Community discussions

MikroTik App

Search found 183 matches

by inteq
Sun May 17, 2020 2:40 pm
Forum: General
Topic: ROS 6.x LOG display problem with high resolution and scaling
Replies: 9
Views: 1929

Re: ROS 6.x LOG display problem with high resolution and scaling

The issue is from at least 2013, if not from the beginning. ( viewtopic.php?t=77074 )
Still present in May 2020
by inteq
Tue May 12, 2020 11:13 pm
Forum: General
Topic: Winbox - router does not support secure connection
Replies: 4
Views: 792

Re: Winbox - router does not support secure connection

I would try to do a netinstall and start from scratch.
For some reason, I am thinking about a hacked router in this case.
by inteq
Tue May 12, 2020 11:04 pm
Forum: General
Topic: RB1100AHx4 queries for www.mikrotik.com
Replies: 6
Views: 1250

Re: RB1100AHx4 queries for www.mikrotik.com

As I said: "The DNS on the router is not enabled.", thus no clients behind the router can cause this.
Somehow, the router itself queries for www.mikrotik.com
by inteq
Tue May 12, 2020 10:25 pm
Forum: General
Topic: RB1100AHx4 queries for www.mikrotik.com
Replies: 6
Views: 1250

RB1100AHx4 queries for www.mikrotik.com

Hello I have a RB1100AHx4 that sends lots of queries for www.mikrotik.com The DNS on the router is not enabled. No NAT, only routing. No scripts, no netwatch and I am unable to find the reason why this router queries www.mikrotik.com so much. As soon as I flush DNS cache, the record pops back in. qu...
by inteq
Fri May 08, 2020 6:53 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 88
Views: 17056

Re: RB4011 and RB1100 AHx4 "bricks" randomly

Setup Dude to monitor CPU on all 4011s
So far only two have issues but tired of this.
Starting to replace all 4011. Not worth the trouble.
cpu.png
by inteq
Sun May 03, 2020 3:22 pm
Forum: The Dude
Topic: Add CAPSMAN devices with same IP but behind different agents
Replies: 0
Views: 570

Add CAPSMAN devices with same IP but behind different agents

Hello, My search came up empty so asking here. Setup a Dude Server on a RB1100AHx4 Dude Edition. Now, I need to monitor several locations with Mikrotik APs in CAPSMAN mode. I can add the APs in 1st location just fine, but on 2nd, 3rd, etc location, because APs have the same private IPs as on the 1st...
by inteq
Fri Apr 24, 2020 8:36 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 88
Views: 17056

Re: RB4011 and RB1100 AHx4 "bricks" randomly

And again on a RB4011iGS+RM
crash.png
by inteq
Sun Mar 15, 2020 5:02 pm
Forum: General
Topic: 3CX NAT when using 2 Servers
Replies: 18
Views: 4106

Re: 3CX NAT when using 2 Servers

I have 2 3CX servers with firewall test failed on WUI, but everything works just fine for 3 years now. If you don't have any problems with RTP and calls, just ignore it. Me thinks 3CX is a bit dumb in that regard. Hi! are you using different ports for RTP on both servers? bests, Christian No. Using...
by inteq
Thu Mar 12, 2020 9:40 pm
Forum: Wireless Networking
Topic: Really disappointed in the lack of support. Evolved 3G Really?
Replies: 14
Views: 4187

Re: Really disappointed in the lack of support. Evolved 3G Really?

I'm fearing you're spreading some more FUD here ... No reason to fear. I said 4G LTE is just marketing and not real, true 4G. I am talking speed wise. You replied with "Actually its the other way around" and I asked "What is the other way around?" Are you stating that 4G LTE = real 4G? Again, I am ...
by inteq
Thu Mar 12, 2020 4:48 pm
Forum: Wireless Networking
Topic: Really disappointed in the lack of support. Evolved 3G Really?
Replies: 14
Views: 4187

Re: Really disappointed in the lack of support. Evolved 3G Really?

Actually its the other way around:
What is the other way around?
The discussion is about 4G LTE not "true" LTE.
by inteq
Thu Mar 12, 2020 11:46 am
Forum: Wireless Networking
Topic: Really disappointed in the lack of support. Evolved 3G Really?
Replies: 14
Views: 4187

Re: Really disappointed in the lack of support. Evolved 3G Really?

To reiterate what SiB stated:
4G LTE is technically 3G with some magic sprinkled on top. More precisely you can call it 3.95G.
The 4G in the name is only marketing. A bit like what AT&T did with their fake 5G E logo.
by inteq
Mon Mar 09, 2020 1:25 pm
Forum: General
Topic: UPNP -> which port are open?
Replies: 7
Views: 2090

Re: UPNP -> which port are open?

You can test your upnp with https://www.xldevelopment.net/upnpwiz.php ( https://www.virustotal.com/gui/file/817 ... /detection )
The tool allows for test upnp rules creation on your router and it works with mikrotik.
by inteq
Sun Mar 08, 2020 10:00 pm
Forum: General
Topic: UPNP -> which port are open?
Replies: 7
Views: 2090

Re: UPNP -> which port are open?

As freemannnn stated, you can see the automatically created rules in Firewall/NAT, with the comment starting with "upnp" If you do not see any such rules, go to IP/UPnP, disable the service, delete all your upnp interfaces and recreate them. Enable the service. See https://forum.mikrotik.com/viewtop...
by inteq
Fri Mar 06, 2020 8:26 am
Forum: Beginner Basics
Topic: Ping drops first 2-3 packets then low stable latency. [SOLVED]
Replies: 3
Views: 2519

Re: Ping drops first 2-3 packets then low stable latency. [SOLVED]

Can you observe the same high latency when you ping directly from your Mikrotik router? How about other machines connected to the router? Do you have arp enabled on your internal interfaces/bridges?
I recall seeing such behavior on infected machines and networks with arp poisoning.
by inteq
Thu Mar 05, 2020 9:26 pm
Forum: Beginner Basics
Topic: I can't ping from an OVPN
Replies: 2
Views: 1784

Re: I can't ping from an OVPN

Try:

On Site A
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.2.0/24 \
    src-address=192.168.1.0/24

On Site B
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.1.0/24 \
    src-address=192.168.2.0/24
by inteq
Sat Feb 29, 2020 6:55 pm
Forum: General
Topic: Winbox - Open in new window makes text smaller
Replies: 0
Views: 1778

Winbox - Open in new window makes text smaller

Hello, First time today I have used the Winbox feature "Open in new window". Useful feature and saves a few clicks when opening many sessions. Nevertheless, with "Open in new window" ticked, the text in the new window is a lot smaller. oinw.png I can zoom in, but it seems the zoom level is not saved...
by inteq
Sat Feb 29, 2020 6:19 am
Forum: General
Topic: RB1100AHx4 crash every 20 - 40 days [SOLVED]
Replies: 13
Views: 4053

Re: RB1100AHx4 crash every 20 - 40 days [SOLVED]

The question is: are you using an UPS for your rack/router?
Normally, the log "system,error,critical router was rebooted without proper shutdown" is the result of power loss and not an actual error/crash.
by inteq
Fri Feb 28, 2020 11:19 am
Forum: General
Topic: RB1100AHx4 crash every 20 - 40 days [SOLVED]
Replies: 13
Views: 4053

Re: RB1100AHx4 crash every 20 - 40 days [SOLVED]

viewtopic.php?f=2&t=149062

"Power users" use search.
by inteq
Wed Feb 26, 2020 9:05 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 88
Views: 17056

Re: RB4011 and RB1100 AHx4 "bricks" randomly

There are services 24*7, i can't reboot it every day...

