Community discussions

Search found 52 matches

by Kraken2k
Fri Apr 12, 2019 2:39 pm
Forum: Announcements
Topic: v6.44.2 [stable] is released!
Replies: 67
Views: 12511

Re: v6.44.2 [stable] is released!

Updated several RB2011UiAS-2HnD-IN, RB1100AHx4 and hAP ac over a day ago. No issues detected so far. Nevertheless... one issue with IPsec still persist along many versions: after sending few TBs of traffic over site2site tunnels, the router just collapse and reboot itself without any warning - just ...
by Kraken2k
Mon Oct 29, 2018 11:25 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22698

Re: v6.43.4 [stable] is released!

RB2011 upgraded without problems, no issues so far.
Same here
by Kraken2k
Mon Oct 29, 2018 11:14 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 89107

Re: Winbox vulnerability: please upgrade

Automatic upgrade should be the default and is quickly becoming best practice. This is plain stupid! I could be fired on the spot if I don't issue warning about down time. Some environments depend on equipment which is 24/7/365 up. Not every one have Mikrotik in home or small office environment. If...
by Kraken2k
Mon Oct 22, 2018 12:26 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 89107

Re: Winbox vulnerability: please upgrade

Automatic upgrade should be the default and is quickly becoming best practice. This is plain stupid! I could be fired on the spot if I don't issue warning about down time. Some environments depend on equipment which is 24/7/365 up. Not every one have Mikrotik in home or small office environment. If...
by Kraken2k
Wed Sep 26, 2018 8:59 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39207

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

It seems that bridge gets it's MAC automatically from the first port connected to it - dynamically changing this whenever the config change is made.... This is actually a documented behavior... Yes, it is... I just had no idea, how two bridges managed to get the same MAC dynamically. Now I know - m...
by Kraken2k
Wed Sep 26, 2018 6:30 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39207

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

I was hoping to see actual configuration ... better yet, post output of /inteface bridge print , /interface bridge port print and /interface ethernet print ... it would be interesting to see where MAC of both bridges comes from. It seems that bridge gets it's MAC automatically from the first port c...
by Kraken2k
Wed Sep 26, 2018 5:58 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39207

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

I was hoping to see actual configuration ... better yet, post output of /inteface bridge print , /interface bridge port print and /interface ethernet print ... it would be interesting to see where MAC of both bridges comes from. Here - MACs seems to be originated from ether1 default MAC address: /i...
by Kraken2k
Wed Sep 26, 2018 4:04 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39207

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

I found a strange behavior about bridges - might be only WinBox issue but still... Can you post output of command /interface bridge export ? Just to check if there's something weird. Here is the output - bridge1 was only created to demonstrate this, and there is only one interface included atm. Yes...
by Kraken2k
Wed Sep 26, 2018 12:36 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39207

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

I found a strange behavior about bridges - might be only WinBox issue but still... I have two bridges in my config - when I create bridge, MAC address is automatically assigned (I never use administrative MACs, or create bridges by Copy) and these are unique. But since the moment, when I assign a po...
by Kraken2k
Wed Sep 26, 2018 12:08 pm
Forum: General
Topic: L2TP & Unsafe Config
Replies: 3
Views: 3300

Re: L2TP & Unsafe Config

As there are quite limited options to automate certificate operations at MikroTik (be it Let's Encrypt or other) I would like to ask, what is so unsafe with IPsec using PSK in case the key is >64 characters long, both sides have static IP, ipsec mode works in main mode (also ipsec connections from u...
by Kraken2k
Tue Sep 18, 2018 4:21 pm
Forum: Announcements
Topic: Winbox v3.18 released!
Replies: 49
Views: 71672

Re: Winbox v3.18 released!

Looks like the "Reconnect" problem (viewtopic.php?f=21&t=134940&start=50#p665710) has been fixed in this release :)

Thanks!
by Kraken2k
Tue Sep 18, 2018 2:15 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39207

Re: v6.43.1 [stable] is released!

Maybe 6.43.1 was retracted or not available for automatic download yet/now.
I just installed over automatic download and this happen. its a simple error maybe :=)
Updated RB2011 the same way - this did not happen in my case (RouterOS versions are reported correctly)
by Kraken2k
Wed Aug 22, 2018 11:16 am
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 31020

Re: v6.42.7 [current] is released!

