Community discussions

MikroTik App

Search found 7950 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 27
by pe1chl
Sat Oct 23, 2021 2:30 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 272
Views: 39708

Re: v7.1rc4 [development] is released!

Any info on BFD status (i.c.w. BGP)?
In v7.1rc2 topic it said "BFD is currently work in progress."
So hopefully it will appear in rc5?
It looks like this is the only missing feature I require to start testing on my home router... (currently a 4011)
by pe1chl
Sat Oct 23, 2021 11:54 am
Forum: General
Topic: Feature requests
Replies: 1394
Views: 358153

Re: Feature requests

When Winbox looses connection, or otherwise have been closed not the proper way, it always messes up my windows. After reopen all my windows are messed up and I have to organise them again. I know there is "Autosave on close" checkbox, but it is not working right. I can uncheck it, but it...
by pe1chl
Sat Oct 23, 2021 11:48 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

There is one major L2TP/IPSec regression in 6.48.x that has not yet been fixed in 6.48.5 (or anything newer): Using ROS 6.48.x, 6.49.x, 7.x and configuring IPSec peers with DNS name as remote address (not using fixed remote IP) the L2TP/IPSec connectivity stops working because any DNS addressed IPS...
by pe1chl
Fri Oct 22, 2021 4:09 pm
Forum: General
Topic: Feature requests
Replies: 1394
Views: 358153

Re: Feature requests

Feature request: network interfaces for IPsec in Tunnel mode.
That is the about same thing as IPIP tunnel with IPsec protection...
by pe1chl
Fri Oct 22, 2021 11:06 am
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 50
Views: 21174

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

The problem is in this case not caused by 16MB flash size, but by the combination of 16MB flash and 32MB RAM. The larger devices with 16MB flash and more RAM (128MB and more) do not have this problem yet. It could happen in the future. The problem in this case is not "MikroTik" but the fac...
by pe1chl
Thu Oct 21, 2021 9:31 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 565

Re: RB260GS EOL? [SOLVED]

Yeah, but as I mentioned above the most plausible reason why they would want to get rid of it is that a new model will appear soon that will make this model unattractive. (either because it will have a lower price, or because it will have more features for the same price) Distributors likely get ann...
by pe1chl
Thu Oct 21, 2021 6:53 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 565

Re: RB260GS EOL? [SOLVED]

Or COVID constrained chips supply to the new model, and they where caught between a rock and a hard place.
That is a possibility, but in that case it is strange that the local distributors offer them at a discount. You would expect a markup in that case.
by pe1chl
Thu Oct 21, 2021 3:41 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

But wouldn't most applications have several options for this and possibly autodetect the availability during ./configure?
When you cross-compile an application for another platform you should be careful to check that this process works right, and maybe do something like:
./configure --without-sysv-ipc
by pe1chl
Thu Oct 21, 2021 12:35 pm
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 50
Views: 21174

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

I have the exact same problem. Tried 3 different newer versions (stable and long-term) but nothing worked. Auto-update should copy files to ram if I understand correctly but it doesnt work It works like that on the more capable devices that have only 16MB of flash but do have a reasonable amount (1...
by pe1chl
Wed Oct 20, 2021 2:54 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 565

Re: RB260GS EOL? [SOLVED]

Well I think a lot of 1Gb 5-port switches already are on the market and the RB260GS was not entirely troublefree (I had experience with two of them but admittedly they were the first hardware version, the second could be better). I don't want to force you into using a hEX, only to offer an alternati...
by pe1chl
Wed Oct 20, 2021 2:49 pm
Forum: General
Topic: Per-port DHCP with port isolation on a hardware accelerated bridge
Replies: 8
Views: 459

Re: Per-port DHCP with port isolation on a hardware accelerated bridge

What you want can be achieved using standard switching capabilities (probably easier on an enterprise-grade switch than on a MikroTik, but it is possible). Where you run into difficulty is with the desire to have a fixed address assigned to a specific port, rather than to a MAC address as is the usu...
by pe1chl
Wed Oct 20, 2021 2:39 pm
Forum: General
Topic: RB260GS EOL? [SOLVED]
Replies: 15
Views: 565

Re: RB260GS EOL? [SOLVED]

Probably correct, local shops here still have inventory but they offer it at a special reduced price. That likely means they want to sell-out their stock before a new device appears that would make it an unattractive choice. So likely there will be an announcement of a new model. If not, you could c...
by pe1chl
Tue Oct 19, 2021 5:00 pm
Forum: General
Topic: GRE over IPSec stops working when PPPoE interface flaps.
Replies: 30
Views: 1885

Re: GRE over IPSec stops working when PPPoE interface flaps.

Also it is possible to set an "on up" script in the PPP profile used for the PPPoE connection (probably best to copy it from default and assign an appropriate name, then set that in the PPPoE connection). In this script you can do things like removing all tracking entries related to the co...
by pe1chl
Tue Oct 19, 2021 2:03 pm
Forum: General
Topic: Setting priority for IPsec traffic
Replies: 5
Views: 501

Re: Setting priority for IPsec traffic

It looks more and more like it is a bug in the ZyXEL VMG4005-B50A VDSL modem when operating in "QoS from ethernet priority" mode. As far as the trace between router and modem shows (I have used a mirror port on the switch to listen to the ether1 traffic on a separate PC with wireshark) it ...
by pe1chl
Tue Oct 19, 2021 10:59 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

How does MIkrotik test releases? I mean, lets see the academic explaination what long-term channel actually means for Mikrotik. For many people, longterm means: most battletestes. most stable. mostly bugfree. So to say a "rock solid" release. But then you realize, Mikrotik just shift over...
by pe1chl
Mon Oct 18, 2021 7:48 pm
Forum: General
Topic: Setting priority for IPsec traffic
Replies: 5
Views: 501

Re: Setting priority for IPsec traffic

After lots of tinkering with GRE/IPsec, sending plain packets with different DSCP, etc, the only conclusion can be that there is a bug that only surfaces in very special circumstances... Weird things are happening with DSCP and priority. I have rebooted the RB4011 and it behaves differently now. I h...
by pe1chl
Mon Oct 18, 2021 4:18 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

is it on purpose, that there is no container package for SMIPS architecture or was it just forgotten?
on all architectures i can find the container package in the all_packages-*-7.1rc4.zip file but not for SMIPS ?
There is no SMIPS device with enough RAM to allow the use of Docker containers...
by pe1chl
Sun Oct 17, 2021 8:49 pm
Forum: General
Topic: Setting priority for IPsec traffic
Replies: 5
Views: 501

Re: Setting priority for IPsec traffic

Thanks for replying! At first I thought "that may be it" because until now I was mainly using increased priority for e.g. VoIP with this modem and now I wanted to have a lower priority for part of this L2TP/IPsec traffic and it may be that it does not like the below-normal priorities. Howe...
by pe1chl
Sun Oct 17, 2021 7:16 pm
Forum: General
Topic: Setting priority for IPsec traffic
Replies: 5
Views: 501

Re: Setting priority for IPsec traffic

Anyone of the resident IPsec experts understand what is going on here? When I do a "set priority" on ESP packets (even a simple "match outgoing ESP packets and set priority 2") it instantly kills the L2TP/IPsec connection. When I do packet marking on them (to later use it in a qu...
by pe1chl
Thu Oct 14, 2021 4:26 pm
Forum: General
Topic: GRE over IPSec stops working when PPPoE interface flaps.
Replies: 30
Views: 1885

Re: GRE over IPSec stops working when PPPoE interface flaps.

Are these devices all connected to internet the same way? I.e. is it always a plain PPPoE connection to an ISP that offers a real and static external IP, not using cg-nat? I ask that because the behavior may very well depend on NAT occurring external to the MikroTik routers, or depend on the IP chan...
by pe1chl
Thu Oct 14, 2021 4:24 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

Do not update firmware when there is no clearly mentioned reason to do so, and certainly not when others report that it causes problems. Firmware update is only needed rarely, certainly not after every RouterOS update. One would wish that the separate firmware version numbering came back, and a rele...
by pe1chl
Thu Oct 14, 2021 10:49 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

It looks like rancid is using a telnet or ssh session to talk to the command interpreter intended for humans. That is not a wise thing to do. It is better to write a client that uses API. That could take the place of that mtlogin program and extract the information in a much more repeatable way (and...
by pe1chl
Wed Oct 13, 2021 5:01 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

Yes, something is clearly wrong, but it looks like people complain along the lines of "they should have noticed this during internal testing", and while I agree that it is a good thing to have automated testing procedures that are run before release and test for scenarios that commonly occ...
by pe1chl
Wed Oct 13, 2021 2:56 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Upgrade from 6.48.4 to 6.49 => Clients do not get IP address via DHCP over the EoIP tunnel Are you running CHR on a virtualization environment? Or is it a physical router? I had such issues and it was due to permission settings in the virtualization (allow promiscuous mode, allow MAC spoofing, etc)
by pe1chl
Wed Oct 13, 2021 12:50 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Can't you change your script to set a password instead? That is usually easy to do with tools like "expect".
by pe1chl
Wed Oct 13, 2021 11:16 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

I think the DNS server in the router is not intended to do things like "have 83152 static records". At that time it becomes important to have good data management and search methods, and likely that wasn't a priority when developing it. Similarly, you should not have too many complicated r...
by pe1chl
Tue Oct 12, 2021 11:22 pm
Forum: General
Topic: Setting priority for IPsec traffic
Replies: 5
Views: 501

Setting priority for IPsec traffic

Now that I have a new RB4011 router I am tinkering a bit with the optimization of queueing on my VDSL line. I have a ZyXEL VMG4005-B50A VDSL modem. I need to do PPPoE-over-VLAN6 with my provider and this modem can do QoS using 802.1p tagging on the PPPoE packets sent from MikroTik to the modem (whic...
by pe1chl
Tue Oct 12, 2021 4:25 pm
Forum: General
Topic: hap lite, not enough disk space.
Replies: 15
Views: 21796

Re: hap lite, not enough disk space.

First you disable the packages you don't need (and are sure you don't need!) in the combined package and reboot. Verify that you are running with only the packages you want. Then you upload only THESE packages from the all_packages.zip version you want to upgrade, and again reboot. It should now hav...
by pe1chl
Tue Oct 12, 2021 4:22 pm
Forum: General
Topic: Is 6.49 buggy?
Replies: 6
Views: 837

Re: Is 6.49 buggy?

