MikroTik

Amm0

Given the likely enormous effort they put into new WinBox, and the largely unnoticed new redesigned WebFig in 7.17 that looks just like winbox4 ... I'd imagine the answer will be BOTH web and app... So the controller app will likely just have different choices on side ("Routers", "APs...

Amm0

That is, currently in the file found at WinBox.app/Contents/Info.plist , you will find the lines: ... <key>CFBundleVersion</key> <string> 0.1 </string> ... Well, it matches the "my.example.com" as bundle id string, in same Info.plist ... although that's vendor is not visible in Finder. Bu...

Amm0

We went from something that worked fine on windows and emulated well on others, most of the time, to something that doesn't work as well as the old one anywhere... Yeah, I feel the same way. I really hope MT won't retire v3 before everything’s up to par. Well, the "saving everything"/&quo...

Amm0

*) dhcpv4-client - allow selecting to which routing tables add default route (additional fixes); [...] That would be great for DUAL-ISP setups and regular changing IP [...] I'm still looking for a "Check Gateway" option in /ip/dhcp-client as that's ALSO needed for "DUAL-ISP" set...

Amm0

While I like the feedback in "green bubble" (or red too) status that appear after a commit ("OK"/"Apply") ... they could use some attention in usability. I guess it's related to the "dirty fields" problem (i.e. two updates to same field, before winbox knows it...

Amm0

Given the Super Bowl in US... Amm0's container&script superstore is now offering ... Easiest way to install a RouterOS * — via URL: utm://downloadVM?url=https://github.com/tikoci/chr-utm/releases/download/v7.17.2/RouterOS.utm.zip *assuming you have an Intel Mac with UTM installed — To install UT...

Amm0

What does "my Mikrotik" mean in terms of model number? Yup, not a lot details to help. In general, most RouterOS get full speed, even without bypass. It the spurious "use it for a hotspot service" - on same Mikrotik, or is that seperate? Perhaps try a speed-test to @TomjNorthIda...

Amm0

Not sure why UDP down did not work. In both bandwidth-test and speed-test, The UDP port maybe blocked by default firewall for UDP. For TCP, there is a connection tracked, so that works fine. But for UDP, the remote side starts, so nothing from LAN->WAN got that tracked. Also it can use a different ...

Amm0

In beta5 pull container from https://registry-1.docker.io doesn't work I'm using https://registry.hub.docker.com as you're supposed to according to some sources (including Podman). Works great. Mikrotik has changed their mind a few times, so registry-1.docker.io was in docs at some point. FWIW, I t...

Amm0

Next step - creating MT cloud mountable FS with FUSE, something like https://github.com/fangfufu/httpdirfs :) We'll here is a write up of my notes on how the HTTP works inside file-share. Maybe ChatGPT can whip you up something ;) ?list - get the JSON you'd need To get a list of directories, use a ...

Amm0

FWIW, sometimes I show `bash` code since folk like to suggest "give me a real shell for RouterOS"... I think forget it's actually more tedious than RouterOS scripting. ;). Personally, I'd prefer WebDAV to newer custom protocols to mounting files, since WebDAV is an RFC & Apple supports...

Amm0

Yes DoH/Adlist works fine for me using Cloudflare. For those waiting for my response from Quad9, it hasn't happened. ticket No 39674 Well, still information... Just not good information. I'd imagine they have less folks than Mikrotik, and trying to run geo-redundant servers independently – not an e...

Amm0

On that device, IPSec is hardware offloaded, while WG requires CPU... Hardware offloading on hAP lite??? No, it's not :) True. My bad! I thought complaints were on hAPac2... My main point was changing two things at same time, makes it hard to judge which is the bigger performance issue. i.e. V6+IPS...

Amm0

I did but checked today and the new supout didnt show, I must not have completed the add process properly. Added it just now and its visible in the conversation trail. @anav, did they get back to you? Been following your saga here for a while on what should be a simple for someone as well-versed in...

Amm0

On that device, IPSec is hardware offloaded, while WG requires CPU... Question be how well does the IPSec config on v6 work when used as-is on v7 - that be more apples-to-apples test, given IPSec offloading. But no doubt RouterOS v7 uses more RAM than v6. And I'm sure more optimization is possible i...

Amm0

And some other supported modems are ... brand/model ? It is not MikroTik's job to direct you to their spec sheet Since this is the beta thread... questions and feedback should be encouraged — without insulting comments from others . I made the points I want to make about eSIM — it was feedback to M...

Amm0

I have hundreds of LTE devices I do not believe Well you don't know then do you? No need to believe - someone knows. Do they not sell things to customers who have questions? If they spend weeks developing a feature, is too much for Mikrotik to say something. There are physical SIM card that contain...

Amm0

Re "new eSIM support"... (and @pidro - my complaints were more toward MT - point being distilling forum posts that should be in docs is annoying) - Not sure if this update contains the fix and I can't test it at the moment. - I'm using with a 5ber eSIM [...] turned out 5ber did some change...

Amm0

I really like the eSIM support and works great, however it's not complete as only the following 3 parameter can be used Hello pidro, do you have an eSIM that requires the Confirmation code? Can you please contact us at support@mikrotik.com? Do I have to ask support to even know modems eSIM commands...

Amm0

I've giving the new "file-share" a try in the 7.18 beta. It's working pretty, outside minor kinks, and /ip/cloud/file-share likely have a lot of useful applications. It should be noted file-share does supports uploading files too, which you can do from the web page at the "File Sharin...

Amm0

Anyway, has anyone tested this over WG? Would that approach even work over WG or over VPNs?

I've never use AMT anywhere, so sorry for basic question - just the concept/config scheme look simpler than other approaches to tunnel multicast over a L3 VPNs.

Amm0

I really like the eSIM support and works great,

@Mikrotik, Is there a list of modems modules that the eSIM feature works on?

Amm0

Oh, X11 scaling is scary... :-) Is this on i3wm by the way? Yes, i3wm. Winbox must be a disappointment to i3vm users... always organizing these overlapping winbox windows "manually" seems a PITA ;) MacOS Sequoia has nifty tiling options , so I feel the pain. +1 for some "Tile" o...

Amm0

I'm pretty sure that the example above doesn't cause any harm though. Basically it's helpful in most cases to prevent a totally wrong admin-mac= be "left over". And I'd imagine stuff like RTSP and LLDP might start having issues or oldies if it was wrong, or it kept changing (but that be d...

