Community discussions

MikroTik App

Search found 4098 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 14
by Amm0
Sun Jun 16, 2024 9:34 pm
Forum: General
Topic: Need an API to have the specificities of each Mikrotik router in order to integrate it into my store
Replies: 3
Views: 177

Re: Need an API to have the specificities of each Mikrotik router in order to integrate it into my store

In 7.16beta, you can even process the "CSV Product Matrix" (that's actually a TSV) using RouterOS scripts.

See viewtopic.php?t=208218&hilit=matrix#p1079318
by Amm0
Sun Jun 16, 2024 4:36 pm
Forum: General
Topic: SQM - using FQ-CODEL in interface queues and fasttrack
Replies: 12
Views: 2116

Re: SQM - using FQ-CODEL in interface queues and fasttrack

I asked what that does. @strods said it applies to the ethernet https://forum.mikrotik.com/viewtopic.php?t=202612&hilit=fq_codel#p1043420 With another poster suggesting it adds: /queue type add name=fq-codel-ethernet-default kind=fq-codel fq-codel-ecn=no /queue interface set [find default-queue=...
by Amm0
Sun Jun 16, 2024 3:57 pm
Forum: General
Topic: Let's Encrypt UPPER case issue
Replies: 2
Views: 181

Re: Let's Encrypt UPPER case issue

I just happen to never use uppercase names, so I guess I never noticed. And LE IMO shouldn't force this - DNS names should be case-insensitive per RFCs. Perhaps RouterOS should do that internally... since it might not someone first thought as to the issue. I'd imagine there are at least some folks w...
by Amm0
Sun Jun 16, 2024 4:27 am
Forum: Beginner Basics
Topic: Nat rule not works out:(unknown 0)
Replies: 2
Views: 419

Re: Nat rule not works out:(unknown 0)

So it works if you use an IP address in whatever app/media-center/etc in 192.168.0.x that's using it. Just it does not show up as "discovered". Is that the issue? AFAIK HDHomeruns just use UDP broadcast message to kick start discovery. So while NAT/filter may be need to connect using unica...
by Amm0
Sat Jun 15, 2024 8:52 pm
Forum: General
Topic: Mikrotik and Dante/NDI AV in general
Replies: 4
Views: 1840

Re: Mikrotik and Dante/NDI AV in general

The "IF" is because specifics often matter ;). Dante has come up a few times in the forum, let me add some details here since I'm pretty familiar with Dante audio networks . n.b. I wrote more than intended, but easy to explain in one post, once - since there are a lot of "IF" wit...
by Amm0
Sat Jun 15, 2024 1:22 am
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 83
Views: 21322

Re: v7.16beta [testing] is released!

LMK, I can file bug report if needed, but given @mozerd's comments, I'm guess something more generically is wrong in /disk in 7.16beta1/2. Not too sure about that issue being generic. No disk nor container problems on my RB5009 :? Perhaps. It may be specific to ROSE + RAID in my case. I narrowed do...
by Amm0
Fri Jun 14, 2024 8:00 pm
Forum: Scripting
Topic: A few undocumented operators that are kind of neat.
Replies: 10
Views: 1656

Re: A few undocumented operators that are kind of neat.

/console/inspect always tells some story about scripting. So on the (>) syntax... Mikrotik does use the LISP "quote" term... /console/inspect request=completion input="(" TYPE COMPLETION STYLE OFFSET PREFERENCE SHOW TEXT completion ( syntax-meta 1 75 no start of subexpression com...
by Amm0
Thu Jun 13, 2024 11:14 pm
Forum: Beginner Basics
Topic: Zerotier and routing tables
Replies: 9
Views: 565

Re: Zerotier and routing tables

Looks like a typo... 192 is pretty close to 191 ;)
by Amm0
Thu Jun 13, 2024 10:33 pm
Forum: Scripting
Topic: $INQUIRE - prompt user for input using array of questions + $CHOICES
Replies: 24
Views: 3750

Re: $INQUIRE - prompt user for input using array of questions + $CHOICES

Could you correct the $CHOISES function so that it would be possible to use the "enter" key to select a menu item WITHOUT COMPLETING THE WORK? That is, the function would transfer the selected item to some global variable, while remaining in the selection loop to select another item (the ...
by Amm0
Thu Jun 13, 2024 9:24 pm
Forum: Scripting
Topic: A few undocumented operators that are kind of neat.
Replies: 10
Views: 1656

Re: A few undocumented operators that are kind of neat.

I cannot believe I didn't see this one. Despite being in the target demographic. This post will only be of interest to a few select individuals. If you are unfamiliar with mikrotik scripting, or have never used functions, this post is probably not for you, but you're welcome to read it anyway. Great...
by Amm0
Thu Jun 13, 2024 6:03 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 83
Views: 21322

Re: v7.16beta [testing] is released!

Yeah something is wrong with disk mounting or something. On RB1100AHx4, it's had ROSE installed since it was in beta and is my main test box, so it's seen many beta/rc/etc's. Disk/ROSE has never messed up BEFORE... But in 7.16beta1, all containers stopped worked and could not add new ones — figured ...
by Amm0
Wed Jun 12, 2024 7:53 pm
Forum: Scripting
Topic: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno
Replies: 14
Views: 806

Re: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno

Few notes about the "new" Dynu script above: 1. My script above is for NEWER RouterOS versions. Specifically, it uses an ":onerror" built-in command which was added recently. Since one way to deal with potential script error is more output on what a script is going... the newer &...
by Amm0
Mon Jun 10, 2024 12:49 am
Forum: Scripting
Topic: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno
Replies: 14
Views: 806

Re: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno

I wrote a more modern version using a function. This works in 7.16beta1 and 7.13. Since it's a function, the parameters like username, password, WAN interface, and DDNS are at bottom: $updateDynu MYHOST.ddnsgeek.com user=MYUSER password=MYPASSWORD interface=ether1 You should be able to use it the co...
by Amm0
Sun Jun 09, 2024 7:28 pm
Forum: Scripting
Topic: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno
Replies: 14
Views: 806

Re: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno

Fair enough. I didn't get past the first line.

As I look beyond the 3rd line ;). The policy is right.

My guess is the "src-path=" in the /tool/fetch line. While that has historically work with HTTP, in V7 using url= is better plan.
by Amm0
Sat Jun 08, 2024 7:55 pm
Forum: Scripting
Topic: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno
Replies: 14
Views: 806

Re: Script Execution Error - Dynu.com 7.13 was fine 7.15 no bueno

This issue is now resolved, it was identified there was a new-line in one of the lines, resulting in an error. Scripting functionality is very hard to debug, does anyone have any tips they could share? You can save it as .rsc file to Files, then in CLI use ":import dnsscript.rsc verbose=yes&qu...
by Amm0
Fri Jun 07, 2024 7:03 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

I'm glad it worked. The PBR rules are likely better - it is kinda better to see some config and could adjust routing more specifically later if needed. But I still maintain your originally setup should have "just worked". It's time to break out some wireshark/tcpdump and figure out what go...
by Amm0
Fri Jun 07, 2024 6:13 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 83
Views: 21322

Re: v7.16beta [testing] is released!

It even put comments on in /interface/bridge/vlan on what triggered the "D" dynamic vlan entry there, i.e. "added by pvid", "added by vlan on bridge", ... Ammo, is that a feature that goes with MVLAN.... or whatever the acronym is for automatically adding vlans on trun...
by Amm0
Fri Jun 07, 2024 4:50 pm
Forum: Scripting
Topic: REST API - Convert Lease to Static
Replies: 3
Views: 233

Re: REST API - Convert Lease to Static

I think patch should work. What may be the issue is the sh/bash/zsh/etc wildcard expansion. Try some single quotes around the URL part. i.e. curl -k -u 'api':'password' -X PATCH 'http://10.0.1.1/rest/ip/dhcp-server/lease/*85' --data '{"comment": "test"}' -H "content-type: ap...
by Amm0
Thu Jun 06, 2024 11:59 pm
Forum: RouterBOARD hardware
Topic: Better choice for homelab router
Replies: 2
Views: 320

Re: Better choice for homelab router

Depends on what you're doing. I like the RB1100AHx4. And if you're talking about a home Mikrotik lab, it be a great choice. You can add disks for lightweight RAID/NAS or Dude and have plenty of ports. It also has some unquie features too, like the off-line "bypass"/passthrough between port...
by Amm0
Thu Jun 06, 2024 11:23 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 83
Views: 21322

Re: v7.16beta [testing] is released!

This was good too: *) bridge - added dynamic tagged entry when VLAN interface is created on vlan-filtering bridge; It even put comments on in /interface/bridge/vlan on what triggered the "D" dynamic vlan entry there, i.e. "added by pvid", "added by vlan on bridge", ...
by Amm0
Thu Jun 06, 2024 10:25 pm
Forum: Announcements
Topic: v7.16beta [testing] is released!
Replies: 83
Views: 21322

Re: v7.16beta [testing] is released!

*) console - improved :serialize and :deserialize commands and added support for DSV (delimiter separated values) format; That's going to be useful. Thought I'd provide an example, since I tested it (and works with a couple files at least). As example script to use them... this takes the product ma...
by Amm0
Thu Jun 06, 2024 7:09 pm
Forum: General
Topic: cycle outgoing IP addresses
Replies: 17
Views: 804

Re: cycle outgoing IP addresses

Credit to @rextended for "code2=title". Grreat, thanks! Are there any other hidden gems for phpBB that can be used in this forum? In tips, there is CPAN module "md2phpbb" - that takes Markdown and gets almost-Mikrotik-forum phpBB. I used that to take a GitHub README.md to make a ...
by Amm0
Thu Jun 06, 2024 6:52 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

Thanks @Larsa for opening a ticket. Some PBR rule would get this working. But it is not a new feature that a VPN has an option to "routes all traffic" — which is what ZT's "allow-default=yes" should do. And not everything should have to involve complex config to setup. Now in fai...
by Amm0
Thu Jun 06, 2024 6:08 pm
Forum: Announcements
Topic: WinBox v3.40 released!
Replies: 164
Views: 157951

Re: WinBox v3.40 released!

You want too much from a teaser. Teaser makes you think. Try it. I was thinking about this today (i.e. had to fix a font problem with wine after an update). So ~6 months ago we saw an icon. Since y'all like multi-year teasers, perhaps the clue be the language/framework behind the icon? That's my my...
by Amm0
Thu Jun 06, 2024 4:36 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

I actually meant “ allow default ”. It works initially but any changes or deletions afterward don’t show up in ROS. LOL, I actually did mean "allow-default=yes" myself — I get confused with naming. I tested it long ago, but believe you there might be problem if 0.0.0.0/0 change is push to...
by Amm0
Thu Jun 06, 2024 3:22 pm
Forum: General
Topic: cycle outgoing IP addresses
Replies: 17
Views: 804

Re: cycle outgoing IP addresses

It's all pseudo-random anyway. There is a "Julian-Gregorian twister" here since the cycle will change between 30|31|29|28 to 1 in above script as it use the day of the month which can break the cycle ;). If you want a more random one, change the index to be a random number. V7 has a built-...
by Amm0
Thu Jun 06, 2024 4:05 am
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

EDIT: Btw, forgot to mention there's a bug in the interface that ROS uses to manage the "Allow Default" setting for Zerotier. Changes to or removing the default route with Zerotier Central don't get properly propagated to the ZT client in ROS; you have to fix the changes manually. Do you ...
by Amm0
Wed Jun 05, 2024 9:11 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

Now on what you want 0.0.0.0/0 to be... the local internet for everything? Or just the 192.168.250.0/23's subnets. Or should all internet traffic go the Azure thing mention earlier. I'm still thinking the using ZT default route should have work. But you need a src-nat on "zerotier1" in /ip...
by Amm0
Wed Jun 05, 2024 9:02 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

Here is the diagram without the link (there is 1MB limit on images):
Screenshot 2024-06-05 at 10.58.10 AM.jpg
by Amm0
Wed Jun 05, 2024 8:45 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

Also keep in mind any routes added by ZT with have distance=1 by default. This may not be want you want, since there may be local routes at same distance. I'd also increase the distance= on the ZT instance ("zt1" typically). The default distance=1 of ZT injected /ip/route's can easily lead...
by Amm0
Wed Jun 05, 2024 8:39 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

That what confused me too. I think... there is a ZT member at Azure to act as an internet gateway & idea is the "robot router" send everything but ZT tunnel themselves via that. I get using ZT address to act as a "global LAN" IP address for the device doing port forwarding pa...
by Amm0
Wed Jun 05, 2024 8:27 pm
Forum: General
Topic: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]
Replies: 31
Views: 1800

Re: ZeroTier Gateway Tunneling On MikroTik Device [SOLVED]

I get the general problem, but kinda lost in what's where. Some simple diagram would help here. But when things don't just work, you can look to /ip/firewall/connection (and filter) to see what going on with NAT/routing - as NAT is my generalized guess here. WRT to ZT providing 0.0.0.0/0 routes... D...
by Amm0
Wed Jun 05, 2024 8:22 pm
Forum: Beginner Basics
Topic: MACVLAN direct to LACP
Replies: 2
Views: 325

Re: MACVLAN direct to LACP

Good day to all, newbie here (please be indulgent). I can assign MACVLAN to interfaces, assign to VLANs to interfaces, to VLANs to LACPs, but I can not assign MACVLAN to LACP directly. I'm missing something or "it should be possible" but it need a fix by Mikrotik devs ? LOL. I had the sam...
by Amm0
Wed Jun 05, 2024 5:23 pm
Forum: General
Topic: cycle outgoing IP addresses
Replies: 17
Views: 804

Re: cycle outgoing IP addresses

I'm with @BertozP if need is just daily... use /system/schedule that's set interval of 1d. The following should work. You'd have to change the list of IP addresses to rotate, and the /ip/address that will be rotated must of the comment "cycle" (no spaces, but you change in the script). The...
by Amm0
Tue Jun 04, 2024 7:01 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 311
Views: 60430

Re: v7.15 [stable] is released!

