Community discussions

MikroTik App

Search found 7478 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 25
by pe1chl
Sat May 08, 2021 9:11 pm
Forum: Beginner Basics
Topic: do you let 1U between routers and switches? [SOLVED]
Replies: 5
Views: 363

Re: do you let 1U between routers and switches? [SOLVED]

There is almost no heat transfer through the top- and bottom plate, so for heat it will not make much of a difference. The heat should be transferred out of the units by airflow through front and back. You can leave the space when you have it, e.g. using cable organizers or other panels (like the RJ...
by pe1chl
Sat May 08, 2021 9:06 pm
Forum: Beginner Basics
Topic: TCP connection established from XXX vpn
Replies: 1
Views: 98

Re: TCP connection established from XXX vpn

Use something else than PPTP. E.g. SSTP, L2TP/IPsec, OpenVPN, etc.
PPTP is a bit tricky to get going when NAT is involved, and it is not very secure anyway.
To make it working you need to open the GRE protocol as well, as PPTP uses that.
by pe1chl
Sat May 08, 2021 9:04 pm
Forum: General
Topic: WeBfig as default page in the management page [SOLVED]
Replies: 3
Views: 170

Re: WeBfig as default page in the management page [SOLVED]

In WebFig you can make a "skin" that removes certain parts of the configuration interface. Quite interesting mechanism in fact, unfortunately it does not work in WinBox. However, I think that "Quick Start" should be made a separate package or selectable feature that can be disabl...
by pe1chl
Sat May 08, 2021 1:38 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

The problem is that those default routers only exist in the RouterOS for the consumer-oriented routers.
When you have e.g. CCR or CHR the default configuration is much much smaller and does not include things like firewall settings.
by pe1chl
Fri May 07, 2021 4:31 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1170

Re: Decrease in software quality from mikrotik?

WiFi OTOH is technical problem and technically it would be failry easy to use 6GHz band instead of 5.5GHz. Unfortunately 6GHz is assigned to licensed fixed point-to-point networks here (in Europe). While one can argue that this usage is outdated and mostly replaced or replaceable by fiber links, th...
by pe1chl
Fri May 07, 2021 2:19 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1170

Re: Decrease in software quality from mikrotik?

Yes, that is of course the reason for DFS! The authorities and radar operators do not care if our WiFi network would be disturbed by radar pulses (and thus suggest us to go somewhere else)... what they care about is that we evacuate the frequency to avoid such disturbance of the operation of the rad...
by pe1chl
Fri May 07, 2021 1:10 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1170

Re: Decrease in software quality from mikrotik?

@mkx yes you are right, the receiver front-ends of WiFi APs are really sh*t. Another issue is that we receive RADAR all over the band at an access point placed at 220m height in a radio transmitter tower, located about 20km from a weather radar. It does not matter what channel is used, DFS detects r...
by pe1chl
Fri May 07, 2021 11:25 am
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1170

Re: Decrease in software quality from mikrotik?

Apparently regulators did not understand the reason for having certain frequencies reserved for special purposes and allowed incompetent manufacturers to pollute the spectrum with shitty RF transmitters. That surprises me too. How could anyone think that co-existence of an unlicensed transmitter sy...
by pe1chl
Thu May 06, 2021 4:08 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

The issue is likely that they made many patches that are not "to support some hardware" but to introduce specific features. What we see now in v7 is that things that were enabled by kernel patch do not yet work or came only in later betas (apparently someone migrated the patch). And some o...
by pe1chl
Thu May 06, 2021 3:23 pm
Forum: General
Topic: Decrease in software quality from mikrotik?
Replies: 16
Views: 1170

Re: Decrease in software quality from mikrotik?

Yes it indeed is a common problem. It must be due to letters from the regulators to increase the DFS sensitivity. It affects different manufacturers. Apparently the regulators and manufacturers don't understand that making the system unworkable will only result in users running ancient software or e...
by pe1chl
Wed May 05, 2021 11:23 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Try to remove the check mark for BSD Syslog format and see if it changes. I do log to Splunk directly, but I have tested it with rsyslog server and it works there as well. Well, when I do not set BSD Syslog I cannot set Syslog Facility. That is required because I use that to direct the logs on the ...
by pe1chl
Wed May 05, 2021 11:16 am
Forum: General
Topic: Assign static IP's from ARP not DHCP Leases to stop MAC Clonning
Replies: 7
Views: 508

Re: Assign static IP's from ARP not DHCP Leases

Solutions exist, 802.1x (dot1x) and PPPoE. With a capable RADIUS server of course (freeradius, maybe RouterOS v7 usermanager). My setup doesn't require user authentication (user/pass) That is where you go wrong! You say you have a problem with people stealing your internet, yet you do not require y...
by pe1chl
Tue May 04, 2021 4:47 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Can you post an example on how it looks like and how you would like it to be. When I look in the logging that my BSD syslog server writes to disk I see: May 2 10:43:20 MikroTik Connection closed When I look in the Log viewer in Winbox I see: May/02/2021 10:43:20 | route, bgp, info | Connection clos...
by pe1chl
Tue May 04, 2021 12:14 pm
Forum: General
Topic: How to do Policy mapping in Mikrotik
Replies: 1
Views: 142

Re: How to do Policy mapping in Mikrotik

You can do similar things in the /queue tree menu. See the wiki: https://wiki.mikrotik.com/wiki/Manual:Queue#Queue_Tree Of course there are many more capabilities than this simple config that is shown in the Cisco example. You should be able to mimic that with something simple like: /queue tree add ...
by pe1chl
Tue May 04, 2021 11:01 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

That is fixed text. I want to see the topics that are visible when logging in memory. These differ per message. E.g. [system,info,account] or [ipsec,error] See my post here from 2017. MT has not fixed anything of this yet. https://forum.mikrotik.com/viewtopic.php?t=124291 Support has only sad that ...
by pe1chl
Mon May 03, 2021 8:12 pm
Forum: General
Topic: Assign static IP's from ARP not DHCP Leases to stop MAC Clonning
Replies: 7
Views: 508

Re: Assign static IP's from ARP not DHCP Leases

so there's no way to achieve the thing i asked for, on such a powerful system like MikroTik, that's sad .. like over 15+ years there's no Fix for MAC-Clonning/Spoofing on Hotspot. This is not related to MikroTik, it is just a property of using MAC as identifier and users that are not cooperative. S...
by pe1chl
Mon May 03, 2021 5:35 pm
Forum: Beginner Basics
Topic: GPS positioning NMEA forwarding configuration OpenCPN
Replies: 1
Views: 275

Re: GPS positioning NMEA forwarding configuration OpenCPN

MikroTik really should add a "gpsd" optional package to RouterOS to make such things much easier....
by pe1chl
Sun May 02, 2021 9:10 pm
Forum: Beginner Basics
Topic: GPS and NTP questions (V6.48.2, hAP ac^2)
Replies: 4
Views: 428

Re: GPS and NTP questions (V6.48.2, hAP ac^2)

But exposing lat/long is a pain, and I cannot tell at all what's happening when I run NTP and GPS at the same time. That is where "gpsd" comes in. It receives the messages from the GPS receiver, parses them and stores them in local data structures, provides the time reference for NTP via ...
by pe1chl
Sun May 02, 2021 9:03 pm
Forum: General
Topic: New router OS
Replies: 49
Views: 17542

Re: New router OS

MikroTik wrote their own TILE architecture. It does not use the one from that github repository.
Remember they do a lot of patches to the kernel. That provides them with some unique features, but also with a lot of headaches.
by pe1chl
Sun May 02, 2021 12:36 pm
Forum: Beginner Basics
Topic: GPS and NTP questions (V6.48.2, hAP ac^2)
Replies: 4
Views: 428

Re: GPS and NTP questions (V6.48.2, hAP ac^2)

The problem with time messages from GPS devices is that they do not indicate the current time, but the time at which the GPS unit calculated the "fix", i.e. the solution for the position+time equations from the data received from the satellites. The GPS device then sends this data as a ser...
by pe1chl
Sun May 02, 2021 12:25 pm
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 7
Views: 482

Re: Wifi between concrete walls

No that will not work. No need to try that!
by pe1chl
Sun May 02, 2021 12:24 pm
Forum: General
Topic: Assign static IP's from ARP not DHCP Leases to stop MAC Clonning
Replies: 7
Views: 508

Re: Assign static IP's from ARP not DHCP Leases

This kind of tricks will never work completely and it will always be possible to work around it when your clients are clever enough. When you want better possibilities to check things you will have to use 802.1x or PPPoE and use a RADIUS server to authenticate the clients, preferably with a certific...
by pe1chl
Sun May 02, 2021 12:18 pm
Forum: General
Topic: MAC based port forwarding rule
Replies: 7
Views: 415

Re: MAC based port forwarding rule

Sender MAC address is not present in incoming packets, it will always be the MAC address of the router, not of the sender.
So this is impossible to do! (no matter if MikroTik or not)
by pe1chl
Fri Apr 30, 2021 6:34 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

The easiest solution is to upgrade to Linux kernel 5.6 and glibc-2.32 or higher where 32-bit apps can use 64-bit time_t just by recompiling. Additional details about full userspace support for 64-bit time_t and other ways of handling this if you are using syscalls directly are available . What's th...
by pe1chl
Fri Apr 30, 2021 6:32 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Prefix already exist...
That is fixed text. I want to see the topics that are visible when logging in memory. These differ per message.
E.g. [system,info,account] or [ipsec,error]
by pe1chl
Fri Apr 30, 2021 5:56 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

They will probably fix that before 2038! Should be nothing to worry about, especially as it has been nicely truncated instead of doing some random wrap to a date that could be nearby or in the past...
by pe1chl
Fri Apr 30, 2021 4:26 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Under /system logging action for target=remote please add some option to include the topics in the message sent to the remote log server.
E.g. add [topic,topic,topic] between the system name and the message when this option is set.
by pe1chl
Fri Apr 30, 2021 4:25 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Under /system logging action for target=remote please add some option to include the topics in the message sent to the remote log server.
E.g. add [topic,topic,topic] between the system name and the message when this option is set.

(would be nice when that is done in v6 as well...)
by pe1chl
Thu Apr 29, 2021 11:47 pm
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 68
Views: 39136

Re: OpenVPN SHA256 + UDP

...so it doesn't look like SHA256 is coming to RouterOS anytime soon, which is a shame as the rest of the world has moved on from SHA1 & MD5 as hashing algorithms On the other hand, that does not really make sense. The strength of the hashing algorithm is important for applications like certifi...
by pe1chl
Wed Apr 28, 2021 11:21 am
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 68
Views: 39136

Re: OpenVPN SHA256 + UDP

Please read the reply above your posting (#65)
OpenVPN in RouterOS is not the standard application that you just have to download every couple months to track what the world is doing.
For better (but not complete) OpenVPN see the v7 beta. Of course with the note that it is a beta.
by pe1chl
Mon Apr 26, 2021 3:10 pm
Forum: Beginner Basics
Topic: How to setup SIP-telephony?
Replies: 15
Views: 1096

Re: How to setup SIP-telephony?

