Community discussions

MikroTik App

Search found 151 matches

by elico
Mon Apr 08, 2024 10:24 pm
Forum: General
Topic: Is it possible to use a http proxy server for winbox to use?
Replies: 1
Views: 191

Is it possible to use a http proxy server for winbox to use?

Hey, I have a scenario which I have a server with static IP that I want to use to access the RouterOS remote devices and to allow access to the devices from couple static ip addresses. To allow other users to access the remote devices I want to use a http proxy which winbox should use. Is it possibl...
by elico
Mon Apr 08, 2024 10:19 pm
Forum: General
Topic: Winbox device "link" uri and windows automatic open
Replies: 1
Views: 199

Re: Winbox device "link" uri and windows automatic open

I made a simple chat with ChatGPT to create the relevant tools for it:
https://chat.openai.com/c/f8037c71-7fa5 ... 21328a7436
by elico
Mon Apr 08, 2024 3:45 pm
Forum: General
Topic: Winbox device "link" uri and windows automatic open
Replies: 1
Views: 199

Winbox device "link" uri and windows automatic open

I have a bunch of devices and I want to be able to connect to them using a href link. there are many uri schemes and I have a binary that can receive a uri and to extract the details and spin a winbox instance with the details. so I have two schemes in minde: winbox://username:password@ip-or-domain:...
by elico
Sun Mar 17, 2024 11:05 pm
Forum: Scripting
Topic: Adding vlan interfaces by range to a master interface by rest or script
Replies: 0
Views: 250

Adding vlan interfaces by range to a master interface by rest or script

first the rest API script at: https://github.com/elico/routeros-create-vlans-range and a simple script: :local masterInerface "test"; :local defaultDisabled "yes"; :for LoopCount from=1000 to=1099 step=1 do={ /interface/vlan/add interface=$masterInerface name="$masterInerfac...
by elico
Fri Mar 15, 2024 11:07 pm
Forum: Scripting
Topic: Rest API Limitations (if any)
Replies: 3
Views: 702

Re: Rest API Limitations (if any)

It depends id the web service is built to take such a load. normal web services are ok with 300 requests per sec but in bursts of max 300. Above this you need threading of so sort of parallel processing. Also, it depends on other factors and if you take 10k per an hour it's about ~166 per minute whi...
by elico
Fri Mar 15, 2024 11:01 pm
Forum: Scripting
Topic: Is there a way to find out if the client is connected to WG or IKE?
Replies: 1
Views: 499

Re: Is there a way to find out if the client is connected to WG or IKE?

Depends on the Bruteforce mitigation technique you use. For WG you just need to limit the burst of new connections to a reasonable amount and use keepalives. For IPSEC, I don't know who bruteforce IPSEC but it should be pretty hard to brute force... And again just block a burst of new connections. A...
by elico
Fri Mar 15, 2024 10:46 pm
Forum: Scripting
Topic: Delete all connection in Firewall-Connections
Replies: 15
Views: 20531

Re: Delete all connection in Firewall-Connections

So basically if you want all your FW connection tracking rules to be flushed you can't do it with a button click on winbox but with /ip/firewall/connection/print where (timeout>15) [remove $".id"] I can check it but my script worked fine, maybe this specific one liner is better or faster t...
by elico
Fri Mar 15, 2024 10:31 pm
Forum: Scripting
Topic: CURL command for disable a nat rule
Replies: 2
Views: 509

Re: CURL command for disable a nat rule

You can create a Jump rule into a specific set of dst-nat rules from the dstname ruleset.
You will need to find it first so a commend might be a good way to find the jump rule.
by elico
Thu Mar 14, 2024 11:39 am
Forum: Scripting
Topic: Updating GeoIP address lists from this git
Replies: 1
Views: 3591

Re: Updating GeoIP address lists from this git

Now I'm looking for the right way to remove a specific record with a single POST request :\
by elico
Sun Mar 03, 2024 12:31 pm
Forum: Scripting
Topic: Delete all connection in Firewall-Connections
Replies: 15
Views: 20531

Re: Delete all connection in Firewall-Connections

The next script works great on RouterOS V7.x but I prefer a foreach one if possible. The issue is that I have a device with more then 60k Connections tracked and when I am trying one of the scripts above with foreach it does a "find" per connection and it takes forever to flush the connect...
by elico
Sun Mar 03, 2024 12:24 pm
Forum: Scripting
Topic: amazon address list import
Replies: 5
Views: 669

Re: amazon address list import

To my opinion it's better to use the rest api to update the address list.
You can use a simple curl command to fetch the current list and then using a diff to find out if and what you might need to add or remove from the address list.
Less overhead inside the RouterOS scripting area.
by elico
Sun Mar 03, 2024 10:02 am
Forum: General
Topic: How to reorder firewall rules?
Replies: 2
Views: 250

Re: How to reorder firewall rules?

