MikroTik

upower3

I need to add route to local route table based on if the router received specific route in BGP feed. Actually, out ISP sends only a default route in the feed, and I need to add some more specific based on fact we still see this ISP feed at all. Seems it can be solved but I miss the idea of how can I...

upower3

on the bgp session raise the weight of the MED or add an AS in order to make the path less preferred to your isp. traffic will always go through R1, as soon as R1 dies all traffic will go through R2 Seems like I'd better add some prepend to make path to R2 longer. I ended up with this: if (afi ipv4...

upower3

I try to add some HA to my BGP border router (just in case of reboot/hw problems etc). So, instead of simple scheme like: isp <--> my_bgp_router <--> my company network I try to implement this: isp <--> my_bgp_router1 <--> my company network ^ ^ | | VRRP +--> my_bgp_router2 <--+ So the idea is I hav...

upower3

Merry Christmas eve!

@upower3,
We beat up on MikroTik another day. Today, we wish them well.

This thread named "Newsletter 109" not "Wish us Merry Christmas eve", right? And tell me please are there any xmas gifts like new products in the #109?

upower3

Weakest MT newsletter I have ever seen. Shame on you guys, looks like you have notbing to say.

No new device, no ROS features announcements, nothing! Are you still alive there? 😳

P.S. Please ensure us you won't stop your dyndns for upcoming holidays as you once did before!

upower3

Seems like it works the way I have never expected: routes="remote_subnet1/mask1 remote_ip distance,remote_subnet1/mask1 remote_ip distance" so we need to add fill string of routing like "192.168.0.0/24 10.0.0.2 2", and delimit these strings with comma (in my case of 7.3 it worked...

upower3

When I set up ovpn server I also add some "secrets" (VPN users in this case), which are to have properties of: caller-id comment copy-from disabled ipv6-routes limit-bytes-in limit-bytes-out local-address name password profile remote-address remote-ipv6-prefix routes service and the questi...

upower3

Art of introducing wrong:
More devices to portfolio (why?)
Few stability inprovements to ROS (how?)

upower3

I love new technology coming in our tech world so I love the idea behind IEEE 802.1br. And I see Mikrotik to introduce 802.1br support in newer switches and ROS versions ( https://help.mikrotik.com/docs/display/ROS/Controller+Bridge+and+Port+Extender ) The question is, I see no words on if I can cre...

upower3

This is due to the CPU peaking at 100% on the same core and the management process (winbox) causing Winbox to timeout. You will need to re-login with Winbox or try a SSH session instead. Yes that was my guess for the logoff reason, but the problem is, during massive BGP feed import I can relogin 10...

upower3

Sure there are some limitations of the new BGP implementation (no "redistribute connected", distribution via "bgp networks" now always has synchronize=yes) but for the purpose of routing my local networks to the rest of the network (which is still running v6) it works OK. The pr...

upower3

I used to read "testing" like "alpha", and "development" as "not expect to be stable soon, sorry". Now I see rename between these branches which is understandable from KPI and marketing point of view but not from technical point of view. So please comment if 7...

upower3

As I try to setup BGP session with decent number of prefixes I see constant winbox sessions drop. So, as I try to setup 2-3 full view feeds import (with 2-3 ISPs) I can close winbox window for long minutes. This is the same for CHRs or hardware routers (like 1200's). Can I fix that as I hate to relo...

upower3

This Wiki will tell you how the filters work. BGP routes do not carry 'hops', but using bgp-as-path-length you can calculate the how many AS's in the routes path and filter based on that. I read that, the problem is, I'm not sure how filters work exactly in MT verson. Regexps as an example. Wiki's ...

upower3

Dealing with BGP on Mikrotik, and just to check if I'm right with syntax: how to permit all paths that are not longer that (say) 5 hops? how to permit to get all routes that are leading to (say) 8.8.8.8? And another question, if there any way I can do BGP Conditional Advertisement (like in Cisco htt...

upower3

Am I get that right, no support in CHRs, right?

upower3

v7 is in RC stage, so it says right in the name it's not meant for production (or enterprise). In other cases, it depends on amount of time you are willing to deal with debugging alpha and beta bugs. In my case, even at home that amount of time is zero, so I use LTS ("long-term stable") b...

upower3

TL;DR no. stick with 6.x I do have some CHRs for non-production stuff that are running 7.1beta4, mostly for wireguard as it really is fast, stable and not too chatty. Thank you! The same feeling on my side. I actually need few CHRs to connect several rented servers in different data centers and 5-6...

upower3

I used to wait for v7 for some time (years, so to say) for some thin features like BGP performance, and while I can live without, it was nice to know one day it’ll be there for us. But as I cam observe today, it is a bit strange situation for us to consume: - all new features are to be addede to v7 ...

upower3

Again - please create a supout.rif file and send it to us via support@mikrotik.com so we can properly investigate this. I doubt the same problem may happen on different ROS releases (tested all branches available via update system), on different hypervisors (ESXi and KVM), on different networks in ...

upower3

Statement has already been given here!

Nice, really! What about license registration server - will be be fixed soon? Please!

upower3

https://whois.domaintools.com/mynetname.net Name Server: ns1.suspended-domain.com Name Server: ns2.suspended-domain.com nice .. Looks like all MT employees are at vacation now so noone took a look at domain expiration. As well as license activation server, btw. Waiting for official statement (which...

upower3

Please create a supout.rif file and send it to us via support@mikrotik.com so we can look into this. Just tested on different new CHR VM deployed on different virtualization host in different place and on different network - still no luck in getting trial license. Seems like getting hacked version ...

upower3

Once it happened ( https://forum.mikrotik.com/viewtopic.php?f=2&t=89857&p=514410 ) to MT's dyndns "cloud" DNS, it was Christmas days when noone was at MT's office, so DNS was down all New Year's holidays. Now I see they put activation service on the same office-based box, I suspect...

upower3

Hi, I try to deploy CHR instance from .OVF template (which was easy, thank you for the template) and then try to get free license for the instance. I enter my mikrotik.com login (email) and password, hit "Start" - I see status bar change ("Connecting" -> "Done") and not...

upower3

It is already years that ROS 7.x is upcoming but none is arrived as release. Yes, it was renamed so name appears to be not so unserious but after all, "beta is better then nothing", not release of any kind. Ok, I understand you guys should produce a lot of things, so ROS7 is not the only t...

upower3

We have 2 WAN links and recently brought two RB 1100ahx4 routers. The plan was to attach each router to one WAN as "primary" for that WAN and to use Bypass feature to attach another WAN to another router (so when one router become down another will start to use second WAN). The problem is ...

upower3

Check the "Wireless specifications" table on the product page out. You are asking about the values in the "Transmit" column (27dBm == 500mW).

