Community discussions

Search found 246 matches

by JimmyNyholm
Mon Dec 10, 2018 11:34 am
Forum: The Dude
Topic: Move device to Submap.
Replies: 5
Views: 216

Re: Move device to Submap.

Copy, Paste (as in ctrl-c ctrl-v doesn't work in dude client windows. Context menu on right mousebutton doesn't show this as an alternative either. AM I missing something? Yes. The buttons in the window work. But there probably is a bug or not assigned os standard shortcust to the button. Thanks aga...
by JimmyNyholm
Mon Dec 10, 2018 7:46 am
Forum: The Dude
Topic: Move device to Submap.
Replies: 5
Views: 216

Re: Move device to Submap.

Thanks I didn't think of that but: This will create a new device making statistic readings / Historical Data of all device data not being there. Right? What I am about to do now this "work around" will suffice. But there should be a move function as from dude's standpoint it would be the same device...
by JimmyNyholm
Fri Dec 07, 2018 10:29 am
Forum: The Dude
Topic: Move device to Submap.
Replies: 5
Views: 216

Move device to Submap.

Hi I wonder if there is a smart way moving devices from main map to a newly created submap without having to "delete and recreate" them. IE Some drag and drop functionality somewhere or a property on the object that i have not yet discovered? Please advice. What is the current best practise in this ...
by JimmyNyholm
Wed Dec 05, 2018 6:09 am
Forum: Announcements
Topic: v6.43.7 [stable] is released!
Replies: 46
Views: 6257

Re: v6.43.7 [stable] is released!

Sounds cool but what is the benefit of doing it manual by script /fetch in contrast to /system/package/upgrade ?
by JimmyNyholm
Tue Nov 13, 2018 9:38 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 15617

Re: v6.43.4 [stable] is released!

6.43.4 is Stable branch and includes *) bridge - do not learn untagged frames when filtering only tagged packets;
When do we recon that this patch will be available in "Long Term" branch?
by JimmyNyholm
Thu Nov 08, 2018 4:17 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 252
Views: 40150

Re: v6.44beta [testing] is released!

All hash options is useless, Static passwords is insecure. I use OTP (One time Password) can't hash anything because there is nothing to hash on. Please reimplement PAP so I may once again be secure.
by JimmyNyholm
Fri Aug 24, 2018 9:12 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89652

Re: v6.43rc [release candidate] is released!

And what about making radius login scheme selectable. chap for people who use static shit that can be challenged pap for us who only use one time passwords. And therefore Inherrently dosen't have anything to do a challenge on. (CHAP is unusable in this case)
by JimmyNyholm
Fri Aug 24, 2018 9:10 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89652

Re: v6.43rc [release candidate] is released!

And what about making radius login scheme selectable. chap for people who use static shit that can be challenged pap for us who only use one time passwords.
by JimmyNyholm
Fri Aug 24, 2018 9:01 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 25
Views: 11341

Re: WPA2 preshared key brute force attack

And what about working on WPA3? According to Qualcomm you need new chipsets for WPA3 so it seems that old gear wont be able to support it ... As far as I can tell that is a big spit of "bullspit" ;-) WPA3 can be done in software only if the hardware features in a old chip is to slow. But then again...
by JimmyNyholm
Fri Aug 24, 2018 8:46 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 102
Views: 19034

Re: IPv6 recursive nexthops via iBGP

Passing Into Late 2018 And still this is big issue when @Mikrotik WHEN will recursive routing work in routeros. Installed V6 routes that have reachables nexthops (recursivly that is) will never be active due to something broken. FIX NOW. IPV4 days are over and we must deploy ipv6.
by JimmyNyholm
Sat Aug 18, 2018 9:54 am
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 25
Views: 11341

Re: WPA2 preshared key brute force attack

And what about working on WPA3?
by JimmyNyholm
Sat Aug 04, 2018 11:17 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 275
Views: 41049

Re: Winbox vulnerability: please upgrade

I got the same Mail two days ago so perhaps they're having problem with the mail systems ? ;-)
by JimmyNyholm
Sat Aug 04, 2018 11:07 am
Forum: General
Topic: IPv6 BGP unreachable nexthop through loopback
Replies: 7
Views: 528

Re: IPv6 BGP unreachable nexthop through loopback

Currently recursive routing will not work if gateway is link local address. I'd say Recusive routing is totally broken for ipv6 in RosV6 having route coming in from ospfv3 process, ibgp session but MP bgp route can't get active because the gateway is unreachable according to the ipv6 route print wh...
by JimmyNyholm
Sat Aug 04, 2018 9:36 am
Forum: Forwarding Protocols
Topic: set next-hop anyhow?
Replies: 2
Views: 357

Re: set next-hop anyhow?

