MikroTik

The proper word coming to my mind is: IMPRESSIVE

list of changes.

Could you please use "Post replay" instead of quoting hole previous posts.

We are able to follow the thread ... no need to quote it all the time.

Export configuration to a file and then import to the new device.
You have to tailor configuration according to interface names, MAC's etc.
Search the forum for "restore configuration"

Anav:

Rules should be obeyed.

Do you volunteer to translate posts instead of all lazy OP?

IMHO you should set "distance" for ISP interfaces in your local routing tables to number higher than expected "distance" of default router received from OSPF.
With no OSPF information the only one route will be ISP interface and when OSPF is connected the default route will be switched to the new one.

Upgrade, reset to the default configuration and then compare.
Or reset to "no-default-configuration" and start configuring from scratch.

I think more people would want a couple 40G ports at home than 12x 10G.

vortex ... please do not treat us as fools and please do not lie ... once more i see such a comment and you will be banned

vortex.

Last call ... PLEASE DO STOP throwing everywhere comments that 10+ Gb ports are a common need at homes ....

Please DO STOP.

CRS305 IS an ALMOST perfect fit for OP needs ... so once more PLEASE DO STOP throwing your comments about "a must have device" for all.

@vortex

PLEASE STOP sharing your thoughts what people need or what you think people dream of.

The OP asked a question about simple device with small amount of fast ports to use them as converters. Nothing more.

CCR2004-1G-12S+2XS is our router with the most powerful single-core performance so far. It provides incredible results in single tunnel (up to 3.4 Gbps) and BGP feed processing.

Maybe it is the answer.

And what is the implication of that? What does it mean for Mac's networking?

40G is the new 10G. When I was asking for home routers capable of 10G switching some years ago, it was professional level. Now not only is 10G cheap, some people even have 10G WAN at home. Why would you buy a couple of 25G cards when they are not much cheaper than 40G? Workstations and NAS that can...

A. Use "Post reply" instead of quoting whole previous post. No need to cite it. B. If an interface is part of any bridge then it "losts" it's MAC. It becomes "dumb" connector of a bridge and a bridge takes over its MAC and presents itself with the lowest MAC of all interfaces it consists of. If inte...

Printed MAC is the MAC of interface usually described as Internet and the second MAC is the lowest MAC of interfaces designated to be LAN interfaces. If you configure bridge for a group of interfaces then it receives administrative MAC as the lowest MAC of all included interfaces until you set it ma...

@Mikhalich

Could you use "Post reply" button instead of quotting previous posts all the time? Most readers are able to read them if they need it and there is no need to quote.

You start traffic via WAN2, receive answer and then rest of connection goes via WAN1.
Result: Netflix see traffic from different addresses and "complains".

Quoting news: "Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS." "The denial of service vulnerability, CVE-2020-3120, affects separate implementat...

Inside? Just kidding ...

What address are you asking about? Are you connected to your router via WWW or Winbox?

"9pfs is a network filesystem protocol developed for Plan 9"

Is HA coming with shared resources?

I'm not Mikrotik's empleyee so do not ask me questions what is "ordinary and affordable" and if Mikrotik is "hopeless". Mikrotik does not manufacture "DUMB" switches. DUMB and CHEAP. Maybe their not so cheap devices have their flaws but it's a different story. If you want really "cheap and affordabl...

Once more. What is the sense of doing less usable device_ You have to prepare casting molds for cases. design PCB or redesign current one to be able not to mount some parts. YOU HAVE TO CERTIFY such device for CE/FCC etc. It's not free. You have to have a stock of it, you have to service it. Do you ...

And what's the point of buying a switch with an SFP port that will never be used What is the sense of removing connectors which make cost of a device a little higher and let serve more users? Are you still joking? You consider providing cable to each desk if only a ceiling would be placed lower. Wh...

Are you joking? Designing new device just beacuse your client cannot afford 10$ difference on a switch with additional USB and SD ports? If look and feel is the most important factor then price shouldn't be a problem. BTW: hide device of any size behind the first desk and there should be no visual/e...

@allencesar and @bda

Is it a problem for you to press "Post replay" instead of quoting quotes of quotes ? Do you think it makes reading your discussion more readable?

I use hAP ac2 to do PPPoE connection to ISP on 600/60 line and this router serves/shares pool of public IPs to "second level" routers at my place.
No problem with CPU and traffic. I installed it in the place of my 1100AHx2 which had decided to end it's life

More details please. What is your big problem?

