MikroTik

Amm0

AFAIK, Flagging just catches if RouterOS internal files are tampered or replaced — not config. Similar to macOS Gatekeeper/SIP or Windows File Protection (WFP).

Amm0

But alas.

Maybe if it multiple lines you need a {} code block, since the [] is not a codeblock

/ip/arp/find [{
  :put $address
  :put $interface
}]

But it does act like an iterator, so the code is executed per list item.

Amm0

The device itself stores the factory password somewhere, if I recall correctly. When you reset the device, the factory admin credentials and password are restored. Not if you replace the default configuration so that a reset-configuration / 5-10s button press reset uses a custom default configurati...

Amm0

I guess the crux of my complaint is I just want to set device-mode via netinstall (or even flashfig or new tool), so that there can be an automated way to setup a new/factory router with our custom config. The device-mode around container has already BLOCKED adding a container as part of default con...

Amm0

If your functionality is spread across multiple devices and one stops working, the rest will still work. No nightmares and pissed off users. Well... for the RDS, one random idea be to have some small-form versions of the CCR2004-1G-2XS-PCIe full-sized card (perhaps different specs / switch / CPU / ...

Amm0

Weird. It does call it, since run-count is 12. I trust you know the AT command works at CLI, so IDK. My only guess was permissions since Mikrotik does mess them sometimes. Perhaps a wait=yes on the LTE script. And/or adding more debug code to the script to get /log some AT command like /log [... inp...

Amm0

>[], >"", >{}, <%% What devil are you summing here? LOL. Latvian LISP ? But essentially those allow you "inject" some code into the S-expr / IL generated. But generally those can be "shorthand" for similar "built-in" syntax & generally operate on lists.

Amm0

Also that's news that find can take a function as an argument. Didn't see it documented either. Documentation, LOL... But yeah both "print where" and "find" acts as iterators... In the case of "print where", you can use an as-value to suppress print's output to "o...

Amm0

+1 for ATL LTE18.

* assuming you're not in North America
** and it not "5G"

And note they have announced, but not released, a few newer 5G models... if there is not urgency, something to consider.

Amm0

It might actually happen sooner than you'd expect. Word is Mikrotik has recently brought on about 15 people, supposedly working full-time on developing business-oriented features.

That make sense, given they've long implemented the now ratified RFC-9759

Amm0

I don't think the docs are that relevant to core concern.

no plan to make it avoidable while still keeping the device up to date. This is my main complaint.

device-mode should at lease be controllable – via some tool like netinstall or some "special package" or whatever.

Amm0

Why can't there be an "I don't want further restrictions" device mode? [...] I understand that Mikrotik sometimes has a habit of introducing stuff with an "introduce it then fix it later (whenever)" process. For new features this is not a bad thing, because people can experiment...

Amm0

Oh just one of many problems with docs — the lack of stable URLs for protocol/commands. I've noticed same thing, I've just manually updated the URL to use the "generic" form you show in 2nd example when need in other doc/code. I could never find some way to get Confluence to show the "...

Amm0

Main thing with Winbox 4 has to be getting rid of bugs that can cause data loss or mess up the configuration. That's far more important than polishing the exteriour. I've use WinBox4 since it came out and never find the need to use WinBox3... while it certainly missing new/improved functionality, m...

Amm0

I'm not 100% on why in this case... but does sound like a permissions problem. The easy potential fix (or at least something to try) be to put that LTE code in a new /system/script and select "Do Not Require Permissions" & then in the /system/schedule use just the script name as "...

Amm0

If it's an ARM device, you might able to the BackToHome to setup WireGuard: https://help.mikrotik.com/docs/spaces/ROS/pages/197984280/Back+To+Home If that worked, you'd know everything else is working. So if you did want to use "real" WG, you know it worked first. And BackToHome being enab...

Amm0

The 10,000 foot[/meter] view of the (>[]) and its cousin (>{}) is that they are essentially a syntax-checked version of the [:parse] / :parse, since both interact with the "code" datatype. :put (>[]) (evl /) But on the specifics here.... I'm not sure the (>[]) does anything special for a $...

Amm0

Perhaps they should send someone to YouTube to tell some story on the 16MB situation. Mikrotik really has acted indifferent to what is a real-world problem for me and others. I used to keep everything up-to-date way more regularly since historically "always worked"... but now updating Rout...

Amm0

It is called a 2D array I had feature request for :serialize to=csv... and in the case MikroTik called the "print as-value" array (which lead to dsv.remap) as a "list-of-dictionaries". Everyone has their own preferred terms it seems. :) @ammo there are indeed two different array...

Amm0

Yeah there are two types of arrays, one is a dictionary/map and other is list. When accessing members, dicts/maps use ->"name", while list use NO quotes ->3. And "print as-values" uses an array that be described as a "list-of-dictionaries" — why you need to two arrow op...

Amm0

Not hyping it down, but its actual use as a data vlan is very niche (rare). I'm with @sindy on FUD on VLAN 1 - over-emphasis creates a worse problems. IMO it's needing "/interface/bridge/vlan tagged=bridge" that created more confusion, than VLAN 1. And the default use VLAN 1, so saying it...

Amm0

Yes, you can use routing rules with the VETH. And depending on your configuration, src-nat rule might also work. Basically nothing changing in routing because it's a VETH. Now you do some multi-wan setup already. Assuming you're using PBR (/routing/rule), you need a rule for container IP that set th...

Amm0

I agree there is a lot of technical dogma being spread without any explanations or evidence. Yup. I'd just add on routers with a default configuration, enabling vlan-filtering=yes is complete safe to do at the START in RouterOS 7.16+. While, typical advice is to set vlan-filtering=yes last. I'm not...

Amm0

While true you can connect via iPhone Wi-Fi, but OP is connected via USB. You'll have to file a feature request. While iPhone will show up as USB, iPhone does not support MBIM protocol that Mikrotik uses. On Linux, it takes extra drivers, since some Apple-specific code is need to setup the data sess...

Amm0

Not sure why you think it is missing.

True in part. But there is no context menu (right-click) with "Copy", and in WinBox4 the "copy" being in the title bar (i.e. stacked paper icon is copy) may not be obvious to all...

Amm0

So smtp.gmail.com works on some devices and does not work on others (in different locations). What do others use for smtp server? smtp.gmail.com is what's documented. Given the AUTH failure, that would indicate you do have the right DNS SMTP server addresss. Don't post it here, but you might want t...

