Community discussions

MikroTik App

Search found 4747 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 16
by Amm0
Thu Dec 05, 2024 12:28 am
Forum: Containers
Topic: How can I get veth1 to work?
Replies: 13
Views: 1030

Re: How can I get veth1 to work?

So disk1 is getting created on the flash, with the path of "disk1"...
Do you have a USB or other disk connected?
Because... you may be out of disk space on the flash... Check /system/resource/print and look at free-hdd-space.
by Amm0
Tue Dec 03, 2024 4:57 am
Forum: Beginner Basics
Topic: Port forwarding FQDN
Replies: 3
Views: 279

Re: Port forwarding FQDN

The RB951 does not support containers, but running the Cloudflare container be best way to get traffic to the Mikrotik. You can create a dst-nat in /ip/firewall for the port to enable port forwarding. Since the FQDN point's the router IP, that's all that's technically needed. Your relaying on the se...
by Amm0
Tue Dec 03, 2024 4:42 am
Forum: RouterBOARD hardware
Topic: Product idea: switch in RB5009 form factor
Replies: 3
Views: 561

Re: Product idea: switch in RB5009 form factor

The RB5009 / L009 format factor is a winner. Mikrotik promised a "series" using same form factor in an older YouTube video. It be nice to have a switch to be able to combine multiple RB5009 in same rack. The one SFP is pretty limiting. Now I personally wished they had an "accessory&qu...
by Amm0
Mon Dec 02, 2024 5:03 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8827

Re: WireGuard Multi-WAN Policy Routing

Nothing prevents you from going to a different vendor, or using a different VPN then wireguard. Just suggestions..........
Or, Mikrotik fixes their implementation to work like the rest of RouterOS.
by Amm0
Mon Dec 02, 2024 5:01 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

*) implement opened windows list
Thanks. One subtle thing is the "keyboard help" shown at bottom should use the platform-specific terms for "Alt", which on Mac be "Option" or the ⌥ symbol.
OptionNotAlt.png
by Amm0
Sun Dec 01, 2024 10:45 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 8827

Re: WireGuard Multi-WAN Policy Routing

Sorry your trivial case nonsense is pure BS. Many folks that come here for assistance have normal multi-wan setups, not all can have specialized, niche vpn WAN only setups. It's not trivial. Mikrotik has plenty of users that use iBGP/OSPF/etc. One could also equally argue that Mikrotik focus on hom...
by Amm0
Sat Nov 30, 2024 6:50 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 667

Re: Adding existing preformatted disks

Nope. ;)

But they don't say version etc, so yeah compatibility might be tricky but dunno obviously... So worth a ticket.
by Amm0
Sat Nov 30, 2024 5:40 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 667

Re: Adding existing preformatted disks

@mkx is correct, RouterOS basically uses the Linux kernel, but not the Linux tools. So AFAIK there is only the hardware encryption with OPAL that is support. You can file a feature request at https://help.mikrotik.com & see what Mikrotik says. They have been adding things to ROSE, and some softw...
by Amm0
Sat Nov 30, 2024 3:16 pm
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 591

Re: First script problem - just won't execute

Wow lots of ways to do this. I was answering the scripting question, since I figure your trying to learn scripting. But I too was not sure what you're trying to do.... If you have a "backup WAN"... typically you'd put a script on the "primary WAN" DHCP to change the default rout...
by Amm0
Sat Nov 30, 2024 5:58 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 591

Re: First script problem - just won't execute

It can be inside {} but NOT between attributes, which else={} is actually a property of the :if.
by Amm0
Sat Nov 30, 2024 1:35 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 591

Re: First script problem - just won't execute

At least one problem is the comment in the :if - else= is an attribute and you cannot just insert a comment in-between (i.e. the "# Else at least one such route exists") If you paste in into CLI, it show you where the problem is too. Or, even syntax checking in /system/script/edit which sh...
by Amm0
Sat Nov 30, 2024 12:04 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 591

Re: First script problem - just won't execute

That is a script for /ip/dhcp-client. $bound does not exist in /system/script.
by Amm0
Fri Nov 29, 2024 11:26 pm
Forum: General
Topic: Bug - Hyper-V CHR after upgrading 7.14.1 to 7.15 [SOLVED]
Replies: 1
Views: 234

Re: Bug - Hyper-V CHR after upgrading 7.14.1 to 7.15 [SOLVED]

That's an odd one. Since you're saying allocating more memory helps, I guess it's possible if there is a new driver that allocates some memory buffer. The docs suggest : The minimum required RAM depends on interface count and CPU count. You can get an approximate number by using the following formul...
by Amm0
Fri Nov 29, 2024 11:13 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

I do prefer winbox v3 but I am afraid that in the future I will not be able to use Winbox v3 anymore because newer RouterOS will not support it anymore, meaning I will be forced to not update my routers, which I realy don't want to do Mikrotik could comment on this.... But that may not necessarily ...
by Amm0
Fri Nov 29, 2024 11:05 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1486

Re: Wireguard routing

Actually AMMO, you can use a single wireguard interface, and just use a different IP address schema for the road warriors, if you need some granularity over firewall rules..... Yeah that's true: different peers + subnet is enough for firewall. A different interface only adds using the different por...
by Amm0
Fri Nov 29, 2024 7:44 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1486

Re: Wireguard routing

Have you consider just using a dedicated subnet for the WG between site A and site B, then using normal routing (/ip/route) instead of WG's allowed-address to handle routing? Also, I don't know if you control the IP numbering (i.e. if the sites are operational)... but using a 10.<site>.<vlan>.x for...
by Amm0
Fri Nov 29, 2024 7:36 pm
Forum: Beginner Basics
Topic: Turning off default SMB and DLNA
Replies: 3
Views: 310

Re: Turning off default SMB and DLNA

I would have thought that would have worked...

You can also be explicit to disable SMB:
/ip/smb/set enabled=no
(the default is "auto" AFAIK ... but I'd thought the /disk auto-smb-sharing=no mean auto in /ip/smb be =no)
by Amm0
Fri Nov 29, 2024 5:32 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 667

Re: Adding existing preformatted disks

It's closed source, so you cannot diff the modules. But you need ROSE installed for encryption support, and drives need be Opal complaint: https://help.mikrotik.com/docs/spaces/ROS/pages/259031065/ROSE-storage#ROSEstorage-Self-EncryptionDrives Does this encrypted disk mount on another plain Linux sy...
by Amm0
Fri Nov 29, 2024 5:18 pm
Forum: General
Topic: RouterOS blatantly ignores pref-src. Can this really be a bug?
Replies: 39
Views: 2439

Re: RouterOS blatantly ignores pref-src. Can this really be a bug?

It is the user space applications' duty to then fill out the source address (see https://blog.cloudflare.com/everything-you-ever-wanted-to-know-about-udp-sockets-but-were-afraid-to-ask-part-1/#sourcing-packets-from-a-wildcard-socket). That's a good article, which likely explains roughly what's goin...
by Amm0
Fri Nov 29, 2024 4:59 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1486

Re: Wireguard routing

Have you consider just using a dedicated subnet for the WG between site A and site B, then using normal routing (/ip/route) instead of WG's allowed-address to handle routing? Also, I don't know if you control the IP numbering (i.e. if the sites are operational)... but using a 10.<site>.<vlan>.x form...
by Amm0
Fri Nov 29, 2024 2:30 pm
Forum: Scripting
Topic: copying file between directories with /tool fetch gives timeout
Replies: 8
Views: 548

Re: copying file between directories with /tool fetch gives timeout

Good to hear, it did seem like the firewall. I just thought there be a good chance you both had the default firewall & the loopback rule be in the right spot. Without config, guessing isn't always 100% accurate :). If you're only use FTP for the copy... you might consider restricting FTP to just...
by Amm0
Thu Nov 28, 2024 3:31 am
Forum: General
Topic: RouterOS blatantly ignores pref-src. Can this really be a bug?
Replies: 39
Views: 2439

Re: RouterOS blatantly ignores pref-src. Can this really be a bug?

It's roughly the same as this issue: viewtopic.php?t=205278&hilit=wireguard

Wireguard, for some unknown reason, is not treated the same as "locally generated traffic". So pref-src= is I'm guessing a similar victim.
by Amm0
Wed Nov 27, 2024 11:21 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

So in summary, its transparent to the end user, and hence why both apps can be used.
Yup. Just WG peer, with special DNS name.
by Amm0
Wed Nov 27, 2024 10:24 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 9
Views: 628

Re: Secure Remote Access - QuickSet VPN

Also, since the RB2011 lives behind the starlink connection and the unifi gateway, I think double nat is going to be an issue. I dont want to have the RB2011 as the main gateway. I think that having it hosted somewhere else might be a better option. Perhaps, but if the starlink is going to UBNT &am...
by Amm0
Wed Nov 27, 2024 10:21 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 823

Re: Why can I not use static ip_

Anyway, I still use the Automatic address acquisition which works fine without any issues. Just to be clear, you shouldn't need /ip/route or /ip/address if you using DHCP client. I was trying to explain how to set them IF you were NOT using DHCP client. But if a WAN has DHCP, in most cases that bet...
by Amm0
Wed Nov 27, 2024 10:17 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1673

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

Yeah the 40Mhz on 2.4Ghz always seemed silly to me. It the 5Ghz band where I just never/rarely seen anyone recommend/using 20Mhz (or even 20/40Mhz). And have wondered if either I'm missing something about AX thus the initial question... Seems I'm not alone. But do think using default 20/40/80Mhz cha...
by Amm0
Wed Nov 27, 2024 10:10 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

Well, BTH is actually useful for LTE for a router-to-router WG with a CGNAT. This is use case @normis does not quite get with the "always use app" approach, and why I persist in explaining it since regular WG will not use BTH's "relay" server hosted by Mikrotik to deal with hole ...
by Amm0
Wed Nov 27, 2024 5:20 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 9
Views: 628

Re: Secure Remote Access - QuickSet VPN

Or some cheap VPS in the cloud and install CHR on it, then use that one as pivot point for all Wireguard connections ? Shouldn't be too expensive ? Anav always claims it's about 7$ / month but I don't know what supplier provides it. I don't use it but I know some folks use https://www.vultr.com/pri...
by Amm0
Wed Nov 27, 2024 4:55 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

I am working on that bit ( improving docs ) and is why I am being nitpicky in my understanding. I forget, where do the firewall rules show up that allow a USER to access the WAN and possibly the LAN??? On firewall, there is an address-list named "back-to-home-lan-restricted-peers" in /ip/...
by Amm0
Wed Nov 27, 2024 4:45 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

You know its very annoying that your right ;-) Can we agree to blame Mikrotik's docs? :) BTH is actually pretty elegant since it really just uses DDNS to determine if proxy is needed, but always still plain WG. The docs are just bad (overly complex for simple case & not enough info for someone ...
by Amm0
Wed Nov 27, 2024 4:29 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 9
Views: 628

Re: Secure Remote Access - QuickSet VPN

@holvoetn is right, Back to Home is what you'd want to used for Starlink. I went to check the docs, but The Dude interrupted me, but he says the RB2011 does not support Back to Home: Dude RB2011 BTH.jpg You can use plain wireguard, but one side requires a static IP. So another option be to enable a ...
by Amm0
Wed Nov 27, 2024 6:33 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

Yup. App is not mandatory, as EVERYTHING can technically be done using RouterOS winbox/CLI alone. As @normis suggests, the app may be easier. Although just enabling BTH under /ip/cloud is not very hard either (i.e. it's a radio button, which enables BTH & gets you 1st WG client, and then with &q...
by Amm0
Wed Nov 27, 2024 5:42 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

