Full ACK! I do not even consider testing before this is fixed.export hanging is a huge problem to evaluate 7.xy beta
IMHO first priority should be fixing export issue
No. There's nothing Mikrotik can do on their servers. If the attacker is successful no request will ever reach Mikrotik's servers.Wouldn't matter if MikroTik configured their domain host/CDN correctly like this:
![]()
MikroTik RouterOS 6.48.1 (c) 1999-2020 http://www.mikrotik.com/
With this being added... How about a JSON parser within RouterOS? This would allow one device to call another device's REST API.*) api - added support for REST API;
:if ([/ip firewall nat get [find comment="DNS - Redirect all DNS requests to pihole"] disabled] = false) do={
status: failed
failure: cannot open file
Have a look above, IPSec issues have been discussed before.Please help if you experiencing similar issues as I have no idea where to even start troubleshooting.
Yes, they establish correctly. But do they rekey without issue? Have a look at your log...Thats odd - I've got pfs set in phase 2 and the IKEv2 tunnel establishes correctly:
[admin@mikrotik] > :put (192.168.0.1-192.168.0.254)
4294967043
[admin@mikrotik] > :put (192.168.0.1 in 4294967043)
false
{ :local myVar; :set myVar "my value"; :log info $myVar; }
The peer's endpoint-port was set to 0. After setting the correct port everything is back up now.Looks like my wireguard tunnel is down after update... Did not check the details, will have to investigate later.
/certificate remove [ find where authority expired ];
/certificate remove [ find ];
:global z;
:if ($z=[]) do={:put "hello world";}
Oh, ignore this post... CCR2004 is ARM64, not TILE.I think this is a known problem with TILE, have seen other reports before.
(I do not have beta3, so I can not check there.)
Yes.Now these commands are to be used in scripts run by the scheduler - will that be run with the account of the script owner?
/sys ssh-exec ...
/user ssh-keys print
/user ssh-keys private print
This happens without wireless package only.system;error;critical error while running customized default configuration script: expected end of command (line 1337 column 53)
I am pretty sure they are. Log in to the support portal and see your closed cases.So a general remark: I think cases should remain browseable for the submitter, even after they have been closed by MikroTik.
:global xc;
:if ([ /ping 192.168.5.54 size=28 interval=30ms count=1 ] = 0) do={
:set xc 20;
} else={
:set xc 50;
}
:log warning $xc;
These are the only Mikrotik devices or does it work on others?Error shows up on 2 routers.
Right you are. But it is important to shorten the quote to what you actually intend to quote, just as we both did.It is just efficient!
/ip ssh regenerate-host-key
Yes, on device B and on your client. I think the mtu should match on both sides. No idea what happens if it does not.On Device B?Does it make a difference if you lower the mtu size on wireguard interfaces?
I'm sorry, but there's no secret... Just works for me.Share a secret )But Wireguard with Mikrotik behind NAT is not a problem for me.
/interface/wireguard/export hide-sensitive
What is a "white IP"?Wireguard does not connect from Mikrotik behind NAT to a Linux server with a white IP.
I guess IPv4 is still preferred if a domain resolves with A and AAAA record. Try a domain that has just an AAAA record or use IPv6 address.Not sure this is working ? The DoH server I'm using is https://doh.opendns.com/dns-query , and I see requests to 146.112.41.2 , but none to 2620:119:fc::2
[admin@mt] > :put [ :typeof [] ]
nil
... where !(comment=[])
/ interface gre unset keepalive [ find ]
/ interface gre unset timeout [ find ]
Configuring wireguard is pretty straight forward. Just look at the options available.Wireguard support cool thing, but where is an instruction how to use it?
$DownloadPackage wireless
Me too. Reported for 6.47beta12 as SUP-21264, just re-opened.btw.after install I see in log this :
system,error,critical,,, error while running customized default configuration script: expected end of command (line 1315 column 53)
:do {
:resolve ...
} on-error={
...
}
/ip ipsec mode-config set use-responder-dns=no NordVPN
debug1: Skipping ssh-dss key id_dsa - not in PubkeyAcceptedKeyTypes
It now looks like this. Let's hope it will withstand bad weather and strong wind...Yes, it's a heavy plastic plate. But it has just rubber-feet, no sucker. But I will fasten it with a strong cord and eyelets in keder rails.
Yes, it's a heavy plastic plate. But it has just rubber-feet, no sucker. But I will fasten it with a strong cord and eyelets in keder rails.maybe, mounted on a plastic plate (Polyethylenplast) then a rubber-sucker (Saugnapf) in each corner to fasten to roof.
then very portable.
This is about forwarding? Looks like queries are still sent via DoH for me.*) dns - do not use DoH for local queries when a server is specified;
Does it work for you with 6.48beta12? To my findings the behavior did not change.That is a theory but unfortunately this does not work with DOH right now. Mikrotik staff is aware (reported in [SUP-20565], resolved in v6.48beta12) and hopefully they will soon release fix in stable channel.
Correct. My system has system, dhcp, advanced-tools & security installed. Opened SUP-21264 with support output.msatter Do you have custom set of packages installed and wireless package is not installed?
It saves power and runs less hot.I wonder what's the real advantage of running my router with ondemand scheduler?
system;error;critical;13328;39528;13328 error while running customized default configuration script: expected end of command (line 1310 column 53)
So it should be possible. Never used it myself, though.*) sms - allow specifying multiple "allowed-number" values;
/ip firewall filter export
:put (192.168.10.0 & 255.0.0.0)
192.0.0.0
You could try this address:Does this work for ipv6?
Why do you run this in a loop? Just set the value for all at a time:This should do:
or since its just one IP and no subnet::foreach i in=[find] do={set $i address=192.168.20.2/32}:foreach i in=[find] do={set $i address=192.168.20.2}
set [ find ] address=192.168.20.2;
Exactly what I described above with my issue. So +1!It would be nice when it first checked for exact matches of static records before it tried the regexp.
Depends on whether or not the server ships the intermediate certificate. Then looks like Google server does not.To get DoH working I need to use all 3 certificate from dns.google
system;error;critical error while running customized default configuration script: no such item
/system reset-configuration
/ip firewall filter add protocol=tcp connection-state=new ...
Exactly my use case.+1. I'd like to forward internal zones via VPN to an organization DNS and all the rest - to 1.1.1.1 via DoH
In general this makes sense. But I vote for an excepting with conditional forwarding of DNS queries.eworm Currently DoH will be prioritized over all other DNS configuration. Not sure if this will change any time soon.
Is this expected? (If it is I would like to see the severity reduced. "error" and "critical" raise alerts here.)system;error;critical error while running customized default configuration script: no such item
:foreach i in=[ /interface bridge host find ] do={ :put [ /interface bridge host get $i ]; }
When version 6.47 is released to stable channel. There's no date for that, though.There is information when the DoH function will go from beta to release?
It has four cores. See here for details of CCR2004:Do you have more information about that Annapurna AL32400? E.g. how many cores?
Possibly because they could not reproduce. Did you open a support ticket?Why you don't fix OSPF ?![]()
/ip dns set verify-doh-cert=yes
/tool profile