Community discussions

MikroTik App

Search found 4791 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 16
by Amm0
Wed Dec 11, 2024 4:09 am
Forum: General
Topic: IP Cloud (Dynamic DNS) down?
Replies: 67
Views: 9233

Re: mynetname is down ?

Since DDNS going down is an ongoing issue, I wish Mikrotik would provide a website that informs people about what's happening. The website could possibly include an ETA.
Perhaps they need to start with a pager for someone... They don't seem to do well with issues in middle of the [Riga] night...
by Amm0
Wed Dec 11, 2024 2:52 am
Forum: General
Topic: Mikrotik DDNS is down
Replies: 2
Views: 626

Re: Mikrotik DDNS is down

Not alone, this incident seems to be tracked here: viewtopic.php?t=213191
by Amm0
Wed Dec 11, 2024 1:54 am
Forum: General
Topic: IP Cloud (Dynamic DNS) down?
Replies: 67
Views: 9233

Re: mynetname is down ?

Yup, seems down.

And also means BackToHome (BTH) is down too....Just tried enabling on a router and it gets stuck at "allocating endpoint"
by Amm0
Tue Dec 10, 2024 7:29 pm
Forum: General
Topic: BTH + ECMP
Replies: 6
Views: 258

Re: BTH + ECMP

yeah the first thing I do in every config is blow up capsman and obliterate IPV6. They are like parasites that drain my energy ;-) LOL, I know your thoughts there & BTH does use IPv6 - why I highlight that detail ;). Although I suspect OP running into the WG+multipath "issue"...
by Amm0
Tue Dec 10, 2024 7:26 pm
Forum: General
Topic: Need help with blocking port 25
Replies: 2
Views: 119

Re: Need help with blocking port 25

You might want to post your config. By default, port 25 is allowed outbound.

If your added rule to block outbound 25 is after an "accept", that could be the problem.
by Amm0
Tue Dec 10, 2024 7:02 pm
Forum: General
Topic: BTH + ECMP
Replies: 6
Views: 258

Re: BTH + ECMP

Yeah config going to be needed here. One additional consideration, is if you have IPv6 enabled, BTH will use IPv6 if available. This may or may not be expected, so might want confirm in /ip/firewall/connections and/or /ipv6/firewall/connections to see... RouterOS comes with IPv6 enabled, but sometim...
by Amm0
Tue Dec 10, 2024 5:50 pm
Forum: General
Topic: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)
Replies: 12
Views: 1135

Re: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)

@ammo, Agree, in concept... But the problem is often "sync everything, except..." - with except part making it tricky. sounds like a developer having a tough project because the customer keeps changing his mind?? 😅 I spend 20+ years in software engineering, so I'm a bit sympathetic to Mik...
by Amm0
Tue Dec 10, 2024 5:19 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 17
Views: 757

Re: Do AP's come with all router functions?

- Does RouterOS allow you to fully disable multicasting? LLDP? STP? By disabling I mean killing the services and not have any processes listening on respective ports or just not having processes running at all. It would be even better to be able to completely remove related packages via CLI! You ca...
by Amm0
Tue Dec 10, 2024 1:36 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

DNS in a VRF still doesn't work... 7.17rc2 As explained already before, setting VRF parameter allows to listen for DNS queries in a VRF. Feature to connect to remote DNS servers via VRF does not exist yet. That detail should be in the docs, not just this beta thread, too: https://help.mikrotik.com/...
by Amm0
Tue Dec 10, 2024 4:49 am
Forum: General
Topic: How to set ssh terminal width?
Replies: 10
Views: 4294

Re: How to set ssh terminal width?

I had to make a meme about it. But seriously. Thank you. I'm all set for what I needed. I hope someone else gets some value from this thread. LOL. A bug report to support@mikrotik.com on the user+1000w not working might have been more productive ;) - as I'm pretty sure the user+100w stuff is broken...
by Amm0
Tue Dec 10, 2024 2:51 am
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list
Replies: 6
Views: 305

Re: Resutt of print command to variable adress list

I guess I don't understand, since it just bytes per "kid" AFAIK. So if you want to add the IP address of some kid to the address-list based on traffic volume, not site. I've never heard of kid control doing anything with content filtering, so really not sure what you're after. Do you have ...
by Amm0
Tue Dec 10, 2024 2:44 am
Forum: General
Topic: VLAN Experts' help needed
Replies: 14
Views: 567

Re: VLAN Experts' help needed

You may need to enable the RTSP firewall helper for the IPTV. But if your using Spainish Movistar IPTV... I believe there are some issues IGMP proxy that block that from working. Also EOIP with WG is going to reduce the MTU, so I'm not 100% sure the IPTV packet fit over the lower MTU....so that may ...
by Amm0
Tue Dec 10, 2024 2:40 am
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list
Replies: 6
Views: 305

Re: Resutt of print command to variable adress list

Well, now you have me more confused. Kid control does not do blocking of sites, only controls access by time. RouterOS is poorly suited to do content filtering. So, even in terms of scripting, I'm not sure what your what your trying to gleam from /ip/kid-control/devices since it just what "kids...
by Amm0
Tue Dec 10, 2024 2:18 am
Forum: Beginner Basics
Topic: Resutt of print command to variable adress list
Replies: 6
Views: 305

Re: Resutt of print command to variable adress list

You'd normally use a script on the /ip/dhcp-server to do this, in which case "print" is not involved, only "/ip/firewall/address-list add ...", see "lease-script=" under https://help.mikrotik.com/docs/spaces/ROS/pages/24805500/DHCP#DHCP-DHCPServerProperties Is there som...
by Amm0
Tue Dec 10, 2024 2:11 am
Forum: General
Topic: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2
Replies: 9
Views: 872

Re: [HELP] Trouble with VLAN setup on Audience (RBD25G-5HPacQD2HPnD) running RouterOS 7.16.2

You might try setting STP to "none", as you could something could be going into a blocking state during the configuration process. But otherwise it looks right to me... Also, in 7.16+, it's safe to set vlan-filtering=yes when you create the bridge, as the default bridge/ports all use a &qu...
by Amm0
Tue Dec 10, 2024 1:35 am
Forum: General
Topic: Do AP's come with all router functions?
Replies: 17
Views: 757

Re: Do AP's come with all router functions?

Would clients running WireGuard (such as Windows clients running official WireGuard NT) be able to pull 700-800Mbps on Chateau AX Pro? I don't expect such throughput when running WireGuard on router itself, but fast PC's with WireGuard NT should be able to achieve such throughput. Well, if WG is ru...
by Amm0
Tue Dec 10, 2024 12:13 am
Forum: General
Topic: No wan access using back to home
Replies: 6
Views: 356

Re: No wan access using back to home

Hmm, not 100% without more inspection.... But I think 192.168.216.0/24 needs to be in the "allowed_to_router" list. That would be for remote user access to the config of the router, I thought he was asking for access to the LAN subnets...... Now that I look, correct. But I read the OP as ...
by Amm0
Mon Dec 09, 2024 11:51 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 17
Views: 757

Re: Do AP's come with all router functions?

Mikrotik has a secure boot options (/system/routerboard), "locking out" features (and flagging) via /system/device-mode , and RouterOS packages are all signed. RouterOS does not use Linux standard GNU tools, so the split between kernel and user-mode is pretty abstracted by the CLI & th...
by Amm0
Mon Dec 09, 2024 11:33 pm
Forum: Beginner Basics
Topic: Can't create script [SOLVED]
Replies: 4
Views: 327

Re: Can't create script [SOLVED]

they?

what video?
Probably one of @dru's videos on scripting on YouTube. Although he's pretty good about using the name in other places, https://youtu.be/2WsFhkLVaMY?t=254
by Amm0
Mon Dec 09, 2024 11:20 pm
Forum: General
Topic: No wan access using back to home
Replies: 6
Views: 356

Re: No wan access using back to home

Hmm, not 100% without more inspection.... But I think 192.168.216.0/24 needs to be in the "allowed_to_router" list.
by Amm0
Mon Dec 09, 2024 10:12 pm
Forum: General
Topic: Do AP's come with all router functions?
Replies: 17
Views: 757

Re: Do AP's come with all router functions?

Normally "AP" are strictly AP's.
Perhaps, but I've seen "router features" (e.g. NAT to internet) on most other vendor "APs" (outside perhaps UBNT).

And, in Mikrotik, all APs are routers running RouterOS (at some license level, which may limit things too).
by Amm0
Mon Dec 09, 2024 8:34 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

I am not aware of the address range used, so you are saying it starts the first one given to the admin on his smartphone as 192.168.216.2 and the next .3 and so forth.
Yup, admin/"1st user" is 192.168.216.2, and any added BTH users/"2nd+ users" start at .3, ...
by Amm0
Mon Dec 09, 2024 7:19 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

@Ammo: does this sound right. Challenge: Allow BTH users to go out internet and LAN. a. Establish BTH network with 5 users plus admin b. Do select NO for lan access initially --> I have a reason. :-) Go to /ip/firewall/address-list and copy down all the user Ip addresses. c. Unselect NO for lan acc...
by Amm0
Mon Dec 09, 2024 7:08 pm
Forum: Scripting
Topic: concatenate variable names
Replies: 11
Views: 556

Re: concatenate variable names

I'm more curious what underlying problem got someone to think concatenating an actual variable name is the solution... ;)
by Amm0
Mon Dec 09, 2024 6:37 pm
Forum: Scripting
Topic: concatenate variable names
Replies: 11
Views: 556

Re: concatenate variable names

Just use a 2nd variable.
But this is not what OP ask: concatenate variable names
Well I'm not sure OP was very clear. ;) String interpolation get's tricky with variables and numbers... i.e. "$($var123)456" syntax isn't entirely obvious too.
by Amm0
Mon Dec 09, 2024 6:30 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1287

Re: ECMP doesn't work for Load balancing [SOLVED]

@Amm0, Yup, but a default route in main is sufficient to meet this requirement. Also, I'm pretty sure that statement in the documentation is a simplification the author has used to avoid the need to explain that this requirement (for some route to exist in main ) is only related to own outgoing tra...
by Amm0
Mon Dec 09, 2024 6:16 pm
Forum: General
Topic: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)
Replies: 12
Views: 1135

Re: Synchronizing Configurations on Multiple MikroTik Routers with VRRP (v7+)

Agree, in concept... But the problem is often "sync everything, except... " - with except part making it tricky. For example, the src-nat or dst-nat might vary in a VRRP setup, while all other firewall be same. How to express that in config, IDK.... I guess IMO VRRP isn't special in the ne...
by Amm0
Mon Dec 09, 2024 11:45 am
Forum: Scripting
Topic: concatenate variable names
Replies: 11
Views: 556

Re: concatenate variable names

Just use a 2nd variable.
:global hello 123
:global hello2 "$($hello)456"
:put $hello2
123456
by Amm0
Sun Dec 08, 2024 7:13 pm
Forum: Beginner Basics
Topic: mikrotik router os install in window via vmware
Replies: 8
Views: 501

Re: mikrotik router os install in window via vmware

i just used as a bridge can you explain me step by step i can ping in mikrotik router ether1 to 8.8.8.8 but lan out not working Bridge works and likely want you'd want, essentially like a MACVLAN so RouterOS get's own MAC address. It's "host only" that is unlikely useful in any case. Alth...
by Amm0
Sat Dec 07, 2024 11:24 pm
Forum: Scripting
Topic: run scrip on dhcp renew [SOLVED]
Replies: 6
Views: 501

Re: run scrip on dhcp renew [SOLVED]

Ah, you want to register any DHCP lease in DNS... I believe you need an else={ ... } in the :if ( \$leaseBound = 1 ) { ... } statement for the "expired" case. Or, add another :if ($leaseBound = 0) do={} work too for expired dhcp leases. But your bigger problem is likely that /tool/dns-upda...
by Amm0
Sat Dec 07, 2024 11:11 pm
Forum: Announcements
Topic: Question to our users about controllers
Replies: 73
Views: 56960

Re: Question to our users about controllers

I know we had a similar topic a while ago, but here there are some more specific questions. [...] As there are a lot of standards for managing network devices (https://xkcd.com/927/) my suggestion is to KISS and use whatever is there already - ansible for those who can code, API for those who can u...
by Amm0
Sat Dec 07, 2024 10:46 pm
Forum: General
Topic: How to set ssh terminal width?
Replies: 10
Views: 4294

Re: How to set ssh terminal width?

