Community discussions

MikroTik App

Search found 239 matches

by inteq
Thu Oct 29, 2020 11:39 pm
Forum: The Dude
Topic: MikroTik RB1100AHx4 Dude Edition
Replies: 1
Views: 102

Re: MikroTik RB1100AHx4 Dude Edition

Winbox/Dude/Services
Double click on your RB1100AHx4 DE and change the agent
by inteq
Mon Oct 26, 2020 7:21 pm
Forum: The Dude
Topic: RB1100AHx4 DE vs CHR
Replies: 0
Views: 139

RB1100AHx4 DE vs CHR

Hello, Been using The Dude for about 2 years now on a RB100AHx4 Dude Edition. Lots of false positives, unbelievable high latency recorded and unstable upgrade of ROS devices. No crashes. Decided to switch to a CHR VM running on ESXi 7/Supermicro server. Moved the db to the CHR and beside having to r...
by inteq
Wed Oct 21, 2020 4:30 am
Forum: Wireless Networking
Topic: Audience as CAP Configure all 3 radios
Replies: 2
Views: 186

Re: Audience as CAP Configure all 3 radios

You can have only two configurations/provisioning rules. Set the provisioning for 5Ghz to 00:00:00:00:00:00 instead of the MAC of each CAP. One for 2.4 and one for 5Ghz The trick is to not select a frequency for 5Ghz and have the 3rd wlan enabled on the Audience. You might also need to set the band ...
by inteq
Tue Oct 20, 2020 2:13 pm
Forum: Wireless Networking
Topic: Low speed through CAPSMAN [SOLVED]
Replies: 3
Views: 266

Re: Low speed through CAPSMAN [SOLVED]

No clue why I see this recommendation so often or why it works for some people (if not placebo) but in all my setups with wAP local-forwarding=yes or no, makes absolutely no difference. Same speed. max 400Mbps download max 500Mbps upload. Just tested this again on a wAP AC. One SSID with local-forwa...
by inteq
Fri Oct 16, 2020 6:20 pm
Forum: RouterBOARD hardware
Topic: hAP ac³
Replies: 22
Views: 1667

Re: hAP ac³

I know professionals with cool expensive toys will laugh their asses off, but this is the best I can do: one smartphone with WiFiman from Ubiquiti. wAP ac and Samsung Galaxy S9+ 1. Direct line of sight at 3 meters distance wap1.png 2. Behind a 19 cm thick concrete wall at 6 meters distance wap2.png ...
by inteq
Fri Oct 16, 2020 4:33 pm
Forum: The Dude
Topic: Dude dead again?
Replies: 5
Views: 1017

Re: Dude dead again?

6.47.4 and zero crashes on a RB1100AHx4 Dude Edition.
Have some issues with it, like remote upgrades getting stuck on upload all the time, but crashing is not one of them.
by inteq
Thu Oct 15, 2020 10:04 pm
Forum: RouterBOARD hardware
Topic: hAP ac³
Replies: 22
Views: 1667

Re: hAP ac³

Thank you @andriys for point this out. Indeed, you are correct.
I have briefly tested with only one concrete wall between the ac3 and the client and noticed the same behavior.
Tomorrow I will test this more thoroughly and get back with details in an up to 4 thick concrete walls location.
by inteq
Thu Oct 15, 2020 3:47 am
Forum: RouterBOARD hardware
Topic: hAP ac³
Replies: 22
Views: 1667

Re: hAP ac³

Tested today my first hAP ac3 Not impressed. Not even one bit. Same exact performance as hAP ac2, in a body twice the size, more expensive and with two useless antennae. Tested a hAP ac2, a wAP ac and the new hAP ac3 in the exact same location with an Intel AX200 client, direct line of sight at ~3-4...
by inteq
Tue Oct 06, 2020 2:00 am
Forum: RouterBOARD hardware
Topic: New haP ac2 became a brick
Replies: 18
Views: 5247

Re: New haP ac2 became a brick

Long shot but try repeatedly to put it in netinstall. And I mean 20-30 times.
Had two routerboards which I had to do this. Managed to fix them this way.

later edit: more then one month since original post. My bad. Maybe helps someone else in the future.
by inteq
Mon Oct 05, 2020 11:48 am
Forum: Wireless Networking
Topic: Audience throughput wifi problem
Replies: 6
Views: 1162

Re: Audience throughput wifi problem

4 Audience units without meshing in a building with 4 floors. 1 unit / floor. All 4 units CAP clients to a RB1100AHx4. Internet: 1 Gbps up/down fiber. Client: Intel AX200 and Samsung Galaxy S9+ wlan1 2Ghz 2 chains: ~90 Mbps up and down (might push more, but only 20 Mhz enabled) wlan2 5Ghz 2 chains: ...
by inteq
Fri Oct 02, 2020 1:12 am
Forum: Wireless Networking
Topic: Two CapaCs, Roaming Between them Optimized.
Replies: 4
Views: 353

Re: Two CapaCs, Roaming Between them Optimized.

I would not use access lists for WiFi.
Rejecting a client with it will disconnect any WiFi call.
I can "roam" just fine between access points without access list reject based on signal and keep my call.
by inteq
Wed Sep 30, 2020 9:51 pm
Forum: RouterBOARD hardware
Topic: hAP ac³
Replies: 22
Views: 1667

Re: hAP ac³

Even professionals call them modem because they got used to speaking with non-tech customers that only knows this terminology. Try talking to your average Joe and tell them about ONU/ONT. You just tell them modem and they know what you are talking about. No point in correcting them or explaining. Yo...
by inteq
Sun Sep 20, 2020 5:29 am
Forum: General
Topic: hAP ac2 over heated vent holes mod
Replies: 16
Views: 952

Re: hAP ac2 over heated vent holes mod

I am all for mods, but ffs, stop this facebook crap.
I will not touch a facebook link even with a ten foot pole.
by inteq
Mon Sep 07, 2020 10:02 pm
Forum: General
Topic: IPsec passthrough issue (WiFi Calling)
Replies: 2
Views: 598

Re: IPsec passthrough issue (WiFi Calling)

Using WiFi calling with default UDP timeouts and no problems here. Not with your provider tho.
by inteq
Fri Sep 04, 2020 3:54 am
Forum: The Dude
Topic: Upgrade stuck on uploading
Replies: 0
Views: 157

Upgrade stuck on uploading

I usually end up upgrading manually each site, but I would really like to get to the bottom of this. The Dude is installed on a RB1100AHx4 Dude Edition on the factory SATA SSD. I select the RBs 1st and "Upgrade to 6.47.3" or whatever the version might be. 99% of the time the uploads will get stuck, ...
by inteq
Tue Sep 01, 2020 3:04 am
Forum: General
Topic: Script doesn't works
Replies: 4
Views: 250

Re: Script doesn't works

/tool e-mail send to=me@server.com subject="Something" body="Blahblah";
by inteq
Wed Aug 26, 2020 4:55 pm
Forum: Scripting
Topic: Check if list is empty
Replies: 2
Views: 216

Re: Check if list is empty

After scratching my neuron a bit I came up with this Create a script that runs every 10 minutes or so: :local listcount ([/ip firewall address-list print count-only where list~"allowed-countries"]) :if ( $listcount = 0 ) do={ /tool fetch "https://api.telegram.org/botX:Y/sendmessage?chat_id=MyID&text...
by inteq
Wed Aug 26, 2020 1:04 pm
Forum: Scripting
Topic: Check if list is empty
Replies: 2
Views: 216

Check if list is empty

Hello, Need to filter some services by country. Using the following script to download and create a list: ip firewall address-list :local update do={ :do { :local data ([:tool fetch url=$url output=user as-value]->"data") :local array [find dynamic list=allowed-countries] :foreach value in=$array do...
by inteq
Tue Aug 25, 2020 1:51 pm
Forum: General
Topic: DNS TIMEOUT
Replies: 6
Views: 319

Re: DNS TIMEOUT

Both employees and guests networks are using the same DNS server or different ones? I bet not, thus guests having no problems.
Are you using any king of QoS? Maybe double check it. Might cut off DNS.
Are you using any king of rate limiting or "ddos" protection? Try disabling.
by inteq
Fri Aug 14, 2020 4:23 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

A new RB4011, bought last August, just died. No link on any port. Reset not working. Just keeping track here :) later edit: How I unbricked this RB4011 The RB had no link on any port. Reset to factory defaults did nothing. Could not put it into netinstall mode. So I took it apart to check for visibl...
by inteq
Wed Aug 12, 2020 4:09 am
Forum: General
Topic: Netwatch DNS Resolution
Replies: 1
Views: 516

Re: Netwatch DNS Resolution

I use this to check a DNS server and change mikrotik's DNS server if it fails :local PrimaryDNS "1.2.3.4"; :local BackupDNS "9.9.9.9,149.112.112.112"; :local TestDomain "google.com"; :local ConfiguredDNS [/ip dns get servers]; :if ($ConfiguredDNS = $PrimaryDNS) do={ :do {:put [:resolve $TestDomain s...
by inteq
Thu Jul 30, 2020 10:07 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

And another RB4011 with 100% CPU usage on one core without traffic, just waiting to crash. And another useless response from support with "netinstall blah blah blah" after I sent them supout.rif I guess up time and letting the client actually use the devices they pay for is an unknown for Mikrotik, ...
by inteq
Thu Jul 23, 2020 1:22 pm
Forum: General
Topic: Router Startup Problem
Replies: 2
Views: 588

Re: Router Startup Problem

Are you working for some optician business trying to get some sales going?
See https://wiki.mikrotik.com/wiki/Manual:Netinstall
by inteq
Wed Jul 22, 2020 1:58 pm
Forum: General
Topic: Renew License
Replies: 1
Views: 475

Re: Renew License

Are you able to login to https://mikrotik.com/client/login ?
Just tested on a CHR and everything works
by inteq
Fri Jul 17, 2020 7:28 pm
Forum: General
Topic: Wanted switch....
Replies: 1
Views: 603

Re: Wanted switch....

wanted.jpg
by inteq
Thu Jul 16, 2020 11:55 am
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

Re: 3 routers in a row defective possible?

Will setup with arp-ping=yes and interval=100ms and get back with details.
ping gatewayIP arp-ping=yes interface=ether1 interval=100ms
Thank you.
by inteq
Thu Jul 16, 2020 9:50 am
Forum: General
Topic: firefox 78.0.2 can not connect to mikrotik sites ...
Replies: 10
Views: 2348

Re: firefox 78.0.2 can not connect to mikrotik sites ...

I would not touch FF with a ten foot pole, but for you, I ran the portable FF 78.0.2 and I see no problem.
mt.png
by inteq
Thu Jul 16, 2020 8:59 am
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

Re: 3 routers in a row defective possible?

No BGP.
Just ISP > ONT > Mikrotik.
Direct connected IP on one ether and a subnet on another ether.
The netwatch and script is run on Mikrotik

Simple diagram
1.png
by inteq
Thu Jul 16, 2020 12:53 am
Forum: General
Topic: Protect RouterBOOT
Replies: 2
Views: 654

Re: Protect RouterBOOT

Format=no license. At least this was the case the last time I checked, a looong time ago.
If you want a clean device, use netinstall
If for some strange reason you really need to format, 1st ask at support@mikrotik.com explaining what you want to do and why.
by inteq
Wed Jul 15, 2020 10:46 pm
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

Re: 3 routers in a row defective possible?

