MikroTik

eworm

*) backup - do not encrypt backup file unless password is provided; I like the current way it works the backup is encrypted with admin password. Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a ...

eworm

BTW, this works for IPv6 as well if you make some little modifications:

Use protocol=icmpv6 and icmp-options=128:0-255
Add another 20 bytes to packet sizes (IPv6/ICMPv6 headers are 48 bytes vs. 28 bytes for IPv4/ICMP)

eworm

Thanks for this, really a nice idea! Let me add another goody... With openssh (on linux, so different ping arguments) you can add your knocking to ssh configuration: Host routerboard.example.com ProxyCommand sh -c 'ping -c 1 -s 400 %h && ping -c 1 -s 500 %h && ping -c 1 -s 600 %h && exec nc %h %p' U...

eworm

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...

eworm

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...

eworm

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this changelog entry: *) netwa...

eworm

Now if I look into terminal I still see 2 lines (I pressed Upgrade button twice :)). But this should not be there while the router was already rebooted, right? I think this is expected. You installed the firmware upgrade and rebooted without opening the terminal. Critical messages are stored to be ...

eworm

*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
I have failed to write in variable. Any way.

Same for me. Anybody should update the documentation in the wiki (and possibly add an example).

eworm

And a FAQ entry about webfig from https (www-ssl) may be reasonable.

eworm

Updated a 750GL to 6.42rc52, when creating a backup I get:

backup,critical mikrotik: error creating backup file: could not read all configuration files

eworm

Not feeling that adventurous. Too bad Google uses the same IP blocks for everything; otherwise, I could have simply created a list for YouTube and used that. Adventurous? Should be pretty straight forward. Something like this should work: /ip firewall filter add action=add-dst-to-address-list chain...

eworm

tls-host does not work with "mark-routing" mangle rules. It can't, because when you want to route connection to another WAN, you need to start with very first SYN packet. But the info needed by tls-host only comes later, and then it's too late to route connection elsewhere. You could match tls-host...

eworm

What's new in 6.42rc48 (2018-Mar-21 11:13):

Is the version a typo? My systems find 6.42rc49.

eworm

Under System -> Routerboard I can see factory ROS version, while under System -> Resources it is blank field.

One is RouterOS version, the other is boot firmware version.
Looks like older devices do not have a record about factory RouterOS version.

eworm

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!
What fix? Please don't hope that everybody knows

This one:

*) ipsec - properly detect interface for "mode-config" client IP address assignment;

eworm

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!

eworm

My scripts requires "sensitive"... So back to scheduler with a high interval. Sounds wrong :) The script reads and writes private-pre-shared-key from "/ interface wireless access-list" and sends e-mails. Both actions require "sensitive". Can't you just create script in System -> Scripts and run it ...

eworm

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...

eworm

For now I am fine with 16MB flash storage. In case RouterOS v7 will ever be available I hope my universal toolbox (mAP that travels with me) will be able to run all the features with current releases.

eworm

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...

eworm

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog?

eworm

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/2...

eworm

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/20...

eworm

*) ipsec - properly detect interface for "mode-config" client IP address assignment;
This is broken again. Sent my info to [Ticket#2018012322003459].

Fixed in 6.42rc35. Thanks!

eworm

*) ipsec - properly detect interface for "mode-config" client IP address assignment;

This is broken again. Sent my info to [Ticket#2018012322003459].

eworm

Fixed in 6.42rc28 with

*) ipsec - properly detect interface for "mode-config" client IP address assignment;

Thanks a lot, Mikrotik!

eworm

Main part of upgrade process happens on old version. For example, rc21 -> rc23. If upgrade fails, then it is caused by rc21 version. As you can see in changelog we are still working on upgrade improvements. At the moment latest fixes are included in rc23. You can test upgrade improvements only when...

eworm

This broke my CHR installation, though I am not sure if 6.42rc23 is involved at all. The system was running 6.42rc20. I booted it and tried to update, the system told me there is not enough free space. After reboot it hangs at "Loading system with initrd".

eworm

My understanding is that routing-marks are used to route though the l2tp interface. Routes with routing-marks are bypassed with fast-track as well.

eworm

Just use "/ tool netwatch" for that...

eworm

I used to do this in firewall, but routing makes it even simpler. Thanks for the hint.
I use type=unreachable, though.

eworm

Excellent news on the PoE switch! Nice work, MikroTik. I have a 28 IP network camera installation coming up in May of this year. Could really use a rackmount 24 port PoE switch too!