Thank you for pointing out!

I suppose there should be some table of translation of dBm to mW that I can use, right?

upower3

In the old days I was pretty happy to have 951-2hnd device with as much as 1000 mw of wifi. Now looking for ac dual band router and can’t find radio power numbers for entry level devices like hAP ac2 (not lite).

Any ideas?

upower3

Sorry for dredging up an old post but I wanted to share the new URL's as the previous URL's mentioned by @normis have stopped being updated. I was about to post a new post but then worked out the new URL's. Thank you very much, I just started to check why my check-for-update script stop sending me ...

upower3

Everything needed is supported for this situation remote work! Number of features are not supported (if you talk about MT's OpenVPN) but yes we all got used to, so no surprise. But if MT developers (at homes!) are able to release 7.x stable it'll be very good. Respect for all Mikrotik staff, be SAF...

upower3

Looks like no ROS updates are posted last days, only few betas. Can you please comment of [b]your plans on ROS development[/b] due to COVID19 pandemia, as MT devices are nice to be run at home as VPN client gateway. Surely good OpenVPN support (please, 2.4.x based!) is a very welcome these days! Tha...

upower3

Dear MT! Why CRS354-48P-4S+2Q+RM is equipped with only one power supply (on the right on the photo)? https://i.mt.lv/cdn/rb_images/1913_m.png Surely this is funny thing to have to power 48 gigabit ports with only one China-made power supply which is built in (so even replace it can take time even if...

upower3

[quote=leobg post_id=776655 time=1582573440 user_id=49361] I am affected by this change too, it seems (using the PHP API from the link here: https://wiki.mikrotik.com/wiki/API_PHP_package). Authentication fails (I get login incorrect since moving from 6.43 to 6.45 (current LT). [/quote] Quite a prob...

upower3

If you check from winbox the change log that appears at /system package you will see that it has all changes since 6.45. Is there a better way to alert a user about the change log? No indeed, but do you mind to consider cli-only setups? Mikrotik site is the default place for changelogs as for me an...

upower3

There are some Mikrorik devices that positioned as switches (https://mikrotik.com/products/group/switches). If we talk about these that can be ROS-booted, I wonder which is the default (out-of-box) config for them: all ports are connected under one bridge (so switch can be used as unmanaged switch r...

upower3

... it's a regular firmware (6.45.7 in our case) plus bugfixes and improvements only, without adding new functionality I suspect the long term version does include new functionality, but only once it has been vetted via the stable release Well, if you upgrade from 6.44.6 (previous long-term) to 6.4...

upower3

Please stop going off topic. I express my question on version number bump - and this is the topic for this version, isn't it? It you guys can not describe what you're doing in the first message, then be prepared to see these questions. Please consider these ideas, we are your customers and someone ...

upower3

there are no other versions between them long-term isn't a different firmware branch No, it's not. "long term" is a release channel. MT currently runs 4 channels: long term, which recently experienced version jump from 6.44.6 to 6.45.7 stable, which currently stands at 6.46.2 and normally...

upower3

Just as a quick remind: on https://mikrotik.com/download/changelogs/long-term-release-tree I can see text like this "Changes since 6.45.7" but see no info on 6.45.7 at all, pre version is 6.44.6 . So the question is, ain't it is a just from 6. 44 .6 -> 6. 45 .8? Or this is a mistake so in ...

upower3

Looks like generally stable release to try with? Only a few reports so far

upower3

Just a wild idea: assuming for a moment that SwOS leaves the MTU as it finds it, you could boot into RouterOS, change the MTU, and boot back into SwOS. Will try but this won't looks like serious approach: what if I reboot switch one day (power outage) and MTU become the default one while clients wi...

upower3

@mkx the wiki link i posted earlier shows the max l2mtu for CRS312... I know the switch is capable to work with 10k packets, but SwOS seems to use standart (1500) MTU only, and I see no options to change it. I can change it in ROS, but prefer to use SwOS. So basically I try to find a way to set up ...

upower3

Here you can find the max l2mtu per device...
https://wiki.mikrotik.com/wiki/Manual:M ... uterBoards

Yes I can. But what I need to know is how to change it in SwOS, for I can't see any options there for MTU at all.
Any help with that?

upower3

Hello, we just brought CRS312-4C+8XG mainly for test purpose to see if it so good as it appears from reviews and if we can use it as iSCSI switch. So to say, even SwOS is ok for this purpose so far (really basic packet forwarding and some stats), but I simple can not manage to change MTU to use Jumb...

upower3

@upower3 Is it a problem to pin https://mikrotik.com/download url to the tab in your favourite browser and open it with one click? Ros update supposed to be even more important news that newsletters. More to say, people used to have more bookmarks that place on bookmark bar. Or, why MT keeps this s...

upower3

All of us here used to monitor if there are any ROS updates released. It used to be that easy, go to mikrotik.com then to "software", right? But why won't you publish that on the first page of mikrotik.com (just a small block on top of these blocks of "newsletter" etc.)? Please, ...

upower3

I expected to see more in thenewsletter. At least a couple of words for ROS 7, and maybe some new useful devices. Two PSU is a good news, really. While PoE in is something that was there for years, RB with 2 PSU appears at least like "pro" equipment :) Audience... Expensive toy, with quest...

upower3

Some info about upcoming routing: https://www.youtube.com/watch?v=NbfKplzda7I Quite a news, and also nice demo! Will wait for the upcoming v7 stable release (hope you're not Apple so you'll post download link not next year but by maybe November?). Now what about 3rd thing on the list: wilder IPv6 s...

upower3

We have never promised multicore BGP routing, by the way. Surely, but keeping in mind your multicore CCRs for such a decent money and mostly stable BGP implementation you have there is no wonder a lot of poor it man still hoping for that. By the way, after ovpn/udp this might be the next expected t...

upower3

Well, and multicore suppert for BGP one day?

