Community discussions

MikroTik App

Search found 12542 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 42
by pe1chl
Tue Dec 03, 2024 10:23 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.2 [stable] is released!

I have seen those issues in 7.16 as well: a single disconnected peer disconnects multiple or all peers at the same time, and routes via disconnected peers still appearing in the table. The first I was able to improve a bit by forcing all BGP handling into a single process (input.affinity=main output...
by pe1chl
Tue Dec 03, 2024 4:47 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.2 [stable] is released!

It seems that in the 7.16 (and 7.16.x) versions BGP has become unreliable. Today we had some internet outages and the backup route config I have used for a long time starting with v6 simply no longer works. I have noticed it before and tried different things but never got it working reliably anymore...
by pe1chl
Tue Dec 03, 2024 4:37 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 138
Views: 32313

Re: v7.17rc [testing] is released!

it seems that in versions 7.17beta/rc there is some kind of problem that is actively consumes space on a flash on my ac2, I successfully used 7.16rcX for several months without errors, but after updating to 7.17rc2, less than a day later, dozens of saving errors began to appear Did you check space ...
by pe1chl
Sun Dec 01, 2024 1:36 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Maybe one of the outside-MikroTik users who have found detailed information about how the system works could reveal some detail about that. I would expect that RouterOS has some tables of available commands and options and directives for the GUI (webfig/winbox) which are used by the generic command ...
by pe1chl
Fri Nov 29, 2024 6:27 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 138
Views: 32313

Re: v7.17rc [testing] is released!

Next time partition the router and copy partition before upgrade, then you can simply revert by switching partitions as long as the device isn't completely corrupted... partitioning is a great thing, but... it is not available everywhere, I wish to have it for CHR, but again... but... but... but......
by pe1chl
Fri Nov 29, 2024 3:24 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.2 [stable] is released!

Ok I do not have that many peers on a 7.16 router. but I do see another problem: multiple routes to the same peer over different paths are not stored. do you see that as well? It worked fine before. E.g. we have peers with a GRE/IPsec, a GRE6/IPsec and a L2TP/IPsec tunnel (over LTE) between them for...
by pe1chl
Fri Nov 29, 2024 11:30 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 138
Views: 32313

Re: v7.17rc [testing] is released!

Next time partition the router and copy partition before upgrade, then you can simply revert by switching partitions as long as the device isn't completely corrupted...
by pe1chl
Fri Nov 29, 2024 11:27 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.2 [stable] is released!

What is that BGP+BFD problem? I have some BGP problems but not BFD related...
by pe1chl
Fri Nov 22, 2024 5:01 pm
Forum: Forwarding Protocols
Topic: BGP Aggregate-Address alternative in Mikrotik
Replies: 18
Views: 6084

Re: BGP Aggregate-Address alternative in Mikrotik

Indeed. But of course you can write a script, and run it at the interval you like, that checks if your smaller subnet is reachable in the route table, and when it is not it disables the blackhole route. That will cause the aggregated route to no longer be advertised. It was possible to do that witho...
by pe1chl
Thu Nov 21, 2024 6:58 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7881

Re: Newsletter #121 | October 2024

Price Reduction Overhaul ??
by pe1chl
Thu Nov 21, 2024 12:20 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Before I have suggested that sessions (now workspaces) would optionally be stored on the router itself. Of course there is the issue that the workspace is optimized for the resolution of the device and thus may be incompatible with another device, but still I think it would be useful when there is s...
by pe1chl
Wed Nov 20, 2024 6:01 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 167
Views: 50976

Re: Feature Request: IPSEC Improvements

I can't imagine any major internet operators and distributors that MK has never discussed with them about VTI support.
Well, I can understand that. VTI is not something that internet operators would use.
It is something for customers. To connect to their cloud virtual machines, for example.
by pe1chl
Wed Nov 20, 2024 2:21 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Why is BGP not getting any love?
There are several known problems in BGP yet no release notes about improvements...
by pe1chl
Fri Nov 15, 2024 4:36 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Yes of course it should only update to versions that have been "stable" for a long time, and without modifying them. At the moment, a "beta" is promoted to "stable" and that is when everyone starts installing it and the bugs appear all over the place. So such a "cr...
by pe1chl
Fri Nov 15, 2024 2:16 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

even in this forum there are people who are asking why they have unrecognized accounts and unrecognized scripts in their devices, that are calling traffic generator, configuring proxy etc. even forum users make mistakes and let in people they did not intend to let in. I still wonder how many of the...
by pe1chl
Thu Nov 14, 2024 5:19 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

As I wrote above, I would like some new "save as new item" which is easier to use than first COPY, save that copy, and then still have the original open. E.g. in PHPMyAdmin, which performs similar actions as modifying a RouterOS config, you can select a database row, do "edit", y...
by pe1chl
Thu Nov 14, 2024 4:18 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

But just editing the copied rule, and saving it directly as active without prompt, is one of the great attractors of the "oh no" events. Those, when we click the "ok" button and immediately think "oh, no". That would not be a problem because the copied rule is the same...
by pe1chl
Thu Nov 14, 2024 12:17 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

I don't see the advantage of creating an entry in disabled status. You can always click DISABLE when that is what you want. Main advantage is that when duplicate is created in disabled state, there's no way that it could disrupt anything. You can edit it and then enable. It cannot disrupt anything ...
by pe1chl
Wed Nov 13, 2024 7:06 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

I don't see the advantage of creating an entry in disabled status. You can always click DISABLE when that is what you want.
by pe1chl
Wed Nov 13, 2024 12:20 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Maybe a nice new feature in winbox would be a "save as new item" button which allows you to start editing something (not only a firewall rule) and then at the end decide that you in fact wanted to do a COPY, edit, and APPLY/SAVE instead?
by pe1chl
Wed Nov 13, 2024 12:17 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Duplicating same rule below the original would hardly disrupt anything. Other choice would be to make duplicate initially disabled. Actually, COPY does not create a new rule at all. It only copies the data from an existing rule in a new form, where you can edit it, and only when you click OK or APP...
by pe1chl
Tue Nov 12, 2024 7:38 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

+1... just generate a .png and display it.
by pe1chl
Tue Nov 12, 2024 6:14 pm
Forum: General
Topic: Cannot mark routing for outgoing IPsec ISAKMP traffic
Replies: 0
Views: 226

Cannot mark routing for outgoing IPsec ISAKMP traffic

I have a router with two internet connections, ISP1 and ISP2. There is a default route towards ISP1 in the main table, and additionally there are separate route tables for ISP1 and ISP2 with each a default route. There are mangle rules for prerouting and output which match on the statically assigned...
by pe1chl
Tue Nov 12, 2024 2:55 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

On Mac - If I copy an existing firewall rule, it is putting the copied rule right to the bottom of the list and not directly below it. I'm sire the previous v3 behaviour was to put it underneath but v4 is putting to the bottom. didn't half make me question myself earlier. Is this expected behaviour...
by pe1chl
Tue Nov 12, 2024 10:54 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Up to a point. The botnet on that article was composed by high end routers (CCR1036, CCR1072, CCR2004, CCR2116). Those have no firewall or protections whatsoever - since they are professional models. Yeah, that's makes the focus on device-mode so ridiculous - when devices use insecure protocols by ...
by pe1chl
Sat Nov 09, 2024 11:03 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Well, one thing is obvious: the issue you describe affects only you. Or else we would have seen many reports. I can only suggest that you /export your configuration ("/export show-sensitive file=anyname") and netinstall the router without default config and import that export connected via...
by pe1chl
Fri Nov 08, 2024 7:23 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

I think the intention was that with the new devicemode settings it would no longer be possible to change the "Boot device", not that an upgrade of the firmware would be blocked. Maybe auto-upgrade setting would need to be blocked, I'm not certain of that. But it isn't a good idea anymore t...
by pe1chl
Thu Nov 07, 2024 10:04 pm
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672415

Re: Feature requests

I agree, it would certainly be useful when there was some location (MikroTik or not) where one could pull ready-made containers for RouterOS for often requested additions! Especially when Docker containers are often only available for amd64 architecture, and may not be tailored to RouterOS use. Ther...
by pe1chl
Thu Nov 07, 2024 1:56 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

When you have advanced requirements you may want to consider winbox v3.
by pe1chl
Thu Nov 07, 2024 12:23 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Incompatibilities between WiFi access points and clients are something that every manufacturer is fighting with... The users ask for new features, better performance, more security, etc etc but expect that all their equipment, no matter if it is a brand new smartphone or a simple IoT device with an ...
by pe1chl
Wed Nov 06, 2024 2:18 pm
Forum: General
Topic: Loopback interface sending DHCP broadcasts [SOLVED]
Replies: 7
Views: 611

Re: Loopback interface sending DHCP broadcasts [SOLVED]

The addition of "detect internet" was an unfortunate decision some time ago, probably made in an attempt to make MikroTik routers easier to config (or even do full out-of-the-box automatic config). It basically failed to do so, and now what remains is mainly a nuisance. Unfortunately we ca...
by pe1chl
Tue Nov 05, 2024 5:25 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 974

Re: Why is there no decent security on FTP Server on MK?

They can easily roll out a OS version for the router and say that OS version xyz is the only OS supported for that specific device and the newer generations can use the NEWER versions of the OS that DOES include a SIMPLE feature like directory restrictions. I'd say that one of the very strong point...
by pe1chl
Tue Nov 05, 2024 5:11 pm
Forum: Beginner Basics
Topic: Testing mikrotik rb951g-2hnd with jperf and wifi Download over wifi is much slower than the upload
Replies: 4
Views: 988

Re: Testing mikrotik rb951g-2hnd with jperf and wifi Download over wifi is much slower than the upload

The speeds shown in that screenshot are quite typical for the RB951G-2HnD.
When you are looking for high performance, get a new router with 2G+5G and AC or AX WiFi.
by pe1chl
Tue Nov 05, 2024 5:06 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 974

Re: Why is there no decent security on FTP Server on MK?