Amm0

there is not much to configure for SMB: [...] I know macOS has a bug where you can't set MTU above 8000 and if your adapter says it needs 9000, it will glitch in various ways. I have a Sonnettech Twin25 and have set MTU to 8000 Where might one find that information in your documentation? If it's bu...

Amm0

Did you upgrade the router at some point? What version is this happening on?

If this was all working and you have not changed version, you may want to check the "app password" specifically in your Google account and confirm it still enabled/not expired/etc.

Amm0

One thing to try is disabling encryption for testing. In my case, that didn't make a difference...but worth a shot, just to see if that works. SMB access from macOS Sequioa to an RB1100AHx4 crashes the entire router I'll try to test that too. Do you have a specific sequioa version? But since my mac ...

Amm0

I'm not sure what going on here, but whatever they did in 7.18 has some bugs IMO. I have different problem. Since 7.18beta, SMB access from macOS Sequioa to an RB1100AHx4 crashes the entire router. macOS prompts for credentials, and then I hear the router reboot. No supout.rif is generated. IMO NO S...

Amm0

As was said, it's a RouterOS bug.

Maybe. No point arguing here. Open a new ticket with the exact problem you're see... since, yes, sometime it does take a few rounds in a ticket to convince them. But they do fix something if there is clear repo case in a ticket.

Amm0

Has anyone tried packet sniffer to [local] disk with a high network load on the RDS?

i.e. could you use it as a switch that had a rolling buffer of packet traces

Amm0

FWIW, I know since I complained "ping watchdog" a while back that no supout was either a bug, or at least should be documented. And they added this note to the doc: Note: Watchdog reboot is not a system failure. Such reboot also will not generate autosupout file. Watchdog reboot is "/...

Amm0

Already exist from 2007... No, the autosupout.rif does not generate one if it the "ping" part of watchdog. The supout.rif is only generated if the hardware watchdog timer expires. But I agree with OP, that I'd like a supout.rif ALWAYS generated if it reboots the router. For example, it co...

Amm0

I use the editor from CLI via ssh, no issues there. So I do not agree about the RouterOS issue. Same issues in PuTTY via SSH. I suspect if you look at the script source as hex or byte-array, you'll find some \t or \n without \r\n. :put [:convert to=hex [/system/script/get SCRIPTNAME source]] If you...

Amm0

I too have complained about the System > Script dialog, for a while. I cannot even imagine trying to edit a script there. But...this is unfair: They suggested to use CLI, it has syntax highlighting, but it's buggy as hell and unusable. I don't think the the CLI /system/script/edit is "buggy&quo...

Amm0

What specifically are you trying to update with scripting? VLAN bridge ports, bridge vlans, interface-list, etc & what settings etc? Updating ("set") is more tricky than adding. Mainly because you need may need to add OR set, depending on what you mean by "update a VLAN". Mor...

Amm0

in the recent version v7.17, MikroTik introduced the :range function, which combined with the ability to use interface list, can improve the VLAN creation process. I'm currently trying to add multiple interfaces as list members (/interface list member add interface=ether1,ether2... list=VLAN2), Doe...

Amm0

VETH are weird, and @tagent points out it be unclear what the actual "best practice" is from Mikrotik. I don't think there are any issues with using VETH into "dumb" bridge, vlan-filtering=yes bridge, or unbridged VETH, per se.... Now... configuration of IP address, routing, fire...

Amm0

Agree. But this one is tricky. And the operation is NOT documented well (actually have on open issue that the neighbor docs should be improved). The key is that "neighbors" can one of three types (MNDP, CDP, LLDP) & that's one way you can end up with multiple entries. Specially MNDP is...

Amm0

If container did recurring writes, like a database server, that be more problematic on NAND. I don't think cloudflared writes anything to disk when running, just uses stdio/stdout/sockets. Also, I think there is distro-less version of cloudflared, that does not have Alpine. In RouterOS terms, the en...

Amm0

Thank you for your service. Easy to imagine the game of whack-a-mole with bad actors gets old. MikroTik is already running BTH relays, those could become btest servers... Perhaps, it have to be more restrictive than TomjNorthIdaho service and/or limited to /tool/speed-test. Similar given their hype ...

Amm0

@Normis I believe @Larsa makes some good points. [...] I see @Larsa suggestion as best chance MikroTik has to salvage RDS2216 development investment. Opening RDS2216 for hosting existing ready today solutions @Larsa identified allows returning limited software developer resources back onto the core...

Amm0

So when MT support responded to your email, they simply linked to the same box.mikrotik.com upload that they made 3 years ago, and didn't update it one bit to include any changes made through 7.18.2. That what I suspected too. At least now, they'll get a formal request per new "stable" an...

Amm0

Sorry didn't comment earlier. Great look!!! The dialogs need more horizontal items per row - that is one big problem in current design. I don't know if you saw my CLI bridge view, https://forum.mikrotik.com/viewtopic.php?t=214189#p1123276 , but that be other UI that be nice to see in winbox. Same th...

Amm0

Aside from the fact that they banned my account for a week for revealing some things in advance , Yeah I don't run my restraml /console/inspect tool against of the alpha I've occasionally get for that reason. But others want to post, well, as a reader that might interesting. ;) But Mikrotik could c...

Amm0

Don't worry, my bet is @rextended is going to be wrong in then end... they would do yours in 20 years. So I have no idea why your commentary sparked a reaction. And to be clear, my LOL is I was expecting the "I'm right", not supportive of the hostile tone. And guessing more discussion ahea...

Amm0

RouterOS internal security has been changed several times [...] but even during v7 many changes have been made to security in this regard and others. If that's true... are you saying the GPL source code used in from RouterOS has not changed since Jan 2, 2022? The source code you disclosed in SUP-18...

Amm0

Well, I see I was right...

LOL. When I saw the release note, I thought of you and this thread "guess rex' is right"

Amm0

Rhetorical question, of course this could be tested beforehand.

Yeah that's kinda my question. I wouldn't have spend 1+ hour testing if there was SOME clue it was "experimental"/"for testing"/etc

Amm0

If you did set Master Password in WinBox3, using the same database file, the WinBox4 will also ask for Master Password. Currently not yet implemented is setting of a new Master Password. It will come. Is Apple's Keychain support on the roadmap? IMO, Apple's Secure Enclave is "safer" than ...

Amm0

In 7.19beta6 , I saw this: *) net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18) Now... how this wasn't found before shipping 7.18, IDK. Or if "stable" has something that is "experimental" and/or potentially dropped next release — even ju...

