Community discussions

MikroTik App

Search found 1414 matches

by mducharme
Wed Jul 28, 2021 1:48 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 62
Views: 5995

Re: MikroTik RB5009UG+S+IN

No, in my case it is a RouterOS 7.1 beta6 bug. I do not have this issue with any version other than RouterOS 7.1 beta6, and MikroTik has said they have found the problem and reproduced it and it will be fixed in beta 7.
by mducharme
Tue Jul 27, 2021 9:10 pm
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 62
Views: 5995

Re: MikroTik RB5009UG+S+IN

I am running 7.1beta6 on my 4011. The only issues that I have are that I cannot reboot (it kernel panics on reboot and I have to pull the power), I have to disable and re-enable IPv6 every boot-up, and there is a slow memory leak that causes it to crash every 5 weeks or so. Other than those three th...
by mducharme
Mon Jul 26, 2021 7:01 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 62
Views: 5995

Re: MikroTik RB5009UG+S+IN

But probably it's old 4011 numbers that were always untrue, not the new 5009 ones. I suspect that the 5009 results could actually be underestimated. Assuming those switch chips are capable of not only bridge VLAN filtering, but layer 3 hardware offloading like CRS3xx model switches, it could be pos...
by mducharme
Mon Jul 26, 2021 6:54 am
Forum: RouterBOARD hardware
Topic: Hardware recommendation for Internet gateway
Replies: 4
Views: 190

Re: Hardware recommendation for Internet gateway

Hi, In general you should look at the "Test results" tab on a MikroTik product page, specifically looking for the Routing, 25 IP filter rules, 512 byte Mbps result. This will provide a good ballpark as to the routing throughput for the device in an average scenario - I say average scenario...
by mducharme
Fri Jul 23, 2021 4:57 am
Forum: Beginner Basics
Topic: VLANS & Management VLAN
Replies: 25
Views: 1325

Re: VLANS & Management VLAN

I think anav did not clearly communicate what he (probably) meant: The CRS112 does not have hardware support for bridge VLAN filtering, and the CPU in that device is quite weak, so using bridge VLAN filtering on it is not really practical, and you are best off setting up VLANs using the CRS1xx/2xx s...
by mducharme
Fri Jul 23, 2021 3:50 am
Forum: RouterBOARD hardware
Topic: MikroTik RB5009UG+S+IN
Replies: 62
Views: 5995

Re: MikroTik RB5009UG+S+IN

Probably having a second 10G SFP+ interface would make the unit too wide in order to be able to put two side by side in a rack, like it is designed. They would have to remove one of the copper ports, which means you would be using only 7 ports on an 8 port switch chip. It is understandable in this s...
by mducharme
Thu Jul 22, 2021 11:12 pm
Forum: RouterOS v7 BETA
Topic: Configuration resets after reboot due to routing-mark settings (v7.1 beta5 & beta6
Replies: 3
Views: 362

Re: Configuration resets after reboot due to routing-mark settings (v7.1 beta5 & beta6

Did you create the new routing table named "TEST" before using that to mark-routing?
by mducharme
Wed Jul 21, 2021 10:11 am
Forum: RouterOS v7 BETA
Topic: Wireguard on wAP AC
Replies: 6
Views: 538

Re: Wireguard on wAP AC

Wireguard doesn't traditionally have hardware acceleration anyway, but is still known for being very efficient and fast regardless.
by mducharme
Fri Jul 16, 2021 12:18 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

They had changed the syntax of the route filters already once because a lot of people were complaining about the new syntax and it became a big point of contention, but people did not like the new syntax either. As a result, they are re-conceptualizing the routing filters syntax yet again with this ...
by mducharme
Thu Jul 15, 2021 7:31 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 487

Re: Virtual interfaces for 60GHz

They could, that's why I would use a firewall on the devices. As far as I am aware the type of attack you bring up is entirely possible, if the device is not secured properly.
by mducharme
Thu Jul 15, 2021 5:56 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 487

Re: Virtual interfaces for 60GHz

Yes, that's probably possible. But why would you keep changing the MAC on the station side to begin with? Presumably you control both sides?
by mducharme
Thu Jul 15, 2021 5:37 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 487

Re: Virtual interfaces for 60GHz

Is this really true? If so, then what stops someone from making a script that changes the identity of some station and cramming the AP with a long list of dummy interfaces?
I'm afraid I don't understand your question. Can you clarify?
by mducharme
Thu Jul 15, 2021 5:25 am
Forum: Wireless Networking
Topic: Virtual interfaces for 60GHz
Replies: 8
Views: 487

Re: Virtual interfaces for 60GHz

The station interfaces are only created after connect, but they are not dynamic, so they will stay there even if the far end goes down.
by mducharme
Wed Jul 14, 2021 2:55 am
Forum: RouterOS v7 BETA
Topic: Routing speeds on v7 RB4011
Replies: 11
Views: 1369

Re: Routing speeds on v7 RB4011

Yes. If you are able to use Fasttrack for a large portion of traffic, or have fewer rules by accepting certain traffic between VLANs early, you can squeeze a bit more out of it theoretically (maybe another 1 or 2 Gbps), but I think 2.5Gbps is probably a good estimate for that device.
by mducharme
Wed Jul 14, 2021 1:35 am
Forum: RouterOS v7 BETA
Topic: Routing speeds on v7 RB4011
Replies: 11
Views: 1369

Re: Routing speeds on v7 RB4011

I know this is probably how long is a piece of string question, but just wanted to get a rough idea. Usually for a rule of thumb I go to the "Test results" tab for the device's MikroTik product page and check the result for 512 byte packets Mbps with 25 ip filter rules. This generally sho...
by mducharme
Tue Jul 13, 2021 6:42 am
Forum: RouterOS v7 BETA
Topic: IPv6 forwarding not working in 7.1beta6
Replies: 13
Views: 1760

Re: IPv6 forwarding not working in 7.1beta6

The issues that I have with the RB4011 and IPv6 are to do with missing link-local addresses. When the router first boots, I get link-local IPv6 addresses for some interfaces, but not the bridge. Without this, the hosts on the bridge cannot get connectivity to the Internet. Disabling IPv6 through IPv...
by mducharme
Mon Jul 12, 2021 8:17 pm
Forum: General
Topic: CCR2004-1G-12S+2XS SFP+ Upload issues
Replies: 14
Views: 947

Re: CCR2004-1G-12S+2XS SFP+ Upload issues

But it also doesn't explain the issue where with the switch, it works perfectly fine? The link to the modem is the same in that case but somehow it isn't affected by the issue?
The SFP+ module could be autonegotiating correctly to 1Gbps in the switch but not the router.
by mducharme
Mon Jul 12, 2021 10:30 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

It's July and we're due for beta7. I have no "insider information", but I personally suspect beta7 might take a bit longer rather than the usual two month window between releases, if only due to the fact that they have been redesigning and re-implementing the route filter system from the ...
by mducharme
Mon Jul 12, 2021 6:05 am
Forum: General
Topic: CCR2004-1G-12S+2XS SFP+ Upload issues
Replies: 14
Views: 947

Re: CCR2004-1G-12S+2XS SFP+ Upload issues

Though it doesn't seem like anything weird is going on there? Nothing weird going on there? Your module is SFP+ but it should be negotiating to 1Gbps if that is all that your modem supports. I haven't had experience with this module to understand how it shows the auto negotiation for lower speeds p...
by mducharme
Sun Jul 11, 2021 5:30 am
Forum: General
Topic: CCR2004-1G-12S+2XS SFP+ Upload issues
Replies: 14
Views: 947

Re: CCR2004-1G-12S+2XS SFP+ Upload issues

The link to the modem is 1gbit.
Can you show the "Status" tab for the sfp-sfpplus port that goes to the modem/ONT?
by mducharme
Sat Jul 10, 2021 7:08 am
Forum: Wireless Networking
Topic: Deploy MikroTik 5Ghz Wireless PTMTP instead of Fiber Optic FTTH Solution
Replies: 2
Views: 379

Re: Deploy MikroTik 5Ghz Wireless PTMTP instead of Fiber Optic FTTH Solution

FTTH is much more expensive, but not much can go wrong with it other than somebody digging in the wrong place or equipment failures. 5GHz wireless is much slower, and has so much interference from home routers that it may not be feasible to deliver 5GHz service unless you control all of the customer...
by mducharme
Thu Jul 08, 2021 11:45 pm
Forum: General
Topic: VLAN Translation
Replies: 3
Views: 398

Re: VLAN Translation

I need to set up VLAN translation, VLAN 1 included from Cisco switch. SwOS has fewer features than RouterOS so probably SwOS won't help you. You can try doing some things in the "Rule" tab of the "Switch" menu. I know that can be used to change a VLAN tag so it might be possible...
by mducharme
Wed Jul 07, 2021 7:38 pm
Forum: RouterOS v7 BETA
Topic: Wireguard - Unable to access computers on different LAN
Replies: 5
Views: 1658

Re: Wireguard - Unable to access computers on different LAN

but when a second Peers is created, the first Peers no longer works. This is because Wireguard uses the allowed-addresses to determine which peer the packet should be sent to. If the address you are pinging is in the allowed-addresses range for peer 1, it sends it to peer 1. If it is in the allowed...
by mducharme
Tue Jul 06, 2021 12:03 am
Forum: General
Topic: SFP+ Cable between RB4011 and Edgeswitch?
Replies: 2
Views: 348

Re: SFP+ Cable between RB4011 and Edgeswitch?

RB4011 will not work with a DAC, according to specs...use an AOC instead.
The RB4011 was listed as incompatible with the old MikroTik DACs that have been discontinued. It is however listed as compatible with the new XS+DA0001.
by mducharme
Mon Jul 05, 2021 3:33 am
Forum: RouterOS v7 BETA
Topic: NTP Client is borked
Replies: 6
Views: 661

Re: NTP Client is borked

I found that the NTP client can only be configured properly from the CLI. Certain things like using DNS names for NTP server addresses do not work in the GUI. Configure it through the CLI instead and see if there is still a problem. These are the settings I use (a verbose export): /system ntp client...
by mducharme
Mon Jul 05, 2021 3:30 am
Forum: RouterOS v7 BETA
Topic: [Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture
Replies: 3
Views: 528

Re: [Feature Request] Limit the possibility of upgrading a device with the image for the wrong architecture

I haven't tried this on ROS 7, but at least on ROS 6 if you upload the wrong architecture and reboot it will fail to upgrade and indicate that the package is the wrong architecture. So I think this check is already supposed to be in place. If it got by somehow, perhaps there is a bug.
by mducharme
Mon Jul 05, 2021 2:27 am
Forum: RouterOS v7 BETA
Topic: SDWAN using Zerotier
Replies: 37
Views: 14653

Re: SDWAN using Zerotier

Thanks for the clarification/correction. I set up Zerotier once, and read about the multipath support but must have misunderstood.
by mducharme
Mon Jul 05, 2021 12:33 am
Forum: RouterOS v7 BETA
Topic: SDWAN using Zerotier
Replies: 37
Views: 14653

Re: SDWAN using Zerotier

Also, maybe I'm not up to the speed but what problem ZT solves which WG+OSPF doesn't? Zerotier builds a full mesh and uses the lowest latency path between any two nodes. If there is any loss (indicating congestion) it shifts that traffic to a backup path automatically. You can build a full mesh wit...
by mducharme
Sun Jul 04, 2021 10:35 pm
Forum: Wireless Networking
Topic: WPA3 in September?
Replies: 8
Views: 876

Re: WPA3 in September?

