Community discussions

Search found 149 matches

by eworm
Wed Sep 12, 2018 10:35 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 15751

Re: v6.43 [current] is released!

We tried Mac telnet and same issue. Does anyone know if we hard reset device will it clear the backups stored on device? It depends on the version which was there before and how you have stored the backups. Since 6.? (sorry, I don't know exactly), you have to use a file name starting with flash/ to...
by eworm
Mon Sep 10, 2018 3:22 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 15751

Re: v6.43 [current] is released!

[...] Since the speed setting does not take effect when "auto-negotiation=yes", [...] Are you sure? I have a CRS where one port negotiates at 100M-full - probably due to bad wiring. If I set speed=1Gbps the port is flapping at 1000M-full. This cosmetic issue can be manually fixed by setting new val...
by eworm
Mon Sep 10, 2018 1:05 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 15751

Re: v6.43 [current] is released!

*) fetch - added "as-value" output format; Assuming this is still the same functionality as described at https://wiki.mikrotik.com/wiki/Manual:Tools/Fetch#Return_value_to_a_variable , I am surprised to find that when I do this: /tool fetch mode=https host="mikrotik.com" url="https://mikrotik.com/ab...
by eworm
Thu Sep 06, 2018 9:59 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

Technically this is not about the release candidate version, posting here because of changelog: !) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process); Me device is running current version 6.42.7 and I want to update the l...
by eworm
Thu Sep 06, 2018 5:55 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

After a while ... depends on how often is RB supposed to renew the DDNS record. If you turn cloud off, cloud (hopefully) doesn't know it and records have to expire. No. From https://wiki.mikrotik.com/wiki/Manual:IP/Cloud : After router sends it's IP address to the cloud server, it will stay on the ...
by eworm
Thu Sep 06, 2018 4:46 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

Technically this is not about the release candidate version, posting here because of changelog: !) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process); Me device is running current version 6.42.7 and I want to update the la...
by eworm
Fri Aug 31, 2018 5:56 pm
Forum: Scripting
Topic: Exit script if...
Replies: 4
Views: 202

Re: Exit script if...

/quit
That closes the terminal connection...

I'd suggest
:error "bye!"
by eworm
Thu Aug 30, 2018 10:54 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

I updated a system from 6.42.7 to 6.43rc66, now my ipsec connections are broken... Peer configuration had a comment about wrong parameter (can't give the exact wording). Switched mode-config to "none", now setting it to "request-only" fails: [admin@Mikrotik] > / ip ipsec peer set mode-config=reques...
by eworm
Thu Aug 30, 2018 10:41 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

Send a supout.rif file to support@mikrotik.com
Done, Ticket#2018083022003478
by eworm
Thu Aug 30, 2018 10:07 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

I updated a system from 6.42.7 to 6.43rc66, now my ipsec connections are broken... Peer configuration had a comment about wrong parameter (can't give the exact wording). Switched mode-config to "none", now setting it to "request-only" fails: [admin@Mikrotik] > / ip ipsec peer set mode-config=request...
by eworm
Tue Aug 28, 2018 1:17 pm
Forum: Scripting
Topic: Built in function library
Replies: 24
Views: 3367

Re: Built in function library

bitwise operator works, whats missing is :toipv6 Missing from being implemented or missing in my command? [admin@MikroTik] > :put ([:toip6 2003:cf:2f1e:5c00:d250:99ff:fec0:d180 ] & [:toip6 ffff:ffff:ffff:ff00::]) ... does not give an error, but does not give output neither. I mailed support and the...
by eworm
Mon Aug 27, 2018 5:54 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 19851

Re: v6.42.7 [current] is released!