I think MVRP forced some changes here. _i.e._ now it not just bridge on the local router that modifies /interface/bridge/vlan, but potentially MVRP too. Hopefully at some point the PVID per port will disappear and the "untagged ports" in the VLAN configuration will provide this config... I...
by Amm0
Tue Jun 04, 2024 6:16 pm
Forum: Forwarding Protocols
Topic: VRRP + DST-NAT
Replies: 4
Views: 312

Re: VRRP + DST-NAT

Connection tracking is confusing. So I'm not sure, especially how NAT is handled.

But my first thought would be to disable fast-track rule (if enabled) to see if that changes this "d" vs "s".
by Amm0
Tue Jun 04, 2024 5:56 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 311
Views: 60430

Re: v7.15 [stable] is released!

*) bridge - reworked dynamic VLAN creation; Before I could join a Port untagged to a VLAN by giving it the PVID that I wanted and it would show up in my static created VLAN in /interface/bridge/vlan. Since 7.15 I need to manually add the untagged port to the VLAN settings, otherwise I have the stat...
by Amm0
Tue Jun 04, 2024 5:03 pm
Forum: General
Topic: cycle outgoing IP addresses
Replies: 17
Views: 804

Re: cycle outgoing IP addresses

Cycle or randomize are different things. You cannot do this with a NAT rule alone. And while "netmap" is very useful, not sure it can help here. One way a "random" (per connection) change happen using ECMP route on gateway. @jvanhambelgium's /29 ISP to customer is pretty common, ...
by Amm0
Tue Jun 04, 2024 3:50 am
Forum: Scripting
Topic: The issue of a function containing variables unsuccessfully.
Replies: 15
Views: 793

Re: The issue of a function containing variables unsuccessfully.

Geez, "yes" and "no"
NOT "on" and "off" — which I fixed from original example

Or... "where" — I'm not sure that's needed since there is only one attribute to be searched;.
by Amm0
Tue Jun 04, 2024 3:34 am
Forum: Scripting
Topic: The issue of a function containing variables unsuccessfully.
Replies: 15
Views: 793

Re: The issue of a function containing variables unsuccessfully.

Or do NOT use the "enable" and "disable" commands , use the disable=yes|no attribute with a "set". Why? Commands cannot be variables, but attributes can. This avoids the ugly [:execute] & the related issues with that like escaping, creating new subshell/etc., lack o...
by Amm0
Tue Jun 04, 2024 2:53 am
Forum: Scripting
Topic: external editor syntax highlighting
Replies: 51
Views: 100867

Re: external editor syntax highlighting

Just use VS Code, someone has made an extension with highlighting. Ain't got time to reinvent the wheel Yup. That one works really well. Thanks to whomever does these plugins/extensions – I couldn't write a script if there were not colors on things. I also know regular `vi` (vim) has .rsc built it,...
by Amm0
Sun Jun 02, 2024 6:17 pm
Forum: Scripting
Topic: Script not running
Replies: 5
Views: 384

Re: Script not running

Why the :put just doesn't work for me? The only way to see in console what is happening is using /log info for debug. Is that normal? Where put prints on? That's expected in /system/script and /system/scheduler, or any of the "background" scripts. Basically there is no terminal where the ...
by Amm0
Sun Jun 02, 2024 3:51 am
Forum: General
Topic: Best way to forward web traffic to portal page?
Replies: 4
Views: 586

Re: Best way to forward web traffic to portal page?

Really depends on the need. If really simple like you have one web server, you can use dst-nat rule to redirect Mikrotik's port 80 and 443 to your web server. Any DNS point the Mikrotik. Now in the case, that web server likely need SSL certs etc. setup. SSL is one area where stuff like traefik and c...
by Amm0
Sun Jun 02, 2024 3:43 am
Forum: General
Topic: Deserialize .json SKIN vs. API
Replies: 5
Views: 488

Re: Deserialize .json SKIN vs. API

Yeah I like your SMB approach. FWIW, you just need write permission to create a script, no policy. The script itself needs no policy since it's just storing the JSON. But yeah the "write user" have to create the JSON as the script themself. And... I am presuming there is another background...
by Amm0
Sat Jun 01, 2024 10:03 pm
Forum: Containers
Topic: CLIGAMES - container with UNIX CLI games & playable with /system/telnet
Replies: 6
Views: 4504

Re: CLIGAMES - container with UNIX CLI games & playable with /system/telnet

Someone has too much time available ... :lol: On that front, I cleaned up the README, and put the "ammo74/cligames" container on DockerHub recent: https://hub.docker.com/r/ammo74/cligames (the Dockerfile, and GitHub builder code remain at: https://github.com/tikoci/cligames - which is wha...
by Amm0
Sat Jun 01, 2024 7:49 pm
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 23
Views: 1714

Re: Horrible container performance from 7.14 up to 7.15rc2

Maybe there is an issue, IDK. But to clarify on the "duckdns" sub-case... 1. Does it show "starting" for 10 minutes, or it goes to "running" and just does respond? 2. Assuming logging is enabled, does anything appear during the 10 minutes? 3. Does "/container/shell...
by Amm0
Sat Jun 01, 2024 6:17 pm
Forum: Beginner Basics
Topic: Basic Zerotier Question.
Replies: 3
Views: 317

Re: Basic Zerotier Question.

Okay so it sounds very doable. Its a bit better than trying it over wireguard as wireguard then trips over the routing issue, where zerotier does not. To be honest, you shouldn't have to do anything. ZT will tunnel use the Wi-Fi - since that have lower latency than LTE. It be over ZL1 tunnel, but s...
by Amm0
Sat Jun 01, 2024 5:38 pm
Forum: Beginner Basics
Topic: Basic Zerotier Question.
Replies: 3
Views: 317

Re: Basic Zerotier Question.

I could ask for a diagram ;) So let's assume you ZT – correct if wrong: - You using my.zerotier.com as ZT controller (i.e. not running a local controller under /zerotier/controller on the Mikrotik) - Nothing in ZT is bridged, specifically: - no "member" (aka peer) has "bridging" ...
by Amm0
Sat Jun 01, 2024 4:56 pm
Forum: General
Topic: Deserialize .json SKIN vs. API
Replies: 5
Views: 488

Re: Deserialize .json SKIN vs. API

I tried adding custom menus to the skin.json but they don't display in webfig. the menu system notes I already use it for other purposes. I also thought about using layer 7 but it's a pain to mess up from a user-friendly user. Could I do something with bees? I thought your SMB approach was not a ba...
by Amm0
Sat Jun 01, 2024 2:09 am
Forum: General
Topic: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure
Replies: 27
Views: 1827

Re: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure

Most likely hardware.....
Maybe. Some hardware malfunction causing issues in the kernel is exactly kinda thing watchdog was designed to catch.

All I know is I'm pretty sure the band-aid of disabling watchdog ain't going to fix anything. I always use watchdog and never seen some false positive.
by Amm0
Sat Jun 01, 2024 1:57 am
Forum: General
Topic: Routing VLAN to specific WAN using Policy Routing
Replies: 19
Views: 1166

Re: Routing VLAN to specific WAN using Policy Routing

So I am running in circles, if I enable add default routes of WAN, cannot control where traffic flows towards WAN, if I disable the default routes, traffic flows correctly, but the IoT devices have issues. The route always needs to exist in main, if it exists in a routing table. The PBR docs have s...
by Amm0
Sat Jun 01, 2024 1:10 am
Forum: Scripting
Topic: Script not running
Replies: 5
Views: 384

Re: System Script not running

It a bit unclear whether you want to make one array with {1,2,3,4} or two-dim array like {{1;2};{3;4}}. i.e. :local notificationTeam {{"mateo";"mateo@example.com"} ; {"carlo";"carlo@example.com"}} vs. :local notificationTeam {{"sofia@example.com";&qu...
by Amm0
Fri May 31, 2024 8:31 pm
Forum: Scripting
Topic: New command in RouterOs 7
Replies: 35
Views: 7790

Re: New command in RouterOs 7

FWIW, I already had a GitHub project that compiled the REST schema, and as part of that there is an "inspect.json" that get generates with output of /console/inspect. I recently automated it all at GitHub, and put a tiny web page that has downloadable form of the "command schema"...
by Amm0
Fri May 31, 2024 7:59 pm
Forum: General
Topic: How to covert int to hex type value and save it in a string? [SOLVED]
Replies: 13
Views: 5496

Re: How to covert int to hex type value and save it in a string? [SOLVED]

I hope you like those functions @rextended, FWIW your num2hex function still comes in handy... While num2hex is super helpful, half the code is doing that one conversion ;): https://forum.mikrotik.com/viewtopic.php?t=204990#p1078202 Since despite the new built-in " :convert ", still canno...
by Amm0
Fri May 31, 2024 7:07 pm
Forum: General
Topic: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure
Replies: 27
Views: 1827

Re: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure

I'd ping Mikrotik again. You shouldn't have to disable watchdog. If it really is a watchdog bug, that's kinda serious IMO - the last thing you'd want is the monitoring for crashes, to cause crashes....
by Amm0
Fri May 31, 2024 6:28 pm
Forum: General
Topic: HOWTO: Import ZeroTier Members into Mikrotik DNS using $ZT2DNS
Replies: 3
Views: 955

Re: HOWTO: Import ZeroTier Members into Mikrotik DNS using $ZT2DNS

[...] noticed you only take into account IPv4 addresses, while 6PLANE and RFC4193 IPv6, if any, are ignored. [...] I don't understand where to find 32 bits to compose the former. UPD : Found info about 6PLANE here : The 8-bit fc prefix indicates a private IPv6 network with an "experimental&quo...
by Amm0
Fri May 31, 2024 4:29 pm
Forum: General
Topic: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure
Replies: 27
Views: 1827

Re: v. 7.14.3 - 7.15RC3 - 7.15RC4 router was rebooted without proper shutdown, probably kernel failure

That was a lousy answer from support. Blame watchdog itself? If watchdog is causing a reboot when it should not, that is a bigger bug! If you don't know, you can look at the autosupout.rif via an account on www.mikrotik.com there is an online viewer for the `.rif` files. That will have the log from ...
by Amm0
Fri May 31, 2024 5:07 am
Forum: Beginner Basics
Topic: What is the purpose of client-dns setting in wireguard
Replies: 3
Views: 399

Re: What is the purpose of client-dns setting in wireguard

It just a helper for when RouterOS show the WG config file for peer. It has nothing to with how normally WG works on the Mikrotik. It is just a "UI helper" to create the right WG peer config for the remote peer. With BTH it's the same, except since app does need a WG config to run, that's ...
by Amm0
Fri May 31, 2024 2:56 am
Forum: General
Topic: Deserialize .json SKIN vs. API
Replies: 5
Views: 488

Re: Deserialize .json SKIN vs. API

No AFAIK you cannot stash other stuff there. And if they allowed it, it wouldn't appear anywhere. You can modify it using [:de/serialize] however. And webfig has a status page. So assuming the users have write permissions, you can some nascent config to store the desired config. Like /system/note to...
by Amm0
Thu May 30, 2024 10:30 pm
Forum: General
Topic: HOWTO: Import ZeroTier Members into Mikrotik DNS using $ZT2DNS
Replies: 3
Views: 955

Re: HOWTO: Import ZeroTier Members into Mikrotik DNS using $ZT2DNS

I created an updated script (below) that supports at least the 6PLANE part of IPv6 from ZT. I cheated with the 6PLANE stuff. I just make the 6PLANE address a parameter — so you cut-and-paste the "base" one, and the $ZT2DNS will just substitute into that one. I have not done much testing, b...
by Amm0
Thu May 30, 2024 5:46 pm
Forum: General
Topic: Mikrotik ATL LTE18 in Bridged Mode
Replies: 6
Views: 504

Re: Mikrotik ATL LTE18 in Bridged Mode

I kinda forget but Mikrotik has YouTube videos, if that's your thing:

LTE passthrough: PART 2, advanced - https://www.youtube.com/watch?v=IZFAeLbujso
LTE passthrough - empowering rural internet!: https://www.youtube.com/watch?v=8cD1cGH0e3Y
by Amm0
Thu May 30, 2024 5:39 pm
Forum: General
Topic: Mikrotik ATL LTE18 in Bridged Mode
Replies: 6
Views: 504

Re: Mikrotik ATL LTE18 in Bridged Mode

I should be fine with the VLAN configuration, That makes this easier - explaining vlan-filtering=yes is not easy in a forum post. This is central question: What makes it a "transparent" bridge or passthrough? There are two operational mode of LTE on RouterOS. 1. One, is that's it's a loca...
by Amm0
Thu May 30, 2024 4:50 pm
Forum: General
Topic: RouterOS Language Support
Replies: 4
Views: 495

Re: RouterOS Language Support

IMHO this ain't gonna happen. I don't see the added value either. That very well may be true. But allowing comments to contain like UTF-8 unicode, is different than say a French Winbox. But I have to imagine whatever "multiplatform client" there working have to deal with UTF-8 at some lev...
by Amm0
Thu May 30, 2024 2:47 pm
Forum: Announcements
Topic: v7.15.1 [stable] is released!
Replies: 311
Views: 60430

Re: v7.15 [stable] is released!