Thing that I didn't understand - how does it work without SIP-ALG? Somebody has to send packets in order to open ports for RTP-traffic. I suppose my local PBX does it. Normally either it does not work (e.g. audio in one direction or no audio at all), or the firewall rules are too broad and you get ...
by pe1chl
Mon Apr 26, 2021 10:48 am
Forum: Forwarding Protocols
Topic: Routing over ipsec
Replies: 8
Views: 1139

Re: Routing over ipsec

The correct solution for this problem is for ROS to implement VTI, or even better XFRM interfaces.
Yes, that is the recurring problem. Whenever some solution has been implemented after years of requests, the whole thing will start again with the next "better solution".
by pe1chl
Sun Apr 25, 2021 12:30 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

It will not improve the performance, it will increase the max number of connections that can be tracked at any one time. With that, you should be able to have more users on the network. It is good that the RAM is used at all. this is vital if someone wants to run a box as CGNAT device. Yes of cours...
by pe1chl
Fri Apr 23, 2021 7:14 pm
Forum: RouterOS v7 BETA
Topic: transparent bridging directionality issue?
Replies: 10
Views: 627

Re: transparent bridging directionality issue?

Ok maybe it is not so easy to make a bridging shaper then... I have no experience with that, only with shaper at IP level (both simple queue and queue tree) and that works OK, and also with bridge filter to filter e.g. ARP requests and that works too, also together with filters at IP level.
by pe1chl
Fri Apr 23, 2021 6:09 pm
Forum: RouterOS v7 BETA
Topic: transparent bridging directionality issue?
Replies: 10
Views: 627

Re: transparent bridging directionality issue?

Are you sure you have disabled fasttrack? (should not matter for bridging, but when I read "it does not see my settings" I think about that fasttrack thing that I always remove as first action)
by pe1chl
Fri Apr 23, 2021 5:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Someone please chech this bug if also on 7.1beta5: https://forum.mikrotik.com/viewtopic.php?f=2&t=174719 That cannot be present in v7 because there are no such separate packages for parts of the basic functionality anymore, everthing is now in one package "routeros". Now packages are ...
by pe1chl
Fri Apr 23, 2021 11:11 am
Forum: RouterOS v7 BETA
Topic: transparent bridging directionality issue?
Replies: 10
Views: 627

Re: transparent bridging directionality issue?

That is why you need to match the interface in a bridge filter rule and set a packet mark there... it is no longer possible to check that once it has gone to the IP level.
by pe1chl
Fri Apr 23, 2021 11:09 am
Forum: Scripting
Topic: Failover Scripting It does not work properly
Replies: 7
Views: 516

Re: Failover Scripting It does not work properly

I did not study the script in detail, I only noted the common mistake of using the ethernet interface name as the indication of the internet interface where PPPoE is used.
by pe1chl
Thu Apr 22, 2021 10:33 pm
Forum: Scripting
Topic: Failover Scripting It does not work properly
Replies: 7
Views: 516

Re: Failover Scripting It does not work properly

When you are using PPPoE, your interface name is not ether10 but like pppoe-out1 (or different when you have renamed it).
by pe1chl
Thu Apr 22, 2021 10:01 pm
Forum: RouterOS v7 BETA
Topic: transparent bridging directionality issue?
Replies: 10
Views: 627

Re: transparent bridging directionality issue?

I think your problem is that the firewall rules for the bridge will be evaluated as input for port4->bridge and then as output for bridge->port5. So all your traffic is counted twice. When you want to avoid that, you may have to match on port number. Then add a packet mark and match that in the queue?
by pe1chl
Thu Apr 22, 2021 8:04 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

When using multiple routing tables combined with a routing protocol in v6 I encounter the problem that the "connected route" for an interface is only inserted in the main table. While this is usually no problem for the routing itself (ip route rules can be configured to look in the main ta...
by pe1chl
Thu Apr 22, 2021 7:54 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

I think most of these Mikrotik SMIPS devices are bought by WISPs so they have cheapest possible AP for lowest tier service plans...
That could be, but I wonder how much money they save in the end when it turns out the devices are difficult/impossible to update and they have to send an engineer...
by pe1chl
Thu Apr 22, 2021 3:34 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

For 16MB Flash there appear to be other reasons besides just saving money on Flash chips (larger than 16MB requires a different interface to the central processor which means that certain chips cannot be used or some other feature of the chip becomes unavailable due to pins used for the large Flash ...
by pe1chl
Wed Apr 21, 2021 7:10 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

Disabling packages from the combined package didn't seem to help with any of my devices. The only other work-around was to install the individual packages required and not use the combined one. That is right, disabling packages from the combined package is only the first step in my description, the...
by pe1chl
Wed Apr 21, 2021 12:31 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

upgrade - improved "long-term" upgrade procedure on SMIPS devices This appears to have solved the "not enough space for upgrade" on all 16mb SMIPS hAP lite devices I manage - thank you! Probably it only means that "after you have installed 6.48.2 the procedure to upgrade to...
by pe1chl
Tue Apr 20, 2021 9:33 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

I think this will cause some headache for me as well... Let's say I have a route 10.20.0.0/16 and 192.168.20.0/24 via OSPF. How can I excludes these from being catched by the above access-list and firewall rule? That access list based on address-list is no good. The other workaround (reply #219) sh...
by pe1chl
Tue Apr 20, 2021 6:52 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

If, as you say, you have default route, then there is no need to add static routes to nowhere, you can use address lists
No, this is wrong! See reply #216.
by pe1chl
Tue Apr 20, 2021 6:51 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

So, you mean doing something like this? That is what I had in mind, yes. At least it has the same functionality as an unreachable route. Like you, I do not worry that much about DDoS, so it is a bit of a pity that we still have to suffer from feature reduction. Hopefully this solution would also wo...
by pe1chl
Tue Apr 20, 2021 2:58 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

If you do not add blackhole route, but just add firewall rule for specific destiantion then it will work. That would mean you have to add rules to catch it in the firewall. But it is not easy, as the solution of course has to work with most-specific-subnet-first handling like a routing table does. ...
by pe1chl
Tue Apr 20, 2021 2:11 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

v7 uses new Linux ip-nexthop which supports only "blackhole" nexthop. But there is still an option to add firewall rule to send ICMP unreachable for specific destinations. Are you sure that would work? Normally when you have unreachable or blackhole destinations in the routing table, the ...
by pe1chl
Tue Apr 20, 2021 2:06 pm
Forum: Beginner Basics
Topic: How to setup SIP-telephony?
Replies: 15
Views: 1096

Re: How to setup SIP-telephony?

You are just expecting too much. Tutorials exist, forum topics exist, youtube movies exist on the mikrotik channel.
It is a difficult subject, not possible to explain it in a short forum reply, you will have to study and search it yourself.
by pe1chl
Tue Apr 20, 2021 2:04 pm
Forum: General
Topic: Firewall Filter Content Hex
Replies: 4
Views: 357

Re: Firewall Filter Content Hex

One thing you need to watch out for is that content filter does not match individual packets. It matches the first 2KB sent over a TCP connection. This is collected into a buffer and matched with the pattern. So it is often not useful to use content filter to block packets. Packets that are part of ...
by pe1chl
Tue Apr 20, 2021 11:09 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Have "unreachable" routes disappeared in beta5 (or even before)?
It looks like it. That sure is not good! Similar to you, I always add routes like that and they should not simply drop the packets.
by pe1chl
Sat Apr 17, 2021 12:18 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Can you please add the "rpfilter" matcher to the firewall matching rule options?
See viewtopic.php?f=2&t=120863 and viewtopic.php?f=14&t=56572
by pe1chl
Sat Apr 17, 2021 12:17 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

Can you please add the "rpfilter" matcher to the firewall matching rule options?
See viewtopic.php?f=2&t=120863 and viewtopic.php?f=14&t=56572
by pe1chl
Sat Apr 17, 2021 12:16 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Can you please add the "rpfilter" matcher to the firewall matching rule options?
See viewtopic.php?f=2&t=120863 and viewtopic.php?f=14&t=56572
by pe1chl
Sat Apr 17, 2021 12:44 am
Forum: Beginner Basics
Topic: Connect locations with mikrotik
Replies: 11
Views: 642

Re: Connect locations with mikrotik

When you indeed have numerical and text data you could consider looking at "/ip packing" (compression). Normally it will not be useful as today usually data is encrypted or already compressed. When you have only certain files that you need to access read-only then you can consider using so...
by pe1chl
Fri Apr 16, 2021 6:59 pm
Forum: General
Topic: hEX RB750gr3 VLAN support?
Replies: 2
Views: 271

Re: hEX RB750gr3 VLAN support?

All MikroTik routers do support VLANs, only some of them do not support it in hardware and need to do it in software. Your configuration does not require VLANs at all, just put those separate networks on each individual port and remove the ports from the bridge. (of course being careful not to lock ...
by pe1chl
Fri Apr 16, 2021 5:29 pm
Forum: Beginner Basics
Topic: Connect locations with mikrotik
Replies: 11
Views: 642

Re: Connect locations with mikrotik

Unless you already have the RB2011 routers I would recommend using RB750Gr3 as these are much better suited for GRE/IPsec. Don't bother trying to setup direct IPsec tunnels, it is a waste of effort to get that all working correctly. Setup GRE/IPsec and set a /30 address on each of the tunnel endpoin...
by pe1chl
Fri Apr 16, 2021 11:46 am
Forum: General
Topic: Cloutik feedback ?
Replies: 10
Views: 788

Re: Cloutik feedback ?

The gripe with all cloud products is never generally the product itself, its putting control into someone elses hands. Indeed. And not only because you may give them credentials that they then may leak and cause your network to be compromised, but also because such a service could be terminated at ...
by pe1chl
Thu Apr 15, 2021 4:14 pm
Forum: Beginner Basics
Topic: How to setup SIP-telephony?
Replies: 15
Views: 1096

Re: How to setup SIP-telephony?

It is a difficult subject with many pitfalls. Probably not many persons want to write yet another tutorial, just for you.
by pe1chl
Thu Apr 15, 2021 11:14 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

I mean RouterOS is a routing OS, not a full-fledged DNS resolver solution. In cases like this we often see the disadvantage of the use of opensource software as a base but using home-built software on top of that. Possibly combined with the urge to keep everything as compact as possible to fit ever...
by pe1chl
Wed Apr 14, 2021 5:23 pm
Forum: General
Topic: Cloutik feedback ?
Replies: 10
Views: 788

Re: Cloutik feedback ?

Of course it depends a lot on what kind of maintenance you require and what level of automation you need or want to have. In my case the routers are all in a network that uses public IP addresses and is internally connected both by WiFi links and VPN connections to a central router, all fitted with ...
by pe1chl
Wed Apr 14, 2021 11:55 am
Forum: General
Topic: Way to set the NAT type?
Replies: 5
Views: 418

Re: Way to set the NAT type?

No. But you can write individual srcnat rules that can do almost anything you would want.
by pe1chl
Wed Apr 14, 2021 11:53 am
Forum: General
Topic: Cloutik feedback ?
Replies: 10
Views: 788

Re: Cloutik feedback ?