A downgrade usually proceeds without issues but of course to do that you need to have remote access and when you have that without having an explicit VPN configured, you likely have lots of other issues...
by pe1chl
Tue Oct 12, 2021 11:35 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Yes, the memory leak appears to be fixed, the resolver now returns the large replies OK, but they still aren't loaded into an address list :-( Still not fixed on my rb951G-2hnd. Have to turn off 'Verify DOH Certificate' The issue I reported and was fixed was not related to DoH. Maybe there are stil...
by pe1chl
Mon Oct 11, 2021 11:36 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Is there a way to increase the password expiry time or remove this check completely? There is no password expiry time. The expiration is done manually (using a command or script). The initial setting after a full reset (blank password) is considered an "expired password" so you have to se...
by pe1chl
Mon Oct 11, 2021 10:57 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

I do not use-need password so i wanna vanish those reminders. I hope that is on an isolated lab testing network. Because even when you are using a proper firewall so the router is only accessible from inside, or even from your own computer, you still need a password when you use that computer to br...
by pe1chl
Mon Oct 11, 2021 10:54 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

I discussed about this with Normis some time ago and he insisted Mikrotik does it properly, there shouldn't be cumulative changelogs, we should read all changelogs by ourselves. I think MikroTik should put all changelog items in a database keyed with version number where they are added and version ...
by pe1chl
Sat Oct 09, 2021 9:28 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

No when you repartition to 2 partitions, the first one will contain what your entire flash contains now, and the second one will be empty.
Check that the current disk usage is (much) less than half of the total, and you will be safe.
by pe1chl
Sat Oct 09, 2021 4:53 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

Well, what I find most irritating is that the stable release was 6.48.4 (and it had some known problems e.g. in DNS resolver) and now it is quickly upgraded to 6.48.5 and declared long-term. Changing one version from stable to longterm is nothing new, and with all changes there was bugs before, and...
by pe1chl
Sat Oct 09, 2021 4:44 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Hello, I upgraded my CCR1009 yesterday… and lost my internet connection. My SERCOMM FGS202 SFP Module isn't recognized anymore. Problem is, it's a quite widely used one in France since the main ISP Orange ships it with their Internet box. When you have such a router (i.e. not one of the new home ro...
by pe1chl
Sat Oct 09, 2021 11:17 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

What is different this time is that Mikrotik gave less than two months to last stable release 6.48.4 to pass it on the long term release. Previous releases gave more time to the preceding stable version if I recall it correctly. Maybe they didn't have much tickets from 6.48.4 or maybe they just hav...
by pe1chl
Fri Oct 08, 2021 9:39 pm
Forum: General
Topic: Problem with Public IP in migration from RB4011 to CCR1009
Replies: 8
Views: 567

Re: Problem with Public IP in migration from RB4011 to CCR1009

Is your non-working setup the result of using /system backup save and /system backup load? If so: YOU CANNOT DO THAT. It will not work correctly! You need to do /export, edit the file to remove anything specific that the new router cannot understand, and then /import that. When you get errors (like ...
by pe1chl
Fri Oct 08, 2021 5:56 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Same issue with L2TP IPSec tunnels. Error message: "Tunnel was not encrypted" Is there a solution besides downgrading? Depending on the path the IPsec traffic takes between routers (e.g. via another NAT router or stateful firewall), IPsec tunnels can sometimes fail when one side is reboot...
by pe1chl
Fri Oct 08, 2021 4:50 pm
Forum: RouterOS v7 BETA
Topic: Can't import config on some routers
Replies: 11
Views: 806

Re: Can't import config on some routers

As I explained in reply #7 I did the same thing yesterday and it worked fine for me. Things I have different: - I use protocol-mode=none on the bridge (so no spanning tree waiting time issues) - I use an admin MAC address - I connect to port ether2 which has the same MAC on the port as that admin MA...
by pe1chl
Fri Oct 08, 2021 4:19 pm
Forum: General
Topic: Can not update ?
Replies: 4
Views: 512

Re: Can not update ?

Before, the version shown here (which is not the RouterOS version but more like the BIOS version on your PC) was competely different, it could show 3.21 for example while RouterOS was at 6.10 or so. But at some time the unfortunate decision was made to align these version numbers and now it is less ...
by pe1chl
Fri Oct 08, 2021 4:12 pm
Forum: RouterOS v7 BETA
Topic: Can't import config on some routers
Replies: 11
Views: 806

Re: Can't import config on some routers

I presume you connected via MAC address. It may be advisable to use port 2 instead of 5 and also to include an admin-mac in the bridge that is the same as the ether2 MAC address, because if you do not the MAC of the bridge will change during port changes which may confuse winbox. Yes I am connected...
by pe1chl
Fri Oct 08, 2021 4:09 pm
Forum: Forwarding Protocols
Topic: VPN Speed
Replies: 2
Views: 527

Re: VPN Speed

It is normal for those routers. They are 10 year old designs and have a processor without IPsec acceleration. The VPN speed is only 10-20 Mbps. When you want fast VPN you need to buy a newer design router (not necessarily more expensive) that includes IPsec acceleration. E.g. the hEX r3 (RB750 Gr3) ...
by pe1chl
Fri Oct 08, 2021 4:06 pm
Forum: General
Topic: NTP client possible bug?!?!
Replies: 17
Views: 802

Re: NTP client possible bug?!?!

It is often not really a good idea to search for NTP servers on some listings, then statically configure them in a router and not really monitor it. The NTP server may quit at any time, it may serve incorrect time, it may not like you using it and block your IP, etc. Only include NTP servers that yo...
by pe1chl
Fri Oct 08, 2021 3:53 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 101
Views: 18453

Re: v6.48.5 [long-term] is released!

I still think it is a bad policy to release a new version in the stable channel and declare it the long-term version at the same time. You should move versions to the long-term channel only after they have proven to be free of obvious issues in the stable channel for some time. (I know that long-ter...
by pe1chl
Fri Oct 08, 2021 2:13 pm
Forum: RouterOS v7 BETA
Topic: Can't import config on some routers
Replies: 11
Views: 806

Re: Can't import config on some routers

Ok this is like what I did on the 4011 and it worked for me. I presume you connected via MAC address. It may be advisable to use port 2 instead of 5 and also to include an admin-mac in the bridge that is the same as the ether2 MAC address, because if you do not the MAC of the bridge will change duri...
by pe1chl
Fri Oct 08, 2021 12:10 pm
Forum: RouterOS v7 BETA
Topic: Can't import config on some routers
Replies: 11
Views: 806

Re: Can't import config on some routers

Just yesterday I migrated the config from a RB2011 router to a RB4011. These are similar in port structure, yet still there are some differences. I exported the 2011 config and edited it to overcome that: - removed references to lcd and leds - the SFP port has a different name, edited that - the 2G ...
by pe1chl
Fri Oct 08, 2021 11:59 am
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 108
Views: 74377

Re: New User Manager in RouterOS v7

And I agree with the can of worms ... just found another worm , old Android devices do not function with the newer OpenSSL lib on the server, they answer with what FreeRadius sees as TLSv1.3 Today I heard about a new issue (the reverse of that one) where after an update an Android phone will no lon...
by pe1chl
Fri Oct 08, 2021 11:28 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

What exactly was removed?
*) defconf - removed overlapping IPv6 firewall rules;
In the default config there is an address list bad_ipv6 that contained some addresses that were actually subnets of another one. These were removed.
by pe1chl
Fri Oct 08, 2021 12:06 am
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Cool! (very cool indeed...)
by pe1chl
Thu Oct 07, 2021 7:34 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

Thanks, got it. My bad, used to see that testing is usually 1 minor version ahead. When testing moves from beta## to rc# and after one or more rc# the new stable is released, the stable version gets that major version number (without beta or rc suffix) and the testing remains at rc# for some time u...
by pe1chl
Thu Oct 07, 2021 7:20 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 140
Views: 24207

Re: v6.49 [stable] is released!

*) dns - fixed memory leak caused by large DNS replies;
Yes, the memory leak appears to be fixed, the resolver now returns the large replies OK, but they still aren't loaded into an address list :-(
by pe1chl
Thu Oct 07, 2021 6:14 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 108
Views: 74377

Re: New User Manager in RouterOS v7

Ok thank you (Buster2) for that info! I have been looking for this in many places but never received an answer as helpful as this! I will see if we can use that system (enterprise-wifi.net) in our organization. Unfortunately there is no response at all from enterprise-wifi.net admins, apparently a ...
by pe1chl
Thu Oct 07, 2021 5:43 pm
Forum: RouterOS v7 BETA
Topic: Can't import config on some routers
Replies: 11
Views: 806

Re: Can't import config on some routers

When you import the config using /import file from terminal, what error message does it print? Try adding verbose=yes to make it print the file while importing and see where it fails. With the "reset configuration and run-after-reset, there is a known problem (for years, I think it was never fi...
by pe1chl
Thu Oct 07, 2021 4:12 pm
Forum: General
Topic: WInbox feature request: drag and drop column order and right click column menu
Replies: 24
Views: 6987

Re: WInbox feature request: drag and drop column order and right click column menu

+1
This would still make a super useful feature.
Especially if the column you really need is on the far side of the window and you have to scroll there to see what you want.
But it has finally been implemented! You only need to upgrade your winbox to get this function.
by pe1chl
Tue Oct 05, 2021 8:02 pm
Forum: Wireless Networking
Topic: PTP BETWEEN LHG5 AND DYNADISH 5
Replies: 7
Views: 656

Re: PTP BETWEEN LHG5 AND DYNADISH 5

Make sure you use the settings that were successful for you, but are compatible with both devices.
by pe1chl
Tue Oct 05, 2021 10:35 am
Forum: General
Topic: winbox can't work correctly if "users" folder moved from disk C:
Replies: 13
Views: 872

Re: winbox can't work correctly if "users" folder moved from disk C:

It would be good to have "portable" mode switch that would keep all files in current winbox directory - so it can be put and used from USB flash drive, without modifying any system files. Something like: If subdirectory PORTABLE_PROFILE exists, store all files in there instead. It would b...
by pe1chl
Mon Oct 04, 2021 7:49 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: GREtap
Replies: 13
Views: 4893

Re: Feature Request: GREtap

It was never acknowledged by MikroTik as a feature worth implementing.
You will have to use EoIP instead.
by pe1chl
Mon Oct 04, 2021 5:29 pm
Forum: Wireless Networking
Topic: PTP BETWEEN LHG5 AND DYNADISH 5
Replies: 7
Views: 656

Re: PTP BETWEEN LHG5 AND DYNADISH 5

It should work. Did you ever make a link before?
Check that the wireless settings on each end are compatible.
by pe1chl
Mon Oct 04, 2021 5:27 pm
Forum: General
Topic: winbox can't work correctly if "users" folder moved from disk C:
Replies: 13
Views: 872

Re: winbox can't work correctly if "users" folder moved from disk C:

There is a file sessionpath in the winbox directory which has a pathname in it. You can edit that.
by pe1chl
Mon Oct 04, 2021 2:48 pm
Forum: General
Topic: wrong uptime (uptime reset, device didn't)
Replies: 6
Views: 807

Re: wrong uptime (uptime reset, device didn't)

Yes it depends on the environment, sometimes you see this wrap at 497 days, sometimes it just counts to 1000 or more.
E.g. the uptime visible via SNMP often wraps at 497 even when at other places in the system higher values can be shown.
by pe1chl
Mon Oct 04, 2021 11:35 am
Forum: General
Topic: Multiple VPNs but one per port
Replies: 2
Views: 294

Re: Multiple VPNs but one per port

Yes, that is certainly possible. This simple case may well be solved using VRF. (VRF is powerful but hardly documented, so when you want to use it in more complicated cases where you want to permit some traffic between VRF is quickly becomes black magic) But in any case you can use manual configurat...
by pe1chl
Mon Oct 04, 2021 11:30 am
Forum: General
Topic: wrong uptime (uptime reset, device didn't)
Replies: 6
Views: 807

Re: wrong uptime (uptime reset, device didn't)

It is quite common for uptimes to wrap after 497 days, when a 32-bit variable is used to count 10ms "clockticks" (100 per second). After 2^32 ticks (4294967296) it wraps to zero, that is after 4294967296/100/86400 days = 497 days. In the competitor's product, they even wrap after 49.7 days...
by pe1chl
Mon Oct 04, 2021 11:12 am
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 8182

Re: v6.49rc [testing] is released!

