I have yet to see Mikrotik release problematic gear, which is why our business switched from Ubiquiti to Mikrotik. Tutuapp 9apps Showbox i really hate to tell you but mikrotik has really fucked up lately when it comes to reliability.... https://forum.mikrotik.com/viewtopic.php?f=2&t=141633 and ...
we got 4 new crs317 as replacement (they have been tested at our supplier) but they show the same behaviour.... the recommended crs309 and 312 do not work as a replacement for us since we need the port density in that specific usecase. Has anyone given the new MikroTik CRS326-24S+2Q+RM a try? in an ...
I think I am having the same issue. I have 2 CRS317 and 2 CRS328 connected in a ring. one of the 328 sees 1 interface as root port and one as alternate port - so everything works as expected but it throws those loop warnings in the log exactly once a minute. also I have connected 2 ccr1009 to those ...
Hi no matter how much I love Mikrotik and appreciate that there are now really usable new switch models like the 328-24P - configuring vlan bridges is a PITA. my usual scenario is to have .) one or more uplink/trunk ports with a range of vlans (tagged) .) one or more groups of hybrid/access ports wi...
this issue keeps happening to me when my winbox version is to old for the used RouterOS version - just try to update winbox before you do anything else. @mikrotik: please add a more usable error message because even though it happened to me a couple of times I am regularly confused for some time bef...
It looks like the problem dissapeared after setting the type of the interface from "broadcast" to "point2point". However i am not sure if that is really a solution. I do not fully understand what broadcast vs. point2point has to do with this particular issue.
hi i have a crs326 and a wap lte connected via a direct ethernet cable. the interfaces where the cable is attached are in bridges and the bridges do have point2point ip adresses assigned on them. both devices are running an ospf instance and they do get all the routes they are supposed to. the only ...
hi i am just playing around with stp in order to figure out how to protect an infrastructure from misconfigured switches plugged in to client ports. i found from the documentation that there is a setting "restricted-role" which is supposed to keep a port from becoming a root port. i set it...
yesterday the second unit started acting weird: LTE is up and running but i cannot get any traffic. ping to various locations says timeout and i can see outgoing traffic on the interface but none incoming. ip is there and default route is installed as well. if i point the default route to some other...
thanks very much for your expaination! i did some reading myself already and figured that i will need to use mstp. my problem however is that although my mikrotik supports it i have a legacy switch infrastructure which does not support mstp. however i can design everything in a way that the excahnge...
hi i think i need some help in understanding the possible effects of the following scenario and how to do this properly. given i have 2 independent vlan domains each consisting of multiple switches running (r)stp: domain A with switches A1 to An is using VLAN 100-200 domain B wich switches B1 to Bn ...
Hi I was just browsing through the routerboard hardware looking for components for a larger wireless installation. Somehow I was not able to find any more 2.4ghz sector antennas - also the omnitik only comes as 5GHZ model. I am pretty sure there was a 2.4ghz model as well. Is there any particular re...
I had a simple USB dongle right in the same spot until I got the WAP LTE to replace it. Also I temporarily switched back to the dongle to crosscheck and the problems only arise with the WAP LTE. Therefore I can't really blame the network. Today I even swapped the SIM card with no effekt. Is it possi...
Hi I got myself an WAP LTE to replace the USB dongle on my CRS125 because it does not allow me to configure NAT/Portforwarding. I went with the USB dongle for quite some time and there were no major connection issues so I suppose the signal is OK at the given location. I inserted the SIM into the WA...
Than this announcement was terribly misleading and is causing a false sense of safety. This is fucking dangerous and must not happen!!!! It must be explicitly stated in which cases the update will help and even more importantly in which cases it will not, especially if it will not mitigate the vulne...
Hi when I read about the vulnerability this morning I immediatly checked the forum and was very happy to read this announcement. I updated all my access points and was quite relieved this should not concern me anymore. Now that there is more information and as it was already quoted: From the link : ...
is there any reason for not checking server certificate? even with client certificates enabled this opens the door for some attack vectors. To me this is rather disappointing.
Thanks anyway for the SSTP alternative recommendation.
at the risk of sounding rude: i really think implementing a vpn protocol that relies on certificates and then not validating those certs is a major flaw and i would at least expect a statement on if it is a configuration issue on my side or if there is really no option to do this. having this topic ...
Hi I am quite new to RouterOS and RouterBoards but I am slowly getting into it and i really love the possibilities and the affordable price of really great hardware. However i run into what i think is a major security concern with OVPN site to site tunnels. Wherever possible I use ipip over IPsec wi...
Hi if i read your question correctly you are not using client certificates but added the ca used to sign your server cert as client cert. that probably is the issue. try to remove the client cert param from you client config. there seems to be a serious problem with openvpn client on mikrotik - the ...