What I have discovered is: If you override the nexthop in a filter on the incoming it will not be reflected that way if you not also have a filter to the respective outgoing. This is unintuitive i'd say but once you realise this it gets a bit clearer in the RouterOS Space. (This is not Currently doa...
by JimmyNyholm
Sat Aug 04, 2018 9:29 am
Forum: Forwarding Protocols
Topic: OSPF splitted broadcast network
Replies: 1
Views: 294

Re: OSPF splitted broadcast network

I'd say you get a classical splitt brain scenario where both sides tries to converge and finds them self as DR's and depending on other redistribution many blackholes in the routing. This is why you run OSPF and perhaps you should have a backup direct link to avoid SplitBrain. But Who am I that may ...
by JimmyNyholm
Sat Aug 04, 2018 9:21 am
Forum: Forwarding Protocols
Topic: OSPF Router ID
Replies: 6
Views: 1880

Re: OSPF Router ID

The Question have been answered but one could put it this way. Say this "number" is just a number. Sure it looks like an IP'adress. BUT for analogy think of it as a Color value. When routers have only few links this is what think and call SIMPLE OSPF network. the reson for this ID is not obvious. Bu...
by JimmyNyholm
Sun Jul 29, 2018 2:42 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: BGP multithreaded
Replies: 8
Views: 1848

Re: BGP multithreaded

Forwarding and routing is good and fast as long as you keep all traffic in fastpath. It is a router not a firewall. True, but it is still good practice to do anti-spoofing filtering on a border router I also feel happier blocking traffic to the control plane with filters on the 'input' chain - you ...
by JimmyNyholm
Tue Jul 24, 2018 4:07 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89652

Re: v6.43rc [release candidate] is released!

And even worse the chap packet that you send out doest not contain any password (you are sending empty radius request even before asking the user of a password. Clean upp your code and enable PAP/CHAP/MSCHAP as option NOW! I'm trying this RC in a CRS328-4C-20S-4S+RM After downgrading to Current 6.42...
by JimmyNyholm
Tue Jul 24, 2018 3:36 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89652

Re: v6.43rc [release candidate] is released!

Ok so now I test the RC45 Build. My setup scripts fail can't rename user admin anymore? WHY?
by JimmyNyholm
Tue Jul 24, 2018 11:38 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 558
Views: 89652

Re: v6.43rc [release candidate] is released!

NOOOOO!!!! -"radius - use MS-CHAPv2 for "login" service authentication;" I hope there is a setting for this. chap, chapv2 with or without ms flavour is doing nothing good to the fact that static passwords are weak and should not be used. We use one time passwords witch will not work in replay mode d...
by JimmyNyholm
Sun Jul 08, 2018 11:28 am
Forum: RouterOS v7
Topic: Feature Request /31 Subnet
Replies: 29
Views: 8538

Re: Feature Request /31 Subnet

Actually it wont get ugly if you combine the fine /32 support with the fact that you can have the same ip och many interfaces in routerOS. Then you can do fully functional ospf. Assign a /28 for a 16 port router as to say router has the same IP on all its customer facing interfaces then carve /32 to...
by JimmyNyholm
Wed Jun 27, 2018 8:30 am
Forum: Forwarding Protocols
Topic: Can I drop a specific ospf route+gateway combination?
Replies: 1
Views: 268

Re: Can I drop a specific ospf route+gateway combination?

In Router Filter you may check multiple fields in the matcher section. You may then pin this filter matcher to a specified source in conjuction with your other matchers, such as prefix. Only osfp-in list is checked for ospf process if I'm not remembering wrong.
by JimmyNyholm
Sat Jun 23, 2018 2:23 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CSR3xx, HW-Offloading, Q-in-Q in 6.43
Replies: 10
Views: 1714

Re: CSR3xx, HW-Offloading, Q-in-Q in 6.43

Did a quick look in the current RC with initial qinq support and then what port settings for stack trunk or stack access.
setting vlans marking them as outer q? no.