I see. But if you prefer bricking... it is better a 30 sec outage for reboot in the night....
We prefer a fix. Rebooting every night ain't one. I hope you don't do that to your users.
by inteq
Tue Feb 25, 2020 8:25 am
Forum: General
Topic: 3CX NAT when using 2 Servers
Replies: 18
Views: 4106

Re: 3CX NAT when using 2 Servers

I have 2 3CX servers with firewall test failed on WUI, but everything works just fine for 3 years now.
If you don't have any problems with RTP and calls, just ignore it.
Me thinks 3CX is a bit dumb in that regard.
by inteq
Sun Feb 23, 2020 8:17 pm
Forum: Beginner Basics
Topic: How could I detect malware in my LAN
Replies: 6
Views: 1815

Re: How could I detect malware in my LAN

Tested on a simple firewall with 1st rule Accept established and related packets and 2nd rule Drop invalid packets (in forward section) I have the log rule as 3rd and it works just fine. Works with and without FastTrak and as long as the connection is forwarded. Test with another port, like 443 to b...
by inteq
Fri Feb 21, 2020 10:27 pm
Forum: RouterBOARD hardware
Topic: Diagnosing RB1100Ahx2 noise situation
Replies: 1
Views: 2357

Re: Diagnosing RB1100Ahx2 noise situation

Get an Y fan splitter and connect both fans to main if you want lower noise.
That is what I did on all AHx2 units.
by inteq
Fri Feb 21, 2020 8:20 pm
Forum: Scripting
Topic: IP block in mikrotik at specific time
Replies: 2
Views: 1716

Re: IP block in mikrotik at specific time

Not enough information.
You want to block access to cameras from within your local network or prevent access to them from internet?
Cameras are connected to your NVR Ethernet ports or to your dumb switch?
by inteq
Fri Feb 21, 2020 8:08 pm
Forum: General
Topic: Not full gigabit speed
Replies: 1
Views: 914

Re: Not full gigabit speed

While testing your bandwidth, start a Tools/Profile to check if your CPU cores are not being fully utilized.
You can also test your Mikrotik's bandwidth here: viewtopic.php?f=2&t=104266
by inteq
Thu Feb 13, 2020 5:08 pm
Forum: Scripting
Topic: Diabling a DHCP server
Replies: 6
Views: 2020

Re: Diabling a DHCP server

https://wiki.mikrotik.com/wiki/Manual:S ... ter_values

But for most entries with a identifier, you can use the name instead:

/ip dhcp-server disable default
/ip dhcp-server enable default
Thank you. Good info.
by inteq
Thu Feb 13, 2020 1:31 pm
Forum: Scripting
Topic: Diabling a DHCP server
Replies: 6
Views: 2020

Re: Diabling a DHCP server

You should never use numerical index in scripts.
Any particular reason?
by inteq
Thu Feb 13, 2020 6:58 am
Forum: General
Topic: redirect ping public ip to 8.8.8.8
Replies: 5
Views: 1442

Re: redirect ping public ip to 8.8.8.8

What is the reason to port forward an ICMP packet to a DNS Server ?
Because everyone and their brother uses Google DNS as their default internet ping tester.
Then you would want it the other way around, Redirect icmp 8.8.8.8 to your IP
by inteq
Wed Feb 12, 2020 12:21 am
Forum: Beginner Basics
Topic: RB1100Hx2 basic setup
Replies: 9
Views: 2556

Re: RB1100Hx2 basic setup

Believe me...I have...tried...to read....your...question 3....times...but I....was...unable....to focus...and....understand...it.
by inteq
Wed Feb 12, 2020 12:11 am
Forum: Scripting
Topic: How to get IP address through CAPsMAN?
Replies: 4
Views: 1931

Re: How to get IP address through CAPsMAN?

Scripting is out of the question, as with every run, all clients will be disconnected from WiFi. At least I was not able to find a way to avoid that. My solution. (viable only for small deployments or locations without many guests like hotels or public venues) 1. Open your DHCP server lease window a...
by inteq
Tue Feb 11, 2020 2:03 pm
Forum: General
Topic: redirect ping public ip to 8.8.8.8
Replies: 5
Views: 1442

Re: redirect ping public ip to 8.8.8.8

1.png
2.png
by inteq
Tue Feb 11, 2020 1:49 pm
Forum: General
Topic: Mikrotik Rack-mounted Devices Visio Stencils
Replies: 39
Views: 29040

Re: Mikrotik Rack-mounted Devices Visio Stencils

C'mon, these are not realistic representations!
At least part of the unit should be obscured by the mighty power LED. If your eyes are not sore when you look at it, it is not a genuine Mikrotik.
by inteq
Tue Feb 11, 2020 1:15 am
Forum: Scripting
Topic: Diabling a DHCP server
Replies: 6
Views: 2020

Re: Diabling a DHCP server

To disable
/ip dhcp-server disable 0
To enable
/ip dhcp-server enable 0
If you have multiple DHCP servers, use /ip dhcp-server print to find the number corresponding to your server.
by inteq
Sun Feb 09, 2020 3:52 pm
Forum: Scripting
Topic: Transfering Address list from a Mikrotik device to another one and update it
Replies: 1
Views: 1456

Re: Transfering Address list from a Mikrotik device to another one and update it

Looks to me you will need to export your dynamic list to a file. See https://forum.mikrotik.com/viewtopic.php?t=114683 for some examples. Upload that list to a FTP server and make them available via a http server. Grab the rsc and import it where you need it. See https://wiki.mikrotik.com/wiki/Manua...
by inteq
Sun Feb 09, 2020 3:40 pm
Forum: Scripting
Topic: Script to capture Whatsapp IPs
Replies: 2
Views: 1957

Re: Script to capture Whatsapp IPs

Do you have some sort of pi-hole on your network?
Data=0.0.0.0 looks like a pi-hole blocking access to that domain. (if type != unknown)
by inteq
Thu Feb 06, 2020 4:06 am
Forum: Wireless Networking
Topic: CAPsMAN Broken With 5Ghz AC?
Replies: 4
Views: 1979

Re: CAPsMAN Broken With 5Ghz AC?

For 5 Ghz, just do not set anything besides frequency and band on channel settings
Example
36.png
by inteq
Thu Feb 06, 2020 3:56 am
Forum: General
Topic: Feature request: ask confirm for every operation
Replies: 9
Views: 1095

Re: Feature request: ask confirm for every operation

If it is not enabled by default, nobody will enable it. If it is enabled by default, everyone will disable it. Including the OP. Have frequent backups. Script them and send them by email daily. If it is an important router, pay bloody attention. Also, there is "Safe Mode" if you really have such iss...
by inteq
Tue Feb 04, 2020 5:36 pm
Forum: General
Topic: DHCP response mishandled (?) by MT AP
Replies: 2
Views: 464

Re: DHCP response mishandled (?) by MT AP

Login with Winbox to your AP.
Open a terminal and paste:
export compact hide-sensitive file=myconfig
Paste the content of that file here
by inteq
Mon Feb 03, 2020 10:51 pm
Forum: General
Topic: How to disable promiscuous mode?
Replies: 2
Views: 728

Re: How to disable promiscuous mode?

The Packet Sniffer tool might put an ether in promiscuous mode?
by inteq
Mon Feb 03, 2020 5:44 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 101
Views: 26109

Re: Add DNS over HTTPS (DoH) support

But the privacy/restriction problem will only move from the ISP resolver to the DoH resolver chosen. Whether that is an improvement, depends on the local situation. but at least the user has the choice of which DNS resolver to trust and it's obscured to the transit providers. The question is: will ...
by inteq
Mon Feb 03, 2020 11:56 am
Forum: General
Topic: DNS Servers possible bug [SOLVED]
Replies: 5
Views: 1001

Re: DNS Servers possible bug [SOLVED]

/ip dns set allow-remote-requests=yes cache-max-ttl=2d query-server-timeout=3s servers=192.168.1.111,208.67.220.220,1.1.1.1,8.8.8.8 is your problem. If your private DNS has response times in 100s of ms, most likely it is the worst performer of the bunch. Thus, it will only be queried as a last reso...
by inteq
Sun Feb 02, 2020 6:46 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 88
Views: 17056

Re: RB4011 and RB1100 AHx4 "bricks" randomly

No queues or pppoe server/client.
Not even NAT. Just routing.
2nd time this one crashes and reboots
mt.png
by inteq
Sun Feb 02, 2020 3:58 pm
Forum: Scripting
Topic: weird behavior using Netwatch commands & scripts [SOLVED]
Replies: 3
Views: 2168

Re: weird behavior using Netwatch commands & scripts [SOLVED]

Try another way of using your pi-hole. No need to disable the NAT rule

viewtopic.php?f=2&t=149968&p=738612#p738526
by inteq
Sun Feb 02, 2020 3:52 pm
Forum: General
Topic: Device reporting "false port" using capsman
Replies: 2
Views: 522

Re: Device reporting "false port" using capsman

Might be that your DHCP is not assigning the same IP to the scanner host and/or wifi printer, thus the scanner host cannot connect to the printer.
Try to make the leases static.
by inteq
Sun Feb 02, 2020 3:47 pm
Forum: General
Topic: Routing public IP addresses odd behaviour [SOLVED]
Replies: 9
Views: 1342

Re: Routing public IP addresses odd behaviour [SOLVED]

Anything else I need to add? Yes. Several hours at least on https://wiki.mikrotik.com/wiki/Manual:TOC As I said earlier: So, your /28 allow you to have 14 hosts. From 1 to 17 there are more than 14 hosts If that 123.123.123.?/28 is a real public subnet, you can only use 14 hosts (IP addresses) If y...
by inteq
Sun Feb 02, 2020 11:39 am
Forum: General
Topic: Winbox 3.20 (both 64bit and 32bit) crashing on DNS filter
Replies: 5
Views: 1366

Re: Winbox 3.20 (both 64bit and 32bit) crashing on DNS filter

1. Backup your Addresses from Winbox 2. Go to %APPDATA%\Mikrotik\Winbox and delete everything. 3. Remove the contents of the folder where you have your winbox.exe and download the latest from mikrotik.com 3. Restore your Addresses 4. Test Tried to replicate your issue and I could not get Winbox to ...
by inteq
Sat Feb 01, 2020 11:02 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4147

