Community discussions

MikroTik App

Search found 161 matches

by Joni
Mon Nov 13, 2023 5:13 am
Forum: Forwarding Protocols
Topic: v7.1.1 OspfNeighbor received wrong LS Ack
Replies: 40
Views: 27746

Re: v7.1.1 OspfNeighbor received wrong LS Ack

You funny. If they don't understand to enrich insight from their own user-base forum and want to hide the revelation process in private tickets then they may suffer their own ignorance. It's not like they would need to worry about competitive advances leaking on a proprietary platform. It's not like...
by Joni
Sun Oct 08, 2023 2:29 pm
Forum: Forwarding Protocols
Topic: NAT killing OSPF
Replies: 10
Views: 10680

Re: NAT killing OSPF

(2017 calling, posting keywords for search results, referencing finding in https://forum.mikrotik.com/viewtopic.php?p=1029269#p1029269) Between any RouterOS v7.11.2. default-v2 { version: 2 router-id: x.x.x.13 } backbone { 0.0.0.0 } interface { p2p x.x.x.13%l2tp-x} neighbor { router-id: x.x.x.254 st...
by Joni
Sun Oct 08, 2023 2:25 pm
Forum: Forwarding Protocols
Topic: v7.1.1 OspfNeighbor received wrong LS Ack
Replies: 40
Views: 27746

Re: v7.1.1 OspfNeighbor received wrong LS Ack

Bumpbump, on between any 7.11.2. default-v2 { version: 2 router-id: x.x.x.13 } backbone { 0.0.0.0 } interface { p2p x.x.x.13%l2tp-x} neighbor { router-id: x.x.x.254 state: Full } received wrong LS Ack for router x.x.x.13 x.x.x.13 0x80000382 expected 0x80000383 (the so called +1 , 2 -> 3) Responding...
by Joni
Tue Sep 26, 2023 8:49 am
Forum: Forwarding Protocols
Topic: v7.1.1 OspfNeighbor received wrong LS Ack
Replies: 40
Views: 27746

Re: v7.1.1 OspfNeighbor received wrong LS Ack

Bumpbump, on between any 7.11.2.
default-v2 { version: 2 router-id: x.x.x.13 } backbone { 0.0.0.0 } interface { p2p x.x.x.13%l2tp-x} neighbor { router-id: x.x.x.254 state: Full } received wrong LS Ack for router x.x.x.13 x.x.x.13 0x80000382 expected 0x80000383
(the so called +1 , 2 -> 3)
by Joni
Tue Jun 27, 2023 5:30 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 238
Views: 35504

Re: Forum moderation volunteers

How about the moderators "merging" topics and posts into categories, the repeated topics year in and out gets a bit useless.
by Joni
Mon Jun 26, 2023 11:46 am
Forum: General
Topic: How to QoSing this correctly?
Replies: 11
Views: 2320

Re: How to QoSing this correctly?

just use QOS CAKE
Post example configuration, or it didn't happen.
Can't wait for that "just" oneliner.
by Joni
Mon Jun 12, 2023 5:36 pm
Forum: General
Topic: IPv6 Ping does not work with domain names
Replies: 59
Views: 46542

Re: IPv6 Ping does not work with domain names

Consistency, still same issue.
by Joni
Fri Jun 09, 2023 10:25 pm
Forum: General
Topic: simple queue stops working
Replies: 2
Views: 1091

Re: simple queue stops working

Just discovered the same with v7.9.2 with parent stopping if child enabled, but only on Mipsbe (vs Tile). /queue type add kind=sfq name=sfq /queue simple add limit-at=2M/10M max-limit=20M/40M name=PCQ queue=pcq-upload-default/pcq-download-default target=192.168.71.0/24 total-queue=sfq add name=Xbox ...
by Joni
Fri Jun 09, 2023 9:39 pm
Forum: General
Topic: How to QoSing this correctly?
Replies: 11
Views: 2320

Re: How to QoSing this correctly?

Why so much complexity? How about you try something simple generic and tell where it fails. /queue type add kind=sfq name=sfq /queue simple add limit-at=2M/2M max-limit=25M/25M name="Simple" queue=pcq-upload-default/pcq-download-default target=192.168.7.0/24 total-queue=sfq add name="...
by Joni
Tue May 02, 2023 7:29 pm
Forum: Announcements
Topic: v7.9 [stable] is released!
Replies: 242
Views: 53704

Re: v7.9 [stable] is released!

upgraded from 7.6 (x86), looks like "PPPoE Scan" is broken

Someone told me that is broken from 7.8
Someone told me it works on my computer.
by Joni
Tue May 02, 2023 4:18 pm
Forum: General
Topic: USB Sticks on >ROS 7.7 -7.9rc2
Replies: 10
Views: 898

Re: USB Sticks on >ROS 7.7 -7.9rc2

And so much more... all things USB... viewtopic.php?p=995247
by Joni
Sun Apr 16, 2023 11:23 am
Forum: Beginner Basics
Topic: UPnP vs Static NAT Rules [SOLVED]
Replies: 9
Views: 891

Re: UPnP vs Static NAT Rules [SOLVED]

what’s the advantage of reject-with=icmp-admin-prohibited vs sending traffic black hole? will devices on LAN stop trying UPnP if they receive the icmp prohibited message? Faster timeouts and network troubleshooting, no automation involved, tcpdump would show your denied reply instead of no reply at...
by Joni
Sun Apr 16, 2023 2:41 am
Forum: Beginner Basics
Topic: UPnP vs Static NAT Rules [SOLVED]
Replies: 9
Views: 891

Re: UPnP vs Static NAT Rules [SOLVED]

How about instead of being unconstructive you come with solutions instead. And as a sidenote if your firewall rules blindly allow incoming traffic up to this point then you have bigger problems. https://en.wikipedia.org/wiki/Fear,_unc ... _and_doubt
by Joni
Thu Apr 13, 2023 12:46 pm
Forum: Beginner Basics
Topic: UPnP vs Static NAT Rules [SOLVED]
Replies: 9
Views: 891

Re: UPnP vs Static NAT Rules [SOLVED]

A temporary workaround, like most things Mikrotik, would be to give intended devices static DHCP leases and add them to a dynamic address list ( tip : however not nessesary static ip) /ip/dhcp-server/lease/add server=dhcp comment=XBox mac-address=01:01:01:01:01:01 address=pool-Home address-lists=upn...
by Joni
Tue Apr 04, 2023 3:40 pm
Forum: General
Topic: Why were MikroTik powerline ethernet devices discontinued in Europe?
Replies: 18
Views: 1845

Re: Why were MikroTik powerline ethernet devices discontinued in Europe?

The plastic fiber with the application of manual LC connectors, which do not require fiber welding machinery, is cheap & easy to use and legal in many states where it is forbidden to insert ethernet into the existing electrical system... Always, everywhere, everytime, cite reference example url...
by Joni
Thu Mar 30, 2023 3:07 pm
Forum: General
Topic: Why were MikroTik powerline ethernet devices discontinued in Europe?
Replies: 18
Views: 1845

Re: Why were MikroTik powerline ethernet devices discontinued in Europe?