Your report is like: I'm ill. What can I do to cure myself.

https://wiki.mikrotik.com/wiki/Hairpin_NAT

Make a drawing and post it. One picture tells sometime more than thousends of words.

Buy two hAP ac2 listed @ 65$

Such device behaves quite well for me serving 600/60 line so think that it will be enough for you and you will have two routers.

Make src masquarade changing src ip to router's ip for all connected via VPN.

@vortex

Once again:
Could you be so kind and stop filling forum with such consecutive selfanswering "comments".
You just make huge amount of "posts" with no clearly visible sense.

You THE MAN!
or even
You THE MEN!

vortex:

Please DO STOP answering yourself and sending post under post ... this is my last "suggestion"

vortex:

Please DO STOP. It is not funny.

B. Moderator's duties. It's not your duty to police a thread that needs none, he isn't posting spam or any such thing. You simply don't like it and that's not enough. *edit* It's not my job to defend so I will just stay out of it. I'm a moderator of a large forum and an admin for another and we fol...

Why do you care? He started this thread.

A. I just care. Why not?
B. Moderator's duties.

vortex,

IIMHO i's time to stop increasing your post counter. You ask questions, answer them and comment own answers at once. Maybe you should set up your own blog?

Too many quotes and post to justify that 10Gb router + 40Gb switching is a "must have" for home users.

I did not ask for 10Gbps routing. Some people will eventually need 10Gbps routing. Really? English is not my native language but I try to understand what I read and answer to I am not saying 10G routing is budget. 10G switching is. But when you see the 4011 would be capable of asymmetric 6Gbps it i...

You freely mix differents things. You ask for 10Gb switching, for 40Gb switching to connect "proper" 40Gb NAS, for 6 or 10GB router based on 4011,.... Adding 10Gb switch just for pure switching with no rules/filtering at bridge level is not even close to providing enough resources to do 10Gb routing.

Did I ?

Just saying that there is no sense to push the limits just for show off.
It is like buying the Bugatti Veyron just for it's 1300 Hp and then cruising your urban area @ 30Mph.

The assumption of your disccusion is that faster is better than stable.

10G would be a budget router. A proper home NAS should be 40G now. It depends who you are. Most people could live with 100mb just for Netlix, YouTube or Spotify. If you are a gamer ar IT nerd then yes ... more than 1Gb could fit your needs but is not a "must have". Your theory is that each should b...

A. Edit the first post end delete this 2 meters long quote

B. You need a better router. My 2011 also gives no more than your one with 600 Mb FTTH

@vortex:

Never ending story .... why do you quote the WHOLE previous post? What for? Deas it emphasise your answer more?
Do you know what "post reply" button is for?
Seems that most of us could follow the discussion flow without such quotes. We are able to read provious posts.

@rooted:

Never ending story .... why do you quote the WHOLE previous post? What for? Deas it emphasise your answer more?
Do you know what "post reply" button is for?

@PTPStudio:
Why do you quote whole previous post? Does it makes your answer more valuable? Do you see "Post replay" button?

.... Not when you are downloading 50GB games. A. Are you sure that source is able to deliver data with 10Gbs? B. ISPs always oversell bandwith so I'm not shure if they are able to deliver constant multi 10GB traffic to users. Edge routers will limit their throughput. C. 5 sec vs 50 sec for 50GB dow...

@Sib:

"It allows ..." does not mean that it should be full ASCII editor.
Is it possible now to make such a piece of art? Yes or no?
As I wrote ... use any editor to prepare your logo and just paste it into a note.

3,4) RouterOS is known to not support everything. If you want to be sure, download CD image and try to install it. It will run without any limits for 24 hours. Or there's free L1 license, it works forever, but has some stuff limited.

Just test CHR https://wiki.mikrotik.com/wiki/Manual:CHR

What about designing your logo in notepad or any other text editor and copy+paste into Note?
No one except admin is able to contemplate this logo as a Note

@Bartoz - Why would you infer that the issue only refers to 6.43 unless you can prove that the issue raised in the CVE was covered in the firmware upgrade notes of subsequent Versions. In other words, you know it has been and thus a link or quote or post referring to that would be helpful. Or, you ...