:local changelog ([/tool fetch "https://upgrade.mikrotik.com//routeros/NEWESTa7.stable" as-value output=user] -> "data");
Since today I get this error:
Download from upgrade.mikrotik.com FAILED: Fetch failed with status 403
Your URL has to two // in it.
by Amm0
Thu May 30, 2024 7:45 am
Forum: Containers
Topic: Container "Traefik" (on RB5009)
Replies: 7
Views: 5728

Re: Container "Traefik" (on RB5009)

FWIW, to get nicely formatted colorized logs from Traefik container, the following complex command does that: /log print proplist=message as-value where topics~"container" [:if ($message~"(ERR|INF|DBG|WRN)") do={:put [:pick "$message\1B[0K" 25 999]}] You can add a "...
by Amm0
Thu May 30, 2024 7:32 am
Forum: Scripting
Topic: mikrotik events script New abroach
Replies: 10
Views: 965

Re: mikrotik events script New abroach

Since this was fresh in my mind. Another fun one here with "print follow-only as-value where" & /container... Example: Using "print as-value follow-only where [...]" to print logs with c o lo ri z ed ANSI codes I use the Traefik /container on a few routers to add CORS support...
by Amm0
Thu May 30, 2024 5:50 am
Forum: Scripting
Topic: Monitoring the modem's status
Replies: 3
Views: 2418

Re: Monitoring the modem's status

I'm not sure I'd jump to temperature first - perhaps. But enabling more LTE logging helps. i.e. It may be some MBIM interaction with tower that causes the drop - or at least that be my first guess. There have been some recent fixes in LTE so trying testing version perhaps. But I'd add some logging f...
by Amm0
Thu May 30, 2024 5:41 am
Forum: General
Topic: RouterOS Language Support
Replies: 4
Views: 495

Re: RouterOS Language Support

There is no UNICODE support, so no UTF-8 specifically. RouterOS strings are all single-byte. And the default "code page" is Latin-1 for the extended chars. So your choices look like these: https://upload.wikimedia.org/wikipedia/commons/thumb/3/36/Windows-1252-infobox.svg/500px-Windows-1252...
by Amm0
Thu May 30, 2024 5:18 am
Forum: General
Topic: Mikrotik ATL LTE18 in Bridged Mode
Replies: 6
Views: 504

Re: Mikrotik ATL LTE18 in Bridged Mode

Sure. A few options depending on what you mean by "bridge mode". By default, ATL comes with router network of 192.168.188.0/24 to LTE. So you just tag the port going to the ATL as an access port VLAN 301, and the other switch using 301 will get an routed IP from the default DHCP of ATL and...
by Amm0
Wed May 29, 2024 8:52 pm
Forum: Scripting
Topic: Are IDs returned from REST API stable?
Replies: 4
Views: 367

Re: Are IDs returned from REST API stable?

Alright. That explains it. Thanks! FWIW, the .id in REST are also the output of a "find" in CLI: :put [/ip/address/find] *2;*2b;*2c;*81;*93;*9d;*a2;*ab;*b1;*b2;*b3;*b4;*b5;*b6 as REST: curl -k -s -u $USER -X POST https://$ROUTER/rest/ip/address/find --json '' | jq '.ret' "*2;*2b;*2c;...
by Amm0
Wed May 29, 2024 8:26 pm
Forum: Scripting
Topic: mikrotik events script New abroach
Replies: 10
Views: 965

Re: mikrotik events script New abroach

What I've never been able to do with the syntax here is exit out of the "print follow-only"... Why did not you ask the Cat? Is that going to be the title of your book on RouterOS scripting? It is these /containers that always give me troubles in scripting, since commands trigger events (i...
by Amm0
Wed May 29, 2024 7:06 pm
Forum: General
Topic: Best way to forward web traffic to portal page?
Replies: 4
Views: 586

Re: Best way to forward web traffic to portal page?

Hotspot is more if you want a "splash screen" when users connect to a network, but I'm not sure that's the need here. While hotspot does redirect HTTP, it's not a generic mechanism. But hotspot is something different & specific to, well, Wi-Fi. If you want to receive HTTP request on a ...
by Amm0
Wed May 29, 2024 5:22 pm
Forum: Scripting
Topic: Are IDs returned from REST API stable?
Replies: 4
Views: 367

Re: Are IDs returned from REST API stable?

As far as I understand, when using regular RouterOS scripting, the IDs you get are only valid during the execution of that command or something. @mrz is right about REST. And you're right about the CLI's "print" command - but those are "numbers=", not ".id=". To see th...
by Amm0
Wed May 29, 2024 7:27 am
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 23
Views: 1714

Re: Horrible container performance from 7.14 up to 7.15rc2

Maybe it's the disk you are using?
by Amm0
Wed May 29, 2024 7:26 am
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 23
Views: 1714

Re: Horrible container performance from 7.14 up to 7.15rc2

FYI even Pi-hole does this and I know there are dozens of people at least running that. I know there are folks with iperf container too. Just no reports on the forum, other than yours. Normally there a flurry if wide-spread issue... I'm believe you're seeing something. But you need one example, of ...
by Amm0
Wed May 29, 2024 6:48 am
Forum: Scripting
Topic: mikrotik events script New abroach
Replies: 10
Views: 965

Re: mikrotik events script New abroach

It's like the brother of the "op" type (>[:put $0]). This does highlight the general scripting rule to: don't use same name for :local variables as any attributes= for the command. I use something similar for /container to keep them started, and watch the state "live": /container...
by Amm0
Wed May 29, 2024 1:26 am
Forum: General
Topic: Chateau as a VOIP LTE gateway
Replies: 4
Views: 379

Re: Chateau as a VOIP LTE gateway

I probably did not explain it well - but i think you deciphered my mumbo ;-) Sorta... In some VOIP configurations you can use a GSM / LTE gateway to send/recieve voice calls. [...] What i was hoping to see is a way of using the Chateau as a GSM/LTE gateway so that it could be integrated into a PBX ...
by Amm0
Tue May 28, 2024 8:32 pm
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 23
Views: 1714

Re: Horrible container performance from 7.14 up to 7.15rc2

I regularlly use traefik container on my main test router, I have not seen any slowness. Now I don't have a lot of traffic going to/from. But they've started quickly and worked in the various 7.15beta. I know you're saying all containers slow, on all platforms. But perhaps it's something in some sub...
by Amm0
Tue May 28, 2024 8:11 pm
Forum: General
Topic: Chateau as a VOIP LTE gateway
Replies: 4
Views: 379

Re: Chateau as a VOIP LTE gateway

So to be able to tie the SMS/Voice through the data connection to my PBX? In the US, the big carriers can, for business/enterprise customers, do "SIP forwarding of calls". i.e. Any voice calls get directed to an SIP endpoint on your PBX by the carrier before getting to the modem. But noth...
by Amm0
Tue May 28, 2024 8:03 pm
Forum: General
Topic: Chateau as a VOIP LTE gateway
Replies: 4
Views: 379

Re: Chateau as a VOIP LTE gateway

I'm confused at what you're trying to do. A SIP trunk could run over the LTE data connection, and any PBX message (like SIP SIMPLE etc), would go via IP+SIP. But there is no way to tap into any voice stuff from RouterOS. Plus modem modules may not even have software needed. And one that did (typical...
by Amm0
Tue May 28, 2024 7:37 pm
Forum: Beginner Basics
Topic: 2FA Configuration to Mikrotik router issue [SOLVED]
Replies: 7
Views: 688

Re: 2FA Configuration to Mikrotik router issue [SOLVED]

Correct, there is no way to add 2FA / MFA to a local user in RouterOS. As I explained, you can you can setup RouterOS to query RADIUS for winbox/webfig/etc login, but it's a different account. But RADIUS RouterOS user can use whatever policy group, so they can be functionally same as a local one. Th...
by Amm0
Tue May 28, 2024 1:34 am
Forum: Scripting
Topic: Update a variable with a function
Replies: 3
Views: 324

Re: Update a variable with a function

The "/terminal inkey" exists in V6, with a space.

So this revised example works on 6.49.14:
{
     :local confirmkey [/terminal inkey] 
     :if ($confirmkey=89 or $confirmkey=121) do={ :put "got Y or y" } else={:put "got something else"}  
}
by Amm0
Mon May 27, 2024 9:50 pm
Forum: Scripting
Topic: Update a variable with a function
Replies: 3
Views: 324

Re: Update a variable with a function

In recent RouterOS, there is /terminal/ask - so you do not need to use the [:return] trick to do this. { :local resp [/terminal/ask prompt="Continue? [y/n]"] :if ($resp~"^[yY]\$") do={:put "got Y or y"} else={:put "got something else"} } There is also /termina...
by Amm0
Mon May 27, 2024 8:38 pm
Forum: Beginner Basics
Topic: 2FA Configuration to Mikrotik router issue [SOLVED]
Replies: 7
Views: 688

Re: 2FA Configuration to Mikrotik router issue [SOLVED]

Did you see this thread? There are few places where this can go wrong... https://forum.mikrotik.com/viewtopic.php?p=911961&hilit=two+factor+authentication#p984843 If you're talking about 2FA RouterOS login... I think you need to point the RouterOS's radius client to use user-manager server, expl...
by Amm0
Mon May 27, 2024 5:00 pm
Forum: Beginner Basics
Topic: 2FA Configuration to Mikrotik router issue [SOLVED]
Replies: 7
Views: 688

Re: 2FA Configuration to Mikrotik router issue [SOLVED]

I could be wrong. But I believe you add the 2FA code after the password is how it work. There is no prompt.
by Amm0
Mon May 27, 2024 3:21 pm
Forum: RouterOS beta
Topic: Feature Request : OpenAPI for REST API
Replies: 14
Views: 8476

Re: Feature Request : OpenAPI for REST API

I recently automated building the schema files at GitHub, including OpenAPI 2.0 (OAS2) . So newer (and older) versions of the RAML and OpenAPI schemas are available at: https://tikoci.github.io/restraml The same page has a nifty "diff" tool, to compare RouterOS versions. It's an easter egg...
by Amm0
Sat May 25, 2024 6:16 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 311
Views: 262214

Re: NEW FEATURE: Back to Home VPN

Okay understand I may be looking at a BTH setup incorrectly done on an Ops MT router and thus the missing export info? It's not in the `/wireguard/export` because it's "dynamic config" (i.e.configuration generated by another RouterOS option). And dynamic config is never in an export – thi...
by Amm0
Fri May 24, 2024 6:20 pm
Forum: Scripting
Topic: REST API schema for Postman & more
Replies: 6
Views: 5070

Re: REST API schema for Postman & more

I just wanted to "diff" the command tree to see what changed in CLI between versions. And... got needing to run Docker^2+QEMU+CHR somehow... I added a `diff` UI to the Schema Download page on GitHub, https://tikoci.github.io/restraml It will show what commands/attributes have changed betw...
by Amm0
Thu May 23, 2024 6:55 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 14
Views: 1892

Re: NetMetal ax / L23-UGSR — initial feedback from specs

... maybe ... a tremendous "MiniPCI-e-circuit-board-connector-leftover" ... or ... ... policy ... ¯\_(ツ)_/¯ . Good find, that seems like good news. Perhaps they just compromised, for now(?), so they could get the AX part of a newer NetMetal / "RouterBoard" out. Placing a connect...
by Amm0
Thu May 23, 2024 6:39 pm
Forum: Wireless Networking
Topic: M.2 capability on RBM33G
Replies: 3
Views: 459

Re: M.2 capability on RBM33G

The "Block Diagrams" often tell the story on Mikrotik devices on these things. It shows the SIMs are wired to the miniPCIe, so if you placed a modem directly in M.2 slot it have no SIMs available. And if M.2 modem used USB, it also would NOT work, since only PCI is available to M.2 slot on...
by Amm0
Thu May 23, 2024 6:15 pm
Forum: Beginner Basics
Topic: AT&T FTTH, VLANs, CapsMAN Full Config (RouterOS 7 Updated)
Replies: 33
Views: 6500