Much more specifically things like devolo Magic 2 LAN DINrail , basically Homeplug/G.hn (Ethernet-Over-Powerline) + WiFi + Mesh (Wi-Fi) all in one go. Obviously you place all that behind a Mikrotik router... ... however it doesn't give any reasonable performance without grounded power outlets, which...
by Joni
Sun Mar 05, 2023 12:16 pm
Forum: General
Topic: Understanding firmware version vs router OS version
Replies: 6
Views: 6966

Re: Understanding firmware version vs router OS version

. So there is a severe lack of comparables to clarify the subject (not specifically this topic), ideally accompanied by "screenshots" in correlation to commands. But that is the Mikrotik FUD way . Note that if you feel corrections are needed then post them directly instead of snickering ab...
by Joni
Tue Feb 28, 2023 11:00 pm
Forum: Wireless Networking
Topic: Client can connect to 5GHz only after disabling 802.11ac [SOLVED]
Replies: 17
Views: 6993

Re: Client can connect to 5GHz only after disabling 802.11ac [SOLVED]

7 months later I ended up repeating the problem on another location with a different router and 2 different laptops. I've found several workarounds. 4. RouterOS - Changing the Channel Width of the 5GHz interface from 20/40/80MHz XXXX to 20/40/80MHz eeeC or eeCe, eCee, Ceee makes the laptops connect...
by Joni
Fri Feb 10, 2023 10:59 am
Forum: Announcements
Topic: MikroTik Devices Controller
Replies: 332
Views: 232985

Re: MikroTik Devices Controller

.
At the moment we do not want to stick to a specific implementation or standard, but build our own

Best of luck

Image
by Joni
Sat Jan 28, 2023 11:13 am
Forum: General
Topic: PPP profiles and queues
Replies: 1
Views: 2065

Re: PPP profiles and queues

After lots of fiddling i fond out that new queue got created only after I set rate-limit for profile. As I did not find this documented I am posting here just in case someone else searches for the same issue. I love you <3 Unfortunately it's not dynamic and therefore doesn't inherit anything from s...
by Joni
Mon Oct 03, 2022 10:02 pm
Forum: Announcements
Topic: Newsletter 108
Replies: 84
Views: 46209

Re: Newsletter 108

For the love of... why would anyone sabotage any product with just one single 2.5Gb port...
by Joni
Fri Jul 22, 2022 5:58 pm
Forum: RouterBOARD hardware
Topic: CCR 1009 and SD card
Replies: 14
Views: 14403

Re: CCR 1009 and SD card

Just wait until you hit the performance issues, once it gets discovered...
by Joni
Fri Jul 08, 2022 12:03 pm
Forum: Scripting
Topic: CrowdSec open-source and collaborative IPS
Replies: 2
Views: 2118

CrowdSec open-source and collaborative IPS

(not affiliated, CrowdSec was not mentioned in the forums) In relation to Address lists downloader (DShield, Spamhaus DROP/EDROP, etc) we probably shouldn't forget CrowdSec open-source and collaborative IPS and the custom bouncer list generator script for Mikrotik https://github.com/0x767676/crowdse...
by Joni
Thu Jul 07, 2022 4:13 pm
Forum: General
Topic: How can I change the default route for a packet (or put routes into multiple tables)?
Replies: 8
Views: 2129

Re: How can I change the default route for a packet (or put routes into multiple tables)?

Ok for the rest of the world, after banging my head on this for the last two days I finally got it working. With this in mind, I removed the default route from the main table, and created two tables containing only the two different default routes. And (also for the rest of the word) if you want to...
by Joni
Mon May 23, 2022 12:21 pm
Forum: General
Topic: Feature Request: Disable log from logging by the specified service
Replies: 7
Views: 1528

Re: Feature Request: Disable log from logging by the specified service

This does not give any problem for me. You must still be misreading the issue, as issues presented here is not about your personal problems and solutions, rather errors and flaws in the RouterOS implementation. You are basically saying that RouterOS should come with an external server to circumvent...
by Joni
Fri May 20, 2022 3:26 pm
Forum: General
Topic: Feature Request: Disable log from logging by the specified service
Replies: 7
Views: 1528

Re: Feature Request: Disable log from logging by the specified service

You must have misread the issue as it specifically is not easy to filter as there are missing topics / facilities?
Or did you intend to manually replay all possible system messages and write filters for each and every group?
by Joni
Fri May 20, 2022 10:24 am
Forum: General
Topic: Feature Request: Disable log from logging by the specified service
Replies: 7
Views: 1528

Re: Feature Request: Disable log from logging by the specified service

Whishfull thinking, there is much things you cant exclude
viewtopic.php?p=889090#p889090
by Joni
Mon Apr 04, 2022 11:11 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 264
Views: 72279

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

.I challenge you to explain the origin of the name "hei" rule
Something from the Czech language?
I don't know.
But explain (find out), not speculate (guess) ;)
by Joni
Mon Apr 04, 2022 10:50 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 264
Views: 72279

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

. "Thank you", the folliowing is just intended to lower the threshold of adoption and improve. Some minor notes, this script: doesn't have a distinguisable name, which would help finding it, something along the lines of "Shumkov msatter Blacklister" or something has no script ver...
by Joni
Wed Mar 09, 2022 11:17 am
Forum: General
Topic: Fasstrack and rules
Replies: 13
Views: 1290

Re: Fasstrack and rules

. Have you read the manual: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic. Connection is FastTracked until connection is closed, timed-out or router is reboo...
by Joni
Wed Nov 03, 2021 9:51 pm
Forum: General
Topic: logging topics and exclusion / filtering
Replies: 0
Views: 1034

logging topics and exclusion / filtering

The messages "static dns entry removed" and "static dns entry added" only have "system, info" topics and are missing the "dns" topic. Resulting being unable to exclude the "dns, info" topics without also loosing "system, info" and eventuall...
by Joni
Mon Oct 11, 2021 10:41 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 106725

Re: v6.48.5 [long-term] is released!

Especially since even the changelog references a non-existing long-term release in relation to changes from v6.48.4 and not the actual predecessor v6.47.10 . https://mikrotik.com/download/changelogs/long-term-release-tree So lets see how the actual release notes for long-term v6.48.5 upgrade from v...
by Joni
Fri Oct 08, 2021 9:57 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 167
Views: 106725

Re: v6.48.5 [long-term] is released!

I still think it is a bad policy to release a new version in the stable channel and declare it the long-term version at the same time. You should move versions to the long-term channel only after they have proven to be free of obvious issues in the stable channel for some time. (I know that long-te...
by Joni
Thu Sep 16, 2021 6:31 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 2352

Re: Why firewall rules are so important...

You do realize this is not a oppionion debate.

Obviously it is.

Sure it is https://cwe.mitre.org/data/definitions/200.html
The simplified main point being that there are zero actual benefits about showing it.
by Joni
Thu Sep 16, 2021 6:27 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 2352

Re: Why firewall rules are so important...

Google will take care of them looking for you... Easy life for hacker... You apparently haven't tried Shodan. About display version or not: WHAT IS THE PROBLEM? Simply try all the hack, who stops you? Trying all hacks triggers alerts and countermeasures on many different levels. Different methods h...
by Joni
Thu Sep 16, 2021 6:08 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 2352

Re: Why firewall rules are so important...

