Community discussions

MikroTik App

Search found 4958 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 17
by Amm0
Wed Jan 22, 2025 5:47 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 96
Views: 7940

Re: v7.18beta [testing] is released!

Okay, I got the /ip/cloud/file-share feature almost working. However @normis's comments do not quite match my experience: it only opens up the file share and has a valid HTTPS certificate. Webfig is not opened to the world, when you enable file share. It is a different service. I had HTTPS enabled i...
by Amm0
Wed Jan 22, 2025 3:15 am
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 96
Views: 7940

Re: v7.18beta [testing] is released!

How this works? Has someone tried already? *) cloud - added file-share feature; I enabled it, or at least I thought, but doesn't work. It says running, and looked based on BTH's relay service to share files over internet. /ip/cloud/file-share/settings/print enabled: yes dns-name: <sn>.routingtheclo...
by Amm0
Tue Jan 21, 2025 8:50 pm
Forum: RouterOS beta
Topic: /ip/route/check command disappeared?
Replies: 24
Views: 17720

Re: /ip/route/check command disappeared?

And it returns in 7.18 reincarnated!
/ip/route/check dst-ip=8.8.8.8                                 
     status: ok            
  interface: wan2  
    nexthop: 1.2.3.4
by Amm0
Tue Jan 21, 2025 8:40 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 96
Views: 7940

Re: v7.18beta [testing] is released!

This one could use a bit more explanation... *) cloud - added file-share feature; Now it did work to create a /ip/cloud/file-share ... but the URL with "routingthecloud.net" does not seem to work in browser (it gets a 404). Is this for BTH use only? i.e. I noticed the /ip/cloud/back-to-hom...
by Amm0
Tue Jan 21, 2025 8:00 pm
Forum: Announcements
Topic: v7.18beta [testing] is released!
Replies: 96
Views: 7940

Re: v7.18beta [testing] is released!

NICE WORK. I'm undecided on what to report the most beautiful, besides the FastTrak, I should copy half the list... Indeed. Upgraded a RB1100AHx4, KNOT, and CHR(s). The RB1100 has some auto-start containers with ROSE RAID/bfrs & all just came up – which includes MQTT and LoRa server, and 7.18be...
by Amm0
Tue Jan 21, 2025 5:34 pm
Forum: Containers
Topic: Home Assistant container on RouterOS - fails to extract and start
Replies: 12
Views: 1255

Re: Home Assistant container on RouterOS - fails to extract and start

Based on at tip in from Amm0 I changed HA from branch “stable” to “latest”, installed HA container and it worked! 😊 from https://forum.mikrotik.com/viewtopic.php?t=214037#p1120343 # ... add veth and networking config ... # SSD is at "raid1/" and layer-dir= and tmpdir= explicitly use the &...
by Amm0
Tue Jan 21, 2025 1:59 am
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 77
Views: 16923

Re: Router OS 7 on UEFI

CHR will have drivers for the virtualized network drivers... Otherwise, AFAIK ARM64 native build does not have a lot of drivers.
by Amm0
Mon Jan 20, 2025 9:40 pm
Forum: General
Topic: Which HW for Verizon Cellular in NY
Replies: 8
Views: 328

Re: Which HW for Verizon Cellular in NY

Understandable. I regularly complain about this. But it has not improved for North American LTE/5G users — and newer LTE devices are even worse the older ones. The original CAT6 modems at least worked with AT&T and T-Mobile... but newer "refreshed" LTE devices, generally with "(20...
by Amm0
Mon Jan 20, 2025 9:13 pm
Forum: General
Topic: Which HW for Verizon Cellular in NY
Replies: 8
Views: 328

Re: Which HW for Verizon Cellular in NY

None work "great" and no 5G options for US. The LTE6 will work okay with AT&T, albeit 5G and limited to CAT6 speeds - but it does at least couple CA modes for AT&T. And LTE6 may work for Verizon, in some areas, but it's without Verizon's Band 13 – which VZW widely deployed/uses – t...
by Amm0
Mon Jan 20, 2025 7:37 pm
Forum: Containers
Topic: Home Assistant container - success stories?
Replies: 4
Views: 392

Re: Home Assistant container - success stories?

Did you try using the fully qualified remote-image, i.e. including :latest. This worked to create HA on a RB1100AHx4, which 32-bit too. # SSD is at "raid1/" and layer-dir= and tmpdir= explicitly use the "real" disk /container/config set layer-dir=raid1/layers registry-url=https:/...
by Amm0
Mon Jan 20, 2025 7:24 am
Forum: General
Topic: Log: a lot of garbage
Replies: 4
Views: 379

Re: Log: a lot of garbage

The "!dns !package" log rule will mean "debug" (or anything NOT dns and NOT package - which is a log. In general, the "double negative" rules really make it difficult to predict what will happen since it's essentially "everything else"... So may be more OTHER ...
by Amm0
Mon Jan 20, 2025 2:21 am
Forum: Forwarding Protocols
Topic: AMT - Automatic Multicast Tunneling support
Replies: 13
Views: 3470

Re: AMT - Automatic Multicast Tunneling support

If they followed them, by hypothesis, all of them, they would do yours in 20 years.
I guess someone wins the lottery... ;)

And, their AMT implementation does look simplier than PIM-SM or IGMP proxy (x2). Hopefully AMT works with WG tunnels to add multicast.
by Amm0
Sat Jan 18, 2025 8:49 pm
Forum: General
Topic: PXE Boot From Mikrotik
Replies: 17
Views: 24754

Re: PXE Boot From Mikrotik

Did you try from the CLI to set the DHCP Option? I suppose it's possible winbox/webfig used ߵsmartquoteߴ or some unknown Windows locale/code-page/keyboard thing in winbox... This will explicitly update any existing entry, if any unicode was present the CLI will strip it. /ip dhcp-server option set [...
by Amm0
Sat Jan 18, 2025 7:57 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

"Only critical bugs will be fixed in Winbox 3" . Sounds crazy, right? Not really. WinBox3 has not had new features for a long time... so I think it's been in the "only critical bugs" even before winbox4 came out . I think when you start seeing some "new winbox protocol"...
by Amm0
Sat Jan 18, 2025 7:40 pm
Forum: General
Topic: Feature Request: WINS Server
Replies: 8
Views: 4196

Re: Feature Request: WINS Server

Unfortunately yes. For example if you merge different office locations within OSPF over p2p wire guard links. In that case you have different networks in most cases, and to get for SMB share, printers etc to live across offices you still have to rely on WINS. Or use Active Directory (either MS or S...
by Amm0
Sat Jan 18, 2025 7:32 pm
Forum: Containers
Topic: Looking for Docker container ideas for RouterOS
Replies: 125
Views: 42881

Re: Looking for Docker container ideas for RouterOS

WINS is a 31-year-old, obsolete Microsoft legacy service Agree. But still really curious on what drives any use case for WINS... But just to answer the question... you can install samba in an Alpine container, and enable WINS in it's config (and add LMHOSTS, have RouterOS DHCP set container as WINS...
by Amm0
Sat Jan 18, 2025 4:11 am
Forum: The User Manager
Topic: The User Manager I can't install.
Replies: 1
Views: 584

Re: The User Manager I can't install.

You need to open up the File window in winbox, and drag the file to the blank spot in the window - not the menu itself – so that .npk package appears at the root directory inside Files dialog box. Then do a System > Reboot. You check Logs to see if has any messages after reboot after copy'ing the UM...
by Amm0
Sat Jan 18, 2025 2:35 am
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 77
Views: 16923

Re: Router OS 7 on UEFI

I maintain the fat-chr project, so it's possible to add a variant for a 1MB aligned VHD image in future – but I'm not sure that's whole problem here with Azure Gen2 +ARM64... Basically the ARM64 build is different animal...Mikrotik has suggested it's really for AMPERE-based systems... so it may not ...
by Amm0
Sat Jan 18, 2025 1:51 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

[...]measurement unit jumps left/right depending on the order of magnitude of the numbers. eg. comparing "1.0 Mbps" and "1000.0 Mbps" the position of the Mbps are different - it moves sideways depending on the value and I find this distracting to read Agreed on alignment & M...
by Amm0
Fri Jan 17, 2025 10:44 pm
Forum: Virtualization
Topic: Router OS 7 on UEFI
Replies: 77
Views: 16923

Re: Router OS 7 on UEFI

ARM64 CHR may need NVMe disk, I think, although not 100%. I recall some issue with QEMU where the fix is to use NVMe emulation.
by Amm0
Fri Jan 17, 2025 9:19 pm
Forum: General
Topic: time-zone-autodetect ?
Replies: 1
Views: 315

Re: time-zone-autodetect ?

Are you running the latest stable version (7.17, or 7.16.2)? e.g. Some devices come with older versions, and I want to say there was some bug someplace in TZ auto-detect and/or NTP in older versions. FWIW, Mikrotik has a build in time sync in /ip/cloud, so there is not a specific need to use your ow...
by Amm0
Fri Jan 17, 2025 9:05 pm
Forum: Scripting
Topic: Feature request: adding "remove after next run" feature in schedulers
Replies: 2
Views: 1106

Re: Feature request: adding "remove after next run" feature in schedulers

Good idea. It let you "queue" some action simply... Now you can always have the last action of schedule script to remove itself. But this is a bit trickier...as there is NO "this" variable to know what script you're in (/system/scheduler/remove [find name="$name"] will ...
by Amm0
Fri Jan 17, 2025 8:57 pm
Forum: General
Topic: Question about back-to-home-vpn
Replies: 3
Views: 219

Re: Question about back-to-home-vpn

Yeah I really don't know for sure on this one. Only guesses... Presumably the generated config should be the generic peer configuration, and it's totally unclear what the 0.0.0.0/32 is for from docs... It would be nice hear from someone at MikroTik about this! Agreed. Mikrotik really should write up...
by Amm0
Fri Jan 17, 2025 8:35 pm
Forum: General
Topic: Question about back-to-home-vpn
Replies: 3
Views: 219

Re: Question about back-to-home-vpn

Good question. IDK exactly. But agree I think it's superfluous when using the generated config in a normal WG client. It is NOT a /0 default route, rather a /32 — so not sure it's be useful if normal WG app, unless some client app used "0.0.0.0". But dunno My only WAG is it's used by their...
by Amm0
Thu Jan 16, 2025 11:32 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 14043

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

The "Who's Online?" from the main forum page has been removed too. I suspect they blocked the "public profiles", to reduce the URLs that could be scraped/DDoS/whatever...
by Amm0
Thu Jan 16, 2025 7:36 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

Since 7.17 is forcing me to use new Winbox instead old one, that i'm used to it, How does it forcing you to use new WinBox? WinBox 3.41 works fine on 7.17. Yeah...you might want to explain what you mean... i would like to ask if there is a way to fix comment section under connections, that i would ...
by Amm0
Thu Jan 16, 2025 5:45 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

Why and what traffic is coming in from the dynamic BTH interface that is added? [...] the counter increments steadily without a BTH client out there. So what traffic is this, mddns? Seeing as you have persistent keep alive set to the relay server, the router keeps in contact with the relay server??...
by Amm0
Wed Jan 15, 2025 7:39 pm
Forum: Containers
Topic: Home Assistant container on RouterOS - fails to extract and start
Replies: 12
Views: 1255

Re: Home Assistant container on RouterOS - fails to extract and start

I can see that an autosupout was created at the time the process halted..should I send it to MT for investigation? Perhaps a case at support@mikrotik.com. The path and layer-dir= is about the only knobs I know to try here... Make sure to generate a new supout.rif with the current state and include ...
by Amm0
Wed Jan 15, 2025 7:18 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

in macOS, on Winbox Terminals, it is no more possible to input ^ or ~ characters without having to make copy-paste. That's odd. I can use both the caret and tilde fine in Terminal, on MacOS, using latest beta. Are you using an external keyboard, or perhaps foreign keyboards might cause a difference...
by Amm0
Wed Jan 15, 2025 5:09 pm
Forum: Containers
Topic: Home Assistant container on RouterOS - fails to extract and start
Replies: 12
Views: 1255

Re: Home Assistant container on RouterOS - fails to extract and start

Hmm. Can you also change tmpdir=usb1/pull in /container/config (settings), to remove that slash too?

If that does not work, you could try to the the "layer-dir" in container settings this specifies where the layers are stored:
/container config set layer-dir=usb1/layers
by Amm0
Wed Jan 15, 2025 11:08 am
Forum: Containers
Topic: Home Assistant container on RouterOS - fails to extract and start
Replies: 12
Views: 1255

Re: Home Assistant container on RouterOS - fails to extract and start

Try using root-dir=usb1/ha (without the leading /).

