Community discussions

MikroTik App

Search found 34 matches

by dlynes
Wed Sep 06, 2023 2:16 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 160609

Re: v7.11, 7.11.1 and more [stable] are released!

Yes, it does seem that "in-band" upgrade process downloads package files to storage area inaccessible to users. Regarding failed upgrades ... check log, when upgrading fails it usually contains something about the reason. Often it's due to some problem with installed optional packages. Th...
by dlynes
Wed Sep 06, 2023 1:41 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 160609

Re: v7.11, 7.11.1 and more [stable] are released!

RouterOS version 7.11, 7.11.1 and 7.11.2 have been released in the "v7 stable" channel! Tried upgrading CHR (x86_64) from 7.10 to 7.11.2 using winbox; says it downloaded and installed and then reboots, but I'm still left with the same version. Then tried /system/packages/update/download. ...
by dlynes
Mon Apr 03, 2023 12:31 am
Forum: General
Topic: Don't buy Mikrotik hardware! NO SUPPORT
Replies: 23
Views: 4506

Re: Don't buy Mikrotik hardware! NO SUPPORT

No, it does not. You're correct. I was just saying a good distributor that backs up the product line helps a great deal.

There's at least three other distributors in Canada that I know of. One of them I order from once in a while if I need to make a shipment to Vancouver and Netwire's sold out.
by dlynes
Sun Apr 02, 2023 6:43 pm
Forum: General
Topic: Don't buy Mikrotik hardware! NO SUPPORT
Replies: 23
Views: 4506

Re: Don't buy Mikrotik hardware! NO SUPPORT

No, not PR. More I saw a post about somebody dissing MikroTik and my experience has been anything but.

I figured it was an opportunity to mention how having the right distributor can make all the difference, too.
by dlynes
Sun Apr 02, 2023 5:01 pm
Forum: General
Topic: Don't buy Mikrotik hardware! NO SUPPORT
Replies: 23
Views: 4506

Re: Don't buy Mikrotik hardware! NO SUPPORT

Hi, I'm afraid to say this, but DON'T buy any hardware from Mikotik, NO SUPPORT AT ALL. For more than a year problem with Mikrotik WAPac and WiFi clients with broadcom chipset. Emailed a lot, given all necessary info, no results, last emails don't have any response! I've been MikroTik networking ge...
by dlynes
Sun Sep 11, 2022 10:12 am
Forum: General
Topic: Please add basic portScan tool ( port scanner scan )
Replies: 80
Views: 46898

Re: Please add basic portScan tool ( port scanner scan )

--1 please DON'T add all kind of stuff into ROS that should be run from a seperate machine. I agree. If it's a one off thing for a new customer, just get access to one of their local machines and run nmap. If it's on an existing customer's network, you can run nmap from an existing machine on the n...
by dlynes
Sat Feb 12, 2022 4:53 pm
Forum: RouterOS beta
Topic: Bridge Filters Don't Seem to be working
Replies: 14
Views: 8198

Re: Bridge Filters Don't Seem to be working

Now if only L2TP/IPsec got fixed on both routeros 7 and Windows 10/11. Then we'd all be happy :)
by dlynes
Thu Jan 06, 2022 3:26 pm
Forum: General
Topic: Run a script if a firewall rule is triggered
Replies: 12
Views: 7693

Re: Run a script if a firewall rule is triggered

Item 3 of yours would probably be the simplest to implement. Have a schedule to check your list once every 5 minutes to see if it's empty. If it's empty, trigger your job, and set a variable. Set a timer for 5 minutes to reset the variable, and then re-loop. For your firewall rule that adds the addr...
by dlynes
Tue Nov 16, 2021 10:38 pm
Forum: RouterOS beta
Topic: Bridge Filters Don't Seem to be working
Replies: 14
Views: 8198

Re: Bridge Filters Don't Seem to be working

Hello Raymond, Is this why bridge filter doesn't work? i.e. because it's a switch chip? If so, why is the bridge filter section visible if it's not usable? I've got it working after I enabled 'use ip firewall' in the bridge settings, and now I'm using the raw ip firewall table. However, I have to wo...
by dlynes
Fri Sep 24, 2021 3:15 pm
Forum: The Dude
Topic: CapsMan add graphing users
Replies: 1
Views: 7304

Re: CapsMan add graphing users

I don't know of a way to do that in TheDude, but you can definitely do that in Cacti as each ESSID shows up as a different WiFi interface that gets exposed via SNMP.

Cacti will track 1 year's worth of data.
by dlynes
Thu Sep 02, 2021 6:39 pm
Forum: RouterOS beta
Topic: Bridge Filters Don't Seem to be working
Replies: 14
Views: 8198

Re: Bridge Filters Don't Seem to be working

I've got it working after I enabled 'use ip firewall' in the bridge settings, and now I'm using the raw ip firewall table.

However, I have to wonder which is the better way of getting it to work.
by dlynes
Thu Sep 02, 2021 6:38 pm
Forum: RouterOS beta
Topic: Bridge Filters Don't Seem to be working
Replies: 14
Views: 8198

Re: Bridge Filters Don't Seem to be working

Export has been sanitized.

