Community discussions

Search found 30 matches

by Micat
Wed Sep 19, 2018 1:15 am
Forum: Beginner Basics
Topic: WiFi disappears until reboot
Replies: 0
Views: 267

WiFi disappears until reboot

Router works flawlessly per wire, but WLAN signal disappears sometimes and never appears again. In order to restore it I should reboot router. There is no regular behavioral pattern. I have never had any WLAN problems withh any other routers, even with DLink DIR320. 2011UiAS-2HnD with RouterOS 6.43....
by Micat
Wed Sep 19, 2018 1:09 am
Forum: Beginner Basics
Topic: WinBox disconnects when DHCP address is leased
Replies: 1
Views: 255

WinBox disconnects when DHCP address is leased

Several years ago I noticed that after some RouterOS upgrade WinBox started to disconnect suddenly. Now it seems that I found regular dependence: When any client is connecting to the router and gets IP address per DHCP, WinBox is disconnected. Lease time doesn't have any influence. Any fixes? Router...
by Micat
Fri Jun 10, 2016 11:32 am
Forum: General
Topic: Static DNS and CNAME?
Replies: 8
Views: 7076

Re: Static DNS and CNAME?

You need to point original site to some proxy (for example, nginx) — it is done by A record, so RouterOS can do this for a long time now; then redirect user's browser to mirror site. PROFIT.
You are right.
by Micat
Thu Jun 09, 2016 9:30 pm
Forum: General
Topic: Static DNS and CNAME?
Replies: 8
Views: 7076

Re: Static DNS and CNAME?

An example: lurkmore.to is blocked in my country, but there are several mirrors, for example lurkmo.re All the results found by Goodle lead to lurkmore.to Both lurkmore.to and lurkmo.re work through CloudFlare, so both result in the same IP address. The only difference by which CloudFlare (and my pr...
by Micat
Fri May 20, 2016 1:31 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 156
Views: 45377

Re: Feature request - DNSCrypt support...

I vote for DNSCrypt
by Micat
Sat Apr 30, 2016 1:59 pm
Forum: General
Topic: Force HTTPS for some web sites
Replies: 7
Views: 1926

Re: Force HTTPS for some web sites

It looks like the redirect URL is pretty much limited to the function of showing a custom "Access denied" page - unless it lets you put tokens in there or something. Yes, it seems that I should make a separate "Redirector" nettop. A web app that does the task can be pretty simple. I can even put it...
by Micat
Fri Apr 29, 2016 8:57 pm
Forum: General
Topic: Force HTTPS for some web sites
Replies: 7
Views: 1926

Re: Force HTTPS for some web sites

I discovered that proxy answers with 307 (moved temporarily) instead of 301 (moved permanently) and also can't redirect to https. If I enter "https://thesite" in redirect-to parameter, it redirects "http://thesite" to "http://https://thesite". Also when I tell it to redirect "site1" to "site2" it do...
by Micat
Mon Mar 21, 2016 8:25 am
Forum: General
Topic: Limit working time for specific web site
Replies: 1
Views: 363

Limit working time for specific web site

Currently I have one firewall rule that blocks all the outgoing traffic to IP addresses from "block-out" list. In this list there are three address ranges which I would like to enable/disable on some triggers. I would like to prevent excessive usage of a web site to which all three ranges belong (i....
by Micat
Fri Mar 04, 2016 8:25 pm
Forum: General
Topic: Force HTTPS for some web sites
Replies: 7
Views: 1926

Re: Force HTTPS for some web sites

Thank you for the detailed answer.
by Micat
Fri Mar 04, 2016 5:26 pm
Forum: General
Topic: Force HTTPS for some web sites
Replies: 7
Views: 1926

Re: Force HTTPS for some web sites

It should be enough to answer with 301 code with an https-based URL.
by Micat
Fri Mar 04, 2016 4:01 pm
Forum: General
Topic: Force HTTPS for some web sites
Replies: 7
Views: 1926

Force HTTPS for some web sites

There is a need to redirect HTTP to HTTPS for some web sites. Is this possible to do using RouterOS?
by Micat
Wed Mar 02, 2016 11:10 am
Forum: Beginner Basics
Topic: RB2011 - WAN (ether1) LED is constantly blinking
Replies: 5
Views: 936