Amm0

Do I understand correctly that we are addressing the potential problems of having auto-mac=yes, which is the default setting for devices with no configuration? And by 'no default configuration' we mean no config whatsoever (not even Quickset), right? And the potential problem (or one of the problem...

Amm0

Perhaps if we joined the EU..................... My question is how that work with frequency bands... Currently, Canada largely the FCC rules. For Wi-Fi, that likely better. For 5G/LTE with Mikrotik, you may be better off with EU rules... That lovely hAPaxLite-LTE6 is quite affordable but worthless...

Amm0

QuickSet works fine in latest versions. But since some routers come with older versions, some older versions on some devices did have bugs. Specifically one where if you changed the IP address and DHCP range, it only pick up the IP address, and set the /ip/dhcp-server/network to be 0.0.0.0/0. You co...

Amm0

I'm having an issue after upgrading. I'm getting a message under bridge vlan: # duplicate vlan ids are not allowed due to interface list support, please merge vlan entries into one I have eyeballed the config and don't see any duplicates. Things seem to be working, but the message is concerning and...

Amm0

The most practical application I can think of is my intention to host an NAS for images/video, and have it accessible by globally located family members etc. Zerotier may be the best way to allow users to access, load, organize etc.............. my only concern is inadvertent deletion of files........

Amm0

Well, I'm actually surprised it's not in the UI. AFAIK, winbox/webfig UI is, mostly, automatic from the schema. And the current implementation of the controller only let you set only half dozen attributes & all are pretty "regular" from RouterOS schema. Perhaps other than our BNF frien...

Amm0

I followed Quad9's documentation (https://docs.quad9.net/Setup_Guides/Open-Source_Routers/MikroTik_RouterOS_%28Encrypted%29/) [also listed above] and it was working but Netflix on my TV thought I was in a different country (Eastern European by my guess on the language). Are there any ways to fix th...

Amm0

1000% agree on overall need for "non-reference manual" presentation in docs, whether "user guide"/"by examples"/KBs, whatever... just there is a void between the "per command" view today and how to setup & use the router. On ZT controller docs... The ZT se...

Amm0

/zerotier/controller # as array set [find] routes=("2.0/24@10.1.1.1","17.0/8@10.1.1.1") # or as string set [find] routes="2.0/8@10.1.1.1,17.0/8@10.1.1.1" # both forms work - so routes US military and Apple IPs to a ZT member at 10.1.1.1 # & resolve the 2.0 into 2.0...

Amm0

FWIW, I do have a test script I've used before to enable the controller. I changed it to more closely match mikrotik instructions. You should be able to cut-and-paste to /system/script, then run the system script. That will output the current ZT configuration things. To setup a new fresh controller,...

Amm0

The guys at Mikrotik are various levels of user friendliness :-). The given example is one such. Actually it is exact and not in the least vague. LOL, so true. But an short example wouldn't hurt... And the do check the BNF in docs exactly – include the [@Gw] – but what happens without a route desti...

Amm0

Check out multicast UDP in the rules engine: https://docs.zerotier.com/rules/ I think the default rule do allow multicast, so if it's not your rules.... If RouterOS is bridging ZT interface to LAN, then you need to set "Allow Bridging" on the ZT controller side for the member. If you're r...

Amm0

I would prefer terminal UI to be something like Midnight Commander where navigating through ROS sections can as navigating through directories in MC and in it rules listed like files list with configurable colums to show per row (like in Winbox). Entering the rule some dialog can be shown as form f...

Amm0

Make backup, netinstall 7.17.1 and restore backup. That's not how I see it. Export config Netinstall Import config again. The whole "restore" process is complex... This decision would depend if user had an /certificates installed. An ":export show-sensitive" does not contain tho...

Amm0

The LtAP has a small 2GHz antenna inside, so it far from best for Wi-Fi performance in my limited experience with them. But @sindy is right, some data help. But my guess be "distance=" under Advanced, should be "indoor" - if not that can cause a lot flakiness. To check, go to &qu...

Amm0

Che differenza fa? [What difference does it make?] ¿Che cosa? Easy to say when you're the "top poster in Italy"... But now I'm envisioning some SQL "SELECT count(post_id) FROM posts WHERE user = x..." * 1M posts * 100K users * X "bots" * N full scrapes Maybe phpBB does...

Amm0

So the scripts here are part of multi-year background project to build some interactive TUI (terminal user interface) over RouterOS, many covered by my other Scripting topics. But it takes a lot of parts - the "scripting VLAN bridging" part is covered here. We'll be on Mars before I'm &quo...

Amm0

[...]Save the fiddly details for those who actually need to know them. [...] I have thought about a 7.16+ version @pcunite's VLAN/multiwan guide, using scripting functions. Mikrotik has done good work in scripting – and VLAN bridging – of late… [...] 3. In 7.16+, there is NO need to explicitly set ...

Amm0

In System > Scripts, winbox4 will not save a script larger than ~64KB, which may be reasonable. But the problem is the edit box will ALLOWED to enter >64KB – without any indicator your beyond 64KB in the edit control. The really nasty effect comes when you try to Apply or OK a script source with >64...

Amm0

This brings up a good question. Is the RB912R supposed to have the R11e-LTE card included? Nope. While it is a bit confusing with all the LTE talk (and I do believe GPS is still built in) but it does say: The LtAP mini ... with integrated LTE antennas (with two u.fl pigtails) and miniPCI-e slot, so...

Amm0

Maybe this helps: [find dynamic=no vlan-ids=[:if ([:len [:find $"vlan-ids" "<VLAN_ID>"]]) do={:return $"vlan-ids"}]] LOL, I thought some [find (code)] trick might work – it was the embed :find in the find I didn't think about. Good work! Now whether a "configurati...

Amm0

Can the quick zoom and magnify shortcuts in macOS be changed? I'm accustomed to using them with the trackpad on Command, and it's easy to accidentally touch them. I actually run into this one myself on Mac a few times*... It's actually pretty "sluggish at zooming" when you it too. It real...

Amm0

Maybe there just re-using topic id/hash for now, IDK. There are 104 topics FWIW.

@normis was hopeful earlier:

More CEF features are in development for the next betas

But some unique "log id" has long been missing... so hope that is part is included.

Amm0

If it's multiple people with Quad9 over DoH having issues, "someone" really should file a bug with Mikrotik and/or Quad9, if it's repo'able. Mikrotik does not always take some action from the forum. DNS is so critical to things & ideally DoH be 100% reliable... but errors in DNS often ...

