MikroTik

Pea

This is not a bug, it tells you that you must install DHCP package now, read carefully the change list:
*) upgrade - made security package depend on DHCP package

Pea

I do not know if this is the best, but it is reliable and simple wireless connection with Mikrotik on both ends: On your Mikrotik AP_01: /interface wireless set mode=ap-bridge ssid=YOUR-SSID wds-default-bridge=bridge-local wds-mode=static-mesh /interface wireless wds add disabled=no master-interface...

Pea

*) capsman - always accept connections from loopback address; Hi, I tested but I still need input firewall rule to accept router IP to get working CAP on the same board as CAPsMAN: /ip firewall filter add action=accept chain=input protocol=udp dst-address="router IP" src-address="router IP" /caps-ma...

Pea

We're in 2019 and mobile operators sell 50GB/month for 5€, who needs hotspots anymore?

And which mobile operators?

Czech Vodafone 50GB for about 97€/month

Pea

1) Do not use space in SSID, do "ScottsTest" or "Scotts-Test" (iOS devices had problem with space in SSID, this could be the case) 2) try band=5ghz- a/n/ac 3) try authentication-types=wpa 2 -psk and mode=dynamic-keys 4) try preamble-mode= both or reset wireless to default and then connect and only t...

Pea

1) update RouterOS
2) your firewall is open and wrong on input chain
3) rework your firewall in style: accept only needed, drop all else

Or do "/ip firewall export" or better "/export hide-sensitive" and post here for advises (screenshot is not sufficient)

Pea

1) The Band/Frequency will be different in both configurations 2) The Hw. Supported Modes (you can use gn for 2.4GHz or ac for 5GHz) and Master Configuration will be different in both provisionings Based on those provisioning rules will CAPsMAN send correct configuration to CAP interface. Example: /...

Pea

Make 2 configurations (2.4 and 5GHz) for 2 provisioning rules with different hw-supported-modes=

Pea

Push-button WPS seems secure, but the vulnerability being that anyone with physical access to the AP could push the button and connect, even if they didn't know the Wi-Fi pass.

Pea

You need to define which interface to set:

/interface wireless set wlan1 wps-mode=push-button

Recommendation: Do not use insecure WPS and keep it disabled.

Pea

For home use with public IP you normally get few thousands hits per month.
Try instead of your final drop rule use this reject rule and see if hits get reduced after time:

add action=reject chain=input reject-with=icmp-admin-prohibited

Pea

Always use latest version, only for specific needs:
https://download.mikrotik.com/routeros/ ... winbox.exe

Pea

I never had roaming station on WDS link.
But I guess it should be possible to set AP with wds-mode=dynamic-mesh which allows WDS links with devices (mode=station-wds) by creating required entries dynamically.

Pea

Maybe this helps:

/interface wireless info country-info japan

Pea

Connect your hAPlite by WDS to your router. Then all should work the same as cable connection.

Pea

/ip dhcp-server lease add address=10.0.0.1 mac-address=XX:XX:XX:XX:XX:XX ... /ip firewall address-list add address=10.0.0.1 list="my known devices" ... /ip firewall nat add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address-list="my known devices" to-addresses=1.1.1.1 add action=dst-n...

Pea

Yes, these are 2 different things:
1) RouterOS update - go to "System/Packages" menu, click on "Check for Updates"
2) Firmware (bootloader) upgrade - go to "System/Routerboard" menu and click "Upgrade"
The version number of Router OS and Firmware is synchronised now.

Pea

1. Do not open SSH and Winbox to wild internet (use e.g. address list, VPN, port knock)
2. Use Fast track for better throughput https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack
3. Consider router upgrade

Pea

viewtopic.php?f=2&t=139351&p=707934#p707934

Pea

*) All tests are done with Xena Networks specialized test equipment (XenaBay),and done according to RFC2544 (Xena2544) Max throughput is determined with 30+ second attempts with 0,1% packet loss tolerance in 64, 512, 1518 byte packet sizes Test results show device maximum performance, and are reache...

Pea

Black tape is your friend to reduce LED brightness of whatever anytime

Pea

RB951G-2HnD: https://mikrotik.com/product/RB951G-2Hn ... estresults
hAP ac²: https://mikrotik.com/product/hap_ac2#fndtn-testresults

Pea

Maybe Fasttrack rule missing in your firewall?
https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack

/ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related
/ip firewall filter add chain=forward action=accept connection-state=established,related

Pea

Your firmware is already upgraded. Move on.

