Community discussions

MikroTik App

Search found 923 matches

by nescafe2002
Fri Dec 29, 2023 10:01 pm
Forum: General
Topic: Mikrotik rb750gr3 radvd invelid mtu
Replies: 4
Views: 683

Re: Mikrotik rb750gr3 radvd invelid mtu

Try manually setting MTU + MRU to 1500 in pppoe client to enforce RFC 4638.

IoQJ2vftTX.png
by nescafe2002
Fri Dec 29, 2023 4:10 pm
Forum: General
Topic: Mikrotik rb750gr3 radvd invelid mtu
Replies: 4
Views: 683

Re: Mikrotik rb750gr3 radvd invelid mtu

The RA MTU (1492) exceeds the pppoe MTU (1480). Try manually setting MTU + MRU to 1500 in pppoe client to enforce RFC 4638.
by nescafe2002
Sat Dec 09, 2023 9:35 am
Forum: RouterBOARD hardware
Topic: Which HW to buy
Replies: 10
Views: 2594

Re: Which HW to buy

CRS326-24G-2S+RM will handle 100 Mbps fine (routing, nat, filtering). No need to buy additional router for these tasks.
by nescafe2002
Mon Nov 06, 2023 12:47 pm
Forum: Wireless Networking
Topic: CAPsMAN > CAPs Scanner API
Replies: 1
Views: 1036

Re: CAPsMAN > CAPs Scanner API

Request:

/caps-man/interface/scan
=interface=cap1
=duration=2s
.tag=1

Response:

!re
.tag=1
=address=44:05:3F:xx:yy:zz
=ssid=MySSID
=channel=2412/20/gn
=sig=-88
=nf=-110
=snr=22
=radio-name=
=.section=1
by nescafe2002
Mon Oct 09, 2023 5:43 pm
Forum: Beginner Basics
Topic: Auto Restart if disconnect
Replies: 3
Views: 996

Re: Auto Restart if disconnect

Or use the built in ping watchdog function. No scripting required. https://help.mikrotik.com/docs/display/ROS/Watchdog Ping watchdog can monitor connectivity to a specific IP address and trigger the reboot function. /system watchdog Property: watch-address (IP; Default: ) The system will reboot, in ...
by nescafe2002
Thu Sep 28, 2023 11:34 am
Forum: General
Topic: Mikrotik spams DHCP discover from all bridge ports [SOLVED]
Replies: 4
Views: 1091

Re: Mikrotik spams DHCP discover from all bridge ports [SOLVED]

The configuration is quite simple: ether1 with DHCP Client to get IP address from my ISP; ether2-5 are in bridge and there's DHCP server on that bridge interface for LAN/home devices. Any suggestions why it is happening? Based on the symptoms I'd suspect you have enabled the internet detect feature...
by nescafe2002
Thu Sep 14, 2023 10:19 am
Forum: General
Topic: Configure static dns
Replies: 1
Views: 729

Re: Configure static dns

Since release 7.6 you can use the match-subdomain parameter: /ip dns static add forward-to=10.0.0.1 match-subdomain=yes name=contabil.local type=FWD In comparison to the regexp example, this example will forward queries for the domain itself (contabil.local) as well. Additionally, in case you want t...
by nescafe2002
Wed Sep 13, 2023 7:59 pm
Forum: Scripting
Topic: Wilcard in Scripts?
Replies: 7
Views: 2164

Re: Wilcard in Scripts?

rextended , thank you for your rude and unhelpful answer. As explained, I would recommend against this auto update functionality and provided an alternative. Compared to never updating the device, a scheduled auto update would not be the worst option? Do you provide alternatives? Could you try to a...
by nescafe2002
Wed Sep 13, 2023 1:03 pm
Forum: Scripting
Topic: Wilcard in Scripts?
Replies: 7
Views: 2164

Re: Wilcard in Scripts?

dima1002 , regarding the original question - you cannot use wildcards in the fetch function. However, it is possible to auto-update your device using the standard update function. It will detect and download the applicable packages within the chosen channel. /system package update set channel=stabl...
by nescafe2002
Tue Sep 12, 2023 11:19 pm
Forum: Scripting
Topic: /ip ipsec policy on ROS 6.44.5
Replies: 7
Views: 1916

Re: /ip ipsec policy on ROS 6.44.5

rextended , you have always the option to refrain from commenting if you don't understand the question AND don't have anything useful to post... giguard , if you open the square bracket after set, you will see the autocompletion commands applicable within the brackets: (v7, but probably same syntax...
by nescafe2002
Sun Sep 10, 2023 7:31 pm
Forum: Scripting
Topic: Wilcard in Scripts?
Replies: 7
Views: 2164

Re: Wilcard in Scripts?

Every 1m?
by nescafe2002
Mon Aug 28, 2023 1:44 pm
Forum: Beginner Basics
Topic: Can't ping IPv6 address with MikRouterOS [SOLVED]
Replies: 17
Views: 2942

Re: Can't ping IPv6 address with MikRouterOS [SOLVED]

ThomasJefferson , usually disable-ipv6=yes is set when dhcp package is disabled when RouterOS is upgraded from v6 to v7. In that case, you probably don't have a firewall! So make sure to check that. The default firewall rules can be saved using /system default-configuration print file=defconf.txt a...
by nescafe2002
Fri Aug 25, 2023 3:09 pm
Forum: General
Topic: Netwatch, how to run script after XX attempts
Replies: 9
Views: 3444

Re: Netwatch, how to run script after XX attempts

You can set no-ping-delay (ping-start-after-boot) to 10m for exactly that purpose (to limit the number of reboots). Anyway, if I set it for example to 10 min, will it send one packet only and wait it for 10 minutes? Or will it send multiple pacets during this time? https://help.mikrotik.com/docs/dis...
by nescafe2002
Fri Aug 25, 2023 12:31 pm
Forum: General
Topic: Netwatch, how to run script after XX attempts
Replies: 9
Views: 3444

Re: Netwatch, how to run script after XX attempts

Use watchdog instead:

https://help.mikrotik.com/docs/display/ROS/Watchdog
Ping watchdog can monitor connectivity to a specific IP address and trigger the reboot function.
by nescafe2002
Sat Aug 19, 2023 3:16 pm
Forum: Wireless Networking
Topic: SA Query timeout
Replies: 54
Views: 12968

Re: SA Query timeout

Try disabling band steering. I noticed these SA Query Timeout messages just before re-associating with another radio. So you suggest to leave only frequencies? I suggested to disable band steering, as this was introduced in 7.11: *) wifiwave2 - added "steering" parameters and menu to set ...
by nescafe2002
Fri Aug 18, 2023 12:15 pm
Forum: Wireless Networking
Topic: SA Query timeout
Replies: 54
Views: 12968

Re: SA Query timeout

Try disabling band steering. I noticed these SA Query Timeout messages just before re-associating with another radio.

https://help.mikrotik.com/docs/display/ ... properties

/interface wifiwave2 configuration set [find] rrm=no wnm=no
by nescafe2002
Tue Aug 15, 2023 3:39 pm
Forum: General
Topic: RB5009 stopped accepting connections (filter, nat)
Replies: 15
Views: 1366

Re: RB5009 stopped accepting connections (filter, nat)

Sorry: should've adviced to check the dhcp *client* (acquired) address, not the dhcp server leases.

Good to hear it's (or will be) fixed now.
by nescafe2002
Mon Aug 14, 2023 10:50 pm
Forum: General
Topic: RouterOS 7 VLAN Bug [SOLVED]
Replies: 16
Views: 2592

Re: RouterOS 7 VLAN Bug [SOLVED]

That rule applies to established and related traffic, not new connections.

The address list entry approach as suggested by erlinden is a tad nicer.
by nescafe2002
Mon Aug 14, 2023 10:31 pm
Forum: General
Topic: RouterOS 7 VLAN Bug [SOLVED]
Replies: 16
Views: 2592

Re: RouterOS 7 VLAN Bug [SOLVED]

Not a DNS problem since you aren't even using the MT DNS. Seems like a firewall problem. Vlan 101 has range 192.168.128.11-192.168.131.254 and no firewall address list entry exists within this range (or another firewall accept rule). Therefore the last rule applies to forwarded traffic: add action=r...
by nescafe2002
Mon Aug 14, 2023 6:25 pm
Forum: Announcements
Topic: v7.11rc is released!
Replies: 195
Views: 49237

Re: v7.11rc is released!

I have a feeling that in some cases the renewal of an IPsec ike1 association kills some other associations and triggers a renewal. Did you observe that? It happens in "main" mode so it may not be related to this. What I observe is when a GRE/IPsec tunnel's IPsec is renewed, the L2TP/IPsec...
by nescafe2002
Mon Aug 14, 2023 5:23 pm
Forum: Announcements
Topic: v7.11rc is released!
Replies: 195
Views: 49237

Re: v7.11rc is released!

*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);

Minor detail, but I'd argue this was introduced in 7.11beta2 not 7.10 (SUP-122289). Thank you very much for thoroughly diagnosing and fixing the issue.
by nescafe2002
Sun Aug 13, 2023 3:45 pm
Forum: General
Topic: RB5009 stopped accepting connections (filter, nat)
Replies: 15
Views: 1366

Re: RB5009 stopped accepting connections (filter, nat)

Our providers are switching to CGNAT which causes these symptoms you are experiencing. Contact support (service provider, not MikroTik) and request a routable address. Check DHCP assigned addresses to be sure (10.x.y.z/100.x.y.z)
by nescafe2002
Tue Aug 01, 2023 7:41 pm
Forum: General
Topic: DNS treatment of long TXT records
Replies: 2
Views: 502

Re: DNS treatment of long TXT records

This has been fixed in 6.47.3, are you sure the device is up to date?

What's new in 6.47.3 (2020-Sep-01 05:24):
*) dns - fixed multiple TXT string replies;
by nescafe2002
Thu Jul 27, 2023 10:01 pm
Forum: General
Topic: NAT Timeout (IMAP Idle)
Replies: 4
Views: 720

Re: NAT Timeout (IMAP Idle)

You can check the default tcp connection timeout in the documentation: https://help.mikrotik.com/docs/display/ ... n+tracking

tcp-established-timeout (time; Default: 1d)
by nescafe2002
Fri Jul 21, 2023 2:56 pm
Forum: Wireless Networking
Topic: LTE SIM services not automatically connecting
Replies: 2
Views: 1476

Re: LTE SIM services not automatically connecting

Can you post the relevant log after bootup and perhaps the configuration?

I have no problem reconnecting LTE on wAP LTE kit (default config).
by nescafe2002
Fri Jul 21, 2023 12:21 pm
Forum: General
Topic: What is the syntax of /ipv6 dhcp-server option ?
Replies: 6
Views: 878

Re: What is the syntax of /ipv6 dhcp-server option ?

That's odd, this is working on 7.10.2.. as well as 7.11beta2 and 7.11beta6:

w4OX5cnHyh.png
by nescafe2002
Fri Jul 21, 2023 11:54 am
Forum: General
Topic: What is the syntax of /ipv6 dhcp-server option ?
Replies: 6
Views: 878

Re: What is the syntax of /ipv6 dhcp-server option ?