Amm0

LOL. I guess not may folks have tried scripting an existing bridge's trunk ports in 3 years... This problem is since /interface/bridge/vlan's vlan-ids attribute is an ARRAY type... so [find vlan-ids=10] does not work against the array type. I was hoping I was missing something google/search of forum...

Amm0

I have 32KB script and it is not possible to add/edit it over Winbox, crashes it on save, but over WebFig works. Interesting. Sounds like it's a Winbox issue, not a script limit. I'm on Winbox 3.41 in case that makes any difference. FWIW, limit is 64KB in V7. But even in 7.17, /system/script/edit w...

Amm0

https://mikrotik.com/supportsec And it doesn't look promising when topics like this quickly gets deleted https://forum.mikrotik.com/viewtopic.php?t=214285 Still indexed by Google https://www.google.com/search?q=%22RouterOS+7.17+Firmware+Vulnerabilities%22 Well, in fairness, they do publish a "...

Amm0

Please FIRE your designers! One more crazy design decision. All tabs have the same color and this small line on the top of a tab is absolutely inconspicuous and barely visible. Return back as it was before. That was definitely bad design decision. It was a problem before to know which tab you were ...

Amm0

My problem with mikrotik has been over the said period 9.9.9.9 DoH is giving me various timeout /drop issues vs cloudflare. why that is I don't know, it's just easyer for me to just use Cloudflare DoH. Am i happy with that situation, No, but it must be better than Google! You could file a ticket wi...

Amm0

Well, "improving security of the users" by making changes and then not documenting them is effectively the same as denying 3rd parties. While, I don't doubt Mikrotik's efforts or good intent. It's the communications and attitude about security is downright lousy. Security topics deserve s...

Amm0

Don't check the boxes in each of those logs in System>Logging for "dns", "wireguard", "ntp", "dhcp". You DO want the checkbox enabled for "!debug", "!packet", "!raw" things, under the "Topics". Like topics=wireguard, ! d...

Amm0

use direct WinAPI calls to draw text (DrawText W ) without any libraries. [...] May be some day they'll realize it... Thanks for making me feel old, that worked in the 1990s in Win32s. But Winbox3 likely starts with DrawText A (), so may be a while... On that, I w ish M T take s tyling c ues from W...

Amm0

@normis, any update on the controller ? Last one from @normis was Sep 22 last year, but not what you were looking for... ========== NEW QUESTION ========== Thank you all for input. New question. What specific features would you like to provision in these controller type of setups. What is your #1 u...

Amm0

To be clear: I am NOT suggesting that defconf be applied when upgrading RouterOS. [...] Entirely by their own request. [...] Except it will reset only the firewall. I think it’s a pretty good idea for a lot of reasons. +1 - I love the idea. I feel like the default firewall keeps improving, so it be...

Amm0

Attempt5: " Damn, I forgot the keys in the car! "
Attempt6: " I wonder if these glasses make me look smarter? "

"We're going the taking shit about device-mode forever - don't blame me"

Amm0

Does device-mode get reset during factory rest to defaults?? or once they are enabled on hardware, they persist? Documentation doesn't say. One probably needs to test to find out... See https://help.mikrotik.com/docs/spaces/ROS/pages/93749258/Device-mode I'm not a fan of device-mode" but the d...

Amm0

Could it be related to the MikroTik Devices Controller ?

My guess is that webfig717+/winbox4 being "done" is the gating item there, I'd imagine they'll re-use those UI components, but those aren't done given the Winbox4 beta thread

.

Amm0

We've seen over the course of the V7 various changes to permissions and policy. Like, well, ":global" is truely global anymore, etc.... So exactly how to expose "persistent variables" in existing policy model is where some thorny issue may come up, since the underlying user/polic...

Amm0

FWIW, if you already have some procedural script with a lot of variables, which @k6ccc likely has... you cannot so easily just put everything in new local functions, since you cannot access other local variables/functions. (And, yes @optio, there are tricks like your [$mylocalfunction parentvar=$par...

Amm0

Because this time with device-mode s–t no one want lock his devices, so less persons than before do tests... I almost don't want to report this... But noticed "cloud" or "file-share" are not selectable in device-mode. If the whole of idea was minimizing the attack surface, we're...

Amm0

with the awesome UI and filtering of v6 [...] and especially filters with a UI and not by manually writing every filter. I'm still pissed I lost the "dynamic-in" rules – still no equivalent in V7... /routing filter add chain=dynamic-in distance=1 set-check-gateway=ping set-distance=1 whic...

Amm0

*) cloud - added file-share feature; I may be expecting too much, but to me it seems quite reasonable to put one thing together and imagine that they are creating an infrastructure for "desired state automation". I agree, lots of use cases. Like SMS/"Telegram"/etc notifications ...

Amm0

9.9.9.9 DOH still doesn't work properly for me, I have serveral drops per day. 1.1.1.1 works a treat! I watched a video from the Quad9 CEO [... —] I'd trust the Swiss to run DNS, more than these Californians billionaires ;) FWIW Quad9 guy did another interview recently - I guess the all the trackin...

Amm0

I also thought about using json, but... [...] So, in conclusion, layer7 is certainly not going away anytime soon, but hopefully by the time it is removed, it will be possible to use serialize and deserialize using the text field of a script... A possible solution is to convert everything into a bas...

Amm0

It is confusing initially. The /container/mount "src" is the RouterOS directory, so that can be anything, with any levels of nesting desired. I don't use PiHole but given the above, but I do something like this: SRC -> DST /disk1/pihole/etc/pihole -> /etc/pihole /disk1/pihole/etc/dnsmasq -...

Amm0

I have not tried a MC7455 since they add the "/interface/lte/show-capabilities" - now it could be the capability is wrong and blocking what otherwise would work... I have scripts that use at-chat with MC7455, so that worked at some point I know for sure. And I filed a bug long ago about th...

Amm0

Nice AMMO. A touch of skepticism is always healthy. So just plain 9.9.9.9 no DOH etc.? Yeah. For me, no DoH... Now I get the logic of DoH to "hide" your request - totally valid. It's just not my concern - someone, somewhere is collecting the DNS queries is my thought. So I'm not a big fan...

Amm0

Maybe I'm missing something here... but this "device-mode" thing seems REALLY problematic... [...] This seems like the death of MirkoTik in our network at this point... or, never upgrading past 7.16.2 ... I'm kind of in shock. Am I reading this wrong? That was the theme from the 7.17beta ...

