Community discussions

Search found 66 matches

by sejtam
Thu Mar 08, 2018 2:17 pm
Forum: General
Topic: interface graph for OpenVon endpoint?
Replies: 0
Views: 231

interface graph for OpenVon endpoint?

I am using openvpn to remotely connect into my LAN

is there an interface I could graph to show the usage of the OpenVPN
server? (http://192.168.0.1/graphs does not show that)
by sejtam
Fri Jan 26, 2018 3:35 pm
Forum: General
Topic: Unable to Access UBNT AP [SOLVED]
Replies: 3
Views: 478

Re: Unable to Access UBNT AP [SOLVED]

So what the cause/is the solution?
by sejtam
Thu Jan 11, 2018 7:44 am
Forum: Scripting
Topic: Access date in UTC from script
Replies: 2
Views: 433

Re: Access date in UTC from script

Also: can I define a scheduler which triggers on a UTC time rather than the local time?
(yes I know i coudl just run the script hourly and then in it test the date, but that seems wasteful)
by sejtam
Thu Jan 11, 2018 6:50 am
Forum: Scripting
Topic: Access date in UTC from script
Replies: 2
Views: 433

Access date in UTC from script

Is there any way to access the date in UTC (or the UNIX/epoch/time_t time (seconds since Jan 1 1970))
from a script?
by sejtam
Tue Jan 09, 2018 3:11 pm
Forum: Scripting
Topic: Script MD5 Hash Generator
Replies: 6
Views: 7287

Re: Script MD5 Hash Generator

I am not so fluent in The ROS language. Could someone show an example
how to call this as a function?

I looked at

https://wiki.mikrotik.com/wiki/Use_Func ... CMD_Script

But that method is somewhat different?

thanks
by sejtam
Tue Apr 21, 2015 5:59 am
Forum: Beginner Basics
Topic: single packet authorization (or port-knocking with replay protection)?
Replies: 3
Views: 1148

single packet authorization (or port-knocking with replay protection)?

Has anyone found a way to build a port-knocking listener with cryptographic hash checking (to prevent sniffing/replay attacks) for RouterOs/Mikrotik? it would need to be something for which a client can be built on Linux/Mac and also Android and iOS clients. http://www.cipherdyne.org/fwknop/docs/SPA...
by sejtam
Sat Feb 21, 2015 9:49 am
Forum: Beginner Basics
Topic: Hybrid VLAN again
Replies: 1
Views: 742

Hybrid VLAN again

Is there no-one who can provide help with this? RouterOS 6.27 on an RB2011 Unifi APAC SSID 1 SSID 2 -------------------\ SSID 3 - tag VLAN 3 ---------G2-----RB2011 I want to bridge the traffic from port G2 to bridge-local as usual. Traffic that comes in tagged as VLAN3 should be separated to a separ...
by sejtam
Tue Feb 17, 2015 6:33 pm
Forum: Beginner Basics
Topic: manual explanation please
Replies: 0
Views: 390

manual explanation please

http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features says: Vlan Table Vlan tables specifies certain forwarding rules for packets that have specific 802.1q tag. Those rules are of higher priority than switch groups configured using 'master-port' property. Basically the table contains entries tha...
by sejtam
Tue Feb 17, 2015 5:12 pm
Forum: Beginner Basics
Topic: Need help: VLAN ingress port
Replies: 0
Views: 433

Need help: VLAN ingress port

I have trouble getting the following set up 1. ether1 (renamed G1-World): Upstream port to internet 2. G2 - should accept a. unpacket packets and connect these directly to bridge-local b. VLAN 3 tagged packets and link them directly to bridge-V20 (and VLAN-20) 3. G3 accept untagged to bridge-local 4...
by sejtam
Wed Feb 11, 2015 6:50 pm
Forum: General
Topic: Improve Gotomeeting's Voice
Replies: 0
Views: 273

Improve Gotomeeting's Voice

Today for the first time since switching from an old Netgear E3200 running DDWRT to an RB2011 I used Gotomeeting to have a(mostly voice)
discussion, and the sound sucked. (Skype was much better).

