Community discussions

MikroTik App

Search found 1619 matches

by Larsa
Fri Oct 04, 2024 7:37 pm
Forum: Wireless Networking
Topic: Connect Mikrotik router to wifi with only a QR code
Replies: 4
Views: 183

Re: Connect Mikrotik router to wifi with only a QR code

On Android, Connect your phone using the QR. Then hit the share network on your phone. It will display the SSID and password.

This requires Android 10 or iOS 18.
by Larsa
Thu Oct 03, 2024 6:33 pm
Forum: Beginner Basics
Topic: the irrationality of [find]
Replies: 18
Views: 607

Re: the irrationality of [find]

I totally agree. Everything should be handled consistently and users shouldn't have to know all the little exceptions that could lead to serious issues. At the very least, the documentation should have clear warnings about these risks.
by Larsa
Thu Oct 03, 2024 4:13 am
Forum: Beginner Basics
Topic: the irrationality of [find]
Replies: 18
Views: 607

Re: the irrationality of [find]

Yeah, and as a workaround, you’ll need to use for example a foreach loop. Something like this:

/ip hotspot user
:foreach user in=[find name~"^adam"] do={
reset-counters $user
another-command $user
etc…
}
by Larsa
Wed Oct 02, 2024 2:46 pm
Forum: General
Topic: LACP doesn't work in CHR
Replies: 9
Views: 1291

Re: LACP doesn't work in CHR

Yeah, and in some environments it’s enabled by default. @iocampomx; for future reference could you let us know what OS and virtual environment you're running GNS on?
by Larsa
Wed Oct 02, 2024 11:30 am
Forum: General
Topic: LACP doesn't work in CHR
Replies: 9
Views: 1291

Re: LACP doesn't work in CHR

Glad you got it working! I'd still suggest upgrading to CHR ROS v7 since there've been major improvements in the new kernel’s network stack. For example it handles LACP better allowing for improved hardware resource utilization especially in dynamic environments with multiple link members and multi-...
by Larsa
Wed Oct 02, 2024 6:01 am
Forum: General
Topic: LACP doesn't work in CHR
Replies: 9
Views: 1291

Re: LACP doesn't work in CHR

Same here, I've tried multiple things & parameters. I'm using CHR within GNS3. I'm using Wireshark to monitor traffic. CHR is only sending one package once you disable the bonding interface, example: I'm using version 6.49.17 with the free license. It might be an issue with the configuration se...
by Larsa
Tue Sep 24, 2024 4:04 pm
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 105
Views: 86387

Re: ✂ Rextended Fragments of Snippets

Yeah, just noticed it! 😄
by Larsa
Tue Sep 24, 2024 4:01 pm
Forum: Scripting
Topic: ✂ Rextended Fragments of Snippets
Replies: 105
Views: 86387

Re: ✂ Rextended Fragments of Snippets

This is the 100th post in this thread! :D

Edit:
oh no, it became the 101th, dam it! 😁
by Larsa
Mon Sep 23, 2024 2:27 pm
Forum: General
Topic: Winbox 4
Replies: 4
Views: 436

Re: Winbox 4

Use the main "WinBox 4 is here" thread for any related issues or questions: viewtopic.php?t=210505
by Larsa
Mon Sep 23, 2024 7:06 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

@k2dI5umrD9VO:
Link to Apple Support: https://getsupport.apple.com/products
by Larsa
Sun Sep 22, 2024 9:49 pm
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

@iustin: I have this same problem...

Link to Apple Support: https://getsupport.apple.com/products
by Larsa
Sat Sep 21, 2024 1:48 pm
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

We've been using both the preview and the latest releases of iOS 18 and macOS 15 (Sequoia) for a while now. I also checked with some colleagues who've spent a lot of time at different customer sites (including some Mikrotik setups) and none of them have had the issues described in this thread. My wi...
by Larsa
Thu Sep 19, 2024 5:34 pm
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

@k2dI5umrD9VO: As I tried to explain earlier, since the issue originates from your iOS device, you should contact Apple Support and let them handle the matter accordingly.

I mean, if it worked with iOS 17 but not with iOS 18, you can’t blame MikroTik for it, can you?
by Larsa
Thu Sep 19, 2024 3:34 pm
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Link to Driver Log TXT-File from Macbook: https://1drv.ms/t/s!AsOJquxuP-h5hewWtvJA2Rp3Tq-XGQ?e=yTxxJA Just a suggestion; when sharing a log this big, try giving a hint about when the issue happened so people know where to start looking. Also, this log is primarily meant for the Apple Developer foru...
by Larsa
Thu Sep 19, 2024 1:27 pm
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Hey folks! Want to know what's really going on when your Apple device is having Wi-Fi issues?? If YES , then check the wifi logs on your DEVICE : 1. iOS Profiles and Logs Wi-Fi for iOS/iPadOS Instructions Profile 2. macOS Profiles and Logs Direct link: Wi-Fi Logs For macOS Wi-Fi issues, please foll...
by Larsa
Thu Sep 19, 2024 11:52 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

What do you mean by mixed languages? @erlinden: Sorry, I meant to say regional settings. The same company that added deliberate slowdowns to older hardware and it still surprises you? What do you think MS is doing with their Co-Pilot story? Same purpose—push hardware sales (MS license will come wit...
by Larsa
Thu Sep 19, 2024 10:43 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Like I said earlier, it's an intermittent issue with Apple iOS 18. And honestly, why waste time with pointless trial and error when you can just check the device Wi-Fi logs to find the real problem faster?
by Larsa
Thu Sep 19, 2024 7:52 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Yeah, forgot to mention we're using 7.15.3 with FT enabled. I remember some Apple devices (at least in the past) could have issues with mixed languages on APs within the same SSID domain. Anyway, troubleshooting Wi-Fi on Apple devices can be pretty tricky so instead of wasting time with trial and er...
by Larsa
Thu Sep 19, 2024 3:14 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Alright, I’m not sure then. You could check the iOS Wi-Fi logs to find the cause, or if all else fails, roll back to iOS 17.

Look for the section “Wi-Fi for iOS/iPadOS” in iOS Profiles and Logs
by Larsa
Thu Sep 19, 2024 2:59 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

Did you try forgetting the network and then reconnecting, or is that when you ran into another issue?
by Larsa
Thu Sep 19, 2024 1:59 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

I had the same issue and I fixed it by following a suggestion I found on Reddit: just disable the private address, forget the network, reconnect, and then re-enable the private address again. Anyway, no one seems to know exactly why this happens with iOS 8.
by Larsa
Thu Sep 19, 2024 1:26 am
Forum: Wireless Networking
Topic: iOS 18 Wi-Fi connectivity issue [SOLVED]
Replies: 71
Views: 4381

Re: iOS 18 Wi-Fi connectivity issue [SOLVED]

@k2dI5umrD9VO: It’s not related to ROS. This is a known issue with iOS 18 (and also in the previews) but no one has figured out the root cause or how to fix it: https://www.google.com/search?q=%22iOS+ ... reddit.com
by Larsa
Tue Sep 10, 2024 4:34 pm
Forum: General
Topic: CCR2004 as ZeroTier VPN concentrator
Replies: 5
Views: 462

Re: CCR2004 as ZeroTier VPN concentrator

The issue isn’t with ZeroTier itself but rather the MikroTik implementation which is flawed due to using an older version (v1.10.3) with various bugs and lacking the ability to configure standard ZeroTier features such as custom root servers, multi-path, trusted-path, allow DNS, etc. ZeroTier can ha...
by Larsa
Mon Sep 09, 2024 11:27 pm
Forum: General
Topic: CCR2004 as ZeroTier VPN concentrator
Replies: 5
Views: 462

Re: CCR2004 as ZeroTier VPN concentrator

we are planning to setup hub and spoke network using Mikrotik and ZeroTier. As a start there will be 500-2000 spokes. And in the next following years will growing up, total it will have up to 30K spokes. ZeroTier is a full-mesh SD-WAN that automatically utilizes point-to-point connections when at l...
by Larsa
Tue Sep 03, 2024 8:46 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Many users request return of the Tabs to the top bar. One of my colleagues has nice idea - most of the time, you only work with few selected tabs. So what about an icon in the drop-down list, to open a Tab in a new Window, would in fact pin the Tab to the top bar instead? But of course! That way, e...
by Larsa
Tue Sep 03, 2024 4:36 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Exactly my point!
by Larsa
Tue Sep 03, 2024 4:31 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: WinBox 4 is here

The detached window feature would make sense if there is only one Winbox instance running at a time. Since mostly several Winbox instances are running, detaching windows would create even more usability issues. Well, maybe for inexperienced people who don't work with networks and aren't familiar wi...
by Larsa
Tue Sep 03, 2024 4:14 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Got it! Please add it to the list for Customer Enhancement Requests. Thanks!
by Larsa
Tue Sep 03, 2024 4:08 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Maybe you expect something to happen, that was never intended to happen? This is what is SUPPOSED to happen. As designed: https://imgur.com/a/RwZRKRH Yes, that could absolutely be the case but I suspect there might be some confusion here regarding the terminology. As I tried to explain previously a...
by Larsa
Mon Sep 02, 2024 8:39 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Thanks! By any chance, do you have access to the default gateway at 10.20.100.1? If so, could you check if there's a route set up to 10.2.120.0/24 via 10.20.100.15? If it's a MikroTik router, you can run the command: ' /ip/route/print ' and paste the output here. If not, while troubleshooting, we ca...
by Larsa
Mon Sep 02, 2024 6:43 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

@Normis: That does not make it clearer. The post already shows how to to it. Is there an issue with this button? 1. Yeah, that's correct. There an issue with button. The button shown in the red rectangle below doesn't work as expected. As explained by @STMT: " It is possible to detach the wind...
by Larsa
Mon Sep 02, 2024 4:28 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

n/a
by Larsa
Mon Sep 02, 2024 2:54 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Larsa, unclear abut detachment from workspace, can you describe the issue?

