Community discussions

Search found 74 matches

  • 1
  • 2
by Joni
Sat Aug 17, 2019 4:06 pm
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 1414

Re: I'm sure Mikrotik has a legit response to this...

The response that Normis gave is equivalent to saying, "I don't have AIDS" when he should be able to be saying, "I don't have AIDS and I always wear a condom too." We don't just want Mikrotik to be looking for and fixing vulnerabilities, we also want modern development and design practices that pre...
by Joni
Sat Aug 17, 2019 8:58 am
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 1414

Re: I'm sure Mikrotik has a legit response to this...

How many of these vulnerabilities though are still present when a competent person configures the router? Most persons configuring things in this world are not competent, including you and me, that is why we ask these questions. If your WAN is entirely firewalled against incoming connections (inclu...
by Joni
Thu Aug 15, 2019 6:59 am
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 1414

I'm sure Mikrotik has a legit response to this...

These are the seatbelts and airbags of the software world. These numbers are unheard of in operating systems or (Web) browsers. Its just a sign that they’re not trying, https://www.reddit.com/r/mikrotik/comments/cqksvr/these_are_the_seatbelts_and_airbags_of_the/ How it is a all a misunderstanding, ...
by Joni
Mon Jul 22, 2019 8:18 pm
Forum: Forwarding Protocols
Topic: Problem with L2TP / IPSEC AND WINDOWS CLIENT
Replies: 2
Views: 2541

Re: Problem with L2TP / IPSEC AND WINDOWS CLIENT

It turns out that windows 10 was broken. I had to delete ALL WAN MINI PORTs in device manager and let windows reinstall them and now my vpn works fine. This <3 What made it confusing was that the same bug (windows updates) was affecting multiple (all) computers. (Remove in Windows / Device Manager ...
by Joni
Fri May 24, 2019 5:51 am
Forum: General
Topic: DNS Flag Day
Replies: 3
Views: 525

Re: DNS Flag Day

Just some follow up on the subject in general https://www.zdnet.com/article/dns-flag-day-2020-dns-servers-must-support-both-udp-and-tcp-queries/ accompanied by a quote from Mikrotik Wiki : A MikroTik router with DNS feature enabled can be set as a DNS server for any DNS-compliant client. Moreover, M...
by Joni
Tue Apr 16, 2019 11:11 pm
Forum: General
Topic: DHCP Option 51 (Apple, IP address lease time)
Replies: 0
Views: 251

DHCP Option 51 (Apple, IP address lease time)

This was an interesting read, any field experiences?

https://jimswirelessworld.wordpress.com ... option-51/

TLDR:
"Apple devices didn’t like having short lease times for its DHCP, Apple products will always request for 90 days."
by Joni
Wed Apr 10, 2019 1:00 pm
Forum: General
Topic: Mikrotik "Internet detect" problem
Replies: 17
Views: 4485

Re: Mikrotik "Internet detect" problem

Still not working on v6.43.13, WAN is never upgraded to Internet. [admin@GW]> /interface detect-internet state print terse 0 name=ether1-gateway state=no-link state-change-time=apr/10/2019 12:12:22 1 name=ether2-master-local state=lan state-change-time=apr/10/2019 12:12:22 2 name=ether3-slave-local ...
by Joni
Sat Apr 06, 2019 7:01 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 2567

Re: Holy grail for Failover 2 Wans NO SCRIPTING

I really don't care about re-establishing the same connection on failover. That seems pie in the sky thinking. The old connection is gone caput, dead, I would expect to have to restart all my activity. The idea of failover is minimal disruption to service plus as the admin I dont have to intervene....
by Joni
Sat Apr 06, 2019 6:09 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 2567

Re: Holy grail for Failover 2 Wans NO SCRIPTING

Overly complex Failover. Simple recursive routes (choose 1 or 2 public DNS) is just as effective, no mangling required. Nope. Established sessions (like VPN) never return to the primary connection. This is a recurring problem for Mikrotik that there doesn't exist vetted solutions which either funct...
by Joni
Fri Apr 05, 2019 7:14 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 2567

Re: Holy grail for Failover 2 Wans NO SCRIPTING

Your definition holy grail would imply dhcp support for wan, this is nothing new.
by Joni
Mon Mar 25, 2019 9:43 pm
Forum: General
Topic: Remotely access Mikrotik router
Replies: 11
Views: 840