Upgraded RB2011, no issues so far.
FYI, my nick name is based on a well known product from Czech Republic
Yeah... your avatar is pretty self-explaining.
by Kraken2k
Fri Aug 17, 2018 12:24 pm
Forum: Announcements
Topic: Winbox v3.17 released!
Replies: 17
Views: 9372

Re: Winbox v3.17 released!

I still get it every time. If I use the other winbox window and press connect it connects. When I press the reconnect the last thing I see is logging in... then it fades out. Sometimes it returns to reconnect but still doesn't connect or not show up at all Same problem, same behavior... since v3.14...
by Kraken2k
Tue Jul 10, 2018 2:54 pm
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 63
Views: 27717

Re: Winbox v3.16 released!

The problem with "Click Reconnect, then Winbox window disappears and after exactly 30 seconds automatically disconnect from device with Connection lost window appearing again" still persist

(first time spotted in v3.14 viewtopic.php?f=21&t=134940&start=50#p665710)
by Kraken2k
Wed Jun 20, 2018 4:20 pm
Forum: Announcements
Topic: Winbox v3.15 released!
Replies: 21
Views: 7267

Re: Winbox v3.15 released!

Does reconnection to router after recent disconnection work? It seems that it doesn't work in 3.14 for me reliably.
Yes, the problem still persist since last version, same behavior as described here: viewtopic.php?f=21&t=134940&start=50#p665710)
by Kraken2k
Mon Jun 04, 2018 12:55 pm
Forum: General
Topic: Netwatch deprecated ? [SOLVED]
Replies: 48
Views: 8826

Re: Netwatch deprecated ? [SOLVED]

Now, when Netwatch can't access global variables, is there any way to pass a value to launched script? I have few dozens of devices checked by Netwatch and one script for checking if the host is down or up for good or not - the main reason is that in case of any change I change it just once, not fif...
by Kraken2k
Fri Jun 01, 2018 11:39 am
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 25410

Re: Winbox 3.14 released!

I have problem with "Reconnect" button after the connection was lost: after clicking it, the Winbox window disappear. According to log, login to router was successful, but automatically disconnected after 30 seconds. (never happened in 3.13)
by Kraken2k
Wed Apr 25, 2018 2:43 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45718

Re: v6.42.1 [current]

Just a small thing: when you change Comment of an item, it is really necessary to "disable and enable" ("device changed" message is logged) the commented item? For example when I change comment to IPsec policy or wireless interface, it gets restarted which is annoying, because clients will disconnec...
by Kraken2k
Tue Apr 24, 2018 12:48 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45718

Re: v6.42.1 [current]

Updated several RB2011UiAS-2HnD, RB1100Dx4 and hAP ac (also lite version) and so far everything looks ok.

In addition to previous messages in this thread, while updating firmware, all RBs wrote "Firmware updated, please reboot to take effect!" message in log.
by Kraken2k
Thu Mar 29, 2018 3:19 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 31267

Re: v6.41.3 [current]

Updated my RB1100AHx4 a week ago - so far no problem, but today morning rebooted unexpectedly with "router rebooted because some critical program crashed" error.

Report sent, Ticket#2018032922004596
by Kraken2k
Wed Feb 14, 2018 4:37 pm
Forum: General
Topic: IPSec Tunnel, pingable router but no access
Replies: 9
Views: 674

Re: IPSec Tunnel, pingable router but no access

...
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=0.89.168.192-255.89.168.192
Isn't this address just written in reverse order? Also the following NAT rule is disabled.
by Kraken2k
Thu Dec 14, 2017 4:36 pm
Forum: General
Topic: Change default NAT-T port for IPsec tunnel?
Replies: 1
Views: 611

Re: Change default NAT-T port for IPsec tunnel?