Is there anything I should tune in the MT router to improve (prioritize) GTM traffic?
by sejtam
Wed Feb 11, 2015 9:53 am
Forum: General
Topic: feature request: mac-address-lists
Replies: 5
Views: 1827

Re: feature request: mac-address-lists

+1 for mac-address-list in bridge filter/nat and mac-address-list along with ip firewall rule src-mac-address matcher
and f course add-src-mac-to-list and add dst-mac-to-list (and hopefully also remove-src/dst-mac-from-list... :-)
by sejtam
Tue Feb 10, 2015 8:00 pm
Forum: General
Topic: safe mode: recover changes?
Replies: 0
Views: 583

safe mode: recover changes?

If i turn on safemode, RouterOS remembers the 'before state' and resets to that state if I log out/ get disconnected before turning safemode off. That's fine But is there a way I can get a diff of the point I got to in safe-mode before the rollback? Safe-mode in small increments may not be ideal. So...
by sejtam
Tue Feb 10, 2015 7:42 pm
Forum: Beginner Basics
Topic: invalid connection state
Replies: 4
Views: 2305

Re: invalid connection state

Nothing that complicated happening here. My MT is 192.168.0.1 and the gatway to the world, with nothing else. These seem to all be the final throes of a genuine connection that existed but is now dead. As can be seen some of these 'invalid' ACK/FIN' etc originate locally (presumably at the PC access...
by sejtam
Tue Feb 10, 2015 4:57 pm
Forum: Beginner Basics
Topic: How to block Internet on a machine except port forwarding
Replies: 2
Views: 583

Re: How to block Internet on a machine except port forwarding

How about: /ip filter add chain=firward action=accept source-address=PCIP connection-state=established,related add chain=forward action=drop source-address=PCIP connection-state=new That should filter out all connections established from that PC, except the established one you create when connecting...
by sejtam
Tue Feb 10, 2015 11:45 am
Forum: Beginner Basics
Topic: Why so many dropped (invalid) FIN,ACKs
Replies: 0
Views: 375

Why so many dropped (invalid) FIN,ACKs

see attachment. It looks as if the connection tracking forgets a connection on the first FIN and then all following packets are considered invalid? Notice hos this applies to ACK,FIN from internal to websites outside.. Is this normal? I don't think so, as a FIN can be unilateral, ie one side can clo...
by sejtam
Mon Feb 09, 2015 8:20 pm
Forum: Beginner Basics
Topic: units on the Winbox ''Graphing' graphs?
Replies: 0
Views: 318

units on the Winbox ''Graphing' graphs?

is there a way to make the graphs under Winbox's 'Graphing' function show some units (both X and Y axis)
with The 'legend' is rather useless as it only shows teh current values. (and yes, i discovered the crosshair, but
that's not useful when print a screenshot or such)
by sejtam
Mon Feb 09, 2015 3:56 pm
Forum: Beginner Basics
Topic: Are add-*-to-address-list actions terminal
Replies: 3
Views: 619

Re: Are add-*-to-address-list actions terminal

It would be important to know if a firewall detection catches the same address twice.
In most cases it shoudl extend the entry time IMHO.

I also noticed that if the entry is untimed, it won't be changed to timed, ie untimed is effectively 'infinite'
by sejtam
Mon Feb 09, 2015 1:39 pm
Forum: General
Topic: action=del-src-from-address-list
Replies: 3
Views: 1141

Re: action=del-src-from-address-list

Yes, I think this would be useful for port-knocking, or when detecting that a system outside has successfully established a connection (logged in), it can be removed from the blacklist. I do think it can be worked aorund by instead adding the address to a whitelist (and then possibly having a script...
by sejtam
Mon Feb 09, 2015 1:33 pm
Forum: Beginner Basics
Topic: Are add-*-to-address-list actions terminal
Replies: 3
Views: 619

Re: Are add-*-to-address-list actions terminal

Ok. just found out they are not terminal. Next question: Say I have an address already in a list A.B.C.D 1h and now the same address gets executed with Add-*-to*list address=A.B.C.D timeout=2h will this a) fail (and keep the original timeout b) extend the timeout to 2H c) add the timeouts to make 3h...
by sejtam
Mon Feb 09, 2015 1:29 pm
Forum: Beginner Basics
Topic: [Forum]: notifications don't go away
Replies: 5
Views: 693

Re: [Forum]: notifications don't go away

Ok. yes. colour me confused... thanks

That said, if instead of the '!' it showed '0' (so: '0 Notifications') it might not have confused me.