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

What? You just want a plain switch? Why didn't You say sooner?
He said so right from the start.
Why do you think most of us are having fun here.
by inteq
Sat Feb 01, 2020 6:39 pm
Forum: General
Topic: Bring Tapatalk back
Replies: 26
Views: 3539

Re: Bring Tapatalk back

Never understood the need for Tapatalk.
Most forums these days are mobile friendly and we have bookmarks in browsers for some time now.
Why do people use it?
by inteq
Sat Feb 01, 2020 6:23 pm
Forum: General
Topic: Routing public IP addresses odd behaviour [SOLVED]
Replies: 9
Views: 1342

Re: Routing public IP addresses odd behaviour [SOLVED]

So, your /28 allow you to have 14 hosts.
As far as I can tell, you have a 123.123.123.16/28
You assign 123.123.123.17/28 to your bridge and 123.123.123.18/28 123.123.123.19/28 etc to clients behind the bridge.
Correct so far?
by inteq
Sat Feb 01, 2020 6:16 pm
Forum: General
Topic: Slow DHCP
Replies: 1
Views: 416

Re: Slow DHCP

Ehlo, 1. Identity has nothing to do with the name of your cabled network. See https://wiki.mikrotik.com/wiki/Manual:System/identity 2. Make sure you do not have another DHCP server in your LAN and leave ARP set to Enabled if you do not have any specific reason to set it otherwise. 3. If all else fai...
by inteq
Sat Feb 01, 2020 6:02 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4147

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

Don't go, please!
We don't have too many fun topics around here.
Please stay :(
by inteq
Fri Jan 31, 2020 12:32 pm
Forum: General
Topic: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?
Replies: 9
Views: 1565

Re: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?

Would be nice if the OS would change firewall rules and such without disconnecting the client.
No clue if it is possible or if it affects other stuff.
Then again, if you keep changing the name so many times, you are doing something wrong.
by inteq
Thu Jan 30, 2020 10:02 pm
Forum: General
Topic: Possible fix for hAP ac2 rebooting randomly
Replies: 103
Views: 16592

Re: Possible fix for hAP ac2 rebooting randomly

Had one location with a hAP ac2 with the same symptoms.
The owner was using a lousy power strip and of course, without an UPS.

Changed the power strip to a more sturdy one and added an UPS.
No more problems since.
by inteq
Thu Jan 30, 2020 2:23 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4147

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquite Unifi Network Switch

Thank you for the good laugh with "audio grade network switch". I needed that.
by inteq
Tue Jan 14, 2020 8:29 pm
Forum: RouterBOARD hardware
Topic: RB4011iGS+5HacQ2HnD ports and power issue
Replies: 1
Views: 2249

Re: RB4011iGS+5HacQ2HnD ports and power issue

The unit does not have the 1st 5 ports with PoE support. Only ether10 provides PoE out. I am thinking you are using an additional PoE capable switch that somehow does not negotiate power delivery as it should and it is causing the reboots. Just a guess. RB4011iGS does not have a WAN port. Any port c...
by inteq
Tue Jan 14, 2020 12:53 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 42
Views: 19520

Re: DHCP Offering Lease Without Success

I have this problem with lots of Mikrotik APs like RouterBOARD wAP G-5HacT2HnD and DHCP on routers like RB1100AHx4 and RB4011 AP without bridge gets an IP instantly on ether1. As soon as a bridge is created, no soup. The DHCP server is stuck on Offered To fix it I need to set STP Protocol Mode to No...
by inteq
Sun Jan 12, 2020 9:52 am
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 101
Views: 26109

Re: Add DNS over HTTPS (DoH) support

I might be a minority here, but all this DNS over https/TLS,etc, in my opinion, has nothing to do with user's privacy at all, but it has everything to do with making ad blocking and corporate filtering obsolete.
by inteq
Fri Jan 10, 2020 4:31 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 88
Views: 17056

Re: RB4011 and RB1100 AHx4 "bricks" randomly

Only one RB4011 (without WiFi) out of 12 crashed once with some process stuck.
None of RB1100AHx4 or RB1100AHx4 Dude Edition out of 19 crashed so far.
Also, bricking can happen to Mikrotiks, but it did not happen to me (yet) and if a power reset fixes it, it did not happen to you (yet).
by inteq
Fri Jan 10, 2020 7:02 am
Forum: General
Topic: Mikrotik LHG LTE kit test - video
Replies: 3
Views: 789

Re: Mikrotik LHG LTE kit test - video

Just bought some LTEs from Mikrotik and was looking for some reviews.
Forum topic is in English, Youtube video description is in English, Youtube audio...Hungarian...
by inteq
Wed Jan 08, 2020 4:15 pm
Forum: General
Topic: RSTP, Stability...
Replies: 2
Views: 485

Re: RSTP, Stability...

Hello,

1. Disable neighbor discovery
2. Make sure you did not copy the config from one switch to another, thus having the same mac somewhere
3. Use search
by inteq
Tue Jan 07, 2020 5:00 pm
Forum: Wireless Networking
Topic: low troughput
Replies: 4
Views: 1778

Re: low troughput

Your devices are connecting on 2.4 Ghz instead of 5 Ghz, thus lower speed.
Make sure your clients have 5 Ghz WiFi support and setup your MT APs accordingly.
Thought about replying in Latin, but being the start of a new year, I decided to play nice. (also, I suck at Latin)
by inteq
Wed Nov 20, 2019 6:41 am
Forum: Wireless Networking
Topic: CAPsMAN slow my WiFi down
Replies: 18
Views: 4839

Re: CAPsMAN slow my WiFi down

It is clear that using capsman slows down wifi a lot. No matter the config, capsman will be slower. No clue as to why yet and it seems, Mikrotik is also in the dark or they just don't care/know. If you really need that extra speed, ditch capsman and in the future Mikrotik. That is what I will do whe...
by inteq
Sun Nov 17, 2019 3:26 pm
Forum: RouterBOARD hardware
Topic: UPnP Error
Replies: 1
Views: 2271

Re: UPnP Error

"while the IP Address in the rules is set to the correct one" I am guessing you are forcing the IP instead of using interface.
Try using the interface without forcing IP.
Make sure the internal interface is set to your bridge not your actual etherX, if you are using a bridge.
by inteq
Sat Nov 09, 2019 7:25 pm
Forum: General
Topic: Un dispositivo Varias IP
Replies: 19
Views: 2331

Re: Un dispositivo Varias IP

Yeah, everyone should just post in their native language.
Those who respond, should do it in their native language also, specially if its another language entirely.
Let's prove Tower of Babel is viable!
/s
by inteq
Fri Nov 08, 2019 6:23 pm
Forum: Wireless Networking
Topic: Reboot capsman clients after RouterOS update
Replies: 1
Views: 1183

Reboot capsman clients after RouterOS update

All my Mikrotik WiFi setups are capsman managed. APs are getting the new update from the central capsman server and reboot after the update is done. But to also upgrade the firmware on the APs, a second reboot is required. Some deployments have 10+ APs and would be a pain to log into every one of th...
by inteq
Mon Nov 04, 2019 1:36 am
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 10
Views: 2759

Re: Slow speed through gre+ipsec tunnel

Test using iperf3 from a client behind each of your routers.
Not using the routers themselves.
by inteq
Fri Nov 01, 2019 5:10 pm
Forum: Scripting
Topic: delay a script by 4 seconds.
Replies: 6
Views: 2813

Re: delay a script by 4 seconds.

You want a delay after each entry from firewall is removed? Or after all entries are removed?
by inteq
Fri Nov 01, 2019 3:28 am
Forum: Scripting
Topic: delay a script by 4 seconds.
Replies: 6
Views: 2813

Re: delay a script by 4 seconds.

:delay 4000ms;
But I feel there is more to your question than a simple delay
by inteq
Thu Oct 31, 2019 3:17 am
Forum: General
Topic: Why the official Mikrotik.com site does use the Let's Encrypt?
Replies: 9
Views: 1473

Re: Why the official Mikrotik.com site does use the Let's Encrypt?