Not sure what you mean. If a user (not admin) uses the BTH app to setup a BTH tunnel after receiving the QR code, or URL link or export config file generated on the admins smartphone, then the user access is done through the BTH app, not the standard wireguard app. That why the app is more confusin...
by Amm0
Tue Nov 26, 2024 10:24 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1673

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

None of these give any reason why using 40MHz channels on 2.4GHz band would suddenly become a sane thing to do. That one I've never got either. I actually been using 20Mhz on both on most of the AX devices we use. I just NEVER see anyone recommend narrowing channel width for AX... which got me ques...
by Amm0
Tue Nov 26, 2024 9:12 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

The ROUTER initiated client peer, ( the one that should go on the admins smartphone ) can, via Managed Shares, create additional peer clients to the same router. The client peers (second created to infinity) CANNOT create additional peer clients. They are not equal..... Now I get the confusion. The...
by Amm0
Tue Nov 26, 2024 8:34 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 823

Re: Why can I not use static ip_

Could you check my port forwarding rules please? Although I follow the same way of opening ports for applications that I use, I still have problem with a few and I don't really understand why. Moreover, I have never been able to open any with UDP protocol. Does it need anything else? You shouldn't ...
by Amm0
Tue Nov 26, 2024 8:30 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 823

Re: Why can I not use static ip_

@jvanhambelgium: Hmm, I didn't think of it like this just to be fair. The ISP didn't instruct me to do anything, as I had always in my mind that static IP doesn't need any DHCP client to be enabled. It seems that I was wrong then. You're missing a default route in /ip/route for the gateway. To use ...
by Amm0
Tue Nov 26, 2024 7:28 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

It's WG, so all are peers. The app and /ip/cloud just always create ONE peer upon enabling it. If you need more, you need the "managed shared" (or /ip/cloud/back-to-home-users). On the "shared" ones, there is the additional option to allow-lan= so that the only difference AFAIK. ...
by Amm0
Tue Nov 26, 2024 7:18 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1673

Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

For years of Wi-Fi, the general recommendation is avoid large channel widths unless the spectrum is relatively clean. But I've never seen that recommendation for AX devices. I know AX uses OFDMA to better handle this and large channel widths are needed to get "max speed". But most of my us...
by Amm0
Tue Nov 26, 2024 7:01 pm
Forum: Scripting
Topic: copying file between directories with /tool fetch gives timeout
Replies: 8
Views: 548

Re: copying file between directories with /tool fetch gives timeout

Why you do not download and save already the file on correct place instead of download on another place?
Fair point!

But given MT's recent focus on NAS things... some "copy" and "move" are still missing, which results in these kludgey solutions like FTP+fetch.
by Amm0
Tue Nov 26, 2024 6:56 pm
Forum: Scripting
Topic: copying file between directories with /tool fetch gives timeout
Replies: 8
Views: 548

Re: copying file between directories with /tool fetch gives timeout

Try using localhost as the IP, and make sure 127.0.0.1 is allowed in /ip/firewall/filter (and recent defaults generally allow it). While could a be a few things why this does not work... firewall blocking it be 1st to look at. Also note that in 7.17, if you're downloading RouterOS packages to instal...
by Amm0
Tue Nov 26, 2024 6:53 pm
Forum: RouterBOARD hardware
Topic: FCC Compliance Testing Support
Replies: 4
Views: 645

Re: FCC Compliance Testing Support

You may need Part 15 for other reasons. IANAL, but just using different antennas may fall under the FCC's "permissible change" stuff. But imagine Part 15 certification be cheaper than lawyers arguing about FCC rules. ;) They've just required that the radio be put in a mode where it transmi...
by Amm0
Tue Nov 26, 2024 6:24 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

I also understand that once folks have accepted the qr code on their smartphone app, or wireguard client app (laptops), etc. the results show up on the associated MT Routers IP Cloud tabs ( users ) and can be configured further if required ( add access to subnets, delete, and probably other options...
by Amm0
Tue Nov 26, 2024 6:15 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

anav:1 ammo:0 ( but whose counting) Except I'm not wrong. All BTH are just WG peers, and have QR codes. So just like any other peer, don't use the same peer twice. The advice to first one (/ip/cloud), applies to the shared ones too (/ip/cloud/back-to-home-user) - don't use them twice as they have a...
by Amm0
Tue Nov 26, 2024 5:28 pm
Forum: Containers
Topic: Issue with container not working on new HEX Refresh (E50UG)
Replies: 23
Views: 1733

Re: Issue with container not working on new HEX Refresh (E50UG)

You're not using an external disk. You might want to try setting root-dir=usb1-part1/pihole or whatever path you have (noting that paths do NOT start with / in root-dir=). Perhaps PiHole is small enough for flash, but IDK.
by Amm0
Tue Nov 26, 2024 4:02 am
Forum: The User Manager
Topic: Integration of WireGuard to UserManager
Replies: 4
Views: 1496

Re: Integration of WireGuard to UserManager

Impressive you got something working here! Another poster was trying to use Hotspot+WG to do this (https://forum.mikrotik.com/viewtopic.php?t=205625&hilit=hotspot) and that approach didn't work out so well it seems... But +1 - MT should have some way to directly integrate User Manager into WireG...
by Amm0
Tue Nov 26, 2024 3:10 am
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 726

Re: Configuring an additional container to host a local website

there is a "REST API" Better ? Sure, your commentary here is 100% spot on: If you find yourself needing a control plane for your routers’ containers, you will likely need to write it yourself. And it is kinda pedantic, but complex/hard is different than impossible ;). MT has mentioned &qu...
by Amm0
Mon Nov 25, 2024 11:54 pm
Forum: Beginner Basics
Topic: CRS326, CRS312, How do i setup DSCP for use with Dante?
Replies: 8
Views: 2818

Re: CRS326, CRS312, How do i setup DSCP for use with Dante?

That's a good question... I'm not the expert on the CRS326, and haven't tested Dante with it.... But same DSCP marks should work on a VLAN with Dante, if VLANs were setup AFAIK. And you want one bridge, see https://help.mikrotik.com/docs/spaces/ROS/pages/30474317/CRS3xx+CRS5xx+CCR2116+CCR2216+switch...
by Amm0
Mon Nov 25, 2024 11:09 pm
Forum: Wireless Networking
Topic: Mini ISP Setup, help needed
Replies: 9
Views: 569

Re: Mini ISP Setup, help needed

I guess my first concern would be the topology of the links. Specifically if you're planning on bridging or routing the various links. The bandwidth and router are more easily swapped than not having a good architecture to start. For PTMP (APs<->CPEs) and PTP (APs<->Stations) I will use Ubiquiti. An...
by Amm0
Mon Nov 25, 2024 11:01 pm
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 726

Re: Configuring an additional container to host a local website

I've updated my Container Limitations article to cover these latter details. I chose not to address the topic's primary question since you can cause this same port number conflict under Docker and Podman, too, most easily by giving the --host flag. I can't justify calling this a "limitation&qu...
by Amm0
Mon Nov 25, 2024 10:55 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 149
Views: 34723

Re: v7.17rc [testing] is released!

Following all the v7.17 topics, between various complaints, it's not clear what are the know issues.
Agree on known issues for beta, but by "rc", ideally there shouldn't be any.

Now device-mode does deserve "top billing" with the !) since it changes behavior...
by Amm0
Mon Nov 25, 2024 7:25 pm
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 726

Re: Configuring an additional container to host a local website

Yeah the mounts can be tricky. Especially since RouterOS only allows mapping directories, not files. In a full-featured container engine, you have to do both, but now that you mention it, yeah, container.npk ignores the EXPOSE directive, doesn’t it? Nope, EXPOSE does nothing. Now ideally it be good ...
by Amm0
Mon Nov 25, 2024 6:46 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

As I said, the docs are not very clear. But end of the docs does reference the commands. The wording at top of docs should be changed IMO. In other words, the router itself can only generate one setup via BTH, the rest have to be done from the Admins smartphone. Just waiting for NORMIS to confirm! B...
by Amm0
Mon Nov 25, 2024 6:25 pm
Forum: General
Topic: Winbox vs Webfig
Replies: 5
Views: 969

Re: Winbox vs Webfig

In 7.17, the difference becomes even less since webfig looks nearly identical to winbox4. So main difference IMO is winbox can do Layer2 / MAC address, while webfig is Layer3/4 / IP only. With the native winbox adding a few extras like sessions/workspaces, and associated multiple windows. Did you wr...
by Amm0
Mon Nov 25, 2024 5:33 am
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 726

Re: Configuring an additional container to host a local website

I think you need to change the NGINX config file to do this. I don't the EXPOSE has any effect. i.e. The DockerHub version of NGINX has a script that parses env variables to "passthrough", see https://hub.docker.com/_/nginx under "Using environment variables in nginx configuration (ne...
by Amm0
Mon Nov 25, 2024 2:01 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1538

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

Yeah I have same problem on at least one test router, and by "rc" this stuff should work... So I did open a formal ticket with supout.rif on this issue.
by Amm0
Sun Nov 24, 2024 11:47 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 149
Views: 34723

Re: v7.17rc [testing] is released!

The new webfig has a similar problem to winbox4 where that status/flags are very difficult to interpret. For example, LINK OK and NO LINK are radically different states - yet the only difference is the text inside. Screenshot 2024-11-22 at 7.31.57 PM.png Screenshot 2024-11-22 at 7.32.11 PM.png Being...
by Amm0
Sun Nov 24, 2024 10:20 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 149
Views: 34723

Re: v7.17rc [testing] is released!

Anybody give an OK for Hap ax2 running capsman, I wouldn't want my config to explode! You can try it without harm. Repartition the hapax2 with two partition, on part0, stay 7.16.1, copy that onto part1 and switch to part1, then upgrade it to 7.17. If it is messed up itself, you can switch back to p...
by Amm0
Sun Nov 24, 2024 10:14 pm
Forum: Beginner Basics
Topic: Question about PoE
Replies: 2
Views: 352

Re: Question about PoE

No. The hAPax2 "dual use" PoE port is passive, but it does support 48V input.
by Amm0
Sun Nov 24, 2024 8:59 pm
Forum: General
Topic: AWS Wireguard Slow
Replies: 21
Views: 1284

Re: AWS Wireguard Slow

You get what you measure... First, I think Mikrotik should publish MORE stats in general. There is already a lot of conjecture on this WG vs IPSec performance, without any good baselines. On the WAG'ing, I'd be looking at how the bandwidth test is being running before getting into questions about I...
by Amm0
Sun Nov 24, 2024 2:36 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

Hi Ammo reading the docs there is only one qr/code one can generate from the router itself, the rest if I read this right, is that you can easily create and manage additional Qr codes and send them all from the admin smartphone. The docs aren't entirely clear, but the "share" ones should ...
by Amm0
Sat Nov 23, 2024 8:42 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 388
Views: 360000

Re: NEW FEATURE: Back to Home VPN

Trying to understand BTH some more. Is this correct?? Bizarre that I cannot do this FROM or AT the router ????? Did you look in /ip/cloud/print (first BTH user), or /ip/cloud/back-to-home-users/show-client-config XX (2nd or more BTH users)? But I just notice is under /interface/wireguard/peer in Wi...
by Amm0
Sat Nov 23, 2024 5:50 pm
Forum: General
Topic: Mikrotik traffic mystery
Replies: 6
Views: 1072

Re: Mikrotik traffic mystery

Is the traffic getting fragmented? i.e. Are you sure it's 1500 MTU both ways. The packets-per-second on the slow link in half that of fast one....
by Amm0
Sat Nov 23, 2024 12:01 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 149
Views: 34723

Re: v7.17rc [testing] is released!

impossible that webfig skin designer is broken in a RC release. There was another thread where someone else in beta4 had the same issue. I'll note that it does work fine on a KNOT running 7.17rc1, but I reset the default configuration with the first 7.17 beta on the KNOT. But on the RB1100AHx4, it ...
by Amm0
Fri Nov 22, 2024 8:28 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 149
Views: 34723

Re: v7.17rc [testing] is released!

