Community discussions

Search found 171 matches

by eworm
Mon Dec 10, 2018 12:14 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 31
Views: 5981

Re: Securing your device is important

and keep always-allow-password-login set to no : [admin@mikrotik] > /ip ssh set always-allow-password-login=no Password login is no longer possibly and brute force attack can never succeed. Regarding this, that is not actualy the case. Even with this option set to no (which is by the way already se...
by eworm
Fri Nov 30, 2018 1:08 am
Forum: Scripting
Topic: How to pass variable between scripts
Replies: 10
Views: 1139

Re: How to pass variable between scripts

Hello, I have similar problem. I have 2 script name="test1" source=:global test "12345"; name="test2" source=:put $test; And I can't display global variable from script [admin@test] /system script> run test1 [admin@test] /system script> environment print # NAME VALUE 0 test 12345 [admin@test] /syst...
by eworm
Mon Nov 26, 2018 9:36 pm
Forum: Announcements
Topic: v6.42.10 [long-term] is released!
Replies: 22
Views: 5626

Re: v6.42.10 [long-term] is released!

I can't update an RB4011 with this version. RB4011 states the minimum supported is 6.43.
You can not downgrade below factory firmware.
by eworm
Fri Nov 23, 2018 6:54 pm
Forum: General
Topic: Mikrotik SSH Vulnerability 6.14+
Replies: 4
Views: 302

Re: Mikrotik SSH Vulnerability 6.14+

Your provided link does not work. Do you have any other resources?
by eworm
Fri Nov 23, 2018 6:52 pm
Forum: General
Topic: SSl Certificat For Mikrotik
Replies: 14
Views: 415

Re: SSl Certificat For Mikrotik

The "Let's encrypt" certificates should work just fine. Possibly you have it import the CA chain (root and intermediate certificate) into your Mikrotik device to make things work.
by eworm
Wed Nov 21, 2018 4:34 pm
Forum: General
Topic: Auto mating ssh key installs [SOLVED]
Replies: 2
Views: 413

Re: Auto mating ssh key installs [SOLVED]

Adding a SSH public key disables password login for SSH. To change this run:
/ ip ssh set always-allow-password-login=yes
by eworm
Tue Nov 13, 2018 12:10 pm
Forum: RouterBOARD hardware
Topic: mAP-2nD PoE Out question
Replies: 6
Views: 500

Re: mAP-2nD PoE Out question

I can confirm this works. I used mAP-2nD to sniff Cisco IP phone which is powered by 802.3af.
by eworm
Tue Nov 13, 2018 11:49 am
Forum: Scripting
Topic: cannot ssh to mikrotik rb750 with dsa key
Replies: 5
Views: 235

Re: cannot ssh to mikrotik rb750 with dsa key

Looks like anything is borked on RouterOS side. You can not even log in with password, no? Try to regenerate the host keys:
/ip ssh regenerate-host-key
by eworm
Fri Nov 02, 2018 2:56 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 18895

Re: v6.42.9 [long-term] is released!

Good point, we definitely need some option to stop bridge if all bridge ports are down (or to run it only if there are active ports). Someone just needs to contact support@mikrotik.com with that request :) I contacted support multiple times. They refused to accept that it is an issue. Oh well, Juni...
by eworm
Fri Nov 02, 2018 10:20 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

Nice catch. It is because of the new IKEv2 feature which works with DHCP. I will update the changelog.
Will devices be able to handle that on its own? Or more important... Will CAPsMAN handle this for connected devices?
by eworm
Mon Oct 29, 2018 1:30 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

Starting with 6.44beta28 the security package requires the dhcp package to be installed? I think that is something to be noted in changelog. What's the reason?
by eworm
Mon Oct 22, 2018 12:21 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Can't update firmware from a script
Replies: 4
Views: 478

Re: Can't update firmware from a script

Adding without-paging works reliable and without delay. 8)
by eworm
Sun Oct 21, 2018 6:41 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Can't update firmware from a script
Replies: 4
Views: 478

