Community discussions

MikroTik App

Search found 1595 matches

by Larsa
Tue Sep 03, 2024 8:46 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Many users request return of the Tabs to the top bar. One of my colleagues has nice idea - most of the time, you only work with few selected tabs. So what about an icon in the drop-down list, to open a Tab in a new Window, would in fact pin the Tab to the top bar instead? But of course! That way, e...
by Larsa
Tue Sep 03, 2024 4:36 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Exactly my point!
by Larsa
Tue Sep 03, 2024 4:31 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: WinBox 4 is here

The detached window feature would make sense if there is only one Winbox instance running at a time. Since mostly several Winbox instances are running, detaching windows would create even more usability issues. Well, maybe for inexperienced people who don't work with networks and aren't familiar wi...
by Larsa
Tue Sep 03, 2024 4:14 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Got it! Please add it to the list for Customer Enhancement Requests. Thanks!
by Larsa
Tue Sep 03, 2024 4:08 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Maybe you expect something to happen, that was never intended to happen? This is what is SUPPOSED to happen. As designed: https://imgur.com/a/RwZRKRH Yes, that could absolutely be the case but I suspect there might be some confusion here regarding the terminology. As I tried to explain previously a...
by Larsa
Mon Sep 02, 2024 8:39 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Thanks! By any chance, do you have access to the default gateway at 10.20.100.1? If so, could you check if there's a route set up to 10.2.120.0/24 via 10.20.100.15? If it's a MikroTik router, you can run the command: ' /ip/route/print ' and paste the output here. If not, while troubleshooting, we ca...
by Larsa
Mon Sep 02, 2024 6:43 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

@Normis: That does not make it clearer. The post already shows how to to it. Is there an issue with this button? 1. Yeah, that's correct. There an issue with button. The button shown in the red rectangle below doesn't work as expected. As explained by @STMT: " It is possible to detach the wind...
by Larsa
Mon Sep 02, 2024 4:28 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

n/a
by Larsa
Mon Sep 02, 2024 2:54 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Larsa, unclear abut detachment from workspace, can you describe the issue?

You still can't detach a window from the WinBox main workspace and move it around freely on screen. Please check out @STMTs reply here: viewtopic.php?t=210505#p1093920.
by Larsa
Mon Sep 02, 2024 12:54 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

@normis, could you please add fixing the detachment of windows from the workspace to the list. According to @STMT, this was already provided but currently isn’t working.
by Larsa
Fri Aug 30, 2024 8:08 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

What's new in v4.0beta3:

*) fix crash on macOS 11

1. I can confirm that v4.0beta3 is working with macOS 11 - thanks! It's blisteringly fast, I must say.
2. Detaching windows from the workspace still doesn't work, though.
by Larsa
Thu Aug 29, 2024 8:19 pm
Forum: Virtualization
Topic: CHR - WiFi card not detected [SOLVED]
Replies: 2
Views: 438

Re: CHR - WiFi card not detected [SOLVED]

ROS can't handle any network cards when running as CHR in a virtual machine. You'll need to configure the WiFi card in Ubuntu first, then add it to VirtualBox as a regular network interface.
by Larsa
Thu Aug 29, 2024 7:23 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

I agree with what @sirbryan says.
by Larsa
Thu Aug 29, 2024 1:03 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

It's shown in the window title when you're not connected

Great, thanks! 🙏
by Larsa
Thu Aug 29, 2024 12:58 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

We are trying to find such an old macbook and will test. So far, no help needed, Larsa. Thanks! Most of our field engineers are forced to use slightly older MacBooks (and you can probably guess why) using macOS 12/13 and equipped with Intel CPUs because we need to run a bunch of Windows-based legac...
by Larsa
Thu Aug 29, 2024 12:42 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

It is possible to detach window if you open the drop-down menu and click the button next to the submenu name Thanks, but that doesn't work for me because the window is still locked to the WinBox workspace (ie the child window is still locked to the parent workspace) Environment: WinBox 4.0Beta1, Wi...
by Larsa
Thu Aug 29, 2024 11:11 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Craches on Intel Macook macOS 11.7.10. Tried several times.

@normis: let me know if the developers want a core dump and I'll sort it out.
by Larsa
Thu Aug 29, 2024 11:04 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Feedback:
1. A dropdown menu or similar submenu is currently missing for open windows.
2. Add the ability to detach a window from the WinBox workspace.
by Larsa
Thu Aug 29, 2024 10:42 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 855
Views: 131548

Re: 📣 WinBox 4 is here 📣

Craches on Intel Macook macOS 11.7.10. Tried several times. Process: WinBox [4220] Path: /Applications/WinBox.app/Contents/MacOS/WinBox Identifier: my.example.com Version: 0.1 (0.1) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: WinBox [4220] User ID: 503 Date/Time: 2024-08-29 09:37...
by Larsa
Thu Aug 29, 2024 9:33 am
Forum: General
Topic: Virtual Subnet Trough Ipsec Tunnel - Mikrotik To Cisco
Replies: 6
Views: 352

Re: Virtual Subnet Trough Ipsec Tunnel - Mikrotik To Cisco

Since you're using the same subnet as someone else on the Cisco side you'll need to use src-nat. Btw, why not use 192.168.160.0/24 since the Cisco admin already assigned it to you.
by Larsa
Wed Aug 28, 2024 10:31 pm
Forum: RouterOS beta
Topic: FEATURE REQUEST: BBR(Bottleneck Bandwidth and Round-trip propagation time) Congestion Control
Replies: 15
Views: 9422

Re: FEATURE REQUEST: BBR(Bottleneck Bandwidth and Round-trip propagation time) Congestion Control

FYI, BBR needs to be implemented only on the endpoints (eg like web browsers and servers) where data is being sent and received. It does not require any modifications or implementations in the routers or other network infrastructure. The only tunneling protocol I can think of that uses TCP is OpenVP...
by Larsa
Tue Aug 27, 2024 8:15 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 10
Views: 1259

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

It works. Use this simple test below where ether1 sends 192.168.90.255 to port 2000 (but any port will do) => dst-nat broadcast => to ether2 as 192.168.80.255. Bridging the two interfaces with a filter that allows udp with an optional port number works just as well. /ip firewall nat add action=dst-n...
by Larsa
Tue Aug 27, 2024 1:20 am
Forum: General
Topic: WireGuard without public IP [SOLVED]
Replies: 3
Views: 521

Re: WireGuard without public IP [SOLVED]

One of the ends needs a public IP address. If not, you might use ROS BTH (Back to Home) or ZeroTier which can manage without it.
by Larsa
Mon Aug 26, 2024 9:57 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 10836

Re: Default password Frustration

So I'm a white fly compared to everyone else? The basics, like blocking spoofing and blocking incoming connections on standard ports, for me is the a-b-c of civilization... Yeah, you're definitely an angel compared to the typical run-of-the-mill ISPs. At most they block like egress smtp and similar...
by Larsa
Mon Aug 26, 2024 6:40 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 10
Views: 1259

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

What type of device are you using and what does the dst-nat rule look like? Have you checked with the built-in packet sniffer to see if any broadcast traffic is reaching the interfaces?
by Larsa
Mon Aug 26, 2024 3:53 pm
Forum: RouterBOARD hardware
Topic: Default password Frustration
Replies: 101
Views: 10836

Re: Default password Frustration

ISPs don't offer free protection against botnets, DDoS attacks or anything like that. While they probably should provide it as an option for the general public IMO, these services are mainly for businesses and are usually pretty expensive because they require a lot of investment from the provider. C...
by Larsa
Sun Aug 25, 2024 9:01 pm
Forum: General
Topic: Can we upgrade zerotier and add Moon functionality?
Replies: 2
Views: 360

Re: Can we upgrade zerotier and add Moon functionality?

The option to add your own user-defined root servers (moons) was introduced back in Zerotier v1.2.0 but unfortunately there’s still no way to manage these settings in ROS. You can add the root servers yourself in a private server, container or VPS.
by Larsa
Fri Aug 23, 2024 12:00 am
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Sorry my bad, I forgot you were on ROS v6. Try the commands below. I'm heading home now so I'll get back to you tomorrow. /ip/route/print /ip/address/print /ip/firewall/nat/export EDIT On your workstation, run the following If Windows: netstat -rn && ipconfig If Linux/Mac: netstat -rn &&...
by Larsa
Thu Aug 22, 2024 10:24 pm
Forum: General
Topic: Problem with download on x86 PC
Replies: 3
Views: 542

Re: Problem with download on x86 PC

Back up the settings with a full export, reset to the default firewall config, and then rerun the tests again. If everything goes smoothly, you can start adding back the queues one by one and check the speed regularly to find the problematic one. Just curious, why all the static IPs and related queu...
by Larsa
Thu Aug 22, 2024 8:55 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Could you log in to the router in cabinet 1 and ping any devices in the 10.2.120.0/24 range? Also, run the following commands in a terminal and paste the output here: /ip route print proplist=dst-address,routing-table,gateway,immediate-gw,distance,local-address /ip address print proplist=address,net...
by Larsa
Thu Aug 22, 2024 8:39 pm
Forum: General
Topic: Feature request : Multipath TCP (MPTCP) support
Replies: 14
Views: 9906

Re: Feature request : Multipath TCP (MPTCP) support

Well, L3 multipath/bonding shouldn't be mixed up with MPTCP which was mainly developed as an endpoint (app) protocol to facilitate transparent handover/failover/bonding. Sure, there are some special hacks to use it as a more general communication protocol but that's not very common ie you won’t find...
by Larsa
Thu Aug 22, 2024 4:39 pm
Forum: General
Topic: HGSMII for 2.5 Gbps link
Replies: 9
Views: 4967

Re: HGSMII for 2.5 Gbps link

FYI, HGSMII doesn’t have any magical plug-and-play features. It’s basically like other tech that helps manage internal devices. Since it’s just an internal component, you won’t even notice it and it doesn’t communicate with your ISP or anything.
by Larsa
Thu Aug 22, 2024 4:22 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Okay, I'll check it out later. Bwt, have you had a chance to try out the new nat rules I posted earlier?
by Larsa
Thu Aug 22, 2024 4:15 pm
Forum: General
Topic: Feature request : Multipath TCP (MPTCP) support
Replies: 14
Views: 9906

Re: Feature request : Multipath TCP (MPTCP) support

Hey @8023, what's your use case?