You still can't detach a window from the WinBox main workspace and move it around freely on screen. Please check out @STMTs reply here: viewtopic.php?t=210505#p1093920.
by Larsa
Mon Sep 02, 2024 12:54 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

@normis, could you please add fixing the detachment of windows from the workspace to the list. According to @STMT, this was already provided but currently isn’t working.
by Larsa
Fri Aug 30, 2024 8:08 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

What's new in v4.0beta3:

*) fix crash on macOS 11

1. I can confirm that v4.0beta3 is working with macOS 11 - thanks! It's blisteringly fast, I must say.
2. Detaching windows from the workspace still doesn't work, though.
by Larsa
Thu Aug 29, 2024 8:19 pm
Forum: Virtualization
Topic: CHR - WiFi card not detected [SOLVED]
Replies: 2
Views: 715

Re: CHR - WiFi card not detected [SOLVED]

ROS can't handle any network cards when running as CHR in a virtual machine. You'll need to configure the WiFi card in Ubuntu first, then add it to VirtualBox as a regular network interface.
by Larsa
Thu Aug 29, 2024 7:23 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

I agree with what @sirbryan says.
by Larsa
Thu Aug 29, 2024 1:03 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

It's shown in the window title when you're not connected

Great, thanks! 🙏
by Larsa
Thu Aug 29, 2024 12:58 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

We are trying to find such an old macbook and will test. So far, no help needed, Larsa. Thanks! Most of our field engineers are forced to use slightly older MacBooks (and you can probably guess why) using macOS 12/13 and equipped with Intel CPUs because we need to run a bunch of Windows-based legac...
by Larsa
Thu Aug 29, 2024 12:42 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

It is possible to detach window if you open the drop-down menu and click the button next to the submenu name Thanks, but that doesn't work for me because the window is still locked to the WinBox workspace (ie the child window is still locked to the parent workspace) Environment: WinBox 4.0Beta1, Wi...
by Larsa
Thu Aug 29, 2024 11:11 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Craches on Intel Macook macOS 11.7.10. Tried several times.

@normis: let me know if the developers want a core dump and I'll sort it out.
by Larsa
Thu Aug 29, 2024 11:04 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Feedback:
1. A dropdown menu or similar submenu is currently missing for open windows.
2. Add the ability to detach a window from the WinBox workspace.
by Larsa
Thu Aug 29, 2024 10:42 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1282
Views: 234806

Re: 📣 WinBox 4 is here 📣

Craches on Intel Macook macOS 11.7.10. Tried several times. Process: WinBox [4220] Path: /Applications/WinBox.app/Contents/MacOS/WinBox Identifier: my.example.com Version: 0.1 (0.1) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: WinBox [4220] User ID: 503 Date/Time: 2024-08-29 09:37...
by Larsa
Thu Aug 29, 2024 9:33 am
Forum: General
Topic: Virtual Subnet Trough Ipsec Tunnel - Mikrotik To Cisco
Replies: 6
Views: 453

Re: Virtual Subnet Trough Ipsec Tunnel - Mikrotik To Cisco

Since you're using the same subnet as someone else on the Cisco side you'll need to use src-nat. Btw, why not use 192.168.160.0/24 since the Cisco admin already assigned it to you.
by Larsa
Wed Aug 28, 2024 10:31 pm
Forum: RouterOS beta
Topic: FEATURE REQUEST: BBR(Bottleneck Bandwidth and Round-trip propagation time) Congestion Control
Replies: 15
Views: 9701

Re: FEATURE REQUEST: BBR(Bottleneck Bandwidth and Round-trip propagation time) Congestion Control

FYI, BBR needs to be implemented only on the endpoints (eg like web browsers and servers) where data is being sent and received. It does not require any modifications or implementations in the routers or other network infrastructure. The only tunneling protocol I can think of that uses TCP is OpenVP...
by Larsa
Tue Aug 27, 2024 8:15 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 12
Views: 1959

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

It works. Use this simple test below where ether1 sends 192.168.90.255 to port 2000 (but any port will do) => dst-nat broadcast => to ether2 as 192.168.80.255. Bridging the two interfaces with a filter that allows udp with an optional port number works just as well. /ip firewall nat add action=dst-n...
by Larsa
Tue Aug 27, 2024 1:20 am
Forum: General
Topic: WireGuard without public IP [SOLVED]
Replies: 2
Views: 962

Re: WireGuard without public IP [SOLVED]

One of the ends needs a public IP address. If not, you might use ROS BTH (Back to Home) or ZeroTier which can manage without it.
by Larsa
Mon Aug 26, 2024 9:57 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11838

Re: Default password Frustration

So I'm a white fly compared to everyone else? The basics, like blocking spoofing and blocking incoming connections on standard ports, for me is the a-b-c of civilization... Yeah, you're definitely an angel compared to the typical run-of-the-mill ISPs. At most they block like egress smtp and similar...
by Larsa
Mon Aug 26, 2024 6:40 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 12
Views: 1959

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

What type of device are you using and what does the dst-nat rule look like? Have you checked with the built-in packet sniffer to see if any broadcast traffic is reaching the interfaces?
by Larsa
Mon Aug 26, 2024 3:53 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 11838

Re: Default password Frustration

ISPs don't offer free protection against botnets, DDoS attacks or anything like that. While they probably should provide it as an option for the general public IMO, these services are mainly for businesses and are usually pretty expensive because they require a lot of investment from the provider. C...
by Larsa
Sun Aug 25, 2024 9:01 pm
Forum: General
Topic: Can we upgrade zerotier and add Moon functionality?
Replies: 2
Views: 548

Re: Can we upgrade zerotier and add Moon functionality?

The option to add your own user-defined root servers (moons) was introduced back in Zerotier v1.2.0 but unfortunately there’s still no way to manage these settings in ROS. You can add the root servers yourself in a private server, container or VPS.
by Larsa
Fri Aug 23, 2024 12:00 am
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Sorry my bad, I forgot you were on ROS v6. Try the commands below. I'm heading home now so I'll get back to you tomorrow. /ip/route/print /ip/address/print /ip/firewall/nat/export EDIT On your workstation, run the following If Windows: netstat -rn && ipconfig If Linux/Mac: netstat -rn &&...
by Larsa
Thu Aug 22, 2024 10:24 pm
Forum: General
Topic: Problem with download on x86 PC
Replies: 4
Views: 866

Re: Problem with download on x86 PC

Back up the settings with a full export, reset to the default firewall config, and then rerun the tests again. If everything goes smoothly, you can start adding back the queues one by one and check the speed regularly to find the problematic one. Just curious, why all the static IPs and related queu...
by Larsa
Thu Aug 22, 2024 8:55 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Could you log in to the router in cabinet 1 and ping any devices in the 10.2.120.0/24 range? Also, run the following commands in a terminal and paste the output here: /ip route print proplist=dst-address,routing-table,gateway,immediate-gw,distance,local-address /ip address print proplist=address,net...
by Larsa
Thu Aug 22, 2024 8:39 pm
Forum: General
Topic: Feature request : Multipath TCP (MPTCP) support
Replies: 14
Views: 10118

Re: Feature request : Multipath TCP (MPTCP) support

Well, L3 multipath/bonding shouldn't be mixed up with MPTCP which was mainly developed as an endpoint (app) protocol to facilitate transparent handover/failover/bonding. Sure, there are some special hacks to use it as a more general communication protocol but that's not very common ie you won’t find...
by Larsa
Thu Aug 22, 2024 4:39 pm
Forum: General
Topic: HGSMII for 2.5 Gbps link
Replies: 9
Views: 5106

Re: HGSMII for 2.5 Gbps link

FYI, HGSMII doesn’t have any magical plug-and-play features. It’s basically like other tech that helps manage internal devices. Since it’s just an internal component, you won’t even notice it and it doesn’t communicate with your ISP or anything.
by Larsa
Thu Aug 22, 2024 4:22 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Okay, I'll check it out later. Bwt, have you had a chance to try out the new nat rules I posted earlier?
by Larsa
Thu Aug 22, 2024 4:15 pm
Forum: General
Topic: Feature request : Multipath TCP (MPTCP) support
Replies: 14
Views: 10118

Re: Feature request : Multipath TCP (MPTCP) support

Hey @8023, what's your use case?

MPTCP doesn't need any special support in the router itself, it's generally used between the app connection endpoints like from a mobile device or car to a central service.
by Larsa
Wed Aug 21, 2024 3:01 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

It looks like you might have missed some details in my last post or misunderstood it. Here's what you need to do; start by removing all five lines and replace them with: add chain=srcnat dst-address=10.20.100.0/20 src-address=10.2.120.0/24 action=masquerade add chain=srcnat dst-address=10.0.0.0/24 s...
by Larsa
Wed Aug 21, 2024 2:30 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 12
Views: 1959

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

You can use bridge filters (i.e bridge ip firewall ) or just set up a simple dst-nat broadcast forwarding like the example below. Use a specific destination port number to limit the scope of the ip directed broadcast: /ip firewall nat add action=dst-nat chain=dstnat in-interface=ether1 dst-address-t...
by Larsa
Mon Aug 19, 2024 10:26 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

@Sindy, would you mind taking a look at this: viewtopic.php?p=1092257#p1092239

Thanks in advance!
by Larsa
Mon Aug 19, 2024 10:04 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

/ip firewall nat chain=dstnat dst-address-type=local in-interface= WANX protocol=udp dst-port= YYYYY action=dst-nat to-addresses=ip.of.wan. PRIMARY That look very generic! ;-) Sorry, I forgot about the OSPF example. I'm traveling for a customer visit for a day or two so it’ll have to wait until I'm...
by Larsa
Mon Aug 19, 2024 9:17 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

That's what I meant when I asked if it's even possible to create a generic solution that's not port-specific.
by Larsa
Mon Aug 19, 2024 8:35 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

NAT trick is cleaver.