I still buy certificates for some clients, but lately, most of them issue 1 year certificates only. It is a hassle to renew manually so LE is a smart choice. For example, I just bought a 4 year extension for a client. My surprise: the certificate is valid only for 1 year, after which I have to reque...
by inteq
Thu Oct 31, 2019 3:10 am
Forum: General
Topic: WAN DHCP Lease Renew Abnormal with NBN
Replies: 10
Views: 1770

Re: WAN DHCP Lease Renew Abnormal with NBN

I admit I have not checked in a while under DHCP client, as 99% of RBs I manage have static IPs and not using debconf, but I recall a while back the default config was without any setting for ether1 under DHCP client. Any clue when this default changed? Or maybe I was just not paying attention and i...
by inteq
Thu Oct 31, 2019 3:02 am
Forum: General
Topic: Some Websites not working in HTTP but working in HTTPS
Replies: 3
Views: 771

Re: Some Websites not working in HTTP but working in HTTPS

Got this problem on some Aquantia 10 Gbps nics.
The solution was to disable "tcp/udp checksum offload" for IPv4 for the network card.
by inteq
Wed Oct 30, 2019 2:31 pm
Forum: Wireless Networking
Topic: Wanted to access my router from Internet using port forwarding, but it doesn't work
Replies: 4
Views: 1217

Re: Wanted to access my router from Internet using port forwarding, but it doesn't work

Input = connection made directly to the router Forward = connections made through the router Winbox is Input (running on router) Minecraft is Forward (running on a machine behind the router) To allow connections for your Winbox port you need an Allow rule under Filter Rules tab To allow connections ...
by inteq
Wed Oct 30, 2019 1:26 pm
Forum: Wireless Networking
Topic: Wanted to access my router from Internet using port forwarding, but it doesn't work
Replies: 4
Views: 1217

Re: Wanted to access my router from Internet using port forwarding, but it doesn't work

1. Just don't do that! Winbox port opened to internet is just asking for trouble. Setup a VPN on that router or at least setup an access list and only allow Winbox access from that list, not the whole internet.
2. IP/Services - check "Enabled From" for Winbox
3. This is Wireless forum
by inteq
Mon Oct 28, 2019 10:08 pm
Forum: General
Topic: Health information are different on same model switches
Replies: 13
Views: 1469

Re: Health information are different on same model switches

Contact support...
Support will be useless with: return the product or "it still does its job"
Had the same issue with two RB1100AHx4 Dude Edition, one of which was missing temperature readout.

My advice: just forget about it and don't expect too much from Mikrotik.
by inteq
Sat Oct 26, 2019 3:45 pm
Forum: Scripting
Topic: Netwatch up and down
Replies: 2
Views: 2229

Re: Netwatch up and down

Hello,

Netwatch should not and does not send multiple emails per incident.
It sends one on down and one on up.
If you get multiple emails, might be because your ports are flapping or your APs are restarting/crashing
by inteq
Sat Oct 26, 2019 3:04 pm
Forum: General
Topic: RouterOS SMB service
Replies: 3
Views: 787

Re: RouterOS SMB service

1. Login via Winbox 2. IP/Firewall. On Filter rules tab click on + to add a new rule 3. Add a rule like the one below. Change 192.168.100.109 with your whitelisted IP. On Action tab, select Accept as Action 1.png 4. Add a rule like the one below. Change 192.168.100.0/24 with your network subnet. On ...
by inteq
Sat Oct 26, 2019 2:43 pm
Forum: Beginner Basics
Topic: blocked ports
Replies: 11
Views: 1787

Re: blocked ports

Guessing you are trying to access a NVR outside your lan. Is there any other router in front of Mikrotik? I've got some strange issues in the past while using double NAT. If you are using upnp on local Mikrotik, try disabling it. Might interfere with the other device on your local lan also registeri...
by inteq
Thu Oct 24, 2019 2:15 am
Forum: General
Topic: RB4011iGS+ occasionally become inaccessible
Replies: 8
Views: 1668

Re: RB4011iGS+ occasionally become inaccessible

Got any auto-block rules in your firewall? Might get yourself blocked by mistake.
Rules like anti ddos, anti port scan, etc.
by inteq
Wed Oct 09, 2019 8:00 pm
Forum: General
Topic: Slow connection via mikrotik
Replies: 18
Views: 2891

Re: Slow connection via mikrotik

The 1st device, the one from your ISP is set to bridge or routing?
Put it in bridge mode.

Any Mikrotik device, even if drunk, on fire and beaten with a club (all at the same time) can handle 8 Mbps.
by inteq
Wed Aug 14, 2019 1:02 pm
Forum: General
Topic: RB100AHx4 - High speed torrent freezing browsing
Replies: 1
Views: 658

Re: RB100AHx4 - High speed torrent freezing browsing

It seems it is indeed caused by a router on the ISP side, because every website and service hosted inside the ISP network is working just fine when "the freezing" happens. Even direct peering/cdn like youtube and gmail work just fine. Anything that has to exit the ISP network is busted tho for ~2 mi...
by inteq
Tue Aug 13, 2019 3:44 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 Revisions
Replies: 17
Views: 6227

Re: S+RJ10 Revisions

2 x 2.07 revision modules in a CSS326 used as pass-through for testing @ 1 Gbps until the 10 Gbps nics arrive. Without active cooling, the darn things get to 70 Celsius fast. Can barely touch them. With active cooling, a small 40x20mm Noctua fan right on top of the modules blowing down and another 4...
by inteq
Mon Aug 12, 2019 10:08 am
Forum: Scripting
Topic: Add PPPOE Client IP-Address to Address List
Replies: 1
Views: 1411

Re: Add PPPOE Client IP-Address to Address List

IP/Cloud
Enable DDNS
Add that DDNS to a dynamic address list entry with fqdn not IP.
When the IP changes, the address list entry will update to the new IP automatically.
by inteq
Mon Aug 12, 2019 10:02 am
Forum: General
Topic: Netwatch Problem
Replies: 3
Views: 734

Re: Netwatch Problem

Increase timeout in netwatch.
I am monitoring some IPSec tunnels with netwatch and daily I get false alarms. Then again, my timeout is 1000 ms (normal reply of tunnels is 2-5ms)
by inteq
Fri Aug 09, 2019 5:44 pm
Forum: General
Topic: RB100AHx4 - High speed torrent freezing browsing
Replies: 1
Views: 658

RB100AHx4 - High speed torrent freezing browsing

Hello, Been having this problem for some time now. Using Mikrotik's RB1100AHx4 Dude Edtition with a PPPoE connection. It happens randomly when downloading a torrent with many seeds close to 1 Gbps and can last about 2 minutes after the download has finished. And by random I mean I just tested downlo...
by inteq
Thu Aug 01, 2019 10:15 pm
Forum: Wireless Networking
Topic: Station - Connect to best AP
Replies: 1
Views: 525

Re: Station - Connect to best AP

viewtopic.php?t=80905 might get you going. Haven't tested.
by inteq
Wed Jul 24, 2019 9:21 pm
Forum: RouterBOARD hardware
Topic: RB1100Ahx4 Dude Edition - Slow SATA speeds
Replies: 1
Views: 1371

Re: RB1100Ahx4 Dude Edition - Slow SATA speeds

In case anyone else is looking for an answer to this, Mikrotik responded with: Hello, For now, reading/writing to storage is a single-core process in RouterOS and, as the CPU resource screenshots show, they are reaching the maximum load. Unfortunately, our research has revealed that currently, it is...
by inteq
Wed Jul 24, 2019 9:17 pm
Forum: General
Topic: pppoe-1 not reconnecting
Replies: 9
Views: 1398

Re: pppoe-1 not reconnecting

Then change
if ($WanStat = "disconnected")
with
if ($WanStat = "terminating... - peer is not responding")
by inteq
Wed Jul 24, 2019 3:54 pm
Forum: General
Topic: pppoe-1 not reconnecting
Replies: 9
Views: 1398

Re: pppoe-1 not reconnecting

Disconnect the cable again. The one from the phone line to ADSL modem, not the one between ADSL modem and MIkrotik.
On Winbox, open the terminal and paste:
/interface pppoe-client monitor PPPoE1

Change PPPoE1 with your value
What is the Status value when the cable is unplugged?
by inteq
Wed Jul 24, 2019 12:36 pm
Forum: Wireless Networking
Topic: CAPsMAN 5GHz data rates problem
Replies: 2
Views: 848

Re: CAPsMAN 5GHz data rates problem

I would only keep one 5Ghz channel, like 36 for example.(for one AP setups) add band=5ghz-onlyac control-channel-width=20mhz extension-channel=eCee frequency=5200 \ name=CH40 tx-power=3 Remove control-channel-width=20mhz extension-channel=eCee and tx-power=3 add authentication-types=wpa-psk,wpa2-psk...
by inteq
Wed Jul 24, 2019 12:28 pm
Forum: Wireless Networking
Topic: Wifi Latency issue
Replies: 2
Views: 768

Re: Wifi Latency issue

Some sort of chipset power saving is my 1st option also for high latency on mobile phones while idle.
My Samsung Galaxy S9+ acts the same.
by inteq
Tue Jul 23, 2019 10:04 pm
Forum: Wireless Networking
Topic: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US
Replies: 11
Views: 1826

Re: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US

Retested with an Intel AC 8265 WiFi card in a Dell latitude laptop.
Funny thing: upload speed is lower than on my Samsung galaxy S9+ . About 150-200 Mbps lower.
Download speed is comparable.
The lesson here: not all wifi is equal, even if same standards.
Long live marketing and engineering deps.
by inteq
Tue Jul 23, 2019 6:59 am
Forum: General
Topic: pppoe-1 not reconnecting
Replies: 9
Views: 1398