[...] If I use the brief option, as suggested in this thread, I still don't get the HOST-NAME column. If I use the detail option, I get the full hostname, but now the output is in this multi-line stanza format that I have to parse. What I really want is the IP address and the hostname and nothing e...
by Amm0
Sat Dec 07, 2024 6:25 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1287

Re: ECMP doesn't work for Load balancing [SOLVED]

Re macvlan, it might be useful in some cases... but adds more complexity if it's not actually needed was my point. you cannot just add a route to routing table unless same route exists in the main routing table Can you elaborate on why should doing so be a problem? The docs on Policy Routing have on...
by Amm0
Sat Dec 07, 2024 6:12 pm
Forum: General
Topic: ECMP doesn't work for Load balancing [SOLVED]
Replies: 28
Views: 1287

Re: ECMP doesn't work for Load balancing [SOLVED]

I'm not sure purpose behind using the intermediate macvlan in the first place...

Also, you cannot just add a route to routing table unless same route exists in the main routing table, which may be first order problem in OP's approach.
by Amm0
Sat Dec 07, 2024 5:49 pm
Forum: Scripting
Topic: run scrip on dhcp renew [SOLVED]
Replies: 6
Views: 501

Re: run scrip on dhcp renew [SOLVED]

I'm a bit confused. Normally, you use DDNS on a /ip/dhcp-client script (not "DHCP server" mention in top post)... First, /tool/dns-update uses the RFC scheme to update a DNS server, but few/none "cloud" DNS providers use that method. So /tool/dns-update pretty much work only with...
by Amm0
Sat Dec 07, 2024 5:37 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

I think it's Linux where the SVG is useful. On Mac/Windows, the icon file isn't needed since it bundled. But with Linux, there are different window managers. And using a SVG allow you use the "scalable" icon directory, while rastered PNG/etc require using the resolution specific directorie...
by Amm0
Fri Dec 06, 2024 9:36 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

HAP AC2 with 7.17rc2:[...] If from a phone connected to wifi I copy any file of average size 296MB, the transfer starts well but randomly in a percentage that is always different, the router goes into kernel panic and restarts completely. I formatted in ROS if it can be a detail.. Serious BUG !! Ev...
by Amm0
Fri Dec 06, 2024 4:43 am
Forum: Wireless Networking
Topic: Quectel Redcap RG255C-GL PCI-e 5G Modem Support
Replies: 5
Views: 1233

Re: Quectel Redcap RG255C-GL PCI-e 5G Modem Support

The redcap mean "reduced capacity" so are speed limited than "full" 5G modem... so IMO routing performance is even less important since it not going to be GBs. Thus I'm not sure NAT-less IP routing from a "main" router to the LTE device is the end of the world, vs. &quo...
by Amm0
Fri Dec 06, 2024 4:23 am
Forum: General
Topic: Feature Request
Replies: 2
Views: 735

Re: Feature Request

+1 - you have a lot of good suggestions that I'd agree with. If you're configuring routers professionally, they do have the branding kit, so if you want to update the default configuration you can use that to do it. If you want to keep QuickSet working, you need to start with the existing default co...
by Amm0
Fri Dec 06, 2024 3:56 am
Forum: Scripting
Topic: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]
Replies: 7
Views: 799

Re: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]

there is even a curl to Mikrotik fetch converter https://tikoci.github.io/postman-code-generators/ [...] curl -k -u user:password -X POST http://1.2.2.3:80/rest/system/identity/set --data "{\"name\":\"MikrotikTEST\"}" -H "content-type: application/json" This ...
by Amm0
Fri Dec 06, 2024 3:32 am
Forum: Scripting
Topic: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]
Replies: 7
Views: 799

Re: From Mikrotik via REST API and fetch update other mikrotik settings [SOLVED]

Maybe you just missed the options keep-result=no https://help.mikrotik.com/docs/spaces/ROS/pages/47579162/REST+API https://help.mikrotik.com/docs/spaces/ROS/pages/8978514/Fetch I think in V7, using output=none is generally preferable. Although imagine in that case there same. But output= allows you...
by Amm0
Fri Dec 06, 2024 3:19 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

I have a question about relaying. My Mikrotik router is behind a CGNAT connection, so the IPv4 address I receive from my provider is not directly accessible from outside. I have assigned a static IPv4 via an IPIP6 tunnel through a server and added a global route in a separate routing table. With th...
by Amm0
Fri Dec 06, 2024 3:12 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

(I was hoping @normis would chime in, since @anav asks good questions. But I'll try...) I want to know more about this line............ In case of going through relay, speed could be limited. Clearly we have limits on client end for ISP, and limits at Router end from its associated ISP connection a...
by Amm0
Thu Dec 05, 2024 6:17 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 16
Views: 1540

Re: Secure Remote Access - QuickSet VPN

Setup DDNS on the Unifi GW. [...] The Mikrotik is behind NAT so I am going to setup WG port forwarding to the RB2011 and try to get it to pass traffic. [...] I have tried a mangle rule to mark connection, it flooded the logs, so back to my copy of RouterOS by Example I go. Would I be correct in tha...
by Amm0
Thu Dec 05, 2024 12:28 am
Forum: Containers
Topic: How can I get veth1 to work?
Replies: 13
Views: 1273

Re: How can I get veth1 to work?

So disk1 is getting created on the flash, with the path of "disk1"...
Do you have a USB or other disk connected?
Because... you may be out of disk space on the flash... Check /system/resource/print and look at free-hdd-space.
by Amm0
Tue Dec 03, 2024 4:57 am
Forum: Beginner Basics
Topic: Port forwarding FQDN
Replies: 3
Views: 428

Re: Port forwarding FQDN

The RB951 does not support containers, but running the Cloudflare container be best way to get traffic to the Mikrotik. You can create a dst-nat in /ip/firewall for the port to enable port forwarding. Since the FQDN point's the router IP, that's all that's technically needed. Your relaying on the se...
by Amm0
Tue Dec 03, 2024 4:42 am
Forum: RouterBOARD hardware
Topic: Product idea: switch in RB5009 form factor
Replies: 5
Views: 1150

Re: Product idea: switch in RB5009 form factor

The RB5009 / L009 format factor is a winner. Mikrotik promised a "series" using same form factor in an older YouTube video. It be nice to have a switch to be able to combine multiple RB5009 in same rack. The one SFP is pretty limiting. Now I personally wished they had an "accessory&qu...
by Amm0
Mon Dec 02, 2024 5:03 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9067

Re: WireGuard Multi-WAN Policy Routing

Nothing prevents you from going to a different vendor, or using a different VPN then wireguard. Just suggestions..........
Or, Mikrotik fixes their implementation to work like the rest of RouterOS.
by Amm0
Mon Dec 02, 2024 5:01 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

*) implement opened windows list
Thanks. One subtle thing is the "keyboard help" shown at bottom should use the platform-specific terms for "Alt", which on Mac be "Option" or the ⌥ symbol.
OptionNotAlt.png
by Amm0
Sun Dec 01, 2024 10:45 pm
Forum: General
Topic: WireGuard Multi-WAN Policy Routing
Replies: 85
Views: 9067

Re: WireGuard Multi-WAN Policy Routing

Sorry your trivial case nonsense is pure BS. Many folks that come here for assistance have normal multi-wan setups, not all can have specialized, niche vpn WAN only setups. It's not trivial. Mikrotik has plenty of users that use iBGP/OSPF/etc. One could also equally argue that Mikrotik focus on hom...
by Amm0
Sat Nov 30, 2024 6:50 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 785

Re: Adding existing preformatted disks

Nope. ;)

But they don't say version etc, so yeah compatibility might be tricky but dunno obviously... So worth a ticket.
by Amm0
Sat Nov 30, 2024 5:40 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 785

Re: Adding existing preformatted disks

@mkx is correct, RouterOS basically uses the Linux kernel, but not the Linux tools. So AFAIK there is only the hardware encryption with OPAL that is support. You can file a feature request at https://help.mikrotik.com & see what Mikrotik says. They have been adding things to ROSE, and some softw...
by Amm0
Sat Nov 30, 2024 3:16 pm
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 681

Re: First script problem - just won't execute

Wow lots of ways to do this. I was answering the scripting question, since I figure your trying to learn scripting. But I too was not sure what you're trying to do.... If you have a "backup WAN"... typically you'd put a script on the "primary WAN" DHCP to change the default rout...
by Amm0
Sat Nov 30, 2024 5:58 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 681

Re: First script problem - just won't execute

It can be inside {} but NOT between attributes, which else={} is actually a property of the :if.
by Amm0
Sat Nov 30, 2024 1:35 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 681

Re: First script problem - just won't execute

At least one problem is the comment in the :if - else= is an attribute and you cannot just insert a comment in-between (i.e. the "# Else at least one such route exists") If you paste in into CLI, it show you where the problem is too. Or, even syntax checking in /system/script/edit which sh...
by Amm0
Sat Nov 30, 2024 12:04 am
Forum: Scripting
Topic: First script problem - just won't execute
Replies: 10
Views: 681

Re: First script problem - just won't execute

That is a script for /ip/dhcp-client. $bound does not exist in /system/script.
by Amm0
Fri Nov 29, 2024 11:26 pm
Forum: General
Topic: Bug - Hyper-V CHR after upgrading 7.14.1 to 7.15 [SOLVED]
Replies: 1
Views: 348

Re: Bug - Hyper-V CHR after upgrading 7.14.1 to 7.15 [SOLVED]

That's an odd one. Since you're saying allocating more memory helps, I guess it's possible if there is a new driver that allocates some memory buffer. The docs suggest : The minimum required RAM depends on interface count and CPU count. You can get an approximate number by using the following formul...
by Amm0
Fri Nov 29, 2024 11:13 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

I do prefer winbox v3 but I am afraid that in the future I will not be able to use Winbox v3 anymore because newer RouterOS will not support it anymore, meaning I will be forced to not update my routers, which I realy don't want to do Mikrotik could comment on this.... But that may not necessarily ...
by Amm0
Fri Nov 29, 2024 11:05 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1647

Re: Wireguard routing

Actually AMMO, you can use a single wireguard interface, and just use a different IP address schema for the road warriors, if you need some granularity over firewall rules..... Yeah that's true: different peers + subnet is enough for firewall. A different interface only adds using the different por...
by Amm0
Fri Nov 29, 2024 7:44 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1647

Re: Wireguard routing

Have you consider just using a dedicated subnet for the WG between site A and site B, then using normal routing (/ip/route) instead of WG's allowed-address to handle routing? Also, I don't know if you control the IP numbering (i.e. if the sites are operational)... but using a 10.<site>.<vlan>.x for...
by Amm0
Fri Nov 29, 2024 7:36 pm
Forum: Beginner Basics
Topic: Turning off default SMB and DLNA
Replies: 3
Views: 419

Re: Turning off default SMB and DLNA

I would have thought that would have worked...