As for winbox you need to clear the session cache and make sure that you use the latest winbox version.
Use safe mode on winbox to make sure you won't get locked outside of the Router.
Once you see the rules are OK for 30 secs you are probably OK to apply the config/rules by unclicking the safe mode.
by elico
Fri Mar 01, 2024 2:58 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 573
Views: 137188

Re: v7.14 [stable] is released!

I too had an issue with CHR ethernet adapters disappearing after updating from 7.13.5 to 7.14 on a production server times two. 7.14 is supposed to be stable realease? I was prepared with a week old snapshot and suddenly my adapters reappeared. OK what hypervisor? Worked fine on Hyper-V. /system/re...
by elico
Fri Mar 01, 2024 2:56 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 573
Views: 137188

Re: v7.14 [stable] is released!

Thank you...until now I did not need it but I have to see it now. It would be better to fix Netwatch/sending notification than add new interface for nothing... What notifications and I don't understand if it's sending or not. As far as I know to send a notification from netwatch you need to write a...
by elico
Fri Mar 01, 2024 2:51 pm
Forum: Announcements
Topic: v7.14.2 [stable] is released!
Replies: 573
Views: 137188

Re: v7.14 [stable] is released!

The comment from w0lt was correct. In order to disable specific topic logs, go to System/Logging and open, for example, "info" topic. Add "!wireguard" to it. All info logs, except WireGuard, will be logged now. Yes, these are new logs, nothing changed in the WireGuard behavior. ...
by elico
Mon Feb 05, 2024 10:56 pm
Forum: Wireless Networking
Topic: mesh with 3 MT devices
Replies: 2
Views: 1073

Re: mesh with 3 MT devices

I tried to understand what you want to do but yet to understand.
Can you elaborate a little bit more then what's already?
Maybe, where do you want the AX to source the internet from?
by elico
Thu Jan 11, 2024 11:42 pm
Forum: Containers
Topic: sftpgo container
Replies: 4
Views: 3536

Re: sftpgo container

I need to test it.
It worked fine on my HAP AC3 and HAP AX3.
Let me check it later on.
by elico
Tue Jan 09, 2024 2:02 pm
Forum: Wireless Networking
Topic: HAP AX3 to HAP AX3 wifi disconnections issue, "disconnected reason code 3" on the client [SOLVED]
Replies: 1
Views: 1746

Re: HAP AX3 to HAP AX3 wifi disconnections issue, "disconnected reason code 3" on the client [SOLVED]

OK, So first of all for all the assistance in the Discord wifi channel. I respect each and everyone who made a response to help me first asses the options. The main difficulty was that it was a RouterOS to RouterOS single device connection and non an Iphone or laptop or android or any other client w...
by elico
Mon Jan 08, 2024 12:05 pm
Forum: Wireless Networking
Topic: HAP AX3 to HAP AX3 wifi disconnections issue, "disconnected reason code 3" on the client [SOLVED]
Replies: 1
Views: 1746

HAP AX3 to HAP AX3 wifi disconnections issue, "disconnected reason code 3" on the client [SOLVED]

I have a setup of HAP AC(client) to HAP AC3(AP) which worked very well for a very long time. I replaced the HAP AC(Client) into HAP AX3 to achieve better performance (I could not get an AC3). Since I replaced the HAP AC to HAP AX3 I got a weird behavior of the wifi link drops every day couple times....
by elico
Mon Jan 08, 2024 11:54 am
Forum: Wireless Networking
Topic: hAP ax3 wireless problem [SOLVED]
Replies: 145
Views: 17084

Re: hAP ax3 wireless problem [SOLVED]

Can you try to post the channel you use and the Status of the interface from Winbox?

It's interesting to understand what the situation for this issue.