We have found out that sometimes the R11e-LTE modems fail to get an IP address in 3G mode using RouterOS v6.42.7 - we will fix this problem in the next RC and then push that change to the Current release. Thanks Uldis I wait because we find the same problem when I've upgraded from 6.42.3 to 6.42.7,...
by eworm
Fri Aug 24, 2018 5:25 pm
Forum: Scripting
Topic: Built in function library
Replies: 24
Views: 3367

Re: Built in function library

bitwise operator works, whats missing is :toipv6 Missing from being implemented or missing in my command? :put ([:toip6 2003:cf:2f1e:5c00:d250:99ff:fec0:d180 ] & [:toip6 ffff:ffff:ffff:ff00::]) ... does not give an error, but does not give output neither. I mailed support and they told me "to be aw...
by eworm
Fri Aug 24, 2018 4:03 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

eworm, proper syntax would be:
:local test ([tool fetch url="https://www.eworm.de/ip" output=user as-value]->"data");
:put $test;

https://wiki.mikrotik.com/wiki/Manual:T ... a_variable
Even better! Thanks a lot!
by eworm
Fri Aug 24, 2018 4:01 pm
Forum: Scripting
Topic: Built in function library
Replies: 24
Views: 3367

Re: Built in function library

Would be nice the see the bitwise operator for IPv6 addresses... [admin@MikroTik] > :put (192.168.88.10 & 255.255.0.0) 192.168.0.0 [admin@MikroTik] > :put (2003:cf:2f1e:5c00:d250:99ff:fec0:d180 & ffff:ffff:ffff:ff00::) Script Error: cannot compute bitwise "and" of internal number and internal number
by eworm
Fri Aug 24, 2018 3:56 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

[admin@MikroTik] > :put [/tool fetch https://www.eworm.de/ip/ output=user as-value ] data=80.133.168.147;downloaded=0;duration=00:00:01;status=finished Finally we can fetch data without writing and reading a file. Thanks a lot! Looks like it's required to cut the data part, though... Or is there a ...
by eworm
Fri Aug 24, 2018 3:36 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

*) rb3011 - added IPsec hardware acceleration support;
Maybe we could have some hope that RB750Gr3 would get HW support sooooon. :mrgreen:
It has support for harware ipsec for a long time...
by eworm
Fri Aug 24, 2018 3:33 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

[admin@MikroTik] > :put [/tool fetch https://www.eworm.de/ip/ output=user as-value ] data=80.133.168.147;downloaded=0;duration=00:00:01;status=finished Finally we can fetch data without writing and reading a file. Thanks a lot! Looks like it's required to cut the data part, though... Or is there a ...
by eworm
Thu Aug 09, 2018 10:50 am
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 22
Views: 6375

Re: WPA2 preshared key brute force attack

With "WPA-PSK" you refer to a non-WPA2-configuration?
by eworm
Fri Aug 03, 2018 12:24 am
Forum: Scripting
Topic: IPSEC Script for Dynamic IP
Replies: 1
Views: 1207

Re: IPSEC Script for Dynamic IP

I have try putting a COMMENT for the 2 Policy but that dont work?
You can add filters for find. Add comments, then use something like this:
 / ip ipsec policy disable [ find where comment="connection 1" ];
by eworm
Fri Aug 03, 2018 12:17 am
Forum: Scripting
Topic: IPSec dynamic remote peer script
Replies: 5
Views: 1949

Re: IPSec dynamic remote peer script

:put [/ip ipsec remote-peers get 0 remote-address] This is an issue with your script. Referencing something with id ("0") only works after you printed actual configuration. If you want the address of the first entry use something like this: :put [ / ip ipsec remote-peers get [ :pick [ find ] 0 ] re...
by eworm
Thu Jul 26, 2018 6:32 pm
Forum: Scripting
Topic: IPv6 bitwise math
Replies: 2
Views: 277

Re: IPv6 bitwise math

Bitwise operators do not work for IPv6 addresses. I mailed the support, they answered "to be aware of the issue, perhaps it will be fixed in the upcoming versions".

So whoever needs this... Mail the support and let them know you need it!
by eworm
Wed Jul 25, 2018 7:11 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Please fix fetch so we can use data: variable in scripts.
Replies: 4
Views: 372

Re: Please fix fetch so we can use data: variable in scripts.

