Community discussions

MikroTik App

Search found 86 matches

by dnordenberg
Wed Jun 30, 2021 9:15 am
Forum: General
Topic: Loop protect enhancement request
Replies: 2
Views: 304

Re: Loop protect enhancement request

Yes, G.8032 would be similar but as far as I can understand, all ring member switches needs to support it which is not the case when building a ring of all kinds of different industrial devices. Maybe in a distant future but as of today I have not seen a single industrial device supporting it so I'm...
by dnordenberg
Tue Jun 29, 2021 9:16 am
Forum: General
Topic: Loop protect enhancement request
Replies: 2
Views: 304

Loop protect enhancement request

Hi! Would it be possible to enhance the loop protect feature to be able to use it as a ring topology redundancy function? Today sending interval is 5s at lowest, way to high to make a ring break/connect almost "seamless". It would be great if this setting could be set to 0 meaning it will ...
by dnordenberg
Mon Jun 14, 2021 5:49 pm
Forum: General
Topic: RSTP question about backup port? [SOLVED]
Replies: 6
Views: 732

Re: RSTP question about backup port? [SOLVED]

I ended up with a a ping monitoring script on the root bridge device which pings remote mt devices plus a ICMP L2 fw blocking rule for the EoIP interface so if ping is timed out then the DSL must be down and links are running on 4G backup. I already had a similar script which monitored the 4G/EoIP i...
by dnordenberg
Mon Jun 14, 2021 8:29 am
Forum: General
Topic: Selective 1:1 NAT
Replies: 1
Views: 295

Re: Selective 1:1 NAT

Sounds like you want something like a full cone NAT on R2. I guess you want R1 to have a different IP/subnet than the rest of the LAN? That would be hard without a double NAT but one thing you might do to skip NAT on R2 is to just use normal routing on R2, adding a static route for LAN on R1 that po...
by dnordenberg
Sun Jun 13, 2021 11:54 pm
Forum: General
Topic: RSTP question about backup port? [SOLVED]
Replies: 6
Views: 732

Re: RSTP question about backup port? [SOLVED]

Its ok, just curious :)
So from the root bridge device, there is absolutly no way to tell which way is active? From there I would like to have a script that notifies me when the 4G backup path goes active but I guess that can not be done easily then?
by dnordenberg
Fri Jun 11, 2021 8:20 pm
Forum: General
Topic: RSTP question about backup port? [SOLVED]
Replies: 6
Views: 732

Re: RSTP question about backup port? [SOLVED]

Ah sorry fixed that :)

Ah, the last statement... I never understood that, great info :) But when is "backup port" used then? The ports facing the root bridge ports can never be the blocking ones then according to that so the role backup port is never ever used??
by dnordenberg
Fri Jun 11, 2021 5:38 pm
Forum: General
Topic: RSTP question about backup port? [SOLVED]
Replies: 6
Views: 732

RSTP question about backup port? [SOLVED]

Hi! I have three switches, first one is root bridge. To that one I have the two other switches connected via ethernet and a DSL line. Then I have a 4G modem connected to each MT device which each runs a EoIP tunnel in parallel back to root bridge switch. I set higher port path cost on each EoIP inte...
by dnordenberg
Thu Jun 03, 2021 3:30 pm
Forum: General
Topic: IPsec, policies after the first one get no phase2 from start but works after enable is clicked
Replies: 1
Views: 441

IPsec, policies after the first one get no phase2 from start but works after enable is clicked

Hi! After a network disconnect or a disable/enable of the asocciated peer entry I get a problem with the policies after the first one. First go "established" but the rest is "no phase 2". I only get an SA for the first policy. I have to click on each policy (winbox) and click the...
by dnordenberg
Mon Apr 26, 2021 6:54 pm
Forum: RouterOS v7 BETA
Topic: How much GPER slows down transmission?
Replies: 1
Views: 674

Re: How much GPER slows down transmission?

Mikrotik har stated that a full chain introduces no/0ms delay. It is basically a unmanaged 2 port switch and it uses store and forward switching so I guess it must add some latency. Switch chip is 88E6341. Sources https://forum.mikrotik.com/viewtopic.php?t=150611#p742235 https://forum.mikrotik.com/v...
by dnordenberg
Mon Apr 26, 2021 11:12 am
Forum: General
Topic: LoRaWAN usage examples?
Replies: 3
Views: 427

Re: LoRaWAN usage examples?