In SUP-51076 I am discussing memory leaks in the DNS resolver and was requested to test an internal beta56 which unfortunately was not available in the architecture of my test router. Now I see this rc1 and this item does not appear in the changelog, also it appears not to be solved (still testing)...
by pe1chl
Sat Oct 02, 2021 8:03 pm
Forum: Wireless Networking
Topic: Packet loss, RMA & QA.
Replies: 5
Views: 500

Re: Packet loss, RMA & QA.

Yes, I think we do. A 3-second break is still not fatal for normal internet usage, an application should be able to work around that. Also you must consider that MikroTik 60GHz link equipment is the cheapest of the cheapest you can get. When you have high requirements and expectations, it may not be...
by pe1chl
Sat Oct 02, 2021 6:57 pm
Forum: Wireless Networking
Topic: Packet loss, RMA & QA.
Replies: 5
Views: 500

Re: Packet loss, RMA & QA.

You write like "you sold me a bike that was promised to bring me to school but every 2 weeks it rains and I cannot go to school. and my homework is eaten by the dog and this is all caused by your bike". Of course that is not a reason to return the bike. You need to research what is really ...
by pe1chl
Sat Oct 02, 2021 2:06 pm
Forum: Wireless Networking
Topic: Packet loss, RMA & QA.
Replies: 5
Views: 500

Re: Packet loss, RMA & QA.

I would not consider a packet lost every few minutes on a wireless link a fatal problem that would require replacement or return of the equipment. Also it should not interrupt video conferences etc. Probably there is something else going on, and you think packet loss is the cause only because you fo...
by pe1chl
Fri Oct 01, 2021 11:00 am
Forum: RouterOS v7 BETA
Topic: Problem Ping with routing-table
Replies: 4
Views: 672

Re: Problem Ping with routing-table

Multiple route tables and vrf works a bit different on v7.
You may need to study it and adapt your configuration to make best use of it.
by pe1chl
Fri Oct 01, 2021 10:58 am
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 1477

Re: url filtering on ssl traffic through Web Proxy Configuration

The installation of a certificate on a users device to call "hacking" is a bit far fetched. It is not so uncommon to install a special cert on a PC. That does not mean it is a wise or desirable thing to do! It essentially breaks the entire system of trust between the PC and the website. I...
by pe1chl
Fri Oct 01, 2021 10:48 am
Forum: General
Topic: Guest network as VLAN tagged for one port
Replies: 9
Views: 1751

Re: Guest network as VLAN tagged for one port

i'd like to keep it that way instead of redesigning whole network as "tagged-only" except for access ports. May be that's stupid, but i feel more comfortable for now by introducing "advanced things" aside of simple things remaining simple (main network). Yes it is perfectly poss...
by pe1chl
Thu Sep 30, 2021 11:26 pm
Forum: RouterOS v7 BETA
Topic: Problem Ping with routing-table
Replies: 4
Views: 672

Re: Problem Ping with routing-table

Use the "vrf" parameter...
by pe1chl
Thu Sep 30, 2021 11:21 pm
Forum: General
Topic: Compress EoiP Tunnel
Replies: 4
Views: 632

Re: Compress EoiP Tunnel

Also you need to remember that compression of network traffic is becoming less and less effective as most network traffic is encrypted or already compressed. E.g. in the past I had good results with compression of generic LAN traffic between offices, carrying e.g. SMB traffic which would be Office d...
by pe1chl
Thu Sep 30, 2021 11:16 pm
Forum: General
Topic: Guest network as VLAN tagged for one port
Replies: 9
Views: 1751

Re: Guest network as VLAN tagged for one port

Yes, what you did is "all wrong", but it does work. The correct way would be to have only one bridge, create the VLAN interface on the bridge and configure port1 to have vlan 33 tagged. However what you have now is slightly more efficient as it allows hardware switching for the main networ...
by pe1chl
Thu Sep 30, 2021 5:27 pm
Forum: Beginner Basics
Topic: url filtering on ssl traffic through Web Proxy Configuration
Replies: 15
Views: 1477

Re: url filtering on ssl traffic through Web Proxy Configuration

MikroTik routers cannot do this. And it will become impossible in other devices as well because more and more protective measures are being rolled out to prevent this man-in-the-middle attack even when the user agrees to it (because users often do not know what they are agreeing to). "traffic w...
by pe1chl
Wed Sep 29, 2021 5:47 pm
Forum: Beginner Basics
Topic: Block local IP's fails [SOLVED]
Replies: 11
Views: 1076

Re: Block local IP's fails [SOLVED]

When you have no other switch connected or the particular device is not on another switch you can do it without VLANs.
You can either make a new network for that port and use a firewall rule as you did, or you can use switch/bridge tricks like bridge filter or port isolation.
by pe1chl
Wed Sep 29, 2021 5:14 pm
Forum: Beginner Basics
Topic: Block local IP's fails [SOLVED]
Replies: 11
Views: 1076

Re: Block local IP' fails [SOLVED]

Such firewall rules are not going to work within one network. You need to split your network e.g. by having different network on some physical ports, or using VLANs. Then you can move some device(s) to the other network and use such rules to filter the traffic. E.g. on a 4011 it makes sense to have ...
by pe1chl
Wed Sep 29, 2021 5:11 pm
Forum: General
Topic: Configuring IPv6 in IPv4 network
Replies: 4
Views: 450

Re: Configuring IPv6 in IPv4 network

It is going to be technical no matter what.
Your easiest solution will likely be to get IPv6 on your internet connection first.
Find out why it is only IPv4. E.g. ask the ISP. Tell them it is 2021. Don't accept "nobody ever asks for IPv6" answers.
by pe1chl
Wed Sep 29, 2021 11:32 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

I find interesting the possibility of running a RouterOS container (stable ROS version) inside your own router (development ROS version). Well, this is essentially how it all started on old MikroTik models that offered "MetaROUTER" where you could run either RouterOS or another image. Thi...
by pe1chl
Wed Sep 29, 2021 11:29 am
Forum: General
Topic: GRE over IPSec stops working when PPPoE interface flaps.
Replies: 30
Views: 1885

Re: GRE over IPSec stops working when PPPoE interface flaps.

What is seems to me, is that the GRE invalid session break the IPSec somehow.. But still, I should say it's maybe a firewall issue on the HQ? When it is the same issue as what I see, it is not a GRE or other tunnel issue but an IPsec issue. Any stateful firewall (including the NAT example I gave bu...
by pe1chl
Tue Sep 28, 2021 3:48 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 104
Views: 60196

Re: DHCP Offering Lease Without Success

Did you already experiment with the bridge protocol, disable-running-check, always broadcast, and lease time settings as discussed above?
by pe1chl
Tue Sep 28, 2021 3:02 pm
Forum: General
Topic: GRE over IPSec stops working when PPPoE interface flaps.
Replies: 30
Views: 1885

Re: GRE over IPSec stops working when PPPoE interface flaps.

I recognize that only when there is another NAT router inbetween. The NAT router has translated the original session to a different address but the same port numbers (500 and 4500), but after the outage the NAT router thinks there is a new connection and has not yet deleted the old one, and decides ...
by pe1chl
Tue Sep 28, 2021 2:01 pm
Forum: General
Topic: GRE over IPSec stops working when PPPoE interface flaps.
Replies: 30
Views: 1885

Re: GRE over IPSec stops working when PPPoE interface flaps.

I am using such a config and I do not see any issues. Watch out for: - firewall errors (as sindy mentioned, there is a bug in RouterOS for the past couple of versions. incoming GRE traffic is marked "invalid" instead of "established" or "new", when you drop invalid traf...
by pe1chl
Mon Sep 27, 2021 5:37 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 8182

Re: v6.49rc [testing] is released!

Have there been any changes in "source address selection" for locally originated packets (from the DNS resolver in particular) since 6.48? I am investigating a problem in that area that appears to be introduced in 6.48.x and that I cannot reproduce in 6.47.10 and 6.49rc1. But I do not see ...
by pe1chl
Mon Sep 27, 2021 5:29 pm
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 20
Views: 2594

Re: Wifi between concrete walls

Thank you all for proving me I was not right. I couldn't get 2.4 GHz signal out the underground garage. Tried with 2 panel antennas and later with 1 panel and Ubiquiti 13 dbi omni antenna. Since I can't get UTP cable between 2 buildings another solution (maybe) is a GSM/LTE model in the garage, dep...
by pe1chl
Mon Sep 27, 2021 2:10 pm
Forum: Wireless Networking
Topic: Wifi between concrete walls
Replies: 20
Views: 2594

Re: Wifi between concrete walls

GSM/LTE will probably have the same problem in an underground garage, unless you are lucky and there is a cell tower really close by.
by pe1chl
Sat Sep 25, 2021 1:22 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 8182

Re: v6.49rc [testing] is released!

I think the LHG60G will also be resticted when they get around to the certification process After 30th November an EMF license is require for over 40dBm Maybe in the UK it is about that EMF thing, but in EU it is about EN302567 which limits EIRP to 40dBm (like it is limited to 30dBm on 5 GHz). No i...
by pe1chl
Fri Sep 24, 2021 4:14 pm
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 8182

Re: v6.49rc [testing] is released!

I can't wait an hour to restore the service, driving 100Km away for test if serial cable work or not... OOB connectivity is essential for SPs. we even built a dedicated network on different access technology (LTE) to cut down reaction time. Well, when he installs an rc [testing] version on a router...
by pe1chl
Fri Sep 24, 2021 11:13 am
Forum: Announcements
Topic: v6.49rc [testing] is released!
Replies: 37
Views: 8182

Re: v6.49rc [testing] is released!

In SUP-51076 I am discussing memory leaks in the DNS resolver and was requested to test an internal beta56 which unfortunately was not available in the architecture of my test router. Now I see this rc1 and this item does not appear in the changelog, also it appears not to be solved (still testing)....
by pe1chl
Thu Sep 23, 2021 3:45 pm
Forum: General
Topic: Feature requests
Replies: 1394
Views: 358153

Re: Feature requests

For wireless connect-list it would be nice when it could skip to the next entry when authentication fails. As it is now, it will match the first entry with correct SSID (and other criteria like MAC) and try to connect, but when that connection is rejected because the password has changed, it does no...
by pe1chl
Thu Sep 23, 2021 10:47 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 180
Views: 55993

Re: v6.49beta [testing] is released!

