MikroTik

Amm0

There was some discussion of the scheme here: https://forum.mikrotik.com/viewtopic.php?t=198168#p1031333 ...which implies it a diff upgrade scheme, but IDK. I'd imagine trying the 7.19beta8 be easier to see if that works with .09 & be easier than trying unwind how the download works. The URL dow...

Amm0

If you have not upgraded to 7.18.2, you really should do that first. See https://help.mikrotik.com/docs/spaces/ROS/pages/328142/Upgrading+and+installation . If you're already running 7.18.2, make sure the LTE fireware is updated - that on the lte1 interface dialog. There also the firmware, which is ...

Amm0

I'd make sure reboot both router and test machine after MTU changes, and make sure the "BIOS"/firmware in /system/routerboard matches the current RouterOS version. This mismatch speeds screamed "MTU problem", that has to be right — so your "guessing" I'm not sure was he...

Amm0

I imagine that the "Lifecell" SIM does work with the "Use Network APN" enabled, and most carriers do, and why that's the default. So that's what you should use for that SIM. And it dropping is because the APN is wrong for Lifecell once you disable Use Network APN. WRT your "...

Amm0

While you make good points, this thread is not place for these discussions.

Please keep this forum topic strictly related to this particular RouterOS release.

Amm0

Is there a reason you're setting MTU of 1460 on ether1 / WAN? Unless you know something, it likely should be 1500 (or you may need a PPPoE connection, or other things from your ISP than just a lower MTU).

Amm0

Yeah RouterOS has to have time to detect it gone and reinitialize, and often 10 seconds was too short on other modem... so good to see the "force" the minimum duration in power-reset (which may reflect some 30 second timeout in MBIM/LTE stuff... since modem SHOULD actually restart itself).

Amm0

You have to uncheck the "Use Network APN" box in APN dialog to use a APN name. Otherwise, the "Use Network APN" override what you set. Kyivstar may use "www.kyivstar.net" from https://apn.how/ua/kyivstar-gsm#google_vignette as the APN name, but you might confirm that wi...

Amm0

You can reset the LTE modem using: /system/routerboard/usb/power-reset bus=2 duration=45 The "bus=0" may be bus=1 etc... — I don't have Chateau with FG621 to check. Also duration= might be shorter if you like... but often modem do have some residual power and you likely want RouterOS "...

Amm0

Someone else had similar issue with the newest LTE firmware ending in 16121.1034.00.01.01.09: https://forum.mikrotik.com/viewtopic.php?t=216406 This sounds like a bug. As I suggested in other thread, I'd make sure the /system/routerboard "RouterBOOT" firmware is running 7.18.2 firmware. If...

Amm0

I am extremely happy to report that IPv6 Fasttrack works just as well as IPv4 Fasttrack does, and I get identical IPv6 forwarding performance out of the router that I do with IPv4+NAT: ~900Mbit, both directions, even with a LAN bridge + PPPoE with constrained MTU on the WAN. (IPv6, of course, is no...

Amm0

Just to satisfy my curiosity why is it considered a bad practice to change Bridge PVID? If it's a bad practice why is this option still available? IDK if "bad practice" per se. BUT... changing it you'll lose some "automatic" behaviors in VLAN bridging, especially if starting &qu...

Amm0

Larsa makes good points. Personally I'd use ZT routes if possible, since it just so simple.

I've assumed OP already had OSPF infra, perhaps with non-ZT things, and there OSPF over ZT would seem reasonable. But if you're using OSPF for route distribution ONLY for ZeroTier, that would seem silly.

Amm0

Curious why you asked...

We have relatives there, and taking my mom to visit this summer. They wanted me to "fix their wi-fi" while visiting & thinking how to outsource

.

Amm0

And when it comes to CA support, 4G modems used by MT are ... mediocre at best. Telit LM960 supports carrier aggregation Correct, the LM960 does have most CA combos for LTE CAT18, including 2 x UL carrier aggregation. But it's not one of the "stock" modems, which are all more limited in C...

Amm0

*) fix RoMON connect (introduced in v4.0beta19)

Fixed for me. Thanks.

Amm0

@rextended, random question, do you offer service in around Lucca (Tuscany)?

Amm0

Also I'd make sure you're running the latest RouterBOARD firmware (/system/routerboard/upgrade) so it matches the release 7.18.2. When version don't align that sometimes is the cause of LTE failures. Now the LTE firmware sometimes does have some implicit/un-enforced "minimum version" of bo...

Amm0

I'd confirm it works with 7.19beta if you can before downgrading the firmware. Sometime these firmware bugs are carrier-specific, and if 7.19 did not work with ...1.09 firmware, it be good to report that to Mikrotik. I think this post has the instructions to download using the manual-upgrade: https:...

Amm0

I see no mention of a switch there. Perhaps the "packet processor" may[...], but [...] switch ASIC was included in the SoC. [...] Compare this to the MT7621 SoC Datasheet where the switch is clearly pointed out (see page 2). Different architectures, ARM vs MIPS. I think generally ARM is i...

Amm0

Is this an LMT-provided Chateau? Those do have some different default configuration, so if you haven't changed this stuff... That means it comes from LMT, and since LMT is likely running a CGNAT, they may be opting out of the Mikrotik firewall in their defaults. IDK but the LMT do have some guides o...

Amm0

Look at your first filter rule (IP > Firewall > Filter). I'm not sure why you're accepting "untracked" in the first rule (i.e. connection-state=established,related,untracked)... that is actually all traffic if it's first rule, I'm not sure why that is there...

Amm0

If you can use SNMP that be better and align with Dude. For JSON values, you MIGHT be able to use the ros_command("/tool/fetch url=... as-value output=user"). And if using 7.16+ there is a ":deserialize from=json ..." that get you an array to pick out a specific value. All this g...

Amm0

I was not expecting mr. rextended with this title...

That sounds strange. Perhaps there is some middleware security box that's trying to generically block webmail services is about all I got. But you run the network, so IDK...

Amm0

Perhaps run /tool/torch on WAN when you're running nmap. It be curious if you're seeing the same TCP requests there. Perhaps your ISP is running a CGNAT or something. And if you're running `nmap` from Mikrotik LAN to the WAN IP, then I suppose you would see open since the stateful firewall does allo...