You do realize this is not a opinion debate. The point is that router's management access (any kind) should not be wildly open. Period. The point is that no information whatsoever should be shared unless authenticated (by default). Period. I like to see version on login page so that I don't have to ...
by Joni
Thu Sep 16, 2021 5:08 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 2352

Re: Why firewall rules are so important...

Maybe they are honeypots? I hope... :p
You're missing the point, the version number is still displayed on the login page, once your router has a vulnerability then anyone with access to the user interface knows which one to exploit..
by Joni
Thu Sep 16, 2021 4:35 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 2352

Re: Why firewall rules are so important...

Years pass by and nothing changes...
by Joni
Thu Sep 16, 2021 2:24 pm
Forum: Beginner Basics
Topic: Will separate hardware firewall make the router safer? [SOLVED]
Replies: 8
Views: 4080

Re: Will separate hardware firewall make the router safer? [SOLVED]

Make sure you run a recent/latest-stable RouterOS release

What jvanhambelgium obviously meant was latest "Long-term" (not "Stable") :lol:

Also specifically make a mental distinction between exposing RouterOS vs hosts / services behind it, that is a huge difference.
by Joni
Sun Sep 12, 2021 12:03 am
Forum: General
Topic: Backup
Replies: 2
Views: 691

Re: Backup

They think wrong because the tickbox is not ticked (by default) and the tickbox says it is encrypted if not ticked... nowhere in the interface is it mentioned it would not be encrypted if the tickbox is not ticked. Especially as it before 6.43 defaulted to encrypting the backup with the user passwor...
by Joni
Sat Sep 11, 2021 11:17 pm
Forum: General
Topic: Backup
Replies: 2
Views: 691

Backup

The manual says https://wiki.mikrotik.com/wiki/Manual:System/Backup dont-encrypt (yes | no; Default: no) Disable backup file encryption. Note that since RouterOS v6.43 without a provided password the backup file is unencrypted. however the Winbox user interface doesn't default to ticking the box &qu...
by Joni
Wed Sep 08, 2021 8:59 am
Forum: RouterBOARD hardware
Topic: RB1100Ahx4 Dude Edition - Slow SATA speeds
Replies: 2
Views: 3127

Re: RB1100Ahx4 Dude Edition - Slow SATA speeds

Wonder when they are going to catch up on their own deception... https://mikrotik.com/product/RB1100Dx4 (still same speed sentence)
This is intentionally misleading and has been reported to https://www.eccnet.eu/ Ombudsman
by Joni
Wed Sep 01, 2021 5:48 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 308315

Re: ZeroTier added to RouterOS v7rc2

Of all the request to implement in RouterOS, why specifically ZeroTier? When you look at it from a business standpoint, it makes complete sense. 1) MikroTik needed an SDWAN solution to sell more boxes 2) ZeroTier needed a hardware solution to sell more licenses It's a phenomenal protocol and far be...
by Joni
Wed Sep 01, 2021 3:13 pm
Forum: RouterOS beta
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 335
Views: 308315

Re: ZeroTier added to RouterOS v7rc2

Of all the request to implement in RouterOS, why specifically ZeroTier?
by Joni
Fri Jul 23, 2021 10:27 am
Forum: Wireless Networking
Topic: Mikrotik - Early Access beta hardware?
Replies: 13
Views: 2076

Re: Mikrotik - Early Access beta hardware?

Yup ... buy new model devices from your local MT distributor and you're hooked up for beta testing. Or so it seems ...
Straight up...
by Joni
Thu Jul 01, 2021 10:40 pm
Forum: RouterOS beta
Topic: v7 launch date
Replies: 156
Views: 48582

Re: v7 launch date

Now if only all communication from Mikrotik was this logical and resonable. <3
You should be promoted, I haven't seen this sensible output here in years.
Let's clarify rumors.
...
by Joni
Mon Apr 26, 2021 8:38 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 113
Views: 52484

Re: RB750Gr3 - Report and questions

RB750Gr3 switch chip does not have full VLAN tagging/untagging support yet, it is planned to implement it in future. Currently, you should use RB750Gr3 switch chip only for basic switching.
Maybe some horizon update of the nearest decade when this might be implemented?
by Joni
Tue Apr 20, 2021 1:02 pm
Forum: General
Topic: Neighbor Discovery Over L2TP
Replies: 1
Views: 1069

Re: Neighbor Discovery Over L2TP

Reading the manual about dynamic L2TP interfaces and neighbourhood discovery discover-interface-list (string; Default: !dynamic) Interface list on which members the discovery protocol will run on https://wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery In the future, post your config /export hide...
by Joni
Tue Apr 20, 2021 10:26 am
Forum: Scripting
Topic: Yet another DHCP to DNS script
Replies: 34
Views: 40620

Re: Yet another DHCP to DNS script

While the script itself is marvelous, one of the best dhcp2dns scripts...
Interestingly this prompts yet another RouterOS "feature", logs filled with "statis dns entry added/removed" a event with system,info topics but without a DNS topic to filter them away...
by Joni
Sat Apr 10, 2021 2:05 pm
Forum: General
Topic: Tools/email and ports
Replies: 3
Views: 992

Re: Tools/email and ports

All I know is it works fine with my ISP provider?? Yes, they are receiving email, they have to because of ignorant customers, accepting legacy setups. The difference is Mikrotik is sending and have no reason default to a legacy port which the user can override if needed. My ISP provider requires 46...
by Joni
Sat Apr 10, 2021 12:43 pm
Forum: General
Topic: Tools/email and ports
Replies: 3
Views: 992

Tools/email and ports

In https://wiki.mikrotik.com/wiki/Manual:Tools/email there is a note If start-tls='''tls-only''', port 465 will be used either the note is left over from a previous circumstance or it is not RFC compliant http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt https...
by Joni
Wed Apr 07, 2021 6:16 pm
Forum: General
Topic: "antenna gain" missing in 6.46.8?
Replies: 83
Views: 29627

Re: "antenna gain" missing in 6.46.8?