This is getting a bit ridiculous. I setup a 4th Mikrotik in the location, a RB1100AHx4 Dude Edition. Problem still persists. I bought a P-Unlimited CHR license and setup RouterOS inside ESXi on a Supermicro server equipped with Intel X722 nics. Problem still persists. Setup a Netwatch to call a trac...
by inteq
Sat Jul 11, 2020 6:07 pm
Forum: General
Topic: Block outbound BPDU
Replies: 1
Views: 590

Re: Block outbound BPDU

Disable STP on the bridge.
by inteq
Sat Jul 11, 2020 6:02 pm
Forum: General
Topic: firefox 78.0.2 can not connect to mikrotik sites ...
Replies: 10
Views: 2348

Re: firefox 78.0.2 can not connect to mikrotik sites ...

Not sure, but I am guessing something with Firefox and by default enabled DoH in it.
by inteq
Sun Jul 05, 2020 5:14 pm
Forum: General
Topic: Blocking Torrent and P2P on RouterOS 6.44 and above
Replies: 5
Views: 7244

Re: Blocking Torrent and P2P on RouterOS 6.44 and above

Far from 100% but you can try a VM with pihole, intercept all DNS requests while blocking external DNS requests and use a blocklist with popular torrent trackers. Monitor pihole queries and add the missing ones. If this is for a business network, put HR to work. Notify employees and 1st strike you a...
by inteq
Sat Jul 04, 2020 12:15 am
Forum: General
Topic: VPN immediately disconnecting after authentication (Windows 10 client) [SOLVED]
Replies: 3
Views: 1067

Re: VPN immediately disconnecting after authentication [SOLVED]

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.
by inteq
Fri Jul 03, 2020 6:22 pm
Forum: General
Topic: 13Mbps for 480 students network?
Replies: 16
Views: 3161

Re: 13Mbps for 480 students network?

To be frank, only when I read "13Mbps lease line cost us USD3716.32/month" I thought that something is wrong and looked at the date.
by inteq
Thu Jun 25, 2020 7:36 pm
Forum: General
Topic: ping problem
Replies: 8
Views: 1268

Re: ping problem

Disable firewall on one of the machines that does not respond to ping. If you have Windows machines, open a command prompt and run: netsh advfirewall show allprofiles state Make sure the results are as in the image below: fw.png If ping works with firewall disabled, enable the firewall and create a ...
by inteq
Thu Jun 25, 2020 4:43 am
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

Re: 3 routers in a row defective possible?

Reinstalled the 3rd RB1100AHx4 tonight and did not have to wait longer than 2 hours for the first interruption. This time it lasted 2 minutes as reported by Dude. So far used 4 different factory crimped ethernet cables and one cat 6 made by me. /interface ethernet print stats taken after the 1st inc...
by inteq
Wed Jun 24, 2020 1:13 pm
Forum: General
Topic: RB1100AHx2 inconsistent CPU usage reported
Replies: 1
Views: 523

Re: RB1100AHx2 inconsistent CPU usage reported

Mikrotik responded with:
Hello

We have determined that this is a cosmetic issue that was introduced in v6.47 on some specific routers. We will try to resolve this problem as soon as possible.

Best regards
by inteq
Wed Jun 24, 2020 12:16 pm
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

Re: 3 routers in a row defective possible?

@sob I have tried without the Drop invalid rule when @tippenring suggested here https://forum.mikrotik.com/viewtopic.php?f=2&t=162627&p=801420#p801383. No change. @sindy Will have to reinstall the RB1100AHx4 to be able to check /interface ethernet print stats but if I recall there were some RX error...
by inteq
Tue Jun 23, 2020 9:59 pm
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

Re: 3 routers in a row defective possible?

To recap, 3 routerboards in a pure routing config, no NAT, no DHCP, no STP and even tested without a bridge: random packet loss lasting from couple of seconds to 1 minute. Did a test with only one interface setup with a public IP, without routing or anything else plugged into it: random packet loss....
by inteq
Tue Jun 23, 2020 1:44 am
Forum: General
Topic: Intermittent loss of packets.............argg
Replies: 28
Views: 4751

Re: Intermittent loss of packets.............argg

@anav
Found anything interesting?
by inteq
Sat Jun 20, 2020 7:34 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

And a new RB1100AHx4 started crashing. 2nd time today.
crash.png
by inteq
Sat Jun 20, 2020 10:48 am
Forum: General
Topic: Block gamers UDP traffic
Replies: 14
Views: 2813

Re: Block gamers UDP traffic

If the location is a business and the request comes straight from the top, imho the only viable solution is per computer screen monitoring after all employees have been notified. You get caught gaming, you are out. Trying to cover all bases on the router is a cat and mouse game. And we all know Jerr...
by inteq
Sat Jun 20, 2020 10:10 am
Forum: General
Topic: Stop making customers lab rats
Replies: 47
Views: 8627

Re: Stop making customers lab rats

Another 5 still pending investigation with lots of packet loss and 3 just quit working out of warranty. I'm curious, on your routers experiencing packet loss, do you have a firewall rule that drops invalids in the forward chain? If so, I'd be curious to see what happens if you disable that rule. Wi...
by inteq
Sat Jun 20, 2020 10:06 am
Forum: General
Topic: Stop making customers lab rats
Replies: 47
Views: 8627

Re: Stop making customers lab rats

Folosesti si switchuri Mikrotik ? Using switches also, but very few, so cannot really comment on those. Two CSS326. Both "modded" with two fans: one on the rear for air intake and one internal, blowing down on S+RJ10 modules. No problems with them besides crazy SPF+ modules temperatures. Two RB260G...
by inteq
Sat Jun 20, 2020 1:16 am
Forum: General
Topic: Stop making customers lab rats
Replies: 47
Views: 8627

Re: Stop making customers lab rats

Reality is: Mikrotik should do a better job at quality control. A lot better. I am in far from a big Mikrotik client with around ~ 100 routers and ~200 access points, but still I had to RMA close to 10 routers for various reasons, ranging from DoA to flapping ports and mysterious crashes. Another 5 ...
by inteq
Thu Jun 18, 2020 5:24 pm
Forum: General
Topic: Bridge throughput problem
Replies: 1
Views: 451

Re: Bridge throughput problem

I would say because generating data is using a lot of CPU cycles, which your APs are in short supply. Thus, lower throughput.
by inteq
Wed Jun 17, 2020 11:32 pm
Forum: General
Topic: RB1100AHx2 inconsistent CPU usage reported
Replies: 1
Views: 523

RB1100AHx2 inconsistent CPU usage reported

Hello, The only RB1100AHx2 left in use is showing some strange CPU usage. Tool/Profile is showing consistent 100% CPU usage while System/Resources is showing almost constant 0% with small spikes to 1-2%. The unit is monitored with Dude, where the router shows again close to no CPU usage. Any clue if...
by inteq
Wed Jun 17, 2020 11:18 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

Sending supout is in vain. They will just reply with a standard "Connect a serial cable to this device, open serial console and make sure that you have successfully connected to RouterOS CLI. . No I don't think sending supout in this case is in vain. More feedback will result in improvement. If tha...
by inteq
Wed Jun 17, 2020 10:42 am
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

Re: 3 routers in a row defective possible?

Sorry for bump, but this one is strange. Installed the 2nd RB1100AHx4 (the one purchased after the 1st RB4011) in another location. Same provider, same FTTH tech. 2 weeks already and absolutely stable. No packet loss at all. Setup a PC with intel nic in place of 3rd RB1100AHx4, in the problematic lo...
by inteq
Wed Jun 17, 2020 10:14 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 30366

Re: DNS over HTTPS

In my opinion, doh is the first example of how much mikrotik cares about the safety of its users and other initiatives in this direction are welcome. Don't be fooled into thinking DoH provides any "safety" for users. I mean don't do stupid stuff online just because you have DoH enabled then act sur...
by inteq
Wed Jun 17, 2020 3:00 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

After few days or weeks, they just brick. I am very pissed off that mikrotik is pretty much ignoring this issue. . Please send Mikrotik supout and return them for repair if Mikrotik diagnose the issue as hardware issue. The more reports and investigations the better it will be long term. Sending su...
by inteq
Mon Jun 15, 2020 4:16 pm
Forum: RouterBOARD hardware
Topic: Mysterious Chateau CAT18
Replies: 5
Views: 1403

Re: Mysterious Chateau CAT18

Was expecting to see some castle with some state of the art cabling.
by inteq
Tue Jun 02, 2020 12:50 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

And again on a RB4011iGS+RM
crash.png
Hi,

What should i configure to get result as above? i mean automatically reboot after crash

regards,
M
Not 100% sure, but I guess that is handled by Watchdog under System.
by inteq
Mon Jun 01, 2020 11:55 am
Forum: General
Topic: 3 routers in a row defective possible?
Replies: 20
Views: 3458

3 routers in a row defective possible?

Hello, So I have a FTTH location where internet drops completely between 10 seconds to 2 minutes, at random times, for 1-4 times a day. Nothing in logs. No link downs on interface. Online UPS. 1st router: a RB4011. Because the router crashed couple of times, I thought those random internet dropouts ...
by inteq
Sun May 17, 2020 2:40 pm
Forum: General
Topic: ROS 6.x LOG display problem with high resolution and scaling
Replies: 9
Views: 2398

Re: ROS 6.x LOG display problem with high resolution and scaling

The issue is from at least 2013, if not from the beginning. ( viewtopic.php?t=77074 )
Still present in May 2020
by inteq
Tue May 12, 2020 11:13 pm
Forum: General
Topic: Winbox - router does not support secure connection
Replies: 4
Views: 1658

Re: Winbox - router does not support secure connection

I would try to do a netinstall and start from scratch.
For some reason, I am thinking about a hacked router in this case.
by inteq
Tue May 12, 2020 11:04 pm
Forum: General
Topic: RB1100AHx4 queries for www.mikrotik.com
Replies: 6
Views: 1498

Re: RB1100AHx4 queries for www.mikrotik.com

As I said: "The DNS on the router is not enabled.", thus no clients behind the router can cause this.
Somehow, the router itself queries for www.mikrotik.com
by inteq
Tue May 12, 2020 10:25 pm
Forum: General
Topic: RB1100AHx4 queries for www.mikrotik.com
Replies: 6
Views: 1498

RB1100AHx4 queries for www.mikrotik.com

Hello I have a RB1100AHx4 that sends lots of queries for www.mikrotik.com The DNS on the router is not enabled. No NAT, only routing. No scripts, no netwatch and I am unable to find the reason why this router queries www.mikrotik.com so much. As soon as I flush DNS cache, the record pops back in. qu...
by inteq
Fri May 08, 2020 6:53 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

Setup Dude to monitor CPU on all 4011s
So far only two have issues but tired of this.
Starting to replace all 4011. Not worth the trouble.
cpu.png
by inteq
Sun May 03, 2020 3:22 pm
Forum: The Dude
Topic: Add CAPSMAN devices with same IP but behind different agents
Replies: 0
Views: 962

Add CAPSMAN devices with same IP but behind different agents

Hello, My search came up empty so asking here. Setup a Dude Server on a RB1100AHx4 Dude Edition. Now, I need to monitor several locations with Mikrotik APs in CAPSMAN mode. I can add the APs in 1st location just fine, but on 2nd, 3rd, etc location, because APs have the same private IPs as on the 1st...
by inteq
Fri Apr 24, 2020 8:36 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

And again on a RB4011iGS+RM
crash.png
by inteq
Sun Mar 15, 2020 5:02 pm
Forum: General
Topic: 3CX NAT when using 2 Servers
Replies: 18
Views: 4638

Re: 3CX NAT when using 2 Servers

I have 2 3CX servers with firewall test failed on WUI, but everything works just fine for 3 years now. If you don't have any problems with RTP and calls, just ignore it. Me thinks 3CX is a bit dumb in that regard. Hi! are you using different ports for RTP on both servers? bests, Christian No. Using...
by inteq
Thu Mar 12, 2020 9:40 pm
Forum: Wireless Networking
Topic: Really disappointed in the lack of support. Evolved 3G Really?
Replies: 14
Views: 5138

Re: Really disappointed in the lack of support. Evolved 3G Really?