Yeah, totally! @Sindy, what's you take on dst-nat vs policy routing as a fix for the multiwan wireguard bug? Do you think it's possible to create a generic solution that only affects WireGuard's initial handshake?
by Larsa
Mon Aug 19, 2024 8:26 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

To be picky, the rejection of the return traffic by the originating device is not wireguard specific its networking common... The problem is that the wireguard programming in RoS is doing something weird.............. in that its bypassing standard routing and rules in RoS.,. Anav, how the security...
by Larsa
Mon Aug 19, 2024 4:22 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

Yeah, the first WireGuard handshake is like a secret handshake between two routers (Peer A and Peer B) that want to communicate securely. Peer A sends a "hello" (handshake initiation packet) to Peer B which responds with a "hello back" (handshake response packet). But because the...
by Larsa
Mon Aug 19, 2024 4:05 pm
Forum: 3rd party tools
Topic: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management
Replies: 65
Views: 10915

Re: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management

Quick question: is the 8 GB RAM requirement an absolute minimum or is there a chance it could run on a Raspberry Pi 4 with 4 GB of RAM?
by Larsa
Mon Aug 19, 2024 2:52 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 12
Views: 1959

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

There isn’t a specific setting, you build it using arp proxy, broadcast forwarding and so on depending on what you’re aiming for. What’s the use case?
by Larsa
Mon Aug 19, 2024 10:40 am
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 12
Views: 1959

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

Yeah, it's doable with ROS but you should be aware that it might be a security risk as mentioned in the Cisco manuals. It’s also disabled by default. What's the use case?
by Larsa
Sun Aug 18, 2024 9:45 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

Yeah, that was the solution I was thinking of but I had NAT in mind and just didn’t have the energy to figure out a good variation like the one you just showed.
by Larsa
Sun Aug 18, 2024 9:11 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

Great, perfect with an alternative workaround! Any thoughts on the pros and cons compared to policy routing?
by Larsa
Sun Aug 18, 2024 3:09 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

Does that fix the initial handshake issue?
by Larsa
Sun Aug 18, 2024 2:33 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 3147

Re: Wireguard in 2nd WAN [SOLVED]

Basically, the ROS implementation has a bug where Wireguard's initial handshake always gets sent back through the default gateway instead of the interface the traffic came from which makes the connection fail due to a protocol error. And since the handshake isn’t tracked, you can’t use mangle to man...
by Larsa
Fri Aug 16, 2024 11:13 pm
Forum: General
Topic: Routing question
Replies: 11
Views: 1010

Re: Routing question

That’s a pretty standard setup. I can post an example next week. Have a nice weekend, cheers!🍺
by Larsa
Fri Aug 16, 2024 10:18 pm
Forum: General
Topic: Routing question
Replies: 11
Views: 1010

Re: Routing question

OSPF + BFD with two tunnels/routes (one per channel) is really easy to set up, very robust and provides rerouting in just a few milliseconds.
by Larsa
Fri Aug 16, 2024 8:16 pm
Forum: Beginner Basics
Topic: IPSec site to site VPN
Replies: 4
Views: 530

Re: IPSec site to site VPN

Unfortunately it’s pretty tough to figure out what’s wrong just from a couple of screenshots. Try posting an export of both router configurations and maybe someone in this user forum can help out. Check out this guide on how to export and post your configuration: https://forum.mikrotik.com/viewtopic...
by Larsa
Thu Aug 15, 2024 10:58 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Okay, I think I’ve got it! The network drawing is a bit misleading (or is actually missing some crucial info) because it turns out that ether5-gateway is actually connected to the operator network 10.20.100.0/20 and the rest of the PLC network seems to be bridged together as a single 10.2.120.0/24 s...
by Larsa
Thu Aug 15, 2024 9:00 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

About the somewhat misleading wording "Siemens HMI's through their 3rd party website..." it's not actually an external connection but a web-based PLC operator monitor add-on called WinCC/WebUX.
by Larsa
Thu Aug 15, 2024 8:06 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Yeah, that's probably correct but in this instance we're talking about an internal router for PLC process control that isn’t connected to the internet. Unfortunately OP inherited the whole setup so it’s not a great idea to make major changes like upgrading to v7 without first having full control of ...
by Larsa
Thu Aug 15, 2024 7:16 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

So, cabinet #1 router ether5-gateway ( 10.20.100.15/20 ) is connected to the local device network where the S7 PLC and SIMATIC HMI are, but those devices are using different subnet address like 10.2.120.11 according to the network diagram. This is really getting to wierd for me to grasp and I feel l...
by Larsa
Thu Aug 15, 2024 6:36 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

dst-address=10.20.104.54 => IP address on the controller network side of the router. If that's the router in cabinet 1, shouldn’t it be 10.2.120.1 ? to-addresses=10.2.120.11 => IP address of the SIMATIC HMI. ie, ' /ip firewall nat add action=dst-nat chain=dstnat dst-address= 10.2.120.1 dst-port=443 ...
by Larsa
Thu Aug 15, 2024 6:20 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

You can skip "in-interface=bridge-local", you should get a match just using "dst-address=10.20.104.54" and "dst-port=443". Btw, you are sure you can reach 10.20.104.54 by pinging it, which btw I asume is one of the cabinet routers?
by Larsa
Thu Aug 15, 2024 6:00 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

No worries, I was just curious. Let me know how it goes after you’ve tested it.
by Larsa
Thu Aug 15, 2024 4:14 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Alright, let me make sure I’ve got this straight: all the devices on the control network (where the laptop is) are on the same subnet (10.20.x.x/16) connected to the "IDF1 PLC Network Switch" but their IP addresses are organized by equipment type. So, back to the original issue: since all ...
by Larsa
Thu Aug 15, 2024 3:03 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

2. The laptop is connected to 10.20.101.x where all the computers connect to. It can currently access all the ethernet connected devices on 10.20.101.x through 10.20.111.x (except the 3. Each cabinet has it's own router, they are wired in series like the diagram shows 2. What subnet is 100.20.101.x...
by Larsa
Thu Aug 15, 2024 2:47 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

I'd like to be able to access the HMI screens in Cabinets 1,2,3 from their web interface like 2 similar Simatic HMIs in our building... 1. Access from where exactly? 2. Is the controll laptop network 10.20.x.x connected directly to the PLC-network 10.20.100.x ie on the same subnet? 3. Is there a se...
by Larsa
Thu Aug 15, 2024 12:40 pm
Forum: General
Topic: Routing to second WAN device admin
Replies: 4
Views: 550

Re: Routing to second WAN device admin

@chilloutalready; If you're trying to connect to modem #2 from your LAN (which subnet is it btw?) you shouldn't need mangle rules. Your 5G devices are already on different local subnets so you just need regular routing. Or is this a problem that only happens when you connect via VPN? How about posti...
by Larsa
Thu Aug 15, 2024 9:58 am
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2618

Re: 3rd party system installed, can't connect to any devices on the router.

Hi @chewbo, welcome to the forum! Aren’t the PLC devices supposed to be managed by the controller (HMI) on the internal bus or do you need to access them separately? This is usually done through a separate gateway which sometimes is built into the controller. As for the technician not bringing his o...
by Larsa
Wed Aug 14, 2024 8:06 pm
Forum: General
Topic: Messed up routing between multiple wireguard tunnels
Replies: 15
Views: 1124

Re: Messed up routing between multiple wireguard tunnels

This seems like a classic case of an XY problem, made even harder to understand due to an overly complicated network diagram and an even more confusing technical walkthrough.

My understanding is that you want all clients from site 1 to route to the internet via site 2. Is that correct?
by Larsa
Wed Aug 14, 2024 6:16 pm
Forum: General
Topic: Messed up routing between multiple wireguard tunnels
Replies: 15
Views: 1124

Re: Messed up routing between multiple wireguard tunnels

And what role does BGP play in all of this? Is iBGP used for internal routing?
by Larsa
Wed Aug 14, 2024 3:25 pm
Forum: General
Topic: Routing to second WAN device admin
Replies: 4
Views: 550

Re: Routing to second WAN device admin

If you're accessing your HEX through something like WireGuard you'll always use the same local IP address for the router no matter where you are.
by Larsa
Wed Aug 14, 2024 2:02 pm
Forum: General
Topic: Dual ISP setup with static IP and PPPoE on RB450Gx4 - routing issue with WiFi Routers and ZeroTier
Replies: 3
Views: 528

Re: Dual ISP setup with static IP and PPPoE on RB450Gx4 - routing issue with WiFi Routers and ZeroTier

You forgot to mention where all your local devices are connected (bridge?). Generally, this can be solved pretty easily with policy routing or routing marks if the devices are on different subnets. What’s your plan for using ZeroTier? Is it for remote access, site-to-site networking, etc? Btw, expor...
by Larsa
Tue Aug 13, 2024 8:15 pm
Forum: Beginner Basics
Topic: Reach LAN from Zerotier with own controller
Replies: 9
Views: 747

Re: Reach LAN from Zerotier with own controller

Alright, dual stack (hmm...). It might be a routing issue since there aren't any replay packets and I don't see any ICMP packets coming in. As a temporary workaround for IPv4, try a source NAT approach using the command below. Just replace ZZZZZ with your ZT subnet and XXXXX with the name of your LA...
by Larsa
Tue Aug 13, 2024 6:11 pm
Forum: Beginner Basics
Topic: Reach LAN from Zerotier with own controller
Replies: 9
Views: 747

Re: Reach LAN from Zerotier with own controller

Can you spot any traffic from the ZT interface to your LAN using the ROS packet sniffer?