Amm0

I did receive some response: https://box.mikrotik.com/d/81912835977544a291c9/ and cross-posted the received ZIP file to GitHub here: https://github.com/tikoci/mikrotik-gpl/releases/tag/7.18.2 In the ZIP file, the following contents was disclosed: Linux GPL v7 % ls -la total 414072 drwxr-xr-x@ 44 amm...

Amm0

At the risk of "spreading rumors"...

any reply from mk?

Nope.

SUP-182615 and SUP-182616 still open, and no response from email to mt@mikrotik.com either.

Amm0

Hmm other solution what i used now is watchdog. I ping 8.8.8.8 and if internet goes down then reboot. So far, it works fine. If it helps somebody. IMO, ping watchdog always a good idea with LTE/5G. Even if you have netwatch scripts... You can still using ping watchdog. You would want a LONGER timeo...

Amm0

"purported" employees? :shock: I mean we already know Birds Aren't Real ™ (and bolstered by RFC-2549 ), so is #NotRealNormis impossible? Now we have proof! It's #NotRealNormis – LLM have trouble with processing screenshots, so the robot missed the glaring large JIRA tickets in the thread....

Amm0

Instead of spreading rumors, has anyone actually asked for the source code? It is available as per GPL requirements and has been given out countless times, to anyone who asked. I did, and automated the process. No response — SUP-182615 for 7.18.2, and SUP-182616 for 7.19beta5. And, I'm not sure you...

Amm0

Well here is a question for "gurus"...

If one is in the market for a new home country... what country has the highest legal channel capacity for 5Ghz Wi-Fi? I think Canada is lower than US...

Amm0

At Bell Labs, they had no titles, so all engineers were "member of technical staff" or "distinguished member of technical staff"

So forum is like that... even after 10K+ posts (see @anav @mkx etc), you're still "just" a guru.

Amm0

"purported" employees? :shock: Is there the risk that all these years those people (Normis, mrz, etc.) tricked everyone impersonating Mikrotik employees? :? Well, that subtle witty humor didn't come ChatGPT I assure you. Since the GPL can get unnecessarily legalistic, the "TIKOCI Git...

Amm0

Can we stop trying to divide up the packages for Mikrotik? There is need for THEM to do it. Everyone voting on their theoretical desired "package splits", may not be helpful. Like an alcoholics, step one is admitting you have a problem. I don't think we're there yet with Mikrotik... At thi...

Amm0

We'll see if they provide it. But making users request the source is not necessarily a violation, and they seem to provide the notice with the software. So I'm not going to say there is any violation. I attribute this more to Mikrotik's usual desire for secrecy, than malfeasance. So they do want to ...

Amm0

So it seems to be a problem when it is hardware The "routeros" package may be treated differently the extra-packages (which is the part that changed)... so CHR show a version in all versions is not surprising. What MAY be a minor issue is that if user-manager NPK is installed, hardware or...

Amm0

Usefulness is not my issue per se. There is a certain amount of pure principle here too ;). At least now Mikrotik will an email requesting source for new future stable or testing build automatically. I'll post whatever response to email request to the public tikoci/mikrotik-gpl under the Releases se...

Amm0

You may be right that it's related to recent changes. And I bet API would return version if you did a check-for-update request beforehand.

But if the user-manager package was installed, the version is in the NPK... so it should be populated in all cases.

Amm0

@Josephny ask a good question - even if the "why" is immaterial under GPL May I ask what the practical or useful use will be of the release of the source code? Another benefit, is that tools like GitHub (or any static code analyzer) can be used to "double check" that the specifi...

Amm0

While I agree it most cases it's NOT terribly useful. That does not mean it without use. And, just closing the door to the "mystery" by publishing it along with the downloads would solve these recurring requests here that go back decades - i.e.the commentary here should be "See http:/...

Amm0

The license agreement does suggest you need to request a CD-ROM, plus duplication fee.

But...you can email support@mikrotik.com, according to @normis in various other posts (viewtopic.php?t=201561#p1036502).

And, why it's not just published on website someplace, IDK.

Amm0

Good news. Mikrotik released software with eSIM. Just open winbox and go interfaces-->LTE and you can see there eSIM option. Soft. release 18.2 JFYI: https://forum.mikrotik.com/viewtopic.php?t=214977 More specifically Emils@MT answer here: https://forum.mikrotik.com/viewtopic.php?t=214977#p1130903

Amm0

For anyone messing around with Apple Virtualization and ARM-based Macs, I saw this on YouTube today: https://www.youtube.com/watch?v=r3wpXhL3iA0 while about Slackware linux, it was interesting to see the kernel options he used aarch64 / "Apple Silicon" with Apple Virtualization. One thing ...

Amm0

The config is part of the backup file. So if the backup restored okay, should NOT need to ":import <file.rsc>". In fact, it might break things if you even tried. The consultant did both, since the backup is a binary file you cannot "see" the configuration inside it. While the .rs...

Amm0

Okay, it got me to thinking that the MT approach is a mess. Yup. I'm glad to see that you get how this COULD work. There not far off. What so frustrating is they drop the ball on the UI and docs. Here and everywhere. Mikrotik does good engineering, and even some of initially odd logic, often make m...

Amm0

MT said, that they are still testing it and it's not fully implemented yet. Until then, there will be no documentation. Then it shouldn't be in the stable release, I guess. Well, I guess perhaps I'm not the idiot who couldn't figure it out. And just a fool for believing it had to work under some co...

Amm0

If not, then maybe I have to upload screenshots step by step of it.

I wrote down some basic steps here too, which include a BASIC initial example of using file-share.
viewtopic.php?t=215498#p1132887

Amm0

Automatic DNS chalenge on the router will only work for MikroTik's subdomains, because RouterOS will not be able to automatically update the DNS records of the domains owned by you, unless you write some scripts yourself. All correct. The cloud-dns does at least provide some "automatic" b...

Amm0

The interfaces I imagine have a fixed-sized ring buffer for memory... so more interface, more fixed buffers needed, thus more memory.

Amm0

LOL. I just read in thread about AMT, also in a RNs, but someone ask support about: MT said, that they are still testing it and it's not fully implemented yet. Until then, there will be no documentation. But it is pretty ridiculous at some level. Is that hard by the time something goes to "stab...

Amm0

@Sindy claimed that updates for LetsEncrypt (LE) certs are now built into ROS and therefore don’t need to be scripted anymore. We don’t use LE, so I haven’t bothered to verify this. What’s the actual situation with this? Do you know where? As of Dec 2024, in "What am I missing about Let's Encr...