MT Will this surface later in the development or did you not think this through?
by JimmyNyholm
Sat Jun 23, 2018 2:17 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: ROS 7 Beta
Replies: 41
Views: 8055

Re: ROS 7 Beta

True Isolated VRFs
ip setting RP Filter Strict VRF Aware.
All other Services/Features VRF Aware
New Routing Engine Multicore Support.
v4v6 agnostic full same features over the whole product.
And that's just the top of my head.
by JimmyNyholm
Mon Jun 18, 2018 12:16 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 61180

Re: VPNfilter official statement

Security advisory emails were sent to all users that are in our database.
Where do I register to get this advisorys?
by JimmyNyholm
Wed Jun 06, 2018 1:36 pm
Forum: The Dude
Topic: Adding Winbox Tool
Replies: 25
Views: 9844

Re: Adding Winbox Tool

Or better yet. Support external rest api call for geting current password from other system. Dude is loged in with one type of user that should not be used by personell from say Support or other personel from say NOC.
by JimmyNyholm
Wed Jun 06, 2018 1:02 pm
Forum: Announcements
Topic: v6.42.3 [current]
Replies: 80
Views: 17505

Re: v6.42.3 [current]

6.42.x breaks sometching quite badly in DHCP server. I have a setup where a CCR1016 serves several VLANs, with a dedicated DHCP server to each VLAN. 6.41.4 works beautifully without any sort of hiccups. 6.42.x sometimes won't bring the DHCP instances up in the first boot. If i reboot the CCR, then ...
by JimmyNyholm
Wed May 30, 2018 1:24 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 16340

Re: Winbox 3.14 released!

What's new in v3.14: *) added support for new style authentication and encryption for connections to RouterOS v6.43; Does this let us get Radius with pap work later on for winbox login (I am using OTP-Tokens there simply is nothing to do chap on so now it's impossible to login to winbox in my more ...
by JimmyNyholm
Wed May 30, 2018 11:56 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 61180

Re: VPNfilter official statement

Thanks for the prompt response Normis. I assume people that were using the quickset dynamic dns vpn and appropriate firewall rules + updated fw would have been invunerable to these attacks ? Any RouterOS version with firewall on the www port from untrusted networks was always safe. The original vun...
by JimmyNyholm
Fri May 11, 2018 9:13 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 32299

Re: v6.42.1 [current]

still waiting for the bugfix only update This vulnerability isn't much of a problem. The problem is administrators leaving their firewall services (API, Winbox, SSH, etc.) exposed to untrusted networks. It's better to apply firewall filters to the input chain that will protect against this and othe...
by JimmyNyholm
Thu May 10, 2018 4:42 pm
Forum: Announcements
Topic: Newsletter #82 (May 2018)
Replies: 38
Views: 8488

Re: Newsletter #82 (May 2018)

WOW! will CRS332-32S+RM have Hardware MPLS P switching aswell same as we now have at 317-16S+ ?????
by JimmyNyholm
Fri Apr 06, 2018 6:13 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

Confirmation from MT in Mail RC55 will have fix for my LACP Bonding problem. Have a Nice week end and I hope for the soon Release of RC55. One wonder what more magical fixes will be included.
;-)
by JimmyNyholm
Wed Mar 28, 2018 3:11 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

My LACP problem is still Present in this RC ([Ticket#2018031222001218] LACP HW problem reaching bridge)
by JimmyNyholm
Sun Mar 25, 2018 10:39 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 23526

Re: v6.41.3 [current]

Word of !WARNING for anyone who has the CCR1072-1G-8S+. We have two of these units, since the upgrade both have used consistently 10 more watts of power! This has also increased the temperature of the device and fan speed, that can't be a good thing can it? We've contacted Mikrotik and this is thei...
by JimmyNyholm
Fri Mar 23, 2018 9:48 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

[admin@sw-under] > interface bonding print Flags: X - disabled, R - running 0 name="CoreUplink" mtu=1500 mac-address=64:D1:54:EA:BC:83 arp=enabled arp-timeout=auto slaves=sfp-sfpplus1,sfp-sfpplus2 mode=802.3ad primary=none link-monitoring=mii arp-interval=100ms arp-ip-targets="" mii-interval=100ms ...
by JimmyNyholm
Thu Mar 22, 2018 12:24 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New router OS
Replies: 46
Views: 9085

Re: New router OS

Steve is right. There is barely anything left in v7 that we haven't backported. Isolated VRF's VRF aware Services All of them and Multiple of them (ie allow ssh source this in vrf x and source that in vrf p only listening on ip's local to that respective vrfs) Tunnel Interface: Inner VRF and Outer ...
by JimmyNyholm
Thu Mar 22, 2018 12:07 pm
Forum: Announcements
Topic: Winbox 3.12 released!
Replies: 55
Views: 33498

Re: Winbox 3.12 released!

