Community discussions

Search found 131 matches

by eworm
Thu Aug 09, 2018 10:50 am
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 16
Views: 3351

Re: WPA2 preshared key brute force attack

With "WPA-PSK" you refer to a non-WPA2-configuration?
by eworm
Fri Aug 03, 2018 12:24 am
Forum: Scripting
Topic: IPSEC Script for Dynamic IP
Replies: 1
Views: 1164

Re: IPSEC Script for Dynamic IP

I have try putting a COMMENT for the 2 Policy but that dont work?
You can add filters for find. Add comments, then use something like this:
 / ip ipsec policy disable [ find where comment="connection 1" ];
by eworm
Fri Aug 03, 2018 12:17 am
Forum: Scripting
Topic: IPSec dynamic remote peer script
Replies: 5
Views: 1845

Re: IPSec dynamic remote peer script

:put [/ip ipsec remote-peers get 0 remote-address] This is an issue with your script. Referencing something with id ("0") only works after you printed actual configuration. If you want the address of the first entry use something like this: :put [ / ip ipsec remote-peers get [ :pick [ find ] 0 ] re...
by eworm
Thu Jul 26, 2018 6:32 pm
Forum: Scripting
Topic: IPv6 bitwise math
Replies: 2
Views: 240

Re: IPv6 bitwise math

Bitwise operators do not work for IPv6 addresses. I mailed the support, they answered "to be aware of the issue, perhaps it will be fixed in the upcoming versions".

So whoever needs this... Mail the support and let them know you need it!
by eworm
Wed Jul 25, 2018 7:11 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Please fix fetch so we can use data: variable in scripts.
Replies: 4
Views: 306

Re: Please fix fetch so we can use data: variable in scripts.

Yes, please! I need this as well.
Still wondering why this was added some time ago half-finished...
by eworm
Fri Jul 13, 2018 6:32 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66665

Re: v6.43rc [release candidate] is released!

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
So encryption=rc4 is the old behaviour, encryption=aes-sha256 is the new one? What is the default if I do not specify the option?
by eworm
Fri Jul 06, 2018 8:08 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66665

Re: v6.43rc [release candidate] is released!

amokkatmt - If your router can reach cloud server over IPv6, then Cloud should resolve to IPv6 address instead of IPv4. That happens automatically; Does it resolve to IPv6 address exclusively then? That would be a real issue for be, because I have devices connected via dual stack, but connect to th...
by eworm
Mon Jul 02, 2018 2:40 pm
Forum: Announcements
Topic: v6.42.5 [current]
Replies: 124
Views: 12831

Re: v6.42.5 [current]

We are sorry for any issues caused by the previous package, we uploaded new packages, that will work fine on any router. Package updated 07.02.2018 To fix storage issue on your router, use package from the link, https://www.mikrotik.com/download/share/fix_space.npk - upload package to your router; ...
by eworm
Mon Jun 25, 2018 5:10 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 183
Views: 50594

Re: VPNfilter official statement

You still block CloudFlare and tons of other websites. Well, https cert on this host covers "ssl894059.cloudflaressl.com", "toknowall.com" and "*.toknowall.com" - doesn't look like there are tons of other websites :) You know that the server can use different certificates based on SNI extension?
by eworm
Wed Jun 20, 2018 1:54 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 9319

Re: v6.42.4 [current]

But this is not available to scripts, no? Perhaps you should add a read-only property "pending-upgrade". A scheduled script could look like this: Scripts can read the log! See https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Detect_new_log_entry Yes... :if ([ :len [ /log find where topics=s...
by eworm
Wed Jun 20, 2018 1:10 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 9319

Re: v6.42.4 [current]

icsterm - Auto upgrade feature under RouterBOARD settings does the same thing automatically. But it does not reboot to take the changes into account. After upgrade you see a comment in export: [admin@mikrotik] > /system routerboard print ;;; Firmware upgraded successfully, please reboot for changes...
by eworm
Tue Jun 19, 2018 6:05 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 9319

Re: v6.42.4 [current]

Can anybody make me a solution / script so after the ROS upgrade the unit either in the same reboot, or thereafter reboots again to update the fw version? Now each and every unit has to be rebooted twice. which is a pain if you have to do big amounts.... here you go :log info "Checking firmware..."...
by eworm
Wed Jun 13, 2018 9:07 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66665

Re: v6.43rc [release candidate] is released!