Yes, please! I need this as well.
Still wondering why this was added some time ago half-finished...
by eworm
Fri Jul 13, 2018 6:32 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
So encryption=rc4 is the old behaviour, encryption=aes-sha256 is the new one? What is the default if I do not specify the option?
by eworm
Fri Jul 06, 2018 8:08 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

amokkatmt - If your router can reach cloud server over IPv6, then Cloud should resolve to IPv6 address instead of IPv4. That happens automatically; Does it resolve to IPv6 address exclusively then? That would be a real issue for be, because I have devices connected via dual stack, but connect to th...
by eworm
Mon Jul 02, 2018 2:40 pm
Forum: Announcements
Topic: v6.42.5 [current]
Replies: 124
Views: 13737

Re: v6.42.5 [current]

We are sorry for any issues caused by the previous package, we uploaded new packages, that will work fine on any router. Package updated 07.02.2018 To fix storage issue on your router, use package from the link, https://www.mikrotik.com/download/share/fix_space.npk - upload package to your router; ...
by eworm
Mon Jun 25, 2018 5:10 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 183
Views: 53967

Re: VPNfilter official statement

You still block CloudFlare and tons of other websites. Well, https cert on this host covers "ssl894059.cloudflaressl.com", "toknowall.com" and "*.toknowall.com" - doesn't look like there are tons of other websites :) You know that the server can use different certificates based on SNI extension?
by eworm
Wed Jun 20, 2018 1:54 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 9900

Re: v6.42.4 [current]

But this is not available to scripts, no? Perhaps you should add a read-only property "pending-upgrade". A scheduled script could look like this: Scripts can read the log! See https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Detect_new_log_entry Yes... :if ([ :len [ /log find where topics=s...
by eworm
Wed Jun 20, 2018 1:10 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 9900

Re: v6.42.4 [current]

icsterm - Auto upgrade feature under RouterBOARD settings does the same thing automatically. But it does not reboot to take the changes into account. After upgrade you see a comment in export: [admin@mikrotik] > /system routerboard print ;;; Firmware upgraded successfully, please reboot for changes...
by eworm
Tue Jun 19, 2018 6:05 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 9900

Re: v6.42.4 [current]

Can anybody make me a solution / script so after the ROS upgrade the unit either in the same reboot, or thereafter reboots again to update the fw version? Now each and every unit has to be rebooted twice. which is a pain if you have to do big amounts.... here you go :log info "Checking firmware..."...
by eworm
Wed Jun 13, 2018 9:07 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

But that does not yet work with RouterOS 6.43rc. I opened an issue already.
Is there an detail available about mac telnet protocol?
by eworm
Mon Jun 11, 2018 3:09 pm
Forum: General
Topic: backup,critical error creating backup file, ROS 6.42.1
Replies: 24
Views: 1874

Re: backup,critical error creating backup file, ROS 6.42.1

/ip ssh regenerate-host-key
/system reboot
and works :)
binary backup is now without error. tested on about 10 devices
Works for me as well. Thanks a lot!
by eworm
Tue Jun 05, 2018 12:07 pm
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 43
Views: 9441

Re: MikroTik News June 2018 (Issue #83)

I like the continuing migration from "passive PoE" towards "802.3 af/at"!
In fact this is not a migration but an additional feature as passive PoE is still supported.

Sadly hAP ac² missed the upgrade. :(
by eworm
Tue May 29, 2018 6:14 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

And why should people have to read these things, just make RC a real RC and not a nightly. Naming of releases should be self explanatory ... or call it "Recently Compiled" instead of "Release Candidate"... Or call it "Ridiculous Count"... :D Once Linus Torvalds stated: However, for some reason four...
by eworm
Wed May 23, 2018 11:06 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 80877

Re: v6.43rc [release candidate] is released!