Amm0

Connecting to RoMON neighbors has quit working after upgrading to 4.0beta19 (MacOS). The initial RoMON connection to a router can be established but connections to a neighbor cannot. Yes it does not work. All you get is being stuck at "Connecting via RoMON". It does seem to be the case wi...

Amm0

Same with the PHY? Functionality onboard is a subset of available options? AFAIK it more like options on a car, except perhaps you can order multiple cold weather packages or 2 mini-sunroofs or one sunroof/one cold-weather. With these packages, being "IP cores" that ARM sells. Which is wh...

Amm0

Saying there is a ASIC inside the IPQ6010 is not accurate. Arguably the whole IPQ6010 is ASIC. But the modern term for IPQ6010 be "SoC", see https://en.wikipedia.org/wiki/System_on_a_chip. Since it's one thing, there is nothing to "offload". It's also important to note these mode...

Amm0

Might want to file a ticket at help.mikrotik.com to ask. Either it's a bug, or docs are wrong. What you're doing seems like it should work based on my reading too.

Amm0

Look at cellmapper.net (or some countries do publish their own LTE/5G tower maps) to see what bands in your area. In theory, two CAT12 devices should perform roughly the same. Your mobile carrier is what's controlling the speed way more, so that's who to ask what you should expect. Just to be clear ...

Amm0

Ok, Newsletter launched... Good! Thanks! Will we now go back to releases in the testing chain? Testing is fun, but for production I would be much happier with some kind of long term supported ROS 7 release... The rather skimpy content in the newsletter does suggest MT is working on software ;)

Amm0

Any updates?
Very close to final version.

That sounds like good news!

Amm0

I haven't test GPIO much, so IDK.

But the photo shows pin5 as "Digital input", so perhaps it's not changeable to output (even if GPIO docs suggest otherwise):

image2021-5-28_8-10-49.png

Amm0

You might want to look at the KNOT user manual, which has the GPIO assignments. The main GPIO docs do note that they vary by device, but it's easy to forgot there is an KNOT specific page that has a bit more specifics: https://help.mikrotik.com/docs/spaces/UM/pages/41680915/RB924i-2nD-BT5+BG77#RB924...

Amm0

There was another thread with similar speculation, viewtopic.php?p=1125018&hilit=openflow#p1120392:

"Sir, I see some movement on the enemy's trench."

Amm0

1) How can I confirm that the config below matches what would on this forum be labeled as "used as a switch and not as a router?" I guess I'd say don't get hung up on these terms. IMO switch/router/"switch chip"/"hardware offload" can be somewhat fuzzy in meaning, espe...

Amm0

What curious here is they did update the OpenFlow docs pretty recently:
https://help.mikrotik.com/docs/spaces/R ... 5/Openflow
and including a reference to OpenFlow 1.3 support (compare with 1.0 in https://wiki.mikrotik.com/Manual:OpenFlow)

Maybe hope it's coming back, but IDK.

Amm0

Access webfig through reverse proxy (relative paths for resources). Webfig can be run through a reverse proxy. On relative paths, webfig uses "AJAX-like" updates OUTSIDE of /webfig HTTP request path, i.e. just "/jsproxy" - which may be the root of the complaint. While that shoul...

Amm0

My only point was it was SOMEWHAT explainable. But 100% agree it's a poor design.

And, potentially problematic if someone used scripting, the "new version available" might cause a script to loop forever trying to upgrade a router.

Amm0

edit - note , when I configured nat-444 , I used a ton of jump tables to optimize the /21 CGN-nat. ( 1/2 , 1/4 , 1/8 , 1/16 , 1/32 ) which resulted in fewer nat lookups sequential steps when traffic was inbound to the customer. Yeah that part make sense: each rule executed is uses CPU and adds [mar...

Amm0

Never noticed that.

But V7 is "new version" that is "available". Now it likely be better to suggest "New major version available in 'upgrade' channel"

Amm0

Seems a Mikrotik thing. Perhaps. Someone else had similar issues with OSPF broadcast mode and ZeroTier: https://forum.mikrotik.com/viewtopic.php?p=1118612#p1118520 There too, I thought it was flow rules, but OP was using Mikrotik controller which has NO flow rules. And I forgot the it the different...

Amm0

The JSON in photo is wrong " u sername-length" & the URL is .../add-batch-user s — likely BOTH are your issue. Using CURL with 7.19beta, the following worked (*changed password/ip): curl -k 'https://192.168.88.1/rest/user-manager/user/add-batch-users' --json `jo number-of-users=1 usern...

Amm0

The PUT method only works on http://ip-router/rest/user-manager/user not on http://ip-router/rest/user-manager/user/add-batch-user and POST of http://ip-router/rest/user-manager/user/ result an error of bad command. Thank you You need to use POST with http://ip-router/rest/user-manager/user/add-bat...

Amm0

- what version of RouterOS? RouterOS V6.49.7 There is no batch-add-user AFAIK in V6 — but I'm not the expert on UM under V6. You should be able to use a for loop to add users. You'd have to adapt to your needs, but essentially something like: :for n from=1 to=100 do={ /user-manager/user add name=&q...

Amm0

You may need to change the "Flow Rules" for the ZT network on my.zerotier.com (see ZeroTier docs: https://docs.zerotier.com/rules/#rule-definition-language generally or examples here https://www.zerotier.com/blog/using-flow-rules-to-direct-users-to-services/ etc.). By default, the flow rul...

Amm0

currently i want to use simple ssh You're going to have to provide more details on what you're looking for and what your starting with... i.e. - what version of RouterOS? - is user manager already setup and working for users, and ONLY bulk add is needed? - do you want user manager to generate users...

Amm0

There is /system/history but it's not quite the same, but in the "undo=" should show the actual previous commands.

/system/history/print detail

Also RouterOS support Ctrl-R / F3 to search the command history, which is like a Linux Shell. And hitting F1 twice will the CLI options.

Amm0

For the record, I still think WinBox4 is BETTER than WinBox3. I use WinBox4 daily without operational issues. The fact WinBox4 loads way faster than Wine+WinBox3 is more than enough to accept the small different vertical vs horizontal tabs, color schemes, etc. I'll offer we DO use less Mikrotik than...