Good to know, thanks. As far as I can see, RouterOS v7 is in beta, though. So maybe then the question should rather be, will RouterOS v7 be stable in September? Probably not. My own guess at the rate they have been going would be around mid-2022. However, they are supposedly stabilizing individual ...
by mducharme
Sun Jul 04, 2021 10:16 pm
Forum: Wireless Networking
Topic: WPA3 in September?
Replies: 8
Views: 876

Re: WPA3 in September?

Hi, will RouterOS support WPA3 in September? That's probably when Apple will release iOS 15 with WPA3 support. So I'm gonna need it by then I assume.
It already does, in RouterOS v7.
by mducharme
Sun Jul 04, 2021 8:50 am
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 54
Views: 14456

Re: Newsletter June 2021 (#100)

All of this 6GHz talk probably fits better as RouterOS v7-specific topics. RouterOS v7 already has the wifiwave2 package, which uses the manufacturer drivers (instead of MikroTik's own) and already seemingly supports WiFi 6 - the mode setting is there and the drivers are there. It is very possible t...
by mducharme
Sun Jul 04, 2021 12:37 am
Forum: Wireless Networking
Topic: CAPsMAN VLAN Issue [SOLVED]
Replies: 2
Views: 549

Re: CAPsMAN VLAN Issue [SOLVED]

Is this guide wrong or did something change since it was written?
On CAP devices there is generally no need for bridge vlan filtering. Disable bridge vlan filtering and delete the VLANs from bridge->VLANs tab, then all of the VLANs you have created will just work without needing configuration.
by mducharme
Fri Jul 02, 2021 8:46 am
Forum: Announcements
Topic: SwOS Lite version 2.13 released!
Replies: 38
Views: 16781

Re: SwOS Lite version 2.13 released!

I think this topic probably should have been closed since 2.14 is out now?
by mducharme
Fri Jul 02, 2021 4:43 am
Forum: Beginner Basics
Topic: Tunneling VLAN traffic over Wireguard
Replies: 18
Views: 1180

Re: Tunneling VLAN traffic over Wireguard

You are missing allowed-addresses it looks like, and possibly other things are wrong.

Have a look at this thread, it may be helpful: viewtopic.php?f=23&p=865133
by mducharme
Fri Jul 02, 2021 4:36 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

Anyone care to comment if that means the 7.1 beta might well be "stable" enough for me with my RB4001, CRS328 and 4x cAP AC? I wouldn't recommend it yet for most people, unless you are an enthusiast. I am running it at home on my RB4011 and audience and hap AC with no major issues. There ...
by mducharme
Thu Jul 01, 2021 12:15 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

/ip/firewall/mangle/export doesn't work correctly for mark-routing action.
Did you add the routing table named "via-gw" first? It doesn't let you mark-routing for a routing mark unless that mark matches the name of a routing table defined on the router in v7.
by mducharme
Mon Jun 28, 2021 5:28 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

@nannou9 called attention to this problem:

Wireguard tunnels are selectable in the bridge->ports list. They should probably not appear there as they are layer-3-only tunnels like GRE, and I see that GRE interfaces do not appear in the bridge->ports list.
by mducharme
Mon Jun 28, 2021 3:19 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

but instead added WG interface to my bridge and client is using IP from my main home network subnet. Wireguard is a layer 3 tunnel, not layer 2, so it will not work adding it as a bridge port like that. MikroTik should not even allow adding layer-3-only interface types to a bridge, and they do not ...
by mducharme
Wed Jun 23, 2021 3:07 am
Forum: RouterOS v7 BETA
Topic: WireGuard: Response packets not routed
Replies: 5
Views: 853

Re: WireGuard: Response packets not routed

/ip address
add address=10.0.0.0/24 interface=localnet network=10.0.0.0
I'm not sure if this is the cause of your problem, but 10.0.0.0/24 is not a valid address given that subnet mask. You should use something that doesn't end in .255 or .0 for a /24.
by mducharme
Tue Jun 22, 2021 12:03 am
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 1250

Re: Debugging EoIP tunnel

I tried to leave local IP field empty and set IPsec password at the same time, but this way tunnel doesn't get ready.
You can probably write a script to handle the changes for the tunnel automatically in event of an IP change.
by mducharme
Mon Jun 21, 2021 5:49 am
Forum: General
Topic: VLAN can't access internet, router, or local LAN
Replies: 13
Views: 601

Re: VLAN can't access internet, router, or local LAN

:( when you waste too many hours because you fat fingered something. Thanks for spotting that. That, naturally, fixed it. No problem. It is actually quite a common issue, even for people who are used to MikroTik. The issue is that so many other routers have a separate netmask setting that in the IP...
by mducharme
Mon Jun 21, 2021 4:53 am
Forum: General
Topic: VLAN can't access internet, router, or local LAN
Replies: 13
Views: 601

Re: VLAN can't access internet, router, or local LAN

add address=192.168.90.1 interface=alexa network=192.168.90.1 This is incorrect - by not specifying /24, it uses the default of /32 which is a subnet of one IP (i.e. netmask 255.255.255.255). So you have given the router an IP on this VLAN, with a subnet mask that is only large enough to accommodat...
by mducharme
Mon Jun 21, 2021 4:03 am
Forum: General
Topic: VLAN can't access internet, router, or local LAN
Replies: 13
Views: 601

Re: VLAN can't access internet, router, or local LAN

You got it, This looks like almost everything except your bridge definition. i.e. the line that actually creates your bridge "bridge" is missing. Maybe you deleted it because it has the admin mac, if the admin mac didn't get hidden, but I would need to see that too, with the exception of ...
by mducharme
Mon Jun 21, 2021 1:50 am
Forum: General
Topic: VLAN can't access internet, router, or local LAN
Replies: 13
Views: 601

Re: VLAN can't access internet, router, or local LAN

Simplification is good. I reverted to the default list you recommended. Unfortunately, there was no change with the issue. VLAN clients can access (ping) each other, but not the router itself, nor the internet, nor the other network. the router cannot access the clients either. So, perhaps there is...
by mducharme
Mon Jun 21, 2021 12:57 am
Forum: General
Topic: VLAN can't access internet, router, or local LAN
Replies: 13
Views: 601

Re: VLAN can't access internet, router, or local LAN

This makes it looks like they are added. Yes, that is fine then. I see that you added an extra rule that doesn't need to be there: chain=input action=drop log=yes log-prefix="" You are already dropping everything not coming in from LAN, so that drop rule can result in dropping things that...
by mducharme
Mon Jun 21, 2021 12:27 am
Forum: General
Topic: VLAN can't access internet, router, or local LAN
Replies: 13
Views: 601

Re: VLAN can't access internet, router, or local LAN

I've been goofing around for the firewall for sometime, and even with logging enabled I'm not getting any hints as to what the issue is. Since the VLAN was added to the bridge, both interface are on the address list "LAN" Adding "bridge" to an interface list does not also add an...
by mducharme
Sun Jun 20, 2021 10:47 pm
Forum: General
Topic: Trying to add a wireless VLAN (CAPsMAN)
Replies: 2
Views: 251

Re: Trying to add a wireless VLAN (CAPsMAN)

The SSID shows up, and I can connect to it. However, no IP address is assigned from DHCP. So, I must be missing a configuration, or an option somewhere. You don't only need an ip pool - you also need a DHCP server and DHCP network for DHCP to work. Under IP->DHCP server, there is a DHCP Setup butto...
by mducharme
Sun Jun 20, 2021 9:45 pm
Forum: RouterOS v7 BETA
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 1283

Re: OSPF distribute-default option is missing [SOLVED]

There's no option for redistribute=static or even redistribution at all on v7beta6. Do you have a screenshot of the setting? It is at the CLI only, not though the GUI: [admin@Michael-RB4011] /routing/ospf/instance> print Flags: X - disabled, I - inactive 0 name="OSPFv2" version=2 vrf=main...
by mducharme
Sun Jun 20, 2021 6:42 am
Forum: RouterOS v7 BETA
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 1283

Re: OSPF distribute-default option is missing [SOLVED]

They did away with the default route as part of the instance configuration. From the help docs: All route distribution control is now done purely with routing filter select, no more redistribution knobs in the instance. This gives greater flexibility on what routes from which protocols you want to ...
by mducharme
Sun Jun 20, 2021 6:07 am
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 25
Views: 1408

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

Yes, the "configure script" with Netinstall is the way to accomplish this. Also, if you wish, you can remotely upgrade this configure script using TR069, in case you want to make changes to your defaults and avoid having to Netinstall the device over again. You can probably even use TR069 ...
by mducharme
Sat Jun 19, 2021 9:02 pm
Forum: RouterOS v7 BETA
Topic: OSPF distribute-default option is missing [SOLVED]
Replies: 8
Views: 1283

Re: OSPF distribute-default option is missing [SOLVED]

Yet another problem with v7 OSPF! I can't find a distribute-default setting anywhere for creating a default OSPF route. I need this for a network I want to build, but since it's not available in v7 yet, I'm out of luck. Will it ever be added again? No, but it is currently possible to redistribute t...
by mducharme
Sat Jun 19, 2021 4:02 am
Forum: Forwarding Protocols
Topic: Use OSPF with /32 subnets
Replies: 5
Views: 721

Re: Use OSPF with /32 subnets

I'm going to try this, but why does it work this way? Also, is the R1's network supposed to be 10.20.0.2? Sorry, it was a typo, I have fixed it above. The only reason the network setting is provided in the first place is because, in the case of /32's, you use the network setting to specify the IP o...
by mducharme
Sat Jun 19, 2021 3:24 am
Forum: Forwarding Protocols
Topic: Use OSPF with /32 subnets
Replies: 5
Views: 721

Re: Use OSPF with /32 subnets

I already selected the PtP network type, but it didn't work. I also set up loopback interfaces and added them to the interface templates. For some reason, I can't ping the other routers with /32 addresses even though all that connects them is a simple ethernet cable, and there's no firewall rules a...
by mducharme
Sat Jun 19, 2021 2:37 am
Forum: Forwarding Protocols
Topic: Use OSPF with /32 subnets
Replies: 5
Views: 721

Re: Use OSPF with /32 subnets

Is there a way to get OSPF working with Mikrotik routers that have /32 addresses? Yes, it should be working. At least, these /32's work fine with OSPF over PPP tunnels. First, I would ask if you can ping the other router on its /32 address? You need for that to be working before OSPF will work. OSP...
by mducharme
Fri Jun 18, 2021 9:44 pm
Forum: General
Topic: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..
Replies: 25
Views: 1408

Re: My ISP ( WiLogic ) uses MikroTik Routers and without a doubt..