Re: Remotely access Mikrotik router

There is a much simpler way... dynamic whitelisting 1) Get a DynDNS client (or URL) on your client device (hint: could also be another Mikrotik device on the same client network https://wiki.mikrotik.com/wiki/Manual:IP/Cloud ) 2) Add that DynDNS name (not IP address) to Firewall address list in the ...
by Joni
Mon Mar 25, 2019 9:23 pm
Forum: General
Topic: Mikrotik and FreeRadius (DaloRADIUS)
Replies: 3
Views: 2110

Re: Mikrotik and FreeRadius (DaloRADIUS)

Just my five cents worth... a non-vetted review without running the product. I would instead highly recommend something in the lines of pfSense or OPNsense which are secure, modern, tested, vetted for "generations": https://turbofuture.com/internet/How-to-Set-Up-a-Radius-Server-on-pfSense-Using-the-...
by Joni
Mon Dec 31, 2018 3:11 pm
Forum: General
Topic: PWR-Line AP - problem with cominicate
Replies: 9
Views: 1476

Re: PWR-Line AP - problem with cominicate

I test a pair of these APs, but can't find a description. What is the maximum distance to work etc. https://mikrotik.com/product/pwr_line_ap says the PLC chipset is https://www.qualcomm.com/products/ar7420 which says Ethernet Standards: Home Plug 1.0, Home Plug AV, IEEE 802.3, IEEE 1900 Ethernet Ne...
by Joni
Sat Dec 29, 2018 11:30 am
Forum: General
Topic: PWR-Line AP - problem with cominicate
Replies: 9
Views: 1476

Re: PWR-Line AP - problem with cominicate

Typical Mikrotik, making a device with six leds and two buttons but not documenting more than one led in one state... reminds me of cAP Lite (RBcAPL-2nD-307)...
by Joni
Sat Dec 29, 2018 10:53 am
Forum: General
Topic: PWR-Line AP - problem with cominicate
Replies: 9
Views: 1476

Re: PWR-Line AP - problem with cominicate

Begin by trying to pair them on the same extension cord, side by side.
by Joni
Sat Dec 29, 2018 10:43 am
Forum: Wireless Networking
Topic: wAP LTE Kit International APN problem [SOLVED]
Replies: 24
Views: 5575

Re: wAP LTE Kit International APN problem [SOLVED]

YMMV! Check currently running R11e-LTE version ("MikroTik_CP_2.160.000_v006"): /interface lte info lte1 once Issue R11e-LTE "firmware update mode": /interface lte at-chat lte1 input="at+mififlag=1" Trigger update download, ~5MB (R11e-LTE has to be online, download is fetched via R11e-LTE connection,...
by Joni
Thu Dec 27, 2018 10:32 pm
Forum: Wireless Networking
Topic: wAP LTE Kit International APN problem [SOLVED]
Replies: 24
Views: 5575

Re: wAP LTE Kit International APN problem [SOLVED]

Bug is solved in newer wAPs because they come out with LTE firmware v8, you have v1. Ask support@mikrotik.com the guide to upgrade wAP's LTE firmware, and always upgrade wAPs to last stable version. You're referring to this? https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#Modem_firmware_upgrade...
by Joni
Thu Dec 27, 2018 10:19 pm
Forum: Wireless Networking
Topic: wpa3
Replies: 5
Views: 1209

Re: wpa3

Just FYI... "Synology is the first manufacturer to produce WPA3 certified router, MR2200ac, WPA3-Personal, WPA3-Enterprise and Opportunistic Wireless Encryption (OWE), officially announced in October of 2018." https://www.modders-inc.com/synology-mr2200ac-mesh-router-review-first-wpa3-certified-wi-f...
by Joni
Tue Dec 18, 2018 9:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Enable TCP ECN for bandwidth efficiency
Replies: 9
Views: 4263

Re: Enable TCP ECN for bandwidth efficiency

It would be more interesting to know (as these are routers) which queue types, if any, support ECN
in MikroTik products.
https://wiki.mikrotik.com/wiki/Manual:I ... all/Filter
by Joni
Fri Nov 30, 2018 4:28 pm
Forum: Wireless Networking
Topic: Removing Mikrotik elements from beacons
Replies: 13
Views: 1920

Re: Removing Mikrotik elements from beacons

This is a vulnerability +1
by Joni
Mon Nov 12, 2018 2:06 pm
Forum: Wireless Networking
Topic: cAP ac /wAP ac: recommended TX power?
Replies: 3
Views: 1360

Re: cAP ac /wAP ac: recommended TX power?