Re: AT&T FTTH, VLANs, CapsMAN Full Config (RouterOS 7 Updated)

@anav, I think you discount he's start at "hard" on the difficulty here. OP is lists: Complete removal of AT&T router ("residential gateway") from the picture As someone who has AT&T Fiber service at my house. I do not do this myself, not because it's a bad idea, but beca...
by Amm0
Thu May 23, 2024 5:06 pm
Forum: General
Topic: What is your experience with Mikrotik support
Replies: 12
Views: 811

Re: What is your experience with Mikrotik support

In routeros there is a difference been "not set" and being set to "empty" & that's how it work. In winbox you can use the black arrow on the right clear to clear it the like "unset" does at CLI. So if you have it set, there are "few arrows" on the right of...
by Amm0
Thu May 23, 2024 4:40 am
Forum: General
Topic: What is your experience with Mikrotik support
Replies: 12
Views: 811

Re: What is your experience with Mikrotik support

It was more about how operating system of Mikrotik deals with removing rule conditions. dst-address-type=local AND src-address-type=local makes packet maching counter to stop. Which is correct. But when you remove src-address-type=local from the rule (returning to initial rule), counter still does ...
by Amm0
Wed May 22, 2024 11:08 pm
Forum: Scripting
Topic: Need Help with MikroTik Script for Matching and Storing Patterns
Replies: 4
Views: 441

Re: Need Help with MikroTik Script for Matching and Storing Patterns

I think I might be doing something wrong, but I'm not sure what. Could anyone help me correct this script or guide me on how to achieve the desired functionality? Not sure "pattern matching" a config file is a good approach to any problem. The order of attributes can change, etc. etc. So ...
by Amm0
Wed May 22, 2024 10:58 pm
Forum: General
Topic: What is your experience with Mikrotik support
Replies: 12
Views: 811

Re: What is your experience with Mikrotik support

Seems like be a potentially funny YouTube video, "How Mikrotik deals with support cases".
the-simpsons-homer-simpson.gif
by Amm0
Wed May 22, 2024 10:45 pm
Forum: Scripting
Topic: REST API schema for Postman & more
Replies: 6
Views: 5070

Re: REST API schema for Postman & more

I automated schema generation on GitHub. And added a new download page that shows schema/docs for a variety of versions from 7.9 to 7.15rc4: Downloads: https://tikoci.github.io/restraml The source and other details are here: GitHub Project: https://github.com/tikoci/restraml VSCode Online View: http...
by Amm0
Mon May 20, 2024 11:45 pm
Forum: General
Topic: GUIDE: Running Netinstall Server on a Tik
Replies: 54
Views: 5862

Re: GUIDE: Running Netinstall Server on a Tik

Leave it like it is please. It works :lol: I created a new spin on @semaja2's excellent work. See https://github.com/tikoci/netinstall which builds to DockerHub (ammo74/netinstall:latest) and GHCR (ghcr.io/tikoci/netinstall:latest). Instead of the Dockerfile using a mount, it download all the files...
by Amm0
Mon May 20, 2024 10:17 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3
Replies: 38
Views: 3679

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

Yeah perhaps. About all I have is you might want to update your case with Mikrotik that you also tried the bridge igmp method too. That actually should have worked in your case IMO.... Maybe not fix the packet loss, but work. Maybe Mikrotik can search their Jira for another case where Movistar setup...
by Amm0
Mon May 20, 2024 9:45 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11353

Re: [Discussion] MikroTik configuration abstraction complexity

Agreed?
Well, it is a thread @DarkNate started – not some bitting invective injected into someone else's posting. Kinda different cases IMO.

The back-and-forth over some folk's tone get's annoying too. ;)
by Amm0
Mon May 20, 2024 9:25 pm
Forum: Scripting
Topic: remove [find] gets stuck while executing
Replies: 4
Views: 482

Re: remove [find] gets stuck while executing

Hmm. Does doing just the [find] work, or is it in the "remove" part. There is the :time command to see how things take. Be curious what if it's the "find" part or the "remove" works. :put [:time {/interface/bridge/port find}]] And/or try if you using the list as a strin...
by Amm0
Mon May 20, 2024 8:50 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3
Replies: 38
Views: 3679

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

Yeah I'm not convinced everything multicast is 100% on RouterOS. If I disable IGMP Proxy, the TV doesn't work. That's to be expected since you don't have a IGMP querier enabled when /routing/igmp-proxy is disabled. Essentially, the long page about "Bridge IGMP/MLD" essentially boils down ...
by Amm0
Mon May 20, 2024 8:32 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11353

Re: [Discussion] MikroTik configuration abstraction complexity

RouterOS v8 could be “from scratch” [...] For RouterOS v7, the only option is XDP/eBPF data-plane. Forget DPDK/VPP probably. Or in RouterOS v7, don't fuck with the data plane. Fix bugs, and there many. Make the AX more centerialized and simple. And add more docs, especially on interop with cisco/et...
by Amm0
Mon May 20, 2024 8:25 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3
Replies: 38
Views: 3679

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

Yeah I'm not convinced everything multicast is 100% on RouterOS. But without delving into packet trace, hard to know. And Movistar does some specific things based on many years of reports here that don't make it simplier. FWIW, the RTSP proxy support was added largely for Movistar AFAIK. And /routin...
by Amm0
Mon May 20, 2024 7:56 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11353

Re: [Discussion] MikroTik configuration abstraction complexity

When Mikrotik started it was have been unthinkable to run routing on Linux at large scale. Different world for a while. And we seem back to talking ASIC again... I hate C cisco [...] I dislike Arista for being a Cisco-fake That explains a lot. My take on Mikrotik history is that someone had the idea...
by Amm0
Sun May 19, 2024 4:23 am
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3
Replies: 38
Views: 3679

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

Boy I would have bet money is was something in the wifi-qcom drivers... cable kinda eliminates that theory... There just not a lot of knobs to turn here. Only other one that effect a wired and wireless is the bridge MC cache: /interface bridge set bridge multicast-router=permanent Cannot say if it h...
by Amm0
Sat May 18, 2024 8:29 pm
Forum: Scripting
Topic: Ready variable from file.rsc [SOLVED]
Replies: 8
Views: 2125

Re: Ready variable from file.rsc [SOLVED]

I kinda missed that limiting access to only SMB. Now :import follows the current logged in user, so it's not "unsafe". But in this case, if allowing SMB to an non-admin to edit it & some later script run it... yeah there is room for some privilege escalation. Question was how to read f...
by Amm0
Fri May 17, 2024 10:12 pm
Forum: Scripting
Topic: Ready variable from file.rsc [SOLVED]
Replies: 8
Views: 2125

Re: Ready variable from file.rsc [SOLVED]

If the file has globals, you can actually just use ":import <file>" to read them from a file.
by Amm0
Fri May 17, 2024 8:37 pm
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2042

Re: LHGGR underperforming LTE speeds [SOLVED]

Fair enough, "SS7" is technically incorrect, just old and lump all "carrier stuff" as SS7. I'm just not convinced it's a device/antenna selection issue in this case. e.g. SINR is 15db. Only point was the LTE carrier can send a requested MTU to the modem. And on Mikrotik this does...
by Amm0
Fri May 17, 2024 7:19 pm
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2042

Re: LHGGR underperforming LTE speeds [SOLVED]

Shouldn't MSS clamping be done by operator's TCP Proxy (they are often running on mobile networks, at least for APNs without inbound access)? But you're right, it's probably a good idea to check it. Hard to know. Kinda my point... there is even more ways for things to go wrong even if RF were diale...
by Amm0
Fri May 17, 2024 6:24 pm
Forum: RouterBOARD hardware
Topic: GRE Zscaler can't load website
Replies: 3
Views: 590

Re: GRE Zscaler can't load website

"clamp-tcp-mss" option requires the MTU to be correct in the first place, otherwise it's just forcing TCP MSS to be wrong – which actually a worse problem... Maybe not the case.... But if your WAN has a lower MTU than 1500, then the default GRE MTU needs to be reduced. The default 1476 is ...
by Amm0
Fri May 17, 2024 5:55 pm
Forum: General
Topic: LHGGR underperforming LTE speeds [SOLVED]
Replies: 30
Views: 2042

Re: LHGGR underperforming LTE speeds [SOLVED]

Well, tabling the RF stuff... i.e. If you want to optimize RF, it at least a dozen things to research/measure/do/tweak. And no doubt you're better off with a high-category modem vs a lower one – but trying quantify speeds linearly does not give enough credit to 3GPP specs that try to ensure fairness...
by Amm0
Thu May 16, 2024 11:02 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11353

Re: [Discussion] MikroTik configuration abstraction complexity

As a networker who cut his teeth on Cisco IOS, I'm #TeamPort myself :) LOL, #TeamPort, agree I think.... I take you to mean being able to express normal things like "access"/"trunk"/"hybrid" on /interface/bridge/port including what's tagged for trunks WITHOUT having to...
by Amm0
Thu May 16, 2024 7:03 pm
Forum: General
Topic: [Formal Complaint] Support is ignoring my problem for 3 weeks
Replies: 50
Views: 7086

Re: [Formal Complaint] Support is ignoring my problem for 3 weeks

Which has been deleted from the support panel
I suspect it has not been deleted, but marked closed. There is a filter "closed" issues in JIRA-based help.mikrotik.com portal.
by Amm0
Thu May 16, 2024 4:31 pm
Forum: RouterBOARD hardware
Topic: Switch Synergistic Research UEF
Replies: 4
Views: 544

Re: Switch Synergistic Research UEF

If one ignore the snake oil about audio enhancing ethernet...

They put in some time to make it look nice with a decent power supply. And bet they take a phone call if there is a problem. Sounds like cisco, and priced accordingly.
by Amm0
Thu May 16, 2024 3:42 pm
Forum: Announcements
Topic: v7.14.3 [stable] is released!
Replies: 671
Views: 209556

Re: v7.14.3 [stable] is released!

That's a 20-bit number (1 and then 20 0's) ... looks like something hardcoded. It's calculated max-entries can be shown via: /ip/firewall/connection/tracking/print Now if there is free memory, docs do suggest it show grow. Still, if you're hitting these limits, using "raw" rules for stuff...
by Amm0
Thu May 16, 2024 3:22 pm
Forum: General
Topic: Slow FTP upload speed via GRE Tunnel
Replies: 16
Views: 1171

Re: Slow FTP upload speed via GRE Tunnel

Good explanation @rplant. Does seem like MTU issue... i.e. "slow" often a sign of wrong MTU & "slow" also means it's getting through the firewall so ain't fw filters... Even if not, it still best to know/confirm your MTU with the ping test. In similar MTU vain, make sure icmp...
by Amm0
Thu May 16, 2024 6:40 am
Forum: Announcements
Topic: v7.15rc [testing] is released!
Replies: 343
Views: 108966

Re: v7.15rc [testing] is released!

*) bridge - added MVRP support; Finally tried out MVRP. Seems to work in limited testing. Two grips: 1. If /interface/vlan has been enabled for MVRP (mvrp=yes), then VLAN ID should be dynamically added to /interface/bridge/vlan with tagged=bridge. Instead, the vlan-id must be manually added to loca...
by Amm0
Wed May 15, 2024 9:57 pm
Forum: Announcements
Topic: Newsletter #118 | May 2024
Replies: 28
Views: 18238

Re: Newsletter #118 | May 2024

LOL re official font, manrope ... at least it's description matches the product ;)
This font is a crossover of different font types: it is semi-condensed, semi-rounded, semi-geometric, semi-din, semi-grotesque. It employs minimal stoke thickness variations and a semi-closed aperture.
by Amm0
Wed May 15, 2024 5:31 pm
Forum: The Dude
Topic: Required Dude server package [SOLVED]
Replies: 4
Views: 7014

Re: Required Dude server package [SOLVED]

And... then copy the dude.npk to the root of the Files & reboot. You need to enable it Dude > Settings and pick a path to store the database. You'd need the Dude client for Windows to then manage it, using same RouterOS login in Dude app.
by Amm0
Wed May 15, 2024 5:51 am
Forum: Containers
Topic: Horrible container performance from 7.14 up to 7.15rc2
Replies: 23
Views: 1714

Re: Horrible container performance from 7.14 up to 7.15rc2

Have you deleted and re-created the VETH interface used by the container?