/ipv6 dhcp-server option add code=23 name=dns value="'1:2:3:4:5:6:7:8''9:a:b:c:d:e:f:f'" [admin@MikroTik] /ipv6/dhcp-server/option> print detail 0 name="dns" code=23 value="'1:2:3:4:5:6:7:8''9:a:b:c:d:e:f:f'" raw-value="000100020003000400050006000700080009000a000b...
by nescafe2002
Tue Jul 04, 2023 7:17 pm
Forum: Scripting
Topic: Script Reboot On Connectivity Down
Replies: 15
Views: 3046

Re: Script Reboot On Connectivity Down

/system scheduler add name=watchdog-disable on-event="/system watchdog set watch-address=none" policy=read,write,test start-time=startup /system scheduler add interval=5m name=watchdog-enable on-event=":if ([/system watchdog get watch-address] = \"none\") do={:delay 2\r\ \n...
by nescafe2002
Tue Jul 04, 2023 6:50 pm
Forum: Scripting
Topic: Script Reboot On Connectivity Down
Replies: 15
Views: 3046

Re: Script Reboot On Connectivity Down

You can add two scheduler entries, one on startup (unset watch-address) and another one to set the watch-address when there is connectivy. Not sure what problem you are trying to solve here?
by nescafe2002
Tue Jul 04, 2023 6:22 pm
Forum: Scripting
Topic: Script Reboot On Connectivity Down
Replies: 15
Views: 3046

Re: Script Reboot On Connectivity Down

Again, better use the built in watchdog function. Enable / disable watchdog on startup: /system scheduler add name=watchdog on-event=":delay 10\r\ \n\r\ \n:if ([/ping 1.1.1.1 count=4] = 0) do={\r\ \n /system watchdog set watch-address=0.0.0.0\r\ \n} else={\r\ \n /system watchdog set watch-addre...
by nescafe2002
Tue Jul 04, 2023 12:47 pm
Forum: Scripting
Topic: Script Reboot On Connectivity Down
Replies: 15
Views: 3046

Re: Script Reboot On Connectivity Down

if the connection is already down it shouldn't restart If a grace period is acceptable, use the built in watchdog function: https://help.mikrotik.com/docs/display/ROS/Watchdog /system watchdog watch-address (IP; Default: ) The system will reboot, in case 6 sequential pings to the given IP address w...
by nescafe2002
Fri Jun 23, 2023 8:48 am
Forum: Announcements
Topic: v7.11beta [testing] is released!
Replies: 373
Views: 107017

Re: v7.11beta [testing] is released!

there is newer alpha (development) release (with build time of 16:17:11) on mikrotik website.. you may need to check it out before reporting issues Not really: https://forum.mikrotik.com/viewtopic.php?t=197277#p1009205 This version includes the changes that were present in 7.11alpha127 that was sha...
by nescafe2002
Wed Apr 12, 2023 11:42 am
Forum: Beginner Basics
Topic: connection between two ipsec tunels
Replies: 6
Views: 371

Re: connection between two ipsec tunels

To resolve this while going insane (just copy the existing policies and change accordingly): On device A: Add policy (src) A - (dst) C - (peer) B On device B: Add policy (src) A - (dst) C - (peer) C On device B: Add policy (src) C - (dst) A - (peer) A On device C: Add policy (src) C - (dst) A - (pee...
by nescafe2002
Sat Apr 08, 2023 9:28 pm
Forum: General
Topic: DHCPv6: ia_na <IPv6 address> has invalid lifetime, skipping
Replies: 4
Views: 448

Re: DHCPv6: ia_na <IPv6 address> has invalid lifetime, skipping

What version of RouterOS is the device running? The message is tagged debug, should be error in version 7.5. Perhaps the issue is fixed in more recent versions. What's new in 7.5 (2022-Aug-30 12:25): *) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error"...
by nescafe2002
Wed Jan 25, 2023 10:55 am
Forum: Scripting
Topic: 2 commands in one line
Replies: 10
Views: 1323

Re: 2 commands in one line

Doesn't CHR add a DHCP client automatically?
by nescafe2002
Wed Oct 19, 2022 8:26 am
Forum: Announcements
Topic: v7.6 [stable] is released!
Replies: 279
Views: 142975

Re: v7.6 [stable] is released!

Is there any way in 7.6 to cancel the power reset command or override it?

moutazsalem, nice example of how every change breaks someone's workflow :)
by nescafe2002
Sat Aug 06, 2022 5:37 pm
Forum: Announcements
Topic: v7.5beta [testing] is released!
Replies: 138
Views: 46993

Re: v7.5beta [testing] is released!

volkirik , your issue is not related to 7.5beta. E.g. on 6.48.6: /system script add name=test policy=test source=":log info test" /system scheduler add interval=10s name=test on-event="test\r\n" policy=test Will not run, but /system script add name=test policy=test source="...
by nescafe2002
Sat Aug 06, 2022 2:16 pm
Forum: Announcements
Topic: v7.5beta [testing] is released!
Replies: 138
Views: 46993

Re: v7.5beta [testing] is released!

ech1965, get architecture via /system resource print, download Extra packages, upload container-*.npk via ftp, scp or winbox and reboot to trigger the installation.
Container package is compatible with arm arm64 and x86 architectures.
by nescafe2002
Tue Aug 02, 2022 3:42 pm
Forum: General
Topic: Higher CPU usage on RB3011 after upgrade to ROS 7
Replies: 5
Views: 1923

Re: High CPU usage on RB3011 after upgrade to ROS 7

Can confirm, this is the CPU usage from a RB3011 upgraded from v6.48.6 to v7.4 on August 1, 20:20:

dude_4E5l0pdPpl.png
by nescafe2002
Wed Jul 27, 2022 10:48 am
Forum: Announcements
Topic: v7.5beta [testing] is released!
Replies: 138
Views: 46993

Re: v7.5beta [testing] is released!

*) dns - added "match-subdomain" option for static entries (CLI only); This is a nice addition! E.g. to delegate a domain + subnet without having to use regexp: /ip dns static add forward-to=192.168.89.2 match-subdomain=yes name=otherdomain.lan type=FWD add forward-to=192.168.89.2 match-su...
by nescafe2002
Fri Jun 10, 2022 5:55 am
Forum: General
Topic: CCR2216-1G-12XS-2XQ constanly reboots!!!! [SOLVED]
Replies: 21
Views: 3903

Re: CCR2216-1G-12XS-2XQ constanly reboots!!!! [SOLVED]

Try disabling detect-internet
by nescafe2002
Tue Jun 07, 2022 7:02 am
Forum: General
Topic: CCR2216-1G-12XS-2XQ constanly reboots!!!! [SOLVED]
Replies: 21
Views: 3903

Re: CCR2216-1G-12XS-2XQ constanly reboots!!!! [SOLVED]

Are there any hints in the log? Kernel panic? Watchdog reboot? Out of memory condition?

Did you submit autosupout.rif to support?

I am experiencing reboots on 7.2.3 on smaller devices and they are gone in 7.3rc2.. not sure why.
by nescafe2002
Mon Jun 06, 2022 10:22 am
Forum: General
Topic: How to obtain on SNMP Optical Tx and RX Power from SFP? [SOLVED]
Replies: 8
Views: 3064

Re: v7.2.2 [stable] and v7.2.3 [stable] are released! [SOLVED]

eenpahlefi, have you tried checking oids .1.3.6.1.4.1.14988.1.1.19.1.1.9 and .1.3.6.1.4.1.14988.1.1.19.1.1.10 ?
by nescafe2002
Sat Jun 04, 2022 11:01 am
Forum: RouterOS beta
Topic: [BUG] Wireguard handshake causes kernel panic
Replies: 4
Views: 3271

Re: [BUG] Wireguard handshake causes kernel panic

woodych, I suspect this has something to do with ND. Since you don't need ND for WireGuard, you can safely remove the global address from the WG interface and add a static route instead.
by nescafe2002
Thu Apr 07, 2022 5:47 pm
Forum: The Dude
Topic: The Dude for 7.2 !
Replies: 22
Views: 5874

Re: The Dude for 7.2 !

Apparently agent "server" is the default.. so I have no clue, sorry.
by nescafe2002
Thu Apr 07, 2022 5:35 pm
Forum: The Dude
Topic: The Dude for 7.2 !
Replies: 22
Views: 5874

Re: The Dude for 7.2 !

What is the RouterOS status of the agent device (server)?
by nescafe2002
Thu Apr 07, 2022 9:58 am
Forum: The Dude
Topic: The Dude for 7.2 !
Replies: 22
Views: 5874

Re: The Dude for 7.2 !

aoakeley, did you upgrade your agent (server) to 7.2 as well?
by nescafe2002
Thu Mar 10, 2022 11:01 pm
Forum: General
Topic: DNS Redirect using Regexp
Replies: 6
Views: 4346

Re: DNS Redirect using Regexp

If MT is your resolver, you can use the FWD records to forward the requests to another server.
This is introduced in 6.47 (June 2020).

/ip dns static
add forward-to=192.168.215.4 regexp="\\.domain\\.local\$" type=FWD
by nescafe2002
Sat Mar 05, 2022 10:17 am
Forum: Announcements
Topic: WinBox v3.35 released!
Replies: 97
Views: 52600

Re: WinBox v3.35 released!

Pun1sh3r: press F1 twice to display key bindings: F4 or Ctrl-X Toggle safe mode F7 Toggle hotlock mode Ctrl-D Terminate session (on empty prompt) And since Winbox is a MDI application, you can use CTRL-F4 to terminate session regardless of whether the prompt is empty or not.
by nescafe2002
Fri Mar 04, 2022 12:25 pm
Forum: Scripting
Topic: mikrotik send message to telegram
Replies: 6
Views: 9114

Re: mikrotik send message to telegram

Wow normis, that is a lot of code for a simple api call :) TS, this works fine: /tool fetch url="https://api.telegram.org/bot123456789:abcdef/sendMessage?chat_id=123456789&text=testMsg" as-value output=user note that the ? between sendMessage and chat_id is missing in your example.
by nescafe2002
Sat Feb 26, 2022 10:41 am
Forum: General
Topic: Big problem with Netwatch, Mikrotik loop restart
Replies: 17
Views: 3047

Re: Big problem with Netwatch, Mikrotik loop restart

Hi!! This mean if... it the IP if not reachable for 6 times (in my case, the MK reboot 6 times, the 7th no reboot, keep online)... the RB not reboot anymore (until poweroff or reboot?) and it can be accessed? I have the old backup with the netwatch "issue".... tomorrow I will check for si...
by nescafe2002
Fri Feb 25, 2022 8:45 pm
Forum: General
Topic: Big problem with Netwatch, Mikrotik loop restart
Replies: 17
Views: 3047

Re: Big problem with Netwatch, Mikrotik loop restart

Anyway, if you want to reboot the device when a host is unreachable, use the watchdog function: https://wiki.mikrotik.com/wiki/Manual:System/Watchdog watch-address (IP; Default: none) The system will reboot, in case 6 sequential pings to the given IP address will fail. If set to none this feature is...
by nescafe2002
Sun Feb 20, 2022 2:21 pm
Forum: The Dude
Topic: Dude and HP CM1415fnw Printer restart- bug report.
Replies: 3
Views: 2513

Re: Dude and HP CM1415fnw Printer restart- bug report.

Or just disable the service and it won't be rediscovered.

I've noticed that printers can go crazy with the amount of snmp requests, so you could also try setting snmp to a no-snmp profile (snmp version: none).
by nescafe2002
Tue Feb 08, 2022 12:06 pm
Forum: RouterBOARD hardware
Topic: RBwAPR-2nD does not boot. Netinstall of no help
Replies: 10
Views: 1936

Re: RBwAPR-2nD does not boot. Netinstall of no help

I have this same device with the same symptoms. Applying pressure to the chip (heat sink) solved the issue. Put a piece of foam or a folded paper between the heat sink and the case to 'solve' this issue.. or RMA the device. https://forum.mikrotik.com/viewtopic.php?f=7&t=138928 Video: https://you...
by nescafe2002
Mon Feb 07, 2022 12:03 pm
Forum: General
Topic: HTTP Post using fetch
Replies: 2
Views: 995

Re: HTTP Post using fetch

Either src-path + mode or the url parameter. https://wiki.mikrotik.com/wiki/Manual:Tools/Fetch#Properties mode (ftp|http|tftp {!} https; Default: http) Choose the protocol of connection - http, https , ftp or tftp. src-path (string; Default: ) Title of the remote file you need to copy. url (string; ...
by nescafe2002
Fri Jan 28, 2022 8:38 pm
Forum: Announcements
Topic: v7.2rc2 and v7.2rc3 is released!
Replies: 222
Views: 86335

Re: v7.2rc2 and v7.2rc3 is released!

Was that new for you?
Not new, but the problem has been acknowledged/reproduced on Jan 11th and "hopefully fixed in the next update" -- this is the next update :)
by nescafe2002
Fri Jan 28, 2022 8:06 pm
Forum: Announcements
Topic: v7.2rc2 and v7.2rc3 is released!
Replies: 222
Views: 86335

Re: v7.2rc2 and v7.2rc3 is released!

Ipsec identities lost after upgrade from 7.2rc1 to 7.2rc2 and again after upgrade from 7.2rc2 to 7.2rc3 (SUP-60031).
by nescafe2002
Fri Jan 28, 2022 12:47 pm
Forum: Announcements
Topic: v7.2rc2 and v7.2rc3 is released!
Replies: 222
Views: 86335

Re: v7.2rc2 is released!

*) vxlan - allow unsetting "group" and "interface" properties; The "group" and "interface" properties are (unexpectedly) unset on upgrade from 7.2rc1 to 7.2rc2. Before upgrade: /interface vxlan add group=224.0.0.188 interface=bridge-lan name=vxlan-iot port=847...
by nescafe2002
Tue Jan 11, 2022 11:23 pm
Forum: RouterOS beta
Topic: RDP Connection Dying
Replies: 57
Views: 32224

Re: RDP Connection Dying

Thank you. Increasing the udp timeout fixes the issue. Looks like v7 does not detect properly udp streams.
by nescafe2002
Mon Jan 03, 2022 10:02 pm
Forum: General
Topic: Jan 3 2022 Forum is very slow
Replies: 22
Views: 3456

Re: Jan 3 2022 Forum is very slow

Regarding SUP-67833 download.mikrotik.com, 2a02:610:7501:4000::226 is actually unreachable from 20 endpoints. But that must just be dozens of ISPs :)
by nescafe2002
Mon Jan 03, 2022 7:17 pm
Forum: General
Topic: Jan 3 2022 Forum is very slow
Replies: 22
Views: 3456

Re: Jan 3 2022 Forum is very slow

Heh, I had SUP-67833 created for the poor IPv6 reachability (download.mikrotik.com in this case). Their response: Unfortunately, we do not provide network troubleshooting, please contact consultants. www.mikrotik.com/consultants Really? Really :) Closed the case, not my problem anymore. (Still: 2a02...
by nescafe2002
Sat Jan 01, 2022 9:14 pm
Forum: General
Topic: Locked out - accidentally closed most if not all ports [SOLVED]
Replies: 9
Views: 2964

Re: Locked out - accidentally closed most if not all ports [SOLVED]

'Closed ports' as in firewalled tcp and udp ports? As long as you haven't disabled the physical ports and you did not disable MAC WinBox server, you should be able to connect via MAC address. https://wiki.mikrotik.com/wiki/Manual:Winbox#Starting_Winbox To connect to the router enter MAC address of t...
by nescafe2002
Thu Dec 02, 2021 12:33 am
Forum: RouterOS beta
Topic: v7.1rc7 [development] is released!
Replies: 174
Views: 55310

Re: v7.1rc7 [development] is released!