It is much more safer to use the method I described that modifying the tx power directly. You risk damaging the wireless adapter if you accidentally adjust the tx power beyond the capacity of the card. Whereas, modifying the antenna gain allow the ROS to automatically adjust the tx power to ensure ...
by Joni
Wed Oct 31, 2018 9:20 am
Forum: General
Topic: Default config exports
Replies: 1
Views: 1243

Re: Default config exports

So executing "/system default-configuration print" on a "RB962UiGS-5HacT2HnT" (ie international hAP ac) running v6.42.7 (factory default) which is lost when upgrading to v6.42.9 (long-term, bugfix): script: :global ssid; #| RouterMode: #| * WAN port is protected by firewall and enabled DHCP client #...
by Joni
Thu Oct 25, 2018 12:54 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request - DNSCrypt support...
Replies: 152
Views: 42547

Re: Feature request - DNSCrypt support...

DoH is incompatible with the basic architecture of the DNS because it moves control plane (signalling) messages to the data plane (message forwarding), and that's a no-no.
https://www.theregister.co.uk/2018/10/2 ... _standard/
by Joni
Thu Oct 18, 2018 2:59 pm
Forum: The Dude
Topic: The Dude scan kills network connectivity
Replies: 4
Views: 1122

Re: The Dude scan kills network connectivity

Mikrotik is notoriously famous for under performing MicroSD (compatibility?), and Dude uses a lot of I/O (in comparison to logging). Switch to USB and compare.
by Joni
Sat Oct 13, 2018 1:13 am
Forum: General
Topic: Forum (phpBB) functions missing / broken [SOLVED]
Replies: 1
Views: 355

Forum (phpBB) functions missing / broken [SOLVED]

How did you mark my post solved? I can't find any such feature? i the upper right corner of the post you will find 4 icons - one of them toggles solved/unsolved. well only yesterday i discovered the feature :-) 1) So I (apparently my account) have none of these, any OS any Browser, I only have "Rep...
by Joni
Fri Oct 12, 2018 11:52 pm
Forum: RouterBOARD hardware
Topic: SXT/LHG LTE KIT [SOLVED]
Replies: 4
Views: 993

Re: SXT/LHG LTE KIT [SOLVED]

How did you mark my post solved? I can't find any such feature?
by Joni
Fri Oct 05, 2018 11:29 am
Forum: General
Topic: Default config exports
Replies: 1
Views: 1243

Default config exports

In the spirit of this, having to downgrade, export, upgrade, etc... I've found a different factory reset behavior after upgrading to v6.42.9. In v6.40.9 the interfaces, DHCP server, and firewall policies were included by default. Now in v6.42.9, only a static IP address of 192.168.88.1 is configured...
by Joni
Wed Oct 03, 2018 1:12 pm
Forum: Wireless Networking
Topic: Capsman client to client forwarding in local forwarding mode [SOLVED]
Replies: 6
Views: 2900

Re: Capsman client to client forwarding in local forwarding mode [SOLVED]

It's *really* unclear in the manual but set Multicast Helper to Full when using multiple VLANs or VLAN override from one SSID.

https://wiki.mikrotik.com/wiki/Manual:I ... g_override
Thank you, works <3
by Joni
Mon Sep 24, 2018 3:54 pm
Forum: Wireless Networking
Topic: Capsman client to client forwarding in local forwarding mode [SOLVED]
Replies: 6
Views: 2900

Re: Capsman client to client forwarding in local forwarding mode [SOLVED]

There is no (inside AP) client-to-client communication happening, neither on same SSID or other, what so ever (any device, os, etc), unless AP configured manually (Cap disabled) with default-forward and everything works. Client-to-client communication only works between different APs clients if port...
by Joni
Mon Sep 24, 2018 1:57 pm
Forum: Beginner Basics
Topic: Mikrotik SXT LTE powering issue
Replies: 1
Views: 246

Re: Mikrotik SXT LTE powering issue

With the included Mikrotik POE injector, with the included Mikrotik power adapter, via a ethernet cable of supported length?
by Joni
Mon Sep 24, 2018 12:29 pm
Forum: Wireless Networking
Topic: Capsman client to client forwarding in local forwarding mode [SOLVED]
Replies: 6
Views: 2900

Capsman client to client forwarding in local forwarding mode [SOLVED]