Amm0

Yes, I know we can do a mac reset. But official guidelines are (were, last I checked) not to do this. It would be nice to get this finally wrapped up. I'd just add while the simple: /interface/ethernet/reset-mac-address [find] works for ethernet... if you had other types of interfaces, those requir...

Amm0

As general matter, tend agree with @rextended that with some config-based approach (netinstall/branding/run-after-reset) to the problem. But at same time... .backup does get you an exact copy, not merely just the equivalent config. At end of day, both approach have some pro-and-cons & require yo...

Amm0

I'm thinking it's a problem with my rbm11 since no one on this forum complains of similar problems. Perhaps. I'm sure most testing is done on ARM things, and there occasional oddities on MIPS. And Mikrotik has been making changes in LTE recently too. That combo does point to a bug, or at least some...

Amm0

The issue persists in version 7.18.2. The http-redirect option does not exist. Please add it. You likely should enable the DHCP options that modern OSes use for redirect, see: https://help.mikrotik.com/docs/spaces/ROS/pages/56459266/HotSpot+-+Captive+portal#HotSpotCaptiveportal-UsingDHCPoptiontoadv...

Amm0

Depends on what you mean by both "devices" and the purpose of the "export". The winbox files can, generally, be moved around as-is... so if you just want to have saved [RouterOS] devices/passwords... the wbx file can just be "copied" as an export of sorts. If you use th...

Amm0

this will be for sure going in circles for eternity

Well when the release mgmt discussions start to overwhelming the "testing" thread... the "process" is that beta becomes a rc ;).

Amm0

AFAIK, the dns from an WG Import'ed peer is not used.

Depending on situation... you MAY be able to MANUALLY use FWD (or static/regex/etc) in /ip/dns, to re-direct something like a WG subnet.

Amm0

/routing/nexthop print

To see all routes, you can also use:

/routing/routes print

Amm0

Agree. Or, in general, a few more tests to better capture the different performance aspects of the various models. Although, "forum rule of thumb" is using the 512-sized 25 ip filter rule as a general guide to internet performance. On that score, your 250Mb/s is not too far off that 319Mb/...

Amm0

Well based on the avatar, I guess that post could be considered a dud! )

So what is the summary on why RoMON does not work here? I lost track of the conversation.

Amm0

My post intentionally refers to @Ammo's one in particular, just for the case that someone comes searching and gets mislead by it. But unless @Ammo edits his, few people will probably notice mine.

Fixed. I swear I'd seen that cause not RoMON work in past. But re-tested it, you're right.

Amm0

Agree, Mikrotik has been pretty good at updating the docs. But I'm not sure they follow the forum super closely. So I flagged your post to Mikrotik yesterday, since I already had the feature request ticket for CSV, file-name=. Mikrotik reports they fixed the docs today: https://help.mikrotik.com/doc...

Amm0

(deleted)

Amm0

In 7.18, you should be able to do it using System > Packages in WinBox/WebFig/mobile, then do a "Check for Updates", the select and enable "rose-storage", click "Apply Changes". From CLI, it's /system/package { update/check-for-updates duration=10s enable rose-storage a...

Amm0

Modem port channel assignment is stated in KNOT manual, section "GPS and NB/CAT-M": https://help.mikrotik.com/docs/spaces/UM/pages/41680915/RB924i-2nD-BT5+BG77#RB924i2nDBT5%26BG77-GPSandNB%2FCAT-M I actually tried deleting the ppp-out1 — since it should get re-created. PPP interfaces are ...

Amm0

Edit: I'd originally thought it was RoMON getting dropped, @sindy confirms the bridge's frame-types= are passed.

See @sindy's post : viewtopic.php?p=1137826#p1137981

Amm0

You probably should not be using 7.13...

See https://help.mikrotik.com/docs/spaces/R ... 2/REST+API

Amm0

20+ years since I've thought about T1 (or HDLC or Frame Relay)... Adtran used make decent stuff... although I only used to them to get HDLC to Cisco. So "router" sound newer, so IDK.... According to Mikrotik spec page: https://help.mikrotik.com/docs/spaces/ROS/pages/19136707/Software+Speci...

Amm0

There's no Wi-Fi, it's all fiber optics. I've tried IGMP, and the results don't change. Would it be a good idea to set a constant bit rate on the server? Would that help? If it's fiber and you have the bandwidth, then constant bit rate might be worth a shot. It's less work on the decoder. If you ca...

Amm0

You shouldn't need IGMP here, but that be another thing to try (you can enable on the /interface/bridge).

Also, if you control the multicast addresses using 224.0.0.0/24 is special range, so IGMP won't work with those...

Amm0

Yeah that's plain UDP MPEG-TS, no FEC/RTP, which should fit.

Is there any wi-fi in your chain?

I'd recommend you try the EoIP interface using 1450 MTU & see what happens. Although that's going to have the side-effect of lowering your bridge MTU.

Amm0

I had the ppp working earlier but I couldn't get GPS. Now I can get GPS but I can't get ppp... :-( Such a design limitation that you can't get a GPS and LTE both on at the same time. For a IOT device that is ridiculous. Geez. The default should have been right. And the /system/default-configuration...

Amm0

by testing with the terminal, I discovered that channels are 0 to 3... not 1 to 4 :-) LOL, yup. But the "info-channel" is not really used, unless you trigger it using "Info" — so I'm not sure that's your issue with LTE. Essentially it sets up the PPP session using the "data...

Amm0

What settings are you using for the ppp-client with that gps setting? I can now get location, but my ppp-client does not start due to a port conflict. I don't use PPP/LTE with this KNOT, so I know the info channel defaults to 2... But I suppose if that's not working use info-channel=4 instead /inte...

Amm0

And, yes, the docs could very much be improved. The manual is designed around RouterOS features, not devices... so for something like KNOT, all the docs for this are spread around in dozen pages. But... nowhere would you find exactly what each serial channel does... There is a /system/serial-termina...

Amm0

yes there is a gps antenna and I was able to get some location a few hours ago with other settings. However, now I can't get any location. Can you do a /system/gps/export? I just looked on a live KNOT to make sure GPS was still working, this is the configuration I'm showing that works: /system gps ...

Amm0

It looks like the ports are right, since both PPP and GPS are in use. If you look /system/gps, does it show a time as "Data Age". If it's showing 00:00:00 or :10 etc, instead of empty/none/etc Do you have an antenna connected to the GNSS port? (I cannot recall if the KNOT has a internal an...