Re: pppoe-1 not reconnecting

We assume your PPPoE interface is named PPPoE1 and the interface your modem/ONT/GPON is connected to is ether1. Change as needed. Create script checkpppoe :local WanName "PPPoE1" :local WanStat /interface pppoe-client monitor $WanName once do={ :set WanStat $status} if ($WanStat = "disconnected") do...
by inteq
Sun Jul 14, 2019 6:44 am
Forum: Wireless Networking
Topic: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US
Replies: 11
Views: 1826

Re: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US

I would: 1. check that all interfaces are really connected at 1 Gbps. Maybe change the patch cable to be sure even if 1 Gbps reported. 2. change laptop. maybe use a smartphone with Network Tools from he.net. It has iperf3 3. remove all country, indoor/outdoor, rates, queues and such. 4. use channel ...
by inteq
Sun Jul 14, 2019 12:22 am
Forum: Wireless Networking
Topic: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US
Replies: 11
Views: 1826

Re: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US

I would love to see higher throughput also, but 150 Mbps on 5 Ghz tells me there is something wrong on your setup or you have some interference. My RBwAPG-5HacT2HnD (non US) with a Samsung Galaxy S9+ phone can do ~300 Mbps download (with peaks at 400-410 Mbps for a very short time) and 450-500 Mbps ...
by inteq
Mon Jul 08, 2019 3:28 am
Forum: General
Topic: How do I allow DNS traffic from one VLAN to another? [SOLVED]
Replies: 9
Views: 1799

Re: How do I allow DNS traffic from one VLAN to another? [SOLVED]

I'm curious ... why would you implement DNS this way, vs just add PiHole to the IP > DNS? I am doing it this way because if I use the pi-hole as a DNS server directly and it ever goes offline, the whole DNS will be offline for the whole DHCP network. The way I described my setup, if the pi-hole goe...
by inteq
Sun Jul 07, 2019 6:07 pm
Forum: Beginner Basics
Topic: Cannot access Hikvision NVR remotely
Replies: 4
Views: 972

Re: Cannot access Hikvision NVR remotely

Maybe because the default port is 8000 and not 8080?
by inteq
Sun Jul 07, 2019 1:03 pm
Forum: General
Topic: How do I allow DNS traffic from one VLAN to another? [SOLVED]
Replies: 9
Views: 1799

Re: How do I allow DNS traffic from one VLAN to another? [SOLVED]

My setup with pi-hole is: replace 192.168.100.4 with your pi-hole IP and 176.103.130.130,176.103.130.131 DNS servers with yours On IP\DNS, setup the DNS server as the Pi-Hole private IP. Only one entry. /ip dns set allow-remote-requests=yes cache-max-ttl=1d servers=192.168.100.4 On pi-hole, setup th...
by inteq
Fri Jul 05, 2019 9:38 pm
Forum: General
Topic: M.2 Drive not Found RB1100AHx4 [SOLVED]
Replies: 2
Views: 524

Re: M.2 Drive not Found RB1100AHx4 [SOLVED]

2x SATA 3 compatible (supports 2242, 2260 and 2280 sizes, M-key
Does not support nvme SSDs.
by inteq
Thu Jul 04, 2019 4:49 pm
Forum: General
Topic: One Router, Two separate networks/internet connections
Replies: 1
Views: 414

One Router, Two separate networks/internet connections

Hello, I currently have one internet PPPoE line and planning to get an extra line with a fixed IP and a routed subnet. My small rack can barely fit an extra router so I was thinking to use my current RB1100AHx4 Dude for both internet lines. Connection 1 will be a fixed public IP with a routed subnet...
by inteq
Sat Jun 15, 2019 9:21 am
Forum: General
Topic: DROPPED
Replies: 1
Views: 457

Re: DROPPED

Search... hard stuff.
viewtopic.php?t=49133
by inteq
Thu Jun 06, 2019 8:34 am
Forum: RouterBOARD hardware
Topic: wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees
Replies: 2
Views: 909

Re: wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees

Maybe I should share my own hack - remove whole cover and temperature will be reduced even more! (what a surprise, right? :D ) The surprise would be if you could still attach the unit to a wall without the case. This is not a desk unit. As for the little holes, that was the 1st thing I tried. Barel...
by inteq
Tue Jun 04, 2019 10:52 pm
Forum: RouterBOARD hardware
Topic: wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees
Replies: 2
Views: 909

wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees

This can be an ugly "hack" without proper tools. For my use, looks don't matter too much. Of course, the warranty is lost, water can get in (only for indoor use) and it might not look so nice. Device: https://mikrotik.com/product/RBwAPG-5HacT2HnD Room temperature: ~25 degrees Celsius Device temperat...
by inteq
Sat May 18, 2019 5:21 am
Forum: Beginner Basics
Topic: Plex Media Server Remote Access - Port Forwarding
Replies: 16
Views: 2987

Re: Plex Media Server Remote Access - Port Forwarding

Use https://www.grc.com/x/ne.dll?bh0bkyd2 to test your ports. Plex is drunk most of the time.Their devs even more so. If you search on their forums you will find plenty of other users with this problem. If you did the port forward and https://www.grc.com/x/ne.dll?bh0bkyd2 shows 32400 open, there is ...
by inteq
Fri May 17, 2019 10:17 pm
Forum: Scripting
Topic: Netwatch script for firewall
Replies: 1
Views: 711

Re: Netwatch script for firewall

Try a comment without spaces in it.
Works just fine.
by inteq
Fri May 17, 2019 7:32 pm
Forum: General
Topic: IPSec Broken after upgrade to 6.44.3
Replies: 5
Views: 1031

Re: IPSec Broken after upgrade to 6.44.3

IPSec works just fine here with 6.44.3 on several routers/models. Did not see that error on any of them. The only only thing that might make a difference is that I went from 6.44.2 to 6.44.3 and not from 6.44.1 to 6.44.3. The only change I see in 6.44.3 since 6.44.1 is: *) ipsec - fixed freshly crea...
by inteq
Tue May 14, 2019 1:31 pm
Forum: Beginner Basics
Topic: VPN PPTP Passthrough Problem
Replies: 4
Views: 1275

Re: VPN PPTP Passthrough Problem

Mikrotik has its own PPTP server. I would use that one instead of the one on the SBS. In case you have user accounts on SBS, setup a Radius server on SBS and authenticate from Mikrotik. In case you want to keep the PPTP server on SBS, make sure you do not have it active on Mikrotik as well. Would al...
by inteq
Mon May 13, 2019 3:14 pm
Forum: General
Topic: compared to the Internet speed
Replies: 2
Views: 682

Re: compared to the Internet speed

Some ISPs have different bandwidth restrictions for metropolitan/national and "the rest"
If at branch office you have 2 Mbps no matter the destination, you are out of luck. No VPN will help you.
At least this is what I understood you are asking.
by inteq
Mon May 13, 2019 10:16 am
Forum: Wireless Networking
Topic: Very slow 2.4Ghz Wifi
Replies: 3
Views: 1002

Re: Very slow 2.4Ghz Wifi

A "general issue" based on?
I have never seen this issue on any of my Mikrotik APs.
This is a forum. When "But thankfully it has been resolved" is usually nice to say how it has been resolved, so the next person might find such info.
by inteq
Thu May 09, 2019 12:17 pm
Forum: Wireless Networking
Topic: Very slow 2.4Ghz Wifi
Replies: 3
Views: 1002

Re: Very slow 2.4Ghz Wifi

Try and scan your location for other APs.
If you have Android, try https://play.google.com/store/apps/deta ... nt.usurvey
If it was fine until now, maybe some new AP is causing interference.
Change your channel to a less crowded one. Disable Extension Channel for 2.4 Ghz. Might help.
by inteq
Mon May 06, 2019 11:05 am
Forum: General
Topic: victim of attack PPPOE
Replies: 10
Views: 1453

Re: victim of attack PPPOE

Might not be your case, but many users are having problems with pppoe-client looping.
Who knows, it might be the same in your case, a stuck in a loop mikrotik router trying to connect to your pppoe server.
See: viewtopic.php?f=2&t=121047 for example.
by inteq
Mon May 06, 2019 10:59 am
Forum: General
Topic: Resetting admin access
Replies: 6
Views: 704

Re: Resetting admin access

You cannot reset only the admin password, even if you have physical access to the hardware.
Only option: factory reset. (or wait for another WinBox security flaw and learn to exploit it :) )
by inteq
Mon May 06, 2019 1:37 am
Forum: General
Topic: Frequent PPPoE terminations
Replies: 11
Views: 2777

Re: Frequent PPPoE terminations

I only see it after a reboot/firmware update. It is also very random. One reboot it could work, the next one might not. Thus, I wrote a small script to disable the physical port (ether1 in my case) when the pppoe client has the status "disconnected" and enable it back after several seconds. It fixes...
by inteq
Fri May 03, 2019 12:17 pm
Forum: Scripting
Topic: Script to verify incoming IP address and block it in firewall (add to address list)
Replies: 4
Views: 924

