Community discussions

Search found 115 matches

by eworm
Wed May 23, 2018 11:06 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 204
Views: 23285

Re: v6.43rc [release candidate] is released!

*) backup - do not encrypt backup file unless password is provided; I like the current way it works the backup is encrypted with admin password. Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a ...
by eworm
Wed May 09, 2018 8:51 am
Forum: General
Topic: Ping Knock
Replies: 13
Views: 613

Re: Ping Knock

BTW, this works for IPv6 as well if you make some little modifications:
  • Use protocol=icmpv6 and icmp-options=128:0-255
  • Add another 20 bytes to packet sizes (IPv6/ICMPv6 headers are 48 bytes vs. 28 bytes for IPv4/ICMP)
by eworm
Tue May 08, 2018 12:06 pm
Forum: General
Topic: Ping Knock
Replies: 13
Views: 613

Re: Ping Knock

Thanks for this, really a nice idea! Let me add another goody... With openssh (on linux, so different ping arguments) you can add your knocking to ssh configuration: Host routerboard.example.com ProxyCommand sh -c 'ping -c 1 -s 400 %h && ping -c 1 -s 500 %h && ping -c 1 -s 600 %h && exec nc %h %p' U...
by eworm
Sun May 06, 2018 10:17 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 23700

Re: v6.42.1 [current]

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...
by eworm
Sat May 05, 2018 10:00 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 23700

Re: v6.42.1 [current]

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...
by eworm
Tue Apr 24, 2018 10:33 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 23700

Re: v6.42.1 [current]

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this changelog entry: *) netwa...
by eworm
Tue Apr 24, 2018 10:03 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 23700

Re: v6.42.1 [current]

Now if I look into terminal I still see 2 lines (I pressed Upgrade button twice :)). But this should not be there while the router was already rebooted, right? I think this is expected. You installed the firmware upgrade and rebooted without opening the terminal. Critical messages are stored to be ...
by eworm
Thu Apr 19, 2018 1:33 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 146
Views: 14286

Re: v6.42 [current]

*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
I have failed to write in variable. Any way.
Same for me. Anybody should update the documentation in the wiki (and possibly add an example).
by eworm
Thu Mar 29, 2018 9:19 am
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 47282

Re: Urgent security advisory

And a FAQ entry about webfig from https (www-ssl) may be reasonable.
by eworm
Tue Mar 27, 2018 11:52 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Updated a 750GL to 6.42rc52, when creating a backup I get:
backup,critical mikrotik: error creating backup file: could not read all configuration files
by eworm
Thu Mar 22, 2018 9:21 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 18841

Re: v6.41.3 [current]

Not feeling that adventurous. Too bad Google uses the same IP blocks for everything; otherwise, I could have simply created a list for YouTube and used that. Adventurous? Should be pretty straight forward. Something like this should work: /ip firewall filter add action=add-dst-to-address-list chain...
by eworm
Thu Mar 22, 2018 6:53 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 18841

Re: v6.41.3 [current]

tls-host does not work with "mark-routing" mangle rules. It can't, because when you want to route connection to another WAN, you need to start with very first SYN packet. But the info needed by tls-host only comes later, and then it's too late to route connection elsewhere. You could match tls-host...
by eworm
Wed Mar 21, 2018 3:38 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

What's new in 6.42rc48 (2018-Mar-21 11:13):
Is the version a typo? My systems find 6.42rc49.
by eworm
Fri Mar 16, 2018 12:09 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Under System -> Routerboard I can see factory ROS version, while under System -> Resources it is blank field.
One is RouterOS version, the other is boot firmware version.
Looks like older devices do not have a record about factory RouterOS version.
by eworm
Mon Mar 12, 2018 10:45 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 18841

Re: v6.41.3 [current]

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!
What fix? Please don't hope that everybody knows
This one:
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
by eworm
Mon Mar 12, 2018 10:28 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 18841

Re: v6.41.3 [current]

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!
by eworm
Wed Feb 28, 2018 12:34 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

My scripts requires "sensitive"... So back to scheduler with a high interval. Sounds wrong :) The script reads and writes private-pre-shared-key from "/ interface wireless access-list" and sends e-mails. Both actions require "sensitive". Can't you just create script in System -> Scripts and run it ...
by eworm
Wed Feb 28, 2018 12:15 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...
by eworm
Wed Feb 28, 2018 11:00 am
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 10436

Re: MikroTik News February 2018 (Issue #80)

For now I am fine with 16MB flash storage. In case RouterOS v7 will ever be available I hope my universal toolbox (mAP that travels with me) will be able to run all the features with current releases.
by eworm
Wed Feb 28, 2018 9:47 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...
by eworm
Wed Feb 28, 2018 9:11 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog?
by eworm
Tue Feb 27, 2018 2:46 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/2...
by eworm
Mon Feb 26, 2018 5:17 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/20...
by eworm
Mon Feb 26, 2018 4:56 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