In the new webfig, I'm not sure the skin designer is working. I cannot seem to figure out how to create a new skin. When I do a "Design Skin", it shows a blank list and I don't see anyway to select things. Either I'm missing something in how to use new webfig's skin support, or it just is ...
by Amm0
Fri Nov 22, 2024 8:24 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 149
Views: 34723

Re: v7.17rc [testing] is released!

I like the colorization, but that's it. Agree with @eworm, it should not be in an export. And not sure the "extra" comments are needed in winbox/webfig if it's already colorized (but the color is kinda handy).
by Amm0
Fri Nov 22, 2024 7:22 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Utah and North Pole have spoken. Cloudflare or bust! @anav, I thought you'd like that pivot ;) And California be happy to take the tax revenue from Cloudflare. And, @wfburton isn't wrong RouterOS is pretty far from a "enterprise firewall". Installing Cloudflare's single exe tunnel in a NP...
by Amm0
Fri Nov 22, 2024 6:04 pm
Forum: RouterBOARD hardware
Topic: FCC Compliance Testing Support
Replies: 4
Views: 645

Re: FCC Compliance Testing Support

Probably best to ask Mikrotik, or perhaps Quectel. But for FCC Part 15, which you'd need to sell them, you shouldn't actually need any special commands. Now the LTE modem and various cell carriers are a different story.... that typically where you need the LTE modem into various test modes. So if th...
by Amm0
Fri Nov 22, 2024 5:49 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

This is turning into the IT version of Netflix doc "Don't F**k with Cats"... I'm not the expert but setting up DNS is just first step to setup Cloudflare proxy services, I think the purposal here is that HTTPS traffic go through a Cloudflare IP before getting to "real" phpBB. [.....
by Amm0
Fri Nov 22, 2024 4:58 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

There's no need to fake anything since there are no restrictions on anonymous access (tho creating a post is). Your suggestion might very well work, but it could end up being like robbing Peter to pay Paul. :D Perhaps. But if you're a guest... "user control panel" (aka /ucp.php) is an odd...
by Amm0
Thu Nov 21, 2024 10:34 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Side note: one added benefit from this whole situation ... spammers have little interest the past days for this place. What I noticed during the weekend was most of the "extra guests" (perhaps faking being a bot) were visiting the "User Control Panel" page, under the "Who's...
by Amm0
Thu Nov 21, 2024 10:00 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

Some call it space-wasting, others call it easier readability because text ist not squished together. I'm not sure there are many folks who like the extra spacing... And @eworm is right, the comment has more space between the item it refers, than the next/previous item does. It's like the comment i...
by Amm0
Thu Nov 21, 2024 12:32 am
Forum: Containers
Topic: Running GUI apps in container
Replies: 5
Views: 559

Re: Running GUI apps in container

The first immediately useful thing I can think of would be running The Dude client in Wine on an ARM router (that's also running The Dude's polling package) instead of running it in a VM on separate hardware. But alas, no wine package exists for Alpine 3.2. LOL, see https://forum.mikrotik.com/viewt...
by Amm0
Thu Nov 21, 2024 12:08 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

macos big sur 11.7.10
Yeah that version seems to be a trend. But Intel-based with MacOS Sequoia does work without crash.
by Amm0
Thu Nov 21, 2024 12:05 am
Forum: Containers
Topic: Running GUI apps in container
Replies: 5
Views: 559

Re: Running GUI apps in container

Great work here! after starting you will get some permission errors (we will check whats going on) I've wanted to do same X11/RDP/VNC/etc approach for a while... but got similar permissions issues before. Now I've never tried the "s6-overlay" approach to "multi-service containers"...
by Amm0
Wed Nov 20, 2024 9:41 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

the thing is, putting the useful and inoffensive stuff (such as cpu-frequency, without overclock) behind the same security-group as some other "more dangerous" settings (boot to ethernet-only, disable reset) will incentivize people to "unblock" this, defeating the purpose of the...
by Amm0
Wed Nov 20, 2024 9:20 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

It took longer, as the biggest change was hard to implement - tree views. Now we will continue with the rest of the requests and ideas in this thread. The "tree [+list] views" did sound tough...but great work! It's actually quite an improvement over winbox3 in the Files view! And 100% sup...
by Amm0
Wed Nov 20, 2024 4:29 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1538

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

I think it's pretty obviously broken, and worth waiting to see in the next beta release.

But for next time you can add attachments to forum post using the "Attachments" tab in the "full editor", and then say "place inline" after uploading.
by Amm0
Wed Nov 20, 2024 4:21 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Anyway, I'd be curious on the hearing the root cause from Mikrotik...
Won´t be all?
We don't know it wasn't some software update pushed by @normis late on Friday, that had some leak/etc that caused these issues.... ;-)
by Amm0
Wed Nov 20, 2024 4:08 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1538

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

Like I said, I think it's broken. I had some issues you're describing, and under 7.17beta5

Maybe there is some interface trick I'm missing, but it ain't obvious.
by Amm0
Wed Nov 20, 2024 4:00 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1538

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

Most probably user error. I don't think so. 7.17 is radically changed. I have not been able to create a new skin, since it seems to depend on what in the skin's .json file. Now my test router had none. So I'm not sure you can add items to the skin in the beta, only modify - or at least that has bee...
by Amm0
Wed Nov 20, 2024 3:23 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

IDK, maybe it should be. It COULD be. I wasn't trying to argue – not wrong from a pure business perspective hosting might make more sense, especially if uptime and low-latency were a concern.... But for Mikrotik it would be a sign of capitulation. And implication that any small/medium sized busines...
by Amm0
Wed Nov 20, 2024 3:12 am
Forum: The Dude
Topic: Parameters in a function
Replies: 1
Views: 395

Re: Parameters in a function

I have an example of using a function in a probe here: https://forum.mikrotik.com/viewtopic.php?t=192103&hilit=probe It does not use not function parameters, however. I just created multiple functions rather than take an argument. Reason being is I'm not 100% on how to correctly use arguments. $...
by Amm0
Tue Nov 19, 2024 11:49 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

I guess I'm saying Mikrotik runs VPN proxy (BTH) and /ip/cloud DDNS already. So some PHP should actually be easier than BTH to secure.....and why I present the question. As a data point, I ran a ping over the weekend, it was ~250ms from the west coast to Mikrotik/Lativia, with 1.5% packet loss – whi...
by Amm0
Tue Nov 19, 2024 11:27 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Not be the contritaian. Why should some cloud solution be needed? Because this is not their core business. Their routers aren't the best bet to fend off heavy DDOSs - and they shouldn't: it isn't their market target. IDK, maybe it should be. I just don't buy that every publicly visible site needs t...
by Amm0
Tue Nov 19, 2024 11:15 pm
Forum: Scripting
Topic: After /file remove interpretation error ?
Replies: 3
Views: 325

Re: After /file remove bug?

Well this important advice, gets lost among the unnecessary invectives...
never use $ on :global, :local and :set
by Amm0
Tue Nov 19, 2024 10:58 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Ah. This we agree upon: it's past time they shove it behind some Cloudfare or whatnot. +1 Not be the contritaian. Why should some cloud solution be needed? I'm pretty sure Mikrotik can fix this without 3rd parties. Maybe not. But Mikrotik's basic product pitch is nothing depends on the cloud. And I...
by Amm0
Tue Nov 19, 2024 8:01 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

This is nothing but a disguised attempt to decrease the use of this forum........
Or, Mikrotik is just hungover from their holiday.
by Amm0
Tue Nov 19, 2024 7:46 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

While cable cuts add some international intrigue and drama here... It does seem more related to application load, not network bandwidth.
by Amm0
Tue Nov 19, 2024 2:58 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Yeah it's still flaky today. I see 1300+ users online.
by Amm0
Mon Nov 18, 2024 6:38 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Are DoS attacks a holiday tradition in Latvia?
Image
Still flaky.
Even worse.
by Amm0
Sun Nov 17, 2024 8:09 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Still flaky.
The only question is: did Mikrotik pissed off someone, or is it just a bad programmed harvester?
LOL. That's my question here... I was kinda curious if newer/bad harvester, and not some attack. I guess it could be some attack targeting phpBB too.
by Amm0
Sun Nov 17, 2024 2:39 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

*) iot - added additional debug for LoRa logging; [...] *) iot - added new LoRa traffic FCnt packet counter parameter; On a positive note :). I have a KNOT with LoRa (+ 3rd party temp sensor) running 7.17beta5, connected to mosquitto and an old erlang lorawan-server container on RB1100 to run entir...
by Amm0
Sun Nov 17, 2024 2:09 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

*) webfig - status page is deprecated, old status page config will work , but can't be updated or created; A previously created webfig status page does NOT work , despite the release note.... I upgraded a wAPacR with status page showing LTE stuff, running 7.16.1 to 7.17beta5 — no status page is sho...
by Amm0
Sat Nov 16, 2024 7:44 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

A spike in session counts is usually a good indicator of a DDoS attack. Yup. I'd like to think it's still possible to self-host a 25 year old "web app" (phpBB here). i.e. without needing cloud services (AWS, cloudflare, Azure, etc.) or expensive enterprise security products. Perhaps not —...
by Amm0
Sat Nov 16, 2024 5:09 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

And it's still not working well...
There are not normally 1000+ real viewers on Saturday.
Screenshot 2024-11-16 at 7.07.53 AM.png
by Amm0
Sat Nov 16, 2024 4:57 pm
Forum: General
Topic: SSL certificate issue - wildcard Let's Encrypt
Replies: 3
Views: 367

Re: SSL certificate issue - wildcard Let's Encrypt

[...] Edit: i just compared, the chain.pem from LE is the same exact file as the r11.pem. Looks like there's a bug in the certificate handling/import process on Mikrotik. [...] I recall that without the delays I had problems with this process... Maybe there's some race condition there? A race condi...
by Amm0
Sat Nov 16, 2024 3:50 am
Forum: General
Topic: SSL certificate issue - wildcard Let's Encrypt
Replies: 3
Views: 367

Re: SSL certificate issue - wildcard Let's Encrypt

It's using the R11 certificate, not same as other thread.

Consult the LE web page: https://letsencrypt.org/certificates/
by Amm0
Sat Nov 16, 2024 2:43 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

In those markets you don't assume your customers are idiots, which is what device-mode assumes. Device mode is direct consequence of exactly this assumption. LOL. Perhaps. But device-mode needs more "sophistication" than just physical presence test. I got similar problem as @sirbryan, why...
by Amm0
Sat Nov 16, 2024 12:45 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

To be clear — IDK why the forum was getting 500 errors / hanging — I more was trying to make a joke. Now, I did see the active users being 1500 or so - but that does not mean there was an "attack" per se. But it be nice if Mikrotik posted the post-mortem on the failure, since it might a le...
by Amm0
Fri Nov 15, 2024 9:53 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 94
Views: 6805

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

I think Mikrotik is trying to prove the point about device-mode that DoS attacks are real. ;-)
by Amm0
Fri Nov 15, 2024 8:42 pm
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2002

Re: VRRP with single WAN and Single LAN Address

I'm not sure the VRRP address has to be a /32 when it's NOT in same IP subnet? At least in RouterOS 6, Yeah... I had a good handle on how this all worked. And on LAN side, all the same. But with V7, the effects of the new routing engine on VRRP is just not well described and subtlety different. Now ...
by Amm0
Fri Nov 15, 2024 3:54 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

Mikrotik seems to want to focus home users. So this trend is concerning, since disabling features is not root cause and shows a haphazard approach to security. Its my opinion the the Tik market is focused on small ISP, entrepreneurs, SMB's and the Home users who are enthusiast's ... In those market...
by Amm0
Fri Nov 15, 2024 3:04 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

How on earth disabling stuff like btest protects just anyone? Are there any documented cases of a feature missuse? no need to get agressive. yes, of course there is documented cases of misuse, even in this forum there are people who are asking why they have unrecognized accounts and unrecognized sc...
by Amm0
Fri Nov 15, 2024 12:43 am
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2002

Re: VRRP with single WAN and Single LAN Address

Still bashing my head on a wall trying to figure out how to use a single WAN IP address for the two routers I have created. The easiest is to use private addresses in the "WAN VRRP", and then NAT out the real public IP. Basically, the VRRP IP address does not have to be in the same subnet...
by Amm0
Thu Nov 14, 2024 8:25 pm
Forum: General
Topic: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.
Replies: 35
Views: 5047

Re: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.

