Community discussions

Search found 4845 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 97
by pe1chl
Thu Nov 15, 2018 11:10 am
Forum: General
Topic: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)
Replies: 10
Views: 765

Re: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)

the additional security it brings is very nice. Like all (encrypted) tunneling it just moves the security problem to a different place. That may be beneficial when you trust CloudFlare more than you trust your ISP, and in some places that might be justified, but in other places (like here) you just...
by pe1chl
Wed Nov 14, 2018 7:24 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 199
Views: 66000

Re: Feature Request: OpenVPN [ovpn] udp tunnels

You could consider using a single router or server at central location to do the OpenVPN and route everything first to central (using whatever VPN you like) and then further route it over OpenVPN there. Or ask the traders to support really standard protocols in addition to OpenVPN. In a similar situ...
by pe1chl
Wed Nov 14, 2018 3:55 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 306
Views: 59562

Re: Mikrotik VDSL / DSL Modem?

If you turn OFF auto-negotiate then you will see the "R" running flag but no packets are ever received from the SFP interface. If you turn ON auto-negotiate, and maybe set advertise=1000M-full as needed, then the next time you insert the modem into the SFP cage it will work! O that is interesting, ...
by pe1chl
Tue Nov 13, 2018 10:58 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 306
Views: 59562

Re: Mikrotik VDSL / DSL Modem?

To have MTU of 1500 on PPPoE you need to have MTU at least 1512 on ethernet (or in case VLAN tags are not counted at least 1508). When it is not possible to raise MTU on ethernet (both on router and modem) to this value the RFC4638 protocol will detect this and the MTU of the PPPoE link will be lowe...
by pe1chl
Tue Nov 13, 2018 7:34 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL / DSL Modem?
Replies: 306
Views: 59562

Re: Mikrotik VDSL / DSL Modem?

Using 1500-byte MTU with PPPoE is only possible when the ISP and the modem supports RFC4638. When one of them doesn't, the router reverts to the safe MTU of 1480. However when manually configuring it should be possible to get MTU 1492, when the modem at least supports VLAN tagging. When not, maybe 1...
by pe1chl
Tue Nov 13, 2018 4:18 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159674

Re: Feature requests

Please consider implementing a way to run a user program in an environment as far protected as possible, but lighter than MetaROUTER which requires a full OS and hardware virtualization. Some discussion is on page 4 of the Feature Request: OpenVPN [ovpn] udp tunnels topic. E.g. make a folder on the ...
by pe1chl
Mon Nov 12, 2018 7:11 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159674

Re: Feature requests

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log. As long as you have connection tracking, and do not use the log on the "established/related" rul...
by pe1chl
Mon Nov 12, 2018 2:29 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159674

Re: Feature requests

Something like TORCH on firewall rule! It would be great if i can select firewall rule and click on torch - and see what traffic is triggering on that rule! It is sort of possible to do that, by clicking the "log" checkmark on the last page (the matched traffic will appear in the log). Of course yo...
by pe1chl
Sat Nov 10, 2018 9:26 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 199
Views: 66000

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Of course you can install such alternative firmware on some of the MikroTik routers as well. And mentions on spec sheets of other routers is not the full story! Before my MikroTik router I had a Draytek router which claimed OpenVPN support on the spec leaflet, but by the time I had bought it and upd...
by pe1chl
Sat Nov 10, 2018 4:39 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 199
Views: 66000

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I have to guess what to do, whether to change the equipment or wait I wonder what router equipment you are going to change to (with software supported by the router manufacturer ) that will do what you need... Of course a plain Linux system can do it, and some open router firmware replacement can d...
by pe1chl
Sat Nov 10, 2018 3:16 pm
Forum: Beginner Basics
Topic: Mikrotik 6.34.1 Check updates fail
Replies: 28
Views: 24367

Re: Mikrotik 6.34.1 Check updates fail

I would not advise setting a static address, especially one not tracable to MikroTik.
As I see that advise mainly/only from 1-time posters, let's assume they have bad intentions and ignore them.
by pe1chl
Mon Nov 05, 2018 9:01 pm
Forum: General
Topic: How do you upgrade this Mikrotik (double wireless package)
Replies: 28
Views: 2119

Re: How do you upgrade this Mikrotik (double wireless package)

netinstall doesn't work, when System - Routerboard - Settings - Boot Device set to Nand first (in case of correct RouterOS booting). So, when I set Boot Device setting to "try-ethernet-once.." - I was able to flash firmware through netinstall. That actually is a workaround for not using the correct...
by pe1chl
Sun Nov 04, 2018 11:57 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 9458

Re: Newsletter #84

Did i miss a newsletter for October or are they put out every two months?
I think they are released when there is news. I.e. irregularly.
by pe1chl
Sat Nov 03, 2018 11:32 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 180
Views: 30534

Re: v6.44beta [testing] is released!