But that does not yet work with RouterOS 6.43rc. I opened an issue already.
Is there an detail available about mac telnet protocol?
by eworm
Mon Jun 11, 2018 3:09 pm
Forum: General
Topic: backup,critical error creating backup file, ROS 6.42.1
Replies: 23
Views: 1442

Re: backup,critical error creating backup file, ROS 6.42.1

/ip ssh regenerate-host-key
/system reboot
and works :)
binary backup is now without error. tested on about 10 devices
Works for me as well. Thanks a lot!
by eworm
Tue Jun 05, 2018 12:07 pm
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 43
Views: 8697

Re: MikroTik News June 2018 (Issue #83)

I like the continuing migration from "passive PoE" towards "802.3 af/at"!
In fact this is not a migration but an additional feature as passive PoE is still supported.

Sadly hAP ac² missed the upgrade. :(
by eworm
Tue May 29, 2018 6:14 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66665

Re: v6.43rc [release candidate] is released!

And why should people have to read these things, just make RC a real RC and not a nightly. Naming of releases should be self explanatory ... or call it "Recently Compiled" instead of "Release Candidate"... Or call it "Ridiculous Count"... :D Once Linus Torvalds stated: However, for some reason four...
by eworm
Wed May 23, 2018 11:06 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66665

Re: v6.43rc [release candidate] is released!

*) backup - do not encrypt backup file unless password is provided; I like the current way it works the backup is encrypted with admin password. Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a ...
by eworm
Wed May 09, 2018 8:51 am
Forum: General
Topic: Ping Knock
Replies: 13
Views: 772

Re: Ping Knock

BTW, this works for IPv6 as well if you make some little modifications:
  • Use protocol=icmpv6 and icmp-options=128:0-255
  • Add another 20 bytes to packet sizes (IPv6/ICMPv6 headers are 48 bytes vs. 28 bytes for IPv4/ICMP)
by eworm
Tue May 08, 2018 12:06 pm
Forum: General
Topic: Ping Knock
Replies: 13
Views: 772

Re: Ping Knock

Thanks for this, really a nice idea! Let me add another goody... With openssh (on linux, so different ping arguments) you can add your knocking to ssh configuration: Host routerboard.example.com ProxyCommand sh -c 'ping -c 1 -s 400 %h && ping -c 1 -s 500 %h && ping -c 1 -s 600 %h && exec nc %h %p' U...
by eworm
Sun May 06, 2018 10:17 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 27374

Re: v6.42.1 [current]

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...
by eworm
Sat May 05, 2018 10:00 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 27374

Re: v6.42.1 [current]

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...
by eworm
Tue Apr 24, 2018 10:33 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 27374

Re: v6.42.1 [current]

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this changelog entry: *) netwa...
by eworm
Tue Apr 24, 2018 10:03 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 27374

Re: v6.42.1 [current]

Now if I look into terminal I still see 2 lines (I pressed Upgrade button twice :)). But this should not be there while the router was already rebooted, right? I think this is expected. You installed the firmware upgrade and rebooted without opening the terminal. Critical messages are stored to be ...
by eworm
Thu Apr 19, 2018 1:33 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 16968

Re: v6.42 [current]

*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
I have failed to write in variable. Any way.
Same for me. Anybody should update the documentation in the wiki (and possibly add an example).
by eworm
Thu Mar 29, 2018 9:19 am
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 61979

Re: Urgent security advisory

And a FAQ entry about webfig from https (www-ssl) may be reasonable.
by eworm
Tue Mar 27, 2018 11:52 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Updated a 750GL to 6.42rc52, when creating a backup I get:
backup,critical mikrotik: error creating backup file: could not read all configuration files
by eworm
Thu Mar 22, 2018 9:21 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 20830

Re: v6.41.3 [current]

Not feeling that adventurous. Too bad Google uses the same IP blocks for everything; otherwise, I could have simply created a list for YouTube and used that. Adventurous? Should be pretty straight forward. Something like this should work: /ip firewall filter add action=add-dst-to-address-list chain...
by eworm
Thu Mar 22, 2018 6:53 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 20830

Re: v6.41.3 [current]

tls-host does not work with "mark-routing" mangle rules. It can't, because when you want to route connection to another WAN, you need to start with very first SYN packet. But the info needed by tls-host only comes later, and then it's too late to route connection elsewhere. You could match tls-host...
by eworm
Wed Mar 21, 2018 3:38 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

What's new in 6.42rc48 (2018-Mar-21 11:13):
Is the version a typo? My systems find 6.42rc49.
by eworm
Fri Mar 16, 2018 12:09 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Under System -> Routerboard I can see factory ROS version, while under System -> Resources it is blank field.
One is RouterOS version, the other is boot firmware version.
Looks like older devices do not have a record about factory RouterOS version.
by eworm
Mon Mar 12, 2018 10:45 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 20830

Re: v6.41.3 [current]