Tanks for your answer. So there are no possibilities for accessing the values collected locally at the site? Cloud services are not an option for us as a municipality, everything needs to work without connections to the internet :( How does the "host your own service" work? Clould is still...
by dnordenberg
Mon Apr 26, 2021 10:01 am
Forum: General
Topic: LoRaWAN usage examples?
Replies: 3
Views: 427

LoRaWAN usage examples?

Hi! I'm a bit confused as to what the LoRaWAN functionality can be used for? For example I have some remote solar powered 4-20mA sensors I want to access from my PLC. Can that be done by using something like http://www.netvox.com.tw/product.asp?pro=R718KA as remote device and a mikrotik LoRaWAN base...
by dnordenberg
Mon Apr 19, 2021 12:08 pm
Forum: General
Topic: Strange issue with a IPsec issue
Replies: 3
Views: 371

Re: Strange issue with a IPsec issue

Strange, today .178 works but still not .179. I also did another packet sniffer run and now I see packets do exit the mikrotik routers ethernet port when pinging but nothing is heard back when pinging from the host it didn't work from. Don't know if behavior is changed or if I was to blind to see th...
by dnordenberg
Mon Apr 19, 2021 8:34 am
Forum: General
Topic: Strange issue with a IPsec issue
Replies: 3
Views: 371

Re: Strange issue with a IPsec issue

Now the config: (Non IP related lines removed) /interface bridge add name=WAN_4G add name=WAN_kontor add comment="created from master port" fast-forward=no name=bridge_scada protocol-mode=none /ip ipsec peer add address=192.176.238.228/32 exchange-mode=ike2 name=ipsec_1 /ip ipsec profile s...
by dnordenberg
Mon Apr 19, 2021 3:07 am
Forum: General
Topic: Strange issue with a IPsec issue
Replies: 3
Views: 371

Re: Strange issue with a IPsec issue

Short story: IPsec tunnel 172.16.14.176/29 where .177 is the mikrotik RB450G (and default GW for all the other IPs on the subnet). A specific host on another remote subnet (other side of the IPsec tunnel) can not reach .178 and .179 IPs in the .14.176/29 subnet but other IPs work like .180 and .181....
by dnordenberg
Sun Apr 18, 2021 12:44 pm
Forum: General
Topic: Strange issue with a IPsec issue
Replies: 3
Views: 371

Strange issue with a IPsec issue

Hi! For a short story see post #2 I used IPsec many times with mikrotik and this time the setup was no different in it's setup but it is acting really strange. The tunnel uses 172.16.14.176/29 where .177 is the mikrotiks IP which is then default gateway for the rest of the devices (.178-.181) on thi...
by dnordenberg
Sat Apr 03, 2021 12:35 am
Forum: RouterBOARD hardware
Topic: Routerboard with M.2/5G?
Replies: 6
Views: 1444

Re: Routerboard with M.2/5G?

For the RB450Gx4 I use these https://www.moxa.com/en/products/accessories/mounting-kits/din-rail-mounting-kits/din-rail-mounting-kits Screws fits perfectly in two cassi holes, works with only one of the two in the kit but it will not be super stable (you can see in pic 2 it is tilted slightly) but I...
by dnordenberg
Thu Apr 01, 2021 10:30 pm
Forum: RouterBOARD hardware
Topic: Routerboard with M.2/5G?
Replies: 6
Views: 1444

Re: Routerboard with M.2/5G?

fix images.
Ah sorry, direct linking to Google photos did not seem to work :(
by dnordenberg
Thu Apr 01, 2021 9:05 am
Forum: General
Topic: IPSec VTI
Replies: 11
Views: 7498

Re: IPSec VTI

Not to mention that this would allow interop with many other router vendors IPSEC VTI based tunneling solutions. Ehm, I could be wrong here but my understanding is that VTIs are purely a local thing, the tunnel or other end does not know about if VTI is used or not at the opposite end. VTI should a...
by dnordenberg
Thu Apr 01, 2021 8:55 am
Forum: General
Topic: IPsec site to site tunnels, security issue question?
Replies: 10
Views: 1113

Re: IPsec site to site tunnels, security issue question?