Probably worth debugging the issue a little more on your end. I'm willing to bet that this is Windows Auto-tuning going bananas. Turn this of on server level. We turn this of via policy as it do not work well over VPN. https://www.thewindowsclub.com/window-auto-tuning-in-windows-10 Thank you for yo...
by nescafe2002
Wed Dec 01, 2021 11:58 am
Forum: RouterOS beta
Topic: v7.1rc7 [development] is released!
Replies: 174
Views: 55310

Re: v7.1rc7 [development] is released!

What's new in 7.1rc7 (2021-Nov-25 16:35): *) ipsec - fixed hardware acceleration support for ARM and ARM64 devices; Not sure what is fixed, but my RDP sessions to Windows 2012 R2-instances are still dropping out about every minute. RDCMan_DYG87BsyBf.png This has been the case since v7 with multiple...
by nescafe2002
Mon Nov 01, 2021 7:48 pm
Forum: Scripting
Topic: pptp Api [SOLVED]
Replies: 11
Views: 4334

Re: pptp Api [SOLVED]

>>> /interface/pptp-client/monitor
>>> =.id=pptp-out1
>>> =once=
<<< !re
<<< =status=disconnected
<<< 
<<< !done
<<< 
>>> /quit
<<< !fatal
<<< session terminated on request
<<< 
by nescafe2002
Sun Oct 31, 2021 8:58 am
Forum: Wireless Networking
Topic: Battery life for iOS devices with wAP ac
Replies: 6
Views: 2530

Re: Battery life for iOS devices with wAP ac

Have you increased the dhcp lease time?
by nescafe2002
Wed Oct 27, 2021 2:15 pm
Forum: RouterOS beta
Topic: v7.1rc5 [development] is released!
Replies: 167
Views: 49114

Re: v7.1rc5 [development] is released!

I will finally be able to restore my full export.rsc without having to split it in two parts because of the historically missing address-pool default value. Hah, thank you for this. I think I'm responsible for this change log entry. It actually took two attempts to convince support: nov 2020 they d...
by nescafe2002
Sat Oct 23, 2021 2:11 am
Forum: RouterOS beta
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 83094

Re: v7.1rc4 [development] is released!

I understand you Infabo. Everybody was happier when they did not release v7 for years. Oh wait... No that's not it. Software development takes time. Completing software takes more time. MikroTik decided to release early betas and rcs. You can choose to participate (voluntarily) or stick to the older...
by nescafe2002
Fri Oct 22, 2021 7:09 pm
Forum: General
Topic: providing NTP server by using DHCPv6?
Replies: 8
Views: 1907

Re: providing NTP server by using DHCPv6?

Options 31 and 56 are working for me.. Make sure you supply the adequate suboption (0x0001) and address length (0x0010) for each ntp server (when using option 56!). Also 2001:db8:case:: is an invalid IPv6 prefix therefore the addresses are interpreted as a string. I changed case:: into cafe:: for th...
by nescafe2002
Fri Oct 22, 2021 11:33 am
Forum: General
Topic: Error on API /user/group
Replies: 4
Views: 1570

Re: Error on API /user/group

Can you reproduce the issue using the code example provided on the wiki?

Have you also considered using tik4net (https://github.com/danikf/tik4net)?
by nescafe2002
Thu Oct 21, 2021 11:11 pm
Forum: RouterOS beta
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 83094

Re: v7.1rc4 [development] is released!

Infabo, netinstall takes 15 minuten and you're up and running again. Reinstalling windows can take up half a day depending on the configuration. If you're sick of this, consider running long term. No one is forcing you to evaluate the beta.
by nescafe2002
Mon Oct 11, 2021 6:30 pm
Forum: RouterOS beta
Topic: Migrate console commands to POST API REST [SOLVED]
Replies: 9
Views: 3211

Re: Migrate console commands to POST API REST [SOLVED]

What unexpected results? Are there side-effects other than the obvious one, naming the interface *num?
[admin@MikroTik] /interface> set ether1 name=*A
[admin@MikroTik] /interface> disable *A
no such item (4)
by nescafe2002
Mon Oct 11, 2021 5:57 pm
Forum: RouterOS beta
Topic: Migrate console commands to POST API REST [SOLVED]
Replies: 9
Views: 3211

Re: Migrate console commands to POST API REST [SOLVED]

ROS, API and REST do support names as primary identifiers for master data: # ROS [admin@MikroTik] > /interface enable ether1 # API /interface/enable =.id=ether1 # REST curl -k -u api:api -X POST \ https://192.168.88.1/rest/interface/enable \ --data '{".id":"ether1"}' \ -H "c...
by nescafe2002
Sun Oct 03, 2021 8:40 am
Forum: Announcements
Topic: Newsletter 102
Replies: 29
Views: 46062

Re: Newsletter 102

Yes..

https://mikrotik.com/product/cap_xl_ac

Included parts:
- 24V 1.2A power adapter
- Ceiling mount
- Gigabit PoE injector
- K-81 fastening set
by nescafe2002
Wed Sep 29, 2021 4:58 pm
Forum: Beginner Basics
Topic: Configuring IPv6 and IPV4 on same router
Replies: 3
Views: 779

Re: Configuring IPv6 and IPV4 on same router

You will need to find a IPv6 tunnel provider and configure the device accordingly. If your provider does not provide such service (6RD), you can sign up for a tunnel on https://tunnelbroker.net/ - they will provide you with configuration details which you can paste in terminal.
by nescafe2002
Tue Sep 28, 2021 9:26 pm
Forum: Beginner Basics
Topic: Redundant WAN/ISP in IPv6?
Replies: 3
Views: 1779

Re: Redundant WAN/ISP in IPv6?

RouterOS v7.1rc has masquerade support, so you can NAT your entire network to one (!) IPv6 address that is bound to the WAN interface. Not sure about dual wan using recursive routing, but you could automate that using scripting. Netmap which would be ideal (prefix translation), but it's not availabl...
by nescafe2002
Tue Sep 28, 2021 1:23 pm
Forum: General
Topic: Error on API /user/group
Replies: 4
Views: 1570

Re: Error on API /user/group

The command to execute is /user/group/print, but you would have got no such command if that was the problem. I had no luck reproducing the issue with the MK class in https://wiki.mikrotik.com/wiki/API_in_C_Sharp#Class (without SSL, new login procedure w/ plaintext password). Works as intended. Custo...
by nescafe2002
Tue Sep 28, 2021 12:05 pm
Forum: Beginner Basics
Topic: IPv6 help [SOLVED]
Replies: 16
Views: 4551

Re: IPv6 help [SOLVED]

Remove the remaining static neighbor discovery prefixes - dynamic entries should appear even with EUI64 disabled (try re-enabling the IPv6 address for reactivation).
by nescafe2002
Tue Sep 28, 2021 11:54 am
Forum: Beginner Basics
Topic: IPv6 help [SOLVED]
Replies: 16
Views: 4551

Re: IPv6 help [SOLVED]

ROS doesn't support prefix-hint for ipv6 address yet, so it depends whether the assignment from comcast is dynamic, static or generally static (hardly changing). You can set the prefix per vlan to static by unsetting the 'From Pool' attribute in the IPv6 address.
by nescafe2002
Tue Sep 28, 2021 11:52 am
Forum: Beginner Basics
Topic: 6to4 breaks normal internet
Replies: 1
Views: 673

Re: 6to4 breaks normal internet

6to4 is a service to tunnel IPv6 over an IPv4 network and cannot be used to expose your IPv6 device over IPv4. You will need some other (VPN) service for that, providing a public reachable IPv4 address. Also, v6 routeros does not support ipv6 route rules, so multihoming IPv6 is not really going to w...
by nescafe2002
Tue Sep 28, 2021 11:40 am
Forum: Beginner Basics
Topic: IPv6 help [SOLVED]
Replies: 16
Views: 4551

Re: IPv6 help [SOLVED]

Ok, sorry, I based my post on the 'no prefixes available' message earlier, not the duplicate addresses problem. Not sure what causes that.

Can you post a (anonymized) screenshot of the Used Prefixes tab of the IPv6 Pool?
by nescafe2002
Tue Sep 28, 2021 11:28 am
Forum: Beginner Basics
Topic: IPv6 help [SOLVED]
Replies: 16
Views: 4551

Re: IPv6 help [SOLVED]

Set the Pool Prefix Length in your DHCPv6 client to 64.. it will not affect the acquired prefix length, but it will limit the pool assignments to /64. Note that MT will keep incrementing the prefix with from-pool setting on each configuration change, as soon as you assign multiple ip's from pool. Yo...
by nescafe2002
Mon Sep 27, 2021 8:41 pm
Forum: General
Topic: [Feature Request] DHCP(v4/v6) client: Make arbitrary option codes requestable and provide their values to the script
Replies: 7
Views: 3909

Re: [Feature Request] DHCP(v4/v6) client: Make arbitrary option codes requestable and provide their values to the script

To request options: /ip dhcp-client option # 01 = Subnet Mask, 03 = Router, 06 = Domain Server, d4 = OPTION_6RD add code=55 name=req_6rd value=0x010306d4 To process responses, I haven't been able to figure this further out.. I think DHCP option 212 deserves an actual implementation by MikroTik. /ip ...
by nescafe2002
Mon Sep 27, 2021 1:15 am
Forum: Scripting
Topic: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]
Replies: 9
Views: 6182

Re: [PPPOE] How to disable the secret for 10 seconds when a user disconnects [SOLVED]

High CPU is a common issue, have you ruled out usual suspects e.g. NAT (masquerade) and connection tracking?

There are quite a few topics on this issue (search for pppoe cpu in forum).
by nescafe2002
Sun Sep 26, 2021 11:27 pm
Forum: RouterOS beta
Topic: DSLite Tunnel is not working / fails RFC6333 and RFC2473
Replies: 4
Views: 5353

Re: DSLite Tunnel is not working / fails RFC6333 and RFC2473

Looks like you have to add an ipv4 address to the ipipv6 interface and route to an ip within the ip subnet.

(E.g. ip 192.168.0.2/24 and route to 192.168.0.1)

Via forum search this topic popped up: viewtopic.php?p=724273#p724273
by nescafe2002
Sun Sep 26, 2021 2:53 pm
Forum: Beginner Basics
Topic: I cant figure out how to route through ipv6 pppoe-tunnel?
Replies: 2
Views: 1105

Re: I cant figure out how to route through ipv6 pppoe-tunnel?

You currently have two dynamic default routes, one from pppoe-client and one from dhcpv6-client. You may want to disable add-default-route on one of them. Sometimes adding a static route with dst-address=2000::/3 and gateway=pppoe-out1 could make it work (not sure why, but it worked for me). Remove ...
by nescafe2002
Sun Sep 26, 2021 11:06 am
Forum: General
Topic: PPPoE does not reconnect automatically. Have to restart router everytime.
Replies: 4
Views: 3676

Re: PPPoE does not reconnect automatically. Have to restart router everytime.

anav, you're like a dog who marks every tree it walks by, but instead of trees you're marking forum topics :) not really necessary as sindy kind of adviced/requested the same thing.. Plugpulled, regardless of the actual cause of the issue, which should be fixed anyway, you can get auto reboot using ...
by nescafe2002
Fri Sep 24, 2021 11:06 pm
Forum: RouterOS beta
Topic: RDP Connection Dying
Replies: 57
Views: 32224

Re: RDP Connection Dying

I have examined logs and traces but could not find a cause for this issue.. unfortunately RDP is extremely sensitive and will initiate a TCP RST as soon as 'something' is off.. disconnecting after 5 to 15 seconds, leaving these unhelpful events in the log (Event Viewer/Application and Services Logs/...
by nescafe2002
Fri Sep 24, 2021 12:51 am
Forum: RouterOS beta
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 83094

Re: v7.1rc4 [development] is released!

