MikroTik

i4ko

Ok, good note on pppoe @pe1chl, my reasoning was that it is high time we move away from anything ppp. It is a holdout from the era before ikev2. Only case where you should still use pppoe v.s. ikev2 is devices/modems that have hardware framing based on ppp. The comment was good though, this type of ...

i4ko

Bottom line is, you're going to make somebody mad no matter what you cut out. To this point though, the complaining has to be more than the Same Ten People here on the forums. Agree, that is why my suggestion is for a lite version, but in addition to the full version. Lite version prioritizes stabi...

i4ko

Of course to save space many utilities are in a somewhat monolithic binaries, even if those are dynamically linked they still contain the code to do all the extra functionality. Separating into extra packages will only add more complexity and may not end up saving any space. That is why my suggestio...

i4ko

A version of routeros 7 that has reduced footprint (and reduced functionality) but works comfortably on 16mb flash devices. I started a separate thread viewtopic.php?t=205735 if anybody wants to comment and discuss what functionality the small flash devices can go without

i4ko

Hi, the MikroTik equipment is really nice, but the increased requirements of version 7 wrt flash space are being a significant blocker on devices that otherwise have enough RAM and CPU but still on 16mb flash. Such devices are sill sold today and the inability to reliably upgrade them without physic...

i4ko

If you add both vlan interfaces in the same bridge, then the bridge will switch the tags when packets pass though.
This link will help see what devices support what features https://help.mikrotik.com/docs/display/ ... p+Features

i4ko

Long time ago for me dhcp server would not work reliably if it was assigned to a subordinate port in a bridge (there was unreliable broadcast packet forwarding), so I had to assign the dhcp server to the root of the bridge. Since then I have mostly been using vlan subinterfaces on the Ethernet inter...

i4ko

Is the 192.168.1.149/24 in the same range that the DHCP server will assign to another client connected in that segment - if not - then you need to add secondary address on your machine in the 192.168.1.0/24 network as well. A more easy way would be to set that mikrotik with dhcp-client in the bridge...

i4ko

True, for accounting central is the way to go, but that is also overage, and then billing, collection, etc. This is to help give users the ability to enjoy good service when they are a good user, but stop them from blowing though the cap, and only take any action if they are actually over the cap by...

i4ko

Hi, this is more of a thought exercise. Here is the premise - provider side marketing allows 1250GB data cap a month, anything more is overage. Client (or provider CPE) wants to use Mikrotik device to facilitate easy compliance with the data cap. Here's the though - 1250GB per month are constant loa...

i4ko

Doesn't seem at all stable to me. On a RBwAPGR-5HacD2HnD with EC25-V LTE modem it was working normally when the lte modem was set to serial (from inside routeros; usbnet mode on the ec25 card is 2). After disabling the ppp interface setting the lte modem mode to mbim (from routeros, no change on the...

i4ko

Well, I don't agree fully with you pe1chl. Yes, the HEXr3 only has 16mg flash, which is extremely surprising. It is more expensive to buy 16mb flash chips than 128mb flash chips and has been for the last 4 years at least, but even with that: a) after copying the lists from another device that had th...

i4ko

That was a bust. Upgrading from previous long-term did not go well on a 750gr3. Basically lost all entries in all but one address-lists, and even the one that had entries had been truncated badly after the upgrade (~29000 entries showing only). What is interesting is that the address lists names wer...

i4ko

Thanks all who responded. After playing a bit I made it work. Here are the final firewall filter rules. They are not enough! /ip firewall filter add action=accept chain=input in-interface=ether5-wan ipsec-policy=in,ipsec src-address=192.168.223.8 add action=drop chain=input src-address=192.168.223.8...

i4ko

No entry in the arp table Maybe there aren't supposed to be, but it would think it'd show up there after the first ping attempt if anything was working. I don't expect it to. the private IP the client receives is not directly connected, not is there interface created for IPSec. I do expect a route ...

i4ko

I don't have to have specific rules for DNS< UDP and TCP You're talking about the firewall, but @own3r1138 is talking about the IPsec policy. When the client connects, the policy says how it gets an IP, what DNS it gets, what routes it gets, etc. this is the policy that gets generated when the clie...

i4ko

I can ping the client from the router Are you sure you aren't pinging the VPN interface? Does the output of "/ip/arp/print" include a mapping of the iOS device's MAC to assigned VPN IP? Quite sure. The response from the vpn IP comes back at LTE latencies. The one from the local loopback c...

i4ko

You don't have any allowed rules in the IPsec policy for DNS UDP or TCP, Also try to set a Local DNS server from the same range as the VPN address pool. also, try to remove the src address from your accept rules. do you have any drop rules besides that do you have a fast-track rule? is your WAN IP ...

i4ko

thanks for responding, again for me the rules don't match anything. my first 10 rules are equivalent of your rules 35,36,75 and 76, yet they dont not match. i can ping the client from the router just fine (and traceroute both icmp and udp) since that originates on the router and see a match when the...

i4ko

The setup was done according to that article. Diagram is simple: client(IOS 15.4.1)-LTE(t-mobile)-internet(IPV4)-router config export: /ip ipsec mode-config add address-pool=pool-ike address-prefix-length=32 name="modconf ike" split-include=0.0.0.0/0 static-dns=208.67.220.220 system-dns=no...

i4ko

Hi routeros 6.48.6 on 750G r3. IKEv2 setup with certificates with IOS 15.4.1 client. The client connects just fine, I can ping the client from the router, but the client is unable to access anything, even the router itself. Mode config sends default route (0.0.0.0/0). I tried sending just a local su...