Brief diagram of how it's connected
Internet -> [ether1 BRIDGE ether3] -> Billing Server

I want to block everything on the billing server except HTTPS.
by dlynes
Thu Sep 02, 2021 3:51 pm
Forum: RouterOS beta
Topic: Bridge Filters Don't Seem to be working
Replies: 14
Views: 8198

Re: Bridge Filters Don't Seem to be working

# sep/02/2021 05:42:10 by RouterOS 7.1rc2 # software id = MXUY-2KEQ # # model = CCR2004-16G-2S+ # serial number = HAW073H26RE /interface bridge add name=bridge-wan /interface ethernet set [ find default-name=ether1 ] name=ether1-to-navigata set [ find default-name=ether3 ] disabled=yes name=ether3-t...
by dlynes
Thu Sep 02, 2021 3:19 pm
Forum: RouterOS beta
Topic: Bridge Filters Don't Seem to be working
Replies: 14
Views: 8198

Bridge Filters Don't Seem to be working

It doesn't seem to matter what I put into the bridge filters for 7.0b4 or 7.1rc2. Hardware offloading or no hardware offloading. Fast forward or no fast forward. Allow fast path or disallow fast path. Block by destination MAC address, or block by destination IP address. Input or forward. Adding a sw...
by dlynes
Sat Jun 12, 2021 7:36 am
Forum: General
Topic: Suggestion: Be Able to Use a MikroTik device as the Netinstall Server
Replies: 7
Views: 1637

Re: Suggestion: Be Able to Use a MikroTik device as the Netinstall Server

Based on what I've discovered of the sequence of events from doing packet captures and trial and error, I got as far as #2 (not the ramdisk part) trying to figure it out without using a tunnel. The problem I ran into was how to get the 'vmlinux' file from the .npk file. If I knew how to do that, I'd...
by dlynes
Sat Jun 12, 2021 7:32 am
Forum: General
Topic: Suggestion: Ability to Create New Tables (like iptables) or at least group rules
Replies: 7
Views: 1040

Re: Suggestion: Ability to Create New Tables (like iptables) or at least group rules

Thank you guys. I keep forgetting it's almost exactly the same as iptables. ok, misunderstanded: I usually do: ... add action=jump chain=input comment="Inizio Protezione IP Pubblico 1" dst-address=0.6.6.6 in-interface=ether1 jump-target=input_gateway add action=jump chain=input comment=&qu...
by dlynes
Fri Jun 11, 2021 1:26 pm
Forum: General
Topic: Dynamic route disappears every 14 seconds
Replies: 6
Views: 2101

Re: Dynamic route disappears every 14 seconds

Hello Mark, I see that you have a static route that duplicates that dynamic route. I'm assuming the dynamic route is automatically added when a dhcp client renews its IP address. If that's the case, check to see if that ethernet port keeps losing its link. If that's not the case, but you have a chec...
by dlynes
Fri Jun 11, 2021 1:17 pm
Forum: General
Topic: RouterOS isn't available for TheDude.
Replies: 2
Views: 486

Re: RouterOS isn't available for TheDude.

There are two versions of TheDude. One runs in RouterOS. Another is a standalone application running on Windows that talks to the MikroTik and RouterOS devices. You can go here: https://mikrotik.com/download Then click on the TheDude drop down and select which stability you would like to download an...
by dlynes
Fri Jun 11, 2021 1:10 pm
Forum: General
Topic: Suggestion: Be Able to Use a MikroTik device as the Netinstall Server
Replies: 7
Views: 1637

Suggestion: Be Able to Use a MikroTik device as the Netinstall Server

I would like to be able to use a MikroTik device as a Netinstall server for that rare occasion when a device goes into a reboot loop because it has corrupted firmware. It saves me a trip down to the client site if I can manage it all after hours, remotely. RouterOS supports tftp. I don't know if I c...
by dlynes
Fri Jun 11, 2021 1:03 pm
Forum: General
Topic: Suggestion: Ability to Create New Tables (like iptables) or at least group rules
Replies: 7
Views: 1040

Suggestion: Ability to Create New Tables (like iptables) or at least group rules

The problem: Filter table gets so polluted that on routers with lots of rules, it's difficult to understand what's being filtered and why sometimes. If you have dynamic rules, it makes it even more challenging. On iptables, there's a solution for this by creating additional chains, and then joining ...
by dlynes
Mon Sep 21, 2020 5:58 am
Forum: General
Topic: SSH negotiation not completing in one direction over an EoIP tunnel
Replies: 2
Views: 751

Re: SSH negotiation not completing in one direction over an EoIP tunnel

Here's a detailed SSH log from when 10.10.30.254 is trying to connect to 10.10.30.253: tunneldevice any:any controlpersist no escapechar ~ ipqos lowdelay throughput rekeylimit 0 0 streamlocalbindmask 0177 root@officenas[~]# ssh -v 10.10.30.253 OpenSSH_7.5p1, OpenSSL 1.0.2s-freebsd 28 May 2019 debug1...
by dlynes
Mon Sep 21, 2020 5:56 am
Forum: General
Topic: SSH negotiation not completing in one direction over an EoIP tunnel
Replies: 2
Views: 751

SSH negotiation not completing in one direction over an EoIP tunnel

I have an EoIP tunnel overlaid on an L2TP/ipsec VPN. The L2TP/ipsec VPN connects from a hEX to an RB3011. The hEX is NAT'd behind an ADSL modem operating in PPPoE mode. The RB3011 has a static public IP address. The hEX is connecting to the L2TP server on the RB3011. The EoIP tunnel is then negotiat...
by dlynes
Sun Apr 05, 2020 6:10 am
Forum: General
Topic: WireGuard Released !
Replies: 41
Views: 33206

Re: WireGuard Released !