52 messages and 20 participants later. Do you feel like "you already wrote this", nobody said you didn't write but everybody said they did didn't understand the reasoning or logic behind your writing. "nothing has changed basically" then why was it implemented in the first place ...
by Joni
Tue Feb 02, 2021 9:08 am
Forum: General
Topic: Allow Ethernet interface with specific MAC address only
Replies: 34
Views: 24535

Re: Allow Ethernet interface with specific MAC address only

Against stupid attackers, a bridge firewall filter linking MAC address to a port is sufficient. A clever attacker will copy the camera's MAC address to his device, so only 802.1X is a safe method, unless the attacker can extract the password for 802.1X from the camera. The question is whether your ...
by Joni
Tue Dec 22, 2020 9:38 am
Forum: General
Topic: IP Firewall Address list FQDN resolution expiration
Replies: 6
Views: 3032

Re: IP Firewall Address list FQDN resolution expiration

/ip firewall address-list add list=somename address=hostname.example.net Adds hostname.example.net to list and automatically resolves it based on dns record's ttl. When this ttl expires, it's resolved again. When address changes, old one is replaced by new one. Also works when hostname resolves to ...
by Joni
Mon Dec 21, 2020 10:42 pm
Forum: General
Topic: IP Firewall Address list FQDN resolution expiration
Replies: 6
Views: 3032

Re: IP Firewall Address list FQDN resolution expiration

It should be all automatic, resolved addresses simply inherit ttl from dns record, disappear when it expires, and system then resolves hostname again. As literally emphasised above it should absolutely not happen as you describe, as you loose even more control to yet another party in the process yo...
by Joni
Mon Dec 21, 2020 8:26 pm
Forum: General
Topic: IP Firewall Address list FQDN resolution expiration
Replies: 6
Views: 3032

IP Firewall Address list FQDN resolution expiration

So afaik as an undocumented function you can do /ip firewall address-list add address=officeX.example.com list=whitelist And RouterOS will resolve the FQDN name (every X minutes) to a IP address and add it to the address list as a "dynamic" item (actually static, ie not lost on reboot). If...
by Joni
Tue Dec 01, 2020 4:29 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 1006
Views: 1114171

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

And while we are testing bandwidth... we might want a refresher on the affects of latency and loss... Namely where your public test server is located, globally... https://accedian.com/blog/measuring-network-performance-latency-throughput-packet-loss/ http://bradhedlund.com/2008/12/19/how-to-calculat...
by Joni
Wed Nov 18, 2020 3:27 pm
Forum: Announcements
Topic: v6.46.8 [long-term] is released!
Replies: 36
Views: 29402

Re: v6.46.8 [long-term] is released!

. hEX PoE powering 48V three wAP ac (RBwAPG-5HacT2HnD) for a few years, iterating through long-term versions, however when upgrading from v6.46.7 to v6.46.8 suddenly port ether4 requires poe-out=forced-on or wAP ac on the port starts POE cycling endlessly. (any cable, firmware upgraded, rebooted thr...
by Joni
Tue Nov 17, 2020 11:57 am
Forum: RouterBOARD hardware
Topic: ChaCha20 hardware offloading?
Replies: 2
Views: 1208

Re: ChaCha20 hardware offloading?

As something running on a EOL 2012 Linux kernel you can imagine that since wireguard was merged Linux 2020 we'll be seing _full_ _stable_ Wireguard support around 2024 (presuming the adoption lifecycle has halved in 8 years). https://forum.mikrotik.com/viewtopic.php?f=2&t=144639 https://forum.mi...
by Joni
Sun Oct 25, 2020 9:13 pm
Forum: Scripting
Topic: mkdir function for easy folder creation [SOLVED]
Replies: 19
Views: 11852

Re: mkdir function for easy folder creation [SOLVED]

What do you need folders for?

For RouterOS not trying to upgrade itself on every boot when .npk for Capsman Cap's (APs) exists in filesystem... for one...

"What does Capsman need a package path setting for?"
by Joni
Wed Oct 14, 2020 10:56 pm
Forum: General
Topic: NAT by incoming interface
Replies: 3
Views: 954

Re: NAT by incoming interface

Please note that internal src-nat is a typical need also when a accessing (managing) non-routed networks / subnets over VPN etc, while wanting to retain traceable logs of entering and exiting traffic. Traffic enters via management node vpn interface from a remote subnet which is not available via th...
by Joni
Wed Oct 14, 2020 3:31 pm
Forum: General
Topic: NAT by incoming interface
Replies: 3
Views: 954

Re: NAT by incoming interface

(clear, old, question)

No, you understood it right.
These are the kind of things that hinders adoption of Mikrotik by intermediate level users.
The solution would be to mark traffic on the incoming interface(s) and src-nat by marked traffic.
by Joni
Sat Sep 19, 2020 10:35 am
Forum: General
Topic: Capsman disconnecting all CAPs
Replies: 3
Views: 932

Re: Capsman disconnecting all CAPs

Upgrading Capsman to v6.46.7 (Long-term) on CCR disabled Capsman, configuration intact.
by Joni
Tue Jul 14, 2020 9:47 am
Forum: General
Topic: Mikrotik CRS125-24G Speed Problem
Replies: 13
Views: 3825

Re: Mikrotik CRS125-24G Speed Problem

Probably a bad idea. CRS125 is a switch, and in no way it can route a gigabit.
"no way"
"route"
Please be much much more specific, you present the subject like routing would be some magical high overhead process.
by Joni
Tue Jul 14, 2020 9:44 am
Forum: General
Topic: Mikrotik CRS125-24G Speed Problem
Replies: 13
Views: 3825

Re: Mikrotik CRS125-24G Speed Problem

https://mikrotik.com/product/CRS125-24G ... estresults

To confirm any speed issues you need to reset everything and start adding settings from scratch, one by one, unitl you find the issue. Techically there is no reason you couldn't get reasonable performance out of a CRS125.
by Joni
Wed Jun 17, 2020 8:20 pm
Forum: Wireless Networking
Topic: Wireless product max distance
Replies: 60
Views: 58044

Re: Wireless product max distance

The tables have been moved to product documentation download tabs: https://mikrotik.com/product/lhg_2#fndtn-downloads Selection guide for PtP links https://i.mt.lv/cdn/rb_files/antenas-160404123306.pdf Selection guide for PtMP links https://i.mt.lv/cdn/rb_files/antenas-mantbox-160404123306.pdf And a...
by Joni
Tue Jun 09, 2020 8:20 pm
Forum: Wireless Networking
Topic: how to adjust tx power for caps in capsman
Replies: 9
Views: 8217

Re: how to adjust tx power for caps in capsman

However according to Mikrotik you are not supposed to adjust tx power, only antenna gain.

viewtopic.php?t=121782#p599546
viewtopic.php?t=129865
by Joni
Tue Jun 09, 2020 8:05 pm
Forum: General
Topic: capsman keep WiFi up when capsman unavailable?
Replies: 15
Views: 5634

Re: capsman keep WiFi up when capsman unavailable?

What you want is not possible. In CAPsMAN it is manager that always handles client authentication, no matter what forwarding mode is in use. That's by design. Reference manual link or source for this fact... https://wiki.mikrotik.com/wiki/Manual:CAPsMAN#Radio_Provisioning Interfaces on CAPsMAN can ...
by Joni
Tue Jun 09, 2020 7:55 pm
Forum: General
Topic: drop second WAN IP remote access
Replies: 2
Views: 943

Re: drop second WAN IP remote access

Firewall?
Block input to second address and port?
https://wiki.mikrotik.com/wiki/Manual:IP/Services
by Joni
Mon Apr 13, 2020 6:04 pm
Forum: General
Topic: dhcp client $(hostname) contains whitespaces
Replies: 0
Views: 1694

dhcp client $(hostname) contains whitespaces

RouterOS DHCP Client $(hostname) variable contains white space characters from RouterOS Identity making it incompatible with any DHCP servers and their "dynamic DNS update" (not to be confused with DDNS ) which don't clean names. rfc2181 rfc2132 rfc4702 And no, Mikrotik, nobody here is in...
by Joni
Tue Mar 24, 2020 10:23 am
Forum: Beginner Basics
Topic: VLAN setup help
Replies: 30
Views: 8218

