Community discussions

Search found 4912 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 99
by pe1chl
Wed Jan 16, 2019 3:42 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1005
Views: 168265

Re: Feature requests

Of course when you need a dashboard with all kinds of customized parameters it is easy to make that using SNMP. I would make such a thing on a local webserver in Perl or PHP but undoubtedly there exist "user friendly" packages for Windows that can do that too. And of course MikroTik have "the Dude" ...
by pe1chl
Wed Jan 16, 2019 2:32 pm
Forum: General
Topic: RB1100AHx2 boot speed vs others
Replies: 3
Views: 151

Re: RB1100AHx2 boot speed vs others

Generally it can be said that boot time is not only dependent on CPU power but also on "constant" delays in the boot process. The bootdevice setting I mentioned is one of them. On devices with a serial port there can be an additional delay while the bootloader waits to see if the operator at the ser...
by pe1chl
Wed Jan 16, 2019 2:28 pm
Forum: RouterBOARD hardware
Topic: SFP module is extremely hot
Replies: 29
Views: 6572

Re: SFP module is extremely hot

You will have to install a fan!
The product description of the S+RJ10 was changed:
"Any MikroTik device with active cooling that has SFP+ ports can now be used ..."
So, only when the product has a fan. I think the CSS326-24G-2S+ has the fan only as an option, isn't it?
by pe1chl
Tue Jan 15, 2019 8:25 pm
Forum: General
Topic: RB1100AHx2 boot speed vs others
Replies: 3
Views: 151

Re: RB1100AHx2 boot speed vs others

It can be affected by the settings of /system routerboard settings.
E.g. the setting for boot device "try ethernet once then nand" which is preferable when you want to be able to do netinstall
without jumping through hoops with reset button, of course costs extra boot time.
by pe1chl
Tue Jan 15, 2019 5:26 pm
Forum: General
Topic: Failover
Replies: 1
Views: 80

Re: Failover

You need to do policy routing, probably with connection marking, so your two connections are independently handled by the routing and NAT.
There are examples available on the forum.
by pe1chl
Tue Jan 15, 2019 3:20 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 318
Views: 52215

Re: v6.44beta [testing] is released!

It is probably related to a problem I also reported to them: when you import an export which contains a server and pool the import fails because the pool appears in the export after the server. Apparently it was not easy to export the pool definitions before the server definitions (or there would be...
by pe1chl
Tue Jan 15, 2019 2:38 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1005
Views: 168265

Re: Feature requests

In "queue tree" please provide the option of specifying limit-at and max-limit as a percentage of the limit on the next higher layer. (within a queue tree, the values in the parent item. in the top item, maybe the interface speed when available. or percentages could be disallowed there) When the val...
by pe1chl
Tue Jan 15, 2019 2:22 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 541

Re: VoIP traffic shaping doesn't works

I have some times considered to request a new feature where queue tree limits can be set to a percentage instead of an absolute value, and those percentages will be taken from the parent queue and the used value will be automatically re-calculated when that number changes. It is often convenient to ...
by pe1chl
Mon Jan 14, 2019 7:08 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 541

Re: VoIP traffic shaping doesn't works

Why not?
You can make PPP profiles with on-up and on-down scripts and assign them to the PPPoE connections.
by pe1chl
Mon Jan 14, 2019 4:51 pm
Forum: General
Topic: DSL pppoe - how to assign public static IP?
Replies: 5
Views: 708

Re: DSL pppoe - how to assign public static IP?

Just read above what was already answered.
by pe1chl
Fri Jan 11, 2019 5:37 pm
Forum: General
Topic: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved
Replies: 28
Views: 4879

Re: Multiple Road Warrior L2TP/IPsec clients behind NAT - solved

Indeed you must set /ip ipsec peer profile enc-algorithm=aes-128,3des hash-algorithm=sha1 When you set other enc-algorithm like aes-256 or other hash algoritthm it will just fail on some Android versions. For /ip ipsec proposal (phase 2 settings) you can have aes-256 enabled when you really think th...
by pe1chl
Fri Jan 11, 2019 2:25 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 541

Re: VoIP traffic shaping doesn't works

You cannot have a downstream queue tree! Likely you have been confused by the upstream/downstream settings for matching of IP addresses. So you have created another upstream queue that has an incorrect matching that seldomly matches. A queue is just the same as a queue before a door where people nee...
by pe1chl
Fri Jan 11, 2019 2:20 pm
Forum: RouterBOARD hardware
Topic: hap lite not enough space for update [SOLVED]
Replies: 16
Views: 622