You can also be explicit to disable SMB:
/ip/smb/set enabled=no
(the default is "auto" AFAIK ... but I'd thought the /disk auto-smb-sharing=no mean auto in /ip/smb be =no)
by Amm0
Fri Nov 29, 2024 5:32 pm
Forum: General
Topic: Adding existing preformatted disks
Replies: 12
Views: 785

Re: Adding existing preformatted disks

It's closed source, so you cannot diff the modules. But you need ROSE installed for encryption support, and drives need be Opal complaint: https://help.mikrotik.com/docs/spaces/ROS/pages/259031065/ROSE-storage#ROSEstorage-Self-EncryptionDrives Does this encrypted disk mount on another plain Linux sy...
by Amm0
Fri Nov 29, 2024 5:18 pm
Forum: General
Topic: RouterOS blatantly ignores pref-src. Can this really be a bug?
Replies: 39
Views: 2655

Re: RouterOS blatantly ignores pref-src. Can this really be a bug?

It is the user space applications' duty to then fill out the source address (see https://blog.cloudflare.com/everything-you-ever-wanted-to-know-about-udp-sockets-but-were-afraid-to-ask-part-1/#sourcing-packets-from-a-wildcard-socket). That's a good article, which likely explains roughly what's goin...
by Amm0
Fri Nov 29, 2024 4:59 pm
Forum: General
Topic: Wireguard routing
Replies: 20
Views: 1647

Re: Wireguard routing

Have you consider just using a dedicated subnet for the WG between site A and site B, then using normal routing (/ip/route) instead of WG's allowed-address to handle routing? Also, I don't know if you control the IP numbering (i.e. if the sites are operational)... but using a 10.<site>.<vlan>.x form...
by Amm0
Fri Nov 29, 2024 2:30 pm
Forum: Scripting
Topic: copying file between directories with /tool fetch gives timeout
Replies: 8
Views: 625

Re: copying file between directories with /tool fetch gives timeout

Good to hear, it did seem like the firewall. I just thought there be a good chance you both had the default firewall & the loopback rule be in the right spot. Without config, guessing isn't always 100% accurate :). If you're only use FTP for the copy... you might consider restricting FTP to just...
by Amm0
Thu Nov 28, 2024 3:31 am
Forum: General
Topic: RouterOS blatantly ignores pref-src. Can this really be a bug?
Replies: 39
Views: 2655

Re: RouterOS blatantly ignores pref-src. Can this really be a bug?

It's roughly the same as this issue: viewtopic.php?t=205278&hilit=wireguard

Wireguard, for some unknown reason, is not treated the same as "locally generated traffic". So pref-src= is I'm guessing a similar victim.
by Amm0
Wed Nov 27, 2024 11:21 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

So in summary, its transparent to the end user, and hence why both apps can be used.
Yup. Just WG peer, with special DNS name.
by Amm0
Wed Nov 27, 2024 10:24 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 16
Views: 1540

Re: Secure Remote Access - QuickSet VPN

Also, since the RB2011 lives behind the starlink connection and the unifi gateway, I think double nat is going to be an issue. I dont want to have the RB2011 as the main gateway. I think that having it hosted somewhere else might be a better option. Perhaps, but if the starlink is going to UBNT &am...
by Amm0
Wed Nov 27, 2024 10:21 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 951

Re: Why can I not use static ip_

Anyway, I still use the Automatic address acquisition which works fine without any issues. Just to be clear, you shouldn't need /ip/route or /ip/address if you using DHCP client. I was trying to explain how to set them IF you were NOT using DHCP client. But if a WAN has DHCP, in most cases that bet...
by Amm0
Wed Nov 27, 2024 10:17 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1775

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

Yeah the 40Mhz on 2.4Ghz always seemed silly to me. It the 5Ghz band where I just never/rarely seen anyone recommend/using 20Mhz (or even 20/40Mhz). And have wondered if either I'm missing something about AX thus the initial question... Seems I'm not alone. But do think using default 20/40/80Mhz cha...
by Amm0
Wed Nov 27, 2024 10:10 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

Well, BTH is actually useful for LTE for a router-to-router WG with a CGNAT. This is use case @normis does not quite get with the "always use app" approach, and why I persist in explaining it since regular WG will not use BTH's "relay" server hosted by Mikrotik to deal with hole ...
by Amm0
Wed Nov 27, 2024 5:20 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 16
Views: 1540

Re: Secure Remote Access - QuickSet VPN

Or some cheap VPS in the cloud and install CHR on it, then use that one as pivot point for all Wireguard connections ? Shouldn't be too expensive ? Anav always claims it's about 7$ / month but I don't know what supplier provides it. I don't use it but I know some folks use https://www.vultr.com/pri...
by Amm0
Wed Nov 27, 2024 4:55 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

I am working on that bit ( improving docs ) and is why I am being nitpicky in my understanding. I forget, where do the firewall rules show up that allow a USER to access the WAN and possibly the LAN??? On firewall, there is an address-list named "back-to-home-lan-restricted-peers" in /ip/...
by Amm0
Wed Nov 27, 2024 4:45 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

You know its very annoying that your right ;-) Can we agree to blame Mikrotik's docs? :) BTH is actually pretty elegant since it really just uses DDNS to determine if proxy is needed, but always still plain WG. The docs are just bad (overly complex for simple case & not enough info for someone ...
by Amm0
Wed Nov 27, 2024 4:29 pm
Forum: Beginner Basics
Topic: Secure Remote Access - QuickSet VPN
Replies: 16
Views: 1540

Re: Secure Remote Access - QuickSet VPN

@holvoetn is right, Back to Home is what you'd want to used for Starlink. I went to check the docs, but The Dude interrupted me, but he says the RB2011 does not support Back to Home: Dude RB2011 BTH.jpg You can use plain wireguard, but one side requires a static IP. So another option be to enable a ...
by Amm0
Wed Nov 27, 2024 6:33 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

Yup. App is not mandatory, as EVERYTHING can technically be done using RouterOS winbox/CLI alone. As @normis suggests, the app may be easier. Although just enabling BTH under /ip/cloud is not very hard either (i.e. it's a radio button, which enables BTH & gets you 1st WG client, and then with &q...
by Amm0
Wed Nov 27, 2024 5:42 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

Not sure what you mean. If a user (not admin) uses the BTH app to setup a BTH tunnel after receiving the QR code, or URL link or export config file generated on the admins smartphone, then the user access is done through the BTH app, not the standard wireguard app. That why the app is more confusin...
by Amm0
Tue Nov 26, 2024 10:24 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1775

Re: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

None of these give any reason why using 40MHz channels on 2.4GHz band would suddenly become a sane thing to do. That one I've never got either. I actually been using 20Mhz on both on most of the AX devices we use. I just NEVER see anyone recommend narrowing channel width for AX... which got me ques...
by Amm0
Tue Nov 26, 2024 9:12 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

The ROUTER initiated client peer, ( the one that should go on the admins smartphone ) can, via Managed Shares, create additional peer clients to the same router. The client peers (second created to infinity) CANNOT create additional peer clients. They are not equal..... Now I get the confusion. The...
by Amm0
Tue Nov 26, 2024 8:34 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 951

Re: Why can I not use static ip_

Could you check my port forwarding rules please? Although I follow the same way of opening ports for applications that I use, I still have problem with a few and I don't really understand why. Moreover, I have never been able to open any with UDP protocol. Does it need anything else? You shouldn't ...
by Amm0
Tue Nov 26, 2024 8:30 pm
Forum: Beginner Basics
Topic: Why can I not use static ip_
Replies: 13
Views: 951

Re: Why can I not use static ip_

@jvanhambelgium: Hmm, I didn't think of it like this just to be fair. The ISP didn't instruct me to do anything, as I had always in my mind that static IP doesn't need any DHCP client to be enabled. It seems that I was wrong then. You're missing a default route in /ip/route for the gateway. To use ...
by Amm0
Tue Nov 26, 2024 7:28 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

It's WG, so all are peers. The app and /ip/cloud just always create ONE peer upon enabling it. If you need more, you need the "managed shared" (or /ip/cloud/back-to-home-users). On the "shared" ones, there is the additional option to allow-lan= so that the only difference AFAIK. ...
by Amm0
Tue Nov 26, 2024 7:18 pm
Forum: Wireless Networking
Topic: Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?
Replies: 11
Views: 1775

Any reason not use 20Mhz channel on AX devices, if stability is preferred over max speed?

For years of Wi-Fi, the general recommendation is avoid large channel widths unless the spectrum is relatively clean. But I've never seen that recommendation for AX devices. I know AX uses OFDMA to better handle this and large channel widths are needed to get "max speed". But most of my us...
by Amm0
Tue Nov 26, 2024 7:01 pm
Forum: Scripting
Topic: copying file between directories with /tool fetch gives timeout
Replies: 8
Views: 625

Re: copying file between directories with /tool fetch gives timeout

Why you do not download and save already the file on correct place instead of download on another place?
Fair point!

But given MT's recent focus on NAS things... some "copy" and "move" are still missing, which results in these kludgey solutions like FTP+fetch.
by Amm0
Tue Nov 26, 2024 6:56 pm
Forum: Scripting
Topic: copying file between directories with /tool fetch gives timeout
Replies: 8
Views: 625

Re: copying file between directories with /tool fetch gives timeout

Try using localhost as the IP, and make sure 127.0.0.1 is allowed in /ip/firewall/filter (and recent defaults generally allow it). While could a be a few things why this does not work... firewall blocking it be 1st to look at. Also note that in 7.17, if you're downloading RouterOS packages to instal...
by Amm0
Tue Nov 26, 2024 6:53 pm
Forum: RouterBOARD hardware
Topic: FCC Compliance Testing Support
Replies: 4
Views: 701

Re: FCC Compliance Testing Support

You may need Part 15 for other reasons. IANAL, but just using different antennas may fall under the FCC's "permissible change" stuff. But imagine Part 15 certification be cheaper than lawyers arguing about FCC rules. ;) They've just required that the radio be put in a mode where it transmi...
by Amm0
Tue Nov 26, 2024 6:24 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

I also understand that once folks have accepted the qr code on their smartphone app, or wireguard client app (laptops), etc. the results show up on the associated MT Routers IP Cloud tabs ( users ) and can be configured further if required ( add access to subnets, delete, and probably other options...
by Amm0
Tue Nov 26, 2024 6:15 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

anav:1 ammo:0 ( but whose counting) Except I'm not wrong. All BTH are just WG peers, and have QR codes. So just like any other peer, don't use the same peer twice. The advice to first one (/ip/cloud), applies to the shared ones too (/ip/cloud/back-to-home-user) - don't use them twice as they have a...
by Amm0
Tue Nov 26, 2024 5:28 pm
Forum: Containers
Topic: Issue with container not working on new HEX Refresh (E50UG)
Replies: 23
Views: 2078

Re: Issue with container not working on new HEX Refresh (E50UG)

You're not using an external disk. You might want to try setting root-dir=usb1-part1/pihole or whatever path you have (noting that paths do NOT start with / in root-dir=). Perhaps PiHole is small enough for flash, but IDK.
by Amm0
Tue Nov 26, 2024 4:02 am
Forum: The User Manager
Topic: Integration of WireGuard to UserManager
Replies: 4
Views: 1630

Re: Integration of WireGuard to UserManager

Impressive you got something working here! Another poster was trying to use Hotspot+WG to do this (https://forum.mikrotik.com/viewtopic.php?t=205625&hilit=hotspot) and that approach didn't work out so well it seems... But +1 - MT should have some way to directly integrate User Manager into WireG...
by Amm0
Tue Nov 26, 2024 3:10 am
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 822

Re: Configuring an additional container to host a local website

there is a "REST API" Better ? Sure, your commentary here is 100% spot on: If you find yourself needing a control plane for your routers’ containers, you will likely need to write it yourself. And it is kinda pedantic, but complex/hard is different than impossible ;). MT has mentioned &qu...
by Amm0
Mon Nov 25, 2024 11:54 pm
Forum: Beginner Basics
Topic: CRS326, CRS312, How do i setup DSCP for use with Dante?
Replies: 8
Views: 2939

Re: CRS326, CRS312, How do i setup DSCP for use with Dante?