Amm0

Mikrotik has a discussion of Policy Routing here: https://help.mikrotik.com/docs/spaces/ROS/pages/59965508/Policy+Routing Essentially you likely need some config like this: # add new/2nd routing table /routing/table/add name=ztoffice fib # route new table via remote ZT router /ip/route/add gateway=1...

Amm0

If you use "/port/print" you'll notice there are 5 channels on the USB bus. So GPS (NMEA) uses channel 1, and "PPP data" uses channel 3 — those channels are used continuously so they cannot conflict. Now, I think, by default, channel 2 is used by BOTH "PPP info" and &qu...

Amm0

Developers for Apple ecosystem have a thing called Open Radar (https://openradar.appspot.com/page/1 w) which has similar origin story. Or in JIRA allow the reporter to have some "mark public", so if you link to a issue (especially "feature request" type) in forum, it's be read-a...

Amm0

Thanks for your feedback in this thread, its really good to see! Indeed, a few sentences goes a long way. But I still maintain there is a lot of value of running whatever software on RouterOS using /container, whether CHR or RDS. i.e. I'd like to see some "milage" on /container... so if t...

Amm0

I always wanted have a front-end web server that after bot checks would generate a random btest user/password , then auto remove it 10-minutes later. Just long enough for a btest but not long enough to test an ISPs entire network and prevent time-cron-scheduled auto btests that occur ever hour or d...

Amm0

The problem I'm having is pixelation on the client side. More generally you want to look at the MTU on EoIP... If it's 1500, your UDP multicast video may be getting fragmented, and if lower you could be effecting the bridge MTU. So it bit complex "what's right MTU" here. A few sniffer tra...

Amm0

I'd cancel the QuickSet if your goal is a switch...

To reset it back to default, push the reset button for 7 seconds while powering the CRS.

Amm0

Normis said the problem is the forum software doesn't support HA and/or distributing the site between several servers. Do with this info what You will.

Sure, but that's what HAProxy is for...

Amm0

Agree w/ @TomjNorthIdaho that the "root causes" are bit unknown here & still be good info for community. re: ... Anyway, whatever they end up doing... I do hope they host it on their RDS ROSE server(s) as proof-point they work in the real-world. ... @normis mentioned "HA proxy, hi...

Amm0

migrated a complex, with hundreds of thousands posts and spanning over many years IDK specific on phpBB to discourse. But as general matter... figuring out the DDoS mitigation would seem better use of time, than complex data migration. And, while the "temporary unavailable" now appear, th...

Amm0

@rextended is right– it's "normal" if there is a crash... but console should not "crash" in the first place & likely why MT generates a file so they have some data to fix the crash. If it's getting regularly generated, you should open a ticket with Mikrotik with the console-d...

Amm0

posts will be migrated

Is there any way you can publish a ZIP of the forum content when you migrate it? I still think it interesting try the forum content in some small language model.

Amm0

A funny side note: I read "Discord" instead of "Discourse", and thought "Oh no, surely not?..." THEN I read it again. :D LOL. I also read it "Discord" at first too! It was only the lack of SCREAMING negative commentary that prompted me to read it again as Dis...

Amm0

If you ask me it's any static public IP address you want to replace with some "fake" like 2.2.2.1 or whatever before posting. And, also the serial number at top, since if you use /ip/cloud the serial number is part of the DNS name. While the IP is "public"... having your config a...

Amm0

I'd recommend you still file a support ticket, otherwise it might still be there in future. And/or, perhaps try 7.19beta7 to see if it works there. I'd also make sure all LTE and RouterBOARD firmware is updated, as mismatched versions is one sure fire way to have problems with LTE. Currently if I am...

Amm0

Hahaha, I thought it was simply my browser, I keep forgetting they use a haplite to run their website, the free schnapps in the web lounge is not helping work output either. No I see this. I originally thought it was Apple Safari in my case. Specifically Apple's "Hide my IP address" in Sa...

Amm0

True. [:len] may be cleaner - more OP was starting at =nil... so converted what he had...

Is not clear at all on post #2: not mix nil and nothing, because nothing is also different from nothing.

While :nothing is nothing... [:nothing] is nil:

:put [:typeof [:nothing]]
nil

Amm0

FWIW, you can also use a :typeof and compare that return to the string "nil"...

:put ([:typeof [:find "asd" "p" -1]]="nil")

But the =[:nothing] syntax , I think, is clearer.

Amm0

"nil" is a type, NOT a keyword in scripting. Instead, you need to use the syntax [:nothing] to "create" a "nil type" & then compare the "new nil".

:put ([:find "asd" "p" -1] = [:nothing])

Amm0

used this construct in script file to abbreviate a series of commands, expressions. As I wrote, kind of embedded function, that can access local variables. It makes code shorter and more readable. I guess I never thought about this, but it does make some sense... The "locals in the calling sco...

Amm0

IMO, the WireGuard implementation in ROS v7 is still flawed in that respect . and other respects, too. ;) I think Mikrotik needs to look at the bigger picture on WG (and BTH) so that it aligns with RouterOS config/UI better. Or, at least improve the docs with more specific details. i.e. now multipl...

Amm0

Yeah perhaps, it's sounded weird from start. It might be worth trying the beta, or downgrading. Recent builds have good number of changes in LTE, which does have tendency to break something, somewhere.

Amm0

Also would like to know if you solved this. I can see my Apple TV from my MacBook but it gives me an error when I try to extend the display to it. Just a generic "Could not connect to Entertainment Room." Either suggest what things in this thread you tried, like @Kentzo's suggest to run d...

Amm0

You might want to file a feature request with Mikrotik at help.mikrotik.com. EEE should indeed be configurable IMO. Now I have used AVIO adapters with RB5009 without issue in past, so I'm not sure there isn't some other issue going on than EEE. But it's true that it's a pretty firm recommendation fr...

Amm0

I think what @Kentzo is trying to say is that a bool (true/false) return value from the [] should be used as part of the filter. i.e. if [expression] evaluated to false, then the outer find should NOT include that element in outer [find]. And, logically, that would make sense. But string "false...