Re: hap lite not enough space for update [SOLVED]

Did you already try to power it off and on instead of using "reboot"?
by pe1chl
Fri Jan 11, 2019 10:53 am
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 484

Re: L2TP/IPSEC as a client to VPN providers

I don't understand you, probably the language barrier is too high.
Hopefully someone else understands what you want to ask.
by pe1chl
Thu Jan 10, 2019 11:21 pm
Forum: Beginner Basics
Topic: VoIP traffic shaping doesn't works
Replies: 22
Views: 541

Re: VoIP traffic shaping doesn't works

There is not much that you can do for the incoming side. That is the task for the other side of the line, where it is the outgoing side. The queues have to be at the outgoing side. That is fine when you are at both sides, but unfortunately for many people the other side is some Internet provider, an...
by pe1chl
Thu Jan 10, 2019 9:33 pm
Forum: RouterBOARD hardware
Topic: hap lite not enough space for update [SOLVED]
Replies: 16
Views: 622

Re: hap lite not enough space for update [SOLVED]

Then something is corrupted.
Make a backup and an export (when you have valuable info in your config) and then do a netinstall with format, and reload the backup.
(the export is just to have a readable version of the config in case things go really bad)
by pe1chl
Thu Jan 10, 2019 8:16 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 53
Views: 6963

Re: CHR feature requests

Can't you just boot from a Linux Live CD and then use that to dd the disk image to the physical disk?
by pe1chl
Thu Jan 10, 2019 7:31 pm
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 484

Re: L2TP/IPSEC as a client to VPN providers

Try to remove those lifetime=1h declarations from your IPsec configuration.
Sometimes there is confusing when negotiating parameters like this with the remote.
(i.e. locally you force the lifetime to 1h, remote has an 8h lifetime and does not understand this, so
connection is dead after 1h)
by pe1chl
Thu Jan 10, 2019 5:55 pm
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 484

Re: L2TP/IPSEC as a client to VPN providers

That is what you get when you don't post a clear question...
Try again, this time mentioning what is your problem and what you want to achieve.
by pe1chl
Thu Jan 10, 2019 5:34 pm
Forum: General
Topic: L2TP/IPSEC as a client to VPN providers
Replies: 12
Views: 484

Re: L2TP/IPSEC as a client to VPN providers

Your interface is l2tp-out, and you can do anything with it that you can do with another dynamic interface. The fact that IPsec is underneath it does not matter. To the inside it is L2TP. Of course you should not set the default route to such a connection or at least you should make some other arran...
by pe1chl
Wed Jan 09, 2019 2:07 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 324
Views: 37930

Re: RB4011

I use a piece of back tape for that... but it looks ugly.
When you walk in a datacenter you immediately notice where is the MikroTik equipment.... and probably that is the reason for it.
by pe1chl
Wed Jan 09, 2019 12:23 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 324
Views: 37930

Re: RB4011

But it *does* have the signature MikroTik built-in torch light!
by pe1chl
Thu Jan 03, 2019 2:20 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 294
Views: 47781

Re: Winbox vulnerability: please upgrade

So why would your link be down? I can's speak for his situation but it is not really uncommon that a link goes down when one side changes frequency, e.g. because that frequency has interference at the other side, is not in the other side's allowed channel list (e.g. it is an outdoor AP that has the...
by pe1chl
Wed Jan 02, 2019 7:41 pm
Forum: General
Topic: Hacked Board
Replies: 15
Views: 813

Re: Hacked Board

But if it's 6.43.x how can it be exploited as to my knowledge there are no open security bugs?
There was at least one open security bug (fixed in 6.43.8) that could be used when the password was known.
The password may have leaked earlier or using another mechanism.
by pe1chl
Wed Jan 02, 2019 5:57 pm
Forum: General
Topic: Hacked Board
Replies: 15
Views: 813

Re: Hacked Board

Hi, i found an hacked board running was on 6.43.2 I´dont now how this had worked, we use Firewall and winbox only responded to known IP (our IP´s) There likely is some router on your network where such rules are not in place, it was infected too, and it spread the infection to other routers inside ...
by pe1chl
Wed Jan 02, 2019 5:42 pm
Forum: Scripting
Topic: Fetch via proxy
Replies: 5
Views: 188