Re: RB2011 - WAN (ether1) LED is constantly blinking

Check if port 1 is set as the master port. It is not joined with any ports (the default configuration). If it is it will explain the blinking if there is no cables plugged in It blinks when the ISP cable is plugged in. if not then the port is most probably dead. It cannot be dead because all my Int...
by Micat
Wed Feb 24, 2016 9:49 pm
Forum: Beginner Basics
Topic: RB2011 - WAN (ether1) LED is constantly blinking
Replies: 5
Views: 936

Re:

Is there anything connected? From outside, on ISP side? I don't know. I think, there is a switch for several neighbor clients like me. There might be discovery traffic for example. Check torch... Thank you for the idea. Torch showed me some activity on the interface. The most frequent activity is: ...
by Micat
Wed Feb 24, 2016 6:19 pm
Forum: Beginner Basics
Topic: RB2011 - WAN (ether1) LED is constantly blinking
Replies: 5
Views: 936

RB2011 - WAN (ether1) LED is constantly blinking

RB2011 - WAN (ether1) LED is constantly blinking even if there are no connections from LAN. How to see / debug what is being transfered?
by Micat
Fri Jan 08, 2016 9:10 pm
Forum: Beginner Basics
Topic: L2TP IPsec doesn't work from other city
Replies: 4
Views: 1744

L2TP IPsec doesn't work from other city

I have a well working L2TP IPsec connection from any mobile or desktop client to my RB2011UiAS-2HnD-IN (RouterOS v6.30.2). It works when I connect through any mobile or stationary ISP within my city. The log looks approximately so: ipsec, error key length mismatched, mine:128 peer:256. ipsec, error ...
by Micat
Wed Nov 11, 2015 6:46 pm
Forum: General
Topic: VPN for specific web sites against censorship
Replies: 1
Views: 304

VPN for specific web sites against censorship

Day by day the Web censorship in my country gains its strength. The obvious solution is to use VPN, but it slows down the connection and harmlessness of public VPN services can't be guaranteed. So I thought following solution out: The router will access most of web sites in a conventional way, but w...
by Micat
Sat Aug 08, 2015 9:23 am
Forum: General
Topic: Wireless clients slow to dhcp address on all MT versions
Replies: 5
Views: 2412

Re: Wireless clients slow to dhcp address on all MT versions

if you use input rules on firewall, allow input for port 67 and 68 UDP The delay is still present. When turning phone's WiFi on, it waits several seconds on "getting IP address" phase, and finally, when address is got, rule's counter is incremented. is your DHCP server acting on a bridge interface ...
by Micat
Fri Jul 24, 2015 2:25 pm
Forum: General
Topic: Wireless clients slow to dhcp address on all MT versions
Replies: 5
Views: 2412

Re:

Enable authoritative in DHCP server:
/ip dhcp-server set <name> authoritative=yes
My server has authoritative=yes, but still getting of an addres for WiFi client is slow.
by Micat
Mon Jul 20, 2015 9:08 pm
Forum: General
Topic: Fully transparent Hairpin NAT
Replies: 10
Views: 4497

Re: Fully transparent Hairpin NAT

Hi, I tried the same thing with the NAT rule described here. It doesn't work. Asked several times for help finding a solution but never got one. I think it's just not working with the Mikrotik stuff on a bridge. Too bad, I found that a lot of things that are very easy to setup with Cisco stuff (if ...
by Micat
Tue Jun 23, 2015 4:30 pm
Forum: General
Topic: HTTP redirect with RouterOS
Replies: 0
Views: 647

HTTP redirect with RouterOS

One website is blocked by ISP, but it has several working aliases. So, when found links like http://site1/article I can type http://site2/article and it works. However, a static DNS entry for site1 doesn't solve the issue because site2 refuses requests using IP-address only. The URL should start wit...
by Micat
Sun Jun 21, 2015 11:01 pm
Forum: Wireless Networking
Topic: WiFi issue with Samsung S4 on RB2011UAS-2HnD-IN
Replies: 9
Views: 6758

Re: WiFi issue with Samsung S4 on RB2011UAS-2HnD-IN

RB2011UAS-2HnD-IN, RouterOS v6.29.1, Samsung Galaxy SII with Android 4.1.2, firmware I9100XXLS8. Connects to RB 2-3 times longer than to any other access point and then, if the phone was laying with the screen turned off on timeout, can't communicate over network although WiFi state is "connected". ...
by Micat
Fri Jun 19, 2015 5:42 pm
Forum: General
Topic: Supout.rif contains sensitive data
Replies: 7
Views: 1072