Pea

Did you change this?

You need to use Station pseudo bridge

Pea

Factory Firmware is what was originally loaded at factory. You can ignore this. Installed version is under Current Firmware.

Pea

IMHO it's not illegal to change a MAC address.
It's only illegal to change a MAC address to do something illegal.

Pea

Both options are possible, but this is my point of view: 2.4GHz indoor PtP: will reach longer distance and through more obstacles, only one 2.4GHz channel occupied by the link 5GHz indoor PtP: better throughput, but on longer distance or more walls weak signal, two 2.4GHz channels occupied by APs fo...

Pea

local-forwarding=no => the interface is part of bridge on the CAPsMAN, the interface shows as disabled on CAP
local-forwarding=yes => the interface stays as part of bridge on the CAP

Pea

First connect by laptop and login with username and password.
Then change your Mikrotik wlan1 MAC to your laptop MAC.
And then try to connect your Mikrotik as client to the wifi network.

Pea

For best performance I recommend to connect both by Ethernet cable if somehow possible.
Or upgrade to dual band routers and use 2.4GHz only to connect both wirelessly and use the 5GHz for wifi sharing.

Pea

Did you read the website briefly?
There is no reason to worry if you are an Internet user without your own domain name. This change is affecting you only indirectly and you do not need to take any other steps.

Pea

Try this:

Create a new configuration for the VirtualAP

Specify the new configuration in Provisioning rule as Slave configuration

Remove all CAP interfaces

Initiate Manual Provisioning on all the CAPs

Pea

Did you try to reset to factory default and test? What was the result?
You are connected via 2.4GHz or 5GHz?
Did you try to change channel?

Pea

Remote device keep on auto, it will act as client and take frequency from AP. If you do not have any 802.11b only device (and you probably don't) try this: /interface wireless set band=2ghz-g/n channel-width=20mhz bridge-mode=disabled country="your country" distance=indoors frequency-mode=regulatory...

Pea

https://youtu.be/rnMy_ffvskQ?t=239

Pea

Sure, WPA2-PSK as security profile and optionally disable PMKID. Simplified description: Run your secured WiFi normally on your router, add settings for WDS, add static WDS interface with MAC of second device. On other device start without any setup. Add bridge and DHCP client on bridge. Add securit...

Pea

You can use your wlan1 as WAN port and wireless mode station-pseudobridge on remote Mikrotik. Do not forget to synchronise time of remote device. Or below is what I use reliably with Mikrotik on both ends: On your Mikrotik router /interface wireless set mode=ap-bridge ssid=YOUR-SSID wds-default-brid...

Pea

Use manually non DSF channel (5200, 5220 or 5240). Problem solved.

Pea

You can try latest ROS beta which likely do not need below workaround anymore (I did not test this yet): *) capsman - always accept connections from loopback address; Otherwise this should fix it: /capsman manager interface set [find default=yes] forbid=no add forbid=yes interface=(here put interfac...

Pea

The CAPsMAN takes care about wifi1 and/or wifi2 interfaces only. The rest of functionality and interfaces you can use and configure as you like.

Pea

3) The worst: this is not documented anywhere besides user forums (it should be on CAPsMan manual to prevent people be fighting hours with something that isn´t going to work) https://wiki.mikrotik.com/wiki/Manual:Simple_CAPsMAN_setup#CAP_in_CAPsMAN But I agree that having firewall rule for CAP on C...

Pea

forgot to mention that this is one room condition - both phones, laptop and router are in one room max 3m away.

Ideal situation. Why you even use 2.4GHz? Stay with 5GHz only and problem solved.

Pea

This depends on your firewall rules. By default this is filtered.

Pea

Other option would be to setup different SSID for 5GHz. And never connect phone to your 2.4GHz

Pea

redirect - replaces destination port of an IP packet to one specified by to-ports parameter and destination address to one of the router's local addresses

Pea

The 802.11n prohibits using high throughput with WEP or TKIP as the unicast cipher. If you use these encryption methods (for example, WEP, WPA-TKIP), your data rate will drop to 54 Mbps.
Use only WPA2-AES for full 802.11n speed.

Pea

For standard home use you can remove safely all files and folders from File List
(flash folder cannot be removed but all sub folders yes)

Pea

There should be <1ms for ping even over wifi. What are you getting?

Pea

try to reboot first to clean some memory...

Search found 176 matches