MikroTik

eworm

With "WPA-PSK" you refer to a non-WPA2-configuration?

eworm

I have try putting a COMMENT for the 2 Policy but that dont work?

You can add filters for find. Add comments, then use something like this:

 / ip ipsec policy disable [ find where comment="connection 1" ];

eworm

:put [/ip ipsec remote-peers get 0 remote-address] This is an issue with your script. Referencing something with id ("0") only works after you printed actual configuration. If you want the address of the first entry use something like this: :put [ / ip ipsec remote-peers get [ :pick [ find ] 0 ] re...

eworm

Bitwise operators do not work for IPv6 addresses. I mailed the support, they answered "to be aware of the issue, perhaps it will be fixed in the upcoming versions".

So whoever needs this... Mail the support and let them know you need it!

eworm

Yes, please! I need this as well.
Still wondering why this was added some time ago half-finished...

eworm

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);

So encryption=rc4 is the old behaviour, encryption=aes-sha256 is the new one? What is the default if I do not specify the option?

eworm

amokkatmt - If your router can reach cloud server over IPv6, then Cloud should resolve to IPv6 address instead of IPv4. That happens automatically; Does it resolve to IPv6 address exclusively then? That would be a real issue for be, because I have devices connected via dual stack, but connect to th...

eworm

We are sorry for any issues caused by the previous package, we uploaded new packages, that will work fine on any router. Package updated 07.02.2018 To fix storage issue on your router, use package from the link, https://www.mikrotik.com/download/share/fix_space.npk - upload package to your router; ...

eworm

You still block CloudFlare and tons of other websites. Well, https cert on this host covers "ssl894059.cloudflaressl.com", "toknowall.com" and "*.toknowall.com" - doesn't look like there are tons of other websites :) You know that the server can use different certificates based on SNI extension?

eworm

But this is not available to scripts, no? Perhaps you should add a read-only property "pending-upgrade". A scheduled script could look like this: Scripts can read the log! See https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Detect_new_log_entry Yes... :if ([ :len [ /log find where topics=s...

eworm

icsterm - Auto upgrade feature under RouterBOARD settings does the same thing automatically. But it does not reboot to take the changes into account. After upgrade you see a comment in export: [admin@mikrotik] > /system routerboard print ;;; Firmware upgraded successfully, please reboot for changes...

eworm

Can anybody make me a solution / script so after the ROS upgrade the unit either in the same reboot, or thereafter reboots again to update the fw version? Now each and every unit has to be rebooted twice. which is a pain if you have to do big amounts.... here you go :log info "Checking firmware..."...

eworm

Yes there is

https://github.com/haakonnessjoen/MAC-Telnet

But that does not yet work with RouterOS 6.43rc. I opened an issue already.
Is there an detail available about mac telnet protocol?

eworm

Code: Select all
/ip ssh regenerate-host-key
/system reboot
and works
binary backup is now without error. tested on about 10 devices

Works for me as well. Thanks a lot!

eworm

I like the continuing migration from "passive PoE" towards "802.3 af/at"!

In fact this is not a migration but an additional feature as passive PoE is still supported.

Sadly hAP ac² missed the upgrade.

eworm

And why should people have to read these things, just make RC a real RC and not a nightly. Naming of releases should be self explanatory ... or call it "Recently Compiled" instead of "Release Candidate"... Or call it "Ridiculous Count"... :D Once Linus Torvalds stated: However, for some reason four...

eworm

*) backup - do not encrypt backup file unless password is provided; I like the current way it works the backup is encrypted with admin password. Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a ...

eworm

BTW, this works for IPv6 as well if you make some little modifications:

Use protocol=icmpv6 and icmp-options=128:0-255
Add another 20 bytes to packet sizes (IPv6/ICMPv6 headers are 48 bytes vs. 28 bytes for IPv4/ICMP)

eworm

Thanks for this, really a nice idea! Let me add another goody... With openssh (on linux, so different ping arguments) you can add your knocking to ssh configuration: Host routerboard.example.com ProxyCommand sh -c 'ping -c 1 -s 400 %h && ping -c 1 -s 500 %h && ping -c 1 -s 600 %h && exec nc %h %p' U...

eworm

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...

eworm

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...

eworm

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this changelog entry: *) netwa...

eworm

Now if I look into terminal I still see 2 lines (I pressed Upgrade button twice :)). But this should not be there while the router was already rebooted, right? I think this is expected. You installed the firmware upgrade and rebooted without opening the terminal. Critical messages are stored to be ...

eworm

*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
I have failed to write in variable. Any way.