What are the current versions of ROS?
This CPE is about versions 6.42 which are obsolete since 2018 ...

Read this: https://wiki.mikrotik.com/wiki/Hairpin_NAT

....
And of course you must be able to reach internet from the device. So in Tools->Ping try to ping 8.8.8.8. That must work. When not, fix it first.
(check IP->Routes etc)

It is much better to check ping mikrotik.com as it checks not only Internet access but also a DNS resolver.

Vectra is the Polish CableTV operator. From log we can see that something behind this static address tries to connect to address 155.x.y.x port 52676 For me it is not Qnap the source as it is just accessible with the redirection at the same address from the "attack" comes from. I suspect that there ...

https://wiki.mikrotik.com/wiki/Manual:Scripting

look for global variables

Use Scheduler to schedule when your script runs.

https://lmgtfy.com/?q=mikrotik+script+schedule

@irqhost: why do you quoute whole post? Isn't it enough just to ask a question in this thread?

If you disabled port then nothing could help.
If other ports are not disabled then use WinBox in MAC mode and try to access your router.

viewtopic.php?t=147994

A. "RAW" part of firewal inspects packets which enter firewall or leave it but are originated by router: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Raw B. NAT is done before routing and firewal so you have inspect proper addresses in firewall rules e.g if you DST-NATted packet to internal dev...

I doubt that it is a bug. I use GRE-IPSec and IPIP-IPSec ..

Have you specified local and remote addresses of GRE on both routers?
Do you allow proper protocols to pass firewall?

I doubt.

Look for 3011 or 4011 instead.

Simply ... you ask a question: Will my planned restaurant 100 sqm size be big enough to serve all clients? No info of of place where this restaurant is planned? What food do you want to sell? When it will be open? How many tables do you plan? How many chairs or benches do you plan? Will you offer ta...

The answer is easy ... as many as you wish if only they do not use functions which are limited by license:
Read this: https://wiki.mikrotik.com/wiki/Manual:License

The question is ... does this router is powerfull enough to serve all connected clients?

Possibly ISP side was not configured properly on time and that's why it works now.

Last week 2011L tested as PPoE client to ISP. 600/60 bandwith.

Maximum throughput received with fasttrack on and one NAT for PPoE was circa 200Mb / 60Mb

VLANS?

Make firewall rule which accepts access to webfig only for particular address.

MAC list ...

Is it a problem for you to download it to your computer or any RPi device ... the cheapest one you can find? Should it be done by a router? Printer Services, SMB, Torrent ... lets add full SMTP server, Backup server, WordPress, Spotify ,Netflix Player ... Do we really need a monster like this? https...

English please. Use any translator you want. It is English based forum.

https://blog.mikrotik.com/

The question is if you are able to make PPPoE connection from "internal" router to receive public address if there is no Mikrotik "in the middle"?
What do Mikrotik should do in your opinion?

https://wiki.mikrotik.com/wiki/Hairpin_NAT

@upower3

Is it a problem to pin https://mikrotik.com/download url to the tab in your favourite browser and open it with one click?

Checito

You should assume that most readers are skilled enough to stick with the flow of consecuitive posts.
If you want to comment something what was mentioned a few posts earlier then quote only the crucial part of that post.

Why not to use Winbox with MAC address?

Chechito,
Could you please do not quote full previous posts in your answers if there is no need for that.
Just use big button "Post replay"

Zacharias,

Could you please do not quote full previous posts in your answers if there is no need for that.
Just use big button "Post replay"

It may help you:

search.php?keywords=stp++iphone

MikroTik
Certified
Network
Anesthesiologist

will bring your router back to life

Run such script when rebooted # :local loctoemail "destination@address.com" # :local locident [/system identity get name] :local locmachine [/system resource get architecture-name] :local locversion [/system resource get version] :local loctime [/system clock get time] :local locdate [/system clock ...

It's more like coma after surgery as router is still alive

Version 6.46beta38 has been released.
......
*) console - fixed IP conversation to "num" data type;
....

Shouldn't it be "conversion"?

Show configuration of your router.
I suspect that you have assigned 8.8.8.8 address to interface in your router.

How to educate other users if you do not set a good example? Laziness is not a good excuse.

!ste:

Is it necessary to quote FULL previous post?