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Most Telco providers can assign static IPs for SIM cards (for an extra cost)
This is the way I am allowing SIP access for some mobile clients.
by inteq
Fri May 03, 2019 12:08 pm
Forum: Scripting
Topic: Interface Script on condition! [SOLVED]
Replies: 3
Views: 757

Re: Interface Script on condition! [SOLVED]

Easy way:
Assign each vpn client a static IP in PPP/Secrets/Remote Address
Go to Tools/Netwatch and add a rule for each IP you want.
In UP paste:
/interface set disabled=no ether2
In DOWN paste:
/interface set disabled=yes ether2
Set the timeout to 00:00:05 for 5 seconds or less.
by inteq
Fri May 03, 2019 11:58 am
Forum: General
Topic: Help: Allow only Facebook by domain
Replies: 10
Views: 1112

Re: Help: Allow only Facebook by domain

Then allow internet access only to port 80 and 443 and drop the rest to limit p2p usage.
You can also limit your users by download size to save bandwidth.
by inteq
Thu May 02, 2019 8:29 pm
Forum: General
Topic: Dynamic address lists security hole
Replies: 5
Views: 862

Re: Dynamic address lists security hole

At the moment all routers are using new DNS servers that do not exhibit this problem. Will switch one router for testing and save details. I have not checked the entry in address-list but in DNS cache and it was showing 0.0.0.0/0. The machine I was connecting from had an IP that was not supposed to ...
by inteq
Thu May 02, 2019 11:26 am
Forum: General
Topic: Dynamic address lists security hole
Replies: 5
Views: 862

Re: Dynamic address lists security hole

Checking the DNS cache on routers still using the problematic DNS servers, it is 0.0.0.0/0
For the moment I switched DNS servers on all routers, but who knows, it might happen again in the future with other servers.
by inteq
Wed May 01, 2019 10:36 pm
Forum: General
Topic: CCR1072 vs Oem İ9-9900K
Replies: 13
Views: 1836

Re: CCR1072 vs Oem İ9-9900K

Efficient for me means best buck for best performance&features/watt.
If this means the same to you, get the Mikrotik.
For just routing and NAT, an i3 can handle 10 Gbps with lots of room to spare. An i9 9900k is just for show and to heat the room during winter.
by inteq
Wed May 01, 2019 11:18 am
Forum: General
Topic: RouterOS 6.44.x pppoe client issue
Replies: 9
Views: 1470

Re: RouterOS 6.44.x pppoe client issue

Using PPPoE client at home with ROS 6.44.3.
Haven't seen any packet loss.
pppoe.png
by inteq
Tue Apr 30, 2019 1:27 pm
Forum: General
Topic: Dynamic address lists security hole
Replies: 5
Views: 862

Dynamic address lists security hole

Hello, Being having this problem for some time and looking for an alternative. Situation I have some entries in address lists for a few dynamic DNS entries. Based on those entries, some access is given. The problem Lately, the DNS servers for a big ISP I am using do not update the ddns when the IP c...
by inteq
Tue Apr 30, 2019 12:57 am
Forum: General
Topic: RB3011UiAS-RM short speed test 200Mb/s download
Replies: 1
Views: 414

Re: RB3011UiAS-RM short speed test 200Mb/s download

Congratulations.
I mean I am glad you are happy, but I am not seeing what you are seeing based on https://mikrotik.com/product/RB3011UiAS ... estresults
by inteq
Mon Apr 29, 2019 9:38 pm
Forum: General
Topic: clients disconnecting from the 5GHz network after several minutes
Replies: 2
Views: 471

Re: clients disconnecting from the 5GHz network after several minutes

I am thinking about some firewall rule that is misbehaving and dropping connections. Something like a DDoS filter that sees the client as a ddoser and blocks it?
Just a wild guess. No info about your setup as none was provided.
Try /export from terminal and edit out what is not needed.
by inteq
Mon Apr 29, 2019 12:35 am
Forum: General
Topic: [SOLVED] UPnP seems not working with PPPoE
Replies: 10
Views: 5134

Re: [SOLVED] UPnP seems not working with PPPoE

Thank you for the info @stunpix It is a bug indeed, because only by following your steps it started working for me. "I deleted all upnp internal/external interfaces, then I disabled upnp by unchecking it and finally I pushed Apply button in upnp dialog. Then I enabled upnp, pushed Apply button and o...
by inteq
Thu Apr 18, 2019 7:26 pm
Forum: RouterBOARD hardware
Topic: RB1100Ahx4 Dude Edition - Slow SATA speeds
Replies: 1
Views: 1371

RB1100Ahx4 Dude Edition - Slow SATA speeds

Hello, Using a couple of RB1100AHx4 Dude Edition routers in several locations. The reason I bought the Dude Edition was mainly for proxy caching and in a few locations for simple centralized SMB storage. Not so much for the Dude itself. On the product page it states: The RB1100AHx4 Dude edition feat...
by inteq
Sat Mar 30, 2019 5:56 am
Forum: General
Topic: Feature Request: NUT Client
Replies: 26
Views: 7775

Re: Feature Request: NUT Client

+ for MT NUT client support
by inteq
Sat Mar 02, 2019 12:33 am
Forum: General
Topic: Frequent PPPoE terminations
Replies: 11
Views: 2777

Re: Frequent PPPoE terminations

This topic was the 1st result so posting here. In the same boat with my RB1100AHx4 Dude using PPPoE. Randomly, after a clean reboot or firmware upgrade, the PPPoE connection will loop forever. The only fix is to reboot again or disable/enable the interface connecting to the GPON. I have never experi...
by inteq
Tue Feb 19, 2019 6:35 pm
Forum: Scripting
Topic: Script to Disable Physical Interface in Mikrotik Router
Replies: 2
Views: 463

Re: Script to Disable Physical Interface in Mikrotik Router

And if WAN 1 comes back how would you check, if it is disabled? Search for another way. This is not it.
by inteq
Thu Feb 14, 2019 8:41 pm
Forum: Scripting
Topic: Running a script on PPP session up
Replies: 2
Views: 909

Re: Running a script on PPP session up

Create a profile for each user.
Run the script via the profile on up/down
Or maybe I did not understood your question?
by inteq
Tue Feb 12, 2019 10:03 am
Forum: General
Topic: Config Review - Security Conscience Home User
Replies: 19
Views: 2064

Re: Config Review - Security Conscience Home User

On the contrary, you want to have this drop at very beginning of forward (and input) chain so that trespassers get dropped also for services which otherwise are available to the public. If not, then there's no point in collecting addresses in the address list. Thank you for the correction. I guess ...
by inteq
Tue Feb 12, 2019 7:52 am
Forum: Announcements
Topic: v6.43.12 [stable] is released!
Replies: 49
Views: 18422

Re: v6.43.12 [stable] is released!

After updating from .11 to .12, one RB1100AHx4 (the only one on PPPoE) would not connect via PPPoE at all. Kept looping Initializing, connecting, terminating, disconnected for more than 5 minutes.
One more reboot and it connected instantly.
by inteq
Tue Feb 12, 2019 7:44 am
Forum: General
Topic: Config Review - Security Conscience Home User
Replies: 19
Views: 2064

Re: Config Review - Security Conscience Home User

I would put add action=add-src-to-address-list address-list=\ "Black List (Port Scanner LAN)" address-list-timeout=4w2d chain=forward \ comment="Add TCP port scanner to Port Scanner (LAN) list." in-interface=\ ether1 log=yes log-prefix="Add_Black List (Port Scanner LAN)" protocol=\ tcp psd=21,3s,3,1...
by inteq
Sun Feb 10, 2019 8:40 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 7
Views: 6098

Re: Duplicate packet drop error - OpenVPN

Most people running ovpn on MT have this error. Nobody knows why or how to fix it. Only how to hide it in logs. So your setup is OK. I have it on all MT routers I am running or tested ovpn on. Please stop responding if you have no input on the matter just to say "i think, it's because your connectio...
by inteq
Sun Feb 10, 2019 10:32 am
Forum: General
Topic: ip phone and/or audio headset attached to Mikrotik
Replies: 6
Views: 1233

Re: ip phone and/or audio headset attached to Mikrotik

I would setup a PBX like FreePBX on one site or anywhere you like really. On all others sites create rules on your MTs to only allow connections from a list of your sites to the PBX Use a VoIP phone that can be mounted vertically like https://www.cisco.com/c/en/us/products/collaboration-endpoints/sm...
by inteq
Sat Feb 09, 2019 7:32 pm
Forum: General
Topic: Proxy causes 100% load on only 30mbit bandwidth?
Replies: 1
Views: 727

Re: Proxy causes 100% load on only 30mbit bandwidth?