Btw, what does the zerotier-cli peer status say?
by Larsa
Tue Aug 13, 2024 5:36 pm
Forum: Beginner Basics
Topic: Reach LAN from Zerotier with own controller
Replies: 9
Views: 747

Re: Reach LAN from Zerotier with own controller

The ZeroTier interface works just like an Ethernet interface. You need to allow and set up proper routing between your LAN and the ZT subnet, or alternatively use src-nat from ZT to the LAN. I assume you’ve already added your LAN in ZeroTier Central > Networks > Advanced Settings > Managed Routes.
by Larsa
Tue Aug 13, 2024 1:00 pm
Forum: General
Topic: ssh connections per minute
Replies: 7
Views: 636

Re: ssh connections per minute

And there is also SNMP: https://help.mikrotik.com/docs/display/ROS/SNMP To get multiple values using the rest api, use for example curl: https://forum.mikrotik.com/viewtopic.php?t=184113 https://new.reddit.com/r/mikrotik/comments/11fvtkj/how_to_get_current_link_rate_via_api_call/ There are plenty of...
by Larsa
Mon Aug 12, 2024 7:18 pm
Forum: 3rd party tools
Topic: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management
Replies: 65
Views: 10915

Re: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management

We are creating the docker-compose file and the installation will be changed soon…

Hi, please let us know when it’s ready to be tested.
by Larsa
Mon Aug 12, 2024 1:23 am
Forum: Wireless Networking
Topic: Looking for affordable, no-frills 4G/5G or LTE stick for ROS7/CHR
Replies: 2
Views: 672

Re: Looking for affordable, no-frills 4G/5G or LTE stick for ROS7/CHR

Since CHR is running as a guest virtual machine it can’t access the LTE/NR device directly through ROS. This means device management has to be handled by the host OS and then passed on to CHR as a regular network device. So you’ll need to find an LTE/NR device that’s compatible with your virtual hos...
by Larsa
Sat Aug 10, 2024 2:43 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 362
Views: 112313

Re: v7.16rc [testing] is released!

Just a heads-up about the Linux kernel support lifecycle: LTS now typically lasts around 2-5 years while SLTS/CIP is supported for a minimum of 10 years from the initial release but might go on much longer. https://en.wikipedia.org/wiki/Linux_kernel_version_history https://lwn.net/Articles/749530/ h...
by Larsa
Wed Aug 07, 2024 7:12 pm
Forum: General
Topic: 5G for HOME NETWORK
Replies: 16
Views: 2891

Re: 5G for HOME NETWORK

Put your iPhone in Field Test Mode using *3001#12345#* and compare the IDs (PLMN/NCI ie NCGI, etc) to those on the NR7102 to make sure your antenna is pointed at the right tower. Start by connecting your computer directly to the NR7102 when running the performance tests.
by Larsa
Wed Aug 07, 2024 2:14 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

And as I’ve tried to explain pretty clearly several times, running a user-space network stack like FD.io/VPP/DPDK in an embedded kernel-based network operating system like ROS just doesn’t work. But it seems like it’s not really sinking in because people either don’t seem to understand the issues or...
by Larsa
Sun Aug 04, 2024 8:12 am
Forum: General
Topic: QoS Hardware Offloading (QoS-HW)
Replies: 79
Views: 18978

Re: QoS Hardware Offloading (QoS-HW)

As I mentioned, these are just L2 helpers for the old v1 which you can manage without using other methods but as most installations are running v3 (UDP) it really doesn’t matter. Anyhow, since this is just a user forum you'll probably get better answers by emailing Mikrotik at 'support@mikrotik.com'...
by Larsa
Sun Aug 04, 2024 12:27 am
Forum: General
Topic: QoS Hardware Offloading (QoS-HW)
Replies: 79
Views: 18978

Re: QoS Hardware Offloading (QoS-HW)

Maybe you should study how RoCE and its different versions work. V1 operates at L2 with various helpers according to DCB (e.g., PFC, ETS, etc.) which sometime is called lossless Ethernet. But you can also manage without it by using other means like standard switches and handling the flow controll in...
by Larsa
Wed Jul 31, 2024 8:51 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Re: ... Did you test VyoS 1.5 rolling + VPP addons how is it? ... @TomjNorthIdaho wrote: I have not played around with the VPP addons yet. I only updated to the latest rolling release to get the faster control plane. And wow :) I will be testing the VPP add-on packages on my lab network test router...
by Larsa
Wed Jul 31, 2024 7:48 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Hey guys, since this is a MikroTik forum would you mind continuing the VPP/VyOS/pfSense lab discussions elsewhere? Maybe on their respective mailing lists, user forums or perhaps Reddit? :D
by Larsa
Wed Jul 31, 2024 3:35 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Those customers who buy these customized solutions operate in a completely different market segment than the current product range Mikrotik offers. Plus, Mikrotik doesn’t have the expertise or resources needed to develop brand a new user-space NOS. Only companies like Cisco have the muscle for that ...
by Larsa
Wed Jul 31, 2024 12:19 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

VPP/FD.io/DPDK/SNABB, etc. = User space networking. eBPF/XDP = (Semi) kernel space. CHR = RouterOS for virtual machines in kernel space. Going with a user-space solution would require some serious iron and building a brand-new control plane to create a versatile router like ROS used in the current p...
by Larsa
Sun Jul 28, 2024 11:49 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Alright, good to know. Have an awesome trip!
by Larsa
Sun Jul 28, 2024 11:44 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Now it's my turn to be curious. The cruise ship we went on a few years back had incredibly slow internet (ie no starlink at that time). How's the internet situation on the ship you're on?
by Larsa
Sun Jul 28, 2024 11:33 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Check out my previous post, I made some changes.
by Larsa
Sun Jul 28, 2024 11:23 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

I just realized I made a mistake (10.147.17.100/24 instead of 10.147.17.0/24) so that's probably why the first attempt didn't work. I've corrected the previous posts with 10.147.17.0/24 . But anyhow, 10.147.17.0/24 is intended to match all IP addresses in the entire ZeroTier subnet. The setting ' 19...
by Larsa
Sun Jul 28, 2024 11:02 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Disable the previous src-nat command and try the following. Replace XXXX with the name of your LAN interface, like ether1 or bridge etc. ' /ip firewall nat add chain=srcnat src-address=10.147.17.0/24 out-interface=XXXXX action=masquerade ' If that doesn’t work, you’ll need to start tracing the traff...
by Larsa
Sun Jul 28, 2024 10:38 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Then you only need the following, assuming the Zerotier interface is still named 'zerotier1': # Allow routing from Zerotier to your local network and access to the router. /interface list member add interface=zerotier1 list=LAN # masquerade all traffic from zerotier to your local network /ip firewal...
by Larsa
Sun Jul 28, 2024 9:39 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

And the other question: Do you want 1) LAN access only from Zerotier, or 2) access in both directions?

Option 1 is easily solved with srv-nat/masquerade on the MikroTik.
Option 2 requires routing to and from the default gateway.
by Larsa
Sun Jul 28, 2024 9:10 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

What's the local (LAN) and Zerotier IP address on the MikroTik device? Do you want LAN access only from Zerotier or do you want it both ways?
by Larsa
Sun Jul 28, 2024 8:54 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Yeah, that sounds like a good idea! As long as the MikroTik is an ARM-based device running ROS you can install ZeroTier on it.
by Larsa
Sun Jul 28, 2024 7:16 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

As I explained earlier, you need to add a route for 10.147.17.0/24 to 192.168.1.33 in pfSense and enable packet forwarding on the Windows machine. Since this isn't a Mikrotik issue and if you need further assistance with pfSense routing or fixing Tailscale, I'd suggest checking out the official Netg...
by Larsa
Sun Jul 28, 2024 6:51 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Tailscale is available as an official package for pfSense and works just as well as Zerotier. But whether you're using Zerotier on a Windows machine or Mikrotik you'll need to point your default gateway to where you're running Zerotier as I explained earlier. Another option is to use src-nat or masq...
by Larsa
Sun Jul 28, 2024 6:33 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

I’d install ZeroTier directly on your pfSense (assuming it’s the default gateway). It'll make everything a lot easier and you won't have to worry about the Windows box and Mikrotik at all. Then you'll have access to all the devices on your local network directly from the ZeroTier network and vice ve...
by Larsa
Sun Jul 28, 2024 6:24 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

Alright. On PFsense which I’m guessing is the default gateway to the internet, add a route for 10.147.17.0/24 that points to the Windows box at 192.168.1.33 (which should have the Zerotier address 10.147.17.100). You have to enable packet forwarding on Windows to allow routing. That's it! What role ...
by Larsa
Sun Jul 28, 2024 6:11 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

What's the local address of the Windows machine where Zerotier is installed?
by Larsa
Sun Jul 28, 2024 6:01 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1479

Re: Setting up ZeroTier…error following documentation

- You either need to have 10.147.17.100 as the default gateway or add a route for 10.147.17.0/24 on the default gateway pointing to the device where Zerotier is installed. - No extra routing rules are needed. - Add the Zerotier interface 'zt1' to the LAN interface list to allow access to your local ...
by Larsa
Sun Jul 28, 2024 4:48 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Well, I've read some (general) articles on VPP ... and I still don't get it: why is it orthogonal to embedded NOS such as ROS? To fully utilize VPP ( What is VPP? ) as a fully-fledged router you need to pair it with a user-space network stack that has all the necessary capabilities using frameworks...
by Larsa
Sat Jul 27, 2024 12:24 am
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Well, it won’t work with the current product line. Study the basics and you’ll understand why.
by Larsa
Fri Jul 26, 2024 11:59 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

VPP is user-space software, used in projects like FD.io, DPDK and similar. It's not suitable for embedded network OS environments like ROS.

EDIT:
The above applies to OSes like pfSense, VyOS, BSD, and others.
by Larsa
Fri Jul 26, 2024 8:42 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 3072

Re: Feature Request - CHR - VPP & ISO version CHR ROS

1. CHR is designed to run in virtual environments and can easily handle Tbps without any issues. But if you really want to run bare-metal, go for ROS x86_64. But why? Properly set up virtual environments are just as fast as bare metal and are way easier to manage. 2. VPP is a user-space solution and...
by Larsa
Thu Jul 25, 2024 11:47 pm
Forum: Scripting
Topic: [BUG] REST endpoint producing invalid JSON
Replies: 3
Views: 702

Re: [BUG] REST endpoint producing invalid JSON

Since this is only a userforum, please report bugs directly to Mikrotik by opening a ticket at https://mikrotik.com/support or sending an email to 'support@mikrotik.com'.
by Larsa
Thu Jul 25, 2024 12:49 pm
Forum: Wireless Networking
Topic: Does size of antenna matter?
Replies: 64
Views: 4167

Re: Does size of antenna matter?