Yes,

"Bigger" devices usually have "higher" licenses what is described there: https://wiki.mikrotik.com/wiki/Manual:L ... nse_Levels

Why do you think that Mikrtik's forum is proper place to ask about problems with Tenda router?

Was it "Upgrading on the edge" by Aerosmith?

Jump from 6.40 directly to 6.45 .... you are brave man. Have you read changelogs in the 6.41?

anav: maybe my toilet paper has just more layers than your? BTW.... If you want to protect computers on one bridge at L3 from another L3 layer then you need to block bridge A pool (name it poolA) from poolB, poolC, poolD ... poolC protect form poolD but not from poolE .... poolF from poolA, poolB bu...

@anav:

Nets at L2 may be separated but routing at L3 works and OP asks how to prevent IP access.

@OP:
what about using filters at bridge level? Antything what is forwarded to other interface than WAN should be dropped.

How you add Port1 to four different bridges?

Do you connect any interfaces to this bridge?

My simple solution: /ip service set winbox port=18291 /interface list add name=WAN_LIST /interface list member add interface=ETH1-WAN list=WAN_LIST /ip firewall raw # # accept packets to nonstandard WinBox port ... could be tailored for access from particular subnets etc. # add action=accept chain=p...

My old 0.02$ to this topic: viewtopic.php?f=1&t=93307&p=490460#p490402

http://bfy.tw/NuAw

viewtopic.php?f=21&t=146087&p=727601#p727601

Directly from power socket if you use 24V PSU?

Thank you for the report.
It is example of situation when one subnet is fully included in another. I do not look for such optimization ... yet

IMHO it is not "a bug" .. output is fully valid however not optimized to "deep roots".

I was thinking how to optimize big IP lists before importing them to Mikrotik. It ended as this program. Feel free to use it. Comments welcome. Written with GNU Linux and gcc. Standard usage ... takes data from stdin and outputs to stdout Program tries to merge consecutive IP addresses or IP ranges....

@tayroborges:

English please !

No device calling itself a router should have this as it's fully patched, default configuration out of the box be this: ...... If you want to make excuses for having crappy default configurations that's fine. Mikrotik is the one that is making the reputation for making devices that are part of botn...

After upgrade of CRS125 it stopped to be visible in a neigherhood and for WinBox.

Tony:

Once more ... please do not start so many threads. Make one and please stick with it.

Isn't it better to make one topic instead of starting several ones?

After upgrade to 6.44.1 on RB962 GRE+IPSec stopped working when connected to 6.44 on the other side. After downgrade to 6.44 back on-line.

What about logging with WinBox via MACaddress?

Resseting configuration should not be allowed without setting password as integral part of this process.

You are using the wrong symbol to explain to IT people, should use "!=" instead, then they will better understand

For some "<>" should be used

It is always safer to netinstall as it formats device.

*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);

Emils

I'm interested how did it happen? What someone had been messing for with e-mail part of ROS?

"Expected more" means 23+ Gb sustained transmission with 190$ device?

No. It's not old thinking.

My net is my castle. Period.

Xymox,

Be responsible ISP/IT company and inform your customers that someone tries to take over their security.

Inform them about pros and cons and explain why you prefer not to jump into that train.

Easy.

Hmmm.... I watched this video and what comes to my eyes is "security manager will configure customers' micornets to be safe/secure etc...." or sth like that ...
Who the ..... is Alice ... opssss ... security manager?

Keeping up with the Simpsons ... let me decide

Frankly speaking: Bartosz ... "sz" pronounced as "sh" in "wash"

How your PC reaches camera?

WAN -> LAN? Is it OK?
LAN -> LAN? OK or not? Look for Harpin NAT.
LAN -> WAN? OK?

CRS are switches not routers. Thay can do routing but they are not designed for routing/natting/mangling heavy traffic. You should look for CCR devices if you want to mostly route or start with AH1100x4 ones. I have installation with AH1100x4 for 50+ users, VPN+IPSec used to access main office share...

Strange ... IPSec works for me

after upgrade 6.43.12 -> 6.44

IPSeced IPIP and GRE tunnels work smooth after upgrade, self-reconnected without problems. Comments still in place.

viewtopic.php?f=21&t=140165
viewtopic.php?f=21&t=137572

Do you really use these public IPs in your configuration?

Be patient. Most of moderators are volunteers so it takes some time to be moderated.