It's an easy excuse say "MT does not deal in file services" but the reality is that they DO offer File services on the router through the USB port and therefore if one service like SMB can implement it and PureFTP or ProFTP can all implement something like this, it stands to reason that c...
by pe1chl
Tue Nov 05, 2024 2:01 pm
Forum: General
Topic: CCR2004-1G-2XS-PCIe causes INSTANT host crash when it's rebooted
Replies: 22
Views: 3590

Re: CCR2004-1G-2XS-PCIe causes INSTANT host crash when it's rebooted

In that machine, can you turn power off in the server via ILO with the CCR2004 still powered via standby power?
by pe1chl
Mon Nov 04, 2024 5:21 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

This kind if "invalid" packets is caused by the connection tracking entry in the router already removed, and the system (or the remote) still sending related traffic. It can even cause leaking of internal addresses because in that case the corresponding NAT action isn't performed either. I...
by pe1chl
Mon Nov 04, 2024 2:29 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Due to the number of fixes I updated from latest release 16.x to 17beta4. I am now seeing a lot (like thousands) of 'invalid' dropped packets on the firewall.
It helps to show a couple of example log lines. There are some different reasons why these appear.
by pe1chl
Mon Nov 04, 2024 2:28 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

For Mac users it started with macOS 11 about 4 years ago when this drastic "aesthetic user experience" change was introduced - item spacing on main menu bar and most window toolbars increased by almost 50%, most UI buttons lost their borders and all UI items lost their contrast. How this ...
by pe1chl
Sun Nov 03, 2024 11:54 am
Forum: General
Topic: IPSec VTI
Replies: 62
Views: 26267

Re: IPSec VTI

Any new information/feedback from mikrotik regarding this?
Yes, they told me it is not planned.
At the moment, there is no plan to add this functionality,., but we will see if it can be supported in the future.

That was in june 2024.
And that has been the status for at least 10 years now.
by pe1chl
Sat Nov 02, 2024 3:49 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Current situation is not usable for people doing mobile work on laptops - not even when laptop has high resolution screen. Ruining exsiting well-designed GUIs to unusable low-contrast no-borders style is the hype of today's design. Winbox is not even the worst example of that. And probably the moti...
by pe1chl
Sat Nov 02, 2024 3:47 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

I'm just getting very frustrated with the numberpad enter key being some sort of a clear command instead of enter. 'ping 192.168.1.5 numbpad-enter' clears the command 'ping 192.168.1.5 reguar-enter' works fine. PLEASE FIX It works OK here (on Linux). It may depend on the OS or the configuration. I ...
by pe1chl
Fri Nov 01, 2024 4:27 pm
Forum: Beginner Basics
Topic: How to add automatic address range from single IP
Replies: 12
Views: 1358

Re: How to add automatic address range from single IP

Unless you have a fast internet connection with a large subnet and a slow network behind that, it is mostly a waste of time.
You better spend your time on securing your services e.g. not putting services like SSH, telnet, RDP, winbox etc open on internet.
by pe1chl
Fri Nov 01, 2024 12:24 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

... or get a wider screen. On my 2560x1440 screen where I run winbox 3 at about 80% of the screen width, I have no issues with log messages.
And of course, it is always best to put log messages in files and/or on a syslog server as well, where you can go back in history, use grep to find things, etc.
by pe1chl
Thu Oct 31, 2024 8:04 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Did you ever test that working on older releases?
by pe1chl
Thu Oct 31, 2024 3:18 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

How can i check the process tree to see what is taking up memory ? Unfortunately there is no user-level tool to show that (like there is for processor usage). MikroTik claim that they can see it in a supout.rif. Of course you can upload a supout.rif to your account at mikrotik.com to show the conte...
by pe1chl
Tue Oct 29, 2024 8:30 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Instead of all these attempts to let the user find a clear spot, it would be better to have a spectrum analyzer that indicates signal and noise as function of the frequency (channel) and time, with some automated way to find the optimal channel.
(the competitor has it...)
by pe1chl
Mon Oct 28, 2024 5:28 pm
Forum: RouterBOARD hardware
Topic: CCR2004-1G-2XS-PCIe Feature Request
Replies: 7
Views: 2872

Re: CCR2004-1G-2XS-PCIe Feature Request

Well, at some point I would have been very interested when this router provided: - running independently from the host box (i.e. RouterOS can be rebooted without host reboot, host can be rebooted and even shut down without effect on CCR) - support for VMware ESXi. At that time the intention was to p...
by pe1chl
Mon Oct 28, 2024 2:34 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

For this functionality to work completely reliable and predictable, you would want to have a "reload" function for the workspaces. As it is now, when you have two simultaneous sessions sharing the same session/workspace file, and you make changes in one session, it is somewhat unpredictabl...
by pe1chl
Mon Oct 28, 2024 2:25 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

Yes bgp loaded with large routes can make the whole router get stuck (freeze) , even supout failed to be created, so its hard to explain this situation with MT, happen in 7. 16.1 and ticket has been created and still no answer. To be clear: my issues have nothing to do with large route tables. They...
by pe1chl
Sat Oct 26, 2024 4:27 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7881

Re: Newsletter #121 | October 2024

Would be nice if Mikrotik develops something like RB5009 but with only 2 SFP+ ports, one for Internet and other for local net that could be attached to SFP+ switch
Maybe a CCR2004-1G-2XS-PCIe in a case? (not sure if that board would work without being in a PCIe slot)
by pe1chl
Sat Oct 26, 2024 11:39 am
Forum: General
Topic: How to block YouTube effectively
Replies: 44
Views: 17860

Re: How to block YouTube effectively

The best solution for blocking sites is to realize that it isn't possible to do it at the technical level and has to be done at user policy level. "you get internet on your workplace and you are not allowed to use it to stream youtube for background music and video, if we find you doing that yo...
by pe1chl
Fri Oct 25, 2024 11:12 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7881

Re: Newsletter #121 | October 2024

I have encountered a case before where the Qualcomm datasheets indicates a capability for a chip, but the MikroTik product using the chip does not offer it. The "LHG 5 ac" uses the IPQ4018 which according to https://www.qualcomm.com/products/internet-of-things/networking/wi-fi-networks/ipq...
by pe1chl
Fri Oct 25, 2024 11:05 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

Yes there sure are terrible issues with BGP in current releases, but it is difficult to debug them. This week I had a case where one BGP peer connects, routes are received OK (remote is RouterOS v6 so none of that stupid "routes are sent only after one keepalive timer" rubbish), then after...
by pe1chl
Fri Oct 25, 2024 6:46 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7881

Re: Newsletter #121 | October 2024

Block Diagram is available:
It was added after the above remarks were made... but IPsec test results not yet, maybe they appear next week.
by pe1chl
Fri Oct 25, 2024 6:44 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7881

Re: Newsletter #121 | October 2024

Stretching for a use case, I suppose you could use this to create semi-airgapped small LANs off a big PoE core switch, as in a hotel where you want a small number of wired ports at the work table, without letting each room's users see devices in other rooms. THAT is their use case! Pop-and-Mom ISPs...
by pe1chl
Fri Oct 25, 2024 2:06 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Not too long ago, I had the opportunity to visit Mikrotik's office in Latvia on behalf of my company. I was welcomed by an official representative of Mikrotik, and the first thing he asked was about what we needed, what equipment we would like to see on the market, and what suggestions or ideas we ...
by pe1chl
Fri Oct 25, 2024 11:55 am
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7881

Re: Newsletter #121 | October 2024

The "hEX refresh" does not have IPsec test results, ... Not to downplay the importance of publishing IPsec results ... but lately they are becoming increasingly irrelevant. Most people are moving towards wireguard (and alikes), which AFAIK doesn't use IPsec HW offload. Maybe you and most ...
by pe1chl
Thu Oct 24, 2024 10:20 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7881

Re: Newsletter #121 | October 2024

The "hEX refresh" does not have IPsec test results, unlike its predecessor the RB750Gr3 which had quite impressive IPsec performance for its price and position in the product line. Does this mean "hEX refresh" does not have IPsec acceleration, and the "twice the performance ...
by pe1chl
Thu Oct 24, 2024 2:01 pm
Forum: General
Topic: BGP sessions close when another session to the same IP closes
Replies: 8
Views: 2141

Re: BGP sessions close when another session to the same IP closes

I have a ticket open since Jul 23 with ID SUP-159987 so you can also refer to that.
by pe1chl
Wed Oct 23, 2024 4:00 pm
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672415

Re: Feature requests

Please add the source IP to the message "ipsec,error payload missing: SA".
(the address where the packet was sent from that triggers the message)
by pe1chl
Wed Oct 23, 2024 4:00 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Please add the source IP to the message "ipsec,error payload missing: SA".
(the address where the packet was sent from that triggers the message)
by pe1chl
Wed Oct 23, 2024 3:59 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

So I wanted to add WPA3 to SSID 01 for testing. I tried to apply WPA3 via sec1 to it but for some reason it wouldn't apply the setting, i tried several times and restarted the router a few times as well. In the end the only way the WPA3 setting would apply was by doing it via each wifi interface ma...
by pe1chl
Wed Oct 23, 2024 12:52 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

t will override the selected security item. Some day I am going to file a feature request at Mikrotik support: "highlight overriden config values in export in different color". Or as a dedicated option in "print detail" or something. I've seen so many exports and always there ar...
by pe1chl
Wed Oct 23, 2024 12:45 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

It seems that there is difference between security. And SSID (on purpose?). I would always make one item (per SSID) in /interface/wifi/security and use that on all interfaces. Because when specifying security items on /interface/wifi explicitely, it will override the selected security item. When yo...
by pe1chl
Wed Oct 23, 2024 11:55 am
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 167
Views: 50976