I'm fearing you're spreading some more FUD here ... No reason to fear. I said 4G LTE is just marketing and not real, true 4G. I am talking speed wise. You replied with "Actually its the other way around" and I asked "What is the other way around?" Are you stating that 4G LTE = real 4G? Again, I am ...
by inteq
Thu Mar 12, 2020 4:48 pm
Forum: Wireless Networking
Topic: Really disappointed in the lack of support. Evolved 3G Really?
Replies: 14
Views: 5138

Re: Really disappointed in the lack of support. Evolved 3G Really?

Actually its the other way around:
What is the other way around?
The discussion is about 4G LTE not "true" LTE.
by inteq
Thu Mar 12, 2020 11:46 am
Forum: Wireless Networking
Topic: Really disappointed in the lack of support. Evolved 3G Really?
Replies: 14
Views: 5138

Re: Really disappointed in the lack of support. Evolved 3G Really?

To reiterate what SiB stated:
4G LTE is technically 3G with some magic sprinkled on top. More precisely you can call it 3.95G.
The 4G in the name is only marketing. A bit like what AT&T did with their fake 5G E logo.
by inteq
Mon Mar 09, 2020 1:25 pm
Forum: General
Topic: UPNP -> which port are open?
Replies: 7
Views: 2364

Re: UPNP -> which port are open?

You can test your upnp with https://www.xldevelopment.net/upnpwiz.php ( https://www.virustotal.com/gui/file/817 ... /detection )
The tool allows for test upnp rules creation on your router and it works with mikrotik.
by inteq
Sun Mar 08, 2020 10:00 pm
Forum: General
Topic: UPNP -> which port are open?
Replies: 7
Views: 2364

Re: UPNP -> which port are open?

As freemannnn stated, you can see the automatically created rules in Firewall/NAT, with the comment starting with "upnp" If you do not see any such rules, go to IP/UPnP, disable the service, delete all your upnp interfaces and recreate them. Enable the service. See https://forum.mikrotik.com/viewtop...
by inteq
Fri Mar 06, 2020 8:26 am
Forum: Beginner Basics
Topic: Ping drops first 2-3 packets then low stable latency. [SOLVED]
Replies: 3
Views: 3797

Re: Ping drops first 2-3 packets then low stable latency. [SOLVED]

Can you observe the same high latency when you ping directly from your Mikrotik router? How about other machines connected to the router? Do you have arp enabled on your internal interfaces/bridges?
I recall seeing such behavior on infected machines and networks with arp poisoning.
by inteq
Thu Mar 05, 2020 9:26 pm
Forum: Beginner Basics
Topic: I can't ping from an OVPN
Replies: 2
Views: 1911

Re: I can't ping from an OVPN

Try:

On Site A
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.2.0/24 \
    src-address=192.168.1.0/24

On Site B
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.1.0/24 \
    src-address=192.168.2.0/24
by inteq
Sat Feb 29, 2020 6:55 pm
Forum: General
Topic: Winbox - Open in new window makes text smaller
Replies: 0
Views: 1890

Winbox - Open in new window makes text smaller

Hello, First time today I have used the Winbox feature "Open in new window". Useful feature and saves a few clicks when opening many sessions. Nevertheless, with "Open in new window" ticked, the text in the new window is a lot smaller. oinw.png I can zoom in, but it seems the zoom level is not saved...
by inteq
Sat Feb 29, 2020 6:19 am
Forum: General
Topic: RB1100AHx4 crash every 20 - 40 days [SOLVED]
Replies: 17
Views: 6329

Re: RB1100AHx4 crash every 20 - 40 days [SOLVED]

The question is: are you using an UPS for your rack/router?
Normally, the log "system,error,critical router was rebooted without proper shutdown" is the result of power loss and not an actual error/crash.
by inteq
Fri Feb 28, 2020 11:19 am
Forum: General
Topic: RB1100AHx4 crash every 20 - 40 days [SOLVED]
Replies: 17
Views: 6329

Re: RB1100AHx4 crash every 20 - 40 days [SOLVED]

viewtopic.php?f=2&t=149062

"Power users" use search.
by inteq
Wed Feb 26, 2020 9:05 am
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

There are services 24*7, i can't reboot it every day...

I see. But if you prefer bricking... it is better a 30 sec outage for reboot in the night....
We prefer a fix. Rebooting every night ain't one. I hope you don't do that to your users.
by inteq
Tue Feb 25, 2020 8:25 am
Forum: General
Topic: 3CX NAT when using 2 Servers
Replies: 18
Views: 4638

Re: 3CX NAT when using 2 Servers

I have 2 3CX servers with firewall test failed on WUI, but everything works just fine for 3 years now.
If you don't have any problems with RTP and calls, just ignore it.
Me thinks 3CX is a bit dumb in that regard.
by inteq
Sun Feb 23, 2020 8:17 pm
Forum: Beginner Basics
Topic: How could I detect malware in my LAN
Replies: 6
Views: 2130

Re: How could I detect malware in my LAN

Tested on a simple firewall with 1st rule Accept established and related packets and 2nd rule Drop invalid packets (in forward section) I have the log rule as 3rd and it works just fine. Works with and without FastTrak and as long as the connection is forwarded. Test with another port, like 443 to b...
by inteq
Fri Feb 21, 2020 10:27 pm
Forum: RouterBOARD hardware
Topic: Diagnosing RB1100Ahx2 noise situation
Replies: 1
Views: 2636

Re: Diagnosing RB1100Ahx2 noise situation

Get an Y fan splitter and connect both fans to main if you want lower noise.
That is what I did on all AHx2 units.
by inteq
Fri Feb 21, 2020 8:20 pm
Forum: Scripting
Topic: IP block in mikrotik at specific time
Replies: 2
Views: 1984

Re: IP block in mikrotik at specific time

Not enough information.
You want to block access to cameras from within your local network or prevent access to them from internet?
Cameras are connected to your NVR Ethernet ports or to your dumb switch?
by inteq
Fri Feb 21, 2020 8:08 pm
Forum: General
Topic: Not full gigabit speed
Replies: 1
Views: 1003

Re: Not full gigabit speed

While testing your bandwidth, start a Tools/Profile to check if your CPU cores are not being fully utilized.
You can also test your Mikrotik's bandwidth here: viewtopic.php?f=2&t=104266
by inteq
Thu Feb 13, 2020 5:08 pm
Forum: Scripting
Topic: Diabling a DHCP server
Replies: 6
Views: 2378

Re: Diabling a DHCP server

https://wiki.mikrotik.com/wiki/Manual:S ... ter_values

But for most entries with a identifier, you can use the name instead:

/ip dhcp-server disable default
/ip dhcp-server enable default
Thank you. Good info.
by inteq
Thu Feb 13, 2020 1:31 pm
Forum: Scripting
Topic: Diabling a DHCP server
Replies: 6
Views: 2378

Re: Diabling a DHCP server

You should never use numerical index in scripts.
Any particular reason?
by inteq
Thu Feb 13, 2020 6:58 am
Forum: General
Topic: redirect ping public ip to 8.8.8.8
Replies: 5
Views: 1631

Re: redirect ping public ip to 8.8.8.8

What is the reason to port forward an ICMP packet to a DNS Server ?
Because everyone and their brother uses Google DNS as their default internet ping tester.
Then you would want it the other way around, Redirect icmp 8.8.8.8 to your IP
by inteq
Wed Feb 12, 2020 12:21 am
Forum: Beginner Basics
Topic: RB1100Hx2 basic setup
Replies: 9
Views: 2803

Re: RB1100Hx2 basic setup

Believe me...I have...tried...to read....your...question 3....times...but I....was...unable....to focus...and....understand...it.
by inteq
Wed Feb 12, 2020 12:11 am
Forum: Scripting
Topic: How to get IP address through CAPsMAN?
Replies: 4
Views: 2322

Re: How to get IP address through CAPsMAN?

Scripting is out of the question, as with every run, all clients will be disconnected from WiFi. At least I was not able to find a way to avoid that. My solution. (viable only for small deployments or locations without many guests like hotels or public venues) 1. Open your DHCP server lease window a...
by inteq
Tue Feb 11, 2020 2:03 pm
Forum: General
Topic: redirect ping public ip to 8.8.8.8
Replies: 5
Views: 1631

Re: redirect ping public ip to 8.8.8.8

1.png
2.png
by inteq
Tue Feb 11, 2020 1:49 pm
Forum: General
Topic: Mikrotik Rack-mounted Devices Visio Stencils
Replies: 40
Views: 35307

Re: Mikrotik Rack-mounted Devices Visio Stencils

C'mon, these are not realistic representations!
At least part of the unit should be obscured by the mighty power LED. If your eyes are not sore when you look at it, it is not a genuine Mikrotik.
by inteq
Tue Feb 11, 2020 1:15 am
Forum: Scripting
Topic: Diabling a DHCP server
Replies: 6
Views: 2378

Re: Diabling a DHCP server

To disable
/ip dhcp-server disable 0
To enable
/ip dhcp-server enable 0
If you have multiple DHCP servers, use /ip dhcp-server print to find the number corresponding to your server.
by inteq
Sun Feb 09, 2020 3:52 pm
Forum: Scripting
Topic: Transfering Address list from a Mikrotik device to another one and update it
Replies: 1
Views: 1696

Re: Transfering Address list from a Mikrotik device to another one and update it

Looks to me you will need to export your dynamic list to a file. See https://forum.mikrotik.com/viewtopic.php?t=114683 for some examples. Upload that list to a FTP server and make them available via a http server. Grab the rsc and import it where you need it. See https://wiki.mikrotik.com/wiki/Manua...
by inteq
Sun Feb 09, 2020 3:40 pm
Forum: Scripting
Topic: Script to capture Whatsapp IPs
Replies: 3
Views: 3242

Re: Script to capture Whatsapp IPs

Do you have some sort of pi-hole on your network?
Data=0.0.0.0 looks like a pi-hole blocking access to that domain. (if type != unknown)
by inteq
Thu Feb 06, 2020 4:06 am
Forum: Wireless Networking
Topic: CAPsMAN Broken With 5Ghz AC?
Replies: 3
Views: 2409

Re: CAPsMAN Broken With 5Ghz AC?

For 5 Ghz, just do not set anything besides frequency and band on channel settings
Example
36.png
by inteq
Thu Feb 06, 2020 3:56 am
Forum: General
Topic: Feature request: ask confirm for every operation
Replies: 9
Views: 1300

Re: Feature request: ask confirm for every operation

If it is not enabled by default, nobody will enable it. If it is enabled by default, everyone will disable it. Including the OP. Have frequent backups. Script them and send them by email daily. If it is an important router, pay bloody attention. Also, there is "Safe Mode" if you really have such iss...
by inteq
Tue Feb 04, 2020 5:36 pm
Forum: General
Topic: DHCP response mishandled (?) by MT AP
Replies: 2
Views: 561

Re: DHCP response mishandled (?) by MT AP

Login with Winbox to your AP.
Open a terminal and paste:
export compact hide-sensitive file=myconfig
Paste the content of that file here
by inteq
Mon Feb 03, 2020 10:51 pm
Forum: General
Topic: How to disable promiscuous mode?
Replies: 2
Views: 880

Re: How to disable promiscuous mode?