MPTCP doesn't need any special support in the router itself, it's generally used between the app connection endpoints like from a mobile device or car to a central service.
by Larsa
Wed Aug 21, 2024 3:01 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

It looks like you might have missed some details in my last post or misunderstood it. Here's what you need to do; start by removing all five lines and replace them with: add chain=srcnat dst-address=10.20.100.0/20 src-address=10.2.120.0/24 action=masquerade add chain=srcnat dst-address=10.0.0.0/24 s...
by Larsa
Wed Aug 21, 2024 2:30 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 10
Views: 1259

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

You can use bridge filters (i.e bridge ip firewall ) or just set up a simple dst-nat broadcast forwarding like the example below. Use a specific destination port number to limit the scope of the ip directed broadcast: /ip firewall nat add action=dst-nat chain=dstnat in-interface=ether1 dst-address-t...
by Larsa
Mon Aug 19, 2024 10:26 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

@Sindy, would you mind taking a look at this: viewtopic.php?p=1092257#p1092239

Thanks in advance!
by Larsa
Mon Aug 19, 2024 10:04 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

/ip firewall nat chain=dstnat dst-address-type=local in-interface= WANX protocol=udp dst-port= YYYYY action=dst-nat to-addresses=ip.of.wan. PRIMARY That look very generic! ;-) Sorry, I forgot about the OSPF example. I'm traveling for a customer visit for a day or two so it’ll have to wait until I'm...
by Larsa
Mon Aug 19, 2024 9:17 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

That's what I meant when I asked if it's even possible to create a generic solution that's not port-specific.
by Larsa
Mon Aug 19, 2024 8:35 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

NAT trick is cleaver.

Yeah, totally! @Sindy, what's you take on dst-nat vs policy routing as a fix for the multiwan wireguard bug? Do you think it's possible to create a generic solution that only affects WireGuard's initial handshake?
by Larsa
Mon Aug 19, 2024 8:26 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

To be picky, the rejection of the return traffic by the originating device is not wireguard specific its networking common... The problem is that the wireguard programming in RoS is doing something weird.............. in that its bypassing standard routing and rules in RoS.,. Anav, how the security...
by Larsa
Mon Aug 19, 2024 4:22 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

Yeah, the first WireGuard handshake is like a secret handshake between two routers (Peer A and Peer B) that want to communicate securely. Peer A sends a "hello" (handshake initiation packet) to Peer B which responds with a "hello back" (handshake response packet). But because the...
by Larsa
Mon Aug 19, 2024 4:05 pm
Forum: 3rd party tools
Topic: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management
Replies: 39
Views: 3901

Re: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management

Quick question: is the 8 GB RAM requirement an absolute minimum or is there a chance it could run on a Raspberry Pi 4 with 4 GB of RAM?
by Larsa
Mon Aug 19, 2024 2:52 pm
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 10
Views: 1259

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

There isn’t a specific setting, you build it using arp proxy, broadcast forwarding and so on depending on what you’re aiming for. What’s the use case?
by Larsa
Mon Aug 19, 2024 10:40 am
Forum: Forwarding Protocols
Topic: IP Directed Broadcast In CISCO Equivalent In Mikrotik
Replies: 10
Views: 1259

Re: IP Directed Broadcast In CISCO Equivalent In Mikrotik

Yeah, it's doable with ROS but you should be aware that it might be a security risk as mentioned in the Cisco manuals. It’s also disabled by default. What's the use case?
by Larsa
Sun Aug 18, 2024 9:45 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

Yeah, that was the solution I was thinking of but I had NAT in mind and just didn’t have the energy to figure out a good variation like the one you just showed.
by Larsa
Sun Aug 18, 2024 9:11 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

Great, perfect with an alternative workaround! Any thoughts on the pros and cons compared to policy routing?
by Larsa
Sun Aug 18, 2024 3:09 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

Does that fix the initial handshake issue?
by Larsa
Sun Aug 18, 2024 2:33 pm
Forum: General
Topic: Wireguard in 2nd WAN [SOLVED]
Replies: 34
Views: 2328

Re: Wireguard in 2nd WAN [SOLVED]

Basically, the ROS implementation has a bug where Wireguard's initial handshake always gets sent back through the default gateway instead of the interface the traffic came from which makes the connection fail due to a protocol error. And since the handshake isn’t tracked, you can’t use mangle to man...
by Larsa
Fri Aug 16, 2024 11:13 pm
Forum: General
Topic: Routing question
Replies: 11
Views: 863

Re: Routing question

That’s a pretty standard setup. I can post an example next week. Have a nice weekend, cheers!🍺
by Larsa
Fri Aug 16, 2024 10:18 pm
Forum: General
Topic: Routing question
Replies: 11
Views: 863

Re: Routing question

OSPF + BFD with two tunnels/routes (one per channel) is really easy to set up, very robust and provides rerouting in just a few milliseconds.
by Larsa
Fri Aug 16, 2024 8:16 pm
Forum: Beginner Basics
Topic: IPSec site to site VPN
Replies: 4
Views: 471

Re: IPSec site to site VPN

Unfortunately it’s pretty tough to figure out what’s wrong just from a couple of screenshots. Try posting an export of both router configurations and maybe someone in this user forum can help out. Check out this guide on how to export and post your configuration: https://forum.mikrotik.com/viewtopic...
by Larsa
Thu Aug 15, 2024 10:58 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Okay, I think I’ve got it! The network drawing is a bit misleading (or is actually missing some crucial info) because it turns out that ether5-gateway is actually connected to the operator network 10.20.100.0/20 and the rest of the PLC network seems to be bridged together as a single 10.2.120.0/24 s...
by Larsa
Thu Aug 15, 2024 9:00 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

About the somewhat misleading wording "Siemens HMI's through their 3rd party website..." it's not actually an external connection but a web-based PLC operator monitor add-on called WinCC/WebUX.
by Larsa
Thu Aug 15, 2024 8:06 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Yeah, that's probably correct but in this instance we're talking about an internal router for PLC process control that isn’t connected to the internet. Unfortunately OP inherited the whole setup so it’s not a great idea to make major changes like upgrading to v7 without first having full control of ...
by Larsa
Thu Aug 15, 2024 7:16 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

So, cabinet #1 router ether5-gateway ( 10.20.100.15/20 ) is connected to the local device network where the S7 PLC and SIMATIC HMI are, but those devices are using different subnet address like 10.2.120.11 according to the network diagram. This is really getting to wierd for me to grasp and I feel l...
by Larsa
Thu Aug 15, 2024 6:36 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

dst-address=10.20.104.54 => IP address on the controller network side of the router. If that's the router in cabinet 1, shouldn’t it be 10.2.120.1 ? to-addresses=10.2.120.11 => IP address of the SIMATIC HMI. ie, ' /ip firewall nat add action=dst-nat chain=dstnat dst-address= 10.2.120.1 dst-port=443 ...
by Larsa
Thu Aug 15, 2024 6:20 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

You can skip "in-interface=bridge-local", you should get a match just using "dst-address=10.20.104.54" and "dst-port=443". Btw, you are sure you can reach 10.20.104.54 by pinging it, which btw I asume is one of the cabinet routers?
by Larsa
Thu Aug 15, 2024 6:00 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

No worries, I was just curious. Let me know how it goes after you’ve tested it.
by Larsa
Thu Aug 15, 2024 4:14 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Alright, let me make sure I’ve got this straight: all the devices on the control network (where the laptop is) are on the same subnet (10.20.x.x/16) connected to the "IDF1 PLC Network Switch" but their IP addresses are organized by equipment type. So, back to the original issue: since all ...
by Larsa
Thu Aug 15, 2024 3:03 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

2. The laptop is connected to 10.20.101.x where all the computers connect to. It can currently access all the ethernet connected devices on 10.20.101.x through 10.20.111.x (except the 3. Each cabinet has it's own router, they are wired in series like the diagram shows 2. What subnet is 100.20.101.x...
by Larsa
Thu Aug 15, 2024 2:47 pm
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

I'd like to be able to access the HMI screens in Cabinets 1,2,3 from their web interface like 2 similar Simatic HMIs in our building... 1. Access from where exactly? 2. Is the controll laptop network 10.20.x.x connected directly to the PLC-network 10.20.100.x ie on the same subnet? 3. Is there a se...
by Larsa
Thu Aug 15, 2024 12:40 pm
Forum: General
Topic: Routing to second WAN device admin
Replies: 4
Views: 494

Re: Routing to second WAN device admin

@chilloutalready; If you're trying to connect to modem #2 from your LAN (which subnet is it btw?) you shouldn't need mangle rules. Your 5G devices are already on different local subnets so you just need regular routing. Or is this a problem that only happens when you connect via VPN? How about posti...
by Larsa
Thu Aug 15, 2024 9:58 am
Forum: Beginner Basics
Topic: 3rd party system installed, can't connect to any devices on the router.
Replies: 40
Views: 2333

Re: 3rd party system installed, can't connect to any devices on the router.

Hi @chewbo, welcome to the forum! Aren’t the PLC devices supposed to be managed by the controller (HMI) on the internal bus or do you need to access them separately? This is usually done through a separate gateway which sometimes is built into the controller. As for the technician not bringing his o...
by Larsa
Wed Aug 14, 2024 8:06 pm
Forum: General
Topic: Messed up routing between multiple wireguard tunnels
Replies: 15
Views: 914

Re: Messed up routing between multiple wireguard tunnels

This seems like a classic case of an XY problem, made even harder to understand due to an overly complicated network diagram and an even more confusing technical walkthrough.

