MikroTik

aboiles

Don't know about where you are shipping to, but for me it's free shipping.
They could be fake, but I have purchased quite a few Mellanox and Arista cables on ebay and they have all been (so far) the real deal.

aboiles

mbovenka,
cisco switches, intel cards and any other devices that are finicky about the sfp+ modules.
I do keep a few for just those reasons.
And when I posted the link, the finstars were $16.00 US (now $20). Hard to beat the first or the current price.

aboiles

If the run does not have any major obstacles.
I have run active dac's up to 20 meters.
Here is a 15 M cable on ebay.
https://www.ebay.com/itm/New-Finisar-FC ... 3080916801

aboiles

I was receiving way too may errors.
Also the connections slowed way down when the router was reporting:
dns,error DoH max queue size reached, dropping query

I removed my DoH configurations, back to normal.

aboiles

Seeing DoH intermittent errors every few hours.
DoH is still working though, does anyone know if these errors are normal for DoH (using cloudflare).

Mar/22/2020 05:05:53 dns,error DoH connection error: Idle timeout - waiting data
Mar/22/2020 05:06:02 dns,error DoH not OK HTTP response: 504:

aboiles

Without the last one I was getting intermittent errors, with it I don't

aboiles

Changing to a ipv6 address breaks the DoH.
https://[2606:4700:4700::1111]/dns-query
Mar/20/2020 13:33:33 dns,error DoH connection error: resolving error
Mar/20/2020 13:33:35 dns,error DoH connection error: resolving error
Mar/20/2020 13:33:37 dns,error DoH connection error: resolving error

aboiles

For CloudFlare DoH. If exporting from chrome, export Cryptographic Message Syntax (p7b) and make sure to check the Include all certificates in the certification path. When you import the cert int RouterOS you should have 3 entries. DigiCert Global Root CA DigiCert ECC Secure Server CA cloudflare-dns...

aboiles

RoMON is still not working since v6.46beta34. on RouterBOARD 750G r3 mmips.

aboiles

RoMon does not work on .46b44. reverting to 46b38 it passes the connection.
Only tested on hEX (mmips)

aboiles

Can you check your configurations, the only thing I see that might be grong is the lifetimes.
Mikrotik 30min, Cisco 1 day.

aboiles

Try this and see if it helps.
I have had to use it for vpn's with other non-mikrotik routers/firewalls.

/ip firewall nat
add action=accept chain=srcnat protocol=udp src-port=500,4500

aboiles

SFP+ only works if mtu is set to 1500. Tried intel, fiberstore and ubiquiti modules. Router name: RB4011 Firmware: 6.46beta44 RouterOS: 6.46beta44 (testing) Licence level: 5 Board name: RB4011iGS+5HacQ2HnD Architecture: arm Memory: 1073741824 /interface ethernet set [ find default-name=sfp-sfpplus1 ...

aboiles

no change in results,
without tls - Invalid From
with tls - TLS handshake failed.
Do you want a supout sent to support?

aboiles

[admin@RB4011] > /tool e-mail export hide-sensitive
# sep/11/2019 00:20:25 by RouterOS 7.0beta1
# software id = 0BHM-Y5B5
#
# model = RB4011iGS+5HacQ2HnD
# serial number = 96B00AAFF9D5
/tool e-mail
set address=smtp.live.com from=antoniob@msn.com user=antoniob@msn.com

aboiles

Same error with from or without.
Same error with user and password.
Also if Start TLS is set to yes, you get TLS handshake failed.

aboiles

So under v7 it no longer uses the settings saved in /tool e-mail?
All scripts now have to use user and password?

aboiles

send from=antoniob@msn.com to=aboiles@hotmail.com subject="email test" body="email test"
works in 6.46b38 not in v7 though

aboiles

1. routeros-7.0beta1-arm.npk
2. RB4011iGS+5HacQ2HnD-IN
3. /tool e-mail Error sending email <>:invalid From address.