Thanks!
by elico
Fri Jan 05, 2024 8:39 pm
Forum: Wireless Networking
Topic: hAP ax3 Station Mode - disconnected reason code 3
Replies: 7
Views: 3042

Re: hAP ax3 Station Mode - disconnected reason code 3

Sharing the config of both the AP and the STATION: AP: /interface wifi channel add band=2ghz-ax disabled=no frequency=2412 name=2GHZ skip-dfs-channels=10min-cac width=20/40mhz add band=5ghz-ax disabled=no frequency=5745 name=5GHZ skip-dfs-channels=10min-cac width=20/40/80mhz /interface wifi security...
by elico
Fri Jan 05, 2024 1:52 pm
Forum: Wireless Networking
Topic: hAP ax3 Station Mode - disconnected reason code 3
Replies: 7
Views: 3042

Re: hAP ax3 Station Mode - disconnected reason code 3

I have this exact same issue between two ax3 devices and it was the same between a hap ac3(AP) and hap ax3(station). I am trying to understand how to prevent this issue. Both devices use wpa3 couple other basic configurations. In my PC and mobile I just connect to the wifi and it stays on for hours ...
by elico
Sat Dec 02, 2023 11:37 am
Forum: Containers
Topic: Caddy reverse proxy with automatic lets encrypt.
Replies: 2
Views: 3018

Caddy reverse proxy with automatic lets encrypt.

Has anyone tried Caddy reverse proxy with automatic lets encrypt to run ontop of RouterOS container? It can be pretty nice. The only issue is the configuration and process management. A simple port 443 and port 80 port forwarding into the container is a must. Then the configuration should be auto ge...
by elico
Sat Dec 02, 2023 11:27 am
Forum: Containers
Topic: No execute permission on mountpoints for binaries
Replies: 2
Views: 2345

Re: No execute permission on mountpoints for binaries

Probably a security feature.
You can try to contact support to understand better.
by elico
Sat Dec 02, 2023 11:25 am
Forum: Containers
Topic: Start and stop containers via REST API?
Replies: 2
Views: 2032

Re: Start and stop containers via REST API?

@user442 using what tools?
curl would be good?
by elico
Sat Dec 02, 2023 11:23 am
Forum: Containers
Topic: Containers broken after restore from backup
Replies: 5
Views: 2233

Re: Containers broken after restore from backup

What version of RouterOS and also what container?
by elico
Sat Dec 02, 2023 11:22 am
Forum: Announcements
Topic: NEW FEATURE: Back to Home VPN
Replies: 298
Views: 238190

Re: NEW FEATURE: Back to Home VPN

@normis, I have just installed the BTH app on andorid and tried to connect to my device but it shows:
VPN Connection failed.

Do I open a ticket for that? I am using latest 7.12.1.
by elico
Sat Dec 02, 2023 11:06 am
Forum: Containers
Topic: Easier container upgrade?
Replies: 3
Views: 2250

Re: Easier container upgrade?

@Amm0 scripting something like docker-compose would be pretty simple to some degree.
An upgrade can be done with a "spec" of the container making sure that the data is saved.
There is even probably an option to take an existing container, delete it and recreate it with a set of commands.
by elico
Sat Dec 02, 2023 10:59 am
Forum: Containers
Topic: transmission container on hap ac2
Replies: 5
Views: 2734

Re: transmission container on hap ac2

@noctis.
YES, this is great!!!
by elico
Tue Nov 14, 2023 9:46 am
Forum: Containers
Topic: Small iperf3 container
Replies: 36
Views: 8576

Re: Small iperf3 container

Hey Tangent, The point of having an option to use a distribution is to not handle the sources yourself. There is a price for building and verifying yourself the binaries and handing it over to another entity or person. I prefer to invest my time on what it's worth. I am not handling embedded systems...
by elico
Mon Nov 13, 2023 12:03 pm
Forum: Containers
Topic: Small iperf3 container
Replies: 36
Views: 8576

Re: Small iperf3 container

Hey Tangent, First I appreciate your time and effort. In a forum there is some definition of tread hijacking but for now you are writing much more then me and also placing very good points. I would say this is a very very successful discussion regarding the general topic of containers. I don't know ...
by elico
Sat Nov 11, 2023 11:23 am
Forum: Containers
Topic: Is it possible to protect RouterOS webfig with nginx or haproxy container?
Replies: 0
Views: 2778

Is it possible to protect RouterOS webfig with nginx or haproxy container?