Amm0

Lascia perdere gli script, metti direttamente nello scheduler questo, e guarda se funziona: He already tried putting in scheduler, I think. Perhaps wrapping in :execute might do something, IDK If that doesn't work, look at the logs to see what's happening. It could be a script error, although the c...

Amm0

AFAIK, Flagging just catches if RouterOS internal files are tampered or replaced — not config. Similar to macOS Gatekeeper/SIP or Windows File Protection (WFP).

Amm0

But alas.

Maybe if it multiple lines you need a {} code block, since the [] is not a codeblock

/ip/arp/find [{
  :put $address
  :put $interface
}]

But it does act like an iterator, so the code is executed per list item.

Amm0

The device itself stores the factory password somewhere, if I recall correctly. When you reset the device, the factory admin credentials and password are restored. Not if you replace the default configuration so that a reset-configuration / 5-10s button press reset uses a custom default configurati...

Amm0

I guess the crux of my complaint is I just want to set device-mode via netinstall (or even flashfig or new tool), so that there can be an automated way to setup a new/factory router with our custom config. The device-mode around container has already BLOCKED adding a container as part of default con...

Amm0

If your functionality is spread across multiple devices and one stops working, the rest will still work. No nightmares and pissed off users. Well... for the RDS, one random idea be to have some small-form versions of the CCR2004-1G-2XS-PCIe full-sized card (perhaps different specs / switch / CPU / ...

Amm0

Weird. It does call it, since run-count is 12. I trust you know the AT command works at CLI, so IDK. My only guess was permissions since Mikrotik does mess them sometimes. Perhaps a wait=yes on the LTE script. And/or adding more debug code to the script to get /log some AT command like /log [... inp...

Amm0

>[], >"", >{}, <%% What devil are you summing here? LOL. Latvian LISP ? But essentially those allow you "inject" some code into the S-expr / IL generated. But generally those can be "shorthand" for similar "built-in" syntax & generally operate on lists.

Amm0

Also that's news that find can take a function as an argument. Didn't see it documented either. Documentation, LOL... But yeah both "print where" and "find" acts as iterators... In the case of "print where", you can use an as-value to suppress print's output to "o...

Amm0

+1 for ATL LTE18.

* assuming you're not in North America
** and it not "5G"

And note they have announced, but not released, a few newer 5G models... if there is not urgency, something to consider.

Amm0

It might actually happen sooner than you'd expect. Word is Mikrotik has recently brought on about 15 people, supposedly working full-time on developing business-oriented features.

That make sense, given they've long implemented the now ratified RFC-9759

Amm0

I don't think the docs are that relevant to core concern.

no plan to make it avoidable while still keeping the device up to date. This is my main complaint.

device-mode should at lease be controllable – via some tool like netinstall or some "special package" or whatever.

Amm0

Why can't there be an "I don't want further restrictions" device mode? [...] I understand that Mikrotik sometimes has a habit of introducing stuff with an "introduce it then fix it later (whenever)" process. For new features this is not a bad thing, because people can experiment...

Amm0

Oh just one of many problems with docs — the lack of stable URLs for protocol/commands. I've noticed same thing, I've just manually updated the URL to use the "generic" form you show in 2nd example when need in other doc/code. I could never find some way to get Confluence to show the "...

Amm0

Main thing with Winbox 4 has to be getting rid of bugs that can cause data loss or mess up the configuration. That's far more important than polishing the exteriour. I've use WinBox4 since it came out and never find the need to use WinBox3... while it certainly missing new/improved functionality, m...

Amm0

I'm not 100% on why in this case... but does sound like a permissions problem. The easy potential fix (or at least something to try) be to put that LTE code in a new /system/script and select "Do Not Require Permissions" & then in the /system/schedule use just the script name as "...

Amm0

If it's an ARM device, you might able to the BackToHome to setup WireGuard: https://help.mikrotik.com/docs/spaces/ROS/pages/197984280/Back+To+Home If that worked, you'd know everything else is working. So if you did want to use "real" WG, you know it worked first. And BackToHome being enab...

Amm0

The 10,000 foot[/meter] view of the (>[]) and its cousin (>{}) is that they are essentially a syntax-checked version of the [:parse] / :parse, since both interact with the "code" datatype. :put (>[]) (evl /) But on the specifics here.... I'm not sure the (>[]) does anything special for a $...

Amm0

Perhaps they should send someone to YouTube to tell some story on the 16MB situation. Mikrotik really has acted indifferent to what is a real-world problem for me and others. I used to keep everything up-to-date way more regularly since historically "always worked"... but now updating Rout...

Amm0

It is called a 2D array I had feature request for :serialize to=csv... and in the case MikroTik called the "print as-value" array (which lead to dsv.remap) as a "list-of-dictionaries". Everyone has their own preferred terms it seems. :) @ammo there are indeed two different array...

Amm0

Yeah there are two types of arrays, one is a dictionary/map and other is list. When accessing members, dicts/maps use ->"name", while list use NO quotes ->3. And "print as-values" uses an array that be described as a "list-of-dictionaries" — why you need to two arrow op...

Amm0

Not hyping it down, but its actual use as a data vlan is very niche (rare). I'm with @sindy on FUD on VLAN 1 - over-emphasis creates a worse problems. IMO it's needing "/interface/bridge/vlan tagged=bridge" that created more confusion, than VLAN 1. And the default use VLAN 1, so saying it...

Amm0

Yes, you can use routing rules with the VETH. And depending on your configuration, src-nat rule might also work. Basically nothing changing in routing because it's a VETH. Now you do some multi-wan setup already. Assuming you're using PBR (/routing/rule), you need a rule for container IP that set th...

Amm0

I agree there is a lot of technical dogma being spread without any explanations or evidence. Yup. I'd just add on routers with a default configuration, enabling vlan-filtering=yes is complete safe to do at the START in RouterOS 7.16+. While, typical advice is to set vlan-filtering=yes last. I'm not...

Amm0

While true you can connect via iPhone Wi-Fi, but OP is connected via USB. You'll have to file a feature request. While iPhone will show up as USB, iPhone does not support MBIM protocol that Mikrotik uses. On Linux, it takes extra drivers, since some Apple-specific code is need to setup the data sess...

Amm0

Not sure why you think it is missing.

True in part. But there is no context menu (right-click) with "Copy", and in WinBox4 the "copy" being in the title bar (i.e. stacked paper icon is copy) may not be obvious to all...