(yes, I know the meaning of '!' obviously but don't expect that in a UI design that is not totally
built for geeks)
by sejtam
Mon Feb 09, 2015 4:27 am
Forum: Beginner Basics
Topic: DHCP Server does not send options
Replies: 0
Views: 635

DHCP Server does not send options

I have defined the following in DHCP servers: /ip dhcp-server print detail Flags: X - disabled, I - invalid 0 X name="default" interface=bridge-local lease-time=10m address-pool=default-dhcp bootp-support=static authoritative=after-2sec-delay lease-script="" 1 X name="dhcp1" interface=ether7-Hotspot...
by sejtam
Mon Feb 09, 2015 4:21 am
Forum: Beginner Basics
Topic: [Forum]: notifications don't go away
Replies: 5
Views: 693

Re: [Forum]: notifications don't go away

I don'see that square. see screenshot
by sejtam
Sun Feb 08, 2015 8:16 pm
Forum: Beginner Basics
Topic: [Forum]: notifications don't go away
Replies: 5
Views: 693

[Forum]: notifications don't go away

There doesn't seme to be a 'Board issues' subforum.
Is anyone else seeing that Notifications for subscribed topics stay even if one has opened/read that
reply/topic?

I already tried deleting all board cokkies but the notifications stay anyway.
by sejtam
Sun Feb 08, 2015 7:45 pm
Forum: Beginner Basics
Topic: invalid connection state
Replies: 4
Views: 2305

Re: invalid connection state

I am mostly confused by this graphic from 'RouterOs by Example' (and the accompanying text), which indicates that an 'Invalid' packet inside a connection 'breaks' the connection so that it has to be estabklished again. 2015-02-09 01.37.06.jpg (sorry, it seems rotation info gets lost when attaching. ...
by sejtam
Sun Feb 08, 2015 6:04 pm
Forum: Beginner Basics
Topic: UniFi and Mikrotik: cannot get to work together
Replies: 0
Views: 1011

UniFi and Mikrotik: cannot get to work together

Not sure whether this still qualifies as a beginner's question, but since I am new to all this.. I bought myself a combo of an RB2011 (no Wifi) and a UniFi AP-AC Got the following to work: Simple local network - interface G5 set to separate VLAN (vlan-id 30, separate DHCP network 192.168.30.0/24) Th...
by sejtam
Sun Feb 08, 2015 12:24 pm
Forum: Beginner Basics
Topic: invalid connection state
Replies: 4
Views: 2305

invalid connection state

What exactly are 'invalid' connection states? I see a lot of these in my firewall log: 18:10:27 firewall,info dropINVALID forward: in:bridge-local out:G1-world, src-mac d8:bb:2c:b9:67:40, proto TCP (ACK,FIN), 192.168.0.106:65002->108.160.165.10:443, len 52 18:10:38 firewall,info dropINVALID forward:...
by sejtam
Sun Feb 08, 2015 11:31 am
Forum: Beginner Basics
Topic: Are add-*-to-address-list actions terminal
Replies: 3
Views: 619

Are add-*-to-address-list actions terminal

ie, do they stop further processing of the chain?

I couldn't find that just now.