So to not start another thread on the same topic, I am also seeing this behavior, but with caching, on a RB1100AHx4. I download a file with wget via https to cache it in the 1st place. I download the same file via http and the speed is limited to max 40 MBps. CPU on MT is ~25% during the download. T...
by inteq
Mon Jan 14, 2019 2:17 am
Forum: General
Topic: Src. Address List - does not working
Replies: 3
Views: 470

Re: Src. Address List - does not working

I was afraid I skipped so many versions.
it is 6.43.8.
No problems with source lists
by inteq
Wed Sep 12, 2018 3:26 am
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2463

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

I don't know where you live, but in Europe at least, ambient office temperature is 25 deg. Celsius, of course with A.C. during Summer and Winter. ( we exclude people that think A.C is a government conspiracy to kill them or people that think A.C. is not safe for them. Let them roast in peace. ) Keep...
by inteq
Tue Sep 11, 2018 9:46 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2463

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

Sometimes low temperatures increase failure rate. You can read papers about optimal HDDs temperatures. Actually going below 35 deg increases average failure rate of HDDs. https://en.wikibooks.org/wiki/Minimizing_Hard_Disk_Drive_Failure_and_Data_Loss/Environmental_Control I understand what you are s...
by inteq
Tue Sep 11, 2018 6:01 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2463

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

I'm not sure whether quad core ARM 1.4 ghz requires such cooling tho... You could at least try to mount low profile fan on the inside to keep U1 size compliance lol A small fan like that would not do anything cooling wise. Placebos don't work for electronics. Some racks are housed in data centers, ...
by inteq
Tue Sep 11, 2018 8:03 am
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2463

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

Without reading the documentation and seeing the router has SATA, I thought it had 5V and 12V SATA. I was wrong. It only has 5V. Nevertheless, I bought 2 Noctua 120mm 12V fans, went and laser cut the case and this is the result: 20180904_132652.jpg 20180904_132621.jpg 20180830_220312.jpg 20180904_14...
by inteq
Thu Sep 06, 2018 3:47 am
Forum: General
Topic: MT PPTP+Radius on Synology [SOLVED]
Replies: 1
Views: 546

Re: MT PPTP+Radius on Synology [SOLVED]

Found the missing " , " The PPP profile I setup for the PPTP server had "Use encryption" set to "default" It seems the Windows 10 VPN client can connect without encryption, while Windows 7 and the Android clients cannot (by default) To fix this, I setup "Use encryption" to "required". Error: [mschap...
by inteq
Thu Sep 06, 2018 3:27 am
Forum: General
Topic: MT PPTP+Radius on Synology [SOLVED]
Replies: 1
Views: 546

MT PPTP+Radius on Synology [SOLVED]

Hello, Been scratching my head for some time with this problem. PPTP server setup and working on a MT RB1100AHx4. All the user accounts are already setup on a Synology NAS, so I have installed and enabled the Radius package on Synology. Setup the Radius server information on MT. Now, on a remote Win...
by inteq
Thu Aug 09, 2018 2:32 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude - missing temperature sensor
Replies: 0
Views: 464

RB1100AHx4 Dude - missing temperature sensor

I have two RB1100AHx4 Dudes for a deployment and I have noticed one of them is missing the temperature sensor, or at least is not displayed in WinBox.
I do not recall anything in settings I could have switched off/on by mistake to disable the sensor.
Any hints?
mt-sensor.png
by inteq
Tue Jul 24, 2018 10:05 am
Forum: General
Topic: Router compromised [SOLVED]
Replies: 21
Views: 5902

Re: Router compromised [SOLVED]

Got at least one MT hacked also from 95.154.216.151 and mikrotik.php (empty it seems) uploaded.
by inteq
Thu Jul 20, 2017 2:27 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 124214

Re: Blacklist Filter update script

Thank you for the script, but I have to say that, as least in my limited testing, I stumbled upon too many blocked gmail servers. I couldn't even send an email from my gmail account to my corporate address. The worst part is that gmail somehow didn't even alert me that the message did not go through...
by inteq
Mon Oct 24, 2016 7:55 am
Forum: Scripting
Topic: Script to convert dynamic to static address list
Replies: 6
Views: 3095

Re: Script to convert dynamic to static address list

Another way, for all lists: # Convert dynamic to static in address-lists so dynamic records do not get deleted after a router reboot. :local comment :local address :local list :local disabled :local found :set found 0; /ip firewall address-list :foreach a in=[find] do={ :if ([get $a dynamic] = true)...
by inteq
Tue Oct 18, 2016 10:06 am
Forum: General
Topic: Web Proxy
Replies: 4
Views: 988

Re: Web Proxy

If you want a decent proxy with good cache that also has a nice feature called Update Accelerator, try IPFire on an x86 machine with minimum two nics.
Update Accelerator simplifies cache management for Windows updates, Linux updates as well as several other programs.
IPFire is a router distro OS.
by inteq
Mon Oct 17, 2016 7:46 pm
Forum: General
Topic: New Ethernet port flap issue enquiery, PLS JOIN!
Replies: 247
Views: 89578

Re: New Ethernet port flap issue enquiery, PLS JOIN!

Will post here, so I won't start a new thread. Just started getting port flaps on my RB1100AHx2. So far, port 2. I noticed slow speeds on the server connected to port 2 so I ran a cli speed test. As soon as the download speed test started, the port went down. It came up shortly. Ran the test again a...
by inteq
Wed Apr 27, 2016 11:28 pm
Forum: General
Topic: Poor (ridiculously) performance on two CCR1072
Replies: 54
Views: 8194

Re: Poor (ridiculously) performance on two CCR1072

I had a similar situation with a MT router, but the problem was a missing "secret" update on Windows 7/2008 R2.
Only Windows machines were exhibiting the behavior, while Linux boxes were not.
So does not apply to you. Wish I had something to help you with.
by inteq
Wed Apr 27, 2016 9:35 pm
Forum: General
Topic: Poor (ridiculously) performance on two CCR1072
Replies: 54
Views: 8194

Re: Poor (ridiculously) performance on two CCR1072

Both test machines are running Linux/Unix?
by inteq
Mon Feb 22, 2016 5:47 am
Forum: General
Topic: Basic setup of CCR-1009-8G-1S router
Replies: 2
Views: 4665

Re: Basic setup of CCR-1009-8G-1S router

Have you read http://wiki.mikrotik.com/wiki/Manual:In ... figuration ?
"First RouterOS version: ccr1009" :)
by inteq
Mon Feb 22, 2016 5:39 am
Forum: General
Topic: How to fetch this url every 1 min.
Replies: 2
Views: 1412

Re: How to fetch this url every 1 min.

1.Using WinBox, create a script:
:log info "Updating DDNS";
/tool fetch url="https://yourddnsprovider.com/blablah";
name the script update-ddns

2.Using WinBox, create a schedule:
/system script run update-ddns
by inteq
Sat Feb 20, 2016 9:01 am
Forum: General
Topic: Winbox Question
Replies: 2
Views: 420

Re: Winbox Question

I don't have to save anything.
After a reboot or if I close and reopen WinBox, the last setup is always displayed.
Maybe WinBox cannot write it's settings in the folder you are running it?
by inteq
Sat Feb 20, 2016 8:16 am
Forum: General
Topic: RB1100AHx2 slowed to a crawl
Replies: 5
Views: 1133

Re: RB1100AHx2 slowed to a crawl

Enable connection tracking and see what is doing what?
by inteq
Wed Feb 17, 2016 8:26 am
Forum: General
Topic: What's your router UPTIME?
Replies: 4
Views: 1043

Re: What's your router UPTIME?

And security patches?
On MT, upgrades are very fast and easy to apply via WinBox.
I wouldn't trade 1 min loss of service for security. That is if that router actually has a public facing interface.
If used internally, by all means :)
by inteq
Sun Feb 14, 2016 8:48 pm
Forum: General
Topic: connection tracking cause packet loss!
Replies: 2
Views: 592

Re: connection tracking cause packet loss!