Amm0

So smtp.gmail.com works on some devices and does not work on others (in different locations). What do others use for smtp server? smtp.gmail.com is what's documented. Given the AUTH failure, that would indicate you do have the right DNS SMTP server addresss. Don't post it here, but you might want t...

Amm0

there is not much to configure for SMB: [...] I know macOS has a bug where you can't set MTU above 8000 and if your adapter says it needs 9000, it will glitch in various ways. I have a Sonnettech Twin25 and have set MTU to 8000 Where might one find that information in your documentation? If it's bu...

Amm0

Did you upgrade the router at some point? What version is this happening on?

If this was all working and you have not changed version, you may want to check the "app password" specifically in your Google account and confirm it still enabled/not expired/etc.

Amm0

One thing to try is disabling encryption for testing. In my case, that didn't make a difference...but worth a shot, just to see if that works. SMB access from macOS Sequioa to an RB1100AHx4 crashes the entire router I'll try to test that too. Do you have a specific sequioa version? But since my mac ...

Amm0

I'm not sure what going on here, but whatever they did in 7.18 has some bugs IMO. I have different problem. Since 7.18beta, SMB access from macOS Sequioa to an RB1100AHx4 crashes the entire router. macOS prompts for credentials, and then I hear the router reboot. No supout.rif is generated. IMO NO S...

Amm0

As was said, it's a RouterOS bug.

Maybe. No point arguing here. Open a new ticket with the exact problem you're see... since, yes, sometime it does take a few rounds in a ticket to convince them. But they do fix something if there is clear repo case in a ticket.

Amm0

Has anyone tried packet sniffer to [local] disk with a high network load on the RDS?

i.e. could you use it as a switch that had a rolling buffer of packet traces

Amm0

FWIW, I know since I complained "ping watchdog" a while back that no supout was either a bug, or at least should be documented. And they added this note to the doc: Note: Watchdog reboot is not a system failure. Such reboot also will not generate autosupout file. Watchdog reboot is "/...

Amm0

Already exist from 2007... No, the autosupout.rif does not generate one if it the "ping" part of watchdog. The supout.rif is only generated if the hardware watchdog timer expires. But I agree with OP, that I'd like a supout.rif ALWAYS generated if it reboots the router. For example, it co...

Amm0

I use the editor from CLI via ssh, no issues there. So I do not agree about the RouterOS issue. Same issues in PuTTY via SSH. I suspect if you look at the script source as hex or byte-array, you'll find some \t or \n without \r\n. :put [:convert to=hex [/system/script/get SCRIPTNAME source]] If you...

Amm0

I too have complained about the System > Script dialog, for a while. I cannot even imagine trying to edit a script there. But...this is unfair: They suggested to use CLI, it has syntax highlighting, but it's buggy as hell and unusable. I don't think the the CLI /system/script/edit is "buggy&quo...

Amm0

What specifically are you trying to update with scripting? VLAN bridge ports, bridge vlans, interface-list, etc & what settings etc? Updating ("set") is more tricky than adding. Mainly because you need may need to add OR set, depending on what you mean by "update a VLAN". Mor...

Amm0

in the recent version v7.17, MikroTik introduced the :range function, which combined with the ability to use interface list, can improve the VLAN creation process. I'm currently trying to add multiple interfaces as list members (/interface list member add interface=ether1,ether2... list=VLAN2), Doe...

Amm0

VETH are weird, and @tagent points out it be unclear what the actual "best practice" is from Mikrotik. I don't think there are any issues with using VETH into "dumb" bridge, vlan-filtering=yes bridge, or unbridged VETH, per se.... Now... configuration of IP address, routing, fire...

Amm0

Agree. But this one is tricky. And the operation is NOT documented well (actually have on open issue that the neighbor docs should be improved). The key is that "neighbors" can one of three types (MNDP, CDP, LLDP) & that's one way you can end up with multiple entries. Specially MNDP is...

Amm0

If container did recurring writes, like a database server, that be more problematic on NAND. I don't think cloudflared writes anything to disk when running, just uses stdio/stdout/sockets. Also, I think there is distro-less version of cloudflared, that does not have Alpine. In RouterOS terms, the en...

Amm0

Thank you for your service. Easy to imagine the game of whack-a-mole with bad actors gets old. MikroTik is already running BTH relays, those could become btest servers... Perhaps, it have to be more restrictive than TomjNorthIdaho service and/or limited to /tool/speed-test. Similar given their hype ...

Amm0

@Normis I believe @Larsa makes some good points. [...] I see @Larsa suggestion as best chance MikroTik has to salvage RDS2216 development investment. Opening RDS2216 for hosting existing ready today solutions @Larsa identified allows returning limited software developer resources back onto the core...

Amm0

So when MT support responded to your email, they simply linked to the same box.mikrotik.com upload that they made 3 years ago, and didn't update it one bit to include any changes made through 7.18.2. That what I suspected too. At least now, they'll get a formal request per new "stable" an...

Amm0

Sorry didn't comment earlier. Great look!!! The dialogs need more horizontal items per row - that is one big problem in current design. I don't know if you saw my CLI bridge view, https://forum.mikrotik.com/viewtopic.php?t=214189#p1123276 , but that be other UI that be nice to see in winbox. Same th...

Amm0

Aside from the fact that they banned my account for a week for revealing some things in advance , Yeah I don't run my restraml /console/inspect tool against of the alpha I've occasionally get for that reason. But others want to post, well, as a reader that might interesting. ;) But Mikrotik could c...

Amm0

Don't worry, my bet is @rextended is going to be wrong in then end... they would do yours in 20 years. So I have no idea why your commentary sparked a reaction. And to be clear, my LOL is I was expecting the "I'm right", not supportive of the hostile tone. And guessing more discussion ahea...

Amm0

RouterOS internal security has been changed several times [...] but even during v7 many changes have been made to security in this regard and others. If that's true... are you saying the GPL source code used in from RouterOS has not changed since Jan 2, 2022? The source code you disclosed in SUP-18...

Amm0

Well, I see I was right...

LOL. When I saw the release note, I thought of you and this thread "guess rex' is right"

Amm0

Rhetorical question, of course this could be tested beforehand.