Re: Can't update firmware from a script

This issue has been around for a while but I am just now getting around to posting it. I can't createa scheduled script to update firmware. I used to be able to do this. It broke someplace along the line. /system package update check-for-updates /system package update install YES,,, I understand th...
by eworm
Tue Oct 16, 2018 11:32 pm
Forum: RouterBOARD hardware
Topic: R11e-4G vs. R11e-LTE
Replies: 4
Views: 541

Re: R11e-4G vs. R11e-LTE

Looks like I will stay with R11e-LTE then. :-D
Anyway... Is there any reliable source what provider uses what bands (other then searching Google...).
by eworm
Mon Oct 15, 2018 3:15 pm
Forum: RouterBOARD hardware
Topic: R11e-4G vs. R11e-LTE
Replies: 4
Views: 541

R11e-4G vs. R11e-LTE

Hello everybody,

Mikrotik announced a new miniPCI-e card for LTE/4G named "R11e-4G". It supports some different bands compared to the older card "R11e-LTE". How to decide what card to use at what location? Wondering if it is worth changing/upgrading the cards in my wAP and ltAP.
by eworm
Wed Oct 10, 2018 4:13 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 249
Views: 38774

Re: v6.44beta [testing] is released!

The fetch command behaves wired... [admin@MikroTik] > :put ([ /tool fetch https://www.eworm.de/ip/index.shtml output=user as-value ]->"data") 91.16.17.160 [admin@MikroTik] > /file print where name="index.shtml" # NAME TYPE SIZE CREATION-TIME 0 index.shtml .shtml file 0 oct/10/2018 15:07:50 It does p...
by eworm
Mon Oct 08, 2018 11:55 am
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 5283

Re: Built in function library

- Ability to add items to end of arrays
Looks like "+" works just fine:
No, the documentation says using a comma is the correct way:
:set a ($a, 5);
https://wiki.mikrotik.com/wiki/Manual:S ... _Operators
by eworm
Thu Oct 04, 2018 7:49 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 18895

Re: v6.42.9 [long-term] is released!

I like this long-term version and it works fine for me. I have a small problem with my auto-update script, that updates all my devices (only to bugfix channel). Until now it works just fine with RouterOS and Routerboard firmware updates, but now this code asks for [y/n]... /system routerboard :if (...
by eworm
Tue Oct 02, 2018 3:51 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 18895

Re: v6.42.9 [long-term] is released!

Try this:
Yes. But this topic is named long-term too. Confusion from mikrotik :)
That's true. But I think RouterOS itself will do the change with version 6.44. Any official statement on this?
by eworm
Tue Oct 02, 2018 3:44 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 18895

Re: v6.42.9 [long-term] is released!

Well, technically speaking, it's still "bugfix", not "long-term"
It is not true :)
Try this:
[admin@MikroTik] > :put ("Version " . [ / system package update get latest-version ] . " is channel " . [ / system package update get channel ] . "!");
by eworm
Mon Oct 01, 2018 7:11 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 9723

Re: Newsletter #84

Yes. T-shirts, stickers and free routers ;)
Wondering what routers will surprise us this time... :wink:
by eworm
Wed Sep 12, 2018 10:35 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 19157

Re: v6.43 [current] is released!

We tried Mac telnet and same issue. Does anyone know if we hard reset device will it clear the backups stored on device? It depends on the version which was there before and how you have stored the backups. Since 6.? (sorry, I don't know exactly), you have to use a file name starting with flash/ to...
by eworm
Mon Sep 10, 2018 3:22 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 19157

Re: v6.43 [current] is released!

[...] Since the speed setting does not take effect when "auto-negotiation=yes", [...] Are you sure? I have a CRS where one port negotiates at 100M-full - probably due to bad wiring. If I set speed=1Gbps the port is flapping at 1000M-full. This cosmetic issue can be manually fixed by setting new val...
by eworm
Mon Sep 10, 2018 1:05 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 149
Views: 19157

Re: v6.43 [current] is released!

