RouterOS : 7.12 I have setup static arp under /IP arp There is no IPSec tunnels on mikrotik. Also no specific routes under /ip route I have setup NAT only for 5060. Do you think I should set dst-nat for port 5062? chain=dstnat action=dst-nat to-addresses=192.168.181.15 protocol=tcp dst-address-list=...

yes that is strange why mikrotik don't NAT those messages from provider to client(192.168.181.15) and I can't find why.
Also we can't reproduce problem, it just happens several times a week.

yes 192.168.181.15 is LAN side of mikrotik.

:put [/ip firewall connection tracking get udp-stream-timeout] = 00:03:00
/ip firewall service-port > sip disabled=yes sip-direct-media=no

one of latest examples

during day we have that mikrotik don't forward bye commands during call and operator have empty line and call must be manually closed. I have collected log but not sure what is happening. Maybe some UDP timeout and mikrotki loses NAT mappings and don't know where to forward packets. Maybe someone ha...

Server: Mikrotik Open VPN server (RouterOS 7.8 ) Clienti: Windows OpenVPN 2.6.2 If I set next it still connect with AES-256-CBC and without auth part I get error [unsupported auth digest] data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC data-ciphers-fallback AES-256-CBC auth SHA512 But if I set next...

RASDIUS timeout is already 40 sec. which is I think enough, it can be set to 60 sec. so it is same as DUO but problem is PPP authentication as I understand and this is if we don't do DUO autorization inside 5 sec. connection hangs. I would like to control PPP authentication timeout and for now I hav...

ver. 7.6 I have setup radius login for OpenVPN integrated with DUO 2FA authentication. We have noticed problem if you don't click yes in DUO app in about 5 seconds VPN connection hangs and you must manually kill connection because OpenVPN will never clean it. When connection hangs encoding part is e...

ver 7.6

we alse see same problem.
It would be nice that there is something to check and clear problematic interfaces/active connections.

ver 7.6
We also have enabled [only one] on profile.
when we see problem, we kill interface and active connection.

we have same issue with OpenVPN UDP connections but because we allow [only one] clients can't connect after that any more and we must manually clear connections. https://cdn.screencast.com/uploads/g000302M5s8dVYia1WADrIY2jvebB/11.02.2022-04.03.png?sv=2021-08-06&st=2022-11-02T03%3A09%3A18Z&se...

in version 7 I see password policy option
/user settings
minimum-password-length: 0
minimum-categories: 0

What is minimum-categories ?
I couldn't find documentation for that.

Will this also be password policy when creating other type of users like ppp or radius?

is there plan to support wireguard authentication?

it would be nice to be able do authentication by using radius server

I have read this
https://wiki.mikrotik.com/wiki/Brutefor ... prevention

But I have problem with setup similar blocking for OpenVPN after 3 failed login.

Does anyone have idea how to do this?

I have 2 IPs on WAN interface let say

1.1.1.1
2.2.2.2

and 1.1.1.1 is set automatically as preferred source but I would like to set 2.2.2.2 as preferred source.
But I can't modify dynamic route(DAC).

What can I do?

is there maybe a plan to add auto update option and set that as default option? There are many routers which will never be updated or until something real bad happens. Also maybe to add option to auto update only security fixes. This way every router will be immediately patched/updated(unmanaged) an...

does anyone have any info about NetBIOS broadcast?

Regards,
Darko Bazulj

@huntah thank you for the link. I have used rras/isa/tmg and that was never a problem until I switched to mikrotik :( Missing NetBIOS broadcast is another problem. Now I know I can suggest mikrotik only to smaller offices where is feasible to manually setup remote clients. Regards, Darko Bazulj

when client connects to Mikrotik by VPN is there a way to pass [Dns Suffix] property? https://dl.dropboxusercontent.com/u/12735114/mikrotik/dnssuffix1.png Under /ppp profile I see only dns-server option but no domin/dns suffix property . Also I haven't saw option to pass DHCP to VPN clients. I'm men...

we used TMG2010 until now and we have switched to Mikrotik. But now I have problem with VPN clients and machine name resolving/browsing using only machine names. I have read that one solution is to use WINS but for now we don't have WINS. https://dl.dropboxusercontent.com/u/12735114/mikrotik/tmg1-ne...

@Pietro thank you for help. # find is there a way to test find output on CLI before you start changing something or using in script? Just to check if your query is right. # where and regex I have tried to use regex but it looks id doesn't work or I'm missing something. work /ip route print where com...

I'm playing with find and where but I'm missing something. #works /ip route print where dst-address="0.0.0.0/0" # don't work /ip route find where dst-address="0.0.0.0/0" /ip route find dst-address="0.0.0.0/0" Aim is to search for comments by using wildcards. Do I miss s...