Also it seems that RouterOS is unable to forward UDP 500 traffic using firewall-NAT-dstnat to another IP address. The following rule add action=dst-nat chain=dstnat comment="test" dst-port=500 protocol=udp to-addresses=192.168.1.63 just does not do anything and all UDP 500 traffic ends in input chai...
by Kraken2k
Wed Dec 13, 2017 6:52 pm
Forum: General
Topic: Change default NAT-T port for IPsec tunnel?
Replies: 1
Views: 611

Change default NAT-T port for IPsec tunnel?

Default port for remote IPsec peer (500) can be changed. Is it possible to change the destination port for NAT traversal? The situation: there is a Lancom router between two RB that already uses ports 500 and 4500 for it's own clients (it's a customer device, so I cannot change that behavior) : RB1 ...
by Kraken2k
Mon Dec 04, 2017 2:43 pm
Forum: Announcements
Topic: v6.40.5 [current]
Replies: 82
Views: 25276

Re: v6.40.5 [current]

Updated 2011UiAS-2HnD from 6.40.4 (firmware 3.41) to 6.40.5 - so far no problems.
by Kraken2k
Wed Nov 08, 2017 12:50 pm
Forum: General
Topic: Winbox not Saving Sessions
Replies: 2
Views: 3384

Re: Winbox not Saving Sessions

I had the same problem since last update of Windows 10 - moving Winbox.exe from C:\Program Files (x86)\Winbox to %USERPROFILE%\AppData\Roaming\Mikrotik\Winbox\ folder actually solved the problem for me. It also worked when I launched Winbox as an administrator (which is not the same as launching it ...
by Kraken2k
Tue Oct 03, 2017 4:32 pm
Forum: General
Topic: PPP Firewalling
Replies: 9
Views: 2611

Re: PPP Firewalling

Just a small note on ppp firewalling topic for everyone who tried to find how it works: 1) start with adding this rule (which at the beginning does not make much sense): (place after your established, related, etc) /ip firewall filter add chain=forward action=jump jump-target=ppp comment="PPP chains...
by Kraken2k
Mon Oct 02, 2017 6:11 pm
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 26262

Re: v6.40.3 [current]

EoIP and IPsec tunnels - saga continues :) at least I hope I'm not making any basic mistake. If so please tell me: I encounter problems using the combination of above (IPsec site-to-site tunnel, using policies and EoIP tunnel inside this one). When EoIP tunnel (using IPs of LAN interfaces in both si...
by Kraken2k
Tue Jul 11, 2017 11:16 am
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 35035

Re: v6.39.2 [current]

[*] Go buy another device.[/list] Well, thank you very much for that but, since it is clear that this is not my fault, I am not going to throw 100 eur in the garbage. I just clicked "Upgrade" button and nothing else. Meaning: you should try steps above before buying a replacement. Nothing else.
by Kraken2k
Thu Jun 29, 2017 12:05 pm
Forum: Announcements
Topic: v6.39.2 [current]
Replies: 122
Views: 35035

Re: v6.39.2 [current]

Upgraded RB1100AHx2 from 6.37.5 to 6.39.2 and encountered problems with IPsec tunnels: I have site2site tunnels (other side are also mostly RB2011UAS-2HnD with RoS 6.39.2, that were upgraded from the same version at the same moment). I made no config changes and tunnels worked for a really long time...
by Kraken2k
Thu Jun 02, 2016 5:08 pm
Forum: Announcements
Topic: v6.34.5 [bugfix] is released!
Replies: 23
Views: 7107

Re: v6.34.5 [bugfix] is released!

Upgraded to 6.34.5 from previous bugfix version (6.32.4) and all VRRP interfaces are gone :( the same problem as v6.35.1 have...
by Kraken2k
Thu Jan 07, 2016 1:12 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD stops responding spontaneously
Replies: 42
Views: 12074

Re: RB2011UAS-2HnD stops responding spontaneously

Solved this issue finally! (tested on version 6.32.1) I had these problems since upgrade from 6.25 to newest version (last incident it was 6.30.2) on RB1100AHx2 - after few days, the router stopped to respond - still running, reacts to cable connect/disconnect but no response on ethernet ports. I wa...
by Kraken2k
Thu Jan 07, 2016 1:04 pm
Forum: Announcements
Topic: 6.32.2 released
Replies: 59
Views: 19976