Re: VLAN setup help

by Joni
Tue Mar 24, 2020 9:05 am
Forum: SwOS
Topic: Configuring VLAN on RB260GS
Replies: 10
Views: 6240

Re: Configuring VLAN on RB260GS

by Joni
Sat Feb 22, 2020 12:18 pm
Forum: Beginner Basics
Topic: Native VLAN + 1 tagged VLAN
Replies: 3
Views: 2085

Re: Native VLAN + 1 tagged VLAN

Except if your hardware is CRS https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples . And the shame goes once again to Mikrotik for not having notice headers in their wiki articles... https://wiki.mikrotik.com/wiki/Manual:CRS_Router And the much to little emphasized note of: &qu...
by Joni
Sat Feb 22, 2020 11:07 am
Forum: General
Topic: CRS default config: Bridge and Interface MAC in IP Neighbors
Replies: 3
Views: 2826

Re: CRS default config: Bridge and Interface MAC in IP Neighbors

Same issue, suggested solution doesn't help. Hardware CRS109, CRS125, RB960PGS. The lists duplicate items always contain the bridge mac address without proper details and the discovery interface mac address with proper details. (just like in the original op post) All running long-term current [admin...
by Joni
Sat Jan 25, 2020 6:30 pm
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 33
Views: 15911

Re: DHCP automatic dynamic to static

How about just extending the DHCP lease time to one month, so unless your device is offline for a month it will retain its IP address (and if you have lots of guests then setup a bigger subnet).
by Joni
Thu Dec 12, 2019 2:54 pm
Forum: General
Topic: QoS / Traffic Shaping - limit per IP with double PCQ
Replies: 16
Views: 5963

Re: QoS / Traffic Shaping - limit per IP with double PCQ

Bump =) So what Cha0s wants is in the general lines of a parent with: /queue type add kind=pcq name=pcq-parent-upload pcq-classifier=src-address pcq-dst-address-mask=32 pcq-src-address-mask=32 add kind=pcq name=pcq-parent-download pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-src-address-ma...
by Joni
Thu Oct 31, 2019 6:14 pm
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated [SOLVED]
Replies: 9
Views: 6377

Re: Bare metal CHR on Hetzner Dedicated [SOLVED]

Duh... Forgot to mention that Hetzner Cloud works for CHR...
by Joni
Sat Oct 26, 2019 6:40 pm
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated [SOLVED]
Replies: 9
Views: 6377

Re: Bare metal CHR on Hetzner Dedicated [SOLVED]

Did you anyhow solve the problem?
Unfortunately no.
by Joni
Sat Sep 07, 2019 5:26 pm
Forum: General
Topic: v7 Linux Kernel version ?
Replies: 6
Views: 8619

Re: v7 Linux Kernel version ?

AFAIK. Because Tile(ra) architecture (CCR) support is dropped after kernel v4.14.x
by Joni
Sat Aug 17, 2019 4:06 pm
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 4657

Re: I'm sure Mikrotik has a legit response to this...

The response that Normis gave is equivalent to saying, "I don't have AIDS" when he should be able to be saying, "I don't have AIDS and I always wear a condom too." We don't just want Mikrotik to be looking for and fixing vulnerabilities, we also want modern development and desig...
by Joni
Sat Aug 17, 2019 8:58 am
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 4657

Re: I'm sure Mikrotik has a legit response to this...

How many of these vulnerabilities though are still present when a competent person configures the router? Most persons configuring things in this world are not competent, including you and me, that is why we ask these questions. If your WAN is entirely firewalled against incoming connections (inclu...
by Joni
Thu Aug 15, 2019 6:59 am
Forum: General
Topic: I'm sure Mikrotik has a legit response to this...
Replies: 14
Views: 4657

I'm sure Mikrotik has a legit response to this...

These are the seatbelts and airbags of the software world. These numbers are unheard of in operating systems or (Web) browsers. Its just a sign that they’re not trying, https://www.reddit.com/r/mikrotik/comments/cqksvr/these_are_the_seatbelts_and_airbags_of_the/ How it is a all a misunderstanding, ...
by Joni
Mon Jul 22, 2019 8:18 pm
Forum: Forwarding Protocols
Topic: Problem with L2TP / IPSEC AND WINDOWS CLIENT
Replies: 2
Views: 7653

Re: Problem with L2TP / IPSEC AND WINDOWS CLIENT

It turns out that windows 10 was broken. I had to delete ALL WAN MINI PORTs in device manager and let windows reinstall them and now my vpn works fine. This <3 What made it confusing was that the same bug (windows updates) was affecting multiple (all) computers. (Remove in Windows / Device Manager ...
by Joni
Fri May 24, 2019 5:51 am
Forum: General
Topic: DNS Flag Day
Replies: 3
Views: 1575

Re: DNS Flag Day

Just some follow up on the subject in general https://www.zdnet.com/article/dns-flag-day-2020-dns-servers-must-support-both-udp-and-tcp-queries/ accompanied by a quote from Mikrotik Wiki : A MikroTik router with DNS feature enabled can be set as a DNS server for any DNS-compliant client. Moreover, M...
by Joni
Tue Apr 16, 2019 11:11 pm
Forum: General
Topic: DHCP Option 51 (Apple, IP address lease time)
Replies: 1
Views: 1867

DHCP Option 51 (Apple, IP address lease time)

This was an interesting read, any field experiences?

https://jimswirelessworld.wordpress.com ... option-51/

TLDR:
"Apple devices didn’t like having short lease times for its DHCP, Apple products will always request for 90 days."
by Joni
Wed Apr 10, 2019 1:00 pm
Forum: General
Topic: Mikrotik "Internet detect" problem
Replies: 19
Views: 23193

Re: Mikrotik "Internet detect" problem

Still not working on v6.43.13, WAN is never upgraded to Internet. [admin@GW]> /interface detect-internet state print terse 0 name=ether1-gateway state=no-link state-change-time=apr/10/2019 12:12:22 1 name=ether2-master-local state=lan state-change-time=apr/10/2019 12:12:22 2 name=ether3-slave-local ...
by Joni
Sat Apr 06, 2019 7:01 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 5374

Re: Holy grail for Failover 2 Wans NO SCRIPTING

I really don't care about re-establishing the same connection on failover. That seems pie in the sky thinking. The old connection is gone caput, dead, I would expect to have to restart all my activity. The idea of failover is minimal disruption to service plus as the admin I dont have to intervene....
by Joni
Sat Apr 06, 2019 6:09 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 5374

Re: Holy grail for Failover 2 Wans NO SCRIPTING

Overly complex Failover. Simple recursive routes (choose 1 or 2 public DNS) is just as effective, no mangling required. Nope. Established sessions (like VPN) never return to the primary connection. This is a recurring problem for Mikrotik that there doesn't exist vetted solutions which either funct...
by Joni
Fri Apr 05, 2019 7:14 pm
Forum: General
Topic: Holy grail for Failover 2 Wans NO SCRIPTING
Replies: 14
Views: 5374