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!
What fix? Please don't hope that everybody knows
This one:
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
by eworm
Mon Mar 12, 2018 10:28 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 20830

Re: v6.41.3 [current]

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!
by eworm
Wed Feb 28, 2018 12:34 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

My scripts requires "sensitive"... So back to scheduler with a high interval. Sounds wrong :) The script reads and writes private-pre-shared-key from "/ interface wireless access-list" and sends e-mails. Both actions require "sensitive". Can't you just create script in System -> Scripts and run it ...
by eworm
Wed Feb 28, 2018 12:15 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...
by eworm
Wed Feb 28, 2018 11:00 am
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 11674

Re: MikroTik News February 2018 (Issue #80)

For now I am fine with 16MB flash storage. In case RouterOS v7 will ever be available I hope my universal toolbox (mAP that travels with me) will be able to run all the features with current releases.
by eworm
Wed Feb 28, 2018 9:47 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog? Doesn't run in rc35 compared to what? Can't it be What's new in 6.42rc30 (2018-Feb-20 10:44): *) netwatch - limit to read, write, test and reboot policies for Netwatch script executi...
by eworm
Wed Feb 28, 2018 9:11 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Looks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog?
by eworm
Tue Feb 27, 2018 2:46 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/2...
by eworm
Mon Feb 26, 2018 5:17 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Upgrade fails on CHR: /system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/20...
by eworm
Mon Feb 26, 2018 4:56 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

*) ipsec - properly detect interface for "mode-config" client IP address assignment;
This is broken again. Sent my info to [Ticket#2018012322003459].
Fixed in 6.42rc35. Thanks!
by eworm
Wed Feb 21, 2018 9:23 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

*) ipsec - properly detect interface for "mode-config" client IP address assignment;
This is broken again. Sent my info to [Ticket#2018012322003459].
by eworm
Fri Feb 16, 2018 11:48 pm
Forum: General
Topic: IKEv2 with mode-config address on wrong interface [SOLVED]
Replies: 3
Views: 386

Re: IKEv2 with mode-config address on wrong interface [SOLVED]

Fixed in 6.42rc28 with
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
Thanks a lot, Mikrotik!
by eworm
Thu Feb 08, 2018 3:04 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

Main part of upgrade process happens on old version. For example, rc21 -> rc23. If upgrade fails, then it is caused by rc21 version. As you can see in changelog we are still working on upgrade improvements. At the moment latest fixes are included in rc23. You can test upgrade improvements only when...
by eworm
Thu Feb 08, 2018 12:50 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69515

Re: v6.42rc [release candidate] is released!

This broke my CHR installation, though I am not sure if 6.42rc23 is involved at all. The system was running 6.42rc20. I booted it and tried to update, the system told me there is not enough free space. After reboot it hangs at "Loading system with initrd".
by eworm
Wed Feb 07, 2018 11:10 am
Forum: General
Topic: RB750Gr3 l2tp/ipsec unbearably slow
Replies: 19
Views: 1152

Re: RB750Gr3 l2tp/ipsec unbearably slow

My understanding is that routing-marks are used to route though the l2tp interface. Routes with routing-marks are bypassed with fast-track as well.
by eworm
Sun Feb 04, 2018 10:35 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Script for interface LTE to restart [SOLVED]
Replies: 9
Views: 1145

Re: Script for interface LTE to restart [SOLVED]

Just use "/ tool netwatch" for that...
by eworm
Sun Feb 04, 2018 4:25 pm
Forum: General
Topic: VPN Killswitch
Replies: 3
Views: 256

Re: VPN Killswitch

I used to do this in firewall, but routing makes it even simpler. Thanks for the hint.
I use type=unreachable, though.
by eworm
Sun Feb 04, 2018 12:12 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 11674

Re: MikroTik News February 2018 (Issue #80)

Excellent news on the PoE switch! Nice work, MikroTik. I have a 28 IP network camera installation coming up in May of this year. Could really use a rackmount 24 port PoE switch too!
Me too. Sadly CRS328-24P-4S+RM is not announced officially.
by eworm
Sat Feb 03, 2018 3:21 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 9840

Re: v6.41.1 [current]

All my RBmAP2n devices that were running a hotspot with a customised set of files have been reset to the default hotspot setup. The customisations were all stored in a directory under /flash but since the upgrade, the subdirectory has disappeared (though /flash is still there) and I now have a new ...
by eworm
Fri Feb 02, 2018 11:32 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 9840

Re: v6.41.1 [current]

With tls-host you have to have new rule for each host. I do not understand what do you man. Why do you assume that you can not block HTTPS traffic with address list? /ip firewall address-list add list=block address=www.example1.com add list=block address=www.example2.com /ip firewall filter add cha...