My understanding is that you want all clients from site 1 to route to the internet via site 2. Is that correct?
by Larsa
Wed Aug 14, 2024 6:16 pm
Forum: General
Topic: Messed up routing between multiple wireguard tunnels
Replies: 15
Views: 914

Re: Messed up routing between multiple wireguard tunnels

And what role does BGP play in all of this? Is iBGP used for internal routing?
by Larsa
Wed Aug 14, 2024 3:25 pm
Forum: General
Topic: Routing to second WAN device admin
Replies: 4
Views: 494

Re: Routing to second WAN device admin

If you're accessing your HEX through something like WireGuard you'll always use the same local IP address for the router no matter where you are.
by Larsa
Wed Aug 14, 2024 2:02 pm
Forum: General
Topic: Dual ISP setup with static IP and PPPoE on RB450Gx4 - routing issue with WiFi Routers and ZeroTier
Replies: 3
Views: 449

Re: Dual ISP setup with static IP and PPPoE on RB450Gx4 - routing issue with WiFi Routers and ZeroTier

You forgot to mention where all your local devices are connected (bridge?). Generally, this can be solved pretty easily with policy routing or routing marks if the devices are on different subnets. What’s your plan for using ZeroTier? Is it for remote access, site-to-site networking, etc? Btw, expor...
by Larsa
Tue Aug 13, 2024 8:15 pm
Forum: Beginner Basics
Topic: Reach LAN from Zerotier with own controller
Replies: 9
Views: 577

Re: Reach LAN from Zerotier with own controller

Alright, dual stack (hmm...). It might be a routing issue since there aren't any replay packets and I don't see any ICMP packets coming in. As a temporary workaround for IPv4, try a source NAT approach using the command below. Just replace ZZZZZ with your ZT subnet and XXXXX with the name of your LA...
by Larsa
Tue Aug 13, 2024 6:11 pm
Forum: Beginner Basics
Topic: Reach LAN from Zerotier with own controller
Replies: 9
Views: 577

Re: Reach LAN from Zerotier with own controller

Can you spot any traffic from the ZT interface to your LAN using the ROS packet sniffer?

Btw, what does the zerotier-cli peer status say?
by Larsa
Tue Aug 13, 2024 5:36 pm
Forum: Beginner Basics
Topic: Reach LAN from Zerotier with own controller
Replies: 9
Views: 577

Re: Reach LAN from Zerotier with own controller

The ZeroTier interface works just like an Ethernet interface. You need to allow and set up proper routing between your LAN and the ZT subnet, or alternatively use src-nat from ZT to the LAN. I assume you’ve already added your LAN in ZeroTier Central > Networks > Advanced Settings > Managed Routes.
by Larsa
Tue Aug 13, 2024 1:00 pm
Forum: General
Topic: ssh connections per minute
Replies: 7
Views: 546

Re: ssh connections per minute

And there is also SNMP: https://help.mikrotik.com/docs/display/ROS/SNMP To get multiple values using the rest api, use for example curl: https://forum.mikrotik.com/viewtopic.php?t=184113 https://new.reddit.com/r/mikrotik/comments/11fvtkj/how_to_get_current_link_rate_via_api_call/ There are plenty of...
by Larsa
Mon Aug 12, 2024 7:18 pm
Forum: 3rd party tools
Topic: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management
Replies: 39
Views: 3901

Re: Introducing MikroWizard: An Open-Source Solution for MikroTik Router Management

We are creating the docker-compose file and the installation will be changed soon…

Hi, please let us know when it’s ready to be tested.
by Larsa
Mon Aug 12, 2024 1:23 am
Forum: Wireless Networking
Topic: Looking for affordable, no-frills 4G/5G or LTE stick for ROS7/CHR
Replies: 2
Views: 626

Re: Looking for affordable, no-frills 4G/5G or LTE stick for ROS7/CHR

Since CHR is running as a guest virtual machine it can’t access the LTE/NR device directly through ROS. This means device management has to be handled by the host OS and then passed on to CHR as a regular network device. So you’ll need to find an LTE/NR device that’s compatible with your virtual hos...
by Larsa
Sat Aug 10, 2024 2:43 pm
Forum: Announcements
Topic: v7.16rc [testing] is released!
Replies: 223
Views: 69220

Re: v7.16rc [testing] is released!

Just a heads-up about the Linux kernel support lifecycle: LTS now typically lasts around 2-5 years while SLTS/CIP is supported for a minimum of 10 years from the initial release but might go on much longer. https://en.wikipedia.org/wiki/Linux_kernel_version_history https://lwn.net/Articles/749530/ h...
by Larsa
Wed Aug 07, 2024 7:12 pm
Forum: General
Topic: 5G for HOME NETWORK
Replies: 16
Views: 2759

Re: 5G for HOME NETWORK

Put your iPhone in Field Test Mode using *3001#12345#* and compare the IDs (PLMN/NCI ie NCGI, etc) to those on the NR7102 to make sure your antenna is pointed at the right tower. Start by connecting your computer directly to the NR7102 when running the performance tests.
by Larsa
Wed Aug 07, 2024 2:14 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

And as I’ve tried to explain pretty clearly several times, running a user-space network stack like FD.io/VPP/DPDK in an embedded kernel-based network operating system like ROS just doesn’t work. But it seems like it’s not really sinking in because people either don’t seem to understand the issues or...
by Larsa
Sun Aug 04, 2024 8:12 am
Forum: General
Topic: QoS Hardware Offloading (QoS-HW)
Replies: 79
Views: 18285

Re: QoS Hardware Offloading (QoS-HW)

As I mentioned, these are just L2 helpers for the old v1 which you can manage without using other methods but as most installations are running v3 (UDP) it really doesn’t matter. Anyhow, since this is just a user forum you'll probably get better answers by emailing Mikrotik at 'support@mikrotik.com'...
by Larsa
Sun Aug 04, 2024 12:27 am
Forum: General
Topic: QoS Hardware Offloading (QoS-HW)
Replies: 79
Views: 18285

Re: QoS Hardware Offloading (QoS-HW)

Maybe you should study how RoCE and its different versions work. V1 operates at L2 with various helpers according to DCB (e.g., PFC, ETS, etc.) which sometime is called lossless Ethernet. But you can also manage without it by using other means like standard switches and handling the flow controll in...
by Larsa
Wed Jul 31, 2024 8:51 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Re: ... Did you test VyoS 1.5 rolling + VPP addons how is it? ... @TomjNorthIdaho wrote: I have not played around with the VPP addons yet. I only updated to the latest rolling release to get the faster control plane. And wow :) I will be testing the VPP add-on packages on my lab network test router...
by Larsa
Wed Jul 31, 2024 7:48 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Hey guys, since this is a MikroTik forum would you mind continuing the VPP/VyOS/pfSense lab discussions elsewhere? Maybe on their respective mailing lists, user forums or perhaps Reddit? :D
by Larsa
Wed Jul 31, 2024 3:35 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Those customers who buy these customized solutions operate in a completely different market segment than the current product range Mikrotik offers. Plus, Mikrotik doesn’t have the expertise or resources needed to develop brand a new user-space NOS. Only companies like Cisco have the muscle for that ...
by Larsa
Wed Jul 31, 2024 12:19 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

VPP/FD.io/DPDK/SNABB, etc. = User space networking. eBPF/XDP = (Semi) kernel space. CHR = RouterOS for virtual machines in kernel space. Going with a user-space solution would require some serious iron and building a brand-new control plane to create a versatile router like ROS used in the current p...
by Larsa
Sun Jul 28, 2024 11:49 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Alright, good to know. Have an awesome trip!
by Larsa
Sun Jul 28, 2024 11:44 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Now it's my turn to be curious. The cruise ship we went on a few years back had incredibly slow internet (ie no starlink at that time). How's the internet situation on the ship you're on?
by Larsa
Sun Jul 28, 2024 11:33 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Check out my previous post, I made some changes.
by Larsa
Sun Jul 28, 2024 11:23 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

I just realized I made a mistake (10.147.17.100/24 instead of 10.147.17.0/24) so that's probably why the first attempt didn't work. I've corrected the previous posts with 10.147.17.0/24 . But anyhow, 10.147.17.0/24 is intended to match all IP addresses in the entire ZeroTier subnet. The setting ' 19...
by Larsa
Sun Jul 28, 2024 11:02 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Disable the previous src-nat command and try the following. Replace XXXX with the name of your LAN interface, like ether1 or bridge etc. ' /ip firewall nat add chain=srcnat src-address=10.147.17.0/24 out-interface=XXXXX action=masquerade ' If that doesn’t work, you’ll need to start tracing the traff...
by Larsa
Sun Jul 28, 2024 10:38 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Then you only need the following, assuming the Zerotier interface is still named 'zerotier1': # Allow routing from Zerotier to your local network and access to the router. /interface list member add interface=zerotier1 list=LAN # masquerade all traffic from zerotier to your local network /ip firewal...
by Larsa
Sun Jul 28, 2024 9:39 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

And the other question: Do you want 1) LAN access only from Zerotier, or 2) access in both directions?