It could be interesting to use such a feature but indeed you can easily deploy it yourself using a VPS, CHR, maybe dude, and some simple setup. In fact I sometimes wondered why MikroTik does not make a private VPN available as part of IP cloud. There already is the feature to register a DDNS name, t...
by pe1chl
Wed Apr 14, 2021 11:44 am
Forum: General
Topic: Function to save some items on disk just before reboot [SOLVED]
Replies: 2
Views: 292

Re: Function to save some items on disk just before reboot [SOLVED]

There is a function in the scheduler to call a script at "startup" time. It would probably be a good feature suggestion to add a new "shutdown" time which means that the script will be called just before reboot or shutdown. Of course it is a bit tricky because the user likely exp...
by pe1chl
Wed Apr 14, 2021 11:37 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 128
Views: 19439

Re: v6.48.2 [stable] is released!

Dynamic data (DHCP leases, adress lists, ...) doesn't survive reboot, only static data (written to non-volatile storage) does. For DHCP lease list that's not a huge problem. When DHCP lease timer expires (or rather at half time), DHCP clients will try to renew leases and will request the same IP ad...
by pe1chl
Tue Apr 13, 2021 7:00 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4861

Re: Time Sync with SNTP client and IP Cloud Not Working

But NTP works fine for me, both the SNTP client and the NTP client (after installing the package) are in use on several different MikroTik routers I manage, all without any issue.
You must be doing something wrong.
by pe1chl
Mon Apr 12, 2021 8:07 pm
Forum: General
Topic: Multiplying IPv6 addresses with SLAAC network configuration
Replies: 1
Views: 217

Re: Multiplying IPv6 addresses with SLAAC network configuration

Set a low value for the RA lifetime in IPv6->ND. It is not a complete fix but at least it makes the problem disappear faster.
by pe1chl
Mon Apr 12, 2021 8:05 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 4861

Re: Time Sync with SNTP client and IP Cloud Not Working

It's been almost an hour but NTP status is still: started. My ISP doesn't block UDP 123 because other devices behind HAP AC can sync the time just fine. Some ISP block UDP port 123 towards their customers, not towards the network. When a router does NTP requests with source port 123 the replies are...
by pe1chl
Mon Apr 12, 2021 11:57 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29812

Re: v6.48.1 [stable] is released!

I have had trouble with that with earlier versions as well. My workaround has always been to use another match to select the queue items to change.
(never persisted to find what is really going wrong there, but selecting on a match with the current limit values never seems to work)
by pe1chl
Sun Apr 11, 2021 2:02 pm
Forum: Beginner Basics
Topic: blocking devices off your network
Replies: 17
Views: 1154

Re: blocking devices off your network

You have named DHCP as "defconf" , not a good name to use. That is just meaning "default configuration", it is the name set by MikroTik when you accept the default configuration or use the Quick Set menu to configure things. Besides that, the name does not influence the behavior...
by pe1chl
Sat Apr 10, 2021 9:19 pm
Forum: Beginner Basics
Topic: Mikrotik Switch - it is not a switch?
Replies: 30
Views: 1821

Re: Mikrotik Switch - it is not a switch?

It is not advisable to make the switch accessible (managable) from the internet!
When you really need that, setup a VPN with proper authentication (e.g. L2TP/IPsec) and allow management only from that VPN.
by pe1chl
Sat Apr 10, 2021 9:18 pm
Forum: Beginner Basics
Topic: PCC load balancing issue
Replies: 3
Views: 333

Re: PCC load balancing issue

It is always advisable to have a route for unmarked/unhandled packets, even when it is always via the same internet connection. E.g. you make one or two default routes in the main table, and make additional tables that have the route via one of the providers (and fallback to the other) in additional...
by pe1chl
Fri Apr 09, 2021 4:52 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

You cannot update to v7 beta that way! You need to read the installation instructions, make your backups, download the software from the website, upload to your router.
by pe1chl
Thu Apr 08, 2021 10:53 pm
Forum: General
Topic: Wrong date on VPLS
Replies: 1
Views: 198

Re: Wrong date on VPLS

There is a general bug in timestamps in winbox. I have read that it can be fixed by updating winbox and sometimes by deleting the cached information for that specific host.
(this is in the AppData folders)
by pe1chl
Thu Apr 08, 2021 10:51 pm
Forum: Beginner Basics
Topic: NTP setup with VLANs
Replies: 6
Views: 510

Re: NTP setup with VLANs

[*]My notebook PC in the main VLAN is receiving the time when the time server in the windows settings is set to the gateway IP in the same VLAN like the PC is (let's say NTP server IP = 192.168.1.1) [*]I tried to setup a firewall rule on UDP 123 to forward NTP requests to 192.168.1.1 from other VLA...
by pe1chl
Thu Apr 08, 2021 4:19 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Offcourse this have to be taken in account, but I would assume that further updates that are not compatible should not even be advertised in the packages update channel which is not the case. Reading on the number of current beta5 issues relating to boot even on supported hardware I guess the probl...
by pe1chl
Thu Apr 08, 2021 11:40 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

The RB751U-2HnD (discontinued) won't boot this 7.1b5 version in anyway. It would not surprise me at all when at some point in the v7 release process the support for some old devices with little memory and maybe uncommon chip will have to be dropped... This is an unusual device in that it has only 3...
by pe1chl
Wed Apr 07, 2021 11:15 pm
Forum: Beginner Basics
Topic: Does hEX S not support VLANs on trunks? [SOLVED]
Replies: 13
Views: 995

Re: Does hEX S not support VLANs on trunks? [SOLVED]

Yes these boxes are the strongest products from MikroTik. Cheap and quite good performance, and RouterOS is quite good for configuring such setups.
by pe1chl
Wed Apr 07, 2021 4:47 pm
Forum: General
Topic: Bridge hosts table when 2 interfaces with same MAC
Replies: 4
Views: 340

Re: Bridge hosts table when 2 interfaces with same MAC

What is special in this setup is that there are two VLANs (with different tag) that together form 1 subnet. I.e. they are bridged together. The router has its IP address, filter rules, etc. all on the bridge and externally there are these two VLANs. The reason is that I want to extend the wireless n...
by pe1chl
Wed Apr 07, 2021 4:34 pm
Forum: Scripting
Topic: Script to convert ip to address-list
Replies: 14
Views: 6131

Re: Script to convert ip to address-list

I think I would add the addresses to the list with some huge timeout so they are not written to flash... This list probably is not so "dynamic" compared to others. So 1 update per day (or even per week) should be OK. I'm going to check IF there are some hits against the counters anyway. U...
by pe1chl
Wed Apr 07, 2021 11:04 am
Forum: Scripting
Topic: Script to convert ip to address-list
Replies: 14
Views: 6131

Re: Script to convert ip to address-list

I think I would add the addresses to the list with some huge timeout so they are not written to flash...
by pe1chl
Wed Apr 07, 2021 10:51 am
Forum: General
Topic: Bridge hosts table when 2 interfaces with same MAC
Replies: 4
Views: 340

Re: Bridge hosts table when 2 interfaces with same MAC

To be clear, this bridge is doing nothing with VLANs. A VLAN-aware bridge would not be able to do this config. What I have is two VLAN sub-interfaces that are member of the bridge. So the bridge sees the untagged traffic only. It appears to work OK for now, only the host table view is incorrect. But...
by pe1chl
Wed Apr 07, 2021 12:24 am
Forum: General
Topic: Bridge hosts table when 2 interfaces with same MAC
Replies: 4
Views: 340

Bridge hosts table when 2 interfaces with same MAC

To overcome a limitation in another product, I have added 2 VLANs defined on the same interface to the same bridge: /interface bridge add name=bridge1 protocol-mode=none /interface vlan add interface=ether5 name=ether5.vlan62 vlan-id=62 /interface vlan add interface=ether5 name=ether5.vlan66 vlan-id...
by pe1chl
Tue Apr 06, 2021 9:25 pm
Forum: Scripting
Topic: Script to convert ip to address-list
Replies: 14
Views: 6131

Re: Script to convert ip to address-list

Of course for this particular purpose you could also make a DNS-based address list. Either using the DNS names from that list or by hosting some domain and loading it with the proper addresses for some name like doh-servers.example.com
by pe1chl
Tue Apr 06, 2021 11:42 am
Forum: General
Topic: Feature Request: Logging of all administrator user actions
Replies: 24
Views: 10557

Re: Feature Request: Logging of all administrator user actions

Again, read back the topic, there are ways to achieve that using scripting. Watch the log or history for events and when they occur, export the config and send it to some versioning system like git. Then you can use whatever beautiful reviewing system you like. E.g. with gitweb you can easily point ...
by pe1chl
Tue Apr 06, 2021 11:31 am
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1660

Re: why youtube is not blocked?

There are many company doing this. Like the one I am working in (has been like this for 7-8 years). When I click on a certificate of a site, like cnn.com, it does show our company certificate. I do not see any problem about this, since when you work for some, you should follow the rules they have. ...
by pe1chl
Mon Apr 05, 2021 6:08 pm
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1660

Re: why youtube is not blocked?

As I have written before, you can have full control and block stuff by using products like Forecepoint. To make this to work, you need to have full control of the client as well, some you can do with company polices. That requires you to break the security of https. Not something you would want to ...
by pe1chl
Mon Apr 05, 2021 5:23 pm
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1660

Re: why youtube is not blocked?