Amm0

It's not it's SENDING data to Mr. Black – worse case is some random website doesn't work if something got on his list which be easily remedied. Since it's a static file, no info is leaking out from "adlist" either beyond what normal would (i.e. something NOT on the list). I don't use any l...

Amm0

Maybe, an overhaul of Dude is the new controller.

We could only hope. Or, just add Dude features into winbox4.

Amm0

You got no channels, not even for GPS – so something is not right. You should see 2+ channels with a 100D USBCOMP. I'd try adding more logging on LTE, and pay attention to the startup — maybe there is a clue on the "unsupported" for at-chat... I've never need at-chat not work or get that m...

Amm0

Does at-chat work with MC7455 when using mbim mode? I know it worked at some point on miniPCIe in wAPacGR, and with 100D since GPS worked too. I don't have MC7455 online to check RN, but I can see it "did work", at least with MC7455 (and MC7354) specifically. I'm using EM7455 (with mpcie ...

Amm0

@rextended, Then as a scheme for /24, this is easier without breaking balls, easy readable... 2 = 10.0.2.x 3 = 10.0.3.x ... 99 = 10.0.99.x 100 = 10.10.0.x 101 = 10.10.1.x ... 109 = 10.10.9.x 110 = 10.11.0.x 111 = 10.11.1.x ... 999 = 10.99.9.x 1000 = 10.100.0.x 1001 = 10.100.1.x 1002 = 10.100.2.x Tha...

Amm0

Yea! That looks like it works. You could confirm it's removed by running the "$catvlan" again and it should everything with a [] empty array.

Amm0

@eddieb - thanks again for testing! - I put an updated 1.3 version with, hopefully, a fix for the bad-behaving :convert on MIPSBE. I put the relevant fix for scripting-denizens in post #20 above. [eddie@ccr1009] > :foreach testnum in=(1,60,128,256,257,512,513,4094,4095,1024*1024,1024*1024*1024,1024*...

Amm0

Internal Scripting Notes... so I still think it's a bug. More convinced now that look in more detail. i.e. Even if I give Mikrotik that :convert follow CPU endianness, the array size should be consistently 8: 128 got byte-array: 128;0;0;0;0;0;0;0 (8 array) 256 got byte-array: 1;0;0;0;0;0;0 ( 7 arra...

Amm0

Interesting, good find. It's the CPU, your hAPac is a MIPSBE, while I'm using ARM things on my two test devices for this. The geeky explanation is that "BE" in MIPSBE stand for big-endian, and this affects how numbers are stored in low-level memory blocks, which somehow effecting [:convert...

Amm0

Thanks! It seems some bug in [:convert to=byte-array]: == use :convert to make a byte-array so we can get at the IP parts ... got 60;0;0;0;0;0;0;0 I'm using an ARM-based RB1100 mainly, and another ARM system to test. == use :convert to make a byte-array so we can get at the IP parts ... got 60 == ve...

Amm0

almost ... [eddie@hap] > $prettyprint [$pvid2array 60] "ipprefix": "172.75.0" Hmm. Somehow the "highbits" in vlan-id are NOT nothing, which is how you ended up with that. But I don't know how yet.... I do know the "75" comes from that it thinks highbits are t...

Amm0

tnx for the arry fix, that one seems solved after I replaced the code in /system/scripts/autovlan and ran it ... but it creates a strange network ... My bad. And thanks for testing!!! I updated the script, v1.2 with a fix. There was a new global, "autovlanstyle" also add in the update. Bu...

Amm0

It's in the "known issues" in post #1 . ********** STATUS UPDATE Dec 13 *************** Known issues to be addressed : [...] Can't ping DNS name But in general winbox4 really should resolve DNS (or have some content menu/shortcut) on the client side... I mentioned this in #1197 : Feature r...

Amm0

/queue type add kind=cake name=qcake /queue tree add bucket-size=0.01 max-limit=20M name=queue1 packet-mark=no-mark parent=ether1 queue=qcake @tangent has a good article on configuring CAKE: https://tangentsoft.com/mikrotik/wiki?name=CAKE+Configuration&p There are a lot of subtle tweaks that mi...

Amm0

As a VLAN outsider, this all looks excellent to the point that I can see myself directing newbies at it and saying, “Just do it this way.” Save the fiddly details for those who actually need to know them. Yeah I'm working towards that… As you see above, there might be bugs ;) And likely more cleanu...

Amm0

[eddie@hap] > /system/script/run autovlan [eddie@hap] > $mkvlan 60 not an array [eddie@hap] > $catvlan 99 not an array [eddie@hap] > vlan 99 already exits on that router. it does not create or shows a vlan suggestions ? It turns out some code in catvlan might not work when run from /system/script (...

Amm0

I agree that not reaching cloud.mikrotik.com might not represent a full internet access problem and the service could just be limited or degraded. Yeah that was my only point that "wan" generally means there is internet. For example, in past /ip/cloud things have gone down for short perio...

Amm0

DONE!! I guess you could also add one more email when detect-internet goes to "WAN state". This would happen if you can ping google DNS 8.8.8.8, but not reach Mikrotik's servers (via UDP). The app says something like "Internet (Limited)" if in WAN state, while if "Internet ...

Amm0

No I think it's a totally reasonable approach. I use /interface/detect-internet in default config on detect-interface-list=WAN since Mikrotik's mobile app show the internet status on the app main screen... And correct, it's "safe" as long as as you do NOT set the "three bottom attribu...

Amm0

alternative "numbering plans"... I realized it should have some choice of "style" for how the PVID/vlan-id is converted to an IP address. And, just note, you can always use that part of the $pvid2array and $prettyprint code without the rest of the automatic config stuff, like yo...

Amm0

Bookmarked for future use! 🙏 It could still use cleanup, and alternative "numbering plans"... Despite my commentary on the forum on esoteric scripting topics... my business use for scripting is automating doing config, or output setting without running a dozen CLI commands. Yet there actu...

Amm0

/interface detect-internet set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN I'm not sure I'd the use automatically adding interface to WAN or LAN interface list. You already have to interfaces defined as WAN to even use detect-internet. And sin...

Amm0

I'm just glad in 7.18, MT finally allowing you just select/install packages like UM from /system/packages, without download/unzip/"copy to router" steps. This whole drag-drop or smb/scp/ftp/etc files was more work than needed, given it's a set of well-known list of packages...