RouterOS file paths do not start with a /, and while some item (like /container/mount) will ignore a leading slash /... root-dir= is very picky.
by Amm0
Wed Jan 15, 2025 12:21 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 14043

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

migrate to other forum software that supports load balancing, high availibility etc
Im 100% sure one can do this with PHPBB and HAProxy
https://www.haproxy.org/
+1 to haproxy

It has been flaky today too...
by Amm0
Tue Jan 14, 2025 4:11 am
Forum: Scripting
Topic: [SOLVED] Using Dynamic Variable Names
Replies: 40
Views: 36453

Re: [SOLVED] Using Dynamic Variable Names

While it's nifty trick to use [:parse] to create new globals or use one without a declaration... In most cases, your better off using an array-of-maps or array-of-lists & using TWO :foreach loops. And bad examples of using [:parse] to have "dynamic variable names" are even less helpful.
by Amm0
Tue Jan 14, 2025 3:37 am
Forum: General
Topic: Any downside of using new-mss=clamp-to-ptmu globally (without qualifier)?
Replies: 3
Views: 633

Re: Any downside of using new-mss=clamp-to-ptmu globally (without qualifier)?

"Most" clients will be automatically set the TCP MSS correctly (assuming ICMP/"ping" is not blocked in the path), but it's not 100%. And why "it worked for a while, then some device broke it..." So using an adjust-mss action makes sense for WG - keep in mind it only app...
by Amm0
Tue Jan 14, 2025 12:00 am
Forum: Scripting
Topic: [API bug/suggestion] Regex in queries
Replies: 16
Views: 7706

Re: [API bug/suggestion] Regex in queries

Please be patient, we will have some new features in ROSv7. :) Well folks have been patient... But even the new REST API, which borrows the API query syntax, does not support regex either. So it's useful beyond just the older API, since I'd imagine REST just proxies the native API. If API supported...
by Amm0
Mon Jan 13, 2025 9:53 pm
Forum: General
Topic: Traffic generator strange problem
Replies: 5
Views: 505

Re: Traffic generator strange problem

If you create a pcap with your ping from the router using sniffer, and they use that same pcap in traffic generator does it work? IDK why the Juniper might not see it. But again if something generated is malformed, perhaps it drops it. Or, if IP/arp was wrong, then generated traffic might not be goi...
by Amm0
Mon Jan 13, 2025 9:46 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 811

Re: Automation Gateway With Mikrotik [SOLVED]

The CHR solution looks cool, but CHR + server looks a bit to much for me right now. [...] Maybe flashing the RB951 with openWRT + Zerotier (I hope this is not a sin to be told here) Most commercial VPN services (Nord, SurfShark, etc.) don't allow port forwarding, so that not a viable options. I'll ...
by Amm0
Mon Jan 13, 2025 8:24 pm
Forum: Beginner Basics
Topic: Automation Gateway With Mikrotik [SOLVED]
Replies: 9
Views: 811

Re: Automation Gateway With Mikrotik [SOLVED]

Yeah ZeroTier works pretty well for these cases. While WireGuard and EoIP+IPSec be alternatives if you have a public IP someplace where you can do port forwarding... But without a public IP, you need another router someplace with a public IP that the MIPS RB951 will initiate a connection, and the re...
by Amm0
Mon Jan 13, 2025 7:59 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

Yeah maybe @normis has a clue here. I am trying to follow the MT documents. While I get it... that would include doing a /system/reset-configuration no-defaults=no keep-users=yes IMO. And I bet everything would work. I doubt the docs assume anyone has custom firewall rules or VLANs in their docs... ...
by Amm0
Mon Jan 13, 2025 7:43 pm
Forum: General
Topic: Traffic generator strange problem
Replies: 5
Views: 505

Re: Traffic generator strange problem

If you're running 7.17rc, you need to enable the traffic generator in /system/device-mode (see 7.17 thread here, or docs).

Otherwise, it's possible you're not generating a valid packet that be dropped before your router sees it. Do you see it on the Mikrotik touch or sniffer locally?
by Amm0
Mon Jan 13, 2025 7:38 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

IDK what's going. I've always seen the rules, but only have a couple test devices, both are running 7.17rc. Although this was all working in 7.16 too. I'd try again, and NOT use the smartphone app - IMO that makes this MORE configuring unless you really do have "factory defaults". So disab...
by Amm0
Mon Jan 13, 2025 7:25 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

To cut to chase, you're right that if you have customization in /ip/firewall/filter things get more complex. I think the underlying assuming is that you do NOT have any modifications to the default firewall.... Now why some are missing, it's possible that unless you have an BTH peers that have "...
by Amm0
Mon Jan 13, 2025 6:31 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

1. Do I need to keep the IPV6 addresses, even though I am strictly using IPV4, in other words does MT relay server require that for all devices?? IPv6 address are not required on the peers or router, although it will be generated in the sample/exported/shared config. But on IPv6... keep in mind if ...
by Amm0
Mon Jan 13, 2025 3:31 am
Forum: Virtualization
Topic: Dell R610 and x86 RouterOS
Replies: 5
Views: 613

Re: Dell R610 and x86 RouterOS

You might want to post your config. I believe the default configuration is empty, so routing might not work out of the box.
by Amm0
Mon Jan 13, 2025 3:04 am
Forum: Beginner Basics
Topic: Disable Webfig Username autofill
Replies: 9
Views: 2844

Re: Disable Webfig Username autofill

Is there a way to just simply remove the login username by default? Nope, or at least no documented way I could find. And, agree, it's annoying. Considering Mikrotik encourages everyone to NOT use "admin" as username (i.e. to add another element to a password attack), it a poor default th...
by Amm0
Sun Jan 12, 2025 8:18 pm
Forum: Scripting
Topic: $ROKU, the missing Roku TV remote for RouterOS
Replies: 4
Views: 7976

Re: $ROKU, the missing Roku TV remote for RouterOS

I don't know if there any other users of my $ROKU script, but in the latest RokuOS update some permissions have changed that will break the script . Specifically "ECP" which is the web service used to control the TV via HTTP over the LAN. So to keep using the script, you must enable on the...
by Amm0
Sun Jan 12, 2025 7:02 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 868

Re: Is there a simple way to hang a virtual "Out of order" sign?

Not "simple" at all.
And here I thought you like making things more complex. ;)
by Amm0
Sun Jan 12, 2025 6:40 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

One only needs the APP to create the first user ( the smartphone itself ). It automatically turns on BTH VPN, and creates the first two entries! I had thought one needed to manually turn on BTH VPN in ip cloud first. It's likely best to do it phone BTH app - so you can test it first. But doing it v...
by Amm0
Sun Jan 12, 2025 5:44 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 868

Re: Is there a simple way to hang a virtual "Out of order" sign?

FWIW, both modern Windows and MacOS desktop OSes support using DHCP options to detect the captive portal, which /ip/hotspot support (returning the JSON needed by Option 114). Now hotspot also does all the older DNS/redirects schemes too - which @mkx is correct, they don't as well these days since ne...
by Amm0
Sat Jan 11, 2025 9:45 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 868

Re: Is there a simple way to hang a virtual "Out of order" sign?

A certain Amm0 :wink: explained how hotspot can only take care of the wifi part in a post in one of the two threads I mentioned: https://forum.mikrotik.com/viewtopic.php?t=208023#p1077781 Your memory is better than mine. But despite my poor summary there... I'm pretty /ip/hotspot applies to any LAN...
by Amm0
Sat Jan 11, 2025 8:28 pm
Forum: General
Topic: ATL LTE 18 slowing down to a crawl
Replies: 11
Views: 993

Re: ATL LTE 18 slowing down to a crawl

We have many similarly configure LTE routers, so it's easier for me to test that a version works before dealing with anything remote... But if you got just one and it's remote, that makes it harder... Especially if it's stable for hours and then dies, that's sounds really annoying... Their support i...
by Amm0
Sat Jan 11, 2025 8:13 pm
Forum: General
Topic: ATL LTE 18 slowing down to a crawl
Replies: 11
Views: 993

Re: ATL LTE 18 slowing down to a crawl

If you can't disable the interface without a crash, that seems like bug somewhere. I'd file a ticket at support@mikrotik.com, and make sure to include a supout.rif when you have the problem. If it keeps happening, you can also try running 7.17rc (+upgrading the boot and LTE firmware too for 7.17), w...
by Amm0
Sat Jan 11, 2025 8:02 pm
Forum: Beginner Basics
Topic: Is there a simple way to hang a virtual "Out of order" sign?
Replies: 13
Views: 868

Re: Is there a simple way to hang a virtual "Out of order" sign?

This thread has a few approach to a similar problem: https://forum.mikrotik.com/viewtopic.php?t=195386&hilit=captive+portal Basically the options from that are: 1. Create a [largely unused] captive portal on new VLAN, with update HTML with your "Out of order" sign. For maintenance, you...
by Amm0
Sat Jan 11, 2025 7:46 pm
Forum: RouterOS beta
Topic: /ip/route/check command disappeared?
Replies: 24
Views: 17720

Re: /ip/route/check command disappeared?

I wasn't sure if it internally used in matcher if the = was "ip-prefix" type. Apparently not, according to MT's @mrz in this thread ( https://forum.mikrotik.com/viewtopic.php?t=103590 ) from ~8 years ago: I recently became aware that you can use a "in" operator in a command line ...
by Amm0
Sat Jan 11, 2025 5:11 pm
Forum: General
Topic: ATL LTE 18 slowing down to a crawl
Replies: 11
Views: 993

Re: ATL LTE 18 slowing down to a crawl

The part of the story missing is the LTE metrics. If you're doing monitoring, adding RSRP, RSRQ, and SINR likely be useful since it could be on the LTE carrier side (i.e. time-of-day, changing bands, etc.) which some data either confirm or rule-out. Now the dramatic drop in traffic might indicate so...
by Amm0
Sat Jan 11, 2025 4:24 pm
Forum: General
Topic: Adding veth slows internet
Replies: 35
Views: 4157

Re: Adding veth slows internet

Never bridge VETH interfaces with physical ports, it will disable hardware forwarding. "Never" is overly strong, but because it's a consideration worth taking into account, I've added it to the list of consequences The loss of HW forwarding is a good point, and a valid consideration. With...
by Amm0
Sat Jan 11, 2025 7:35 am
Forum: General
Topic: Mangle and Fasttrack [SOLVED]
Replies: 12
Views: 4491

Re: Mangle and Fasttrack [SOLVED]

but FASTTRACK works with a "change MSS" in the ppp profile?
MSS adjustment happens on first/"new" TCP SYN packet & "new" connections not covered by fasttrack established/related rule...
by Amm0
Sat Jan 11, 2025 2:43 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139714

Re: v7.17rc [testing] is released!

With my ISP you normally have to pay a subscription for IPTV and get a TV-Box. But if you don't subscribe and pay nothing, the IPTV multicast streams with all the channels are still available on the ethernet connection that PPPoE uses, not in a separate VLAN, free of charge, you just don't get the ...
by Amm0
Sat Jan 11, 2025 2:32 am
Forum: General
Topic: Adding veth slows internet
Replies: 35
Views: 4157

Re: Adding veth slows internet

Couple questions... 1. Is the LAN bridge using auto-mac=no? – if it's =yes, then it's possible VETH become the "first interface" in the bridge, in which case it changes the bridge MAC address to be VETH, which may have some side-effects & using a admin-mac= is generally a best practice...
by Amm0
Fri Jan 10, 2025 10:11 pm
Forum: RouterOS beta
Topic: /ip/route/check command disappeared?
Replies: 24
Views: 17720

Re: /ip/route/check command disappeared?