It is a bit contradictory. When you say you see outgoing pings to the device, that is only possible when the device has answered ARP requests (so the router knows the device MAC address, if not you would see ARP requests to the device), but then you say that ARP pings fail. When turning on proxy-arp...
by pe1chl
Thu Nov 01, 2018 10:30 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 180
Views: 30534

Re: v6.44beta [testing] is released!

While the device cannot communicate (I presume to an outside network, not internal to the LAN subnet), is it still possible to ping the device from the router (i.e. from within the same subnet)?
And is it possible to ping the device from outside and wake-up the stalled connection?
by pe1chl
Thu Nov 01, 2018 10:23 am
Forum: General
Topic: tool kid-control
Replies: 25
Views: 5694

Re: tool kid-control

And also provide information about the IPv6 feature. It appears that MikroTik consider IPv6 a bolt-on feature, not an integral part of the internet protocol suite that has to be supported in all facilities on the router. There is lack of IPv6 support in many parts of RouterOS. kid-control is just o...
by pe1chl
Wed Oct 31, 2018 10:27 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 120
Views: 17917

Re: v6.42.9 [long-term] is released!

Yes, that is the problem I described, only 192.168.88.1 on a single port and no DHCP etc. I did not know which port it would use on RB2011 but apparently ether1 like on CCR which is indeed unfortunate as your PC normally would not be connected to that. Well, good that you found out. On the 2011UiAS ...
by pe1chl
Wed Oct 31, 2018 8:44 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 120
Views: 17917

Re: v6.42.9 [long-term] is released!

What is your definition of "bricked"? No longer boots, you can no longer access it, or what? There have been reports that this version does not install the familiar default config with DHCP server, NAT, firewall etc, but it merely puts address 192.168.88.1/24 on one of the ports as already was the s...
by pe1chl
Wed Oct 31, 2018 6:04 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: The security flaw for Hajime is closed by the firewall
Replies: 37
Views: 10936

Re: The security flaw for Hajime is closed by the firewall

So all that has to be disabled and you can only allow access from certain IPs; yes it has become a management nightmare In fact I had all that way before it even became known that there were vulnerabilities. It is just standard practice to allow management only from trusted networks/addresses. It h...
by pe1chl
Wed Oct 31, 2018 2:12 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 180
Views: 30534

Re: v6.44beta [testing] is released!

You could check the ARP table of the client to see if it has any strange entries (other IP addresses than the router, with the router's MAC address). If so you need to debug the client. I would not know a legitimate reason why proxy-arp would work and normal arp would not, when the client is correct...
by pe1chl
Wed Oct 31, 2018 11:20 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 180
Views: 30534

Re: v6.44beta [testing] is released!

Turning on "Proxy-arp" for that ethernet interface appears to fix it or at least make it work for hours instead of minutes, although there is no reason to have proxy-arp. That depends. It can be a bug in your client device too. E.g. Ubiquiti access points sometimes lose the default route (or it bec...
by pe1chl
Tue Oct 30, 2018 8:15 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 180
Views: 30534

Re: v6.44beta [testing] is released!

After implementing vlan-aware bridges with hw-offload you no longer need 1 bridge per vlan.
But with VLAN-aware bridges you have no hw-offload at all!
by pe1chl
Tue Oct 30, 2018 10:46 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159674

Re: Feature requests

Indeed - it would be nice to separate the non-English videos.
I don't want to advocate separating English from non-English videos. We should not consider one language "better" than another.
I just would like to see the language of the video in the listing.
by pe1chl
Mon Oct 29, 2018 8:04 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159674

Re: Feature requests

But - I am also very aware that English is not the only language used in the world. Very true! Note that in no way I would suggest not to put videos in other languages on the channel. It is very good that they are there, it only would be much more convenient when you can look in the listing and pla...
by pe1chl
Sat Oct 27, 2018 6:50 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 38391

Re: Winbox vulnerability: please upgrade

Just use netinstall to re-install and reset it and use your export or backup (from before it was hacked!) to reconfigure it.
Alternatively just reconfigure it manually.
by pe1chl
Sat Oct 27, 2018 5:21 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159674