Seems like a early New Year hollidays gift!

upower3

Any congestion control algorithm improvments/changes? 5.x or 6.x is a bit dated on this, and new kernel in 7.x may introduce some extra ability in this field!

upower3

And how about connecting switches over fast(er) trunk ports? Ex: connect 2 CRS326/CSS326 over their SFP+ port(s) and as such generate a 48 port switching plane?

Sounds pretty good, and would be great valie for the money.

upower3

Hey, this way we will one day say "please add let's encrypt support" :)

The sad side many routers are far from the internet access themselfs anyway.

Silly policy, indeed. No sign it will be better one day.

upower3

So to say, enable access from only trusted net is still best approach.

API is yet better thing in compare to ssh, but from insecure nets ssh can be used. Harder to integrate to scripts, yes.

upower3

So to say if it can return multuline string I can collect all I need and output ot at a single snmp fetch. Will try!

upower3

I remember there is an obscure feature that allows to call a script when a certain range of SNMP OIDs is polled and return the value that script returns. However, I never understood how that should work. Never heard if ROS supports that. If so, noone care for missing OIDs! So to say, API calls are ...

upower3

So to say I found out it is better to use api calls to get stats and not snmp.

upower3

I use copper attaching cable. They are cheap and reliable. I've never had a problem with anyone. But they only serve if they go to the same rack. This is my case. I need to interconnect several servers within the same rack (so optics looks a bit overkill), or several 1G switches with SFP+ uplink po...

upower3

But optical sfp+ modules are quite expensive on some of our existing equipment and it is out of our budget so far. This is the reason, sad to say.

I can see problems of copper links incomparable on one end, this is the risk, yes.

Btw, will this switch be able to handle broadcast storms in hardware?

upower3

The consern is i need to connect it to other equipment over copper sfp+, and really worry will it be comparable. No point in optical links, too close.

upower3

I'm looking for some 10G switch to connect several 1G switches (that's my access level) over SPF+ copper links. Looks like CRS317-1G-16S+RM is something that fits well, but I got almost no recommendations for it. So I want to ask you, if you have any experience with this switch, and, moreover, have ...

upower3

You can imagine how "happy" I was when first hit the disk space problem mysqlf (two brand new CCRs at the same time!) and the fix was good in time for me. Sad to umderstand how many people were urged to find their steps to fix it before the package was published.

upower3

Coludflare just introduced https://blog.cloudflare.com/boringtun-userspace-wireguard-rust/ its own WireGuard implementation made with Rust. As we all can see, WireGuard become more and more welcome around so I would ask Mirktoik to add WireGuard support into ROS. I bet many people will say thank you...

upower3

If you use router primarily as router (and RB1100AHx4 is a router), then majority of traffic will have to pass CPU anyway (because that's where routing is done). I'd get very annoyed if MT decided to put low-end switches in their CRS/CSS line of products though. Yes, I totally agree, and play low b...

upower3

I git two brand new 1100AHx4 devices, and two inbound WANs (from two different ISPs). I planned to connect each router on one WAN, and use hardware bypass feature (which is pretty nice) to pass this link to another router "just in case". So, Router1 (R1) will work with ISP1, and will be co...

upower3

From https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features I can see that newer RB1100AH x4 device which is quite cost-efficient while capable of hardware IPSec acceleration equipped with RTL8367 switch chips while older models (RB1100AH and RB1100AHx2) were Atheros8327 based. I wouldn't pay at...

upower3

This is kind of concept approach i agree, but how can i have ip disabled as i have port down? What i need is to down it as the link is down and back up as the link goes up again. I do understand if the ip is on the bridge bit it is on object that phisically or logically disabled, this way it can not...

upower3

I figured out strange behavior of MT ip engine on ROS 6.43.13: I take MT router, reset it to the clear setup (no fw, no IPs, no bridges). Then I set up one (single) IP on one (single) Ethernet port, and try to ping it from within the router. Ping is on as expected. Then I disable the port - and the ...

upower3

In my office I have a routerboard, and the ISP supply us both 1 static public IPv4 address and /64 of IPv6 addresses. I used to set up VPN servers there so my collegues can connect to office LAN and also have a secure internet link when work via public wifi networks (so the default gateway is via VP...

upower3

You can look at cli syntax of ping at https://wiki.mikrotik.com/wiki/Manual:Tools/Ping and do something like

/ping 8.8.8.8 src-address=2.2.2.2

Or maybe you need to specify

interface=Loopback0

for your case?

upower3

Mikrotik RouterOS has no modern AQM (Active Queue Management), i.e. modern network queue scheduling algorithms support, unfortunately.

I'm impressed. Really. Besides making new sophisticated devices ROS won't play well even at basics! :(

upower3

In a recent news on Linux 4.19 kernel it was noted they added CAKE (Common Applications Kept Enhanced - https://www.bufferbloat.net/projects/codel/wiki/Cake/ ) network algorithm which will better use network bandwidth with lower CPU usage. They also claim it'll be more 'fair' approach to fill given ...

upower3

We've just tested the API with a PHP API class and we're still able to communicate and operate on the Mikrotik with v6.43. No changes were required thankfully.

Great news! Hold my RBs upgrade due to automation setup via such 'old' lib, now will test!

upower3

Now Beta. And Alpha? Alpha V7? :) Alpha V7 will be launched after v6.99 or v6.999 released :lol: :lol: :lol: I suspect they will release some absolutely new change in the system somewhere between 6.49 and 6.49.7, so noone will ever be able to predict that. Look at new bridge implementation introduc...

upower3

currently peering session re-connects when it's comment is changed in Winbox.