The 'mark packet' actions have a passthrough option, but the above don't .
by sejtam
Sun Feb 08, 2015 8:50 am
Forum: Beginner Basics
Topic: vlan clients are not getting dhcp addresses
Replies: 4
Views: 4566

Re: vlan clients are not getting dhcp addresses

did you ever find a proper solution?
I got the same when setting the switch-cpu interface to vlan-mode=secure/strip. Everything just stops
by sejtam
Sun Feb 08, 2015 8:26 am
Forum: Beginner Basics
Topic: *F in bridge port
Replies: 0
Views: 360

*F in bridge port

i cannit search for this as '*F' is not a vali search term :-( My bridge port print shows 4 I G1-world *F 0x80 10 none What does that "*F" mean?
by sejtam
Sat Feb 07, 2015 12:42 pm
Forum: Beginner Basics
Topic: VLAN setup for WiFi AP guest SSID separation - step-by-step
Replies: 11
Views: 13885

I'll have to try but it fits the OP's symptom of the clients not getting addresses
by sejtam
Sat Feb 07, 2015 6:32 am
Forum: Beginner Basics
Topic: VLAN setup for WiFi AP guest SSID separation - step-by-step
Replies: 11
Views: 13885

Re: VLAN setup for WiFi AP guest SSID separation - step-by-s

I use a similar setup except there's a switch in between.

5. Input: Accept UDP port 53 (DNS) from vlan-guest
Don't you also have to allow DHCP (UDP port 67) from vlan-guest
to allow it to reachteh DHCP server?
by sejtam
Wed Jan 28, 2015 4:53 am
Forum: General
Topic: CVE-2015-0235
Replies: 4
Views: 2140

CVE-2015-0235

Are any version of RouterOS affected by this vulnerability?

https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0235

The bug apparently goes back almost a decade?
by sejtam
Fri Jan 09, 2015 5:52 pm
Forum: Beginner Basics
Topic: Can i block or drop hotspot clients if not login
Replies: 3
Views: 875

Re: Can i block or drop hotspot clients if not login

What would such a firewall rule look like? Am I understanding the issue correctly, this is about clients connecting to the hotspot interface but not logging in, yet being able to talk to other non-logged-in hotspot users directly on that interface/bridge? would (assuming the hotspot is on interface=...
by sejtam
Fri Jan 09, 2015 9:01 am
Forum: Beginner Basics
Topic: how many marks on a packet
Replies: 5
Views: 2014

Re: how many marks on a packet

Ok. it seems there can only ever be one connection-mark and one routing mark. I tested like this: /ip firewall mangle> print chain=prerouting Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting action=mark-connection new-connection-mark=CM1 passthrough=yes src-address=192.168.0.4 log=no...
by sejtam
Thu Jan 08, 2015 3:22 pm
Forum: Beginner Basics
Topic: Queues with connection mark?
Replies: 1
Views: 634

Queues with connection mark?

I am ivestigating queues right now. I have a subnet I want to lower the internet-access priorities of. So I set up a connection mark ('Learn ROuterOS' Dennis Burgess writes that this less CPU intensive as the mangle has to only match the new connection state and then all following packets belonging ...
by sejtam
Wed Jan 07, 2015 5:41 pm
Forum: Beginner Basics
Topic: failure sending email to a local smtp server
Replies: 1
Views: 591

Re: failure sending email to a local smtp server

Ok. i worked this out. for a while I had two addreses in 192.168.0.0/24 bound to the bridge-local interface (192.168.0.233 and .234) Apparently the routing rememberd .234 as the preferred source, even after I removed that address (and only .233 was left). I had to remove the .233 address also and re...
by sejtam
Wed Jan 07, 2015 5:36 pm
Forum: General
Topic: feature request: mac-address-lists
Replies: 5
Views: 1827

feature request: mac-address-lists

To be able to block clients from a hotspot (so they don't even get an Ip address) it would be useful to
have address-lists that store mac-addresses. Then one could set up a 3-stage set of lists like the SSH bruteforce recipe
by sejtam
Wed Jan 07, 2015 7:55 am
Forum: Beginner Basics
Topic: more debugging help: FTP
Replies: 0
Views: 541

more debugging help: FTP

I am trying to upload a file fom my RB2011 to my Synology NAS /interface bridge> /tool fetch address=192.168.0.10 upload=yes src-path=current_config.rsc user=admin password=password dst-path=/tmp/c.rsc mode=ftp failure: cannot open FTP socket A packet capture on the synology shows no attempts of any...
by sejtam
Wed Jan 07, 2015 3:20 am
Forum: Beginner Basics
Topic: separate Forum for suggestions/RFEs
Replies: 5
Views: 804