Re: Feature Request: IPSEC Improvements

You do not need VTI to solve that problem! Simple GRE/IPsec tunnels and automatic routing will do it. Yes, and when you want to buy a new car, don´t do it. Buy an horse-drawn carriage you can reach your destination also. Sorry, but it makes no sense to always repeat 'use GRE/IPSec' when remote site...
by pe1chl
Wed Oct 23, 2024 11:03 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

Well, it is not surprising (to me) that it does not work. Maybe there has been a strange workaround in the network code that made it work before and is now removed? It is completely normal in Linux that the byte order is "wrong" when you look at the bare 32-bit address that way, at least w...
by pe1chl
Tue Oct 22, 2024 5:41 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

I did not test that yet, but is it really so that in the $ip variable a 32-bit numeric value is returned instead of a dotted quad string? And you could convert that to a string by adding 0.0.0.0 to it? I would expect a function like inet_ntoa() to be required for that conversion. The IP address will...
by pe1chl
Tue Oct 22, 2024 11:13 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Depending on what type of router you use (16MB flash toy or one with sufficient flash) you can also configure partitioning so you can always switch back to the previous install without hassle...
by pe1chl
Tue Oct 22, 2024 12:18 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Could we get address lists similar to interface lists where you first define a list and then add items to it? The ultimate goal is the ability to nest address lists. This could simplify my configurations immensely. That sure would have been better...and not only for address lists. But it seems that...
by pe1chl
Mon Oct 21, 2024 7:06 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

My routers do not receive internet routing tables but only a couple of local networks (company networks routed over VPN), but the problem is the same. It for sure is not related to large routing tables.
I have support ticket SUP-159987 open for it since 23/Jul/24 but there is no real progress...
by pe1chl
Mon Oct 21, 2024 10:49 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

What I suggest is "default" automatic update configured in devices as they come from the factory. In principle, everything is great: the “new” device should, for example, first be connected by the WAN port to the switch or current router and the firmware should be updated. After that - co...
by pe1chl
Sun Oct 20, 2024 9:15 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Honestly - do you know many home users who would ever update their router firmware at all? Any manufacturer. I haven't met any. And about the “forced” automatic update. Nobody ever suggested “forced” automatic update. What I suggest is "default" automatic update configured in devices as t...
by pe1chl
Sun Oct 20, 2024 6:47 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

pe1chl, automatic updates mean for the vendor: more, more and much more testing. You cant push out another "stable release" when there are millions of devices out there potentially to turn into bricks. As I explained in the previous iterations of this topic: there should be a separate cha...
by pe1chl
Sun Oct 20, 2024 12:40 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

I get the need to dial some things down, but for already-deployed devices, there's got to be a compromise. This affects far more devices than the partition issues do (hundreds vs. dozens for me, anyway). To be fair, I think Mikrotik is listening. The recent change on partitioning shows this. They w...
by pe1chl
Sun Oct 20, 2024 12:33 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

The issue described in https://forum.mikrotik.com/viewtopic.php?t=207022 has become much worse in 7.16 (BGP sessions close when another session closes) In previous versions it appeared to affect only BGP sessions with the same local IP, now it sometimes affects ALL sessions... When a peer on L2TP/I...
by pe1chl
Sat Oct 19, 2024 12:36 pm
Forum: General
Topic: Bridge IPv6 while routing IPv4
Replies: 18
Views: 11894

Re: Bridge IPv6 while routing IPv4

Well, after all that time there still are only two categories of ISP here:
- those that provide each customer with a /48
- those that do not have IPv6 at all.
So I would not want to claim "it became a norm".
by pe1chl
Fri Oct 18, 2024 11:29 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

I hope at some point some scheme will be found where users upgrading to new versions can keep the features they already had, while newly installed devices need the device-mode setting to get access to those features. (e.g. one of the many schemes proposed where one could set device-mode shortly afte...
by pe1chl
Fri Oct 18, 2024 5:40 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

@baragoon do you also notice during your debugging that the routes displayed are sometimes completely different from actually installed routes?
Or do you only use commandmode and no winbox? (probably it does not happen in commandmode)
by pe1chl
Fri Oct 18, 2024 5:29 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

!) device-mode - after upgrade, mode "enterprise" is renamed to "advanced" and bandwidth-test, traffic-gen, partition (command "repartition"), bootloader and downgrade features will be disabled; So that means /partitions/activate (changing active partition) will after ...
by pe1chl
Fri Oct 18, 2024 5:02 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Even for the useful RB750Gr3 there is now an announced replacement with 128MB flash! That I didn't know! Where is it? Great news, finally we are leaving the 16MB behind! There is a video on the MikroTik YouTube channel: https://www.youtube.com/watch?v=Zrzq_zPWoQ4 But it is not yet on the products l...
by pe1chl
Fri Oct 18, 2024 3:12 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

I fully agree! Every time a new feature is added, something else is broken, and we need another cycle to get that fixed. And all that while ready solutions with the same functionality already exist. The only work that would have to be done is the configuration interface -> mapping to configuration f...
by pe1chl
Fri Oct 18, 2024 2:23 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

It seems to me that Mikrotik would be better of stop trying to develop everything in house and use some opensource software like unbound/nsd for common tasks especially if they are licensed under some non prohibitive license like BSD in case of unbound...
+1
by pe1chl
Fri Oct 18, 2024 2:22 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

unbound is a recursive resolver. not an authorative dns. It has some limited features in that regard. The features are similar to what the current built-in MikroTik DNS resolver has, plus it can resolve from root servers. (and it supports DNSSEC, and it has a test suite, and it has developers who k...
by pe1chl
Fri Oct 18, 2024 2:21 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

unbound does not fit into 16mb flash by far. look at the unbound distroless docker images. The binary has at least 4mb+. given microtik has a lot of stuff developed in house (I am pretty sure they dont use any popular ssl library for example). It is all a matter of their limited storage they have o...
by pe1chl
Fri Oct 18, 2024 2:18 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

container and run whatever you like.
Except then you have no configuration user interface.
Still, it would be nice when someone with container experience would make a container with unbound for RouterOS.
by pe1chl
Fri Oct 18, 2024 10:44 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

Display of the routing table (IP->Routes) in Winbox (3.41) is quite unstable. After route changes have occurred (by BGP), the displayed routes often are just plain wrong. Nexthop is wrong, Immediate gateway is wrong, AS path is wrong. When winbox is closed and re-opened, it is correct again for that...
by pe1chl
Fri Oct 18, 2024 10:39 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

so we're far from a "real" DNS server. And, I'm sure others have their own DNS grips. MikroTik should offer "unbound" as an optional DNS resolver package (that replaces the internal one when installed), much like in v6 you could install an optional NTP client/server that would r...
by pe1chl
Thu Oct 17, 2024 4:31 pm
Forum: General
Topic: eBGP with several tunnels between routers
Replies: 1
Views: 417

Re: eBGP with several tunnels between routers

It seems it is quite unstable in 7.16 Arbitrarily, BGP links just get 0 prefixes. Also, the route display in winbox 3.41 is often wrong after the topology has changed. AS Path and Immediate gateway just show bogus results, and after Exit and Re-open winbox they are different. Sometimes when IP->Rout...
by pe1chl
Thu Oct 17, 2024 2:41 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Yes...I just used it as an example of a system that has issue tracking, threaded discussions. You do realize you don't have to post the source to track issues/feature requests and voting/discussions right ? There is already a system for this at https://help.mikrotik.com/servicedesk/servicedesk just...
by pe1chl
Wed Oct 16, 2024 12:08 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

It seems the physical dimensions of the unit are quite well-used.
If the performance of the antennas is optimal for this size is less easy to derive from photos.
But I can assure you that when you have an antenna that performs optimally at some physical size, shrinking it will ALWAYS make it worse.
by pe1chl
Wed Oct 16, 2024 11:41 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

Of course you should no longer buy devices that have only 16MB, it will be a dead-end. As long as there is no smaller variant of the CAP AX, people will continue to buy the CAP AC. The fact that smaller designs are possible is demonstrated by competitors. You can install AX hardware comparable to t...
by pe1chl
Wed Oct 16, 2024 11:38 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

We had MT officials here claiming several time it's to much effort for them to improve on this. So that's how it is and it will hardly change. I believe that, like any other company, Mikrotik is doing everything possible to achieve success. They are also targeting large enterprises with core networ...
by pe1chl
Tue Oct 15, 2024 7:37 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

Nothing stops anyone from stopping at 7.12 - I do in fact, until 16MB can be replace or netinstall'ed. On existing devices, yes. But when you buy new stuff, at some point it will come with a higher version and not allow downgrade. Of course you should no longer buy devices that have only 16MB, it w...
by pe1chl
Tue Oct 15, 2024 7:33 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

I am having same problem. How do I get the correct files for windows 7 ?
Upgrade Windows. The program is not compatible with Windows 7.
by pe1chl
Tue Oct 15, 2024 7:30 pm
Forum: Beginner Basics
Topic: Routing Policy Issue - Not Working as Expected
Replies: 15
Views: 1201

Re: Routing Policy Issue - Not Working as Expected

I can see it still MTs mangle route marking behave like [lookup] fallback to main if it can't find route it is looking for. leave ipv6 for now, just clarify one thing, why above example working two different way? what am i missing? I don't understand what you mean with "if it can't find route ...
by pe1chl
Tue Oct 15, 2024 11:40 am
Forum: Beginner Basics
Topic: Routing Policy Issue - Not Working as Expected
Replies: 15
Views: 1201

Re: Routing Policy Issue - Not Working as Expected

Concur, OP is confused or trying to follow to many guides and not really understanding what is being done in them. is there anyway to specify [lookup-only-in-table] in the mangle? MT's default behaviour is [lookup]. i want (scenario 2) to [lookup-only-in-table] not [lookup]. In version 6 it was [lo...
by pe1chl
Mon Oct 14, 2024 5:05 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16.1 [stable] is released!