Sometime stuff goes bad between versions with VETH interface I've found. Never slowness you're describing. But still may be worth it to remove/add VETH interface, even with same IP.
by Amm0
Wed May 15, 2024 5:45 am
Forum: General
Topic: Transit over two EOIP tunnels over PPTP
Replies: 10
Views: 644

Re: Transit over two EOIP tunnels over PPTP

Agreed, even with PPTP, one end still need to be public IP. Or otherwise routable over an internal network as noted. PPTP still uses GRE, like EoIP...it just uses an TCP port to setup so client side can be behind a NAT. As far as I know, you have to have permanent IP addresses for establishing EOIP ...
by Amm0
Wed May 15, 2024 5:29 am
Forum: Scripting
Topic: my script gets data running in terminl but not from system scripts
Replies: 9
Views: 585

Re: my script gets data running in terminl but not from system scripts

Since you already have the ".id" from the :foreach on [find], you do not need the 2nd [find] since "get" works with the .id. :foreach E in=[/system script environment find] do={:log info $E;:local name [ /system/script/environment get [find .id=$E ] ];:log info $name;} :foreach E...
by Amm0
Wed May 15, 2024 1:37 am
Forum: Scripting
Topic: my script gets data running in terminl but not from system scripts
Replies: 9
Views: 585

Re: my script gets data running in terminl but not from system scripts

RoS has an undocumented flaw when running the terminal in interactive mode that allows indexing objects with regular numbers. [...] It's not a "flaw" in scripting. If you want to see the .id, use "print show-ids". For interactive CLI use, the "always sequential" number...
by Amm0
Wed May 15, 2024 1:15 am
Forum: Scripting
Topic: my script gets data running in terminl but not from system scripts
Replies: 9
Views: 585

Re: my script gets data running in terminl but not from system scripts

Replace the "1" .id you used, with a "find".
 /system/script/environment get [find name="myvarname"]
But keep in mind what's "global" is tied to context/user where it was created.
by Amm0
Tue May 14, 2024 10:58 pm
Forum: General
Topic: Transit over two EOIP tunnels over PPTP
Replies: 10
Views: 644

Re: Transit over two EOIP tunnels over PPTP

Fair enough. But why not just use IPSec directly on the EoIP interface with a shared-secret? This seems simpler/cleaner, and perhaps faster, than PPTP tunnels.
by Amm0
Tue May 14, 2024 9:44 pm
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

I suspect the \\\" fixed it in the string that's being sent. Since my 2nd example above using [:serialize to=json]* would NOT actually work for your 000000 case.... i.e. I learned something new here actually. Apparently [:serialize to=json] will automatically convert strings into numbers - even...
by Amm0
Tue May 14, 2024 6:45 am
Forum: Beginner Basics
Topic: Internal clients DNS over HTTPS
Replies: 6
Views: 571

Re: Internal clients DNS over HTTPS

Tend to agree. If concerned about privacy on the LAN, you should just encrypt all data using a VPN to router – still enough HTTP and other protocols that "leak" information if one can snoop the wire on a LAN. What a shame, seems to be a huge miss in the entire market space. Well... AFAIK o...
by Amm0
Mon May 13, 2024 8:01 pm
Forum: General
Topic: Wrong country when selecting Time Zone Autodetect
Replies: 23
Views: 2283

Re: Wrong country when selecting Time Zone Autodetect

How often does the device change countries/time zones during normal use? Agree with you. Except @normis said it's regularly updated & the defaults use automatic timezone. So I'd imagine it's annoying it's always wrong and requires changing manually on 100 devices, when you got it updated in the...
by Amm0
Mon May 13, 2024 6:45 pm
Forum: General
Topic: Ccr2216 rebooted by watchdog timer
Replies: 10
Views: 2324

Re: Ccr2216 rebooted by watchdog timer

After todays reboot finally received autosupout.rif file and there is open ticket about it - SUP-152819. waiting ... One tip, if you don't know, is you can read the autosupout.rif from https://mikrotik.com/client/supout (if have/create an account at www.mikrotik.com). Sometimes the stored logs in s...
by Amm0
Mon May 13, 2024 6:40 pm
Forum: General
Topic: IP-sec secret (pre-shared key) is too complex L2TP/IPsec
Replies: 3
Views: 1781

Re: IP-sec secret (pre-shared key) is too complex L2TP/IPsec

( and ) are problem in your password. And I have tried ; It is also a problem. Maybe bug here with (). But question is it from winbox or CLI, or both? winbox shouldn't need any escaping (i.e. it should do that when you click OK for the config). Now at CLI you'd want double-quotes after pre-shared k...
by Amm0
Mon May 13, 2024 6:22 pm
Forum: General
Topic: Wrong country when selecting Time Zone Autodetect
Replies: 23
Views: 2283

Re: Wrong country when selecting Time Zone Autodetect

It's the contraction between the geoip database gets updated monthly part that odd here. And @Blancatel says IPs are the database Mikrotik is using for many months. While true, it's not hard to set for one router.... But I think @Blancatel is a ISP-ish scenario... so stuff like "just set it&quo...
by Amm0
Mon May 13, 2024 7:13 am
Forum: Scripting
Topic: snmpwalk/snmpget can't read global variable [SOLVED]
Replies: 14
Views: 7547

Re: snmpwalk/snmpget can't read global variable [SOLVED]

Yeah there is a lot of stuff you just cannot read from SNMP, so /system/note may not be a bad option. But just note since it updates config, it does increase flash writes since an update is stored in config. In terms of SNMP+scripts, it's a shame there stored /persistent variables, for a lot of reas...
by Amm0
Mon May 13, 2024 1:48 am
Forum: Beginner Basics
Topic: AT&T FTTH, VLANs, CapsMAN Full Config (RouterOS 7 Updated)
Replies: 33
Views: 6500

Re: AT&T FTTH, VLANs, CapsMAN Full Config

An entire topic should be spent on Service Discovery between VLANs, I should think. Oh it's been a topic ;), at least in terms of SSDP and mDNS. At present have the following options* if only using Mikrotik gear: 1. Use bridge filtering, most current is here https://forum.mikrotik.com/viewtopic.php...
by Amm0
Sun May 12, 2024 5:41 pm
Forum: Wireless Networking
Topic: hAP ax2 - best WiFi configuration for range?
Replies: 12
Views: 812

Re: hAP ax2 - best WiFi configuration for range?

@mkx is right 20Mhz would get you smidgen more range.

Sometimes just even minor re-positioning router helps too (e.g.. put on top of bookcase, vs. in the bookcase, ... etc.). And, check your clients RSSI in various locations to see if that helps.
by Amm0
Sun May 12, 2024 4:51 pm
Forum: General
Topic: BTH BUG Bleeding Into Regular Wireguard.
Replies: 22
Views: 2084

Re: BTH BUG Bleeding Into Regular Wireguard.

I have the same problem with the exact same scenario with two WANs and WG on the non-primary WAN. Well, you're better off using use routing rules, not mangle. While mangle should work here to be consistent with RouterOS... but WG seems to overly follow what Linux kernel does, not Mikrotik's packet ...
by Amm0
Sun May 12, 2024 6:30 am
Forum: General
Topic: Slow FTP upload speed via GRE Tunnel
Replies: 16
Views: 1171

Re: Slow FTP upload speed via GRE Tunnel

Did you check the MTU?
by Amm0
Sat May 11, 2024 10:48 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3
Replies: 38
Views: 3679

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

Also, I'm not sure quick-leave=yes is needed in the IGMP settings. Perhaps it has a bad interaction with AX drivers, dunno. Anyway, another thing to try.
by Amm0
Sat May 11, 2024 10:44 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3
Replies: 38
Views: 3679

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

You have the RTSP helper, which I believe is critical for Movistar (/ip firewall service-port set rtsp disabled=no)... so it's not that. There is not a lot of detail on multicast-enhance, so really hard to know here. One thing is you may want to enable the querier=yes on the bridge in /routing/igmp-...
by Amm0
Sat May 11, 2024 7:07 pm
Forum: General
Topic: BTH BUG Bleeding Into Regular Wireguard.
Replies: 22
Views: 2084

Re: BTH BUG Bleeding Into Regular Wireguard.

@anav, did you report a bug on this? Until such time MT sorts out this mess. :-( They may never... Part of why WG is fast is that it happens in the kernel, so dropping down to mangle likely be some performance hit. But I don't know. Kinda the reverse complaint of @DarkNate's [Discussion] MikroTik co...
by Amm0
Sat May 11, 2024 6:51 pm
Forum: Scripting
Topic: Script triggered by API not executed properly [SOLVED]
Replies: 7
Views: 5606

Re: Script triggered by API not executed properly [SOLVED]

Assuming you're using REST or "native API" to run /system/script with update code, might be easy to try setting "Don't Check Permissions" on that script to see if it works then. And/or make sure the script owner is same as the user you're using to login with REST/API.
by Amm0
Sat May 11, 2024 6:42 pm
Forum: General
Topic: IPTV cuts and pixelations with Movistar Spain and HAP ax3
Replies: 38
Views: 3679

Re: IPTV cuts and pixelations with Movistar Spain and HAP ax3

It not working at all be easier problem... And multicast with AX drivers, I'm less familar. But I'd add the multicast-enhance=enabled to the parent 5Ghz interface as well. The docs are unclear if a child SSID can set that independent of the parent. But I don't think it hurt your normal LAN traffic, ...
by Amm0
Sat May 11, 2024 3:19 am
Forum: General
Topic: Flexibel DHCP-client options
Replies: 4
Views: 431

Re: Flexibel DHCP-client options

In theory I could start wiresharking and put the values in DHCP-options on the LAN-side, until the ISP changes them for some reason then my TV-box would not work anymore. You'd still need to sniff the existing DHCP from your ISP router what's in the Option 43 Vendor. Hard to know if it's dynamicall...
by Amm0
Sat May 11, 2024 2:11 am
Forum: General
Topic: Flexibel DHCP-client options
Replies: 4
Views: 431

Re: Flexibel DHCP-client options

I've never used them, but did you try to add those additional options via: /ip/dhcp-client/option/add name=bootfilename code=67 value="'somefile'" Those are also in winbox, and docs are explain the format for value follows the dhcp-server scheme: DHCP client has the possibility to set up o...
by Amm0
Fri May 10, 2024 6:32 pm
Forum: General
Topic: Chateau 5G ax - Automatic cellular reconnect on provider disconnect
Replies: 20
Views: 3332

Re: Chateau 5G ax - Automatic cellular reconnect on provider disconnect

Anyway, out of curiosity and just in case disabling it and enabling it again is not effective, I would like to know if it is possible to reset the lte1 interface using AT commands or in any other way using only one command. There is also a "power-reset" command to kill USB power (to reboo...
by Amm0
Fri May 10, 2024 6:17 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 14
Views: 1892

Re: NetMetal ax / L23-UGSR — initial feedback from specs

no we need any AX outdoor client I'd imagine some wAPax is in the works. Technically, the NetMetal AX could be AX client FWIW. Mainly wanted to highlight the lack of 48V PoE – that be a deal killer on some future outdoor AX client IMO, where standard 802.3at/af PoE be common. And, if new routers ar...
by Amm0
Fri May 10, 2024 6:10 pm
Forum: Forwarding Protocols
Topic: default route check with BFD
Replies: 10
Views: 611

Re: v7.15rc [testing] is released!

Also "BFD for OSPF" means that BFD is used to detect whether the OSPF neighbor is down, it is unrelated to setting check gateways for the ospf routes. Fair enough. Recent BFD docs do say "Features not yet supported: ... enabling BFD for ip route gateways". Except Route Selection...
by Amm0
Fri May 10, 2024 1:06 am
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 52
Views: 10523

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

I think it's great you can make something like an mDNS repeater in Mikrotik from rules. It's what all the levers and knobs are for. True. But should still be built-in to /ip/dns stuff... And Mikrotik @normis said they're working on it & "be a while"... so we're 1 year into that, perha...
by Amm0
Fri May 10, 2024 12:42 am
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 52
Views: 10523

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

LOL re sausage analogy. I tend to agree your filter approach is doing what something in user space would do. So other than being more confusing than making a French Soufflé ... it arguably faster than some built-in thing. I have tried addresses 224.0.0.250 and 224.0.0.252 as static GMPs and they sho...
by Amm0
Fri May 10, 2024 12:03 am
Forum: General
Topic: Slow FTP upload speed via GRE Tunnel
Replies: 16
Views: 1171

Re: Slow FTP upload speed via GRE Tunnel

Could be wrong, but I don't think you can use fast-track with IPSec-enabled GRE tunnel. Also, are you setting MTU lower on the GRE interface, or is MTU 1500? If it's 1500, you can use ping and don't fragment to determine the MTU (search here/google for using ping to calculate mtu size). Relatedly, m...
by Amm0
Thu May 09, 2024 10:35 pm
Forum: The Dude
Topic: Dude in external disk
Replies: 1
Views: 380

Re: Dude in external disk

Essentially it's all stored in a SQLite database, so you just need to move the files and update dude settings to use new path. To do this... first, disable Dude service in Winbox under Dude > Settings. Note the path to the data files is stored there. If you then go to Files section in winbox, just m...
by Amm0
Thu May 09, 2024 9:37 pm
Forum: Forwarding Protocols
Topic: default route check with BFD
Replies: 10
Views: 611

Re: default route check with BFD

Not sure where this going wrong... You should be able to use route rule for OSPF to set the check-gateway=bfd.