Re: 6.32.2 released

Problem with router cache owerflow caused by sending traffic over IPsec tunnels (even if the router cache is turned off in the settings) still persists in this release :? Ticket number #2015081766000633 Just for the record - I finally managed to resolve this issue on router with ~20 IPsec tunnels (...
by Kraken2k
Tue Dec 08, 2015 12:29 pm
Forum: Announcements
Topic: 6.32.2 released
Replies: 59
Views: 19976

Re: 6.32.2 released

*) vrrp - fix arp=reply-only;
*) vrrp - do not warn about version mismatch if VRID does not match;
*) vrrp - allow VRRP to work behind firewall and NAT rules;
How this feature actually works?
by Kraken2k
Fri Nov 27, 2015 1:59 pm
Forum: Announcements
Topic: Winbox3.0 released!
Replies: 45
Views: 15680

Re: Winbox3.0 released!

I like to use this one :) good work! Found only one small thing: if you have one instance of Winbox and connected to multiple devices through "Open in new Window", then if the connection is lost to multiple devices, you have multiple "Router <ip> has been disconnected <time> ago" windows with differ...
by Kraken2k
Wed Nov 11, 2015 5:19 pm
Forum: Announcements
Topic: 6.33 version released!
Replies: 140
Views: 34250

Re: 6.33 version released!

Updated 3 days ago... I really hoped that route cache overflow issue will be solved by this update but... no :( the issue was reported more than 4 years ago , not just once and repeatedly with no fix, workaround or even finding the source of this issue. If you put it together: there is a "feature" c...
by Kraken2k
Thu Nov 05, 2015 2:16 pm
Forum: General
Topic: 6.32.3 version released!
Replies: 47
Views: 14866

Re: 6.32.3 [CURRENT] version released!

Problem with router cache owerflow caused by sending traffic over IPsec tunnels still persists in this release, despite the fact the Router Cache feature is turned off. Ticket number #2015081766000633 In which constelation? Pleain IPSec or in combination with L2TP maybe? We do not use L2TP, so plai...
by Kraken2k
Wed Nov 04, 2015 1:50 pm
Forum: General
Topic: 6.32.3 version released!
Replies: 47
Views: 14866

Re: 6.32.3 [CURRENT] version released!

Problem with router cache owerflow caused by sending traffic over IPsec tunnels still persists in this release, despite the fact the Router Cache feature is turned off.

Ticket number #2015081766000633
by Kraken2k
Fri Oct 23, 2015 11:03 am
Forum: General
Topic: OpenVPN server and duplicate packets
Replies: 22
Views: 36339

Re: OpenVPN server and duplicate packets

The OpenVPN settings for MikroTik is described on wiki page. It's not exactly easy to understand all steps, but in fact the settings itself is not that complicated.

IMHO the biggest problem with OpenVPN settings is handling keys and certificates, because the concept of this is often misunderstood.
by Kraken2k
Thu Oct 15, 2015 6:52 pm
Forum: General
Topic: OpenVPN server and duplicate packets
Replies: 22
Views: 36339

Re: OpenVPN server and duplicate packets

After days of testing... I made it working! The problem was not in the MikroTIK configuration, but on the Synology NAS ... and the "duplicate packet" error was not the blocking issue. So how to find out what's wrong... Enabled SSH on Synology logging in as a user root (with tha same password as admi...
by Kraken2k
Mon Oct 05, 2015 2:16 pm
Forum: Announcements
Topic: 6.32.2 released
Replies: 59
Views: 19976

Re: 6.32.2 released

Problem with router cache owerflow caused by sending traffic over IPsec tunnels (even if the router cache is turned off in the settings) still persists in this release :?

