Nothing is forced, and nothing is changed. These a just the old settings being preserved.Why force older configs to "short"/10 anyway if the default is "long"/20000?
I guess you have to look at packed size... Packages are compressed.And in addition you can save additional 400 kB ROM (with removing of QCA9984 more than 1 MB in total!) by extracting "hotspot" feature into separate package from RouterOS main package.
script;error script error: error - contact MikroTik support and send a supout file (10)
I have decided to solve the scripting issues on my side. So did a massive rework, and I think I am mostly fine for now. 👍Oh... This one is kind of a nightmare! 😳
/system/clock/
Me too. 😁I am. Therefore your statement is false.I wrote "auto-routing (BGP/OSPF/RIP/IS-IS)". Nobody is using that on their home NAT router
Oh, I confused this with...fetch is a command/executable/utility and not a service. So still more confusion. 😅
So the services must have suffered something different. Anyway... Possibly related.*) fetch - fixed DNS resolving when domain has only AAAA entries (introduced in v7.13);
Services like fetch could not resolve and use ipv6(-only) addresses. That is fixed now.That's another sample. Nobody understands (without being affected directly by the bug) what this fix for internal service name resolution is all about.
/ip/ssh/set forwarding-enabled=[both|local|no|remote];
Yes, this is a problem where fetch fails with ipv6-only addresses. Reported as SUP-134908. Received any answer and support as aware, but no solution, yet.If I call up the IP check from DeDyn, for example, I get this error:
I have not tried it myself, but I think there have been user reports that you need a dedicated CA for each CAPsMAN to make them co-exist. Is that true for you?Is there a guide on making both CAPSMANs work at the same time on the same MikroTik device?
RouterOS 7.13rc2, without errors.What previous RouterOS version where you running, @eworm?
/ip/ssh/set host-key-type=ed25519;
Have a look at Let's Encrypt R3 intermediate certificate... The url is its crl endpoint.What is that site? http://x1.c.lencr.org/
It doesn't work for me too. Try other sites maybe ;)
There are two versions of wAP ac - MIPSBE and ARM. The ARM version works with new drivers, the MIPSBE version does not.Wait what? wAP ac is mipsbe with AR9300, but the wifi-qcom-package works on it?
That's pretty cool!
/interface/bridge/port/set !internal-path-cost !path-cost [ find ];
I think these are just strings...
- What is the type of the value that is printed as 2023-11-20 ?
- What is the type of the value that is printed as 2023-11-19 20:00:00 ?
[admin@mikrotik] > :put [ :typeof [ /system/clock get date ] ]
str
Well, free storage is limited... Obviously. 😝 But I am pretty sure it was not near zero.Check storage space ... right before shutdown. If storage is full (or close to full), then this might be the reason for problems.
The problem is that I can not access the device, so no support outfile file...Supout and support, I would say...
/interface/print stats
No, it was not. That was a stable release and never made it into long-term.my memory says it was 6.45.7.
That used to be different with 6.x... A version from stable never made it to long-term, instead we had new build with even more cherry-picked fixes.let's say 7.12 is super stable and has zero bugs. after 3 months if it still is PERFECT. we may rename it to long-term
How about extending the property verify-doh-cert with a new value yes-without-crl, just like fetch command with its property check-certificate?and now re enable together with the download option too:
/certificate settings
set crl-download=yes crl-use=yes
/system/script/set comment="" netwatch-notify;
:global ddnsip [ /ip/address/get ([ /ip/address/find where interface="ether1" disabled=no ]->0) address ];
:global ddnsip [ /ip/address/get ([ /ip/address/find where interface="ether1" ]->0) address ];
This issue is fixed in all RouterOS releases available on our download page (v7.7 and v6.49.7 and newer).
/tool/fetch
Probably did not pass internal quality testing...The new release shouldn't be 7.12beta2?
That's not correct. I am pretty sure you can set a comment for dynamic DHCP leases.You cannot change comments on dynamic entries, anywhere.
These networks do not overlap, no? If they do the behavior is expected.The issue remains if the allowed-address set on the router is an ipv6 /64.
Oh, my fault... I just read "radvd" and did not follow the links.I guess Mikrotik has its own implementation and is not effected.
https://git.eworm.de/cgit/routeros-scri ... a260b#n155Your scripts are some overwhelming
Can you point me where to find the CharacterReplace part? Without need to install everything.