And then we want to give a service that works, 99% of the time that someone who is not in the trade (or works at other WISPs) gets their hands on it, messes up, disconnects from the network, you have to go and fix it, and then complains that the service is not working. We have a different way of so...
by mducharme
Wed Jun 16, 2021 10:09 pm
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 1250

Re: Debugging EoIP tunnel

I tried to remove IPsec secret from the EoIP interface (both side, of course) but the EoIP tunnel got disconnected and remained disconnected after 1-2 minutes too. I think I should not change my firewall rules just because of this change because GRE is also needed for IPsec. You don't have to chang...
by mducharme
Tue Jun 15, 2021 1:09 am
Forum: Forwarding Protocols
Topic: Debugging EoIP tunnel
Replies: 12
Views: 1250

Re: Debugging EoIP tunnel

Both after removing sensitive data.
Have you tried EoIP without encryption, and/or IPsec by itself without EoIP, for comparison purposes?
by mducharme
Sat Jun 12, 2021 8:56 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

Is MLAG planned to work with MSTP in the future? Or will it only work with STP/RSTP?
by mducharme
Thu Jun 10, 2021 5:02 pm
Forum: Wireless Networking
Topic: HAP AC2 WIFI connection jittery/lagging Oculus Quest 2 Airlink
Replies: 6
Views: 1177

Re: HAP AC2 WIFI connection jittery/lagging Oculus Quest 2 Airlink

Issue appears to be your wireless configuration...
change distance=indoors
to
distance=any
I think here you meant to say change installation=indoor to installation=any, not distance=any. distance=indoors is ok for that setting and is the default.
by mducharme
Tue Jun 08, 2021 6:43 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

Guaranteed the problem is routing LOL, Its not that difficult to put in the wireguard settings, although the tricky part is putting in 0.0.0.0/0 at the client site, peer entry for allowed IPs and to put in the endpoint with listening port appended at the client side, peer entry if there is not a se...
by mducharme
Tue Jun 08, 2021 4:00 am
Forum: RouterOS v7 BETA
Topic: RouterOSv7 first look – MLAG on CRS 3xx switches
Replies: 9
Views: 1578

Re: RouterOSv7 first look – MLAG on CRS 3xx switches

I just tried using MSTP on the Bridge the MLAG ports are on, it definitely does not support that version of STP.
That seems an odd limitation.. I would hope that this is just a temporary state of affairs and that MLAG will support MSTP later.
by mducharme
Mon Jun 07, 2021 6:44 am
Forum: General
Topic: TCP Established and Call of Duty disconnects
Replies: 6
Views: 569

Re: TCP Established and Call of Duty disconnects

A few days ago I took out my Edge Router 12P and installed mikrotik ccr-1036 thinking that the performance of the network was going to improve and in fact it was but I have several problems with gamers that previously did not have especially those who play Call Of Duty and that is that sporadically...
by mducharme
Mon Jun 07, 2021 6:40 am
Forum: RouterOS v7 BETA
Topic: RouterOSv7 first look – MLAG on CRS 3xx switches
Replies: 9
Views: 1578

Re: RouterOSv7 first look – MLAG on CRS 3xx switches

One thing I noticed is that the documentation says "The MLAG requires enabled STP or RSTP protocol" - does MLAG not work with MSTP?
by mducharme
Mon Jun 07, 2021 6:16 am
Forum: RouterOS v7 BETA
Topic: CHR - Broken upgrade from RouterOS 7.1 b4
Replies: 5
Views: 904

Re: CHR - Broken upgrade from RouterOS 7.1 b4

Sorry, typed the wrong version number: 7.1 beta 4.
Try setting up a new server with beta 6. There was an issue with beta 4 and earlier, if I recall it was something to do with the partition table format being incorrect. It may be the cause of the issues you are having.
by mducharme
Sun Jun 06, 2021 10:17 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 144
Views: 19470

Re: v6.47.10 [long-term] is released!

I do have personal experience with hAP mini units in the field as we have about 50 of them deployed to customers, with the bundle package and tr069 package (currently running 6.48). I have upgraded them a few times now, but try to make the upgrades infrequent to try to avoid issues with insufficient...
by mducharme
Sun Jun 06, 2021 6:11 am
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 144
Views: 19470

Re: v6.47.10 [long-term] is released!

dear BartoszP, yes, on MTCNA class, which topics that the router have to have routing package ? remember that static routing does NOT need routing package as the function already inside of system. routing package contain dynamic routing functions such as ospf, rip, and bgp. it only needed on advanc...
by mducharme
Fri Jun 04, 2021 9:32 am
Forum: Announcements
Topic: SwOS Lite version 2.14 released!
Replies: 21
Views: 9902

Re: SwOS Lite version 2.14 released!

Can anybody confirm if this fixes the link issues with Intel SFP NIC's? Currently on 2.13 release candidate for that to work as 2.13 final could not link.
by mducharme
Fri Jun 04, 2021 3:13 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

I do the same ping troubleshooting without IP address :-) I know you do, but I am thinking more about what is easiest to understand for people who are not as technically proficient. If Wireguard does not seem to be working, it could be harder for them to trace down the issue if you do not have an a...
by mducharme
Thu Jun 03, 2021 11:13 am
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 144
Views: 19470

Re: v6.47.10 [long-term] is released!

Also it is best to not enable the "store on disk" checkmark because keeping Graphing data on disk (flash) causes a very high number of flash writes. "Store on disk" itself is not a problem, depending on how things are configured. In Tools->Graphing, there is a "Graphing Set...
by mducharme
Thu Jun 03, 2021 10:36 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

There is another reason I can see for having IP addresses on the Wireguard interfaces themselves - easy troubleshooting. If Wireguard is not working and you don't know why, having the IPs on both sides on that interface, and using those to do ping tests, allows you eliminate certain kinds of routing...
by mducharme
Thu Jun 03, 2021 8:24 am
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 144
Views: 19470

Re: v6.47.10 [long-term] is released!

Features like Graphing take up space on the disk without actually displaying as files. In previous cases I have had to disable Graphing so that the graph data is deleted in order to successfully upgrade 16MB flash devices.
by mducharme
Tue Jun 01, 2021 4:36 am
Forum: Forwarding Protocols
Topic: OSPFv3 + DHCPV6 Relay Not Routing Correctly
Replies: 3
Views: 867

Re: OSPFv3 + DHCPV6 Relay Not Routing Correctly

Hello I'm having difficulties setting up a dhcpv6 relay through ospfv3 and i'm not sure if its a configuration issue or just broken/incompatible as I know ipv6 implementation is far from complete thus far. I believe the DHCPv6 relay feature was not designed for prefix delegation, so it doesn't add ...
by mducharme
Mon May 31, 2021 9:54 pm
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

Out of curiosity do you just assign an IP address to a wireguard interface or do you assign a subnet and then give client devices an IP in that subnet?? The wireguard interface on the router gets 192.168.66.1/24, and the clients get 66.2/24, 66.3/24, etc. This is done exactly as described in the of...
by mducharme
Mon May 31, 2021 3:16 am
Forum: General
Topic: Mikrotik ASN Public IP question
Replies: 4
Views: 623

Re: Mikrotik ASN Public IP question

whilst on the public ips on ASN we have created the accept rule to pass all traffic without blocking ports on the public ips.. so i am guessing that these types of attacks must be hammering the clients routers with attempts to access the devices.. i have seen on the net that there could be a ton of...
by mducharme
Mon May 31, 2021 1:20 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

Why do you need an IP address? What functionality does adding an IP address on the WG provide?? Currently, from my iphone I can manage/configure every MT router attached somehow to Wireguard. I can get internet from the WG server from my iphone. The external PC connected to the wirguard server can ...
by mducharme
Sun May 30, 2021 11:59 pm
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

No still dont see it nor agree but I think you are missing a key point ----> I do not assign an IP or IP address to the wireguard interface in my design. It is only an interface period. OK I see. What benefit is there to not using an IP address on the wireguard interface? (Other than saving one IP ...
by mducharme
Sun May 30, 2021 10:28 pm
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

Are you saying this is all done automatically when using only a single router? I do have masquerade sourcenat on both routers but this is not enough! Yes, it is automatic when using a single router. Your situation is different in that your Wireguard server is behind another router. As an example, t...
by mducharme
Sun May 30, 2021 5:23 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

[2. Ensure one puts an IP Route on the MT Server Router that will direct return traffic from the internet back through the wireguard tunnel to the client device. Therefore the destination address is the lan subnet of the client device or the IP of the client device) and the gateway is the wireguard...
by mducharme
Sun May 30, 2021 2:47 am
Forum: Beginner Basics
Topic: OSPF over SSTP - works great but why?
Replies: 3
Views: 434

Re: OSPF over SSTP - works great but why?

As far as I know, OSPF uses multicast (224.0.0.x) in broadcast and point-to-point mode to send hello packets, set up adjecancies, etc. And furthermore, I assume that PtP VPN tunnels like SSTP do not transmit multicast traffic. They do transmit multicast. You can do OSPF over any PPP tunnel in point...
by mducharme
Sun May 30, 2021 2:00 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

Make sure the "allow wireguard" rule is above your drop rules on the input chain, specifically it should at least be above the "drop all" final input chain rule. It looks to me like you have it at the very end instead, which is too late. On mine I have it just above the "dro...
by mducharme
Sun May 30, 2021 12:00 am
Forum: General
Topic: How do we properly perform CGNAT on a MikroTik Router for customers?
Replies: 21
Views: 1691

Re: How do we properly perform CGNAT on a MikroTik Router for customers?

A different network operator was able to open up ports from the public for their CGNATted customers using MikroTik, we are not sure how they did it.
Please see this MUM presentation: https://mum.mikrotik.com/presentations/ ... 667160.pdf
by mducharme
Sat May 29, 2021 9:12 pm
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

Unfortunately I cannot replicate it. May you have any hint based on my configuration?
Your wireguard interface for roadwarriors should also be in the LAN interface list - make sure you have done that.
by mducharme
Sat May 29, 2021 5:17 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

Could you please explain the correct firewall addition to allow this to work? I have tried a number of things without success. Also, does it need a static route? Is WireGuard assigning the IP address to the client as the peer IP? Can it be on the same network as my DHCP subnet everything else is on...
by mducharme
Sat May 29, 2021 3:05 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

you guys are way too deep in the weeds here. In the past maybe a bunch of kernel patches were necessary but today the kernel is really mature and most anything mikrotik wants to do is likely in mainline already, else it's being handled by the SoC vendors because they need that feature to work too. ...
by mducharme
Fri May 28, 2021 5:07 am
Forum: Forwarding Protocols
Topic: Summarization of OSPF routes
Replies: 8
Views: 1007

Re: Summarization of OSPF routes

Area ranges are the best way to summarize OSPF routes, if they work for your situation. It is generally advised to only do redistribution if it is necessary.
by mducharme
Fri May 28, 2021 4:51 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

Well I do not determine the priorities and I do not know about that big customer that wanted hw acceleration, but I would (and I think I am not the only one) prefer this sequence of v7 implementation: 1. finish the porting of everything that was in v6 so it can be realistically BETA-tested (maybe w...
by mducharme
Thu May 27, 2021 5:11 am
Forum: General
Topic: any working dhcp - client ipv6 working example?
Replies: 8
Views: 666

Re: any working dhcp - client ipv6 working example?

There is generally no need to use IPv6 DHCP to hand out addresses like with IPv4 DHCP - this can be accomplished with SLAAC.
by mducharme
Thu May 27, 2021 1:28 am
Forum: Wireless Networking
Topic: Poor wireless Speeds on RB4011iGS+5HacQ2HnD-IN [SOLVED]
Replies: 13
Views: 1438

Re: Poor wireless Speeds on RB4011iGS+5HacQ2HnD-IN [SOLVED]

There is no need to set installation=indoor - that setting is for scenarios where you want to avoid interference with wireless ISPs in rural areas that use 5ghz. If you have standard residential service that isn't provided over wireless, setting installation=indoor will just artificially limit the f...
by mducharme
Wed May 26, 2021 6:46 am
Forum: Beginner Basics
Topic: New to Mikrotik
Replies: 14
Views: 1454

Re: New to Mikrotik

The MikroTik iPhone/Android app is excellent in terms or providing a very user friendly way for even the most non-technical of home users to get their router configured properly.