Who guarantees that yourself on the github do not insert commands that create users and open backdoors in the router? The issue is you suggest that anyone who builds an open source script/framework and publish them transparently on GitHub is an 💀⚠️CRITICAL" ..."security issue". So yo...
by Amm0
Thu Nov 14, 2024 7:36 pm
Forum: General
Topic: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.
Replies: 35
Views: 5047

Re: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.

I'm not sure the "💀⚠️CRITICAL" is necessary. Everything here can be relegated to security "best practices". And applies equality to "cut-and-paste" scripts and containers. Or even the dude, which downloads the matching version. And winbox4 new's "Update Winbox"...
by Amm0
Thu Nov 14, 2024 5:25 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

Inline editing in "list/table view" would be nifty, i.e. no dialog needed would be nice feature.
by Amm0
Thu Nov 14, 2024 4:47 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

Those, when we click the "ok" button and immediately think "oh, no". The firewall rules aren't special, copy works throughout the UI... and I'm not sure changing how it works is a good idea. Among them is a disabled item would still be committed to "disk", so it anothe...
by Amm0
Wed Nov 13, 2024 7:21 pm
Forum: Beginner Basics
Topic: Dual APN Question - Use a second APN for a specific device
Replies: 7
Views: 927

Re: Dual APN Question - Use a second APN for a specific device

There is one rule with routing rules — the route MUST still exist in main, to be able to be used in another routing table. So you may want the use-default-route enabled on both APNs (or VLAN passthrough'ed), as that would deal with a changing public IP. Just set the default-route-distance higher on ...
by Amm0
Wed Nov 13, 2024 3:32 pm
Forum: The Dude
Topic: Inserting new devices images into the Dude
Replies: 2
Views: 246

Re: Inserting new devices images into the Dude

AFAIK, it like MIBs... you put it into the top-level "files" under the dude directory and it will be moved automatically.
And you can pick the new graphic on the device type to use it.
by Amm0
Wed Nov 13, 2024 3:20 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 246
Views: 28633

Re: wAP ax?

Honestly, maybe it's just my opinion but i have a feeling that cAP ac works better than all of this ax stuff... Maybe your memory is bad, but the old wireless drivers got a lot complaints for years ;). Something like a cAPac also take exacting configuration to work well too... The issue is both ax ...
by Amm0
Tue Nov 12, 2024 10:14 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

I'll take svg any day.
and SVG rendering support is one step closer to showing Dude maps in WinBox4 (something webfig has long be able to do, since browser has built-in support for SVG while winbox3 does not)
by Amm0
Tue Nov 12, 2024 6:55 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

suggestion — WinBox4 should use an image for QR codes There are various complaints about the QR code for Wireguard client in 7.17beta thread... I'm not a regular user of the QR codes, but everytime I've tried to use one, I have to adjust the phone and/or fonts/sizing/"something"... While ...
by Amm0
Tue Nov 12, 2024 6:26 pm
Forum: Beginner Basics
Topic: Dual APN Question - Use a second APN for a specific device
Replies: 7
Views: 927

Re: Dual APN Question - Use a second APN for a specific device

If the 2nd APN is working, you get a 2nd LTE interface. With that... At a high level, you need to add new /routing/table that has the 2nd APN's LTE interface as a /ip/route & use /routing/rules to steer the particular IP/subnet traffic to the new routing table for the 2nd LTE interface. But it a...
by Amm0
Tue Nov 12, 2024 12:17 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

Default configuration does not allow accessing webfig from WAN. Up to a point. The botnet on that article was composed by high end routers (CCR1036, CCR1072, CCR2004, CCR2116). Those have no firewall or protections whatsoever - since they are professional models. Yeah, that's makes the focus on dev...
by Amm0
Mon Nov 11, 2024 7:07 pm
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2002

Re: VRRP with single WAN and Single LAN Address

I do not understand what a "mirrored datacenter" means. Yeah that's kinda the central question here. Based on my now dated VMWare knowledge, but the general idea is that an "application" (i.e. CHR) didn't NOT have to be aware of redudency — since VMWare managed syncing all machi...
by Amm0
Mon Nov 11, 2024 6:33 pm
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2002

Re: VRRP with single WAN and Single LAN Address

I guess my initial question is if you have an investment in VMWare... wouldn't vMotion/etc work better? In that case you'd two identical CHRs, with VMWare controlling which one was active. VRRP certainly be possible on LAN side pretty easily. And VRRP supports connection tracking sync which keep it ...
by Amm0
Mon Nov 11, 2024 6:09 pm
Forum: RouterBOARD hardware
Topic: Product idea: rack mountable PoE injector
Replies: 10
Views: 993

Re: Product idea: rack mountable PoE injector

I guess I'd rather see some "real" switch with more flexible PoE power options... before a modular PoE injector rack.

Right now, there is no switch in the lineup that actually support the entire range of power options (passive, 802.3a[ft][+][+]) on a per-port basis.
by Amm0
Mon Nov 11, 2024 3:52 pm
Forum: Wireless Networking
Topic: configuration.distance in wifi-qcom package
Replies: 5
Views: 1335

Re: configuration.distance in wifi-qcom package

I thought that for distances up to ca 2km the setting could be omitted. Or should I always round up to next higher km and specify it? I have NOT used wifi-qcom for long PtMP links..... But I can only imagine still you'd want to "round up". While an oversimplification, "distance"...
by Amm0
Mon Nov 11, 2024 3:24 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 928

Re: Configuring wireless on wAP R from zero

I don't see how having the firmware set to automatic is "better", you have anyway to remember to reboot twice, so you can as well remember to upgrade the firmware. It's eventually get upgraded if one forgot...since at some point you'll reboot. My list was more "unless you know better...
by Amm0
Mon Nov 11, 2024 5:19 am
Forum: RouterBOARD hardware
Topic: are distributor markings on brand new MikroTik hardware allowed?
Replies: 2
Views: 464

Re: are distributor markings on brand new MikroTik hardware allowed?

Considering they allow+support the "branding kit" to add your own logo to software and remove Mikrotik from SNMP MIB... I'm cannot think of how adding a sticker be any issue. But if you're a distributor or retailer, you'd have to look at any contracts with Mikrotik on such things. Now... w...
by Amm0
Mon Nov 11, 2024 4:43 am
Forum: General
Topic: Mikrotik mobile app question [SOLVED]
Replies: 2
Views: 371

Re: Mikrotik mobile app question [SOLVED]

Can someone duplicate this error? Does it do the same on Android? Not wrong. I get same 0.0.0.0 and also that it still won't save the peer on iOS to RouterOS 7.17beta4. It seems the field does not know it's a ip-prefix type, since it should default should be 0.0.0.0/0, not just plain "0.0.0.0&...
by Amm0
Sun Nov 10, 2024 8:08 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 928

Re: Configuring wireless on wAP R from zero

My commentary originally was "not much", then turned in a rather long list... To answer some "suggestions on the suggestions"... On "firmware" and/or RouterBOOT and/or BIOS – i.e. auto-update in /system/routerboard... - OP mentioned LTE... and my experience is that late...
by Amm0
Sun Nov 10, 2024 6:48 pm
Forum: General
Topic: ZeroTier Version Upgrade
Replies: 12
Views: 2098

Re: ZeroTier Version Upgrade

I find it hard to understand why MT doesn’t enable the interface for all standard ZeroTier options that are available on every other platform except ROS. Agreed. It's still in beta, one can hope. I'm less concern about the specific version that RouterOS uses unless there are security issues... it's...
by Amm0
Sun Nov 10, 2024 8:36 am
Forum: General
Topic: ZeroTier Version Upgrade
Replies: 12
Views: 2098

Re: ZeroTier Version Upgrade

We're on 7.16 and will be on 7.17 soon, yet the zerotier version is once again stuck on 1.10.3 Or, perhaps read the release notes for 7.17: *) zerotier - upgraded to version 1.14.0 Now since the config interface has not changed, RouterOS still supports only a sub-set of features. But certainly any ...
by Amm0
Sat Nov 09, 2024 9:55 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 928

Re: Configuring wireless on wAP R from zero

Good question. IMO, the defaults in recent RouterOS are pretty good. And, it acts like any common home router by default. So you don't necessarily need to do very much. Here are some general pointers & most are just considerations, rather than "you MUST do this": 0. The most important ...
by Amm0
Sat Nov 09, 2024 12:31 am
Forum: General
Topic: letsencrypt on port 1115 RouterOS v7
Replies: 3
Views: 355

Re: letsencrypt on port 1115 RouterOS v7

Port should not matter. But you'd have install the routeros LE certificate directly on HA (by exporting the certificate and key from /certificate). A dst-nat rule alone does not add LE encryption, it just forward any TLS traffic.
by Amm0
Fri Nov 08, 2024 9:40 pm
Forum: Beginner Basics
Topic: Macvlan
Replies: 1
Views: 254

Re: Macvlan

I'm not 100% I understand. MACVLAN give the routers a 2nd MAC address on one RouterOS interface, but alone directly link a printer across VLANs. So I think you may be looking for this approach: https://forum.mikrotik.com/viewtopic.php?t=204025 And also you can use the new mDNS repeater feature if ne...
by Amm0
Fri Nov 08, 2024 8:55 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

Presumably this is part of what is driving the ideological position of device-mode: https://blog.ovhcloud.com/the-rise-of-packet-rate-attacks-when-core-routers-turn-evil/ And that part of the problem, we don't know what's driving the device-mode changes (i.e. the threat profile). Beyond platitudes ...
by Amm0
Fri Nov 08, 2024 3:22 am
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1144

Re: LtAP, Verizon, Quectel EC-25AF no worky

I'd make sure they know it crashed under 7.17beta - so not just missing RSSI, they should want to take a look at that. It's a bug if something causes a boot loop. I'm pretty the modem is providing RSSI via MBIM since it's requirement and it taking a minute to get to running... kinda does indicate so...
by Amm0
Thu Nov 07, 2024 11:18 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 246
Views: 28633

Re: wAP ax?

So attention, for anyone who hasn't noticed, antennas don't scatter the signal 360 degrees, they scatter it 180 degrees! Chaos is the documentation for this device!!!!!! Clearly a poor cut-and-paste job on the specs page. And IDK why it's hard to for the web specs to match the PDF - the PDF often h...
by Amm0
Thu Nov 07, 2024 9:43 pm
Forum: Scripting
Topic: Bug Report: Incorrect Conversion of Numeric Strings to JSON in RouterOS
Replies: 5
Views: 1200

Re: Bug Report: Incorrect Conversion of Numeric Strings to JSON in RouterOS

Fortunately there appears to be "json.no-string-conversion" in the documentations for RouterOS for "serialize" - however my system is missing it. It would be helpful for communicating with JSON api where a string is expected regardless of if it happens to be a number. I'm runnin...
by Amm0
Thu Nov 07, 2024 7:14 pm
Forum: General
Topic: Feature requests
Replies: 1788
Views: 672561

Re: Feature requests

Please add support for the AmneziaWG protocol using standard tools without using Docker. Bypassing Internet censorship is very important and using it directly inside the router is a big advantage. The problem with adding features like AmneziaWG is its effectiveness is subject to change over time, a...
by Amm0
Thu Nov 07, 2024 5:58 pm
Forum: General
Topic: how to block youtube shorts?
Replies: 12
Views: 1036

Re: how to block youtube shorts?