Ticket number #2015081766000633
by Kraken2k
Mon Sep 14, 2015 12:21 pm
Forum: General
Topic: OpenVPN server and duplicate packets
Replies: 22
Views: 36339

OpenVPN server and duplicate packets

I try to setup OpenVPN server at RB1100AHx2 with RouterOS v 6.32.1 (with public IPv4 address). I followed the wiki tutorial , but it still disconnects the client - on the other side, there is Synology NAS RS812. Certificates imported, trusted and all the stuff, but RB keep dropping the connection be...
by Kraken2k
Wed Sep 09, 2015 10:39 am
Forum: Announcements
Topic: v6.32.1 released
Replies: 76
Views: 19069

Re: v6.32.1 released

my RB450G has below warning, is it normal or bug? ether2-master-local excessive broadcasts/multicasts, probably a loop Snap1.jpg previous v6.30.4 doesnt have such problem. pls help to solve it. thanks you disable ip/neighbors in all devices connected to ether2-master-local I see no sense doing this...
by Kraken2k
Tue Aug 25, 2015 12:23 pm
Forum: Announcements
Topic: v6.30.2 bugfix release
Replies: 148
Views: 38197

Re: v6.30.2 bugfix release

Kraken2k did you get a ticket number as a response? Normally you would just email support@mikrotik.com, the form is just a shortcut to the same. Sent it from your email and see if you get a ticket number. Hi, yes - I sent an e-mail with and got the ticket number #2015081766000633 As advised, I disa...
by Kraken2k
Fri Aug 14, 2015 3:18 pm
Forum: Announcements
Topic: v6.30.2 bugfix release
Replies: 148
Views: 38197

Re: v6.30.2 bugfix release

I had problems since upgrade from 6.25 to newest version (at last incident it was 6.30.2) on RB1100AHx2 - after few days, the router stopped to respond - still running, reacts to cable connect/disconnect but no response on ethernet ports. Yesterday I was able to connect to connect using serial port...
by Kraken2k
Thu Aug 06, 2015 4:28 pm
Forum: Announcements
Topic: v6.30.2 bugfix release
Replies: 148
Views: 38197

Re: v6.30.2 bugfix release

I downgraded from 6.30.2 back to 6.25 I wonder if you managed to make a supout.rif before downgrading. There are so many of us complaining about bug here, and so little actually supplying Mikrotik engineers with enough information to reproduce and fix those bugs... +1 This is a very important point...
by Kraken2k
Thu Aug 06, 2015 11:20 am
Forum: Announcements
Topic: v6.30.2 bugfix release
Replies: 148
Views: 38197

Re: v6.30.2 bugfix release

I had problems since upgrade from 6.25 to newest version (at last incident it was 6.30.2) on RB1100AHx2 - after few days, the router stopped to respond - still running, reacts to cable connect/disconnect but no response on ethernet ports. Yesterday I was able to connect to connect using serial port ...
by Kraken2k
Wed Jul 08, 2015 2:05 pm
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 49676

Re: v6.29 released

Upgraded two RB1100AHx2 (powerpc) from 6.24 to 6.29.1 and since then I have problem with Simple Queues respectively... half of it: Simple example from wiki - limit LAN traffic (identified by IP address range) to WAN (identified by interface eth11 to ISP; there is src-nat to public IP address on VRR...
by Kraken2k
Mon Jun 22, 2015 5:34 pm
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 49676

Re: v6.29 released

Upgraded two RB1100AHx2 (powerpc) from 6.24 to 6.29.1 and since then I have problem with Simple Queues respectively... half of it: Simple example from wiki - limit LAN traffic (identified by IP address range) to WAN (identified by interface eth11 to ISP; there is src-nat to public IP address on VRRP...
by Kraken2k
Mon Jun 22, 2015 3:00 pm
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 49676

Re: v6.29 released

As I understand the current processing of IPSec encrypted traffic, the traffic passes the firewall input chain, is then decrypted and the decrypted traffic is then again handled by the firewall e.g. the forward chain. When the firewall processes the decrypted traffic it will be shown as coming from...
by Kraken2k
Fri Feb 06, 2015 1:03 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 124038

Re: Winbox 3 RC

they are saved. do NOT click the save button unless you want to make a new session. current session is saved automatically. I guess we need to make this more clear in some way. The reports are for the inline settings button. When you clicked the button in a previous session and reopen, the button i...
by Kraken2k
Tue Feb 03, 2015 3:03 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 124038

Re: Winbox 3 RC

Sorting log is quite complicated one - I can imagine - but would it be possible to be able to copy lines from log window? Just like from terminal. Also... has anyone encountered problems with "Copy" (interface/firewall rule...) button? It happened to me several times randomly: 1) create object (inte...