Amm0

I was hoping in the /ip/firewall/connections section of the new Winbox you could also filter by Ports.. I posted this same thing several months ago (https://forum.mikrotik.com/viewtopic.php?p=1106664#p1106664) and got no responses. Agree it's annoying you cannot filter by ports. But it's also a pro...

Amm0

@nichky - I only commented since initial suggestion of plain/unqualified [find] was a BAD idea. But I didn't test the mtu= part myself.

@anav
Where is???

Easy to confuse, we're all one country over here now.

Amm0

workaround open terminal /log/print and copy what you want This is a joke, right? The other way to look at is someone being helpful. Now if I'm looking at the log view in winbox...I'm probably not already in a terminal...so that quite a few steps. But Winbox's log view in general could use many imp...

Amm0

First, these function will only work on 7.17+ , and must have a /interface/bridge with vlan-filtering=yes enabled. The "functions" below wrap operations around VLANs – including DHCP server, interface list, address-list, etc. They employ a few "scripting tricks" internally (inclu...

Amm0

Outside of /ip/cloud/file-share... Also, I notice /ip/smb causes a crash on RB1100AHx4 with RAID1+bfrs when accessing from MacOS. Now, I do have 30K+ files (if you include ones inside /container), but also has 60GB disk and not caused a crash in previous version. But it seems very repo-able since an...

Amm0

Well I'm more for X.509 authentication, but the world is against me with these API key schemes. You can argue these thing both ways. I trust the https://mikrotik.com/client/supout viewer enough that shows just a file listing... And file or using some "sensitive" is certainly better than th...

Amm0

That's curious finding. Maybe router mode is employing some queue and/or tunnel....

Amm0

if username, password, etc. are defined in the script, put them right inside the function.............. For that, there is the $SECRET function that stashes them at least persists a password sensitive attribute. It far from ideal, but better than putting them directly in a script IMO: https://forum...

Amm0

*) cloud - added file-share feature; It's the first public beta, there might be (for sure there are) bugs. Thank for the report, will investigate all the issues described. Did some testing of "file-share", so have a few more nits ;). This actually might be useful for SMS/text/etc notifica...

Amm0

I don't see any obvious obstacles for changing this behavior and making local variables available inside of local functions. Local functions are located in a single script and can't be used anywhere outside of this script, so I think they should see all local variables defined prior to the function...

Amm0

So the correct sytax to reset all ether1 parameters to default values, except comments, is:
Code: Select all
/interface/ethernet reset [find where default-name=ether1]

The "where" is redundant AFAIK, so not sure why you show that. I am missing something?

Amm0

Stop suggest using "0" and use interface name. If you're working at the Terminal, using the numbers is fine – you need to do a recent print of course, which was shown.... It's only in "background" scripts where using "0" or other numbers from a print is BAD idea & ...

Amm0

In RouterOS local functions... local variables within a local function are local only the function & local function cannot access other local variables. Local variables are always "scoped" to (e.g. available in) the code blocks they are contained (i.e. within the { }), and local functi...

Amm0

Yup, "reset" is the command to, well, reset something to default. Most RouterOS config items support the "reset" subcommand. FWIW, at the Terminal prompt, you can do a: /interface/ethernet print /interface/ethernet reset 0 mtu= In @ConradPino's example the [find] will find all et...

Amm0

Interesting, thanks!! I believe, in the app, if you want JUST the LAN (which let other network traffic go out wi-fi/lte)... you can use the ⋮ next to the connect, and "Edit", the allowed addresses to remove 0.0.0.0/0 and replace it with your LAN subnet(s). By default, all traffic goes thr...

Amm0

loctite?

Amm0

It‘s not about being able to reach the media (even DNS works fine). The question is about performance of routing between the different ip ranges for large amounts of data like 4k streams I cannot say I've run performance benchmarks*. But I'd imagine you should be able get 50Mb/s or more through the...

Amm0

Just to link the threads, this is kinda a continuation of this one: https://forum.mikrotik.com/viewtopic.php?t=213760 And @Larsa as usual has a good point... I got a bit distracted by RoMON in your other thread... But if everything is connected by ZeroTier, you can use its route distribution system,...

Amm0

LOL. They are bad about "progress"... it's either fixed, your problem, or in limbo. I'm just offering hope - it being "open" rather than closed is in keeping with Mikrotik's minimalist communications. And by adding a comment, you go back to top of someone's queue I think. ;) On y...

Amm0

If you post the data you're getting or spec, that help... In 7.16 and above, the :convert can do some of the arithmetic. And all version support bit shifts/OR/XOR/ANDs when dealing a number type. Exactly the right incantation, some recieved output help... At a high-level, you can do: :put [:convert ...

Amm0

If you login to Jira at help.mikrotik.com, you should be able to find your ticket. You can add a comment to ask for an update and/or add another supout.rif with the problem. Although, sometimes they don't say anything, if they think it's a problem and don't have an answer (and they escalated). ;) No...

Amm0

Anyway, this release is shaping up much better. 7.17 was a mess, I lost the RAID in the first 7.17 beta myself and containers didn't start etc. With 7.18beta2, I had no issues. I'm guessing Mikrotik would rather see case to support@mikrotik – with a supout.rif – on the 7.16.2 upgrade with kernel dis...

Amm0

You really should be able to use your media servers IP address while connected to BTH, without doing anything. Now if your media server app does discovery to find the media server, that won't work... you need to use the media server LAN IP address (or a DNS name defined in /ip/dns/static) in the med...

Amm0

Perhaps use the "Upload" button in Files, instead of drag-and-drop... End of the day, the package MUST be in the root folder, otherwise it will not be found after a reboot to install – at boot ONLY the root directory / is searched for *.npk files. (If this is a test system... you can use 7...

Amm0

IDK for sure it will remove old data... but in the "Settings" (on top tool bar), under "Charts", there are settings to control retention. By default, it's 10 years. Something to try at least.... Dude Retention Settings.png But it does prune the data, so year back data should be p...

Amm0

Okay, I got the /ip/cloud/file-share feature almost working. However @normis's comments do not quite match my experience: it only opens up the file share and has a valid HTTPS certificate. Webfig is not opened to the world, when you enable file share. It is a different service. I had HTTPS enabled i...

Amm0

How this works? Has someone tried already? *) cloud - added file-share feature; I enabled it, or at least I thought, but doesn't work. It says running, and looked based on BTH's relay service to share files over internet. /ip/cloud/file-share/settings/print enabled: yes dns-name: <sn>.routingtheclo...

Amm0

And it returns in 7.18 reincarnated!