That's a good question... I'm not the expert on the CRS326, and haven't tested Dante with it.... But same DSCP marks should work on a VLAN with Dante, if VLANs were setup AFAIK. And you want one bridge, see https://help.mikrotik.com/docs/spaces/ROS/pages/30474317/CRS3xx+CRS5xx+CCR2116+CCR2216+switch...
by Amm0
Mon Nov 25, 2024 11:09 pm
Forum: Wireless Networking
Topic: Mini ISP Setup, help needed
Replies: 9
Views: 616

Re: Mini ISP Setup, help needed

I guess my first concern would be the topology of the links. Specifically if you're planning on bridging or routing the various links. The bandwidth and router are more easily swapped than not having a good architecture to start. For PTMP (APs<->CPEs) and PTP (APs<->Stations) I will use Ubiquiti. An...
by Amm0
Mon Nov 25, 2024 11:01 pm
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 822

Re: Configuring an additional container to host a local website

I've updated my Container Limitations article to cover these latter details. I chose not to address the topic's primary question since you can cause this same port number conflict under Docker and Podman, too, most easily by giving the --host flag. I can't justify calling this a "limitation&qu...
by Amm0
Mon Nov 25, 2024 10:55 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

Following all the v7.17 topics, between various complaints, it's not clear what are the know issues.
Agree on known issues for beta, but by "rc", ideally there shouldn't be any.

Now device-mode does deserve "top billing" with the !) since it changes behavior...
by Amm0
Mon Nov 25, 2024 7:25 pm
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 822

Re: Configuring an additional container to host a local website

Yeah the mounts can be tricky. Especially since RouterOS only allows mapping directories, not files. In a full-featured container engine, you have to do both, but now that you mention it, yeah, container.npk ignores the EXPOSE directive, doesn’t it? Nope, EXPOSE does nothing. Now ideally it be good ...
by Amm0
Mon Nov 25, 2024 6:46 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

As I said, the docs are not very clear. But end of the docs does reference the commands. The wording at top of docs should be changed IMO. In other words, the router itself can only generate one setup via BTH, the rest have to be done from the Admins smartphone. Just waiting for NORMIS to confirm! B...
by Amm0
Mon Nov 25, 2024 6:25 pm
Forum: General
Topic: Winbox vs Webfig
Replies: 5
Views: 1028

Re: Winbox vs Webfig

In 7.17, the difference becomes even less since webfig looks nearly identical to winbox4. So main difference IMO is winbox can do Layer2 / MAC address, while webfig is Layer3/4 / IP only. With the native winbox adding a few extras like sessions/workspaces, and associated multiple windows. Did you wr...
by Amm0
Mon Nov 25, 2024 5:33 am
Forum: Containers
Topic: Configuring an additional container to host a local website
Replies: 9
Views: 822

Re: Configuring an additional container to host a local website

I think you need to change the NGINX config file to do this. I don't the EXPOSE has any effect. i.e. The DockerHub version of NGINX has a script that parses env variables to "passthrough", see https://hub.docker.com/_/nginx under "Using environment variables in nginx configuration (ne...
by Amm0
Mon Nov 25, 2024 2:01 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1688

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

Yeah I have same problem on at least one test router, and by "rc" this stuff should work... So I did open a formal ticket with supout.rif on this issue.
by Amm0
Sun Nov 24, 2024 11:47 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

The new webfig has a similar problem to winbox4 where that status/flags are very difficult to interpret. For example, LINK OK and NO LINK are radically different states - yet the only difference is the text inside. Screenshot 2024-11-22 at 7.31.57 PM.png Screenshot 2024-11-22 at 7.32.11 PM.png Being...
by Amm0
Sun Nov 24, 2024 10:20 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

Anybody give an OK for Hap ax2 running capsman, I wouldn't want my config to explode! You can try it without harm. Repartition the hapax2 with two partition, on part0, stay 7.16.1, copy that onto part1 and switch to part1, then upgrade it to 7.17. If it is messed up itself, you can switch back to p...
by Amm0
Sun Nov 24, 2024 10:14 pm
Forum: Beginner Basics
Topic: Question about PoE
Replies: 2
Views: 413

Re: Question about PoE

No. The hAPax2 "dual use" PoE port is passive, but it does support 48V input.
by Amm0
Sun Nov 24, 2024 8:59 pm
Forum: General
Topic: AWS Wireguard Slow
Replies: 21
Views: 1395

Re: AWS Wireguard Slow

You get what you measure... First, I think Mikrotik should publish MORE stats in general. There is already a lot of conjecture on this WG vs IPSec performance, without any good baselines. On the WAG'ing, I'd be looking at how the bandwidth test is being running before getting into questions about I...
by Amm0
Sun Nov 24, 2024 2:36 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

Hi Ammo reading the docs there is only one qr/code one can generate from the router itself, the rest if I read this right, is that you can easily create and manage additional Qr codes and send them all from the admin smartphone. The docs aren't entirely clear, but the "share" ones should ...
by Amm0
Sat Nov 23, 2024 8:42 pm
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 405
Views: 368748

Re: NEW FEATURE: Back to Home VPN

Trying to understand BTH some more. Is this correct?? Bizarre that I cannot do this FROM or AT the router ????? Did you look in /ip/cloud/print (first BTH user), or /ip/cloud/back-to-home-users/show-client-config XX (2nd or more BTH users)? But I just notice is under /interface/wireguard/peer in Wi...
by Amm0
Sat Nov 23, 2024 5:50 pm
Forum: General
Topic: Mikrotik traffic mystery
Replies: 6
Views: 1148

Re: Mikrotik traffic mystery

Is the traffic getting fragmented? i.e. Are you sure it's 1500 MTU both ways. The packets-per-second on the slow link in half that of fast one....
by Amm0
Sat Nov 23, 2024 12:01 am
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

impossible that webfig skin designer is broken in a RC release. There was another thread where someone else in beta4 had the same issue. I'll note that it does work fine on a KNOT running 7.17rc1, but I reset the default configuration with the first 7.17 beta on the KNOT. But on the RB1100AHx4, it ...
by Amm0
Fri Nov 22, 2024 8:28 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

In the new webfig, I'm not sure the skin designer is working. I cannot seem to figure out how to create a new skin. When I do a "Design Skin", it shows a blank list and I don't see anyway to select things. Either I'm missing something in how to use new webfig's skin support, or it just is ...
by Amm0
Fri Nov 22, 2024 8:24 pm
Forum: Announcements
Topic: v7.17rc [testing] is released!
Replies: 192
Views: 51909

Re: v7.17rc [testing] is released!

I like the colorization, but that's it. Agree with @eworm, it should not be in an export. And not sure the "extra" comments are needed in winbox/webfig if it's already colorized (but the color is kinda handy).
by Amm0
Fri Nov 22, 2024 7:22 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Utah and North Pole have spoken. Cloudflare or bust! @anav, I thought you'd like that pivot ;) And California be happy to take the tax revenue from Cloudflare. And, @wfburton isn't wrong RouterOS is pretty far from a "enterprise firewall". Installing Cloudflare's single exe tunnel in a NP...
by Amm0
Fri Nov 22, 2024 6:04 pm
Forum: RouterBOARD hardware
Topic: FCC Compliance Testing Support
Replies: 4
Views: 701

Re: FCC Compliance Testing Support

Probably best to ask Mikrotik, or perhaps Quectel. But for FCC Part 15, which you'd need to sell them, you shouldn't actually need any special commands. Now the LTE modem and various cell carriers are a different story.... that typically where you need the LTE modem into various test modes. So if th...
by Amm0
Fri Nov 22, 2024 5:49 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

This is turning into the IT version of Netflix doc "Don't F**k with Cats"... I'm not the expert but setting up DNS is just first step to setup Cloudflare proxy services, I think the purposal here is that HTTPS traffic go through a Cloudflare IP before getting to "real" phpBB. [.....
by Amm0
Fri Nov 22, 2024 4:58 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

There's no need to fake anything since there are no restrictions on anonymous access (tho creating a post is). Your suggestion might very well work, but it could end up being like robbing Peter to pay Paul. :D Perhaps. But if you're a guest... "user control panel" (aka /ucp.php) is an odd...
by Amm0
Thu Nov 21, 2024 10:34 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Side note: one added benefit from this whole situation ... spammers have little interest the past days for this place. What I noticed during the weekend was most of the "extra guests" (perhaps faking being a bot) were visiting the "User Control Panel" page, under the "Who's...
by Amm0
Thu Nov 21, 2024 10:00 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

Some call it space-wasting, others call it easier readability because text ist not squished together. I'm not sure there are many folks who like the extra spacing... And @eworm is right, the comment has more space between the item it refers, than the next/previous item does. It's like the comment i...
by Amm0
Thu Nov 21, 2024 12:32 am
Forum: Containers
Topic: Running GUI apps in container
Replies: 5
Views: 652

Re: Running GUI apps in container

The first immediately useful thing I can think of would be running The Dude client in Wine on an ARM router (that's also running The Dude's polling package) instead of running it in a VM on separate hardware. But alas, no wine package exists for Alpine 3.2. LOL, see https://forum.mikrotik.com/viewt...
by Amm0
Thu Nov 21, 2024 12:08 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

macos big sur 11.7.10
Yeah that version seems to be a trend. But Intel-based with MacOS Sequoia does work without crash.
by Amm0
Thu Nov 21, 2024 12:05 am
Forum: Containers
Topic: Running GUI apps in container
Replies: 5
Views: 652

Re: Running GUI apps in container

Great work here! after starting you will get some permission errors (we will check whats going on) I've wanted to do same X11/RDP/VNC/etc approach for a while... but got similar permissions issues before. Now I've never tried the "s6-overlay" approach to "multi-service containers"...
by Amm0
Wed Nov 20, 2024 9:41 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

the thing is, putting the useful and inoffensive stuff (such as cpu-frequency, without overclock) behind the same security-group as some other "more dangerous" settings (boot to ethernet-only, disable reset) will incentivize people to "unblock" this, defeating the purpose of the...
by Amm0
Wed Nov 20, 2024 9:20 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

It took longer, as the biggest change was hard to implement - tree views. Now we will continue with the rest of the requests and ideas in this thread. The "tree [+list] views" did sound tough...but great work! It's actually quite an improvement over winbox3 in the Files view! And 100% sup...
by Amm0
Wed Nov 20, 2024 4:29 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1688

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

I think it's pretty obviously broken, and worth waiting to see in the next beta release.

But for next time you can add attachments to forum post using the "Attachments" tab in the "full editor", and then say "place inline" after uploading.
by Amm0
Wed Nov 20, 2024 4:21 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Anyway, I'd be curious on the hearing the root cause from Mikrotik...
Won´t be all?
We don't know it wasn't some software update pushed by @normis late on Friday, that had some leak/etc that caused these issues.... ;-)
by Amm0
Wed Nov 20, 2024 4:08 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1688

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

Like I said, I think it's broken. I had some issues you're describing, and under 7.17beta5

Maybe there is some interface trick I'm missing, but it ain't obvious.
by Amm0
Wed Nov 20, 2024 4:00 am
Forum: General
Topic: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]
Replies: 12
Views: 1688

Re: RouterOS 7.17beta4 Webfig--Some Issues [SOLVED]

Most probably user error. I don't think so. 7.17 is radically changed. I have not been able to create a new skin, since it seems to depend on what in the skin's .json file. Now my test router had none. So I'm not sure you can add items to the skin in the beta, only modify - or at least that has bee...
by Amm0
Wed Nov 20, 2024 3:23 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

IDK, maybe it should be. It COULD be. I wasn't trying to argue – not wrong from a pure business perspective hosting might make more sense, especially if uptime and low-latency were a concern.... But for Mikrotik it would be a sign of capitulation. And implication that any small/medium sized busines...
by Amm0
Wed Nov 20, 2024 3:12 am
Forum: The Dude
Topic: Parameters in a function
Replies: 1
Views: 504

Re: Parameters in a function

I have an example of using a function in a probe here: https://forum.mikrotik.com/viewtopic.php?t=192103&hilit=probe It does not use not function parameters, however. I just created multiple functions rather than take an argument. Reason being is I'm not 100% on how to correctly use arguments. $...
by Amm0
Tue Nov 19, 2024 11:49 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

I guess I'm saying Mikrotik runs VPN proxy (BTH) and /ip/cloud DDNS already. So some PHP should actually be easier than BTH to secure.....and why I present the question. As a data point, I ran a ping over the weekend, it was ~250ms from the west coast to Mikrotik/Lativia, with 1.5% packet loss – whi...
by Amm0
Tue Nov 19, 2024 11:27 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Not be the contritaian. Why should some cloud solution be needed? Because this is not their core business. Their routers aren't the best bet to fend off heavy DDOSs - and they shouldn't: it isn't their market target. IDK, maybe it should be. I just don't buy that every publicly visible site needs t...
by Amm0
Tue Nov 19, 2024 11:15 pm
Forum: Scripting
Topic: After /file remove interpretation error ?
Replies: 3
Views: 366

Re: After /file remove bug?