Re: separate Forum for suggestions/RFEs

But there is already such forum: http://forum.mikrotik.com/viewforum.php?f=1. I do not understand why is here such discussion? Every one should search the forum first before writing anything. At least... I did, but that forum is named 'beta and <new version>' so I didn't realize it is for general f...
by sejtam
Mon Jan 05, 2015 10:11 am
Forum: Beginner Basics
Topic: failure sending email to a local smtp server
Replies: 1
Views: 591

failure sending email to a local smtp server

I have [admin@koerberGW] /tool e-mail> /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 A.B.C.D/24 103.247.134.0 G1-world 1 ;;; Loopback bridge 127.0.0.2/32 127.0.0.2 bridge-loopback 2 192.168.88.1/24 192.168.88.0 bridge-local 3 192.168.0.233/24 192.168.0...
by sejtam
Mon Jan 05, 2015 9:08 am
Forum: Beginner Basics
Topic: block unauthorized htspt users from trying again fr a while
Replies: 0
Views: 396

block unauthorized htspt users from trying again fr a while

I am trying to set up a hotspot, but would like to block users (mac-addresses) who keep connecting and trying to log in. I knw I could set up a progessive set of adress-lists (like the ssh_blacklist example), but I need suggestins on how to add the users to the blacklists in the first place. one ide...
by sejtam
Mon Jan 05, 2015 8:58 am
Forum: Beginner Basics
Topic: filter traffic from ovpn-server
Replies: 0
Views: 361

filter traffic from ovpn-server

when i try and set up a firewall rule to filter on traffic cming from my open-vpn server,
I am offered
  in-interface=<ovpn-username>
only, ie interfaces one per user.

Is there no way to simply say
  in-interface=ovpn-server
or
  in-interface=all-ovpn-server
to to this once for all users?
by sejtam
Mon Jan 05, 2015 8:19 am
Forum: Beginner Basics
Topic: debugging scripting
Replies: 2
Views: 1316

debugging scripting

I have a script that runs fine from the commandline when logged in as 'admin' when run from the scheduler, it doesn't seem to work: 0 name="sched_backup_email" owner="admin" policy=read,sensitive last-started=jan/05/2015 13:21:32 run-count=9 source= /export file=current_config hide-sensitive /tool e...
by sejtam
Mon Jan 05, 2015 8:09 am
Forum: Beginner Basics
Topic: hide-sensitive doesn't?
Replies: 2
Views: 728

Re: hide-sensitive doesn't?

I think those don't count as sensitive, because they're passwords to external services, whereas "hide-sensitive" is intended to hide local sensitive data - passwords that the router itself defines and authenticates others against. unfortunate, as currently I have only an outside SMTP server to send...
by sejtam
Sun Jan 04, 2015 9:24 pm
Forum: Beginner Basics
Topic: NTP pool script
Replies: 0
Views: 688

NTP pool script

I found http://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Allow_use_of_ntp.org_pool_service_for_NTP which looks useful. sadly however, most caching DNS servers implement a round-robin scheme, so that two consecutive queries for a name with multiple addresses return these in a different order: ...
by sejtam
Sun Jan 04, 2015 8:21 am
Forum: Beginner Basics
Topic: hide-sensitive doesn't?
Replies: 2
Views: 728

hide-sensitive doesn't?