I have seen that lets encrypt can be used on RouterOS devices. The drawback is to open port 80 to the world and there are workarounds using /ip/firewall/xyz rules to block port 80 and allow to only specific sources. There is another option and it's to use some kind of reverse proxy such as nginx or ...
by elico
Sat Nov 11, 2023 11:09 am
Forum: Containers
Topic: transmission container on hap ac2
Replies: 5
Views: 2734

Re: transmission container on hap ac2

If you are using some kind of torrent software you should look at qbittorent rather than transmission.
However for hap ac2 I would try to use only transmission if at all and with a limited amount of ram.
by elico
Sat Nov 11, 2023 11:05 am
Forum: Containers
Topic: Small iperf3 container
Replies: 36
Views: 8576

Re: Small iperf3 container

Hey Tangent, I don't want to say what you are saying is wrong. It will be different per use case. Your container is designed to be as small as possible and for specific edge use cases. The container I have created is a general off the shelf ready to use software packaged in a container. I am not try...
by elico
Thu Nov 09, 2023 4:25 am
Forum: Containers
Topic: Small iperf3 container
Replies: 36
Views: 8576

Re: Small iperf3 container

Give the latest alpine 3.18 iperf3 a test: https://hub.docker.com/r/elicro/iperf3-server The next is a test from a windows machine over a connection between HAP ax2 to an HAP ac2 which hosts the iperf3-server. Seems pretty decent to me. PS C:\Users\Administrator\Software\iperf-3.1.3-win64> .\iperf3....
by elico
Sun Nov 05, 2023 11:22 am
Forum: Containers
Topic: sftpgo container
Replies: 4
Views: 3536

Re: sftpgo container

The issue was the version of the container which for some reason doesn't work. The alpine version is a static binary version and works as expected. Installation instructions: /interface/bridge/add name=dockers /ip/address/add address=172.21.0.254/24 interface=dockers /interface/veth/add name=veth22 ...
by elico
Sat Nov 04, 2023 10:26 pm
Forum: Containers
Topic: sftpgo container
Replies: 4
Views: 3536

Re: sftpgo container

The container doesn't work because of couple things but I am testing the options. If you have some experience with containers debugging please put some hand to find out what is causing the container to not start. /interface/bridge/add name=dockers /ip/address/add address=172.21.0.254/24 interface=do...
by elico
Thu Oct 19, 2023 8:59 am
Forum: Containers
Topic: sftpgo container
Replies: 4
Views: 3536

sftpgo container

Has anyone tried to use:
https://github.com/drakkan/sftpgo

on RouterOS?
by elico
Mon Jun 26, 2023 11:06 pm
Forum: Beginner Basics
Topic: WG-BGP
Replies: 2
Views: 1609

Re: WG-BGP

I had the devices ping each other over wireguard on 7.9 but now on 7.10 I can't do that. Is there any know issue with that? ## EDIT OK SO I found out what was the problem in my config on RouterOS. I tried to understand what's wrong and eventually looked at: https://markeclaudio.github.io/mikrotik-wi...
by elico
Wed Jun 21, 2023 7:56 pm
Forum: Containers
Topic: import adguard dns container image problem Topic is solved
Replies: 61
Views: 17540

Re: import adguard dns container image problem Topic is solved

Seems to work fine on RouterOS v7.10. https://gist.github.com/elico/176d1c0a83a5e4f6c53fe11a20bd7b62 /interface/veth/add address=172.21.0.201/24 gateway=172.21.0.254 name=veth201 /interface/bridge/port/add bridge=dockers interface=veth201 /container/envs/add name=adguard_envs key=TZ value="Asia...
by elico
Wed Jun 21, 2023 7:55 pm
Forum: Containers
Topic: Need help running containers on a hAP ac³
Replies: 2
Views: 3295

Re: Need help running containers on a hAP ac³

You will need to elaborate more about the process you are using to create the containers and then import them so we would be able to try to help you.
by elico
Mon Jun 19, 2023 12:05 am
Forum: Scripting
Topic: Updating GeoIP address lists from this git
Replies: 1
Views: 3591

Updating GeoIP address lists from this git

I have tried couple scripts that will create a BLOCK or ALLOW ipv4 firewall address lists. The main issue was that some scripts are too long for RouterOS import. I want to use the next github repo: https://github.com/herrbischoff/country-ip-blocks to take a specific set of countries lists and add th...
by elico
Sat Jun 03, 2023 11:14 pm
Forum: Containers
Topic: Rustdesk-server container with many neat features Topic is solved
Replies: 11
Views: 9889