If you move outside of the app, you may find things are too complicated for you to handle.
by mducharme
Wed May 26, 2021 2:40 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

The Winbox that I enabled safe mode in says that it's been 40 minutes since it lost connection. The automatic reboot that is supposed to occur upon loss of connection has not happened. I'll be using the console to restore a backup from before the upgrade to v7.1beta6 which did not have OSPFv3 confi...
by mducharme
Wed May 26, 2021 2:39 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

RB4011iGS+5HacQ2HnD v7.1beta6 + wave2 errors in log: memory - script - warning - DefConf gen: Unable to find wireless interface(s) memory - system - error - critical - error while running customized default configuration script: interrupted Probably if you are doing a factory reset to load the DefC...
by mducharme
Tue May 25, 2021 12:12 pm
Forum: RouterOS v7 BETA
Topic: 7.0beta6 OSPFv3 CPU hog
Replies: 5
Views: 803

Re: 7.0beta6 OSPFv3 CPU hog

When I disable OSPFv3 backbone area before upgrade, then CHR boots and CPU is under 1%, and then I fix the interface-template missing interface names, but after I enable OSPFv3 backbone area it hogs CPU again. Yes, this is the same issue I reported here: https://forum.mikrotik.com/viewtopic.php?f=1...
by mducharme
Tue May 25, 2021 5:21 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

Any news on IPv6 hardware offload? That's what I'm waiting on to start testing. I want the hardware offload for an ospfv3 routed network and with no fastpath support for ipv6 in routeros6 (or 7...) it kinda disqualifies the hardware. OSPFv3 is still not working in v7. Given that the beta releases h...
by mducharme
Tue May 25, 2021 3:36 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 on RB4011 keeps doing DHCP requests
Replies: 2
Views: 766

Re: v7.1beta6 on RB4011 keeps doing DHCP requests

Hi, on my (ISC-)DHCP-server I see DHCPDISCOVER pakets coming from my RB4011 every second. The thing is, there is no DHCP(v4) client configured on the router, so it should not be doing DHCP requests at all. There is just a DHCPv6-client for my Internet connection, which is on PPPoE tunnel on a diffe...
by mducharme
Mon May 24, 2021 12:00 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

I've been able to reproduce it - it happens to me even when there is no bridge MAC address reconfiguration taking place, i.e. just one bridge with admin MAC set. So there must be some other trigger for this issue. On my device, a kernel panic occurs on reboot that appears to be related to this issu...
by mducharme
Sun May 23, 2021 10:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

It's a pity that L3 offloading is limited to IPv4 only, but it's impressive nevertheless.
I may be mistaken, but my understanding is that it is only limited to IPv4 for now, and L3 offloading for IPv6 is coming.
by mducharme
Sun May 23, 2021 10:11 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

The issue re-appears after a bridge mac address reconfiguration, e.g. due to port membership update. It doesn't matter which bridge (can be an unrelated bridge). I've been able to reproduce it - it happens to me even when there is no bridge MAC address reconfiguration taking place, i.e. just one br...
by mducharme
Sun May 23, 2021 7:38 pm
Forum: General
Topic: Unstable IPv6 tunnel: loop detected, downing interface for 60 seconds [SOLVED]
Replies: 3
Views: 607

Re: Unstable IPv6 tunnel: loop detected, downing interface for 60 seconds [SOLVED]

Reverting to RouterOS 6.48.2 fixed the issue.
If it is a bug in 7.1beta5, please note that there is 7.1beta6 available now.
by mducharme
Sun May 23, 2021 3:17 am
Forum: General
Topic: default firewall rules list
Replies: 4
Views: 443

Re: default firewall rules list

You can also just run this command on your device:
/system default-configuration print
As long as you have a device that has the firewall rules as part of its factory defaults.
by mducharme
Sun May 23, 2021 1:11 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

Yes, but reconfiguring any bridge (e.g. bridge2) should not lead to loss of link local address of another bridge (e.g. bridge1). Yes, it is a bug and certainly should be fixed, but there have been many auto MAC related bugs in the past similar to this, enough that kalamaja should probably set it as...
by mducharme
Sun May 23, 2021 1:01 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

The issue re-appears after a bridge mac address reconfiguration, e.g. due to port membership update. It doesn't matter which bridge (can be an unrelated bridge). You can prevent port membership updates from affecting the bridge mac by hard setting the admin MAC instead of using auto MAC for the bri...
by mducharme
Sun May 23, 2021 12:55 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

may/23 00:35:32 radvd,debug RADVD:: skip Router Advertisement sending on bridge: no link local address
Make sure admin mac address is set for your bridge, and that "Disable IPv6" is not checked under IPv6->Settings.
by mducharme
Sat May 22, 2021 9:13 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

I can confirm that my RB3011's kernel panic on downgrade/upgrade and on reboot after upgrading to 7.1beta6 was resolved by doing a netinstall back to 6.48.2 and restore of backup config taken prior to 7.1beta6 upgrade. I think i'll hold off for a few more versions before trying again. You shouldn't...
by mducharme
Sat May 22, 2021 5:15 am
Forum: Beginner Basics
Topic: What is L2TP Secret Tab?
Replies: 6
Views: 506

Re: What is L2TP Secret Tab?

I hope MikroTik adds LAC support at some point. Certainly do not delay v7 stable for it, but it would be a nice feature.
by mducharme
Sat May 22, 2021 5:02 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

Good news for this new version for hAP mini users - unlike 7.1beta5, this version works without the device becoming unresponsive. This probably also applies to other smips architecture devices. I had to keep my hAP mini on 7.1beta4 while all of my other devices were on beta5.
by mducharme
Sat May 22, 2021 4:43 am
Forum: Beginner Basics
Topic: Difference between Simple Queue and Queue tree [SOLVED]
Replies: 2
Views: 508

Re: Difference between Simple Queue and Queue tree [SOLVED]

It is somewhat complicated because they can both be used for the same sorts of things but they each have something they are particularly good for: Simple queues - good for rate limiting for customers, networks, etc., so that they cannot pull more than their allocated amount Queue trees - good for do...
by mducharme
Sat May 22, 2021 4:05 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

How to debug this further? You have to have service "www" enabled and port 80 open to the world. This is the issue that I had - I don't like having to have www port 80 open to everywhere - even if it is just for a brief time to renew LetsEncrypt with a scheduled task. There should be a wa...
by mducharme
Fri May 21, 2021 8:54 pm
Forum: RouterOS v7 BETA
Topic: Route filter for BGP not working v7.1 beta 6
Replies: 3
Views: 915

Re: Route filter for BGP not working v7.1 beta 6

I haven't done much with the new routing filters, but could the issue have to do with output.network=""?
by mducharme
Fri May 21, 2021 2:15 am
Forum: General
Topic: ipv6 6PE ?
Replies: 8
Views: 2921

Re: ipv6 6PE ?

Also, 5.2. Holy crap update!
The original poster who was on 5.2 posted that 10 years ago. Presumably they are no longer running 5.2 by now, 10 years later.
by mducharme
Thu May 20, 2021 9:58 pm
Forum: RouterOS v7 BETA
Topic: Kernel panic with reboot on RB4011iGS+5HacQ2HnD-IN
Replies: 3
Views: 919

Re: Kernel panic with reboot on RB4011iGS+5HacQ2HnD-IN

Interesting. I had no OSPF or OSPFv3 config at the time at all, but I do have BGP. I might factory default it tonight and test but that feels like effort :P In all honesty, each time I upgrade to a new v7beta I reset to no factory reconfiguration and paste in the old .rsc from the previous version ...
by mducharme
Thu May 20, 2021 6:56 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

That is the reason I was against this feature. Don't get me wrong - LetsEncrypt is beautiful, but opens whole can of worms because many tasks are done by custom made scripts. e.g. I want a DNS challenge on cloudflare. Someone else wants a DNS challenge on Azure etc... It would be all beautiful, but...
by mducharme
Thu May 20, 2021 4:14 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

Is there is a way to use this new Lets Encrypt support without having to open www (and, by extension, webfig) to the world? The Lets Encrypt support is a great idea and I am glad it is there, it is really handy for VPNs etc, but it seems like I am having to open port 80 and webfig to the planet if I...
by mducharme
Thu May 20, 2021 2:52 am
Forum: RouterOS v7 BETA
Topic: Kernel panic with reboot on RB4011iGS+5HacQ2HnD-IN
Replies: 3
Views: 919

Re: Kernel panic with reboot on RB4011iGS+5HacQ2HnD-IN

Just putting here for the sake of reporting. I upgraded to v7.1beta6 today on my RB4011iGS+5HacQ2HnD-IN and I'm now getting a kernel panic every time that I try to reboot. I had a similar issue and traced the cause to my OSPF configuration. Any OSPFv3 configuration especially causes the router to s...
by mducharme
Thu May 20, 2021 2:36 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 329
Views: 44102

Re: v7.1beta6 [development] is released!

Thanks for the new features like MLAG! Were the issues with OSPFv3 checksum fixed? OSPFv3 seems to be even more broken than before, sadly. Adding an area to OSPFv3 (without any interface-templates) causes one CPU to go into high utilization and all of the OSPF menus stop responding. It is not possi...
by mducharme
Wed May 19, 2021 8:36 am
Forum: General
Topic: What is "unclassified" cpu usage?
Replies: 6
Views: 7161

Re: What is "unclassified" cpu usage?

Please, explain. 5% on each CPU or 5% total ? We use CCR1036 with 36 cores, total unclassified load is not so much, but unclassified per one core may be 15 or 20%. I suspect they mean 5% per CPU core. It doesn't hurt to submit, anyway. However, they may be less likely to do something about this now...
by mducharme
Sun May 16, 2021 8:44 am
Forum: RouterOS v7 BETA
Topic: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31
Replies: 15
Views: 2275

Re: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31

While it is useful for PtP links is this really such a huge problem? In my books it's more "nice to have one day" but there are many more things which should be a priority over /31. Here's a big part of the reason - in North America at least, MikroTik is often viewed as a tinkertoy router...
by mducharme
Sat May 15, 2021 12:58 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 169
Views: 42359

Re: v6.49beta [testing] is released!

>>>*) tile - fixed bridge performance degradation (introduced in v6.47); AH-AH! Now works like before (6.46.8), thanks Under what scenarios does this performance degradation occur, and how badly is the performance degraded? We were supposed to upgrade our TILE devices to the latest long term and I'...
by mducharme
Thu May 13, 2021 11:34 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

Why did they do this? Route caching was originally supposed to be this great feature that would speed up routing table lookups drastically and make Linux a much more efficient router - that is why it was added into Linux in the first place. This relates to other similar technologies like Cisco's CE...
by mducharme
Thu May 13, 2021 8:33 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

I don't get the sense that most of the work and long delays in getting v7 ready don't necessarily have as much to do with the kernel customizations, and have more to do with the rewrite of the routing engine. In ROS 6 and earlier, it seems like MikroTik had bet the bank on the route caching feature ...
by mducharme
Thu May 13, 2021 9:25 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

I can agree with this regarding new features, but IGMP-proxy is a feature that allready was in ROS, maybe not a core function so the focus should be on core functionality and stability and then on already existing features and only then on totally new stuff. I can't see igmp-proxy taking anywhere n...
by mducharme
Thu May 13, 2021 8:42 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

I certainly hope MT devs are focusing on bullet #1 because any new features without stable base are completely useless to most users. Yes, this is the same thing that I was pointing out to others. Everybody was asking for new features right away like ipsec VTI and other such things. I do want to se...
by mducharme
Thu May 13, 2021 7:28 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

More features are missing like IGMP-proxy
Which is not something I would consider a major feature. At the moment they mostly have to finish filling in the blanks - all of the minor features, or fixing bugs with the major features.
by mducharme
Thu May 13, 2021 5:05 am
Forum: General
Topic: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]
Replies: 14
Views: 1087

Re: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]

/ipv6 dhcp-client add add-default-route=yes interface=eth4_Uplink pool-name=Not_Working prefix-hint=::/56 rapid-commit=no request=address,prefix /ipv6 nd prefix add 6to4-interface=eth4_Uplink interface=eth4_Uplink Why did you specify things under /ipv6 nd prefix? You should delete that. You don't n...
by mducharme
Thu May 13, 2021 4:31 am
Forum: General
Topic: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]
Replies: 14
Views: 1087