Somewhat OT but remember that MIMO also takes advantage of interference through multipath propagation. So in most cases the quality of the DSP is more important than the antennas, especially for indoor devices.
by Larsa
Wed Jul 24, 2024 10:36 am
Forum: Beginner Basics
Topic: IPsec VPN - NAT rule to reach the server
Replies: 6
Views: 626

Re: IPsec VPN - NAT rule to reach the server

Okay, that sounds odd. The IPsec policy is usually pretty straightforward: the src-address and dst-address represent which local networks (subnets) the traffic should be encrypted between. The sa-src and sa-dst addresses are the respective WAN (internet) endpoint addresses for the encrypted tunnel. ...
by Larsa
Wed Jul 24, 2024 9:31 am
Forum: Beginner Basics
Topic: IPsec VPN - NAT rule to reach the server
Replies: 6
Views: 626

Re: IPsec VPN - NAT rule to reach the server

@TheCat12 has already hinted at how the policy should look for the LAN src address 192.168.1.0/24.
by Larsa
Mon Jul 22, 2024 10:11 pm
Forum: Wireless Networking
Topic: Does size of antenna matter?
Replies: 64
Views: 4167

Re: Does size of antenna matter?

Possibly gold plated coat hangers ...

Yeah, but of course! It’s obvious that the more expensive the cable, the better the quality of the electrons passing through it, which means a better signal -- everyone knows that! :D
by Larsa
Mon Jul 22, 2024 9:55 pm
Forum: Beginner Basics
Topic: Best gear to receive 4G/5G signal to a cottage
Replies: 3
Views: 537

Re: Best gear to receive 4G/5G signal to a cottage

Run a speed test with a 5G-enabled phone to get an idea of what speeds you can expect before buying an indoor 5G product from MikroTik. If you need a 5G outdoor device with a directional antenna you'll have to look for another brand.
by Larsa
Fri Jul 19, 2024 9:40 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 256185

Re: v7.15.2 [stable] is released!

Short mode is 16 bits and long mode is 32 bits for path cost. The same mode needs to be set on all switches in the network to function.
by Larsa
Thu Jul 18, 2024 6:06 am
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1137

Re: Which VPN to connect 2 MikroTiks overe WAN?

You still have some incorrect settings with those results. With the correct IPsec settings you should get at least 200 Mbps and the CPU usage should basically be zero with a hAP ac³ at both ends. What WAN speed does the ISP provide?

Btw, don’t run throughput tests with Cake enabled anyway.
by Larsa
Thu Jul 18, 2024 12:32 am
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 3046

Re: Wireguard and iOS [SOLVED]

Weird, because when I mentioned all the fuss on Reddit last fall she said it was just a few customers who had systematically underreported active nodes (which they initially claimed were passive) and got a hefty raise after measuring and presenting the actual numbers. Nothing more to it.
by Larsa
Wed Jul 17, 2024 11:51 pm
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1137

Re: Which VPN to connect 2 MikroTiks overe WAN?

Haha Yeah, right?! 😉😘
by Larsa
Wed Jul 17, 2024 8:57 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 3046

Re: Wireguard and iOS [SOLVED]

Glad you managed to solve it! Regarding ZeroTier, there have never been any real issues with the licenses, either for us or our customers. It was just a bunch of clueless morons on Reddit spreading a lot of FUD because of a clumsy/unclear wording from sales that got changed pretty quickly. Reddit is...
by Larsa
Wed Jul 17, 2024 8:11 pm
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1137

Re: Which VPN to connect 2 MikroTiks overe WAN?

Surprisingly, WireGuard seems to be best performer!

Then you are doing somthing wrong if you get better speed with WireGuard than IPsec with hardware acceraltion. Check hAP ac³ IPsec single tunnel test result
by Larsa
Wed Jul 17, 2024 5:53 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 3046

Re: Wireguard and iOS [SOLVED]

Larsa, I was a huge fan of it... When it was $500 a year. If you check around... About a year ago Zerotier started reaching out to users and telling us they wanted to change the yearly to $7000 or more. What've you been reading lately, Reddit chit-chat? :D The "Pro" business license is $2...
by Larsa
Wed Jul 17, 2024 1:04 pm
Forum: Beginner Basics
Topic: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please
Replies: 36
Views: 2605

Re: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please

@anav - IN TERMS OF JOB SECURITY...

/system clock
set time-zone-name=Europe/Paris
by Larsa
Wed Jul 17, 2024 12:36 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 3046

Re: Wireguard and iOS [SOLVED]

Okay, I didn't quite catch the main issue you're facing but ZeroTier is free for personal use with unlimited networks up to 25 devices anyway and the commercial licenses are among the cheapest out there. As for Wireguard, I've never really had any issues with Apple devices and the only problem I've ...
by Larsa
Wed Jul 17, 2024 9:59 am
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 3046

Re: Wireguard and iOS [SOLVED]

Pro tip: Use ZeroTier for a way easier life without worrying about public IPs and all that. ;-)
by Larsa
Tue Jul 16, 2024 12:09 am
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1137

Re: Which VPN to connect 2 MikroTiks overe WAN?

To take advantage of hardware acceleration choose a tunnel type that uses IPsec encryption with AES but don't expect blazing speeds with the hAP ac³ , tho it'll definitely be much faster than Wireguard. Regarding EoIP , it's a LAN tunnel that transports Ethernet between two MikroTik routers (ie acti...
by Larsa
Mon Jul 15, 2024 2:12 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 256185

Re: v7.15.2 [stable] is released!

There is a scroll bar, scroll to the right

Thanks, got it! IMO the UX is pretty crappy in this case but nothing Violentmonkey can't handle..
by Larsa
Mon Jul 15, 2024 11:48 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 256185

Re: v7.15.2 [stable] is released!

Thanks! It was "System > Resources" I was looking for. Yeah, it's buggy, all right.

EDIT: I wish version info could be presented in a more obvious place as standard so you wouldn't have to hack the webfig "skin" on each new instance to find it.

Screendump.png
by Larsa
Mon Jul 15, 2024 11:34 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 256185

Re: v7.15.2 [stable] is released!

Pro tip ...

1. Click "Design Skin"
2. Go to Resources
3. Click triangle button next to Version
4. Select "Add to Status page"

Looks promising though I'm unable to locate any tab/menu called "Resources" in Design Skin mode.. (v7.15.1). Anyone?
by Larsa
Mon Jul 15, 2024 11:17 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 655
Views: 256185

Re: v7.15.2 [stable] is released!

How many places you want?

Somewhere where it's easier (ie obvious) to spot in the ordinary work space, please!
by Larsa
Sun Jul 14, 2024 2:51 pm
Forum: Beginner Basics
Topic: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please
Replies: 36
Views: 2605

Re: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please

Considering the scope of this project (site-to-site tunneling with load balancing, advanced routing, Wi-Fi access points, PBX, Active Directory, etc.) and the technical expertise and experience needed to pull it off, if I were you, I'd pass on this (honestly, you'll never be able to handle this on y...
by Larsa
Sun Jul 14, 2024 12:01 pm
Forum: Forwarding Protocols
Topic: IPsec ikev2 between CHR on AWS and local mikrotik
Replies: 3
Views: 695

Re: IPsec ikev2 between CHR on AWS and local mikrotik

Yes, it’s possible. There are plenty of leads and step-by-step guides if you google: "AWS Mikrotik IPsec"
by Larsa
Sun Jul 14, 2024 10:42 am
Forum: General
Topic: masquerade over EOIP
Replies: 7
Views: 606

Re: masquerade over EOIP

Well, that is something that I try to also figure out, what is is the best approach for this. I did find EOIP implementation/examples quite straight forward, but.... no idea how is in case of zerotier . An IP-based tunnel like IPIP is just as simple to set up as EOIP using ipsec-secret. Also, there...
by Larsa
Sun Jul 14, 2024 12:02 am
Forum: General
Topic: masquerade over EOIP
Replies: 7
Views: 606

Re: masquerade over EOIP

Okay, but why use L2 (EOIP) instead of an IP-based VPN tunnel like WireGuard or even SD-WAN like Zerotier?
by Larsa
Sat Jul 13, 2024 7:30 pm
Forum: RouterBOARD hardware
Topic: RBM33G + 5G
Replies: 65
Views: 20269

Re: RBM33G + 5G

You sure the radio's on? Sometimes when a device is in config mode the radio gets turned off.
by Larsa
Sat Jul 13, 2024 5:37 pm
Forum: General
Topic: 5G for HOME NETWORK
Replies: 16
Views: 2891

Re: 5G for HOME NETWORK

To bond you also need to have control over the other side but you might use load balancing instead.
by Larsa
Sat Jul 13, 2024 5:04 pm
Forum: General
Topic: masquerade over EOIP
Replies: 7
Views: 606

Re: masquerade over EOIP

Since you linked the two networks together with EOIP it's basically like having two subnets on the same local network. You might want to consider hairpin NAT or a different approach like L3 VPNs (IPSec, Wireguard etc).