Suspecting that DHCP server mostly warns

A. when device try to renew address when lease is still valid and full DHCP REQUEST-ACK-CONFIRM process is not done
or
B. ROS sees that device is "vanishing" ... I see it in logs when CAPSMAN moves device from one AP or interface to another.

Does not help ... no change .. still receiving warnings

Most users who start threads "Mikrotik hacked...", "My router is unsecured", "Big hole in security of ..." seems to not check forum for security topics Did you try easiest method to look for security problems: https://forum.mikrotik.com/search.php?keywords=vulnerability https://forum.mikrotik.com/se...

If I recall correctly it means that there is NNNN exactly the same consequent messages in the log.

It is my way of "drop it ASAP" 0. if attacker scans us again (is already on the list) then drop it right now. A. check if unwanted port is checked. B. if yes, add attacker to the ban list C. drop all packets coming from attacker list /ip firewall raw add action=accept chain=prerouting dst-port=porto...

It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping

Uncheck ...
"Always send replies as broadcasts even if destination IP is known. Will add additional load on L2 network."
DHCP broadcast an offer even if device is just deassigned.

For me the problem is with static addresses and seems to be connected with this option which sends offer even if there is no demand for it. Converting dynamic address to static makes this option somehow "checked" even DHCP server has it "unchecked" so if you forgot to uncheck then static reservation...

Before import rename all interfaces in 1009 to names used in 3011. It will make import much easier.

/ip firewall filter
add action=drop chain=input comment=WAN->DNS dst-port=53 in-interface=YOURWAN protocol=udp

Please edit your post and use English

Anav ... should mrz explain again and again and step by step what to do when you are hacked or could expect that autor is aware of https://blog.mikrotik.com/

What about https://mikrotik.com/products ?

Users of what service?

IMHO it could be problem of STP/RSTP protocol. Switch it off and see what will happen.

I use N++ with it's regular expression search+replace/replace all option.

@anav: Barracuda ESG does good job .. it filters most of spam from China ... most means 99% ... but I was tired skipping whole pages of "dropped/blocked" entries and decided to not allow such e-mails to reach ESG @Xtreamer: Please check attachment. It is part of a bigger set of rules so you must to ...

How did you remove ethernet interface from router? Physically? Then I doubt if you can connect to your router

Do you have more eth interfaces? What router it is? Configuration?

Almost 24 hours later

Edit ... blocked at RAW firewall level

Chiny4.PNG

Hi, I use Barracuda Spam Filter (Barracude ESG) as my spam-firewall for one of my customers. It does good job but one of their e-mail's was used for communication with China based client. Since then we receive hundreds spam e-mails per day only for this used e-mail. We do not receive e-mails to admi...

https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

Do you use same "paranoic"

rules for LAN as for WAN side?

@n21roadie ... could you please stop full quoting all posts you are commenting. Use "Post replay" instead of "quoting" post.

Yes.
You don't need

...dst-port=!8291,22 ...

You accept it earlier so packets to 8291 and 22 do not even reach this drop rule.
I suggest to change 8291 port to other port in you configuration for winbox access.

Yes.

If you want to protect your castle then you build THE WALL which stops all at the gate and then allow to go inside only allowed persons/goods/packets. It is far far easier then allow all to enter and spy them for "bad guys".

More details please.

Done ... just warned as previous posts were quite "normal"

General answer is: No.

More details please. Configuration, topology, version upgraded from ... we aren't wizards guessing from tea leaves

Maybe you are victim of viewtopic.php?f=21&t=140165

L'italiano è una bella lingua but please use English

viewtopic.php?f=21&t=140165

I...Maybe make an expander module that can be mounted on the front or back of the rack, via a fiber optic cable and connected power back to the switch. Would make it easy to have a top of rack back and front switch ports....

Just PoE powering. No need for next PSU.

Do you imagine this FAT-FAT-FAT cable boundle which you try to move to slide out/in a switch? How to organize them to ease slide device out and not to have big gnarl when slided in? How to protect cables against braking down RJ45 connectors? How many empty Us above device needed to organize cables? ...

How your ptoblem is connected to Mikrotik?

Safe mode is good solution but having Plan-B is even better if you commit "safe" configuration.

Start with:

/interface list
add name=WAN_LIST
/interface list member
add interface=YouRWANInterface list=WAN_LIST
/ip firewall raw
add action=drop chain=prerouting dst-port=53 in-interface-list=WAN_LIST log-prefix=UDP53ALL protocol=udp

What do you want to check?
Filesystem? Bad sectors?

