Community discussions

Search found 573 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 12
by nescafe2002
Fri Mar 22, 2019 3:01 pm
Forum: Scripting
Topic: /export file=[/system identity get name];
Replies: 3
Views: 404

Re: /export file=[/system identity get name];

Same what?

Please show exactly what command you are running, what you expected to see/happen and what happens instead.

Include terminal output or screen dump when applicable.


What happens when you run
:put [ /system identity get name ]
in console?
by nescafe2002
Fri Mar 22, 2019 3:00 pm
Forum: General
Topic: Get router serial number script
Replies: 2
Views: 165

Re: Get router serial number script

:put [ /system routerboard get serial-number ]

Prints serial number when run in terminal.

https://wiki.mikrotik.com/wiki/Manual:S ... l_commands
Command: put
Syntax: :put <expression>
Description: put supplied argument to console
by nescafe2002
Thu Mar 21, 2019 7:52 pm
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 28
Views: 4829

Re: v6.43.13 [long-term] is released!

viewtopic.php?f=2&t=139091&p=685725#p685742

Make a new user, then re-login. There are big security changes in last versions, rename is no longer possible.
by nescafe2002
Tue Mar 19, 2019 7:09 am
Forum: General
Topic: Delete me, all sorted, thank you. Support@mikrotik.com please respond,
Replies: 3
Views: 261

Re: Support@mikrotik.com please respond

Did you get an auto-reply? If yes, just wait. If not, resend mail (perhaps using another mail service, e.g. Gmail works fine).
by nescafe2002
Mon Mar 18, 2019 9:40 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 399

Re: Block port tcp/udp

Note that port 5060 could by opened on your providers modem/router. We are in an audit process and this port is reported as unsafe. For this reason I want to close. # feb/18/2019 15:07:29 by RouterOS 6.32.3 Better look for another auditor if they didn't mention anything about your ROS version. You s...
by nescafe2002
Mon Mar 18, 2019 3:38 pm
Forum: Wireless Networking
Topic: CAP ac
Replies: 8
Views: 663

Re: CAP ac

If you reset the device to CAP mode, the admin mac is set automatically. You can verify this by checking the default configuration script: [admin@MikroTik] > /system default-configuration print caps-mode-script: #------------------------------------------------------------------------------- # Note:...
by nescafe2002
Mon Mar 18, 2019 1:27 pm
Forum: General
Topic: Access to IMAP
Replies: 2
Views: 121

Re: Access to IMAP

You need to apply hairpin nat OR add a local static dns entry pointing to your internal server.

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by nescafe2002
Sun Mar 17, 2019 9:15 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 324
Views: 63271

Re: Winbox vulnerability: please upgrade

:)

And Hannah25 is not even a real person, just a spam bot copying this post ( viewtopic.php?t=137572&start=200#p686945 ) and coming back later to edit in some spam links.
by nescafe2002
Fri Mar 15, 2019 10:20 pm
Forum: General
Topic: RB750Gr3 keeps ARP scanning constantly
Replies: 2
Views: 174

Re: RB750Gr3 keeps ARP scanning constantly

Have you enabled internet detect? Try disabling it. If not, post config ( /export hide-sensitive )
by nescafe2002
Fri Mar 15, 2019 11:44 am
Forum: RouterBOARD hardware
Topic: SFP Connection with DAC Optical
Replies: 1
Views: 120

Re: SFP Connection with DAC Optical

Use another DAC. https://mikrotik.com/product/s_ao0005 5m SFP+ 10Gbps Active Optics direct attach cable. This is highly cost-effective way to connect two SFP/SFP+ devices for very short distances, within racks and across adjacent racks. It works with all our products with SFP/SFP+ ports, including n...
by nescafe2002
Tue Mar 12, 2019 9:44 pm
Forum: General
Topic: CAP Wifi devices doesn't see each other
Replies: 1
Views: 77

Re: CAP Wifi devices doesn't see each other

https://wiki.mikrotik.com/wiki/Manual:CAPsMAN#Master_Configuration_Profiles datapath.client-to-client-forwarding (yes | no; Default: no ) controls if client-to-client forwarding between wireless clients connected to interface should be allowed, in local forwarding mode this function is performed by ...
by nescafe2002
Mon Mar 11, 2019 1:54 pm
Forum: Wireless Networking
Topic: 10Gb on RB2011 - bad idea?
Replies: 6
Views: 319

Re: 10Gb on RB2011 - bad idea?