/ip/route/check dst-ip=8.8.8.8                                 
     status: ok            
  interface: wan2  
    nexthop: 1.2.3.4

Amm0

This one could use a bit more explanation... *) cloud - added file-share feature; Now it did work to create a /ip/cloud/file-share ... but the URL with "routingthecloud.net" does not seem to work in browser (it gets a 404). Is this for BTH use only? i.e. I noticed the /ip/cloud/back-to-hom...

Amm0

NICE WORK. I'm undecided on what to report the most beautiful, besides the FastTrak, I should copy half the list... Indeed. Upgraded a RB1100AHx4, KNOT, and CHR(s). The RB1100 has some auto-start containers with ROSE RAID/bfrs & all just came up – which includes MQTT and LoRa server, and 7.18be...

Amm0

Based on at tip in from Amm0 I changed HA from branch “stable” to “latest”, installed HA container and it worked! 😊 from https://forum.mikrotik.com/viewtopic.php?t=214037#p1120343 # ... add veth and networking config ... # SSD is at "raid1/" and layer-dir= and tmpdir= explicitly use the &...

Amm0

CHR will have drivers for the virtualized network drivers... Otherwise, AFAIK ARM64 native build does not have a lot of drivers.

Amm0

Understandable. I regularly complain about this. But it has not improved for North American LTE/5G users — and newer LTE devices are even worse the older ones. The original CAT6 modems at least worked with AT&T and T-Mobile... but newer "refreshed" LTE devices, generally with "(20...

Amm0

None work "great" and no 5G options for US. The LTE6 will work okay with AT&T, albeit 5G and limited to CAT6 speeds - but it does at least couple CA modes for AT&T. And LTE6 may work for Verizon, in some areas, but it's without Verizon's Band 13 – which VZW widely deployed/uses – t...

Amm0

Did you try using the fully qualified remote-image, i.e. including :latest. This worked to create HA on a RB1100AHx4, which 32-bit too. # SSD is at "raid1/" and layer-dir= and tmpdir= explicitly use the "real" disk /container/config set layer-dir=raid1/layers registry-url=https:/...

Amm0

The "!dns !package" log rule will mean "debug" (or anything NOT dns and NOT package - which is a log. In general, the "double negative" rules really make it difficult to predict what will happen since it's essentially "everything else"... So may be more OTHER ...

Amm0

If they followed them, by hypothesis, all of them, they would do yours in 20 years.

I guess someone wins the lottery...

And, their AMT implementation does look simplier than PIM-SM or IGMP proxy (x2). Hopefully AMT works with WG tunnels to add multicast.

Amm0

Did you try from the CLI to set the DHCP Option? I suppose it's possible winbox/webfig used ߵsmartquoteߴ or some unknown Windows locale/code-page/keyboard thing in winbox... This will explicitly update any existing entry, if any unicode was present the CLI will strip it. /ip dhcp-server option set [...

Amm0

"Only critical bugs will be fixed in Winbox 3" . Sounds crazy, right? Not really. WinBox3 has not had new features for a long time... so I think it's been in the "only critical bugs" even before winbox4 came out . I think when you start seeing some "new winbox protocol"...

Amm0

Unfortunately yes. For example if you merge different office locations within OSPF over p2p wire guard links. In that case you have different networks in most cases, and to get for SMB share, printers etc to live across offices you still have to rely on WINS. Or use Active Directory (either MS or S...

Amm0

WINS is a 31-year-old, obsolete Microsoft legacy service Agree. But still really curious on what drives any use case for WINS... But just to answer the question... you can install samba in an Alpine container, and enable WINS in it's config (and add LMHOSTS, have RouterOS DHCP set container as WINS...

Amm0

You need to open up the File window in winbox, and drag the file to the blank spot in the window - not the menu itself – so that .npk package appears at the root directory inside Files dialog box. Then do a System > Reboot. You check Logs to see if has any messages after reboot after copy'ing the UM...

Amm0

I maintain the fat-chr project, so it's possible to add a variant for a 1MB aligned VHD image in future – but I'm not sure that's whole problem here with Azure Gen2 +ARM64... Basically the ARM64 build is different animal...Mikrotik has suggested it's really for AMPERE-based systems... so it may not ...

Amm0

[...]measurement unit jumps left/right depending on the order of magnitude of the numbers. eg. comparing "1.0 Mbps" and "1000.0 Mbps" the position of the Mbps are different - it moves sideways depending on the value and I find this distracting to read Agreed on alignment & M...

Amm0

ARM64 CHR may need NVMe disk, I think, although not 100%. I recall some issue with QEMU where the fix is to use NVMe emulation.

Amm0

Are you running the latest stable version (7.17, or 7.16.2)? e.g. Some devices come with older versions, and I want to say there was some bug someplace in TZ auto-detect and/or NTP in older versions. FWIW, Mikrotik has a build in time sync in /ip/cloud, so there is not a specific need to use your ow...

Amm0

Good idea. It let you "queue" some action simply... Now you can always have the last action of schedule script to remove itself. But this is a bit trickier...as there is NO "this" variable to know what script you're in (/system/scheduler/remove [find name="$name"] will ...

Amm0

Yeah I really don't know for sure on this one. Only guesses... Presumably the generated config should be the generic peer configuration, and it's totally unclear what the 0.0.0.0/32 is for from docs... It would be nice hear from someone at MikroTik about this! Agreed. Mikrotik really should write up...

Amm0

Good question. IDK exactly. But agree I think it's superfluous when using the generated config in a normal WG client. It is NOT a /0 default route, rather a /32 — so not sure it's be useful if normal WG app, unless some client app used "0.0.0.0". But dunno My only WAG is it's used by their...

Amm0

The "Who's Online?" from the main forum page has been removed too. I suspect they blocked the "public profiles", to reduce the URLs that could be scraped/DDoS/whatever...

Amm0

Since 7.17 is forcing me to use new Winbox instead old one, that i'm used to it, How does it forcing you to use new WinBox? WinBox 3.41 works fine on 7.17. Yeah...you might want to explain what you mean... i would like to ask if there is a way to fix comment section under connections, that i would ...

Amm0

Why and what traffic is coming in from the dynamic BTH interface that is added? [...] the counter increments steadily without a BTH client out there. So what traffic is this, mddns? Seeing as you have persistent keep alive set to the relay server, the router keeps in contact with the relay server??...