aboiles

You can try this and see if it helps, make changes as required. SITE B router /ip firewall nat add action=accept chain=srcnat comment="VPN to C" dst-address=172.21.0.0/16 src-address=192.168.20.0/24 /ip route add check-gateway=arp comment="VPN to C" distance=2 dst-address=172.21.0.0/16 gateway=bridg...

aboiles

Script is no longer functioning, no updates since last night.

aboiles

[admin@CHR-O] > /tool fetch mode=https dst-path=/disk1/filters.rsc url="https://bl .mikrotikfilters.com/fetch.phppriority=3"; status: failed failure: closing connection: <404 Not Found> 35.236.78.203:443 (4) [admin@CHR-O] > /tool fetch mode=https dst-path=/disk1/filters.rsc url="https://bl .mikrotik...

aboiles

what is the new password for a fresh install of chr.
admin- blank no longer works

aboiles

License error on prior chr versions with winbox 3.14rc1.
No issues with winbox 3.13

aboiles

Dave that sounds reasonable to me, could also be yearly subscriptions.
Say $50 yr 5 devices, $150 yr 15 devices.

aboiles

Tried to upgrade Hyper-V CHR from 6.42 to 6.43rc3 - FAILED No connection via winbox mac. Hyper-V terminal froze. Restored from backup, tied again - same result. Downloaded fresh CHR VHDX image. pasted configuration and nothing worked. started fresh, and the only issue I could find was the interfaces...

aboiles

For us it's usually SMB, we have had to return to 2.3.
We thought 2.7 had fixed the issues of 2.5 and 2.6, but 2.7 drops to back crawling without any rhyme or reason, so we had to go back to 2.3.

aboiles

That is a working vpn, can you post a traceroute from one end point to another.

aboiles

I didn't use wireless,bridges and master port.
You said a vpn between two RB951G-2HND.
How are interfaces 2-5 configured and is there anything plugged in to those ports.
And can you please use winbox and let us know if the route is flagged green or not.

aboiles

Check out post viewtopic.php?f=2&t=127198
near the bottom.

aboiles

From what you have posted, this configuration should work. But please verify the info is correct for your 10.1.1.10 router. Reverse the info for the other router. Though it looks like you have your wireless enabled, are you running in master/slave or bridge mode on your ports? If you are running in ...

aboiles

under ip route in winfig is the route flagged green?
and you still can't ping the other routers lan ip address from your local router?

this is my normal setting if I need to work router to router on a site to site vpn.

aboiles

When all else fails on a vpn. I add a route.
Try this and see.

10.1.1.20
/ip route
add check-gateway=arp comment="VPN to ?" distance=2 dst-address=192.168.22.0/24 gateway=ether2

10.1.1.10
/ip route
add check-gateway=arp comment="VPN to ?" distance=2 dst-address=192.168.44.0/24 gateway=ether2

aboiles

I was hoping for news of the CRS328-24P-4S+RM.
Any info on release date?

aboiles

I am interested in your modification, my CSS326 is usually running about 69-70c.
Please let me know your results.

aboiles

Scheduler issue with v6.40 rc18. Tested and confirmed only on CHR. If the entry is set to run at startup with a recurrence, it will NOT run at all. If the same entry is set to ONLY run at startup, it runs correctly. If the same entry is set for recurrence ONLY, it runs correctly. Change it to run bo...

aboiles

Thanks Dave,
Script works great on the CHR now!

aboiles

Don't know Dave, I think it may have something to do with the software-id. I'm getting a blank for software-id from the chr's. [admin@router] > :put [/system resource get board-name] CHR [admin@router] > :put [/system resource get version] 6.40rc15 (testing) [admin@router] > :put [/system resource g...