Re: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]

Yup I've tried with and without a prefix hint. Believe it or not on other devices I can use prefix hint or not use prefix hint and still get an IPv6 no issue and obviously end user devices get an IPv6 no issue. If you do want to get this fixed and not just whine, please stop it with the "MIKRO...
by mducharme
Thu May 13, 2021 4:23 am
Forum: General
Topic: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]
Replies: 14
Views: 1087

Re: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]

lol I wish that could have helped. Literally every end device and other switch and router I connect to this junk modem gets dhcpv6 prefix and address (for end user devices) totally fine. It's ONLY this 4011 that will not obtain an IPv6. I actually know someone in Denmark with the same issue that we...
by mducharme
Thu May 13, 2021 4:14 am
Forum: General
Topic: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]
Replies: 14
Views: 1087

Re: IPv6 - FOR THE LOVE OF GOD WHY IS THIS BROKEN??!?!??!?! [SOLVED]

I have prefix delegation working perfect, devices directly connected use SLAAC perfectly fine and I can even get IPv6 addresses AND delegation to work with my shitty Nighhawk router AND my semi not great Fortigate 101E BUT Mikrotik decides they don't want to follow RFC I guess? I have IPv6 DHCPv6 p...
by mducharme
Thu May 13, 2021 4:08 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

It's been 2 months since last v7 beta... if anything, development is slowing down... sad to see this. Look at the time between the previous betas: 7.1beta1->7.1beta2: 1 month 7.1beta2->7.1beta3: over 3 months 7.1beta3->7.1beta4: 2 months 7.1beta4->7.1beta5: 1.5 months As of this post, it has been l...
by mducharme
Thu May 13, 2021 2:48 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 111
Views: 12278

Re: v7 launch date

If RouterOS did fade away, I think the world would have lost a bit of a shining star. But then again, not the first time the "best" hasn't won in the long run :-( I wouldn't be too worried about that. I have a fairly complex setup at home and aside from a few things RouterOS v7 is stable ...
by mducharme
Wed May 12, 2021 1:13 am
Forum: RouterOS v7 BETA
Topic: OSPF Default Route Distribution
Replies: 3
Views: 934

Re: OSPF Default Route Distribution

Is this a bug?
I'm not sure - I haven't actually tried redistributing the default route myself with OSPF on RouterOS 7. Could be a bug, or the feature has not yet been implemented.
by mducharme
Tue May 11, 2021 4:56 am
Forum: RouterBOARD hardware
Topic: Mikrotik GPON module
Replies: 7
Views: 953

Re: Mikrotik GPON module

so mducharme , may I ask you if you know of any sfp GPON modules that work in a Mikrotik ( in an air-tight nema outdoor enclosure ) that have been proven worthy of standing up to warm/hot summer days ? As I said, we are looking at trying out the Adtran SFP GPON module - hopefully we will get a few ...
by mducharme
Tue May 11, 2021 4:14 am
Forum: RouterBOARD hardware
Topic: Mikrotik GPON module
Replies: 7
Views: 953

Re: Mikrotik GPON module

Edit - woops - I am getting my ONTs and ONUs backwards - I think.
ONT and ONU are two different acronyms for the same thing, so you can't get them backwards. OLT is the term for the head end device (ex. TA5004).
by mducharme
Tue May 11, 2021 3:23 am
Forum: Announcements
Topic: SwOS Lite version 2.13 released!
Replies: 38
Views: 16781

Re: SwOS Lite version 2.13 released!

The 2.13rc12 firmware works correctly for me with my Intel XXV710 NICs. The 2.13 released firmware does not work correctly. The switch sees the link as being up but the Intel cards see the link as being down. I am seeing the same thing. The released version is not working with Intel X520-DA1 NIC - ...
by mducharme
Tue May 11, 2021 3:15 am
Forum: RouterBOARD hardware
Topic: Mikrotik GPON module
Replies: 7
Views: 953

Re: Mikrotik GPON module

I would prefer installing and using a Mikrotik/router/sfp-GPON-module ONT solution verses the GPON ONTs I am already installing ( sometimes up to 10 a day ). Don't you use Adtran Total Access OLT's? I believe Adtran makes a GPON ONT SFP module. There is information on the module here: https://suppo...
by mducharme
Tue May 11, 2021 3:02 am
Forum: RouterOS v7 BETA
Topic: OSPF Default Route Distribution
Replies: 3
Views: 934

Re: OSPF Default Route Distribution

In older versions of ROS you could control the re-distribution of default routes I believe so how do I do it now? By default in ROS 7, it is supposed to advertise any routes in the routing table over OSPF as type 5 LSA's via redistribution. This redistribution is controlled by routing filters. If y...
by mducharme
Mon May 10, 2021 9:32 am
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues
Replies: 28
Views: 5653

Re: CCR1009-7G-1C-1S+ single stream TCP performance limit with queues

That's good to hear it is reproducible. I will contact Mikrotik support and hope for an explanation. We are having a similar problem with queueing of 1Gbps of MPLS traffic. In our case, it isn't a single stream performance that we are hitting, but instead is the total MPLS traffic across the interf...
by mducharme
Mon May 10, 2021 3:37 am
Forum: Wireless Networking
Topic: Mikrotik AC with Ubnt AC
Replies: 1
Views: 563

Re: Mikrotik AC with Ubnt AC

Hello there, first sorry for my english. I´m trying to connect a QRT5AC and a Litebeam 5AC 2nd Generation. So far, I have not luck! I had tried any possible configuration, including AP/client in both ends and viceversa, but maybe I´m missing something. Please help, any advice here?? Thank you in ad...
by mducharme
Mon May 10, 2021 12:22 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

You wrote you need the 4-(mac)-address mode and capsman to be supported on wifiwave2 in order to be able to test it. That implies to me that you normally use both these features simultaneously (i.e. a capsman-controlled AP in AP-bridge mode), which I thought was impossible. What am I missing? The A...
by mducharme
Mon May 10, 2021 12:11 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

Sorry for off-topic, but how do you make these two work together on any ROS release, without wifiwave2?
Can you clarify? I'm not exactly sure what you are asking.
by mducharme
Sun May 09, 2021 9:54 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

I think the Audience makes a handsome paperweight!
My Audience is running pretty decently with v7 beta. I would like to try wifiwave2 on it, but need 4 address mode support for that, plus CAPsMAN support.
by mducharme
Sat May 08, 2021 6:11 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

Can you post the rules? Ive seen 3 others post about ipv6 connection tracking being broken. Another one is in this exact same thread. Hi, you can get the rules from your own device easily: /system default-configuration print Make sure your window is wide enough first or the ends of the lines will b...
by mducharme
Sat May 08, 2021 2:40 am
Forum: General
Topic: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]
Replies: 6
Views: 613

Re: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]

I fixed that by moving WLAN interfaces to Tagged, but why are they tagged, aren't they treated like access interfaces? When you configure a wireless interface with a VLAN ID in the wireless settings, the tag is added by the wireless interface itself. In other words, by setting vlan-id in a wireless...
by mducharme
Sat May 08, 2021 2:27 am
Forum: General
Topic: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]
Replies: 6
Views: 613

Re: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]

a client connected to port 2 (physical on audience) gets a dhcp lease just fine, the wireless only are the problem Hello, I think you have unintentionally done Q-in-Q. You have configured your wireless interface to add a VLAN tag for VLAN 10 or 20, which is fine, but then you have bridge VLAN filte...
by mducharme
Thu May 06, 2021 3:32 am
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 8
Views: 880

Re: Caps-man with vlans and cAP with vlans on switch chip problem

I am certain I am doing something wrong (in datapaths probably) and I am missing something obvious... In "/interface wireless cap" on the two devices, you don't appear to have the "bridge" set. In the case of local-forwarding (which you are using), the bridge= setting in the dat...
by mducharme
Wed May 05, 2021 8:54 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

It appears IPV6 connection tracking does not work on 7.5Beta5?
It works fine for me, but I am using the factory default MikroTik IPv6 firewall config and not the one from help.mikrotik.com that you pasted.
by mducharme
Tue May 04, 2021 3:58 am
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 1054

Re: IPv6 ICMP ok but no TCP traffic

/ipv6 firewall mangle add action=change-mss chain=forward comment=\ "update PMTU for PPPoE via WAN" new-mss=clamp-to-pmtu \ out-interface=pppoe-out1 packet-size=1421-65535 passthrough=yes protocol=\ tcp tcp-flags=syn[/code] What if you hard-set the new-mss instead of new-mss=clamp-to-pmtu...
by mducharme
Tue May 04, 2021 2:02 am
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 1137

Re: VPN L2TP/IPSEC RouterOS 6.11

I can't do any updates on this mikrotik because my vendor sais that we had a lot of configurations that will get not working as there have been so many changes from 6.11 to 6.4X. So, If I do the update, there are a lot of things that could get wrong and will have to fix it in a production firewall....
by mducharme
Mon May 03, 2021 11:47 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 1054

Re: IPv6 ICMP ok but no TCP traffic

If an MTU issue would be the cause, then it would also be applicable on IPv4 ? No - with IPv4, routers in between the source and destination are allowed to fragment packets, but not with IPv6. So in the event that the server sends the customer a 1500 byte packet, the ISP PPPoE concentrator router c...
by mducharme
Mon May 03, 2021 9:04 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules
Replies: 4
Views: 1014

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

I know that I can turn off bridge VLAN filtering, but if I want to use the extra port(s) on a cAP ac or hAP ac as access ports, the only other way besides VLAN filtering is to mess around with VLAN interfaces and extra bridges. I wouldn't say this is the case - what I usually do is I configure the ...
by mducharme
Mon May 03, 2021 8:31 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 1054

Re: IPv6 ICMP ok but no TCP traffic

I would look at MTU as well especially since it is PPPoE - perhaps the 1500 byte response is not making it back to you.

Ideally if your ISP supports RFC4638 (getting 1500 MTU over PPPoE by making the PPPoE packets slightly oversize) you can eliminate most MTU issues by configuring that.
by mducharme
Mon May 03, 2021 6:12 am
Forum: Beginner Basics
Topic: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?
Replies: 5
Views: 612

Re: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?