The Packet Sniffer tool might put an ether in promiscuous mode?
by inteq
Mon Feb 03, 2020 5:44 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96599

Re: Add DNS over HTTPS (DoH) support

But the privacy/restriction problem will only move from the ISP resolver to the DoH resolver chosen. Whether that is an improvement, depends on the local situation. but at least the user has the choice of which DNS resolver to trust and it's obscured to the transit providers. The question is: will ...
by inteq
Mon Feb 03, 2020 11:56 am
Forum: General
Topic: DNS Servers possible bug [SOLVED]
Replies: 5
Views: 1219

Re: DNS Servers possible bug [SOLVED]

/ip dns set allow-remote-requests=yes cache-max-ttl=2d query-server-timeout=3s servers=192.168.1.111,208.67.220.220,1.1.1.1,8.8.8.8 is your problem. If your private DNS has response times in 100s of ms, most likely it is the worst performer of the bunch. Thus, it will only be queried as a last reso...
by inteq
Sun Feb 02, 2020 6:46 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

No queues or pppoe server/client.
Not even NAT. Just routing.
2nd time this one crashes and reboots
mt.png
by inteq
Sun Feb 02, 2020 3:58 pm
Forum: Scripting
Topic: weird behavior using Netwatch commands & scripts [SOLVED]
Replies: 3
Views: 3896

Re: weird behavior using Netwatch commands & scripts [SOLVED]

Try another way of using your pi-hole. No need to disable the NAT rule

viewtopic.php?f=2&t=149968&p=738612#p738526
by inteq
Sun Feb 02, 2020 3:52 pm
Forum: General
Topic: Device reporting "false port" using capsman
Replies: 2
Views: 585

Re: Device reporting "false port" using capsman

Might be that your DHCP is not assigning the same IP to the scanner host and/or wifi printer, thus the scanner host cannot connect to the printer.
Try to make the leases static.
by inteq
Sun Feb 02, 2020 3:47 pm
Forum: General
Topic: Routing public IP addresses odd behaviour [SOLVED]
Replies: 9
Views: 1661

Re: Routing public IP addresses odd behaviour [SOLVED]

Anything else I need to add? Yes. Several hours at least on https://wiki.mikrotik.com/wiki/Manual:TOC As I said earlier: So, your /28 allow you to have 14 hosts. From 1 to 17 there are more than 14 hosts If that 123.123.123.?/28 is a real public subnet, you can only use 14 hosts (IP addresses) If y...
by inteq
Sun Feb 02, 2020 11:39 am
Forum: General
Topic: Winbox 3.20 (both 64bit and 32bit) crashing on DNS filter
Replies: 5
Views: 1876

Re: Winbox 3.20 (both 64bit and 32bit) crashing on DNS filter

1. Backup your Addresses from Winbox 2. Go to %APPDATA%\Mikrotik\Winbox and delete everything. 3. Remove the contents of the folder where you have your winbox.exe and download the latest from mikrotik.com 3. Restore your Addresses 4. Test Tried to replicate your issue and I could not get Winbox to ...
by inteq
Sat Feb 01, 2020 11:02 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4833

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

What? You just want a plain switch? Why didn't You say sooner?
He said so right from the start.
Why do you think most of us are having fun here.
by inteq
Sat Feb 01, 2020 6:39 pm
Forum: General
Topic: Bring Tapatalk back
Replies: 32
Views: 4372

Re: Bring Tapatalk back

Never understood the need for Tapatalk.
Most forums these days are mobile friendly and we have bookmarks in browsers for some time now.
Why do people use it?
by inteq
Sat Feb 01, 2020 6:23 pm
Forum: General
Topic: Routing public IP addresses odd behaviour [SOLVED]
Replies: 9
Views: 1661

Re: Routing public IP addresses odd behaviour [SOLVED]

So, your /28 allow you to have 14 hosts.
As far as I can tell, you have a 123.123.123.16/28
You assign 123.123.123.17/28 to your bridge and 123.123.123.18/28 123.123.123.19/28 etc to clients behind the bridge.
Correct so far?
by inteq
Sat Feb 01, 2020 6:16 pm
Forum: General
Topic: Slow DHCP
Replies: 1
Views: 547

Re: Slow DHCP

Ehlo, 1. Identity has nothing to do with the name of your cabled network. See https://wiki.mikrotik.com/wiki/Manual:System/identity 2. Make sure you do not have another DHCP server in your LAN and leave ARP set to Enabled if you do not have any specific reason to set it otherwise. 3. If all else fai...
by inteq
Sat Feb 01, 2020 6:02 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4833

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

Don't go, please!
We don't have too many fun topics around here.
Please stay :(
by inteq
Fri Jan 31, 2020 12:32 pm
Forum: General
Topic: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?
Replies: 9
Views: 1828

Re: Changing PPPoE client name disconnects PPPoE and re-connects - WHY?

Would be nice if the OS would change firewall rules and such without disconnecting the client.
No clue if it is possible or if it affects other stuff.
Then again, if you keep changing the name so many times, you are doing something wrong.
by inteq
Thu Jan 30, 2020 10:02 pm
Forum: General
Topic: Possible fix for hAP ac2 rebooting randomly
Replies: 104
Views: 20144

Re: Possible fix for hAP ac2 rebooting randomly

Had one location with a hAP ac2 with the same symptoms.
The owner was using a lousy power strip and of course, without an UPS.

Changed the power strip to a more sturdy one and added an UPS.
No more problems since.
by inteq
Thu Jan 30, 2020 2:23 pm
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4833

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquite Unifi Network Switch

Thank you for the good laugh with "audio grade network switch". I needed that.
by inteq
Tue Jan 14, 2020 8:29 pm
Forum: RouterBOARD hardware
Topic: RB4011iGS+5HacQ2HnD ports and power issue
Replies: 1
Views: 2492

Re: RB4011iGS+5HacQ2HnD ports and power issue

The unit does not have the 1st 5 ports with PoE support. Only ether10 provides PoE out. I am thinking you are using an additional PoE capable switch that somehow does not negotiate power delivery as it should and it is causing the reboots. Just a guess. RB4011iGS does not have a WAN port. Any port c...
by inteq
Tue Jan 14, 2020 12:53 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 53
Views: 29194

Re: DHCP Offering Lease Without Success

I have this problem with lots of Mikrotik APs like RouterBOARD wAP G-5HacT2HnD and DHCP on routers like RB1100AHx4 and RB4011 AP without bridge gets an IP instantly on ether1. As soon as a bridge is created, no soup. The DHCP server is stuck on Offered To fix it I need to set STP Protocol Mode to No...
by inteq
Sun Jan 12, 2020 9:52 am
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96599

Re: Add DNS over HTTPS (DoH) support

I might be a minority here, but all this DNS over https/TLS,etc, in my opinion, has nothing to do with user's privacy at all, but it has everything to do with making ad blocking and corporate filtering obsolete.
by inteq
Fri Jan 10, 2020 4:31 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 157
Views: 31724

Re: RB4011 and RB1100 AHx4 "bricks" randomly

Only one RB4011 (without WiFi) out of 12 crashed once with some process stuck.
None of RB1100AHx4 or RB1100AHx4 Dude Edition out of 19 crashed so far.
Also, bricking can happen to Mikrotiks, but it did not happen to me (yet) and if a power reset fixes it, it did not happen to you (yet).
by inteq
Fri Jan 10, 2020 7:02 am
Forum: General
Topic: Mikrotik LHG LTE kit test - video
Replies: 3
Views: 972

Re: Mikrotik LHG LTE kit test - video

Just bought some LTEs from Mikrotik and was looking for some reviews.
Forum topic is in English, Youtube video description is in English, Youtube audio...Hungarian...
by inteq
Wed Jan 08, 2020 4:15 pm
Forum: General
Topic: RSTP, Stability...
Replies: 2
Views: 593

Re: RSTP, Stability...

Hello,

1. Disable neighbor discovery
2. Make sure you did not copy the config from one switch to another, thus having the same mac somewhere
3. Use search
by inteq
Tue Jan 07, 2020 5:00 pm
Forum: Wireless Networking
Topic: low troughput
Replies: 4
Views: 1933

Re: low troughput

Your devices are connecting on 2.4 Ghz instead of 5 Ghz, thus lower speed.
Make sure your clients have 5 Ghz WiFi support and setup your MT APs accordingly.
Thought about replying in Latin, but being the start of a new year, I decided to play nice. (also, I suck at Latin)
by inteq
Wed Nov 20, 2019 6:41 am
Forum: Wireless Networking
Topic: CAPsMAN slow my WiFi down
Replies: 18
Views: 6082

Re: CAPsMAN slow my WiFi down

It is clear that using capsman slows down wifi a lot. No matter the config, capsman will be slower. No clue as to why yet and it seems, Mikrotik is also in the dark or they just don't care/know. If you really need that extra speed, ditch capsman and in the future Mikrotik. That is what I will do whe...
by inteq
Sun Nov 17, 2019 3:26 pm
Forum: RouterBOARD hardware
Topic: UPnP Error
Replies: 1
Views: 2471

Re: UPnP Error

"while the IP Address in the rules is set to the correct one" I am guessing you are forcing the IP instead of using interface.
Try using the interface without forcing IP.
Make sure the internal interface is set to your bridge not your actual etherX, if you are using a bridge.
by inteq
Sat Nov 09, 2019 7:25 pm
Forum: General
Topic: Un dispositivo Varias IP
Replies: 19
Views: 2580

Re: Un dispositivo Varias IP

Yeah, everyone should just post in their native language.
Those who respond, should do it in their native language also, specially if its another language entirely.
Let's prove Tower of Babel is viable!
/s
by inteq
Fri Nov 08, 2019 6:23 pm
Forum: Wireless Networking
Topic: Reboot capsman clients after RouterOS update
Replies: 1
Views: 1339

Reboot capsman clients after RouterOS update

All my Mikrotik WiFi setups are capsman managed. APs are getting the new update from the central capsman server and reboot after the update is done. But to also upgrade the firmware on the APs, a second reboot is required. Some deployments have 10+ APs and would be a pain to log into every one of th...
by inteq
Mon Nov 04, 2019 1:36 am
Forum: General
Topic: Slow speed through gre+ipsec tunnel
Replies: 11
Views: 3804

Re: Slow speed through gre+ipsec tunnel

Test using iperf3 from a client behind each of your routers.
Not using the routers themselves.
by inteq
Fri Nov 01, 2019 5:10 pm
Forum: Scripting
Topic: delay a script by 4 seconds.
Replies: 6
Views: 4125

Re: delay a script by 4 seconds.

You want a delay after each entry from firewall is removed? Or after all entries are removed?
by inteq
Fri Nov 01, 2019 3:28 am
Forum: Scripting
Topic: delay a script by 4 seconds.
Replies: 6
Views: 4125

Re: delay a script by 4 seconds.