Could you explain in simpler terms what you're trying to achieve?
by Larsa
Sat Jul 13, 2024 2:25 am
Forum: General
Topic: How to monitor global internet traffic and its source? need help
Replies: 8
Views: 758

Re: How to monitor global internet traffic and its source? need help

@zx128k, you might also use the CALEA package for data collection. There are plenty of analysis tools available for that. There's also a built-in packet sniffer that while somewhat limited compared to CALEA is still pretty useful. https://wiki.mikrotik.com/wiki/CALEA EDIT: @Jotne's Splunk solution i...
by Larsa
Sat Jul 13, 2024 1:46 am
Forum: Scripting
Topic: Feature Request: native JSON parsing function [SOLVED]
Replies: 4
Views: 2986

Re: Feature Request: native JSON parsing function [SOLVED]

Yes, it does. Look for @Amm0's detailed explanations and examples on the matter.
by Larsa
Fri Jul 12, 2024 8:17 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 203
Views: 60861

Re: Feature Request : IPv6 Fasttrack

MT should look at DPDK in my opinion Two major things make DPDK unsuitable for the current product line: 1. DPDK is a pure userland solution while ROS is kernel-based. 2. DPDK's resource footprint is way too large to fit an embedded network OS like ROS. DPDK is normally used in highly specialized h...
by Larsa
Thu Jul 11, 2024 8:22 pm
Forum: RouterBOARD hardware
Topic: CubeSA 60Pro WATER DANGER
Replies: 54
Views: 14743

Re: CubeSA 60Pro WATER DANGER

Same problem, after 1 week outside full of water.
20240708_165116_2.png

Judging by the extent of the corrosion I'd wager the device in the picture has been exposed to the elements for quite a bit longer than just a week...
by Larsa
Thu Jul 11, 2024 8:53 am
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 1173

Re: vrrp configuration with fully redundant switches

I am not using BFD. BFD is pretty lightweight with adjustable timers for how often control packets are sent and it doesn't really strain the CPU. It's highly recommended for L3 like iBGP in your case. You might also check if your upstream providers or IXP offers BFD. If that's the case, I'd definit...
by Larsa
Wed Jul 10, 2024 1:14 pm
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 1173

Re: vrrp configuration with fully redundant switches

Let's see if it's something @skycanfiya might find interesting. Personally, I'm pretty curious where that 25-second delay is coming from in the current setup.
by Larsa
Wed Jul 10, 2024 9:49 am
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 1173

Re: vrrp configuration with fully redundant switches

I was referring to R1-R3 (L3/BGP). L2 VRRP/LAG should kick in pretty much instantly. BTW, what do you mean by upstream LAG in this scenario?
by Larsa
Wed Jul 10, 2024 9:04 am
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 1173

Re: vrrp configuration with fully redundant switches

25 seconds sounds like a bit much. Are you using BFD?
by Larsa
Wed Jul 10, 2024 8:25 am
Forum: General
Topic: Layer 7 protocol question
Replies: 2
Views: 394

Re: Layer 7 protocol question

No, not really. At least not if you want some basic level of decent security protection.

Install ZeroTier, Tailscale or a similar SD-WAN (“from anywhere VPN”) solution on the cloud server for a hassle-free setup and administration.
by Larsa
Tue Jul 09, 2024 11:51 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1597

Re: Disable Routing Between Ports

I wish to have the unit behave as if it were 10 physically separate devices, with the only common connection being to the GPS NTP unit. I had originally pitched the idea of just buying more of the same GPS NTP devices (easiest to keep the network segregation), but with a couple of the VLANs having ...
by Larsa
Tue Jul 09, 2024 8:46 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 203
Views: 60861

Re: Feature Request : IPv6 Fasttrack

Yeah, and the idea that the cache is gone in the current kernel is a myth and misconception. The current V7 kernel uses a more modern and secure network stack that divides the cache into distinct layers to achieve better efficiency where it’s needed most. Some relevant reading on the subject: Routin...
by Larsa
Tue Jul 09, 2024 4:35 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1597

Re: Disable Routing Between Ports

No routing whatsoever between routable interfaces, not even to default gateway if I recall correctly.
by Larsa
Tue Jul 09, 2024 2:32 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1597

Re: Disable Routing Between Ports

@mbovenka; Yeah, it should work unless routing to other subnets on the plant is needed.
by Larsa
Tue Jul 09, 2024 1:56 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1597

Re: Disable Routing Between Ports

@neki, your suggestion won't prevent routing between subnets (i.e VLANs). And why reset the entire config?
by Larsa
Tue Jul 09, 2024 1:06 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1597

Re: Disable Routing Between Ports

@XplodingData, just create an address list like 'VLANS_NO_ROUTING'. Then, create a forward rule that drops all traffic coming and going to any address in the list for each corresponding VLAN address range. You can do this in WinBox/WebUI under IP > Firewall > Address Lists and IP > Firewall > Filter...
by Larsa
Mon Jul 08, 2024 6:57 pm
Forum: Virtualization
Topic: SRIOV and CHR
Replies: 4
Views: 864

Re: SRIOV and CHR

The CHR is totaly unaware if the virtual driver uses SR-IOV or not. It just uses the NIC that is provided by the virtual guest where the CHR is located. So if you can't see the NIC in the virtual guest configuration it won't either appear in the CHR.
by Larsa
Sun Jul 07, 2024 10:10 pm
Forum: Virtualization
Topic: SRIOV and CHR
Replies: 4
Views: 864

Re: SRIOV and CHR

SR-IOV is built into the device driver for the network card in your virtual host operating system so you won't actually see it in CHR. But you might notice that the CPU load and software interrupt rate are significantly reduced at full network throughput when SR-IOV is enabled. If the NIC doesn't sh...
by Larsa
Sun Jul 07, 2024 9:07 pm
Forum: Beginner Basics
Topic: why does this rule interfere with my doing "apt update"?
Replies: 11
Views: 894

Re: why does this rule interfere with my doing "apt update"?

@kendal; you forgott to add the interface list WAN otherwise everything gets redirected:

/ip firewall nat add chain=dstnat action=dst-nat in-interface-llst=WAN protocol=tcp dst-port=80 to-address=10.0.0.246 to-port=80 comment="myconf: HTTP"
by Larsa
Sun Jul 07, 2024 8:08 pm
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 855

Re: How to set or add IP Public from Modem directly to MikroTik

Sindy, good advice regarding the LAN ports! You only go down in flames once (usually :D).
by Larsa
Sun Jul 07, 2024 7:45 pm
Forum: General
Topic: Problem with l2tp over LTE [SOLVED]
Replies: 5
Views: 2193

Re: Problem with l2tp over LTE [SOLVED]

@nsarant; This is OT and I’m not trying to hijack this thread. The suggestion below doesn’t really fix your current issue with your own failover solution using scripts, but rather an alternative way to solve it: Set up a separate tunnel (of any type) for each WAN connection like Sindy explained and ...
by Larsa
Sun Jul 07, 2024 7:17 pm
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 855

Re: How to set or add IP Public from Modem directly to MikroTik

If you’ve already set it to bridge mode it shouldn’t matter since the Mikrotik will handle DHCP for you instead. But to be on the safe side you can disable it.
by Larsa
Sun Jul 07, 2024 2:47 pm
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 855

Re: How to set or add IP Public from Modem directly to MikroTik

Yeah, hard to say. Btw, since the WAN list name and service type are showing up as TR069xx I'm starting to think this menu might actually be the CPE admin menu, not the regular user interface. If that's the case, VLAN 1493 is hopefully terminated in the CPE. I mean, it's not common practice to force...
by Larsa
Sun Jul 07, 2024 11:58 am
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 855

Re: How to set or add IP Public from Modem directly to MikroTik

Hi, I'm just guessing here but try changing the "connection type" to "bridge". Make sure the cable from the HG6145D2 is connected to the MikroTik WAN port. From Winbox, go to the IP menu -> DHCP Client and check if the interface gets a public IP address. Btw, switching to bridge-...
by Larsa
Sun Jul 07, 2024 8:35 am
Forum: General
Topic: AAA...router was rebooted without proper shutdown
Replies: 14
Views: 735

Re: AAA...router was rebooted without proper shutdown

@SMARTNETTT, please provide model, hardware config and full ROS export. Otherwise, no one here will be able to help you.
by Larsa
Sat Jul 06, 2024 11:38 pm
Forum: General
Topic: AAA...router was rebooted without proper shutdown
Replies: 14
Views: 735

Re: AAA...router was rebooted without proper shutdown

Yeah, specially when is was reported on a friday. @SMARTNETTT, I'm pretty sure nobody here at the user forum has the ability to scry with a crystal ball, so please share your server model, hardware configuration (eg type of nics etc) and ROS full export. Otherwise, we won't be able to help you beyon...
by Larsa
Sat Jul 06, 2024 9:34 pm
Forum: General
Topic: AAA...router was rebooted without proper shutdown
Replies: 14
Views: 735

Re: AAA...router was rebooted without proper shutdown

As I wrote in the other thread , hardware is pretty important when it comes to x86 but you still managed to omit the model and hardware configuration as well as a full export! Anyhow, in the case of 30 identical servers and only one failing I'm pretty sure it's a hardware issue. What's the SUP number?
by Larsa
Sat Jul 06, 2024 8:31 pm
Forum: General
Topic: Router was rebooted without proper shutdown
Replies: 10
Views: 6045

Re: Router was rebooted without proper shutdown

@SMARTNETTT: ROS on x86 has nothing to do with Haplite. Please create your own thread and include information about both hardware and software configuration (i.e. a full export). Regarding ROS on x86 bare metal, please be aware it's a tricky business thus you really MUST know what you're doing. Othe...
by Larsa
Fri Jul 05, 2024 12:39 pm
Forum: Scripting
Topic: Script - Error [SOLVED]
Replies: 5
Views: 2574

Re: Script - Error [SOLVED]

Since this is only a user forum, please report bugs directly to MikroTik by emailing 'support@mikrotik.com' or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk.
by Larsa
Fri Jul 05, 2024 12:10 pm
Forum: General
Topic: IPFIX data-set padding bug
Replies: 1
Views: 265

Re: IPFIX data-set padding bug

Since this is only a user forum, please help others by reporting bugs directly to MikroTik by emailing support@mikrotik.com or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk.
by Larsa
Fri Jul 05, 2024 9:26 am
Forum: Wireless Networking
Topic: Pseudobridge or Pseudobridge clone not work -> dhcp client in searching
Replies: 5
Views: 1353