Well this important advice, gets lost among the unnecessary invectives...
never use $ on :global, :local and :set
by Amm0
Tue Nov 19, 2024 10:58 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Ah. This we agree upon: it's past time they shove it behind some Cloudfare or whatnot. +1 Not be the contritaian. Why should some cloud solution be needed? I'm pretty sure Mikrotik can fix this without 3rd parties. Maybe not. But Mikrotik's basic product pitch is nothing depends on the cloud. And I...
by Amm0
Tue Nov 19, 2024 8:01 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

This is nothing but a disguised attempt to decrease the use of this forum........
Or, Mikrotik is just hungover from their holiday.
by Amm0
Tue Nov 19, 2024 7:46 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

While cable cuts add some international intrigue and drama here... It does seem more related to application load, not network bandwidth.
by Amm0
Tue Nov 19, 2024 2:58 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Yeah it's still flaky today. I see 1300+ users online.
by Amm0
Mon Nov 18, 2024 6:38 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Are DoS attacks a holiday tradition in Latvia?
Image
Still flaky.
Even worse.
by Amm0
Sun Nov 17, 2024 8:09 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

Still flaky.
The only question is: did Mikrotik pissed off someone, or is it just a bad programmed harvester?
LOL. That's my question here... I was kinda curious if newer/bad harvester, and not some attack. I guess it could be some attack targeting phpBB too.
by Amm0
Sun Nov 17, 2024 2:39 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

*) iot - added additional debug for LoRa logging; [...] *) iot - added new LoRa traffic FCnt packet counter parameter; On a positive note :). I have a KNOT with LoRa (+ 3rd party temp sensor) running 7.17beta5, connected to mosquitto and an old erlang lorawan-server container on RB1100 to run entir...
by Amm0
Sun Nov 17, 2024 2:09 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

*) webfig - status page is deprecated, old status page config will work , but can't be updated or created; A previously created webfig status page does NOT work , despite the release note.... I upgraded a wAPacR with status page showing LTE stuff, running 7.16.1 to 7.17beta5 — no status page is sho...
by Amm0
Sat Nov 16, 2024 7:44 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

A spike in session counts is usually a good indicator of a DDoS attack. Yup. I'd like to think it's still possible to self-host a 25 year old "web app" (phpBB here). i.e. without needing cloud services (AWS, cloudflare, Azure, etc.) or expensive enterprise security products. Perhaps not —...
by Amm0
Sat Nov 16, 2024 5:09 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

And it's still not working well...
There are not normally 1000+ real viewers on Saturday.
Screenshot 2024-11-16 at 7.07.53 AM.png
by Amm0
Sat Nov 16, 2024 4:57 pm
Forum: General
Topic: SSL certificate issue - wildcard Let's Encrypt
Replies: 3
Views: 400

Re: SSL certificate issue - wildcard Let's Encrypt

[...] Edit: i just compared, the chain.pem from LE is the same exact file as the r11.pem. Looks like there's a bug in the certificate handling/import process on Mikrotik. [...] I recall that without the delays I had problems with this process... Maybe there's some race condition there? A race condi...
by Amm0
Sat Nov 16, 2024 3:50 am
Forum: General
Topic: SSL certificate issue - wildcard Let's Encrypt
Replies: 3
Views: 400

Re: SSL certificate issue - wildcard Let's Encrypt

It's using the R11 certificate, not same as other thread.

Consult the LE web page: https://letsencrypt.org/certificates/
by Amm0
Sat Nov 16, 2024 2:43 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

In those markets you don't assume your customers are idiots, which is what device-mode assumes. Device mode is direct consequence of exactly this assumption. LOL. Perhaps. But device-mode needs more "sophistication" than just physical presence test. I got similar problem as @sirbryan, why...
by Amm0
Sat Nov 16, 2024 12:45 am
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

To be clear — IDK why the forum was getting 500 errors / hanging — I more was trying to make a joke. Now, I did see the active users being 1500 or so - but that does not mean there was an "attack" per se. But it be nice if Mikrotik posted the post-mortem on the failure, since it might a le...
by Amm0
Fri Nov 15, 2024 9:53 pm
Forum: General
Topic: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]
Replies: 95
Views: 7878

Re: FOR THE LOVE OF "DEITY OF CHOICE" FIX YOUR FRIGGEN (forum) WEBSITE [SOLVED]

I think Mikrotik is trying to prove the point about device-mode that DoS attacks are real. ;-)
by Amm0
Fri Nov 15, 2024 8:42 pm
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2167

Re: VRRP with single WAN and Single LAN Address

I'm not sure the VRRP address has to be a /32 when it's NOT in same IP subnet? At least in RouterOS 6, Yeah... I had a good handle on how this all worked. And on LAN side, all the same. But with V7, the effects of the new routing engine on VRRP is just not well described and subtlety different. Now ...
by Amm0
Fri Nov 15, 2024 3:54 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

Mikrotik seems to want to focus home users. So this trend is concerning, since disabling features is not root cause and shows a haphazard approach to security. Its my opinion the the Tik market is focused on small ISP, entrepreneurs, SMB's and the Home users who are enthusiast's ... In those market...
by Amm0
Fri Nov 15, 2024 3:04 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

How on earth disabling stuff like btest protects just anyone? Are there any documented cases of a feature missuse? no need to get agressive. yes, of course there is documented cases of misuse, even in this forum there are people who are asking why they have unrecognized accounts and unrecognized sc...
by Amm0
Fri Nov 15, 2024 12:43 am
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2167

Re: VRRP with single WAN and Single LAN Address

Still bashing my head on a wall trying to figure out how to use a single WAN IP address for the two routers I have created. The easiest is to use private addresses in the "WAN VRRP", and then NAT out the real public IP. Basically, the VRRP IP address does not have to be in the same subnet...
by Amm0
Thu Nov 14, 2024 8:25 pm
Forum: General
Topic: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.
Replies: 35
Views: 5148

Re: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.

Who guarantees that yourself on the github do not insert commands that create users and open backdoors in the router? The issue is you suggest that anyone who builds an open source script/framework and publish them transparently on GitHub is an 💀⚠️CRITICAL" ..."security issue". So yo...
by Amm0
Thu Nov 14, 2024 7:36 pm
Forum: General
Topic: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.
Replies: 35
Views: 5148

Re: 💀⚠️CRITICAL: Never trust who provides scripts containing "/import" from "/tool fetch" from external sources.

I'm not sure the "💀⚠️CRITICAL" is necessary. Everything here can be relegated to security "best practices". And applies equality to "cut-and-paste" scripts and containers. Or even the dude, which downloads the matching version. And winbox4 new's "Update Winbox"...
by Amm0
Thu Nov 14, 2024 5:25 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

Inline editing in "list/table view" would be nifty, i.e. no dialog needed would be nice feature.
by Amm0
Thu Nov 14, 2024 4:47 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

Those, when we click the "ok" button and immediately think "oh, no". The firewall rules aren't special, copy works throughout the UI... and I'm not sure changing how it works is a good idea. Among them is a disabled item would still be committed to "disk", so it anothe...
by Amm0
Wed Nov 13, 2024 7:21 pm
Forum: Beginner Basics
Topic: Dual APN Question - Use a second APN for a specific device
Replies: 7
Views: 1026

Re: Dual APN Question - Use a second APN for a specific device

There is one rule with routing rules — the route MUST still exist in main, to be able to be used in another routing table. So you may want the use-default-route enabled on both APNs (or VLAN passthrough'ed), as that would deal with a changing public IP. Just set the default-route-distance higher on ...
by Amm0
Wed Nov 13, 2024 3:32 pm
Forum: The Dude
Topic: Inserting new devices images into the Dude
Replies: 2
Views: 273

Re: Inserting new devices images into the Dude

AFAIK, it like MIBs... you put it into the top-level "files" under the dude directory and it will be moved automatically.
And you can pick the new graphic on the device type to use it.
by Amm0
Wed Nov 13, 2024 3:20 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 250
Views: 29789

Re: wAP ax?

Honestly, maybe it's just my opinion but i have a feeling that cAP ac works better than all of this ax stuff... Maybe your memory is bad, but the old wireless drivers got a lot complaints for years ;). Something like a cAPac also take exacting configuration to work well too... The issue is both ax ...
by Amm0
Tue Nov 12, 2024 10:14 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

I'll take svg any day.
and SVG rendering support is one step closer to showing Dude maps in WinBox4 (something webfig has long be able to do, since browser has built-in support for SVG while winbox3 does not)
by Amm0
Tue Nov 12, 2024 6:55 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

suggestion — WinBox4 should use an image for QR codes There are various complaints about the QR code for Wireguard client in 7.17beta thread... I'm not a regular user of the QR codes, but everytime I've tried to use one, I have to adjust the phone and/or fonts/sizing/"something"... While ...
by Amm0
Tue Nov 12, 2024 6:26 pm
Forum: Beginner Basics
Topic: Dual APN Question - Use a second APN for a specific device
Replies: 7
Views: 1026

Re: Dual APN Question - Use a second APN for a specific device

If the 2nd APN is working, you get a 2nd LTE interface. With that... At a high level, you need to add new /routing/table that has the 2nd APN's LTE interface as a /ip/route & use /routing/rules to steer the particular IP/subnet traffic to the new routing table for the 2nd LTE interface. But it a...
by Amm0
Tue Nov 12, 2024 12:17 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

Default configuration does not allow accessing webfig from WAN. Up to a point. The botnet on that article was composed by high end routers (CCR1036, CCR1072, CCR2004, CCR2116). Those have no firewall or protections whatsoever - since they are professional models. Yeah, that's makes the focus on dev...
by Amm0
Mon Nov 11, 2024 7:07 pm
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2167

Re: VRRP with single WAN and Single LAN Address

I do not understand what a "mirrored datacenter" means. Yeah that's kinda the central question here. Based on my now dated VMWare knowledge, but the general idea is that an "application" (i.e. CHR) didn't NOT have to be aware of redudency — since VMWare managed syncing all machi...
by Amm0
Mon Nov 11, 2024 6:33 pm
Forum: General
Topic: VRRP with single WAN and Single LAN Address
Replies: 34
Views: 2167

Re: VRRP with single WAN and Single LAN Address

I guess my initial question is if you have an investment in VMWare... wouldn't vMotion/etc work better? In that case you'd two identical CHRs, with VMWare controlling which one was active. VRRP certainly be possible on LAN side pretty easily. And VRRP supports connection tracking sync which keep it ...
by Amm0
Mon Nov 11, 2024 6:09 pm
Forum: RouterBOARD hardware
Topic: Product idea: rack mountable PoE injector
Replies: 10
Views: 1063

Re: Product idea: rack mountable PoE injector

I guess I'd rather see some "real" switch with more flexible PoE power options... before a modular PoE injector rack.