I wonder why it is that when with Capsman using datapath.local-forwarding=yes (ie local forwarding mode, also known as wireless default-forwarding) then datapath.client-to-client-forwarding is ignored / not supported, resulting in that you can basically only enable client-to-client-forwarding with "...
by Joni
Sun Sep 16, 2018 8:12 pm
Forum: General
Topic: DNSSEC
Replies: 33
Views: 9933

Re: DNSSEC

by Joni
Sat Sep 15, 2018 9:14 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 34
Views: 7218

Re: Public IP over a tunnel ( SOLVED )

I am using a Hetzner Cloud VPS and ive found using a single vCPU, you can get around 400MBits, which ant bad at all. Adding an additional CPU produces around 800Mits. It seems to be CPU limited due to encryption so im looking at tweaking it a bit and see if can get a bit more out of it. Does Hetzne...
by Joni
Thu Sep 06, 2018 9:24 am
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 84
Views: 18442

Re: Future of LTE products, user feedback requested

How about first fixing the issues with current hardware search.php?keywords=R11e-LTE
by Joni
Sat Sep 01, 2018 10:51 am
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated
Replies: 3
Views: 948

Re: Bare metal CHR on Hetzner Dedicated

Exact same issue viewtopic.php?t=114844
and almost same, except I can't ping out... viewtopic.php?t=83196
by Joni
Sat Sep 01, 2018 8:37 am
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated
Replies: 3
Views: 948

Re: Bare metal CHR on Hetzner Dedicated

To be specific, even assigning a one additional IP to the ether1-WAN interface doesn't respond to ping, with Linux it works without anything more than
ip address add a.b.c.d/32 dev eth0
by Joni
Fri Aug 31, 2018 11:07 pm
Forum: Beginner Basics
Topic: 5GHz Channel
Replies: 4
Views: 1945

Re: 5GHz Channel

My guess is that this would give a hint about D and DP: Made some reconfigurations. Looks like it's because of Skip DFS setting. When Skip DFS Channels is not checked this messages appears in logs and wi-fi interface setup is delayed for one minute: capfive-MikroTik ST-hAP-AC-Lite3-1: do radar detec...
by Joni
Fri Aug 31, 2018 8:29 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 2034

Re: Blacklisting seems popular, honeypot made simple

Remember that most internet users will be able to feed your blacklist by sending spoofed TCP SYN packets (with source address that they want you to block). IP source address filtering (to allow only source addresses that you "own") is not widely deployed. This makes it easy to DDoS and it would be ...
by Joni
Fri Aug 31, 2018 8:23 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 7707

Re: CHR on OVH VPS SSD

by Joni
Fri Aug 31, 2018 8:20 pm
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated
Replies: 3
Views: 948

Bare metal CHR on Hetzner Dedicated

cd /root && curl -O https://download2.mikrotik.com/routeros/6.42.3/chr-6.42.3.img.zip && gunzip -S .zip chr-6.42.3.img.zip dd if=/root/chr-6.42.3.img of=/dev/sda Tried this on Hetzner dedicated (bare metal, EX series, I know bm isn't officially supported but I don't want the virtualization maintena...
by Joni
Fri Aug 31, 2018 4:21 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 22
Views: 7707

Re: CHR on OVH VPS SSD

cd /root && curl -O https://download2.mikrotik.com/routeros/6.42.3/chr-6.42.3.img.zip && gunzip -S .zip chr-6.42.3.img.zip dd if=/root/chr-6.42.3.img of=/dev/sda Tried this on Hetzner dedicated (bare metal, EX series, I know bm isn't officially supported) however everything except routing (public i...
by Joni
Sun Aug 26, 2018 3:50 pm
Forum: General
Topic: Simple queues didn't work
Replies: 5
Views: 548

Re: Simple queues didn't work

Disable https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

Torching disables Fasttrack temporarily
by Joni
Mon Aug 20, 2018 8:41 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 2034

Re: Blacklisting seems popular, honeypot made simple

So please add the port 23 to the "popular" list. At least in my case there is nothing there, but people keeps trying it. I must admit the port list is straight from Artillery and for some reason they left port 23 (Telnet) out... however I can't figure out a specific reason for leaving it out. I'll ...
by Joni
Mon Aug 20, 2018 6:15 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 2034

Re: Blacklisting seems popular, honeypot made simple

I'll grab hold of this later and push it to a test router I have to see what it does or doesn't break. Basically the only thing it can break at its current state is blocking non-whitelisted ip-addresses if you for some reason would have incoming WAN traffic from trusted IPs trying to access non-exi...
  • 1
  • 2