It would be more interesting to know (as these are routers) which queue types, if any, support ECN in MikroTik products. https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter Being able to set the ECN flag is a much different thing than knowing whether or not a queuing mechanism supports setting...

I was upgrading some routers from previous versions to 6.41, when all of a sudden I notice the most recent version is now 6.41.1. :-) I noticed that on 6.41.1 I am unable to change the neighbor discover-setting. Shown below are console output from a 6.41 router and a 6.41.1 router. They are the same...

Just so everyone knows, this was a feature request long before this thread. We asked for this back when we were using RoS v2. They were able to add RegEx capabilities to the DNS proxy, but nothing yet in over 10 years about being able to specify the record type... I'm working on an issue for a custo...

In case people haven't noticed yet, changes are afoot as of 6.40rc29 to bring MSTP to RouterOS. I noticed it in the release candidate channel firmware at 6.41rc11 (cli-only mode currently). See the link below for the only reference to it on the Wiki: https://wiki.mikrotik.com/wiki/Manual:Interface/B...

In case people haven't noticed yet, changes are afoot as of 6.40rc29 to bring MSTP to RouterOS. I noticed it in the release candidate channel firmware at 6.41rc11 (cli-only mode currently). See the link below for the only reference to it on the Wiki: https://wiki.mikrotik.com/wiki/Manual:Interface/B...

In case people haven't noticed yet, changes are afoot as of 6.40rc29 to bring MSTP to RouterOS. I noticed it in the release candidate channel firmware at 6.41rc11 (cli-only mode currently). See the link below for the only reference to it on the Wiki: https://wiki.mikrotik.com/wiki/Manual:Interface/B...

In case people haven't noticed yet, changes are afoot as of 6.40rc29 to bring MSTP to RouterOS. I noticed it in the release candidate channel firmware at 6.41rc11 (cli-only mode currently). See the link below for the only reference to it on the Wiki: https://wiki.mikrotik.com/wiki/Manual:Interface/B...

What about the stateful packet inspection? I would think that would fall under the category of firewall as conntrack is a component of iptables. Unfortunately I cant find any instance of where anyone from Mikrotik has officially documented what spi in the profile tool actually means. My comments ar...

SPI stands for Serial Peripheral Interface. It is one of the buses on the router that is used to talk to certain components, like the LCD panel as previously stated. Anyone that has ever message with an Arduino should be familiar with this type of bus. https://en.wikipedia.org/wiki/Serial_Peripheral...

This is a revenue generating opportunity for Mikrotik. We have numerous customers that would pay an additional licensing fee to have this product added to the Mikrotik router. I could easily sell this for $1000 a site. We are having to go to other router vendors (Sonicwall, Fortinet, Watchguard) to ...

I'm gonna give this a big bump!

I find it easier to create new users from the command line, but I don't do it anymore because the password that is set is in plain text in the history. Not good when there's no way to clear it!

Shouldn't be that difficult to add /system history clear...

BUMP

I can't believe this hasn't been addressed yet.

I've added --secure and :2211 to the address and it still connected using remote.

This seems like it would be a pretty obvious and easy problem to solve.

I can't find where this has been reported before, so here it is. This exists in RouterOS 4.16 and 5.0rc7. If you add a BGP instance from the console, you have the option to set the routing-table option. This option is not available in the GUI. It would be handy to have in the GUI... please! :D route...

The bug appears to be merely cosmetic. Came across it doing an interop test between Mikrotik and Cisco. In RouterOS 4.16 the GUI displays the wrong Destination for the MPLS Forwarding Table as shown in the below image. Looks like an index is off by one. The console version (/mpls forwarding-table pr...

The trick is to do the following: /ip hotspot profile set hsprof1 dns-name="" /ip hotspot walled-garden add action=allow comment="" disabled=no dst-host=www.apple.com path=/library/test/success.html For some reason the iPhone and iPad won't resolve the dns-name of the hot spot properly, so don't set...

Just adding my two cents. Not being able to set the dns-suffix for a vpn is a big problem, and has been a big problem ever since we started using Mikrotik routers years ago in V2. I'm pretty sure this has been a feature request for a LONG TIME. Every new customer that comes our way gets a Mikrotik r...

Okay, so as usual with a little persistence and proper debugging, the solution has presented itself. The NAS-Port-Type presented by the OpenVPN server is 0 (Async), whereas when using PPTP it's 5 (Virtual). Make sure your radius policies allow NAS-Port-Type to also be equal to 0. The other issue was...

I'm experiencing the same behavior on 4.10 with OpenVPN. PPTP and L2TP will authenticate using radius, but not OpenVPN. The log shows the packets being sent and received but authentication consistently fails. I have only had success using the local user database.

I have had similar issues with PPTP passthrough since the introduction of V3, regardless of minor revision. I haven't been able to nail down the cause, but I will have 20 people in an organization and 18 of them will all work fine but two will not. We will perform firmware updates on their current r...