While I'd like to have VTIs too, they're still L3 interfaces, so adding them to bridges is not possible. I think you may be wrong here, at least I hope so ;-) Yes they are L3 interfaces of course but isn't the whole point of VTIs is that they appear as a virtual hw like interface so you can use the...
by dnordenberg
Wed Mar 31, 2021 6:36 pm
Forum: RouterBOARD hardware
Topic: Routerboard with M.2/5G?
Replies: 6
Views: 1444

Re: Routerboard with M.2/5G?

Chateau won't work as an "industrial" unit in a electrical cabinet :(

Try do this with it:
by dnordenberg
Wed Mar 31, 2021 9:23 am
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 921

Re: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

Looks like mid 5GHz is selectable on some other APs too so mikrotiks usage is probably correct.
It may have been that the clients I had available for testing simply did not support mid 5GHz, we only had older devices to test with.
by dnordenberg
Wed Mar 31, 2021 9:16 am
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 921

Re: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

For Sweden , you have in the list: [admin@MikroTik] > interface wireless info country-info sweden ranges: 2402-2482/b,g,gn20,gn40(20dBm) 2417-2457/g-turbo(20dBm) 5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(23dBm)/passive,indoor 5170-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,pa...
by dnordenberg
Wed Mar 31, 2021 8:19 am
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 921

Re: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

In 5GHz band the instalation=indoor is even worse: most of indoor-only channels come with burden of DFS ... which means AP has to take measurements on channel to detect a possible radar and if it does, it needs to switch off transmissions immediately. Before it can select such channel for transmiss...
by dnordenberg
Tue Mar 30, 2021 10:54 pm
Forum: Wireless Networking
Topic: hap ac2 selects outdoor 5ghz frequency by default when indoor is selected
Replies: 8
Views: 921

hap ac2 selects outdoor 5ghz frequency by default when indoor is selected

Hi! A friend bought a hap ac2 and could not get 5ghz ssid to show up on his devices. I looked at it and didn't se any faults with his very default config. Only country was changed to sweden and installation was changed and indoor. After a while I see that an outdoor frequency of 5580 was selected wh...
by dnordenberg
Sat Mar 27, 2021 2:50 am
Forum: General
Topic: IPsec site to site tunnels, security issue question?
Replies: 10
Views: 1113

Re: IPsec site to site tunnels, security issue question?

Ah, I thought we were still talking about the situation without fw rules.
Absolutely right, allow rules and then dropp all at the end is a much better approach :)

Thank you!
by dnordenberg
Fri Mar 26, 2021 3:36 pm
Forum: General
Topic: IPsec site to site tunnels, security issue question?
Replies: 10
Views: 1113

Re: IPsec site to site tunnels, security issue question?

While I'd like to have VTIs too, they're still L3 interfaces, so adding them to bridges is not possible. Oh :( The IPsec policies' traffic selectors are intended to be restricted at both local and remote subnets, so for a local user with an address from subnet LA to access remote subnet RA, there m...
by dnordenberg
Thu Mar 25, 2021 5:55 pm
Forum: General
Topic: IPsec site to site tunnels, security issue question?
Replies: 10
Views: 1113

Re: IPsec site to site tunnels, security issue question?

Hi! Thank you so much for your answer :) I don't care what IP a user tries to set but I really don't want him to be able to gain access to networks on another policy than the one I intended for devices connected to the corresponding bridge. Ok so there isn't a way to "hard tie" a policy fo...
by dnordenberg
Tue Mar 23, 2021 7:39 pm
Forum: General
Topic: IPsec site to site tunnels, security issue question?
Replies: 10
Views: 1113

Re: IPsec site to site tunnels, security issue question?

No one who can point me in the right direction here? I don't need a full solution, just an hint on the right approach here. Do I need to create FW rules maybe which would be basically copies of the policies (but inverted)?
by dnordenberg
Mon Mar 22, 2021 5:12 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 32
Views: 8285

Re: Feature request: Make Quickset to be separate package

+1 I don't see the point of showing quickset on a already configured router, it is like a button of doom like mmut wrote. Maybe it should work directly only on a device without any config at all or a very default like configuration. If other settings is changed make quickset show a big disclaimer &q...
by dnordenberg
Mon Mar 22, 2021 12:08 pm
Forum: General
Topic: IPsec site to site tunnels, security issue question?
Replies: 10
Views: 1113

Re: IPsec site to site tunnels, security issues?