Re: Fetch via proxy

A proxy request does not have the same format as a direct request, so that is not going to work! You could setup a tunnel to another place where this site is not blocked, and route the traffic over that runnel with srcnat/dstnat at the other side of the tunnel. That works, but it requires that you h...
by pe1chl
Wed Jan 02, 2019 11:09 am
Forum: General
Topic: MOAB mother of all blacklists
Replies: 54
Views: 4841

Re: MOAB mother of all blacklists

Please stop using the forum as an advertisement platform.
Place a link to your website once where you advertise your business and be done with it...
by pe1chl
Mon Dec 31, 2018 9:30 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 221
Views: 71237

Re: Feature Request: OpenVPN [ovpn] udp tunnels

NordVPN says no. RouterOS is getting outdated. Implementing such services on a router is silly. You should implement it on your end device so the entire path is protected. Furthermore, when today's protocol enforced by something like NordVPN would be implemented by MikroTik, tomorrow they will swit...
by pe1chl
Mon Dec 31, 2018 11:08 am
Forum: Wireless Networking
Topic: Radar detected on XXX
Replies: 31
Views: 1382

Re: Radar detected on XXX

As a WISP I would question the wisdom of allowing dual usage of frequencies that both Radar and wireless operators use?
Nobody questions the viability of getting into an unreliable business like WISP where you are fully dependent on what others (including authorities) do?
by pe1chl
Mon Dec 31, 2018 11:04 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 221
Views: 71237

Re: Feature Request: OpenVPN [ovpn] udp tunnels

L2TP/IPsec, GRE/IPsec, IPIP/IPsec, plain IPsec transport.
by pe1chl
Sat Dec 29, 2018 6:02 pm
Forum: Wireless Networking
Topic: Radar detected on XXX
Replies: 31
Views: 1382

Re: Radar detected on XXX

@ pe1chl Ok, let's say you are right. What now I can to do to resolve this? My AP is set auto freq, my stations is set auto freq. So, what to do in practice to resolve this? Make a channel list and put those channels in that are not affected by radar. This requires some manual work, the channel lis...
by pe1chl
Sat Dec 29, 2018 12:03 pm
Forum: Wireless Networking
Topic: Radar detected on XXX
Replies: 31
Views: 1382

Re: Radar detected on XXX

Can I disable radar detection? It is a legal requirement to use radar detection when you want to use certain channels on 5 GHz. This is because the "primary user" of this band is RADAR and you are only allowed to use those channels where RADAR is not present. When you run a WiFi link on a RADAR fre...
by pe1chl
Fri Dec 28, 2018 4:00 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 9
Views: 2369

Re: DHCP Offering Lease Without Success

When you want to assign a fixed IP to a device, do not create the entry manually, but first let the device request an IP dynamically, then open that entry and click "make static" and when you wish you can edit the IP address to the correct value. This makes sure the MAC and the Client ID are correct...
by pe1chl
Fri Dec 28, 2018 11:48 am
Forum: Wireless Networking
Topic: Radar detected on XXX
Replies: 31
Views: 1382

Re: Radar detected on XXX

After disable WPS Mode in wireless card, problem didn't manifest (for now, 23h+) I hope this problem will not be repeated. WPS is totally unrelated to this issue (DFS). Radar problems can sometimes be temporary due to tropospheric propagation conditions (inversion layer). So it can be coincidence t...
by pe1chl
Thu Dec 27, 2018 4:32 pm
Forum: General
Topic: RouterOS 5.2 to Current [SOLVED]
Replies: 8
Views: 615

Re: RouterOS 5.2 to Current [SOLVED]

You can do it that way but you should not install the most recent version over such an ancient version in one step.
by pe1chl
Thu Dec 27, 2018 3:50 pm
Forum: General
Topic: How to set RB to work as router and public switch at one time
Replies: 4
Views: 251

Re: How to set RB to work as router and public switch at one time

Configure a bridge with the ports you want to be switched in it, with hardware accel enabled.
by pe1chl
Thu Dec 27, 2018 11:24 am
Forum: Wireless Networking
Topic: Radar detected on XXX
Replies: 31
Views: 1382

Re: Radar detected on XXX

There are only four 5GHz channels without enforced DFS by most regulatories:
Usually those channels are only allowed for indoor use and/or with lower power (100mW instead of 1W).
by pe1chl
Tue Dec 25, 2018 11:10 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 294
Views: 47781

Re: Winbox vulnerability: please upgrade

That is exactly why such advises will not work as long as there is not some form of auto-upgrade... You get a request from a hotel to install a WiFi, you install and configure equipment uptodate at that time, and you leave. At that point there is not some hotel desk clerk reading the forum every day...
by pe1chl
Fri Dec 21, 2018 3:57 pm
Forum: Forwarding Protocols
Topic: What does /ip route vrf really do?
Replies: 22
Views: 6333

Re: What does /ip route vrf really do?