*) bgp - fixed corrupted as-path when received update with empty AS_PATH attribute (introduced in v7.15);
Are you sure this problem has been completely fixed?
I am still seeing corrupted AS-PATH in a setup with mixed iBGP and eBGP... probably will try to switch to exclusive use of eBGP.
by pe1chl
Mon Oct 14, 2024 4:58 pm
Forum: General
Topic: eBGP with several tunnels between routers
Replies: 1
Views: 417

eBGP with several tunnels between routers

We are running a number of MikroTik routers in a central office and branch offices. There is a partial mesh of tunnels between the routers (branch offices all connect to central office but there are some tunnels between branch offices). Sometimes there are 3 tunnels between the same routers: one GRE...
by pe1chl
Fri Oct 04, 2024 3:50 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

We don't buy the toys that have only 16MB for business! And I (and others) have argued a lot against them. When I first bought MikroTik stuff it was devices like the RB2011 and I immediately partitioned it. Only later things have gone downhill with all those 16MB devices and the issues they caused (...
by pe1chl
Fri Oct 04, 2024 2:22 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

It looks like someone at MikroTik, maybe as part of a security meeting, has decided that there is a real risk that someone would obtain admin access to a device and then would want to have even more capabilities and would achieve that by downgrading RouterOS. While that undoubtedly has happened some...
by pe1chl
Fri Oct 04, 2024 2:07 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Rough timeline for v7.16 beta1 to v7.16 release was from June 5th to September 24th. Beta period can be considered grace period. I think you don't understand (just like you pretend to not understand ANYTHING in this matter) what a grace period would be. A useful grace period would be some time wher...
by pe1chl
Fri Oct 04, 2024 12:51 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

above quoted line from the manual > "you can use the "save config" button to copy it over to other partitions."" this can be done without any device mode changes, limitation only is applied to manual re-booting to other partition, if main one is still working You cannot &qu...
by pe1chl
Fri Oct 04, 2024 12:32 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Yes, that is also why I suggested that the device-mode settings are made available earlier than that they are enforced.
But Normis plays stupid and pretends he does not understand...
by pe1chl
Fri Oct 04, 2024 12:20 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

No, that is not true. The DNS resolver processes the entries from top to bottom (like the firewall) so you can have that config. I checked with the support: regexes are indeed processed first. Therefore the *\.home\.arpa$ regex of type NXDOMAIN will override non-regex entries regardless of its rela...
by pe1chl
Fri Oct 04, 2024 12:12 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

pe1chl, why is this so hard to understand? your complaint is about routerboot settings My complaint is NOT about routerboot settings!!! My complaint is about new device-mode settings that disable existing features that can only be re-established with physical access. In particular: routerboot setti...
by pe1chl
Fri Oct 04, 2024 11:28 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

/system/device-mode/update partition=yes expected end of command (line 1 column 28) you cannot. 7.16 does not know about device-mode "partition". Are you serious? I am directly answering your question about bootloader settings. If you are not interested in real answers, only trolling, you...
by pe1chl
Thu Oct 03, 2024 10:20 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

Success: CRS326 upgrade from 7.13 -> 7.16 Took 4 minutes before switch started pinging again. But you could upgrade your 7 year old switch to newly developed software in 2024! For most manufacturers your device would have been end-of-life with no new firmware releases, and at most a fix for a newly...
by pe1chl
Thu Oct 03, 2024 8:49 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

And even if it would exist: you would need to press button or power off. hahha
Well, at least we could plan that as a task to be performed during other visits to each location in the months before the upgrade.
by pe1chl
Thu Oct 03, 2024 6:21 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

It seems like nobody complaining about "bootloader" device-mode flag. Well, I don't really like that either. When I want to netinstall a device that is not completely dead, I use "try-ethernet-once-then-nand" mode to force it to go to netinstall, instead of fiddling with the but...
by pe1chl
Thu Oct 03, 2024 5:39 pm
Forum: General
Topic: TORCH CONFUSION
Replies: 15
Views: 9535

Re: TORCH CONFUSION

It looks like torch uses features like "connection tracking" to show source and destination of traffic, and the source and destination address actually refer to the side that has made the L3 connection, not to the L2 traffic you are torching. As such, it is difficult to predict what will b...
by pe1chl
Thu Oct 03, 2024 10:55 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Sorry I am a bit unclear about something regarding device mode. Is/will it become mandatory to use: device-mode is an existing feature that was introduced a couple of versions ago, and it provides a global enable/disable of features that are deemed to be "dangerous". Its most apparent use...
by pe1chl
Wed Oct 02, 2024 8:23 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

No, that is a bug. It is not related to the logging, it is just that you now see what is happening.
Ever since using v7 connected to v6 I have seen those issues...
by pe1chl
Wed Oct 02, 2024 8:21 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

That is not a bug, that is a feature of scaled displays. When you scale a single-pixel line by 150%, what else is it supposed to do than randomly making it 1 or 2 pixels thick?
by pe1chl
Wed Oct 02, 2024 1:52 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

@normis. This is not " your baseless complaints". Sorry to hurt your filings with my opinion as customer, to your new product. Well, it is baseless when it is a complaint about winbox functionality, as winbox is just a GUI on top of RouterOS functionality. I certainly see how MikroTik cou...
by pe1chl
Wed Oct 02, 2024 1:48 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

Does that also result in a BGP disconnect? In case BGP is running with 180s hold time it may be that the BGP session survives during the restart of a tunnel. In my case the downtime is too long for that (it is caused by scheduled restart of a 5G gateway to cover the daily change of IP by the mobile ...
by pe1chl
Wed Oct 02, 2024 1:13 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Well, that whole "it will reboot to change the setting" makes the whole thing even worse than it already is. Not only is it required to physically go to each router, and to connect to the CLI and issue the command and press the button, but also it will cause an interruption in the network ...
by pe1chl
Wed Oct 02, 2024 11:59 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

The message shown on CLI is quite clear and does not leave room for interpretations: update: please activate by turning power off or pressing reset or mode button in 4m27s Maybe for you? For me that is not clear. When I press reset or mode button, it will activate the setting. But will it also rebo...
by pe1chl
Wed Oct 02, 2024 11:57 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

So how about adding a kind of " grace period " for post-7.16 updates? The newly introduced device modes could be activated without physical interaction for a period of something like 24 hours after that update. If no action is taken in that time the modes become locked, just as they are n...
by pe1chl
Wed Oct 02, 2024 11:44 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

I don't know what you understood. In simple words: any change you make to device-mode settings can be either commited/confirmed by pusing reset-button or a cold reboot. Well, I should mention that I was quite surprised the first time when I confirmed a device mode change with pressing the reset but...
by pe1chl
Wed Oct 02, 2024 11:35 am
Forum: General
Topic: BGP sessions close when another session to the same IP closes
Replies: 8
Views: 2141

Re: BGP sessions close when another session to the same IP closes

Upgraded to 7.16 and now it has become much worse...
When a peer on L2TP/IPsec disconnects because their public IP has changed and they re-establish the L2TP/IPsec session, I have observed several times that all BGP sessions (15 total) go to Idle state and have to re-connect.
by pe1chl
Wed Oct 02, 2024 11:34 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

The issue described in https://forum.mikrotik.com/viewtopic.php?t=207022 has become much worse in 7.16 (BGP sessions close when another session closes) In previous versions it appeared to affect only BGP sessions with the same local IP, now it sometimes affects ALL sessions... When a peer on L2TP/IP...
by pe1chl
Tue Oct 01, 2024 7:58 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

I fully agree! I think that when an existing feature requires a new device-mode setting after an upgrade, the corresponding device-mode should be automatically set as part of the upgrade.
Only on new devices or after reset-to-defaults, a new device-mode regime should become active by default.
by pe1chl
Tue Oct 01, 2024 6:16 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Normally, partitioning works like this: you set the number of partitions to 2, the device will reboot and now you see 2 partitions, one is your running system and the other one is empty. Then you highlight part0 and choose "copy to" part1. After that you have two partitions that are the sa...
by pe1chl
Tue Oct 01, 2024 4:54 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

I sure hope there will be a clear explanation of what happens to existing devices that use those features, for all reasonable existing device-mode settings. E.g. in my devices, the setting is "enterprise" and on some of them "container: yes". After I upgrade to 7.17, will my part...
by pe1chl
Tue Oct 01, 2024 10:50 am
Forum: RouterOS beta
Topic: BGP prefix count in ROS 7.1 stable
Replies: 25
Views: 16838

Re: BGP prefix count in ROS 7.1 stable

Support personnel told me it wasn't possible in Winbox 3.x (suprises me...), and it would have to wait until a new Winbox is developed.
But now that there is a beta of Winbox 4, it still doesn't work!
by pe1chl
Tue Oct 01, 2024 10:48 am
Forum: Beginner Basics
Topic: Export configuration to other devices
Replies: 4
Views: 503

Re: Export configuration to other devices

Yes, in case you can have the same config on all your devices and can get them in a deployment center where they are experiencing their first powerup, that is an option too.