My example config below. I want to make sure it doesn't work if a user connects something on bridge_vpn1 and sets and IP of bridge_vpn2 subnet and that way could reach something outside the policy defined for his bridge_vpn1 subnet. I know it would not work straight away because router has another I...
by dnordenberg
Mon Mar 22, 2021 2:09 am
Forum: General
Topic: IPsec site to site tunnels, security issue question?
Replies: 10
Views: 1113

IPsec site to site tunnels, security issue question?

Hi! I have multiple IPsec policies for different local subnets for different purposes and each subnet is used by equipment on a specific ethernet port. Each subnet has a ethernet port assigned to a bridge interface and a matching IP (which is set as gateway on the devices on that ethernet port). Set...
by dnordenberg
Tue Mar 16, 2021 8:49 am
Forum: RouterBOARD hardware
Topic: Routerboard with M.2/5G?
Replies: 6
Views: 1444

Routerboard with M.2/5G?

Hi! I love the bare form of RB450Gx4 since it allows me to easily add DIN mounting brackets and use these devices in industrial cabinets. Only thing I'm missing is an M.2 slot+SIM card slot so we could install a LTE or 5G card inside too. I could use another RB model for 5G purposes but for some rea...
by dnordenberg
Wed Dec 30, 2020 3:42 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

G.8032v2 was on the roadmap. Maybe the Mikrotik guys can provide a status update ?
That would not help here anyway since it would be required on all devices in a ring.
by dnordenberg
Wed Dec 30, 2020 3:41 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

Seems like it could be the loop that is causing it, I had a slight idea the loop would cause problems but I thought if the switching back was fast enough the packet storm would be so fast it would not be noticeable. But it seems to completely block all traffic the exact same ms the loop is formed :(
by dnordenberg
Wed Dec 30, 2020 1:53 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

Some success :) Failover to ether2 works when both consecutive pings fail but when ring is completed again it is not detected :( There seems to be a problem when mac pinging ether2 from ether1 like this when they belongs to the same bridge, ping just don't go through then :( :local RingStatus 0 :do ...
by dnordenberg
Tue Dec 29, 2020 11:56 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

found this script which does about what I want. Seems ping will return number of successful pings as the return value? Manual for ping does not state this but maybe it is documented somewhere else...
viewtopic.php?t=125759#p619531
by dnordenberg
Tue Dec 29, 2020 11:41 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

If you are looking at sub 50ms, I doubt very much you will achieve this using scripts You can ping with 1ms resolution so that part is fine I guess. And the receive monitoring script would have to loop since you can't execute a new script instance faster than 1s. But I still believe it is possible ...
by dnordenberg
Tue Dec 29, 2020 1:38 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

Ya might want to take a look at spanning-tree and see what it can do. Spanning-tree will normally handle redundant L2 connections. In a ring enviornment, it is possible to have 1/2 the traffic go clock-wise and the other half go counter-clock-wise - and if the ring is broken then both directions wi...
by dnordenberg
Mon Dec 28, 2020 5:31 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

Hi! I'm thinking of trying to script this using pings. Starting a ping every few ms using a script is not hard but and then how to catch it on the other end in the best way? I'm thinking of using L2 mac ping and specify which port the packets goes out on and ping the second ports mac address. And th...
by dnordenberg
Thu Dec 10, 2020 7:56 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

G.8032 is definitely the way to go....would love to see this in the CRS3xx series. Not sure that is meant for industrial use where all the dual port devices functions as "dumb" switches? I think G.8032 will require this support on all nodes while MRP could work on only the "ring mast...
by dnordenberg
Thu Dec 10, 2020 10:16 am
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

Re: L2 ring redundancy protocol support?