Re: Rustdesk-server container with many neat features Topic is solved

OK, SO I have verified this issue. The way to handle this issue is to define two things: 1. is to always use the relay server in the environment variables. 2. both clients should use the same host domain name, for the local/internal the domain should point to the internal IP For the external the dom...
by elico
Fri Jun 02, 2023 10:34 am
Forum: Containers
Topic: Rustdesk-server container with many neat features Topic is solved
Replies: 11
Views: 9889

Re: Rustdesk-server container with many neat features Topic is solved

I will try to test it on a regular container and server first.
If it's the same for both a container and a server then it's something with the rustdesk software and should be discussed in their github issues.
by elico
Wed May 24, 2023 9:13 am
Forum: Beginner Basics
Topic: Why not a definitive solution to block Youtube?
Replies: 55
Views: 20951

Re: Why not a definitive solution to block Youtube?

What about a proxy? The main issue that you might try to be as transparent as possible. With a good proxy software you will be able to do whatever you want. Also, with containers you can have any proxy of your choice. You will still need to block quic and port 80,443 and maybe other parts of the net...
by elico
Wed Jan 25, 2023 9:34 pm
Forum: Containers
Topic: Minio container is ready
Replies: 10
Views: 4329

Re: Minio container is ready

How much memory is needed to start and run this container?
Is it possible to run it on hap ax3? (with 1 GB RAM, 650 MB free)
It is possible to run it on hap ax3 but I recommend to use an external USB storage and not the internal one.
by elico
Tue Jan 17, 2023 1:48 am
Forum: Containers
Topic: Container to resolve native DOH issues
Replies: 5
Views: 3125

Re: Container to resolve native DOH issues

Have you tried any containers until now? You can try this one: https://hub.docker.com/r/satishweb/doh-server I do not know the project and it should be inspected before usage but it seems legit on the surface You can see the variables that can be used for the container in this docker-compose.yml exa...
by elico
Tue Jan 17, 2023 1:34 am
Forum: Containers
Topic: Container crashes randomly
Replies: 10
Views: 4730

Re: Container crashes randomly

With what OS have you tried to build the Websockify container? It seems that both Debian and Alpine has a package so you'd better stick to it. I can try to create a container for that and resolve the issue and I wish there was funding for the time on such a project. To clarify my project: I want to ...
by elico
Tue Jan 17, 2023 1:28 am
Forum: Containers
Topic: uptime kuma docker Topic is solved
Replies: 15
Views: 6918

Re: uptime kuma docker Topic is solved

we would need step by step how this can be repeated. For me files always stay with correct uid,gid when upgrading from 7.6 to 7.7 I will try to test it later on. I have tested this on HAP AC3, every file I am uploading via lftp or winbox has a the above 65534 UID and GID. I will verify if it's my d...
by elico
Sun Jan 15, 2023 11:51 pm
Forum: Beginner Basics
Topic: Connecting from Ubuntu to Mikrotik RB2011 (and probably others) [SOLVED]
Replies: 0
Views: 919

Connecting from Ubuntu to Mikrotik RB2011 (and probably others) [SOLVED]

I have used both minicom and picocom and picocom seems much nicer to me to some degree. To connect the RB2011 console I have used a Prolific 2303TA cable which is not compatible with Windows 11 so I have installed Ubuntu 22.04 on a VM in Virtualbox and then connected the USB to the VM. The VM got th...
by elico
Sat Jan 14, 2023 8:50 pm
Forum: Containers
Topic: openspeedtest mikrotik ready container Topic is solved
Replies: 18
Views: 11543

Re: openspeedtest mikrotik ready container Topic is solved

What are you quotting whole preceding post for? Do this help undertending the conversation? No. Use "Post Reply" button. Will test. ... OK so I have tested and it seems that there is an issue with the container running as unprivileged user on 7.7. From what I understood the Support team i...
by elico
Sat Jan 14, 2023 8:46 pm
Forum: Containers
Topic: uptime kuma docker Topic is solved
Replies: 15
Views: 6918

Re: uptime kuma docker Topic is solved

@TheNetworkBerg Did you tried to make a backup using lftp before erasing the mount point? I will try to test it later on when possible. ... I have now verified that after the upgrade from 7.6 to 7.7 the old files get the uid and gid of: 65534 and there for cannot be touched even when I am the root u...
by elico
Thu Jan 12, 2023 5:05 pm
Forum: Containers
Topic: uptime kuma docker Topic is solved
Replies: 15
Views: 6918