I am not network savvy and I just upgraded to Google Fiber from a Comcast 250Mbps connection. I have an RB2011UiAS-2HnD-IN and was thinking it would be sufficient. Yes, you should upgrade. For sizing, go onto the products page and look at the device "Test Results" tab, specifically the 51...
by mducharme
Sat May 01, 2021 7:33 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135904

Re: Using RouterOS to VLAN your network

Ah okay got it, capsman and vlans is like mixing beer and wine.......and then drinking vodka LOL It isn't only with CAPsMAN - you can also assign VLANs to different clients on a single SSID without CAPsMAN using an access list that assigns the VLAN tag based on the MAC, or with RADIUS assigning per...
by mducharme
Fri Apr 30, 2021 6:28 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules
Replies: 4
Views: 1014

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

If an access list rule contains a VLAN-ID, add a dynamic VLAN rule to the bridge for each WiFi interface which is matched by the rule. I agree it would be nice to have a solution for this, but in most cases you can simply avoid using bridge VLAN filtering on the CAP device and use it only on the sw...
by mducharme
Fri Apr 30, 2021 5:56 pm
Forum: Wireless Networking
Topic: Can cAP decide channel in a smarter way
Replies: 8
Views: 1046

Re: Can cAP decide channel in a smarter way

None. If I use the configuration random 2ghz (see above), which has channels 1, 6 and 11, what would you suggest to put as reselect-interval? That's up to you - it depends on how often you want it to rescan for possible interference and check to see whether it should change channels. Doing it too o...
by mducharme
Fri Apr 30, 2021 12:54 am
Forum: Wireless Networking
Topic: Can cAP decide channel in a smarter way
Replies: 8
Views: 1046

Re: Can cAP decide channel in a smarter way

I did start with all channels, but the signal was bad in the kitchen.
So what is your reselect-interval set to under channels, as mfrey said? Normally this is solved by setting reselect-interval - I'm not sure if you missed that in mfrey's message or if you tried that but it isn't working.
by mducharme
Thu Apr 29, 2021 5:07 am
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1434

Re: MAC VLAN on CRS354-48G

One remark: I had to remove the ports from the default "bridge" first, Hence I couldn't find out how to do it in command line I used the WebGUI - sorry for that ;-) You have two bridges then? Hardware acceleration can only work in one bridge on a router - are you setting hw=no on the rema...
by mducharme
Wed Apr 28, 2021 6:39 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135904

Re: Using RouterOS to VLAN your network

Hi Mudharm, I use capac and bridge vlan filtering with great success (and no capsman). I use a vlan per SSID to separate users. What am I missing here?? You are talking about per-SSID VLANs - those work fine with bridge VLAN filtering. I'm talking about per-user VLANs with a single SSID - that does...
by mducharme
Wed Apr 28, 2021 5:48 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1434

Re: MAC VLAN on CRS354-48G

Does this make more sense now? No, this does not agree with the example configuration MikroTik posted on their wiki. First they have this, which is clear: /interface bridge add name=bridge1 vlan-filtering=yes /interface bridge port add bridge=bridge1 interface=ether2 hw=yes add bridge=bridge1 inter...
by mducharme
Tue Apr 27, 2021 7:49 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1434

Re: MAC VLAN on CRS354-48G

Whilst switch rules would map unicast traffic to specific VLANs any broadcast/multicast traffic would not be, likely breaking things. This is not entirely the case, but I find the MAC based VLAN support problematic in other ways and we have not used it. The way MikroTik wants it configured is to ma...
by mducharme
Tue Apr 27, 2021 4:48 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135904

Re: Using RouterOS to VLAN your network

As sindy suggested, for any CAPs you are using, I would generally recommend *not* using bridge VLAN filtering on the CAP itself. Use it on the routers and the switches, but not the CAP. The issue is that bridge VLAN filtering artificially limits what you can do with the CAP. For instance, normally y...
by mducharme
Tue Apr 27, 2021 3:49 am
Forum: RouterOS v7 BETA
Topic: Interface setting proxy-arp could be broken
Replies: 1
Views: 748

Re: Interface setting proxy-arp could be broken

With my L2TP/IPsec tunnels I can't get proxy-arp working with 7.1beta5, as I can't get ARP from any devices on the local network. Regular websites work just fine and I can connect to the router itself, but nothing else. It's sad that so much stuff is broken in the 7.1 betas and I can't just not use...
by mducharme
Mon Apr 26, 2021 7:21 pm
Forum: Beginner Basics
Topic: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]
Replies: 5
Views: 899

Re: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]

Do you have to disable and then re-enable this setting each time you reboot your router? Or does disabling/re-enabling change something magically in the configuration? You can try it on your device - I was helping somebody remotely with this issue who was having it on several devices and disabling/...
by mducharme
Mon Apr 26, 2021 2:20 am
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 61502

Re: SwOS version 2.12 released!

RB260GSP, restricting forwarding does not work. The switch forwards traffic between all ports even when unchecking forwarding options.
by mducharme
Sat Apr 24, 2021 11:38 pm
Forum: Beginner Basics
Topic: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]
Replies: 5
Views: 899

Re: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]

I don't know why the initial setup had configured interface=all, but it was obviously incorrect. I just encountered this same issue for the first time. The problem is not the default interface=all - it is not incorrect. In fact, disabling the default "interface=all" and re-enabling it cau...
by mducharme
Fri Apr 23, 2021 3:52 am
Forum: General
Topic: Unstable MAC Winbox connection
Replies: 12
Views: 805

Re: Unstable MAC Winbox connection

Ok, if you are right and i can confirm that oversized MAC winbox packets was the problem how to resolve the issue? You might be able to increase the L2 MTU that your PC is allowed to receive by enabling Jumbo Frames or some other option in the network card settings, or by upgrading the driver to a ...
by mducharme
Thu Apr 22, 2021 10:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

I've accidently rebooted my RB4011 (without WiFi) after 5 days uptime on 7.1beta5. All was running fine but since this reboot it crashes every about 4 hours. Happened six times now. Sometimes a bit less than 4 hours, sometimes a little above. Make sure your RouterBOOT firmware is also upgraded to 7...
by mducharme
Thu Apr 22, 2021 8:41 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

Will the new architecture for routing and routing protocols in v7 fix this? If not, please think about a fix. E.g. some setting per interface to copy connected route to some specified table. (it could be that using the VRF feature could solve part of these issues, but unfortunately there is too lit...
by mducharme
Thu Apr 22, 2021 3:09 am
Forum: General
Topic: Unstable MAC Winbox connection
Replies: 12
Views: 805

Re: Unstable MAC Winbox connection

PROBLEM: Winbox connects to device using MAC address but connection breaks after couple of seconds, at this short time i cannot do anything. Winbox was running on Windows laptop with 1gbps LAN integrated on MOBO. Do you folks have same problem? How do you resolve this issue? Hello, I have seen this...
by mducharme
Wed Apr 21, 2021 1:53 pm
Forum: General
Topic: IPV6 was working but has now stopped
Replies: 25
Views: 1196

Re: IPV6 was working but has now stopped

I have been looking at the setup for 5 days without understanding what is wrong. I'm desperate Have you tried rebooting the router? I've come across a glitch once or twice where router advertisements stop being sent and a reboot has corrected the issue. It is very rare though - last time it happene...
by mducharme
Tue Apr 20, 2021 2:22 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

Re: MikroTik Wireguard server with Road Warrior clients

I would like to apply this setup on 7.1b5 in Webfig. However I'm not able to set the allowed-address for the server peer config, the field gets cleared when pressing Apply and is not saved when pressing OK. Is this some bug? Any other way to make this work? Thanks... I'm new to RouterOS. Yes, I hav...
by mducharme
Sat Apr 17, 2021 11:16 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 2810

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

Yes, I did it already. It is currently 6.48.2. It was thinking that the router in the apartment above is making an interference with my router, but it supports only 2.4 ghz. For now (after removing some of the channels) it seems OK. Would you suggest using only 1 channel, or allowing the router to ...
by mducharme
Sat Apr 17, 2021 11:10 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 2810

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

Yes, I did it already. It is currently 6.48.2. It was thinking that the router in the apartment above is making an interference with my router, but it supports only 2.4 ghz. For now (after removing some of the channels) it seems OK. Would you suggest using only 1 channel, or allowing the router to ...
by mducharme
Sat Apr 17, 2021 10:26 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 2810

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

I don't understand fully what you mean. I did update the packages and then I updated the firmware of both CAPs and RB4011. Should I do something more? Go into System->RouterBOARD and make sure that current firmware version is the same as the upgrade firmware version. If they are different, hit the ...
by mducharme
Sat Apr 17, 2021 9:58 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 2810

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

I did update it yesterday.
OK. Just to clarify in case you were not aware - the RouterBOOT upgrade is separate from the RouterOS upgrade. Upgrading RouterOS itself will not also upgrade the RouterBOOT firmware unless auto upgrade is enabled for RouterBOOT.
by mducharme
Sat Apr 17, 2021 9:22 pm
Forum: General
Topic: RB4011 sometimes maxes 1 core
Replies: 4
Views: 533

Re: RB4011 sometimes maxes 1 core

I have RB4011 and it does not always spread the load on other cores, doing a speed test it sometimes uses multiple cores but it sometimes gets stuck on 1 core using 100 percent. Is this some kind of problem with the router? ISP is DHCP (IPOE) Thanks Use tool profile to see what processes are taking...
by mducharme
Sat Apr 17, 2021 8:48 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 2810

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

I forced the cap with issues on channel 1. It seems OK for now. I also had a nearby channel 48, so I removed it from the list of channels for 5ghz, now I am only on channels 36,40 and 44. It does seem OK for now. For some reason (not sure if it is this), it seems the throughput of the wireless got ...
by mducharme
Sat Apr 17, 2021 4:12 am
Forum: RouterOS v7 BETA
Topic: L2TP BCP is broken
Replies: 3
Views: 747

Re: L2TP BCP is broken

So, you're saying it likely won't be fixed until stable v7 comes out? That's worse than Ubiquiti! I'm saying that if it is caused by one of these Linux GPL customizations that they haven't made yet, they will most likely only fix it when they feel it is getting closer to a stable release. If they i...
by mducharme
Sat Apr 17, 2021 4:00 am
Forum: RouterOS v7 BETA
Topic: L2TP BCP is broken
Replies: 3
Views: 747

Re: L2TP BCP is broken

After upgrading my router to v7 my L2TP BCP setup is broken. No packets can make it across, and I double checked the MTU/MTU/MRRU settings. Are there any changes in v7 that I might to work around to fix this? I spent an hour on my phone during a wedding trying to get the connection to work again. M...
by mducharme
Fri Apr 16, 2021 3:56 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 2084

Re: QoS in VPLS

Hello again, Thanks to your advice, setting up the EXP field seems to be working correctly :) I will verify it tomorrow, thank you for now! Something that needs to be clarified is that queue priority values are different than packet priority values (MPLS EXP bit, VLAN PCP). With queue priority, a l...
by mducharme
Fri Apr 16, 2021 1:30 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 2084

Re: QoS in VPLS

There's another problem too - he seems have configured the bridge filter to set the priority for the packets that have just been received over the VPLS tunnel instead of the packets that he is about to send over the VPLS tunnel. You probably want to set EXP for the packets that you are about to send...
by mducharme
Thu Apr 15, 2021 9:39 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135904

Re: Using RouterOS to VLAN your network

I disagree, I find it very confusing to have set PVID on the bridge ports and then not put the associated untagged entries on the bridge vlan. When reading a config its dirt easy visually to see what a person has done. Its so difficult to have to double check a config when not seeing the config, es...
by mducharme
Thu Apr 15, 2021 8:20 pm
Forum: Forwarding Protocols
Topic: Routing over ipsec
Replies: 8
Views: 1907

Re: Routing over ipsec

GRE over IPsec is fine. In the (hopefully near) future, probably IPsec VTI will be an option in RouterOS v7.
by mducharme
Thu Apr 15, 2021 4:46 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 2084

Re: QoS in VPLS

Another thing to realize as I think he has them backwards. Queue priorities are highest..1, to lowest..8. Vs COS/packet highest..7, to lowest..0. He has net control as queue priority 7.
Nice catch, missed that. Yes he has the queue priorities backwards.
by mducharme
Thu Apr 15, 2021 4:31 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 2084

Re: QoS in VPLS

If he doesn't know or realize, queue priority is only that. Will not transfer to packet or exp priority. As he has the queues built. Yes, exactly, I suspect he might think that the queue priority is somehow going to transfer to packet priority/EXP. And of course, as you say, that is not the case.
by mducharme
Thu Apr 15, 2021 4:21 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 2084

Re: QoS in VPLS

If thats his edge router egress traffic into his mpls core, it should show proper priority in the EXP field if he has it set correctly no? (Assuming that packet is one hes expecting to have a priority other than 0) That's what I mean - in his updated config snippet posted above, he isn't setting an...
by mducharme
Thu Apr 15, 2021 2:19 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 2084

Re: QoS in VPLS

That is strange because I can't see the EXP field changing its value. I made a mirror port on a port going to MPLS cloud and dumped frames with Wireshark:
You no longer have any set-priority actions to set the priority to anything other than 0 - that's why you don't see anything.
by mducharme
Wed Apr 14, 2021 6:40 pm
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 2084

Re: QoS in VPLS

Thank you for a comment. At the moment I have this sample configuration on the LER router, unfortunately the packets are not classified correctly: You can't use mangle on the traffic if the device is bridging it - only if it is routing it. In this case it is being bridged so it will never hit the m...
by mducharme
Wed Apr 14, 2021 5:11 am
Forum: Beginner Basics
Topic: hEX-S "advanced" setup with VLANs, dynamic DNS, CAPsMAN, etc.
Replies: 13
Views: 1104

Re: first significant confusion | Re: hEX-S "advanced" setup with VLANs, dynamic DNS, CAPsMAN, etc.