Partial configuration loss in 7.1rc4, after a few succesful reboots.. Same section got lost as 7.1rc3 => /ip ipsec identity SUP-60031 I have a higher MTU on the SFP, PPPoE won't go further than 1492. Could you tried creating a bridge-wan with a single port (sfp) and use this bridge in your configura...
by nescafe2002
Wed Sep 22, 2021 10:05 am
Forum: RouterOS beta
Topic: comment in export for broken reference
Replies: 4
Views: 1744

Re: comment in export for broken reference

I think it would be better if the export for ip address followed the same rule as for bridge port: export interface ID instead of omitting interface attribute. [admin@MikroTik] > /interface bridge port export # sep/22/2021 09:00:35 by RouterOS 7.1rc4 /interface bridge port add bridge=docker interfac...
by nescafe2002
Mon Sep 20, 2021 8:48 pm
Forum: RouterOS beta
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 83094

Re: v7.1rc4 [development] is released!

svmk, the config disappearing problem has been fixed - this was probably the last time :)

Try restoring the config on rc4 and rebooting - should work properly now.
by nescafe2002
Sun Sep 19, 2021 9:59 pm
Forum: RouterOS beta
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 50628

Re: v7.1rc3 [development] is released!

w0lt, this is not unique to the CCR2004. v6 RouterOS devices cannot be downgraded below their factory version either.
by nescafe2002
Sun Sep 19, 2021 7:46 pm
Forum: RouterOS beta
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 50628

Re: v7.1rc3 [development] is released!

As I said earlier..The downloads page says CCR2004 for ROS 6.48.4. Not just certain model numbers. False advertising !! Actually not. The download pages states that CCR2004 models are ARM64 architecture. They do not state that all CCR2004 models do run all RouterOS versions. Also the product page f...
by nescafe2002
Mon Sep 13, 2021 11:02 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 186
Views: 89559

Re: C# API - tik4net on GitHub

ldkrjuger, probably the status is based on polling (internally), therefore the latest status (Downloaded, rebooting...) is sometimes not visible. Isn't the connection timing out? Perhaps you want more control over the update process.. therefore you could split the update process to make sure the dev...
by nescafe2002
Mon Sep 13, 2021 1:18 pm
Forum: The Dude
Topic: Routerboot firmware version in Dude
Replies: 2
Views: 6098

Re: Routerboot firmware version in Dude

In label (appearance):
Firmware: [oid("iso.org.dod.internet.private.enterprises.mikrotik.mikrotikExperimentalModule.mtXRouterOs.mtxrSystem.mtxrFirmwareVersion.0")]
by nescafe2002
Mon Sep 13, 2021 1:07 pm
Forum: RouterOS beta
Topic: Loosing configuration after reboot (7.1rc3)
Replies: 16
Views: 4349

Re: Loosing configuration after reboot (7.1rc3)

It's stupid to advertise it. The fastest way to get infected. I checked, fortunately the two files: https://download.mikrotik.com/routeros/7.1beta6/all_packages-mmips-7.1beta6.zip https://download.mikrotik.com/routeros/7.1beta6/routeros-7.1beta6-mmips.npk and https://drivers.softpedia.com/get/Route...
by nescafe2002
Fri Sep 10, 2021 9:26 am
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 162656

Re: v7.1rc3 adds Docker (TM) compatible container support

Good question. It works on a hAP ac³. It also works on a RB4011 if it's the single container. It doesn't work if you have multiple containers (start 1 actually runs iperf3) /container> print 0 file=iperf.tar name="2df45158-b892-4e06-af32-9ed00c0a1b9a" tag="" os="linux" ...
by nescafe2002
Thu Sep 09, 2021 10:02 pm
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 162656

Re: v7.1rc3 adds Docker (TM) compatible container support

Can you upload the container tar somewhere so I can rule that out?

Just uploaded here: http://www.filedropper.com/alpid
by nescafe2002
Thu Sep 09, 2021 6:51 pm
Forum: RouterOS beta
Topic: RDP Connection Dying
Replies: 57
Views: 32224

Re: RDP Connection Dying

I must say that I've had the same problem since upgrading my RB4011 to v7.1rc1.

Mostly connections to Windows 2012 R2 servers. They are probably really sensitive to interrupted data streams.

I am using direct RDP, TCP+UDP, over IPSEC.
by nescafe2002
Thu Sep 09, 2021 11:50 am
Forum: Containers
Topic: v7.1rc3 adds container support
Replies: 493
Views: 162656

Re: v7.1rc3 adds Docker (TM) compatible container support

It works if you set the entrypoint to /usr/bin/id in the image. Dockerfile: FROM alpine:3.13@sha256:7bf024556a224584c0fff680d650b4be2ad560b17f6f627b11e0e2d5beb4b597 ENTRYPOINT /usr/bin/id Build on host: ~/alpid$ docker build -t alpid . ~/alpid$ docker save alpid > alpid.tar Transfer tar to device, t...
by nescafe2002
Wed Sep 08, 2021 11:05 am
Forum: RouterBOARD hardware
Topic: new CCR2004 after upgrade to 7.1rc2 switch1 interface flapping
Replies: 6
Views: 2750

Re: new CCR2004 after upgrade to 7.1rc2 switch1 interface flapping

Hello, please create a support file on the device (supout.rif) while it is not functioning properly and send the file with problem description to support.
You can also request a download link for the 7.0.4 package in the same ticket.
by nescafe2002
Tue Sep 07, 2021 7:23 pm
Forum: General
Topic: Can not get 60-day trial license for CHR
Replies: 8
Views: 1693

Re: Can not get 60-day trial license for CHR

Well - business users usually know how to follow instructions. Like, creating a supout.rif and sending it to support.
by nescafe2002
Mon Sep 06, 2021 4:21 pm
Forum: RouterOS beta
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 44462

Re: v7.1rc2 [development] is released!

Rfulton, what do you expect from us on the forum? Nobody here can help you - please create a supout.rif after the crash and send it to support.
by nescafe2002
Sun Sep 05, 2021 6:40 pm
Forum: RouterOS beta
Topic: Howto use Let's Encrypt command on 7.1rc2?
Replies: 6
Views: 5499

Re: Howto use Let's Encrypt command on 7.1rc2?

One big advantage of wildcart certificates is that your hostname is not leaked to the public via certificate transparency. I once generated a certificate on the synology.me domain, the host was then listed on crt.sh and the number of login attempts from all over the world exploded. If you create a w...
by nescafe2002
Sat Sep 04, 2021 7:46 pm
Forum: Beginner Basics
Topic: CCR2004-1G-12S+2XS slow NAT performance [Fixed]
Replies: 39
Views: 10696

Re: CCR2004-1G-12S+2XS slow NAT performance

You could enable fasttrack, it works for NAT as well. CCR should handle gigabit with ease without it, but may be worth trying out. /ip firewall filter add chain=forward action=fasttrack-connection connection-state=established,related add chain=forward action=accept connection-state=established,relat...
by nescafe2002
Sat Sep 04, 2021 4:07 pm
Forum: RouterOS beta
Topic: Zerotier Immediate Gateway Unknown [SOLVED]
Replies: 12
Views: 5402

Re: Zerotier Immediate Gateway Unknown [SOLVED]

No problem, was just replying to point out that the rule is safe to add.
by nescafe2002
Fri Sep 03, 2021 10:31 pm
Forum: RouterOS beta
Topic: Zerotier Immediate Gateway Unknown [SOLVED]
Replies: 12
Views: 5402

Re: Zerotier Immediate Gateway Unknown [SOLVED]

That rule is part of the default configuration:
/ip firewall
filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
by nescafe2002
Fri Sep 03, 2021 4:54 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 68
Views: 72811

Re: v6.48.4 [stable] is released!

denisun, can you advertise a lower mtu via ND settings?
by nescafe2002
Fri Sep 03, 2021 3:12 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35716

Re: WinBox v3.29 released!

Okay I have no problems WinBox 3.29 connecting to 6.48.3, that's why I think it's related to v7.
by nescafe2002
Fri Sep 03, 2021 12:14 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35716

Re: WinBox v3.29 released!

icsterm, is this happening on v7.1rc2 or at least v7? I have already reported this behavior (SUP-58300, Stalled entries in active Winbox session list & wrong session removed from session list on logout) - reproduced and will be fixed. Not only after crashes, after all disconnects.
by nescafe2002
Fri Sep 03, 2021 11:39 am
Forum: RouterOS beta
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 44462

Re: v7.1rc2 [development] is released!

I'm having issues with 6to4 interface. IPv4 packets are somehow assembled (length 2922 bytes) and then rejected with ICMPv6 Packet Too Big. The tunnel throughput is starting at 900 Mbit and then dropping quickly to no more than 20 Mbps. It is dependent on the uplink (SFP) and fast path setting (when...
by nescafe2002
Thu Sep 02, 2021 10:09 pm
Forum: RouterOS beta
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 44462

Re: v7.1rc2 [development] is released!

What's new in 7.1rc1 (2021-Aug-19 13:06): !) added support for IPv6 NAT (CLI only); Currently action=netmap is not supported, which you'd expect for dual wan scenarios (to translate ULA prefix to ISP specific global prefix) E.g. this config is not supported: /ipv6 firewall nat add chain=srcnat acti...
by nescafe2002
Thu Sep 02, 2021 6:07 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 68
Views: 72811

Re: v6.48.4 [stable] is released!

/int bri por is expanded to /interface bridge port-controller for some reason.. just don't abbreviate cli commands, they are suspected to change anyway. [admin@MikroTik] > /int bri por pri ;;; disabled switch: none control-ports: excluded-ports: [admin@MikroTik] > /int bri port pri Flags: I - INACTI...
by nescafe2002
Thu Sep 02, 2021 3:24 pm
Forum: RouterOS beta
Topic: Bridge Filters Don't Seem to be working
Replies: 14
Views: 8288

Re: Bridge Filters Don't Seem to be working

This works fine on ROSv7.1rc2 (ping request timed out):

/interface bridge filter
add action=drop chain=forward dst-mac-address=E4:8D:8C:B0:DE:37/FF:FF:FF:FF:FF:FF

Could you share a code example and your test setup?
by nescafe2002
Mon Aug 30, 2021 5:09 pm
Forum: Beginner Basics
Topic: Private VLAN on a RB4011
Replies: 24
Views: 3348

Re: Private VLAN on a RB4011

Or use bridge split horizon. /interface bridge add name=bridge1 /interface bridge port add bridge=bridge1 horizon=1 interface=ether1 add bridge=bridge1 horizon=1 interface=ether2 add bridge=bridge1 horizon=1 interface=ether3 add bridge=bridge1 horizon=1 interface=ether4 Ports ether1-ether4 are now i...
by nescafe2002
Tue Aug 24, 2021 1:22 pm
Forum: RouterOS beta
Topic: how to check wireguard is running? [SOLVED]
Replies: 3
Views: 3520

Re: how to check wireguard is running? [SOLVED]

Ok, afaik WireGuard is stateless, so no connect / disconnect occurs.

There is a last handshake property which you can use to detect activity, but since that would be based on a timeout - netwatch would be a better option.
by nescafe2002
Tue Aug 24, 2021 10:21 am
Forum: RouterOS beta
Topic: how to check wireguard is running? [SOLVED]
Replies: 3
Views: 3520

Re: how to check wireguard is running? [SOLVED]

Since WireGuard uses fixed ip addresses anyway, could you just set up a netwatch entry for the remote host and implement the functionality in up/down scripts?
by nescafe2002
Tue Aug 24, 2021 10:08 am
Forum: General
Topic: Urgently need help with strange forwarding issue
Replies: 6
Views: 1019

Re: Urgently need help with strange forwarding issue

Have you checked the firewall connection tracking table for any icmp entries when the issue occurs?
by nescafe2002
Tue Aug 24, 2021 7:45 am
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 186
Views: 89559

Re: C# API - tik4net on GitHub

var conn1 = tik4net.ConnectionFactory.OpenConnection(TikConnectionType.Api, "192.168.88.1", 8728, "admin", "password"); var conn2 = tik4net.ConnectionFactory.OpenConnection(TikConnectionType.Api, "192.168.88.2", 8728, "admin", "password");...
by nescafe2002
Tue Aug 24, 2021 7:02 am
Forum: RouterOS beta
Topic: Netinstall error [SOLVED]
Replies: 11
Views: 2864

Re: Netinstall error [SOLVED]

I had the same issue. Sent to support. Note that the netinstall completes successfully. You just have to manually reboot the device.

Win10 netinstall/netinstall64 7.1rc1 RB2011.
by nescafe2002
Tue Aug 24, 2021 6:59 am
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 186
Views: 89559

Re: C# API - tik4net on GitHub

You can create multiple clients in a single program.
by nescafe2002
Mon Aug 23, 2021 11:30 pm
Forum: General
Topic: Feature request: host list
Replies: 3
Views: 978

Re: Feature request: host list

But what if those addresses ever change? You'd have to check all your router's configuration!
The "check all your router's configuration" is not hard.. make an export of the configuration (text file) and search for the address in this file.
by nescafe2002
Mon Aug 23, 2021 7:14 pm
Forum: General
Topic: V7.0.3 Routing
Replies: 13
Views: 2298

Re: V7.0.3 Routing

But.. have you tried disabling keepalive?
by nescafe2002
Mon Aug 23, 2021 10:30 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 113
Views: 35716

Re: WinBox v3.29 released!