Re: Feature requests

And now, for something completely different: (no, not the larch) With all those YouTube videos from MUM taken from all over the world, it would be nice when the language of the video is always visible in the title. Some of them are in English or another language I could understand, but more often th...
by pe1chl
Sat Oct 27, 2018 12:17 pm
Forum: Forwarding Protocols
Topic: ip route cache BUG
Replies: 31
Views: 7802

Re: ip route cache BUG

I have several routers, including CCR1009, operating in various different scenario's which do lots of routing and also VPN (GRE and L2TP) and I have never seen this problem. Checking the CCRs in operation the use of the route cache is very small compared to the size. I think there must be something ...
by pe1chl
Thu Oct 25, 2018 11:17 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 120
Views: 17917

Re: v6.42.9 [long-term] is released!

I have found a single post about this : https://forum.mikrotik.com/viewtopic.php?f=21&t=123936&p=626322#p626322 It's a valid use case. But I agree with you, this should be directed to support@mikrotik.com Well, for me it's not very valid. If you're using bridging, why do you add addresses to the po...
by pe1chl
Tue Oct 23, 2018 11:02 am
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 9458

Re: Newsletter #84

Recent MUM introduction talks have announcements of fast switches with interfaces like that, but they are only "news from the development team", not actual products that are (nearly) ready for release. Watch the MUM recordings on the YouTube channel or join a live transmission (at the start of the e...
by pe1chl
Tue Oct 23, 2018 10:57 am
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 53
Views: 14410

Re: MIkrotik BGP Monitoring

Also, please do not invade in a topic which is disccussing a specific issue and post your generic need for help. Start a new topic for that!
by pe1chl
Tue Oct 23, 2018 10:55 am
Forum: RouterOS v6 RC and v7 BETA
Topic: The security flaw for Hajime is closed by the firewall
Replies: 37
Views: 10936

Re: The security flaw for Hajime is closed by the firewall

What else can I do to prevent this while I try and figure out why I can not update. Use the netinstall tool to install the newest version on the router and reset it to factory defaults. Then re-configure it to your needs. You can first look at the current configuration now to see how the external l...
by pe1chl
Mon Oct 22, 2018 5:46 pm
Forum: General
Topic: NTP for smips
Replies: 20
Views: 2356

Re: NTP for smips

Are you kidding with this need for justification? All packages should include it, we run scripts for updates and monitoring of these devices and the time needs to be right, we want the NTP client function. I personally don't care if it has the NTP server package but we should be able to pick the pa...
by pe1chl
Mon Oct 22, 2018 3:51 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 38391

Re: Winbox vulnerability: please upgrade

No, if that ever sees day light then it should be an "opt in" option with warning sign on first connect screen otherwise it should be as it is now. That's my opinion based on 30 years of experience as system engineer/admin. I don't say it lightly. No, for it to be useful it HAS TO BE enabled by def...
by pe1chl
Sun Oct 21, 2018 8:14 pm
Forum: Virtualization
Topic: RouterOS in Vmware ESXi
Replies: 22
Views: 30295

Re: RouterOS in Vmware ESXi

Backup the config, re-create VM using .ova file, and load the backup.
by pe1chl
Fri Oct 19, 2018 6:31 pm
Forum: General
Topic: /ip dns servers= (cache) - how are multiple servers used?
Replies: 18
Views: 707

Re: /ip dns servers= (cache) - how are multiple servers used?

My understanding was that DNS servers were always used in preference order. First one until it is not available at which point the queries go to the second. That is usually the case with resolver libraries and their config (e.g. /etc/resolv.conf). The big drawback is that the system becomes extreme...
by pe1chl
Fri Oct 19, 2018 6:27 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 13267

Re: New IP cloud is coming.

Really? Everyone wants to have a supersecured router and you would give all your login details to a cloud? It certainly has some applications. I have been suggesting a management VPN to be part of IP cloud as well. People have trouble arranging secure management of their routers that are on dynamic...
by pe1chl
Fri Oct 19, 2018 6:22 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 199
Views: 66000

Re: Feature Request: OpenVPN [ovpn] udp tunnels

It is likely quite easy to implement a user process but it could take some iterations to make it completely secure. I would envision it like: you make a folder on the flash disk and put the executable there and add a config item which specifies the folder and the network devices you desire. (like 1....
by pe1chl
Thu Oct 18, 2018 5:08 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 199
Views: 66000

Re: Feature Request: OpenVPN [ovpn] udp tunnels

+1 for UDP. Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP.. Instead, pay them to implement ...
by pe1chl
Thu Oct 18, 2018 4:11 pm
Forum: Scripting
Topic: Built in function library
Replies: 40
Views: 4928

Re: Built in function library

Completely unrelated to original topic.
What is the progress on the original topic? Has it been decided if this is going to happen, when, and what functions?
by pe1chl
Thu Oct 18, 2018 10:50 am
Forum: General
Topic: /ip dns servers= (cache) - how are multiple servers used?
Replies: 18
Views: 707

Re: /ip dns servers= (cache) - how are multiple servers used?