Can I assign the same range to VLAN10? I think NOT -- the VLAN10 would conflict with the bridge, right? This also begs the additional question: if everything is VLANed, does the bridge even need to have IP addresses assigned to it? On the other hand, if I remove addresses from the bridge, will VLAN...
by mducharme
Wed Apr 14, 2021 2:47 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 28
Views: 6466

MikroTik Wireguard server with Road Warrior clients

This is just intended as a basic config example for how to set up wireguard VPN on MikroTik for road warrior clients like iOS devices: MikroTik wireguard server config: # a private and public key will be automatically generated when adding the wireguard interface /interface wireguard add listen-port...
by mducharme
Wed Apr 14, 2021 12:15 am
Forum: General
Topic: Multicast over L2TP/IPSec
Replies: 4
Views: 526

Re: Multicast over L2TP/IPSec

4. Also if multicast works correctly, the clients can talk to each other as P2P devices which can ensure good latency/stability L2TP clients cannot communicate with each other directly by definition - any traffic from one client to another would have to go to your VPN concentrator CHR and back again.
by mducharme
Tue Apr 13, 2021 2:42 pm
Forum: General
Topic: Multicast over L2TP/IPSec
Replies: 4
Views: 526

Re: Multicast over L2TP/IPSec

So basically I have a cloud instance of RouterOS 6.47.9 CHR. It has a public IPv4 address on ether1 (also WAN interface). 1. First I couldn't get IPSec/L2TP to work with Windows 10 client, even after trying out different ciphers and options. It worked with Android and iOS, however. 2. How would I g...
by mducharme
Tue Apr 13, 2021 1:44 am
Forum: General
Topic: Graphing IPv4 and IPv6 Traffic
Replies: 3
Views: 352

Re: Graphing IPv4 and IPv6 Traffic

What you can do as a workaround is to set up queues for some very high rate (a lot more than you need, so that it actually doesn't really limit the clients at all), one for IPv4 traffic and one for IPv6 traffic, and graph the queues.
by mducharme
Mon Apr 12, 2021 6:43 am
Forum: Forwarding Protocols
Topic: PBR - issues
Replies: 3
Views: 975

Re: PBR - issues

But I'm unable to access pppoe user's router remotely. And even unable to access my Wireless ubnt & Mikrotik Access Point in web browser IP of Mikrotik and Ubnt wireless Access point in this network 172.20.20.0/24. Help..!! Policy based routing is always taken very literally and so you have to ...
by mducharme
Sun Apr 11, 2021 6:28 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

Also, comparing brazil with brazil-anatel: [admin@Michael-RB4011] > in wireless info country-info brazil ranges: 5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/passive,indoor 5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive 5490-5710/a,an20,an40,ac20,ac40,ac80,ac160,a...
by mducharme
Sun Apr 11, 2021 6:19 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

But the weirdest part is that without CAPsMAN, I never seemed to have problems with the 5GHz band. It is not too surprising to me unfortunately. It seems that CAPsMAN is not quite as smart as the regular wireless setup when it comes to only selecting channels that will be supported by the devices. ...
by mducharme
Sun Apr 11, 2021 5:47 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

I'll keep an eye on this, and if they ever stop working again, I'll check out their frequencies and post here again. But I'd really like to understand what was going on... You are still using secondary channels and probably don't need to be. Also, I don't know enough about wifi regulations in Brazi...
by mducharme
Sun Apr 11, 2021 5:07 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

It's been at least 5 minutes they both finished the radar scanning and are "running ap". Both of those are outdoor frequencies, at least in many countries - in the CAPsMAN->Configurations tab, double click on your config, and make sure the country is properly set, and installation is set ...
by mducharme
Sun Apr 11, 2021 4:32 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

I'm running two RB4011iGS+5HacQ2HnD-IN, one as CAPsMAN and the other as CAP. It was way cheaper then buying a switch and a wireless-capable device, and saved me a lot of space and cables/wires. CAPsMAN is running 5500/20-Ceee/ac/DP(15dBm)+5770/80(15dBm). Seems to be working. CAP is running 5740/20-...
by mducharme
Sun Apr 11, 2021 2:27 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

The problem is that the router (the CAPs Manager) is now working with this new CAPsMAN config we came to, but the CAP itself isn't (again, only the 5Ghz network).
What cap device are you using and what frequency has it selected on 5GHz?
by mducharme
Sat Apr 10, 2021 5:33 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

Forgot to tell you that they're up to date since day one, Rboard fw included! I also changed the forbid thing. It was in Mikrotik's "example tutorial". I think it doesn't change much is your don't have another CAPsMAN on the network. But it's allowed now. If you reset it and it is working...
by mducharme
Fri Apr 09, 2021 8:15 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

/caps-man manager interface
set [ find default=yes ] forbid=yes
On mine this is forbid=no, I think forbid=yes is incorrect. But I'm not sure that is related to your issue here.
by mducharme
Fri Apr 09, 2021 8:10 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

Wait, maybe I have some beacons, but they are extremely weak and curiously not really centered around the same frequency (maybe 5MHz for this or that side randomly), but this could be just noise. Try upgrading RouterOS and also make sure that your routerboard firmware is upgraded via system->router...
by mducharme
Fri Apr 09, 2021 7:52 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

Main: 5740/20-Ceee/ac(15dBm)+5570/80/DP(15dBm)
AP: 5740/20-Ceee/ac(15dBm)+5570/80/DP(15dBm)
You shouldn't have this +5570/80/DP(15dBm)

That means you have a secondary-frequency enabled, which isn't compatible with all situations.
by mducharme
Fri Apr 09, 2021 7:45 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

That is how it was in the beginning (config.rsc is attached in the first post). No, it isn't exactly the same as how it was in the beginning: channel.extension-channel=XXXX In your first post, you had that set. The issue is that I have found that XXXX extension channel can cause major issues when u...
by mducharme
Fri Apr 09, 2021 7:27 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

/caps-man channel add band=5ghz-n/ac control-channel-width=20mhz extension-channel=Ceee \ frequency=5170,5190,5230,5270,5310,5510,5550,5590,5630,5660,5755,5795 \ name=5GHz-n-ac secondary-frequency=\ 5170,5190,5230,5270,5310,5510,5550,5590,5630,5660,5755,5795 Clear the entire secondary-frequency and...
by mducharme
Fri Apr 09, 2021 7:07 am
Forum: General
Topic: Multiple packet marks?
Replies: 3
Views: 479

Re: Multiple packet marks?

Would the "mark routing" feature work for this as well? The Mik router has some webservers behind it so I need to be able to differentiate between traffic destined toward regular website visitors and outbound traffic that's supposed to go through the VPN. You have to use mark routing for ...
by mducharme
Fri Apr 09, 2021 6:19 am
Forum: General
Topic: Multiple packet marks?
Replies: 3
Views: 479

Re: Multiple packet marks?

I'm going to have a setup where I have a split-tunnel VPN and a queue tree. The split-tunnel will use mangle rules to mark packets that should get sent through the VPN, but the problem is that the queue tree also uses packet marks for QoS. Is there a way to add multiple marks to a packet/connection...
by mducharme
Fri Apr 09, 2021 6:14 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 5G doesn't work

The spectrum analyzer though, detects some short blips on the primary frequency (it chose 5550/20 and 5660/80 this time) every few seconds. Very faint, very short, kinda semi-randomly spaced in time. I suspect those are probably beacons. MikroTik has never added support for choosing the beacon inte...
by mducharme
Fri Apr 09, 2021 4:30 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 2.5G works, 5G doesn't

It's not a matter of transmitting in the wrong channel/wrong standard. The HackRF + PortaPack photo shows it's not even transmitting AT ALL. It's completely blue (pure noise), whereas any signal should be green. And there's no signal at all except for my neighbours' 5G routers in the lower part of ...
by mducharme
Fri Apr 09, 2021 12:57 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 2380

Re: CAPsMAN 2.5G works, 5G doesn't

I'm still struggling here. From the screenshots above, your capsman has selected invalid channels. Devices will not generally find these non standard channels. We have had this happen sometimes and the result is that only macbook pros are able to connect up to the wireless on the non standard chann...
by mducharme
Thu Apr 08, 2021 9:10 am
Forum: RouterOS v7 BETA
Topic: intel 710 chipset driver
Replies: 7
Views: 1612

Re: intel 710 chipset driver

I agree - I found this beta to be the first one that was stable enough for me to use for my home network. I would not consider it for any sort of production BGP.
by mducharme
Mon Apr 05, 2021 2:45 am
Forum: Forwarding Protocols
Topic: MPLS - massive throughput difference on CHR when using explicit nulls
Replies: 62
Views: 16555

Re: MPLS - massive throughput difference on CHR when using explicit nulls

I am testing this - I am seeing promising results but still some weird behaviour. When running a TCP btest on a hardware router (1100ahx2) going across an MPLS network to a CHR, I'm seeing full rates for send and receive. When I run the btest on the CHR against the same 1100ahx2 as last, I get full ...
by mducharme
Mon Apr 05, 2021 12:54 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

My HAP Lite got hard bricked updating via Winbox from v7.1b4 to v7.1b5. The router does not boot any more - the the Power-LED and Ether2 are lit, while Ether1 and Ether4 glow faintly. I tried to install various versions via Netinstall, but even after successfully flashing, the router will not boot....
by mducharme
Mon Apr 05, 2021 12:40 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135904

Re: Using RouterOS to VLAN your network

As an example, here I have created an issue on purpose by setting a port with PVID 99 as statically untagged on VLAN 5:
vlan-issue.JPG
The device on that port will receive untagged packets from both VLANs on egress as a result of this misconfiguration.
by mducharme
Mon Apr 05, 2021 12:29 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135904

Re: Using RouterOS to VLAN your network

@mducharme What if I put in a disclaimer, stating it was unnecessary and handled automatically? This article series is primarily about learning the VLAN concept on MikroTik hardware, not RouterOS syntax. In fact, I try to take a most verbose approach with the syntax to slow everything down and make...
by mducharme
Mon Apr 05, 2021 12:10 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 135904

Re: Using RouterOS to VLAN your network

Just to be clear are you saying that the reason setting untagged ports explicitly doesn't do anything because when you add an access port to a vlan by setting its pvid it is automatically added to the vlan table as an untagged port for that vlan. Is that correct? Yes, that is correct - by setting t...
by mducharme
Sun Apr 04, 2021 9:24 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1626

Re: CHR MPLS on esxi

Do you use OSPF on this interface?
Yes, OSPFv2 and OSPFv3. Obviously I had to change the IP MTU on the far side too. In my case it is a /30 so there was only one other device to change the MTU on to get this working.
by mducharme
Sun Apr 04, 2021 6:05 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1626