Right now, there is no switch in the lineup that actually support the entire range of power options (passive, 802.3a[ft][+][+]) on a per-port basis.
by Amm0
Mon Nov 11, 2024 3:52 pm
Forum: Wireless Networking
Topic: configuration.distance in wifi-qcom package
Replies: 5
Views: 1363

Re: configuration.distance in wifi-qcom package

I thought that for distances up to ca 2km the setting could be omitted. Or should I always round up to next higher km and specify it? I have NOT used wifi-qcom for long PtMP links..... But I can only imagine still you'd want to "round up". While an oversimplification, "distance"...
by Amm0
Mon Nov 11, 2024 3:24 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 1087

Re: Configuring wireless on wAP R from zero

I don't see how having the firmware set to automatic is "better", you have anyway to remember to reboot twice, so you can as well remember to upgrade the firmware. It's eventually get upgraded if one forgot...since at some point you'll reboot. My list was more "unless you know better...
by Amm0
Mon Nov 11, 2024 5:19 am
Forum: RouterBOARD hardware
Topic: are distributor markings on brand new MikroTik hardware allowed?
Replies: 2
Views: 523

Re: are distributor markings on brand new MikroTik hardware allowed?

Considering they allow+support the "branding kit" to add your own logo to software and remove Mikrotik from SNMP MIB... I'm cannot think of how adding a sticker be any issue. But if you're a distributor or retailer, you'd have to look at any contracts with Mikrotik on such things. Now... w...
by Amm0
Mon Nov 11, 2024 4:43 am
Forum: General
Topic: Mikrotik mobile app question [SOLVED]
Replies: 2
Views: 415

Re: Mikrotik mobile app question [SOLVED]

Can someone duplicate this error? Does it do the same on Android? Not wrong. I get same 0.0.0.0 and also that it still won't save the peer on iOS to RouterOS 7.17beta4. It seems the field does not know it's a ip-prefix type, since it should default should be 0.0.0.0/0, not just plain "0.0.0.0&...
by Amm0
Sun Nov 10, 2024 8:08 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 1087

Re: Configuring wireless on wAP R from zero

My commentary originally was "not much", then turned in a rather long list... To answer some "suggestions on the suggestions"... On "firmware" and/or RouterBOOT and/or BIOS – i.e. auto-update in /system/routerboard... - OP mentioned LTE... and my experience is that late...
by Amm0
Sun Nov 10, 2024 6:48 pm
Forum: General
Topic: ZeroTier Version Upgrade
Replies: 12
Views: 2172

Re: ZeroTier Version Upgrade

I find it hard to understand why MT doesn’t enable the interface for all standard ZeroTier options that are available on every other platform except ROS. Agreed. It's still in beta, one can hope. I'm less concern about the specific version that RouterOS uses unless there are security issues... it's...
by Amm0
Sun Nov 10, 2024 8:36 am
Forum: General
Topic: ZeroTier Version Upgrade
Replies: 12
Views: 2172

Re: ZeroTier Version Upgrade

We're on 7.16 and will be on 7.17 soon, yet the zerotier version is once again stuck on 1.10.3 Or, perhaps read the release notes for 7.17: *) zerotier - upgraded to version 1.14.0 Now since the config interface has not changed, RouterOS still supports only a sub-set of features. But certainly any ...
by Amm0
Sat Nov 09, 2024 9:55 pm
Forum: Beginner Basics
Topic: Configuring wireless on wAP R from zero
Replies: 15
Views: 1087

Re: Configuring wireless on wAP R from zero

Good question. IMO, the defaults in recent RouterOS are pretty good. And, it acts like any common home router by default. So you don't necessarily need to do very much. Here are some general pointers & most are just considerations, rather than "you MUST do this": 0. The most important ...
by Amm0
Sat Nov 09, 2024 12:31 am
Forum: General
Topic: letsencrypt on port 1115 RouterOS v7
Replies: 3
Views: 410

Re: letsencrypt on port 1115 RouterOS v7

Port should not matter. But you'd have install the routeros LE certificate directly on HA (by exporting the certificate and key from /certificate). A dst-nat rule alone does not add LE encryption, it just forward any TLS traffic.
by Amm0
Fri Nov 08, 2024 9:40 pm
Forum: Beginner Basics
Topic: Macvlan
Replies: 1
Views: 344

Re: Macvlan

I'm not 100% I understand. MACVLAN give the routers a 2nd MAC address on one RouterOS interface, but alone directly link a printer across VLANs. So I think you may be looking for this approach: https://forum.mikrotik.com/viewtopic.php?t=204025 And also you can use the new mDNS repeater feature if ne...
by Amm0
Fri Nov 08, 2024 8:55 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

Presumably this is part of what is driving the ideological position of device-mode: https://blog.ovhcloud.com/the-rise-of-packet-rate-attacks-when-core-routers-turn-evil/ And that part of the problem, we don't know what's driving the device-mode changes (i.e. the threat profile). Beyond platitudes ...
by Amm0
Fri Nov 08, 2024 3:22 am
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1257

Re: LtAP, Verizon, Quectel EC-25AF no worky

I'd make sure they know it crashed under 7.17beta - so not just missing RSSI, they should want to take a look at that. It's a bug if something causes a boot loop. I'm pretty the modem is providing RSSI via MBIM since it's requirement and it taking a minute to get to running... kinda does indicate so...
by Amm0
Thu Nov 07, 2024 11:18 pm
Forum: Wireless Networking
Topic: wAP ax?
Replies: 250
Views: 29789

Re: wAP ax?

So attention, for anyone who hasn't noticed, antennas don't scatter the signal 360 degrees, they scatter it 180 degrees! Chaos is the documentation for this device!!!!!! Clearly a poor cut-and-paste job on the specs page. And IDK why it's hard to for the web specs to match the PDF - the PDF often h...
by Amm0
Thu Nov 07, 2024 9:43 pm
Forum: Scripting
Topic: Bug Report: Incorrect Conversion of Numeric Strings to JSON in RouterOS
Replies: 5
Views: 1245

Re: Bug Report: Incorrect Conversion of Numeric Strings to JSON in RouterOS

Fortunately there appears to be "json.no-string-conversion" in the documentations for RouterOS for "serialize" - however my system is missing it. It would be helpful for communicating with JSON api where a string is expected regardless of if it happens to be a number. I'm runnin...
by Amm0
Thu Nov 07, 2024 7:14 pm
Forum: General
Topic: Feature requests
Replies: 1792
Views: 674082

Re: Feature requests

Please add support for the AmneziaWG protocol using standard tools without using Docker. Bypassing Internet censorship is very important and using it directly inside the router is a big advantage. The problem with adding features like AmneziaWG is its effectiveness is subject to change over time, a...
by Amm0
Thu Nov 07, 2024 5:58 pm
Forum: General
Topic: how to block youtube shorts?
Replies: 12
Views: 1265

Re: how to block youtube shorts?

For content filtering like something really granular like"YouTube shorts", you need to re-write the HTML to remove the section. That's more similar to an ad-blocker. So I'd think some browser extension might be easier (perhaps deployed via MDM solution to forced it on clients). Now this is...
by Amm0
Thu Nov 07, 2024 2:00 am
Forum: The Dude
Topic: Is it possible to create such code in Dude for device monitoring?
Replies: 2
Views: 451

Re: Is it possible to create such code in Dude for device monitoring?

To do math, you can use ros_command function, and provide RouterOS script since that can deal with bit operations. To display some kinda enum, that's tricker... theoretically one approach be use a probe, with a Function type, and use "units" for your text formatting. I wrote up using the D...
by Amm0
Wed Nov 06, 2024 7:58 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1203

Re: How to Read line by line from a file using a script?

It make sence to be 2-dimensional array (fields per lines)
Yeah I kinda abused it here for the more simple case (one field)... but it's more designed to import a CSV file.
by Amm0
Wed Nov 06, 2024 7:51 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1203

Re: How to Read line by line from a file using a script?

@optio has a good point. delimiter= is the "field separator", not the "record separator" (if I borrow awk's terms). The default "record separator" is a "newline" it seems.. So the delimiter does not matter if there only one "field" per row, so the de...
by Amm0
Wed Nov 06, 2024 4:39 am
Forum: Containers
Topic: How can I get veth1 to work?
Replies: 13
Views: 1273

Re: How can I get veth1 to work?

You are bridging VETH to your LAN. So the VETH IP address need to match the LAN. So the VETH need to be something like: /interface veth add address=10.10.20.201/24 gateway=10.10.20.254 gateway6="" name=veth1 Otherwise, if you want the container to be a separate IP subnet, then you do not w...
by Amm0
Wed Nov 06, 2024 3:07 am
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1203

Re: How to Read line by line from a file using a script?

Not wrong... See https://help.mikrotik.com/docs/spaces/ROS/pages/130220135/Address-lists If the timeout parameter is not specified, then the address will be saved to the list permanently on the disk. If a timeout is specified, the address will be stored on the RAM and will be removed after a system'...
by Amm0
Tue Nov 05, 2024 11:54 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1257

Re: LtAP, Verizon, Quectel EC-25AF no worky

Sorry about that, normally the beta do work... And I have 7.17 running on a couple wAPac, but no LtAPs....

You can use the serial port to see what's going on. And perhaps the backup boot loader help, dunno.

But doing a reset to defaults may be quicker.
by Amm0
Tue Nov 05, 2024 11:12 pm
Forum: General
Topic: VRRP with single public IP address
Replies: 1
Views: 290

Re: VRRP with single public IP address

At a high level, potentially yes. But you'd have use src-nat to the public IP and/or potentially other firewall nat/mangle things ... but really depends on what you're trying to do. Normally VRRP is the default gateway for a network on the LAN side, not WAN side.
by Amm0
Tue Nov 05, 2024 11:03 pm
Forum: Beginner Basics
Topic: Multiple MikroTik on Zerotier Network
Replies: 5
Views: 1022

Re: Multiple MikroTik on Zerotier Network

What I'm not sure of is the effect of "use-ip-firewall-for-vlan=yes" as that could add another dimension to ZT bridging. IDK but I've never tested that option with ZT.
by Amm0
Tue Nov 05, 2024 10:47 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1203

Re: How to Read line by line from a file using a script?

Ah, you might have needed a delimiter="\r\n" if the file was created on RouterOS since it uses windows line-endings.
by Amm0
Tue Nov 05, 2024 10:31 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1257

Re: LtAP, Verizon, Quectel EC-25AF no worky

've already got the logging enabled, so I'll get a fresh boot on T-Mobile and a couple minutes of logs and then submit, thanks. I'm also willing to try the next beta if you think it's worth it. It be worth a ticket. They may just need some ID specific for the EC-25AF, but only MT would know. There ...
by Amm0
Tue Nov 05, 2024 10:03 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

IDK, but does it work when you only have one IP and/or on interface? Sometimes having multiple interfaces with wine+winbox3 would cause MAC winbox not to work.
by Amm0
Tue Nov 05, 2024 9:48 pm
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1519

Re: TiVo => EoIP => TiVo ... fail

I guess one long-shot option MIGHT be use /tool/traffic-gen to generate the broadcast packets. Since you have the traces, that might not be so difficult to try. Where it work/help IDK.
by Amm0
Tue Nov 05, 2024 9:45 pm
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1519

Re: TiVo => EoIP => TiVo ... fail

Could latency be an issue, like their protocol requires very low delays so it works over physical LAN but not when tunneled over the Internet Yes, I am beginning to fear that they are explicitly checking for latency. The tunnel is over a site-to-site OpenVPN from two locations more than 1500km apar...
by Amm0
Tue Nov 05, 2024 9:32 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1257

Re: LtAP, Verizon, Quectel EC-25AF no worky

Actually, it looks like I might already be on the latest rev (EC25AFFAR07A14M4G) according to some posts from July. So maybe it's too new :) It should show "RSSI". If you can try T-Mobile again, that be worth a shot to know if it's a Verizon carrier firmware issue. You might want to open ...
by Amm0
Tue Nov 05, 2024 8:16 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1203

Re: How to Read line by line from a file using a script?