Im not sure why this question gets posted here 1:1, after it was already answered on reddit:
It is a spamming account. Posts get edited and filled with spam links after a while.
by nescafe2002
Fri Mar 08, 2019 12:51 am
Forum: General
Topic: SSTP Server, does it REALLY work for anyone??
Replies: 7
Views: 266

Re: SSTP Server, does it REALLY work for anyone??

There is very useful information on the wifi, have you tried that? https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP#Application_Examples Please share your config ( /export hide-sensitive ) if you are stuck. Which clients are connecting? (Multiple sstp tunnels and road warrior setups running fine...
by nescafe2002
Wed Mar 06, 2019 7:31 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 25
Views: 4429

Re: DHCP Offering Lease Without Success

Have you tried disabling STP on bridge? And did you report this issue to support?
by nescafe2002
Wed Mar 06, 2019 1:02 pm
Forum: Wireless Networking
Topic: Hap ac2 poe
Replies: 2
Views: 160

Re: Hap ac2 poe

http://poe-world.com/Calculator/

iexplore_2019-03-06_11-57-26.png
2019-03-06_11-58-44.png

PoE in input Voltage 18-28 V

Voltage is OK but you should consider buying a 1.2A adapter.
by nescafe2002
Sun Mar 03, 2019 6:07 pm
Forum: Scripting
Topic: copy DHCP leases to ARP script
Replies: 2
Views: 138

Re: copy DHCP leases to ARP script

Why don't you use the built in "add-arp" setting? https://forum.mikrotik.com/viewtopic.php?t=87889#p442251 If you enabled this option, and set the interface ARP setting to "reply-only", it will mean that only DHCP clients will be able to access your network, statically configured IP addresses will n...
by nescafe2002
Sun Mar 03, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: Does an RB4011iGS+RM support a S-RJ01?
Replies: 8
Views: 529

Re: Does an RB4011iGS+RM support a S-RJ01?

The S-RJ01 is compatible with the RB4011, but will not operate at rate 1000, 100 or 10.

https://wiki.mikrotik.com/wiki/MikroTik ... ble#S-RJ01

So.. not supported I guess?

2019-03-03_13-47-36.png
by nescafe2002
Thu Feb 28, 2019 5:46 pm
Forum: General
Topic: Service Ports in red
Replies: 12
Views: 513

Re: Service Ports in red

Undo that change, because enabling the firewall helper service won't activate the actual service.

Enable logging for topic tftp and disable/enable tftp rule. Check the log. Is the server starting?
by nescafe2002
Wed Feb 27, 2019 5:29 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

The dhcp package is mandatory, as mentioned in change log, but you should be able to delete / disable any dhcp servers or clients.

What's new in 6.44 (2019-Feb-25 14:11):

Changes in this release:

*) upgrade - made security package depend on DHCP package
by nescafe2002
Wed Feb 27, 2019 5:23 pm
Forum: General
Topic: Service Ports in red
Replies: 12
Views: 513

Re: Service Ports in red

You have to enable connection tracking if you want to enable firewall service ports.

Note that these are ip service helpers, usually for NAT, not the actual services.

So it doesn't make sense to enable these helpers if you aren't natting or filtering.
by nescafe2002
Wed Feb 27, 2019 4:55 pm
Forum: General
Topic: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?
Replies: 19
Views: 2068

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

You are considering buying a new device because it cannot saturate the connection using the built-in bandwith tester? Even though RB3011 can handle 1Gpbs NAT traffic easily? Keep in mind that the device has to actually generate the traffic and cannot use any of the hardware offload functions, theref...
by nescafe2002
Wed Feb 27, 2019 1:30 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

ROS 6.44. When exporting
/ip neighbor discovery-settings
, inversion is not taken into account. Be careful!
ROS_6.44_neighbor.jpg

This is strictly spoken not a 6.44 issue, as the problem exists in 6.43 as well. You are welcome to report it, with supout.rif, to support.
by nescafe2002
Wed Feb 27, 2019 12:10 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 445
Views: 103426

Re: RouterOS v7.0 beta1 - when?

In that case, please do not say V7 but instead say: Some version we might release in the (probably distant) future

Really?
by nescafe2002
Tue Feb 26, 2019 5:37 pm
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 24
Views: 2989

Re: NEW Public Bandwith Test Server

Reset to default configuration & got a fresh ip :) RB4011 @ 1Gbps [admin@MikroTik] > /tool bandwidth-test 87.121.0.45 user=neterra password=neterra direction=both ;;; results can be limited by cpu, note that traffic generation/termination performance might not be representative of forwarding perform...
by nescafe2002
Tue Feb 26, 2019 4:03 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

I updated and my coffee machine started smoking.
by nescafe2002
Tue Feb 26, 2019 5:14 am
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 24
Views: 2989