Amm0

+1 It's annoying that for years you cannot renew the LE certificates without complex scripting that requires you to open port 80. I suspect few people mess with certificates as result, or do it once and then just accept the "Unsafe!" browser messages when it expires. Despite all the platit...

Amm0

The option to disable the test MUST be configurable , meaning RouterOS is not following the RFC . I'd stick to the compatibility argument.... That's a better one. You're wrong on RFC: SHOULD == "RECOMMENDED". MUST is specific term in RFC lingo, and it's not used here... but MUST == REQUIR...

Amm0

I still dont see export in winbox4, can you take a jpeg so i know where to look..... Geez, I should actually look. It is not there. I would have sworn I saw in the right-side panel at some point. I could be crazy. But I'll blame the generic look of WinBox4 for me not noticing I was looking at the m...

Amm0

I'm not saying it a generic solution. The UI should be improved, that the is underlying problem. As you know, I focus more on automating RouterOS than, explaining the sometime unexplainable UI. ;) How to "share a peer" is a 2nd order problem if you're not using BTH (or using BTH from witho...

Amm0

Yeah, if you're going to use this as a router, it's not going to help. There is no way out of either using the native app (WinBox), web interface (WebFig), or one of the mobile apps. The CLI from serial, terminal in any GUI, or ssh/telnet is all the same. This page describes the basic command struct...

Amm0

You can largely follow the direction here to bring up a container: https://help.mikrotik.com/docs/spaces/ROS/pages/84901929/Container You should be able to use "alpine:latest" as the tag (or search in forum for most complete instructions for alpine or ubuntu). And in /container/mount, you ...

Amm0

Nope. And unlikely. RouterOS value, IMO, is that is a relatively fixed schema and consistent interface around Linux networking... so that it is NOT a hodgepodge of different Linux tools and files with variant schemes/file formats/etc. There's a learning curve to RouterOS config/scripting, but the id...

Amm0

Yes do pray tell. How best to send this QR code to another ROUTER in a secure manner How to best to send this QR code to a single device , smartphone in a secure manner How to best to send this QR code to a a single device, laptop in a secure manner. The problem is that the there is no secure alrea...

Amm0

This came in another thread, https://forum.mikrotik.com/viewtopic.php?t=215429, about the limit of the "WG Export" for WireGuard peer (i.e. not allowing some customizations). So I made a function to wrap getting the WG export, putting in a file, then using NEW "back-to-home-file"...

Amm0

Anyway, it was a long way to say "+1" here. Well, I feel that the WireGuard in routeros is functionally flawless. Agree, it's usual story as else: operationally things work and stable. But when some config option is missing somewhere, it does turn into a LOT more work since there there is ...

Amm0

Yeah this is kinda the root problem here... modified manually, [...] I pass it to the client in text file or use QR site like <https://www.wireguardconfig.com/qrcode>. While that site does the conversion on the client-side (i.e. in browser's JavaScript, NOT on server)... Still cut-and-paste the WG c...

Amm0

How can i move my Connections and Settings from one MAC to a new one ? I have not tested the theory, but you'd should be able to copy the contents of: ~/Library/Application\ Support/MikroTik/WinBox from one Mac to another. To access that folder in Finder, use Go > Go to folder... ( ⇧ ⌘ G) and enter...

Amm0

I'd listen to PortalNET commentary above, and worry less about the CPU: The secret that no one will tell you.. either because they have not lost time testing.. is the NIC cards... in order to suceed with Multi-CPU x86_64 on RouterOS v7.15.xx stable version.. is the Network cards... because they are ...

Amm0

Note2: Am I blind I dont see an export function.......... It is a right-side action in WinBox4. Now I thought it was in WinBox3 as button... but you're right it ain't there... the peer export is CLI only in WinBox3. Now WinBox3 does have the "WG Import" button that could take an export, b...

Amm0

Well, the Info.plist bundle identify is indeed fixed. Bad news is I know since that does appear in crash dumps. On version "4.0.98018" when double-clicking on a port in /system/console, winbox4 crashes with the report below. Everytime. Happens on macOS 15.3.1, connected to CHR with two ser...

Amm0

In the final analysis sending the private key in any shape or form is NOT a SAFE approach. On this one, that a good use case for the new /ip/cloud "file-share" feature in 7.18. As you can use that more safely "share" that "WG Export" file, without BTH. For example, the...

Amm0

If you are setting up for another router, my quick question is, CAN an MT router accept a QR code and install a wireguard instance based on that??? Another Mikrotik can take the standard WG config file to "import" a peer. /interface/wireguard/wg-import ( or "WG Import" in winbox...

Amm0

You can get a QR code in CLI, WinBox3, WinBox4, or WebFig - but you need to BOTH populate the "Client Xxxx" values & also scroll down in the dialog box - I think the scroll bars may hide or whatnot, so it's not always obvious the QR in on the peer. I didn't answer since post is really ...

Amm0

The QR has has been in CLI for a while:

/interface/wireguard/peers/show-client-config [find]

interface wireguard peers show-client-config.png

And it the commands "conf:" output that the OP wants to change, but cannot.

Amm0

@anav knows WG well... but since the "Client Configuration" acts like CAPsMAN with it's "inherited" values, he ignores it ;). Now, the underlying problem is the UI around the generated client configuration/QR should NOT be next to the peer keys, etc. & should be a separate &...

Amm0

Winbox can be distributed in any way you please, if there is no internal modification needed. But I guess it would be smarter to wait until native Linux Winbox and then set it up for this distribution method, it will be much easier, since there will be no wine involved FWIW, I put a plain Debian pa...

Amm0

Probably a difference between your Asus router and the MikroTik router is that it handles this situation in a more sturdy way. (this of course notwithstanding the issue with MikroTik WiFi not treating multicast optimally) It's also potentially the latter causes the former too, IDK. But if your at W...

Amm0

Reading ... oh man ... what are the YT, TT and other platforms for? "Do not want to read!, I WANT TO WATCH AND LISTEN TO!" I truly and profoundly HATE youtube instruction videos. Total waste of time in most cases. I can read faster then they can explain it in a video. Even in English. And...

Amm0

FWIW, I updated the README.md with a lot more information. I'll summarize some key things below. While all generally works fine with Wi-Fi adapter... it is not the quickest path. This is NOT a CHR thing, as it effects all virtualization on Mac. So wiring up a Ethernet dongle is recommend if you're l...