Your suggestion worked. However, the ip 0.0.0.0, which did not exist in the file, was added. There were no empty lines. The :deserialize is very new, so it may a bug in that actually. i.e. inserting an extra array element, that would unconverted to an IP type, which defaults to 0.0.0.0. Do you have...
by Amm0
Tue Nov 05, 2024 7:55 pm
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1257

Re: LtAP, Verizon, Quectel EC-25AF no worky

Additionally make sure RouterOS is at stable, and the /system/routerboard has been updated to latest firmware too. I had no idea that there was separate board firmware from ROS. I upgraded this and it seems to now work in MBIM mode without issue. Seems hard to believe, but ... does that seem legit?...
by Amm0
Tue Nov 05, 2024 5:48 pm
Forum: Beginner Basics
Topic: Why is there no decent security on FTP Server on MK?
Replies: 22
Views: 1102

Re: Why is there no decent security on FTP Server on MK?

RouterOS like to abstract Linux-things, so I'm not sure they want to bind "files" to some particular linux file system details like owner/group. And FTP follows the same policy system as rest of RouterOS. Also, I think you're presume a higher level of sophistication in policy / AAA elsewhe...
by Amm0
Tue Nov 05, 2024 7:45 am
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1257

Re: LtAP, Verizon, Quectel EC-25AF no worky

In V7, Mikrotik use MBIM with their Quectel models, so I suspect that be best. But if T-Mobile is working...I'm not thinking it's MBIM vs ECM. So yeah switch the LTE modem back to mode=auto may be best plan. Also try lowercase "vzwinternet" and disable "Use Network APN". You may ...
by Amm0
Tue Nov 05, 2024 5:52 am
Forum: Wireless Networking
Topic: LtAP, Verizon, Quectel EC-25AF no worky
Replies: 17
Views: 1257

Re: LtAP, Verizon, Quectel EC-25AF no worky

Verizon is strict on everything. The modules must be whitelisted by a device manufactured and go through Verizon-specific certification. Modules are certified too, but BOTH module and devices require certification. So this means, unless the module came from a previous Verizon device, you will not be...
by Amm0
Mon Nov 04, 2024 10:21 pm
Forum: Scripting
Topic: How to Read line by line from a file using a script?
Replies: 16
Views: 1203

Re: How to Read line by line from a file using a script?

[lost by accident - I meant reply not edit - but was just example script two post below now]
by Amm0
Mon Nov 04, 2024 8:16 pm
Forum: RouterBOARD hardware
Topic: 5G modem in ATL 18
Replies: 7
Views: 1068

Re: 5G modem in ATL 18

That same thread shows a photo of it. And more importantly the spec sheet on www.mikrotik.com shows "M.2 slot: 1".

But your modem likely has different connectors, so may need some jumper adapt a 5G modems's MHF4 connector the U.FL used by the ATL.
by Amm0
Mon Nov 04, 2024 6:16 pm
Forum: RouterBOARD hardware
Topic: 5G modem in ATL 18
Replies: 7
Views: 1068

Re: 5G modem in ATL 18

Also you might read this thread https://confusedbird.com/thread-310.html From the above... One issue I see in the ATL LTE18 brochure is that the antenna gain graphs all stop at 2.7GHz, so I am not sure how well it will perform in the 3.6GHz band. The LHG LTE18 dish antenna covers all the way to 3.8...
by Amm0
Mon Nov 04, 2024 5:59 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1514

Re: Connecting Two Remote Locations Without Public IP

It still be good to know the @Monty995 actual WAN situation. It could just be a terminology, like one side may have a dynamic public IP & in which case... adding DDNS would work for Wireguard. e.g. Folk are reading a lot of from the title, which may not be 100% what's going on. Now perhaps it 10...
by Amm0
Mon Nov 04, 2024 5:26 pm
Forum: Scripting
Topic: $PIANO - interactive "player piano" & studio-quality recorder using :beep
Replies: 15
Views: 3221

Re: $PIANO - interactive "player piano" & studio-quality recorder using :beep

* Just to be esoteric, the needed MQTT broker and midimonster linux exe actually both live a "multi-process" RouterOS /container, that use `make` as it's init to start BOTH nanomq and midimonster. And, Alpine Linux had no problem compiling midimonster inside the RouterOS container (since ...
by Amm0
Mon Nov 04, 2024 6:01 am
Forum: Scripting
Topic: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]
Replies: 9
Views: 2085

Re: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]

:local scanTime "30"

should be

:local scanTime 30s

near the top of the script
by Amm0
Mon Nov 04, 2024 2:02 am
Forum: Scripting
Topic: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]
Replies: 9
Views: 2085

Re: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]

192.168.0.37 F6:F5:AC:C6:61:E6 169ms 192.168.0.30 E8:F4:08:E8:52:51 I don't know what the issue is with 192.168.0.30 no time ms It could just be a timing issue (no pun), but the duration= is a hard cutoff, so it could be in the middle of getting the ARP from 192.168.0.30 when the duration= hits.
by Amm0
Mon Nov 04, 2024 1:56 am
Forum: Scripting
Topic: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]
Replies: 9
Views: 2085

Re: Script to obtain vendor info from MAC addresses when bridge is bridgeLocal [SOLVED]

Hmm, in a quick test it works on my test router using 7.17. It might be the /tool/fetch that does the MAC address lookup that's failing... since that requires policy and test permissions, so if /system/script didn't allow those that be one reason it fail. The on-error={} prevents errors from being s...
by Amm0
Mon Nov 04, 2024 1:41 am
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 760

Re: Mikrotik as Zerotier controller. How to add managed routes?

since 172.15.0.0/24 isn't private range
I didn't catch that, but yeah that ain't private. So ZeroTier's "allow-global=yes" would have been required ... to enable a bad config ... but why it didn't initially work.
by Amm0
Mon Nov 04, 2024 1:23 am
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

3) From the GUI, if you go into a wifi interface that is set up as PSK, and simply click "Apply", the passphrase will be corrupted and you'll have to go back and retype it. Under the hood it sets the passphrase to \E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2\E2\80\A2 no...
by Amm0
Mon Nov 04, 2024 1:02 am
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1312

Re: Support for external LTE antennas

IDK about the internals of the hAP-ax-lite, but if you're going to DIY there is also the newer L23 board (https://mikrotik.com/product/l23ugsr_5haxd2haxd boards be another option. You can then add a better LTE module than the hAPaxLite. Also, there are external antennas (especially 4x4 ones) that ar...
by Amm0
Sun Nov 03, 2024 8:31 pm
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1519

Re: TiVo => EoIP => TiVo ... fail

It may TiVo is looking for bridged/routed connections. One way be the packet's TTL, although I'm not sure TTL be changed since bridged... but if it's not use TTL = 65, you can "reset" the TTL on the far end using /ip/firewall/mangle. The Mikrotik LTE docs show the commands for T-Mobile, bu...
by Amm0
Sun Nov 03, 2024 7:05 pm
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 760

Re: Mikrotik as Zerotier controller. How to add managed routes?

Edit: What is interesting is, that 172.15.0.5:3000 works from all clients, but it's impossible to ping this adress from Mikrotik that is zerotier client if i disable route i manualy added in /ip route. It could be the default-route-distance= of ZeroTier instance (zt1) is 1, so depending on the dist...
by Amm0
Sun Nov 03, 2024 6:34 pm
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 760

Re: Mikrotik as Zerotier controller. How to add managed routes?

Just not sure about the auto-join using just the network id part of it.
FWIW, if you delete a /zerotier/controller, it does leave inactive /zerotier/controller/member's... so that why my Mac just joined/authorized, I think (still it was a different/new controller).
by Amm0
Sun Nov 03, 2024 6:07 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 167
Views: 51044

Re: Feature Request: IPSEC Improvements

This topic is open for 12 years, other similar topics maybe even longer.
Holy crap, 12 years just in this forum post.
And still no way to avoid using a dual-stack.
by Amm0
Sun Nov 03, 2024 5:21 pm
Forum: RouterBOARD hardware
Topic: Support for external LTE antennas
Replies: 11
Views: 1312

Re: Support for external LTE antennas

Yeah the LtAP, wAPac, and LtAP mini have some "drill-able" holes to install SMA bulkhead connectors. e.g. the wAPac can mount 4 SMAs on the bottom of the unit. So you can run a "pigtail" cable from the modem module inside to some drilled holes. And, Mikrotik does sell u.FL to SMA...
by Amm0
Sun Nov 03, 2024 2:21 pm
Forum: Beginner Basics
Topic: Mikrotik as Zerotier controller. How to add managed routes?
Replies: 7
Views: 760

Re: Mikrotik as Zerotier controller. How to add managed routes?

To replicate the same ZeroTier "pushed" routes as my.zerotier.com controller... there is routes= on the /zerotier/controller. The controller is CLI only, and MT's docs provide the format: routes Push routes in the following format: Routes ::= Route[,Routes] Route ::= Dst[@Gw] So you should...
by Amm0
Sun Nov 03, 2024 12:07 am
Forum: The Dude
Topic: Dude v6 - Backup locally
Replies: 5
Views: 15878

Re: Dude v6 - Backup locally

Here is quick hack to adapt the script for newer date format using in V7. I cannot vouch for the restore part, but this should work to keep same format as previous version. Basically the "Get date and time" part is replaced from above: { ### Backup Dude locally ### # Set root path for back...
by Amm0
Sat Nov 02, 2024 10:48 pm
Forum: Beginner Basics
Topic: Multiple MikroTik on Zerotier Network
Replies: 5
Views: 1022

Re: Multiple MikroTik on Zerotier Network

You got a few things going on there, but topology should work. I don't have an instant answer on what's wrong, but couple things to check: 1. On the ZeroTier Controller (my.zerotier.com), did you set "allow bridging" on the Mikrotik members? 2. zerotier1 is not a member of either LAN or WA...
by Amm0
Sat Nov 02, 2024 9:33 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1868

Re: Not enough permissions? [SOLVED]

Please don't only use username and password as credentials, please also use PKI. I wish that were possible. The problem is Winbox, Webfig, native API, and REST API all only support username/password. So unless you know how to make winbox use a cert, you're kinda screwed on RouterOS for PKI auth.
by Amm0
Sat Nov 02, 2024 6:26 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 2093

Re: Lets Encrypt

There is no UI to import certificates. Does this mean I do not need to copy those files manually? We're going OT on UDM... And never been a fan of UniFi. But I'm sure there is a better answer in their forums how to add an existing cert in the right location. I was suggesting what might be using the...
by Amm0
Sat Nov 02, 2024 6:14 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1868

Re: Not enough permissions? [SOLVED]

The main attack vectors been admin and no password & creating DoS. And using "admin" as username opens up common dictionary attack. But so would using same username/password combo that been compromised in some other attack be equally, or likely even worse. I just worry about the attack...
by Amm0
Sat Nov 02, 2024 3:59 pm
Forum: Beginner Basics
Topic: Not enough permissions? [SOLVED]
Replies: 17
Views: 1868

Re: Not enough permissions? [SOLVED]

If I wrote it here it would be public knowledge... Yeah I'm confused too. Totally get not using "admin", and deleting the account once a new "full" user had been added seems like a better plan. What am I missing? @rextended, if you think there some security issue here (i.e. wher...
by Amm0
Sat Nov 02, 2024 2:48 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 2093