The latest is beta54 and at some point I got offered a beta56 to test something, unfortunately not for the architecture I needed.
But that is quite some time ago and that beta56 did not get released yet...
by pe1chl
Mon Sep 20, 2021 4:17 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

I have not yet studied what special requirements there are for making a docker image, but in the past I have compiled programs for MIPS without problem by installing a cross-development environment on my PC. It consists of a cross-compiling gcc, linker, libraries etc. all in a user directory I creat...
by pe1chl
Mon Sep 20, 2021 2:55 pm
Forum: Wireless Networking
Topic: LHG 5 ac 10 MHz channel width
Replies: 9
Views: 1446

Re: LHG 5 ac 10 MHz channel width

Due to lack of response from MikroTik employees I have now created a support ticket for this issue. Let's see what the reply on that will be!
by pe1chl
Sun Sep 19, 2021 11:50 am
Forum: General
Topic: Client isolation within VLAN and fast roaming
Replies: 38
Views: 2278

Re: Client isolation within VLAN and fast roaming

You must permit clients to send ARP requests and DHCPDISCOVER requests which both have the broadcast MAC address as the destination one. The ARP requests must be able to reach the gateway router, and the DHCPDISCOVER requests must be able to reach the DHCP server. It is possible to do "somethi...
by pe1chl
Sun Sep 19, 2021 10:41 am
Forum: General
Topic: Client isolation within VLAN and fast roaming
Replies: 38
Views: 2278

Re: Client isolation within VLAN and fast roaming

@pe1chl , I think that way as well, that is why i tend to not block communication between wireless clients in the same broadcast domain... But it all depends on the level of security you want to apply... Yes, I am asking this question for a network with hundreds of users that are not in direct cont...
by pe1chl
Sat Sep 18, 2021 11:21 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 26024

Re: v7 launch date

Mikrotik now recommend that you use the latest beta version instead of 7.0.3.
Apparently, before there were issues with the betas that made 7.0.3 a better choice for the Chateau, but it no longer is true.
by pe1chl
Sat Sep 18, 2021 11:20 am
Forum: General
Topic: Client isolation within VLAN and fast roaming
Replies: 38
Views: 2278

Re: Client isolation within VLAN and fast roaming

In the context of this, does anyone here have broad knowledge of the impact that this client isolation will have on the typical devices in use today? I mean, those people walking around with phones and accompanying watches (Apple or Android), the users of phones and laptops that somehow work togethe...
by pe1chl
Thu Sep 16, 2021 3:14 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 108
Views: 74377

Re: New User Manager in RouterOS v7

Ok thank you (Buster2) for that info! I have been looking for this in many places but never received an answer as helpful as this!
I will see if we can use that system (enterprise-wifi.net) in our organization.
by pe1chl
Thu Sep 16, 2021 10:24 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

Linux is a multitasking operating system and has scheduling algorithms that make sure that all tasks get some CPU time, unless major foul-ups have been made setting realtime priority. Even when one "regular" process (which I assume the containers are) is using 100% CPU, other similar proce...
by pe1chl
Wed Sep 15, 2021 12:15 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 7174

Re: WinBox v3.30 released!

Why? After this flurry of new releases due to introducing bugs in new features, the version could again be stable for a year or even two.
by pe1chl
Wed Sep 15, 2021 11:47 am
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 108
Views: 74377

Re: New User Manager in RouterOS v7

That EAP/PEAP/MSChapv2 is a rather difficult thing to debug. The client devices are a bunch of different BYOD every week. There is no local support, and they cannot contact me. We use this on our company WiFi but so far only for WiFi authentication for company-supplied clients, which are mostly Sam...
by pe1chl
Wed Sep 15, 2021 11:37 am
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 108
Views: 74377

Re: New User Manager in RouterOS v7

With User Manager acting as RADIUS Server, I can connect EAP WPA2 Wi-Fi via android phones but not with Windows 10 clients in both wired and wireless connections. Hopefully MikroTik supports see this post and able to tell us what happens in it. I advise you to read about this problem outside of the...
by pe1chl
Wed Sep 15, 2021 11:33 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

While the matching capabilities of the API are quite limited, in many cases you can match what is possible in the query, then retrieve the entire matched list and do the remainder of the matching in the client. I have made several API programs (on external systems so far) that work this way, and it ...
by pe1chl
Wed Sep 15, 2021 11:19 am
Forum: Announcements
Topic: Mēris botnet information
Replies: 55
Views: 30769

Re: Mēris botnet information

Does the Windows malware also attempt to find "saved passwords" in e.g. winbox addresses.cdb and browser password save features?
by pe1chl
Tue Sep 14, 2021 4:40 pm
Forum: RouterOS v7 BETA
Topic: PLEASE MikroTik made NetInstall version for Docker....
Replies: 41
Views: 3094

Re: PLEASE MikroTik made NetInstall version for Docker....

How do you put them into netinstall, mode, if you have no access? Are they all set by default to nand-if-fail-then-ethernet ? In the past I have set devices to "try-ethernet-once-then-nand" so I would always be able to force them to netinstall in case something fails. But this setting no ...
by pe1chl
Mon Sep 13, 2021 4:14 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 7174

Re: WinBox v3.30 released!

You may want to reconsider if it is a good idea to "always work in safe mode", especially when you have reconnections.
Safe mode is a nice feature when you want to change critical connectivity-related parameters, but when you have it enabled all time time it may do more bad than good.
by pe1chl
Mon Sep 13, 2021 11:28 am
Forum: Announcements
Topic: Mēris botnet information
Replies: 55
Views: 30769

Re: Mēris botnet information

CCR comes without any default configuration and that includes firewall. It even comes without password! Like almost all MikroTik devices, the admin password is empty on first run. So when it was connected before the password was set, it was quite easy to hack it! On a "home" device there ...
by pe1chl
Mon Sep 13, 2021 12:30 am
Forum: Announcements
Topic: Mēris botnet information
Replies: 55
Views: 30769

Re: Mēris botnet information

Can we stop the off-topic discussion about address lists or move it to some other topic?
by pe1chl
Sun Sep 12, 2021 12:26 pm
Forum: RouterOS v7 BETA
Topic: Feature Request : IPv6 Fasttrack
Replies: 35
Views: 4814

Re: Feature Request : IPv6 Fasttrack

This is 2021 final quarter. Please implement a proper IPv6 stack. It is till way behind other vendors. Recursive routing is still not implemented. Time for mikrotik to pull up the socks. Docker and stuff can still wait, core functionalities of a router must be the priority. Totally agree. There see...
by pe1chl
Sat Sep 11, 2021 12:03 pm
Forum: Beginner Basics
Topic: New to Mikrotik
Replies: 55
Views: 3091

Re: New to Mikrotik

Good moment to erase everything and start from scratch!
by pe1chl
Sat Sep 11, 2021 12:01 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

The usecase for pihole docker is not usable on rb4011. Since the device has only 512mb of usable space when extracting the image.tar, the device runs out of space. No usb or sdcard interface. Any way to mount a external file system only to host the tar files? The Pihole developers or some other con...
by pe1chl
Fri Sep 10, 2021 11:03 pm
Forum: Scripting
Topic: Torch results to variable
Replies: 9
Views: 913

Re: Torch results to variable

You only need to add a firewall filter rule (in input or forward depending on what you are after) that will log the traffic, then you can still accept it for now and later see if you would want to change it to block. It is likely that your customer does not have so good hacking skills, but rather he...
by pe1chl
Fri Sep 10, 2021 10:31 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 55
Views: 30769

Re: Mēris botnet information

Starting today I see a new flood of random GRE traffic on the internet, not sure if it is caused by this botnet or if it is just coincidence. It appears to consist of GRE packets with random addresses both outside and inside, and with a UDP payload with random portnumbers and 512 bytes of random dat...
by pe1chl
Fri Sep 10, 2021 10:20 pm
Forum: General
Topic: Winbox display scaling on Linux/Wine for HiDPI screens
Replies: 9
Views: 3416

Re: Winbox display scaling on Linux/Wine for HiDPI screens

This is an old topic, the current winbox version allows zoomin/zoomout in the program itself.
by pe1chl
Fri Sep 10, 2021 6:47 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

This docker implementation looks nice, but I don't think it's good idea, plus I think Mikrotik should invest their development time on more important RouterOS things - like they did with ZeroTier. To the contrary! When the docker implementation had been made earlier, MikroTik would have had zero de...
by pe1chl
Fri Sep 10, 2021 6:45 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 7174

Re: WinBox v3.30 released!

I'm seeing this myself. I try and delete columns and they just return, sometimes with additional unselected columns .
ROS 7.1rc3
Winbox 3.30
Did you not read message #25 by oskarsk?
No need to add a "me too!" reply for the same fault over and over again.
by pe1chl
Fri Sep 10, 2021 5:44 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

could'nt install via winbox ... it was possible to update from 6.45 to 6.49 in winbox ... but developement-update was stuck while "computize download size" ... something like that You cannot upgrade from v6 to v7 that way. You need to download the appropriate v7 package from the website, ...
by pe1chl
Fri Sep 10, 2021 2:33 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 7174

Re: WinBox v3.30 released!

Show columns in OSFP / instance.
Did you not read message #25 by oskarsk?
No need to add a "me too!" reply for the same fault over and over again.
by pe1chl
Fri Sep 10, 2021 2:07 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 7174

Re: WinBox v3.30 released!

There is no long-term release for Winbox. These bugs were either a) always there and long time not discovered or b) are simple regressions because of e.g. some new column-drag-drop-feature. When you need some very stable version without recent features but without some known problems, try version 3...
by pe1chl
Thu Sep 09, 2021 8:09 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 7174

Re: WinBox v3.30 released!

is this the one where if you were dragging an entry in routing filters, it'd keep being sent down to the last position even though you were still holding the mouse button? if so, thank god. Yes, that is it! It was reported over and over again and dismissed with "we cannot reproduce it" un...
by pe1chl
Thu Sep 09, 2021 7:29 pm
Forum: Announcements
Topic: WinBox v3.30 released!
Replies: 59
Views: 7174

Re: WinBox v3.30 released!