Also adopted the change for my scripts already... This now works with old and new format. I am fine to keep it that way.Just updated some scripts with the autodetect:
[admin@MikroTik] > :put [ /system/resource/get build-time ]
May/09/2023 10:38:53
Search for "Dark Reader" and install it in your browser...Is there a dark theme hidden somewhere for this forum settings ? ...if not, why not ?! Hurts my eyes just to visit the forum ;-(
Oh... 😳 While I welcome this in general... I guess it will break a lot of existing scripts. So watch out...*) console - changed time format according to ISO standard;
Oh, it is a setting in /ip/ssh/... Why not support both at the same time? Just let the client decide.This does not work for me... Still uses RSA host key, even after regenerating key(s).
This does not work for me... Still uses RSA host key, even after regenerating key(s).*) ssh - added Ed25519 host key support;
:if ([:len [get [find ...] address]] > 0) do={ ...
:if ([:len [find ...] ] > 0) do={ ...
There is hAP ax lite (L41G-2axD) now with IPQ-5010 (dual core ARM64). That could be a good match for mAP ax as well...... and POE output / throughput on another port. That is what I miss with current hAP ax². I hope for an upgraded mAP ax for this...
This is not the same! There isCli /routing/route
Gui ip -> Routes
/ip/route/
/routing/route/
:local array1 ({});
What is this limit? And is there a way to create a tmpfs with a sane default? Giving no size just fails now...*) disk - limit maximum TMPFS size;
[admin@MikroTik] > /disk/add type=tmpfs
failure: too much memory requested for tmpfs/ramdisk
That is a valid global unicast address. I guess a request is routed through the internet now just to find out that the host does not exist.I finally figured this one out.. I created a regex that matches my internal record and created an AAAA record that points to 2001::
Probably handling upgrades from RouterOS 6.40 and before? That is where a master port did exist.Can anyone explain this?
As @eworm mentioned on another thread, from router OS 7.7 the ed25519 keys are supported, from the changelog:
You can not. This is about ed25519 key exchange. Let's hope host keys and public key authentication will follow...ok.. so how do You import ED25519 SSH keys ?
I use it for the same purpose. The perfect device for the job, go for it!Yes! The wAP ac LTE Kit seems like the perfect device for the job, thank you for the tip!
:global bps;
/interface monitor-traffic ether2 once do={
:set bps $"rx-bits-per-second" }
:put $bps
Me too... But all comments here in forum are ignored by Mikrotik.Would love the ability to specify a DoH server but also FWD entries to specific DNS servers. Currently, enabling DoH disables all FWD entries.
I did. As said... Can not reproduce.Just try yourself... ;)
Yes, please! 👍😁Maybe it could be combined with a new feature to have RAMdisk on ALL devices with sufficient RAM (not only those with insufficient flash) and a compatible
and predictable way to store persistent and nonpersistent files?
/ip/firewall/connection/remove [ find ];
Thanks a lot for this one, much appreciated! Looks like this brings new options "certificate" and "check-certificate"... What exactly does the former do?*) netwatch - added support for "https-get" type (CLI only);
But this is key exchange only, which uses curve25519-sha256 now. Is this still work in progress, so we will see support for ed25519 host keys and ed25519 public key authentication later?*) ssh - added support for Ed25519 key exchange;
/tool/fetch https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem;
/certificate import file=DigiCertGlobalRootCA.crt.pem passphrase="";
/ip/dns/set use-doh-server="https://1.1.1.1/dns-query" verify-doh-cert=yes;
https://m.xkcd.com/1172/moutazsalem, nice example of how every change breaks someone's workflow :)
Yes.Is this version (7.5) already fixed ping issue (Cannot ping to everywhere after run for a while)?
/export show-sensitive
Possibly this is because the device is limited to just one CPU core now?Running CRS328-24P-RS+ and I noticed when I upgraded to 7.4.1 my troughput on my 500 MB Internet would not go over 300 MB and my CPU % on the appliance was maxed out durring the speed test. [...]
*) ping - improved service stability;
*) ping - improved service stability;
/system/scheduler/add interval=10s name=test on-event="/system/script/run test\r\n" policy=test