So to say, MT used to down and up again PPP-interfaces when you change comment on it! It was this way some time ago, not sure for now, but this was some "bright" idea these days (and maybe today).

upower3

!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing"; Tell me the truth, who decided that current is stable ? It is bugfix that can be considered stable, while current ...

upower3

PPTP with CHAP is fastest, as per the tile of the post. But a gotcha is that you need to prevent fasttrack from working on VPNs cos it screws them up and you get slow speeds surprisingly. I use the mangle to mark traffic on VPN interfaces in+out with connection-mark "DontFasttrack" (use a...

upower3

Also, using WiFi radios in routers for non-residential use is sub-optimal compared to actual access points which have radio chains and antenna configurations specifically for client density, maximum average throughput, minimum latency, maximum stability and often superior roaming support. The offic...

upower3

In 2ghz band only 3 not overlapped channels. Try to use wifi analyzer or builtin scanner to find best channel. How many 2ghz devices registered on ap? You sure that speed is up to 300 bit/s ? There are only 4-5 wifi clients, and I do know about 3 main frequencies to use ) 5 clients is too few to ca...

upower3

proper band for 2ghz network, b/g/n and channel width to 20/40. Also choose auto channel. When protocol 802.11 selected - nstream disabled. Did that. 20 chosen due to limit radio influence to different channels/networks, N-only to speed up the network (no per-N devices there), band was set to auto ...

upower3

Recently got brand new hAP AC^2 router to remote office. Last current installed (6.42.7). As a arouter, this is perfect device, but I have a lot of complaints on it wifi. Most of these are for wifi speed. The device is on relatively wifi clear zone (both 2 and 5 Ghz frequencies are mostly clear of o...

upower3

i am curious which and when next bugfix version with "new bridge implementation" will be.....6.42.x ? "new bridge implementation" was a big change. so going from 6.40.8 to new bugfix (>6.41.x ) dont know if it will be "a walk in the park" for some users. I'm afraid MT ...

upower3

If 6.40.8 is safe in respect to latest rumors on miners https://www.bleepingcomputer.com/news/security/massive-coinhive-cryptojacking-campaign-touches-over-200-000-mikrotik-routers/ ? I keep hear that bugfix is not safe, but I'm not ready to mass-upgrade and reconfigure my park of routers to current...

upower3

Looks like MT has a lot to implement beside IS-IS.

Anyway noone will use MT devices instead of Ciscos or Jun's in ISP environment.

upower3

See the topics about 6.42.5 and 6.43RC I wasn't able to find these, it this a package that included into new version (btw, this is dangerous "current", not more stable "bugfix", isn't it?), which is not possible to install if the space it used already by ROS tmp files, or some s...

upower3

So to say, all I can do with IPv6 on Mikrotik is to set ip IPIPv6 and EoIPv6 tunnels. Neither client PPP links are available to IPv6 server, nor IPv6 PPP server can be set up. When I have whle network built on Mikrotik it is only natural to look for a way to set up dual-stack or plain IPv6 within LA...

upower3

So to say, you can not establish many vpns to ipv6 (ovpn as an example), so little use to deploy ipv6 only in remote office.

upower3

As I can see in 6.43rc changelog, there'll be very strange (ok, unexpected) news: !) api - changed authentication process ( https://wiki.mikrotik.com/wiki/Manual:API#Initial_login ); In fact, the login process should send login data differently: Pre-6.43 login looks like this: /login !done =ret=ebdd...

upower3

HELP!

Do the repartition (if you use it) to one partition only(this helped me). If this is not your case, bad luck then, netinstall I suppose.

upower3

I cannot access to router via API(PHP) after updated. Return back to BugFix only v.6.40.8 => Worked. The problem is in 6.42.4 user needs also 'winbox' permission to login via API. Should be fixed in next version, now you can just add that permission. I reported this a page before, funny that no one...

upower3

After I got my CCR1009 upgraded to 6.42.4 (both ROS and f/w) remote API login become invalid. My scripts can not log in at all, and on device I can see "login failure for user <my-user> from <my-ip>" messages in log. I have a dedicated user to allow API requests on my device, it is of grou...

upower3

Nice page, by the way. Point out many of common mistakes, really helpful.

Thank you!

upower3

On https://wiki.mikrotik.com/wiki/Manual:L ... figuration page there are a low of words 'blow' where it should read 'below':

Blow is a list of possible symptoms that might be as a result of this kind of a misconfiguration:

Quite funny and harmless, but catches the eye too much :)

upower3

AFAIK there is no way to upgrade firmware with files being used, so I guess a reboot is something that we cannot avoid. On the other hand I believe that by having this function they aim to "steal" some upgrades just by simply rebooting the system even if the admin has forgotten to request...

upower3

When connecting both LTE modems via the USB HUB the Mikrotik is detecting them automatically and is adding the following DHCP client entries. What's amazes me is two lte interfaces and two IP addresses. If you have only one modem then it is strange. Take a note not to mess with same subnet on diffe...

upower3

I bit buggy update script I suppose. I did that mentioned on that version topic and noone seems to notice.