*) backup - do not encrypt backup file unless password is provided; I like the current way it works the backup is encrypted with admin password. Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a ...
by eworm
Wed May 09, 2018 8:51 am
Forum: General
Topic: Ping Knock
Replies: 13
Views: 887

Re: Ping Knock

BTW, this works for IPv6 as well if you make some little modifications:
  • Use protocol=icmpv6 and icmp-options=128:0-255
  • Add another 20 bytes to packet sizes (IPv6/ICMPv6 headers are 48 bytes vs. 28 bytes for IPv4/ICMP)
by eworm
Tue May 08, 2018 12:06 pm
Forum: General
Topic: Ping Knock
Replies: 13
Views: 887

Re: Ping Knock

Thanks for this, really a nice idea! Let me add another goody... With openssh (on linux, so different ping arguments) you can add your knocking to ssh configuration: Host routerboard.example.com ProxyCommand sh -c 'ping -c 1 -s 400 %h && ping -c 1 -s 500 %h && ping -c 1 -s 600 %h && exec nc %h %p' U...
by eworm
Sun May 06, 2018 10:17 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 29265

Re: v6.42.1 [current]

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...
by eworm
Sat May 05, 2018 10:00 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 29265

Re: v6.42.1 [current]

Hello Folks! I have problem backing up configuration on practically all devices using ros 6.42 or bigger, just discovered it today. The message I got is: "backup,critical error creating backup file: could not read all configuration files" There is no full filesystems and other visible errors. I saw...
by eworm
Tue Apr 24, 2018 10:33 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 29265

Re: v6.42.1 [current]

Just updated one of our Metal G-52SHPacn to new v6.42.1 RouterOS. tools/netwatch does not work anymore. When the tested server is "up", we run [:global srvstat "up"] to set the variable srvstat. Did work with 6.41.2 Looks like up event is not working. Version 6.42 has this changelog entry: *) netwa...
by eworm
Tue Apr 24, 2018 10:03 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 29265

Re: v6.42.1 [current]

Now if I look into terminal I still see 2 lines (I pressed Upgrade button twice :)). But this should not be there while the router was already rebooted, right? I think this is expected. You installed the firmware upgrade and rebooted without opening the terminal. Critical messages are stored to be ...
by eworm
Thu Apr 19, 2018 1:33 pm
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 18025

Re: v6.42 [current]

*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
I have failed to write in variable. Any way.
Same for me. Anybody should update the documentation in the wiki (and possibly add an example).
by eworm
Thu Mar 29, 2018 9:19 am
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 67112

Re: Urgent security advisory

And a FAQ entry about webfig from https (www-ssl) may be reasonable.
by eworm
Tue Mar 27, 2018 11:52 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 71551

Re: v6.42rc [release candidate] is released!

Updated a 750GL to 6.42rc52, when creating a backup I get:
backup,critical mikrotik: error creating backup file: could not read all configuration files
by eworm
Thu Mar 22, 2018 9:21 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 21601

Re: v6.41.3 [current]

Not feeling that adventurous. Too bad Google uses the same IP blocks for everything; otherwise, I could have simply created a list for YouTube and used that. Adventurous? Should be pretty straight forward. Something like this should work: /ip firewall filter add action=add-dst-to-address-list chain...
by eworm
Thu Mar 22, 2018 6:53 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 21601

Re: v6.41.3 [current]

tls-host does not work with "mark-routing" mangle rules. It can't, because when you want to route connection to another WAN, you need to start with very first SYN packet. But the info needed by tls-host only comes later, and then it's too late to route connection elsewhere. You could match tls-host...
by eworm
Wed Mar 21, 2018 3:38 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 71551

Re: v6.42rc [release candidate] is released!

What's new in 6.42rc48 (2018-Mar-21 11:13):
Is the version a typo? My systems find 6.42rc49.
by eworm
Fri Mar 16, 2018 12:09 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 71551

Re: v6.42rc [release candidate] is released!

Under System -> Routerboard I can see factory ROS version, while under System -> Resources it is blank field.
One is RouterOS version, the other is boot firmware version.
Looks like older devices do not have a record about factory RouterOS version.
by eworm
Mon Mar 12, 2018 10:45 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 21601

Re: v6.41.3 [current]

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!
What fix? Please don't hope that everybody knows
This one:
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
by eworm
Mon Mar 12, 2018 10:28 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 21601

Re: v6.41.3 [current]

Looks like the ipsec fix did not make it into the release. *sigh* Do I have to wait for version 6.42?
Thanks anyway!