*) fixed glitches while resizing column widths or reordering table entries; YES, this annoying problem that was present ever since version 3.22 has finally been fixed! Hooray! Finally I can use new versions again. (I had already received 3.30rc versions this week so I knew it was fixed...) Another ...
by pe1chl
Thu Sep 09, 2021 4:46 pm
Forum: General
Topic: Client isolation within VLAN and fast roaming
Replies: 38
Views: 2278

Re: Client isolation within VLAN and fast roaming

- If clients connect on different Interfaces , one on Test1 and the other on Test2 the communication is successful regardless if Client-to-Client is enabled or disabled ... I don't know what is exactly possible in CAPsMAN, I am running a Unifi wireless network here (with MikroTik router). In the Un...
by pe1chl
Wed Sep 08, 2021 6:13 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

Anyone managed to make dns in container work?
I added dns="1.1.1.1" to container and still no luck.
Of course you need to configure working routing for this kind of thing to work. Including NAT, usually. See the documentation page.
by pe1chl
Wed Sep 08, 2021 5:13 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

The pihole example is 384MB in size. Both CCR2004 have only 128MB of storage. CCR1s are Tile based. Will there be any use of the Docker feature on the Cloud Core Router devices? Unfortunately the CCR2004 has no USB or SD card interfaces so you cannot expand the storage. It would be possible to use ...
by pe1chl
Wed Sep 08, 2021 3:19 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

Have You installed the container.npk package (as with ZeroTier - container is a seperate package) It would be nice when available packages could be listed and installed from the packages menu! Either on a separate window or by just listing all packages and have some status like not installed, disab...
by pe1chl
Wed Sep 08, 2021 2:42 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 208
Views: 24668

Re: v7.1rc3 adds Docker (TM) compatible container support

Wow! They did it!
That should put an end to the many +1 +1 +1 topics once and for all.
Now most requested features can simply be added by users, instead of always having to go to MikroTik with requests for niche stuff.
by pe1chl
Wed Sep 08, 2021 10:51 am
Forum: Announcements
Topic: MikroTik cloud is back online
Replies: 25
Views: 4358

Re: MikroTik cloud is back online

Even with this solution (which we kind of use in a large router, not for remote management but to connect a large number of client routers to a central router), I still would recommend to use a DNS name instead of a fixed IP address in the client router configs. Register a domain when you have not a...
by pe1chl
Wed Sep 08, 2021 10:44 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 104
Views: 60196

Re: DHCP Offering Lease Without Success

I'm sorry if I wasn't more specific. This isn't using pseudobridge. Ubiquiti (UBNT) uses a proprietary TDMA protocol called Airmax which creates a transparent L2 bridge between the router & switch in the cabinet and the customer's routers. I believed that as well until a couple of months ago......
by pe1chl
Wed Sep 08, 2021 10:39 am
Forum: General
Topic: RAMdisk
Replies: 21
Views: 4213

Re: RAMdisk

when your RouterBoard have got a /flash then / is mounted as ramdisk. Yes, we know that. The request is to make a ramdisk and mount it as /ramdisk on those devices that do NOT have a /flash. The older router models and the new powerful ones have a lot of RAM and a larger NAND flash so no /flash, th...
by pe1chl
Tue Sep 07, 2021 8:16 pm
Forum: Announcements
Topic: MikroTik cloud is back online
Replies: 25
Views: 4358

Re: MikroTik cloud is back online

whois mynetname.net: Domain Name: MYNETNAME.NET Registry Domain ID: 1856616582_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.publicdomainregistry.com Registrar URL: www.publicdomainregistry.com Updated Date: 2021-09-07T15:37:37Z Creation Date: 2014-04-29T08:21:38Z Registrar Registration Expiration D...
by pe1chl
Tue Sep 07, 2021 7:09 pm
Forum: General
Topic: /ip/cloud broken, domain mynetname.net expired and disabled
Replies: 63
Views: 13852

Re: /ip/cloud broken, domain mynetname.net expired and disabled

Ugh seriously... none of the "quick fixes" are working. Nothing posted by the people with these codes are working.... We need STEP-BY-STEP instructions on exactly how to fix this... You need to understand the rationale behind the fixes and the circumstances under which they would work. Of...
by pe1chl
Tue Sep 07, 2021 7:08 pm
Forum: General
Topic: /ip/cloud broken, domain mynetname.net expired and disabled
Replies: 63
Views: 13852

Re: /ip/cloud broken, domain mynetname.net expired and disabled

I'm waiting for the fix by Mikrotik staff, customers know about the problem, it the fix will take long time I'll have to add a new ddns and change the CNAME Hopefully by now you understand that the fix cannot be made by MikroTik staff but has to be made by DNS registrar staff, and MikroTik depend o...
by pe1chl
Tue Sep 07, 2021 6:01 pm
Forum: General
Topic: /ip/cloud broken, domain mynetname.net expired and disabled
Replies: 63
Views: 13852

Re: /ip/cloud broken, domain mynetname.net expired and disabled

Hello. This is a nightmare... WOW... many customers complaining. Many are in GC-NAT (not real IP address) and then I can't log on even knowing the real ip. Nightmare.. Routers in remote, isolated area, even in another countries..... SHIT It is a bit unclear what use it would be to set a DDNS name o...
by pe1chl
Tue Sep 07, 2021 11:01 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 104
Views: 60196

Re: DHCP Offering Lease Without Success

Having customers connect a WiFi device in pseudobridge mode and then have several devices behind it requesting different IPs using DHCP is not really a supported configuration. You will need to either run it in true bridge mode or have a local DHCP server on the client device that locally issues IPs...
by pe1chl
Mon Sep 06, 2021 2:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

One More feature request, can we have a 2FA (MFA) Please
You can probably implement that via RADIUS authentication and a solution on your RADIUS server?
by pe1chl
Mon Sep 06, 2021 11:42 am
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

SMB support should be removed from RouterOS! This kind of thing does not belong in a router and is not required anymore.
by pe1chl
Sat Sep 04, 2021 7:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

Yeah, but it is all too much work. We need a simple way to move existing configuration to a new router, RouterOS is seriously lacking in this. You cannot make a backup and restore it on the new router, because backups can only be safely restored on the same device. You cannot export the config and i...
by pe1chl
Sat Sep 04, 2021 4:11 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import. As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops ...
by pe1chl
Sat Sep 04, 2021 10:28 am
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

When will you turn on bfd in ros7?
Yes, that is important for us too! Or when BFD is considered to be deprecated, some replacement for it to quickly signal loss of a link used for BGP.
by pe1chl
Fri Sep 03, 2021 5:11 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

*) added separate "Show Columns" window for list of visible columns;
It would be nice if we could scroll down the list ...
Or better when it would use multiple columns to fit everything without scrolling, when possible.
by pe1chl
Fri Sep 03, 2021 9:55 am
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

RB2011 still locked in 7.1beta6 (no upgrade path) :( In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a local winbox connected to the MAC address. (so you can wipe it entirely before importing...
by pe1chl
Wed Sep 01, 2021 7:10 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

I am online again thanks to my Hex-S. The 4011 won't accept Netinstall and I can now at least read up on Netinstall. Going back to 6.49Beta36 did not help this time and the I have no access through IP and no Internet. When I start Netinstall it sees the router and when I press install it says offer...
by pe1chl
Wed Sep 01, 2021 5:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

When you start replacing console hotkeys that are plain ASCII characters with "function keys" it may be time to finally replace the Ctrl-V hotkey with something else! People think (and rightly so!) that Ctrl-V means "paste" and they are quite surprised when they see the effect in...
by pe1chl
Wed Sep 01, 2021 2:38 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

You can, loading v6 backup into v7 is the same as upgrading from v6 to v7. Crossfig will try to convert the old config to a new one.
Thanks for that info, that will make it easier to experiment with the upgrading process before trying it in the production network!
by pe1chl
Tue Aug 31, 2021 9:24 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

Is there (or will there ever be) an automatic translation of v6 BGP configuration to the new v7 syntax?
by pe1chl
Tue Aug 31, 2021 9:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

typo fixed. Address list because it is reusable in other parts of configuration without the need of implementing a new list that cannot be reused. There were a lot of requests to integrate BGP with firewall address lists, so here it is, the same reusable list for firewall, routing filters, BGP, etc...
by pe1chl
Tue Aug 31, 2021 7:44 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

* add bgp network (this will work without any additional route config, because you already have connected route in the table)
How do I add bgp network? I don't see that option in v7. Sure I know how that worked in v6.
by pe1chl
Tue Aug 31, 2021 7:32 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

except that for BGP networks you always need IGP synchronized route.
Please explain!
I have a router with a local network and it is connected to another router via a /30 and BGP connection.
How do I make the router advertise its local network?
by pe1chl
Tue Aug 31, 2021 6:07 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

Network advertisements+matching IGP route does not require routing filter to be set. Redistribute (static, etc) does not require routing filter to be set. The idea of controlling redistribution through routing filters (which was implemented in first betas) was scrapped, now it is the same as in v6,...
by pe1chl
Tue Aug 31, 2021 5:12 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes) I believe in a previous beta that was working. You had to add a static route for each prefix you wanted to advertise. I don't re...
by pe1chl
Tue Aug 31, 2021 3:00 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

I also cannot advertise any BGP routes.
I'll give arm a try to see if it's architecture related.
You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes)
by pe1chl
Tue Aug 31, 2021 1:45 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18827

Re: v7.1rc2 [development] is released!

HDevice has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen. Press update -> device reset. Shake my head. Easy! The config is cor...
by pe1chl
Tue Aug 31, 2021 12:01 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

None answered so far, for 256MB RAM devices, loading the wave2 package on arm32 (hap ac2) will work if external flash is connected to router? ROS 7 packages are tied 100% to internal NAND only? Of course MikroTik do not want to have packages installed on an external memory device that you can easil...
by pe1chl
Mon Aug 30, 2021 5:12 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

Instead of relying on terminal window size, it is better to use:
/system default-configuration print file=default
and then download the generated file.
by pe1chl
Mon Aug 30, 2021 11:57 am
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

Where did you find "Route Filter" dialog?
I have no such selection in my winbox 3.29
Strange... for me it appears in the menu.
by pe1chl
Mon Aug 30, 2021 11:34 am
Forum: Scripting
Topic: login failure for user
Replies: 1
Views: 512

Re: login failure for user

What was your previous version?
When it was very old, you will need to update your api program because the authentication in the api has changed.
by pe1chl
Mon Aug 30, 2021 9:57 am
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

ROS v7 seems to have a much better default firewall configuration. After resetting my hap ac^3 due to boot-loop caused by cake, I found that it drops input from outside of LAN by default. Other settings mostly align with the securing your router page in the wiki aside from drop not_in_internet. Tha...
by pe1chl
Sat Aug 28, 2021 8:28 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

Indeed. But don't you also think it is strange? No it's not strange. ROSv7 is more than simple replacement of kernel, it's also change in ABI and sometimes API has to reflect that. This is a Release Candidate for Christ sake , if you are such faint of heart, stick to long-term (and use stable in la...
by pe1chl
Sat Aug 28, 2021 4:08 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

"Only available from commandline" has been around for years. It's not v7 specific. Indeed. But don't you also think it is strange? I would think there is not much work (certainly not coding, maybe entering some sequence/placement info) to add features that are already done for commandline...
by pe1chl
Sat Aug 28, 2021 4:03 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 62
Views: 10772

Re: Feature request: Make Quickset to be separate package

keep the Quick Set page itself but disallow any modifications. Move the user to "read" group :D That is why I think there should be a separate permission for QuickSet "write" and it should be on in the default admin user group, and after initial use this permission can be turned...
by pe1chl
Sat Aug 28, 2021 12:45 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

is it too complicated for MT to implement this ? I guess MT will implement this. However ROS and Winbox are two separate projects and since ROSv7 is in heavy development stage with changes in UI/API it's very much a moving target. This is actually something I always wonder about when seeing new Rou...
by pe1chl
Sat Aug 28, 2021 12:29 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 62
Views: 10772

Re: Feature request: Make Quickset to be separate package

Every time I log into WebFig I have to remind myself that I can't click anything until I enter the "real" non-WF tab. Well, at least in WebFig you can already remove it using a skin. Unfortunately it does not appear to be possible (in a skin) to keep the Quick Set page itself but disallow...
by pe1chl
Fri Aug 27, 2021 7:06 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

W.r.t. the "mouse dragging problem", I now have found that I can only reproduce it with an existing session file (.viw file) that exhibits the problem. Today I tested on a Windows 10 system and again when I copy the .viw file from the sessions directory from my Linux system to the Windows...
by pe1chl
Fri Aug 27, 2021 4:40 pm
Forum: General
Topic: Router upgrade results in different voltage reporting
Replies: 1
Views: 275

Re: Router upgrade results in different voltage reporting

It is a "known problem" (in that others have reported it too). And it is a "usual problem" (MikroTik seem unable to keep this working in new releases, then it has to be fixed again). However, you should put this kind of remark in the "release topic", after having checke...
by pe1chl
Fri Aug 27, 2021 4:35 pm
Forum: Scripting
Topic: Passive parameter in IPsec->Peer [SOLVED]
Replies: 3
Views: 1040

Re: Passive parameter in IPsec->Peer [SOLVED]

passive=no is the default, no need to pass that in your command!
by pe1chl
Fri Aug 27, 2021 2:43 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

What? Nowhere in the product description does it mention it has hardware accelerated IPsec. I do not see any reason why would you believe it is supported in the first place. We can not write all the features the devices does not have in the product description. We write about features it supports. ...
by pe1chl
Fri Aug 27, 2021 12:04 pm
Forum: Wireless Networking
Topic: Is there a way I can use eSIM with Mikrotik?
Replies: 25
Views: 2125

Re: Is there a way I can use eSIM with Mikrotik?