As of today, it was released into Linux 5.6 kernel to the general public.
by dlynes
Fri Dec 06, 2019 5:25 am
Forum: General
Topic: Fix for CVE-2019-14899?
Replies: 9
Views: 3465

Fix for CVE-2019-14899?

Is there a fix in the works for CVE-2019-14899? For more information, please see: https://linux.slashdot.org/story/19/12/05/2022205/new-linux-vulnerability-lets-attackers-hijack-vpn-connections and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14899 and details of the exploit at: http://qn...
by dlynes
Mon Sep 09, 2019 7:49 am
Forum: Announcements
Topic: Newsletter #90
Replies: 55
Views: 40218

Re: Newsletter #90

We are working on something for you as well. New extreme performance devices are in the works, as well as v7 BGP speed improvements are still on track. Hello Normis, Does that mean QSFP288 (100GbE) support is in the works? I'm guessing that's one of the big reasons v7 hasn't come out yet is to make...
by dlynes
Fri Oct 05, 2018 12:50 pm
Forum: Wireless Networking
Topic: 802.11af
Replies: 3
Views: 1725

Re: 802.11af

Thank you Normis. As always you're helpful.
by dlynes
Fri Oct 05, 2018 6:35 am
Forum: Wireless Networking
Topic: 802.11af
Replies: 3
Views: 1725

802.11af

Hello All, Does MikroTik have any devices that support 802.11af wireless networking standard? I've tried doing a search, but all I end up with is a whole bunch of hits on people mistakenly using 802.11af (the WiFi standard) as the key phrase when they really mean 802.3af (the PoE standard). The reas...
by dlynes
Sat Jun 16, 2018 3:38 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 190
Views: 145537

Re: VPNfilter official statement

I can confirm it was probably mailed out to everyone that was on the list. I had received it. I have not, however received any updates from MikroTik on the subsequent updates to VPNFilter status where essentially all devices running RouterOS were added to the original four cloud core router devices....
by dlynes
Thu May 31, 2018 7:09 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 190
Views: 145537

Re: VPNfilter official statement

FWIW, I use the following related best practices when I set up a router that has a public-facing interface: reset all configuration settings, uncheck 'keep default settings' Disable all non-essential services: telnet http https ftp api secure api Create a whitelist of admin IP addresses/netmasks Add...
by dlynes
Mon Jan 29, 2018 7:16 am
Forum: Announcements
Topic: v6.39.3 [bugfix] is released!
Replies: 46
Views: 31127

Re: v6.39.3 [bugfix] is released!

I've come across a bug in the ssh rendering code for 6.39.3. This bug is happening in other areas of the terminal as well, but this is the first chance I've had to document it. As such, this particular area is /caps-man registration-table pr stats:

Image
by dlynes
Mon Nov 20, 2017 9:59 pm
Forum: The Dude
Topic: Wireless(CAPSMAN) monitoring
Replies: 3
Views: 2248

Re: Wireless(CAPSMAN) monitoring

Any chance of adding access to this either through the API, or through SNMP?

Currently the only way to access it is via scripted command line access which is less than ideal because the output is formatted for humans, not machines.
by dlynes
Thu Feb 02, 2017 5:56 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255297

Re: RouterOS v7.0 beta1 - when?

Easy solution - do not make any expectations :) We have already posted from time to time, that the biggest change is under the hood (minor kernel upgrade). There is no new GUI or anything. We are also working on a new routing engine. Actually we are making really cool stuff even in v6. Look at the ...
by dlynes
Mon Jun 06, 2016 5:19 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 255297

Re: RouterOS v7.0 beta1 - when?

I have heard that it is very hard to work on, and nobody likes it for that. But OpenVPN UDP support has been made in v7.
Awesome! I've always wondering why v6 didn't support UDP on OpenVPN...afaik, almost nobody uses TCP-based OpenVPN on Linux.
by dlynes
Tue Apr 12, 2016 9:12 pm
Forum: General
Topic: [Feature Request] Script After / Before PPPoE Connect / Disconnect
Replies: 11
Views: 4561

Re: [Feature Request] Script After / Before PPPoE Connect / Disconnect

I wish dhcp-client would trigger an event whenever it obtains/renews/releases a lease also. Then I wouldn't have to run my ddns-update script every 5 minutes. (I ---loathe--- scheduled scripts that do something that should just be event driven) The IP will not change w/o a lease being obtained. I d...