For content filtering like something really granular like"YouTube shorts", you need to re-write the HTML to remove the section. That's more similar to an ad-blocker. So I'd think some browser extension might be easier (perhaps deployed via MDM solution to forced it on clients). Now this is...
by Amm0
Thu Nov 07, 2024 2:00 am
Forum: The Dude
Topic: Is it possible to create such code in Dude for device monitoring?
Replies: 2
Views: 378

Re: Is it possible to create such code in Dude for device monitoring?

To do math, you can use ros_command function, and provide RouterOS script since that can deal with bit operations. To display some kinda enum, that's tricker... theoretically one approach be use a probe, with a Function type, and use "units" for your text formatting. I wrote up using the D...
by Amm0
Wed Nov 06, 2024 7:58 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1100

Re: How to Read line by line from a file using a script?

It make sence to be 2-dimensional array (fields per lines)
Yeah I kinda abused it here for the more simple case (one field)... but it's more designed to import a CSV file.
by Amm0
Wed Nov 06, 2024 7:51 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1100

Re: How to Read line by line from a file using a script?

@optio has a good point. delimiter= is the "field separator", not the "record separator" (if I borrow awk's terms). The default "record separator" is a "newline" it seems.. So the delimiter does not matter if there only one "field" per row, so the de...
by Amm0
Wed Nov 06, 2024 4:39 am
Forum: Containers
Topic: How can I get veth1 to work?
Replies: 13
Views: 1030

Re: How can I get veth1 to work?

You are bridging VETH to your LAN. So the VETH IP address need to match the LAN. So the VETH need to be something like: /interface veth add address=10.10.20.201/24 gateway=10.10.20.254 gateway6="" name=veth1 Otherwise, if you want the container to be a separate IP subnet, then you do not w...
by Amm0
Wed Nov 06, 2024 3:07 am
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1100

Re: How to Read line by line from a file using a script?

Not wrong... See https://help.mikrotik.com/docs/spaces/ROS/pages/130220135/Address-lists If the timeout parameter is not specified, then the address will be saved to the list permanently on the disk. If a timeout is specified, the address will be stored on the RAM and will be removed after a system'...
by Amm0
Tue Nov 05, 2024 11:54 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1144

Re: LtAP, Verizon, Quectel EC-25AF no worky

Sorry about that, normally the beta do work... And I have 7.17 running on a couple wAPac, but no LtAPs....

You can use the serial port to see what's going on. And perhaps the backup boot loader help, dunno.

But doing a reset to defaults may be quicker.
by Amm0
Tue Nov 05, 2024 11:12 pm
Forum: General
Topic: VRRP with single public IP address
Replies: 1
Views: 258

Re: VRRP with single public IP address

At a high level, potentially yes. But you'd have use src-nat to the public IP and/or potentially other firewall nat/mangle things ... but really depends on what you're trying to do. Normally VRRP is the default gateway for a network on the LAN side, not WAN side.
by Amm0
Tue Nov 05, 2024 11:03 pm
Forum: Beginner Basics
Topic: Multiple MikroTik on Zerotier Network
Replies: 5
Views: 941

Re: Multiple MikroTik on Zerotier Network

What I'm not sure of is the effect of "use-ip-firewall-for-vlan=yes" as that could add another dimension to ZT bridging. IDK but I've never tested that option with ZT.
by Amm0
Tue Nov 05, 2024 10:47 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1100

Re: How to Read line by line from a file using a script?

Ah, you might have needed a delimiter="\r\n" if the file was created on RouterOS since it uses windows line-endings.
by Amm0
Tue Nov 05, 2024 10:31 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1144

Re: LtAP, Verizon, Quectel EC-25AF no worky

've already got the logging enabled, so I'll get a fresh boot on T-Mobile and a couple minutes of logs and then submit, thanks. I'm also willing to try the next beta if you think it's worth it. It be worth a ticket. They may just need some ID specific for the EC-25AF, but only MT would know. There ...
by Amm0
Tue Nov 05, 2024 10:03 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

IDK, but does it work when you only have one IP and/or on interface? Sometimes having multiple interfaces with wine+winbox3 would cause MAC winbox not to work.
by Amm0
Tue Nov 05, 2024 9:48 pm
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1454

Re: TiVo => EoIP => TiVo ... fail

I guess one long-shot option MIGHT be use /tool/traffic-gen to generate the broadcast packets. Since you have the traces, that might not be so difficult to try. Where it work/help IDK.
by Amm0
Tue Nov 05, 2024 9:45 pm
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1454

Re: TiVo => EoIP => TiVo ... fail

Could latency be an issue, like their protocol requires very low delays so it works over physical LAN but not when tunneled over the Internet Yes, I am beginning to fear that they are explicitly checking for latency. The tunnel is over a site-to-site OpenVPN from two locations more than 1500km apar...
by Amm0
Tue Nov 05, 2024 9:32 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1144

Re: LtAP, Verizon, Quectel EC-25AF no worky

Actually, it looks like I might already be on the latest rev (EC25AFFAR07A14M4G) according to some posts from July. So maybe it's too new :) It should show "RSSI". If you can try T-Mobile again, that be worth a shot to know if it's a Verizon carrier firmware issue. You might want to open ...
by Amm0
Tue Nov 05, 2024 8:16 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1100

Re: How to Read line by line from a file using a script?

Your suggestion worked. However, the ip 0.0.0.0, which did not exist in the file, was added. There were no empty lines. The :deserialize is very new, so it may a bug in that actually. i.e. inserting an extra array element, that would unconverted to an IP type, which defaults to 0.0.0.0. Do you have...
by Amm0
Tue Nov 05, 2024 7:55 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1144

Re: LtAP, Verizon, Quectel EC-25AF no worky

Additionally make sure RouterOS is at stable, and the /system/routerboard has been updated to latest firmware too. I had no idea that there was separate board firmware from ROS. I upgraded this and it seems to now work in MBIM mode without issue. Seems hard to believe, but ... does that seem legit?...
by Amm0
Tue Nov 05, 2024 5:48 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 980

Re: Why is there no decent security on FTP Server on MK?

RouterOS like to abstract Linux-things, so I'm not sure they want to bind "files" to some particular linux file system details like owner/group. And FTP follows the same policy system as rest of RouterOS. Also, I think you're presume a higher level of sophistication in policy / AAA elsewhe...
by Amm0
Tue Nov 05, 2024 7:45 am
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1144

Re: LtAP, Verizon, Quectel EC-25AF no worky

In V7, Mikrotik use MBIM with their Quectel models, so I suspect that be best. But if T-Mobile is working...I'm not thinking it's MBIM vs ECM. So yeah switch the LTE modem back to mode=auto may be best plan. Also try lowercase "vzwinternet" and disable "Use Network APN". You may ...
by Amm0
Tue Nov 05, 2024 5:52 am
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1144

Re: LtAP, Verizon, Quectel EC-25AF no worky

Verizon is strict on everything. The modules must be whitelisted by a device manufactured and go through Verizon-specific certification. Modules are certified too, but BOTH module and devices require certification. So this means, unless the module came from a previous Verizon device, you will not be...
by Amm0
Mon Nov 04, 2024 10:21 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1100

Re: How to Read line by line from a file using a script?

[lost by accident - I meant reply not edit - but was just example script two post below now]
by Amm0
Mon Nov 04, 2024 8:16 pm
Forum: RouterBOARD hardware
Topic: 5G modem in ATL 18
Replies: 7
Views: 950

Re: 5G modem in ATL 18

That same thread shows a photo of it. And more importantly the spec sheet on www.mikrotik.com shows "M.2 slot: 1".

But your modem likely has different connectors, so may need some jumper adapt a 5G modems's MHF4 connector the U.FL used by the ATL.
by Amm0
Mon Nov 04, 2024 6:16 pm
Forum: RouterBOARD hardware
Topic: 5G modem in ATL 18
Replies: 7
Views: 950

Re: 5G modem in ATL 18

Also you might read this thread https://confusedbird.com/thread-310.html From the above... One issue I see in the ATL LTE18 brochure is that the antenna gain graphs all stop at 2.7GHz, so I am not sure how well it will perform in the 3.6GHz band. The LHG LTE18 dish antenna covers all the way to 3.8...
by Amm0
Mon Nov 04, 2024 5:59 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1365

Re: Connecting Two Remote Locations Without Public IP

It still be good to know the @Monty995 actual WAN situation. It could just be a terminology, like one side may have a dynamic public IP & in which case... adding DDNS would work for Wireguard. e.g. Folk are reading a lot of from the title, which may not be 100% what's going on. Now perhaps it 10...
by Amm0
Mon Nov 04, 2024 5:26 pm
Forum: Scripting
Topic: $PIANO - interactive "player piano" & studio-quality recorder using :beep
Replies: 15
Views: 3184

Re: $PIANO - interactive "player piano" & studio-quality recorder using :beep

* Just to be esoteric, the needed MQTT broker and midimonster linux exe actually both live a "multi-process" RouterOS /container, that use `make` as it's init to start BOTH nanomq and midimonster. And, Alpine Linux had no problem compiling midimonster inside the RouterOS container (since ...
by Amm0
Mon Nov 04, 2024 6:01 am
Forum: Scripting
Topic: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]
Replies: 9
Views: 2033

Re: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]

:local scanTime "30"

should be

:local scanTime 30s

near the top of the script
by Amm0
Mon Nov 04, 2024 2:02 am
Forum: Scripting
Topic: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]
Replies: 9
Views: 2033

Re: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]

192.168.0.37 F6:F5:AC:C6:61:E6 169ms 192.168.0.30 E8:F4:08:E8:52:51 I don't know what the issue is with 192.168.0.30 no time ms It could just be a timing issue (no pun), but the duration= is a hard cutoff, so it could be in the middle of getting the ARP from 192.168.0.30 when the duration= hits.
by Amm0
Mon Nov 04, 2024 1:56 am
Forum: Scripting
Topic: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]
Replies: 9
Views: 2033

Re: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]

Hmm, in a quick test it works on my test router using 7.17. It might be the /tool/fetch that does the MAC address lookup that's failing... since that requires policy and test permissions, so if /system/script didn't allow those that be one reason it fail. The on-error={} prevents errors from being s...
by Amm0
Mon Nov 04, 2024 1:41 am
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 672

Re: Mikrotik as Zerotier controller. How to add managed routes?

since 172.15.0.0/24 isn't private range
I didn't catch that, but yeah that ain't private. So ZeroTier's "allow-global=yes" would have been required ... to enable a bad config ... but why it didn't initially work.
by Amm0
Mon Nov 04, 2024 1:23 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

3) From the GUI, if you go into a wifi interface that is set up as PSK, and simply click "Apply", the passphrase will be corrupted and you'll have to go back and retype it. Under the hood it sets the passphrase to \E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2 no...
by Amm0
Mon Nov 04, 2024 1:02 am
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1224

Re: Support for external LTE antennas

IDK about the internals of the hAP-ax-lite, but if you're going to DIY there is also the newer L23 board (https://mikrotik.com/product/l23ugsr_5haxd2haxd boards be another option. You can then add a better LTE module than the hAPaxLite. Also, there are external antennas (especially 4x4 ones) that ar...
by Amm0
Sun Nov 03, 2024 8:31 pm
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1454

Re: TiVo => EoIP => TiVo ... fail

It may TiVo is looking for bridged/routed connections. One way be the packet's TTL, although I'm not sure TTL be changed since bridged... but if it's not use TTL = 65, you can "reset" the TTL on the far end using /ip/firewall/mangle. The Mikrotik LTE docs show the commands for T-Mobile, bu...
by Amm0
Sun Nov 03, 2024 7:05 pm
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 672

Re: Mikrotik as Zerotier controller. How to add managed routes?