Re: NEW Public Bandwith Test Server

Works fine here: RB3011 @ 500Mbps [admin@MikroTik] > /tool bandwidth-test 87.121.0.45 user=neterra password=neterra direction=both status: running duration: 57s tx-current: 543.9Mbps tx-10-second-average: 543.6Mbps tx-total-average: 456.1Mbps rx-current: 543.6Mbps rx-10-second-average: 543.5Mbps rx-...
by nescafe2002
Tue Feb 19, 2019 12:14 am
Forum: Beginner Basics
Topic: Large number of UDP broadcasts coming with Win10 client
Replies: 2
Views: 187

Re: Large number of UDP broadcasts coming with Win10 client

See: https://wiki.mikrotik.com/wiki/Manual:I ... _and_ports

UDP/20561 is used for MAC winbox connection.

It uses broadcasts to be able to connect to RB on L2 (no IP address required).

By connecting to IP address instead you will eliminate these broadcasts.
by nescafe2002
Mon Feb 18, 2019 11:09 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 10217

Re: v6.44rc [testing] is released!

Screenshots 1 shows ipsec policy template, screenshot 2 shows ipsec policy (not a template).
by nescafe2002
Mon Feb 18, 2019 10:46 am
Forum: RouterBOARD hardware
Topic: RB4011iGS+ and a Genexis GPON [SOLVED]
Replies: 3
Views: 382

Re: RB4011iGS+ and a Genexis GPON [SOLVED]

Try the new rc (switch to testing channel), it has better support for 1Gbit SFP:


https://mikrotik.com/download/changelog ... lease-tree

What's new in 6.44rc1 (2019-Feb-15 07:12):

*) rb4011 - improved SFP+ interface linking to 1Gbps;
by nescafe2002
Sat Feb 16, 2019 6:49 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: RB4011 - SFP Link Flapping once per second
Replies: 3
Views: 392

Re: RB4011 - SFP Link Flapping once per second

Switch to testing channel. 6.44beta/rc handles SFP much better on RB4011.

viewtopic.php?f=21&t=139057&p=709663#p709663
What's new in 6.44beta61 (2019-Jan-17 13:24):

Changes in this release:

*) rb4011 - improved SFP+ interface linking to 1Gbps;
by nescafe2002
Sat Feb 16, 2019 3:00 pm
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 376

Re: mikrotik wrong username or password

You are correct :)
by nescafe2002
Sat Feb 16, 2019 1:56 pm
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 376

Re: mikrotik wrong username or password

WinBox v3.18 doesn't connect to RB with empty password out-of-the box.

Just login via WebFig / SSH / telnet and set a password (may even be empty).



WinBox login w/o password seems to works fine..
by nescafe2002
Sat Feb 16, 2019 10:35 am
Forum: General
Topic: DIY Hosting/Nameserver DNS forwarding
Replies: 7
Views: 389

Re: DIY Hosting/Nameserver DNS forwarding

Newer default configuration make use of interface lists, the provided example will work fine on recent configs.

If you don't have interface lists, we can only guess. Post config ( /export hide-sensitive ) or adept example to your liking.
by nescafe2002
Sat Feb 16, 2019 10:32 am
Forum: Beginner Basics
Topic: Finding a firewalled connection [SOLVED]
Replies: 4
Views: 325

Re: Finding a firewalled connection [SOLVED]

Do a Torch on the interface and you will see which host/protocol/port causes the most traffic.

You can enable logging on the specific rule, to memory will be fine for a limited time period.
by nescafe2002
Fri Feb 15, 2019 10:44 pm
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 10217

Re: v6.44rc [testing] is released!

Reporting on forum again won't help much.

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
by nescafe2002
Fri Feb 15, 2019 3:04 pm
Forum: Beginner Basics
Topic: Drop all and accept some ports
Replies: 8
Views: 346

Re: Drop all and accept some ports

You need to accept established connections in forward chain, then you can remove all reverse logic rules again. Now, everyone can reach your private network as long as they're using source port 80,443/tcp or 53/udp. Take a look at the default firewall, which is a good entry point anyway. Make sure i...
by nescafe2002
Fri Feb 15, 2019 11:12 am
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 3
Views: 236

Re: Outgoing SSH traffic is blocked

Please update your router first, following the steps in this document: https://blog.mikrotik.com/security/winbox-vulnerability.html Update, change pwd, check config. For your ssh problem, you may be blocking ssh connections in firewall. After update, export config ( /export hide-sensitive ) and past...
by nescafe2002
Thu Feb 14, 2019 6:09 pm
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 24
Views: 2989