Read this: viewtopic.php?f=2&t=102483&p=508981&hil ... IC#p508981

Why do you use public IPs in internal network?

Why to waste time? Netinstall and import configuration via script if you have one.

Why do you use x86? Isn't it better to buy Mikrotik device like https://mikrotik.com/product/RB750Gr3

A. Do bridge both interfaces and then filter traffic between interfaces.
or
B. Divide 192.168.2.0/24 subnet to two 192.168.2.0/25 subnets for each interface and then filter traffic

More impressive statisctic for 42 days of up-time.
RAW2 registers IPs which "revisist" router and are still registered with RAW1 rule.

Firewall.PNG

Micron Enterprise SSD 9200 MAX 6.4TB NVMe U.2 3 500$ gross

Let's check ... the generic example I've found in Poland: SSD Crucial MX500 500GB for 100$ is too expensive?

A. What if forum moderators hardly speak Spanish? Should we accept post in eg. Katakana or Hindi or Hebrew alphabets? B. Moderators do "complain" about non English posts. C. If English is not your "best friend" then you can always use translator or write/ask on non English forum. D. This forum has s...

What are NAT rules and Firewall?
Connections shows that there is some traffic from LAN to WAN ... do you have DNS properly configured?

It is log for 25 days since reboot so this router drops circa 15k connections per day. Most of them are for 22,23,8291 ports.

MM.PNG

Have you looked at firewall settings? Do they use 192.168.1.x instead a.b.88.x?

Time for "Best before sticker" :-( I have client which sells car components. We wondered why eg. spark plugs have "Best before date" info and "Production date" as there is nothing what could be expected to detoriate when they are waiting on a shelf packed/sealed/protected by manufacturer. Now I know...

Try to lower MTU for WAN interface.

Have you netinstalled?

Have you checked https://blog.mikrotik.com/security/wpa2 ... ttack.html ?

It was already discussed. Who do call customers? End users or admins? End users? ... most of them do not even know that they have Mikrotik device installed as gateway to Internet. Forget them. Admins? ... real admins reading Mikrotik's site or forum should be/are aware of these problems but the main...

Why do you think that it is router problem?
Do you think that js:Miner-AL[pup] is installed in your router?
Are you shure that your computer or any other local one are not infected with js:Miner-AL[pup]?

Docmarius .. thank you for explanation but what USB U3 has common with ROS? What does he want to beta test with U3?

This change makes router more secure as it is not possible to connect to WinBox service with standard port.

You cannot RDP from WAN lan or LOCAL lan?

Read this: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

Use this https://mikrotik.com/product/RBmAPL-2nD.

Tenable story is different ... they mounted ROS filesystem system to other Linux, made changes to files and then explored RouterOS. You have to have physical access to such system you want to break in. All Linuxes without encrypted filesystem are volunerable ... you can just mount root partition, re...

Congratulations to Tenable !!! They should also send list of affected routers. - it is SARCASM.

IMHO it is totally irresponsible.

You can.

A. You can filter connections for SMTP ports
B. Make Torch buffer time longer than 3 sec.

or

C. Make firewals rules adding src address to SMTPsenders list for PC's starting traffic to any SMTP port

Do not use WebFig ... use Winbox instead. It's proper tool.

Check computers, servers etc. behind your router if they are sending emails. Just observe connections in the firewall or torch WAN interface.

disconnect router from Internet
review configuration
export configuration to file
netinstall
set new admin password
add new user with admin privileges
remove admin
import configuration
connect to Internet

https://wiki.mikrotik.com/wiki/Manual:S ... our_Router

https://blog.mikrotik.com/security/winb ... ility.html
viewtopic.php?f=21&t=119308#p587512

search.php?keywords=radius+6.43

Please add:

MAC address lists
Port lists in Firewall

Id like to find out about helping with the Beta test on this...Ive used the big program for many years now, and have been on the Beta list for quite some time. I just started using PE, as Ive changed employers, and my new job wont allow me to install anything on my computer there, but I can use USB...

If you configured local LAN as 194.168.1.0/24 instead of 192.168.1.0/24 then DNS name of your gateway is resolved to external name.
You didn't show your configuration so it is just a guess.

Search found 1754 matches