There is also MRP https://en.wikipedia.org/wiki/Media_Redundancy_Protocol Which should deal with up to 14 switches at 10ms (and more switches at higer switch over times) I thought maybe it could be done with a looping script? One that sends a test packet and listens + count the timeout and if packet...
by dnordenberg
Wed Dec 09, 2020 7:23 pm
Forum: General
Topic: L2 ring redundancy protocol support?
Replies: 16
Views: 1568

L2 ring redundancy protocol support?

Hi! Is there a way to build a layer 2 redundant ring with routeros? This is often used with industrial equipment and switches where fast fail over is needed and (r)stp can't be used. I have used hirschman switches with their Hiper ring protocol in the past which basically send a test telegram around...
by dnordenberg
Thu Nov 05, 2020 6:34 pm
Forum: General
Topic: Failover for router hardware (not WAN)
Replies: 11
Views: 752

Re: Failover for router hardware (not WAN)

Ah, thanks! Sounds very similar to what I'm looking for :) Can VRRP also distribute config changes from master to backup nodes? Looks like that is left for the user to handle? VRRP (and HSRP) are intended to preserve the first hop, so that hosts can always reach their default gateway. The routers s...
by dnordenberg
Thu Nov 05, 2020 6:16 pm
Forum: General
Topic: Failover for router hardware (not WAN)
Replies: 11
Views: 752

Re: Failover for router hardware (not WAN)

You may want to have a look at this . It includes configuration synchronisation from active to standby. What is missing so far is synchronisation of connection tracking, but the RouterOS 7 beta supports that too (the functionality is linked to VRRP there). Ah thanks! Certainly looks like a interest...
by dnordenberg
Thu Nov 05, 2020 6:11 pm
Forum: General
Topic: Failover for router hardware (not WAN)
Replies: 11
Views: 752

Re: Failover for router hardware (not WAN)

It's tricky, trying to implement hardware failover can lead to more points of failure. For example, if the LAN is configured to use VRRP for failover between the two routers how would you connect the two routers to your network - if you use a switch that then becomes a single point of failure. Simi...
by dnordenberg
Wed Nov 04, 2020 4:06 pm
Forum: General
Topic: Failover for router hardware (not WAN)
Replies: 11
Views: 752

Re: Failover for router hardware (not WAN)

You're probably looking for VRRP.
Ah, thanks! Sounds very similar to what I'm looking for :) Can VRRP also distribute config changes from master to backup nodes? Looks like that is left for the user to handle?
by dnordenberg
Wed Nov 04, 2020 3:50 pm
Forum: General
Topic: Failover for router hardware (not WAN)
Replies: 11
Views: 752

Failover for router hardware (not WAN)

Hi! I'm trying to find some info about hardware fail over/redundancy. Everything I found about fail over is about WAN fail over but that is not what I'm looking for. I have a RB450Gx4 which does a lots of stuff, for example port forwarding/NAT specific services between some subnets, being a NTP serv...
by dnordenberg
Mon Sep 14, 2020 12:16 am
Forum: Announcements
Topic: WinBox v3.27 released!
Replies: 105
Views: 29033

Re: WinBox v3.27 released!

Not a new bug and don't know if it counts as a bug either or just a minor display deficiency but if you view packets during a packet dump you only see a empty line for every captured packet. You have have to stop the capture for them to fully display all columns of info.
by dnordenberg
Wed Aug 12, 2020 7:36 pm
Forum: Scripting
Topic: How to run this script as schedule ?
Replies: 2
Views: 40837

Re: How to run this script as schedule ?

The reason this will not work is that ssh is interactive and can not be run from scripts. Ssh-exec has to be used instead.
by dnordenberg
Wed May 27, 2020 3:54 pm
Forum: General
Topic: MAC monitoring using netwatch?
Replies: 0
Views: 518

MAC monitoring using netwatch?