Also, the end of tls-host matching is not in TLS 1.3 but in "encrypted SNI" which is a further extension to TLS 1.3 which may become part of a future TLS version. As of now, it is being used by cloudflare webhosting. But undoubtedly Google will start using that too, or invent something dif...
by pe1chl
Mon Apr 05, 2021 5:16 pm
Forum: General
Topic: Email smtp timeout on mikrotik
Replies: 7
Views: 807

Re: Email smtp timeout on mikrotik

Well, when the problem is "can send a small mail but it hangs on large mail or attachment" is kind of suggests an MTU issue. But when "automatic clamp" does not work, it apparently is not an MTU issue that the MikroTik can see (like a PPPoE interface towards internet). As you say...
by pe1chl
Mon Apr 05, 2021 5:11 pm
Forum: General
Topic: Routing Mark - connection issues [SOLVED]
Replies: 6
Views: 390

Re: Routing Mark - connection issues [SOLVED]

It depends on how you apply the marks if that will work. When the mark is applied immediately at the start of the connection e.g. by matching source address it can work, but when your mark is determined later it can be too late for this to work. (of course when the mark changes routing, it will fail...
by pe1chl
Mon Apr 05, 2021 12:55 pm
Forum: General
Topic: Routing Mark - connection issues [SOLVED]
Replies: 6
Views: 390

Re: Routing Mark - connection issues [SOLVED]

Make sure you disable the "fasttrack" rule and "fastpath" setting in IP settings, then try again.
by pe1chl
Mon Apr 05, 2021 11:32 am
Forum: General
Topic: Email smtp timeout on mikrotik
Replies: 7
Views: 807

Re: Email smtp timeout on mikrotik

No idea. Impossible to debug such problems via forum, especially without config.
by pe1chl
Sat Apr 03, 2021 12:22 pm
Forum: Scripting
Topic: How to do a Fuzzy query [SOLVED]
Replies: 9
Views: 1017

Re: How to do a Fuzzy query [SOLVED]

Yes, I think so, because for the "address in subnet" match one would expect the address is compared as a 32-bit number (first an AND with the subnet mask and then a compare) while for the ~ match each address first has to be converted from binary number to text string, and then a regexp ma...
by pe1chl
Fri Apr 02, 2021 5:56 pm
Forum: Scripting
Topic: How to do a Fuzzy query [SOLVED]
Replies: 9
Views: 1017

Re: How to do a Fuzzy query [SOLVED]

I do not know where the idea of the xx.xx.xx.xx/16 in address came from, it of course should be address in xx.xx.xx.xx/16.
by pe1chl
Fri Apr 02, 2021 4:21 pm
Forum: General
Topic: Email smtp timeout on mikrotik
Replies: 7
Views: 807

Re: Email smtp timeout on mikrotik

It is unlikely that the MikroTik router is involved in this timing.
Maybe you need to add TCP MSS clamping:
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \
    protocol=tcp tcp-flags=syn
by pe1chl
Fri Apr 02, 2021 4:18 pm
Forum: Scripting
Topic: How to do a Fuzzy query [SOLVED]
Replies: 9
Views: 1017

Re: How to do a Fuzzy query [SOLVED]

Actually that has to be "^172\\.17\\." Inside " the \\ is evaluated to \ and then the \. means a literal . The construct dst-address in 172.17.0.0/16 is much better in general, because it can also apply to subnet masks not aligned with byte boundaries. It is also likely more efficient...
by pe1chl
Fri Apr 02, 2021 4:09 pm
Forum: Forwarding Protocols
Topic: Routing over ipsec
Replies: 8
Views: 1139

Re: Routing over ipsec

No, you should make the IPsec profile only for transport mode (between the public IP addresses) and put GRE inside that as a tunnel.
by pe1chl
Thu Apr 01, 2021 7:25 pm
Forum: General
Topic: TCP MSS Value
Replies: 2
Views: 451

Re: TCP MSS Value

He probably means some form of "attack" where TCP sessions with a very small MSS are set up, and so there is a large number of packets used to transport only very little data.
It would be possible to filter on that, but it is not unlikely that this can cause some erroneous packet drops.
by pe1chl
Wed Mar 31, 2021 7:26 pm
Forum: Beginner Basics
Topic: Invalid Forwards [SOLVED]
Replies: 9
Views: 824

Re: Invalid Forwards [SOLVED]

He probably means "long term version".
However that is useless, this bug is in Linux and it has always been in RouterOS as well (I mean the TCP tracking bug).
by pe1chl
Wed Mar 31, 2021 6:04 pm
Forum: General
Topic: DNS connection failure
Replies: 16
Views: 1124

Re: DNS connection failure

Use the default rules. And first remove that add action=add-src-to-address-list address-list=Black_Ips address-list-timeout=none-dynamic chain=forward dst-port=5060-5061 in-interface=ether1 protocol=udp src-address=\ !14.x.x.x (and probably the other Black_Ips related rules) because that is bringing...
by pe1chl
Wed Mar 31, 2021 5:45 pm
Forum: General
Topic: Download Router configuration
Replies: 3
Views: 409

Re: Download Router configuration

Well that is terrible... but it is good news in the sense that it would be trivial to hack it when you do not know the password. I would recommend to first connect an RS232 cable and login there. Obtain a USB-to-RS232 cable for a few bucks and use a serial terminal program. When you can login you ca...
by pe1chl
Wed Mar 31, 2021 11:35 am
Forum: General
Topic: DNS connection failure
Replies: 16
Views: 1124

Re: DNS connection failure

Re-read reply #3. There is your problem.
Also, set up a decent firewall, also for input. Otherwise you will be hacked.
by pe1chl
Tue Mar 30, 2021 11:31 pm
Forum: Forwarding Protocols
Topic: Keep using firewall rules with VRRP
Replies: 5
Views: 764

Re: Keep using firewall rules with VRRP

It is possible, although quite hard, to synchronize the configuration of those 2 routers using some scripting (so you can configure only router 1 and the config of router 2 will be automatically updated), but it isn't possible to keep the connection tracking state of router 2 synchronized with route...
by pe1chl
Tue Mar 30, 2021 11:27 pm
Forum: Beginner Basics
Topic: Invalid Forwards [SOLVED]
Replies: 9
Views: 824

Re: Invalid Forwards [SOLVED]

I have recently noticed that my firewall has been dropping many invalid forwards. There is a bug in the tracking code that often causes such things. When a TCP connection is finished using FIN/ACK_FIN the tracking entry is immediately deleted. When the remote side sends another packet for this conn...
by pe1chl
Tue Mar 30, 2021 5:58 pm
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1660

Re: why youtube is not blocked?

Yes, it looks like it is time that tls-host is supported for QUIC as well...
Of course, for the time being. Because tls-host will cease to work anyway.
by pe1chl
Tue Mar 30, 2021 5:56 pm
Forum: General
Topic: Download Router configuration
Replies: 3
Views: 409

Re: Download Router configuration

Do you have the password? What RouterOS version is it running?
by pe1chl
Tue Mar 30, 2021 4:02 pm
Forum: Beginner Basics
Topic: OpenVPN Client shared folders
Replies: 1
Views: 221

Re: OpenVPN Client shared folders

Most likely a firewall problem on the client. Windows firewall will not allow this by default.
by pe1chl
Tue Mar 30, 2021 3:32 pm
Forum: General
Topic: DNS server not returning specific A record (may be DNS/DoH bug)
Replies: 4
Views: 455

Re: DNS server not returning specific A record (may be DNS/DoH bug)

Ok I should say I never attempted to fiddle with that DoH thing as I have no use for it (I trust my ISP more than I trust Google) and I have seen enough indications that its implementation is buggy.
When you want to help fix it make a supout.rif and make a ticket at MikroTik or mail it to support.
by pe1chl
Tue Mar 30, 2021 2:25 pm
Forum: General
Topic: DNS server not returning specific A record (may be DNS/DoH bug)
Replies: 4
Views: 455

Re: DNS server not returning specific A record (may be DNS/DoH bug)

Are you sure the "unchanged result" when changing things in your router is really reflecting the new situation in the router? A Windows system will "cache" earlier replies and will show the same result without asking again. You can use "ipconfig /flushdns" between your ...
by pe1chl
Mon Mar 29, 2021 3:39 pm
Forum: RouterBOARD hardware
Topic: What difference between router and switch
Replies: 11
Views: 1727

Re: What difference between router and switch

Yes, but that was already written in posting #2 in this topic. Please do not run around in circles.
by pe1chl
Mon Mar 29, 2021 10:56 am
Forum: Wireless Networking
Topic: Indoor PTP links without line of sight
Replies: 11
Views: 961

Re: Indoor PTP links without line of sight

Sorry I mixed up Audience and Chateau there...
by pe1chl
Sat Mar 27, 2021 7:57 pm
Forum: Beginner Basics
Topic: Load balancing between 2 wan on same network
Replies: 10
Views: 789

Re: Load balancing between 2 wan on same network

Yes the standard load balancing/failover config shown on the forum should work.
It would be best to reset to defaults, make that work first, and then add all the other crud.
As it is now, it is too difficult to follow for casual readers on the forum to help.
by pe1chl
Sat Mar 27, 2021 1:12 pm
Forum: General
Topic: Forward all wan traffic to another firewall
Replies: 9
Views: 781

Re: Forward all wan traffic to another firewall

Please describe your network. What MikroTik device do you have and how is it connected to internet, why can't you connect the PFsense firewall instead? When it is for a Wifi link, as said, configure it in bridge mode and it will not touch the traffic at all. What rules do you mean, the PFsense firew...
by pe1chl
Fri Mar 26, 2021 6:47 pm
Forum: Beginner Basics
Topic: Load balancing between 2 wan on same network
Replies: 10
Views: 789

Re: Load balancing between 2 wan on same network

But my problem is that my 2 WAN is on the same network and have the same gateway. If i create 2 WAN interfaces on the same network, my Mikrotik routeur say that my FAI gateway is only seen via one interface (the first) and not the second. That's my problem. No, your problem is that you did not make...
by pe1chl
Fri Mar 26, 2021 5:51 pm
Forum: General
Topic: Reset and load a custom save.rsc file
Replies: 7
Views: 700

Re: Reset and load a custom save.rsc file

Ok, one could actually consider this to be a bug. Probably someone studied the matter of "MAC access available by default and that is insecure" and made this change without considering the situation of a full reset. allowed-interface-list=all should be the default when no setting, and the ...
by pe1chl
Fri Mar 26, 2021 5:48 pm
Forum: Beginner Basics
Topic: Load balancing between 2 wan on same network
Replies: 10
Views: 789

Re: Load balancing between 2 wan on same network

In that case just treat it as a generic load balancing setup, there is enough info about that on the forum and in the wiki!
by pe1chl
Fri Mar 26, 2021 4:21 pm
Forum: Beginner Basics
Topic: Load balancing between 2 wan on same network
Replies: 10
Views: 789

Re: Load balancing between 2 wan on same network

Make a bonding interface and put the two ether interface in it. Use that as your WAN (put it in WAN interface list too).
by pe1chl
Fri Mar 26, 2021 4:16 pm
Forum: General
Topic: Reset and load a custom save.rsc file
Replies: 7
Views: 700

Re: Reset and load a custom save.rsc file

Even with a completely correct export file it is sometimes not possible to import it automatically, because there are mistakes in the sequence of the commands in export where some command refers to an item that is created only further down the file. What I found when trying to import an export from ...
by pe1chl
Thu Mar 25, 2021 7:54 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 74
Views: 60899

Re: New User Manager in RouterOS v7

Sure, but then you need indefinite patience. Sometimes one just wants something that is available today :-)
by pe1chl
Thu Mar 25, 2021 6:47 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 74
Views: 60899

Re: New User Manager in RouterOS v7

You should be able to do it via API.
Of course when you want something that is available today (and has been available for years) you can always use freeradius on a Linux box, even a Raspberry Pi.
by pe1chl
Thu Mar 25, 2021 5:43 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

@mrz Do you know if there is any work done or planned to be done to enable transfer of path quality parameters from e.g. a WiFi link into a routing protocol? (or even to develop a new routing protocol that is able to handle auto routing in a network consisting of a partial mesh of WiFi links which h...
by pe1chl
Thu Mar 25, 2021 5:38 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 77
Views: 43573

Re: DHCP Offering Lease Without Success

Yes, that is correct. Also maybe some other clarification: this procedure is actually by design, it is there to allow redundant DHCP servers. When you have 2 DHCP servers on the same physical network, each with part of the available address space as a pool, the clients will send a DISCOVER and get t...
by pe1chl
Thu Mar 25, 2021 2:04 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 77
Views: 43573