Option 1 is easily solved with srv-nat/masquerade on the MikroTik.
Option 2 requires routing to and from the default gateway.
by Larsa
Sun Jul 28, 2024 9:10 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

What's the local (LAN) and Zerotier IP address on the MikroTik device? Do you want LAN access only from Zerotier or do you want it both ways?
by Larsa
Sun Jul 28, 2024 8:54 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Yeah, that sounds like a good idea! As long as the MikroTik is an ARM-based device running ROS you can install ZeroTier on it.
by Larsa
Sun Jul 28, 2024 7:16 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

As I explained earlier, you need to add a route for 10.147.17.0/24 to 192.168.1.33 in pfSense and enable packet forwarding on the Windows machine. Since this isn't a Mikrotik issue and if you need further assistance with pfSense routing or fixing Tailscale, I'd suggest checking out the official Netg...
by Larsa
Sun Jul 28, 2024 6:51 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Tailscale is available as an official package for pfSense and works just as well as Zerotier. But whether you're using Zerotier on a Windows machine or Mikrotik you'll need to point your default gateway to where you're running Zerotier as I explained earlier. Another option is to use src-nat or masq...
by Larsa
Sun Jul 28, 2024 6:33 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

I’d install ZeroTier directly on your pfSense (assuming it’s the default gateway). It'll make everything a lot easier and you won't have to worry about the Windows box and Mikrotik at all. Then you'll have access to all the devices on your local network directly from the ZeroTier network and vice ve...
by Larsa
Sun Jul 28, 2024 6:24 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

Alright. On PFsense which I’m guessing is the default gateway to the internet, add a route for 10.147.17.0/24 that points to the Windows box at 192.168.1.33 (which should have the Zerotier address 10.147.17.100). You have to enable packet forwarding on Windows to allow routing. That's it! What role ...
by Larsa
Sun Jul 28, 2024 6:11 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

What's the local address of the Windows machine where Zerotier is installed?
by Larsa
Sun Jul 28, 2024 6:01 pm
Forum: General
Topic: Setting up ZeroTier…error following documentation
Replies: 36
Views: 1281

Re: Setting up ZeroTier…error following documentation

- You either need to have 10.147.17.100 as the default gateway or add a route for 10.147.17.0/24 on the default gateway pointing to the device where Zerotier is installed. - No extra routing rules are needed. - Add the Zerotier interface 'zt1' to the LAN interface list to allow access to your local ...
by Larsa
Sun Jul 28, 2024 4:48 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Well, I've read some (general) articles on VPP ... and I still don't get it: why is it orthogonal to embedded NOS such as ROS? To fully utilize VPP ( What is VPP? ) as a fully-fledged router you need to pair it with a user-space network stack that has all the necessary capabilities using frameworks...
by Larsa
Sat Jul 27, 2024 12:24 am
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

Well, it won’t work with the current product line. Study the basics and you’ll understand why.
by Larsa
Fri Jul 26, 2024 11:59 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

VPP is user-space software, used in projects like FD.io, DPDK and similar. It's not suitable for embedded network OS environments like ROS.

EDIT:
The above applies to OSes like pfSense, VyOS, BSD, and others.
by Larsa
Fri Jul 26, 2024 8:42 pm
Forum: Virtualization
Topic: Feature Request - CHR - VPP & ISO version CHR ROS
Replies: 42
Views: 2814

Re: Feature Request - CHR - VPP & ISO version CHR ROS

1. CHR is designed to run in virtual environments and can easily handle Tbps without any issues. But if you really want to run bare-metal, go for ROS x86_64. But why? Properly set up virtual environments are just as fast as bare metal and are way easier to manage. 2. VPP is a user-space solution and...
by Larsa
Thu Jul 25, 2024 11:47 pm
Forum: Scripting
Topic: [BUG] REST endpoint producing invalid JSON
Replies: 3
Views: 620

Re: [BUG] REST endpoint producing invalid JSON

Since this is only a userforum, please report bugs directly to Mikrotik by opening a ticket at https://mikrotik.com/support or sending an email to 'support@mikrotik.com'.
by Larsa
Thu Jul 25, 2024 12:49 pm
Forum: Wireless Networking
Topic: Does size of antenna matter?
Replies: 64
Views: 3708

Re: Does size of antenna matter?

Somewhat OT but remember that MIMO also takes advantage of interference through multipath propagation. So in most cases the quality of the DSP is more important than the antennas, especially for indoor devices.
by Larsa
Wed Jul 24, 2024 10:36 am
Forum: Beginner Basics
Topic: IPsec VPN - NAT rule to reach the server
Replies: 6
Views: 508

Re: IPsec VPN - NAT rule to reach the server

Okay, that sounds odd. The IPsec policy is usually pretty straightforward: the src-address and dst-address represent which local networks (subnets) the traffic should be encrypted between. The sa-src and sa-dst addresses are the respective WAN (internet) endpoint addresses for the encrypted tunnel. ...
by Larsa
Wed Jul 24, 2024 9:31 am
Forum: Beginner Basics
Topic: IPsec VPN - NAT rule to reach the server
Replies: 6
Views: 508

Re: IPsec VPN - NAT rule to reach the server

@TheCat12 has already hinted at how the policy should look for the LAN src address 192.168.1.0/24.
by Larsa
Mon Jul 22, 2024 10:11 pm
Forum: Wireless Networking
Topic: Does size of antenna matter?
Replies: 64
Views: 3708

Re: Does size of antenna matter?

Possibly gold plated coat hangers ...

Yeah, but of course! It’s obvious that the more expensive the cable, the better the quality of the electrons passing through it, which means a better signal -- everyone knows that! :D
by Larsa
Mon Jul 22, 2024 9:55 pm
Forum: Beginner Basics
Topic: Best gear to receive 4G/5G signal to a cottage
Replies: 3
Views: 415

Re: Best gear to receive 4G/5G signal to a cottage

Run a speed test with a 5G-enabled phone to get an idea of what speeds you can expect before buying an indoor 5G product from MikroTik. If you need a 5G outdoor device with a directional antenna you'll have to look for another brand.
by Larsa
Fri Jul 19, 2024 9:40 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 644
Views: 219081

Re: v7.15.2 [stable] is released!

Short mode is 16 bits and long mode is 32 bits for path cost. The same mode needs to be set on all switches in the network to function.
by Larsa
Thu Jul 18, 2024 6:06 am
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1045

Re: Which VPN to connect 2 MikroTiks overe WAN?

You still have some incorrect settings with those results. With the correct IPsec settings you should get at least 200 Mbps and the CPU usage should basically be zero with a hAP ac³ at both ends. What WAN speed does the ISP provide?

Btw, don’t run throughput tests with Cake enabled anyway.
by Larsa
Thu Jul 18, 2024 12:32 am
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 2260

Re: Wireguard and iOS [SOLVED]

Weird, because when I mentioned all the fuss on Reddit last fall she said it was just a few customers who had systematically underreported active nodes (which they initially claimed were passive) and got a hefty raise after measuring and presenting the actual numbers. Nothing more to it.
by Larsa
Wed Jul 17, 2024 11:51 pm
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1045

Re: Which VPN to connect 2 MikroTiks overe WAN?

Haha Yeah, right?! 😉😘
by Larsa
Wed Jul 17, 2024 8:57 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 2260

Re: Wireguard and iOS [SOLVED]

Glad you managed to solve it! Regarding ZeroTier, there have never been any real issues with the licenses, either for us or our customers. It was just a bunch of clueless morons on Reddit spreading a lot of FUD because of a clumsy/unclear wording from sales that got changed pretty quickly. Reddit is...
by Larsa
Wed Jul 17, 2024 8:11 pm
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1045

Re: Which VPN to connect 2 MikroTiks overe WAN?

Surprisingly, WireGuard seems to be best performer!

Then you are doing somthing wrong if you get better speed with WireGuard than IPsec with hardware acceraltion. Check hAP ac³ IPsec single tunnel test result
by Larsa
Wed Jul 17, 2024 5:53 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 2260

Re: Wireguard and iOS [SOLVED]

Larsa, I was a huge fan of it... When it was $500 a year. If you check around... About a year ago Zerotier started reaching out to users and telling us they wanted to change the yearly to $7000 or more. What've you been reading lately, Reddit chit-chat? :D The "Pro" business license is $2...
by Larsa
Wed Jul 17, 2024 1:04 pm
Forum: Beginner Basics
Topic: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please
Replies: 36
Views: 2414

Re: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please

@anav - IN TERMS OF JOB SECURITY...

/system clock
set time-zone-name=Europe/Paris
by Larsa
Wed Jul 17, 2024 12:36 pm
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 2260

Re: Wireguard and iOS [SOLVED]

Okay, I didn't quite catch the main issue you're facing but ZeroTier is free for personal use with unlimited networks up to 25 devices anyway and the commercial licenses are among the cheapest out there. As for Wireguard, I've never really had any issues with Apple devices and the only problem I've ...
by Larsa
Wed Jul 17, 2024 9:59 am
Forum: General
Topic: Wireguard and iOS [SOLVED]
Replies: 29
Views: 2260

Re: Wireguard and iOS [SOLVED]

Pro tip: Use ZeroTier for a way easier life without worrying about public IPs and all that. ;-)
by Larsa
Tue Jul 16, 2024 12:09 am
Forum: General
Topic: Which VPN to connect 2 MikroTiks overe WAN?
Replies: 15
Views: 1045

Re: Which VPN to connect 2 MikroTiks overe WAN?

To take advantage of hardware acceleration choose a tunnel type that uses IPsec encryption with AES but don't expect blazing speeds with the hAP ac³ , tho it'll definitely be much faster than Wireguard. Regarding EoIP , it's a LAN tunnel that transports Ethernet between two MikroTik routers (ie acti...
by Larsa
Mon Jul 15, 2024 2:12 pm
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 644
Views: 219081

Re: v7.15.2 [stable] is released!

There is a scroll bar, scroll to the right

Thanks, got it! IMO the UX is pretty crappy in this case but nothing Violentmonkey can't handle..
by Larsa
Mon Jul 15, 2024 11:48 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 644
Views: 219081

Re: v7.15.2 [stable] is released!

Thanks! It was "System > Resources" I was looking for. Yeah, it's buggy, all right.

EDIT: I wish version info could be presented in a more obvious place as standard so you wouldn't have to hack the webfig "skin" on each new instance to find it.

Screendump.png
by Larsa
Mon Jul 15, 2024 11:34 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 644
Views: 219081

Re: v7.15.2 [stable] is released!

Pro tip ...

1. Click "Design Skin"
2. Go to Resources
3. Click triangle button next to Version
4. Select "Add to Status page"

Looks promising though I'm unable to locate any tab/menu called "Resources" in Design Skin mode.. (v7.15.1). Anyone?
by Larsa
Mon Jul 15, 2024 11:17 am
Forum: Announcements
Topic: v7.15.3 [stable] is released!
Replies: 644
Views: 219081

Re: v7.15.2 [stable] is released!

How many places you want?