My remarks were mainly target at the issue of cloning an existing config into the new, more powerful device you just bought.
by pe1chl
Tue Oct 01, 2024 10:44 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

ofca, I understand your concern, but if you do not have any kind of backup access to these devices, how are you recovering in case of some failed upgrade? An alternative to push-button is cold reboot (power cycle). In case of some failed upgrade, I use "partitions" to recover. But you are...
by pe1chl
Tue Oct 01, 2024 10:40 am
Forum: Beginner Basics
Topic: How to add automatic address range from single IP
Replies: 12
Views: 1358

Re: How to add automatic address range from single IP

If someone is port scanning you then it's not really legitimate is it. You did not understand!!! When the VPS at IP address a.b.c.25 is scanning for ports and you block a.b.c.0/24 you also affect the legitimate webservice running at address a.b.c.86 that has nothing to do with the portscanning. You...
by pe1chl
Mon Sep 30, 2024 5:47 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

The firewall rules that I have added to catch such traffic still have hits, so I doubt it has been fixed...
by pe1chl
Mon Sep 30, 2024 5:44 pm
Forum: Beginner Basics
Topic: How to add automatic address range from single IP
Replies: 12
Views: 1358

Re: How to add automatic address range from single IP

My experience with this is that you will soon block subnets from cloud VPS services that host both legitimate webservices and "researchers" (or hackers) that use the VPS to scan for open ports. So your rules will surely block /24 networks but after shorter or longer time you will get compl...
by pe1chl
Mon Sep 30, 2024 4:23 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

I don't think we will get any further with that issue when people report it only like that.
Either make a ticket at the support system including your supout.rif or post the (possibly anonymized) export file.
I have several routers running 7.16 both at home and at work and I have not observed this.
by pe1chl
Mon Sep 30, 2024 4:01 pm
Forum: Beginner Basics
Topic: How to add automatic address range from single IP
Replies: 12
Views: 1358

Re: How to add automatic address range from single IP

You cannot do that from filter lists.
It also is not a good idea, in general.
You may inadvertently block legitimate traffic!
by pe1chl
Mon Sep 30, 2024 3:59 pm
Forum: General
Topic: How to force filter DNS
Replies: 4
Views: 413

Re: How to force filter DNS

That will not fully work anymore, as more and more devices use DoH and DoT to "work around" such admin intervention.
Also, users use "VPN services" to work around it.
by pe1chl
Mon Sep 30, 2024 3:58 pm
Forum: Beginner Basics
Topic: Export configuration to other devices
Replies: 4
Views: 503

Re: Export configuration to other devices

No, that is a bit lacking in MikroTik RouterOS, there is no easy way of cloning configurations. You can do an export to file and remove all config that has MAC address in it, and edit it so it can be imported to other devices. But you need to study what config is already present on those (default co...
by pe1chl
Mon Sep 30, 2024 11:55 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Not again something with the special character replacement in filenames?
by pe1chl
Sun Sep 29, 2024 2:28 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

Would be great if MikroTik had rDNS for DHCP clients, I miss being able to identify the clients making requests to my Adguard Home server. You can add a script that will be run when the DHCP server issues a lease, and in that script you can add a static DNS entry. Some people have done that and pub...
by pe1chl
Sun Sep 29, 2024 2:22 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

No, that is not true. The DNS resolver processes the entries from top to bottom (like the firewall) so you can have that config.
Of course the syntax of the wildcard record is wrong, it should have been: .*\.home\.arpa$
(it is a posix regexp which is different from the common filename regexp)
by pe1chl
Sat Sep 28, 2024 12:15 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

My RouterOS 7.15.3 was upgraded to version 7.16, and DNS functionality encountered issues: 1. Upgraded from version 7.15.3 to 7.16 using the /system package check-for-upgrade by winbox. 2. After the automatic reboot, an autoupgrade was generated, but the DNS dynamic servers were empty. However, bot...
by pe1chl
Sat Sep 28, 2024 11:05 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

*) health - removed board-temperature on RB5009UPr+S+IN device; why? Well, I noticed that the value is ridiculous. On most devices it is higher than CPU temperature, one one device even 10 degrees higher. Probably someone has researched that and concluded that the circuitry is wrong and the value c...
by pe1chl
Fri Sep 27, 2024 9:42 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 155980

Re: v7.17beta [testing] is released!

you will have to enable this feature with the button or a cold reboot (power unplug), then you can switch partitions again Sure, I got that... But devices are remote and I do not have physical access... Definitely something to be handled with care. I agree that this is BAD. I always put a second pa...
by pe1chl
Fri Sep 27, 2024 10:53 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

Hi We have updated all routers to 7.16 since Wednesday. Now we have the problem that the routers hang up after a while and no longer allow connections. The only thing that helps is a restart. Both CHR version and hardware such as RB5009UPr+S+. Does anyone have the same problem? No, don't have that ...
by pe1chl
Fri Sep 27, 2024 10:35 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

Ok thanks. But please also explain if "short circuit" is an undesirable condition for the router, or if it can just be in that state forever without any risk of damage, overheating, etc. I understand that the name gives an idea, that something is wrong, but that is literally what it is. A...
by pe1chl
Thu Sep 26, 2024 2:27 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

I wonder, as there are some hints about this in the release notes. Is Bridge IGMP/MLD snooping when using VLAN working now? It was broken until 7.15.1, especially when using IPv6, multicast packets got dropped by the bridge breaking RA and IPv6 autoconfiguration. Indeed I had issues with that, but ...
by pe1chl
Thu Sep 26, 2024 10:04 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

I had not, and now that I have upgraded it (from 7.15.3 to 7.16) the red warning indeed disappears. Thanks for the hint. What remains confusing is that in the log it says "ether5 detected poe-out status: wait_for_load" which is fine, but in the ethernet interface table it still says "...
by pe1chl
Wed Sep 25, 2024 11:22 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

@pe1chl Did you also upgrade FW on that device ? I've seen a similar report, I think, which was solved when fw was upgraded. I had not, and now that I have upgraded it (from 7.15.3 to 7.16) the red warning indeed disappears. Thanks for the hint. What remains confusing is that in the log it says &qu...
by pe1chl
Wed Sep 25, 2024 9:10 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

I have upgraded a couple of RB5009UPr+S+ routers (the PoE model) and I observe that on outputs that are configured for "auto on" but have a normal (non-PoE) device connected, a red " poe status: short circuit " is now being displayed in the interface->ethernet window. There alway...
by pe1chl
Wed Sep 25, 2024 8:59 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

That is only a "proposed standard" Proposed? Wow... You don't know what it means? Read RFC 2026. And why other recursive engines implement that? Are bind, unbound, knot, and others wrong following those recomendations? Anyone can implement it, but it is not mandatory. Maybe with regex in ...
by pe1chl
Wed Sep 25, 2024 8:53 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

That is only a "proposed standard", one of several that were made with the same objective. When you want to use that domain and don't want to leak it you can easily configure that yourself using a static record in the DNS resolver. What Mikrotik probably should implement is DNS forwarders...
by pe1chl
Wed Sep 25, 2024 11:08 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

".home.arpa" DNS queries are still being leaked to the WAN network and is not conform to rfc8375. Can it be fixed ASAP please? That is only a "proposed standard", one of several that were made with the same objective. When you want to use that domain and don't want to leak it yo...
by pe1chl
Tue Sep 24, 2024 8:52 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

What type of router do you have? Is it a CHR?
by pe1chl
Tue Sep 24, 2024 6:59 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

Please add to the "Before an upgrade:" section:
4) when upgrading a CHR, check that it has at least 1GB RAM allocated, and increase RAM before attempting upgrade.
(see SUP-161771)
by pe1chl
Tue Sep 24, 2024 2:48 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

Sorry, in my case I upgraded from 7.15.3 to 7.16
You need to file a bug in the support system: https://help.mikrotik.com/servicedesk
(when posting only here in the release topic it will probably not be noticed... unless a flood of such reports comes in)
by pe1chl
Tue Sep 24, 2024 2:14 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

I have downgraded to version 7.15.3 and still the same problem That is not an answer to the question above. Did you upgrade from 7.15.3 to 7.16 or did you try 7.16x versions in between? (beta,rc) There have been changes to PoE and they affect the programming of a PoE controller, downgrading does no...
by pe1chl
Tue Sep 24, 2024 12:26 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

When I wanted to juggle the wlan names in my 4011 (apparently the defaults have swapped) I noticed an issue with WDS. I don't use WDS, but there are two fields "WDS default cost" and "WDS cost range" that may be new. In the physical interfaces they were set to 100 and 50-150 resp...
by pe1chl
Tue Sep 24, 2024 11:46 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

All my static leases for other Mikrotik devices got messed up after update to 7.16. Switches and APs .Looks like the MAC on the bridges got reset somehow.
I don't see that issue here. MAC on bridges is still the Admin MAC that was set all the time (I think defconf now sets it as well).
by pe1chl
Tue Sep 24, 2024 11:30 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 458
Views: 149814

Re: v7.16 [stable] is released!

*) dhcpv4-server - added matcher ability to match substring; It would be even nicer when the matcher could match other DHCP request fields than options... E.g. the requester's MAC address. I would like to put IEEE-assigned MAC addresses in a different pool than Locally assigned ("random")...
by pe1chl
Mon Sep 23, 2024 11:40 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

*) dhcpv4-server - added matcher ability to match substring; It would be even nicer when the matcher could match other DHCP request fields than options... E.g. the requester's MAC address. I would like to put IEEE-assigned MAC addresses in a different pool than Locally assigned ("random")...
by pe1chl
Mon Sep 23, 2024 4:51 pm
Forum: Announcements
Topic: MikroTik Devices Controller
Replies: 374
Views: 259513

Re: MikroTik Devices Controller

The Dude has always been more or less in that status.
It would be better when it would be released as open source, so MikroTik would not have to work on it anymore and still it could be developed by enthousiast users.
by pe1chl
Mon Sep 23, 2024 4:49 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

In a reasonably configured company environment, running exe files from the download folder is not allowed...
by pe1chl
Mon Sep 23, 2024 4:37 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

According to changelogs (https://mikrotik.com/download/changelogs), development tree should be at 7.1rc7. That page is wrong. development is the same as testing now. Talking in account the quality of the releases, beta-versions should first got to development channel. RCs should go to testing chann...
by pe1chl
Mon Sep 23, 2024 2:20 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

It is very unlikely that an issue that affects clients with a certain manafacturer of wifi interface and a certain authentication protocol is caused by hardware issues on the AP side. This is 99% sure a driver issue. But, when we deployed a large WiFi installation using the competitor's (in the same...
by pe1chl
Mon Sep 23, 2024 10:47 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

More RCs increase the probability that 7.16.0 will be reasonably stable. I think this is better than having to wait for 7.16.1 or 7.16.2. In a critical environment you will have to do that anyway, as 7.16 will get much more exposure than any of the beta or rc releases and new problems will inevitab...
by pe1chl
Sun Sep 22, 2024 2:42 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