Yeah that's kinda my question. I wouldn't have spend 1+ hour testing if there was SOME clue it was "experimental"/"for testing"/etc

Amm0

If you did set Master Password in WinBox3, using the same database file, the WinBox4 will also ask for Master Password. Currently not yet implemented is setting of a new Master Password. It will come. Is Apple's Keychain support on the roadmap? IMO, Apple's Secure Enclave is "safer" than ...

Amm0

In 7.19beta6 , I saw this: *) net - remove support for automatic multicast tunneling (AMT) interface (introduced in v7.18) Now... how this wasn't found before shipping 7.18, IDK. Or if "stable" has something that is "experimental" and/or potentially dropped next release — even ju...

Amm0

I did receive some response: https://box.mikrotik.com/d/81912835977544a291c9/ and cross-posted the received ZIP file to GitHub here: https://github.com/tikoci/mikrotik-gpl/releases/tag/7.18.2 In the ZIP file, the following contents was disclosed: Linux GPL v7 % ls -la total 414072 drwxr-xr-x@ 44 amm...

Amm0

At the risk of "spreading rumors"...

any reply from mk?

Nope.

SUP-182615 and SUP-182616 still open, and no response from email to mt@mikrotik.com either.

Amm0

Hmm other solution what i used now is watchdog. I ping 8.8.8.8 and if internet goes down then reboot. So far, it works fine. If it helps somebody. IMO, ping watchdog always a good idea with LTE/5G. Even if you have netwatch scripts... You can still using ping watchdog. You would want a LONGER timeo...

Amm0

"purported" employees? :shock: I mean we already know Birds Aren't Real ™ (and bolstered by RFC-2549 ), so is #NotRealNormis impossible? Now we have proof! It's #NotRealNormis – LLM have trouble with processing screenshots, so the robot missed the glaring large JIRA tickets in the thread....

Amm0

Instead of spreading rumors, has anyone actually asked for the source code? It is available as per GPL requirements and has been given out countless times, to anyone who asked. I did, and automated the process. No response — SUP-182615 for 7.18.2, and SUP-182616 for 7.19beta5. And, I'm not sure you...

Amm0

Well here is a question for "gurus"...

If one is in the market for a new home country... what country has the highest legal channel capacity for 5Ghz Wi-Fi? I think Canada is lower than US...

Amm0

At Bell Labs, they had no titles, so all engineers were "member of technical staff" or "distinguished member of technical staff"

So forum is like that... even after 10K+ posts (see @anav @mkx etc), you're still "just" a guru.

Amm0

"purported" employees? :shock: Is there the risk that all these years those people (Normis, mrz, etc.) tricked everyone impersonating Mikrotik employees? :? Well, that subtle witty humor didn't come ChatGPT I assure you. Since the GPL can get unnecessarily legalistic, the "TIKOCI Git...

Amm0

Can we stop trying to divide up the packages for Mikrotik? There is need for THEM to do it. Everyone voting on their theoretical desired "package splits", may not be helpful. Like an alcoholics, step one is admitting you have a problem. I don't think we're there yet with Mikrotik... At thi...

Amm0

We'll see if they provide it. But making users request the source is not necessarily a violation, and they seem to provide the notice with the software. So I'm not going to say there is any violation. I attribute this more to Mikrotik's usual desire for secrecy, than malfeasance. So they do want to ...

Amm0

So it seems to be a problem when it is hardware The "routeros" package may be treated differently the extra-packages (which is the part that changed)... so CHR show a version in all versions is not surprising. What MAY be a minor issue is that if user-manager NPK is installed, hardware or...

Amm0

Usefulness is not my issue per se. There is a certain amount of pure principle here too ;). At least now Mikrotik will an email requesting source for new future stable or testing build automatically. I'll post whatever response to email request to the public tikoci/mikrotik-gpl under the Releases se...

Amm0

You may be right that it's related to recent changes. And I bet API would return version if you did a check-for-update request beforehand.

But if the user-manager package was installed, the version is in the NPK... so it should be populated in all cases.

Amm0

@Josephny ask a good question - even if the "why" is immaterial under GPL May I ask what the practical or useful use will be of the release of the source code? Another benefit, is that tools like GitHub (or any static code analyzer) can be used to "double check" that the specifi...

Amm0

While I agree it most cases it's NOT terribly useful. That does not mean it without use. And, just closing the door to the "mystery" by publishing it along with the downloads would solve these recurring requests here that go back decades - i.e.the commentary here should be "See http:/...

Amm0

The license agreement does suggest you need to request a CD-ROM, plus duplication fee.

But...you can email support@mikrotik.com, according to @normis in various other posts (viewtopic.php?t=201561#p1036502).

And, why it's not just published on website someplace, IDK.

Amm0

Good news. Mikrotik released software with eSIM. Just open winbox and go interfaces-->LTE and you can see there eSIM option. Soft. release 18.2 JFYI: https://forum.mikrotik.com/viewtopic.php?t=214977 More specifically Emils@MT answer here: https://forum.mikrotik.com/viewtopic.php?t=214977#p1130903

Amm0

For anyone messing around with Apple Virtualization and ARM-based Macs, I saw this on YouTube today: https://www.youtube.com/watch?v=r3wpXhL3iA0 while about Slackware linux, it was interesting to see the kernel options he used aarch64 / "Apple Silicon" with Apple Virtualization. One thing ...

Amm0

The config is part of the backup file. So if the backup restored okay, should NOT need to ":import <file.rsc>". In fact, it might break things if you even tried. The consultant did both, since the backup is a binary file you cannot "see" the configuration inside it. While the .rs...

Amm0

Okay, it got me to thinking that the MT approach is a mess. Yup. I'm glad to see that you get how this COULD work. There not far off. What so frustrating is they drop the ball on the UI and docs. Here and everywhere. Mikrotik does good engineering, and even some of initially odd logic, often make m...

Amm0

MT said, that they are still testing it and it's not fully implemented yet. Until then, there will be no documentation. Then it shouldn't be in the stable release, I guess. Well, I guess perhaps I'm not the idiot who couldn't figure it out. And just a fool for believing it had to work under some co...

Amm0

If not, then maybe I have to upload screenshots step by step of it.