:delay 4000ms;
But I feel there is more to your question than a simple delay
by inteq
Thu Oct 31, 2019 3:17 am
Forum: General
Topic: Why the official Mikrotik.com site does use the Let's Encrypt?
Replies: 9
Views: 1661

Re: Why the official Mikrotik.com site does use the Let's Encrypt?

I still buy certificates for some clients, but lately, most of them issue 1 year certificates only. It is a hassle to renew manually so LE is a smart choice. For example, I just bought a 4 year extension for a client. My surprise: the certificate is valid only for 1 year, after which I have to reque...
by inteq
Thu Oct 31, 2019 3:10 am
Forum: General
Topic: WAN DHCP Lease Renew Abnormal with NBN
Replies: 10
Views: 2186

Re: WAN DHCP Lease Renew Abnormal with NBN

I admit I have not checked in a while under DHCP client, as 99% of RBs I manage have static IPs and not using debconf, but I recall a while back the default config was without any setting for ether1 under DHCP client. Any clue when this default changed? Or maybe I was just not paying attention and i...
by inteq
Thu Oct 31, 2019 3:02 am
Forum: General
Topic: Some Websites not working in HTTP but working in HTTPS
Replies: 3
Views: 916

Re: Some Websites not working in HTTP but working in HTTPS

Got this problem on some Aquantia 10 Gbps nics.
The solution was to disable "tcp/udp checksum offload" for IPv4 for the network card.
by inteq
Wed Oct 30, 2019 2:31 pm
Forum: Wireless Networking
Topic: Wanted to access my router from Internet using port forwarding, but it doesn't work
Replies: 4
Views: 1338

Re: Wanted to access my router from Internet using port forwarding, but it doesn't work

Input = connection made directly to the router Forward = connections made through the router Winbox is Input (running on router) Minecraft is Forward (running on a machine behind the router) To allow connections for your Winbox port you need an Allow rule under Filter Rules tab To allow connections ...
by inteq
Wed Oct 30, 2019 1:26 pm
Forum: Wireless Networking
Topic: Wanted to access my router from Internet using port forwarding, but it doesn't work
Replies: 4
Views: 1338

Re: Wanted to access my router from Internet using port forwarding, but it doesn't work

1. Just don't do that! Winbox port opened to internet is just asking for trouble. Setup a VPN on that router or at least setup an access list and only allow Winbox access from that list, not the whole internet.
2. IP/Services - check "Enabled From" for Winbox
3. This is Wireless forum
by inteq
Mon Oct 28, 2019 10:08 pm
Forum: General
Topic: Health information are different on same model switches
Replies: 13
Views: 1755

Re: Health information are different on same model switches

Contact support...
Support will be useless with: return the product or "it still does its job"
Had the same issue with two RB1100AHx4 Dude Edition, one of which was missing temperature readout.

My advice: just forget about it and don't expect too much from Mikrotik.
by inteq
Sat Oct 26, 2019 3:45 pm
Forum: Scripting
Topic: Netwatch up and down
Replies: 2
Views: 2562

Re: Netwatch up and down

Hello,

Netwatch should not and does not send multiple emails per incident.
It sends one on down and one on up.
If you get multiple emails, might be because your ports are flapping or your APs are restarting/crashing
by inteq
Sat Oct 26, 2019 3:04 pm
Forum: General
Topic: RouterOS SMB service
Replies: 3
Views: 944

Re: RouterOS SMB service

1. Login via Winbox 2. IP/Firewall. On Filter rules tab click on + to add a new rule 3. Add a rule like the one below. Change 192.168.100.109 with your whitelisted IP. On Action tab, select Accept as Action 1.png 4. Add a rule like the one below. Change 192.168.100.0/24 with your network subnet. On ...
by inteq
Sat Oct 26, 2019 2:43 pm
Forum: Beginner Basics
Topic: blocked ports
Replies: 11
Views: 1997

Re: blocked ports

Guessing you are trying to access a NVR outside your lan. Is there any other router in front of Mikrotik? I've got some strange issues in the past while using double NAT. If you are using upnp on local Mikrotik, try disabling it. Might interfere with the other device on your local lan also registeri...
by inteq
Thu Oct 24, 2019 2:15 am
Forum: General
Topic: RB4011iGS+ occasionally become inaccessible
Replies: 8
Views: 1880

Re: RB4011iGS+ occasionally become inaccessible

Got any auto-block rules in your firewall? Might get yourself blocked by mistake.
Rules like anti ddos, anti port scan, etc.
by inteq
Wed Oct 09, 2019 8:00 pm
Forum: General
Topic: Slow connection via mikrotik
Replies: 18
Views: 3377

Re: Slow connection via mikrotik

The 1st device, the one from your ISP is set to bridge or routing?
Put it in bridge mode.

Any Mikrotik device, even if drunk, on fire and beaten with a club (all at the same time) can handle 8 Mbps.
by inteq
Wed Aug 14, 2019 1:02 pm
Forum: General
Topic: RB100AHx4 - High speed torrent freezing browsing
Replies: 1
Views: 738

Re: RB100AHx4 - High speed torrent freezing browsing

It seems it is indeed caused by a router on the ISP side, because every website and service hosted inside the ISP network is working just fine when "the freezing" happens. Even direct peering/cdn like youtube and gmail work just fine. Anything that has to exit the ISP network is busted tho for ~2 mi...
by inteq
Tue Aug 13, 2019 3:44 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 Revisions
Replies: 17
Views: 7322

Re: S+RJ10 Revisions

2 x 2.07 revision modules in a CSS326 used as pass-through for testing @ 1 Gbps until the 10 Gbps nics arrive. Without active cooling, the darn things get to 70 Celsius fast. Can barely touch them. With active cooling, a small 40x20mm Noctua fan right on top of the modules blowing down and another 4...
by inteq
Mon Aug 12, 2019 10:08 am
Forum: Scripting
Topic: Add PPPOE Client IP-Address to Address List
Replies: 1
Views: 1540

Re: Add PPPOE Client IP-Address to Address List

IP/Cloud
Enable DDNS
Add that DDNS to a dynamic address list entry with fqdn not IP.
When the IP changes, the address list entry will update to the new IP automatically.
by inteq
Mon Aug 12, 2019 10:02 am
Forum: General
Topic: Netwatch Problem
Replies: 3
Views: 835

Re: Netwatch Problem

Increase timeout in netwatch.
I am monitoring some IPSec tunnels with netwatch and daily I get false alarms. Then again, my timeout is 1000 ms (normal reply of tunnels is 2-5ms)
by inteq
Fri Aug 09, 2019 5:44 pm
Forum: General
Topic: RB100AHx4 - High speed torrent freezing browsing
Replies: 1
Views: 738

RB100AHx4 - High speed torrent freezing browsing

Hello, Been having this problem for some time now. Using Mikrotik's RB1100AHx4 Dude Edtition with a PPPoE connection. It happens randomly when downloading a torrent with many seeds close to 1 Gbps and can last about 2 minutes after the download has finished. And by random I mean I just tested downlo...
by inteq
Thu Aug 01, 2019 10:15 pm
Forum: Wireless Networking
Topic: Station - Connect to best AP
Replies: 1
Views: 593

Re: Station - Connect to best AP

viewtopic.php?t=80905 might get you going. Haven't tested.
by inteq
Wed Jul 24, 2019 9:21 pm
Forum: RouterBOARD hardware
Topic: RB1100Ahx4 Dude Edition - Slow SATA speeds
Replies: 1
Views: 1523

Re: RB1100Ahx4 Dude Edition - Slow SATA speeds

In case anyone else is looking for an answer to this, Mikrotik responded with: Hello, For now, reading/writing to storage is a single-core process in RouterOS and, as the CPU resource screenshots show, they are reaching the maximum load. Unfortunately, our research has revealed that currently, it is...
by inteq
Wed Jul 24, 2019 9:17 pm
Forum: General
Topic: pppoe-1 not reconnecting
Replies: 9
Views: 2040

Re: pppoe-1 not reconnecting

Then change
if ($WanStat = "disconnected")
with
if ($WanStat = "terminating... - peer is not responding")
by inteq
Wed Jul 24, 2019 3:54 pm
Forum: General
Topic: pppoe-1 not reconnecting
Replies: 9
Views: 2040

Re: pppoe-1 not reconnecting

Disconnect the cable again. The one from the phone line to ADSL modem, not the one between ADSL modem and MIkrotik.
On Winbox, open the terminal and paste:
/interface pppoe-client monitor PPPoE1

Change PPPoE1 with your value
What is the Status value when the cable is unplugged?
by inteq
Wed Jul 24, 2019 12:36 pm
Forum: Wireless Networking
Topic: CAPsMAN 5GHz data rates problem
Replies: 2
Views: 1020

Re: CAPsMAN 5GHz data rates problem

I would only keep one 5Ghz channel, like 36 for example.(for one AP setups) add band=5ghz-onlyac control-channel-width=20mhz extension-channel=eCee frequency=5200 \ name=CH40 tx-power=3 Remove control-channel-width=20mhz extension-channel=eCee and tx-power=3 add authentication-types=wpa-psk,wpa2-psk...
by inteq
Wed Jul 24, 2019 12:28 pm
Forum: Wireless Networking
Topic: Wifi Latency issue
Replies: 2
Views: 929

Re: Wifi Latency issue

Some sort of chipset power saving is my 1st option also for high latency on mobile phones while idle.
My Samsung Galaxy S9+ acts the same.
by inteq
Tue Jul 23, 2019 10:04 pm
Forum: Wireless Networking
Topic: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US
Replies: 11
Views: 2081

Re: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US

Retested with an Intel AC 8265 WiFi card in a Dell latitude laptop.
Funny thing: upload speed is lower than on my Samsung galaxy S9+ . About 150-200 Mbps lower.
Download speed is comparable.
The lesson here: not all wifi is equal, even if same standards.
Long live marketing and engineering deps.
by inteq
Tue Jul 23, 2019 6:59 am
Forum: General
Topic: pppoe-1 not reconnecting
Replies: 9
Views: 2040

Re: pppoe-1 not reconnecting

We assume your PPPoE interface is named PPPoE1 and the interface your modem/ONT/GPON is connected to is ether1. Change as needed. Create script checkpppoe :local WanName "PPPoE1" :local WanStat /interface pppoe-client monitor $WanName once do={ :set WanStat $status} if ($WanStat = "disconnected") do...
by inteq
Sun Jul 14, 2019 6:44 am
Forum: Wireless Networking
Topic: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US
Replies: 11
Views: 2081

Re: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US

I would: 1. check that all interfaces are really connected at 1 Gbps. Maybe change the patch cable to be sure even if 1 Gbps reported. 2. change laptop. maybe use a smartphone with Network Tools from he.net. It has iperf3 3. remove all country, indoor/outdoor, rates, queues and such. 4. use channel ...
by inteq
Sun Jul 14, 2019 12:22 am
Forum: Wireless Networking
Topic: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US
Replies: 11
Views: 2081

Re: Throughput Issues RouterBoard RBwAPG-5HacT2HnD-US

I would love to see higher throughput also, but 150 Mbps on 5 Ghz tells me there is something wrong on your setup or you have some interference. My RBwAPG-5HacT2HnD (non US) with a Samsung Galaxy S9+ phone can do ~300 Mbps download (with peaks at 400-410 Mbps for a very short time) and 450-500 Mbps ...
by inteq
Mon Jul 08, 2019 3:28 am
Forum: General
Topic: How do I allow DNS traffic from one VLAN to another? [SOLVED]
Replies: 9
Views: 2480