Re: Holy grail for Failover 2 Wans NO SCRIPTING

Your definition holy grail would imply dhcp support for wan, this is nothing new.
by Joni
Mon Mar 25, 2019 9:43 pm
Forum: General
Topic: Remotely access Mikrotik router
Replies: 11
Views: 2936

Re: Remotely access Mikrotik router

There is a much simpler way... dynamic whitelisting 1) Get a DynDNS client (or URL) on your client device (hint: could also be another Mikrotik device on the same client network https://wiki.mikrotik.com/wiki/Manual:IP/Cloud ) 2) Add that DynDNS name (not IP address) to Firewall address list in the ...
by Joni
Mon Mar 25, 2019 9:23 pm
Forum: General
Topic: Mikrotik and FreeRadius (DaloRADIUS)
Replies: 4
Views: 7385

Re: Mikrotik and FreeRadius (DaloRADIUS)

Just my five cents worth... a non-vetted review without running the product. I would instead highly recommend something in the lines of pfSense or OPNsense which are secure, modern, tested, vetted for "generations": https://turbofuture.com/internet/How-to-Set-Up-a-Radius-Server-on-pfSense-...
by Joni
Mon Dec 31, 2018 3:11 pm
Forum: General
Topic: PWR-Line AP - problem with cominicate
Replies: 9
Views: 4484

Re: PWR-Line AP - problem with cominicate

I test a pair of these APs, but can't find a description. What is the maximum distance to work etc. https://mikrotik.com/product/pwr_line_ap says the PLC chipset is https://www.qualcomm.com/products/ar7420 which says Ethernet Standards: Home Plug 1.0, Home Plug AV, IEEE 802.3, IEEE 1900 Ethernet Ne...
by Joni
Sat Dec 29, 2018 11:30 am
Forum: General
Topic: PWR-Line AP - problem with cominicate
Replies: 9
Views: 4484

Re: PWR-Line AP - problem with cominicate

Typical Mikrotik, making a device with six leds and two buttons but not documenting more than one led in one state... reminds me of cAP Lite (RBcAPL-2nD-307)...
by Joni
Sat Dec 29, 2018 10:53 am
Forum: General
Topic: PWR-Line AP - problem with cominicate
Replies: 9
Views: 4484

Re: PWR-Line AP - problem with cominicate

Begin by trying to pair them on the same extension cord, side by side.
by Joni
Sat Dec 29, 2018 10:43 am
Forum: Wireless Networking
Topic: wAP LTE Kit International APN problem [SOLVED]
Replies: 24
Views: 12423

Re: wAP LTE Kit International APN problem [SOLVED]

YMMV! Check currently running R11e-LTE version ("MikroTik_CP_2.160.000_v006"): /interface lte info lte1 once Issue R11e-LTE "firmware update mode": /interface lte at-chat lte1 input="at+mififlag=1" Trigger update download, ~5MB (R11e-LTE has to be online, download is fe...
by Joni
Thu Dec 27, 2018 10:32 pm
Forum: Wireless Networking
Topic: wAP LTE Kit International APN problem [SOLVED]
Replies: 24
Views: 12423

Re: wAP LTE Kit International APN problem [SOLVED]

Bug is solved in newer wAPs because they come out with LTE firmware v8, you have v1. Ask support@mikrotik.com the guide to upgrade wAP's LTE firmware, and always upgrade wAPs to last stable version. You're referring to this? https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#Modem_firmware_upgrade...
by Joni
Thu Dec 27, 2018 10:19 pm
Forum: Wireless Networking
Topic: wpa3
Replies: 5
Views: 3771

Re: wpa3

Just FYI... "Synology is the first manufacturer to produce WPA3 certified router, MR2200ac, WPA3-Personal, WPA3-Enterprise and Opportunistic Wireless Encryption (OWE), officially announced in October of 2018." https://www.modders-inc.com/synology-mr2200ac-mesh-router-review-first-wpa3-cert...
by Joni
Tue Dec 18, 2018 9:06 pm
Forum: General
Topic: Enable TCP ECN for bandwidth efficiency
Replies: 14
Views: 8303

Re: Enable TCP ECN for bandwidth efficiency

It would be more interesting to know (as these are routers) which queue types, if any, support ECN
in MikroTik products.
https://wiki.mikrotik.com/wiki/Manual:I ... all/Filter
by Joni
Fri Nov 30, 2018 4:28 pm
Forum: Wireless Networking
Topic: Removing Mikrotik elements from beacons
Replies: 15
Views: 6133

Re: Removing Mikrotik elements from beacons

This is a vulnerability +1
by Joni
Mon Nov 12, 2018 2:06 pm
Forum: Wireless Networking
Topic: cAP ac /wAP ac: recommended TX power?
Replies: 3
Views: 6201

Re: cAP ac /wAP ac: recommended TX power?

It is much more safer to use the method I described that modifying the tx power directly. You risk damaging the wireless adapter if you accidentally adjust the tx power beyond the capacity of the card. Whereas, modifying the antenna gain allow the ROS to automatically adjust the tx power to ensure ...
by Joni
Wed Oct 31, 2018 9:20 am
Forum: General
Topic: Default config exports
Replies: 1
Views: 6406

Re: Default config exports

So executing "/system default-configuration print" on a "RB962UiGS-5HacT2HnT" (ie international hAP ac) running v6.42.7 (factory default) which is lost when upgrading to v6.42.9 (long-term, bugfix): script: :global ssid; #| RouterMode: #| * WAN port is protected by firewall and e...
by Joni
Thu Oct 25, 2018 12:54 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80707

Re: Feature request - DNSCrypt support...

DoH is incompatible with the basic architecture of the DNS because it moves control plane (signalling) messages to the data plane (message forwarding), and that's a no-no.
https://www.theregister.co.uk/2018/10/2 ... _standard/
by Joni
Thu Oct 18, 2018 2:59 pm
Forum: The Dude
Topic: The Dude scan kills network connectivity
Replies: 4
Views: 3687

Re: The Dude scan kills network connectivity

Mikrotik is notoriously famous for under performing MicroSD (compatibility?), and Dude uses a lot of I/O (in comparison to logging). Switch to USB and compare.
by Joni
Sat Oct 13, 2018 1:13 am
Forum: General
Topic: Forum (phpBB) functions missing / broken [SOLVED]
Replies: 1
Views: 1316

Forum (phpBB) functions missing / broken [SOLVED]

How did you mark my post solved? I can't find any such feature? i the upper right corner of the post you will find 4 icons - one of them toggles solved/unsolved. well only yesterday i discovered the feature :-) 1) So I (apparently my account) have none of these, any OS any Browser, I only have &quo...
by Joni
Fri Oct 12, 2018 11:52 pm
Forum: RouterBOARD hardware
Topic: SXT/LHG LTE KIT [SOLVED]
Replies: 4
Views: 2689

Re: SXT/LHG LTE KIT [SOLVED]

How did you mark my post solved? I can't find any such feature?
by Joni
Fri Oct 05, 2018 11:29 am
Forum: General
Topic: Default config exports
Replies: 1
Views: 6406