Re: Lets Encrypt

My reading is the script uses /data/eus_certificates/unifi-os.crt /data/eus_certificates/unifi-os.key And based on the using specific names, @sindy is likely right, the .crt would actually contain the root certificate, intermediate certificates, and server's certificate - all in same file (appended ...
by Amm0
Sat Nov 02, 2024 3:49 am
Forum: Beginner Basics
Topic: Stuck on device to vlan assignment principles
Replies: 10
Views: 751

Re: Stuck on device to vlan assignment principles

TDW's route will lead to graying or loss of hair. This is the sort of scenario 802.1X was designed for. Well, the built-in User Manager will support 802.1X, and UM is not that complex to setup. You can then set the VLAN on user using a RADIUS attribute. The 802.1X does work between RouterOS, and ev...
by Amm0
Sat Nov 02, 2024 2:03 am
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 2093

Re: Lets Encrypt

It's random which one intermediate LE will use, per their specs. It possible to just install all the intermediate certificates for LE. Now I have no idea where on UDM. But if UDM supports SFTP... might be possible to use /tool/fetch mode=sftp upload=yes src-path=R1X.pem dst-path=/data/.../config/......
by Amm0
Sat Nov 02, 2024 1:18 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

Hi all, skins not working on winbox 4?
The lack of "skin" support is a "Known Issue" in @normis's original post.
by Amm0
Fri Nov 01, 2024 9:10 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

... or get a wider screen. Well, not wrong that you need a wide-screen. IMO is a kinda of a problem since not everyone uses Winbox from a desktop with multiple displays. My problem is I often I have two Winbox open, use a laptop, and don't have multiple screens available very often. Specific to Mac...
by Amm0
Fri Nov 01, 2024 7:41 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 2093

Re: Lets Encrypt

Of great -- another new obstacle...errr...opportunity to learn. This is the URL of UDM. Screenshot 2024-11-01 130539.png The "Details" will show you the certificate it thinks is unsafe. And the message is due the certificates YOUR computer is lacking the "root" certificate autho...
by Amm0
Fri Nov 01, 2024 7:33 pm
Forum: Announcements
Topic: v7.17beta [testing] is released!
Replies: 773
Views: 157441

Re: v7.17beta [testing] is released!

Well, I just looked at the webfig. Does look nice, & like the collapsing of the left-side. But this one affects us. *) webfig - status page is deprecated, old status page config will work, but can't be updated or created; The webfig "status page" was the only way to create some custome...
by Amm0
Fri Nov 01, 2024 6:16 pm
Forum: General
Topic: Lets Encrypt
Replies: 40
Views: 2093

Re: Lets Encrypt

The whole business of dealing LE renewals should have long been solved, without scripting porting 80.... Anyway... No, currently only port 80 is used to renew the certificate. This endeavor started because I couldn't access my UDM without SSL certificate errors. Am I close? What you do mean by "...
by Amm0
Fri Nov 01, 2024 5:36 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1514

Re: Connecting Two Remote Locations Without Public IP

It is really the "without public IP" that makes any VPN solution complex, which be true of any router. If one side does have a public IP, now Wireguard (or IPSec) option be possible. This part be good to clarify: does ONE side of the purposed VPN get a public IP? Otherwise, if BOTH side ar...
by Amm0
Fri Nov 01, 2024 11:57 am
Forum: The Dude
Topic: Teltonika SMS gateway for notifikations
Replies: 3
Views: 522

Re: Teltonika SMS gateway for notifikations

The URL needs to use "urlencoding", which means things like space need to be escaped for HTTP. So your "....text=The Dude is happy again" part is likely the problem. In recent V7, you can use :convert to do the encoding. /tool fetch url="http://IP/cgi-bin/sms_send?username=u...
by Amm0
Fri Nov 01, 2024 1:55 am
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1514

Re: Connecting Two Remote Locations Without Public IP

IKEv2 is a bit more complex to setup… A bit? Hah! More like 3-10× more complicated, depending. Let's see: What'd I miss? LOL. I'll give 2× more complicated. You can use a PSK and avoid the certs. My comment was based an old hEX, that can offload IPSec encryption, but that is IPSec singular benefit....
by Amm0
Thu Oct 31, 2024 11:17 pm
Forum: Beginner Basics
Topic: Connecting Two Remote Locations Without Public IP
Replies: 20
Views: 1514

Re: Connecting Two Remote Locations Without Public IP

I'm guessing likely be better off with IPSec using IKEv2 on the older hEX, since IPSec will use hardware encryption. i.e. WireGuard will not be hardware offloaded, so might be slower. Although IKEv2 is a bit more complex to setup than ZeroTier or even WG. One side does need to be enabled with respon...
by Amm0
Thu Oct 31, 2024 3:19 am
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1519

Re: TiVo => EoIP => TiVo ... fail

I only have WireShark on one end, so I can't see what is going on at the other end of the EoIP tunnel. This is my first MikroTik project, so I haven't yet figured out how to use Torch ... Q: Can I use Torch to see what is going on in my remote NE location? Sure, you'd do it on the EoIP interface. I...
by Amm0
Thu Oct 31, 2024 1:01 am
Forum: General
Topic: TiVo => EoIP => TiVo ... fail
Replies: 15
Views: 1519

Re: TiVo => EoIP => TiVo ... fail

The easiest thing to try is change MTU on the EoIP interface. If it's not 1500, that be worth a try. Now that will cause fragmentation over the VPN, but TiVo UDP packets may be too big to fit when a compressed MTU. You may also want to make sure "Don't Fragment" is unchecked (i.e. allow fr...
by Amm0
Wed Oct 30, 2024 9:47 pm
Forum: General
Topic: DUAL WAN into one connection use
Replies: 10
Views: 697

Re: DUAL WAN into one connection use

And this why @anav is suggesting load balancing, since that is something you can do with one router and two ISP. This is theoretically possible, but with a lot of "ifs" and "provided thats". One of the "ifs" be is the 200Mb connections are via PPPoE, because "provi...
by Amm0
Tue Oct 29, 2024 8:25 pm
Forum: General
Topic: TR069 and show-sensitive
Replies: 1
Views: 292

Re: TR069 and show-sensitive

A few years ago, I created an application to manage our mikrotik devices. It generates a configuration file for each router, based on how the router is modeled in the application, and uses TR069 to get the configuration on the routers themself. After the configuration is pushed to the routers, it a...
by Amm0
Tue Oct 29, 2024 5:11 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1588
Views: 393868

Re: 📣 WinBox 4 is here 📣

Could you please elaborate? Why isn't it easy to use? You can click on "Usage" and it will sort by usage. In fairness, it is same as winbox3 which seems to be initial goal. But it ain't a great dialog box for quickly figuring out a channel to use. i.e. - usage should align on the ".&...
by Amm0
Tue Oct 29, 2024 2:29 pm
Forum: General
Topic: mAP lite - how can I tunnel a VLAN over WiFi? [SOLVED]
Replies: 2
Views: 433

Re: mAP lite - how can I tunnel a VLAN over WiFi? [SOLVED]

Both VXLAN and EoIP approaches are covered here:
viewtopic.php?t=180369&hilit=wifiwave2
by Amm0
Mon Oct 28, 2024 11:08 pm
Forum: Scripting
Topic: Polling?
Replies: 12
Views: 896

Re: Polling?

I should have been clearer, in all likelihood using the "monitor once" in a scheduler is a better plan. I was more explaining how it works when NOT using "once"... generally speaking ;). Jokes aside, I don't have any UPS directly connected to a RouterBOARD otherwise I would have ...
by Amm0
Mon Oct 28, 2024 10:51 pm
Forum: Containers
Topic: Container "Traefik" (on RB5009)
Replies: 11
Views: 11681

Re: Container "Traefik" (on RB5009)

I don't know if this helps anyone, but I got Traefik to work on an RB1100 (which is actually ARM32) using this image: https://hub.docker.com/_/traefik I have to try this. Thanks Amm0 Yeah it works on RB1100AHx4 and RB5009 for sure. I use it for CORS and automatically renewing LE certs. I should cre...
by Amm0
Mon Oct 28, 2024 7:07 am
Forum: The Dude
Topic: Did I wipe out my Dude database?
Replies: 2
Views: 510

Re: Did I wipe out my Dude database?

Did you look at Files in winbox, and see a dude.db someplace. If so, you're be in luck... And, one simple possibility is the "disk name", or RouterOS, slot= changed in the upgrade. For example, from disk1/ to sata1/. And the upgrade does not change the dude directory, so it's may be lookin...
by Amm0
Mon Oct 28, 2024 2:11 am
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 708

Re: EMULATING peplink BONDING with RoS

Load balancing is more effective using all available bandwidth and easier/less complex & straightforward on RouterOS — that's why I pitch it ;)... But your right failover is going to be noticeable since it's connection-based. And "hitless failure" and magic bonding is what Peplink pitc...
by Amm0
Sun Oct 27, 2024 8:08 pm
Forum: Scripting
Topic: Polling?
Replies: 12
Views: 896

Re: Polling?

Remove the "once" and it becomes a ":while (true)" loop, so it will run forever. There is an interval= that control how often the do={} code is run, i.e. 1s or 1m or 1h etc.... You can also make only run for a fixed period like duration=1m. This is useful like in a /system/schedu...
by Amm0
Sun Oct 27, 2024 7:29 pm
Forum: General
Topic: EMULATING peplink BONDING with RoS
Replies: 3
Views: 708

Re: EMULATING peplink BONDING with RoS

The answer I'd like to give is use /zerotier multipath settings to do your desired bonding : https://docs.zerotier.com/multipath/ Sadly that is NOT an option . Since I occasionally use the peplink things... I kinda know how the peplink generally work... Also note there are additional recurring costs...
by Amm0
Sun Oct 27, 2024 4:42 pm
Forum: General
Topic: VXLAN inside Wireguard MTU [SOLVED]
Replies: 3
Views: 544

Re: VXLAN inside Wireguard MTU [SOLVED]

The math is right. Generally MTU being right is a good thing. TCP things adjust themselves, so MTU being right is actually helpful. One side note as MTU get lower from tunnels-in-tunnels... sometimes that effects dumber UDP protocols. For example (& before it get device-lock'ed), if you run a /t...
by Amm0
Fri Oct 25, 2024 10:21 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 53
Views: 27260

Re: [Script] Automatically change DNS if Pi-hole is no longer working

I'll answer myself. It turns out that RouterOS has such a wonderful thing as Netwatch! With it, you can set up host availability monitoring of almost any complexity! Yup, also in 7.16 there is a direct netwatch for type=dns — which make this even simpler: :global primary 172.17.0.2 :global backup 9...
by Amm0
Fri Oct 25, 2024 9:45 pm
Forum: Scripting
Topic: Appending file within foreach
Replies: 10
Views: 636

Re: Appending file within foreach

I find that if I blindly copy then I am not using my brain, but if I use my brain then I am ignoring the experts -- ugh. Fair enough. Again, it's about the variable types... And specifically the array type, since those are a bit complex. @rextended makes a point the unneeded parenthesis ( ) can get...
by Amm0
Fri Oct 25, 2024 7:57 pm
Forum: Announcements
Topic: Newsletter #121 | October 2024
Replies: 54
Views: 8330

Re: Newsletter #121 | October 2024

Block Diagram is available Another strange PoE choice: the PoE-in port is off the switch, a sensible choice for a router-class device, but we then have to ask which ISP modems provide PoE input power? Stretching for a use case, You can use an always use PoE injector between ISP and ether1. i.e. if ...
by Amm0
Fri Oct 25, 2024 7:13 pm
Forum: Scripting
Topic: Appending file within foreach
Replies: 10
Views: 636

Re: Appending file within foreach

I don't understand the notion of persistent in file. Didn't mean to be confusing, perhaps "saved to a file" be clear. I just meant that your variables you [:serialize to=json] to file, come back as the same str/num/time/array type when you [:deserialize from=json] from same JSON file. And...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 16