Re: Supout.rif contains sensitive data

supout.rif file is voluntarily shared with mikrotik support, so we can help you. if you think that you can't trust us with your public IP, I don't think we can help I can send any non-sensitive information on demand by myself. Public IP isn't the greatest problem. I was displeased when found my VPN...
by Micat
Fri Jun 19, 2015 3:09 pm
Forum: General
Topic: Supout.rif contains sensitive data
Replies: 7
Views: 1072

Supout.rif contains sensitive data

* admin new name in logs * Your external IP address * Structure of your network (IP and MAC addresses), especially when you use static DHCP * NAT configuration listing all the opened ports * VPN logins and passwords in unencrypted form (passwords should be stored as hashes, even in the device, and s...
by Micat
Thu Jun 18, 2015 9:59 pm
Forum: General
Topic: Fully transparent Hairpin NAT
Replies: 10
Views: 4497

Re: Fully transparent Hairpin NAT

I created an empty NAT rule with "chain" parameter only: [code]chain=srcnat action=log protocol=tcp log=no log-prefix="HumbleRule"[/code] And it does not fire when I access my router from inside by LAN address or by WAN address! It fires only when I request some data from Internet. The only thing ap...
by Micat
Thu Jun 18, 2015 6:08 pm
Forum: General
Topic: Fully transparent Hairpin NAT
Replies: 10
Views: 4497

Re: Fully transparent Hairpin NAT

That may or may not be part of the problem, but it would be the first thing I would correct. Your internal subnet should be somewhere in either 192.168.0.0/16, 172.16.0.0/12, or 10.0.0.0/8 space.
I changed to 192.168.1.0/24, but NAT Loopback still doesn't work.
by Micat
Thu Jun 18, 2015 11:53 am
Forum: General
Topic: Fully transparent Hairpin NAT
Replies: 10
Views: 4497

Re: Fully transparent Hairpin NAT

Don't overthink it - you only need a single NAT rule, but it needs to be the first. Here is what I use: add action=masquerade chain=srcnat dst-address=192.168.88.0/24 out-interface=lan0 src-address=192.168.88.0/24 So, very simply.. src-address and dst-address are both your LAN subnet. out-interface...
by Micat
Thu Jun 18, 2015 2:59 am
Forum: General
Topic: Fully transparent Hairpin NAT
Replies: 10
Views: 4497

Fully transparent Hairpin NAT

All the examples of Hairpin NAT seen by me involve working on specific TCP port and mentioning specific internal IP (not having to say that they didn't work for me). I would like to make a fully transparent one. It means: When I request an IP address currently assigned to ether1 (should not matter -...
by Micat
Tue Jun 16, 2015 11:00 am
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN and USB connected APC Back UPS CS 500
Replies: 2
Views: 1075

Re: RB2011UiAS-2HnD-IN and USB connected APC Back UPS CS 500

Thank you for reply. You need SmartUPS for this. Are you sure? From RouterOS manual: "The UPS monitor feature works with APC UPS units that support “smart” signalling over serial RS232 or USB connection" My UPS does support some kind of smart signalling, but a reduced set of commands. For example it...
by Micat
Tue Jun 16, 2015 1:15 am
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN and USB connected APC Back UPS CS 500
Replies: 2
Views: 1075

RB2011UiAS-2HnD-IN and USB connected APC Back UPS CS 500

The Hardware: RB2011UiAS-2HnD-IN, RouterOS v6.29.1 APC Back UPS CS 500 USB OTG cable that came with RB USB to 8P8C cable that came with UPS When I plug the UPS into RB's USB, I can see it in /system resource usb . Moreover, when I play with plugging-unplugging the UPS, it appears and disappears in /...
by Micat
Fri Jun 12, 2015 4:31 pm
Forum: Wireless Networking
Topic: Atheros AR9285 can't connect to N-olly network with hidden SSID
Replies: 0
Views: 618

Atheros AR9285 can't connect to N-olly network with hidden SSID

Devices used: - RB2011UiAS-2HnD-IN, RouterOS to v6.29.1. - Toshiba Satellite U500-1F4 with Atheros AR9285 wireless adapter. - Other Wi-Fi devices, such as Galaxy SII phone and Toshiba Satellite A300-20Q (all N-capable). There is one wireless network configured with hidden SSID. Wireless connection i...