Did you try using query (.query in REST POST)?
/ip/route/print
?active
?dst-address=10.10.10.1
?#&
Now if you got multiple responses, your code have to deal with getting the first from the array, since there is no "pick" in API.
by Amm0
Fri Jan 10, 2025 8:52 pm
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 1486

Re: Printer on different VLAN

Well, at least we have a test of AI's AGI abilities - if an LLM can figure out RouterOS config, we're got AGI and domed. But seems were long way from that... Change the "/interface mdns" to: /ip/dns/set mdns-repeat-ifaces=LAN-34,IOT-200 And, the firewall rules are likely not optional, but ...
by Amm0
Fri Jan 10, 2025 7:40 pm
Forum: General
Topic: My LHG - LTE18 is having a Stroke. :D
Replies: 12
Views: 970

Re: My LHG - LTE18 is having a Stroke. :D

Yeah point being there are three possible places to update: 1. /system/package 2. /system/routerboard/update 3. /interface/lte/firmware-upgrade & with LTE likely best ALL align (and/or at latest stable), since over many releases I have see weird things with LTE (no showing up, not running, disap...
by Amm0
Fri Jan 10, 2025 6:55 pm
Forum: Beginner Basics
Topic: Printer on different VLAN
Replies: 18
Views: 1486

Re: Printer on different VLAN

The automatic search feature in the Brother Full driver did not found the printer (I expected that cause they were not in the same broadcast domain). After putting the IP statically - printer was found immediately but installation failed. Even adding a FORWARD rule of allowing ALL from VLAN34->Prin...
by Amm0
Fri Jan 10, 2025 6:33 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1564

Re: 4G/LTE router with Dual SIM [SOLVED]

Yeah that one says TWO modems, and TWO SIM. But none going to run RouterOS™.
by Amm0
Fri Jan 10, 2025 6:24 pm
Forum: General
Topic: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]
Replies: 10
Views: 1674

Re: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]

On routerA it's needed because routerB is trying to connect to the routerA thought the internet and without that rule firewall would drop the traffic. Perhaps there is some outbound traffic from that port that opens up a hole in routerB allowing response traffic? Anyway, I think it does not hurt to...
by Amm0
Fri Jan 10, 2025 3:54 pm
Forum: General
Topic: Question on massive site-to-site VPN implementation
Replies: 13
Views: 1043

Re: Question on massive site-to-site VPN implementation

This is using /zerotier/controller. By the way, in this case are there any flow rules I can edit? I am asking because now RoMON goes through the ZeroTier interface, but OSPF does not discover peers in any broadcast mode, it only works if they are defined statically. But for 80 peers, I obviously pr...
by Amm0
Fri Jan 10, 2025 6:58 am
Forum: General
Topic: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]
Replies: 10
Views: 1674

Re: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]

Good write up! Few points: - BTH does add all the firewall stuff automatically - that's why it "easy"... while doing it "by hand" on RouterB you do have to allow the WG port otherwise it be blocked by the default firewall's drop WAN in rule. - AFAIK, the BTH "server" ru...
by Amm0
Fri Jan 10, 2025 4:48 am
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1564

Re: 4G/LTE router with Dual SIM [SOLVED]

To be fair on the posted image, also Huawei claims the same. It seems more likely that it is something lost in translation (or whatever) connected with amazon than originating from the manufacturers. RouterOS do sounds generic, it is a router and has an OS ;). I believe you can report them to Amazo...
by Amm0
Fri Jan 10, 2025 4:38 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

I found this about WinBox encryption https://margin.re/2022/02/mikrotik-authentication-revealed/. No idea if the author was correct or whether it's still relevant to the current version. It's actually documented as ECSRP for key exchange and authentication [...] AES128-CBC-SHA as an encryption algo...
by Amm0
Thu Jan 09, 2025 11:07 pm
Forum: General
Topic: My LHG - LTE18 is having a Stroke. :D
Replies: 12
Views: 970

Re: My LHG - LTE18 is having a Stroke. :D

Sorry, /system/routerboard is where you upgrade the firmware (but the "firmware"/BIOS is called RouterBOOT).
by Amm0
Thu Jan 09, 2025 10:29 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1564

Re: 4G/LTE router with Dual SIM [SOLVED]

Yes, I too am going that very path :-) I just have ordered 2 LTE sticks, and will first test a solution on the PC (Linux), and later move it to a dedicated small router device... On Linux, if mbimcli works (assuming ModemManager is installed) then it should work on "real" RouterOS.
by Amm0
Thu Jan 09, 2025 10:20 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2150

Re: NORMUNDS FOR PRIME MINISTER

I heard they were discussing Latvia buying Cloudflare...
Or is it the other way around? :lol:
LOL. Perhaps,

Latvia's GDP = $43.63 billion
Cloudflare, Inc. (NET) market cap = $39.71 billion
by Amm0
Thu Jan 09, 2025 9:18 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1564

Re: 4G/LTE router with Dual SIM [SOLVED]

Help!
How can I post an image here at all? :oops:
Is only an external link possible?
When you do a reply, below the text box/button there a tab that says "Attachments", you can add a graphic as a file, then use "Place inline".
by Amm0
Thu Jan 09, 2025 9:11 pm
Forum: General
Topic: Quick Set Bug v7.16.2
Replies: 3
Views: 614

Re: Quick Set Bug v7.16.2

@anav is right, but it is unfortunately ironic that the "easy-to-use" QuickSet method is fraught with bugs and caveats. On the specific issue, QuickSet messing up /ip/dhcp-server/network with 0.0.0.0 is known issue in some combo of older versions AND older default configuration built-in (/...
by Amm0
Thu Jan 09, 2025 7:27 pm
Forum: Scripting
Topic: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET
Replies: 10
Views: 4649

Re: Securely storing apikey/tokens for /tool/fetch... Approaches? == $SECRET

Yeah the whole idea of $SECRET is that it uses /ppp/profile password= variable, which in RouterOS policy is "sensitive" - you indeed you do need policy permission for it. Now the main benefit of using a "sensitive" attribute to store the "secret" is that stuff like API ...
by Amm0
Thu Jan 09, 2025 7:13 pm
Forum: General
Topic: My LHG - LTE18 is having a Stroke. :D
Replies: 12
Views: 970

Re: My LHG - LTE18 is having a Stroke. :D

I'd make sure you also upgraded the firmware in /system/routerboot to match. If that matches, then... it may be worth it do a backup, and upgrade to the "testing" channel with 7.17rc. I recall others some issues with LHG specifically in 7.16 or 715, so doing another search through forum ma...
by Amm0
Thu Jan 09, 2025 7:01 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1564

Re: 4G/LTE router with Dual SIM [SOLVED]

While I mainly use Mikrotik router as LTE devices, I do have one site with an inherited Cudy LT something. Amazon is wrong, it's not RouterOS. It has decent web UI, but all the features are pretty fixed in how they work and there aren't a lot of customizations. Small example, Cudy's do support ZeroT...
by Amm0
Thu Jan 09, 2025 6:43 pm
Forum: General
Topic: Question on massive site-to-site VPN implementation
Replies: 13
Views: 1043

Re: Question on massive site-to-site VPN implementation

the way, I solved the RoMON issue with ZeroTier: I had to enable bridging mode for each peer. This is when using /zerotier/controller for your peers? ...or using my.zerotier.com service? I ask since the default flow rules for ZeroTier's cloud service will block RoMON. In which case, you need to add...
by Amm0
Wed Jan 08, 2025 10:23 pm
Forum: General
Topic: 4G/LTE router with Dual SIM [SOLVED]
Replies: 20
Views: 1564

Re: 4G/LTE router with Dual SIM [SOLVED]

In general, a USB stick with LTE should work via USB, and multiple via a hub should too. But not all modems are compatible, and some may require issuing AT commands to switch modes. Mikrotik has a list of modem here: https://help.mikrotik.com/docs/spaces/ROS/pages/13500447/Peripherals#Peripherals-Ce...
by Amm0
Wed Jan 08, 2025 7:33 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2150

Re: NORMUNDS FOR PRIME MINISTER

Attempt4: Why did I volunteer to attend this event for Viktors......
I think the PM's drug-sniff dogs excluded him from the event.
by Amm0
Wed Jan 08, 2025 6:10 pm
Forum: General
Topic: NORMUNDS FOR PRIME MINISTER
Replies: 14
Views: 2150

Re: NORMUNDS FOR PRIME MINISTER

Maybe @normis is taking you seriously...
Gc_FYR5XkAAenOb-2.jpeg
I heard they were discussing Latvia buying Cloudflare...
by Amm0
Wed Jan 08, 2025 5:29 pm
Forum: General
Topic: Question on massive site-to-site VPN implementation
Replies: 13
Views: 1043

Re: Question on massive site-to-site VPN implementation

Jinx! But with way better details than I was able to provide. :-D I like the OP's presentation, since these choices are kinda of matrix. I'd already wrote my post when I got a conflict, otherwise I'd agree with your assessment ;). Perhaps I'm more agnostic on IPSec IKE2 vs WireGuard — neither have ...
by Amm0
Wed Jan 08, 2025 5:18 pm
Forum: General
Topic: Interface / MVRP Checkbox?
Replies: 3
Views: 1494

Re: Interface / MVRP Checkbox?

Well the text is confusing. But so is the RouterOS bridge interface... see @sindy's "RouerOS bridging mysteries explained", which pre-dates MVRP and dynamic /interface/bridge/vlan assignments: https://forum.mikrotik.com/viewtopic.php?t=173692 In 7.16 and above, /interface/vlan (i.e. dynami...
by Amm0
Wed Jan 08, 2025 4:46 pm
Forum: General
Topic: Question on massive site-to-site VPN implementation
Replies: 13
Views: 1043

Re: Question on massive site-to-site VPN implementation

For completeness, RouterOS also support OpenVPN in layer-2 - although whether multicast/OSPF//RoMON work on it IDK since I've not used it. On ZeroTier, you can run RouterOS as a controller without a license AFAIK. But your list does not capture that ZeroTier only works on ARM devices. Since that mea...
by Amm0
Wed Jan 08, 2025 3:59 pm
Forum: Scripting
Topic: :execute output to console? Or any other method?
Replies: 17
Views: 1389

Re: :execute output to console? Or any other method?

I just need the config spat out in the terminal to be seamlessly integrated with our config change software It's this I'm confused by: sending to terminal is different from automation. If your config software can use SSH to issue the "export" command, that will spit out to "terminal&...
by Amm0
Wed Jan 08, 2025 3:41 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1340

Re: LTE issue on reboot

On word of caution... while a missing interface may be the problem-du-jour, it hard to predict the future. And this is what makes scripting around LTE failure tricky. For example, your+AI script looks for "lte1" as the name of the interface...but over the course of many, many RouterOS vers...
by Amm0
Wed Jan 08, 2025 2:36 am
Forum: Scripting
Topic: Base64 and SHA256 function for Scripting
Replies: 12
Views: 6265

Re: Base64 and SHA256 function for Scripting

Yeah :convert transform= only does SHA512 only, even in 7.17rc6. I filed a ticked (SUP-126958) a year ago about SHA256 (and HMAC's) - in my case, it limits being about to sign AWS HTTP requests, which need SHA256. I got the "Thank you for the feature request. We will see what we can do." f...
by Amm0
Tue Jan 07, 2025 11:03 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1340

Re: LTE issue on reboot

Be careful, it might be easy to get trapped in a boot-loop this way ... Not really a concern.. if it goes into a loop it will be because the LTE card isn't working and if that's the case the unit is no good to us and its a swap out anyway That where the ping watchdog isn't a bad option... as that w...
by Amm0
Tue Jan 07, 2025 9:39 pm
Forum: General
Topic: Tools for graphs and reports
Replies: 10
Views: 1713

Re: Tools for graphs and reports

FWIW, you can run Splunk locally, so no cloud required. @Jonte uses syslog data to capture monitoring data - instead of SNMP (or REST/API) which is why it's pretty complete set of monitored things. Unfortunately, the log parsing is done via Splunk in @Jonte's approach... so not so easy to use Graphi...
by Amm0
Tue Jan 07, 2025 9:27 pm
Forum: General
Topic: LTE issue on reboot
Replies: 21
Views: 1340

Re: LTE issue on reboot

I'd add that if it's only some units... I'd make sure the RouterBOOT and LTE firmware matches, if you haven't already. RouterOS used to support a "/system routerboard settings set init-delay=5s" to delay LTE. I know the option is not on ARM, and docs support only RB9xx but might be worth c...
by Amm0
Tue Jan 07, 2025 7:59 pm
Forum: Wireless Networking
Topic: Are any Chateau 5G versions USA compaitble?
Replies: 2
Views: 590

Re: Are any Chateau 5G versions USA compaitble?

Those do not support LTE or 5G in US.