RB2011 with 6.24 I ran a backup /export file=c hide-sensitive however, several items of sensitive info were still left in the output file (somewhat mangled by me) add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.2 log=\ auth-fail name=koerberGW shared-secret=myRadiusSecret use-coa=no ...
by sejtam
Sun Jan 04, 2015 7:46 am
Forum: Beginner Basics
Topic: how to upload a script for storage in the script repository
Replies: 1
Views: 602

how to upload a script for storage in the script repository

There are several pages with sample script. eg like this: /system backup save name=email_backup /tool e-mail send file=email_backup.backup to="me@test.com" body="See attached file" \ subject="$[/system identity get name] $[/system clock get time] $[/system clock get date] Backup") It seems one canno...
by sejtam
Sun Jan 04, 2015 4:37 am
Forum: Beginner Basics
Topic: how many marks on a packet
Replies: 5
Views: 2014

Re: how many marks on a packet

Ok obvious next question.: action=mark* is then a terminal action right?
by sejtam
Sat Jan 03, 2015 8:19 pm
Forum: Beginner Basics
Topic: how many marks on a packet
Replies: 5
Views: 2014

how many marks on a packet

Can one use mangle to set more than one packet-mark , connection-mark etc on a packet/connection?

If so, what is the limit?

Is there a way to print/log packets with all the marks they have (for testing)?
by sejtam
Sat Jan 03, 2015 5:47 pm
Forum: Beginner Basics
Topic: firewall questions
Replies: 5
Views: 1514

Re: firewall questions

Mangle is for mangling packets. It has an accept action but not drop or reject. You're right. So 'accept' here only means that it stops processing the 'mangle' table, but doesn't also skip the normal firewall tables (so there is still a chance to drop it? Or does that make it just accept the packet...
by sejtam
Sat Jan 03, 2015 3:39 pm
Forum: Beginner Basics
Topic: RED queues in ROS
Replies: 0
Views: 421

RED queues in ROS

http://en.wikipedia.org/wiki/Random_early_detection mentions some flaws in classical RED queues and two improvements
WRED and RIO as well as ARED and RRED

Which variant does RouterOS implement? (or is there even a choice)?
by sejtam
Sat Jan 03, 2015 3:26 pm
Forum: Beginner Basics
Topic: New sub-board: Manual corrections?
Replies: 0
Views: 288

New sub-board: Manual corrections?

Is there (if not, should there be?) a sub-board here to point out errors/omissions/suggestions for the Wiki Manual, which then can also be discussed? yes I know it's a Wiki, but if I'm not an expert in a topic I'd rather start a discussion than edit things myself (apart from the fact that the 'discu...
by sejtam
Fri Jan 02, 2015 6:04 pm
Forum: Beginner Basics
Topic: firewall questions
Replies: 5
Views: 1514

Re: firewall questions

two more: a) does connection-state=!established,related mean: !(established,related) (ie neither) or !established, but related? I hope the former as there is no way to say !established,!related either, but the doco is sketchy b) does connection-state=invalid equal: not new, not established and not r...
by sejtam
Fri Jan 02, 2015 5:58 pm
Forum: Beginner Basics
Topic: firewall questions
Replies: 5
Views: 1514

firewall questions

A few firewall questions a) in 'mangle' I see also the accept/drop/reject actions. I though mangle is intended for marking traffic, not for making decisions on how to handle it? Or is the 'mangle' table just a normal firewall table that is just consulted first before the 'filter'? b) What is the 'ho...
by sejtam
Fri Jan 02, 2015 5:55 pm
Forum: Beginner Basics
Topic: RB2011 factory reset
Replies: 6
Views: 8433

Re: RB2011 factory reset

I have no console port, so that is out. Also, I'm MAC only and have not installed wine yet.
But just after I posted it, I got it working somehow. Dont'really know what I did differently though...
by sejtam
Fri Jan 02, 2015 4:47 pm
Forum: Beginner Basics
Topic: RB2011 factory reset
Replies: 6
Views: 8433

RB2011 factory reset

I have the basic RB2011 model (just Ethernet, n console, wireless nor fibre) A stupid typo locked me out of the device (firewall action=drop src-adress-list=rfc1918, aciddentally hit enter before specifying the interface) So now I am trying to factory reset my router to get it back, but I cannot get...
by sejtam
Fri Jan 02, 2015 9:17 am
Forum: Beginner Basics
Topic: unused-hs-chain?
Replies: 0
Views: 1375

unused-hs-chain?