I have both a hAP ac2 where from the beginning wlan1 was 2GHz and wlan2 was 5GHz, and the 4011 where that always has been the other way around. It already caused problems when pasted my 2011 config because that had only 2GHz which was of course wlan1, so had to edit that config to wlan2. But now it ...
by pe1chl
Sun Sep 22, 2024 1:06 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

After upgrading my RB4011iGS+5HacQ2HnD from 7.15.1 to 7.16rc4 I noticed that apparently the default name of the wireless interfaces has been swapped. I am using the "wireless" package (with both versions) as I need the 2GHz WiFi to work. Until now, the wlan1 interface was 5GHz and the wlan...
by pe1chl
Sat Sep 21, 2024 11:33 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

As Winbox 4 is based on Qt... shouldn't it be possible to have more flexibility in theming/appearance compared to old platform? Yes, I would think so. Ideally there would be the capability of loadable skins like with Firefox. Lacking that, there should at least be the possibility of a "custom&...
by pe1chl
Sat Sep 21, 2024 10:39 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Well, I have wished for a long time that one could select a sub-queue in a queue tree based on the value of the packet priority field, instead of only on a packet mark, and it never happened. It should be possible as the "tc" command in Linux can do it, and it would save another step in pa...
by pe1chl
Fri Sep 20, 2024 10:40 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

All those manufacturers that make the routers that ISPs supply with the 1Gbps+ internet connections they deliver today. AVM, Arcadyan, Linksys, etc etc etc. Those are all CPE type routers. My main concern and use case is for Service Provider BNG's, terminating hundreds, thousands or tens of thousan...
by pe1chl
Thu Sep 19, 2024 5:25 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

The point is that when you use constructs that allow you to process a single stream of information in multiple threads, and also you need to guarantee that the processing is done in sequence, you are only wasting effort on thread synchronization that is not made up for in the increased performance o...
by pe1chl
Thu Sep 19, 2024 4:43 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

This "software based offload" looke like multithreading to me in this case... Multithreading is often not useful in these cases because at least a single connection will have to be processed in sequence. I.e. when you have a single PPPoE client connected to your ISP via a single network i...
by pe1chl
Thu Sep 19, 2024 4:41 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

I think we may be talking about different use cases.

Which other manufacturers and products are you comparing Mikrotik to ?
All those manufacturers that make the routers that ISPs supply with the 1Gbps+ internet connections they deliver today.
AVM, Arcadyan, Linksys, etc etc etc.
by pe1chl
Thu Sep 19, 2024 3:19 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

What is that even supposed to be, "software based offload"? What we have now is a situation where PPPoE client is handled in software. The ethernet frames are received just like IP, and then the PPPoE header is stripped off in software. It looks like this causes some load on the CPU limiti...
by pe1chl
Wed Sep 18, 2024 10:24 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Is it also on the todo list to have the service (and other services, e.g. NTP) on more than one VRF?
(like /ip dns set vrf=vrf1,vrf2,vrf3)
by pe1chl
Mon Sep 16, 2024 4:27 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Yes, the problem is related to XCB, but the component that issues the error message is the XCB handling module of QT. You can find it here:
https://github.com/qt/qtbase/blob/dev/s ... window.cpp
by pe1chl
Mon Sep 16, 2024 3:23 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

At home where I use a local X server it works OK, but at work I use a VM as Linux workstation via Xtightvnc (an X server that provides a "tightvnc" server that I connect from the Windows machine) and an issue occurs: Whenever I make a window larger, beyond some size it no longer re-draws, ...
by pe1chl
Mon Sep 16, 2024 10:43 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

You don't need to export it. Just find the old WinBox3 directory and move the files to the new WinBox4 directory and your saved routers will be shown. Import/Export is not needed in this case, as WinBox4 does not yet have any import button. But it is only the list of routers, not the saved sessions...
by pe1chl
Mon Sep 16, 2024 10:41 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

+1 for PPPoE. My CCR2116 maxes out at around 900MBps on my pppoe uplink.
And/or support of the hardware-accellerated PPPoE that some chips support (even low-end ones)...
by pe1chl
Sat Sep 14, 2024 11:23 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

The big problem with the VRF construct in RouterOS is that most of services that support VRF only support a single VRF. That may be OK for something like a management interface that you would want to have only on the management VRF, but for services like DNS resolver or NTP server which you would wa...
by pe1chl
Fri Sep 13, 2024 5:18 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

It means "listen for DNS queries on vrf=mgmtvrf", right? It does not determine where DNS queries are sent. Of course the right solution would be to have multiple DNS resolver instances that can all be set up differently... Even without VRF, I may want to have different external DNS servers...
by pe1chl
Thu Sep 12, 2024 7:52 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Interestingly, the same request is pending at the competitor for at least 3 years...
Start wondering if it may be technically difficult or impossible to get that information on the AP side...
by pe1chl
Thu Sep 12, 2024 1:48 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Version 7 does not do that anymore so that cannot be the cause... Anyway, that still is contrary to what the TCP RFC says. 'destination unreachable' should only terminate a new connection (SYN state), but when it occurs during a session it should be treated just like a timeout (no ACK received). Whe...
by pe1chl
Thu Sep 12, 2024 12:01 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Are there any plans to make the disconnect timeout settable? I would like to be able to keep a winbox session connected even when a remote router is unreachable for a minute or two (up to 3). That can happen when BGP re-routes failed links, when WiFi links change frequency due to DFS, or when a remo...
by pe1chl
Sat Sep 07, 2024 8:41 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

JSON and XML are just examples, I could have named INI format just as well.
The point is that I want to be able to view, diff, repair, store in a version control system, etc etc.
by pe1chl
Sat Sep 07, 2024 7:26 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Suggestions: - make the state files (settings, addresses, workspaces) human-readable e.g. by using JSON or XML format instead of binary This you and probably others suggested many times for years in Winbox release topics. It did not find an 👂 as they still opted for their proprietary binary Format....
by pe1chl
Sat Sep 07, 2024 4:22 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Suggestions:
- make the state files (settings, addresses, workspaces) human-readable e.g. by using JSON or XML format instead of binary
- make the location of workspace files configurable, including having files sent to the managed router itself (as a file in the flash)
by pe1chl
Sat Sep 07, 2024 4:14 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

I can't login to MikroTik with Woobm USB stick.
UPD: Woobm has always worked terribly
I think Woobm was a short-lived product that did not meet up to its expectations, it has been discontinued and probably is no longer really supported...
by pe1chl
Sat Sep 07, 2024 4:09 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

> Linux distribution users wish for better distribution methods (unclear, many say current way is OK!) I am dubious about "many" saying it "is OK!". You have to open the terminal and navigate to the extract location, to run the binary manually - this is definitely "not OK&q...
by pe1chl
Tue Sep 03, 2024 12:16 am
Forum: Wireless Networking
Topic: Recommendations for replacement for Ubiquiti Picostation
Replies: 13
Views: 1317

Re: Recommendations for replacement for Ubiquiti Picostation

Make sure you check if and how long they will be supported... "UniFi AP AC" is an ambiguous product designation, and some of the products with a name resembling that are out of support. Probably can be had for cheap.
by pe1chl
Sat Aug 31, 2024 4:20 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Good side: It does look modern I think that is the worst disadvantage. It is the same as in Windows: Windows UI visibility and usability peaked in the Windows 2000/XP days. Then it was easy to use, it had good contrast, and it was tweakable when you did not like things like colors, border width, et...
by pe1chl
Sat Aug 31, 2024 3:37 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

Please don't bring back the old UI. Just take all feedback/input and improve the UI. It is a progress. Let's do it. That seems to be the current way of thinking about development progress of UI. "here we have the new UI. we know it sucks and the old one was much more usable, but bear with us a...
by pe1chl
Fri Aug 30, 2024 6:24 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

When showing comments inline, please move comment column default position to the right as it was in winbox, instead of to the left as it is in webfig.
by pe1chl
Fri Aug 30, 2024 12:28 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

.viw2 files are again unreadable binaries.
Please change them to something human-readable like JSON or XML now that it is possible to do so without causing compatibility issues.
by pe1chl
Fri Aug 30, 2024 12:20 am
Forum: Wireless Networking
Topic: Recommendations for replacement for Ubiquiti Picostation
Replies: 13
Views: 1317

Re: Recommendations for replacement for Ubiquiti Picostation

I am happy with the RB5009UPr+S+IN I use it in several situations, e.g. to power 3-4 UBNT access points, one or two VoIP phones, a 5G gateway. Never ran into power limits, but there is a firmware bug between version 7.12.1 (where all was OK) and 7.16beta (where it was fixed) causing PoE issues. I go...
by pe1chl
Fri Aug 30, 2024 12:16 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 649
Views: 263706

Re: v7.15.3 [stable] is released!

+1
This kind of changes causes problems when importing older exports into devices with newer version.
(of course when upgrading a device there is automatic conversion)
It happened before e.g. with "/tool email set"
by pe1chl
Thu Aug 29, 2024 6:59 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1550
Views: 374254

Re: 📣 WinBox 4 is here 📣

First thing that I checked is if it now auto-refreshes the BGP sessions window (something that was said would be possible only in the next winbox version), but it doesn't :-(
by pe1chl
Thu Aug 29, 2024 6:50 pm
Forum: Wireless Networking
Topic: Recommendations for replacement for Ubiquiti Picostation
Replies: 13
Views: 1317

Re: Recommendations for replacement for Ubiquiti Picostation

The installation may be that old that it is better to replace everything, e.g. with a RB5009UPr+S+IN router that can power several access points with PoE+
But for passive PoE there are options like the new NetMetal ax (unbelievable that they release a new AP with passive PoE...)
by pe1chl
Thu Aug 29, 2024 4:40 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

I don't want to claim that it is smart to do that, but at least it offers the opportunity to work around some bugs, not only in the resolver but also sometimes in the DNS configuation on internet (e.g. some domain with a server that is no longer serving the domain). I usually set the cache for posit...
by pe1chl
Thu Aug 29, 2024 3:12 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

I can confirm. Negative answers are cached and live until you flush the cache. Of course, caching negative answers is "normal", but in most normal resolvers you can separately set the cache time for negative answers (so you can set it very low or 0). Still, this complicated handling of pr...
by pe1chl
Thu Aug 29, 2024 2:19 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 649
Views: 263706

Re: v7.15.3 [stable] is released!