SUP-27251 [Winbox] Feature request: Add menu option "Window"

Time to delivery: Less than a year :)

Thanks!
by nescafe2002
Sun Aug 22, 2021 10:16 am
Forum: General
Topic: V7.0.3 Routing
Replies: 13
Views: 2298

Re: V7.0.3 Routing

Tested on beta, seems that the GRE interface is not running when keepalive is active.

Disabling keepalive on the GRE interface enables the routes.

Note that ROSv7 is still in beta; 7.0.3 is a one-time-build for Chateau but can still contain bugs.
by nescafe2002
Sat Aug 21, 2021 11:06 am
Forum: Beginner Basics
Topic: IPv6 DNS
Replies: 9
Views: 11661

Re: IPv6 DNS

Setting custom dns server in ND/RA is not possible until ROSv7. For ROSv6, use option 23 in dhcpv6 server and enable 'other configuration' in RA: /ipv6 dhcp-server option add code=23 name=dns value="'2001:db8::1''2001:db8::2'" /ipv6 dhcp-server add dhcp-option=dns interface=bridge name=def...
by nescafe2002
Thu Aug 19, 2021 8:38 pm
Forum: Beginner Basics
Topic: Automatically Update 6to4 Tunnel Local Address [SOLVED]
Replies: 4
Views: 1485

Re: Automatically Update 6to4 Tunnel Local Address [SOLVED]

Not sure why you want to update the local address, do you have a dual wan setup? If not, just unset local-address and it will pick your external address automatically: /interface 6to4 set [find] local-address=0.0.0.0 You could update the IPv4 endpoint on HE side by running a fetch command, e.g.: htt...
by nescafe2002
Wed Aug 18, 2021 8:46 pm
Forum: RouterBOARD hardware
Topic: RB3011 port flopping - bad design
Replies: 131
Views: 62429

Re: RB3011 port flopping - bad design

In my case, support noticed a high queue drop count (/interface print stats, column "tx-queue-drops").

Setting larger queue size solved the problem:
/queue type set ethernet-default pfifo-limit=300
/queue interface set [find where queue!=no-queue] queue=ethernet-default
by nescafe2002
Mon Aug 16, 2021 10:55 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 243400

Re: v7.1beta6 [development] is released!

They do not post the firmware publicly because it will brick non-chateau devices. Both times they posted a link, with warning, at least one user tried installing it on another model.
by nescafe2002
Fri Aug 13, 2021 10:40 am
Forum: General
Topic: IPv6 routing woes
Replies: 3
Views: 1072

Re: IPv6 routing woes

What 'works on my machine' is: /interface pppoe-client add add-default-route=yes name=pppoe-client /ipv6 dhcp-client add add-default-route=no interface=pppoe-client request=prefix This will add a dynamic route to ::/0 via pppoe-client. And a default ipv4 route. The 2000::/3 is a testing route to fin...
by nescafe2002
Thu Aug 12, 2021 5:34 pm
Forum: General
Topic: any trick to make cap client keep settings while capsman is down?
Replies: 21
Views: 3525

Re: any trick to make cap client keep settings while capsman is down?

1) Well you have a polling timer at the moment at around 5-10", so to start with you could make that time range dynamic so we could set it to 1 year for example 2) You need to keep the settings(filtering the local forwarding ones) that are pulled locally to the cap so in case of reboot they ar...
by nescafe2002
Thu Aug 12, 2021 1:35 pm
Forum: General
Topic: IPv6 routing woes
Replies: 3
Views: 1072

Re: IPv6 routing woes

Note that the pppoe-client already adds a default route (based on ppp profile). So first try setting add-default-route=no in your dhcpv6 client to prevent the extra route to be added. Have you added bridgeLAN to the LAN interface list? For testing, you could add a route to a more specific public pre...
by nescafe2002
Wed Aug 11, 2021 7:46 am
Forum: RouterOS beta
Topic: IPv6 link-local address missing on bridge if auto-mac=no
Replies: 6
Views: 4569

Re: IPv6 link-local address missing on bridge if auto-mac=no

mrz, SUP-45712 describes same issue, no LL address on bridge with admin-mac set. LL address doesn't change, it disappears on unrelated reconfigurations. I have provided steps to reproduce + supout.

Edit: Issue will be resolved in 7.1beta7.
by nescafe2002
Thu Aug 05, 2021 11:43 am
Forum: Beginner Basics
Topic: WHY RouterOS insists on making ether1 a WAN port
Replies: 24
Views: 7221

Re: WHY RouterOS insists on making ether1 a WAN port

There is an earlier statement on this issue (well.. slightly related issue) from staff: https://forum.mikrotik.com/viewtopic.php?p=646067#p646067 DHCP client is required on CHR installations since most of cloud services provide only access through IP address and you do not have direct access to cons...
by nescafe2002
Mon Aug 02, 2021 7:52 pm
Forum: General
Topic: DHCP option 66 for provision server not working
Replies: 13
Views: 3681

Re: DHCP option 66 for provision server not working

Then try enabling DHCP Provisioning: Settings > Auto Provision > DHCP Active > On Then reset (reboot) phone. Is your endpoint password protected? From a working setup: /ip dhcp-server option add code=66 name=yealink value="'https://user:password@host.domain.tld:443/dms/yealink/'" /ip dhcp-...
by nescafe2002
Mon Aug 02, 2021 5:54 pm
Forum: General
Topic: DHCP option 66 for provision server not working
Replies: 13
Views: 3681

Re: DHCP option 66 for provision server not working

Have you enabled DHCP provisioning in the phone features? Or have you factory reset the phones to test?

(Yealink will only accept DHCP provisioning when enabled or after factory reset)
by nescafe2002
Sat Jul 03, 2021 5:45 pm
Forum: General
Topic: Mikrotik : Setup DHCP lease for VOIP devices on the same segment of Data.
Replies: 1
Views: 1071

Re: Mikrotik : Setup DHCP lease for VOIP devices on the same segment of Data.

Split your ip pools and use vendor class. /ip pool add name=lan next-pool=lan2 ranges=192.168.0.2-192.168.0.199 add name=lan2 ranges=192.168.0.221-192.168.0.254 add name=voip ranges=192.168.0.200-192.168.0.220 /ip dhcp-server vendor-class-id add address-pool=voip name=yealink server=default vid=yeal...
by nescafe2002
Sat Jul 03, 2021 5:40 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 186
Views: 89559

Re: C# API - tik4net on GitHub

Move the login logic out of the loop and keep the process running.
by nescafe2002
Sun Jun 27, 2021 11:59 am
Forum: General
Topic: CRS3xx - bridge horizon deactivated hardware offload
Replies: 2
Views: 911

Re: CRS3xx - bridge horizon deactivated hardware offload

https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Port_Settings Use split horizon bridging to prevent bridging loops. Set the same value for group of ports, to prevent them from sending data to ports with the same horizon value. Split horizon is a software feature that disables hardware offload...
by nescafe2002
Sun Jun 20, 2021 2:15 am
Forum: Scripting
Topic: Stop command for scripts
Replies: 11
Views: 3689

Re: Stop command for scripts

I'm assuming the 5 minute timeout is introduced by OP solely to prevent a boot loop, but if it's necessary to add a waiting period for all outages, you can alter the watchdog ping-timeout parameter. ping-timeout (time; Default: 60s) - Specifies the time interval in which the device will be pinged 6 ...
by nescafe2002
Sun Jun 20, 2021 1:51 am
Forum: Scripting
Topic: Stop command for scripts
Replies: 11
Views: 3689

Re: Stop command for scripts

Ok, ontopic, let me further explain my thoughts here. OP has created a 5-min reboot script which is triggered by a netwatch entry. This makes sense because netwatch fires directly after startup - restarting directly would create a boot loop. When there is a connection - OP wants to cancel the reboot...
by nescafe2002
Sun Jun 20, 2021 1:38 am
Forum: Scripting
Topic: Stop command for scripts
Replies: 11
Views: 3689

Re: Stop command for scripts

In a fair and sensible way, OP is free to take my advice or not.

But are you, rextended, accusing me of forum pollution? Really? Lol..
by nescafe2002
Sat Jun 19, 2021 10:47 pm
Forum: Scripting
Topic: Stop command for scripts
Replies: 11
Views: 3689

Re: Stop command for scripts

Imo the XY problem is applicable here - OP already has created a reboot script which he wants to interrupt so he asks for a scripting solution; the watchdog module doesn't require scripting at all.
by nescafe2002
Fri Jun 18, 2021 9:46 pm
Forum: Scripting
Topic: Stop command for scripts
Replies: 11
Views: 3689

Re: Stop command for scripts

Better use the watchdog feature https://wiki.mikrotik.com/wiki/Manual:System/Watchdog watch-address The system will reboot, in case 6 sequential pings to the given IP address will fail. If set to none this feature is disabled. By default router will reboot every 6 minutes if watch-address is set and...
by nescafe2002
Fri Jun 18, 2021 12:11 am
Forum: Beginner Basics
Topic: Re: RouterOS v7.2 (beta) and routing marks
Replies: 2
Views: 1014

Re: RouterOS v7.2 (beta) and routing marks

rextended , anav , please don't reply to these post as they are automatically crossposted (from reddit) with suspicious links. Just report the posts. Post #1: https://www.reddit.com/r/mikrotik/comments/jypr2q/routeros_v72_beta_and_routing_marks/ Post #2: https://www.reddit.com/r/mikrotik/comments/j...
by nescafe2002
Thu Jun 17, 2021 9:34 am
Forum: General
Topic: IPSec drops and requires reboot
Replies: 9
Views: 1918

Re: IPSec drops and requires reboot

It might be a shot in the dark, but I've experienced similar issues with ipsec until today - dropping ipsec connections (active peer state message 2 sent). Rb3011 / 6.48.3 / 3 peers (2 ip & 1 ip cloud dns). Noticed an active peer entry with an ip address of peer_a and comment of identity of peer...
by nescafe2002
Tue Jun 15, 2021 10:03 am
Forum: General
Topic: Hex RB750Gr3 issue
Replies: 2
Views: 626

Re: Hex RB750Gr3 issue

Make sure you are connected to port 2-5.
by nescafe2002
Sun May 23, 2021 1:03 am
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 243400

Re: v7.1beta6 [development] is released!

You can prevent port membership updates from affecting the bridge mac by hard setting the admin MAC instead of using auto MAC for the bridge.

Yes, but reconfiguring any bridge (e.g. bridge2) should not lead to loss of link local address of another bridge (e.g. bridge1).
by nescafe2002
Sun May 23, 2021 12:59 am
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 243400

Re: v7.1beta6 [development] is released!

This has been reported but was unconfirmed by MikroTik support. SUP-45712 [7.1beta5] No link-local communication after bridge reconfiguration Quick solution is to briefly disable and enable IPv6; /ipv6/settings/set disable-ipv6=yes /ipv6/settings/set disable-ipv6=no The issue re-appears after a brid...
by nescafe2002
Thu May 20, 2021 6:41 pm
Forum: RouterOS beta
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 243400

Re: v7.1beta6 [development] is released!

and because you seem to approve of the beta rollout process probably can help me find the beta5 binaries so that I can downgrade from the latest UNTESTED beta Hello person who has been doing software development for decades; you can find the binaries of the previous untested beta release for your d...
by nescafe2002
Thu May 06, 2021 3:48 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 141
Views: 62361

Re: v6.48.2 [stable] is released!

RB3011UiAS - Portflapping We just had a case of portflapping with 6.48.2 on a RB3011. I reported a case of port flapping on rb3011 6.48.1 earlier and got response: Please apply this command to prevent lockups between RB3011 switch chips and CPU: /interface ethernet switch set switch1,switch2 cpu-fl...
by nescafe2002
Sat Apr 17, 2021 5:28 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 141
Views: 62361

Re: v6.48.2 [stable] is released!

tenner, check the log
by nescafe2002
Fri Apr 02, 2021 9:42 am
Forum: Scripting
Topic: How to do a Fuzzy query [SOLVED]
Replies: 10
Views: 3472

Re: How to do a Fuzzy query [SOLVED]

Use the in keyword for subnet matching.

E.g.