But...you cannot set check-gateway=bfd in a static /ip/route as that is "not yet support" per docs. So if it's a static route, that be your issue here.
by Amm0
Wed May 08, 2024 9:03 pm
Forum: Scripting
Topic: Functions and function parameters
Replies: 54
Views: 104797

Re: Functions and function parameters

now it's ok, I found the solution https://forum.mikrotik.com/viewtopic.php?t=197800 I put ':put' and everything works For avoid useless print, like It's the [] sub-command that's the issue if I recall - if it's command result isn't going to a variable, there is no need for the [] backets. e.g. [$fl...
by Amm0
Wed May 08, 2024 8:56 pm
Forum: General
Topic: Access to router lost after setting EtherType to 0x88a8. Recovery possible? [SOLVED]
Replies: 2
Views: 3913

Re: Access to router lost after setting EtherType to 0x88a8. Recovery possible? [SOLVED]

Clearly any port using the bridge is not going to work. But just to confirm you tried Layer2 winbox using MAC address of the ether1 while connected to it?

Did you have RoMON enabled on it, if so it MIGHT show up on another router with RoMON enabled.
by Amm0
Wed May 08, 2024 8:39 pm
Forum: General
Topic: RoMON and VRF's [SOLVED]
Replies: 2
Views: 3893

Re: RoMON and VRF's [SOLVED]

RoMON works at the ethernet level, using non-IP ether-type. So it has nothing to do with routing tables or VRF.
It only works on "ethernet-like" interfaces, and a VRF "interface" is not ethernet-like since it does not have a MAC address.
by Amm0
Wed May 08, 2024 8:18 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

Good to hear! Lesson is posting the entire config is helpful... And even then I had to look /ip/dhcp-server/alert docs myself since I didn't know HOW it worked. The yellow box in docs told the whole story however: https://i.ibb.co/xghv7rh/Screenshot-2024-05-08-at-9-52-02-AM.png I still wonder why it...
by Amm0
Wed May 08, 2024 4:00 pm
Forum: RouterBOARD hardware
Topic: Can't find a suitable router... product lines a mess
Replies: 26
Views: 2052

Re: Can't find a suitable router... product lines a mess

home office gets stuffed with 5 more plants and flowers EVERYWHERE and you have to water them and dust the leaves" :D
Given Wi-Fi's natural enemy is foliage, this makes sense. I guess explaining with more plants, you'll need more Wi-Fi, is not going to work.
by Amm0
Wed May 08, 2024 5:34 am
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

Thanks for indulging in the vlan-filtering=yes. I just know that works with VRRP, and if there was a bug/config-issue/etc here... I figured it block or change the issue. No such luck it seems. Scanned your config again... I did notice one of the routers was using /ip/dhcp-server/alert & that mig...
by Amm0
Wed May 08, 2024 12:35 am
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

FWIW, another way of building the GQL string is using RouterOS array to store it, and the use [:serialize] to convert RouterOS array to JSON, this avoid some of the more complex escaping (and uses a { } block so :local variables can be used at the CLI, since you'd want to use :local variables a fina...
by Amm0
Tue May 07, 2024 11:47 pm
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

Your HTTP example is useful. HTTP bodies do NOT need any escaping, but GraphQL must want the \" with your leading 0 case. And you can see that cURL use the single quotes, so quotes shouldn't need escaping there either. So I think the issue is in RouterOS you need a "triple backsplash"...
by Amm0
Tue May 07, 2024 9:28 pm
Forum: Useful user articles
Topic: mDNS between VLANs with just bridge filters - Look Mum, no containers!
Replies: 52
Views: 10523

Re: mDNS between VLANs with just bridge filters - Look Mum, no containers!

RouterOS really needs an mDNS solution out of the box (both as multicast and Wide Area Bonjour).
Well the DNS-SD part could have been done by simply allowing a PTR RR in the /ip/dns/static YEARS ago. Being able to statically configure mDNS be useful, but cannot even do that. Frustrating.
by Amm0
Tue May 07, 2024 9:22 pm
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

It not so easy with container if it's an event like dhcp-client where this script lives. I doubt there is a bug in /tool/fetch here... but one wrong escape char in query, it ain't going to work. If it works in Postman, with the leading 0, can you cut-and-paste Postman's HTTP and cURL "Code snip...
by Amm0
Tue May 07, 2024 8:33 pm
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

The leading 0 in the value of $testname? If so, you might want to quoting $testname. (Also, as quoted above, the variable name looks wrong.) :global data file "{\"query\":\"query inventory{inventory_model_field_data(general_search: \" $testname \" ){entities{id}}}\"...
by Amm0
Tue May 07, 2024 7:50 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

Okay, so you want all trunk ports, that make sense. I still recommend using bridge vlan-filtering=yes. Your issue with that is the BRIDGE-LAN itself needs to be in the tagged= list. /interface bridge vlan add bridge=BRIDGE-LAN disabled =yes tagged= BRIDGE-LAN ,sfp-sfpplus2-LAN vlan-ids=2,5-7,10,12,1...
by Amm0
Tue May 07, 2024 5:58 pm
Forum: Beginner Basics
Topic: iPhone lock update.
Replies: 10
Views: 987

Re: iPhone lock update.

That's kinda far away from the defaults... I don't have much in the configuration because I'm just starting out. Are firewall rules enough for you? You do have some blocking rules... So if some update on iPhone uses same CDN/cloud/etc as something that's blocked... That be one reason it wouldn't wor...
by Amm0
Tue May 07, 2024 5:39 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 14
Views: 1892

Re: NetMetal ax / L23-UGSR — initial feedback from specs

1. Any reason it does not support USB 3.0? USB3.0 can kill 2.4GHz WiFi. USB2.0 can do up to (realistically) 400Mbps, which is not that bad either. Fair point. But annoying since always some compromise to upgrade. I still have quite a few RB953s I'd like to upgrade, and still no decent replacement b...
by Amm0
Tue May 07, 2024 5:14 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

I'm pretty sure this is a VLAN tagging issue – this is not easy to get right as all the parts have to align... So just enabling vlan-filtering=yes is not the whole story for sure... Can you post a redacted config of one of the routers, and some description of what VLANs should be tagged/untagged on ...
by Amm0
Tue May 07, 2024 4:18 pm
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

Thanks for this. I am terrible at programming but RouterOS seems a bit different than anything else I have looked at(python, JS). FWIW, the [:deserialize from=json] is new operation – before :deserialize was added your problem here be a nightmare. But fair enough, it is different from anything else...
by Amm0
Tue May 07, 2024 3:55 am
Forum: Wireless Networking
Topic: Full wifi device isolation
Replies: 7
Views: 1102

Re: Full wifi device isolation

Mikrotik QuickSet config use a bridge filter that block forwarding. So that's another way to do client isolation:
/interface bridge filter
add action=drop chain=forward in-interface=wifiXX
add action=drop chain=forward out-interface=wifiXX
by Amm0
Mon May 06, 2024 11:42 pm
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

Yeah that's how it RouterOS output's an array, but the array "->" operator can be used. In routeros there an "index" using numbers (e.g. JSON backets [ ]), or if "map" with key-values, then quoted named is used with the "->" routeros array accessor operator......
by Amm0
Mon May 06, 2024 11:35 pm
Forum: Scripting
Topic: Can't Query Graphql site
Replies: 26
Views: 1721

Re: Can't Query Graphql site

Yeah that's how it RouterOS output's an array, but the array "->" operator can be used. In routeros there an "index" using numbers (e.g. JSON backets [ ]), or if "map" with key-values, then quoted named is used with the "->" routeros array accessor operator......
by Amm0
Mon May 06, 2024 10:46 pm
Forum: General
Topic: Sending priority-tagged frames?
Replies: 2
Views: 399

Re: Sending priority-tagged frames?

by Amm0
Mon May 06, 2024 9:26 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

FWIW, If you don't want to use vlan-filtering approach. You'd need seperate bridges for each VLAN, which is going to be bigger PITA than figuring out the bridge VLAN table approach....
by Amm0
Mon May 06, 2024 9:24 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

Was you VLAN+bridge without filtering working before VRRP? Also, looks like sfpplus-2 is the one with issues, and that's the one with horizon=0 while rest are horizon=1. Regardless, you should use vlan-filtering=yes on the bridge. See https://help.mikrotik.com/docs/display/ROS/Bridge+VLAN+Table One ...
by Amm0
Mon May 06, 2024 8:45 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

It has to be the VLAN tagging in the bridge. VRRP doesn't effect broadcast scope for DHCP, but untagged/mistagged PVIDs would...

Can you post the bridge configuration?
by Amm0
Mon May 06, 2024 6:46 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax temperature at sunny outdoor location
Replies: 3
Views: 416

Re: NetMetal ax temperature at sunny outdoor location

While I get aesthetics of black, does seem like asking for trouble with AX chips... It's a pity that NetBox 5 AX only operates at 5GHz. Otherwise, it would probably be a better choice because of the white plastic case. LOL. I made my own list of complaints: https://forum.mikrotik.com/viewtopic.php?t...
by Amm0
Mon May 06, 2024 6:38 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax / L23-UGSR — initial feedback from specs
Replies: 14
Views: 1892

NetMetal ax / L23-UGSR — initial feedback from specs

In general I like the upcoming NetMetal ax and L23UGSR-5HaxD2HaxD , as an alternative in Mikrotik's "custom LTE router" lineup... But some feedback based on specs... 1. Any reason it does not support USB 3.0? This kinda limits it for use with high-speed LTE networks because of the USB bus ...
by Amm0
Mon May 06, 2024 5:54 pm
Forum: RouterBOARD hardware
Topic: NetMetal ax temperature at sunny outdoor location
Replies: 3
Views: 416

Re: NetMetal ax temperature at sunny outdoor location

It's a fair question. The AX chips seem "hotter" generally. They don't list weight in specs..., but suspect it has more metal than older one to compensate.
by Amm0
Mon May 06, 2024 5:44 pm
Forum: Beginner Basics
Topic: ISP CONFIGURATION [SOLVED]
Replies: 8
Views: 4516

Re: ISP CONFIGURATION [SOLVED]

It more that there isn't one setting for setting up queues. And a lot of considerations go into a queue type/strategy. So there is no simple answer to your question...
by Amm0
Mon May 06, 2024 5:30 pm
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

I just know Hauwei LTE modem sticks are a PITA. Generally if RouterOS is doing what Linux is doing that what I'd expect with LTE setting mode=auto, so that's working... - stick in a Linux PC. This is another story, since, even if it is automatically recognized by Linux, Linux gets a private IP and I...
by Amm0
Mon May 06, 2024 5:23 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

Fair enough. I didn't notice the /23...assumed /24. Otherwise the VRRP part looks right. I'd look at your bridge configuration, on why clients are getting address on all. Some VLAN filtering misconfiguration could cause that. e.g. /interface/bridge/vlans vs PVID/frame-type etc.... What interface is ...
by Amm0
Mon May 06, 2024 8:38 am
Forum: General
Topic: Mikrotik ControlD container config issue arm32
Replies: 3
Views: 389

Re: Mikrotik ControlD container config issue arm32

Put the VETH in LAN interface list, otherwise default firewall will drop the traffic.
by Amm0
Mon May 06, 2024 1:52 am
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

C) modem set to AUTO, reboot the 5009, the LTE interface pops up end is present. The IP address obtained by the LTE is PRIVATE \ behind NAT It could be in ECM mode, and it's using NAT on the stick. And Mikrotik isn't setting it to MBIM mode automatically Perhaps you might be access some web UI on t...
by Amm0
Sun May 05, 2024 8:19 pm
Forum: RouterBOARD hardware
Topic: Can't find a suitable router... product lines a mess
Replies: 26
Views: 2052

Re: Can't find a suitable router... product lines a mess

Fair enough re 5Ghz. Worth trying wifi-qcom-ac if you haven't yet on the Audience yet. But if you have concrete...a cable makes total sense. While agree there are odd gaps in the line-up. I'm not convinced "wi-fi less" hAPax3 is what's missing.... e.g. it be the only "hAP" withou...
by Amm0
Sun May 05, 2024 3:32 am
Forum: RouterBOARD hardware
Topic: Can't find a suitable router... product lines a mess
Replies: 26
Views: 2052

Re: Can't find a suitable router... product lines a mess

So I bought an Audience to cover the living room and the terrace and the kitchen. Wife approves, Audience is pretty. I have it piggybacked to my ax3 on the 2.4 GHz channel as station pseudobridge. But the most I can get is 50-ish Mbps. The Audience has 2 x 5Ghz radios – that's how it was designed t...
by Amm0
Sun May 05, 2024 3:17 am
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

Try setting the LTE mode back to "auto" instead of serial or mbim? Also make sure to update the /system/routerboard firmware too. Serial should be able get same public IP. There is an APN setting in PPP, I suspect that need to be explicitly set to something to get public address. Hopefully...
by Amm0
Sat May 04, 2024 6:57 pm
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