1. i think NLRI does not apply inmediatly, resend/refresh on BGP session is neeeded to enable/disable NLRI or any changes to it 2. i have seen that NLRI does not drop /32 in ipv4 and/or /128 on ipv6 i dont know why, in mi case that is not a problem, i filter that routes Correct, I submitted the sam...
by pe1chl
Thu Aug 29, 2024 10:04 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

I'm still not sure if I should laugh or if I should cry...
by pe1chl
Wed Aug 28, 2024 2:28 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Indeed. Although sometimes MikroTik employees read the forum, they do not use it to collect information about problems and any problems reported (only) here rarely do end up being fixed.
by pe1chl
Wed Aug 28, 2024 12:10 pm
Forum: RouterBOARD hardware
Topic: PoE In and Out
Replies: 7
Views: 3743

Re: PoE In and Out

So if I understand correctly good PoE splitter will do what RB5009 can not? If I'l just put splitter in front of RB5009 and power it with DC from splitter it will be able to provide power to other PoE devices? Yes, you understand that correctly. A "PoE splitter" is just a passive device t...
by pe1chl
Wed Aug 28, 2024 10:40 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

I would guess a memory leak... but little that can be diagnosed after a reboot.
You could still send the supout.rif in a support ticket, they often claim they can see things there even after a crash/reboot.
by pe1chl
Tue Aug 27, 2024 8:02 pm
Forum: General
Topic: Firewall drop DHCP across EoIP
Replies: 27
Views: 2204

Re: Firewall drop DHCP across EoIP

There are some users "advertising" the solutions they made for MikroTik monitoring, but of course it is always a bit different from what you would have wanted. As a programmer, I wrote these things using Perl and a Perl Library for MikroTik API use. But of course, Perl is already considere...
by pe1chl
Tue Aug 27, 2024 5:58 pm
Forum: General
Topic: Firewall drop DHCP across EoIP
Replies: 27
Views: 2204

Re: Firewall drop DHCP across EoIP

For that function I use API to retrieve things like ARP table, DHCP leases. On a central Linux system I run scheduled jobs that connect to all routers in the network to collect this information and store it in a database, and have a webpage where I get a list of all IP addresses, MAC addresses, host...
by pe1chl
Tue Aug 27, 2024 3:26 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

7.16r2 'stops routing' on an RB4011. can't ping out from the device, but winbox works. unfortunately this was in production and I couldn't pull support files. Not really useful when there is no info at all about what e.g. the previous installed version was, and what kind of configuration it is runn...
by pe1chl
Tue Aug 27, 2024 10:35 am
Forum: General
Topic: Firewall drop DHCP across EoIP
Replies: 27
Views: 2204

Re: Firewall drop DHCP across EoIP

... but the other direction of the problem is much worse. I really would like to set parameters like a connection timeout and the behavior on "unreachable" replies. When you have a complex network (as described above) and some changes are made to tunnels, it may take some time before the r...
by pe1chl
Tue Aug 27, 2024 12:10 am
Forum: General
Topic: RB5009 reboots after removing USB modem
Replies: 4
Views: 1359

Re: RB5009 reboots after removing USB modem

For me, after upgrading to 7.15.3 or 7.16beta it has not happened again...
by pe1chl
Mon Aug 26, 2024 10:33 am
Forum: General
Topic: Firewall drop DHCP across EoIP
Replies: 27
Views: 2204

Re: Firewall drop DHCP across EoIP

Sure it is convenient that EoIP transports L2 and thus it may be attractive that routers appear in the Neighbors list or in RoMON, but you should be aware that EoIP is still dependent on IP and so when you do something that would make your router inaccessible in an IP network, would probably still m...
by pe1chl
Sun Aug 25, 2024 1:59 pm
Forum: General
Topic: Firewall drop DHCP across EoIP
Replies: 27
Views: 2204

Re: Firewall drop DHCP across EoIP

I obviously don't have a firm grasp of what is going on, but I am concerned about this unnecessary DHCP traffic over the Wireguard and/or EoIP connections. That is why I am concerned about your network design involving many EoIP connections in a bridge. This DHCP issue is only the first one you not...
by pe1chl
Sun Aug 25, 2024 11:47 am
Forum: Useful user articles
Topic: There is no indication when connecting the router to the computer
Replies: 14
Views: 4752

Re: There is no indication when connecting the router to the computer

Then it is not going to work.
At least not until you locate that power supply and PoE inserter that you left in the old apartment.
by pe1chl
Sun Aug 25, 2024 11:46 am
Forum: General
Topic: Forwarding IPv6 traffic based on source IP
Replies: 11
Views: 1317

Re: Forwarding IPv6 traffic based on source IP

I think they are already aware of this but as with all IPv6 features/bugs it has low priority "because nobody uses IPv6".
by pe1chl
Sun Aug 25, 2024 11:44 am
Forum: Virtualization
Topic: Admin user permissions issue with new CHR install on proxmox
Replies: 5
Views: 1252

Re: Admin user permissions issue with new CHR install on proxmox

You need to understand that MikroTik routers, and especially the CHR and CCR, are for network experts. These two models come completely without configuration and you need to setup your own firewall rules. Other models have a default firewall ruleset that you found, but when you blindly apply it to a...
by pe1chl
Sat Aug 24, 2024 3:44 pm
Forum: Useful user articles
Topic: There is no indication when connecting the router to the computer
Replies: 14
Views: 4752

Re: There is no indication when connecting the router to the computer

I really don't have it right now. But as far as I remember, only the patch cord was used during the first setup. And when working, only the patch cord was also connected. Do you think PoE inserter is vital for configuring the router again? Did you get that MikroTik device from some ISP or from the ...
by pe1chl
Sat Aug 24, 2024 1:48 pm
Forum: General
Topic: Firewall drop DHCP across EoIP
Replies: 27
Views: 2204

Re: Firewall drop DHCP across EoIP

When you do have "a bridge with many EoIP interfaces", and it is not some temporary solution e.g. to support a move of equipment to another location or some other kind of migration, you REALLY need to re-think your network design!
This is not something you want to have in the long run.
by pe1chl
Sat Aug 24, 2024 1:43 pm
Forum: Useful user articles
Topic: There is no indication when connecting the router to the computer
Replies: 14
Views: 4752

Re: There is no indication when connecting the router to the computer

The powersupply is connected to a separate widget (the "PoE inserter") further down the network cable.
Maybe you forgot to bring it when moving?
by pe1chl
Sat Aug 24, 2024 11:04 am
Forum: General
Topic: Forwarding IPv6 traffic based on source IP
Replies: 11
Views: 1317

Re: Forwarding IPv6 traffic based on source IP

Well, it depends on your standpoint. I think it would be clearer when it always worked this way, also for IPv4. You put a mark on the packet, and then you map that mark to a table. But in IPv4 it automatically does that, and people got used to it. (and the names "routing-mark" and "ro...
by pe1chl
Sat Aug 24, 2024 11:01 am
Forum: Virtualization
Topic: Admin user permissions issue with new CHR install on proxmox
Replies: 5
Views: 1252

Re: Admin user permissions issue with new CHR install on proxmox

Apparently you have created a group "admin" that has less permissions than the group "full", and you made "admin" member of that group instead of its default group "full". Now you have locked yourself out! (at least out of creating new users) This is terminal....
by pe1chl
Sat Aug 24, 2024 10:57 am
Forum: Useful user articles
Topic: There is no indication when connecting the router to the computer
Replies: 14
Views: 4752

Re: There is no indication when connecting the router to the computer

Make sure you are using the correct powersupply with the unit, maybe it got swapped with something else during your move?
Also, being disconnected from the power is often when powersupplies that already are failing do finally die.
So it may be that it is defective now.
by pe1chl
Sat Aug 24, 2024 10:50 am
Forum: General
Topic: Forwarding IPv6 traffic based on source IP
Replies: 11
Views: 1317

Re: Forwarding IPv6 traffic based on source IP

There is a bug in the routing mark handling for IPv6 (or for IPv4, depending on how you look at it).
But for routing marks in IPv6 to work you still have to have a routing rule that maps them to a routing table.
Like:
/routing rule
add action=lookup disabled=no routing-mark=ISP1 table=ISP1
by pe1chl
Fri Aug 23, 2024 5:50 pm
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672415

Re: Feature requests

Linux (systemd-networkd): just use "IPv6PrivacyExtensions=true" and done.
It is on by default in systems like Windows, Android, iOS, etc.
by pe1chl
Fri Aug 23, 2024 3:45 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 649
Views: 263706

Re: v7.15.3 [stable] is released!