Re: NEW Public Bandwith Test Server

Have you enabled fasttrack? I will probably bypass raw firewall, however doesn't explain why tcp is working. Please do no post screenshots, just export config ( /export hide-sensitive ) and paste in code blocks. Also.. TomjNorthIdaho mentioned more than a terabyte of traffic per month hosting public...
by nescafe2002
Thu Feb 14, 2019 1:21 pm
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 24
Views: 2989

Re: NEW Public Bandwith Test Server

Nice work! You can check out the configuration of TomjNorthIdaho posted here: https://forum.mikrotik.com/viewtopic.php?f=2&t=104266&p=690150#p690150 /ip firewall raw add action=accept chain=prerouting comment="testers accepted" src-address-list=tester add action=drop chain=prerouting comment="previo...
by nescafe2002
Wed Feb 13, 2019 10:55 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 71171

Re: v6.44beta [testing] is released!

You can setup an ipsec transport policy with protocol=47 and ensure gre traffic is secured using the firewall ipsec policy matcher:

https://wiki.mikrotik.com/wiki/Manual:I ... ed_traffic

Dynamic peer will disappear as soon as you unset ipsec secret in gre tunnel.
by nescafe2002
Mon Feb 11, 2019 7:34 pm
Forum: Announcements
Topic: v6.43.12 [stable] is released!
Replies: 49
Views: 9365

Re: v6.43.12 [stable] is released!

Still 100% CPU-load on one of the cores in my RB3011. The router is working, but still this indicate something is wrong. Anyone else with the same problem? Any suggestions on how to fix?

Yes, send supout.rif to support@mikrotik.com.
by nescafe2002
Wed Feb 06, 2019 11:24 am
Forum: Scripting
Topic: API getall routing-mark main [SOLVED]
Replies: 2
Views: 265

Re: API getall routing-mark main [SOLVED]

Routing mark is not main, but empty (missing) for default route. https://wiki.mikrotik.com/wiki/Manual:API#Queries ?name pushes 'true' if item has value of property name, 'false' if it does not. ?-name pushes 'true' if item does not have value of property name, 'false' otherwise. You might try somet...
by nescafe2002
Tue Feb 05, 2019 5:11 pm
Forum: Scripting
Topic: API to Set DHCP Server Address List
Replies: 1
Views: 162

Re: API to Set DHCP Server Address List

The reason you're getting "no such command" is because "ip/dhcp-server/lease/set" is not a valid command. You're missing the leading "/" => "/ip/dhcp-server/lease/set" is valid :) Also, you cannot use [ find ] syntax in API. Print with filter to get id, then update by id. mk.Send("/ip/dhcp-server/le...
by nescafe2002
Tue Feb 05, 2019 1:07 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 71171

Re: v6.44beta [testing] is released!

Since I've spent some time restoring VPN functionality.. here are my 6.44beta61 IKEv2 settings for iOS, macOS and Windows clients. Windows only seems to work with identity my-id=auto and remote-id=auto. Afaik you cannot add a secondary peer for Windows default ipsec settings, so you should alter the...
by nescafe2002
Tue Jan 29, 2019 11:25 am
Forum: General
Topic: VPN peer does not come up
Replies: 6
Views: 619

Re: VPN peer does not come up

Replace screenshots with configuration export (/export hide-sensitive).

Enable ipsec logging (/system logging add topics=ipsec,!packet) and check/post the results (/log print or log window).
by nescafe2002
Tue Jan 29, 2019 10:34 am
Forum: General
Topic: IP Socks causes 100%cpu
Replies: 2
Views: 264

Re: IP Socks causes 100%cpu

when you try to access IP Socks router stuck at 100% cpu, How do you "access IP Socks"? Are you trying to use the IP socks service as a client? Are you opening the IP > Socks > Access window in WinBox? Are you printing the entries in Terminal? The most simple command to remove all entries is, in CL...
by nescafe2002
Mon Jan 28, 2019 10:46 pm
Forum: Forwarding Protocols
Topic: Site to Site IPsec tunnel. Can't ping hosts
Replies: 2
Views: 260

Re: Site to Site IPsec tunnel. Can't ping hosts

Default firewall accepts untracked connections. Are you using default firewall? Are you pinging from/to routers or hosts? If routers, add route to remote subnet via local interface to ensure router picks correct source address.
by nescafe2002
Fri Jan 25, 2019 7:05 pm
Forum: RouterBOARD hardware
Topic: BTest Server & CPU Load [SOLVED]
Replies: 3
Views: 350

Re: BTest Server & CPU Load [SOLVED]

Kudos for the developers :)
  • 1
  • 2
  • 3
  • 4
  • 5
  • 12