Re: Pseudobridge or Pseudobridge clone not work -> dhcp client in searching

Since this is only a user forum, please help others by reporting bugs directly to MikroTik by emailing support@mikrotik.com or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk.
by Larsa
Thu Jul 04, 2024 7:12 pm
Forum: Announcements
Topic: Newsletter #119 | July 2024
Replies: 37
Views: 48957

Re: Newsletter #119 | July 2024

@pe1chl
Yeah, and a couple of outdoor units wouldn't hurt. One with a directional antenna for rural areas and one omnidirectional for urban areas.
by Larsa
Thu Jul 04, 2024 3:24 pm
Forum: Announcements
Topic: Newsletter #119 | July 2024
Replies: 37
Views: 48957

Re: Newsletter #119 | July 2024

Impressive switches! Looking forward to new hw offload capabilities for data center use. Hopefully RAM can be configured for traffic buffering..
by Larsa
Thu Jul 04, 2024 3:11 pm
Forum: Scripting
Topic: work in console not in script
Replies: 2
Views: 482

Re: work in console not in script

@felix34, remove the brackets from the first line ie: /interface/wireguard/peers :foreach Id in=[find disabled=no] do={ :put [get $Id comment] :put [get $Id last-handshake] } or: :foreach Id in [/interface/wireguard/peers find disabled=no] do={ :put [get $Id comment] :put [get $Id last-handshake] }
by Larsa
Thu Jul 04, 2024 12:36 am
Forum: RouterBOARD hardware
Topic: System rebooted because of kernel failure
Replies: 34
Views: 35042

Re: System rebooted because of kernel failure

Since this is a user forum, you'll probably get better help directly from Mikrotik by emailing 'support@mikrotik.com' or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk
by Larsa
Wed Jul 03, 2024 6:17 pm
Forum: Forwarding Protocols
Topic: send udp packet with destination 255.255.255.255 to other subnet In router
Replies: 5
Views: 966

Re: send udp packet with destination 255.255.255.255 to other subnet In router

I'v used a zlan Modbus gateway a long time ago but I remember we configured it locally for TCP before deploying it. But if I get it right you want to be able to perform the initial configuration with the device already in place on the other subnet, right? If you are absolutely sure you don't want to...
by Larsa
Wed Jul 03, 2024 2:38 am
Forum: Beginner Basics
Topic: How to open ports?
Replies: 12
Views: 1441

Re: How to open ports?

@adamantasaurus, here are some links to what appears to be a clear pedagogical explanation with step-by-step instructions:
- https://blog.shaharia.com/mikrotik-nat- ... m-internet
- https://99rdp.com/using-winbox-to-set-u ... orwarding/
by Larsa
Tue Jul 02, 2024 10:21 pm
Forum: General
Topic: 5G for HOME NETWORK
Replies: 16
Views: 2891

Re: 5G for HOME NETWORK

Here are some examples of affordable 5G/NR routers for outdoor use with PoE power: Zyxel FWA710, D-Link DWP-1010, Huawei 5G CPE WIN and Huawei CPE Pro 2.
by Larsa
Tue Jul 02, 2024 12:51 pm
Forum: General
Topic: mynetname.net down?
Replies: 14
Views: 1379

Re: mynetname.net down?

As a general guideline, don’t rely on Mikrotik IP Cloud (xxxx.sn.mynetname.net) for mission-critical operations.
by Larsa
Tue Jul 02, 2024 12:45 pm
Forum: General
Topic: Cloud/DDNS is not working *urgent*
Replies: 4
Views: 1023

Re: Cloud/DDNS is not working *urgent*

@homtec: for your own good, don't rely on Mikrotik IP Cloud (xxxx.sn.mynetname.net) for mission-critical operations. Also, there is no support for dual stack environments.
by Larsa
Tue Jul 02, 2024 10:48 am
Forum: General
Topic: IP Cloud domains mynetname.net down again?
Replies: 10
Views: 2195

Re: IP Cloud domains mynetname.net down again?

Ping "support@mikrotik.com"...

EDIT
Since there doesn't seem to be any redundancy, we're only using IP Cloud as a backup and have already migrated production to Cloudflare DNS.
by Larsa
Tue Jul 02, 2024 10:37 am
Forum: Forwarding Protocols
Topic: send udp packet with destination 255.255.255.255 to other subnet In router
Replies: 5
Views: 966

Re: send udp packet with destination 255.255.255.255 to other subnet In router

255.255.255.255 (limited broadcast) is by default designed to work only on the local subnet (broadcast domain) otherwise you need to setup specific forwarding rules. As an alternative, you can use directed broadcast (e.g 192.168.1.255) or multicast. Is there a specific reason you can't have eth1 and...
by Larsa
Tue Jul 02, 2024 12:28 am
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 118392

Re: v7.16beta [testing] is released!

Yeah, it looks like the people who managed the “refactored DNS service internal processes” didn't carry out the most basic tests. It makes me wonder if they're even conducting CI/CD pipeline test automation at all..
by Larsa
Mon Jul 01, 2024 9:22 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 118392

Re: v7.16beta [testing] is released!

I had the same issue with WG DNS endpoints. Maybe this drop has the "overhauled" DNS?
by Larsa
Mon Jul 01, 2024 9:23 am
Forum: Wireless Networking
Topic: Feature Request: Add mac80211_hwsim support
Replies: 5
Views: 1226

Re: Feature Request: Add mac80211_hwsim support

Then I’m afraid you can’t use that either other than as a pure Linux router module.
by Larsa
Mon Jul 01, 2024 12:53 am
Forum: Beginner Basics
Topic: Tunneling internet traffic through IPsec tunnel
Replies: 8
Views: 1413

Re: Tunneling internet traffic through IPsec tunnel

Did you read my comment about requirements for IPsec?
by Larsa
Sun Jun 30, 2024 6:52 pm
Forum: General
Topic: Network redesign - 2 storey house
Replies: 18
Views: 1025

Re: Network redesign - 2 storey house

@tilda, If you don’t need 24 Ethernet ports and can settle for 16, I’d definitely go for a CCR2004. It's so much easier to manage just one device for home use since it minimizes the hassle factor according to Murphy's Law. Plus, if you want to connect an SFP module it’s no problem at all as long as ...
by Larsa
Sat Jun 29, 2024 9:56 pm
Forum: RouterBOARD hardware
Topic: STH: MikroTik CRS520-4XS-16XQ-RM 16-port 100GbE Switch Announced
Replies: 0
Views: 1166

STH: MikroTik CRS520-4XS-16XQ-RM 16-port 100GbE Switch Announced

" Aside from higher-end features, the MikroTik CRS520-4XS-16XQ-RM will be a higher-priced switch at $2795. At that price range, it is going to offer something very unique. A new switch with a management web GUI for the price of a used Mellanox SN2100 16-port 100GbE switch with a bit less connec...
by Larsa
Sat Jun 29, 2024 4:41 pm
Forum: Wireless Networking
Topic: Feature Request: Add mac80211_hwsim support
Replies: 5
Views: 1226

Re: Feature Request: Add mac80211_hwsim support

Mac80211_hwsim is a Linux kernel module designed for 802.11 development ie used by hw/sw developers. It would require highly specialized device drivers for ROS in order to interact with any type of virtual environment. Read this: https://www.gns3.com/community/featured/open-source-alternatives-for-w...
by Larsa
Fri Jun 28, 2024 9:51 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3/ax2
Replies: 72
Views: 7770

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

Any L2 ethernet frame size larger than the standard 1500 bytes (excluding the header) on your local network requires all other devices on the same network to have the same size. L3/WAN (PPPoE) is a different story. https://www.packetstreams.net/2018/07/t ... 3-mtu.html
by Larsa
Fri Jun 28, 2024 9:33 pm
Forum: Beginner Basics
Topic: Configure IPv6 over IPv4 from ISP
Replies: 9
Views: 1496

Re: Configure IPv6 over IPv4 from ISP

Hey @Ryuu19, I'm pretty sure GMO has some guidelines on the protocols they use for IPv6/IPv4 tunneling. Come back here once you've found the info and we'll help you configure your router.
by Larsa
Fri Jun 28, 2024 9:25 pm
Forum: General
Topic: Rate limit in PCQ above 4295Mb causing 'Error in rate - number expected!"
Replies: 6
Views: 820

Re: Rate limit in PCQ above 4295Mb causing 'Error in rate - number expected!"

Since this is a user forum, you'll probably get better help directly from Mikrotik by emailing 'support@mikrotik.com' or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk
by Larsa
Thu Jun 27, 2024 3:56 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6875

Re: Which router for ~100 clients

Concur.

@ksx4system; If you’d read the thread you might have noticed they already bought a CCR2004.
by Larsa
Wed Jun 26, 2024 10:48 pm
Forum: RouterBOARD hardware
Topic: Ubiquiti SG4Pro replacement for lanparty.
Replies: 10
Views: 1473

Re: Ubiquiti SG4Pro replacement for lanparty.

The RB5009 is roughly the same as the UDM Pro in terms of performance, but ROS is way more versatile than UniFi OS.
by Larsa
Wed Jun 26, 2024 10:37 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1453

Re: Private LTE/5G Networking Question(s)

Yeah, but it's not as fun as running your own LTE/NR network at home. :-D The tricky part was getting the SIM card programming to work.
by Larsa
Wed Jun 26, 2024 8:38 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1453

Re: Private LTE/5G Networking Question(s)

Well, for 600 bucks you might get a whole bunch of capable multiband 2x2 MIMO transceivers for up to 10 dBm @ 6 GHz, like BladeRF, PlutoSDR, USRP, HackRFOne, etc. Hardly useless, I'd say. For let's say 1-2k, you get a whole lot more power as well.
by Larsa
Wed Jun 26, 2024 4:23 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1453

Re: Private LTE/5G Networking Question(s)

Read @optio's and my previous posts..
by Larsa
Wed Jun 26, 2024 10:40 am
Forum: RouterBOARD hardware
Topic: Ubiquiti SG4Pro replacement for lanparty.
Replies: 10
Views: 1473

Re: Ubiquiti SG4Pro replacement for lanparty.