And there are NO 5G products in the line-up that have support for US bands. Closest you can do is the US variant of the LTE6 Chateau, and that one does not do AX Wi-Fi.
by Amm0
Mon Jan 06, 2025 5:53 pm
Forum: Wireless Networking
Topic: Use SXT6 LTE units as point to points
Replies: 5
Views: 1078

Re: Use SXT6 LTE units as point to points

AFAIK, it's an LTE antenna, and there is no Wi-Fi*. So if you want to make a PtP link OVER an LTE network, you can do that. But you cannot just use two SXT-LTE6 without some LTE network. In the US, you can use LTE Band 48 to create your on LTE network, but you need a eNB/etc hardware for that & ...
by Amm0
Mon Jan 06, 2025 4:56 pm
Forum: General
Topic: How can Mikrotik/RouterOS send emails using Gmail?
Replies: 15
Views: 8653

Re: How can Mikrotik/RouterOS send emails using Gmail?

Okay AMMO how does your router send you an email when your WAN goes down ;-PP
Well, if you have multiple WANs. ;)
by Amm0
Mon Jan 06, 2025 4:53 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139714

Re: v7.17rc [testing] is released!

But as I understand it, this mode is not compatible with wpa3-psk? Is there any example of how it is used? To use PPSK... you set "multi-passphrase-group" on a security profile, which will then use any password+vlan-id combo add'ed under /interface/wifi/security/multi-passphrase with the ...
by Amm0
Mon Jan 06, 2025 4:35 pm
Forum: General
Topic: downgrade ROS to pre-7.13 version [SOLVED]
Replies: 14
Views: 1563

Re: downgrade ROS to pre-7.13 version [SOLVED]

I too wish there was a long-term channel, since I too like more time after "stable" before upgrading production things... since sometime "stable" isn't quite stable. But I suspect your #3 problem isn't going away, since they have changed some of the permissions scheme (i.e. some ...
by Amm0
Mon Jan 06, 2025 4:54 am
Forum: Wireless Networking
Topic: Quectel Redcap RG255C-GL PCI-e 5G Modem Support
Replies: 9
Views: 2947

Re: Quectel Redcap RG255C-GL PCI-e 5G Modem Support

For the uninformed, does this mean it's possible to get the modem to function? I did have it working and then I shelved my wAP-R however when booting it back up it stopped working, the interface showing up as "inactive". Not sure if I've broken something or if something has changed on ROS...
by Amm0
Mon Jan 06, 2025 4:37 am
Forum: General
Topic: Tools for graphs and reports
Replies: 10
Views: 1713

Re: Tools for graphs and reports

My apologies for the late reply. I don't know why I don't get notifications. Some times the turtle wins the race. I believe 7.17rc (which is likely going to stable soon) has some new SNMP attributes – although I have NOT tested it. I maintain a webpage, https://tikoci.github.io/restraml/ , where yo...
by Amm0
Mon Jan 06, 2025 4:22 am
Forum: General
Topic: Doesn't RB5009 have a serial port?? [SOLVED]
Replies: 43
Views: 7827

Re: Doesn't RB5009 have a serial port?? [SOLVED]

What I don't get is that they added the serial port to the L009.... but not the 5009. Odd decision. (Just saw this today on a L009 I was installing in a rack.) The RB5009 came out before the L009, so I'd like to think MT learned a serial port is still useful ;). Also the L009 is a replacement for t...
by Amm0
Sun Jan 05, 2025 7:46 pm
Forum: General
Topic: Can i change Zerotier port number?
Replies: 5
Views: 737

Re: Can i change Zerotier port number?

You can if you want... it's on the "zt1" instances, so it applies to all connect ZT networks that use the instance. Theoretically, changing the default likely make ZT hole punching scheme go through an extra step internally, but cannot imagine it be significant.
by Amm0
Sun Jan 05, 2025 5:48 am
Forum: Beginner Basics
Topic: old configs don't work [SOLVED]
Replies: 16
Views: 2699

Re: old configs don't work [SOLVED]

So your have a Mikrotik router, it has one port going to some switch with 2+ devices with same IP and subnet? If each device with the same IP was connected to a different port on Mikrotik router, the duplicate IP/subnet is solved by adding an interface to route, in which case only a src-nat be neede...
by Amm0
Sun Jan 05, 2025 12:30 am
Forum: General
Topic: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]
Replies: 10
Views: 1674

Re: Bridging two MikroTik router LANs via back-to-home-vpn [SOLVED]

I believe you might be able to but not an easily. First, using wg-export is wrong - that's going to replicate the entire wireguard config... While what I think you want to do is make the router2 as peer to router1's BTH. So you need to create an additional BTH user ("shared user") via app ...
by Amm0
Sat Jan 04, 2025 7:23 pm
Forum: Beginner Basics
Topic: Router on Stick for lab purposes
Replies: 4
Views: 867

Re: Router on Stick for lab purposes

Cheapest is a CHR in a virtual machine. They have a free trial. And you can also use bigger tools like GNS3 to emulate multiple routers. If you want hardware, all the routes have same features including BGP/OSPF and certainly VLANs, so even a hAPaxLite or new "refresh" hEX both let you tes...
by Amm0
Sat Jan 04, 2025 6:25 pm
Forum: Forwarding Protocols
Topic: AMT - Automatic Multicast Tunneling support
Replies: 13
Views: 3470

Re: AMT - Automatic Multicast Tunneling support

If you open a feature request ticket, sometimes MT will say something to effect that it will be in the next release...
by Amm0
Sat Jan 04, 2025 5:12 pm
Forum: General
Topic: Feature request : Multipath TCP (MPTCP) support
Replies: 16
Views: 11658

Re: Feature request : Multipath TCP (MPTCP) support

Peplink does not use MPTCP to do WAN bonding. While possible to do same WAN bonding using subflows and proxy, the standards around MPTCP aggregation are all about client-server communication, not networking bonding. And, I'm not sure there is too much value in /tool/fetch being MPTCP aware which is ...
by Amm0
Fri Jan 03, 2025 5:22 am
Forum: General
Topic: veth MTU
Replies: 3
Views: 1311

Re: veth MTU

Up.

Also, is there a more official forum for feature requests? I don't want to submit a service ticket just for a wishlist item.
If you go to help.mikrotik.com, there is a category for feature requests. Stuff like adding a setting like MTU on VETH seems like a fair request.
by Amm0
Tue Dec 31, 2024 11:00 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 126
Views: 14043

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

And seems unstable today, with a lot of HTTP 500 errors & 1200+ active users shown now....
by Amm0
Tue Dec 31, 2024 6:28 pm
Forum: Scripting
Topic: Netwatch is not working properly
Replies: 5
Views: 941

Re: Netwatch is not working properly

Perhaps the issue is the ICMP check uses more data to decide up and down, like latency and %loss. If you're not using those... use "simple" as the netwatch, which also uses ICMP but only fails if a ping fails above timeout. The ICMP check will fail on a lot of things, which can create unex...
by Amm0
Sun Dec 29, 2024 3:21 am
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4101

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

change the 9.9.9.9 route's distance to 1, the dhcp one is not used since 0.0.0.0 routes to 9.9.9.9, which then routes to 192.168.168.1 - why it's called recursive routing: it goes through the route table twice. the one with distance 10 is in fact correctly not used/unavailable since a route with a h...
by Amm0
Sat Dec 28, 2024 5:44 am
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4101

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

For detection of failure of starlink... Three+ choices: 1. "check-gateway=ping", see https://help.mikrotik.com/docs/spaces/ROS/pages/4390920/Load+Balancing#LoadBalancing-SimpleFailoverExample & post my above To do this, you can add a script to the /ip/dhcp-client for starlink on hEX :i...
by Amm0
Fri Dec 27, 2024 6:54 pm
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4101

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

Not @Amm0 but if I may, these are the issues I've mentioned a few posts ago. @BartKindtNZ - sorry just reading this. But @sindy offers better advice here. I put him in the "meticulous" category too :). I was trying to get you up-and-running in few steps to be able to test/tweak... but I f...
by Amm0
Fri Dec 27, 2024 6:36 pm
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 39847

Re: Newsletter #122 | December 2024

Are we getting yet another offtopic monologue in the Newsletter topic? Yes. But highlights the need for better communication about their roadmap. i.e. If they giving up on the US market, that be good to know – none of new LTE products have US variants. The new cAPax+LTE is actually a nice offering ...
by Amm0
Tue Dec 24, 2024 6:40 pm
Forum: Scripting
Topic: Scripting error
Replies: 3
Views: 985

Re: Scripting error

I used Chatgtp for the following code however I cannot see anything wrong myself. VS Code with RouterOS (routeros) plugin cannot seem to find any faults during debugging too. Well, ":urlEncode" is not a thing, among other problems - like all the :execute may not be needed. But there a lot...
by Amm0
Mon Dec 23, 2024 3:21 pm
Forum: General
Topic: hAP ax Lite LTE - problems with connection [SOLVED]
Replies: 15
Views: 2063

Re: hAP ax Lite LTE - problems with connection [SOLVED]

Your APN settings from config don't look right. 0. Although it look like APN is wrong. Wth LTE, you should make sure the /system/routerboard firmware is updated too. In winbox, you can check this in System > RouterBoard and hit "Update". Also, that the LTE modem firmware is updated, which ...
by Amm0
Sun Dec 22, 2024 7:48 pm
Forum: Beginner Basics
Topic: V7.12Beta Back To Home VPN WireGuard not working on Dual ISP WAN. Support Required
Replies: 5
Views: 2825

Re: V7.12Beta Back To Home VPN WireGuard not working on Dual ISP WAN. Support Required

Agreed. But I'd point out that it will use any failover routes in main, but it take at least the DDNS update interval time for it to failover to 2nd WAN. BTH and WG both get complex when you want to use a routing table or PCC, instead of main. So using a more frequent update in /ip/cloud will quickl...
by Amm0
Sat Dec 21, 2024 9:30 pm
Forum: General
Topic: Zerotier help
Replies: 5
Views: 1401

Re: Zerotier help

Also, if same config works in 7.16, but does not work in 7.17... that be worth a ticket to support@mikrotik.com - ideally with a supout.rif for BOTH 7.16 and 7.17 since the supout.rif will have logs etc and your config for them.
by Amm0
Sat Dec 21, 2024 9:29 pm
Forum: General
Topic: Zerotier help
Replies: 5
Views: 1401

Re: Zerotier help

It's the "failed" on the ZT instance that is pretty odd. It could be a bug since I believe they updated the ZeroTier version in 7.17... But I have 7.17rc3 running on several wAPacR and RB1100AHx4 and ZT seems fine, so dunno exactly. You can also try to limit ZeroTier to just the upstream i...
by Amm0
Sat Dec 21, 2024 6:56 pm
Forum: General
Topic: Zerotier help
Replies: 5
Views: 1401

Re: Zerotier help

You'd have to post your configuration as the defaults should work to allow ZL1 tunnels. But you might try downgrading to 7.16.2 to see if is in fact an issue in the 7.17rc.... When you wipe the router... are you upgrading the firewire in /system/routerboard? Did you use something like "/system/...
by Amm0
Sat Dec 21, 2024 6:50 pm
Forum: Announcements
Topic: Newsletter #122 | December 2024
Replies: 80
Views: 39847

Re: Newsletter #122 | December 2024

Another newsletter... still nothing for LTE/5G that works outside EU, no Audience AX, no mixed voltage PoE switches, no devices with LCD & nothing more in the RB5009/L009 form factor. Disappointing year in hardware offerings IMO.
by Amm0
Sat Dec 21, 2024 6:30 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3022

Re: executing script from net failed

There are a lot of places script can live (PPP, netwatch, dhcp-client, dhcp-server, mqtt, etc. etc.). The message does mean some script is broken. So million dollar question is there any script that's enabled, someplace – that why everyone want to look at config. But at some level, I think opening a...
by Amm0
Sat Dec 21, 2024 6:11 pm
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4101

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

All true @sindy. I do normally use VRRP on the LANs, so forgot the ICMP would further delay "fail-back". My generalized worry is always over-engineering failover so that itself produces outages, like here starlink should be pretty reliable, so failover should be pretty rare... So if perhap...
by Amm0
Sat Dec 21, 2024 5:57 pm
Forum: Containers
Topic: I set the hostname to homeassistant.local but cannot access it.
Replies: 3
Views: 1100

Re: I set the hostname to homeassistant.local but cannot access it.