/ip route print where 172.17.0.0/16 in dst-address
by nescafe2002
Tue Mar 30, 2021 4:53 pm
Forum: General
Topic: Issues Turing Off DHCP Server in RouterOS 6.47.9
Replies: 2
Views: 917

Re: Issues Turing Off DHCP Server in RouterOS 6.47.9

Why are you insisting on AD DHCP? Just use MT's DHCP server and you will be fine. Configure AD DNS in MT DHCP Network and you're done. Disabling MT's DHCP server shouldn't lead to the problems you are experiencing unless you configured the AD DHCP incorrectly. Also, create a backup AND an export of ...
by nescafe2002
Mon Mar 29, 2021 11:35 am
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 186
Views: 89559

Re: C# API - tik4net on GitHub

Since name is the primary identifier for the object, you can use .id=peer-A: using (var conn = tik4net.ConnectionFactory.OpenConnection(TikConnectionType.Api, "192.168.88.1", 8728, "admin", "password")) { conn.CreateCommandAndParameters("/ip/ipsec/peer/disable"...
by nescafe2002
Mon Mar 29, 2021 10:40 am
Forum: General
Topic: URGENT: SOS - Wrong NetMask Used In QuickSet (How to recover)
Replies: 3
Views: 886

Re: URGENT: SOS - Wrong NetMask Used In QuickSet (How to recover)

Never, ever, ever, use QuickSet on an already configured router. Not even with correct settings. You should only QuickSet a device with zero configuration on it. That being said, in default config the device should be discoverable on the internal net and reachable via web, winbox and/or mac telnet. ...
by nescafe2002
Tue Mar 16, 2021 10:36 am
Forum: Beginner Basics
Topic: hEXr3, 6.44.2 bridge mode [SOLVED]
Replies: 29
Views: 12491

Re: hEXr3, 6.44.2 bridge mode [SOLVED]

Tried to assign a static ip in addresses but failed. Failed how? You couldn't open the IP Address menu? Couldn't access the console? Setting was not saved? Did you get an error message? If your device doesn't work properly, create a supout.rif and send it to support with problem description + steps...
by nescafe2002
Tue Mar 16, 2021 12:16 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 90689

Re: v6.49beta [testing] is released!

Netinstall lets you keep the configuration as an option.
by nescafe2002
Mon Mar 15, 2021 12:19 pm
Forum: Forwarding Protocols
Topic: ipv6 nd ra suppress all in mikrotik [SOLVED]
Replies: 1
Views: 3688

Re: ipv6 nd ra suppress all in mikrotik [SOLVED]

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/command/ipv6-cr-book/ipv6-i3.html#wp2583862361 To suppress IPv6 router advertisement transmissions on a LAN interface, use the ipv6 nd ra suppress command in interface configuration mode. Don't advertise your ips: /ipv6 address set [find where a...
by nescafe2002
Sun Mar 14, 2021 1:02 pm
Forum: RouterOS beta
Topic: Slow IPv6 speeds on v7.1beta4
Replies: 9
Views: 3594

Re: Slow IPv6 speeds on v7.1beta4

I have recently tested 7.1beta4 on my main router (RB4011) with a 6to4-tunnel but cannot reach speeds over 100 Mbps. There are a lock of dup acks and icmpv6 packet too big messages cluttering up the interface. Not sure if this is related to IPv6 in general or the 6to4 tunnel, but you may want to che...
by nescafe2002
Fri Mar 12, 2021 6:19 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 90689

Re: v6.49beta [testing] is released!

That's what betas are for :) Glad it will be fixed for stable release.
by nescafe2002
Wed Mar 10, 2021 10:17 pm
Forum: Beginner Basics
Topic: DHCP Server - Some Hosts do not provide hostname
Replies: 3
Views: 1174

Re: DHCP Server - Some Hosts do not provide hostname

Try send host-name "hostname" in dhclient.conf.
by nescafe2002
Wed Mar 10, 2021 9:11 pm
Forum: Beginner Basics
Topic: DHCP Server - Some Hosts do not provide hostname
Replies: 3
Views: 1174

Re: DHCP Server - Some Hosts do not provide hostname

MikroTik reads hostname (client option 12 ) from DHCP DISCOVER, some client devices provide host name in DHCP REQUEST.
by nescafe2002
Tue Mar 09, 2021 9:39 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 103
Views: 60715

Re: v6.48.1 [stable] is released!

aronw95, did you check the log after the first attempt?
by nescafe2002
Tue Mar 02, 2021 3:27 pm
Forum: General
Topic: Remove all Interfaces from bridge by command
Replies: 3
Views: 2406

Re: Remove all Interfaces from bridge by command

/interface bridge port remove [ find bridge=bridgeLocal ]
by nescafe2002
Tue Mar 02, 2021 9:23 am
Forum: Beginner Basics
Topic: RouterOS - Newbie CCR1009-7G-1C-1S+
Replies: 12
Views: 1906

Re: RouterOS - Newbie CCR1009-7G-1C-1S+

Not necessary, interface is member of WAN and there is already a masquerade rule for WAN. Just remove the general masquerade rule.
by nescafe2002
Sun Feb 28, 2021 1:25 pm
Forum: Scripting
Topic: How to control the alarm beep sound of mikrotik?
Replies: 3
Views: 9441

Re: How to control the alarm beep sound of mikrotik?

https://wiki.mikrotik.com/wiki/Manual:S ... l_commands

beep :beep <freq> <length> beep built in speaker

You can supply length without unit (defaults to number of seconds) or with unit, e.g. 200ms.
by nescafe2002
Thu Feb 25, 2021 7:35 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 103
Views: 60715

Re: v6.48.1 [stable] is released!

mskoric; yes, sniffer disables fast path. The issue is fixed in 6.49beta11. https://forum.mikrotik.com/viewtopic.php?f=21&t=172259&p=842156#p844958 The reported SIP phone issue is fixed with this change: *) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination ...
by nescafe2002
Thu Feb 25, 2021 5:36 pm
Forum: General
Topic: Automatically update ipsec peer addresses from script
Replies: 26
Views: 5382

Re: Automatically update ipsec peer addresses from script

No scripting required.

What's new in 6.41 (2017-Dec-22 11:55):
*) ipsec - allow to specify "remote-peer" address as DNS name;
by nescafe2002
Thu Feb 25, 2021 5:21 am
Forum: General
Topic: Winbox Question
Replies: 8
Views: 1433

Re: Winbox Question

What's the name of the file?
by nescafe2002
Wed Feb 24, 2021 7:31 pm
Forum: General
Topic: DNS-resolution without DNS-Sever, Route or IP
Replies: 6
Views: 1683

Re: DNS-resolution without DNS-Sever, Route or IP

Not really. It has been mentioned before on the forum. https://forum.mikrotik.com/viewtopic.php?f=2&t=103739&p=515485#p515505 I just confirmed that Winbox 3.0 still has the behavior where typing a hostname into "Ping To" will use the client's DNS resolver, and not the remote Mikrot...
by nescafe2002
Wed Feb 24, 2021 6:38 pm
Forum: General
Topic: DNS-resolution without DNS-Sever, Route or IP
Replies: 6
Views: 1683

Re: DNS-resolution without DNS-Sever, Route or IP

The host is resolved in Winbox on the client device..

Try this in Terminal:

[admin@MikroTik] > /ping [:resolve www.cnn.com] 
failure: dns server failure
by nescafe2002
Wed Feb 24, 2021 3:33 pm
Forum: Wireless Networking
Topic: cAP AC Access Points... best quick set? (resolved with no quick set as best option, but solution provided) [SOLVED]
Replies: 22
Views: 7480

Re: cAP AC Access Points... best quick set? [SOLVED]

Please don't quote posts entirely - quote selectively and don't quote if you're replying to the most recent post. CAPsMAN will provision radios wlan1 and wlan2 based on provision rules based on mac address or hw mode (e.g. gn/ac). In the documented example provision is not filtered so both radios (2...
by nescafe2002
Wed Feb 24, 2021 8:32 am
Forum: Beginner Basics
Topic: User "Allowed Address" not in "/export" or "/export verbose"?
Replies: 2
Views: 724

Re: User "Allowed Address" not in "/export" or "/export verbose"?

Users are omitted on export, probably to prevent the creation of passwordless users on import. Also users can be kept on configuration reset.

Use /user export to export users.
by nescafe2002
Tue Feb 23, 2021 9:58 pm
Forum: Wireless Networking
Topic: cAP AC Access Points... best quick set? (resolved with no quick set as best option, but solution provided) [SOLVED]
Replies: 22
Views: 7480

Re: cAP AC Access Points... best quick set? [SOLVED]

Please post your CAPsMAN configuration. If I remember correctly, devices in cap mode somehow only work if a CAPsMAN controller is available in the network. /caps-man export should look something like this: /caps-man configuration add country=latvia datapath.client-to-client-forwarding=yes datapath.l...
by nescafe2002
Sun Feb 21, 2021 12:46 pm
Forum: Scripting
Topic: Something will makes me crazy with tool/netwatch
Replies: 3
Views: 1261

Re: Something will makes me crazy with tool/netwatch

Use watchdog timer with watch address instead of netwatch. https://wiki.mikrotik.com/wiki/Manual:System/Watchdog watch-address (IP; Default: none) The system will reboot, in case 6 sequential pings to the given IP address will fail. If set to none this feature is disabled. By default router will reb...
by nescafe2002
Wed Feb 17, 2021 4:34 pm
Forum: General
Topic: RB2011 - disable blue SFP LED
Replies: 6
Views: 3236

Re: RB2011 - disable blue SFP LED

Mail support.. the forum is no official support channel.
by nescafe2002
Thu Feb 11, 2021 3:07 pm
Forum: Beginner Basics
Topic: Route different LANs and PBX
Replies: 12
Views: 1823

Re: Route different LANs and PBX

Is there no relevant line in the firewall connection tracking table?
by nescafe2002
Thu Feb 11, 2021 2:21 pm
Forum: Beginner Basics
Topic: Route different LANs and PBX
Replies: 12
Views: 1823

Re: Route different LANs and PBX

Yep.. that should work.
by nescafe2002
Thu Feb 11, 2021 1:53 pm
Forum: Beginner Basics
Topic: Route different LANs and PBX
Replies: 12
Views: 1823

Re: Route different LANs and PBX

Sorry, I misguided you.. PBX should be set to gateway 192.168.1.254.
by nescafe2002
Thu Feb 11, 2021 11:45 am
Forum: Beginner Basics
Topic: Route different LANs and PBX
Replies: 12
Views: 1823

Re: Route different LANs and PBX

PBX should have set 192.168.2.254 as gateway.
Not sure why you couldn't ping 192.168.2.254 from your existing lan.. could you post your config (/export hide-sensitive)?
by nescafe2002
Thu Feb 11, 2021 11:40 am
Forum: General
Topic: Polling of mikrotik.com [SOLVED]
Replies: 7
Views: 1683

Re: Polling of mikrotik.com [SOLVED]

System > Packages > Check for upgrades => upgrade.mikrotik.com IP > Cloud > DDNS Enabled => cloud2.mikrotik.com Interfaces > Detect Internet => cloud.mikrotik.com These are all subdomains. Are you sure the device is actually resolving the domain name 'mikrotik.com' (without subdomain)? Are there cli...
by nescafe2002
Wed Feb 10, 2021 7:02 pm
Forum: General
Topic: DHCP option 55 example
Replies: 8
Views: 5236

Re: DHCP option 55 example

Nope, not really.

Perhaps you're trying to remote configure CPE's, then you could take a look at https://wiki.mikrotik.com/wiki/Manual:TR069-client
by nescafe2002
Wed Feb 10, 2021 6:31 pm
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 100
Views: 59646

Re: WinBox v3.27 released!

Was Winbox designed to dock the child window to the main window (when maximized)? Or has this behavior changes in recent version?

Perhaps this is not a bug but rather a suggestion or feature request.. better contact support.
by nescafe2002
Wed Feb 10, 2021 5:54 pm
Forum: General
Topic: DHCP option 55 example
Replies: 8
Views: 5236

Re: DHCP option 55 example

You want to pass-through option 43 from dhcp-client to dhcp-server? That's gonna require some scripting. E.g. :if ($bound=1) do={ :local acs ($"lease-options"->"43"); :log info "DHCP Option 43: $acs"; /ip dhcp-server option set option-43 value="'$acs'"; } Or, ...
by nescafe2002
Wed Feb 10, 2021 5:14 pm
Forum: Beginner Basics
Topic: Route different LANs and PBX
Replies: 12
Views: 1823

Re: Route different LANs and PBX

Add ip address 192.168.2.x/24 to LAN interface (bridge) takes care of routing between two subnets on same interface. /ip address add address=192.168.2.254/24 interface=bridge network=192.168.2.0 Extend ip pool and add dhcp-network for this segment. /ip dhcp-server network add address=192.168.2.0/24 ...
by nescafe2002
Wed Feb 10, 2021 5:00 pm
Forum: General
Topic: DHCP option 55 example
Replies: 8
Views: 5236

Re: DHCP option 55 example

Option 55 is a dhcp client options (requested parameter list). If you want to request more than the standard options, you'll have to supply the complete request list including 1 (subnet mask), 3 (gateway) and 6 (dns). Note that the MT probably will ignore option 43, but maybe you could do something ...
by nescafe2002
Fri Feb 05, 2021 11:10 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 171
Views: 90689

Re: v6.49beta [testing] is released!