Hope they fix it in 6.42.3+.

upower3

Let me repeat after you: you connected USB modem, and via USB Hub it has sufficient power so no problem on this side. The modem itself (if I recall it right) supply you with IP via DHCP, so first all all you need to add DHCP client on lte interface. Then you set up NAT from your LAN to lte interface...

upower3

This is normal disk space usage on a CCR. I usually see around 40 MB used. Apparently the upgrade has solved your problem. Thank you for this confirmation. There is no official page on that so I was unsure. I think I will do the repartiton but then again, may I ever need more disk space in the futu...

upower3

What I can see when I enable " Auto Upgrade " box in System -> RouterBoard -> Settings is that after ROS update the device will upgrade firmwre and wait until reboot (so no reboot automatically). I think this is not something that fits well the autoupgrade word itself. So to say, it saves ...

upower3

Did the repartition from 2 to only 1 partition and it worked, I got whole free space on one partiton, so I was able to do the ROS upgrade from 6.42.1 to 6.42.3. But even after upgrade I found there are 44.7 Mb out of 128 Mib used, so looks like there is still some hidden data on the disk, abd I have...

upower3

How can I clean up these extra files/data? If I format the flash then the device won't boot afterwards, isn't it? A simple reboot usually removes those invisible left overs. If still not enough, a trick I use on an overloaded 941-2nD. Push manually first only some core packages (system and as much ...

upower3

Confirm further aggregate throughput increase on AP. Almost there Mikrotik soon be overtaking the the competition in performance as well as price. Well done dev team excellent work, go have yourselves a well deserved beer :-) Not that many competitors are there so far. AP mabe but not routers. VyOS...

upower3

I would try to repartition it to 1 partition, upgrade and repartition back to 2 partitions. But: 1. Don't forget about backup. 2. Make sure that new version does not leak free space :) The only thing I need is some confirmation from someone wise that repartition won't crear up whole disk so ROS won...

upower3

I can't guarantee that this'll work for you, but it worked for me ( try at your own risk, and try on some local devices first ): Frankly this was my plan, too, but once I did that and out of sudden cleared the device config (don't know the reason why) so it was a bit... bad idea. And also will this...

upower3

I'll repeat my question here: I have a ccr1009 with flash partitioned into 2 partitions. So each of that flash parts are of 32 Mb, which was ok for me so far. After recent upgrade to 6.42.1 I found all of my flash almost taken by unknown (invisible) files or data. Right now I have only 10 Mb of flas...

upower3

I have a ccr1009 with flash partitioned into 2 partitions. So each of that flash parts are of 32 Mb, which was ok for me so far. After recent upgrade to 6.42.1 I found all of my flash almost taken by unknown (invisible) files or data. Right now I have only 10 Mb of flash and the upgrade to 6.42.2 ne...

upower3

You may want to check port mode (see https://wiki.mikrotik.com/wiki/Manual:USB_Features#USB_port_mode ) and play with it. Not sure if that affects but anyway. But I'd bet you'll be fine with extra power: looks like USB port itself is ok, different USB modems are ok too, ROS is the same, and you mobi...

upower3

I have a nice CCR1009, and have it flash partitioned into 2 partitions to keep backup ROS and config "just in a case". Now I think I need to repartition it back into 1 partition. If I do that via WinBox or cli, I got a question if I agree to reboot the device to finish the repartition acti...

upower3

Yes then I missed the moment when you upgtadw along the text.

Anyway I'd try to use extra power to power up the modem. It is well known issue with the mikrotiks.

upower3

In your case you could also consider to re-partition the router back to 1 partition so you can upgrade and then change it to 2 partitions again. With some luck it could free the space... If I just repartition it to 1 partition router asks me to reboot and I suspect I'll loose all the disk and need ...

upower3

If you can lend yourself an hour or two you can set up virtual machine on you desktop machine and run x86 version in test mode to text how fast ipsec can be in you case (your desktop is much faster that small ROS device), and how settings can affect that.

upower3

First of all, why this old ROS version ? 6.42.2 is a bit newer, why can't you test it out? Theyn, even now looks like your firmware is a bit dated (if I won't miss the upgrade over the thread): https://forum.mikrotik.com/download/file.php?id=31441 Pease upgrade to 6.41.3 then try again, I suspect th...

upower3

Yep, I was wrong, the total disk is 64 Mb. But mine (half) is still has only 10 Mb free. Why?

upower3

I got two CCR-1009, both have flash disk partitioned into two parts (with different ROS versions, "just in case"). Now the're on 6.42.1 both. Since they have 128 Mb of flash disk built-in, and that disk deviced into 2 partitions, the "current" partition is 64 Mb of size. The part...

upower3

We want to monitor the psu1-state and psu2-state for failures, but It's missing

They might hope these PSUs are immortal, so what's the care to monitor them? )

upower3

I really like the idea of test deployment of IPv6 in the LAN and I would also test IPv6-only or at least IPv6-mostly setup. For this to happen, I need NAT64 and related DNS version, but found none of it in ROS. Looks like IPv6 is not a priority at all. The same thing is for external VPN links: I wan...

upower3

Here you go: https://download.mikrotik.com/routeros/6.41/CHANGELOG Nice to know that, but here is what I can see for 6.42.1 (that is, URL used is https://download.mikrotik.com/routeros/ 6.41.1[/b]/CHANGELOG): What''s new in 6.42.1 (2018-Apr-23 10:46): !) winbox - fixed vulnerability that allowed to...

upower3

Those changelogs only have the changes in the latest version and the changes relative to the base of that version. My purpose it just to trace changes to specific parts of ROS (say, ovpn), so I'm happy with dumb grep for ovpn word in my ROS update notification script. Just as a part of pre-upgrade ...

upower3

There are no individual TXT files. So each router used to download whole big changelog page of https://mikrotik.com/download/changelogs (which is 1,56M worth of data), then parses it to only get ten lines of changes? Not that I would like to tell you how to do that but this sounds a bit overkill fo...

upower3

no, they are specific version changes. why do you think it is concatenated ? I only see these individual changelogs concatenated, not changes in it. So, I suspect there are some separate files that keep version-specific changes and by concatenate these files your script produce since (big) page wit...

upower3

Download the series of changelogs and use a text compare tool like "diff" or similar graphical tools that highlight changes between two versions you choose.