Amm0

Or directly to ROSE + QEMU + 7.19beta4 for Apple Silicon (aarch64) from Terminal app: open 'utm://downloadVM?url=https://github.com/tikoci/mikropkl/releases/download/chr-7.19beta4/rose.chr.aarch64.qemu.7.19beta4.utm.zip' This new image works like magic! Thank you so much! :) Good to hear. Yeah it p...

Amm0

You're not alone on SHA-256 & AWS. I put in SUP-126958 in 2023 . Although SHA-256 actually NOT the ONLY missing :convert needed for AWS signing... I actually wrote up a pretty complete use case for it in SUP-126958. @sergejs did say "We will see what we can do". In late 2023 it was mar...

Amm0

And why the robots are likely going to win in the end... Us humans are going kill ourselves arguing.

All I know is docs could be improved, in many ways... which help robots and humans.

Amm0

@Amm0, yes issue is with enabled QEMU Hypervisor for aarch64 CHR, it should be disabled, I had same issue as @monk when I was setting this up before, for X86_64 doesn't have affect since it's different architecture. Regarding RNG device, it is also working when it is enabled, maybe it will approve ...

Amm0

I tried to run those machines from https://github.com/tikoci/mikropkl/releases (chr.aarch64.qemu.7.19beta4.utm and rose.chr.aarch64.qemu.7.19beta4.utm - used the utm:// links for both) on my Mac Mini with Apple M2 Pro processor and on anything I try I get only such error. Thanks for testing! I had ...

Amm0

Mikrotik seems to want to keep making them with 16MB. I just saw in specs for their upcoming 5G products, a new LMP 5G that show "16MB Flash". So while perhaps RouterOS without wifi fit okay, if you add something like zerotier, which is handy with LTE, you'd also be close to 16MB today. IM...

Amm0

I have three CPU, Memory, Disk on RB1100AHx4 running 7.19beta4, in both winbox4 and winbox3.

I don't have another RB1100 with 7.18.1, so I don't know specifically on that version.

Amm0

Long time waiting for nothing for Mikrotik! Very disappointed long time customer here. I'm forced to use Mikrotik less and less these days, and it's a shame since I like RouterOS better. None have worldwide band support*, so I'm in same boat as before — ZERO Mikrotik LTE/5G products to use. Even bey...

Amm0

And the UTM packager now deals with versions, so there is a 7.19beta4 release, with QEMU using "real CHR" (and the Apple Virtualization version still needs custom FAT boot image): https://github.com/tikoci/mikropkl/releases/tag/chr-7.19beta4 Also, renamed the generated package/ZIP names to...

Amm0

Nice work. FWIW, ARM64 CHR can run in QEMU with image provided by MT without modifications if no additional space on it is needed. My plan is to build three version: UTM with Apple (Intel) UTM with QEMU (Intel) UTM with QEMU (ARM64) I finally got around to streamlining this. It's actually in a new ...

Amm0

If you're messing with Claude, it might be worth it to try "The Dude" chatbot at https://mikrotik.com/support/. It can answer network questions like "what a trunk port?", and it was also trained on Mikrotik's docs. While I don't think pre se be "better" that just using ...

Amm0

Opps... *) certificate - added built-in root certificate authorities store; Y'all should probably include the CA's used by common DoH DNS providers... Or maybe they are not used by DoH yet, because I tried to enable "Verify SSL Certificate", but that didn't work with Cloudflare, Google, no...

Amm0

American market variants are usually further marked as "Device Name LTE-US kit" and similar, due to the different requirements. Thank you, this is good to know! The only seller I could find in the US was the one on Amazon, so perhaps there is another channel that I am not aware of, especi...

Amm0

Good write up. Couple notes: - While modem has bands for all carriers, Verizon specifically may not enable a device with a custom modem - I haven't tested it on LM910, but you should also be able to enable GPS from the modem if needed. I wrote it from LM940/960: https://forum.mikrotik.com/viewtopic....

Amm0

I think we'll have at least more clues in a few days: https://www.mwcbarcelona.com/exhibitors/31867-mikrotik I don't think Mikrotik has ever had a booth there, so that's telling. Now I suspect it be what was "leaked" on twitter in terms of hardware. But maybe news on eSIM front, and/or spe...

Amm0

Log says otherwise - only MBIM is used unless you issue some AT command manually [...] Hence I figure what it shows for the FN990 comes from the MBIM messages alone. The last RouterOS changelog the FN990 was mentioned in was the one for 7.7 but at least it indicates that they did give that model so...

Amm0

Similarly two questions What do the following mean. *) route - added options to set dynamic-in and connected-in chains in /routing/settings; I'm glad you asked. I missed that one in my first reading. That's another great one for me, so thank Mikrotik. I've complained intermittently about since 7.0b...

Amm0

With these large lists, I can only guess at the why script would be fast or slow. But with REST API each call has to both get authenticated and JSON is even more string parsing. That's overhead that both API and scripting don't have, since auth is done once. Some speculation... With some RSC script ...

Amm0

Well at the end of the day, processing a lot of records is going to use the CPU. The only other thing to do if you want to "optimize" is use the native API. Since you're using Python, Mikrotik has a "library" (well a class, with an example main) here: https://help.mikrotik.com/do...

Amm0

a Telit FN990-A28 is waiting in the box to be tested once an adaptor arrives - it is based on the same Qualcomm chipset, just the AT commands differ. It does work, however, it was not such a smooth ride like with the Quectel. That would have been my expectation. As you note, Mikrotik uses Quectel s...

Amm0

Running a list with native ROS script language costs around 30 % CPU on my CCR2004. Compared to that with a more or less equal speed at adding entries via the REST API with PUT it maxes out to ~90 % CPU utilization. What specific commands are you running? In general you can model them with REST POS...

Amm0

And to be clear, .query does NOT work on a /remove. So this DOES NOT WORK: curl ... https://.../ip/firewall/address-list/remove —json '{".query": "list=mylistname"}' But that's the command you may be trying to find. And it doesn't not work like that. Again, POST wraps API, this p...

Amm0

If there is an intend to add some entries and then after time remove them... You can set an expiration when adding the entry, that save having to delete them . To use POST, it's still a two step operations. First, you still need to get the list of id from GET (*or POST .../address-list/print). You c...

Amm0

Wow, awesome what you can read between the lines. I have a tool that diff the "command schema" between version... so you see the starting point for Wi-Fi Easy Connect (had to lookup "dpp", https://www.wi-fi.org/discover-wi-fi/wi-fi-easy-connect) FWIW: wifi: { add: { security.aut...