Hi! I would like to setup a form of redundancy by taking over a specific IP (and send of packets a alternative route) if the primary layer 2 communication way to the original host/owner of that IP becomes unavailable. Because I will be taking over the IP by enabling it on the routeros device I don't...
by dnordenberg
Sat Apr 11, 2020 9:30 pm
Forum: RouterBOARD hardware
Topic: PowerBox Long cable PoE in = all PoE out Short Circuit
Replies: 9
Views: 4496

Re: PowerBox Long cable PoE in = all PoE out Short Circuit

FWIW, I use about 35m cat6 to power a powerbox pro FW 6.45. I do not use a poe injector, instead I splitted out 4-5,7-8 from cable and attached them to a 2A 24V DC supply with battery backup. Load is two ubnt AF5XHD about 200mA each and two ubnt airMax devices about 130mA each if I don't remember wr...
by dnordenberg
Mon Mar 30, 2020 7:39 pm
Forum: General
Topic: PPP tunnel problem
Replies: 2
Views: 1255

Re: PPP tunnel problem

And another extremely strange thing, turning on the packet sniffer seems to make communication behave much better. This is not a single happening, I can reproduce it over and over again, when the pps rate is rocketing I can calm it down instantly by starting the packet sniffer on the eth interface. ...
by dnordenberg
Mon Mar 30, 2020 7:27 pm
Forum: General
Topic: PPP tunnel problem
Replies: 2
Views: 1255

Re: PPP tunnel problem

Here is exactly the same communication seen from the ethernet interface instead of ppp-in. Looks better and shows traffic from both directions (but I had to disable HW offload on the bridge port otherwise I saw only rx packets?). But still some strange red packets in wireshark :( But not as many &qu...
by dnordenberg
Mon Mar 30, 2020 1:59 pm
Forum: General
Topic: PPP tunnel problem
Replies: 2
Views: 1255

PPP tunnel problem

Hi! I'm trying do do a PPP serial tunnel between two RB devices. It somewhat works but I have some strange fenomenas. First I seem to get a lots of junk traffic on the tunnel, I see that the lights of the serial connect is blinking extremly fast and until connection seem to reset and calms down a bi...
by dnordenberg
Mon Jan 20, 2020 7:03 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Wireguard Protocol
Replies: 166
Views: 62363

Re: Feature Request - Wireguard Protocol

Would be really nice, bringing in some a fresh modern feeling and options... Unfortunately to take full advantage of it you need a 5.6 kernel :( Routeros 7 is on 4.14 as this is a super long LTS kernel. Wireguard just missed the 5.5 which is expected to be the next super long LTS kernel so for route...
by dnordenberg
Mon Jan 13, 2020 11:11 am
Forum: General
Topic: IPsec policy question
Replies: 0
Views: 959

IPsec policy question

Hi! How do I define a ipsec policy which includes my own network easiest. All my VPN networks are small 172.16 subnets. Right now I have only this below which means I can talk to 172.16.2.0/25 from my local network 172.16.6.0/27 but no other networks is reachable but I want to change that. /ip ipsec...
by dnordenberg
Mon Jan 13, 2020 9:25 am
Forum: General
Topic: Wrong .npk filename for firmware bricks the device
Replies: 2
Views: 723

Wrong .npk filename for firmware bricks the device

Hi! If you happen to download the firmware twice so you get for example a routeros-arm-6.46.1 (1).npk, upload that to the router and reboot. Then system halts before loading kernel. Netinstall is required to bring the device back to life. I think the device should either handle the extra characters ...
by dnordenberg
Thu Jan 02, 2020 8:51 am
Forum: General
Topic: IPsec lockup, DPD not working?
Replies: 2
Views: 839

Re: IPsec lockup, DPD not working?

LE: nevermind. routeros IS the client. skip this post. too early for me.
Exactly :) No problem, thanks for trying to help anyway :)

Anyone else have any idea? I don't know where to start looking :(
by dnordenberg
Mon Dec 30, 2019 11:03 am
Forum: General
Topic: IPsec lockup, DPD not working?
Replies: 2
Views: 839

IPsec lockup, DPD not working?

Hello! I have some IPsec tunnels that sometimes seems to get stuck in a locked up state where no data is passed through them. I can not see any real reason, they just randomly decide to stop passing data for a period. I do have DPD configured but it does not seem to trigger on this for some reason. ...
by dnordenberg
Wed Dec 18, 2019 11:31 pm
Forum: Announcements
Topic: v6.46.1 [stable] is released!
Replies: 72
Views: 42276

Re: v6.46.1 [stable] is released!