Edit: What is interesting is, that 172.15.0.5:3000 works from all clients, but it's impossible to ping this adress from Mikrotik that is zerotier client if i disable route i manualy added in /ip route. It could be the default-route-distance= of ZeroTier instance (zt1) is 1, so depending on the dist...
by Amm0
Sun Nov 03, 2024 6:34 pm
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 672

Re: Mikrotik as Zerotier controller. How to add managed routes?

Just not sure about the auto-join using just the network id part of it.
FWIW, if you delete a /zerotier/controller, it does leave inactive /zerotier/controller/member's... so that why my Mac just joined/authorized, I think (still it was a different/new controller).
by Amm0
Sun Nov 03, 2024 6:07 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 167
Views: 50986

Re: Feature Request: IPSEC Improvements

This topic is open for 12 years, other similar topics maybe even longer.
Holy crap, 12 years just in this forum post.
And still no way to avoid using a dual-stack.
by Amm0
Sun Nov 03, 2024 5:21 pm
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1224

Re: Support for external LTE antennas

Yeah the LtAP, wAPac, and LtAP mini have some "drill-able" holes to install SMA bulkhead connectors. e.g. the wAPac can mount 4 SMAs on the bottom of the unit. So you can run a "pigtail" cable from the modem module inside to some drilled holes. And, Mikrotik does sell u.FL to SMA...
by Amm0
Sun Nov 03, 2024 2:21 pm
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 672

Re: Mikrotik as Zerotier controller. How to add managed routes?

To replicate the same ZeroTier "pushed" routes as my.zerotier.com controller... there is routes= on the /zerotier/controller. The controller is CLI only, and MT's docs provide the format: routes Push routes in the following format: Routes ::= Route[,Routes] Route ::= Dst[@Gw] So you should...
by Amm0
Sun Nov 03, 2024 12:07 am
Forum: The Dude
Topic: Dude v6 - Backup locally
Replies: 5
Views: 15812

Re: Dude v6 - Backup locally

Here is quick hack to adapt the script for newer date format using in V7. I cannot vouch for the restore part, but this should work to keep same format as previous version. Basically the "Get date and time" part is replaced from above: { ### Backup Dude locally ### # Set root path for back...
by Amm0
Sat Nov 02, 2024 10:48 pm
Forum: Beginner Basics
Topic: Multiple MikroTik on Zerotier Network
Replies: 5
Views: 941

Re: Multiple MikroTik on Zerotier Network

You got a few things going on there, but topology should work. I don't have an instant answer on what's wrong, but couple things to check: 1. On the ZeroTier Controller (my.zerotier.com), did you set "allow bridging" on the Mikrotik members? 2. zerotier1 is not a member of either LAN or WA...
by Amm0
Sat Nov 02, 2024 9:33 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1697

Re: Not enough permissions? [SOLVED]

Please don't only use username and password as credentials, please also use PKI. I wish that were possible. The problem is Winbox, Webfig, native API, and REST API all only support username/password. So unless you know how to make winbox use a cert, you're kinda screwed on RouterOS for PKI auth.
by Amm0
Sat Nov 02, 2024 6:26 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 1961

Re: Lets Encrypt

There is no UI to import certificates. Does this mean I do not need to copy those files manually? We're going OT on UDM... And never been a fan of UniFi. But I'm sure there is a better answer in their forums how to add an existing cert in the right location. I was suggesting what might be using the...
by Amm0
Sat Nov 02, 2024 6:14 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1697

Re: Not enough permissions? [SOLVED]

The main attack vectors been admin and no password & creating DoS. And using "admin" as username opens up common dictionary attack. But so would using same username/password combo that been compromised in some other attack be equally, or likely even worse. I just worry about the attack...
by Amm0
Sat Nov 02, 2024 3:59 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1697

Re: Not enough permissions? [SOLVED]

If I wrote it here it would be public knowledge... Yeah I'm confused too. Totally get not using "admin", and deleting the account once a new "full" user had been added seems like a better plan. What am I missing? @rextended, if you think there some security issue here (i.e. wher...
by Amm0
Sat Nov 02, 2024 2:48 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 1961

Re: Lets Encrypt

My reading is the script uses /data/eus_certificates/unifi-os.crt /data/eus_certificates/unifi-os.key And based on the using specific names, @sindy is likely right, the .crt would actually contain the root certificate, intermediate certificates, and server's certificate - all in same file (appended ...
by Amm0
Sat Nov 02, 2024 3:49 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 676

Re: Stuck on device to vlan assignment principles

TDW's route will lead to graying or loss of hair. This is the sort of scenario 802.1X was designed for. Well, the built-in User Manager will support 802.1X, and UM is not that complex to setup. You can then set the VLAN on user using a RADIUS attribute. The 802.1X does work between RouterOS, and ev...
by Amm0
Sat Nov 02, 2024 2:03 am
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 1961

Re: Lets Encrypt

It's random which one intermediate LE will use, per their specs. It possible to just install all the intermediate certificates for LE. Now I have no idea where on UDM. But if UDM supports SFTP... might be possible to use /tool/fetch mode=sftp upload=yes src-path=R1X.pem dst-path=/data/.../config/......
by Amm0
Sat Nov 02, 2024 1:18 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

Hi all, skins not working on winbox 4?
The lack of "skin" support is a "Known Issue" in @normis's original post.
by Amm0
Fri Nov 01, 2024 9:10 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

... or get a wider screen. Well, not wrong that you need a wide-screen. IMO is a kinda of a problem since not everyone uses Winbox from a desktop with multiple displays. My problem is I often I have two Winbox open, use a laptop, and don't have multiple screens available very often. Specific to Mac...
by Amm0
Fri Nov 01, 2024 7:41 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 1961

Re: Lets Encrypt

Of great -- another new obstacle...errr...opportunity to learn. This is the URL of UDM. Screenshot 2024-11-01 130539.png The "Details" will show you the certificate it thinks is unsafe. And the message is due the certificates YOUR computer is lacking the "root" certificate autho...
by Amm0
Fri Nov 01, 2024 7:33 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

Well, I just looked at the webfig. Does look nice, & like the collapsing of the left-side. But this one affects us. *) webfig - status page is deprecated, old status page config will work, but can't be updated or created; The webfig "status page" was the only way to create some custome...
by Amm0
Fri Nov 01, 2024 6:16 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 1961

Re: Lets Encrypt

The whole business of dealing LE renewals should have long been solved, without scripting porting 80.... Anyway... No, currently only port 80 is used to renew the certificate. This endeavor started because I couldn't access my UDM without SSL certificate errors. Am I close? What you do mean by "...
by Amm0
Fri Nov 01, 2024 5:36 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1365

Re: Connecting Two Remote Locations Without Public IP

It is really the "without public IP" that makes any VPN solution complex, which be true of any router. If one side does have a public IP, now Wireguard (or IPSec) option be possible. This part be good to clarify: does ONE side of the purposed VPN get a public IP? Otherwise, if BOTH side ar...
by Amm0
Fri Nov 01, 2024 11:57 am
Forum: The Dude
Topic: Teltonika SMS gateway for notifikations
Replies: 3
Views: 466

Re: Teltonika SMS gateway for notifikations

The URL needs to use "urlencoding", which means things like space need to be escaped for HTTP. So your "....text=The Dude is happy again" part is likely the problem. In recent V7, you can use :convert to do the encoding. /tool fetch url="http://IP/cgi-bin/sms_send?username=u...
by Amm0
Fri Nov 01, 2024 1:55 am
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1365

Re: Connecting Two Remote Locations Without Public IP

IKEv2 is a bit more complex to setup… A bit? Hah! More like 3-10× more complicated, depending. Let's see: What'd I miss? LOL. I'll give 2× more complicated. You can use a PSK and avoid the certs. My comment was based an old hEX, that can offload IPSec encryption, but that is IPSec singular benefit....
by Amm0
Thu Oct 31, 2024 11:17 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1365

Re: Connecting Two Remote Locations Without Public IP

I'm guessing likely be better off with IPSec using IKEv2 on the older hEX, since IPSec will use hardware encryption. i.e. WireGuard will not be hardware offloaded, so might be slower. Although IKEv2 is a bit more complex to setup than ZeroTier or even WG. One side does need to be enabled with respon...
by Amm0
Thu Oct 31, 2024 3:19 am
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1454

Re: TiVo => EoIP => TiVo ... fail

I only have WireShark on one end, so I can't see what is going on at the other end of the EoIP tunnel. This is my first MikroTik project, so I haven't yet figured out how to use Torch ... Q: Can I use Torch to see what is going on in my remote NE location? Sure, you'd do it on the EoIP interface. I...
by Amm0
Thu Oct 31, 2024 1:01 am
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1454

Re: TiVo => EoIP => TiVo ... fail

The easiest thing to try is change MTU on the EoIP interface. If it's not 1500, that be worth a try. Now that will cause fragmentation over the VPN, but TiVo UDP packets may be too big to fit when a compressed MTU. You may also want to make sure "Don't Fragment" is unchecked (i.e. allow fr...
by Amm0
Wed Oct 30, 2024 9:47 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 659

Re: DUAL WAN into one connection use

And this why @anav is suggesting load balancing, since that is something you can do with one router and two ISP. This is theoretically possible, but with a lot of "ifs" and "provided thats". One of the "ifs" be is the 200Mb connections are via PPPoE, because "provi...
by Amm0
Tue Oct 29, 2024 8:25 pm
Forum: General
Topic: TR069 and show-sensitive
Replies: 1
Views: 278

Re: TR069 and show-sensitive

A few years ago, I created an application to manage our mikrotik devices. It generates a configuration file for each router, based on how the router is modeled in the application, and uses TR069 to get the configuration on the routers themself. After the configuration is pushed to the routers, it a...
by Amm0
Tue Oct 29, 2024 5:11 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

Could you please elaborate? Why isn't it easy to use? You can click on "Usage" and it will sort by usage. In fairness, it is same as winbox3 which seems to be initial goal. But it ain't a great dialog box for quickly figuring out a channel to use. i.e. - usage should align on the ".&...
by Amm0
Tue Oct 29, 2024 2:29 pm
Forum: General
Topic: mAP lite - how can I tunnel a VLAN over WiFi? [SOLVED]
Replies: 2
Views: 407

Re: mAP lite - how can I tunnel a VLAN over WiFi? [SOLVED]

Both VXLAN and EoIP approaches are covered here:
viewtopic.php?t=180369&hilit=wifiwave2
by Amm0
Mon Oct 28, 2024 11:08 pm
Forum: Scripting
Topic: Polling?
Replies: 12
Views: 839

Re: Polling?