Re: How do I allow DNS traffic from one VLAN to another? [SOLVED]

I'm curious ... why would you implement DNS this way, vs just add PiHole to the IP > DNS? I am doing it this way because if I use the pi-hole as a DNS server directly and it ever goes offline, the whole DNS will be offline for the whole DHCP network. The way I described my setup, if the pi-hole goe...
by inteq
Sun Jul 07, 2019 6:07 pm
Forum: Beginner Basics
Topic: Cannot access Hikvision NVR remotely
Replies: 4
Views: 1291

Re: Cannot access Hikvision NVR remotely

Maybe because the default port is 8000 and not 8080?
by inteq
Sun Jul 07, 2019 1:03 pm
Forum: General
Topic: How do I allow DNS traffic from one VLAN to another? [SOLVED]
Replies: 9
Views: 2480

Re: How do I allow DNS traffic from one VLAN to another? [SOLVED]

My setup with pi-hole is: replace 192.168.100.4 with your pi-hole IP and 176.103.130.130,176.103.130.131 DNS servers with yours On IP\DNS, setup the DNS server as the Pi-Hole private IP. Only one entry. /ip dns set allow-remote-requests=yes cache-max-ttl=1d servers=192.168.100.4 On pi-hole, setup th...
by inteq
Fri Jul 05, 2019 9:38 pm
Forum: General
Topic: M.2 Drive not Found RB1100AHx4 [SOLVED]
Replies: 2
Views: 656

Re: M.2 Drive not Found RB1100AHx4 [SOLVED]

2x SATA 3 compatible (supports 2242, 2260 and 2280 sizes, M-key
Does not support nvme SSDs.
by inteq
Thu Jul 04, 2019 4:49 pm
Forum: General
Topic: One Router, Two separate networks/internet connections
Replies: 1
Views: 505

One Router, Two separate networks/internet connections

Hello, I currently have one internet PPPoE line and planning to get an extra line with a fixed IP and a routed subnet. My small rack can barely fit an extra router so I was thinking to use my current RB1100AHx4 Dude for both internet lines. Connection 1 will be a fixed public IP with a routed subnet...
by inteq
Sat Jun 15, 2019 9:21 am
Forum: General
Topic: DROPPED
Replies: 1
Views: 552

Re: DROPPED

Search... hard stuff.
viewtopic.php?t=49133
by inteq
Thu Jun 06, 2019 8:34 am
Forum: RouterBOARD hardware
Topic: wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees
Replies: 2
Views: 1040

Re: wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees

Maybe I should share my own hack - remove whole cover and temperature will be reduced even more! (what a surprise, right? :D ) The surprise would be if you could still attach the unit to a wall without the case. This is not a desk unit. As for the little holes, that was the 1st thing I tried. Barel...
by inteq
Tue Jun 04, 2019 10:52 pm
Forum: RouterBOARD hardware
Topic: wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees
Replies: 2
Views: 1040

wAP AC (RBwAPG-5HacT2HnD) - How to reduce temperature by 8-10 degrees

This can be an ugly "hack" without proper tools. For my use, looks don't matter too much. Of course, the warranty is lost, water can get in (only for indoor use) and it might not look so nice. Device: https://mikrotik.com/product/RBwAPG-5HacT2HnD Room temperature: ~25 degrees Celsius Device temperat...
by inteq
Sat May 18, 2019 5:21 am
Forum: Beginner Basics
Topic: Plex Media Server Remote Access - Port Forwarding
Replies: 16
Views: 3843

Re: Plex Media Server Remote Access - Port Forwarding

Use https://www.grc.com/x/ne.dll?bh0bkyd2 to test your ports. Plex is drunk most of the time.Their devs even more so. If you search on their forums you will find plenty of other users with this problem. If you did the port forward and https://www.grc.com/x/ne.dll?bh0bkyd2 shows 32400 open, there is ...
by inteq
Fri May 17, 2019 10:17 pm
Forum: Scripting
Topic: Netwatch script for firewall
Replies: 1
Views: 859

Re: Netwatch script for firewall

Try a comment without spaces in it.
Works just fine.
by inteq
Fri May 17, 2019 7:32 pm
Forum: General
Topic: IPSec Broken after upgrade to 6.44.3
Replies: 5
Views: 1289

Re: IPSec Broken after upgrade to 6.44.3

IPSec works just fine here with 6.44.3 on several routers/models. Did not see that error on any of them. The only only thing that might make a difference is that I went from 6.44.2 to 6.44.3 and not from 6.44.1 to 6.44.3. The only change I see in 6.44.3 since 6.44.1 is: *) ipsec - fixed freshly crea...
by inteq
Tue May 14, 2019 1:31 pm
Forum: Beginner Basics
Topic: VPN PPTP Passthrough Problem
Replies: 4
Views: 1735

Re: VPN PPTP Passthrough Problem

Mikrotik has its own PPTP server. I would use that one instead of the one on the SBS. In case you have user accounts on SBS, setup a Radius server on SBS and authenticate from Mikrotik. In case you want to keep the PPTP server on SBS, make sure you do not have it active on Mikrotik as well. Would al...
by inteq
Mon May 13, 2019 3:14 pm
Forum: General
Topic: compared to the Internet speed
Replies: 2
Views: 837

Re: compared to the Internet speed

Some ISPs have different bandwidth restrictions for metropolitan/national and "the rest"
If at branch office you have 2 Mbps no matter the destination, you are out of luck. No VPN will help you.
At least this is what I understood you are asking.
by inteq
Mon May 13, 2019 10:16 am
Forum: Wireless Networking
Topic: Very slow 2.4Ghz Wifi
Replies: 3
Views: 1220

Re: Very slow 2.4Ghz Wifi

A "general issue" based on?
I have never seen this issue on any of my Mikrotik APs.
This is a forum. When "But thankfully it has been resolved" is usually nice to say how it has been resolved, so the next person might find such info.
by inteq
Thu May 09, 2019 12:17 pm
Forum: Wireless Networking
Topic: Very slow 2.4Ghz Wifi
Replies: 3
Views: 1220

Re: Very slow 2.4Ghz Wifi

Try and scan your location for other APs.
If you have Android, try https://play.google.com/store/apps/deta ... nt.usurvey
If it was fine until now, maybe some new AP is causing interference.
Change your channel to a less crowded one. Disable Extension Channel for 2.4 Ghz. Might help.
by inteq
Mon May 06, 2019 11:05 am
Forum: General
Topic: victim of attack PPPOE
Replies: 10
Views: 1822

Re: victim of attack PPPOE

Might not be your case, but many users are having problems with pppoe-client looping.
Who knows, it might be the same in your case, a stuck in a loop mikrotik router trying to connect to your pppoe server.
See: viewtopic.php?f=2&t=121047 for example.
by inteq
Mon May 06, 2019 10:59 am
Forum: General
Topic: Resetting admin access
Replies: 6
Views: 856

Re: Resetting admin access

You cannot reset only the admin password, even if you have physical access to the hardware.
Only option: factory reset. (or wait for another WinBox security flaw and learn to exploit it :) )
by inteq
Mon May 06, 2019 1:37 am
Forum: General
Topic: Frequent PPPoE terminations
Replies: 11
Views: 4014

Re: Frequent PPPoE terminations

I only see it after a reboot/firmware update. It is also very random. One reboot it could work, the next one might not. Thus, I wrote a small script to disable the physical port (ether1 in my case) when the pppoe client has the status "disconnected" and enable it back after several seconds. It fixes...
by inteq
Fri May 03, 2019 12:17 pm
Forum: Scripting
Topic: Script to verify incoming IP address and block it in firewall (add to address list)
Replies: 4
Views: 1079

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Most Telco providers can assign static IPs for SIM cards (for an extra cost)
This is the way I am allowing SIP access for some mobile clients.
by inteq
Fri May 03, 2019 12:08 pm
Forum: Scripting
Topic: Interface Script on condition! [SOLVED]
Replies: 3
Views: 954

Re: Interface Script on condition! [SOLVED]

Easy way:
Assign each vpn client a static IP in PPP/Secrets/Remote Address
Go to Tools/Netwatch and add a rule for each IP you want.
In UP paste:
/interface set disabled=no ether2
In DOWN paste:
/interface set disabled=yes ether2
Set the timeout to 00:00:05 for 5 seconds or less.
by inteq
Fri May 03, 2019 11:58 am
Forum: General
Topic: Help: Allow only Facebook by domain
Replies: 10
Views: 1412

Re: Help: Allow only Facebook by domain

Then allow internet access only to port 80 and 443 and drop the rest to limit p2p usage.
You can also limit your users by download size to save bandwidth.
by inteq
Thu May 02, 2019 8:29 pm
Forum: General
Topic: Dynamic address lists security hole
Replies: 5
Views: 1028

Re: Dynamic address lists security hole

At the moment all routers are using new DNS servers that do not exhibit this problem. Will switch one router for testing and save details. I have not checked the entry in address-list but in DNS cache and it was showing 0.0.0.0/0. The machine I was connecting from had an IP that was not supposed to ...
by inteq
Thu May 02, 2019 11:26 am
Forum: General
Topic: Dynamic address lists security hole
Replies: 5
Views: 1028

Re: Dynamic address lists security hole

Checking the DNS cache on routers still using the problematic DNS servers, it is 0.0.0.0/0
For the moment I switched DNS servers on all routers, but who knows, it might happen again in the future with other servers.
by inteq
Wed May 01, 2019 10:36 pm
Forum: General
Topic: CCR1072 vs Oem İ9-9900K
Replies: 13
Views: 2264

Re: CCR1072 vs Oem İ9-9900K

Efficient for me means best buck for best performance&features/watt.
If this means the same to you, get the Mikrotik.
For just routing and NAT, an i3 can handle 10 Gbps with lots of room to spare. An i9 9900k is just for show and to heat the room during winter.
by inteq
Wed May 01, 2019 11:18 am
Forum: General
Topic: RouterOS 6.44.x pppoe client issue
Replies: 9
Views: 1913

Re: RouterOS 6.44.x pppoe client issue

Using PPPoE client at home with ROS 6.44.3.
Haven't seen any packet loss.
pppoe.png
by inteq
Tue Apr 30, 2019 1:27 pm
Forum: General
Topic: Dynamic address lists security hole
Replies: 5
Views: 1028

Dynamic address lists security hole

Hello, Being having this problem for some time and looking for an alternative. Situation I have some entries in address lists for a few dynamic DNS entries. Based on those entries, some access is given. The problem Lately, the DNS servers for a big ISP I am using do not update the ddns when the IP c...
by inteq
Tue Apr 30, 2019 12:57 am
Forum: General
Topic: RB3011UiAS-RM short speed test 200Mb/s download
Replies: 1
Views: 559

Re: RB3011UiAS-RM short speed test 200Mb/s download

Congratulations.
I mean I am glad you are happy, but I am not seeing what you are seeing based on https://mikrotik.com/product/RB3011UiAS ... estresults
by inteq
Mon Apr 29, 2019 9:38 pm
Forum: General
Topic: clients disconnecting from the 5GHz network after several minutes
Replies: 2
Views: 613

Re: clients disconnecting from the 5GHz network after several minutes

I am thinking about some firewall rule that is misbehaving and dropping connections. Something like a DDoS filter that sees the client as a ddoser and blocks it?
Just a wild guess. No info about your setup as none was provided.
Try /export from terminal and edit out what is not needed.
by inteq
Mon Apr 29, 2019 12:35 am
Forum: General
Topic: [SOLVED] UPnP seems not working with PPPoE
Replies: 10
Views: 5772