Amm0

I can see that an autosupout was created at the time the process halted..should I send it to MT for investigation? Perhaps a case at support@mikrotik.com. The path and layer-dir= is about the only knobs I know to try here... Make sure to generate a new supout.rif with the current state and include ...

Amm0

in macOS, on Winbox Terminals, it is no more possible to input ^ or ~ characters without having to make copy-paste. That's odd. I can use both the caret and tilde fine in Terminal, on MacOS, using latest beta. Are you using an external keyboard, or perhaps foreign keyboards might cause a difference...

Amm0

Hmm. Can you also change tmpdir=usb1/pull in /container/config (settings), to remove that slash too?

If that does not work, you could try to the the "layer-dir" in container settings this specifies where the layers are stored:
/container config set layer-dir=usb1/layers

Amm0

Try using root-dir=usb1/ha (without the leading /).

RouterOS file paths do not start with a /, and while some item (like /container/mount) will ignore a leading slash /... root-dir= is very picky.

Amm0

migrate to other forum software that supports load balancing, high availibility etc
Im 100% sure one can do this with PHPBB and HAProxy
https://www.haproxy.org/

+1 to haproxy

It has been flaky today too...

Amm0

While it's nifty trick to use [:parse] to create new globals or use one without a declaration... In most cases, your better off using an array-of-maps or array-of-lists & using TWO :foreach loops. And bad examples of using [:parse] to have "dynamic variable names" are even less helpful.

Amm0

"Most" clients will be automatically set the TCP MSS correctly (assuming ICMP/"ping" is not blocked in the path), but it's not 100%. And why "it worked for a while, then some device broke it..." So using an adjust-mss action makes sense for WG - keep in mind it only app...

Amm0

Please be patient, we will have some new features in ROSv7. :) Well folks have been patient... But even the new REST API, which borrows the API query syntax, does not support regex either. So it's useful beyond just the older API, since I'd imagine REST just proxies the native API. If API supported...

Amm0

If you create a pcap with your ping from the router using sniffer, and they use that same pcap in traffic generator does it work? IDK why the Juniper might not see it. But again if something generated is malformed, perhaps it drops it. Or, if IP/arp was wrong, then generated traffic might not be goi...

Amm0

The CHR solution looks cool, but CHR + server looks a bit to much for me right now. [...] Maybe flashing the RB951 with openWRT + Zerotier (I hope this is not a sin to be told here) Most commercial VPN services (Nord, SurfShark, etc.) don't allow port forwarding, so that not a viable options. I'll ...

Amm0

Yeah ZeroTier works pretty well for these cases. While WireGuard and EoIP+IPSec be alternatives if you have a public IP someplace where you can do port forwarding... But without a public IP, you need another router someplace with a public IP that the MIPS RB951 will initiate a connection, and the re...

Amm0

Yeah maybe @normis has a clue here. I am trying to follow the MT documents. While I get it... that would include doing a /system/reset-configuration no-defaults=no keep-users=yes IMO. And I bet everything would work. I doubt the docs assume anyone has custom firewall rules or VLANs in their docs... ...

Amm0

If you're running 7.17rc, you need to enable the traffic generator in /system/device-mode (see 7.17 thread here, or docs).

Otherwise, it's possible you're not generating a valid packet that be dropped before your router sees it. Do you see it on the Mikrotik touch or sniffer locally?

Amm0

IDK what's going. I've always seen the rules, but only have a couple test devices, both are running 7.17rc. Although this was all working in 7.16 too. I'd try again, and NOT use the smartphone app - IMO that makes this MORE configuring unless you really do have "factory defaults". So disab...

Amm0

To cut to chase, you're right that if you have customization in /ip/firewall/filter things get more complex. I think the underlying assuming is that you do NOT have any modifications to the default firewall.... Now why some are missing, it's possible that unless you have an BTH peers that have "...

Amm0

1. Do I need to keep the IPV6 addresses, even though I am strictly using IPV4, in other words does MT relay server require that for all devices?? IPv6 address are not required on the peers or router, although it will be generated in the sample/exported/shared config. But on IPv6... keep in mind if ...

Amm0

You might want to post your config. I believe the default configuration is empty, so routing might not work out of the box.

Amm0

Is there a way to just simply remove the login username by default? Nope, or at least no documented way I could find. And, agree, it's annoying. Considering Mikrotik encourages everyone to NOT use "admin" as username (i.e. to add another element to a password attack), it a poor default th...

Amm0

I don't know if there any other users of my $ROKU script, but in the latest RokuOS update some permissions have changed that will break the script . Specifically "ECP" which is the web service used to control the TV via HTTP over the LAN. So to keep using the script, you must enable on the...

Amm0

Not "simple" at all.

And here I thought you like making things more complex.

Amm0

One only needs the APP to create the first user ( the smartphone itself ). It automatically turns on BTH VPN, and creates the first two entries! I had thought one needed to manually turn on BTH VPN in ip cloud first. It's likely best to do it phone BTH app - so you can test it first. But doing it v...

Amm0

FWIW, both modern Windows and MacOS desktop OSes support using DHCP options to detect the captive portal, which /ip/hotspot support (returning the JSON needed by Option 114). Now hotspot also does all the older DNS/redirects schemes too - which @mkx is correct, they don't as well these days since ne...

Amm0

A certain Amm0 :wink: explained how hotspot can only take care of the wifi part in a post in one of the two threads I mentioned: https://forum.mikrotik.com/viewtopic.php?t=208023#p1077781 Your memory is better than mine. But despite my poor summary there... I'm pretty /ip/hotspot applies to any LAN...

Amm0

We have many similarly configure LTE routers, so it's easier for me to test that a version works before dealing with anything remote... But if you got just one and it's remote, that makes it harder... Especially if it's stable for hours and then dies, that's sounds really annoying... Their support i...

Amm0

If you can't disable the interface without a crash, that seems like bug somewhere. I'd file a ticket at support@mikrotik.com, and make sure to include a supout.rif when you have the problem. If it keeps happening, you can also try running 7.17rc (+upgrading the boot and LTE firmware too for 7.17), w...

Amm0

This thread has a few approach to a similar problem: https://forum.mikrotik.com/viewtopic.php?t=195386&hilit=captive+portal Basically the options from that are: 1. Create a [largely unused] captive portal on new VLAN, with update HTML with your "Out of order" sign. For maintenance, you...

Amm0

I wasn't sure if it internally used in matcher if the = was "ip-prefix" type. Apparently not, according to MT's @mrz in this thread ( https://forum.mikrotik.com/viewtopic.php?t=103590 ) from ~8 years ago: I recently became aware that you can use a "in" operator in a command line ...