Will be there no further V6.48.XX versions?
From the doomed V6.48 straight to V6.49?

Check the version numbering schema: https://wiki.mikrotik.com/wiki/Manual:U ... _numbering

Changes (fixes) from 6.49beta/rc can be merged to 6.48.x.
by nescafe2002
Mon Feb 01, 2021 10:14 am
Forum: General
Topic: PPP on hEX RB750Gr3
Replies: 1
Views: 571

Re: PPP on hEX RB750Gr3

Perhaps the package is disabled. Check System > Packages.
by nescafe2002
Sun Jan 31, 2021 7:15 pm
Forum: RouterOS beta
Topic: v7.1 beta 3 export freeze and mangle sometime not working.
Replies: 1
Views: 1295

Re: v7.1 beta 3 export freeze and mangle sometime not working.

viewtopic.php?f=1&t=169992#p832375

Export problem is known, /routing menu export is the one that fails.
by nescafe2002
Sun Jan 24, 2021 11:06 pm
Forum: General
Topic: Forum Account Deletion
Replies: 1
Views: 1036

Re: Forum Account Deletion

Mail support.
by nescafe2002
Sun Jan 24, 2021 4:31 pm
Forum: General
Topic: WinBox problem after upgrading to v6.48
Replies: 3
Views: 773

Re: WinBox problem after upgrading to v6.48

Which version of WinBox? Have you tried clearing Cache (via connection dialog)?
by nescafe2002
Sat Jan 23, 2021 1:02 am
Forum: General
Topic: Route internet through IPsec
Replies: 14
Views: 4309

Re: Route internet through IPsec

Nope, but you are trying to tunnel via a bridged device.. should work nevertheless, but I have not tested that scenario.
by nescafe2002
Fri Jan 22, 2021 11:05 am
Forum: General
Topic: Route internet through IPsec
Replies: 14
Views: 4309

Re: Route internet through IPsec

Yes, if 192.168.10.254 is the default gateway of the device, 192.168.10.21 will not be able to reach either the other subnet or the internet via site B. Set the default gateway to 192.168.10.1. Actually nske noticed this earlier: a) 192.168.10.21 would be using the local ipsec terminating router (19...
by nescafe2002
Thu Jan 21, 2021 10:46 pm
Forum: General
Topic: Route internet through IPsec
Replies: 14
Views: 4309

Re: Route internet through IPsec

For 192.168.10.21 initiated traffic no additional configuration (route, firewall, nat) is required in default configuration. https://help.mikrotik.com/docs/display/ROS/Packet+Flow+in+RouterOS There is 'some' routing decision before ipsec policy matching, but routing is done twice, so the actual (out...
by nescafe2002
Thu Jan 21, 2021 7:42 pm
Forum: General
Topic: Route internet through IPsec
Replies: 14
Views: 4309

Re: Route internet through IPsec

It should work out of the box.. Are the PH2 states of the new policies established?
by nescafe2002
Thu Jan 21, 2021 7:28 pm
Forum: Beginner Basics
Topic: SMTP server outgoing mail problem [SOLVED]
Replies: 5
Views: 2932

Re: SMTP server outgoing mail problem [SOLVED]

This rule translates all connections with a destination port of 25, 465. add action=dst-nat chain=dstnat comment=email dst-port=25,465 protocol=tcp \ to-addresses=192.168.2.7 So, even outgoing connections will be rewritten to destination ip 192.168.2.7. If this is the desired behavior, you should al...
by nescafe2002
Thu Jan 21, 2021 6:30 pm
Forum: General
Topic: Route internet through IPsec
Replies: 14
Views: 4309

Re: Route internet through IPsec

No need for additional protocols or interfaces. This scenario will work in standard ipsec tunneling mode. On site A create an additional policy: /ip ipsec policy add dst-address=0.0.0.0/0 peer=siteB src-address=192.168.10.21/32 tunnel=yes On site B create an additional policy: /ip ipsec policy add d...
by nescafe2002
Thu Jan 21, 2021 3:02 pm
Forum: Beginner Basics
Topic: SMTP server outgoing mail problem [SOLVED]
Replies: 5
Views: 2932

Re: SMTP server outgoing mail problem [SOLVED]

No need to add another filter rule. Your nat rule is dstnatting both incoming and outgoing connections. Limit the nat rule instead (e.g. dst-address-type=local and dst-address=!192.168.0.0/16). Note that you already made this effort on the first nat rule (ssh) with src-address=!192.168.2.0/24. To pr...
by nescafe2002
Tue Jan 19, 2021 8:47 am
Forum: General
Topic: RouterOS .backup to .rsc/text
Replies: 4
Views: 3159

Re: RouterOS .backup to .rsc/text

Connect via mac to bypass firewall.
by nescafe2002
Sun Jan 17, 2021 2:14 pm
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 4382

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

This has been discussed before: https://www.reddit.com/r/mikrotik/comments/6kgln8/anonymous_and_weak_ssl_ciphers_on_mikrotik/ Disabling/firewalling www-ssl and api-ssl should fix the issue. If you're concerned about security, you should learn to properly and securely configure (e.g. firewall) the de...
by nescafe2002
Sat Jan 16, 2021 4:22 pm
Forum: General
Topic: css326 and rb4011 getting errors with 10G SFP+ uplink
Replies: 10
Views: 2388

Re: css326 and rb4011 getting errors with 10G SFP+ uplink

Did you clean the connector or the optical side? And how?
by nescafe2002
Thu Jan 14, 2021 8:01 pm
Forum: General
Topic: DNS forward based on domain name [SOLVED]
Replies: 41
Views: 23152

Re: DNS forward based on domain name [SOLVED]

*.phillipcarroll.local is not a valid regex entry because the first * quantifier is not preceded by a character (sequence).

But since partial matching takes place, I choose to omit the subdomain (.*) in general.

So.. \.domain\.local$ is simpler than ^.*\.domain\.local$
by nescafe2002
Thu Jan 14, 2021 7:54 pm
Forum: General
Topic: DNS forward based on domain name [SOLVED]
Replies: 41
Views: 23152

Re: DNS forward based on domain name [SOLVED]

The wiki example is escaped for pasting in terminal, you pasted the terminal example in the winbox dns static entry window (not the terminal).
by nescafe2002
Thu Jan 14, 2021 7:48 pm
Forum: General
Topic: DNS forward based on domain name [SOLVED]
Replies: 41
Views: 23152

Re: DNS forward based on domain name [SOLVED]

Your tld is .local, not .local$. Don't escape the last $ in the regex. In fact you should unescape the CLI syntax, e.g. \\. => \. when pasting directly in Winbox. Omitting the slashes will make it match with other characters as well. E.g. philipcarrollBlocalWhateveryoulike would match. Better use th...
by nescafe2002
Wed Jan 13, 2021 12:43 pm
Forum: Wireless Networking
Topic: Issues With Apple Device
Replies: 5
Views: 2085

Re: Issues With Apple Device

You're welcome. Increasing dhcp lease time (from 15m to 2h) might also help.
by nescafe2002
Sat Jan 09, 2021 6:57 pm
Forum: Beginner Basics
Topic: Putting more information into router advertisement packets?
Replies: 24
Views: 3737

Re: Putting more information into router advertisement packets?

7.1beta has support for DNS in RA, until then use DHCPv6 option 23
by nescafe2002
Fri Jan 08, 2021 10:04 pm
Forum: General
Topic: IPIP Tunnel and inner IPv6 not working
Replies: 3
Views: 1094

Re: IPIP Tunnel and inner IPv6 not working

You can use 6to4 (6in4) to tunnel ipv6 traffic over ipv4. /interface 6to4 add !keepalive name=6to4-branch remote-address=branch.tld /ipv6 route add distance=1 dst-address=2001:db8:10:10::/64 gateway=6to4-branch /interface list member add interface=6to4-branch list=LAN /interface 6to4 add !keepalive ...
by nescafe2002
Tue Jan 05, 2021 12:57 pm
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 4382

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

User Cha0s has answered this question earlier on SO:

https://serverfault.com/questions/88496 ... tik-router

AFAIK you cannot disable this on MikroTik.
by nescafe2002
Tue Jan 05, 2021 12:12 pm
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 25
Views: 19769

Re: IPv6 Firewall

not sure why it wasn't applied automatically.
Default configuration is not re-applied on module activation. Maybe it should (for firewall) but that's up to the product team.
by nescafe2002
Tue Jan 05, 2021 10:15 am
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 25
Views: 19769

Re: IPv6 Firewall

After enabling ipv6 package, the ipv6 firewall is in the default configuration. https://help.mikrotik.com/docs/display/ROS/Default+configurations /system default-configuration print You can copy/paste the /ipv6 firewall part from there (make sure your terminal window is wide enough for all contents ...
by nescafe2002
Fri Jan 01, 2021 7:06 pm
Forum: Beginner Basics
Topic: DHCP Server is active - but service port 67 doesn't exist
Replies: 3
Views: 964

Re: DHCP Server is active - but service port 67 doesn't exist

Is the DHCP server service not active, or not listed? Those are two different concepts..

The IP Services list is list of services not specified elsewhere. E.g. IPSEC server, PPTP/L2TP server services are not listed under IP Services. So it is 'by design'.
by nescafe2002
Thu Dec 31, 2020 10:07 am
Forum: General
Topic: IPSEC IKEv2 network-to-network problems
Replies: 11
Views: 2120

Re: IPSEC IKEv2 network-to-network problems

Correct, they serve the same purpose. I like to leave the default firewall alone, give the dummy route a higher distance and a comment regarding device initiated ipsec connections. Also for unenstablished dynamic policies, the dummy route prevents unencrypted packets from leaving through wan. But se...
by nescafe2002
Sun Dec 27, 2020 10:38 pm
Forum: General
Topic: IPSEC IKEv2 network-to-network problems
Replies: 11
Views: 2120

Re: IPSEC IKEv2 network-to-network problems

Running EoIP to link two sites and then deal with the undesired effects (broadcasts, same subnet) is.. not the best advice imo. Just plain ipsec tunneling should work fine. To start, get rid of all the custom proposal and profile and use static peer for tunneling. Default firewall needs no adjustmen...
by nescafe2002
Sun Dec 27, 2020 6:57 pm
Forum: General
Topic: DDOS Rules when Connection tracking is Off
Replies: 9
Views: 2430

Re: DDOS Rules when Connection tracking is Off

Please see below link what I want to elaborate you. https://aacable.wordpress.com/2018/03/27/separating-natting-from-routing-in-mikrotik/ Your link provides the correct information: "When using Masquarade, RouterOS has to do full connection tracking recalculation on EACH interface connect/disc...
by nescafe2002
Fri Dec 18, 2020 12:13 am
Forum: Scripting
Topic: Disable and Enable interface
Replies: 17
Views: 13988

Re: Disable and Enable interface

msatter understood your question and pointed you in the right direction. The linked post contains all you need to know to create a failover solution.

Next time, don't quite entire posts especially if it's the most recent post you are replying to.. thanks :)
by nescafe2002
Mon Dec 14, 2020 6:37 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 186
Views: 89559

Re: C# API - tik4net on GitHub

monitor.ExecuteAsync(re => responses.Add(re)); This does not give me nay responses. It does give a response in the error callback: monitor.ExecuteAsync( re => responses.Add(re), e => Console.WriteLine(e.ToString())); Error: ApiTrapSentence:.tag=1|message=unknown parameter You can use parameter .id ...
by nescafe2002
Tue Dec 08, 2020 9:03 pm
Forum: RouterBOARD hardware
Topic: RB2011 performance
Replies: 1
Views: 1217

Re: RB2011 performance

https://wiki.mikrotik.com/wiki/Manual:Product_Naming

Compared to the RB2011UiAS-2HnD, the RB2011UAS-2HnD has no PoE (out).

Watch out for NAND wear (bad blocks) on older, used devices. Performance should be comparable between both (244 Mbps w/o fasttrack).
by nescafe2002
Mon Dec 07, 2020 5:00 pm
Forum: General
Topic: Weird "1.10.168.192" IP under DNS Cache
Replies: 5
Views: 1276

Re: Weird "1.10.168.192" IP under DNS Cache

Also note the 'S' flag in the cache table - it refers to Static
by nescafe2002
Fri Dec 04, 2020 11:14 am
Forum: General
Topic: Very old ROS versions
Replies: 14
Views: 2244

Re: Very old ROS versions

Since this thread went offtopic anyway, if you could limit the amount of quotes in your posts, that whould be helpful for rss readers :-)

(Or use Post reply instead of Reply with quote)
by nescafe2002
Sun Nov 29, 2020 11:07 pm
Forum: General
Topic: script to turn off the router
Replies: 6
Views: 2230

Re: script to turn off the router

Also, system shutdown is not required before power off.

viewtopic.php?t=123124#p607056

Mikrotik devices are safe to loose power in normal operation mode. No need to shut down the system before the power outage.
by nescafe2002
Fri Nov 27, 2020 12:24 pm
Forum: General
Topic: IPV6 DHCP Option 23 Recursive DNS
Replies: 5
Views: 3531

Re: IPV6 DHCP Option 23 Recursive DNS

/ipv6 dhcp-server option add code=23 name="dns" value="'2001:db8::1''2001:db8::2'" add code=24 name="search" value="0x04'home'0x05'local'" /ipv6 dhcp-server add dhcp-option="dns,search" interface=bridge-lan name=default /ipv6 nd set [ find default=y...
by nescafe2002
Fri Nov 27, 2020 9:59 am
Forum: General
Topic: Scheduler interval?
Replies: 3
Views: 2894

Re: Scheduler interval?