aboiles

slightly modified the script by removing the extra spaces in the local info section and now have it running on a 2011UiAS-2HnD, 951G-2HnD and a CRS125-24G-1S-2HnD.
still fails on a CHR with the same error-All fields are required. Please update your script. dynamic.rsc

aboiles

tried both the auto installer - script ver 2017.5.2a
and the code ver 2017.5.30c.
Am still getting the All fields are required. Please update your script. dynamic.rsc

aboiles

Hello Dave,
The script has the ?, when pasted in terminal it disappears.
The log only has an entry of-
script error: expected command name (line 1 column 1)
The downloaded dynamic.rsc only has one line-
All fields are required. Please update your script.

aboiles

Hello Dave, I am now getting an error when I run the script- url="https://mikrotikfilters.com/download.phpget=dynamic&model=$model&vers ion=$ver&memory=$memory&id=$name&ver=$scriptVer&softid=$softid"; status: failed failure: closing connection: <404 Not Found> 172.102.241.58:443 (4) The script worke...

aboiles

CHR v6.39rc45 update error, the interfaces are missing.
console error- info failed: std failure: timeout (13)
system reboots at 16% when trying to run supout.

restored from backup (6.39rc41) and retried the package update, same results.

aboiles

Since you have not posted at least you config, it makes it hard to help you. it could be your issues are firewall related, try these and see if they help. /ip firewall address-list add address=172.20.14.0/24 list=ipsec /ip firewall filter add action=fasttrack-connection chain=forward comment=FastTra...

aboiles

nexthop should have been 172.20.14.1, not your gateway.
please post both sides of the vpn if possible.

aboiles

can you post the output of-

/ip ipsec remote-peer print

/ip route check xxx.xxx.xxx.xxx (valid ip of a system on the the destination lan)

aboiles

/ip firewall nat add action=accept chain=srcnat comment="VPN" dst-address=172.20.14.0/24 src-address=192.168.217.0/24 /ip route add check-gateway=arp comment="VPN" distance=2 dst-address=172.20.14.0/24 gateway= bridge (replace with your nomenclature) If it's configured correctly on the other end, it...

aboiles

I am currently blocking the private scopes via blackhole routes.
I just found out our ISP (Frontier FIOS) is routing some of the private scopes.
I am wondering if there is a correct way to implement these on a Mikrotik router.

aboiles

They should not be the same network-

This XXX:XX:XXX in "XXX:XX:XXX" in 2001:XXX:XX:XXX::1 should be "XXX:XY:XXX" in 2001:XXX:XY:XXX::1

see the manual- http://wiki.mikrotik.com/wiki/Manual:My ... v6_Network

aboiles

I am no longer able to update the CHR, /system license> print system-id: - level: p1 limited-upgrades:yes next-renewal-at: feb/21/2016 19:03:55 deadline-at: feb/16/2016 21:59:59 update purchased license, renewed from winbox and rebooted. system upgraded to 6.35rc11

aboiles

I am no longer able to update the CHR,

/system license> print
system-id: -
level: p1
limited-upgrades:yes
next-renewal-at: feb/21/2016 19:03:55
deadline-at: feb/16/2016 21:59:59

aboiles

Server 2012R2 CHR as VM Router OS c6.35rc2 Microsoft-Windows-Hyper-V-VmSwitch EventID 27 Networking driver in chr loaded but has a different version from the server. Server version 5.0 Client version 3.2 (Virtual machine ID 59ECB3F6-B990-41F1-9013-786895557B5C). The device will work, but this is an ...

aboiles

RB2011UiAS-2HnD upgrade from 6.34rc12 to 6.34rc16 resulted in endless reboot. RB951G-2HnD upgrade from 6.34rc12 to 6.34rc16 worked correctly UPDATE-- RouterBOOT booter 3.24 RouterBoard 2011UiAS-2HnD CPU frequency: 600 MHz Memory speed: 200 MHz Memory size: 128 MiB NAND size: 128 MiB Press any key wi...

aboiles

6.34rc5 shows in the tracker page, but is not accessible.
Download still shows 6.34rc3 as the latest.

aboiles

try https://www.mikrotik.com/download/route ... 33.torrent
but so far no seeders

Search found 55 matches