Re: DHCP Offering Lease Without Success

1; MT DHCP server does always deliver a DHCP lease to the client. (State=offered). After a short timeout the DHCP sever does a check on the DHCP lease , and that fails (does not go to bound). Then the DHCP lease is withdrawn. 2. That check never reaches the client! So the client does not answer. We...
by pe1chl
Thu Mar 25, 2021 11:22 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 77
Views: 43573

Re: DHCP Offering Lease Without Success

When you start these clients one at a time, do they get a different IP address and do they get registered in the DNS server with different client IDs?
If not, it is not going to work when you start them together. When MAC address is the only key, you cannot have two clients on the same machine!
by pe1chl
Thu Mar 25, 2021 11:11 am
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 74
Views: 60899

Re: New User Manager in RouterOS v7

Please read the start post of the topic!
Originally user manager was mainly intended to authenticate users on a WiFi network using permanent accounts, temporary tickets, etc.
But now it is made into a versatile RADIUS server. That should also be able to do other things.
by pe1chl
Wed Mar 24, 2021 5:23 pm
Forum: Beginner Basics
Topic: RB 2011iL does not get Gib traffic
Replies: 19
Views: 1485

Re: RB 2011iL does not get Gib traffic

4011 should easily do it...
by pe1chl
Wed Mar 24, 2021 12:12 pm
Forum: Scripting
Topic: Get log line from memory log
Replies: 15
Views: 1055

Re: Get log line from memory log

In that case you may be able to use a similar automatic script. I still think a welcome new feature would be a "script" target for error logging. Like this: /system logging add action=script topics=ipsec,error script="ipsecerrorscript" Then whenever a message with topic ipsec,err...
by pe1chl
Wed Mar 24, 2021 11:25 am
Forum: General
Topic: RAMdisk
Replies: 18
Views: 3499

Re: RAMdisk

I can understand why they would not want to change the directory structure of existing devices to match what is now on 16MB flash devices, because that would surprise existing users that are running user manager, dude, custom scripts, etc. But I cannot understand why it is not possible to add ramdis...
by pe1chl
Wed Mar 24, 2021 10:40 am
Forum: Beginner Basics
Topic: Does hEX S not support VLANs on trunks? [SOLVED]
Replies: 13
Views: 995

Re: Does hEX S not support VLANs on trunks? [SOLVED]

Is this with firewall filters? And do you use connection tracking and fasttrack? Or just some matches on input/output interface?
by pe1chl
Wed Mar 24, 2021 10:31 am
Forum: Scripting
Topic: Get log line from memory log
Replies: 15
Views: 1055

Re: Get log line from memory log

Yeah, I already found the solution to my problem. my mistake was to just start scribbling away in the console and trying things like: /log print where... :put [/log find ...] but when I tried /log [tab] to see what can be done, there was NO /log get showing up. so I thought /log get would not be imp...
by pe1chl
Tue Mar 23, 2021 4:53 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29812

Re: v6.48.1 [stable] is released!

MNDP is a UDP broadcast and will not work when IP is not configured. But Winbox can still detect devices in that state, it will list them without IP address.
So apparently Winbox does not use or does not rely on MNDP, but uses at least one of the LLDP or CDP protocols.
by pe1chl
Sun Mar 21, 2021 9:16 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

It will not improve the performance, it will increase the max number of connections that can be tracked at any one time. With that, you should be able to have more users on the network. It is good that the RAM is used at all. I am still hoping for an implementation of RAMdisk on all platforms with a...
by pe1chl
Sun Mar 21, 2021 4:55 pm
Forum: General
Topic: needing netinstall most of the times after restarting the router
Replies: 8
Views: 798

Re: needing netinstall most of the times after restarting the router

Are you saying that the 8V minimum specification already accounts for being given less than 8V? If so, I think that's a very unwise assumption to the point that it's plain wrong to assume. Come on! I say that the 8V allows for the room the regulator needs to provide the internal voltages, and 8V or...
by pe1chl
Sun Mar 21, 2021 1:42 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Did you start with empty config or did you upgrade from an installed v6 or earlier v7? Probably the script to migrate config failed, try to start fresh without config (netinstall or reset to defaults). But it could also be there is something that fails on this model of router (not foreseen in the de...
by pe1chl
Sun Mar 21, 2021 1:39 pm
Forum: General
Topic: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]
Replies: 8
Views: 1115

Re: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]

Ok I normally do not use the "change TCP MSS" checkmark in the profile as I prefer to see what is happening and have some more control... also that option has sometimes malfunctioned in the past so then I went with the mangle rule. I also sometimes set the MSS explicitly to a lower value l...
by pe1chl
Sun Mar 21, 2021 1:33 pm
Forum: General
Topic: BGP Update Question
Replies: 4
Views: 445

Re: BGP Update Question

You need to explain what you exactly are doing, what you expected, and what actually happens.
by pe1chl
Sun Mar 21, 2021 11:06 am
Forum: General
Topic: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]
Replies: 8
Views: 1115

Re: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]

Well of course to enable 1500 byte MTU on PPPoE the ethernet transport network between your router and the ISP PPPoE server has to allow 1508 byte packets. That means the MTU on that network has to be configured at 1508 everywhere (usually there is a VLAN so 1512 bytes for that) and the hardware has...
by pe1chl
Sun Mar 21, 2021 10:54 am
Forum: Forwarding Protocols
Topic: Selective routing with failover in MikroTik - How?
Replies: 8
Views: 1500

Re: Selective routing with failover in MikroTik - How?

Yes I agree that it would be nice to have routing dependent on class of service. I posted my reply above as a copy of the same reply in a different topic, of course here it is a bit redundant because what I wrote is mostly what you already stated as not desirable. But I think that when you make rout...
by pe1chl
Sun Mar 21, 2021 12:25 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Can the cake lovers please stop quoting entire articles in their reply?
by pe1chl
Sun Mar 21, 2021 12:23 am
Forum: General
Topic: needing netinstall most of the times after restarting the router
Replies: 8
Views: 798

Re: needing netinstall most of the times after restarting the router

Of course the headroom for the supply is already in the 8V minimum that MikroTik specify. When it would need more headroom they would specify a higher input minimum. The copper wire thickness is something you need to watch out for, as it is outside of the router control and specs. I think the proble...
by pe1chl
Sun Mar 21, 2021 12:18 am
Forum: General
Topic: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]
Replies: 8
Views: 1115

Re: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]

Initially with VLAN if at MTU=1500 I have got the PPPoE at 1480 That is a known problem with MikroTik. When they auto-calculate an inner max MTU/MRU from the outer MTU they assume a worst-case header size of 20 for PPPoE while in reality it is almost always 8. When you overrule the auto-calculated ...
by pe1chl
Sat Mar 20, 2021 6:29 pm
Forum: General
Topic: BGP Update Question
Replies: 4
Views: 445

Re: BGP Update Question

New prefixes should appear as soon as they are received, maybe you mean you need to kill the session to see changes caused by adding new route filters?
Indeed there is a problem with that. It often helps to disable/enable the new filter.
by pe1chl
Sat Mar 20, 2021 6:27 pm
Forum: General
Topic: Adguard blocking youtube
Replies: 2
Views: 577

Re: Adguard blocking youtube

"Adguard" is not a MikroTik thing. For problems, ask them.
by pe1chl
Sat Mar 20, 2021 6:25 pm
Forum: General
Topic: needing netinstall most of the times after restarting the router
Replies: 8
Views: 798

Re: needing netinstall most of the times after restarting the router

Device is shiped standard with a 24V power adapter. Go figure.
9V should be OK though. It is specified for 8-30V. We often run them on 12V instead of 24.
Of course the lower the voltage, the higher the current (power remains the same).
by pe1chl
Sat Mar 20, 2021 6:23 pm
Forum: General
Topic: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]
Replies: 8
Views: 1115

Re: Setting MTU correctly on vlan-if for pppoe connection. [SOLVED]

The setting that matters is the Max.MTU/Max.MRU setting in the PPPoE client. Set that to 1492 if that is the max that your ISP supports (and inform them that you would be happier when they supported 1500 and RFC4638). The MTU on the VLAN and the SFP does not really matter, you can set that to anythi...
by pe1chl
Sat Mar 20, 2021 3:12 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Maybe this time there is another problem. I recognize the problem reported above ("ping works fine but cannot visit websites") and in my case it was related to upstream MTU.
But that was with v6.xx and not with this beta, my test setup does not have IPv6 at the moment.
by pe1chl
Sat Mar 20, 2021 2:07 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Path MTU discovery is inefficient, and indeed it often fails due to overzealous firewall operators. Explicit MTU setting information is much better. The AVM routers deployed by my ISP have automatic copy of the WAN MTU to the MTU advertised on LAN by ND. So when the WAN MTU is 1492 (PPPoE without RF...
by pe1chl
Sat Mar 20, 2021 1:53 pm
Forum: General
Topic: Mikrotik Switch Recommendation for newbie
Replies: 22
Views: 1277

Re: Mikrotik Switch Recommendation for newbie

You confuse the capabilities of the system with the capabilities and skills of the operators. On a Unifi system it is equally easy to add an SSID and connect it to the same or a different VLAN. No problem at all. The only drawback compared to MikroTik in reconfiguration is that the APs go down and u...
by pe1chl
Sat Mar 20, 2021 11:00 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Such issues can be caused by incorrect MTU somewhere in the path. E.g. when you have PPPoE to internet and the MTU there is 1492, but on LAN you incorrectly advertise 1500 byte MTU. It would be nice when RouterOS could copy actual MTU from one interface into advertised MTU of another, but for now yo...
by pe1chl
Sat Mar 20, 2021 10:57 am
Forum: General
Topic: Mikrotik Switch Recommendation for newbie
Replies: 22
Views: 1277

Re: Mikrotik Switch Recommendation for newbie

Well, what I like about the MikroTik wifi equipment is that it actually can do routing. When setting up a simple wireless network e.g. our AMPRnet (HAMnet) this is convenient, as the same device can be both link AP and router for the subnet. Of course it would be even better when at the same time i...
by pe1chl
Fri Mar 19, 2021 9:04 pm
Forum: General
Topic: Mikrotik Switch Recommendation for newbie
Replies: 22
Views: 1277

Re: Mikrotik Switch Recommendation for newbie

Well, what I like about the MikroTik wifi equipment is that it actually can do routing. When setting up a simple wireless network e.g. our AMPRnet (HAMnet) this is convenient, as the same device can be both link AP and router for the subnet. Of course it would be even better when at the same time it...
by pe1chl
Fri Mar 19, 2021 8:38 pm
Forum: General
Topic: Mikrotik Switch Recommendation for newbie
Replies: 22
Views: 1277

Re: Mikrotik Switch Recommendation for newbie

Yeah, I think i didn't read hard enough because I was really impressed on the capability of their routers for a fraction of a cost and caught off guard in their switch gear and i'm also under the assumption that SWOS is pretty much preferred as the name implies, but I stand corrected if this was no...
by pe1chl
Fri Mar 19, 2021 6:33 pm
Forum: General
Topic: Mikrotik Switch Recommendation for newbie
Replies: 22
Views: 1277