"Bad" programmer? Incomplete requirements or missed in QA; but actual the programmer did a fine job here. Input is properly validated and saved according to some spec. Be a "good" user and report your findings to support via mail (support@) or https://help.mikrotik.com/servicedes...
by nescafe2002
Wed Nov 25, 2020 7:04 pm
Forum: Beginner Basics
Topic: Manual DNS for individual clients? [SOLVED]
Replies: 6
Views: 3178

Re: Manual DNS for individual clients? [SOLVED]

Make dhcp entries static then assign dhcp option 6; they will override dhcp network setting. /ip dhcp-server network add address=192.168.88.0/24 dns-server=192.168.88.2,192.168.88.3 domain=home.local gateway=192.168.88.1 /ip dhcp-server option add code=6 name="alt-dns1" value="'192.16...
by nescafe2002
Thu Nov 19, 2020 7:00 pm
Forum: Scripting
Topic: Need help to modify a script
Replies: 3
Views: 1061

Re: Need help to modify a script

I used to have a script in /system/schedule to change NAT address ip.

Why don't you add pppoe-client to WAN interface list to take advantage of masquerade rule in default configuration?
by nescafe2002
Tue Nov 17, 2020 2:00 pm
Forum: Beginner Basics
Topic: Wireless Problems with RB4011 and TP-Link CAP1750 [SOLVED]
Replies: 3
Views: 1103

Re: Wireless Problems with RB4011 and TP-Link CAP1750 [SOLVED]

Check the default forwarding property of your wireless interface, the forwarding property of your access list entry or the client-to-client forwarding property of your capsman (datapath) profile. Check the client isolation setting on your TP-Link device :) Disable this checkbox: AP Isolation: Selec...
by nescafe2002
Mon Nov 16, 2020 8:48 am
Forum: Wireless Networking
Topic: My device got wrong ip address on wifi not from dhcp server range
Replies: 11
Views: 4494

Re: My device got wrong ip address on wifi not from dhcp server range

Check the DHCP client status tab to find out which device assigned the ip
by nescafe2002
Fri Nov 13, 2020 11:14 am
Forum: General
Topic: IPSec is working - now how should I have done it?
Replies: 9
Views: 1644

Re: IPSec is working - now how should I have done it?

But...I could not come up with any combination of routing definitions or NAT that would allow me to reach 192.168.42.1 from the main router. When using plain ipsec tunnel mode (no gre/ipip/...), you'll have to make sure the router picks the correct local address to be matched with ipsec policy. Thi...
by nescafe2002
Wed Nov 11, 2020 6:35 pm
Forum: Announcements
Topic: v6.47.7 [stable] is released!
Replies: 45
Views: 26829

Re: v6.47.7 [stable] is released!

valemal, if you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device.
by nescafe2002
Wed Nov 11, 2020 1:21 pm
Forum: General
Topic: Horrifying bug in the DNS?
Replies: 3
Views: 842

Re: Horrifying bug in the DNS?

https://mikrotik.com/download/changelogs/stable-release-tree (Stable release tree) What's new in 6.47.3 (2020-Sep-01 05:24): *) dns - fixed multiple TXT string replies; (Testing release tree) What's new in 6.48beta35 (2020-Sep-02 07:50): *) dns - fixed multiple TXT string replies; Are you on long te...
by nescafe2002
Sat Oct 10, 2020 10:32 am
Forum: RouterOS beta
Topic: Wireguard can't use IPv6 Address& port [SOLVED]
Replies: 1
Views: 1853

Re: Wireguard can't use IPv6 Address& port [SOLVED]

Hello,

This is a known issue. You can set the endpoint (IPv6 address with port) via terminal:

/interface/wireguard/peers
print
set 0 endpoint="[2001:0db8:85a3::8a2e:0370:7334]:12321"
by nescafe2002
Thu Oct 08, 2020 12:29 pm
Forum: General
Topic: Why I can't download latest version RouterOS from mikrotik.com/download?
Replies: 8
Views: 1481

Re: v6.47.4 [stable] is released!

Thx.. It's mistake for typing, but I really can't download update. Are you sure download.mikrotik.com resolves to one of the following ip addresses? ~$ openssl s_client -connect [2a02:610:7501:1000::196]:443 | openssl x509 -noout -text | grep DNS: DNS:*.mikrotik.com, DNS:mikrotik.com ~$ openssl s_c...
by nescafe2002
Tue Oct 06, 2020 8:53 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 6683

Re: IPV6 Firewall [SOLVED]

Try enabling logging for the invalid rule. I've had some problems with lan-to-lan connections which were flagged invalid.
by nescafe2002
Sat Oct 03, 2020 7:49 pm
Forum: Beginner Basics
Topic: use-local-address ip>cloud
Replies: 7
Views: 6130

Re: use-local-address ip>cloud

Enabling IP Cloud will not automatically allow access to the device. It is just a free ddns service provided by MikroTik along with time sync and a backup slot.

You can find the exact specifications in the wiki, https://wiki.mikrotik.com/wiki/Manual:IP/Cloud
by nescafe2002
Sat Oct 03, 2020 7:27 pm
Forum: Beginner Basics
Topic: use-local-address ip>cloud
Replies: 7
Views: 6130

Re: use-local-address ip>cloud

https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#Advanced use-local-address (yes | no; Default: no) By default, the DNS name will be assigned to the detected public address (from the UDP packet header). If you wish to send your "local" or "internal" IP address, then set this to yes...
by nescafe2002
Fri Sep 25, 2020 3:33 pm
Forum: Announcements
Topic: IP Cloud
Replies: 79
Views: 160313

Re: IP Cloud

https://forum.mikrotik.com/viewtopic.php?t=136036#p670044 Found the answer. The option "ip cloud" is not supported on x86 due to the inability to verify hardware reliably. https://forum.mikrotik.com/viewtopic.php?p=430762#p430762 The DNS is assigned to valid serial numbers, for X86, we hav...
by nescafe2002
Wed Sep 23, 2020 4:28 pm
Forum: Scripting
Topic: Export over api differs from export over terminal [SOLVED]
Replies: 5
Views: 2491

Re: Export over api differs from export over terminal [SOLVED]

No somehow the dialect is bound to the connection context. Can't you use ssh to export your configuration as it's just a single command?
by nescafe2002
Tue Sep 22, 2020 2:39 pm
Forum: General
Topic: [SOLVED] Cannot access forum.mikrotik.com in IPv6
Replies: 3
Views: 958

Re: Cannot access forum.mikrotik.com in IPv6

Forum related issues can be reported to support (via help.mikrotik.com or e-mail) but I doubt the admins will disable IPv6 to resolve your specific issue (and causing outage for all IPv6-only users).
by nescafe2002
Thu Sep 10, 2020 3:06 pm
Forum: Scripting
Topic: Yet another DHCP to DNS script
Replies: 34
Views: 40995

Re: Yet another DHCP to DNS script

Actually setting dns ttl equal to lease time doesn't make any sense and only leads to unexpected behavior especially for longer lease times..
by nescafe2002
Thu Sep 10, 2020 2:58 pm
Forum: Wireless Networking
Topic: Export rsc missing users
Replies: 2
Views: 2113

Re: Export rsc missing users

Users are excluded from full export. You can export them individually:

/user export file=users.rsc

I suspect this is to prevent accidental creation of passwordless users when importing a full export.
by nescafe2002
Sat Aug 22, 2020 7:38 pm
Forum: Wireless Networking
Topic: Easiest way to point specific devices to other DNS? [SOLVED]
Replies: 17
Views: 8852

Re: Easiest way to point specific devices to other DNS? [SOLVED]

Afaik OpenDNS has configurable options, so better check that out. Pihole is targeted towards ads but maybe you can find porn based block lists.
by nescafe2002
Sat Aug 22, 2020 4:10 pm
Forum: Wireless Networking
Topic: Easiest way to point specific devices to other DNS? [SOLVED]
Replies: 17
Views: 8852

Re: Easiest way to point specific devices to other DNS? [SOLVED]

By not enabling local forwarding, the traffic will be forwarded to the CAPsMAN manager, effectively creating a new data path and separating the traffic from your home network.
by nescafe2002
Sat Aug 22, 2020 3:51 pm
Forum: Wireless Networking
Topic: Easiest way to point specific devices to other DNS? [SOLVED]
Replies: 17
Views: 8852

Re: Easiest way to point specific devices to other DNS? [SOLVED]

The easiest way is to use capsman forwarding mode, by defining the bridge in capsman datapath configuration and not enabling local forwarding traffic for the new ssid will be sent to the bridge without vlans.
by nescafe2002
Sat Aug 22, 2020 3:35 pm
Forum: Wireless Networking
Topic: Easiest way to point specific devices to other DNS? [SOLVED]
Replies: 17
Views: 8852

Re: Easiest way to point specific devices to other DNS? [SOLVED]

Yes, then separate subnets, add ip, bridge, dhcp server, dhcp network, ip pool, capsman configuration for guest network, update provisioning rule with new guest network and check your firewall rules. You could reverse logic: set static entries with own dns for known devices and set opendns in dhcp n...
by nescafe2002
Sat Aug 22, 2020 3:16 pm
Forum: Wireless Networking
Topic: Easiest way to point specific devices to other DNS? [SOLVED]
Replies: 17
Views: 8852

Re: Easiest way to point specific devices to other DNS? [SOLVED]

Wow.. if your intention was never to separate your networks, but (quoted from opening post) "to point specific clients" to another dns server: /ip dhcp-server option add code=6 name="opendns" value="'208.67.222.222''208.67.220.220'" /ip dhcp-server lease add address=172...
by nescafe2002
Sat Aug 22, 2020 10:11 am
Forum: RouterOS beta
Topic: v7.1beta2 [development] is released!
Replies: 385
Views: 154369

Re: v7.1beta2 [development] is released!

Can't add key in wireguard via cli with "=" at the end. But can add it later via edit and can add it via gui. Put the key value between quotes, you may find the correct syntax using the export command. [admin@MikroTik] /interface/wireguard> add private-key="EMjwk8mpDylWKGU0c/z9TR1e5u...
by nescafe2002
Tue Aug 18, 2020 2:11 pm
Forum: Beginner Basics
Topic: Multiple letsenycrypt clients using port 80 at different times - automatic reconfiguration possible? [SOLVED]
Replies: 13
Views: 2859

Re: Multiple letsenycrypt clients using port 80 at different times - automatic reconfiguration possible? [SOLVED]

Dear @nescafe2002, unfortunately, I cannot access the DNS server via script. My provider does not allow automatic interaction. You can point a CNAME to a self hosted ACME dns server. This works quite well for me for several projects. e.g. To set up an ACME server on auth.domain.com: auth.domain.com...
by nescafe2002
Tue Aug 18, 2020 1:01 pm
Forum: Beginner Basics
Topic: Multiple letsenycrypt clients using port 80 at different times - automatic reconfiguration possible? [SOLVED]
Replies: 13
Views: 2859

Re: Multiple letsenycrypt clients using port 80 at different times - automatic reconfiguration possible? [SOLVED]

I usually switch to dns-01 challenge if the machine is not reachable (either directly or via reverse proxy). Is this an option?
by nescafe2002
Mon Aug 17, 2020 8:01 pm
Forum: Wireless Networking
Topic: Bad performance on hAP ac^2 vs CAPsMAN AP behind hEX s as AP
Replies: 40
Views: 7467

Re: Bad performance on hAP ac^2 vs CAPsMAN AP behind hEX s as AP

... or quick set (after checking "Bridge All LAN Ports"):

2020-08-17_18-58-59.png
by nescafe2002
Mon Aug 17, 2020 7:21 pm
Forum: Wireless Networking
Topic: Bad performance on hAP ac^2 vs CAPsMAN AP behind hEX s as AP
Replies: 40
Views: 7467

Re: Bad performance on hAP ac^2 vs CAPsMAN AP behind hEX s as AP

Actually 192.168.88.1 on (slave interface) ether2 is a default configuration (or quick set) thingy. And; I think we're here to share & learn, not to call BS on each other.