It might help if you got the port number correct - it's 8123 not 8321. That's probably why you "can't access it" (whatever that really means). LOL, yeah I didn't check that part... But Mikrotik's instructions for setting up HomeAssistant put it on a seperate bridge, so .local like also ma...
by Amm0
Fri Dec 20, 2024 11:53 pm
Forum: General
Topic: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]
Replies: 47
Views: 4101

Re: Failover between Routerboard Hex(Starlink) and a SXT LTE6 [SOLVED]

There are few ways to design this.... But, if you want something basic without VLANs or "passthrough".... I don't see harm in leaving the hEX as is, and then put the SXT on the hEX LAN. i.e. assuming all have default configuration, the most basic failover be to: - set the ip address of SXT...
by Amm0
Fri Dec 20, 2024 11:04 pm
Forum: General
Topic: Questions related to "Using RouterOS to VLAN your network"
Replies: 2
Views: 878

Re: Questions related to "Using RouterOS to VLAN your network"

4- Your base problem here might be that you are not aware a bridge has multiple personalities as explained in this thread. IMHO: heavy stuff, may take several readings before you really get it and I will admit I still don't get it completely myself. RouterOS bridge mysteries explained While that's ...
by Amm0
Fri Dec 20, 2024 5:45 am
Forum: Containers
Topic: I set the hostname to homeassistant.local but cannot access it.
Replies: 3
Views: 1100

Re: I set the hostname to homeassistant.local but cannot access it.

HomeAssistant has to be on the same LAN network as the browser for the .local name to resolve. This is because it use mDNS to "discover" the IP address, but mDNS require being on the same IP subnet to work. Mikrotik has a feature in 7.16, to enable broadcasting mDNS lookups, like homeassis...
by Amm0
Fri Dec 20, 2024 2:34 am
Forum: Containers
Topic: Container Memory/CPU usage visibility
Replies: 3
Views: 8902

Re: Container Memory/CPU usage visibility

Anyone knows/heard of container roadmap ? Being able to display memory/cpu consumed would be great.
+1, to both a roadmap & per-container mem/CPU. I'd also add showing the disk usage of a container be nice too.

Ideally via /container item, than having to start the profile tool to see it.
by Amm0
Thu Dec 19, 2024 6:07 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1661

Re: Incorporating a backup gateway into my setup

@slimprize - You can mark your top post as "solved". I don't think anyone cares too much about who solves... there are new puzzles in forum everyday. @anav - luck played a role too... since easiest case of failover is static IP as primary and DHCP as secondary, with the primary WAN gateway...
by Amm0
Wed Dec 18, 2024 8:42 pm
Forum: Beginner Basics
Topic: WireGuard or OpenVPN [SOLVED]
Replies: 51
Views: 12714

Re: WireGuard or OpenVPN [SOLVED]

Also, I think it is enough of hijacking this topic, better open new one for Xray in ROS container in "3rd party tools" section, since this conversation is gone OT. Or Mikrotik just add AmneziaWG and/or XRay containers to docs as examples and to test/fix /container support for them better....
by Amm0
Wed Dec 18, 2024 6:03 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1661

Re: Incorporating a backup gateway into my setup

Usually when this ISP has been done, I have been unable to ping even the modem because it is in bridge mode and does not have an IP address. Yup, and then it should failover from the check-gateway=ping. All more advanced approaches do get real complex, so if your ISP is bridge (and most are), the c...
by Amm0
Wed Dec 18, 2024 5:52 pm
Forum: RouterBOARD hardware
Topic: 5009 version with wifi ?
Replies: 63
Views: 5484

Re: 5009 version with wifi ?

I think, it's better to have separated roles.... RB must only be wired router. Personally, I'm not concerned by the nomenclature. So get RB5009 specifically having Wi-Fi may not be right in their name scheme, but some "hAPax4" in the RB5009/L009 frame be nice. As noted, IMO it's a common ...
by Amm0
Wed Dec 18, 2024 5:33 pm
Forum: Scripting
Topic: Using :return from :onerror in= command block
Replies: 13
Views: 1390

Re: Using :return from :onerror in= command block

P.S. Propose them in ticket with optional :return for both blocks :) Yeah I already put that in the ticket: While I get idea of :onerror could be used in an :if statement (which docs highlight)…. But in reality it likely be better if :onerror always returned :nothing unless an explicit :return was ...
by Amm0
Wed Dec 18, 2024 4:30 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1661

Re: Incorporating a backup gateway into my setup

Also, on the failover. As configured now, it will only use the 2nd WAN if the cable to 1st WAN is unplugged/gateway is turned off. Since it's a static route, it will use that regardless if packets arrive anywhere. One easy improvement is to change your: /ip route add disabled=no dst-address=0.0.0.0/...
by Amm0
Wed Dec 18, 2024 4:20 pm
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1661

Re: Incorporating a backup gateway into my setup

The distance is 0 for LAN/subnet specific routes, not the internet. So if 192.168.88.200 wants to talk to 192.168.100.100 etc etc, that what would use the distance=0 ones. These route are automatically created (thus the "D" in first column of print) by adding /ip/address (or IP address add...
by Amm0
Wed Dec 18, 2024 1:15 am
Forum: RouterBOARD hardware
Topic: 5009 version with wifi ?
Replies: 63
Views: 5484

Re: 5009 version with wifi ?

Well, the L009 does not have 5Ghz, so that's not quite an AP either... More devices in the same form factor be good. So +1 here... In ideal world, I think there should be some "stackable" solutions using the RB5009/L009 as "blades" to be able to use all the various RouterOS featu...
by Amm0
Tue Dec 17, 2024 8:35 pm
Forum: Scripting
Topic: Using :return from :onerror in= command block
Replies: 13
Views: 1390

Re: Using :return from :onerror in= command block

Yes, that's was my thought. No need to have mandatory return value when is not needed while handling error or when processing in={} . I filed a ticket on this (SUP-174412), since something isn't right here IMO. With a simplified example: # corrent per docs, but still weird: :put [:onerror e in={:re...
by Amm0
Tue Dec 17, 2024 7:54 pm
Forum: Scripting
Topic: Using :return from :onerror in= command block
Replies: 13
Views: 1390

Re: Using :return from :onerror in= command block

I agree for consistent behavior for block returns. Also if block has no :return command, then :onerror is should return :nothing so that :return command is optional in blocks. 100%. I just thought the do={} part was consistent, was my error here. Personally, :nothing be best from both do={} and in=...
by Amm0
Tue Dec 17, 2024 7:41 pm
Forum: Scripting
Topic: Using :return from :onerror in= command block
Replies: 13
Views: 1390

Re: Using :return from :onerror in= command block

Actually :onerror returns value from do={} block if executed when error occurs or false if no error. This is not correctly stated for :onerror command in doc : ... :onerror can return false (if there is no error) and true (if there is an error) values, so it can be used in :if condition statement s...
by Amm0
Tue Dec 17, 2024 6:03 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139714

Re: v7.17rc [testing] is released!

The whole VLAN stuff still s*cks! Any reasonable WiFi network has the capability to assign a different VLAN to each client either via RADIUS or via access list rules. While perhaps the older ac chipset cannot directly handle VLAN in hardware... the whole idea of RouterOS is these hardware differenc...
by Amm0
Tue Dec 17, 2024 5:45 pm
Forum: Scripting
Topic: Using :return from :onerror in= command block
Replies: 13
Views: 1390

Re: Using :return from :onerror in= command block

One man's bug is another man's feature... so IDK. My view is the operators are also functions, so they return values. In the case of [:onerror], it returns a boolean if there was an error (false = no error/do={} run / true = error inside in={}). Since :onerror returns bool if error.... that means th...
by Amm0
Tue Dec 17, 2024 3:18 am
Forum: Beginner Basics
Topic: Incorporating a backup gateway into my setup
Replies: 14
Views: 1661

Re: Incorporating a backup gateway into my setup

Now, how do I add another gateway? Let us assume that it will be on ether4. I suspect the first thing I will have to do is to remove ether4 from the lan list so that the dhcp server does not give any IP addresses on that port. I will need to add a default route with a greater distance but I am not ...
by Amm0
Mon Dec 16, 2024 5:54 pm
Forum: General
Topic: L009 - don't like it...
Replies: 16
Views: 1878

Re: L009 - don't like it...

Agree with the sentiment here – Mikrotik PoE support is all over the place & poorly documented. While the RB5009/L009 form factor is great, there really is no "PoE switch" in this form...

But the L009 is a replacement for the RB2011, not the [old] HexS, per se...
by Amm0
Mon Dec 16, 2024 5:42 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3022

Re: executing script from net failed

This kind of log entries are vague, as seen here: https://forum.mikrotik.com/viewtopic.php?t=209998#p1093607 but the Mikrotik support should know what "net" is (or is supposed to be) I think my grip is forum is beating up OP, when Mikrotik's log message is shitty — these "executing s...
by Amm0
Mon Dec 16, 2024 5:31 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3022

Re: executing script from net failed

Log files do show something is running, no ? And that part is defined ... in your config. Exactly, the error message tells the story. There is not a "net" service that runs scripts AFAIK, why this one is odd.... Now perhaps the config has something strange, but if MT ask for a case, that'...
by Amm0
Mon Dec 16, 2024 5:24 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3022

Re: executing script from net failed

Although I agree I'm not sure what "net" means – that's not one in docs, google or forum.

But I do think folks would like review your config to double-check — as that the most definitive on what should happen. See:
viewtopic.php?t=203686#p1051720
by Amm0
Mon Dec 16, 2024 5:05 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3022

Re: executing script from net failed

Which is why we need at least some info on what script is running and how.

Otherwise we are all simply guessing.
It looks like a bug IMO, since there is no RouterOS service that run scripts that's called "net".... I just hope OP did attach the supout.rif for Mikroik.
by Amm0
Mon Dec 16, 2024 5:00 pm
Forum: Scripting
Topic: executing script from net failed
Replies: 35
Views: 3022

Re: executing script from net failed

In fairness to OP, the question was about the log message, not a script error... In the error message: "executing script from XXX failed. please check it manually." the XXX is normally something like "scheduler", "netwatch", etc.... So I too like to know what "from...
by Amm0
Sun Dec 15, 2024 10:35 pm
Forum: General
Topic: What does MT iPhone app need that Winbox doesn't?
Replies: 5
Views: 1039

Re: What does MT iPhone app need that Winbox doesn't?

When you connect to the routers Wi-Fi on iPhone, and using the router's IP address is that what is not does not working? Or... is it the neighbors view that's not working? Also, you do NOT have /ip/dhcp-server/network... So check if you're getting a valid IP address on the iPhone in the same subnet....
by Amm0
Sun Dec 15, 2024 10:08 pm
Forum: General
Topic: Saving router configuration backup
Replies: 4
Views: 802

Re: Saving router configuration backup

From the router, you have /tool/fetch mode=sftp (or =ftp):
https://help.mikrotik.com/docs/spaces/R ... 8514/Fetch

Otherwise from Linux/etc, scp will work like ssh. But AFAIK there is no scp from router to another device.
by Amm0
Sun Dec 15, 2024 6:31 pm
Forum: Beginner Basics
Topic: docker macvlan and mikrotik
Replies: 5
Views: 1412

Re: docker macvlan and mikrotik

I think a diagram would help. And describing what problem you're trying to solve too. I have no clue from your description.
by Amm0
Sun Dec 15, 2024 4:01 am
Forum: Beginner Basics
Topic: Turning off default SMB and DLNA
Replies: 9
Views: 2532

Re: Turning off default SMB and DLNA


Set:
/disk/settings/set auto-smb-sharing=no auto-media-sharing=no 
[...]
ip/smb/print
enabled: yes
status: enabled
domain: MSHOME
comment: MikrotikSMB
interfaces: brg-lan
Did you try /ip/smb/set enabled=no or /ip/smb/set enabled=auto ?
by Amm0
Sun Dec 15, 2024 3:45 am
Forum: General
Topic: DoH DNS queries with multi WAN redundancy
Replies: 2
Views: 703

Re: DoH DNS queries with multi WAN redundancy

Well... If your using Google or Cisco OpenDNS as your DoH provider... Those will go out the canary routes in your recursive routes.
by Amm0
Sat Dec 14, 2024 6:48 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 290
Views: 37445

Re: wAP ax?

I luv it, I think MT should send you some swag and use it on their christmas show!! Holvoe is just not in the Xmas spirit yet!!! I thought the goal with wAP was it that it's more subtle than a cAP – but adding stickers only draw more attention.... But I am supportive of some groove boxers for the e...
by Amm0
Sat Dec 14, 2024 2:08 am
Forum: Scripting
Topic: how to get current WAN-IP?
Replies: 3
Views: 852

Re: how to get current WAN-IP?