Good idea, but how ROS produces these update messages under System -> Update -> Chech for update?

upower3

Here you can see changes for each specific version: https://mikrotik.com/download/changelogs Yes, but, what I've talked about, only concatenated, isn't it? How the ROS upgrade function find specific version changelog? This shouldn't be that secret info, after all, and I really doubt ROS parses such...

upower3

I can see there are some files available that holds changes in ROS versions along each branch, but I can not find an eacy way to read changelog for given version only. Say, I can see that newely released 6.43rc6 features this changes: *) bridge - fixed LLDP packet receiving; *) bridge - fixed proces...

upower3

Hello, here is the problem I try to fix: I have two RB devices, both with two ISP link (for HA purpose). I've set up 4 ipip tunnels (all variants between WANs: WAN1 -> WAN1, WAN1 -> WAN2, WAN2 -> WAN1, WAN2 -> WAN2) between them protected by IPSec, and run OSPF on top to prioritize tunnels usage (in...

upower3

If you would like to update your Mikroik Cloud DNS from 1 WAN, if you have 2 wans, try something like this: /ip firewall mangle add action=mark-packet chain=prerouting new-packet-mark=DDNS \ passthrough=yes protocol=udp src-port=15252 add action=mark-routing chain=prerouting new-routing-mark=MTDNSO...

upower3

Its just sooooo coooooooooool protocol...

I'd really like to know where hell I can use it in real life, so please tell the truth :)

So to say, I have neither ISPs to establish ISIS with, nor software/hardware within the LAN to use it internally.

But the proto is nice, really.

upower3

Good question is what kind of data you'll get from upstreams: - 2 BGP sessions with to Internet feeds If you're not an ISP, you can get only a few routes and even on low-end ROS devices it'll be ok as for CPU. So you should better care for throughput numbers and I'd go for testing both CCRs that are...

upower3

When I run snnmpwalk on 750r3 I can see unknown .1.3.6.1.4.1.14988.1.1.3.14.0 OID, which is 880 in my case, and neither description no even looks-like value can be found. At the same time /system health print oid gives me plenty of OIDs and most of them not even appears to be supported on this model...

upower3

Great, thank you! Hiw did you find these vars names?

upower3

I try to use rogue DHCP detector ( https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server#Alerts ) to detect bad hosts within legacy network. I would like to use script to run on detection event but what I would like to know is how can I know MAC of rogue DHCP server found? I will set up sending messa...

upower3

And Wireguard which trounces both of them for security, throughput, and latency. Yet this "impressive" VPN can not be used on Windows, so seems to be no use out there in the wild. So far Windows PCs are a huge part of user base, so not to support them is something risky. There are some VP...

upower3

Hi Normis,

by any chance are there an URL I can use to monitor Winbox updates as well? Nice to have a reminder on that, just in a case! )

Please!

upower3

Curious in System -> Auto Upgrade feature, but can not see any docs for it. On https://wiki.mikrotik.com/wiki/Manual:System there is no 'Auto Upgrade' link, nor any docs is searchable by Google. What I can find is scripts on cron to do /system package update install , which is now what I would like ...

upower3

Mikrotik's support is the worst one I've ever contacted! Looks like the company won't pay much attention on that, still thinking their devices are priced not that high so people will buy it anyway. But noone care for the overall image of their devices for partners who actually sell their devices to...

upower3

On my router I have two WANs ( first is the default one, and the second will take over when first one is dead), and I need to do fetch of a given URL from the IP of second WAN port. The problem is, the IP of server I will fetch url from can change (CDN, actually) so I can't just route/mangle traffic...

upower3

RB devices have its own DynDNS (IP -> Cloud), and it uses current default WAN link IP. So if I have two WANs on my RB device (one with fixed IP and one with floating), I can use "cloud" hostname to reach out to my device from outside no matter which link it default. Good idea. But, so to s...

upower3

looks very terrible as it goes up and down. Just to be honest: if you have tuned up your radio well so the AP won't mess up things due to radio picture around? Fankly I don't know much on how to tune radio in latest fw and ros, maybe MT team come here to give some directions? After all if the ROS d...

upower3

Perhaps a little more testing prior to launch MT? I'd prefer to see MT has a bigger team so they have more hands and brains. As of today, great plans and promises are too optimistic. May they want to sell 10G switches or maybe 40g or 100g devices but most customers won't trust them based on low end...

upower3

CAP AC is no better for me either. I need to pick up a different access point in the short term.

Looks like MT better add Ubnt AP controller into ROS, so everyone will be happy.

upower3

Is this the constant problem on this model? Plan to buy one but see no point in it if it performs so bad.

Really bad news for me!

upower3

The same to you. Did you read the posting, four postings above yours?

So why did you repeated it twice? :)

upower3

Looks like MT still update the page manually, isn't it? no, but the download server was recently migrated to new location, so our upgrade scripts broke, sorry about that. We are fixing them Links were ok today morning, and update from device itself worked fine even yesterday. By the way, are there ...

upower3

If you add the sub-domain "download" in front of mikrotik.com it will download.

Nice addition, exactly the idea that was mentioned two answer up in this very thread :) Have you read the topic at all?
Looks like MT still update the page manually, isn't it?

upower3

Seems like all 6.40.7 download links are dead on https://mikrotik.com/download So to say, 6.40.7 download link is like: https://mikrotik.com/routeros/6.40.7/routeros-mipsbe-6.40.7.npk . while 6.41.3 is https://download.mikrotik.com/routeros/6.41.3/routeros-mipsbe-6.41.3.npk . See the difference? Th...

upower3

!) smb - fixed buffer overflow vulnerability, everyone using this feature is urged to upgrade; *) console - do not allow variables that start with digit to be referenced without "$" sign; *) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD...

upower3

There are number of DNS technics that can hime my queries from ISP along the path: DNS Crypt, DNS over HTTPs, DNS over TLS etc. Please add support for any (or some) or these to ROS, due to fact this is more and more popular demand nowdays in too many countries. You can definitely recall Russia and C...

upower3

1100ahx4 is the best as for money for value. 3011 is not under development (one model so far and no news on this side).

Nice to have 24 gig ports, 2 sfp and 2 sfp+ in one device, with switch chips. Best branch office device )

And, to be honest, small PBX software inside ))

upower3

1100AHx4 would be the best fit, if it had the SFP port, the LCD and the USB. The lack of SFP is particularly strange.