Somewhere where it's easier (ie obvious) to spot in the ordinary work space, please!
by Larsa
Sun Jul 14, 2024 2:51 pm
Forum: Beginner Basics
Topic: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please
Replies: 36
Views: 2414

Re: MikroTik Configuration 3 WAN 2 LAN and VPN Need Kind Help from Seniors Please

Considering the scope of this project (site-to-site tunneling with load balancing, advanced routing, Wi-Fi access points, PBX, Active Directory, etc.) and the technical expertise and experience needed to pull it off, if I were you, I'd pass on this (honestly, you'll never be able to handle this on y...
by Larsa
Sun Jul 14, 2024 12:01 pm
Forum: Forwarding Protocols
Topic: IPsec ikev2 between CHR on AWS and local mikrotik
Replies: 3
Views: 635

Re: IPsec ikev2 between CHR on AWS and local mikrotik

Yes, it’s possible. There are plenty of leads and step-by-step guides if you google: "AWS Mikrotik IPsec"
by Larsa
Sun Jul 14, 2024 10:42 am
Forum: General
Topic: masquerade over EOIP
Replies: 7
Views: 560

Re: masquerade over EOIP

Well, that is something that I try to also figure out, what is is the best approach for this. I did find EOIP implementation/examples quite straight forward, but.... no idea how is in case of zerotier . An IP-based tunnel like IPIP is just as simple to set up as EOIP using ipsec-secret. Also, there...
by Larsa
Sun Jul 14, 2024 12:02 am
Forum: General
Topic: masquerade over EOIP
Replies: 7
Views: 560

Re: masquerade over EOIP

Okay, but why use L2 (EOIP) instead of an IP-based VPN tunnel like WireGuard or even SD-WAN like Zerotier?
by Larsa
Sat Jul 13, 2024 7:30 pm
Forum: RouterBOARD hardware
Topic: RBM33G + 5G
Replies: 65
Views: 19586

Re: RBM33G + 5G

You sure the radio's on? Sometimes when a device is in config mode the radio gets turned off.
by Larsa
Sat Jul 13, 2024 5:37 pm
Forum: General
Topic: 5G for HOME NETWORK
Replies: 16
Views: 2759

Re: 5G for HOME NETWORK

To bond you also need to have control over the other side but you might use load balancing instead.
by Larsa
Sat Jul 13, 2024 5:04 pm
Forum: General
Topic: masquerade over EOIP
Replies: 7
Views: 560

Re: masquerade over EOIP

Since you linked the two networks together with EOIP it's basically like having two subnets on the same local network. You might want to consider hairpin NAT or a different approach like L3 VPNs (IPSec, Wireguard etc).

Could you explain in simpler terms what you're trying to achieve?
by Larsa
Sat Jul 13, 2024 2:25 am
Forum: General
Topic: How to monitor global internet traffic and its source? need help
Replies: 8
Views: 634

Re: How to monitor global internet traffic and its source? need help

@zx128k, you might also use the CALEA package for data collection. There are plenty of analysis tools available for that. There's also a built-in packet sniffer that while somewhat limited compared to CALEA is still pretty useful. https://wiki.mikrotik.com/wiki/CALEA EDIT: @Jotne's Splunk solution i...
by Larsa
Sat Jul 13, 2024 1:46 am
Forum: Scripting
Topic: Feature Request: native JSON parsing function [SOLVED]
Replies: 4
Views: 2264

Re: Feature Request: native JSON parsing function [SOLVED]

Yes, it does. Look for @Amm0's detailed explanations and examples on the matter.
by Larsa
Fri Jul 12, 2024 8:17 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 203
Views: 59792

Re: Feature Request : IPv6 Fasttrack

MT should look at DPDK in my opinion Two major things make DPDK unsuitable for the current product line: 1. DPDK is a pure userland solution while ROS is kernel-based. 2. DPDK's resource footprint is way too large to fit an embedded network OS like ROS. DPDK is normally used in highly specialized h...
by Larsa
Thu Jul 11, 2024 8:22 pm
Forum: RouterBOARD hardware
Topic: CubeSA 60Pro WATER DANGER
Replies: 53
Views: 14386

Re: CubeSA 60Pro WATER DANGER

Same problem, after 1 week outside full of water.
20240708_165116_2.png

Judging by the extent of the corrosion I'd wager the device in the picture has been exposed to the elements for quite a bit longer than just a week...
by Larsa
Thu Jul 11, 2024 8:53 am
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 995

Re: vrrp configuration with fully redundant switches

I am not using BFD. BFD is pretty lightweight with adjustable timers for how often control packets are sent and it doesn't really strain the CPU. It's highly recommended for L3 like iBGP in your case. You might also check if your upstream providers or IXP offers BFD. If that's the case, I'd definit...
by Larsa
Wed Jul 10, 2024 1:14 pm
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 995

Re: vrrp configuration with fully redundant switches

Let's see if it's something @skycanfiya might find interesting. Personally, I'm pretty curious where that 25-second delay is coming from in the current setup.
by Larsa
Wed Jul 10, 2024 9:49 am
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 995

Re: vrrp configuration with fully redundant switches

I was referring to R1-R3 (L3/BGP). L2 VRRP/LAG should kick in pretty much instantly. BTW, what do you mean by upstream LAG in this scenario?
by Larsa
Wed Jul 10, 2024 9:04 am
Forum: General
Topic: vrrp configuration with fully redundant switches
Replies: 15
Views: 995

Re: vrrp configuration with fully redundant switches

25 seconds sounds like a bit much. Are you using BFD?
by Larsa
Wed Jul 10, 2024 8:25 am
Forum: General
Topic: Layer 7 protocol question
Replies: 2
Views: 343

Re: Layer 7 protocol question

No, not really. At least not if you want some basic level of decent security protection.

Install ZeroTier, Tailscale or a similar SD-WAN (“from anywhere VPN”) solution on the cloud server for a hassle-free setup and administration.
by Larsa
Tue Jul 09, 2024 11:51 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1368

Re: Disable Routing Between Ports

I wish to have the unit behave as if it were 10 physically separate devices, with the only common connection being to the GPS NTP unit. I had originally pitched the idea of just buying more of the same GPS NTP devices (easiest to keep the network segregation), but with a couple of the VLANs having ...
by Larsa
Tue Jul 09, 2024 8:46 pm
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 203
Views: 59792

Re: Feature Request : IPv6 Fasttrack

Yeah, and the idea that the cache is gone in the current kernel is a myth and misconception. The current V7 kernel uses a more modern and secure network stack that divides the cache into distinct layers to achieve better efficiency where it’s needed most. Some relevant reading on the subject: Routin...
by Larsa
Tue Jul 09, 2024 4:35 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1368

Re: Disable Routing Between Ports

No routing whatsoever between routable interfaces, not even to default gateway if I recall correctly.
by Larsa
Tue Jul 09, 2024 2:32 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1368

Re: Disable Routing Between Ports

@mbovenka; Yeah, it should work unless routing to other subnets on the plant is needed.
by Larsa
Tue Jul 09, 2024 1:56 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1368

Re: Disable Routing Between Ports

@neki, your suggestion won't prevent routing between subnets (i.e VLANs). And why reset the entire config?
by Larsa
Tue Jul 09, 2024 1:06 pm
Forum: Beginner Basics
Topic: Disable Routing Between Ports
Replies: 22
Views: 1368

Re: Disable Routing Between Ports

@XplodingData, just create an address list like 'VLANS_NO_ROUTING'. Then, create a forward rule that drops all traffic coming and going to any address in the list for each corresponding VLAN address range. You can do this in WinBox/WebUI under IP > Firewall > Address Lists and IP > Firewall > Filter...
by Larsa
Mon Jul 08, 2024 6:57 pm
Forum: Virtualization
Topic: SRIOV and CHR
Replies: 4
Views: 804

Re: SRIOV and CHR

The CHR is totaly unaware if the virtual driver uses SR-IOV or not. It just uses the NIC that is provided by the virtual guest where the CHR is located. So if you can't see the NIC in the virtual guest configuration it won't either appear in the CHR.
by Larsa
Sun Jul 07, 2024 10:10 pm
Forum: Virtualization
Topic: SRIOV and CHR
Replies: 4
Views: 804

Re: SRIOV and CHR

SR-IOV is built into the device driver for the network card in your virtual host operating system so you won't actually see it in CHR. But you might notice that the CPU load and software interrupt rate are significantly reduced at full network throughput when SR-IOV is enabled. If the NIC doesn't sh...
by Larsa
Sun Jul 07, 2024 9:07 pm
Forum: Beginner Basics
Topic: why does this rule interfere with my doing "apt update"?
Replies: 11
Views: 747

Re: why does this rule interfere with my doing "apt update"?

@kendal; you forgott to add the interface list WAN otherwise everything gets redirected:

/ip firewall nat add chain=dstnat action=dst-nat in-interface-llst=WAN protocol=tcp dst-port=80 to-address=10.0.0.246 to-port=80 comment="myconf: HTTP"
by Larsa
Sun Jul 07, 2024 8:08 pm
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 789

Re: How to set or add IP Public from Modem directly to MikroTik

Sindy, good advice regarding the LAN ports! You only go down in flames once (usually :D).
by Larsa
Sun Jul 07, 2024 7:45 pm
Forum: General
Topic: Problem with l2tp over LTE [SOLVED]
Replies: 5
Views: 1794

Re: Problem with l2tp over LTE [SOLVED]

@nsarant; This is OT and I’m not trying to hijack this thread. The suggestion below doesn’t really fix your current issue with your own failover solution using scripts, but rather an alternative way to solve it: Set up a separate tunnel (of any type) for each WAN connection like Sindy explained and ...
by Larsa
Sun Jul 07, 2024 7:17 pm
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 789

Re: How to set or add IP Public from Modem directly to MikroTik

If you’ve already set it to bridge mode it shouldn’t matter since the Mikrotik will handle DHCP for you instead. But to be on the safe side you can disable it.
by Larsa
Sun Jul 07, 2024 2:47 pm
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 789

Re: How to set or add IP Public from Modem directly to MikroTik

Yeah, hard to say. Btw, since the WAN list name and service type are showing up as TR069xx I'm starting to think this menu might actually be the CPE admin menu, not the regular user interface. If that's the case, VLAN 1493 is hopefully terminated in the CPE. I mean, it's not common practice to force...
by Larsa
Sun Jul 07, 2024 11:58 am
Forum: General
Topic: How to set or add IP Public from Modem directly to MikroTik
Replies: 13
Views: 789