Amm0

*) ip-service - show all TCP/UDP connections on the system; *) ip-service - show all TCP/UDP ports on system, including ports in containers; *) ip-service - show error message when service enable fails; This is great! It's the small things like this that do help. Really like it includes containers ...

Amm0

It's a bit like /interface/bridge/vlan where you put all vlan-ids on one entry, or do one entry per VLAN. RouterOS itself does not care which. The choice only matter if wanted more control over the order it picks. So in your superblock, it pick the very last one of all of them... While in 4 pools ex...

Amm0

Now you guys are just showing off with json commands and DHCP codes LOL, Too much for us less trained, but must be sexy talk to you guys LOL
Jealous?

@anav identifies with interfaces. Let's not judge.

Amm0

I'll just add you really are best using a /24 to anything that's going to have end-user/home/office things connected to the network. As @rextended alludes, it's the poorly implementated applications (or embedded/other devices) that may not deal with something other than /24. And there is no way to k...

Amm0

Well, if I had to guess, I think the "no delete rule" to give pause to someone when considering deleting all their posts in a fit of rage. Just guessing.

So delete – I believe - is "by request" via flagging.

Amm0

Please consider also this: https://forum.mikrotik.com/viewtopic.php?t=214879#p1127113 +1 Perhaps the username should get randomized too? Since stickers are not going away.. a radmon username would aid some in a branding/netinstall defconf script IMO. For example, in some cases it be nice for the en...

Amm0

the quectel RM502q-ae similar to the module mounted on the chateau 5g ax also looks like a nice modem, but no lists of possible band aggregations can be found, does anyone know them or where to find information? I'd search on the Quectel forums, or perhaps post there. Generally speaking, and very a...

Amm0

with a very basic VLAN setup (with great thanks to anav): Also, arguably*, it not directly show whether you have an "unbridged management port" ... But since you say it's a ax3, those have 5 ports & "ether5" is absent/missing from display... I think it show you followed @ana...

Amm0

Happy to see it work someplace else actually. And I made a script around [:beep], don't necessarily expect useful ;). But agree it be more useful if CHANGE the config using it like "Excel" spreadsheet to change a "cell" (i.e. tagged/untagged port) with arrow keys for navigation. ...

Amm0

Some points of clarifications: Checklist: #3 # to load script into CLI /system/script/run lsbridge #4 # to run just use: $lsbridge #3 check #4 ??? :?: $lsbridge is just a large function . While it lives in /system/script, run the script will ONLY load the function in the CLI to be used. So "/sy...

Amm0

I also want to figure out how to update the UUIDs in the .plist per build too. I'll hopefully get it this week. You can try to automate with PlistBuddy ( /usr/libexec/PlistBuddy ) in script. PlistBuddy is macOS provided CLI tool for editing .plists Oh plenty of tools on macOS for plist. Issue is th...

Amm0

Nice work. FWIW, ARM64 CHR can run in QEMU with image provided by MT without modifications if no additional space on it is needed. My plan is to build three version: UTM with Apple (Intel) UTM with QEMU (Intel) UTM with QEMU (ARM64) I also want to figure out how to update the UUIDs in the .plist pe...

Amm0

Requires 7.18+ — it uses some new :serialize options (see 7.18 release notes), so it will fail ungracefully on older routers. Now that 7.18 is out , I posted the "Bridge Visualizer" script shown above on GitHub to make download a little easier: # to download: /tool/fetch url=https://tikoc...

Amm0

Thanks @optio. I still have not added to my project to build QEMU variants. But did just update the Apple Intel macOS-based "UTM CHR" to 7.18: utm://downloadVM?url=https://github.com/tikoci/chr-utm/releases/latest/download/RouterOS.utm.zip With an update README on usage: https://github.com...

Amm0

You'd like be best with Quectel since Mikrotik use them IMO. Given you're looking for long-term compatibility. I don't think the Quectel vary that much in the -XX part for RouterOS support – but that matters for CA & bands. I trust you've checked cellmapper.com for your area to see the LTE/5G ba...

Amm0

hello sindy , I read a bit the specifications of the 2 modems but I didn't understand if they can do at least 2CA+n78 yours does ? As for the quectel I also found the european variant which seems to be more suitable RM520NEUDA-M20-SGASA(what do you think). As for the telit it is not clear if it is ...

Amm0

Hi ammo, use Elmers Glue !! But what does that have to do with ops comment, so many fast fail over options??? The actual ZeroTeir config file allow a bunch of mode and control over how outbound tunnel are established. Bonding is just one, and that's the problem. See https://docs.zerotier.com/multip...

Amm0

You're not wrong that disabling services is actually spread all over the place. And docs help.mikrotik.com is equally spread all over the place. They only list a few things under Securing Your Router , not ALL these type of router-based traffic. And another page list all the features list all the fe...

Amm0

for those of not in the know, can you describe what zerotier mulitipath would let you do............ in basic terms. Bonding WAN connections is one setting allowed by ZeroTier's "multipath" support. They have a "balance-aware" setting that may be the default – but we don't know ...

Amm0

I updated the readme on my Intel macOS CHR "automated" images for UTM. I've included a bit more information on setup and usage: https://github.com/tikoci/chr-utm Also, If anyone has a .plist file and some details on image used for ARM64 UTM that known working... I can package that up simil...

Amm0

@telslasystem, why don't grab some screenshots of some professional, non-toy management app as an example of what you're looking for, maybe it might help. Highlighting what you like about them... But soliciting the world to say it's trash or whatever - then suggesting others who say it ain't bad, mu...

Amm0

Wow, just when I thought WinBox4 is starting to look really good, and when I started to daily-drive it... I agree with almost everything that @toxicfusion says about WinBox 4. It's a toy and doesn't have anything common with serious technical app. It looks more like an entertainment app to attract ...

Amm0

*) console - put !empty sentence when API query returns nothing; And why was this change even made?? Only in response to some customer who does not understand that an empty response could be returned on a query? If only Mikrotik would actually write in more than partial sentence or have a proper KB...

Amm0

In 7.18, there are new eSIM commands & new serialize/deserialize fixes. While I have no idea what modems or hardware supports them. But from a discussion in another thread about eSIM support, I cleaned the example to using "ask" to prompt for the needed information. :global activateEsi...

Amm0

Mikrotik sell board that come ready to add modems (wAPGacR, LtAP's, etc.). While I know the LM960A18 does not have eUICC on-module. Some 5G module do. So there is some modem module they are testing this... which is not hard to share. And for the foreseeable future, there are no US-based LTE modems b...