*) ipsec - properly detect interface for "mode-config" client IP address assignment;
This is broken again. Sent my info to [Ticket#2018012322003459].
Fixed in 6.42rc35. Thanks!
by eworm
Wed Feb 21, 2018 9:23 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

*) ipsec - properly detect interface for "mode-config" client IP address assignment;
This is broken again. Sent my info to [Ticket#2018012322003459].
by eworm
Fri Feb 16, 2018 11:48 pm
Forum: General
Topic: IKEv2 with mode-config address on wrong interface [SOLVED]
Replies: 3
Views: 346

Re: IKEv2 with mode-config address on wrong interface [SOLVED]

Fixed in 6.42rc28 with
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
Thanks a lot, Mikrotik!
by eworm
Thu Feb 08, 2018 3:04 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

Main part of upgrade process happens on old version. For example, rc21 -> rc23. If upgrade fails, then it is caused by rc21 version. As you can see in changelog we are still working on upgrade improvements. At the moment latest fixes are included in rc23. You can test upgrade improvements only when...
by eworm
Thu Feb 08, 2018 12:50 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64828

Re: v6.42rc [release candidate] is released!

This broke my CHR installation, though I am not sure if 6.42rc23 is involved at all. The system was running 6.42rc20. I booted it and tried to update, the system told me there is not enough free space. After reboot it hangs at "Loading system with initrd".
by eworm
Wed Feb 07, 2018 11:10 am
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 820

Re: RB750Gr3 l2tp/ipsec unbearably slow

My understanding is that routing-marks are used to route though the l2tp interface. Routes with routing-marks are bypassed with fast-track as well.
by eworm
Sun Feb 04, 2018 10:35 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Script for interface LTE to restart [SOLVED]
Replies: 9
Views: 552

Re: Script for interface LTE to restart [SOLVED]

Just use "/ tool netwatch" for that...
by eworm
Sun Feb 04, 2018 4:25 pm
Forum: General
Topic: VPN Killswitch
Replies: 3
Views: 217

Re: VPN Killswitch

I used to do this in firewall, but routing makes it even simpler. Thanks for the hint.
I use type=unreachable, though.
by eworm
Sun Feb 04, 2018 12:12 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 10436

Re: MikroTik News February 2018 (Issue #80)

Excellent news on the PoE switch! Nice work, MikroTik. I have a 28 IP network camera installation coming up in May of this year. Could really use a rackmount 24 port PoE switch too!
Me too. Sadly CRS328-24P-4S+RM is not announced officially.
by eworm
Sat Feb 03, 2018 3:21 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 8955

Re: v6.41.1 [current]

All my RBmAP2n devices that were running a hotspot with a customised set of files have been reset to the default hotspot setup. The customisations were all stored in a directory under /flash but since the upgrade, the subdirectory has disappeared (though /flash is still there) and I now have a new ...
by eworm
Fri Feb 02, 2018 11:32 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 8955

Re: v6.41.1 [current]

With tls-host you have to have new rule for each host. I do not understand what do you man. Why do you assume that you can not block HTTPS traffic with address list? /ip firewall address-list add list=block address=www.example1.com add list=block address=www.example2.com /ip firewall filter add cha...
by eworm
Fri Feb 02, 2018 9:30 am
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 8955

Re: v6.41.1 [current]

I just noticed that a number of my devices lost their system note.
by eworm
Thu Feb 01, 2018 11:19 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: L2TP VPN set up on MT so that they cannot detect it's a VPN
Replies: 10
Views: 555

Re: L2TP VPN set up on MT so that they cannot detect it's a VPN

I checked the IP address before trying to stream. It was correct, meaning it was going through the VPN server.
Your traffic is going through different VPN servers with different public IP addresses. One of these is backlisted, the other is not.
by eworm
Thu Feb 01, 2018 1:53 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: L2TP VPN set up on MT so that they cannot detect it's a VPN
Replies: 10
Views: 555

Re: L2TP VPN set up on MT so that they cannot detect it's a VPN

I guess L2TP and the application connect to different servers, which results in different external ip addresses. You can verify with a website that shows your public ip address. There is nothing you can do about what addresses are know to be vpn/proxy to your streaming provider. Try to connect to di...
by eworm
Tue Jan 23, 2018 6:32 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 47873

Re: v6.41 [current]

Now I get errors like 'port received packet with own address as source address' and a packet storm. Network is down.
I have seen this once, but could not reproduce since. No idea what happened and why.
by eworm
Tue Jan 23, 2018 1:59 pm
Forum: General
Topic: IKEv2 with mode-config address on wrong interface [SOLVED]
Replies: 3
Views: 346