Re: [SOLVED] UPnP seems not working with PPPoE

Thank you for the info @stunpix It is a bug indeed, because only by following your steps it started working for me. "I deleted all upnp internal/external interfaces, then I disabled upnp by unchecking it and finally I pushed Apply button in upnp dialog. Then I enabled upnp, pushed Apply button and o...
by inteq
Thu Apr 18, 2019 7:26 pm
Forum: RouterBOARD hardware
Topic: RB1100Ahx4 Dude Edition - Slow SATA speeds
Replies: 1
Views: 1523

RB1100Ahx4 Dude Edition - Slow SATA speeds

Hello, Using a couple of RB1100AHx4 Dude Edition routers in several locations. The reason I bought the Dude Edition was mainly for proxy caching and in a few locations for simple centralized SMB storage. Not so much for the Dude itself. On the product page it states: The RB1100AHx4 Dude edition feat...
by inteq
Sat Mar 30, 2019 5:56 am
Forum: General
Topic: Feature Request: NUT Client
Replies: 26
Views: 8365

Re: Feature Request: NUT Client

+ for MT NUT client support
by inteq
Sat Mar 02, 2019 12:33 am
Forum: General
Topic: Frequent PPPoE terminations
Replies: 11
Views: 4014

Re: Frequent PPPoE terminations

This topic was the 1st result so posting here. In the same boat with my RB1100AHx4 Dude using PPPoE. Randomly, after a clean reboot or firmware upgrade, the PPPoE connection will loop forever. The only fix is to reboot again or disable/enable the interface connecting to the GPON. I have never experi...
by inteq
Tue Feb 19, 2019 6:35 pm
Forum: Scripting
Topic: Script to Disable Physical Interface in Mikrotik Router
Replies: 2
Views: 565

Re: Script to Disable Physical Interface in Mikrotik Router

And if WAN 1 comes back how would you check, if it is disabled? Search for another way. This is not it.
by inteq
Thu Feb 14, 2019 8:41 pm
Forum: Scripting
Topic: Running a script on PPP session up
Replies: 2
Views: 1282

Re: Running a script on PPP session up

Create a profile for each user.
Run the script via the profile on up/down
Or maybe I did not understood your question?
by inteq
Tue Feb 12, 2019 10:03 am
Forum: General
Topic: Config Review - Security Conscience Home User
Replies: 19
Views: 2407

Re: Config Review - Security Conscience Home User

On the contrary, you want to have this drop at very beginning of forward (and input) chain so that trespassers get dropped also for services which otherwise are available to the public. If not, then there's no point in collecting addresses in the address list. Thank you for the correction. I guess ...
by inteq
Tue Feb 12, 2019 7:52 am
Forum: Announcements
Topic: v6.43.12 [stable] is released!
Replies: 49
Views: 20429

Re: v6.43.12 [stable] is released!

After updating from .11 to .12, one RB1100AHx4 (the only one on PPPoE) would not connect via PPPoE at all. Kept looping Initializing, connecting, terminating, disconnected for more than 5 minutes.
One more reboot and it connected instantly.
by inteq
Tue Feb 12, 2019 7:44 am
Forum: General
Topic: Config Review - Security Conscience Home User
Replies: 19
Views: 2407

Re: Config Review - Security Conscience Home User

I would put add action=add-src-to-address-list address-list=\ "Black List (Port Scanner LAN)" address-list-timeout=4w2d chain=forward \ comment="Add TCP port scanner to Port Scanner (LAN) list." in-interface=\ ether1 log=yes log-prefix="Add_Black List (Port Scanner LAN)" protocol=\ tcp psd=21,3s,3,1...
by inteq
Sun Feb 10, 2019 8:40 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 8
Views: 8190

Re: Duplicate packet drop error - OpenVPN

Most people running ovpn on MT have this error. Nobody knows why or how to fix it. Only how to hide it in logs. So your setup is OK. I have it on all MT routers I am running or tested ovpn on. Please stop responding if you have no input on the matter just to say "i think, it's because your connectio...
by inteq
Sun Feb 10, 2019 10:32 am
Forum: General
Topic: ip phone and/or audio headset attached to Mikrotik
Replies: 6
Views: 1431

Re: ip phone and/or audio headset attached to Mikrotik

I would setup a PBX like FreePBX on one site or anywhere you like really. On all others sites create rules on your MTs to only allow connections from a list of your sites to the PBX Use a VoIP phone that can be mounted vertically like https://www.cisco.com/c/en/us/products/collaboration-endpoints/sm...
by inteq
Sat Feb 09, 2019 7:32 pm
Forum: General
Topic: Proxy causes 100% load on only 30mbit bandwidth?
Replies: 1
Views: 844

Re: Proxy causes 100% load on only 30mbit bandwidth?

So to not start another thread on the same topic, I am also seeing this behavior, but with caching, on a RB1100AHx4. I download a file with wget via https to cache it in the 1st place. I download the same file via http and the speed is limited to max 40 MBps. CPU on MT is ~25% during the download. T...
by inteq
Mon Jan 14, 2019 2:17 am
Forum: General
Topic: Src. Address List - does not working
Replies: 3
Views: 596

Re: Src. Address List - does not working

I was afraid I skipped so many versions.
it is 6.43.8.
No problems with source lists
by inteq
Wed Sep 12, 2018 3:26 am
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2973

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

I don't know where you live, but in Europe at least, ambient office temperature is 25 deg. Celsius, of course with A.C. during Summer and Winter. ( we exclude people that think A.C is a government conspiracy to kill them or people that think A.C. is not safe for them. Let them roast in peace. ) Keep...
by inteq
Tue Sep 11, 2018 9:46 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2973

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

Sometimes low temperatures increase failure rate. You can read papers about optimal HDDs temperatures. Actually going below 35 deg increases average failure rate of HDDs. https://en.wikibooks.org/wiki/Minimizing_Hard_Disk_Drive_Failure_and_Data_Loss/Environmental_Control I understand what you are s...
by inteq
Tue Sep 11, 2018 6:01 pm
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2973

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

I'm not sure whether quad core ARM 1.4 ghz requires such cooling tho... You could at least try to mount low profile fan on the inside to keep U1 size compliance lol A small fan like that would not do anything cooling wise. Placebos don't work for electronics. Some racks are housed in data centers, ...
by inteq
Tue Sep 11, 2018 8:03 am
Forum: RouterBOARD hardware
Topic: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router
Replies: 12
Views: 2973

Re: [TUTORIAL] adding a fan to RB1100AHx4 Dude Edition router

Without reading the documentation and seeing the router has SATA, I thought it had 5V and 12V SATA. I was wrong. It only has 5V. Nevertheless, I bought 2 Noctua 120mm 12V fans, went and laser cut the case and this is the result: 20180904_132652.jpg 20180904_132621.jpg 20180830_220312.jpg 20180904_14...
by inteq
Thu Sep 06, 2018 3:47 am
Forum: General
Topic: MT PPTP+Radius on Synology [SOLVED]
Replies: 1
Views: 692

Re: MT PPTP+Radius on Synology [SOLVED]

Found the missing " , " The PPP profile I setup for the PPTP server had "Use encryption" set to "default" It seems the Windows 10 VPN client can connect without encryption, while Windows 7 and the Android clients cannot (by default) To fix this, I setup "Use encryption" to "required". Error: [mschap...
by inteq
Thu Sep 06, 2018 3:27 am
Forum: General
Topic: MT PPTP+Radius on Synology [SOLVED]
Replies: 1
Views: 692

MT PPTP+Radius on Synology [SOLVED]

Hello, Been scratching my head for some time with this problem. PPTP server setup and working on a MT RB1100AHx4. All the user accounts are already setup on a Synology NAS, so I have installed and enabled the Radius package on Synology. Setup the Radius server information on MT. Now, on a remote Win...
by inteq
Thu Aug 09, 2018 2:32 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude - missing temperature sensor
Replies: 0
Views: 559

RB1100AHx4 Dude - missing temperature sensor

I have two RB1100AHx4 Dudes for a deployment and I have noticed one of them is missing the temperature sensor, or at least is not displayed in WinBox.
I do not recall anything in settings I could have switched off/on by mistake to disable the sensor.
Any hints?
mt-sensor.png
by inteq
Tue Jul 24, 2018 10:05 am
Forum: General
Topic: Router compromised [SOLVED]
Replies: 21
Views: 6517

Re: Router compromised [SOLVED]

Got at least one MT hacked also from 95.154.216.151 and mikrotik.php (empty it seems) uploaded.
by inteq
Thu Jul 20, 2017 2:27 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 134885

Re: Blacklist Filter update script

Thank you for the script, but I have to say that, as least in my limited testing, I stumbled upon too many blocked gmail servers. I couldn't even send an email from my gmail account to my corporate address. The worst part is that gmail somehow didn't even alert me that the message did not go through...
by inteq
Mon Oct 24, 2016 7:55 am
Forum: Scripting
Topic: Script to convert dynamic to static address list
Replies: 6
Views: 3434

Re: Script to convert dynamic to static address list

Another way, for all lists: # Convert dynamic to static in address-lists so dynamic records do not get deleted after a router reboot. :local comment :local address :local list :local disabled :local found :set found 0; /ip firewall address-list :foreach a in=[find] do={ :if ([get $a dynamic] = true)...
by inteq
Tue Oct 18, 2016 10:06 am
Forum: General
Topic: Web Proxy
Replies: 4
Views: 1132

Re: Web Proxy

If you want a decent proxy with good cache that also has a nice feature called Update Accelerator, try IPFire on an x86 machine with minimum two nics.
Update Accelerator simplifies cache management for Windows updates, Linux updates as well as several other programs.
IPFire is a router distro OS.
by inteq
Mon Oct 17, 2016 7:46 pm
Forum: General
Topic: New Ethernet port flap issue enquiery, PLS JOIN!
Replies: 247
Views: 92359

Re: New Ethernet port flap issue enquiery, PLS JOIN!

Will post here, so I won't start a new thread. Just started getting port flaps on my RB1100AHx2. So far, port 2. I noticed slow speeds on the server connected to port 2 so I ran a cli speed test. As soon as the download speed test started, the port went down. It came up shortly. Ran the test again a...
by inteq
Wed Apr 27, 2016 11:28 pm
Forum: General
Topic: Poor (ridiculously) performance on two CCR1072
Replies: 54
Views: 8928

Re: Poor (ridiculously) performance on two CCR1072

I had a similar situation with a MT router, but the problem was a missing "secret" update on Windows 7/2008 R2.
Only Windows machines were exhibiting the behavior, while Linux boxes were not.
So does not apply to you. Wish I had something to help you with.
by inteq
Wed Apr 27, 2016 9:35 pm
Forum: General
Topic: Poor (ridiculously) performance on two CCR1072
Replies: 54
Views: 8928

Re: Poor (ridiculously) performance on two CCR1072

Both test machines are running Linux/Unix?
by inteq
Mon Feb 22, 2016 5:47 am
Forum: General
Topic: Basic setup of CCR-1009-8G-1S router
Replies: 2
Views: 4868

Re: Basic setup of CCR-1009-8G-1S router

Have you read http://wiki.mikrotik.com/wiki/Manual:In ... figuration ?
"First RouterOS version: ccr1009" :)
by inteq
Mon Feb 22, 2016 5:39 am
Forum: General
Topic: How to fetch this url every 1 min.
Replies: 2
Views: 1602

Re: How to fetch this url every 1 min.