Re: Mikrotik Switch Recommendation for newbie

Yes of course offloading would bring MikroTik swiches into the same ballpark as common "L3 switches" on the market are, but it is only available in v7 beta for now. And of course CSS switches won't have it. I agree with gotsprings: I would not buy switches from MikroTik myself except maybe...
by pe1chl
Fri Mar 19, 2021 5:12 pm
Forum: General
Topic: EAP-TTLS and EAP Identity
Replies: 7
Views: 529

Re: EAP-TTLS and EAP Identity

The answer is: yes that is the intended behavior, no there is no such option, because that would not be possible.
by pe1chl
Fri Mar 19, 2021 5:11 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Worth the effort? wave2 package is compatible with 4 devices. Is it worth the effort, to develop a wave2 package for just 4 devices? I think developing wave2 now is a way to break out of the "we have no software for wave2 - we have no devices that can do wave2 - why should we sell devices that...
by pe1chl
Fri Mar 19, 2021 5:08 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Am I the only one with broken WebFig?
Maybe... Webfig works fine here.
Which platform?
CHR. I only run v7 as a test right now.
by pe1chl
Fri Mar 19, 2021 5:06 pm
Forum: Wireless Networking
Topic: Indoor PTP links without line of sight
Replies: 11
Views: 961

Re: Indoor PTP links without line of sight

Yeah I read the beta5 firmware seems to be more stable. But of course it was released only some days ago so not certain yet.
by pe1chl
Fri Mar 19, 2021 4:59 pm
Forum: Wireless Networking
Topic: 10Mhz channel on 5GHZ
Replies: 6
Views: 727

Re: 10Mhz channel on 5GHZ

Usually N type devices can select those 5 or 10 MHz channels without problems. And on some other manufacturer's AC devices it is also possible to select 10 MHz. The typical indoor WiFi router and the typical WiFi client (e.g. phone or laptop) cannot do this, which is another reason to sometimes use ...
by pe1chl
Fri Mar 19, 2021 4:54 pm
Forum: General
Topic: EAP-TTLS and EAP Identity
Replies: 7
Views: 529

Re: EAP-TTLS and EAP Identity

But that is of course not possible! Your clients do not want their identity to leak, and so you cannot see it. The AP does not know the true identity of the user because it transports that in a TTLS tunnel to the Radius server. There is no way for the AP to know the identity, only the Radius server ...
by pe1chl
Fri Mar 19, 2021 3:33 pm
Forum: General
Topic: EAP-TTLS and EAP Identity
Replies: 7
Views: 529

Re: EAP-TTLS and EAP Identity

As usual in EAP you need to configure the identity two times: as the anonymous identity and in the username field. I always set them the same as I don't care about "leaking" the identity.
When you don't want that you need to enter the real identity in the MSCHAPv2 username field only.
by pe1chl
Fri Mar 19, 2021 3:00 pm
Forum: Wireless Networking
Topic: Indoor PTP links without line of sight
Replies: 11
Views: 961

Re: Indoor PTP links without line of sight

It is a bit harsh to recommend MikroTik Audience to someone who comes here because of stability problems with other manufacturer's devices...
by pe1chl
Fri Mar 19, 2021 2:52 pm
Forum: General
Topic: ccr1009 low performance at BT server udp/random, send
Replies: 4
Views: 377

Re: ccr1009 low performance at BT server udp/random, send

MikroTik device performance is only specified for external traffic being forwarded by the device. When you run BT server on the device itself, you will not have this performance. You need 2 more devices (either more CCR or some PC) which make the traffic that you forward through the CCR and D52G to ...
by pe1chl
Fri Mar 19, 2021 2:44 pm
Forum: General
Topic: Mikrotik Switch Recommendation for newbie
Replies: 22
Views: 1277

Re: Mikrotik Switch Recommendation for newbie

You have to understand that a MikroTik switch with routing capability cannot be compared to a L3 routing switch from high end manufacturers (Cisco, Aruba, etc). What MikroTik offers is a switch that can do full port speed switching between ports on the same VLAN. For routing, the traffic flows to th...
by pe1chl
Fri Mar 19, 2021 2:39 pm
Forum: Wireless Networking
Topic: 10Mhz channel on 5GHZ
Replies: 6
Views: 727

Re: 10Mhz channel on 5GHZ

That is unfortunately correct... the older N equipment can do 10 and even 5 MHz channels, but AC devices do only 20 MHz and above. Apparently it is a limitation of the chip that is used. It is unfortunate, because for long distance links a smaller bandwidth (of course with lower speed) is often bett...
by pe1chl
Fri Mar 19, 2021 2:16 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Other vendors can make wave2 work with 16MB, so why not the Big Mik too? I have WiFi Wave2 APs from a wellknown competitor but their firmware image is 14 MB and this is only for an AP managed by a separate controller. And it is a compressed image, the unpacked files on the flash require 39 MB. Of c...
by pe1chl
Fri Mar 19, 2021 12:05 pm
Forum: Announcements
Topic: Newsletter March 2021 (#99)
Replies: 35
Views: 9638

Re: Newsletter March 2021 (#99)

Great to see New Developments from Team Mikrotik.... Please also give more importance to IPv6...... Agreed we need more attention ipv6. Just realised there is no ipv6 policy based routing. So annoying. That sure is annoying! They are working on it in RouterOS v7 but unfortunately the development pa...
by pe1chl
Fri Mar 19, 2021 12:00 pm
Forum: General
Topic: DNS connection failure
Replies: 16
Views: 1124

Re: DNS connection failure

Did you configure some "clever" script that automatically puts IP addresses that perform a port scan into some hackers list and blocks them in the raw firewall? When you do that, it is common to have this problem! There are people who send such portscan-like packets (e.g. a TCP SYN to port...
by pe1chl
Fri Mar 19, 2021 10:39 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Please add average cpu usage for the last day / month / year whatever.
That has been available for many years already! Look at Tools->Graphing
by pe1chl
Fri Mar 19, 2021 12:35 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Am I the only one with broken WebFig?
Maybe... Webfig works fine here.
by pe1chl
Thu Mar 18, 2021 6:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Extending the disk size (the filesystem on the available disk space) is done on every reboot. When you extend the disk size "live" in the VM environment and look in System->Resources, nothing has happened (so it does not trigger this merely when the disk size changes), but when you then re...
by pe1chl
Thu Mar 18, 2021 4:18 pm
Forum: Beginner Basics
Topic: RB 2011iL does not get Gib traffic
Replies: 19
Views: 1485

Re: RB 2011iL does not get Gib traffic

I recently tested again on a 2011 without NAT and no Fasttrack. It uses PPPoE to connect to internet and then as a GRE tunnel across that, and traffic is sent over the GRE tunnel. So the router has to do two levels of encapsulation/decapsulation: GRE and PPPoE. It maxes out at about 65 Mbps. 100% CP...
by pe1chl
Thu Mar 18, 2021 2:11 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Unfortunately looks like CHR upgrade from beta4 to beta5 may break the image.
Is it a problem with beta4 or beta5?
I think the problem was in beta4 as well, when I upgraded to beta4 I also had problems but I do not exactly remember what. I started from scratch then as well.
by pe1chl
Thu Mar 18, 2021 2:10 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

There has been a discussion before that images should be 128 MB at least.
I had this issue long time ago with a CHR.
Then maybe MikroTik should put that in their .ova files and/or make the disk images that size?
by pe1chl
Thu Mar 18, 2021 12:40 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

I can confirm if you add extra space, the upgrade from beta 4 to beta5 will be successful. Interestingly, the beta5 fresh install I made still has a 64MB disk. Would it be recommended to increase that already? (this is of course a very small file on a VM host... no idea why they do not take 128 or ...
by pe1chl
Thu Mar 18, 2021 11:52 am
Forum: Forwarding Protocols
Topic: Selective routing with failover in MikroTik - How?
Replies: 8
Views: 1500

Re: Selective routing with failover in MikroTik - How?

I think your only real option for routing differently depending on packet marks (e.g. based on DSCP or other kinds of SLA) is to have multiple different routing tables each maintained by a separate instance of a routing protocol (or different routing protocols), and using a selection of the routing ...
by pe1chl
Thu Mar 18, 2021 11:51 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

I think your only real option for routing differently depending on packet marks (e.g. based on DSCP or other kinds of SLA) is to have multiple different routing tables each maintained by a separate instance of a routing protocol (or different routing protocols), and using a selection of the routing ...
by pe1chl
Wed Mar 17, 2021 9:45 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

When I use BGP and check the "Peer Cache" tab I see an active connection and I receive the routes, but "number of prefixes" in the table is 0.
by pe1chl
Wed Mar 17, 2021 9:36 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Hello everyone, where are the promised BGP filters?
This is the only thing that stops me from moving to v7.
See reply #7 above.
by pe1chl
Wed Mar 17, 2021 8:55 pm
Forum: Wireless Networking
Topic: Double SSID on both 2,4 / 5 GHz band
Replies: 5
Views: 526

Re: Double SSID on both 2,4 / 5 GHz band

When the frequency is set to "auto" it will do a quick scan on startup and select a channel that is least occupied. It will not change that later when the situation changes, so it is of little use. You can also select a fixed frequency and/or use a channel list to suggest frequencies is sh...
by pe1chl
Wed Mar 17, 2021 7:43 pm
Forum: Beginner Basics
Topic: Does hEX S not support VLANs on trunks? [SOLVED]
Replies: 13
Views: 995

Re: Does hEX S not support VLANs on trunks? [SOLVED]

Yes, that is correct! You only need a bridge when you: - want multiple ports to connect to the same network - want to use spanning tree protocols (STP/RSTP/MSTP) With only a single trunk to a switch that handles that, you don't need a bridge and you can use the VLAN subinterfaces directly on SFP1 as...
by pe1chl
Wed Mar 17, 2021 7:01 pm
Forum: Beginner Basics
Topic: Does hEX S not support VLANs on trunks? [SOLVED]
Replies: 13
Views: 995

Re: Does hEX S not support VLANs on trunks? [SOLVED]

I think people run 64 bit wine on MacOS, but I never use it so I don't have details. You can use webfig when you properly firewall it (only accept input to port 80 on the management network). One big advantage of RouterOS is that commandline, webfig and winbox offer exactly the same configuration op...
by pe1chl
Wed Mar 17, 2021 6:57 pm
Forum: Beginner Basics
Topic: Does hEX S not support VLANs on trunks? [SOLVED]
Replies: 13
Views: 995

Re: Does hEX S not support VLANs on trunks? [SOLVED]

Ok you want to have the SFP1 on the "internal" side and then trunked to the switch. I understood that it would be the uplink to an existing network with VLANs. When you want to do that it is possible to omit that VLAN aware bridge and use only VLAN subinterfaces on the SFP1 interface, then...
by pe1chl
Wed Mar 17, 2021 6:25 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

Can any one of you send us a RAW disk image from damaged CHR?
I only have a copy of the machine as it was before I attempted the upgrade. I can send it when no others have a copy of the failed one.
by pe1chl
Wed Mar 17, 2021 5:59 pm
Forum: Scripting
Topic: Get log line from memory log
Replies: 15
Views: 1055

Re: Get log line from memory log

Thanks! It turns out that /log get does exist. It does not auto-complete with tab, strange. But it works.
And the /print as-value trick also works.
I remembered that I had seen examples but could not find them using the search....
by pe1chl
Wed Mar 17, 2021 2:20 pm
Forum: Beginner Basics
Topic: Does hEX S not support VLANs on trunks? [SOLVED]
Replies: 13
Views: 995

Re: Does hEX S not support VLANs on trunks? [SOLVED]

You can run winbox under wine on Linux or MacOS. It is not really clear if you want to configure your hEX S as a router or as a switch. It is easy to configure a trunk on sfp1, just add a number of VLAN sub-interfaces to it each with the proper VLAN ID. But of course then you want to do some things ...
by pe1chl
Wed Mar 17, 2021 2:06 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36511

Re: v7.1beta5 [development] is released!