I am making some progress. I have now turned to Hotspot setup. I managed to make the hotspot work, but it also gets access to all other devices on the LAN. So I gather I will need to set up some firewall rules to allow only Internet access to hotspot users. While looking at that, I noticed that a) t...
by sejtam
Mon Dec 29, 2014 5:58 am
Forum: Beginner Basics
Topic: RB2011 as Cisco VPN (L2TP/IPSec) client
Replies: 0
Views: 891

RB2011 as Cisco VPN (L2TP/IPSec) client

[something went wron with the previous attempt at posting this. Here is try #2]: I am trying to configure my RB2011 as a client to out HQ's Cisco VPN. We were given the following information for configuration (with samples fow both Win and Mac) Server IP address [A.B.C.D in my sample code below] use...
by sejtam
Fri Dec 26, 2014 3:39 pm
Forum: Beginner Basics
Topic: separate Forum for suggestions/RFEs
Replies: 5
Views: 804

separate Forum for suggestions/RFEs

Is there a place to send suggestions/RFE (requests for enhancement) to?

Maybe a separate sub-forum/board here would be useful?
(or something on getSatisfaction/userVoice)?
by sejtam
Tue Dec 23, 2014 7:39 pm
Forum: General
Topic: setting up/debugging ovpn-client
Replies: 2
Views: 1793

Re: setting up/debugging ovpn-client

I suspect I need to extract the tls-auth key from what HQ gave me, but i cannot find where to specify that in the ovpn-client settings.
Please don't tell me tls-auth is not supported..
by sejtam
Tue Dec 23, 2014 7:27 pm
Forum: Beginner Basics
Topic: /system ntp client get status returns no state
Replies: 1
Views: 790

/system ntp client get status returns no state

I'm trying to set up the script from http://wiki.mikrotik.com/wiki/Send_email_about_reboot However, it hangs, trying to get the NTP status: It seems that 'get status' doesn't return anything, even though a print shows the status as synchronized? [admin@koerberGW] /system ntp client> print enabled: y...
by sejtam
Tue Dec 23, 2014 6:04 pm
Forum: General
Topic: Forum Question
Replies: 14
Views: 2498

Re: Forum Question

yes, tapatalk also just scared me telling me I'm banned. no idea why.
by sejtam
Tue Dec 23, 2014 4:39 pm
Forum: General
Topic: setting up/debugging ovpn-client
Replies: 2
Views: 1793

setting up/debugging ovpn-client

I am trying to connect to my HQ using my new RB2011 I have upgraded to the latest OS My HQ gave me OVPN configuration consisting of 1. a ca root cert 2. a ovpn config file 3. in.key and out.key for tls-auth The .ovpn file looks like this: client dev tap proto tcp remote VPNSERVER 1194 resolv-retry i...
by sejtam
Tue Dec 23, 2014 12:49 pm
Forum: Beginner Basics
Topic: Complete manual in PDF book form?
Replies: 2
Views: 2422

Complete manual in PDF book form?

I just got my first RouterOS router (RB2011 series). I like to read documentation in full, rather than piecemeal as webpages. If there a full PDF for this? I tried 'download as PDF' from the Manual:TOC page and only got an error: Book rendering failed There was an error while attempting to render yo...
by sejtam
Mon Dec 22, 2014 5:56 am
Forum: General
Topic: CVE-2014-9222
Replies: 1
Views: 543

CVE-2014-9222

Are any parts of RouterOS vulnerable to this?
thanks
by sejtam
Sun Dec 14, 2014 4:37 pm
Forum: General
Topic: buying decision help
Replies: 1
Views: 548

buying decision help

I am looking for a new router/wifi for my SOHO. I'd like to find out about a few issues. I started reading the documentation, but it's huge, so I may not find what I want easily. 1. with RouterOS, can you operate two (or more) Wifi SSIDs in parallel? 1.1 Can one be a hotspot and the others be treate...