i4ko

These are my observations on the last 2 long-term releases (6.46.7 and 6.46.8), there are things that just break that used to work before, and it is just annoying and frustrating. 1. False positive DFS detections Observed on RB952Ui-5ac2nD that is located on the ground floor of internal courtyard (m...

i4ko

This release is BROKEN. Upon upgrade from previous long term on several 750Gr3: [*]Bridge config almost always borked after upgrade: [*][*]certain ports get randomly disabled from the bridge config [*][*]certain bridges and their ports show "unknown/unknown" and are obviously broken - in c...

i4ko

-1 I have never had good experience with SQM as implemented in openwrt or ubnt ER. Practically most of the time SQM does hurt performance of TCP connections significantly. Mostly it does is introduce packet loss, and a lot of it. Now, the traffic I deal with is idiotic - sub-second bursts in the ord...

i4ko

7 beta 5, smips. When trying to work around the MTU hole with IPSEC IKEv2 I found out that the new version does NOT process MTU settings at all. The local router IP facing the machine is on a bridge interface. I tried setting MTUs on both the bridge and the actual ethernet port. Even if the MTU is s...

i4ko

7 beta 5. When creating IPSEC with IKEv2 there appears to be a MTU blackhole. In my particular case the actual MTU that passes is 1422 (ping size 1394), and anything above will just not return or pass. IP firewall does allow the detection of larger packets but there is no action to return fragmentat...

i4ko

As you can know V7 is in Beta testing and modules comes on each beta publish! https://mikrotik.com/download/changelogs/development-release-tree See all change logs ... Before take responsibility to test a development version you should read all information! Re modules - nonsense! I am speaking of h...

i4ko

Gave beta 5 a test - install is monolithic - packages are gone. :( Not possible to disable stuf fon routers that don't need those and conserve memory for useful things :( - e.g. wireless, ppp, ipv6, advanced tools to free up ram to run iBPG and/or MPLS Why is RIP still there? BGP is gone on those sm...

i4ko

major issues upgrading rb952Ui to 6.43.12 and 6.44 The upgrade to 6.43.12 from 6.43.7 went ok, but 6.43.12 caused the device to go into high cpu usage and eventually crash with autosup out being generated. The first 2 times this happened router got rebooted by customer in about 15-20 minutes. The th...

i4ko

i4ko , EIRP is not so much about the power as about the density of radiation, so for directional antennas the gain may easily be much higher than 1. Thanks Andriys. But isn't EIRP by definition equal distribution in 360 degree in all 3 directions (sphere), hence being called isotropic. A directiona...

i4ko

I put LHG-5HPnD (24.5dBi antenna gain) on one side and SXT Lite5 (16dBi) on the other. Both are elevated. It's only couple of trees in the middle. And it's winter now. I can't believe, respecting all regulations, my signal would be below -80dBm. Not with such high gain antennas on so short distance...

i4ko

Memory leak in proxy on HEX r3 still present. Behavior is the same as described in the 6.43.8 thread With proxy disabled the memory usage is around 42mb. If you enable the proxy but don't send any traffic the memory consumption stays at 42mb. As soon as you open the web proxy interface in winbox the...

i4ko

My 750Gr3s seem to show a memory leak in the proxy. With proxy disabled the memory usage is around 42mb. If you enable the proxy but don't send any traffic the memory consumption stays at 42mb. As soon as you open the web proxy interface in winbox the memory consumption jumps to 64mb (still no traff...

i4ko

i4ko - Most likely you will need to re-install devices by using Netinstall. However, I recommend that you send supout file from one of your routers to support. We might see in supout file what is filling up the space. Finally manged to update remotely. While on 6.41.1 disabled all packages except f...

i4ko

After upgrading from version 6.39.3 [BugFix] to 6.41.1 and then to 6.41.2, my device [RB751U-2HnD] presented wireless connectivity problems. I also upgraded the firmware, leaving it equivalent to the ROS. The causes of the problem could not be identified in the logs. Even after resetting and redoin...

i4ko

i4ko - Have you had other RouterOS packages installed on the device in the past? If you reboot router is space freed up? No and No What I noticed is that config backup usually used to take shy of 500kb. After the 6.41.1 upgrade, the config backup right now takes shy of 700kb, and there isn't that m...

i4ko

None of my 941-2nDs are able to upgrade. I have no files in files menu in winbox besides the regular ones. Yet the available space is only 6.9mb. The winbox will not start downloading the update, nor it is possible to upload a complete update file manually. I've tried recreating the flash folder an...

i4ko

None of my 941-2nDs are able to upgrade. I have no files in files menu in winbox besides the regular ones. Yet the available space is only 6.9mb. The winbox will not start downloading the update, nor it is possible to upload a complete update file manually. I've tried recreating the flash folder and...

i4ko

Disclaimer: I don't run a WISP (or work for any other IPS type organization in that matter any more), but do IT work for a bunch of old people and small businesses. Since you mention Netflix initially, while I'm not good at QoS on Mikrotik myself, I don't think this script will help. Or other L7 cla...

i4ko

Sure, but is that a market suitable for MikroTik? Well, something has to come up for replacing all the hap lites with their defective low-quality usb power sockets. I have another one (hap lite) where the power socket just came off the board, and this in not at a customer's location. So what does a...

i4ko

I am still having the same failure after 6.33 and 6.33.1. Tried different combinations of arp settings on the wan bridge and on the wifi both on and proxy, but the traffic still does not leave the wifi interface.

i4ko

I have a somewhat unusual config - a hap lite, with wireless in station mode, part of a bridge (call it wan-bridge) with eth1. Then there is a second bridge (call it lan-bridge), that has eth2 configured master, and then eth3 and eth4 are slaves. There is a nat running between the bridges, and eth1 ...

Search found 42 matches