Yeah I'm not sure the "best way" here... I think parsing the /ip/route and the intermediate gateway value, and then looking up /ip/address based on what was found+parsed from /ip/route is kinda the only indirect way to do this. Could be wrong, maybe someone else is smart here... Another ap...
by Amm0
Fri Dec 13, 2024 10:46 pm
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1876

Re: Where is the Audience AX?

Uh ?? cAPaxLTE12 PDF shows PoE passthrough. But no 2nd 5Ghz radio, doesn't sit on a desk/shelf/etc, and another 4G EU-only modem... Also, there was another thread after mine showing a new KNOT, ATL, and some "LMP 5G": https://forum.mikrotik.com/viewtopic.php?t=213245 It's actually quite f...
by Amm0
Fri Dec 13, 2024 9:04 pm
Forum: The User Manager
Topic: User Manager export users
Replies: 4
Views: 2526

Re: User Manager export users

I think the users view is from TWO CLI commands: /user-manager/user/print /user-manager/user/monitor So it's a PITA/complex... But you store the "print as-value", then :foreach over it and run monitor on each users to get the total-download, etc stats to add to the array from print. So som...
by Amm0
Fri Dec 13, 2024 6:54 pm
Forum: Wireless Networking
Topic: Feature Request - Zigbee
Replies: 12
Views: 7853

Re: Feature Request - Zigbee

Another approach is for Mikrotik to make miniPCIe (or M.2) with Zigbee/802.15.4/BT/etc support. They do this with LoRaWAN models, so then any existing model with expansion slots can be enabled for LoRa, either at the factory (like wAP-LR8) or by user.
by Amm0
Fri Dec 13, 2024 3:16 am
Forum: General
Topic: define array with several strings [SOLVED]
Replies: 2
Views: 1132

Re: define array with several strings [SOLVED]

~ is for a regular expression, not an array...

So you can use a string with a valid regex like:
:global abc "youtube|google|amazon"
by Amm0
Thu Dec 12, 2024 7:47 pm
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1876

Re: Where is the Audience AX?

How long did it take for wap AX to come out ? Well, the wAPac also had LTE variants – which have not come out... I just don't want the same thing on some Audience AX, since our use case generally involve having LTE/5G. And they've done nothing for the US market. Basically everything lately has take...
by Amm0
Thu Dec 12, 2024 7:13 pm
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list [SOLVED]
Replies: 13
Views: 2401

Re: Resutt of print command to variable adress list [SOLVED]

FWIW, The topic of YouTube blocking comes up often. But I don't think I've ever seen anyone use kid-control for it. It be curious if you report back on success/failure, since it's always a hot topic. While docs are unclear how kid-control is getting activity, I have to presume it requires forcing us...
by Amm0
Thu Dec 12, 2024 7:01 pm
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1876

Re: Where is the Audience AX?

Everyone likes the Audience, at least since first wifiwave2 driver. I just ordered more, which had me checking the FCC, and thus this post. It's actually the vlan assignment in AX drivers that bigger issue for me than AX specifically & some better antenna design for LTE/5G (since it doesn't even...
by Amm0
Thu Dec 12, 2024 6:29 pm
Forum: Beginner Basics
Topic: VLAN and Smart home stuff block from internet only for BTH VPN
Replies: 9
Views: 2285

Re: VLAN and Smart home stuff block from internet only for BTH VPN

First, a sanitized config may help to know where you're starting. While you can add a VLAN in a few steps to separate out devices, you may want to consider what you exactly mean by "trusted" and "untrusted" & if "untrusted" devices need to use some kinda broadcast/d...
by Amm0
Thu Dec 12, 2024 5:35 pm
Forum: RouterBOARD hardware
Topic: Where is the Audience AX?
Replies: 10
Views: 1876

Where is the Audience AX?

One of the better Mikrotik devices is the Audience – especially with newer wifi-qcom-ac drivers. Yet, all the other models have been "refresh" & no sign of newer Audience on the horizon (i.e. based the FCC filing). My main grips in current model (specifically Audience+LTE6 model) are: ...
by Amm0
Thu Dec 12, 2024 5:04 am
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list [SOLVED]
Replies: 13
Views: 2401

Re: Resutt of print command to variable adress list [SOLVED]

Couple of things: 1. the "find" gets returns the ".id" attributes for any matched results to activity~"youtube" - so $ipaddrs should be a list of *xx values - so that right 2. but... using "get <id> <attribute>" is valid form, but it's just a shortened version...
by Amm0
Thu Dec 12, 2024 4:52 am
Forum: General
Topic: Routing question in ROS 7
Replies: 3
Views: 979

Re: Routing question in ROS 7

Good to hear. It's a bit confusing at first... FWIW rules run from top to bottom, first match wins. So when you create a broad rule (i.e. all traffic on an interface), it does mean send ALL traffic, including local ones, to the specific routing table=. Why adding your local routes as rule to "m...
by Amm0
Thu Dec 12, 2024 4:30 am
Forum: General
Topic: Routing question in ROS 7
Replies: 3
Views: 979

Re: Routing question in ROS 7

I think your missing a /routing/rule that says traffic NOT to internet should use "main" routing table (i.e. the 0.0.0.0/0 route, which is represented as min-prefix=0). This rule should be list FIRST - before the WAN-per-interface route rules - otherwise local traffic is ALSO route to WAN'...
by Amm0
Wed Dec 11, 2024 7:28 pm
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list [SOLVED]
Replies: 13
Views: 2401

Re: Resutt of print command to variable adress list [SOLVED]

I guess it should be something like this, but I don't use kid-control so cannot test
:foreach ipaddr in=[/ip/kid-control/device/find activity~"YouTube"] do={
     /ip/firewall/address-list name=ytkids timeout=1h address=[/ip/kid-control/device/get $ipaddr ip-address]
}
by Amm0
Wed Dec 11, 2024 4:55 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

I'm with @anav here. @normis you have to realize you come off as insulting to your users sometimes, including me. the name literally includes the word "home" There was an incident, and it's "blame the user"? And that "home" in name means unreliability? Most vendors ofte...
by Amm0
Wed Dec 11, 2024 2:16 pm
Forum: General
Topic: IP Cloud (Dynamic DNS) down?
Replies: 101
Views: 15852

Re: mynetname is down ?

We depend on this service for critical operations, so having a reliable alternative or knowing when it will be restored would be greatly appreciated. Universal solution would be for Mikrotik to implement DNS RFC2136 support allowing dynamic record updates to *any* standards compliant DNS server/ser...
by Amm0
Wed Dec 11, 2024 4:09 am
Forum: General
Topic: IP Cloud (Dynamic DNS) down?
Replies: 101
Views: 15852

Re: mynetname is down ?

Since DDNS going down is an ongoing issue, I wish Mikrotik would provide a website that informs people about what's happening. The website could possibly include an ETA.
Perhaps they need to start with a pager for someone... They don't seem to do well with issues in middle of the [Riga] night...
by Amm0
Wed Dec 11, 2024 2:52 am
Forum: General
Topic: Mikrotik DDNS is down
Replies: 2
Views: 1476

Re: Mikrotik DDNS is down

Not alone, this incident seems to be tracked here: viewtopic.php?t=213191
by Amm0
Wed Dec 11, 2024 1:54 am
Forum: General
Topic: IP Cloud (Dynamic DNS) down?
Replies: 101
Views: 15852

Re: mynetname is down ?

Yup, seems down.

And also means BackToHome (BTH) is down too....Just tried enabling on a router and it gets stuck at "allocating endpoint"
by Amm0
Tue Dec 10, 2024 7:29 pm
Forum: General
Topic: BTH + ECMP
Replies: 6
Views: 937

Re: BTH + ECMP

yeah the first thing I do in every config is blow up capsman and obliterate IPV6. They are like parasites that drain my energy ;-) LOL, I know your thoughts there & BTH does use IPv6 - why I highlight that detail ;). Although I suspect OP running into the WG+multipath "issue"...
by Amm0
Tue Dec 10, 2024 7:26 pm
Forum: General
Topic: Need help with blocking port 25
Replies: 2
Views: 642

Re: Need help with blocking port 25

You might want to post your config. By default, port 25 is allowed outbound.

If your added rule to block outbound 25 is after an "accept", that could be the problem.
by Amm0
Tue Dec 10, 2024 7:02 pm
Forum: General
Topic: BTH + ECMP
Replies: 6
Views: 937

Re: BTH + ECMP

Yeah config going to be needed here. One additional consideration, is if you have IPv6 enabled, BTH will use IPv6 if available. This may or may not be expected, so might want confirm in /ip/firewall/connections and/or /ipv6/firewall/connections to see... RouterOS comes with IPv6 enabled, but sometim...
by Amm0
Tue Dec 10, 2024 5:50 pm
Forum: General
Topic: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)
Replies: 12
Views: 2097

Re: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)

@ammo, Agree, in concept... But the problem is often "sync everything, except..." - with except part making it tricky. sounds like a developer having a tough project because the customer keeps changing his mind?? 😅 I spend 20+ years in software engineering, so I'm a bit sympathetic to Mik...
by Amm0
Tue Dec 10, 2024 5:19 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 29
Views: 3205

Re: Do AP's come with all router functions?

- Does RouterOS allow you to fully disable multicasting? LLDP? STP? By disabling I mean killing the services and not have any processes listening on respective ports or just not having processes running at all. It would be even better to be able to completely remove related packages via CLI! You ca...
by Amm0
Tue Dec 10, 2024 1:36 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139714

Re: v7.17rc [testing] is released!

DNS in a VRF still doesn't work... 7.17rc2 As explained already before, setting VRF parameter allows to listen for DNS queries in a VRF. Feature to connect to remote DNS servers via VRF does not exist yet. That detail should be in the docs, not just this beta thread, too: https://help.mikrotik.com/...
by Amm0
Tue Dec 10, 2024 4:49 am
Forum: General
Topic: How to set ssh terminal width?
Replies: 10
Views: 5058

Re: How to set ssh terminal width?

I had to make a meme about it. But seriously. Thank you. I'm all set for what I needed. I hope someone else gets some value from this thread. LOL. A bug report to support@mikrotik.com on the user+1000w not working might have been more productive ;) - as I'm pretty sure the user+100w stuff is broken...
by Amm0
Tue Dec 10, 2024 2:51 am
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list [SOLVED]
Replies: 13
Views: 2401

Re: Resutt of print command to variable adress list [SOLVED]

I guess I don't understand, since it just bytes per "kid" AFAIK. So if you want to add the IP address of some kid to the address-list based on traffic volume, not site. I've never heard of kid control doing anything with content filtering, so really not sure what you're after. Do you have ...
by Amm0
Tue Dec 10, 2024 2:44 am
Forum: General
Topic: VLAN Experts' help needed
Replies: 14
Views: 1682

Re: VLAN Experts' help needed

You may need to enable the RTSP firewall helper for the IPTV. But if your using Spainish Movistar IPTV... I believe there are some issues IGMP proxy that block that from working. Also EOIP with WG is going to reduce the MTU, so I'm not 100% sure the IPTV packet fit over the lower MTU....so that may ...
by Amm0
Tue Dec 10, 2024 2:40 am
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list [SOLVED]
Replies: 13
Views: 2401

Re: Resutt of print command to variable adress list [SOLVED]

Well, now you have me more confused. Kid control does not do blocking of sites, only controls access by time. RouterOS is poorly suited to do content filtering. So, even in terms of scripting, I'm not sure what your what your trying to gleam from /ip/kid-control/devices since it just what "kids...
by Amm0
Tue Dec 10, 2024 2:18 am
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list [SOLVED]
Replies: 13
Views: 2401

Re: Resutt of print command to variable adress list [SOLVED]

You'd normally use a script on the /ip/dhcp-server to do this, in which case "print" is not involved, only "/ip/firewall/address-list add ...", see "lease-script=" under https://help.mikrotik.com/docs/spaces/ROS/pages/24805500/DHCP#DHCP-DHCPServerProperties Is there som...
by Amm0
Tue Dec 10, 2024 2:11 am
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2 [SOLVED]
Replies: 14
Views: 3695

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2 [SOLVED]

You might try setting STP to "none", as you could something could be going into a blocking state during the configuration process. But otherwise it looks right to me... Also, in 7.16+, it's safe to set vlan-filtering=yes when you create the bridge, as the default bridge/ports all use a &qu...
by Amm0
Tue Dec 10, 2024 1:35 am
Forum: General
Topic: Do AP's come with all router functions?
Replies: 29
Views: 3205

Re: Do AP's come with all router functions?