Then noone will buy CCRs, so this is the market question I suppose.

upower3

Tried 6.42rc43 and found nice visual bug: https://i.imgur.com/rfxzpcX.png Under System -> Routerboard I can see factory ROS version, while under System -> Resources it is blank field. Any SIM slot control button still there even that RB951G-2HnD have no such slot. Funny to see this suddenly appeared...

upower3

However, answer is simple - you can downgrade or upgrade device away from the version which you use by simply dropping bundle package into files section and either upgrading or downgrading the device.

What I see on this topic the process of ROS update/downgrade should be described in details?

upower3

Upgrade tests are made for each RouterOS release and version is released when upgrade works perfectly on all the lab units. Upgrades usually fail for end users due to: 1) Power issues; 2) Damaged storage; 3) Full storage; 4) Wrong package installations usually caused by installed rc version in the ...

upower3

This is not a version related problem and such posts might discourage others from upgrade since others might assume that this version in some way makes wireless work worse than before. So to say, the only safe option is to stay with bugfix branch and read forum even for its bugs and features. Curre...

upower3

Please note that upgrade process happens on the old version - not the one which you install on your router. It should be done by the firmware, isn't it? Like it is the only part that's intact during the upgrade process. I got used to the idea that upgrade is handled by some extra software part that...

upower3

By the way, for ROS itself I can split disk into 2 partitions and keep different ROS versions on both (who uses that in the wild? nice feature!), but what's about autoupgrade - will there be any rollback?

upower3

105547111 - You see this option on your device by mistake. Of course, since you do not have a SIM slot, you should not see SIM related options on CRS125 device; I ask since it was my picture and question initially. What will happen if I set this setting to different value ;) and, more seriously, si...

upower3

Out of sudden I found nice dialog with drop-down box named "SIM", under System -> Routerboard -> SIM: https://i.imgur.com/B0gmAmV.png Something that I neved expected from my old (but good) CRS125-24G-1S ( https://mikrotik.com/product/CRS125-24G-1S-IN , which is essentially a 24-ports switc...

upower3

Another new ROS feature,
While ovpn implementation is years too old,
Who knows the masterplan?

upower3

Rb1100dx4 is definitely much better than rb3011. All depend on your needs... It definetely looks like 3011 series is out of priority for MT team. Strange to see that while 2011 was quite intensively used and sold for years. But surely x4 looks like very promising unit. Two PSU, powerful, crypto hw-...

upower3

Does x4 that good over 3011? Bypass etc sounds good but the cpu is a bit out of mainstream (ccrs are tile)...

But I do like dual psu!

upower3

I might me a bit wrong but why don't you just use NAT?

I'd like to re-request the function of rinetd.

upower3

Don't you want to have traffic crypted (say IPSec)? If so, fastpath won't work.

MPLS will provide you with "personal" interlink, but then, the traffic goes over ISP network so you may want to protect it anyway, and CCRs are good at it.

upower3

Thank you Normis, this is a hidden knowledge one can only know by chance :) Here you go: ~ normis$ curl https://mikrotikdownload.s3.amazonaws.com/routeros/LATEST.6 6.41.2 1517920142 ~ normis$ curl https://mikrotikdownload.s3.amazonaws.com/routeros/LATEST.6rc 6.42rc35 1519641969 ~ normis$ curl https:...

upower3

Looks like IPSec rate is good for both (hey, soho wifi router is an IPSec beast

!), so I'd go for HAP AC2.

HAP is also has USB port only while RB750Gr3 has both USB port and MicroSD card slot.

upower3

I need to know which versions of each ROS branche is the latest, as I adding up monitoring scripts. The only way I know to find out versions is RSS feed i can parse for the info. But then, when I check for ROS updates within ROS, it can easily find out which version is the latest, so it looks like t...

upower3

An other alternative to 10G ethernet is Infiniband. You can find older IB equipment at 40Gbit speeds, at a fraction of what 10GbE costs. We building some iSCSI lab network, so we dicede to not play with IP over Infiniband (but maybe we'll reconsider that). I'd play with MT gear just for not looking...

upower3

While looking for decent 10G capable switch I found Mirkrotik has such a device for very nice price. So I just want to ask if you can recommend this switch to connect several servers to storage. There'll be couple of optical 10G ports and about 4-5 of copper 10G. So far we need it only as a basic sw...

upower3

All I need is L3, so OSPF looks like the solution, and it's good point that redundancy will add up for free. Will try to, thank you! P.S. Once (quite a long ago) I tried to use OSPF but there was some problems and later I learned there was some ROS problems that may given me that effect, so I drop t...

upower3

I faced simple task to do and found I'm not sure if my choice is right. Please advice: - We have 2 remote ROS devices (R1 and R2), both has 2 uplinks each (so R1-U1, R1-U2 and R2-U1, R2-U2). We need to connect them via VPN links (any type, no limitations on this). There are 4 tunnels possible (R1-U1...

upower3

Too bad remote hosts in my case are behind nat or firewall, so support for many vpn types is a must. Wish i can live with ipsec only.

upower3

I have a CCR1009 as a VPN gateway, both for distant ROS devices and for personal PCs. We do support sstp, ovpn, pptp and (rarely) ipsec. The WAN address was IPv4. Now I try to use IPv6 as another (dual-stack) address on WAN port. ISP provided us with some IPv6 subnet, we've set it up, but sadly I ca...

upower3

Ok, so this feature is somtheng that should be noted in (a bit dated) docs rather that considered as "killer feature" )

upower3

I do understand the reason for not converting the config (good point to deny the past and go into the future), but why can't I just take my 5.x device, and up it to 6.x even with full config reset? Netinstall is good when you're near the device (or device is near you), otherwise you won't upgrade it...

upower3

I can see "*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;" in recent (rc22) changelog.