Was it this one ? https://en.comgate.io/esim/ Yeah that was it "The eSIM is available in different formats, namely: the embedded version, but also as a regular 3-in-1 plastic sim shape (ejectable nano, micro and normal)" I think there is potential for some confusion, reading that article ...
by pe1chl
Fri Aug 27, 2021 11:06 am
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

IPsec hw offloading has been supported since the first releases of v7beta.
Also on the 5009? Why is there no IPsec performance data on the webpage, I thought that normally means "no hw accel encryption"?
by pe1chl
Fri Aug 27, 2021 10:57 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

Or move Windows button to top, where it resides in other Windows software. Just on right of session or between it and Safe Mode button Yes, I would have expected (and preferred) the "windows" buttons to appear in the top bar next to "session". Maybe even as separate buttons unti...
by pe1chl
Thu Aug 26, 2021 6:50 pm
Forum: Wireless Networking
Topic: Is there a way I can use eSIM with Mikrotik?
Replies: 25
Views: 2125

Re: Is there a way I can use eSIM with Mikrotik?

I thought I read of an "eSIM in a SIM" which was basically a SIM card that could be programmed over the air. Not sure if it was a single provider or I was just misunderstanding their website. It was a bit vague. But that is why I am asking the question. I think it is a different thing. Lo...
by pe1chl
Thu Aug 26, 2021 4:10 pm
Forum: General
Topic: SNMP Number of DHCP lease used in pool
Replies: 9
Views: 4476

Re: SNMP Number of DHCP lease used in pool

This was already mentioned in reply #3, the OID .1.3.6.1.4.1.14988.1.1.6.1.0 is the numeric value of MIKROTIK-MIB::mtxrDHCPLeaseCount.0 However, there is always only a .0 and there is no separate DHCPLeaseCount per pool or per DHCP scope. That is why the solution is to walk the list of DHCP leases a...
by pe1chl
Thu Aug 26, 2021 2:07 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

IMO ROS should have all major Root-CAs included by default. Saves a lot of headache with LE and DoH.
That takes quite some space, which is at a premium in some devices.
It could be made an optional package, but it looks like packages are becoming a thing of the past...
by pe1chl
Thu Aug 26, 2021 11:56 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

If you are talking about resizing the column width, I have experienced that behavior too. Trying to resize columns in registration table of capsman gets crazy, and then behavior carries over to other windows of winbox, you need to close all instances of winbox to get it back to normal. Always good ...
by pe1chl
Thu Aug 26, 2021 11:33 am
Forum: Wireless Networking
Topic: Is there a way I can use eSIM with Mikrotik?
Replies: 25
Views: 2125

Re: Is there a way I can use eSIM with Mikrotik?

eSIM is not something you "use with a device", it is something that is "built into a device". So you would need to wait for a Mikrotik device "that has eSIM" to be announced and you would need to replace your current SXT or at least the LTE modem board. (I don't think i...
by pe1chl
Thu Aug 26, 2021 10:38 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

If you do serious work WebFig is a toy compared to Winbox. Winbox as it is now. But note I wrote "I keep hoping that one day MikroTik will put all winbox functionality in webfig". I have seen other web interfaces that come quite close to what winbox does, at most they are slower but funct...
by pe1chl
Wed Aug 25, 2021 10:17 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

I keep hoping that one day MikroTik will put all winbox functionality in webfig so that we can maintain our routers without having to install winbox. A separate service program (available for Windows and also native for Linux and MacOS) would serve as a relay for MAC access and Netinstall functions....
by pe1chl
Wed Aug 25, 2021 11:11 am
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

Will there be a way to have CAKE without a bandwidth limit? I'd like to see a version where it detects packet loss and automatically enables queueing. Of course with any shaping that is done to provide QoS it would be nice when it could be done directly at the point where the bottleneck occurs. Wit...
by pe1chl
Tue Aug 24, 2021 9:41 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

Sadly, the issue I've reported several times that's preventing me from testing v7 on my hAP lite was not fixed or ignored. Reporting it again in hope that it will be fixed in the next rc.
Frankly I am surprised that v7 even boots on a hAP lite...
by pe1chl
Tue Aug 24, 2021 8:29 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

Send the problematic session file to MikroTik?
Yes, I attached one to my support ticket.
Files like this should be in plain text, it seems like a lame mixture between ascii labels and binary values...
by pe1chl
Tue Aug 24, 2021 7:16 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

W.r.t. the "mouse dragging problem", I now have found that I can only reproduce it with an existing session file (.viw file) that exhibits the problem. When I temporarily move that session file and start a session, then scale and position things the same as in the original setting, set the...
by pe1chl
Tue Aug 24, 2021 5:14 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

Edit: While pasting a multilined command (containing "\") into the terminal, WinBox produces a lot of output, because a preview of all lines is shown for every character. No, that is the result of you using Ctrl-V to paste something, then see that it does not work and paste with right-mou...
by pe1chl
Tue Aug 24, 2021 3:44 pm
Forum: General
Topic: V7.0.3 Routing
Replies: 13
Views: 1315

Re: V7.0.3 Routing

Keepalive is fixed in 7.1rc1
This topic is from someone running the stock 7.0.3 on a D53G-5HacD2HnD (Chateau series) LTE Router.
Would you advise him to upgrade to 7.1rc1 ?
by pe1chl
Tue Aug 24, 2021 2:23 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

It's ok if you only have a little pppoe clients. But if you have 20+,50+ or even 100+ pppoe clients, and each one needs unique mac address, then i don't think it's acceptable. Maybe you should consider adding relevant informations to the questions you post... it is not even clear if you are a PPPoE...
by pe1chl
Tue Aug 24, 2021 1:37 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

You can probably do that using a bridge... Do you mean bridge+nat? I think it's too complicated, and may be it will affect performance. No. You can add a VLAN to your ethernet port to get the VLAN tag, then create a bridge and add the VLAN interface to that as a port, set the admin MAC on the bridg...
by pe1chl
Tue Aug 24, 2021 1:12 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

Is there a plan to support macvlan or set mac address for the pppoe interface?
You can probably do that using a bridge...
by pe1chl
Tue Aug 24, 2021 1:11 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

On the desktop I use 6 monitors, if that plays any role. My desktop system has 2 monitors, a 2560x1400 where I am working and a 1920x1080 which in fact is my TV. But at work I have only a single 1600x1200 monitor connected on the system which exhibits this behavior. It is an Xtightvnc X server, tha...
by pe1chl
Tue Aug 24, 2021 12:20 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

In the Log window, the column width of the "Message" column is some arbitrary small value, and it is not saved in the session either. Everytime I open the Log window (or when it is re-opened as part of a saved session on winbox startup) I need to resize the Message column to extend to the ...
by pe1chl
Tue Aug 24, 2021 12:16 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

I confirm, I get the same bug on my end. Do you have a large screen? I am trying to setup an access to our router for MikroTik so they can try to reproduce it (although I really cannot believe the setup has anything to do with this, they keep insisting on it), but when I created a VPN and installed...
by pe1chl
Mon Aug 23, 2021 7:17 pm
Forum: General
Topic: V7.0.3 Routing
Replies: 13
Views: 1315

Re: V7.0.3 Routing

The /interface gre lines should show this: !keepalive
You can set that via commandline, or in winbox you need to collapse the keepalive setting.
by pe1chl
Mon Aug 23, 2021 5:18 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

Are you all using WinBox under Wine too? Mention the OS for WinBox bugs please.
I already mentioned that I am using Linux+wine but that others confirm the same problem occurs with Windows.
by pe1chl
Mon Aug 23, 2021 2:19 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 35107

Re: v7.1rc1 [development] is released!

I upgraded my test router (CHR) and when I re-connect using Winbox 3.21 it says "router requires newer winbox, please upgrade". But I cannot upgrade winbox because all versions newer than 3.21 contain a fatal flaw that makes them unusable for me. MikroTik: please fix the issue SUP-26372 (a...
by pe1chl
Mon Aug 23, 2021 12:13 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

@pe1chl can you describe the issue in more detail as I want to test as well. I have not sizing issues of columns but I might not use the functions as you. I know you wrong once here but I do not understand what the bug is. You need to have a router with a lot of activity on it. Then you open a scre...
by pe1chl
Mon Aug 23, 2021 11:50 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

Can I test the WinBox versions before release? I'll do it for free. Do you also see the issue when dragging column width in a window with frequent updates (e.g. firewall filters, connections)? It is a fatal problem for me but it appears to get little attention. Other users confirm it, and/or have b...
by pe1chl
Mon Aug 23, 2021 10:46 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12589

Re: WinBox v3.29 released!

Unfortunately the bug that occurs when holding down mousebutton on a window which is frequently updated, e.g. to change column width or to move a line up or down, is still present! It has been reported so many times already and I think it also was reproduced at MikroTik, please fix it. (back to vers...
by pe1chl
Sun Aug 22, 2021 10:29 pm
Forum: Scripting
Topic: API: Hot to get routerboard parameters
Replies: 3
Views: 670

Re: API: Hot to get routerboard parameters

Ok it looks like you use a different version of the Perl API.
I use the one from https://github.com/ellocofray/mikrotik-perl-api slightly modified because the login has changed.
It allows to retrieve a list of parameters, or "all" parameters of a certain object.
by pe1chl
Sun Aug 22, 2021 8:03 pm
Forum: Scripting
Topic: API: Hot to get routerboard parameters
Replies: 3
Views: 670

Re: API: Hot to get routerboard parameters

You can get all parameters by passing a list of parameter names. You can find the parameter names (in general) by entering the get command at the command prompt, and using TAB to show the options: /system routerboard get TAB board-name factory-firmware model routerboard upgrade-firmware current-firm...
by pe1chl
Sun Aug 22, 2021 1:24 pm
Forum: General
Topic: LHG license upgrade
Replies: 6
Views: 681

Re: LHG license upgrade

I am operating an LHG5 as an access point in one of our locations. I upgraded the license using a "free license received when visiting a MUM" and it works OK. Of course indeed your clients have to be all in the beamwidth of the antenna, but when e.g. one is far away and another is close by...
by pe1chl
Sun Aug 22, 2021 12:09 pm
Forum: Scripting
Topic: Built in function library
Replies: 96
Views: 42991

Re: Built in function library

There has not been any sign of a built-in function library in the 3 years past this "We are considering to add commonly used functions as built-in" so it appears to become more and more useless to add requests to this topic.
by pe1chl
Sat Aug 21, 2021 4:55 pm
Forum: General
Topic: How to speed up connection establishment to WLAN?
Replies: 5
Views: 384

Re: How to speed up connection establishment to WLAN?