Would clients running WireGuard (such as Windows clients running official WireGuard NT) be able to pull 700-800Mbps on Chateau AX Pro? I don't expect such throughput when running WireGuard on router itself, but fast PC's with WireGuard NT should be able to achieve such throughput. Well, if WG is ru...
by Amm0
Tue Dec 10, 2024 12:13 am
Forum: General
Topic: No wan access using back to home
Replies: 6
Views: 1235

Re: No wan access using back to home

Hmm, not 100% without more inspection.... But I think 192.168.216.0/24 needs to be in the "allowed_to_router" list. That would be for remote user access to the config of the router, I thought he was asking for access to the LAN subnets...... Now that I look, correct. But I read the OP as ...
by Amm0
Mon Dec 09, 2024 11:51 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 29
Views: 3205

Re: Do AP's come with all router functions?

Mikrotik has a secure boot options (/system/routerboard), "locking out" features (and flagging) via /system/device-mode , and RouterOS packages are all signed. RouterOS does not use Linux standard GNU tools, so the split between kernel and user-mode is pretty abstracted by the CLI & th...
by Amm0
Mon Dec 09, 2024 11:33 pm
Forum: Beginner Basics
Topic: Can't create script [SOLVED]
Replies: 4
Views: 1205

Re: Can't create script [SOLVED]

they?

what video?
Probably one of @dru's videos on scripting on YouTube. Although he's pretty good about using the name in other places, https://youtu.be/2WsFhkLVaMY?t=254
by Amm0
Mon Dec 09, 2024 11:20 pm
Forum: General
Topic: No wan access using back to home
Replies: 6
Views: 1235

Re: No wan access using back to home

Hmm, not 100% without more inspection.... But I think 192.168.216.0/24 needs to be in the "allowed_to_router" list.
by Amm0
Mon Dec 09, 2024 10:12 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 29
Views: 3205

Re: Do AP's come with all router functions?

Normally "AP" are strictly AP's.
Perhaps, but I've seen "router features" (e.g. NAT to internet) on most other vendor "APs" (outside perhaps UBNT).

And, in Mikrotik, all APs are routers running RouterOS (at some license level, which may limit things too).
by Amm0
Mon Dec 09, 2024 8:34 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

I am not aware of the address range used, so you are saying it starts the first one given to the admin on his smartphone as 192.168.216.2 and the next .3 and so forth.
Yup, admin/"1st user" is 192.168.216.2, and any added BTH users/"2nd+ users" start at .3, ...
by Amm0
Mon Dec 09, 2024 7:19 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

@Ammo: does this sound right. Challenge: Allow BTH users to go out internet and LAN. a. Establish BTH network with 5 users plus admin b. Do select NO for lan access initially --> I have a reason. :-) Go to /ip/firewall/address-list and copy down all the user Ip addresses. c. Unselect NO for lan acc...
by Amm0
Mon Dec 09, 2024 7:08 pm
Forum: Scripting
Topic: concatenate variable names
Replies: 11
Views: 1252

Re: concatenate variable names

I'm more curious what underlying problem got someone to think concatenating an actual variable name is the solution... ;)
by Amm0
Mon Dec 09, 2024 6:37 pm
Forum: Scripting
Topic: concatenate variable names
Replies: 11
Views: 1252

Re: concatenate variable names

Just use a 2nd variable.
But this is not what OP ask: concatenate variable names
Well I'm not sure OP was very clear. ;) String interpolation get's tricky with variables and numbers... i.e. "$($var123)456" syntax isn't entirely obvious too.
by Amm0
Mon Dec 09, 2024 6:30 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 2890

Re: ECMP doesn't work for Load balancing [SOLVED]

@Amm0, Yup, but a default route in main is sufficient to meet this requirement. Also, I'm pretty sure that statement in the documentation is a simplification the author has used to avoid the need to explain that this requirement (for some route to exist in main ) is only related to own outgoing tra...
by Amm0
Mon Dec 09, 2024 6:16 pm
Forum: General
Topic: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)
Replies: 12
Views: 2097

Re: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)

Agree, in concept... But the problem is often "sync everything, except... " - with except part making it tricky. For example, the src-nat or dst-nat might vary in a VRRP setup, while all other firewall be same. How to express that in config, IDK.... I guess IMO VRRP isn't special in the ne...
by Amm0
Mon Dec 09, 2024 11:45 am
Forum: Scripting
Topic: concatenate variable names
Replies: 11
Views: 1252

Re: concatenate variable names

Just use a 2nd variable.
:global hello 123
:global hello2 "$($hello)456"
:put $hello2
123456
by Amm0
Sun Dec 08, 2024 7:13 pm
Forum: Beginner Basics
Topic: mikrotik router os install in window via vmware
Replies: 8
Views: 1289

Re: mikrotik router os install in window via vmware

i just used as a bridge can you explain me step by step i can ping in mikrotik router ether1 to 8.8.8.8 but lan out not working Bridge works and likely want you'd want, essentially like a MACVLAN so RouterOS get's own MAC address. It's "host only" that is unlikely useful in any case. Alth...
by Amm0
Sat Dec 07, 2024 11:24 pm
Forum: Scripting
Topic: run scrip on dhcp renew [SOLVED]
Replies: 6
Views: 1338

Re: run scrip on dhcp renew [SOLVED]

Ah, you want to register any DHCP lease in DNS... I believe you need an else={ ... } in the :if ( \$leaseBound = 1 ) { ... } statement for the "expired" case. Or, add another :if ($leaseBound = 0) do={} work too for expired dhcp leases. But your bigger problem is likely that /tool/dns-upda...
by Amm0
Sat Dec 07, 2024 11:11 pm
Forum: Announcements
Topic: Question to our users about controllers
Replies: 86
Views: 83272

Re: Question to our users about controllers

I know we had a similar topic a while ago, but here there are some more specific questions. [...] As there are a lot of standards for managing network devices (https://xkcd.com/927/) my suggestion is to KISS and use whatever is there already - ansible for those who can code, API for those who can u...
by Amm0
Sat Dec 07, 2024 10:46 pm
Forum: General
Topic: How to set ssh terminal width?
Replies: 10
Views: 5058

Re: How to set ssh terminal width?

[...] If I use the brief option, as suggested in this thread, I still don't get the HOST-NAME column. If I use the detail option, I get the full hostname, but now the output is in this multi-line stanza format that I have to parse. What I really want is the IP address and the hostname and nothing e...
by Amm0
Sat Dec 07, 2024 6:25 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 2890

Re: ECMP doesn't work for Load balancing [SOLVED]

Re macvlan, it might be useful in some cases... but adds more complexity if it's not actually needed was my point. you cannot just add a route to routing table unless same route exists in the main routing table Can you elaborate on why should doing so be a problem? The docs on Policy Routing have on...
by Amm0
Sat Dec 07, 2024 6:12 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 2890

Re: ECMP doesn't work for Load balancing [SOLVED]

I'm not sure purpose behind using the intermediate macvlan in the first place...

Also, you cannot just add a route to routing table unless same route exists in the main routing table, which may be first order problem in OP's approach.
by Amm0
Sat Dec 07, 2024 5:49 pm
Forum: Scripting
Topic: run scrip on dhcp renew [SOLVED]
Replies: 6
Views: 1338

Re: run scrip on dhcp renew [SOLVED]

I'm a bit confused. Normally, you use DDNS on a /ip/dhcp-client script (not "DHCP server" mention in top post)... First, /tool/dns-update uses the RFC scheme to update a DNS server, but few/none "cloud" DNS providers use that method. So /tool/dns-update pretty much work only with...
by Amm0
Sat Dec 07, 2024 5:37 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

I think it's Linux where the SVG is useful. On Mac/Windows, the icon file isn't needed since it bundled. But with Linux, there are different window managers. And using a SVG allow you use the "scalable" icon directory, while rastered PNG/etc require using the resolution specific directorie...
by Amm0
Fri Dec 06, 2024 9:36 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 408
Views: 139714

Re: v7.17rc [testing] is released!

HAP AC2 with 7.17rc2:[...] If from a phone connected to wifi I copy any file of average size 296MB, the transfer starts well but randomly in a percentage that is always different, the router goes into kernel panic and restarts completely. I formatted in ROS if it can be a detail.. Serious BUG !! Ev...
by Amm0
Fri Dec 06, 2024 4:43 am
Forum: Wireless Networking
Topic: Quectel Redcap RG255C-GL PCI-e 5G Modem Support
Replies: 9
Views: 2947

Re: Quectel Redcap RG255C-GL PCI-e 5G Modem Support

The redcap mean "reduced capacity" so are speed limited than "full" 5G modem... so IMO routing performance is even less important since it not going to be GBs. Thus I'm not sure NAT-less IP routing from a "main" router to the LTE device is the end of the world, vs. &quo...
by Amm0
Fri Dec 06, 2024 4:23 am
Forum: General
Topic: Feature Request
Replies: 3
Views: 1762

Re: Feature Request

+1 - you have a lot of good suggestions that I'd agree with. If you're configuring routers professionally, they do have the branding kit, so if you want to update the default configuration you can use that to do it. If you want to keep QuickSet working, you need to start with the existing default co...
by Amm0
Fri Dec 06, 2024 3:56 am
Forum: Scripting
Topic: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]
Replies: 7
Views: 1564

Re: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]

there is even a curl to Mikrotik fetch converter https://tikoci.github.io/postman-code-generators/ [...] curl -k -u user:password -X POST http://1.2.2.3:80/rest/system/identity/set --data "{\"name\":\"MikrotikTEST\"}" -H "content-type: application/json" This ...
by Amm0
Fri Dec 06, 2024 3:32 am
Forum: Scripting
Topic: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]
Replies: 7
Views: 1564

Re: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]

Maybe you just missed the options keep-result=no https://help.mikrotik.com/docs/spaces/ROS/pages/47579162/REST+API https://help.mikrotik.com/docs/spaces/ROS/pages/8978514/Fetch I think in V7, using output=none is generally preferable. Although imagine in that case there same. But output= allows you...
by Amm0
Fri Dec 06, 2024 3:19 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

I have a question about relaying. My Mikrotik router is behind a CGNAT connection, so the IPv4 address I receive from my provider is not directly accessible from outside. I have assigned a static IPv4 via an IPIP6 tunnel through a server and added a global route in a separate routing table. With th...
by Amm0
Fri Dec 06, 2024 3:12 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

(I was hoping @normis would chime in, since @anav asks good questions. But I'll try...) I want to know more about this line............ In case of going through relay, speed could be limited. Clearly we have limits on client end for ISP, and limits at Router end from its associated ISP connection a...
by Amm0
Thu Dec 05, 2024 6:17 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 17
Views: 2860

Re: Secure Remote Access - QuickSet VPN

Setup DDNS on the Unifi GW. [...] The Mikrotik is behind NAT so I am going to setup WG port forwarding to the RB2011 and try to get it to pass traffic. [...] I have tried a mangle rule to mark connection, it flooded the logs, so back to my copy of RouterOS by Example I go. Would I be correct in tha...
by Amm0
Thu Dec 05, 2024 12:28 am
Forum: Containers
Topic: How can I get veth1 to work?
Replies: 13
Views: 2283

Re: How can I get veth1 to work?