Re: CHR MPLS on esxi

I just got it activated with a trial and did a bandwidth test. Resulting speeds are just fine - I think they fixed the issue with ESXi performance.
by mducharme
Sun Apr 04, 2021 4:22 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1626

Re: CHR MPLS on esxi

Update: I just increased my IP MTU to 1550 on the VLAN going to the CHR and now VPLS is passing 1500 byte packets without issue.
by mducharme
Sun Apr 04, 2021 3:58 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1626

Re: CHR MPLS on esxi

ESXI 6.5. vSwitch allows to set higher MTU. But it looks like l2mtu is not detected by CHR (shows "0"). mtu is settable. But then the (senseless?) OSPF MTU check jumps in and hinders building neighborship. And it looks like only one OSPF neighbor with different MTU cause problems. Setting...
by mducharme
Thu Apr 01, 2021 3:13 am
Forum: General
Topic: IPSec VTI
Replies: 11
Views: 7498

Re: IPSec VTI

Not to mention that this would allow interop with many other router vendors IPSEC VTI based tunneling solutions. They are adding VTI is my understanding. I think the issue probably is if they add it now, while RouterOS v6 is still being updated, it is much more work for them to manage both code bas...
by mducharme
Wed Mar 31, 2021 10:41 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

So the vendor sent me a replacement card. It works fine with SLAAC. But I guess they overdid it, it gets a MAC-based address and a bunch of privacy addresses. Yeah, that is a little strange. A UPS shouldn't need privacy addresses under any scenario - they should just have that disabled so it only h...
by mducharme
Tue Mar 30, 2021 12:54 am
Forum: Forwarding Protocols
Topic: EOIP vs VPLS, less packet loss with EOIP?
Replies: 5
Views: 1170

Re: EOIP vs VPLS, less packet loss with EOIP?

In this situation, the NVR monitors/reports/records video loss. Its somewhat forgiving, so if its reporting loss, I believe its truly worse than it is. What I would suggest is that, if you are concerned about loss, add a test IP onto both ends of the VPLS tunnel and do a continuous ping from one of...
by mducharme
Mon Mar 29, 2021 11:45 pm
Forum: Forwarding Protocols
Topic: EOIP vs VPLS, less packet loss with EOIP?
Replies: 5
Views: 1170

Re: EOIP vs VPLS, less packet loss with EOIP?

How exactly are you monitoring the loss?
by mducharme
Thu Mar 25, 2021 7:33 pm
Forum: Forwarding Protocols
Topic: OSPF bug with IPs containing 255
Replies: 3
Views: 1016

Re: OSPF bug with IPs containing 255

Indeed, and I have also escalated this with the ISP, but if it was an ISP issue, why would some of the CCRs work while others don't? (They're all on the same ISP). Also, why would some CCRs see the OSPF neighbors, receive the LSAs, but don't install the routes? If the ISP was blocking traffic with ...
by mducharme
Thu Mar 25, 2021 7:43 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

I think the reason that Google is pushing this a bit is try to avoid having IPv6 set up in the same way as IPv4 just because it was the way that things were always done. Tons of people also want NAT66 otherwise they don't ever want to use IPv6. It is completely misguided thinking, where they believe...
by mducharme
Thu Mar 25, 2021 7:15 am
Forum: Forwarding Protocols
Topic: /32 blackhole redistribute between bgp instances
Replies: 4
Views: 975

Re: /32 blackhole redistribute between bgp instances

Do you use your normal (external) AS# for Fastnetmon's connection to your router? I'm guessing yes otherwise you need a second instance? Yes we use our external AS for fastnetmon's connection to the router. It works fine. Redistribution of BGP routes from one instance to another becomes much more c...
by mducharme
Thu Mar 25, 2021 7:06 am
Forum: Forwarding Protocols
Topic: /32 blackhole redistribute between bgp instances
Replies: 4
Views: 975

Re: /32 blackhole redistribute between bgp instances

I have fastnetmon setup and upon detection of ddos it sends /32 with 65001:666 via bgp to my CHR, I have FNM setup as a peer with it's own instance but for some reason the route doesn't seem to show when I run /routing bgp advertisements print peer=MYPEER so I'm assuming I have something in the con...
by mducharme
Thu Mar 25, 2021 4:43 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

About ND-based host tracking, I don't think it can be hooked up to DNS management or even to monitoring with user-friendly names. That's not the case - we have hundreds of linux servers, APs, UPS's, PDU's, switches, etc all on SLAAC. We have to manually create a single DNS record for each, but the ...
by mducharme
Tue Mar 23, 2021 8:24 pm
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

The Google engineer makes his case for the best way to track IPv6 address usage by host in RFC 7934 section 9.1:

https://tools.ietf.org/html/rfc7934#page-9
by mducharme
Tue Mar 23, 2021 7:49 pm
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

There are other solutions to this problem without bringing stateful DHCPv6 into the mix. We run SLAAC on our internal office network, and the Windows machines joined to Active Directory automatically update the Windows DNS records to include all of the SLAAC IPs used by the system, including the pri...
by mducharme
Tue Mar 23, 2021 8:29 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

I've tried all permutations of IPv6 configuration options (there are just two: "automatic", and "static IPv6"). I can ping the device over the link-local address, but for some reason it doesn't accept SLAAC. It works over stateful DHCPv6 on OpenWRT. I'll try to upgrade its firmw...
by mducharme
Mon Mar 22, 2021 4:42 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

It actually doesn't do SLAAC at all, apparently (except obviously for router and DHCPv6 discovery). That is really strange. I've never encountered a device that only supported DHCPv6 client and not SLAAC, and we use many devices. I have seen a few devices where (confusingly) you have to put it in D...
by mducharme
Mon Mar 22, 2021 4:28 am
Forum: Beginner Basics
Topic: Cheapest possible ROS device for wifi extender
Replies: 4
Views: 545

Re: Cheapest possible ROS device for wifi extender

Can someone tell me which Mikrotik device I should use for this? (I found videos saying to connecting devices back to back, but found another comment that a single device could be but bridge and AP_ "Cheapest possible" is not the best thing to be looking for. You can use almost any MikroT...
by mducharme
Mon Mar 22, 2021 1:02 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

Beta5 doesn't work on my hAP mini - after upgrading the router won't boot. Had to netinstall back to beta4 (netinstall for beta5 did not work, the device would not appear). It works fine on my other devices (mipsbe and arm based).
by mducharme
Sun Mar 21, 2021 10:06 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

I tried it using the /routing/id syntax and got the same result. Just to see if it was an issue specific to CHR on Qemu in EVE-NG, I tried the exact same syntax on an RB3011 in my lab and got the same result. Export hangs and i can't export any section of the OSPF config after I add anything to /ro...
by mducharme
Sun Mar 21, 2021 4:35 am
Forum: SwOS
Topic: CRS312-4C+8XG-RM -- Jittery Network Latency During VR Gameplay
Replies: 7
Views: 1546

Re: CRS312-4C+8XG-RM -- Jittery Network Latency During VR Gameplay

SWoS v1.11 (Not using v1.12 because it has a bug with 2.5gbps devices)
Have you tried using RouterOS instead of SwOS? The switch supports either. RouterOS has more features and may handle this better than SwOS.
by mducharme
Sun Mar 21, 2021 1:35 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

What configuration are you using for OSPFv3 ? Whenever I try to add the interface-template, I get a hang on the export similar to the export bug that was just fixed. They have changed the syntax again. router-id for OSPF is now expecting the name of one of the ID's in /routing/id instead of an IP a...
by mducharme
Sat Mar 20, 2021 7:33 pm
Forum: General
Topic: The queues to control bandwidth do not work for me
Replies: 3
Views: 525

Re: The queues to control bandwidth do not work for me

Please help me to control the bandwidth of the clients by IP or by the Interface
Use the method shown here instead of simple queues: https://wiki.mikrotik.com/wiki/Manual:C ... h_Limiting
by mducharme
Sat Mar 20, 2021 5:00 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

I've several devices that can't really use SLAAC because you need to know their address to connect to them. Some of them are UPS management cards. When you have SLAAC with no privacy extensions, which is the case for most such devices, the SLAAC addresses are essentially static - they won't change....
by mducharme
Sat Mar 20, 2021 2:50 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 2059

Re: IPv6 DHCPv6 server?

As I understand, RouterOS right now only supports DHCPv6 PD and not the stateful client DHCPv6? It would be nice to support it as well, so that the individual client bindings can be inspected through the console/API. MikroTik did say at one point that they planned to eventually support stateful DHC...
by mducharme
Fri Mar 19, 2021 9:15 am
Forum: RouterOS v7 BETA
Topic: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31
Replies: 15
Views: 2275

Re: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31

It says that /31 is not supported, so that people stop asking whether /31 is supported or not. It says /31 is not supported right now - the fact it is on the list suggests that /31 support is potentially intended for a later release. The red boxes on the left have been turning green as we move furt...
by mducharme
Thu Mar 18, 2021 2:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

OSPFv3 is still broken in beta5 - getting "wrong checksum" from everything, same as in beta4.

Is there any chance of getting RDNSS search list option added? https://tools.ietf.org/html/rfc8106#section-5.2
by mducharme
Thu Mar 18, 2021 2:20 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

Thanks for the hint. But I have routerboard "auto-upgrade" set to "yes" for quite some time now - for the exact same reason. The other thing I did was I did not just upgrade - I exported my config to an rsc, upgraded, reset to no default configuration, and pasted it back in. Wit...
by mducharme
Thu Mar 18, 2021 1:32 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47257

Re: v7.1beta5 [development] is released!

/tool torch is still excluding all IPv6 traffic. For those having issues with reboots, make sure you upgrade the RouterBOOT firmware. I forgot to do that when going from beta3 to beta4 and my beta4 was spontaneously rebooting once every several hours. Upgrading the RouterBOOT firmware fixed it and m...
by mducharme
Wed Mar 17, 2021 6:58 am
Forum: RouterOS v7 BETA
Topic: Slow IPv6 speeds on v7.1beta4
Replies: 9
Views: 1376

Re: Slow IPv6 speeds on v7.1beta4

in general properly structured IPv6 forward filter rules (accept for established/related connections) can speed up things, as there's no filter rules to travel and evaluate, before the packet is admitted for forwarding. so it should be better than the one with 25 FW rules. Yes, but in my experience...
by mducharme
Wed Mar 17, 2021 2:25 am
Forum: General
Topic: H-QoS and RADIUS
Replies: 2
Views: 295

Re: H-QoS and RADIUS

Second - can I attach such "policy" (queue tree) to a PPPoE connection and if I can, how? I didn't find any appropriate radius-attribute in the Mikrotik documentation. You can't do this automatically, you would have to jump through some hoops and script it, and for this type of thing it m...
by mducharme
Mon Mar 15, 2021 1:10 am
Forum: Beginner Basics
Topic: ipv6 package
Replies: 7
Views: 748

Re: ipv6 package

Concluding this means that a setup with activated ipv6 package but with deactivated ipv6 forwarding is almost the same (accept traffic to an from the Mikrotik device) as a setup with deactivated / not installed ipv6 package? Almost, but not quite - activating the IPv6 package on a router that is al...
by mducharme
Sun Mar 14, 2021 12:50 pm
Forum: RouterOS v7 BETA
Topic: Slow IPv6 speeds on v7.1beta4
Replies: 9
Views: 1376

Re: Slow IPv6 speeds on v7.1beta4

You don't need a CCR to get decent IPv6 speeds. What I typically do is go to the MikroTik "Test Results" tab for a certain device and look at the "25 ip filter rules", "512 byte" "Mbps" speed. This is a reasonable estimate of the real world performance you can...