Amm0

But Windows does not support IKEv2, only L2TP/IPsec. That is not true, Windows supports IKEv2. In my use case I use ikev2 ipsec as back to home in my soho as it requires no client software. And I wanted to support all common platforms out of the box. I went with strongswan as the responder. It supp...

Amm0

Again, I'm working in theory here. I don't think any hardware support these commands. Now theoretically about the confirmation code, IDK. It's marked as "Optional" in the 3GPP specs. But we're beyond my paygrade on interpreting specs and vague info from Mikrotik. All I can tell you how to ...

Amm0

And on the OP's command syntax question, which may lead to the hardware problem, but still... 1. The string used in the sm-dp-plus= part of the command should use quotes around it. 2. Any $ in the sm-dp-plus you decoded from the QR need to be escaped for RouterOS CLI — $ are variables & strings ...

Amm0

Well, I think they spend too much time on YouTube, and not enough updating the documentation. It should be clear what device a feature supports. IMO, docs should be "done" (or very close) when something hit "rc". How hard is it to update Confluence page?

Amm0

But it does. Simply that nobody except internal Mikrotik has HW to use it on (yet). How do you know? :shock: Unless you are internal Mikrotik, that is. Well, the 3GPP rules have clue. Android SDK for eSIM, has a diagram that explains how this works. Critically, you'll notice the dotted-line "e...

Amm0

But it does. Simply that nobody except internal Mikrotik has HW to use it on (yet). No one has explained eSIM support to community from Mikrotik. It rather annoying. I've asked "hey how do I use this?" on every release thread it appears. I use Mikrotik for LTE with custom modules, so if s...

Amm0

@volkirik,FWIW, your other suggestion about tcp-clamping option on WG, etc. is a good one. But if you have a ticket open, that really how they track these. Now, I think you know, but they can be applied "manually" using mangle today. The long forum posts do little, other than annoy perhaps...

Amm0

So hardware to run even 10G is at least 5x cost of the license, not to mention the bandwidth/hardware costs. I just don't think it's unfair. Now I live in US, and get Mikrotik has different markets more sensitive to pricing... but some Huawei router is still also WAY more than equivalent P0 CHR+hard...

Amm0

One of my recent script, $lsbridge script that visualize vlan-filtering=yes (https://forum.mikrotik.com/viewtopic.php?t=214189#p1123276), is at 49Kb, currently. But at some point is was >64Kb as I added another set of helper functions... WinBox truncated the part above 64K, and saved the 1st 64Kb......

Amm0

If you're asking an IPSec question... something must be wrong... I'm here for moral support.

I just know the one "one proposal problem" well. Unlike routing stuff, there isn't a lot of places to control the proposal (i.e. nothing like BGP filters, firewall mangle for IPSec)

Amm0

When you leave the standard [get] [set] [print] [remove] operators in POST (or at CLI too), some of the "rules" are broken. For example, "run" is not a standard command, it's specialized to /system/script - kinda like a function. While things from get/set/remove are attributes (/...

Amm0

Yeah, I tried in beta for an hour. Could not figure it out... now that was after very quick read the RFC (https://datatracker.ietf.org/doc/html/rfc7450), which left a lot open to vendors on details. I can normally guess my way through the new features, but not this one... Based on RFC, it wants an a...

Amm0

If you're looking for sympathy, I've run into this. Mainly EoIP's automatic ipsec-secret= since that uses defaults, and in older routers these also used default IPSec configurations. AFAIK, you have a "static" identity, you can create multiple profiles to avoid the default proposal. But if...

Amm0

Now I’ll go back to wondering about the implications of https://forum.mikrotik.com/viewtopic.php?t=214871#p1127149 ;-) Nothing on the REST API. Mikrotik also has a low-level protocol called just "API". FWIW, they have not changed either REST API or API protocol in years (commands used do ...

Amm0

The {“.id”: “ScriptName”} thing works but I’m not sure I understand why. The “.id” property is an array reference like “*3”, not a string like “ScriptName”. Does it somehow do a lookup on the “name” property? All "APIs" in RouterOS really go down some fixed schema. And the CLI has a tool ...

Amm0

P.S: about vulnerabilities, I must always mention NEVER OPEN ADMIN INTERFACE TO UNTRUSTED INTERFACES You have to repeat it because it's not documented. Where at help.mikrotik.com does it actually say that...? On Securing+your+router it mentions disabling winbox-mac and that it's. And it also sugges...

Amm0

Sure few "users" of RouterOS may use a network simulator... If more folks tested RouterOS in simulators, generally - including Mikrotik – it might ferret out bugs quicker and reduce deployment issues. And, other vendors use simulators as a sales tool to show folks "see, you don't have...

Amm0

It shouldn't work like that... but some stuff does vary by command. It might just map both ".id" to "numbers="* as the "$1"/unnamed argument to /system/script/run and let that command sort it out. (* "numbers" is .id's cousin, and weird too, sometimes it can b...

Amm0

*) console - renamed "back-to-home-users" to "back-to-home-user"; I get y'all use the singular form in commands. But if you were going to rename it "back-to-home-shares" or something that reflect the are the N th users that some "shared" the VPN in your app. ...

Amm0

6,000+ views. No ones tested AMT? Only testing patience for diatribes. Could you describe the specific problem you would like to solve with AMT? Basically whether it could be used to tunnel multicast over a L3 VPN like WG. I guess I could try it myself, but just seem like something someone might ha...

Amm0

6,000+ views. No ones tested AMT? Only testing patience for diatribes.

Amm0

Totally agree. And keyboard-shortcuts!!! Just tone bothered me... macOS version is a low-priority bug. On the "internals", when using the CLI options to launch winbox, there does not seem to be a "silent" option so NOT log all the Qt/etc stuff when you launch it. Now maybe in @no...

Amm0

Heads-up - breaking changes for management and monitoring: *) console - put !empty sentence when API query returns nothing; It's still not in docs, which is annoying since we're now at "rc". IMO docs should be done by a "release candidate" (i.e. theoretically shippable). And dev...

Amm0

I have never checked version of an app inside the executable, sorry. For any software ever. But we will see if we can include it for your peace of mind. You just can't stop the sarcasm can you? While, issue is understandable in a beta. It's a bug report - treat it like that - move on. No need to tr...

Amm0

What difference does it make?

But one could say same about pixels sizes... It's sloppy, and shows lack of build process that would set that. Now priority, IDK.