1.Using WinBox, create a script:
:log info "Updating DDNS";
/tool fetch url="https://yourddnsprovider.com/blablah";
name the script update-ddns

2.Using WinBox, create a schedule:
/system script run update-ddns
by inteq
Sat Feb 20, 2016 9:01 am
Forum: General
Topic: Winbox Question
Replies: 2
Views: 475

Re: Winbox Question

I don't have to save anything.
After a reboot or if I close and reopen WinBox, the last setup is always displayed.
Maybe WinBox cannot write it's settings in the folder you are running it?
by inteq
Sat Feb 20, 2016 8:16 am
Forum: General
Topic: RB1100AHx2 slowed to a crawl
Replies: 5
Views: 1233

Re: RB1100AHx2 slowed to a crawl

Enable connection tracking and see what is doing what?
by inteq
Wed Feb 17, 2016 8:26 am
Forum: General
Topic: What's your router UPTIME?
Replies: 4
Views: 1179

Re: What's your router UPTIME?

And security patches?
On MT, upgrades are very fast and easy to apply via WinBox.
I wouldn't trade 1 min loss of service for security. That is if that router actually has a public facing interface.
If used internally, by all means :)
by inteq
Sun Feb 14, 2016 8:48 pm
Forum: General
Topic: connection tracking cause packet loss!
Replies: 2
Views: 670

Re: connection tracking cause packet loss!

Tracking is set to Auto or Enabled?
I have it on Auto with ~100k connections and an older MT and I do not have this problem.
Do you have any firewall rules to limit icmp based on time/amount?
by inteq
Sun Feb 14, 2016 4:40 am
Forum: General
Topic: HTTP and HTTPS not working for a single host
Replies: 3
Views: 974

Re: HTTP and HTTPS not working for a single host

Maybe that website has some filters? Maybe it uses something like Fail2Ban and somehow your requests are seen as an attack and are getting blocked? On the other hand it seems they are using cloudfare. There might be some problem with cloudfare somehow blocking your access or not having the whole cac...
by inteq
Sun Feb 14, 2016 3:14 am
Forum: General
Topic: Accept some countries to connect
Replies: 2
Views: 946

Re: Accept some countries to connect

If you want to deny some contries: You should grab the zone(s) for the desired country from http://www.ipdeny.com/ipblocks/ Convert them to a Mikrotik format like: /ip firewall address-list add list=blacklist address=1.2.3.4 comment=BadCountry Setup a script on MT to import the file(s) from a http/f...
by inteq
Sun Feb 14, 2016 2:19 am
Forum: General
Topic: RB493G Performance Issue
Replies: 4
Views: 1587

Re: RB493G Performance Issue

I am sorry i cannot help you with your specific problem, but just a friendly reminder MBps is not Mbps.
Getting those two mixed can get confusing.
by inteq
Sat Feb 13, 2016 7:38 am
Forum: General
Topic: RB493G Performance Issue
Replies: 4
Views: 1587

Re: RB493G Performance Issue

Maybe try http://forum.mikrotik.com/viewtopic.php?f=2&t=104555
I had the same problem.
PS: There will come a day when we will be able to do 250 MBps but not just now.
by inteq
Tue Feb 09, 2016 7:08 am
Forum: General
Topic: SMTP mass mailing interception
Replies: 2
Views: 772

Re: SMTP mass mailing interception

The client has his own Mail Server? Or he uses the ISP one? If he has his own, just block all outgoing on tcp 25, 587 to all other destinations but his SMTP Server IP and filter/tarpit from there. You can also monitor outgoing connections on 25 and 587 and if more than x connections in 1 minute, add...
by inteq
Sun Feb 07, 2016 6:37 pm
Forum: General
Topic: [SOLVED] Slow HTTP download
Replies: 7
Views: 7119

Re: Slow HTTP download

I am happy to report that I found the reason for slow HTTP downloads in Windows 7 (Windows 2008 server also seems to be affected) Straight from the horse's mouth: https://support.microsoft.com/en-us/kb/2675785 In plain english: If between location A and location B you have very good latency (1-8 ms)...
by inteq
Sat Feb 06, 2016 9:47 pm
Forum: General
Topic: [SOLVED] Slow HTTP download
Replies: 7
Views: 7119

Re: Slow HTTP download

Hello, Thank you for the replies and ideas. Will try them and get back with details. Believe me or not, I spent all day today trying to get to the bottom of this. Long story short: using Ubuntu 14, or 15 Desktop, HTTP downloads are always full speed. By full speed I mean ~90-100 MBps, depending on s...
by inteq
Fri Feb 05, 2016 2:58 pm
Forum: General
Topic: [SOLVED] Slow HTTP download
Replies: 7
Views: 7119

[SOLVED] Slow HTTP download

Hello, See http://forum.mikrotik.com/viewtopic.php?f=2&t=104555#p520164 for solution Using RB1100AHx2 with RoS 3.34. No NAT, just routing with public IPs. Problem. Downloads from a server behind a RB1100AHx2 using HTTP on port 80 to another host on the outside are limited to ~15MBps. Testing is done...
by inteq
Thu Oct 01, 2015 11:00 pm
Forum: General
Topic: SMTP connection limiting not working
Replies: 0
Views: 740

SMTP connection limiting not working

Hello, Using RoS 3.32.2. Before I switched to MikroTik. in the past I had some nasty problems with infected machines sending large number of spam messages in a short time frame via stolen accounts on the server. To be on the safe side, now I want to implement some counter measures in advance. Readin...
by inteq
Tue Sep 29, 2015 6:37 pm
Forum: RouterBOARD hardware
Topic: How often can I write to MT flash?
Replies: 1
Views: 761

How often can I write to MT flash?

Hello, I am in the process of developing my own aggregated blacklist gathered from several MikroTik routers. As far as I know, writing to the router's flash/storage too often is not a good thing for it's longevity. The question is: how often is too often? At the moment I am thinking of aggregating t...
by inteq
Tue Sep 29, 2015 1:56 am
Forum: Scripting
Topic: limit export to one or two address-list?
Replies: 3
Views: 2119

Re: limit export to one or two address-list?

Found the solution! http://forum.mikrotik.com/viewtopic.php?t=16411#p160122
/ip firewall address-list print file=SomeFileName where list="SomeAddressListName"
by inteq
Mon Sep 28, 2015 7:18 pm
Forum: Scripting
Topic: limit export to one or two address-list?
Replies: 3
Views: 2119

Re: limit export to one or two address-list?

Any news on this?
I too would like to be able to export only a particular address-list for automation.(without copy paste)
I managed to convert all dynamic records to static on a schedule so this is not a problem.
Still no luck?
by inteq
Wed Sep 16, 2015 6:47 pm
Forum: Scripting
Topic: [SOLVED] Update address-list record for dynamic IP
Replies: 0
Views: 1202

[SOLVED] Update address-list record for dynamic IP

Hello, What I am trying to achieve Allow incoming connections at location A from an IP that is dynamic at location B, using address-list. Every 5-10 minutes, run a script that pings hostname.no-ip.org and updates the address-list record with the new IP if it is changed. What I have so far The host b...
by inteq
Fri Jul 31, 2015 9:43 am
Forum: General
Topic: RB1100AHx2 - slow upload
Replies: 2
Views: 908

Re: RB1100AHx2 - slow upload

Thank you for the reply and idea.
My router does not crash (yet)
Just configured debug logging to memory.
by inteq
Sun Jul 26, 2015 8:32 am
Forum: General
Topic: RB1100AHx2 - slow upload
Replies: 2
Views: 908

RB1100AHx2 - slow upload

Hello, Being using RB1100AHx2 for several months and just started to have some problems. Since RoS 6.30 I am seeing very slow speeds while uploading to a device behind RB1100AHx2 from an external host. Both locations on gigabit. When the slowdown occurs, I can barely get 5-6 MB/s. To temporary fix t...
by inteq
Tue Mar 10, 2015 9:49 pm
Forum: RouterBOARD hardware
Topic: 1100AHX2 fans
Replies: 7
Views: 2686

Re: 1100AHX2 fans

Thank you for the clarification. Indeed, I missed the part about fans in the manual. Nevertheless, I think it is not the best choice, given that one fan at full speed will fail faster than two fans at moderate speed. Not to mention the noise. Then again, I am not a hardware designer/engineer, so I c...
by inteq
Tue Mar 10, 2015 5:09 am
Forum: RouterBOARD hardware
Topic: Two fans simultaneously on CCR1016 series?
Replies: 18
Views: 4334

Re: Two fans simultaneously on CCR1016 series?

Same problem with 1100AHX2.
I joined the two fans with a cable and plugged it into main.
Now both works in the same time.
Just wondering if this is intended or a malfunction.
by inteq
Tue Mar 10, 2015 5:04 am
Forum: RouterBOARD hardware
Topic: 1100AHX2 fans
Replies: 7
Views: 2686

Re: 1100AHX2 fans

So, judging by the lack of replies, I am the only one in this boat?
by inteq
Wed Mar 04, 2015 8:42 am
Forum: Beginner Basics
Topic: Transparent proxy for SIP
Replies: 4
Views: 1973

Re: Transparent proxy for SIP

Wouldn't be much easier to setup a VPN on MikroTik and connect to it?
That way you will have an IP from your country.
by inteq
Sun Mar 01, 2015 5:37 pm
Forum: Beginner Basics
Topic: traceroute weirdeness
Replies: 0
Views: 723

traceroute weirdeness

Hello, Using RB1100AHX2, ROS 6.27. One direct connected IP and a /29 subnet. No NAT, No firewall, No QoS, No extra routes, No BGP or similiar. Problem From any linux machine on the /29 subnet behind the router, traceroute behaves weird. Meaning: ~# traceroute google.com traceroute to google.com (82....
by inteq
Fri Feb 27, 2015 5:18 am
Forum: RouterBOARD hardware
Topic: 1100AHX2 fans
Replies: 7
Views: 2686

1100AHX2 fans

Hello, Quick question regarding the two fans on 1100AHX2. I have noticed that only one fan is working at any given time so I opened the case to investigate (brand new unit) I see two fans, each with it's own plug on the router board. If I unplug one fan, after one second the other fan will start. If...
by inteq
Thu Feb 26, 2015 7:31 pm
Forum: Beginner Basics
Topic: RB1100AHx2 - Routing performance
Replies: 2
Views: 1392

Re: RB1100AHx2 - Routing performance

Just got the unit and did a some basic tests at home, on a residential internet, until I get to work. Setup the unit with P1 as WAN and P6 as LAN with NAT and DHCP on P6 Network basic diagram FO Converter @ 1 Gbps ---> Asus RT-AC68U 1 Gpbs (PPPoE account on WAN) --- > MikroTik RB1100AHx2 (P1) @ 1 Gb...
by inteq
Wed Feb 25, 2015 8:30 pm
Forum: Beginner Basics
Topic: RB1100AHx2 - Routing performance
Replies: 2
Views: 1392

RB1100AHx2 - Routing performance

Hello everyone, I am a new member in the Mikrotik family, so please, help me out with a question I am asking myself. I have 5 Public IPs, currently routed by the ISP My ISP keeps changing the IPs so I am thinking to purchase a small subnet of 8 IPs and route them with a RB1100AHx2 (http://routerboar...