Installed 7.15rc2 yesterday evening. This morning the story is TOTALLY different. Still working? If so, you might want to update your support case with Mikrotik with your findings. Maybe they'd know why the 7.15rc fix does not cover the "If unplugged while the router is UP ... Then if I plug a...
by Amm0
Sat May 04, 2024 6:22 pm
Forum: General
Topic: help with adguard container setup
Replies: 4
Views: 734

Re: help with adguard container setup

Looks like this covers it: /ip/firewall/filter add action=accept chain=forward comment="LAN to Adguard" dst-address=172.17.0.2 src-address-list=LAN I don't see anything wrong there. You're correct to leave the address-list entry for 172.17.0.0/24 disabled - otherwise the container be allow...
by Amm0
Sat May 04, 2024 5:53 pm
Forum: General
Topic: help with adguard container setup
Replies: 4
Views: 734

Re: help with adguard container setup

Your firewall is blocking access to the VETH / 172.17.0.0/24. You seem to add the VETH subnet to LAN address -list add address=172.17.0.0/24 BUT it is marked a disabled=yes. The quicker fix may be to add VETH to the LAN interface -list. Mikrotik example for pihole uses a dst-nat rule, which you use ...
by Amm0
Sat May 04, 2024 12:47 am
Forum: Beginner Basics
Topic: Port forwarding trouble with PCC load balancing
Replies: 30
Views: 2530

Re: Port forwarding trouble with PCC load balancing

You can use a script on PPP profile to add/update static entires for the check-gateway=ping, similar to /ip/dhcp-client script ... but a two-step profile via a new /ppp/profile with a script to set check-gateway, and that new PPP profile linked in the PPPoE interface. But this complexity is why I su...
by Amm0
Fri May 03, 2024 9:40 pm
Forum: General
Topic: VRRP - DHCP Entries On All VLANS [SOLVED]
Replies: 25
Views: 4740

Re: VRRP - DHCP Entries On All VLANS [SOLVED]

VRRP isn't too hard. But the VRRP address needs to be /32 (which it is). But the VRRP and LAN do need to be in same subnet. And looks like CCTV-Access has mismatched IPs (likely typo ... but would for sure cause issues): /ip address add address=10.110 .3 .2. 253/23 comment=CCTV-Access interface=CCTV...
by Amm0
Fri May 03, 2024 7:31 pm
Forum: Beginner Basics
Topic: Port forwarding trouble with PCC load balancing
Replies: 30
Views: 2530

Re: Port forwarding trouble with PCC load balancing

Do you have "Use Default Route" enabled on the PPPoE interface? One thing you can do there is make sure that's check, but use a higher distance like 11 and 12 respectively. Right now there is only interface routes, no IP route to internet. You can then have lower distance= value for static...
by Amm0
Fri May 03, 2024 6:29 pm
Forum: Scripting
Topic: Functions and function parameters
Replies: 54
Views: 104797

Re: Functions and function parameters

But, when I execute the same code via another script, the global variable value2 is always empty.
FWIW, this is covered by doc's "tips and tricks":
https://wiki.mikrotik.com/wiki/Manual:S ... her_script
by Amm0
Fri May 03, 2024 5:31 am
Forum: RouterBOARD hardware
Topic: New L11UG-5HaxD
Replies: 35
Views: 8234

Re: New L11UG-5HaxD

Why dream so faintly? 7HbeQ, 7HbeO :wink: Can we add the letter "R" in these dreams? Bingo! Just noticed new L23UGS R -5HaxD2HaxD. My complaints about the L11UG was the lack of miniPCIe/SIM and no SFP (or 2nd port) seem solved: https://mikrotik.com/product/l23ugsr_5haxd2haxd I'll be getti...
by Amm0
Thu May 02, 2024 10:16 pm
Forum: General
Topic: /user group policy and :global variables
Replies: 3
Views: 321

Re: /user group policy and :global variables

IDK. But agree what's :global, to what users, is really inconsistent for sure. I'm just not sure what's "correct" since how globals (and permissions) are handled has been a moving target across past half dozen releases. Underlying the bigger issue that the available policy options do not m...
by Amm0
Thu May 02, 2024 7:34 pm
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

I agree with you RouterOS should recover if Linux recovers after the carrier's 4 hour session limit. A lot folks, include me, uses the LTE modems in remote places so IMO if some script is need to "recover" LTE interface, that's a workaround to some RouterOS bug that should be fixed. And, h...
by Amm0
Thu May 02, 2024 6:40 pm
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

I agree that something is "fishy" here. Perhaps it's the USB hardware/driver/kernel, IDK. But if it's not detecting it...worth checking an older version or different hardware. Over the years, I've seen some LTE bug fix in a release, cause problems for other modems – why I do suggest checki...
by Amm0
Thu May 02, 2024 6:20 pm
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

At the moment I think it is more a "RB5009 USB issue" than a "LTE stick issue".... Boy that be good to know if same stick worked in another Mikrotik. I guess if wanted experiment more, try an older RouterOS on RB5009 to see if some of the various "refactoring" changes ...
by Amm0
Thu May 02, 2024 9:42 am
Forum: General
Topic: [Feature Request] Data Center Bridge support
Replies: 24
Views: 3816

Re: [Feature Request] Data Center Bridge support

I believe RouterOS 7.15rc add some HW QoS, see https://help.mikrotik.com/docs/pages/vi ... =189497483
by Amm0
Thu May 02, 2024 3:12 am
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

If something does not come up in serial mode... it's not a good sign of stability. Mikrotik does have a list of modems they've tested here: https://help.mikrotik.com/docs/display/ROS/Peripherals But yeah the particular USB ID needs to be mapped. I guess getting a miniPCI-to-USB case and using one of...
by Amm0
Thu May 02, 2024 1:23 am
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

Try setting putting into serial mode: /interface/lte/settings/set mode=serial You should power off and power on after this change. And if shows as ports then, you can try PPP. using /interface/ppp-out (which may appear automatically if port is found). I doubt this modem is going to work as LTE. If i...
by Amm0
Wed May 01, 2024 9:06 pm
Forum: General
Topic: scripts to keep LTE stick up and running
Replies: 63
Views: 3681

Re: scripts to keep LTE stick up and running

Check if USB has shows any serial channels, using "/ports print". My guess is this a QMI modem, so it does not support ECM or MBIM need to make an "lte" interface in RouterOS. If it has any chanels, you might be able to use /interface/ppp-out to try to connect to it via PPP. e.g....
by Amm0
Wed May 01, 2024 8:54 pm
Forum: Beginner Basics
Topic: system gps monitor - basd command name "gps"
Replies: 2
Views: 241

Re: system gps monitor - basd command name "gps"

Yeah you need gps.npk. It's surprising it doesn't come preinstalled since GPS is always present. But I can see how that be annoying – it be like a few help pages to figure it out if not familar with RouterOS. You might want to make a feature request at https://help.mikrotik.com, since GPS.npk should...
by Amm0
Wed May 01, 2024 8:15 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 164
Views: 11353

Re: [Discussion] MikroTik configuration abstraction complexity

Certainly Mikrotik has a curious business strategy from this silicon valley denizen POV. I kinda view Mikrotik more as a redhat that made the choice to fund itself by selling low-margin hardware, over a high-margin services. It's a choice. On this front and to @DarkNate points on "config comple...
by Amm0
Wed May 01, 2024 6:51 pm
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1688

Re: wifi-qcom(-ac) and VLAN-filtering

The day I enable capsman on any of my devices, means my brain has been taken over by fungi!
It's not very friendly for sure. But worth noting that there is no fast roaming without CAPsMAN...
by Amm0
Wed May 01, 2024 6:47 pm
Forum: Wireless Networking
Topic: wifi-qcom(-ac) and VLAN-filtering
Replies: 17
Views: 1688

Re: wifi-qcom(-ac) and VLAN-filtering

Why is this the case? I thought we lived in a VLAN-Filtered world now. Well, the idea is keep the cAPs simple. The default config uses a "dumb" bridge. So that bridge to pass whatever vlan added by wifi driver. e.g. more hybrid port like UBNT APs. The wifi-qcom-ac driver do not support VL...
by Amm0
Tue Apr 30, 2024 11:26 pm
Forum: Scripting
Topic: router keeps resetting to default every reboot
Replies: 14
Views: 856

Re: router keeps resetting to default every reboot

verified that the post to the API it does in fact confirm the config and eliminate the reset loop cycle. it's a bit of a weird solution, but it 100% resolves the issue.
Great work. But this is a bug (or at least doc issue on how one should do this "correctly").
by Amm0
Tue Apr 30, 2024 9:25 pm
Forum: Scripting
Topic: router keeps resetting to default every reboot
Replies: 14
Views: 856

Re: router keeps resetting to default every reboot

tool/fetch url=http://192.168.88.1/rest/system/note user=user password=password http-method=post http-data="{\"note\":\"system configured\"}" http-header-field="Content-Type:application/json" With POST, it URL is url=h ttp://192.168.88.1/rest/system/note /set...
by Amm0
Tue Apr 30, 2024 8:05 pm
Forum: Scripting
Topic: router keeps resetting to default every reboot
Replies: 14
Views: 856

Re: router keeps resetting to default every reboot

As for the $action, I am hoping that it is possible to do something like :set action "confirmed" It may need at ":return 1" or something, but "guess-and-test" is rather annoying approach to something like this. To be honest, I don't care how it works. It just be good t...
by Amm0
Tue Apr 30, 2024 7:44 pm
Forum: Scripting
Topic: router keeps resetting to default every reboot
Replies: 14
Views: 856

Re: router keeps resetting to default every reboot

Well better docs on the mechanics of branding/default configuration be a good start. But exactly how stuff like $action in defconf is suppose to work be good to document. Just not seeing enterprise support, if they cannot keep the docs up to date. I have a lot of the wAPacRs with 16MB & use zero...
by Amm0
Tue Apr 30, 2024 5:02 am
Forum: Scripting
Topic: router keeps resetting to default every reboot
Replies: 14
Views: 856

Re: router keeps resetting to default every reboot

Hmm. I have defconf scripts, but I've never see anything like this. But $action is provided in a custom V7 defconf, and you AFAIK you do not have to confirm anything. Now I have NOT tested this recently... So perhaps this has changed when they separated out the caps-man defconf script. Also, I use a...
by Amm0
Mon Apr 29, 2024 5:57 am
Forum: Scripting
Topic: Unexpected behavior when finding by variable value
Replies: 6
Views: 577

Re: Unexpected behavior when finding by variable value

All seem to work just fine... But I guess, you learn something new every day 🤷 LOL, Lisp and Ada examples. Now, RouterOS's logic inherits some from LUA actually, which ver 5(?) supported. I think they created the current language to be more "config centric" than a general-purpose language...
by Amm0
Mon Apr 29, 2024 5:09 am
Forum: General
Topic: Bringing my own router to work - idea validation
Replies: 5
Views: 712

Re: Bringing my own router to work - idea validation

I am just thinking in terms of “does it make sense” Well is the office Wi-Fi crappy? Then it make sense. If your need is "security", I guess an extra router add additional layer beyond whatever your laptop's default firewall is doing. Just seems like marginal benefit, since I suspect you ...
by Amm0
Mon Apr 29, 2024 5:03 am
Forum: General
Topic: /tool wol - target IP address?
Replies: 35
Views: 2240

Re: /tool wol - target IP address?

It would still be nice to see a user-friendly addition to the existing RouterOS WOL tool to specify that the magic packet must be unicast. Not sure how wide-spread the problem, but given @fragtion is also interested. You should file as a feature request at help.mikrotik.com. From the wireshark, it'...
by Amm0
Mon Apr 29, 2024 2:19 am
Forum: Scripting
Topic: Unexpected behavior when finding by variable value
Replies: 6
Views: 577

Re: Unexpected behavior when finding by variable value

The solution is don't use the same local variable name as the attribute. See https://wiki.mikrotik.com/wiki/Manual:Scripting_Tips_and_Tricks#Always_use_unique_variable_names So using $comment would be it being nil/[:nothing], and find's matcher with nil is ignore... so it returns them all. And it re...
by Amm0
Sun Apr 28, 2024 6:04 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

Depends on the problem you're trying to solve. There are many ways to configure things. As it stands, the NAT rules use one public for one subnet 192.168.1.0, and 2nd IP for 192.168.0.0. To use rules and routing table, the gateway needs to use an interface qualifier & add'l NAT rules. Specifical...
by Amm0
Sat Apr 27, 2024 10:39 pm
Forum: Scripting
Topic: [how] Script sending an AT command to a GSM modem
Replies: 4
Views: 429

Re: [how] Script sending an AT command to a GSM modem

USB modem typically have several ports, /port/print will show how many. And on the /interface/ppp-client interface, it's the info-channel= that's used for AT commands. So it using the 2nd port (zero index), you might try making info-channel=0 or info-channel=2... Also may want to disable/uncheck dia...
by Amm0
Sat Apr 27, 2024 9:35 pm
Forum: Scripting
Topic: [how] Script sending an AT command to a GSM modem
Replies: 4
Views: 429

Re: [how] Script sending an AT command to a GSM modem

Use can use /interface/ppp-out/at-chat input=ATI for a serial-based or modem may appear as /interface/lte, and that too has the /interface/lte/at-chat input=ATI.