*) fetch - added "as-value" output format; Assuming this is still the same functionality as described at https://wiki.mikrotik.com/wiki/Manual:Tools/Fetch#Return_value_to_a_variable , I am surprised to find that when I do this: /tool fetch mode=https host="mikrotik.com" url="https://mikrotik.com/ab...
by eworm
Thu Sep 06, 2018 9:59 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

Technically this is not about the release candidate version, posting here because of changelog: !) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process); Me device is running current version 6.42.7 and I want to update the l...
by eworm
Thu Sep 06, 2018 5:55 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

After a while ... depends on how often is RB supposed to renew the DDNS record. If you turn cloud off, cloud (hopefully) doesn't know it and records have to expire. No. From https://wiki.mikrotik.com/wiki/Manual:IP/Cloud : After router sends it's IP address to the cloud server, it will stay on the ...
by eworm
Thu Sep 06, 2018 4:46 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

Technically this is not about the release candidate version, posting here because of changelog: !) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process); Me device is running current version 6.42.7 and I want to update the la...
by eworm
Fri Aug 31, 2018 5:56 pm
Forum: Scripting
Topic: Exit script if...
Replies: 4
Views: 336

Re: Exit script if...

/quit
That closes the terminal connection...

I'd suggest
:error "bye!"
by eworm
Thu Aug 30, 2018 10:54 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

I updated a system from 6.42.7 to 6.43rc66, now my ipsec connections are broken... Peer configuration had a comment about wrong parameter (can't give the exact wording). Switched mode-config to "none", now setting it to "request-only" fails: [admin@Mikrotik] > / ip ipsec peer set mode-config=reques...
by eworm
Thu Aug 30, 2018 10:41 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

Send a supout.rif file to support@mikrotik.com
Done, Ticket#2018083022003478
by eworm
Thu Aug 30, 2018 10:07 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

I updated a system from 6.42.7 to 6.43rc66, now my ipsec connections are broken... Peer configuration had a comment about wrong parameter (can't give the exact wording). Switched mode-config to "none", now setting it to "request-only" fails: [admin@Mikrotik] > / ip ipsec peer set mode-config=request...
by eworm
Tue Aug 28, 2018 1:17 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 5283

Re: Built in function library

bitwise operator works, whats missing is :toipv6 Missing from being implemented or missing in my command? [admin@MikroTik] > :put ([:toip6 2003:cf:2f1e:5c00:d250:99ff:fec0:d180 ] & [:toip6 ffff:ffff:ffff:ff00::]) ... does not give an error, but does not give output neither. I mailed support and the...
by eworm
Mon Aug 27, 2018 5:54 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 22572

Re: v6.42.7 [current] is released!

We have found out that sometimes the R11e-LTE modems fail to get an IP address in 3G mode using RouterOS v6.42.7 - we will fix this problem in the next RC and then push that change to the Current release. Thanks Uldis I wait because we find the same problem when I've upgraded from 6.42.3 to 6.42.7,...
by eworm
Fri Aug 24, 2018 5:25 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 5283

Re: Built in function library

bitwise operator works, whats missing is :toipv6 Missing from being implemented or missing in my command? :put ([:toip6 2003:cf:2f1e:5c00:d250:99ff:fec0:d180 ] & [:toip6 ffff:ffff:ffff:ff00::]) ... does not give an error, but does not give output neither. I mailed support and they told me "to be aw...
by eworm
Fri Aug 24, 2018 4:03 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

eworm, proper syntax would be:
:local test ([tool fetch url="https://www.eworm.de/ip" output=user as-value]->"data");
:put $test;

https://wiki.mikrotik.com/wiki/Manual:T ... a_variable
Even better! Thanks a lot!
by eworm
Fri Aug 24, 2018 4:01 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 5283

Re: Built in function library

Would be nice the see the bitwise operator for IPv6 addresses... [admin@MikroTik] > :put (192.168.88.10 & 255.255.0.0) 192.168.0.0 [admin@MikroTik] > :put (2003:cf:2f1e:5c00:d250:99ff:fec0:d180 & ffff:ffff:ffff:ff00::) Script Error: cannot compute bitwise "and" of internal number and internal number
by eworm
Fri Aug 24, 2018 3:56 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

[admin@MikroTik] > :put [/tool fetch https://www.eworm.de/ip/ output=user as-value ] data=80.133.168.147;downloaded=0;duration=00:00:01;status=finished Finally we can fetch data without writing and reading a file. Thanks a lot! Looks like it's required to cut the data part, though... Or is there a ...
by eworm
Fri Aug 24, 2018 3:36 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