The first setting to look at is "conflict detection" under the settings of the DHCP server. Switch that off.
by pe1chl
Sat Aug 21, 2021 11:40 am
Forum: General
Topic: Feature requests
Replies: 1394
Views: 358153

Re: Feature requests

In general, I think Mikrotik device must be considered a ROUTER, and not a soapbox with home gateway. I agree with that! Support for complex protocols like SMB should not be expanded, but rather it should be REMOVED (e.g. the IP->SMB feature). That would make room for more router-oriented functiona...
by pe1chl
Sat Aug 21, 2021 11:02 am
Forum: General
Topic: "Your Freedom" app😡 [SOLVED]
Replies: 32
Views: 2408

Re: "Your Freedom" app😡 [SOLVED]

Freedom App uses DNS as a transport. So block all TCP/UDP port 53, besides to 1.1.1.1 and 8.8.8.8 Do they use direct DNS traffic to their own servers? Is it only "the use of port 53" or is it real DNS traffic? Because, it is perfectly possible to use real DNS traffic as a transport protoc...
by pe1chl
Fri Aug 20, 2021 2:22 pm
Forum: General
Topic: "Your Freedom" app😡 [SOLVED]
Replies: 32
Views: 2408

Re: "Your Freedom" app😡 [SOLVED]

Again - in your scenario, there is no need to block "Your Freedom" selectively. Until a client has authentified himself via your login page, you can block everything except the login page. Once he has authentified himself, there is no need to block anything for him, as your interest is on...
by pe1chl
Thu Aug 19, 2021 5:20 pm
Forum: General
Topic: IPsec site2site, connection setup problem
Replies: 2
Views: 405

Re: IPsec site2site, connection setup problem

In such complex networks you should simply forget about using IPsec site2site!
Instead, make GRE tunnels with IPsec protection between the sites. Assign a /30 address pair to each tunnel.
Then configure BGP or OSPF to do the routing. Or set static routes.
by pe1chl
Wed Aug 18, 2021 10:23 pm
Forum: General
Topic: CCR2004-16G-2S+ shipped with 7.0.4 STABLE is that for real?
Replies: 11
Views: 1183

Re: CCR2004-16G-2S+ shipped with 7.0.4 STABLE is that for real?

The interesting question of course is: does it have stable subsystems for those that are in beta in v7.1beta?
I mean, does it for example have the stable v6 BGP code instead of the new experimental v7 beta version?
by pe1chl
Wed Aug 18, 2021 8:09 pm
Forum: General
Topic: RouterOS bridges have same MAC address
Replies: 20
Views: 1442

Re: RouterOS bridges have same MAC address

When you "invent" a "random" MAC address for local use, you have to make sure its first byte adheres to some rules: - the first byte must be an EVEN value. When it is ODD, it will be received by everyone (multicast address) - the second to last bit of the first byte indicates if ...
by pe1chl
Wed Aug 18, 2021 12:31 pm
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 11
Views: 4017

Re: Request: Better visibility regarding SLAAC in V7

Tagging this thread as I ran into this problem as well, using LTS 6.47.10.
What happens in v6 is not relevant for this topic, we all know that it is broken in v6 and we are hoping it will be fixed in v7.
by pe1chl
Tue Aug 17, 2021 3:34 pm
Forum: General
Topic: RouterOS bridges have same MAC address
Replies: 20
Views: 1442

Re: RouterOS bridges have same MAC address

What is the use case for having more than one bridge on a router? Ancient way of dealing with VLANs on devices without switch chip(s). And some other tasks which can be done by (ab)using VLAN functionality (e.g. segmentation of switch). I agree that in modern times more than one bridge per device i...
by pe1chl
Tue Aug 17, 2021 12:11 pm
Forum: General
Topic: RouterOS bridges have same MAC address
Replies: 20
Views: 1442

Re: RouterOS bridges have same MAC address

In my inherited physical network setup with 2 MikroTik Cloud Core Routers CCR1009, I notice there are 2 bridges configured with different names but both bridges have somehow been assigned the same identical MAC address. Each bridge sees the other and both report the same MAC address as its bridge M...
by pe1chl
Tue Aug 17, 2021 11:29 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67461

Re: v7.1beta6 [development] is released!

ROS 7.1 moving to testing channel on August 23th? Before that can happen, at least the conversion of configuration has to work reasonably well, and that has not been tested yet. I think we need further beta versions that people can upload to their 6.48.3 install had see that it keeps functioning as...
by pe1chl
Mon Aug 16, 2021 3:34 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 9
Views: 890

Re: To MT: Keep accounting (v7.x)

With accounting I do not have to setup any new port. With Netflow I need an extra port and a system extra to receive it.
With accounting you need to setup some system that will retrieve the accounting on a regular basis.
So there is no real difference.
by pe1chl
Mon Aug 16, 2021 12:34 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 9
Views: 890

Re: To MT: Keep accounting (v7.x)

Maybe it would be a good idea to have some icon in winbox/webfig in v6 near to features which are going to be obsolete soon?
So people know it when they first configure it. Now, it is often unclear if some feature is safe to be used when you have been looking for something obscure.
by pe1chl
Mon Aug 16, 2021 10:45 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 156
Views: 22861

Re: MikroTik RB5009UG+S+IN

These units dissipate only 14-20W. So it will not be that bad.
It is likely assumed that in a rack where you want 2 or 4 of these routers, you already have some air circulation and cooling.
(maybe not in a small rack in a consumer's home, but will they use more than 1 router?)
by pe1chl
Mon Aug 16, 2021 9:56 am
Forum: General
Topic: Feature request: Force sending of DHCP options to clients
Replies: 68
Views: 16293

Re: Feature request: Force sending of DHCP options to clients

You need to realize that countries have more power over what is going on than companies. Compare it to the situation in the USA. MikroTik sell WiFi equipment all over the world, but for the USA they have to make a special model that does not allow operation beyond the limits defined by the FCC. Auth...
by pe1chl
Sun Aug 15, 2021 10:59 pm
Forum: General
Topic: How to setup WiFi calling (aka VoWIFI) on mikrotik
Replies: 13
Views: 3925

Re: How to setup WiFi calling (aka VoWIFI) on mikrotik

ip -> firewall -> service ports -> set sip ports=500,4500,5060,5061,5080,5081,5082 This is nonsense! VoWIFI is not a SIP service. It uses IPsec. Phones will make outgoing traffic to UDP port 500 of their service provider, then to UDP port 4500. They will exchange regular packets to keep the connect...
by pe1chl
Sun Aug 15, 2021 10:53 pm
Forum: Beginner Basics
Topic: New to Mikrotik
Replies: 55
Views: 3091

Re: New to Mikrotik

It is generally not advisable to get your info from youtube videos or "many other sites". There is a lot of garbage going around. It is outdated or unsafe. You should check the wiki or help sites: wiki.mikrotik.com and help.mikrotik.com And of course, when you want specific help, you first...
by pe1chl
Sun Aug 15, 2021 10:49 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 39
Views: 9464

Re: [Script] Automatically change DNS if Pi-hole is no longer working

Actually, when you want to do things like this you should look at the possibilities of "IP anycast routing". You can add another IP address to the Pi (it would be possible without that but it would have some disadvantages) and then you can add a route to that address with "ping" ...
by pe1chl
Sun Aug 15, 2021 7:51 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 9
Views: 890

Re: To MT: Keep accounting (v7.x)

Accounting does not support IPv6. Traffic Flow does. I have migrated everything from Accounting to Traffic Flow (using IPFIX mode) without much issues. There is only one major bug I encounter: the traffic byte counters, although they are 64-bit fields, in fact keep only 32-bit values that wrap aroun...
by pe1chl
Sun Aug 15, 2021 12:00 pm
Forum: Beginner Basics
Topic: Rouge DHCP Detection and Alert help
Replies: 2
Views: 459

Re: Rouge DHCP Detection and Alert help

There can be problems like this when pasting /export'ed config in a winbox terminal. Use an external telnet/ssh client instead. It looks like your script was correctly imported but it is difficult to be sure unless you widen the window so there is no more automatic line wrapping. And of course: you ...
by pe1chl
Sat Aug 14, 2021 11:45 am
Forum: General
Topic: Is clearing config really dangerous?
Replies: 16
Views: 1119

Re: Is clearing config really dangerous?

Well actually winbox CAN do some magic where it does not need an IP! When you have cleared the config and not loaded any defaults, the router will not have an IP but you can still connect it via the MAC address from a PC directly connected to the LAN port(s). Then you can start the config from zero....
by pe1chl
Fri Aug 13, 2021 4:16 pm
Forum: General
Topic: Is clearing config really dangerous?
Replies: 16
Views: 1119

Re: Is clearing config really dangerous?

It is "dangerous" in the sense that you may lose a lot of work, and when you are connected in a way that relies on the existing config (e.g. a VPN) you may lock yourself out. But when you make a backup (/export) before you reset it, and you make sure you can still connect locally (either v...
by pe1chl
Fri Aug 13, 2021 11:28 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 26024

Re: v7 launch date

In other topics, people say the date is Aug 23rd. No idea what will happen on that date, though...
by pe1chl
Fri Aug 13, 2021 12:29 am
Forum: Beginner Basics
Topic: ROS v5.26 on x86 Upgrade issues
Replies: 3
Views: 506

Re: ROS v5.26 on x86 Upgrade issues

Are you sure you have configured DNS servers in IP->DNS on the router?
by pe1chl
Thu Aug 12, 2021 7:49 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67461

Re: v7.1beta6 [development] is released!