What was the reason for that? Any way to up old router to 6.x after that?

upower3

I used to use API to access ROS devices to get statistics, but looks like sometime I can do more with ssh login to router. Ok, I set up ssh key, enables ssh service and try to do ssh login. It works, but with noticeable delay. To be specific, I can login with telnet with no delay at all (but I have ...

upower3

Looks like you're right. Hope MT engineers will care for that idea as well. :)

But they introduce many new features (CLI only mostly), good to know that!

upower3

As many other features, also this one is only in rc state and is still work on progress. At the moment it only executes "/system routerboad upgrade" feature after RouterOS upgrade if "auto-upgrade=yes". After reboot latest firmware is applied. I don't mind to wait for 2 reboot i...

upower3

I can see this line in 6.42rc12:

*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);

Looks like miracle happened!

Any docs on this?

upower3

Vote for https://www.wireguard.com/ , nice VPN which appears to be supported in systemd 237 (read: on every modern Linux - https://github.com/systemd/systemd/pull/4191 ). Universal VPN technology so to say, just a shame not to be able to connect to.

upower3

The problem with VLAN was because of not ideal upgrade process. Before upgrade there was: I definitely suspect the upgrade process and config conversion procedure is something that better be fixed (in a case MT do care for users). It would be much better to create some kind of web interface where p...

upower3

The interface doesn't mislead you. Thank you for pointing that, I just forget to check with it. But as I played with wi-fi routers I noriced I can set 'hw accelerated' checkbox even on wlan (wifi) port in bridge. This is kind of generic approach. I suspect this is due to first version release, and ...

upower3

It would be nice to have some docs on wiki so we have kind of official howtos. Here it is: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge Some detail about VLAN and how to convert it: https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering Now ( as of new bridge impleme...

upower3

I think it will be needed to implement pseudo-interfaces in RouterOS. These pseudo-interfaces will be unremovable and greyed-out interfaces which connect the cpu with the switch-chip. This way we could: - monitor the amount of traffic traversing the CPU-port (i.e. to monitor oversubscription of the...

upower3

Upgraded RB2011, hAP, wAP ac, cAP and a RB1100 without issues. But wondering if there is a new way of how I should handle bonding interfaces with vlans? Currently I have two bonding interfaces with two ethernet ports each. On each of the bonds I have severals vlans and the vlans are put on a separa...

upower3

I love the releases on Friday and big weekends so i can play with the new releases on the weekends and then upgrade customers routers later.

Heavily depends on configuration

upower3

It was kind of "wise" to post this version right before holidays, with no support (even in expect of huge problems), with no smooth way of conversion.

Nice done!

(Hope noone set RB to upgrade authomatically?)

upower3

without knowing whether there are any changes in the version or not, is not ideal. Mostly there are no changes for all but really new devices or hardware. The only thing you might need this upgrade is when you add new hardware (like SFP module) or you can see you MT works unusually bad. So to say, ...

upower3

What's new in 6.41rc61 (2017-Dec-06 08:15): Please explain the process of transformation. Say if I have eth2 as Master-port, and eth3..eth5 as Slaves, and used eth2 in firewall rule, will this rule be changes to one that will use newly-created bridge? Will IP be reassigned from master port to bridg...

upower3

Dear mikrotik, why has development slowed down? In the past we used to see a new rc every 3-5 days. Good point :? Maybe freezing due to the holidays at the end of the year? Many companies do this. Posting some roadmap for hardware development and also for ROS development would be nice replacement f...

upower3

mikrotik team, no matter how long it takes, ios, junos does not have a weekly update, more are stable, the important thing is that the software stays stable, so keep it up 8) Given that routine current update about to introduce new bridge implementation that potentially break router config (and eve...

upower3

[quote=pe1chl post_id=631029 time=1512487226 user_id=80589] We do have ip accounting running to have some way of finding out what happened when we would get a complaint, for example. [/quote] Looks like this is the only way not to bother user too much, to accumulate accounting or netflow and deal wi...

upower3

[quote=evince post_id=631020 time=1512484837 user_id=54264] Hello, i have a guest network and here is what is done : Firewall rule to allow only 80,443,25,587 TCP and 53 UDP Setting a queue rule : upload 2Mb and download 5Mb Regards, [/quote] That's fine, and that's easy. But p2p traffic nowadays is...

upower3

[quote=evince post_id=631020 time=1512484837 user_id=54264] Hello, i have a guest network and here is what is done : Firewall rule to allow only 80,443,25,587 TCP and 53 UDP Setting a queue rule : upload 2Mb and download 5Mb Regards, [/quote] That's fine, and that's easy. But p2p traffic nowadays is...

upower3

In our office we decided to create another wifi ssid, "guest" one, so our visitors can use Internet but have no access to LAN. Simple idea, so to say, and no problem to add another ssid and vlan and nat rule. The problem is, how can I limit usage of that guest network to fair level, what's...

upower3

[quote=normis post_id=627652 time=1510564455 user_id=5] Licenses are no longer limited by time. Just Netinstall the unit and the license should become infinite. If not, email support and we will fix it. [/quote] Thank you! Actually as I did the upgrade to 5.xx and then to 6.xx and then to 6-stable t...

upower3

For admins ready to 6.41 it would be simple enough as manually switch. It would be quite useful to create another forum topic to let users report their setups that failed to convert from master-slave to new bridge implementation. At least, this may be good to add these situation into config convert...

upower3

I am wondering when they dare to release 6.41 as a "current" version with this risky "New bridge implementation" that will likely cause problems once it is widely deployed into many different field configurations (that combine VLAN tagging on switch and bridge now). You may be r...

upower3

Looks like there is no life in MT kingdom after 6.40.5 and 6.41rc52 - see no changes on download page for days. Hope to see another 6.40.x current before we see "6.41-Revolution-is-here" release!

upower3

Email support and ask. I asked here since: 1) some other people may know that or may want to read that in the future and 2) hope MT persons visit this forum once in a while and my answer. support never replied me before when I emailed them so all my hopes on forum :) And yes I did the upgrade to 5....

upower3

Basically, you have to do it in two steps. Upgrade it first to 5.26 and then you should be able to upgrade to latest 6.xx version. But what to do with license restrictions? If I upgrade to latest 5.x (5.26) then will the license upgrade limit be moved to 7.x (just like I can see on say some of my 9...

Search found 429 matches