*) rb3011 - added IPsec hardware acceleration support;
Maybe we could have some hope that RB750Gr3 would get HW support sooooon. :mrgreen:
It has support for harware ipsec for a long time...
by eworm
Fri Aug 24, 2018 3:33 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

[admin@MikroTik] > :put [/tool fetch https://www.eworm.de/ip/ output=user as-value ] data=80.133.168.147;downloaded=0;duration=00:00:01;status=finished Finally we can fetch data without writing and reading a file. Thanks a lot! Looks like it's required to cut the data part, though... Or is there a ...
by eworm
Thu Aug 09, 2018 10:50 am
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 25
Views: 11135

Re: WPA2 preshared key brute force attack

With "WPA-PSK" you refer to a non-WPA2-configuration?
by eworm
Fri Aug 03, 2018 12:24 am
Forum: Scripting
Topic: IPSEC Script for Dynamic IP
Replies: 1
Views: 1273

Re: IPSEC Script for Dynamic IP

I have try putting a COMMENT for the 2 Policy but that dont work?
You can add filters for find. Add comments, then use something like this:
 / ip ipsec policy disable [ find where comment="connection 1" ];
by eworm
Fri Aug 03, 2018 12:17 am
Forum: Scripting
Topic: IPSec dynamic remote peer script
Replies: 5
Views: 2075

Re: IPSec dynamic remote peer script

:put [/ip ipsec remote-peers get 0 remote-address] This is an issue with your script. Referencing something with id ("0") only works after you printed actual configuration. If you want the address of the first entry use something like this: :put [ / ip ipsec remote-peers get [ :pick [ find ] 0 ] re...
by eworm
Thu Jul 26, 2018 6:32 pm
Forum: Scripting
Topic: IPv6 bitwise math
Replies: 2
Views: 335

Re: IPv6 bitwise math

Bitwise operators do not work for IPv6 addresses. I mailed the support, they answered "to be aware of the issue, perhaps it will be fixed in the upcoming versions".

So whoever needs this... Mail the support and let them know you need it!
by eworm
Wed Jul 25, 2018 7:11 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Please fix fetch so we can use data: variable in scripts.
Replies: 4
Views: 462

Re: Please fix fetch so we can use data: variable in scripts.

Yes, please! I need this as well.
Still wondering why this was added some time ago half-finished...
by eworm
Fri Jul 13, 2018 6:32 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
So encryption=rc4 is the old behaviour, encryption=aes-sha256 is the new one? What is the default if I do not specify the option?
by eworm
Fri Jul 06, 2018 8:08 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89130

Re: v6.43rc [release candidate] is released!

amokkatmt - If your router can reach cloud server over IPv6, then Cloud should resolve to IPv6 address instead of IPv4. That happens automatically; Does it resolve to IPv6 address exclusively then? That would be a real issue for be, because I have devices connected via dual stack, but connect to th...
by eworm
Mon Jul 02, 2018 2:40 pm
Forum: Announcements
Topic: v6.42.5 [current]
Replies: 124
Views: 15618

Re: v6.42.5 [current]

We are sorry for any issues caused by the previous package, we uploaded new packages, that will work fine on any router. Package updated 07.02.2018 To fix storage issue on your router, use package from the link, https://www.mikrotik.com/download/share/fix_space.npk - upload package to your router; ...
by eworm
Mon Jun 25, 2018 5:10 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 60883

Re: VPNfilter official statement

You still block CloudFlare and tons of other websites. Well, https cert on this host covers "ssl894059.cloudflaressl.com", "toknowall.com" and "*.toknowall.com" - doesn't look like there are tons of other websites :) You know that the server can use different certificates based on SNI extension?
by eworm
Wed Jun 20, 2018 1:54 pm
Forum: Announcements
Topic: v6.42.4 [current]
Replies: 93
Views: 11238

Re: v6.42.4 [current]

But this is not available to scripts, no? Perhaps you should add a read-only property "pending-upgrade". A scheduled script could look like this: Scripts can read the log! See https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Detect_new_log_entry Yes... :if ([ :len [ /log find where topics=s...