Same for me. Anybody should update the documentation in the wiki (and possibly add an example).

eworm

And a FAQ entry about webfig from https (www-ssl) may be reasonable.

eworm

Updated a 750GL to 6.42rc52, when creating a backup I get:

backup,critical mikrotik: error creating backup file: could not read all configuration files

eworm

Not feeling that adventurous. Too bad Google uses the same IP blocks for everything; otherwise, I could have simply created a list for YouTube and used that. Adventurous? Should be pretty straight forward. Something like this should work: /ip firewall filter add action=add-dst-to-address-list chain...

eworm

tls-host does not work with "mark-routing" mangle rules. It can't, because when you want to route connection to another WAN, you need to start with very first SYN packet. But the info needed by tls-host only comes later, and then it's too late to route connection elsewhere. You could match tls-host...

eworm

What's new in 6.42rc48 (2018-Mar-21 11:13):

Is the version a typo? My systems find 6.42rc49.

eworm

Under System -> Routerboard I can see factory ROS version, while under System -> Resources it is blank field.

One is RouterOS version, the other is boot firmware version.
Looks like older devices do not have a record about factory RouterOS version.

eworm

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!
What fix? Please don't hope that everybody knows

This one:

*) ipsec - properly detect interface for "mode-config" client IP address assignment;

eworm

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!

eworm

My scripts requires "sensitive"... So back to scheduler with a high interval. Sounds wrong :) The script reads and writes private-pre-shared-key from "/ interface wireless access-list" and sends e-mails. Both actions require "sensitive". Can't you just create script in System -> Scripts and run it ...

eworm

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...

eworm

For now I am fine with 16MB flash storage. In case RouterOS v7 will ever be available I hope my universal toolbox (mAP that travels with me) will be able to run all the features with current releases.

eworm

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...

eworm

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog?

eworm

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/2...

eworm

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/20...

eworm

*) ipsec - properly detect interface for "mode-config" client IP address assignment;
This is broken again. Sent my info to [Ticket#2018012322003459].

Fixed in 6.42rc35. Thanks!

eworm

*) ipsec - properly detect interface for "mode-config" client IP address assignment;

This is broken again. Sent my info to [Ticket#2018012322003459].

eworm

Fixed in 6.42rc28 with

*) ipsec - properly detect interface for "mode-config" client IP address assignment;

Thanks a lot, Mikrotik!

eworm

Main part of upgrade process happens on old version. For example, rc21 -> rc23. If upgrade fails, then it is caused by rc21 version. As you can see in changelog we are still working on upgrade improvements. At the moment latest fixes are included in rc23. You can test upgrade improvements only when...

eworm

This broke my CHR installation, though I am not sure if 6.42rc23 is involved at all. The system was running 6.42rc20. I booted it and tried to update, the system told me there is not enough free space. After reboot it hangs at "Loading system with initrd".

eworm

My understanding is that routing-marks are used to route though the l2tp interface. Routes with routing-marks are bypassed with fast-track as well.

eworm

Just use "/ tool netwatch" for that...

eworm

I used to do this in firewall, but routing makes it even simpler. Thanks for the hint.
I use type=unreachable, though.

eworm

Excellent news on the PoE switch! Nice work, MikroTik. I have a 28 IP network camera installation coming up in May of this year. Could really use a rackmount 24 port PoE switch too!

Me too. Sadly CRS328-24P-4S+RM is not announced officially.

eworm

All my RBmAP2n devices that were running a hotspot with a customised set of files have been reset to the default hotspot setup. The customisations were all stored in a directory under /flash but since the upgrade, the subdirectory has disappeared (though /flash is still there) and I now have a new ...

eworm

With tls-host you have to have new rule for each host. I do not understand what do you man. Why do you assume that you can not block HTTPS traffic with address list? /ip firewall address-list add list=block address=www.example1.com add list=block address=www.example2.com /ip firewall filter add cha...

Search found 131 matches