Hi!
What is an "unregistered interface"?
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
by dnordenberg
Mon Dec 02, 2019 8:18 pm
Forum: General
Topic: IPSec VTI
Replies: 11
Views: 7498

Re: IPSec VTI

Yes, VTI support please, policy tunneling is not very user friendly to setup, I rather use traditional routing.
by dnordenberg
Sun Aug 11, 2019 2:14 am
Forum: General
Topic: Locked out of 2 routers!
Replies: 38
Views: 5394

Re: Locked out of 2 routers!

My problem must be something else then because i'm 100% sure I did not click ok in a quickset dialog. One of the routers was even failing after a upgrade from a working config and then there is no quick set auto opening. And at least in one case firmware downgrade worked for me (without config reset...
by dnordenberg
Mon Aug 05, 2019 10:52 am
Forum: General
Topic: Locked out of 2 routers!
Replies: 38
Views: 5394

Re: Locked out of 2 routers!

This is a bug of 6.45, it has happened to my with three different units. Factory default and rolling back 6.44 has been the solution it my cases. You can know for sure it really is a bug when the MAC addressing based connection in winbox also stops working, then it simply isn't an IP config issue :(
by dnordenberg
Sun Jul 28, 2019 1:49 am
Forum: General
Topic: Queues and bandwidth sharing
Replies: 3
Views: 1018

Re: Queues and bandwidth sharing

Hi! Thanks! That seems to do some packet dropping and at least total bandwidth does not go over the max limit :) A bit hard to tell if it really splits bandwidth equal between the child queues... One thing I can't really understand, shouldn't the parent queue also be sfq, same as the child queues? O...
by dnordenberg
Fri Jul 19, 2019 7:01 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 60089

Re: v6.45.2 [stable] is released!

Hi! Continuing here since 6.45.1 topic is now locked. A few days ago I updated two RB450G from 6.42, one to 6.45.1 and one to 6.44.5. Both seemed to work fine at that time. I logged into them after upgrade and everthing worked. Now a few days later I was at the site again, now winbox ses only the 6....
by dnordenberg
Wed Jul 17, 2019 9:16 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 143197

Re: v6.45.1 [stable] is released!

Yes as I wrote before, just keep the bridge settings made by the router config but remove the ether1 address config (dhcp client) and join it to the bridge (and change interface list membership, remove it from WAN). Not by using the quickset but as separate steps in the configuration. Then it could...
by dnordenberg
Wed Jul 17, 2019 4:51 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 143197

Re: v6.45.1 [stable] is released!

Yes the factory default nat router config works so I can reset it back to that. It's when I apply the bridge config that things gets weird...
by dnordenberg
Wed Jul 17, 2019 3:15 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 143197

Re: v6.45.1 [stable] is released!

configuring the device in bridge mode from the quickset menu results in a bad configuration where you are locked out. I did not do it exactly this way, I removed config completely after first startup (after factory reset). Then connected by MAC address, did the bridge config by hand and not trough ...
by dnordenberg
Wed Jul 17, 2019 12:59 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 143197

Re: v6.45.1 [stable] is released!

Upgraded a RB960PGS-PB from 6.42 something (factory) and lost administration connectivity. And with lost conectivity I mean I could not discover the device in winbox, not even see any of it's ports MAC addresses and connect to that while I was directly on one of it's ports. So not really an IP addr...
by dnordenberg
Wed Jul 17, 2019 10:25 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 143197

Re: v6.45.1 [stable] is released!

Upgraded a RB960PGS-PB from 6.42 something (factory) and lost administration connectivity. Almost empty config, no firewall, only a bridge1 with all ports and IP was set on bridge1. Reboot did nothing. I used reset button and it worked again at 192.168.88.1 but as soon as I removed config and added ...
by dnordenberg
Thu Jul 11, 2019 9:30 pm
Forum: General
Topic: Queues and bandwidth sharing
Replies: 3
Views: 1018

Queues and bandwidth sharing

Hi! I have looked at queues to make bandwidth usage "fair" among a number of users. I looked at PCQ a bit and tried using https://wiki.mikrotik.com/wiki/Cable_setup guide but I don't think it fits my setup and what I want to do perfectly :( First I have main router and on that I have a tru...
by dnordenberg
Fri Jul 27, 2018 10:42 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

Oh and there is a hAP ac2 that is even cheaper :)
by dnordenberg
Fri Jul 27, 2018 8:26 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