Re: How to set or add IP Public from Modem directly to MikroTik

Hi, I'm just guessing here but try changing the "connection type" to "bridge". Make sure the cable from the HG6145D2 is connected to the MikroTik WAN port. From Winbox, go to the IP menu -> DHCP Client and check if the interface gets a public IP address. Btw, switching to bridge-...
by Larsa
Sun Jul 07, 2024 8:35 am
Forum: General
Topic: AAA...router was rebooted without proper shutdown
Replies: 14
Views: 680

Re: AAA...router was rebooted without proper shutdown

@SMARTNETTT, please provide model, hardware config and full ROS export. Otherwise, no one here will be able to help you.
by Larsa
Sat Jul 06, 2024 11:38 pm
Forum: General
Topic: AAA...router was rebooted without proper shutdown
Replies: 14
Views: 680

Re: AAA...router was rebooted without proper shutdown

Yeah, specially when is was reported on a friday. @SMARTNETTT, I'm pretty sure nobody here at the user forum has the ability to scry with a crystal ball, so please share your server model, hardware configuration (eg type of nics etc) and ROS full export. Otherwise, we won't be able to help you beyon...
by Larsa
Sat Jul 06, 2024 9:34 pm
Forum: General
Topic: AAA...router was rebooted without proper shutdown
Replies: 14
Views: 680

Re: AAA...router was rebooted without proper shutdown

As I wrote in the other thread , hardware is pretty important when it comes to x86 but you still managed to omit the model and hardware configuration as well as a full export! Anyhow, in the case of 30 identical servers and only one failing I'm pretty sure it's a hardware issue. What's the SUP number?
by Larsa
Sat Jul 06, 2024 8:31 pm
Forum: General
Topic: Router was rebooted without proper shutdown
Replies: 10
Views: 5751

Re: Router was rebooted without proper shutdown

@SMARTNETTT: ROS on x86 has nothing to do with Haplite. Please create your own thread and include information about both hardware and software configuration (i.e. a full export). Regarding ROS on x86 bare metal, please be aware it's a tricky business thus you really MUST know what you're doing. Othe...
by Larsa
Fri Jul 05, 2024 12:39 pm
Forum: Scripting
Topic: Script - Error [SOLVED]
Replies: 5
Views: 2020

Re: Script - Error [SOLVED]

Since this is only a user forum, please report bugs directly to MikroTik by emailing 'support@mikrotik.com' or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk.
by Larsa
Fri Jul 05, 2024 12:10 pm
Forum: General
Topic: IPFIX data-set padding bug
Replies: 1
Views: 244

Re: IPFIX data-set padding bug

Since this is only a user forum, please help others by reporting bugs directly to MikroTik by emailing support@mikrotik.com or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk.
by Larsa
Fri Jul 05, 2024 9:26 am
Forum: Wireless Networking
Topic: Pseudobridge or Pseudobridge clone not work -> dhcp client in searching
Replies: 5
Views: 1270

Re: Pseudobridge or Pseudobridge clone not work -> dhcp client in searching

Since this is only a user forum, please help others by reporting bugs directly to MikroTik by emailing support@mikrotik.com or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk.
by Larsa
Thu Jul 04, 2024 7:12 pm
Forum: Announcements
Topic: Newsletter #119 | July 2024
Replies: 37
Views: 33688

Re: Newsletter #119 | July 2024

@pe1chl
Yeah, and a couple of outdoor units wouldn't hurt. One with a directional antenna for rural areas and one omnidirectional for urban areas.
by Larsa
Thu Jul 04, 2024 3:24 pm
Forum: Announcements
Topic: Newsletter #119 | July 2024
Replies: 37
Views: 33688

Re: Newsletter #119 | July 2024

Impressive switches! Looking forward to new hw offload capabilities for data center use. Hopefully RAM can be configured for traffic buffering..
by Larsa
Thu Jul 04, 2024 3:11 pm
Forum: Scripting
Topic: work in console not in script
Replies: 2
Views: 423

Re: work in console not in script

@felix34, remove the brackets from the first line ie: /interface/wireguard/peers :foreach Id in=[find disabled=no] do={ :put [get $Id comment] :put [get $Id last-handshake] } or: :foreach Id in [/interface/wireguard/peers find disabled=no] do={ :put [get $Id comment] :put [get $Id last-handshake] }
by Larsa
Thu Jul 04, 2024 12:36 am
Forum: RouterBOARD hardware
Topic: System rebooted because of kernel failure
Replies: 34
Views: 34827

Re: System rebooted because of kernel failure

Since this is a user forum, you'll probably get better help directly from Mikrotik by emailing 'support@mikrotik.com' or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk
by Larsa
Wed Jul 03, 2024 6:17 pm
Forum: Forwarding Protocols
Topic: send udp packet with destination 255.255.255.255 to other subnet In router
Replies: 5
Views: 837

Re: send udp packet with destination 255.255.255.255 to other subnet In router

I'v used a zlan Modbus gateway a long time ago but I remember we configured it locally for TCP before deploying it. But if I get it right you want to be able to perform the initial configuration with the device already in place on the other subnet, right? If you are absolutely sure you don't want to...
by Larsa
Wed Jul 03, 2024 2:38 am
Forum: Beginner Basics
Topic: How to open ports?
Replies: 12
Views: 1328

Re: How to open ports?

@adamantasaurus, here are some links to what appears to be a clear pedagogical explanation with step-by-step instructions:
- https://blog.shaharia.com/mikrotik-nat- ... m-internet
- https://99rdp.com/using-winbox-to-set-u ... orwarding/
by Larsa
Tue Jul 02, 2024 10:21 pm
Forum: General
Topic: 5G for HOME NETWORK
Replies: 16
Views: 2759

Re: 5G for HOME NETWORK

Here are some examples of affordable 5G/NR routers for outdoor use with PoE power: Zyxel FWA710, D-Link DWP-1010, Huawei 5G CPE WIN and Huawei CPE Pro 2.
by Larsa
Tue Jul 02, 2024 12:51 pm
Forum: General
Topic: mynetname.net down?
Replies: 14
Views: 1295

Re: mynetname.net down?

As a general guideline, don’t rely on Mikrotik IP Cloud (xxxx.sn.mynetname.net) for mission-critical operations.
by Larsa
Tue Jul 02, 2024 12:45 pm
Forum: General
Topic: Cloud/DDNS is not working *urgent*
Replies: 4
Views: 956

Re: Cloud/DDNS is not working *urgent*

@homtec: for your own good, don't rely on Mikrotik IP Cloud (xxxx.sn.mynetname.net) for mission-critical operations. Also, there is no support for dual stack environments.
by Larsa
Tue Jul 02, 2024 10:48 am
Forum: General
Topic: IP Cloud domains mynetname.net down again?
Replies: 10
Views: 2129

Re: IP Cloud domains mynetname.net down again?

Ping "support@mikrotik.com"...

EDIT
Since there doesn't seem to be any redundancy, we're only using IP Cloud as a backup and have already migrated production to Cloudflare DNS.
by Larsa
Tue Jul 02, 2024 10:37 am
Forum: Forwarding Protocols
Topic: send udp packet with destination 255.255.255.255 to other subnet In router
Replies: 5
Views: 837

Re: send udp packet with destination 255.255.255.255 to other subnet In router

255.255.255.255 (limited broadcast) is by default designed to work only on the local subnet (broadcast domain) otherwise you need to setup specific forwarding rules. As an alternative, you can use directed broadcast (e.g 192.168.1.255) or multicast. Is there a specific reason you can't have eth1 and...
by Larsa
Tue Jul 02, 2024 12:28 am
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 115919

Re: v7.16beta [testing] is released!

Yeah, it looks like the people who managed the “refactored DNS service internal processes” didn't carry out the most basic tests. It makes me wonder if they're even conducting CI/CD pipeline test automation at all..
by Larsa
Mon Jul 01, 2024 9:22 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 288
Views: 115919

Re: v7.16beta [testing] is released!

I had the same issue with WG DNS endpoints. Maybe this drop has the "overhauled" DNS?
by Larsa
Mon Jul 01, 2024 9:23 am
Forum: Wireless Networking
Topic: Feature Request: Add mac80211_hwsim support
Replies: 5
Views: 1150

Re: Feature Request: Add mac80211_hwsim support

Then I’m afraid you can’t use that either other than as a pure Linux router module.
by Larsa
Mon Jul 01, 2024 12:53 am
Forum: Beginner Basics
Topic: Tunneling internet traffic through IPsec tunnel
Replies: 8
Views: 1286

Re: Tunneling internet traffic through IPsec tunnel

Did you read my comment about requirements for IPsec?
by Larsa
Sun Jun 30, 2024 6:52 pm
Forum: General
Topic: Network redesign - 2 storey house
Replies: 18
Views: 960

Re: Network redesign - 2 storey house

@tilda, If you don’t need 24 Ethernet ports and can settle for 16, I’d definitely go for a CCR2004. It's so much easier to manage just one device for home use since it minimizes the hassle factor according to Murphy's Law. Plus, if you want to connect an SFP module it’s no problem at all as long as ...
by Larsa
Sat Jun 29, 2024 9:56 pm
Forum: RouterBOARD hardware
Topic: STH: MikroTik CRS520-4XS-16XQ-RM 16-port 100GbE Switch Announced
Replies: 0
Views: 890

STH: MikroTik CRS520-4XS-16XQ-RM 16-port 100GbE Switch Announced

" Aside from higher-end features, the MikroTik CRS520-4XS-16XQ-RM will be a higher-priced switch at $2795. At that price range, it is going to offer something very unique. A new switch with a management web GUI for the price of a used Mellanox SN2100 16-port 100GbE switch with a bit less connec...
by Larsa
Sat Jun 29, 2024 4:41 pm
Forum: Wireless Networking
Topic: Feature Request: Add mac80211_hwsim support
Replies: 5
Views: 1150

Re: Feature Request: Add mac80211_hwsim support

Mac80211_hwsim is a Linux kernel module designed for 802.11 development ie used by hw/sw developers. It would require highly specialized device drivers for ROS in order to interact with any type of virtual environment. Read this: https://www.gns3.com/community/featured/open-source-alternatives-for-w...
by Larsa
Fri Jun 28, 2024 9:51 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3/ax2
Replies: 72
Views: 7462

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

Any L2 ethernet frame size larger than the standard 1500 bytes (excluding the header) on your local network requires all other devices on the same network to have the same size. L3/WAN (PPPoE) is a different story. https://www.packetstreams.net/2018/07/t ... 3-mtu.html
by Larsa
Fri Jun 28, 2024 9:33 pm
Forum: Beginner Basics
Topic: Configure IPv6 over IPv4 from ISP
Replies: 9
Views: 1349

Re: Configure IPv6 over IPv4 from ISP

Hey @Ryuu19, I'm pretty sure GMO has some guidelines on the protocols they use for IPv6/IPv4 tunneling. Come back here once you've found the info and we'll help you configure your router.
by Larsa
Fri Jun 28, 2024 9:25 pm
Forum: General
Topic: Rate limit in PCQ above 4295Mb causing 'Error in rate - number expected!"
Replies: 6
Views: 767

Re: Rate limit in PCQ above 4295Mb causing 'Error in rate - number expected!"