I should have been clearer, in all likelihood using the "monitor once" in a scheduler is a better plan. I was more explaining how it works when NOT using "once"... generally speaking ;). Jokes aside, I don't have any UPS directly connected to a RouterBOARD otherwise I would have ...
by Amm0
Mon Oct 28, 2024 10:51 pm
Forum: Containers
Topic: Container "Traefik" (on RB5009)
Replies: 11
Views: 11600

Re: Container "Traefik" (on RB5009)

I don't know if this helps anyone, but I got Traefik to work on an RB1100 (which is actually ARM32) using this image: https://hub.docker.com/_/traefik I have to try this. Thanks Amm0 Yeah it works on RB1100AHx4 and RB5009 for sure. I use it for CORS and automatically renewing LE certs. I should cre...
by Amm0
Mon Oct 28, 2024 7:07 am
Forum: The Dude
Topic: Did I wipe out my Dude database?
Replies: 2
Views: 468

Re: Did I wipe out my Dude database?

Did you look at Files in winbox, and see a dude.db someplace. If so, you're be in luck... And, one simple possibility is the "disk name", or RouterOS, slot= changed in the upgrade. For example, from disk1/ to sata1/. And the upgrade does not change the dude directory, so it's may be lookin...
by Amm0
Mon Oct 28, 2024 2:11 am
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 675

Re: EMULATING peplink BONDING with RoS

Load balancing is more effective using all available bandwidth and easier/less complex & straightforward on RouterOS — that's why I pitch it ;)... But your right failover is going to be noticeable since it's connection-based. And "hitless failure" and magic bonding is what Peplink pitc...
by Amm0
Sun Oct 27, 2024 8:08 pm
Forum: Scripting
Topic: Polling?
Replies: 12
Views: 839

Re: Polling?

Remove the "once" and it becomes a ":while (true)" loop, so it will run forever. There is an interval= that control how often the do={} code is run, i.e. 1s or 1m or 1h etc.... You can also make only run for a fixed period like duration=1m. This is useful like in a /system/schedu...
by Amm0
Sun Oct 27, 2024 7:29 pm
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 675

Re: EMULATING peplink BONDING with RoS

The answer I'd like to give is use /zerotier multipath settings to do your desired bonding : https://docs.zerotier.com/multipath/ Sadly that is NOT an option . Since I occasionally use the peplink things... I kinda know how the peplink generally work... Also note there are additional recurring costs...
by Amm0
Sun Oct 27, 2024 4:42 pm
Forum: General
Topic: VXLAN inside Wireguard MTU [SOLVED]
Replies: 3
Views: 520

Re: VXLAN inside Wireguard MTU [SOLVED]

The math is right. Generally MTU being right is a good thing. TCP things adjust themselves, so MTU being right is actually helpful. One side note as MTU get lower from tunnels-in-tunnels... sometimes that effects dumber UDP protocols. For example (& before it get device-lock'ed), if you run a /t...
by Amm0
Fri Oct 25, 2024 10:21 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 53
Views: 27197

Re: [Script] Automatically change DNS if Pi-hole is no longer working

I'll answer myself. It turns out that RouterOS has such a wonderful thing as Netwatch! With it, you can set up host availability monitoring of almost any complexity! Yup, also in 7.16 there is a direct netwatch for type=dns — which make this even simpler: :global primary 172.17.0.2 :global backup 9...
by Amm0
Fri Oct 25, 2024 9:45 pm
Forum: Scripting
Topic: Appending file within foreach
Replies: 10
Views: 589

Re: Appending file within foreach

I find that if I blindly copy then I am not using my brain, but if I use my brain then I am ignoring the experts -- ugh. Fair enough. Again, it's about the variable types... And specifically the array type, since those are a bit complex. @rextended makes a point the unneeded parenthesis ( ) can get...
by Amm0
Fri Oct 25, 2024 7:57 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 7924

Re: Newsletter #121 | October 2024

Block Diagram is available Another strange PoE choice: the PoE-in port is off the switch, a sensible choice for a router-class device, but we then have to ask which ISP modems provide PoE input power? Stretching for a use case, You can use an always use PoE injector between ISP and ether1. i.e. if ...
by Amm0
Fri Oct 25, 2024 7:13 pm
Forum: Scripting
Topic: Appending file within foreach
Replies: 10
Views: 589

Re: Appending file within foreach

I don't understand the notion of persistent in file. Didn't mean to be confusing, perhaps "saved to a file" be clear. I just meant that your variables you [:serialize to=json] to file, come back as the same str/num/time/array type when you [:deserialize from=json] from same JSON file. And...
by Amm0
Fri Oct 25, 2024 5:21 pm
Forum: Scripting
Topic: Appending file within foreach
Replies: 10
Views: 589

Re: Appending file within foreach

If your willing to have the data as JSON, the newer [:serialize] makes quick work of this: /file/add name=test.json contents=[:serialize to=json [/system/resource/print as-value] option=json.pretty] For example, the output looks like: :put [:serialize to=json [/system/resource/print as-value] option...
by Amm0
Thu Oct 24, 2024 9:42 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 246
Views: 28633

Re: wAP ax?

Ah, it's was PDF that has the OS bit-ness, it's the website that does not. At least I'm not crazy. On AX Lite it is the same. 64-bit processor with 32-bit OS 64-bit mean memory addressing. So with 256MB of RAM... you can use up more memory storing 64-bit "pointers" when 32-bit would do. I'...
by Amm0
Thu Oct 24, 2024 7:22 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 246
Views: 28633

Re: wAP ax?

AX devices released this year all seem to have 256MB RAM and these IPQ-50xx boards. I'm curious how ZeroTier does on these. The IPQ-40xx in older ac wAP did always seem like a stretch with ZeroTier installed (beyond fitting in 16MB, noticeable on CPU/mem/flows). Since I recall reading ZeroTier does...
by Amm0
Thu Oct 24, 2024 6:54 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 944

Re: Scripting skills

Even in Winbox4 they still use a proportional font. I know scripting, and I have a difficult time understanding a script in winbox's dialog when the code get "compressed" by the font and [default] shorter line width. So I partially blame the font for folks scripting difficulties ;). ... /s...
by Amm0
Thu Oct 24, 2024 12:24 pm
Forum: Beginner Basics
Topic: GRE over CUSTOM IPSec [SOLVED]
Replies: 5
Views: 484

Re: GRE over CUSTOM IPSec [SOLVED]

I've run into this too. It is unfortunate you cannot set IPSec profile along with GRE's ipsec-secret in the GRE config. As @TheCat12 suggests, you can do it manually. One thing to help is use the "ipsec-secret" as you have initially, but a make a copy of "D" dynamic/automatic thi...
by Amm0
Thu Oct 24, 2024 3:20 am
Forum: General
Topic: Starlink Bypass Mode - Dropped Packets
Replies: 5
Views: 898

Re: Starlink Bypass Mode - Dropped Packets

Even in bypass, you should still be able to use the starlink app (i.e. it resolves "dishy.startlink.com", and dishy always uses 192.168.100.1)*. The app will show drops. I believe visiting 192.168.100.1 in a web browser may do something, but they steer folk to the app these days. Now, If &...
by Amm0
Wed Oct 23, 2024 11:57 pm
Forum: Scripting
Topic: How to access time with milliseconds in a script?
Replies: 4
Views: 425

Re: How to access time with milliseconds in a script?

There is also the :time command. That actually times an operation in it's command={ # code # } like

:put [:time command={ :delay 1000000000ns }]
00:00:01.001184
by Amm0
Wed Oct 23, 2024 7:48 pm
Forum: The Dude
Topic: Is there any reason to upgrade Dude server from 6.49 to 7.16 or latest?
Replies: 2
Views: 932

Re: Is there any reason to upgrade Dude server from 6.49 to 7.16 or latest?

I think it's the same, or at least I cannot tell. I have both v6 and v7 dudes running, nothing is different and both work. It is actually mixing Dude versions that's actually more of reason not change... if working. The Dude 32-bit client app does an update when you connect to a Dude with different ...
by Amm0
Wed Oct 23, 2024 5:18 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

I think there are issues in disks... I'm have "raid troubles" in 7.17beta4. Setup is just two identical sata drives, in raid1 config, on RB1100AHx4, with the raid1 volume as the mount (previously formatted ext4, not btfrs). I went back to 7.16, and that did NOT get the disk back either. An...
by Amm0
Wed Oct 23, 2024 2:52 pm
Forum: Scripting
Topic: Scripting skills
Replies: 15
Views: 944

Re: Scripting skills

ability to pester those far more knowledgeable One big trick, I think, is using "/system/script/edit <scriptname> source" to use Mikrotik's editor. Unlike Winbox's script editor, it will show red marks if the script is invalid (in realtime in edit). While I like @rextended, I know he uses...
by Amm0
Wed Oct 23, 2024 2:05 pm
Forum: Scripting
Topic: How to access time with milliseconds in a script?
Replies: 4
Views: 425

Re: How to access time with milliseconds in a script?

:put [:timestamp] # 2859w6d10:50:42.236575187 :put [:tonsec [:timestamp]] # 1729680660992477203 Timestamp is a "time" type since 1/1/1970 epoch. But [:tonsec] get you a "number", with nanoseconds, from any "time" type. To @rextended point... I guess it took 84760ns to ...
by Amm0
Wed Oct 23, 2024 2:58 am
Forum: Containers
Topic: ¿ Does image size matter ?
Replies: 0
Views: 386

¿ Does image size matter ?

More specifically are there any negative operational effects of larger image sizes ? And just to put a box around my question... - in the context of RouterOS... not some higher-performance data center use, - understood it would take more download and extract take more time (i.e. 1GB takes more time,...
by Amm0
Tue Oct 22, 2024 4:04 am
Forum: Beginner Basics
Topic: add an DNS server to Mikrotik router
Replies: 6
Views: 1407

Re: add an DNS server to Mikrotik router

One thing.... I'm curious why @BrateloSlava adds on the Wireguard Peer the Private Key and also the Client Address and DNS as per screenshot he attached on post dated October 20. In my case I have none of them (this fields on my router are blank) and the WireGuard connection in my case works well. ...
by Amm0
Mon Oct 21, 2024 9:48 pm
Forum: Beginner Basics
Topic: why my computer assigned IANA IP?
Replies: 39
Views: 1882

Re: why my computer assigned IANA IP?

There are some devices that don't follow rules - totally seen that some devices need netmask explicitly set. And netmask=24 is harmless to rule-following dhcp-clients, they have the same info twice. And I'm not sure the actual value is 0, despite the docs, it is "unset" (now perhaps on som...
by Amm0
Mon Oct 21, 2024 7:57 pm
Forum: Scripting
Topic: PUSHOVER - ready MikroTik script to send messages
Replies: 29
Views: 13559

Re: PUSHOVER - ready MikroTik script to send messages

Does calling a more basic script work from Dude? i.e. one that does not use /tool/fetch or global variables... In this form it works and that's enough for me. Thank you. /tool fetch mode=https url="https://api.pushover.net/1/messages.json" http-method=post http-data="token=axxxxxxx&a...
by Amm0
Mon Oct 21, 2024 7:46 pm
Forum: Containers
Topic: New container project: "mikrotik.upgrade.server" / "mus"
Replies: 13
Views: 6992

Re: New container project: "mikrotik.upgrade.server" / "mus"

Perhaps I need to revise the documentation, perhaps you will be so kind to be a more specific or give some more hints. I appreciate any feedback - you know, nobody's perfect 8=) Sorry, your docs were good! My comments were more a Mikrotik grip – since just WAY too many steps to add a simple contain...
by Amm0
Mon Oct 21, 2024 7:30 pm
Forum: Announcements
Topic: Question to our users about controllers
Replies: 71
Views: 51689