But now the most interesting testcase: you have 4 DNS servers configured and 3 are working, and you regularly query for nonresponding records (those .in-addr.arpa ones). The DNS resolver queries 8.8.8.8 and gets no response, it has to assume that 8.8.8.8 is dead and switch to the next one. There (8....
by pe1chl
Wed Oct 17, 2018 11:11 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 254
Views: 24531

Re: RB4011

When you want to be flexible w.r.t the WAN interface, you could consider making a new bridge "WAN", change all your config to refer to that bridge instead of the sfp interface, and make either the sfp or the ethernet port the sole member port of that bridge. It is possible to change config in bulk u...
by pe1chl
Wed Oct 17, 2018 8:37 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 180
Views: 30534

Re: v6.44beta [testing] is released!

But what I cannot ping Miktrotik ipv6 addres from LAN, same subnet, same VLAN. Maybe someone have similar issue ? Please do not use the release topic for other things than reporting issues with the release. Make a new topic in the General or Beginners section describing your issue and include a /ex...
by pe1chl
Wed Oct 17, 2018 2:10 pm
Forum: RouterBOARD hardware
Topic: New "RB2011".... reloaded [SOLVED]
Replies: 12
Views: 905

Re: New "RB2011".... reloaded [SOLVED]

I would like to see a line with RB3011 power at RB2011 price (or maybe $10 more).
I would like to see a router with CCR1072 performance at RB2011 price (and of course at RB2011 mains power usage).
But hey, not everything we would like to see is possible today. Maybe in 5 years?
by pe1chl
Wed Oct 17, 2018 2:02 pm
Forum: General
Topic: ROS 6.43.2 export config BUG
Replies: 3
Views: 192

Re: ROS 6.43.2 export config BUG

Indeed it looks like export hide-sensitive does hide the secret= config for IPsec peers, but not the ipsec-secret= config for tunnel interfaces with automatic IPsec peer.
That should be considered a bug. It appears in earlier versions as well.
by pe1chl
Tue Oct 16, 2018 8:00 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 25734

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

beware that of them are using PL2303 series chipset and some of them are using fake PL2303 chipset, the latest driver and win10 driver will refuse to work with them. If you look for a Serial to USB cable better check if can work in win10 without manually install any driver. Could be, I never use Wi...
by pe1chl
Tue Oct 16, 2018 5:40 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 254
Views: 24531

Re: RB4011

the power led is unnecessary bright This is a signature feature of MikroTik equipment. Despite remarks about this running for several years, nobody in development bothers to decrease the current through the blue led. When you visit a datacenter you see those blue torches everywhere. I suppose that ...
by pe1chl
Tue Oct 16, 2018 11:20 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 25734

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

are those 3 hidden spots with Rx, Tx, and GND marking real serial port or just ...
TTL serial. Get a TTL serial to USB converter from aliexpress or similar, and you can connect it to a PC and watch the boot procedure.
(or even flash new firmware over serial when you are patient)
by pe1chl
Mon Oct 15, 2018 5:25 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 38391

Re: Winbox vulnerability: please upgrade

Have you netinstalled? Yes, I netinstalled on Friday. Today Monday i connect remotely to the office twice, from that 2 connection, now i can not connect back again. Telling me wrong username/password. I am sure the attacker sniffed the login detail again to put me out again. You should not allow re...
by pe1chl
Sat Oct 13, 2018 4:51 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 972
Views: 159674

Re: Feature requests

It would be really nice if MikroTik would add the ability to graph health information such as voltage and temperature and no I'm not referring about SNMP and API, I am referring to tools->graphing,the same way as resources, queues and interfaces are graphed. There should simply be the possibility t...
by pe1chl
Fri Oct 12, 2018 4:50 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 113
Views: 18213

Re: Security announcement blog

I have never seen increasing memory usage due to IPv6 forwarding. But apparently your use case or configuration is different.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 97