I recon you have full feed. and single core problem every question you make in cli will take forever. I guess that winbox can't be faster then cli can so..... Or am I missing something?
by JimmyNyholm
Sat Mar 10, 2018 7:31 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

# jan/13/1970 03:06:17 by RouterOS 6.42rc39 # software id = JLRA-QA36 # # model = CRS326-24G-2S+ # serial number = 763C06E78477 /interface ethernet set [ find default-name=sfp-sfpplus2 ] mac-address=6C:3B:6B:ED:F9:E6 /interface bridge add admin-mac=6C:3B:6B:ED:F9:E6 auto-mac=no fast-forward=no name...
by JimmyNyholm
Fri Mar 09, 2018 2:20 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM
Replies: 6
Views: 916

CRS328-24P-4S+RM

CRS328-24P-4S+RM Wow.
This is what I was waiting for. Nice one. When will it be available.
by JimmyNyholm
Fri Mar 09, 2018 12:58 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

*) crs3xx - added initial "hw-offload" support for 802.3ad and "balance-xor" bonding; Well done! I can confirm it's working on a CRS326 now. Still open is the issue to change MTU size. [admin@MikroTik] /interface bonding> set bond2 mtu=8148 failure: could not set mtu [admin@MikroTik] /interface bon...
by JimmyNyholm
Thu Mar 08, 2018 4:20 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts; *) bridge - added per-port learning options; *) bridge - added support for static hosts; Thanks. This will make it possible to configure stuff that I was waiting for. Is there any plans for more l...
by JimmyNyholm
Tue Feb 27, 2018 5:46 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 63
Views: 35255

Re: Point-to-point (/31) addresses

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go. This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple link...
by JimmyNyholm
Tue Feb 27, 2018 5:36 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

We are aware of this DHCP client problem, will try to fix in one of the next RC versions.
Thanks mrz....
Are you aware and have reproduced the LACP problem aswell?
by JimmyNyholm
Mon Feb 26, 2018 11:00 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

Have you set admin-mac on the bridge? I have only created the bridge1 interface. /interface bridge export # mar/12/1970 15:13:17 by RouterOS 6.42rc35 # software id = M8A7-BVIJ # # model = CRS326-24G-2S+ /interface bridge add igmp-snooping=yes name=bridge1 protocol-mode=none pvid=64 vlan-filtering=y...
by JimmyNyholm
Mon Feb 26, 2018 4:31 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

Tested This New RC. My Bridge LACP bridge problem still exists. Not reachable through lacp bond if no other local port on bridge is active.

ip dhcp-client connected to bridge1 does eternal searching after reboot disable and enable fixes the problem
by JimmyNyholm
Sun Feb 25, 2018 3:25 pm
Forum: Announcements
Topic: v6.40.6 [bugfix] is released!
Replies: 58
Views: 11679

Re: v6.40.6 [bugfix] is released!

Long, long post ... five seconds of scrolling. Was it necessary? No Scrolling Here. Use real browser and the post is rendered in a scrolled list inside that post. As for the question it seems legit to ask to se if one has understod things right. To actually answer the question: Yes that seems to be...
by JimmyNyholm
Sun Feb 25, 2018 12:10 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 77112

Re: v6.42rc [release candidate] is released!

Ok So I did see the wiki was updated to state the fact of HW offload on crs3xx series. So I did a new test and: 23 I H ether24 bridge1 yes 64 0x80 10 10 none 24 H Core bridge1 yes 64 0x80 10 10 none [admin@labb-mgmt-1] /interface bridge port> Shurely it states that the Bond in my case named Core sho...
by JimmyNyholm
Tue Feb 20, 2018 1:42 pm
Forum: Forwarding Protocols
Topic: eoip sharing subnet
Replies: 6
Views: 624

Re: eoip sharing subnet

The EOIP tunnel is an interface to RouterOS. This is your inside of tunnel and can be part of bridge. the interface that holds the LocalIP that eoip binds to in the encapsulated iptraffic it generates should of course not be part of the same (or any bridge) this creates loops and defeats the purpose...
by JimmyNyholm
Sun Feb 18, 2018 3:21 pm
Forum: Forwarding Protocols
Topic: Choose right VPN tunnel when both peers are dual-homed
Replies: 2
Views: 276

Re: Choose right VPN tunnel when both peers are dual-homed

Hi. If both sides have static ip's this is easy. If you need L3 only then setup meshed gre tunnels with configured ipsec secret then the gre traffic is encrypted and all is well. You may then assign links ip's and loopback and enable ospf and set the weight. Using carefull settings and only routing ...
by JimmyNyholm
Sun Feb 18, 2018 2:58 pm
Forum: Forwarding Protocols
Topic: vrf connected route leaking
Replies: 20
Views: 4705

Re: vrf connected route leaking

Not yet, but v7beta is coming later this year
Are we there yet?