Re: Question to our users about controllers

P.S: it seems nearly all of your wishes can already be accomplished by The Dude Why not just improve it [...] i.e. @fifrak #4 answer, some "dashboard" could be relatively simply: i.e. using The Dude's existing device discovery on the defconf LAN 192.168.88.1/whatever, combined with new fe...
by Amm0
Mon Oct 21, 2024 7:08 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

feature request - While winbox has long shown only the "humanized" Tx/Rx speeds everywhere... I've long wanted to have some option to show "# Xbps" speeds in some "fixed" unit since often 900 kbps looks way to similar to 900 Mbps. i.e. I just want to see 0.900 Mbps ins...
by Amm0
Mon Oct 21, 2024 6:34 pm
Forum: Beginner Basics
Topic: LHG LTE6 needs restart twice a day to work
Replies: 17
Views: 1644

Re: LHG LTE6 needs restart twice a day to work

Beside update of update RouterOS to the latest version, upgrade also you modem firmware. I had in past also some issues with unstable connection, due to old firmware. And RouterBOOT in /system/routerboard - not sure it changes... but with LTE latest with 3 versions aligning on stable is my strong r...
by Amm0
Mon Oct 21, 2024 6:04 pm
Forum: Scripting
Topic: PUSHOVER - ready MikroTik script to send messages
Replies: 29
Views: 13559

Re: PUSHOVER - ready MikroTik script to send messages

It's not a permissions issue. Well I do not use notification with Dude, so IDK. But I'm not sure your Terminal test is exactly same user context as Dude running a notification. I cannot say for sure, but when Dude run calls RouterOS... that's more similar to netwatch (which uses a *sys user), than ...
by Amm0
Mon Oct 21, 2024 5:44 pm
Forum: Containers
Topic: New container project: "mikrotik.upgrade.server" / "mus"
Replies: 13
Views: 6992

Re: New container project: "mikrotik.upgrade.server" / "mus"

Yeah #2 just seems like a logic error... and your focus was actually the container MUS container here, not it's base image ;). Re Mosquitto and openrc ... 1.) The error described as "cgroup-error => read-only filesystem": / # rc-update add mosquitto default [...] * WARNING: mosquitto has a...
by Amm0
Mon Oct 21, 2024 5:09 am
Forum: Containers
Topic: Project mikrotik proxy manager
Replies: 3
Views: 1151

Re: Project mikrotik proxy manager

Now I am runing traefik and cloudflared on my arm Mikrotik router. With cloudflare tunnel I don`t need even to open any port on my router. Aknowledgment: https://gero.dev/blog/cloudflared-traefik-docker That's a great approach - traefik is really solid but it's config while flexible is exacting. An...
by Amm0
Mon Oct 21, 2024 4:52 am
Forum: Scripting
Topic: PUSHOVER - ready MikroTik script to send messages
Replies: 29
Views: 13559

Re: PUSHOVER - ready MikroTik script to send messages

Hi, I have a question, not so much about pushover. I use TheDude and pushover - and it worked perfectly up until version 7.6 - in notifications it was enough to call the function "$pushover message="Service [Probe.Name] on [Device.Name] is now [Service.Status]";" just like other...
by Amm0
Mon Oct 21, 2024 2:54 am
Forum: Beginner Basics
Topic: why my computer assigned IANA IP?
Replies: 39
Views: 1882

Re: why my computer assigned IANA IP?

If you started with QuickSet...
Look in /ip/dhcp-server/networks... if you see an entry for 0.0.0.0... open it and change it 192.168.88.0/24, or the IP subnet (router IP + /24) address of the LAN if not default.
by Amm0
Mon Oct 21, 2024 12:24 am
Forum: General
Topic: User Manager for 30K Subscribers [SOLVED]
Replies: 19
Views: 1178

Re: User Manager for 30K Subscribers [SOLVED]

If you can throw hardware, I won't worry too much. Especially about SQLite, for several reasons: - UM does cache things (i.e. the "Sent from Cache" stat). - And the users/etc AFAIK are stored in RouterOS config, not the database. From the schema, it looks like mosts tables ("user"...
by Amm0
Sun Oct 20, 2024 4:10 pm
Forum: General
Topic: User Manager for 30K Subscribers [SOLVED]
Replies: 19
Views: 1178

Re: User Manager for 30K Subscribers [SOLVED]

Seems like ship sailed on alternatives. I don't have direct experience with UM.... But my thought be CHR be required for sure. After all, It's just auth requests, not traffic. So how ofter subscribers re-auth'ing? I also don't think there a lot of complex DB operations either. Perhaps few SELECT and...
by Amm0
Fri Oct 18, 2024 5:04 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

container and run whatever you like. ... as long as someone is there to do the device-mode dance. With the new "changing device-mode on upgrade" scheme here... I hope y'all are mulling how to deal with the device-lock provisioning side. I'd actually like to deploy containers as part of a ...
by Amm0
Fri Oct 18, 2024 12:39 am
Forum: Scripting
Topic: Fetch for Rocket Chat
Replies: 4
Views: 489

Re: Fetch for Rocket Chat

Since I already build schemas for REST API , there is a spin off website that converts `curl` into /tool/fetch so `curl2rsc` spits out: /tool/fetch http-method=post url="https://rocket.example.com/api/v1/chat.postMessage" http-data="{ \"channel\": \"CHANNELID\", \&...
by Amm0
Fri Oct 18, 2024 12:23 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 156183

Re: v7.17beta [testing] is released!

You can only send RFC-2136 updates via /tool/dns-update - not forward them. You also still cannot add a PTR type as a static (so while can forward mDNS, but cannot do more basic DNS-SD) - so we're far from a "real" DNS server. And, I'm sure others have their own DNS grips.
by Amm0
Thu Oct 17, 2024 6:16 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

... or at least an updated list someplace of "known 'good' requests", similar concept to V7 routing engine overview . That allow discussion to be "diffs" – i.e. "Why isn't my feature X on the list?" A public tracking system has the advantage that people can look for sim...
by Amm0
Thu Oct 17, 2024 6:15 am
Forum: Beginner Basics
Topic: Airprint for guest network
Replies: 8
Views: 1099

Re: Airprint for guest network

Thanks so much. I'll make sure printing from a PC with a manually entered IP works across the VLANs in question first to confirm the routing is working, then I will dig into mDNS.
Great plan. If you have troubles, just post your config.
by Amm0
Thu Oct 17, 2024 4:20 am
Forum: Beginner Basics
Topic: Change LTE IMEI
Replies: 2
Views: 404

Re: Change LTE IMEI

I'm pretty sure on the 5G modems, it's locked down in hardware. Some older modem modems did have occasionally have basic command to do, but even that was not common.
by Amm0
Wed Oct 16, 2024 7:44 pm
Forum: Beginner Basics
Topic: Airprint for guest network
Replies: 8
Views: 1099

Re: Airprint for guest network

The new mDNS repeater in 7.16 is in in /ip/dns via CLI/webbox - it's basic: it will "copy" the multicast mDNS traffic between the interfaces defined. Now... @eabs points out if you have firewall/routing rules that block inter-vlan communications, those have to be adjusted to allow the resu...
by Amm0
Tue Oct 15, 2024 9:53 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1553
Views: 376323

Re: 📣 WinBox 4 is here 📣

This is HOTEL Mikrotik, you can never leave!!
Or even a Casino
Casinos also have no clocks, apparently also similar to Mikrotik.
by Amm0
Tue Oct 15, 2024 8:28 pm
Forum: Beginner Basics
Topic: LHG LTE6 needs restart twice a day to work
Replies: 17
Views: 1644

Re: LHG LTE6 needs restart twice a day to work

Some issue with the band locking seems more likely to me. LTE Band in interface is not some "band preference", it filters other bands from being used. But, if it were a memory leak, that be easy to check /system/resource before rebooting. Now since this seems to happen a regular intervals,...
by Amm0
Tue Oct 15, 2024 4:16 pm
Forum: Beginner Basics
Topic: LHG LTE6 needs restart twice a day to work
Replies: 17
Views: 1644

Re: LHG LTE6 needs restart twice a day to work

Yeah this is the downside of "band locking"... When you set something like Band 7, it does not "failover" to another band. And tower may be "steering traffic" to use another band if band 7/whatever becomes congested. One thing to do is add a /tool/netwatch using type=ic...
by Amm0
Mon Oct 14, 2024 11:37 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 19
Views: 2155

Re: Automatically divide customers into 4 internet lines equally



What about version v6?
What about version v6?
Is there a video explaining this?
PCC has not changed. So video likely apply. It is ECMP that did between V6 and V7.
by Amm0
Mon Oct 14, 2024 8:44 pm
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 464
Views: 151573

Re: v7.16.1 [stable] is released!

The issue is probably not the naming but the lack of resources for maintaining separate 2 code trees... It's as folks think Mikrotik just declaring something makes it so. A bug-free version is not solved by nomenclature. There thousands of fix from say 7.12.x to 7.16.1 - each one of those made some...
by Amm0
Mon Oct 14, 2024 6:15 pm
Forum: Containers
Topic: Project mikrotik proxy manager
Replies: 3
Views: 1151

Re: Project mikrotik proxy manager

I needed a simple way to manage the reverse proxy server, already tried to check: - nginx - nginx proxy manager - caddy - trafik I liked traefik the most, a more convenient dynamic configuration, and decided to try to expand its capabilities so as not to write configs and add hosts via winbox I tri...
by Amm0
Mon Oct 14, 2024 5:51 pm
Forum: Beginner Basics
Topic: Automatically divide customers into 4 internet lines equally
Replies: 19
Views: 2155

Re: Automatically divide customers into 4 internet lines equally

The high-level answer is if you just set the distance= the same in /ip/route for the 4 DSL lines (* in V6, add MULTIPLE gateway to same 0.0.0.0 /ip/route), you'll create an ECMP. Traffic is divided by hashes, so it's not quite "equal" (*in 7.16 ECMP can be "more even" with l4 has...
by Amm0
Mon Oct 14, 2024 5:30 pm
Forum: Scripting
Topic: $PIANO - interactive "player piano" & studio-quality recorder using :beep
Replies: 15
Views: 3184

Re: $PIANO - interactive "player piano" & studio-quality recorder using :beep

Like playing live on some chiptune party over rtpMIDI with furnace :) LOL. And with few Mikrotiks with beepers, you can have a whole orchestra to deal with chords/multitones — be a real party. Just to cover the all the "audio interfaces" of RouterOS, there is also audio input via HTTP ava...
by Amm0
Mon Oct 14, 2024 5:04 pm
Forum: Scripting
Topic: Inconsistent boolean conversion
Replies: 6
Views: 552

Re: Inconsistent boolean conversion

Mikrotik+us are in a bit a box... the #1 rules is existing script have to still work - so some inconsistencies" cannot be fixed, since folk may rely on the "wrong" behavior. And also there just are a lot implicit type conversations - since script and config are same system. So as &quo...
by Amm0
Sun Oct 13, 2024 5:51 pm
Forum: Scripting
Topic: How to Access User Total Download, Upload, Data from REST API in /user-manager/user/?
Replies: 8
Views: 5206

Re: How to Access User Total Download, Upload, Data from REST API in /user-manager/user/?

Is there a way to reed all UserManager User-Statistic Date via one request? At the WinBox, you also get all infos listed. If you have a comma-separated list of .id's that can be used in user-manager/user/monitor - JSON is still a string for .id - but it can take multiple .id's curl -k -u $USER:$PAS...
by Amm0
Sat Oct 12, 2024 9:28 pm
Forum: Beginner Basics
Topic: QuickSet uses 0.0.0.0 for DHCP server network
Replies: 17
Views: 1074

Re: QuickSet uses 0.0.0.0 for DHCP server network

Regardless what forum denizens think... QuickSet should work reliably. And it's useful - instead of visiting 5-10+ dialogs/CLI cmds, you can get a router online with IP and routing in ONE screen. And, the CCR2004-1G-12S+2XS's website suggests as much: The “Improvise. Adapt. Overcome.” mindset can be...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 16