Since this is a user forum, you'll probably get better help directly from Mikrotik by emailing 'support@mikrotik.com' or opening a ticket at their service desk: https://help.mikrotik.com/servicedesk/servicedesk
by Larsa
Thu Jun 27, 2024 3:56 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6447

Re: Which router for ~100 clients

Concur.

@ksx4system; If you’d read the thread you might have noticed they already bought a CCR2004.
by Larsa
Wed Jun 26, 2024 10:48 pm
Forum: RouterBOARD hardware
Topic: Ubiquiti SG4Pro replacement for lanparty.
Replies: 10
Views: 1336

Re: Ubiquiti SG4Pro replacement for lanparty.

The RB5009 is roughly the same as the UDM Pro in terms of performance, but ROS is way more versatile than UniFi OS.
by Larsa
Wed Jun 26, 2024 10:37 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1292

Re: Private LTE/5G Networking Question(s)

Yeah, but it's not as fun as running your own LTE/NR network at home. :-D The tricky part was getting the SIM card programming to work.
by Larsa
Wed Jun 26, 2024 8:38 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1292

Re: Private LTE/5G Networking Question(s)

Well, for 600 bucks you might get a whole bunch of capable multiband 2x2 MIMO transceivers for up to 10 dBm @ 6 GHz, like BladeRF, PlutoSDR, USRP, HackRFOne, etc. Hardly useless, I'd say. For let's say 1-2k, you get a whole lot more power as well.
by Larsa
Wed Jun 26, 2024 4:23 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1292

Re: Private LTE/5G Networking Question(s)

Read @optio's and my previous posts..
by Larsa
Wed Jun 26, 2024 10:40 am
Forum: RouterBOARD hardware
Topic: Ubiquiti SG4Pro replacement for lanparty.
Replies: 10
Views: 1336

Re: Ubiquiti SG4Pro replacement for lanparty.

CCR2004 gives you plenty of switch ports and more raw power to handle CPU-bound tasks like queue management to keep latency down using techniques such as fq_codel, cake, or similar. RB5009 is more suited for a home lab.
by Larsa
Tue Jun 25, 2024 6:11 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1292

Re: Private LTE/5G Networking Question(s)

Or buy second-hand real base stations from Nokia or Huawei with radios for around 500 bucks on eBay.

Like for example
https://www.ebay.com/itm/234631485117
by Larsa
Tue Jun 25, 2024 3:42 pm
Forum: General
Topic: Private LTE/5G Networking Question(s)
Replies: 15
Views: 1292

Re: Private LTE/5G Networking Question(s)

You can run 4G LTE/5G NR open source projects like open5gs/free5GC using srsRAN/OpenAirInterface on unlicensed bands like 2.4, 5/6 and 60 GHz, although coverage is limited due to signal strength regulations similar to Wi-Fi. Software-defined radios for lower bands cost around 1k bucks but those for ...
by Larsa
Mon Jun 24, 2024 3:24 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6447

Re: Which router for ~100 clients

I'd say Ubiquiti wireless products are pretty capable but their routers for business not so much. If you don't want to pay huge bucks for brands like Cisco or Juniper I think MikroTik performs quite well or even just as well in most cases.
by Larsa
Sun Jun 23, 2024 8:19 pm
Forum: General
Topic: Mikrotik with NAT64 & DNS64, LAN IPv6 WAN IPv4
Replies: 1
Views: 565

Re: Mikrotik with NAT64 & DNS64, LAN IPv6 WAN IPv4

It's in Arabic, so it can be a bit tricky to keep up... ;-)
by Larsa
Sun Jun 23, 2024 6:19 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6447

Re: Which router for ~100 clients

@daxyco: I don't think there's much to discuss about the number of hours, but if you've done business with him before, just refer to the previous hourly rate. Start by having a conversation with him and explain your position. If he is completely dismissive you can as a last resort complain about inc...
by Larsa
Sat Jun 22, 2024 7:48 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6447

Re: Which router for ~100 clients

Yeah, especially since the assignment appears to be a one-stop solution where the hours include meetings/pre-study, planning, responsibility for purchases, configuration, testing, deployment, and documentation, the hours seem to be more than reasonable. It’s primarily the customer's responsibility t...
by Larsa
Thu Jun 20, 2024 12:42 pm
Forum: General
Topic: Asking for help with LTE connection
Replies: 5
Views: 630

Re: Asking for help with LTE connection

Did you set up the firewall corretly? You need to set up a src NAT rule (masquarade)! And you need to set up "Use peer DNS and Add default route"! Yeah, that's probably correct if the default configuration has been wiped on the LHG. And on the wAP, the LTE interface has to be added to the...
by Larsa
Thu Jun 20, 2024 11:50 am
Forum: General
Topic: Asking for help with LTE connection
Replies: 5
Views: 630

Re: Asking for help with LTE connection

Usually, you only need to mess with the TTL for a SIM card meant for a regular phone or an extra "twin card" for a tablet with an unlimited data plan that you put in a router. This can sometimes be a lot cheaper than getting a dedicated mobile broadband SIM card, but things are slowly chan...
by Larsa
Wed Jun 19, 2024 11:52 am
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik PTP Near-Line-Of-Sight Solution

Like I mentioned in my previous post, the elevation map isn't detailed enough to determine how high the mast towers need to be for a clear line of sight.
by Larsa
Wed Jun 19, 2024 9:55 am
Forum: General
Topic: Route Netflix traffic via VPN
Replies: 23
Views: 2717

Re: Route Netflix traffic via VPN

Hi @pajapatak, could you please do us all a big favor and post your complete solution in the "Useful User Articles" forum? Thank you!
by Larsa
Wed Jun 19, 2024 12:50 am
Forum: General
Topic: winbox mac
Replies: 2
Views: 273

Re: winbox mac

by Larsa
Tue Jun 18, 2024 10:25 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik PTP Near-Line-Of-Sight Solution

1. 5G/NR solution for the blue place (the hangar) Approximate total cost for a three-year 5G unlimited data plan at max speed in France: Orange: 1800 EUR Bouygues: 1600 EUR SFR: 1200 EUR Free Mobile: 1100 EUR Plus a 5G outdoor router, aprox 450 EUR. In total, roughly 45 EUR per month for 36 months. ...
by Larsa
Tue Jun 18, 2024 9:00 pm
Forum: Beginner Basics
Topic: Tunneling internet traffic through IPsec tunnel
Replies: 8
Views: 1286

Re: Tunneling internet traffic through IPsec tunnel

Although this is beside the point, IPsec won't give you any performance advantages compared to OpenVPN unless both endpoints (i.e., both your routers) support AES hardware acceleration. If there is no hardware acceleration, consider using WireGuard instead. But since your home "router" CRS...
by Larsa
Tue Jun 18, 2024 6:51 pm
Forum: RouterBOARD hardware
Topic: Which router for ~100 clients
Replies: 69
Views: 6447

Re: Which router for ~100 clients

Great choice! IPsec should get you closer to 1 Gbps with a CCR2004 at both ends. With OSPF + BFD, you should be able to switch redundant routes within 5-10 milliseconds, depending on the settings. Btw, OSPF and BFD are very easy to set up. Additionally, you might consider ZeroTier as an easy way to ...
by Larsa
Tue Jun 18, 2024 6:13 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik PTP Near-Line-Of-Sight Solution

@dot02, I'm not quite following what you're trying to achieve here. Is the "green" antenna the target and where is the "blue" antenna located and used for? What exactly is your plan without using technical details? Is this for personal use or commercial purposes? You're describin...
by Larsa
Tue Jun 18, 2024 1:08 am
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 3649

Re: Marine Modem suitable for mast mounting

Yeah, hopefully. We'll see..
by Larsa
Tue Jun 18, 2024 12:47 am
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 3649

Re: Marine Modem suitable for mast mounting

Ain't Telit LM960A18 an LTE module? Do you know of any 5G/NR (SA/NSA) modules out there?
by Larsa
Tue Jun 18, 2024 12:22 am
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 3649

Re: Marine Modem suitable for mast mounting

Yeah, they should fit well. Btw, do you know of any 5G miniPCIe modules compatible with ROS v7?
by Larsa
Mon Jun 17, 2024 11:51 pm
Forum: Beginner Basics
Topic: PTPv2 functions in Router OS 7.14.3 [SOLVED]
Replies: 3
Views: 1833

Re: PTPv2 functions in Router OS 7.14.3 [SOLVED]

Since this is a user forum, you will probably get better help directly from Mikrotik by opening a ticket at https://mikrotik.com/support or sending an email to 'support@mikrotik.com'.
by Larsa
Mon Jun 17, 2024 11:19 pm
Forum: Beginner Basics
Topic: Firewall - 80 & 443 to Server
Replies: 3
Views: 584

Re: Firewall - 80 & 443 to Server

Yeah, change the title to "Don't read this" 😃_👍
by Larsa
Mon Jun 17, 2024 11:01 pm
Forum: General
Topic: Mikrotik and Dante/NDI AV in general
Replies: 9
Views: 3283

Re: Mikrotik and Dante/NDI AV in general

You can follow all updates to the manuals at https://help.mikrotik.com/docs/collector/pages.action?key=ROS. Click the link "show change"..
by Larsa
Mon Jun 17, 2024 10:49 pm
Forum: Useful user articles
Topic: Marine Modem suitable for mast mounting
Replies: 10
Views: 3649

Re: Marine Modem suitable for mast mounting

The Chateau won't last long in a marine environment even indoors due to the salty air. Besides, you don't want a long antenna cable because of signal loss. MikroTik should offer two types of 5G outdoor devices: one omnidirectional and one directional optimized for long-range connectivity in rural ar...
by Larsa
Mon Jun 17, 2024 10:18 pm
Forum: Forwarding Protocols
Topic: Mikrotik 3011 - Connection lost _OSPF used.
Replies: 1
Views: 443

Re: Mikrotik 3011 - Connection lost _OSPF used.