CCR2004 gives you plenty of switch ports and more raw power to handle CPU-bound tasks like queue management to keep latency down using techniques such as fq_codel, cake, or similar. RB5009 is more suited for a home lab.
by Larsa
Tue Jun 25, 2024 6:11 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1453

Re: Private LTE/5G Networking Question(s)

Or buy second-hand real base stations from Nokia or Huawei with radios for around 500 bucks on eBay.

Like for example
https://www.ebay.com/itm/234631485117
by Larsa
Tue Jun 25, 2024 3:42 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1453

Re: Private LTE/5G Networking Question(s)

You can run 4G LTE/5G NR open source projects like open5gs/free5GC using srsRAN/OpenAirInterface on unlicensed bands like 2.4, 5/6 and 60 GHz, although coverage is limited due to signal strength regulations similar to Wi-Fi. Software-defined radios for lower bands cost around 1k bucks but those for ...
by Larsa
Mon Jun 24, 2024 3:24 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6875

Re: Which router for ~100 clients

I'd say Ubiquiti wireless products are pretty capable but their routers for business not so much. If you don't want to pay huge bucks for brands like Cisco or Juniper I think MikroTik performs quite well or even just as well in most cases.
by Larsa
Sun Jun 23, 2024 8:19 pm
Forum: General
Topic: Mikrotik with NAT64 & DNS64, LAN IPv6 WAN IPv4
Replies: 1
Views: 738

Re: Mikrotik with NAT64 & DNS64, LAN IPv6 WAN IPv4

It's in Arabic, so it can be a bit tricky to keep up... ;-)
by Larsa
Sun Jun 23, 2024 6:19 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6875

Re: Which router for ~100 clients

@daxyco: I don't think there's much to discuss about the number of hours, but if you've done business with him before, just refer to the previous hourly rate. Start by having a conversation with him and explain your position. If he is completely dismissive you can as a last resort complain about inc...
by Larsa
Sat Jun 22, 2024 7:48 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6875

Re: Which router for ~100 clients

Yeah, especially since the assignment appears to be a one-stop solution where the hours include meetings/pre-study, planning, responsibility for purchases, configuration, testing, deployment, and documentation, the hours seem to be more than reasonable. It’s primarily the customer's responsibility t...
by Larsa
Thu Jun 20, 2024 12:42 pm
Forum: General
Topic: Asking for help with LTE connection
Replies: 5
Views: 872

Re: Asking for help with LTE connection

Did you set up the firewall corretly? You need to set up a src NAT rule (masquarade)! And you need to set up "Use peer DNS and Add default route"! Yeah, that's probably correct if the default configuration has been wiped on the LHG. And on the wAP, the LTE interface has to be added to the...
by Larsa
Thu Jun 20, 2024 11:50 am
Forum: General
Topic: Asking for help with LTE connection
Replies: 5
Views: 872

Re: Asking for help with LTE connection

Usually, you only need to mess with the TTL for a SIM card meant for a regular phone or an extra "twin card" for a tablet with an unlimited data plan that you put in a router. This can sometimes be a lot cheaper than getting a dedicated mobile broadband SIM card, but things are slowly chan...
by Larsa
Wed Jun 19, 2024 11:52 am
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2331

Re: Mikrotik PTP Near-Line-Of-Sight Solution

Like I mentioned in my previous post, the elevation map isn't detailed enough to determine how high the mast towers need to be for a clear line of sight.
by Larsa
Wed Jun 19, 2024 9:55 am
Forum: General
Topic: Route Netflix traffic via VPN
Replies: 23
Views: 3191

Re: Route Netflix traffic via VPN

Hi @pajapatak, could you please do us all a big favor and post your complete solution in the "Useful User Articles" forum? Thank you!
by Larsa
Wed Jun 19, 2024 12:50 am
Forum: General
Topic: winbox mac
Replies: 2
Views: 313

Re: winbox mac

by Larsa
Tue Jun 18, 2024 10:25 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2331

Re: Mikrotik PTP Near-Line-Of-Sight Solution

1. 5G/NR solution for the blue place (the hangar) Approximate total cost for a three-year 5G unlimited data plan at max speed in France: Orange: 1800 EUR Bouygues: 1600 EUR SFR: 1200 EUR Free Mobile: 1100 EUR Plus a 5G outdoor router, aprox 450 EUR. In total, roughly 45 EUR per month for 36 months. ...
by Larsa
Tue Jun 18, 2024 9:00 pm
Forum: Beginner Basics
Topic: Tunneling internet traffic through IPsec tunnel
Replies: 8
Views: 1413

Re: Tunneling internet traffic through IPsec tunnel

Although this is beside the point, IPsec won't give you any performance advantages compared to OpenVPN unless both endpoints (i.e., both your routers) support AES hardware acceleration. If there is no hardware acceleration, consider using WireGuard instead. But since your home "router" CRS...
by Larsa
Tue Jun 18, 2024 6:51 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6875

Re: Which router for ~100 clients

Great choice! IPsec should get you closer to 1 Gbps with a CCR2004 at both ends. With OSPF + BFD, you should be able to switch redundant routes within 5-10 milliseconds, depending on the settings. Btw, OSPF and BFD are very easy to set up. Additionally, you might consider ZeroTier as an easy way to ...
by Larsa
Tue Jun 18, 2024 6:13 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2331

Re: Mikrotik PTP Near-Line-Of-Sight Solution

@dot02, I'm not quite following what you're trying to achieve here. Is the "green" antenna the target and where is the "blue" antenna located and used for? What exactly is your plan without using technical details? Is this for personal use or commercial purposes? You're describin...
by Larsa
Tue Jun 18, 2024 1:08 am
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 6745

Re: Marine Modem suitable for mast mounting

Yeah, hopefully. We'll see..
by Larsa
Tue Jun 18, 2024 12:47 am
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 6745

Re: Marine Modem suitable for mast mounting

Ain't Telit LM960A18 an LTE module? Do you know of any 5G/NR (SA/NSA) modules out there?
by Larsa
Tue Jun 18, 2024 12:22 am
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 6745

Re: Marine Modem suitable for mast mounting

Yeah, they should fit well. Btw, do you know of any 5G miniPCIe modules compatible with ROS v7?
by Larsa
Mon Jun 17, 2024 11:51 pm
Forum: Beginner Basics
Topic: PTPv2 functions in Router OS 7.14.3 [SOLVED]
Replies: 3
Views: 2325

Re: PTPv2 functions in Router OS 7.14.3 [SOLVED]

Since this is a user forum, you will probably get better help directly from Mikrotik by opening a ticket at https://mikrotik.com/support or sending an email to 'support@mikrotik.com'.
by Larsa
Mon Jun 17, 2024 11:19 pm
Forum: Beginner Basics
Topic: Firewall - 80 & 443 to Server
Replies: 3
Views: 611

Re: Firewall - 80 & 443 to Server

Yeah, change the title to "Don't read this" 😃_👍
by Larsa
Mon Jun 17, 2024 11:01 pm
Forum: General
Topic: Mikrotik and Dante/NDI AV in general
Replies: 9
Views: 3502

Re: Mikrotik and Dante/NDI AV in general

You can follow all updates to the manuals at https://help.mikrotik.com/docs/collector/pages.action?key=ROS. Click the link "show change"..
by Larsa
Mon Jun 17, 2024 10:49 pm
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 6745

Re: Marine Modem suitable for mast mounting

The Chateau won't last long in a marine environment even indoors due to the salty air. Besides, you don't want a long antenna cable because of signal loss. MikroTik should offer two types of 5G outdoor devices: one omnidirectional and one directional optimized for long-range connectivity in rural ar...
by Larsa
Mon Jun 17, 2024 10:18 pm
Forum: Forwarding Protocols
Topic: Mikrotik 3011 - Connection lost _OSPF used.
Replies: 1
Views: 499

Re: Mikrotik 3011 - Connection lost _OSPF used.

It might be a PoE issue with a 70-meter ethernet cable to the camera. What voltage are you feeding the MikroTik RB3011 with?

EDIT
Wait, you are using port 3 which doesn't have PoE out. Does this mean your camera is powered locally?
by Larsa
Mon Jun 17, 2024 9:15 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 158
Views: 48653

Re: Feature Request: IPSEC Improvements

A tip for everyone who needs this: Open a support ticket and describe a real use case that could motivate Mikrotik to add these features. Just posting in this user forum won't do much.
by Larsa
Mon Jun 17, 2024 9:11 pm
Forum: General
Topic: IPSec VTI
Replies: 60
Views: 25195

Re: IPSec VTI

A tip if you really need a VTI interface in your business: open a support ticket and describe a genuine use case that could motivate Mikrotik to move forward with developing this. Just posting in this user forum won't probably accomplish much.
by Larsa
Mon Jun 17, 2024 6:17 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2331

Re: Mikrotik PTP Near-Line-Of-Sight Solution

For commercial operations to achieve a 3 km line of sight over treetops you will probably need at least two 100 foot (30m) lattice towers with foldable bases plus foundation casting and assembly which might be pretty expensive. For private use there are much cheaper single-pipe masts with guy wire m...
by Larsa
Mon Jun 17, 2024 4:46 pm
Forum: Useful user articles
Topic: WinBox for MacOS ??
Replies: 48
Views: 21338

Re: WinBox for MacOS ??

We probably won't get it faster by nagging and the dev team hardly looks at the forums either. Personally, I'd rather wait for a somewhat stable app. For example, BFD seemed to take forever, but the latest drop has been very stable and running without a single error for our OSPF/BGP setups for a ver...