And, I guess you're never planning on putting it in the macOS App Store...

Amm0

hi, i want the similar setup, differences is the wireguard connect to my cloudflare zero trust tunnel. had try all the options in this post, not shown anything in Romon Discover, but the EOIP packet traffic seems in the counter. is there specific setup if use WG for Cloudflare? No, it be very simil...

Amm0

I knew there was some colorful Italian phrase - I had to result to Google. The Spanish ¿ was for fun, since I figured it get a post-count-raising reaction & breaking multiple "Forum rules" at same time

Amm0

What's new in 7.18beta2 (2025-Jan-21 11:27): *) console - put !empty sentence when API query returns nothing; That should really end up in the API docs... https://help.mikrotik.com/docs/spaces/ROS/pages/47579160/API#API-Replyword And, there reports that it breaks the Terraform provider, since it's ...

Amm0

Well, it likely the https://github.com/go-routeros/routeros team that will have to fix it. I think it's just another case "!empty" that does nothing would fix it here: https://github.com/go-routeros/routeros/blob/c7c9b83f89d6d8e4c4a50e21c0fd99ba9f4b5fd3/listen.go#L113 Also, you should be a...

Amm0

It's noted in the release notes:

*) console - put !empty sentence when API query returns nothing;

Amm0

========== NEW QUESTION ========== Thank you all for input. New question. What specific features would you like to provision in these controller type of setups. What is your #1 use case, which config is most often needed to apply "en masse" or to multiple devices? Perhaps, controlling &qu...

Amm0

You have been thinking of your Bridge VLAN table as a table with interfaces as "Primary Key". Try to rethink that and use the VLAN IDs as Keys and "pivot" the table: [...] The fact that you can also specify vlan-ids=id-range is syntactic sugar to help reduce the number of repeat...

Amm0

I often had errors while importing, not only with ports. This exact things happened on RB953s, where you could NEVER just import and export. Something boot renamed the serial ports. And, how I learned you couldn't trust and export work directly with import. And this is a very good idea! I would sug...

Amm0

And think of all the discussion that must have gone into the font selection at Mikrotik... just wasted in a second with RegEdit. But someone thought about the fonts there, i.e. ligatures (and letters like 4's) generally match between Manrope and JetBrains Mono - . And the mono font renders script ar...

Amm0

In 7.18beta, there is: *) system - added option to list and install available packages (after using "check-for-updates"); Perhaps WinBox4, should have some direct "Refresh Package List" (or something) on the main /system/package dialog's right-side actions. In WinBox3, the top-ba...

Amm0

Yeah QEMU inside Docker is an "common" approach, to uncommon problem, today. I think Mikrotik has trouble supporting the various cloud hosting providers as it is, and Docker has whole ecosystem stuff folks would expect. While you used to be run RouterOS-on-RouterOS using even more basic Me...

Amm0

How are these posts related to controllers? Please keep the discussion on topic Well... part of most controller is being able to get into an individual device's UI. While we don't know, I'd imagine the a single router's view be winbox/webfig... And, some are saying they may want something else at t...

Amm0

Works 2025-02-13T06:06:43.863+0000 Better 2025-02-13T06:06:43.863+00 : 00 RFC5424 do need a : there, but CEF can use with or without. So to be more compatible use the : In that case, "best" be that gets reduced to: 2025-02-13T06:06:43.863 Z Related, feature request on CEF: it be nice if t...

Amm0

Agreed. I was initially thinking towards RB5009Pr but that would really have been overkill. [...] You can add 4 RB5009/L009-formfactor like units in 1U. But I think there might be a market for it. I'm the market for it. We've used the RB5009 as dumb PoE switches before, and some cases its used a Dud...

Amm0

There is an urgent need for ARMv7 container support for E50UG. Compared to ARMv5, the number of available images for ARMv7 is not even in the same league. Yeah it be limited. There is no Alpine Linux release for ARMv5, and many images use Alpine inside.... As a result, you cannot even build one you...

Amm0

Given the likely enormous effort they put into new WinBox, and the largely unnoticed new redesigned WebFig in 7.17 that looks just like winbox4 ... I'd imagine the answer will be BOTH web and app... So the controller app will likely just have different choices on side ("Routers", "APs...

Amm0

That is, currently in the file found at WinBox.app/Contents/Info.plist , you will find the lines: ... <key>CFBundleVersion</key> <string> 0.1 </string> ... Well, it matches the "my.example.com" as bundle id string, in same Info.plist ... although that's vendor is not visible in Finder. Bu...

Amm0

We went from something that worked fine on windows and emulated well on others, most of the time, to something that doesn't work as well as the old one anywhere... Yeah, I feel the same way. I really hope MT won't retire v3 before everything’s up to par. Well, the "saving everything"/&quo...

Amm0

*) dhcpv4-client - allow selecting to which routing tables add default route (additional fixes); [...] That would be great for DUAL-ISP setups and regular changing IP [...] I'm still looking for a "Check Gateway" option in /ip/dhcp-client as that's ALSO needed for "DUAL-ISP" set...

Amm0

While I like the feedback in "green bubble" (or red too) status that appear after a commit ("OK"/"Apply") ... they could use some attention in usability. I guess it's related to the "dirty fields" problem (i.e. two updates to same field, before winbox knows it...

Amm0

Given the Super Bowl in US... Amm0's container&script superstore is now offering ... Easiest way to install a RouterOS * — via URL: utm://downloadVM?url=https://github.com/tikoci/chr-utm/releases/download/v7.17.2/RouterOS.utm.zip *assuming you have an Intel Mac with UTM installed — To install UT...

Amm0

What does "my Mikrotik" mean in terms of model number? Yup, not a lot details to help. In general, most RouterOS get full speed, even without bypass. It the spurious "use it for a hotspot service" - on same Mikrotik, or is that seperate? Perhaps try a speed-test to @TomjNorthIda...

Amm0

Not sure why UDP down did not work. In both bandwidth-test and speed-test, The UDP port maybe blocked by default firewall for UDP. For TCP, there is a connection tracked, so that works fine. But for UDP, the remote side starts, so nothing from LAN->WAN got that tracked. Also it can use a different ...

Amm0

In beta5 pull container from https://registry-1.docker.io doesn't work I'm using https://registry.hub.docker.com as you're supposed to according to some sources (including Podman). Works great. Mikrotik has changed their mind a few times, so registry-1.docker.io was in docs at some point. FWIW, I t...

Search found 5269 matches