Tracking is set to Auto or Enabled?
I have it on Auto with ~100k connections and an older MT and I do not have this problem.
Do you have any firewall rules to limit icmp based on time/amount?
by inteq
Sun Feb 14, 2016 4:40 am
Forum: General
Topic: HTTP and HTTPS not working for a single host
Replies: 3
Views: 810

Re: HTTP and HTTPS not working for a single host

Maybe that website has some filters? Maybe it uses something like Fail2Ban and somehow your requests are seen as an attack and are getting blocked? On the other hand it seems they are using cloudfare. There might be some problem with cloudfare somehow blocking your access or not having the whole cac...
by inteq
Sun Feb 14, 2016 3:14 am
Forum: General
Topic: Accept some countries to connect
Replies: 2
Views: 862

Re: Accept some countries to connect

If you want to deny some contries: You should grab the zone(s) for the desired country from http://www.ipdeny.com/ipblocks/ Convert them to a Mikrotik format like: /ip firewall address-list add list=blacklist address=1.2.3.4 comment=BadCountry Setup a script on MT to import the file(s) from a http/f...
by inteq
Sun Feb 14, 2016 2:19 am
Forum: General
Topic: RB493G Performance Issue
Replies: 4
Views: 1447

Re: RB493G Performance Issue

I am sorry i cannot help you with your specific problem, but just a friendly reminder MBps is not Mbps.
Getting those two mixed can get confusing.
by inteq
Sat Feb 13, 2016 7:38 am
Forum: General
Topic: RB493G Performance Issue
Replies: 4
Views: 1447

Re: RB493G Performance Issue

Maybe try http://forum.mikrotik.com/viewtopic.php?f=2&t=104555
I had the same problem.
PS: There will come a day when we will be able to do 250 MBps but not just now.
by inteq
Tue Feb 09, 2016 7:08 am
Forum: General
Topic: SMTP mass mailing interception
Replies: 2
Views: 693

Re: SMTP mass mailing interception

The client has his own Mail Server? Or he uses the ISP one? If he has his own, just block all outgoing on tcp 25, 587 to all other destinations but his SMTP Server IP and filter/tarpit from there. You can also monitor outgoing connections on 25 and 587 and if more than x connections in 1 minute, add...
by inteq
Sun Feb 07, 2016 6:37 pm
Forum: General
Topic: [SOLVED] Slow HTTP download
Replies: 7
Views: 6657

Re: Slow HTTP download

I am happy to report that I found the reason for slow HTTP downloads in Windows 7 (Windows 2008 server also seems to be affected) Straight from the horse's mouth: https://support.microsoft.com/en-us/kb/2675785 In plain english: If between location A and location B you have very good latency (1-8 ms)...
by inteq
Sat Feb 06, 2016 9:47 pm
Forum: General
Topic: [SOLVED] Slow HTTP download
Replies: 7
Views: 6657

Re: Slow HTTP download

Hello, Thank you for the replies and ideas. Will try them and get back with details. Believe me or not, I spent all day today trying to get to the bottom of this. Long story short: using Ubuntu 14, or 15 Desktop, HTTP downloads are always full speed. By full speed I mean ~90-100 MBps, depending on s...
by inteq
Fri Feb 05, 2016 2:58 pm
Forum: General
Topic: [SOLVED] Slow HTTP download
Replies: 7
Views: 6657

[SOLVED] Slow HTTP download

Hello, See http://forum.mikrotik.com/viewtopic.php?f=2&t=104555#p520164 for solution Using RB1100AHx2 with RoS 3.34. No NAT, just routing with public IPs. Problem. Downloads from a server behind a RB1100AHx2 using HTTP on port 80 to another host on the outside are limited to ~15MBps. Testing is done...
by inteq
Thu Oct 01, 2015 11:00 pm
Forum: General
Topic: SMTP connection limiting not working
Replies: 0
Views: 661

SMTP connection limiting not working

Hello, Using RoS 3.32.2. Before I switched to MikroTik. in the past I had some nasty problems with infected machines sending large number of spam messages in a short time frame via stolen accounts on the server. To be on the safe side, now I want to implement some counter measures in advance. Readin...
by inteq
Tue Sep 29, 2015 6:37 pm
Forum: RouterBOARD hardware
Topic: How often can I write to MT flash?
Replies: 1
Views: 700

How often can I write to MT flash?

Hello, I am in the process of developing my own aggregated blacklist gathered from several MikroTik routers. As far as I know, writing to the router's flash/storage too often is not a good thing for it's longevity. The question is: how often is too often? At the moment I am thinking of aggregating t...
by inteq
Tue Sep 29, 2015 1:56 am
Forum: Scripting
Topic: limit export to one or two address-list?
Replies: 3
Views: 1834

Re: limit export to one or two address-list?

Found the solution! http://forum.mikrotik.com/viewtopic.php?t=16411#p160122
/ip firewall address-list print file=SomeFileName where list="SomeAddressListName"
by inteq
Mon Sep 28, 2015 7:18 pm
Forum: Scripting
Topic: limit export to one or two address-list?
Replies: 3
Views: 1834

Re: limit export to one or two address-list?

Any news on this?
I too would like to be able to export only a particular address-list for automation.(without copy paste)
I managed to convert all dynamic records to static on a schedule so this is not a problem.
Still no luck?
by inteq
Wed Sep 16, 2015 6:47 pm
Forum: Scripting
Topic: [SOLVED] Update address-list record for dynamic IP
Replies: 0
Views: 1094

[SOLVED] Update address-list record for dynamic IP

Hello, What I am trying to achieve Allow incoming connections at location A from an IP that is dynamic at location B, using address-list. Every 5-10 minutes, run a script that pings hostname.no-ip.org and updates the address-list record with the new IP if it is changed. What I have so far The host b...
by inteq
Fri Jul 31, 2015 9:43 am
Forum: General
Topic: RB1100AHx2 - slow upload
Replies: 2
Views: 832

Re: RB1100AHx2 - slow upload

Thank you for the reply and idea.
My router does not crash (yet)
Just configured debug logging to memory.
by inteq
Sun Jul 26, 2015 8:32 am
Forum: General
Topic: RB1100AHx2 - slow upload
Replies: 2
Views: 832

RB1100AHx2 - slow upload

Hello, Being using RB1100AHx2 for several months and just started to have some problems. Since RoS 6.30 I am seeing very slow speeds while uploading to a device behind RB1100AHx2 from an external host. Both locations on gigabit. When the slowdown occurs, I can barely get 5-6 MB/s. To temporary fix t...
by inteq
Tue Mar 10, 2015 9:49 pm
Forum: RouterBOARD hardware
Topic: 1100AHX2 fans
Replies: 7
Views: 2491

Re: 1100AHX2 fans

Thank you for the clarification. Indeed, I missed the part about fans in the manual. Nevertheless, I think it is not the best choice, given that one fan at full speed will fail faster than two fans at moderate speed. Not to mention the noise. Then again, I am not a hardware designer/engineer, so I c...
by inteq
Tue Mar 10, 2015 5:09 am
Forum: RouterBOARD hardware
Topic: Two fans simultaneously on CCR1016 series?
Replies: 18
Views: 3912

Re: Two fans simultaneously on CCR1016 series?

Same problem with 1100AHX2.
I joined the two fans with a cable and plugged it into main.
Now both works in the same time.
Just wondering if this is intended or a malfunction.
by inteq
Tue Mar 10, 2015 5:04 am
Forum: RouterBOARD hardware
Topic: 1100AHX2 fans
Replies: 7
Views: 2491

Re: 1100AHX2 fans

So, judging by the lack of replies, I am the only one in this boat?
by inteq
Wed Mar 04, 2015 8:42 am
Forum: Beginner Basics
Topic: Transparent proxy for SIP
Replies: 4
Views: 1800

Re: Transparent proxy for SIP

Wouldn't be much easier to setup a VPN on MikroTik and connect to it?
That way you will have an IP from your country.
by inteq
Sun Mar 01, 2015 5:37 pm
Forum: Beginner Basics
Topic: traceroute weirdeness
Replies: 0
Views: 669

traceroute weirdeness

Hello, Using RB1100AHX2, ROS 6.27. One direct connected IP and a /29 subnet. No NAT, No firewall, No QoS, No extra routes, No BGP or similiar. Problem From any linux machine on the /29 subnet behind the router, traceroute behaves weird. Meaning: ~# traceroute google.com traceroute to google.com (82....
by inteq
Fri Feb 27, 2015 5:18 am
Forum: RouterBOARD hardware
Topic: 1100AHX2 fans
Replies: 7
Views: 2491

1100AHX2 fans

Hello, Quick question regarding the two fans on 1100AHX2. I have noticed that only one fan is working at any given time so I opened the case to investigate (brand new unit) I see two fans, each with it's own plug on the router board. If I unplug one fan, after one second the other fan will start. If...
by inteq
Thu Feb 26, 2015 7:31 pm
Forum: Beginner Basics
Topic: RB1100AHx2 - Routing performance
Replies: 2
Views: 1305

Re: RB1100AHx2 - Routing performance

Just got the unit and did a some basic tests at home, on a residential internet, until I get to work. Setup the unit with P1 as WAN and P6 as LAN with NAT and DHCP on P6 Network basic diagram FO Converter @ 1 Gbps ---> Asus RT-AC68U 1 Gpbs (PPPoE account on WAN) --- > MikroTik RB1100AHx2 (P1) @ 1 Gb...
by inteq
Wed Feb 25, 2015 8:30 pm
Forum: Beginner Basics
Topic: RB1100AHx2 - Routing performance
Replies: 2
Views: 1305

RB1100AHx2 - Routing performance

Hello everyone, I am a new member in the Mikrotik family, so please, help me out with a question I am asking myself. I have 5 Public IPs, currently routed by the ISP My ISP keeps changing the IPs so I am thinking to purchase a small subnet of 8 IPs and route them with a RB1100AHx2 (http://routerboar...