Default config exports

In the spirit of this, having to downgrade, export, upgrade, etc... I've found a different factory reset behavior after upgrading to v6.42.9. In v6.40.9 the interfaces, DHCP server, and firewall policies were included by default. Now in v6.42.9, only a static IP address of 192.168.88.1 is configured...
by Joni
Wed Oct 03, 2018 1:12 pm
Forum: Wireless Networking
Topic: Capsman client to client forwarding in local forwarding mode [SOLVED]
Replies: 7
Views: 17007

Re: Capsman client to client forwarding in local forwarding mode [SOLVED]

It's *really* unclear in the manual but set Multicast Helper to Full when using multiple VLANs or VLAN override from one SSID.

https://wiki.mikrotik.com/wiki/Manual:I ... g_override
Thank you, works <3
by Joni
Mon Sep 24, 2018 3:54 pm
Forum: Wireless Networking
Topic: Capsman client to client forwarding in local forwarding mode [SOLVED]
Replies: 7
Views: 17007

Re: Capsman client to client forwarding in local forwarding mode [SOLVED]

There is no (inside AP) client-to-client communication happening, neither on same SSID or other, what so ever (any device, os, etc), unless AP configured manually (Cap disabled) with default-forward and everything works. Client-to-client communication only works between different APs clients if port...
by Joni
Mon Sep 24, 2018 1:57 pm
Forum: Beginner Basics
Topic: Mikrotik SXT LTE powering issue
Replies: 1
Views: 855

Re: Mikrotik SXT LTE powering issue

With the included Mikrotik POE injector, with the included Mikrotik power adapter, via a ethernet cable of supported length?
by Joni
Mon Sep 24, 2018 12:29 pm
Forum: Wireless Networking
Topic: Capsman client to client forwarding in local forwarding mode [SOLVED]
Replies: 7
Views: 17007

Capsman client to client forwarding in local forwarding mode [SOLVED]

I wonder why it is that when with Capsman using datapath.local-forwarding=yes (ie local forwarding mode, also known as wireless default-forwarding) then datapath.client-to-client-forwarding is ignored / not supported, resulting in that you can basically only enable client-to-client-forwarding with &...
by Joni
Sun Sep 16, 2018 8:12 pm
Forum: General
Topic: DNSSEC
Replies: 43
Views: 23453

Re: DNSSEC

by Joni
Sat Sep 15, 2018 9:14 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 35
Views: 26033

Re: Public IP over a tunnel ( SOLVED )

I am using a Hetzner Cloud VPS and ive found using a single vCPU, you can get around 400MBits, which ant bad at all. Adding an additional CPU produces around 800Mits. It seems to be CPU limited due to encryption so im looking at tweaking it a bit and see if can get a bit more out of it. Does Hetzne...
by Joni
Thu Sep 06, 2018 9:24 am
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 208
Views: 101181

Re: Future of LTE products, user feedback requested

How about first fixing the issues with current hardware search.php?keywords=R11e-LTE
by Joni
Sat Sep 01, 2018 10:51 am
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated [SOLVED]
Replies: 9
Views: 6377

Re: Bare metal CHR on Hetzner Dedicated [SOLVED]

Exact same issue viewtopic.php?t=114844
and almost same, except I can't ping out... viewtopic.php?t=83196
by Joni
Sat Sep 01, 2018 8:37 am
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated [SOLVED]
Replies: 9
Views: 6377

Re: Bare metal CHR on Hetzner Dedicated [SOLVED]

To be specific, even assigning a one additional IP to the ether1-WAN interface doesn't respond to ping, with Linux it works without anything more than
ip address add a.b.c.d/32 dev eth0
by Joni
Fri Aug 31, 2018 11:07 pm
Forum: Beginner Basics
Topic: 5GHz Channel
Replies: 4
Views: 4859

Re: 5GHz Channel

My guess is that this would give a hint about D and DP: Made some reconfigurations. Looks like it's because of Skip DFS setting. When Skip DFS Channels is not checked this messages appears in logs and wi-fi interface setup is delayed for one minute: capfive-MikroTik ST-hAP-AC-Lite3-1: do radar detec...
by Joni
Fri Aug 31, 2018 8:29 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 7962

Re: Blacklisting seems popular, honeypot made simple

Remember that most internet users will be able to feed your blacklist by sending spoofed TCP SYN packets (with source address that they want you to block). IP source address filtering (to allow only source addresses that you "own") is not widely deployed. This makes it easy to DDoS and it...
by Joni
Fri Aug 31, 2018 8:23 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 23
Views: 32754

Re: CHR on OVH VPS SSD

by Joni
Fri Aug 31, 2018 8:20 pm
Forum: General
Topic: Bare metal CHR on Hetzner Dedicated [SOLVED]
Replies: 9
Views: 6377

Bare metal CHR on Hetzner Dedicated [SOLVED]

cd /root && curl -O https://download2.mikrotik.com/routeros/6.42.3/chr-6.42.3.img.zip && gunzip -S .zip chr-6.42.3.img.zip dd if=/root/chr-6.42.3.img of=/dev/sda Tried this on Hetzner dedicated (bare metal, EX series, I know bm isn't officially supported but I don't want the virtual...
by Joni
Fri Aug 31, 2018 4:21 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 23
Views: 32754

Re: CHR on OVH VPS SSD

cd /root && curl -O https://download2.mikrotik.com/routeros/6.42.3/chr-6.42.3.img.zip && gunzip -S .zip chr-6.42.3.img.zip dd if=/root/chr-6.42.3.img of=/dev/sda Tried this on Hetzner dedicated (bare metal, EX series, I know bm isn't officially supported) however everything except r...
by Joni
Sun Aug 26, 2018 3:50 pm
Forum: General
Topic: Simple queues didn't work
Replies: 5
Views: 1524

Re: Simple queues didn't work

Disable https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

Torching disables Fasttrack temporarily
by Joni
Mon Aug 20, 2018 8:41 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 7962

Re: Blacklisting seems popular, honeypot made simple

So please add the port 23 to the "popular" list. At least in my case there is nothing there, but people keeps trying it. I must admit the port list is straight from Artillery and for some reason they left port 23 (Telnet) out... however I can't figure out a specific reason for leaving it ...
by Joni
Mon Aug 20, 2018 6:15 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 7962

Re: Blacklisting seems popular, honeypot made simple

I'll grab hold of this later and push it to a test router I have to see what it does or doesn't break. Basically the only thing it can break at its current state is blocking non-whitelisted ip-addresses if you for some reason would have incoming WAN traffic from trusted IPs trying to access non-exi...
by Joni
Mon Aug 20, 2018 1:55 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 7962

Re: Blacklisting seems popular, honeypot made simple

There are many thing you can do to improve this. 1. Use a find command to find outside interface so that you do not need to change it when pasting commands. There are many things you can do too, post a updated version improving it accordingly ;) 2. Use the "place-before" commands, so that...
by Joni
Mon Aug 20, 2018 1:26 pm
Forum: Scripting
Topic: Blacklisting seems popular, honeypot made simple
Replies: 12
Views: 7962