Oh, btw, I will probably have to offer hAP ac for the apartmenta and not hAP ac lite as the lite isn't gbit :( hAP ac is a bit expensive but seems to be the cheapest with poe in and gbit...
by dnordenberg
Fri Jul 27, 2018 8:21 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

Yes, VLANs as client isolation is what I'm most comfortable with :) The only thing that worries me about that is that maybe the CCR1009 is not built for handling VLANs because there is no switch cipset and what it is best for is real CPU intense routing? Handling VLANs in bridge/software might be a ...
by dnordenberg
Fri Jul 27, 2018 4:28 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

Thanks for your long and good answers. I think I'm more comfortable with the more flexible router solution then having to come back later saying they have to buy more stuff to fix my bad decisions :( Your first suggestion sounds good, everyone Will get at least minimum speed but more is available if...
by dnordenberg
Fri Jul 27, 2018 12:28 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

what type of connection is in every room? wired or wireless?? 1. if it is wireless why dont you setup RB1100AHx4 as CAPSMAN and set different bridge/subnet per CAP. this implies you install mikrotik ap in every room. 2. i have similar setup (with 50mbps internet line) with rb951ui-2hnd as main rout...
by dnordenberg
Fri Jul 27, 2018 12:11 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

In fact, when you get your internet delivered including NAT routing and your only requirement in fact is isolation of the clients, you could consider buying a switch that can do client isolation. I think (but I am not sure, so check it) that SwOS switches like the CSS326-24G-2S+RM can do that. Clie...
by dnordenberg
Fri Jul 27, 2018 1:01 am
Forum: General
Topic: NAT router with fair bandwidth distribution among clients [SOLVED]
Replies: 4
Views: 1215

Re: NAT router with fair bandwidth distribution among clients [SOLVED]

Ah yes, now I see, you are right. Thanks guys!
by dnordenberg
Thu Jul 26, 2018 11:19 pm
Forum: General
Topic: NAT router with fair bandwidth distribution among clients [SOLVED]
Replies: 4
Views: 1215

Re: NAT router with fair bandwidth distribution among clients [SOLVED]

As i understand it, this is all about fixed rates. Which would be a real waste of bandwidth. That is not what I asked about :(
by dnordenberg
Thu Jul 26, 2018 9:39 pm
Forum: General
Topic: NAT router with fair bandwidth distribution among clients [SOLVED]
Replies: 4
Views: 1215

NAT router with fair bandwidth distribution among clients [SOLVED]

Hi I would like to setup routeros to fairly distribute the available WAN port bandwidth among a number of clients (read subnets as one client has one subnet for himself). I read some on queues but all I can find is about absolute rate limit values. But I would like the rate limit to be dynamic. For ...
by dnordenberg
Wed Jul 25, 2018 7:39 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

Well it's not a professional ISP project, it more like a collective that wants to save money and use a single fiber as incoming. And they are not going to promise any higher speed for each apartment but of course they still wants as fast as possible... Yes I think maybe I can get them to buy the CCR...
by dnordenberg
Wed Jul 25, 2018 6:07 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Re: Router suggestion for 12 apartments sharing 1gbit [SOLVED]

CCR1009 is cool but price is a bit too high :( Found RB450Gx4, maybe a faster alternative to hEX. Cat6 cables are already installed from each apartment to one central location. Apartment are small and on only two different floors so cabling was not a problem. RB1100AHx4 is nice, the only thing I hav...
by dnordenberg
Wed Jul 25, 2018 4:08 pm
Forum: General
Topic: Router suggestion for 12 apartments sharing 1gbit [SOLVED]
Replies: 16
Views: 2768

Router suggestion for 12 apartments sharing 1gbit [SOLVED]

Hi I would appreciate some product recommendations for a router that can NAT roughly 1gbit normal traffic and have the power to do some traffic shaping so that one apartment can't use all the bandwidth and slow down internet for all the others. (I guess routeros has some functionality for doing this...
by dnordenberg
Wed Nov 22, 2017 10:43 pm
Forum: General
Topic: 6.41RC52 bug?
Replies: 0
Views: 596

6.41RC52 bug?

Hi!
Outgoing PPP connections does not show up in active connections like incoming, bug?