Amm0

The part of the story missing is the LTE metrics. If you're doing monitoring, adding RSRP, RSRQ, and SINR likely be useful since it could be on the LTE carrier side (i.e. time-of-day, changing bands, etc.) which some data either confirm or rule-out. Now the dramatic drop in traffic might indicate so...

Amm0

Never bridge VETH interfaces with physical ports, it will disable hardware forwarding. "Never" is overly strong, but because it's a consideration worth taking into account, I've added it to the list of consequences The loss of HW forwarding is a good point, and a valid consideration. With...

Amm0

but FASTTRACK works with a "change MSS" in the ppp profile?

MSS adjustment happens on first/"new" TCP SYN packet & "new" connections not covered by fasttrack established/related rule...

Amm0

With my ISP you normally have to pay a subscription for IPTV and get a TV-Box. But if you don't subscribe and pay nothing, the IPTV multicast streams with all the channels are still available on the ethernet connection that PPPoE uses, not in a separate VLAN, free of charge, you just don't get the ...

Amm0

Couple questions... 1. Is the LAN bridge using auto-mac=no? – if it's =yes, then it's possible VETH become the "first interface" in the bridge, in which case it changes the bridge MAC address to be VETH, which may have some side-effects & using a admin-mac= is generally a best practice...

Amm0

Did you try using query (.query in REST POST)?

/ip/route/print
?active
?dst-address=10.10.10.1
?#&

Now if you got multiple responses, your code have to deal with getting the first from the array, since there is no "pick" in API.

Amm0

Well, at least we have a test of AI's AGI abilities - if an LLM can figure out RouterOS config, we're got AGI and domed. But seems were long way from that... Change the "/interface mdns" to: /ip/dns/set mdns-repeat-ifaces=LAN-34,IOT-200 And, the firewall rules are likely not optional, but ...

Amm0

Yeah point being there are three possible places to update: 1. /system/package 2. /system/routerboard/update 3. /interface/lte/firmware-upgrade & with LTE likely best ALL align (and/or at latest stable), since over many releases I have see weird things with LTE (no showing up, not running, disap...

Amm0

The automatic search feature in the Brother Full driver did not found the printer (I expected that cause they were not in the same broadcast domain). After putting the IP statically - printer was found immediately but installation failed. Even adding a FORWARD rule of allowing ALL from VLAN34->Prin...

Amm0

Yeah that one says TWO modems, and TWO SIM. But none going to run RouterOS™.

Amm0

On routerA it's needed because routerB is trying to connect to the routerA thought the internet and without that rule firewall would drop the traffic. Perhaps there is some outbound traffic from that port that opens up a hole in routerB allowing response traffic? Anyway, I think it does not hurt to...

Amm0

This is using /zerotier/controller. By the way, in this case are there any flow rules I can edit? I am asking because now RoMON goes through the ZeroTier interface, but OSPF does not discover peers in any broadcast mode, it only works if they are defined statically. But for 80 peers, I obviously pr...

Amm0

Good write up! Few points: - BTH does add all the firewall stuff automatically - that's why it "easy"... while doing it "by hand" on RouterB you do have to allow the WG port otherwise it be blocked by the default firewall's drop WAN in rule. - AFAIK, the BTH "server" ru...

Amm0

To be fair on the posted image, also Huawei claims the same. It seems more likely that it is something lost in translation (or whatever) connected with amazon than originating from the manufacturers. RouterOS do sounds generic, it is a router and has an OS ;). I believe you can report them to Amazo...

Amm0

I found this about WinBox encryption https://margin.re/2022/02/mikrotik-authentication-revealed/. No idea if the author was correct or whether it's still relevant to the current version. It's actually documented as ECSRP for key exchange and authentication [...] AES128-CBC-SHA as an encryption algo...

Amm0

Sorry, /system/routerboard is where you upgrade the firmware (but the "firmware"/BIOS is called RouterBOOT).

Amm0

Yes, I too am going that very path :-) I just have ordered 2 LTE sticks, and will first test a solution on the PC (Linux), and later move it to a dedicated small router device... On Linux, if mbimcli works (assuming ModemManager is installed) then it should work on "real" RouterOS.

Amm0

I heard they were discussing Latvia buying Cloudflare...
Or is it the other way around?

LOL. Perhaps,

Latvia's GDP = $43.63 billion
Cloudflare, Inc. (NET) market cap = $39.71 billion

Amm0

Help!
How can I post an image here at all?
Is only an external link possible?

When you do a reply, below the text box/button there a tab that says "Attachments", you can add a graphic as a file, then use "Place inline".

Amm0

@anav is right, but it is unfortunately ironic that the "easy-to-use" QuickSet method is fraught with bugs and caveats. On the specific issue, QuickSet messing up /ip/dhcp-server/network with 0.0.0.0 is known issue in some combo of older versions AND older default configuration built-in (/...

Amm0

Yeah the whole idea of $SECRET is that it uses /ppp/profile password= variable, which in RouterOS policy is "sensitive" - you indeed you do need policy permission for it. Now the main benefit of using a "sensitive" attribute to store the "secret" is that stuff like API ...

Amm0

I'd make sure you also upgraded the firmware in /system/routerboot to match. If that matches, then... it may be worth it do a backup, and upgrade to the "testing" channel with 7.17rc. I recall others some issues with LHG specifically in 7.16 or 715, so doing another search through forum ma...

Amm0

While I mainly use Mikrotik router as LTE devices, I do have one site with an inherited Cudy LT something. Amazon is wrong, it's not RouterOS. It has decent web UI, but all the features are pretty fixed in how they work and there aren't a lot of customizations. Small example, Cudy's do support ZeroT...

Amm0

the way, I solved the RoMON issue with ZeroTier: I had to enable bridging mode for each peer. This is when using /zerotier/controller for your peers? ...or using my.zerotier.com service? I ask since the default flow rules for ZeroTier's cloud service will block RoMON. In which case, you need to add...

Amm0

In general, a USB stick with LTE should work via USB, and multiple via a hub should too. But not all modems are compatible, and some may require issuing AT commands to switch modes. Mikrotik has a list of modem here: https://help.mikrotik.com/docs/spaces/ROS/pages/13500447/Peripherals#Peripherals-Ce...

Amm0

Attempt4: Why did I volunteer to attend this event for Viktors......

I think the PM's drug-sniff dogs excluded him from the event.

Search found 5078 matches