Me too. Sadly CRS328-24P-4S+RM is not announced officially.

eworm

All my RBmAP2n devices that were running a hotspot with a customised set of files have been reset to the default hotspot setup. The customisations were all stored in a directory under /flash but since the upgrade, the subdirectory has disappeared (though /flash is still there) and I now have a new ...

eworm

With tls-host you have to have new rule for each host. I do not understand what do you man. Why do you assume that you can not block HTTPS traffic with address list? /ip firewall address-list add list=block address=www.example1.com add list=block address=www.example2.com /ip firewall filter add cha...

eworm

I just noticed that a number of my devices lost their system note.

eworm

I checked the IP address before trying to stream. It was correct, meaning it was going through the VPN server.

Your traffic is going through different VPN servers with different public IP addresses. One of these is backlisted, the other is not.

eworm

I guess L2TP and the application connect to different servers, which results in different external ip addresses. You can verify with a website that shows your public ip address. There is nothing you can do about what addresses are know to be vpn/proxy to your streaming provider. Try to connect to di...

eworm

Now I get errors like 'port received packet with own address as source address' and a packet storm. Network is down.

I have seen this once, but could not reproduce since. No idea what happened and why.

eworm

Please send supout.rif file to support@mikrotik.com and I will look into it.

I opened Ticket#2018012322003459.

eworm

Hello everybody, I have a number of Mikrotik devices connected via IPSEC/IKEv2. This works just fine in general, but looks like I have a wired issue with NAT. First devices behind NAT connects without any issues. If I connect a second device behind the same NAT the connection is established, but mod...

eworm

Looks like this works for me:

/ppp profile
set [ find default ] change-tcp-mss=no
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=all-ppp protocol=tcp tcp-flags=syn

Then reconnect your ppp connection try to access the affected sites.
Can anybody confirm?

eworm

You try to transmit kernel, initrd and filesystem via tftp? This will be no fun as the system would need ages to boot, caused by the single-block lockstep schema. IMHO pxe booting from a Mikrotik device does not make any sense until they decide to implement a simple web server at least.

eworm

But ftp is the most fast and secure protocol you can use without waiting any implementation. Simply firewall rules and/or change the default 21 port to any make impossible to hack on easy way or brute force the ftp... The point is not hacking or brute force attack... If your two devices communicate...

eworm

The problem is already fixed in 6.42rc.

The workaround is to add TCP MSS rule to your firewall rules
adding tcp mss to my firewall doesn't work router os 6.41

Neither works for me. Did anybody succeed to fix this with a firewall rule?

eworm

Or even better: Upload ssh public keys to the device [admin@mikrotik] > /user ssh-keys print Flags: R - RSA, D - DSA # USER BITS KEY-OWNER 0 R admin 2048 user@host and keep always-allow-password-login set to no : [admin@mikrotik] > /ip ssh set always-allow-password-login=no Password login is no long...

eworm

I also want to know why the full poe switchs was not officially released, it was announced to be available on q4, They had removed from the newsletter Hope was delayed for a good reason, maybe an upgrade hardware Nobody is willing or allowed to tell us... A lot of people are waiting for these devic...

eworm

Hello everybody, this is not about support for compression itself. That (and support for UDP) would still be nice to have and is promised for RouterOS v7. My request is on a much lower level and I think it should be pretty easy to implement, even in RouterOS v6.x. Let's have a look at the openvpn ma...

eworm

Looks like demo Routerboards find final version 6.41... Is the release being prepare right now?

eworm

Thanks for the link! That would be great! Hopefully they would add a pretty nice cpu to this Switch/Router then it would be really awesome. I think anybody said this will have the same CPU as CRS317-1G-16S+RM has. So expect ARM with 2x 800MHz. Any ideas when this Switch/Router will be released? Loo...

eworm

From what earlier version did you upgrade? 6.41RC too or before?

The device ran nearly every rc release from 6.41 series.

It looks like it is time for netinstall and restore backup.

Done.

Let's hope this does not happen more often.

Search found 115 matches