The /system/serial-terminal is only for interactive use, no scripting.
by Amm0
Sat Apr 27, 2024 9:23 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

The first NAT rule should use a src-nat, not masquerade. If action=masquerade, then the to-address= is NOT used... e.g. /ip firewall nat add action=masquerade chain=srcnat src-address=192.168.0.0/24 to-addresses=xx.xx.55.84 ==> /ip firewall nat add action=src-nat chain=srcnat src-address=192.168.0.0...
by Amm0
Sat Apr 27, 2024 6:44 pm
Forum: General
Topic: No DHCP on Bridge VLAN interface.
Replies: 21
Views: 1305

Re: No DHCP on Bridge VLAN interface.

"port with pvid added to untagged group" is not actually a hard error. My current understanding is that it is a call to attention to clue the user in that some dynamic config has happened and the end state of that should be verified to ensure it is as intended, but it isn't immediately an...
by Amm0
Fri Apr 26, 2024 8:19 pm
Forum: Scripting
Topic: "my script does not work" in v7.10
Replies: 5
Views: 512

Re: "my script does not work" in v7.10

Not easily in v7.10, but in latest stable this work: { :local bgwtime [:deserialize from=json ([/tool/fetch url=https://worldtimeapi.org/api/timezone/Asia/Baghdad as-value output=user]->"data")] # debug to show output :put $bgwtime # print one value from the worldtimeapi.org data :put ($bg...
by Amm0
Fri Apr 26, 2024 8:04 pm
Forum: Scripting
Topic: "my script does not work" in v7.10
Replies: 5
Views: 512

Re: "my script does not work" in v7.10

It's just hard to help when it bit unclear what the script is trying to do...

There is also [:timestamp] which will give you an int of the time (in nanoseconds since 1970). Also time types can be compared without converting to an int.
by Amm0
Fri Apr 26, 2024 7:52 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

You'd assign the MACVLAN the public IP address "manually" in /ip/address, instead of using /ip/dhcp-client. For intents in the firewall/routing, it's a different layer2 interface – which means all example that expect an ethernet interface name, should work same with MACVLAN.
by Amm0
Fri Apr 26, 2024 7:48 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

And with netmap, you'd need a src-nat rule too, but matching on src-address using the LAN address of the server and a to-address=55.5.5.3
by Amm0
Fri Apr 26, 2024 7:46 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

well ok I like this idea here Typically one uses one IP for the router and a second IP directly for a server for example. actually in real situation this second IP for the server and maybe we can use it for other device, but you mean to put the public directly in the server ..? If it's a server, th...
by Amm0
Fri Apr 26, 2024 7:41 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

Well that should work. Maybe post the relevant config?

I suppose another approach that allow config closer to the typical dualwan examples is using a MACVLAN interface for the 2nd public IP. And use that MACVLAN as interface instead of something like ether2 in other examples.
by Amm0
Fri Apr 26, 2024 7:38 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

Ahh, single interface now thats challenging.......... I'm not sure what it gets you, if it's the same ISP... Normally ISP do throttling/queues by the customer's link, not by specific public IP... but perhaps not. Also, another approach that allow config closer to the typical dualwan examples is usi...
by Amm0
Fri Apr 26, 2024 7:20 pm
Forum: General
Topic: Get Two public IP on the same interface [SOLVED]
Replies: 23
Views: 2931

Re: Get Two public IP on the same interface [SOLVED]

I am really was thinking about that, but the problem is that i have only one out interface ether1 Perhaps the question is what's the purpose of using the 2nd public IP, if it's using same physical upstream? e.g. 1. Do you want to different dst-nat rules based on IP? In this case, you just need to a...
by Amm0
Fri Apr 26, 2024 7:18 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

Yeah, they may need to know your MAC address. You can "clone it" but simply entering your old router's MAC address on the ether1 interface, obviously your older router have be unplugged after.
by Amm0
Fri Apr 26, 2024 6:05 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

Okay, that all I got. I was guessing at the default gateway, and it's unclear why touchthe dst-addr of 10.x.x.x

Is there a modem to reboot? But I think you're going to have to confirm with your ISP the needed settings. As I said, the first step "IP over ethernet" is just pretty vague.
by Amm0
Fri Apr 26, 2024 5:35 am
Forum: Beginner Basics
Topic: RouterOS Default Configuration startup window missing
Replies: 6
Views: 439

Re: RouterOS Default Configuration startup window missing

Export your configuration by going to Terminal, then use ":export file=config.rsc" and download config.rsc from Files section in winbox/webfig.

Post that here, perhaps ether1 is not being set as a WAN port is my guess at what's going on.
by Amm0
Fri Apr 26, 2024 5:27 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

I supose you can try disabling the "input" firewall filter rule with "drop" and "!LAN" & see if you get a DHCP address after that. If that works, then you might have to allow DHCP from the VLAN 911 to the firewall to allow it I guess. And/or, just assign the IP addr...
by Amm0
Fri Apr 26, 2024 5:06 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

Maybe disable PoE on ether1? e.g. you have this message: # poe-out status: short_circuit Possible that interfering with the traffic, since your not getting anything back (or at least only a few packets). Can also look at Logs, and see if anything there has errors/warning. But I'm kinda out of sugges...
by Amm0
Fri Apr 26, 2024 4:41 am
Forum: Beginner Basics
Topic: Dynamic port forwarding
Replies: 6
Views: 653

Re: Dynamic port forwarding

Yeah /tool/netwatch is the "poor mans" way of HA. See https://help.mikrotik.com/docs/display/ROS/Netwatch Basically you can ping your primary server using netwatch, and have an "on-down" script that modifies the firewall to change the to-address to the 2nd servers. And also an &q...
by Amm0
Fri Apr 26, 2024 4:33 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

This all looks right. The odd thing is that it does look like the ISP thinks your IP is 10.2.118.106 on VLAN 911. You're running an older version. And I want to say some version had some bug in dhcp-client around that time. You may want to download latest stable release, and copy it to the root of F...
by Amm0
Fri Apr 26, 2024 4:04 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

Yeah I meant WAN. So that's right.

Try the ether1 in torch, to see if you getting any traffic from upstream. The torch above shows your dhcp-client looking for an address on VLAN 911.

Might want to post your config too. In terminal, :export file=config.rsc then download from Files.
by Amm0
Fri Apr 26, 2024 3:45 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

Did you add "vlanfiber" VLAN interface as a LAN in /interface/list?
by Amm0
Fri Apr 26, 2024 3:42 am
Forum: Beginner Basics
Topic: Eth1 vlan 911 tagging for ISP connection [SOLVED]
Replies: 21
Views: 3176

Re: Eth1 vlan 911 tagging for ISP connection [SOLVED]

The 1st requirement is kinda odd: "IP over ethernet". If that mean PPPoE (or perhaps Mikrotik specific EoIP?) that be different story, but I presume they just mean it has VLAN. But step 1 is an odd way to state a requirement. One thing might help here, is if you can use /tool/torch on the ...
by Amm0
Fri Apr 26, 2024 12:46 am
Forum: Beginner Basics
Topic: a basic (I think...) VLAN problem.
Replies: 11
Views: 819

Re: a basic (I think...) VLAN problem.

The docs show assigning an IP address to VLANs and tagged= INCLUDING the bridge interface: Add Bridge VLAN entries and specify tagged ports in them. In this example bridge1 interface is the VLAN trunk that will send traffic further to do InterVLAN routing. Bridge ports with frame-types set to admit-...
by Amm0
Thu Apr 25, 2024 8:48 pm
Forum: Beginner Basics
Topic: a basic (I think...) VLAN problem.
Replies: 11
Views: 819

Re: a basic (I think...) VLAN problem.

Sorry, I thought sfpplus1 was one of your VLANs... Basically as config stands, SSH only be available from sfp-sfpplus1 via 192.168.20.33, from a host in that subnet & connect directly (or via some switch connected sfpplus1). Since sfpplus1 is not connect on this router to the VLANs, and there ar...
by Amm0
Thu Apr 25, 2024 7:57 pm
Forum: Beginner Basics
Topic: RouterOS Default Configuration startup window missing
Replies: 6
Views: 439

Re: RouterOS Default Configuration startup window missing

https://help.mikrotik.com/docs/display/ROS/Default+configurations?preview=/167706788/167706790/RouterMode.txt Hmm. I hadn't noticed they had the config now in the docs. For those, you'd need netinstall to replace the default configuration... but still how well it work still depend somewhat on the r...
by Amm0
Thu Apr 25, 2024 7:55 pm
Forum: Beginner Basics
Topic: RouterOS Default Configuration startup window missing
Replies: 6
Views: 439

Re: RouterOS Default Configuration startup window missing

You can also get into the router via winbox and MAC address, which seems you have. So use: /system/reset-configuration no-default=no keep-users=yes Keep in mind... not all router have a default configuration, or 192.168.88.1 exists only on one port without DHCP. Only the home/CPE-like routers have t...
by Amm0
Thu Apr 25, 2024 7:31 pm
Forum: Beginner Basics
Topic: RouterOS Default Configuration startup window missing
Replies: 6
Views: 439

Re: RouterOS Default Configuration startup window missing

Push and hold reset button for, generally, ~7 seconds while plugging it in (i.e. until, generally, USR light blinks). That will get you back to the default configuration stored. See https://help.mikrotik.com/docs/display/ROS/Reset+Button One note: If you replace the default with netinstall, well, th...
by Amm0
Thu Apr 25, 2024 6:53 pm
Forum: Beginner Basics
Topic: a basic (I think...) VLAN problem.
Replies: 11
Views: 819

Re: a basic (I think...) VLAN problem.

This is an artifact of how RouterOS bridge works & a bit confusing initially. Under /interface/bridge/vlans, you need to have your VLANs listed, and – importantly for SSH – the bridge interface itself needs to be a tagged port . You don't need to add access ports (e.g. ports with frame-trype=all...
by Amm0
Thu Apr 25, 2024 6:12 am
Forum: General
Topic: REST API active users
Replies: 9
Views: 1390

Re: REST API active users

I see two entries (plus winbox ones) in 7.15rc1. One that says (unknown) from the remote IP, and 2nd that says "api" with no IP. 1 2024-04-24 11:18:10 xxxuser 192.XX.XX.148 (unknown) 2 2024-04-24 11:18:10 xxxuser api I don't see multiple ones, but I only tested from my laptop, so only one ...
by Amm0
Thu Apr 25, 2024 5:44 am
Forum: General
Topic: REST API active users
Replies: 9
Views: 1390

Re: REST API active users

I want to say it used say "api" for via, not "(unknown)" - so that's also not right here. When you say "forever", so you mean longer than 2 minutes. AFAIK REST API is just a proxy layer over the native API, and that api uses sessions... so reasonable it stick around for...
by Amm0
Thu Apr 25, 2024 5:28 am
Forum: Beginner Basics
Topic: Virtual SIM in Mikrotik
Replies: 11
Views: 2317

Re: Virtual SIM in Mikrotik

I have not tested either. But I believe once the vendor's Android app sets up a carrier profile, it stores on the physical SIM with custom JavaCard app that manages it. e.g. esim.me FAQ, Can I turn my existing device into an eSIM-compatible device? Yes, you can do this with eSIM.me. Thanks to the eS...
by Amm0
Thu Apr 25, 2024 5:01 am
Forum: Beginner Basics
Topic: Virtual SIM in Mikrotik
Replies: 11
Views: 2317

Re: Virtual SIM in Mikrotik

AFAIK, the esim.me cards are just some JavaCard applet (software) running on a SIM card. These applet are "run" by SIM Toolkit (STK), which on most modems is accessed via AT command (or QMI on older modems). On Android, any app certainly have to go through the STK to interact with the SIM ...
by Amm0
Thu Apr 25, 2024 2:02 am
Forum: General
Topic: LHG LTE6 with T-Mobile SIM
Replies: 5
Views: 442

Re: LHG LTE6 with T-Mobile SIM

From winbox/webfig, the selected band (and tower info, signal, etc) should show on the lte1 interface under status tab. No outdoor directional antennas work in US other than the LTE6 ones today. The newer ATL does not work. There is slightly better modem in the US-based Chateau, but that's an indoor...
by Amm0
Thu Apr 25, 2024 12:53 am
Forum: Wireless Networking
Topic: Missing Features in hap ax3
Replies: 6
Views: 895

Re: Missing Features in hap ax3

See https://forum.mikrotik.com/viewtopic.php?t=194738&hilit=quickset+access But agree if one is "upgrading" from a hAPac2/3 to a hAPax2/3, they don't seem to care much about removing features. My bigger annoyance is the hAPac2 has USB, while newer hAPax2 does not. IMO Mikrotik just vie...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 14