I wrote down some basic steps here too, which include a BASIC initial example of using file-share.
viewtopic.php?t=215498#p1132887

Amm0

Automatic DNS chalenge on the router will only work for MikroTik's subdomains, because RouterOS will not be able to automatically update the DNS records of the domains owned by you, unless you write some scripts yourself. All correct. The cloud-dns does at least provide some "automatic" b...

Amm0

The interfaces I imagine have a fixed-sized ring buffer for memory... so more interface, more fixed buffers needed, thus more memory.

Amm0

LOL. I just read in thread about AMT, also in a RNs, but someone ask support about: MT said, that they are still testing it and it's not fully implemented yet. Until then, there will be no documentation. But it is pretty ridiculous at some level. Is that hard by the time something goes to "stab...

Amm0

@Sindy claimed that updates for LetsEncrypt (LE) certs are now built into ROS and therefore don’t need to be scripted anymore. We don’t use LE, so I haven’t bothered to verify this. What’s the actual situation with this? Do you know where? As of Dec 2024, in "What am I missing about Let's Encr...

Amm0

+1 It's annoying that for years you cannot renew the LE certificates without complex scripting that requires you to open port 80. I suspect few people mess with certificates as result, or do it once and then just accept the "Unsafe!" browser messages when it expires. Despite all the platit...

Amm0

The option to disable the test MUST be configurable , meaning RouterOS is not following the RFC . I'd stick to the compatibility argument.... That's a better one. You're wrong on RFC: SHOULD == "RECOMMENDED". MUST is specific term in RFC lingo, and it's not used here... but MUST == REQUIR...

Amm0

I still dont see export in winbox4, can you take a jpeg so i know where to look..... Geez, I should actually look. It is not there. I would have sworn I saw in the right-side panel at some point. I could be crazy. But I'll blame the generic look of WinBox4 for me not noticing I was looking at the m...

Amm0

I'm not saying it a generic solution. The UI should be improved, that the is underlying problem. As you know, I focus more on automating RouterOS than, explaining the sometime unexplainable UI. ;) How to "share a peer" is a 2nd order problem if you're not using BTH (or using BTH from witho...

Amm0

Yeah, if you're going to use this as a router, it's not going to help. There is no way out of either using the native app (WinBox), web interface (WebFig), or one of the mobile apps. The CLI from serial, terminal in any GUI, or ssh/telnet is all the same. This page describes the basic command struct...

Amm0

You can largely follow the direction here to bring up a container: https://help.mikrotik.com/docs/spaces/ROS/pages/84901929/Container You should be able to use "alpine:latest" as the tag (or search in forum for most complete instructions for alpine or ubuntu). And in /container/mount, you ...

Amm0

Nope. And unlikely. RouterOS value, IMO, is that is a relatively fixed schema and consistent interface around Linux networking... so that it is NOT a hodgepodge of different Linux tools and files with variant schemes/file formats/etc. There's a learning curve to RouterOS config/scripting, but the id...

Amm0

Yes do pray tell. How best to send this QR code to another ROUTER in a secure manner How to best to send this QR code to a single device , smartphone in a secure manner How to best to send this QR code to a a single device, laptop in a secure manner. The problem is that the there is no secure alrea...

Amm0

This came in another thread, https://forum.mikrotik.com/viewtopic.php?t=215429, about the limit of the "WG Export" for WireGuard peer (i.e. not allowing some customizations). So I made a function to wrap getting the WG export, putting in a file, then using NEW "back-to-home-file"...

Amm0

Anyway, it was a long way to say "+1" here. Well, I feel that the WireGuard in routeros is functionally flawless. Agree, it's usual story as else: operationally things work and stable. But when some config option is missing somewhere, it does turn into a LOT more work since there there is ...

Amm0

Yeah this is kinda the root problem here... modified manually, [...] I pass it to the client in text file or use QR site like <https://www.wireguardconfig.com/qrcode>. While that site does the conversion on the client-side (i.e. in browser's JavaScript, NOT on server)... Still cut-and-paste the WG c...

Amm0

How can i move my Connections and Settings from one MAC to a new one ? I have not tested the theory, but you'd should be able to copy the contents of: ~/Library/Application\ Support/MikroTik/WinBox from one Mac to another. To access that folder in Finder, use Go > Go to folder... ( ⇧ ⌘ G) and enter...

Amm0

I'd listen to PortalNET commentary above, and worry less about the CPU: The secret that no one will tell you.. either because they have not lost time testing.. is the NIC cards... in order to suceed with Multi-CPU x86_64 on RouterOS v7.15.xx stable version.. is the Network cards... because they are ...

Amm0

Note2: Am I blind I dont see an export function.......... It is a right-side action in WinBox4. Now I thought it was in WinBox3 as button... but you're right it ain't there... the peer export is CLI only in WinBox3. Now WinBox3 does have the "WG Import" button that could take an export, b...

Amm0

Well, the Info.plist bundle identify is indeed fixed. Bad news is I know since that does appear in crash dumps. On version "4.0.98018" when double-clicking on a port in /system/console, winbox4 crashes with the report below. Everytime. Happens on macOS 15.3.1, connected to CHR with two ser...

Amm0

In the final analysis sending the private key in any shape or form is NOT a SAFE approach. On this one, that a good use case for the new /ip/cloud "file-share" feature in 7.18. As you can use that more safely "share" that "WG Export" file, without BTH. For example, the...

Amm0

If you are setting up for another router, my quick question is, CAN an MT router accept a QR code and install a wireguard instance based on that??? Another Mikrotik can take the standard WG config file to "import" a peer. /interface/wireguard/wg-import ( or "WG Import" in winbox...

Amm0

You can get a QR code in CLI, WinBox3, WinBox4, or WebFig - but you need to BOTH populate the "Client Xxxx" values & also scroll down in the dialog box - I think the scroll bars may hide or whatnot, so it's not always obvious the QR in on the peer. I didn't answer since post is really ...

Amm0

The QR has has been in CLI for a while:

/interface/wireguard/peers/show-client-config [find]

interface wireguard peers show-client-config.png

And it the commands "conf:" output that the OP wants to change, but cannot.

Amm0

@anav knows WG well... but since the "Client Configuration" acts like CAPsMAN with it's "inherited" values, he ignores it ;). Now, the underlying problem is the UI around the generated client configuration/QR should NOT be next to the peer keys, etc. & should be a separate &...

Search found 5371 matches