I had a test CHR on VMware ESXi 6.7 running 7.1beta4 with a quite simple config (1 interface, fixed address, a BGP session) I used System->Packages upgrade to load 7.1beta5 It fails to boot now. On the console it says: Load system WARN: GPT: skip truncate ERROR: could not mount disk! Please attach i...
by pe1chl
Wed Mar 17, 2021 1:31 pm
Forum: Scripting
Topic: Get log line from memory log
Replies: 15
Views: 1055

Get log line from memory log

To work around some problem I would like to write a script that looks at the memory log to check for some error message. (due to the lack of a "script" action in /system logging, which would be much better: when a log occurs with that target, call a specified script with log info as a para...
by pe1chl
Wed Mar 17, 2021 11:45 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Yes, that surely would help. It would be nice to have the possibility to read SNMP values into variables and then run a script to modify parameters of the routing. In BGP it would be possible to change route filters that set "BGP prepend" and "BGP local pref". Unfortunately they ...
by pe1chl
Tue Mar 16, 2021 9:03 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

There are two different kinds of backups: the type you get when using /system backup save ... which results in a binary backup that is supposed to be easy to restore but you cannot look what it contains, you can only restore it on the same router with the same firmware, etc. And then there is the ty...
by pe1chl
Tue Mar 16, 2021 8:52 pm
Forum: Wireless Networking
Topic: Double SSID on both 2,4 / 5 GHz band
Replies: 5
Views: 526

Re: Double SSID on both 2,4 / 5 GHz band

No it would be like this: AP1 Master interface 1 - main SSID, 2,4GHz AP1 Master interface 2 - main SSID, 5GHz AP1 Slave interface 1 - guest SSID, 2,4GHz AP1 Slave interface 2 - guest SSID, 5Ghz Usually the 2,5 GHz interface will be called wlan1 and the 5 GHz interface wlan2. When you add slave inter...
by pe1chl
Tue Mar 16, 2021 4:59 pm
Forum: Wireless Networking
Topic: Double SSID on both 2,4 / 5 GHz band
Replies: 5
Views: 526

Re: Double SSID on both 2,4 / 5 GHz band

In RouterOS, you will find that configuration for SSID etc is always done on some wireless interface, which always is only for one band. Each band has its own wireless interface, and only when that band is supported on that particular device. So you may find devices with a 2.4 GHZ device, with a 5 G...
by pe1chl
Tue Mar 16, 2021 11:40 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

Previous time this happened (in a stable release), after a lot of whining there was a small package released that you could install and then reboot and it would fix the problem. (unfortunately first release of the package destroyed the installation completely so netinstall was required anyway, but s...
by pe1chl
Mon Mar 15, 2021 12:03 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

That is not good! I advise you to make a backup and export, and then re-install the router using netinstall. Maybe make a support file first when you want to bother to send it for investigation. After the netinstall you can restore the backup, or even better: apply the export file again (but this wi...
by pe1chl
Mon Mar 15, 2021 11:20 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

You should not store files on the router flash memory. It has no space for that. When you need to store files, connect extra storage (like a USB stick).
by pe1chl
Mon Mar 15, 2021 11:08 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

I want routers to poll their radio neighbor and get the RSSI/SNR/MCS values and act upon them. If there's a heavy rain storm causing a link to run at MCS0/1 or flapping, or lots of retransmission I want to disable the OSPF interface so traffic does not use that link and takes another path until it ...
by pe1chl
Sun Mar 14, 2021 8:52 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 96
Views: 26191

Re: Feature Request: IPSEC Improvements

Well, as I already mentioned, there is IPIP over IPsec or GRE over IPsec, which both perform the same function as VTI (especially when IPsec is used in transport mode). You get your separate interface, you get your troublefree operation in a router that also does NAT, etc. In fact Cisco itself was a...
by pe1chl
Sun Mar 14, 2021 12:47 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 96
Views: 26191

Re: Feature Request: IPSEC Improvements

You have to understand that when you are operating in a mixed-vendor environment it can happen any day that the other vendor comes up with something new and you cannot follow, and it is not reasonable to ask from every vendor to track every other vendor in their new features. We have seen it with VT...
by pe1chl
Fri Mar 12, 2021 2:27 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 104
Views: 23241

Re: WinBox v3.27 released!

PLEASE GO AWAY HERE!! IT IS NOT APPRECIATED THAT YOU DUMP YOUR UNRELATED QUESTIONS IN OTHER TOPICS!
Open a new topic for your question!
by pe1chl
Fri Mar 12, 2021 2:23 pm
Forum: General
Topic: Enable TCP ECN for bandwidth efficiency
Replies: 11
Views: 5736

Re: Enable TCP ECN for bandwidth efficiency

That is right, ECN router support requires some form of queuing where it would be applied (i.e. queue overflows detected and ECN bits adjusted) plus there has to be support in TCP but that would normally not be in the router itself, but in the endpoint. Exception is only when the router is the TCP e...
by pe1chl
Thu Mar 11, 2021 2:09 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

Apparently the person maintaining the blog woke up and posted another blog article... which had not happened for a long time.
by pe1chl
Thu Mar 11, 2021 12:31 pm
Forum: Beginner Basics
Topic: RB 2011iL does not get Gib traffic
Replies: 19
Views: 1485

Re: RB 2011iL does not get Gib traffic

Remember that the published performance figures are always only for the minimum set of features that you can read from those tables. So when you use extra features, like in your case PPPoE and NAT, the indicated performance will not be achieved. I consider the 2011 to be a router capable of 100 Mbps...
by pe1chl
Thu Mar 11, 2021 10:48 am
Forum: RouterOS v7 BETA
Topic: DNS server is broken in 7.1beta4
Replies: 10
Views: 1097

Re: DNS server is broken in 7.1beta4

/ip dns set allow-remote-requests=yes servers=192.168.2.1,192.168.1.1 This is wrong! You specify your own address as a DNS resolver for the router to use! You should put only external addresses here. /ip dhcp-server network add address=192.168.2.0/24 gateway=192.168.2.1 netmask=24 Add some DNS serv...
by pe1chl
Wed Mar 10, 2021 3:44 pm
Forum: RouterOS v7 BETA
Topic: DNS server is broken in 7.1beta4
Replies: 10
Views: 1097

Re: DNS server is broken in 7.1beta4

I guess that this is related to what I wrote already: the DNS server info is obtained from an upstream connection which is not "up" at the time you make the DHCP request. You could work around this by putting the addresses of two external DNS servers in that DHCP Network tab. Or you could ...
by pe1chl
Wed Mar 10, 2021 1:02 pm
Forum: RouterOS v7 BETA
Topic: DNS server is broken in 7.1beta4
Replies: 10
Views: 1097

Re: DNS server is broken in 7.1beta4

Your report is unclear. What do you mean: - the clients do not know the address of the DNS server, which they usually obtain through DHCP. that would not be a broken DNS server, that could be a broken DHCP server - the clients know the address of the DNS server, but it does not respond to their quer...
by pe1chl
Wed Mar 10, 2021 11:38 am
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 176
Views: 57439

Re: Future of LTE products, user feedback requested

On the other hand, having an external antenna theoretically opens the possibility to have a couple of different models for different bands, and choose the one for the correct band. (not sure how practical that is, however, you would have to know as a customer on which band your telecom operator work...
by pe1chl
Wed Mar 10, 2021 12:24 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

IPQ4019 - hap ac3, audience QCA9984 - rb4011, audience QCA9888 - ?? dual band 2x2 ac on 5GHz IPQ6018 - quad core A53 @ 1.0 GHz, 2x2 ax 2.4GHz, 2x2 ax 5GHz IPQ8074/IPQ8074v2 - quad core A53 @ 2.2 Ghz, 4x4 + 2x2 ax 5Ghz, 2x2 ax 2.4GHz so i am not particularly concerned about the future throughput. Ye...
by pe1chl
Tue Mar 09, 2021 9:28 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 111
Views: 23468

Re: v6.49beta [testing] is released!

Version 6.49beta22 has been released.
I do not see any information about DoH memory leak fix.
So it's still not fixed?
There also is a non-DoH resolver memory leak, I have upgraded my test system to check if it has now been fixed. (takes a while)
by pe1chl
Wed Mar 03, 2021 5:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

I often do stuff that requires a gigabit internet connection, and getting even close to that with wireless would be great.
When you want that kind of throughput, MikroTik wireless is not the best choice for you (except maybe the 60 GHz products).
Other manufacturers are far ahead in this regard.
by pe1chl
Tue Mar 02, 2021 8:18 pm
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 68
Views: 39136

Re: OpenVPN SHA256 + UDP

I think the issue is that RouterOS does not use the available opensource OpenVPN implementation, probably for reasons of licensing. They implemented the protocol themselves and now it is a lot of work to keep uptodate with what the opensource version develops. And don't forget that while one crowd i...
by pe1chl
Sun Feb 28, 2021 7:55 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

And rules for a number of different addresses can be combined using address lists.
Rules that are some exception e.g. only for certain interfaces can be grouped into a single chain that is jumped from the toplevel chains.
So there really is not a problem.
by pe1chl
Sat Feb 27, 2021 10:41 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 104
Views: 23241

Re: WinBox v3.27 released!

Well yes it is a bit strange that it is in the detail window, because when you click COPY it will open a new window with the copy but the original is still there. You have to be careful to close that without also saving it. I think instead it should have been "save as new" where you can op...
by pe1chl
Sat Feb 27, 2021 5:26 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 75
Views: 19903

Re: v6.47.9 [long-term] is released!

- download all_packages.zip file for the version you want to install - unpack the file and select only the packages you need - put these files on a location accessible to the routers - write a small script that fetches the files (/tool fetch) and reboots the router - upload that script to every rout...
by pe1chl
Sat Feb 27, 2021 5:24 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 104
Views: 23241

Re: WinBox v3.27 released!