Sorry I did not read back the entire topic when I saw that another description of what VRF is was added to it. In fact what I wrote today all was already written before, and I am still not using the VRF functionality in the network. It seems that some people have tried to do that, and they run into ...
by pe1chl
Fri Dec 21, 2018 2:46 pm
Forum: Forwarding Protocols
Topic: What does /ip route vrf really do?
Replies: 22
Views: 6333

Re: What does /ip route vrf really do?

So things are much simpler to set up and stay orderly if you take the vrf way in some scenarios. But it has some limitations - the same routing tables/routing marks are used for both the vrf and for the "usual" policy routing, so if you would want to use the "usual" policy routing together with a v...
by pe1chl
Fri Dec 21, 2018 2:13 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1005
Views: 168265

Re: Feature requests

Not true on MacOS/Wine Winbox. You get disconnected but it won't through you out (but the clock stops to work!). Strange! Under Windows and with Linux/Wine this does not happen, whenever the link is lost you get disconnected within 3 seconds. Very inconvenient, because sometimes I have 3-4 devices ...
by pe1chl
Thu Dec 20, 2018 10:54 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 318
Views: 52215

Re: v6.44beta [testing] is released!

Are you also working on the DFS function and possibly more logging of what is going on when DFS decides to change the frequency?
We would like to use DFS but now we can't because of the false detections... and no information about what is detected.
by pe1chl
Wed Dec 19, 2018 9:53 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 318
Views: 52215

Re: v6.44beta [testing] is released!

For outdoor I normally select the country "etsi 5.5-5.7 outdoor" that has those frequencies in the scanlist.
by pe1chl
Wed Dec 19, 2018 3:24 pm
Forum: Wireless Networking
Topic: radar detected problems
Replies: 47
Views: 11777

Re: radar detected problems

The issue is probably caused by communication with authorities about DFS detection thresholds. Above I mentioned a couple of times that Ubiquiti does not suffer from this issue. However, that is no longer correct. The latest firmware from Ubiquiti has the same problem as MikroTik has had for quite s...
by pe1chl
Sat Dec 15, 2018 6:00 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 25
Views: 1113

Re: firewall is pushing the cpu

There is little point in doing that firewalling "everywhere", especially when you also have high-bandwidth customer traffic. In that case it is better to keep the "forward" firewall empty and put those rules only in the "input" firewall where you will have far less traffic and so there will be less ...
by pe1chl
Wed Dec 12, 2018 7:46 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1005
Views: 168265

Re: Feature requests

Also a green/yellow/red color field within WINBOX to indicate if you are still connected to the router (green - connected, yellow - don't know, red-disconnected) That isn't required because when you have no link, you will be disconnected (far to) quickly and lose the open window (reverts to connect...
by pe1chl
Wed Dec 12, 2018 11:25 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1005
Views: 168265

Re: Feature requests

winbox: please add some "windows list" feature, e.g. a button for every open window to the right of the "Session:" field below the menu bar. this can be useful to have an overview what windows are open and to raise them when they are inadvertently lowered below another window. I normally have the "L...
by pe1chl
Tue Dec 11, 2018 2:41 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 25
Views: 1113

Re: firewall is pushing the cpu

You cannot run an ISP using RB750Gr1 routers. Some people forget that.
Only the higher-performance devices like CCR or newer RB models (1100, 3011, 4011) have enough CPU performance
to do firewalling at high speed.
by pe1chl
Sun Dec 09, 2018 10:32 pm
Forum: Announcements
Topic: v6.43.7 [stable] is released!
Replies: 53
Views: 8575

Re: v6.43.7 [stable] is released!

Oh but the router where I experienced the above problems is a CCR1009 so no problem to do a rollback. Everywhere where this is still possible (the older MikroTik devices) I have two partitions and I do a copy, then upgrade one of them and go back when there are disastrous problems. And that has happ...
by pe1chl
Sat Dec 08, 2018 4:23 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 324
Views: 37930

Re: RB4011

We have a link between an RB2011 and an RB260 using two Net Insight NPA0022-LJ11 SFP fiber modules and it works fine no matter if it is configured for autonegotiation or fixed 1G/Fulldup at either end... (before it was configured for autoneg but I have disabled it because we plan to change to a bidi...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 99