So disk1 is getting created on the flash, with the path of "disk1"...
Do you have a USB or other disk connected?
Because... you may be out of disk space on the flash... Check /system/resource/print and look at free-hdd-space.
by Amm0
Tue Dec 03, 2024 4:57 am
Forum: Beginner Basics
Topic: Port forwarding FQDN
Replies: 3
Views: 868

Re: Port forwarding FQDN

The RB951 does not support containers, but running the Cloudflare container be best way to get traffic to the Mikrotik. You can create a dst-nat in /ip/firewall for the port to enable port forwarding. Since the FQDN point's the router IP, that's all that's technically needed. Your relaying on the se...
by Amm0
Tue Dec 03, 2024 4:42 am
Forum: RouterBOARD hardware
Topic: Switch in RB509/L009 FormFactor
Replies: 8
Views: 2456

Re: Product idea: switch in RB5009 form factor

The RB5009 / L009 format factor is a winner. Mikrotik promised a "series" using same form factor in an older YouTube video. It be nice to have a switch to be able to combine multiple RB5009 in same rack. The one SFP is pretty limiting. Now I personally wished they had an "accessory&qu...
by Amm0
Mon Dec 02, 2024 5:03 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 86
Views: 10832

Re: WireGuard Multi-WAN Policy Routing

Nothing prevents you from going to a different vendor, or using a different VPN then wireguard. Just suggestions..........
Or, Mikrotik fixes their implementation to work like the rest of RouterOS.
by Amm0
Mon Dec 02, 2024 5:01 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

*) implement opened windows list
Thanks. One subtle thing is the "keyboard help" shown at bottom should use the platform-specific terms for "Alt", which on Mac be "Option" or the ⌥ symbol.
OptionNotAlt.png
by Amm0
Sun Dec 01, 2024 10:45 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 86
Views: 10832

Re: WireGuard Multi-WAN Policy Routing

Sorry your trivial case nonsense is pure BS. Many folks that come here for assistance have normal multi-wan setups, not all can have specialized, niche vpn WAN only setups. It's not trivial. Mikrotik has plenty of users that use iBGP/OSPF/etc. One could also equally argue that Mikrotik focus on hom...
by Amm0
Sat Nov 30, 2024 6:50 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 1260

Re: Adding existing preformatted disks

Nope. ;)

But they don't say version etc, so yeah compatibility might be tricky but dunno obviously... So worth a ticket.
by Amm0
Sat Nov 30, 2024 5:40 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 1260

Re: Adding existing preformatted disks

@mkx is correct, RouterOS basically uses the Linux kernel, but not the Linux tools. So AFAIK there is only the hardware encryption with OPAL that is support. You can file a feature request at https://help.mikrotik.com & see what Mikrotik says. They have been adding things to ROSE, and some softw...
by Amm0
Sat Nov 30, 2024 3:16 pm
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 1201

Re: First script problem - just won't execute

Wow lots of ways to do this. I was answering the scripting question, since I figure your trying to learn scripting. But I too was not sure what you're trying to do.... If you have a "backup WAN"... typically you'd put a script on the "primary WAN" DHCP to change the default rout...
by Amm0
Sat Nov 30, 2024 5:58 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 1201

Re: First script problem - just won't execute

It can be inside {} but NOT between attributes, which else={} is actually a property of the :if.
by Amm0
Sat Nov 30, 2024 1:35 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 1201

Re: First script problem - just won't execute

At least one problem is the comment in the :if - else= is an attribute and you cannot just insert a comment in-between (i.e. the "# Else at least one such route exists") If you paste in into CLI, it show you where the problem is too. Or, even syntax checking in /system/script/edit which sh...
by Amm0
Sat Nov 30, 2024 12:04 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 1201

Re: First script problem - just won't execute

That is a script for /ip/dhcp-client. $bound does not exist in /system/script.
by Amm0
Fri Nov 29, 2024 11:26 pm
Forum: General
Topic: Bug - Hyper-V CHR after upgrading 7.14.1 to 7.15 [SOLVED]
Replies: 1
Views: 843

Re: Bug - Hyper-V CHR after upgrading 7.14.1 to 7.15 [SOLVED]

That's an odd one. Since you're saying allocating more memory helps, I guess it's possible if there is a new driver that allocates some memory buffer. The docs suggest : The minimum required RAM depends on interface count and CPU count. You can get an approximate number by using the following formul...
by Amm0
Fri Nov 29, 2024 11:13 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1757
Views: 509345

Re: 📣 WinBox 4 is here 📣

I do prefer winbox v3 but I am afraid that in the future I will not be able to use Winbox v3 anymore because newer RouterOS will not support it anymore, meaning I will be forced to not update my routers, which I realy don't want to do Mikrotik could comment on this.... But that may not necessarily ...
by Amm0
Fri Nov 29, 2024 11:05 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 2293

Re: Wireguard routing

Actually AMMO, you can use a single wireguard interface, and just use a different IP address schema for the road warriors, if you need some granularity over firewall rules..... Yeah that's true: different peers + subnet is enough for firewall. A different interface only adds using the different por...
by Amm0
Fri Nov 29, 2024 7:44 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 2293

Re: Wireguard routing

Have you consider just using a dedicated subnet for the WG between site A and site B, then using normal routing (/ip/route) instead of WG's allowed-address to handle routing? Also, I don't know if you control the IP numbering (i.e. if the sites are operational)... but using a 10.<site>.<vlan>.x for...
by Amm0
Fri Nov 29, 2024 7:36 pm
Forum: Beginner Basics
Topic: Turning off default SMB and DLNA
Replies: 9
Views: 2532

Re: Turning off default SMB and DLNA

I would have thought that would have worked...

You can also be explicit to disable SMB:
/ip/smb/set enabled=no
(the default is "auto" AFAIK ... but I'd thought the /disk auto-smb-sharing=no mean auto in /ip/smb be =no)
by Amm0
Fri Nov 29, 2024 5:32 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 1260

Re: Adding existing preformatted disks

It's closed source, so you cannot diff the modules. But you need ROSE installed for encryption support, and drives need be Opal complaint: https://help.mikrotik.com/docs/spaces/ROS/pages/259031065/ROSE-storage#ROSEstorage-Self-EncryptionDrives Does this encrypted disk mount on another plain Linux sy...
by Amm0
Fri Nov 29, 2024 5:18 pm
Forum: General
Topic: RouterOS blatantly ignores pref-src. Can this really be a bug?
Replies: 39
Views: 3646

Re: RouterOS blatantly ignores pref-src. Can this really be a bug?

It is the user space applications' duty to then fill out the source address (see https://blog.cloudflare.com/everything-you-ever-wanted-to-know-about-udp-sockets-but-were-afraid-to-ask-part-1/#sourcing-packets-from-a-wildcard-socket). That's a good article, which likely explains roughly what's goin...
by Amm0
Fri Nov 29, 2024 4:59 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 2293

Re: Wireguard routing

Have you consider just using a dedicated subnet for the WG between site A and site B, then using normal routing (/ip/route) instead of WG's allowed-address to handle routing? Also, I don't know if you control the IP numbering (i.e. if the sites are operational)... but using a 10.<site>.<vlan>.x form...
by Amm0
Fri Nov 29, 2024 2:30 pm
Forum: Scripting
Topic: copying file between directories with /tool fetch gives timeout
Replies: 8
Views: 1095

Re: copying file between directories with /tool fetch gives timeout

Good to hear, it did seem like the firewall. I just thought there be a good chance you both had the default firewall & the loopback rule be in the right spot. Without config, guessing isn't always 100% accurate :). If you're only use FTP for the copy... you might consider restricting FTP to just...
by Amm0
Thu Nov 28, 2024 3:31 am
Forum: General
Topic: RouterOS blatantly ignores pref-src. Can this really be a bug?
Replies: 39
Views: 3646

Re: RouterOS blatantly ignores pref-src. Can this really be a bug?

It's roughly the same as this issue: viewtopic.php?t=205278&hilit=wireguard

Wireguard, for some unknown reason, is not treated the same as "locally generated traffic". So pref-src= is I'm guessing a similar victim.
by Amm0
Wed Nov 27, 2024 11:21 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

So in summary, its transparent to the end user, and hence why both apps can be used.
Yup. Just WG peer, with special DNS name.
by Amm0
Wed Nov 27, 2024 10:24 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 17
Views: 2860

Re: Secure Remote Access - QuickSet VPN

Also, since the RB2011 lives behind the starlink connection and the unifi gateway, I think double nat is going to be an issue. I dont want to have the RB2011 as the main gateway. I think that having it hosted somewhere else might be a better option. Perhaps, but if the starlink is going to UBNT &am...
by Amm0
Wed Nov 27, 2024 10:21 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 1543

Re: Why can I not use static ip_

Anyway, I still use the Automatic address acquisition which works fine without any issues. Just to be clear, you shouldn't need /ip/route or /ip/address if you using DHCP client. I was trying to explain how to set them IF you were NOT using DHCP client. But if a WAN has DHCP, in most cases that bet...
by Amm0
Wed Nov 27, 2024 10:17 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 2455

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

Yeah the 40Mhz on 2.4Ghz always seemed silly to me. It the 5Ghz band where I just never/rarely seen anyone recommend/using 20Mhz (or even 20/40Mhz). And have wondered if either I'm missing something about AX thus the initial question... Seems I'm not alone. But do think using default 20/40/80Mhz cha...
by Amm0
Wed Nov 27, 2024 10:10 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

Well, BTH is actually useful for LTE for a router-to-router WG with a CGNAT. This is use case @normis does not quite get with the "always use app" approach, and why I persist in explaining it since regular WG will not use BTH's "relay" server hosted by Mikrotik to deal with hole ...
by Amm0
Wed Nov 27, 2024 5:20 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 17
Views: 2860

Re: Secure Remote Access - QuickSet VPN

Or some cheap VPS in the cloud and install CHR on it, then use that one as pivot point for all Wireguard connections ? Shouldn't be too expensive ? Anav always claims it's about 7$ / month but I don't know what supplier provides it. I don't use it but I know some folks use https://www.vultr.com/pri...
by Amm0
Wed Nov 27, 2024 4:55 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

I am working on that bit ( improving docs ) and is why I am being nitpicky in my understanding. I forget, where do the firewall rules show up that allow a USER to access the WAN and possibly the LAN??? On firewall, there is an address-list named "back-to-home-lan-restricted-peers" in /ip/...
by Amm0
Wed Nov 27, 2024 4:45 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

You know its very annoying that your right ;-) Can we agree to blame Mikrotik's docs? :) BTH is actually pretty elegant since it really just uses DDNS to determine if proxy is needed, but always still plain WG. The docs are just bad (overly complex for simple case & not enough info for someone ...
by Amm0
Wed Nov 27, 2024 4:29 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 17
Views: 2860

Re: Secure Remote Access - QuickSet VPN

@holvoetn is right, Back to Home is what you'd want to used for Starlink. I went to check the docs, but The Dude interrupted me, but he says the RB2011 does not support Back to Home: Dude RB2011 BTH.jpg You can use plain wireguard, but one side requires a static IP. So another option be to enable a ...
by Amm0
Wed Nov 27, 2024 6:33 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

Yup. App is not mandatory, as EVERYTHING can technically be done using RouterOS winbox/CLI alone. As @normis suggests, the app may be easier. Although just enabling BTH under /ip/cloud is not very hard either (i.e. it's a radio button, which enables BTH & gets you 1st WG client, and then with &q...
by Amm0
Wed Nov 27, 2024 5:42 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

Not sure what you mean. If a user (not admin) uses the BTH app to setup a BTH tunnel after receiving the QR code, or URL link or export config file generated on the admins smartphone, then the user access is done through the BTH app, not the standard wireguard app. That why the app is more confusin...
by Amm0
Tue Nov 26, 2024 10:24 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 2455

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

None of these give any reason why using 40MHz channels on 2.4GHz band would suddenly become a sane thing to do. That one I've never got either. I actually been using 20Mhz on both on most of the AX devices we use. I just NEVER see anyone recommend narrowing channel width for AX... which got me ques...
by Amm0
Tue Nov 26, 2024 9:12 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

The ROUTER initiated client peer, ( the one that should go on the admins smartphone ) can, via Managed Shares, create additional peer clients to the same router. The client peers (second created to infinity) CANNOT create additional peer clients. They are not equal..... Now I get the confusion. The...
by Amm0
Tue Nov 26, 2024 8:34 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 1543

Re: Why can I not use static ip_

Could you check my port forwarding rules please? Although I follow the same way of opening ports for applications that I use, I still have problem with a few and I don't really understand why. Moreover, I have never been able to open any with UDP protocol. Does it need anything else? You shouldn't ...
by Amm0
Tue Nov 26, 2024 8:30 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 1543

Re: Why can I not use static ip_

@jvanhambelgium: Hmm, I didn't think of it like this just to be fair. The ISP didn't instruct me to do anything, as I had always in my mind that static IP doesn't need any DHCP client to be enabled. It seems that I was wrong then. You're missing a default route in /ip/route for the gateway. To use ...
by Amm0
Tue Nov 26, 2024 7:28 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 452
Views: 408054

Re: NEW FEATURE: Back to Home VPN

It's WG, so all are peers. The app and /ip/cloud just always create ONE peer upon enabling it. If you need more, you need the "managed shared" (or /ip/cloud/back-to-home-users). On the "shared" ones, there is the additional option to allow-lan= so that the only difference AFAIK. ...
by Amm0
Tue Nov 26, 2024 7:18 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 2455

Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

For years of Wi-Fi, the general recommendation is avoid large channel widths unless the spectrum is relatively clean. But I've never seen that recommendation for AX devices. I know AX uses OFDMA to better handle this and large channel widths are needed to get "max speed". But most of my us...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 17