I'd love to see "duplicate" command for firewall rules, to create similar rule. Especially useful if want to try something by copying old rule and then temporary disable old one. And when create several similar rules.
That is the COPY button that is already there.
by pe1chl
Sat Feb 27, 2021 5:22 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

more important for me will be a selective protocol not only TCP or UDP and creating double rules but have a protocol list 6 TCP + 17 UDP in one FW RULE - this can grup my firewall rules drastically. That makes no sense! TCP and UDP are different protocols, they cannot be grouped. Access List of oth...
by pe1chl
Sat Feb 27, 2021 12:19 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 75
Views: 19903

Re: v6.47.9 [long-term] is released!

Hi, is there a confirmation from MikroTik of this issue and if so, is there any plan for fixing long-term stream? I have planned remote upgrade of hap lite devices and want to make sure that it is safe. Thank You I would recommend to do a manual upgrade in any case. You can control what version get...
by pe1chl
Fri Feb 26, 2021 7:11 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

As for features I believe I read this somewhere recently where someone was suggesting firewall lists within firewall lists. That way we can select a number of firewall lists into a group of their own and so on. That feature has been present for years. But people don't bother to really study the mat...
by pe1chl
Fri Feb 26, 2021 11:45 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Oh... well I prefer stacked windows rather than tiled ones, and I would like to see a "taskbar" or similar feature where you can click windows that have gone buried under others, to raise them again. Or some "lower" function that you can click in a large window to move it back to...
by pe1chl
Fri Feb 26, 2021 10:55 am
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 75
Views: 19903

Re: v6.47.9 [long-term] is released!

The problem must be in your network, maybe one or more of your configured DNS resolvers does not respond.
by pe1chl
Fri Feb 26, 2021 10:52 am
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323197

Re: Feature requests

Maybe you should explain what "snapping capabilities" are?
by pe1chl
Thu Feb 25, 2021 9:24 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 49
Views: 55508

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

Are you sure that adding a /queue tree item prevents the packets handled by the queue from getting fasttracked? Yes, sniffing does disable fasttracking, maybe torching does as well, but adding a queue? You are right, adding a queue tree to an interface (vs a global queue tree) should not disable fa...
by pe1chl
Thu Feb 25, 2021 7:07 pm
Forum: General
Topic: Slow VPN tunnels (SSL, PPTP, L2TP)
Replies: 49
Views: 55508

Re: Slow VPN tunnels (SSL, PPTP, L2TP)

For some reason, my SSTP connection was slow unless I either TORCHED the connection or enabled a QUEUE TREE on the interface (even though nothing goes through the queue tree, apparently). That means you are using "fasttrack" in a situation where it cannot be used. (fasttrack is enabled by...
by pe1chl
Wed Feb 24, 2021 7:32 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

There is no such thing as a "default certificate" that will be usable with modern browsers.
You need to provide a certificate or it will be marked as unsafe. Nothing you can do about that.
by pe1chl
Wed Feb 24, 2021 5:54 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29812

Re: v6.48.1 [stable] is released!

as reported on 6.48, queue tree packets counter seems to be a 32 unsigned integer and is overflowing at 2 million and something packets. That is not the only "32-bit counter" issue in RouterOS v6. I have previously reported such issues and it seems the fix for that is planned only in v7.
by pe1chl
Wed Feb 24, 2021 11:20 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

It can also help to connect the serial port (if there is any) to another system and run a terminal program there to capture what is sent to serial.
by pe1chl
Wed Feb 24, 2021 11:18 am
Forum: General
Topic: block internet access but allow some sites - NOT WORKING
Replies: 7
Views: 472

Re: block internet access but allow some sites - NOT WORKING

How you will find what IP has outlook.com if you drop traffic to DNS server? Well, there are two things: the client can get a DNS server (actually resolver) where it can lookup outlook.com, this can be the MikroTik router itself when it is configured to forward those DNS requests to next level reso...
by pe1chl
Tue Feb 23, 2021 8:42 pm
Forum: General
Topic: block internet access but allow some sites - NOT WORKING
Replies: 7
Views: 472

Re: block internet access but allow some sites - NOT WORKING

Also those networks published by Microsoft are not complete and uptodate all the time. I tried to fill an address list with "Microsoft addresses" to use in an outbound firewall but it is a continuous task where the drop rule is logging and you need to examine the dropped traffic weekly, do...
by pe1chl
Tue Feb 23, 2021 5:02 pm
Forum: General
Topic: LLDP only works partially
Replies: 9
Views: 1464

Re: LLDP only works partially

LLDP works only between a switch and its connected equipment.
MNDP works across a broadcast-capable network. So it can work on a local network (including across switches) and also over some but not all VPN networks.
(e.g. GRE, L2TP)
by pe1chl
Tue Feb 23, 2021 12:05 pm
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 9
Views: 2455

Re: Request: Better visibility regarding SLAAC in V7

I fully agree that this is not right! It was probably the result of some dirty hack to add a client for SLAAC to RouterOS, as in normal Linux it works as expected (you can see the address and route using "ip -6 addr" and "ip -6 route"). It should show the address and route as a D...
by pe1chl
Tue Feb 23, 2021 11:12 am
Forum: General
Topic: LLDP only works partially
Replies: 9
Views: 1464

Re: LLDP only works partially

LLDP is not forwarded by (correctly working) switches. So what you observe would be normal: you do not see the LLDP info at a router connected to APs via a switch.
MikroTik has another protocol that provides this information (MNDP) which works at UDP level and it is forwarded by switches.
by pe1chl
Sun Feb 21, 2021 2:52 pm
Forum: General
Topic: 6.45.6 ipsec site to site tutorial request
Replies: 13
Views: 2023

Re: 6.45.6 ipsec site to site tutorial request

Ok... I don't understand why the external addresses of the GRE tunnels were set to a NAT'ed address, I always set those to the external address of the router.
Of course this method may be more convenient when the external address is not fixed.
by pe1chl
Sun Feb 21, 2021 11:53 am
Forum: General
Topic: l2TP ,IP SEC,IKEv1 and IkeV2 in more Details and information
Replies: 15
Views: 4131

Re: l2TP ,IP SEC,IKEv1 and IkeV2 in more Details and information

What I wrote was true at that time, but since then changes have been made to RouterOS so it is now possible to have multiple identities for the same peer.
by pe1chl
Sun Feb 21, 2021 11:48 am
Forum: General
Topic: 6.45.6 ipsec site to site tutorial request
Replies: 13
Views: 2023

Re: 6.45.6 ipsec site to site tutorial request

The NAT rule should have been no problem, unless the GRE or IPIP tunnel interface is in the interface list WAN. It should NOT be in that list!
by pe1chl
Fri Feb 19, 2021 3:14 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29812

Re: v6.48.1 [stable] is released!

So if you have no control of the client, webproxy is useless. That is correct. You can do "auto proxy config" e.g. on Windows machines but it requires a webserver to store a file with the proxy config (the URL of that file is sent as a DHCP option). In such cases it is a bit inconvenient ...
by pe1chl
Fri Feb 19, 2021 10:59 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29812

Re: v6.48.1 [stable] is released!

It can be used with https, but only when configured in the client as a proxy server. Not when configured in the router as a transparent proxy.
by pe1chl
Thu Feb 18, 2021 7:04 pm
Forum: General
Topic: IPv6 and NAT - how I changed my mind
Replies: 31
Views: 14562

Re: IPv6 and NAT - how I changed my mind

No, MikroTik routers do not come with preconfigured network prefix translation, as they do not support it at all. (at least in v6) The main supported configuration for MikroTik routers with IPv6 is: - use DHCPv6 client to request IPv6 prefix pool from ISP and store it in a local pool - configure loc...
by pe1chl
Thu Feb 18, 2021 2:35 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29812

Re: v6.48.1 [stable] is released!

Come on! Web proxy on a hAP lite??? Maybe it is better when MikroTik release a "RouterOS lite" version for use on smips which does not include such applications... That would also ease the upgrading for those users, as they now often run out of memory during the upgrade and end up with a d...
by pe1chl
Thu Feb 18, 2021 12:12 pm
Forum: General
Topic: IPv6 and NAT - how I changed my mind
Replies: 31
Views: 14562

Re: IPv6 and NAT - how I changed my mind

With IPv6 , there is no need for NAT. Normally an upstream provider will hand off something like a /64 or a /60/ or possibly a whopping large /56 There is no need for many-to-one translation as is usual with IPv4 and having only a single external address for your entire network, but even with IPv6 ...
by pe1chl
Wed Feb 17, 2021 12:58 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

I'd speculate they shared the "beta" out of desperation — to demonstrate progress and to get some testing out in the wild for free. Well, we have been promised the version 7 that would solve all our problems for many years. Many feature additions and bugfixes were made to version 6 in the...
by pe1chl
Mon Feb 15, 2021 10:44 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 104
Views: 23241

Re: WinBox v3.27 released!

recently found that on one CCR (latest long-term ROS) with lots of interfaces (meaning thousands) when we try to resize column sizes or re-sort bridge-filters winbox is actig out: That is the problem discussed in posting #22 and #24-#26 of this topic, and other release topics since WinBox 3.22 (whe...
by pe1chl
Mon Feb 15, 2021 10:40 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

I think "stable" should not be used in any release name, because of the confusion between "stability of the system" and "stability of the version". Stable version can mean "it does not change often" or "it does not crash a lot". (just like "free...
by pe1chl
Mon Feb 15, 2021 11:38 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

In previous betas it was actually completing but after very long time, like 20m. Actually without 'verbose' it takes exactly 20min. Very interesting. This was already explained. It hangs twice, and apparently there is some form of software watchdog that fires after 10 minutes, generates a crashdump...
by pe1chl
Mon Feb 15, 2021 11:36 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

gre tunnel are borken ...down grade to 6.xx works immediately
This is known. Disable keepalive at both ends.
by pe1chl
Sun Feb 14, 2021 9:15 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

No, I did not and I agree it's worth mentioning. However, issue with running export (without any options) had been reported many times so far it's really stale by now and because it did not get fixed it's still reported over and over again. Yes it is a blocking issue for many. However I agree that ...
by pe1chl
Sun Feb 14, 2021 2:40 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

I wish MT acknowledged the problem so that not everybody (and their dog) reports it as some great discovery.
Did you know that /export verbose works when /export doesn't? For me that was a great discovery!
by pe1chl
Sun Feb 14, 2021 12:48 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

Follow up:
I noticed that verbose exports are considerably faster. Can someone else confirm that?
You are right! /export verbose works correctly, only when verbose is omitted it is slow and generates crashdumps.
by pe1chl
Sat Feb 13, 2021 6:05 pm
Forum: Virtualization
Topic: CHR is useless for disaster recovery scenarios
Replies: 6
Views: 988

Re: CHR is useless for disaster recovery scenarios

I think you should make your template without a license installed, and then clone it and you can get a trial license or assign a paid license to each cloned copy.
But I never tried that, I have always just installed the .ova instead of doing any cloning.
by pe1chl
Sat Feb 13, 2021 2:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31187

Re: v7.1beta4 [development] is released!

No, indeed it terminated after some time and completed the export, and also generated an autosuport.old.rif and autosupout.rif (spaced 10 minutes in time) I guess indeed it first did some part of the export, then hang for ~10 minutes, dumped an autosupout.rif and continued, hang again for ~10 minute...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 25