On this update Dial on Demand l2tp connections doesn't work :( I have the same problem, just use Wireguard until it's fixed. I always wonder how "Dial on Demand L2TP" is ever supposed to work... I don't need it, but I think "well, an L2TP client only gets an IP address and peer IP wh...
by pe1chl
Thu Aug 12, 2021 5:27 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67461

Re: v7.1beta6 [development] is released!

please just wait a little bit, we are preparing for release of the next beta soon How soon is soon? Almost a month has passed since this message from normis Hey come on, not so impatient! It has been SEVEN YEARS since this message from normis: https://forum.mikrotik.com/viewtopic.php?f=2&t=8738...
by pe1chl
Thu Aug 12, 2021 4:51 pm
Forum: RouterBOARD hardware
Topic: Battery driven RB get bricked
Replies: 13
Views: 3343

Re: Battery driven RB get bricked

A proper supply voltage monitor circuit is not expensive, and usually needed anyway as EMC tests that every device needs to pass also include supply voltage disturbances. Adding many inexpensive features to an inexpensive device will make it expensive. It is something that is not relevant under nor...
by pe1chl
Thu Aug 12, 2021 10:18 am
Forum: RouterBOARD hardware
Topic: Battery driven RB get bricked
Replies: 13
Views: 3343

Re: Battery driven RB get bricked

What you need is a good charge controller, that will have 3 ports: solar, battery, and load. It will charge the battery from the solar, and it will cut the load when the battery voltage becomes too low. That will protect the battery, and it will solve the issue with the MikroTik device that results ...
by pe1chl
Wed Aug 11, 2021 7:40 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 104
Views: 60196

Re: DHCP Offering Lease Without Success

It can be caused by a configuration error in your Unifi system. E.g. you have enabled multicast/broadcast filtering in Unifi, either directly or because you enabled the auto optimizer, and you did not enter the MAC address of your MikroTik router in the exception list. (you need to do that, it would...
by pe1chl
Wed Aug 11, 2021 10:58 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 156
Views: 22861

Re: MikroTik RB5009UG+S+IN

I'm more interested in using the new devices as a tool to estimate when they expect V7 final. :D This one will see heavy usage with BGP, OSPF and so on. I doubt (hope, at least) that it doesn't get sold with a 7beta without complete routing possibilities. It would be a shame. Well, there are of cou...
by pe1chl
Wed Aug 11, 2021 10:21 am
Forum: General
Topic: Feature request: Force sending of DHCP options to clients
Replies: 68
Views: 16293

Re: Feature request: Force sending of DHCP options to clients

As it is written above, there are two use cases for this feature: - to work around protections against using foreign equipment by some ISPs. this "force sending of options" is only a single solution for that, because there are others that have different tricks like requiring a specific DSC...
by pe1chl
Tue Aug 10, 2021 11:33 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67461

Re: v7.1beta6 [development] is released!

I notice that in the /ipv6 firewall mangle rules there still is no "set priority" action, as there is in /ip firewall mangle. (to set the priority of packets to a fixed value, according to DSCP, or from ingress) I think it was promised that this would be implemented in v7, but frankly I wo...
by pe1chl
Fri Aug 06, 2021 3:39 pm
Forum: Beginner Basics
Topic: WHY RouterOS insists on making ether1 a WAN port
Replies: 24
Views: 1652

Re: WHY RouterOS insists on making ether1 a WAN port

The issue isn't which port is designated as LAN or WAN or Mommy. The REAL issue is the RouterOS making dynamic changes without notice. But that is not really happening! You may feel that it is, but then it is probably caused by you misunderstanding things, or maybe you have put the router on intern...
by pe1chl
Fri Aug 06, 2021 2:50 pm
Forum: Beginner Basics
Topic: WHY RouterOS insists on making ether1 a WAN port
Replies: 24
Views: 1652

Re: WHY RouterOS insists on making ether1 a WAN port

In MikroTik routers it is even more about nothing than usual. With the typical home router, the "WAN port" is hardwired in the whole router to be the internet port. But in RouterOS this is not at all the case. You can use any port as the WAN port, and adapt to hardware circumstances like P...
by pe1chl
Fri Aug 06, 2021 11:10 am
Forum: Beginner Basics
Topic: WHY RouterOS insists on making ether1 a WAN port
Replies: 24
Views: 1652

Re: WHY RouterOS insists on making ether1 a WAN port

Well, actually on some models it is not the best to use port 1 for WAN, e.g. the older CCR1009 series (with switch on port 1-4) and the RB1100. However, those models do not come with that default config that assumes ether1 is for WAN. The only thing I have seen in those and in CHR is the DHCP client...
by pe1chl
Fri Aug 06, 2021 11:05 am
Forum: Beginner Basics
Topic: Can you make “non-permanent” edits to iptables / firewall rules?
Replies: 2
Views: 463

Re: Can you make “non-permanent” edits to iptables / firewall rules?

Make yourself familiar with "safe mode". When you enable it, it will keep an undo buffer for everything you do. When you lock yourself out, it will undo those changes from the moment you enabled safe mode. Only when you disable safe mode yourself, the changes will be committed. It is docum...
by pe1chl
Fri Aug 06, 2021 11:00 am
Forum: RouterBOARD hardware
Topic: Tiny RouterOS capable device
Replies: 5
Views: 1397

Re: Tiny RouterOS capable device

In theory it should be possible to use a x86-based mini board with the x86 version of RouterOS.
Not sure if it would be a wise thing to pursue...

Note that a considerable piece of the total size would be taken by the 5-way RJ45 connector.
by pe1chl
Thu Aug 05, 2021 9:18 pm
Forum: General
Topic: Why isn't WMM Support default?
Replies: 14
Views: 12079

Re: Why isn't WMM Support default?

Queues don't set a priority. Queue tree items *have* a priority, but they are only selected via packet marks. You can use mangle to derive the packet marks from the priority, e.g. after setting that via the "new-priority=from-dscp-high-3-bits" method. It is all a bit convoluted and it is n...
by pe1chl
Thu Aug 05, 2021 7:24 pm
Forum: General
Topic: Generate connected routes with routing marks
Replies: 5
Views: 533

Re: Generate connected routes with routing marks

Yes I know that, I am managing plain Linux systems as well and I know this feature. In fact in RouterOS v6 these extra tables are created "automatically" when you first mention a routing mark name but in v7 this will have to be done explicitly. But what is scarcely (if at all) documented i...
by pe1chl
Thu Aug 05, 2021 6:42 pm
Forum: General
Topic: Generate connected routes with routing marks
Replies: 5
Views: 533

Re: Generate connected routes with routing marks

Yes that is correct. Normally you would use "lookup", it would lookup in the mentioned table (i.e. check the routes with that same routing mark), and if not found it will just continue in the rules list and potentially hit the invisible "lookup main" at the end. For some strange ...
by pe1chl
Thu Aug 05, 2021 5:17 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67461

Re: v7.1beta6 [development] is released!

But this is then slightly weird. Are you telling me that all the problems reported in this forums are ignored if no support ticket is raised? Then why do we have this forum and why then MikroTik support tickets are not available for people to view/track like many it projects are for example using j...
by pe1chl
Wed Aug 04, 2021 7:31 pm
Forum: General
Topic: ipsec issue Firmware 6.45+
Replies: 6
Views: 916

Re: ipsec issue Firmware 6.45+

In my case I use ikev1, psk, and no NAT.
by pe1chl
Wed Aug 04, 2021 7:19 pm
Forum: General
Topic: Can VLAN traffic be excluded from routing?
Replies: 6
Views: 662

Re: Can VLAN traffic be excluded from routing?

That is true. The question stated "to act as a router for a small network, and also to act as a switch for VLANs" and so IP forward has to be enabled, else it cannot act as a router. Then firewall filter rules can be used to limit the VLANs for which it will forward. It is not possible to ...
by pe1chl
Wed Aug 04, 2021 5:54 pm
Forum: General
Topic: ipsec issue Firmware 6.45+
Replies: 6
Views: 916

Re: ipsec issue Firmware 6.45+

Ok I have an IPsec tunnel between a RB2011 running 6.48.3 and a Linux system running Strongswan so it should be possible to get it working. Maybe you need to set the policies in strongswan (I did that, but it is a long time ago, I don't know if it was because of an issue). Or check if the proposals ...
by pe1chl
Wed Aug 04, 2021 3:33 pm
Forum: General
Topic: Interface selection for internal/router-generated traffic -- A solution and request for feedback.
Replies: 5
Views: 490

Re: Interface selection for internal/router-generated traffic -- A solution and request for feedback.

Your remarks may be valid for complicated routers you have seen in the past, but in a MikroTik router, setting up a GRE over IPsec tunnel is a minute of work, and setting up BGP is another minute or two. (of course assuming you have done it before) The /30 network is only used for the two peers on t...
by pe1chl
Wed Aug 04, 2021 3:28 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 13
Views: 1067

Re: DHCP Offering Lease Without Success



You're right, he doesn't read
No man i read.
Maybe you read, but the process between reading and doing is not working correctly.
by pe1chl
Wed Aug 04, 2021 12:53 pm
Forum: Scripting
Topic: Failover from wired to bridged wireless
Replies: 2
Views: 868

Re: Failover from wired to bridged wireless

Yes, you can do that with a little re-configuration. You will now have an interface like "wlan1" in your wireless which you have set up as the AP. It is probably member of "bridge". Note the configuration details of the wireless interface (e.g. SSID, security profile etc) and rem...
by pe1chl
Wed Aug 04, 2021 12:42 pm
Forum: Beginner Basics
Topic: GUI columns
Replies: 4
Views: 644

Re: GUI columns

There aren't so many options, to make a special selection interface just for that. All it takes is a few clicks. Come on! There are some windows with many column options and it is a real drag to select them (after having removed useless colums that are enabled by default, like the FP stats in inter...
by pe1chl
Wed Aug 04, 2021 12:36 pm
Forum: General
Topic: Interface selection for internal/router-generated traffic -- A solution and request for feedback.
Replies: 5
Views: 490

Re: Interface selection for internal/router-generated traffic -- A solution and request for feedback.

What you describe is the can of worms that you usually get when using plain IPsec tunnels. Problems with source address selection, tricks required to avoid NAT rules triggering, complicated firewalls because traffic through and outside the tunnel is coming in on the same interface (and has to be sel...
by pe1chl
Wed Aug 04, 2021 12:24 pm
Forum: General
Topic: Generate connected routes with routing marks
Replies: 5
Views: 533

Re: Generate connected routes with routing marks

That is indeed a problem in RouterOS v6. I think it was promised it would be solved in v7. When your routing marks are only for policy routing, you can quite easily work around this because you can setup your policies so that traffic without routing mark is still routed to that interface. Note that ...
by pe1chl
Wed Aug 04, 2021 12:12 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 62
Views: 10772

Re: Feature request: Make Quickset to be separate package

Actually I think the idea of making it a policy is quite good. It could be set for the group "full" (and not for "read" and "write"). So new users with group "write" already are secured against inadvertent use of Quick Set. And when an admin knows he has done ...
by pe1chl
Tue Aug 03, 2021 8:26 pm
Forum: General
Topic: Bridge vlan solution without adding interface vlan
Replies: 30
Views: 1649

Re: Bridge vlan solution without adding interface vlan

I think you are not telling us the whole story!
by pe1chl
Tue Aug 03, 2021 6:39 pm
Forum: General
Topic: Bridge vlan solution without adding interface vlan
Replies: 30
Views: 1649

Re: Bridge vlan solution without adding interface vlan

My goal is to monitor and control each switch port via Mikrotik. (For security purposes)
I cannot believe you run into CPU performance issues by just monitor and control for this setup, unless you have invested your money in a hAP mini...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 27