It might be a PoE issue with a 70-meter ethernet cable to the camera. What voltage are you feeding the MikroTik RB3011 with?

EDIT
Wait, you are using port 3 which doesn't have PoE out. Does this mean your camera is powered locally?
by Larsa
Mon Jun 17, 2024 9:15 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 155
Views: 48006

Re: Feature Request: IPSEC Improvements

A tip for everyone who needs this: Open a support ticket and describe a real use case that could motivate Mikrotik to add these features. Just posting in this user forum won't do much.
by Larsa
Mon Jun 17, 2024 9:11 pm
Forum: General
Topic: IPSec VTI
Replies: 60
Views: 24793

Re: IPSec VTI

A tip if you really need a VTI interface in your business: open a support ticket and describe a genuine use case that could motivate Mikrotik to move forward with developing this. Just posting in this user forum won't probably accomplish much.
by Larsa
Mon Jun 17, 2024 6:17 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik PTP Near-Line-Of-Sight Solution

For commercial operations to achieve a 3 km line of sight over treetops you will probably need at least two 100 foot (30m) lattice towers with foldable bases plus foundation casting and assembly which might be pretty expensive. For private use there are much cheaper single-pipe masts with guy wire m...
by Larsa
Mon Jun 17, 2024 4:46 pm
Forum: Useful user articles
Topic: WinBox for MacOS ??
Replies: 48
Views: 17843

Re: WinBox for MacOS ??

We probably won't get it faster by nagging and the dev team hardly looks at the forums either. Personally, I'd rather wait for a somewhat stable app. For example, BFD seemed to take forever, but the latest drop has been very stable and running without a single error for our OSPF/BGP setups for a ver...
by Larsa
Mon Jun 17, 2024 4:34 pm
Forum: Announcements
Topic: MikroTik Devices Controller
Replies: 361
Views: 253219

Re: MikroTik Devices Controller

Just be aware, Back-To-Home (BTH) is limited to only ARM and TILE architectures.
by Larsa
Mon Jun 17, 2024 2:35 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik PTP Near-Line-Of-Sight Solution

It's impossible to have a meaningful discussion if you don't clarify the purpose which can vary significantly when it comes to distance and speed. For low speed and long distance, there's Lora-WAN at 433/868/915Mhz depending on location. Otherwise, there's WiFi 2.4/5/6 Ghz and 60Ghz. That's it.
by Larsa
Mon Jun 17, 2024 1:31 pm
Forum: General
Topic: Access to Mikrotik from wireguard peer
Replies: 6
Views: 434

Re: Access to Mikrotik from wireguard peer

@zhouck, I'm just guessing here, but make sure you've added the Wireguard network interface to: Interfaces > Interface List > LAN
by Larsa
Mon Jun 17, 2024 12:46 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik PTP Near-Line-Of-Sight Solution

As I tried to explain, it's a frequency thing. What product categories are you referring to, for example LTE/5G or Wi-Fi and 60GHz PTP?
by Larsa
Mon Jun 17, 2024 12:39 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik PTP Near-Line-Of-Sight Solution

It all depends on the frequency you're using. The higher the frequency, the more important it is to have a clear line of sight. LTE 800/900 works fine without for a long distance, higher bands somewhat shorter and 60Ghz PTP as well as 5G/NR FR2 (mmwave) needs a direct line of sight. Then it depends ...
by Larsa
Mon Jun 17, 2024 12:24 pm
Forum: RouterBOARD hardware
Topic: Mikrotik PTP Near-Line-Of-Sight Solution
Replies: 27
Views: 2042

Re: Mikrotik Near-Line-Of-Sight Solution

I've never heard of it! What are Near- or Non-Line-Of-Sight products?
by Larsa
Fri Jun 14, 2024 8:49 pm
Forum: General
Topic: SDWAN on LTE device
Replies: 2
Views: 469

Re: SDWAN on LTE device

@daniel3083, check this link with Mikrotik ARM LTE/5G products that can run ZeroTier.
by Larsa
Fri Jun 14, 2024 12:56 pm
Forum: Beginner Basics
Topic: Zerotier and routing tables
Replies: 9
Views: 1104

Re: Zerotier and routing tables

You're most welcome! Feel free to get back with any further questions. :-D
by Larsa
Fri Jun 14, 2024 12:52 pm
Forum: General
Topic: Long Term release or new functions?
Replies: 22
Views: 1730

Re: Long Term release or new functions?

My vote is for a stable long-term release on par with ROS v6, then new features.
by Larsa
Fri Jun 14, 2024 11:19 am
Forum: Beginner Basics
Topic: Zerotier and routing tables
Replies: 9
Views: 1104

Re: Zerotier and routing tables

If you don't own the entire 91.168.0.0/22 range, it's probably wise to change it to something else. Otherwise, you risk routing your network traffic to the real owners out there on the interweb..
by Larsa
Thu Jun 13, 2024 11:25 pm
Forum: Beginner Basics
Topic: Zerotier and routing tables
Replies: 9
Views: 1104

Re: Zerotier and routing tables

That could very well be the case, but then there are a ton of typos in the first post. :-D
by Larsa
Thu Jun 13, 2024 8:46 pm
Forum: Beginner Basics
Topic: Zerotier and routing tables
Replies: 9
Views: 1104

Re: Zerotier and routing tables

The icon indicates that the chosen IP address range overlaps with a public (global) address space. Avoid using a public IP address spaces for your own LAN or the Zerotier network, instead choose a sufficiently large subnet from 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 (or allow ZeroTier to pick o...
by Larsa
Thu Jun 13, 2024 6:41 pm
Forum: Beginner Basics
Topic: Zerotier and routing tables
Replies: 9
Views: 1104

Re: Zerotier and routing tables

The RB1100AHx2 uses a PPC architecture which unfortunately doesn't support ZeroTier, but your Chateau does. You don't have to poke around with the routing tables yourself, just follow these simple steps: 1. Use ZeroTier Central (my.zerotier.com), go to Networks > Settings > Advanced > Managed Routes...
by Larsa
Thu Jun 13, 2024 10:07 am
Forum: Beginner Basics
Topic: Basic firewall hardening
Replies: 11
Views: 1133

Re: Basic firewall hardening

Excellent summary! This should be included as the introduction to the chapter "Securing Your Router."
by Larsa
Wed Jun 12, 2024 9:55 pm
Forum: Forwarding Protocols
Topic: OSPF not installing connected routes [SOLVED]
Replies: 5
Views: 1721

Re: OSPF not installing connected routes [SOLVED]

OSPF doesn't break any subnet relationships except the ones you configure it to. I suspect it might be due to some lingering static routes or maybe dynamic routes left over from other routing protocols. The fact that the GRE tunnel stopped working also points to this. Check routing tables and trace/...
by Larsa
Wed Jun 12, 2024 4:44 pm
Forum: Forwarding Protocols
Topic: OSPF not installing connected routes [SOLVED]
Replies: 5
Views: 1721

Re: OSPF not installing connected routes [SOLVED]

Try setting interface type=ptp on the tunnel (or possibly ptp-unnumbered for an unnumbered Cisco device). The network prefix for tunnel (ptp) interfaces should be the address of the endpoint. https://help.mikrotik.com/docs/display/ROS/OSPF#OSPF-Matchers . Something like this " add area=0 networ...
by Larsa
Sun Jun 09, 2024 11:05 pm
Forum: General
Topic: SQM - using FQ-CODEL in interface queues and fasttrack
Replies: 12
Views: 2840

Re: SQM - using FQ-CODEL in interface queues and fasttrack

It doesn't necessarily have to be BQL, custom-developed queue counters work just as well. Queue managers like fq-codel need these to get real-time information about driver queue length, etc.
by Larsa
Sat Jun 08, 2024 11:26 pm
Forum: Forwarding Protocols
Topic: Redistributing active IPsec tunnel destinations
Replies: 5
Views: 736

Re: Redistributing active IPsec tunnel destinations

I might've gotten everything wrong, and this is probably a really dumb suggestion since you already asked about and are using iBGP(?) for the internal network, but why not switch to an automatic full mesh with something like OSPF/PTP + BDF? Off the top of my head, it feels like that solution would b...
by Larsa
Fri Jun 07, 2024 10:58 am
Forum: General
Topic: Questions about IPSEC
Replies: 7
Views: 658

Re: Questions about IPSEC

I'm not quite sure which specific mode config you're referring to that's deprecated. As for split-include, you can do it but why would you want unencrypted traffic routed outside of the tunnel at all that could be exploited by attackers, so it's pretty important to be aware of the security risks inv...
by Larsa
Fri Jun 07, 2024 8:44 am
Forum: General
Topic: Questions about IPSEC
Replies: 7
Views: 658

Re: Questions about IPSEC

IPSec AES hardware encryption can matter a lot compared to WireGuard which uses only software encryption (ChaCha20).

IPsec is not limited to just IKEv2. Btw, how is it incomplete?
by Larsa
Thu Jun 06, 2024 10:46 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 2954

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

Great you got it working finally! Glad you didn't have to chase packets with a packet sniffer, right? :-D And thanks for the feedback, valuable info that confirms the issue!