Re: IKEv2 with mode-config address on wrong interface [SOLVED]

Please send supout.rif file to support@mikrotik.com and I will look into it.
I opened Ticket#2018012322003459.
by eworm
Mon Jan 22, 2018 4:24 pm
Forum: General
Topic: IKEv2 with mode-config address on wrong interface [SOLVED]
Replies: 3
Views: 346

IKEv2 with mode-config address on wrong interface [SOLVED]

Hello everybody, I have a number of Mikrotik devices connected via IPSEC/IKEv2. This works just fine in general, but looks like I have a wired issue with NAT. First devices behind NAT connects without any issues. If I connect a second device behind the same NAT the connection is established, but mod...
by eworm
Mon Jan 22, 2018 12:52 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 47873

Re: v6.41 [current]

Looks like this works for me:
/ppp profile
set [ find default ] change-tcp-mss=no
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=all-ppp protocol=tcp tcp-flags=syn
Then reconnect your ppp connection try to access the affected sites.
Can anybody confirm?
by eworm
Sat Jan 20, 2018 12:51 am
Forum: General
Topic: TFTP boot configuration
Replies: 7
Views: 628

Re: TFTP boot configuration

You try to transmit kernel, initrd and filesystem via tftp? This will be no fun as the system would need ages to boot, caused by the single-block lockstep schema. IMHO pxe booting from a Mikrotik device does not make any sense until they decide to implement a simple web server at least.
by eworm
Sat Jan 20, 2018 12:22 am
Forum: General
Topic: mikrotik scp/sftp client to transfer file between MT
Replies: 6
Views: 2681

Re: mikrotik scp/sftp client to transfer file between MT

But ftp is the most fast and secure protocol you can use without waiting any implementation. Simply firewall rules and/or change the default 21 port to any make impossible to hack on easy way or brute force the ftp... The point is not hacking or brute force attack... If your two devices communicate...
by eworm
Fri Jan 19, 2018 9:08 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 47873

Re: v6.41 [current]

The problem is already fixed in 6.42rc.

The workaround is to add TCP MSS rule to your firewall rules
adding tcp mss to my firewall doesn't work router os 6.41
Neither works for me. Did anybody succeed to fix this with a firewall rule?
by eworm
Mon Jan 15, 2018 12:14 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 29
Views: 3034

Re: Securing your device is important

Or even better: Upload ssh public keys to the device [admin@mikrotik] > /user ssh-keys print Flags: R - RSA, D - DSA # USER BITS KEY-OWNER 0 R admin 2048 user@host and keep always-allow-password-login set to no : [admin@mikrotik] > /ip ssh set always-allow-password-login=no Password login is no long...
by eworm
Fri Jan 12, 2018 4:58 pm
Forum: Announcements
Topic: Newsletter 79 (MUM EUROPE ANNOUNCED!)
Replies: 33
Views: 7766

Re: Newsletter 79 (MUM EUROPE ANNOUNCED!)

I also want to know why the full poe switchs was not officially released, it was announced to be available on q4, They had removed from the newsletter Hope was delayed for a good reason, maybe an upgrade hardware Nobody is willing or allowed to tell us... A lot of people are waiting for these devic...
by eworm
Thu Jan 04, 2018 10:53 am
Forum: RouterOS v6 RC and v7 BETA
Topic: openvpn: support packet framing for compression
Replies: 0
Views: 154

openvpn: support packet framing for compression

Hello everybody, this is not about support for compression itself. That (and support for UDP) would still be nice to have and is promised for RouterOS v7. My request is on a much lower level and I think it should be pretty easy to implement, even in RouterOS v6.x. Let's have a look at the openvpn ma...
by eworm
Thu Dec 21, 2017 9:01 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 97362

Re: v6.41rc [release candidate] is released! New bridge implementation!

Looks like demo Routerboards find final version 6.41... Is the release being prepare right now?
by eworm
Tue Dec 19, 2017 11:09 pm
Forum: RouterBOARD hardware
Topic: Switch/Router 24G-1S Request
Replies: 4
Views: 431

Re: Switch/Router 24G-1S Request

Thanks for the link! That would be great! Hopefully they would add a pretty nice cpu to this Switch/Router then it would be really awesome. I think anybody said this will have the same CPU as CRS317-1G-16S+RM has. So expect ARM with 2x 800MHz. Any ideas when this Switch/Router will be released? Loo...
by eworm
Tue Dec 19, 2017 5:13 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 97362

Re: v6.41rc [release candidate] is released! New bridge implementation!

From what earlier version did you upgrade? 6.41RC too or before?
The device ran nearly every rc release from 6.41 series.
It looks like it is time for netinstall and restore backup.
Done. :D
Let's hope this does not happen more often.