not the point. As far as I know it should ...
by Trema
Wed Jun 22, 2016 8:48 am
Forum: General
Topic: IPv6 connection lost between to MT-routers
Replies: 6
Views: 783

Re: IPv6 connection lost between to MT-routers

I have been able to reproduce this behaviour in a test environment. This is the setup: Router 1: 751G-2HnD running RouterOS 6.34.6 Router 2: 951Ui-2HnD running RouterOS 6.35.4 Both routers have been installed with the following (active) packages: advanced-tools, dhcp, ipv6, security and system. Conn...
by Trema
Tue Jun 21, 2016 1:53 pm
Forum: General
Topic: IPv6 connection lost between to MT-routers
Replies: 6
Views: 783

Re: IPv6 connection lost between to MT-routers

Ok, I think I have finally figured it out. It appears that this single line in the IPv6 mangle rules is the culprit: add action=change-dscp chain=output new-dscp=48 passthrough=no I'm doing some QoS at the WAN-side, with a limited set of DSCP-values. So why not give a high value to outgoing traffic ...
by Trema
Tue Jun 21, 2016 3:11 am
Forum: General
Topic: IPv6 connection lost between to MT-routers
Replies: 6
Views: 783

IPv6 connection lost between to MT-routers

I have been pulling my hair out over this problem since it popped up last Sunday, but I have no clue anymore where to look. Most likely I have done something stupid myself, but I can't figure out what it could be. I didn't think I made any (big) configuration changes prior to when the problems start...
by Trema
Tue May 24, 2016 2:43 pm
Forum: General
Topic: IPv6 WAN links fail over
Replies: 9
Views: 1625

Re: IPv6 WAN links fail over

Unfortunately, policy routing on IPv6 is not supported by the RouterOS at the moment.
Grmpf, I didn't realize that. How unfortunate!
by Trema
Tue May 24, 2016 1:26 pm
Forum: General
Topic: IPv6 WAN links fail over
Replies: 9
Views: 1625

Re: IPv6 WAN links fail over

There is no technical difference between regular IPv6 addresses and Unique Local Addresses (RFC 4193 https://tools.ietf.org/html/rfc4193 ). You can use both at the same time on your LAN without any problem. To prevent ULA's from leaking to the outside world, the RFC instructs to block them at the si...
by Trema
Fri Feb 19, 2016 11:21 pm
Forum: General
Topic: IPV6 internal configuration
Replies: 64
Views: 9104

Re: IPV6 internal configuration

/ipv6 nd prefix default set preferred-lifetime=2m valid-lifetime=5m Setting preferred and valid lifetime to only minutes can be a very interesting exercise. Not all OS'ses like it. Especially when the difference between preferred and valid is higher. Consider setting the preferred lifetime to at le...
by Trema
Mon Feb 15, 2016 1:06 pm
Forum: General
Topic: IPV6 internal configuration
Replies: 64
Views: 9104

Re: IPV6 internal configuration

Thanks - that is almost done, but I don't have in protocol - ipv6. When I tried to put ipv6 is in red, when 41 is accepted, In the webinterface you just enter the number 41, that's correct. but dont see any ipv6 comment. I don't understand what you mean. /ip firewall filter add chain=input comment=...
by Trema
Sat Feb 13, 2016 6:04 pm
Forum: General
Topic: IPV6 internal configuration
Replies: 64
Views: 9104

Re: IPV6 internal configuration

First create an interface for the 6to4-tunnel: /interface 6to4 add clamp-tcp-mss=no comment="Hurricane Electric IPv6-tunnel" !keepalive \ local-address=w.x.y.z mtu=1480 name=heipv6 remote-address=\ a.b.c.d /ip neighbor discovery set heipv6 comment="Hurricane Electric IPv6-tunnel" discover=no Where w...
by Trema
Tue Dec 01, 2015 2:26 pm
Forum: Announcements
Topic: 6.33.2 version is released!
Replies: 41
Views: 10045

Re: 6.33.2 version is released!

Arghh. My bad. I did /system export etc.
Should of course have been: /export etc.
My apologies to all.
by Trema
Tue Dec 01, 2015 12:27 pm
Forum: Announcements
Topic: 6.33.2 version is released!
Replies: 41
Views: 10045

Re: 6.33.2 version is released!

Just a reminder that the export is still broken.
by Trema
Tue Dec 01, 2015 12:27 am
Forum: General
Topic: 6.33.1 version is released!
Replies: 48
Views: 12650

Re: 6.33.1 version is released!

Could it be that the configuration export is broken?
/system export file=filename
I tried it on several devices. Export file won't get bigger than a few KiB's. Adding the "verbose" option doesn't make it any better. :(
by Trema
Mon Jun 09, 2014 10:50 pm
Forum: General
Topic: v6.14 released
Replies: 115
Views: 24574

Re: v6.14 released

DHCPv6 client still doesn't update DNS servers correctly, when lease is renewed:
Schermafdruk-4.png
by Trema
Tue May 20, 2014 10:42 am
Forum: General
Topic: v6.13 released!
Replies: 177
Views: 48919

Re: v6.13 released!

I think there is a bug in the DHCPv6 client, that was introduced in 6.12. I observed this behaviour on both a 2011UiAS-2HnD and a 750GL. When the option "Use Peer DNS" in the DHCPv6 client is checked, the v6 DNS addresses are added to the list of DNS servers, instead of being refreshed, each time th...