Here's a detailed SSH log from when 10.10.30.254 is trying to connect to 10.10.30.253: tunneldevice any:any controlpersist no escapechar ~ ipqos lowdelay throughput rekeylimit 0 0 streamlocalbindmask 0177 root@officenas[~]# ssh -v 10.10.30.253 OpenSSH_7.5p1, OpenSSL 1.0.2s-freebsd 28 May 2019 debug1...

I have an EoIP tunnel overlaid on an L2TP/ipsec VPN. The L2TP/ipsec VPN connects from a hEX to an RB3011. The hEX is NAT'd behind an ADSL modem operating in PPPoE mode. The RB3011 has a static public IP address. The hEX is connecting to the L2TP server on the RB3011. The EoIP tunnel is then negotiat...

As of today, it was released into Linux 5.6 kernel to the general public.

Is there a fix in the works for CVE-2019-14899? For more information, please see: https://linux.slashdot.org/story/19/12/05/2022205/new-linux-vulnerability-lets-attackers-hijack-vpn-connections and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14899 and details of the exploit at: http://qn...

We are working on something for you as well. New extreme performance devices are in the works, as well as v7 BGP speed improvements are still on track. Hello Normis, Does that mean QSFP288 (100GbE) support is in the works? I'm guessing that's one of the big reasons v7 hasn't come out yet is to make...

Thank you Normis. As always you're helpful.

Hello All, Does MikroTik have any devices that support 802.11af wireless networking standard? I've tried doing a search, but all I end up with is a whole bunch of hits on people mistakenly using 802.11af (the WiFi standard) as the key phrase when they really mean 802.3af (the PoE standard). The reas...

I can confirm it was probably mailed out to everyone that was on the list. I had received it. I have not, however received any updates from MikroTik on the subsequent updates to VPNFilter status where essentially all devices running RouterOS were added to the original four cloud core router devices....

FWIW, I use the following related best practices when I set up a router that has a public-facing interface: reset all configuration settings, uncheck 'keep default settings' Disable all non-essential services: telnet http https ftp api secure api Create a whitelist of admin IP addresses/netmasks Add...

I've come across a bug in the ssh rendering code for 6.39.3. This bug is happening in other areas of the terminal as well, but this is the first chance I've had to document it. As such, this particular area is /caps-man registration-table pr stats:

Any chance of adding access to this either through the API, or through SNMP?

Currently the only way to access it is via scripted command line access which is less than ideal because the output is formatted for humans, not machines.

Easy solution - do not make any expectations :) We have already posted from time to time, that the biggest change is under the hood (minor kernel upgrade). There is no new GUI or anything. We are also working on a new routing engine. Actually we are making really cool stuff even in v6. Look at the ...

I have heard that it is very hard to work on, and nobody likes it for that. But OpenVPN UDP support has been made in v7.

Awesome! I've always wondering why v6 didn't support UDP on OpenVPN...afaik, almost nobody uses TCP-based OpenVPN on Linux.

I wish dhcp-client would trigger an event whenever it obtains/renews/releases a lease also. Then I wouldn't have to run my ddns-update script every 5 minutes. (I ---loathe--- scheduled scripts that do something that should just be event driven) The IP will not change w/o a lease being obtained. I d...