*) bgp - correctly synchronize input.accept-nlri address list; What does this change mean? In the past I have configured an input.accept-nlri on one peer, referring to an address list that has a single /16 entry, and I think at that time it meant that all subnets WITHIN that /16 (so also e.g. a /24...
by pe1chl
Fri Aug 23, 2024 3:35 pm
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672415

Re: Feature requests

It seems Karl has gotten a bit behind the times...
Not only does he not know how to spell SLAAC, he also does not know about "Privacy Extensions for IPv6 SLAAC".
It is a problem that has been solved long ago, even without his input.
by pe1chl
Thu Aug 22, 2024 2:31 pm
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672415

Re: Feature requests

3) Logs - Show the action taken on a firewall rule. The current format is esoteric and needs you to rely on giving meaningful log prefixes so that you know if it was dropped, accepted, whatever True. I don't mind that much that you need to put the action taken in a log prefix, but I do want to have...
by pe1chl
Thu Aug 22, 2024 2:24 pm
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672415

Re: Feature requests

4) I find that I can't really trust exports & backups. Just today I noticed user accounts missing which are critical for access, and certs can be a pain You are right, it is a real pain that users and certificates are not included in /exports, not even with show-sensitive or other options! That...
by pe1chl
Tue Aug 20, 2024 9:04 am
Forum: General
Topic: Occasional FIN or RST packet showing up on WAN from my private subnets
Replies: 9
Views: 1007

Re: Occasional FIN or RST packet showing up on WAN from my private subnets

Well, it is a decades long standing bug in the Linux kernel. Probably the maintainers argue it is not a bug but a fact of life, or they want to optimize for performance rather than for such things. Fact of the matter is that tracking entries for closed connections are deleted too soon. After a FIN h...
by pe1chl
Sun Aug 18, 2024 12:08 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Usually when a bug like that is solved, you will see a line like "improved system stability when smb is used with encryption".
As long as it is not there, it is safest to assume it has not yet been solved.
by pe1chl
Sat Aug 17, 2024 10:40 am
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Yes, it looks like there is some issue with updating of the MAC table. Probably the switches do not send MAC table updates around when they observe a new MAC incoming on some port, and it had seen before on another port, without link down/up event. Only after the MAC entry times out, it is being ref...
by pe1chl
Fri Aug 16, 2024 11:46 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

FYI: MLAG issue: two CRS317 in MLAG, with ESX hosts dual connected to CRS317 (not LACP, but having ESX decide which switch to send traffic based on the port up status, and the MAC address of the VM). Are you sure you want to configure MLAG for that? I think in this config you should just plug the t...
by pe1chl
Fri Aug 16, 2024 9:44 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

One problem that has been in RouterOS v7 for some time and is still in 7.16rc2 is that when a BGP session is established, the routes are not exchanged until after one "keepalive" time. (initially there is the Open message received and sent, but no routes are established, then after the kee...
by pe1chl
Thu Aug 15, 2024 6:00 pm
Forum: RouterBOARD hardware
Topic: RBM33G + 5G
Replies: 67
Views: 21892

Re: RBM33G + 5G

I would hope that MikroTik some time releases a semi-outdoor device that provides 5G connection as delivered...
(i.e. without having to find modems and adapters etc to build something)
There are already some 4G devices like that.
by pe1chl
Thu Aug 15, 2024 10:30 am
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672415

Re: Feature requests

On the Products page of the website, improve the "filter" section to serve as a product selector. Ideally, all features available across all models would have a section or checkmark there. Like: - number of ethernet ports and their speed - RAM size - Flash size - CPU architecture - CPU per...
by pe1chl
Wed Aug 14, 2024 11:04 am
Forum: General
Topic: Site-to-Site-Tunnel with one site using dynamic IPv4 [SOLVED]
Replies: 32
Views: 9843

Re: Site-to-Site-Tunnel with one site using dynamic IPv4 [SOLVED]

@pe1chl, AFAIK NordVPN only offers bare IPsec so the OP has no choice here.
Ok I thought the topic was "a simple Site2Site-Connection using two MikroTik-Routers" "with one site using dynamic IPv4". Maybe it shifted somewhere.
by pe1chl
Wed Aug 14, 2024 9:39 am
Forum: General
Topic: Site-to-Site-Tunnel with one site using dynamic IPv4 [SOLVED]
Replies: 32
Views: 9843

Re: Site-to-Site-Tunnel with one site using dynamic IPv4 [SOLVED]

Why do you stick so vigorously to the Site2Site tunnel instead of trying the L2TP/IPsec tunnel that I suggested and that cleanly solves all your issues without additional tricks?
by pe1chl
Tue Aug 13, 2024 6:11 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Upgraded a CHR from 7.16beta1 to 7.16rc1 Result: lost extra routing table and all BGP configuration (maybe second is caused by first). Support told me that this happened because the VM memory was still at 256MB (which was the result of deploying the VM with the 7.15.1 .ova file and then upgrading i...
by pe1chl
Tue Aug 13, 2024 4:40 pm
Forum: Beginner Basics
Topic: 2VLANs + L2/L3 setup
Replies: 8
Views: 1823

Re: 2VLANs + L2/L3 setup

The issue is likely due to misconfiguration, it works on MikroTik but it requires some study of how to configure VLANs, which can be done in a couple of different ways. When you do not want to invent time in that you can buy another device, but unless you have experience with the configuration metho...
by pe1chl
Tue Aug 13, 2024 2:03 pm
Forum: Beginner Basics
Topic: 2VLANs + L2/L3 setup
Replies: 8
Views: 1823

Re: 2VLANs + L2/L3 setup

Well, considering the age of this unit it certainly is questionable if you want to spend much effort on it. That would only be useful when you consider using MikroTik equipment in other places of your network, and want to build experience. There is documentation about VLAN config in help.mikrotik.co...
by pe1chl
Tue Aug 13, 2024 9:11 am
Forum: General
Topic: Security: Android phones connecting to port 80 on the gateway
Replies: 1
Views: 990

Re: Security: Android phones connecting to port 80 on the gateway

Yes, I noticed that too (also because I block access to the management ports from the WiFi network). It is strange, because I already added the DHCP option add code=114 name=no-captive-portal value=\ "'urn:ietf:params:capport:unrestricted'" which tells the users there is no captive portal ...
by pe1chl
Tue Aug 13, 2024 12:07 am
Forum: Beginner Basics
Topic: 2VLANs + L2/L3 setup
Replies: 8
Views: 1823

Re: 2VLANs + L2/L3 setup

You should be able to set an IP address on each of the VLAN interfaces, but of course it works only when the bridge config allows traffic to and from some port, and you test from that port. When you use the default firewall you may also need to add the VLAN interfaces to the LAN interface list. Sett...
by pe1chl
Mon Aug 12, 2024 7:03 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

If i understand correct, can i use this commands as a kind of whitelist?
-faxxe
You would expect that to work, but the bug reported here is that it does not work (in this version).
by pe1chl
Mon Aug 12, 2024 6:13 pm
Forum: RouterBOARD hardware
Topic: Two RB5009UPr+S+ with 10C degrees difference, same location
Replies: 1
Views: 1342

Re: Two RB5009UPr+S+ with 10C degrees difference, same location

I think the sensors are not very accurate. I see quite some difference as well, although I have no two of them in the same location so until now I believed they would really be at different temperature...
by pe1chl
Mon Aug 12, 2024 6:10 pm
Forum: Beginner Basics
Topic: 2VLANs + L2/L3 setup
Replies: 8
Views: 1823

Re: 2VLANs + L2/L3 setup

Post your (anonymized) /export of the config.
by pe1chl
Mon Aug 12, 2024 3:30 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Indeed, pe1chl. As I understand it, regardless of order , NXDOMAIN should overrule anything. It says basically the domain does not exist, so it makes no sense to look further. IMHO it is a bug when NXDOMAIN records exist but other records are considered instead. In fact a huge bug. This "fix&q...
by pe1chl
Mon Aug 12, 2024 2:29 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Well, your opinion. RFC 1034 is what is relevant. https://www.ietf.org/rfc/rfc1034.txt The order of RRs in a set is not significant, and need not be preserved by name servers, resolvers, or other parts of the DNS. That is something different! It specifies the order of the data in the DNS reply, not...
by pe1chl
Mon Aug 12, 2024 2:28 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Here is the example code I’m referring to: /ip dns static add name=adservice.google.com type=NXDOMAIN add forward-to=dns.google regexp="(\\.|^)google\\.com\$" type=FWD I wonder why you use a regexp match instead of an explicit match for google.com + the setting "match subdomain"...
by pe1chl
Sun Aug 11, 2024 12:39 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Why is so hard for MT to make a real stable system, compare with cisco, juniper, even vyos, its suppose have a very powerfull cpu right? With so many rams and cpus Kernel panic Unstable bgp Suddenly Reboot by watchdog. Thx Compare the price of these products and you know! Also note that with MikroT...
by pe1chl
Sat Aug 10, 2024 7:01 pm
Forum: Beginner Basics
Topic: VLAN - SrcNat needed for some devices. Why?
Replies: 3
Views: 901

Re: VLAN - SrcNat needed for some devices. Why?

You must make sure that the internet interface is the only interface in list WAN, and that the VLAN interfaces are in list LAN.
It can also be that there is a firewall in the devices itself that limits access to the web interface to devices on the same network.
by pe1chl
Sat Aug 10, 2024 6:58 pm
Forum: Beginner Basics
Topic: lot of sites dont load on the first try
Replies: 16
Views: 2486

Re: lot of sites dont load on the first try

Well, the reason I bring this up is that when you have a partly working IPv6 configuration (addresses are defined but routing does not work) you may observe the behavior that you complain about....
But apparently it is something else.
Almost impossible to debug such issues from remote.
by pe1chl
Sat Aug 10, 2024 3:36 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 117499

Re: v7.16rc [testing] is released!

Reasons to move to new kernel versions include: - major new features that have been added and are not so easily "backported" to the kernel you use - drivers from manufacturers, maybe in binary form, that are not compatible with an older kernel - not wanting to track each and every patch to...
by pe1chl
Sat Aug 10, 2024 3:30 pm
Forum: General
Topic: PoE limit to 200mbps
Replies: 30
Views: 2760

Re: PoE limit to 200mbps

"speed=100Mbps" does not matter, it is only "the speed when autonegation would be turned off". Obviously you have autonegotiation enabled (you should always have that unless you connect equipment more than 30 years old) and thus the link autonegotiates to 1Gbps Full Duplex. The P...
by pe1chl
Sat Aug 10, 2024 1:13 pm
Forum: General
Topic: PoE limit to 200mbps
Replies: 30
Views: 2760

Re: PoE limit to 200mbps

What do you EXACTLY mean with "the POE"?
  • 1
  • 2
  • 3
  • 4
  • 5
  • 42