Blacklisting seems popular, honeypot made simple

Inspired by the now defunct Linux Portsentry (by Psionic, accuired by Cisco in 2002) revive by https://github.com/BinaryDefense/artillery (which unfortunately is still a bit rough around the edges) This is just a quick "oneliner" draft I'm running, YMMV, do not just blindly copy paste! You...
by Joni
Tue Jun 26, 2018 12:14 pm
Forum: Wireless Networking
Topic: WPA3
Replies: 2
Views: 2717

Re: WPA3

by Joni
Thu May 03, 2018 4:08 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 98192

SNMP

SNMP: Looks like running Dude (on CCR1009-7G-1C-1S+, v6.42.1) and enabling IPv6 (in addition to IPv4) on it makes Dude unable to SNMP poll IPv4 agents (any make and model), however snmpwalk (from Dude) on same agent works (presumably uses / defaults to IPv4, which is obviously also wrong). Once you ...
by Joni
Wed Apr 18, 2018 3:36 pm
Forum: General
Topic: How to allow incomming ports from both isps
Replies: 2
Views: 1023

Re: How to allow incomming ports from both isps

It's not about the incoming traffic, rather the returning traffic which takes the default route unless you use connection marking on the incoming traffic.

search.php?keywords=dual+wan

viewtopic.php?t=124993
by Joni
Tue Mar 20, 2018 8:58 am
Forum: General
Topic: Router OS default values - where to set them
Replies: 7
Views: 2726

Re: Router OS default values - where to set them

Some values, when declared "default", inherit its values from the interface used. So, the "default" value isn't an arbitrary default. The real meaning is "use the already set value, to this interface, as the default for this connection". Guess what, we know what defaul...
by Joni
Mon Mar 19, 2018 7:26 pm
Forum: General
Topic: Router OS default values - where to set them
Replies: 7
Views: 2726

Re: Router OS default values - where to set them

This, unfortunate ignorance of Mikrotik. I love the fact that someone has actually taken the time to write default = default in all value definitions in the wiki... However, many value defaults are listed in the wiki: change-tcp-mss (yes | no | default; Default: default) Modifies connection MSS sett...
by Joni
Tue Mar 13, 2018 9:48 am
Forum: Scripting
Topic: Built in function library
Replies: 132
Views: 133661

Re: Built in function library

You could also take into consideration the future possibility of executing scheduled remote scripts from The Dude on remote Device.
(ex collect backups from monitored devices)
by Joni
Fri Mar 09, 2018 9:02 am
Forum: Scripting
Topic: external editor syntax highlighting
Replies: 47
Views: 97987

Re: external editor syntax highlighting

How about contributing the package too... https://notepad-plus-plus.org/contribute/
by Joni
Fri Mar 09, 2018 8:52 am
Forum: Scripting
Topic: Built in function library
Replies: 132
Views: 133661

Re: Built in function library

If you want to really jumpstart the Mikrotik scripting community then you should probably review the php most common sought after functions. Also review scripts made for Mikrotik and the most commonly created functions there. Personally any and all validation functions (ip, dns, email, url, time, da...
by Joni
Mon Jan 08, 2018 1:05 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80707

Re: Feature request - DNSCrypt support...

Well that problem got resolved... funny how things turn out in completely unexcpected ways... wait, no... https://www.reddit.com/r/linux/comments ... abandoned/
by Joni
Fri Dec 29, 2017 2:18 pm
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 43
Views: 11533

Re: Feature Request: SAFE MODE time based

Obvious requirement for a multitude of remote changes +1
by Joni
Tue Oct 24, 2017 7:45 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80707

Re: Feature request - DNSCrypt support...

Just emphasizing as many presume one with the other.
Could you reference the intention? It's not a authentication protocol but an encryption protocol... hence the name... not that it could fix SNI but since you specified intentions...
by Joni
Tue Oct 24, 2017 12:19 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80707

Re: Feature request - DNSCrypt support...

Well this isn't about websites, considering the current "HTTPS everywhere" movement this sounds a bit more than "only" , as SNI is a TLS extension, not HTTP. (just to elaborate how the implementation of DNSCrypt or DNS over TLS (DNSS) itself isn't much of an advancement, especial...
by Joni
Tue Oct 24, 2017 10:58 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80707

Re: Feature request - DNSCrypt support...

Excellent point, DNSCrypt vs DNS over TLS However doesn't it have the same "issue"? (being a different protocol, HTTP(S) vs DNS) AFAIK, overly simplified the only difference being "Instead of relying on trusted certificate authorities commonly found in web browsers, the client has to ...
by Joni
Tue Oct 24, 2017 8:55 am
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80707

Re: Feature request - DNSCrypt support...

Since it is not mentioned yet... "However, just enabling "DNS over TLS" feature would not prevent your ISP to know what websites you visit. Server Name Indication (SNI) — an extension of the TLS protocol — also indicates ISPs that which hostname is being contacted by the browser at th...
by Joni
Mon Oct 16, 2017 3:10 pm
Forum: General
Topic: Why firewall rules are so important...
Replies: 12
Views: 2352

Why firewall rules are so important...

A Google search for "misconfigured" Mikrotik products...

https://www.google.com/search?q=intitle ... on+page%22

Mikrotik should probably at least remove the version number from the login page....
by Joni
Sat Sep 02, 2017 5:01 pm
Forum: General
Topic: Eth1 poe port won't do gigabit
Replies: 13
Views: 3890

Re: Eth1 poe port won't do gigabit

Same issue. Sent mine for inspection (RMA).
by Joni
Tue Mar 21, 2017 9:43 am
Forum: Wireless Networking
Topic: WLAN crashes on RouterBOARD 962UiGS-5HacT2HnT
Replies: 3
Views: 1480

Re: WLAN crashes on RouterBOARD 962UiGS-5HacT2HnT

I have the same issue with 962UiGS-5HacT2HnT (hAP ac) running v6.38.5 . (no netinstall yet)
by Joni
Fri Feb 24, 2017 3:15 pm
Forum: Announcements
Topic: v6.38.3 [current]
Replies: 63
Views: 27079

Re: v6.38.3 [current]

Upgrading from 6.38.1 to 6.38.3 somehow broke a CRS109-8G-1S-2HnD-IN (lost all connectivity)
by Joni
Fri Jan 06, 2017 1:41 pm
Forum: General
Topic: btest.exe v0.1 auth fails (at least with v6.38)
Replies: 0
Views: 2175

btest.exe v0.1 auth fails (at least with v6.38)

Running btest server on ROS v6.38 (current, stable) and btest.exe v0.1 on Win10 (64-bit), wirelessly between Win client and ROS AP, causes ROS log entry "login failure for user admin via bandwidth-test". The admin account exists and works for everything else (winbox/http/etc). On the btest...
by Joni
Fri Dec 04, 2015 9:04 am
Forum: General
Topic: WAN NAT + WAN bridge + Forwarding
Replies: 0
Views: 1080

WAN NAT + WAN bridge + Forwarding

So I'm trying to tie this up at home out of curiosity, how does one do properly the following configuration (on RB750GL / RB951G-2HnD): To get the main question out of the way: Why? Because it's really convenient, what one could consider out of the box features for any IoT home, and technically not ...