Re: uptime kuma docker Topic is solved

fix for .type will be available in next releases. Thanks! Looking forward for this. For now I have provided a better entrypoint.sh version which uses find instead of chown -R and excludes the .type file. Can be seen at: https://github.com/louislam/uptime-kuma/pull/2587/commits/f7da83ed55ca2d0ee28d0...
by elico
Thu Jan 12, 2023 2:46 pm
Forum: Containers
Topic: uptime kuma docker Topic is solved
Replies: 15
Views: 6918

Re: uptime kuma docker Topic is solved

@elico .type file inside mounts is for RouterOS to mark folder contents as not to be listed inside RouterOS. Correct fix would be not changing permissions for this file from uptime-kuma side, or allowing permission change or change the way of listing/not listing folders from RouterOS side. Deleting...
by elico
Wed Jan 11, 2023 9:57 pm
Forum: Containers
Topic: Browsing and chaning containers files on RouterOS
Replies: 1
Views: 3396

Browsing and chaning containers files on RouterOS

In the latest post of uptime-kuma there was a resolution for an issue by erasing a .type file in a container directory. Based on this I have tried to see the options of sftp and lftp (lftp has great auto-completion and couple nice tools like cat) and it seems that you can actually manage the FS of b...
by elico
Wed Jan 11, 2023 9:46 pm
Forum: Containers
Topic: Looking for Docker container ideas for RouterOS
Replies: 121
Views: 31500

Re: Looking for Docker container ideas for RouterOS

exabgp would be great.
I have somewhere an exabgp setup which defines the next-hop for a bgp advertisment and it's good for anycast dns advertisment in ISP networks.
by elico
Wed Jan 11, 2023 9:26 pm
Forum: Containers
Topic: uptime kuma docker Topic is solved
Replies: 15
Views: 6918

Re: uptime kuma docker Topic is solved

The real solution is to fix this "bug" inside the container since it's doing something wrong in the entrypoint.sh script. I have a fix for that and will submit a PR to the uptime-kuma git repo which if will be accepted will reduce this unnecessary step. ... at: https://github.com/louislam/...
by elico
Tue Jan 10, 2023 4:48 am
Forum: Containers
Topic: Howto mount without noexec ?
Replies: 1
Views: 2569

Re: Howto mount without noexec ?

This is a security restriction to prevent from the container to do a mount back into the RouterOS FS.
There was a CVE as far as I remember that showed how the telnet binary can be mounted from the container back into the RouterOS FS and well it ended pretty bad...
by elico
Tue Jan 10, 2023 4:37 am
Forum: Containers
Topic: Mikrotik CCR2004-1G-12S+2X's container
Replies: 15
Views: 7076

Re: Mikrotik CCR2004-1G-12S+2X's container

Downgraded from 7.7 to 7.6? Nice. Downgraded my router to 7.6, then got the container working. Snapshot versions don't have a GUI, so this is what I ended up preparing for the router. docker import https://downloads.openwrt.org/releases/22.03.2/targets/armvirt/64/openwrt-22.03.2-armvirt-64-default-r...
by elico
Tue Jan 10, 2023 4:34 am
Forum: Containers
Topic: First Container in list doesn't start on boot
Replies: 6
Views: 3381

Re: First Container in list doesn't start on boot

Reporting the same issue
Has anyone tested this with 7.7rc?
by elico
Tue Jan 10, 2023 4:33 am
Forum: Containers
Topic: Unbound container setup
Replies: 6
Views: 5450

Re: Unbound container setup

No, Just adjust the ip addresses to your containers network subnet. Just a recursive caching DNS server? A simple unbound container can be found at: https://github.com/elico/unbound-container Example on how to deploy it: /interface/bridge/add name=dockers /ip/address/add address=172.20.0.254/24 inte...
by elico
Tue Jan 10, 2023 4:31 am
Forum: Containers
Topic: Container breaks between RouterOS versions
Replies: 1
Views: 2504

Re: Container breaks between RouterOS versions

Contact support ...
by elico
Tue Jan 10, 2023 4:10 am
Forum: Scripting
Topic: Script to change NordVPN server address [SOLVED]
Replies: 19
Views: 12583

Re: Script to change NordVPN server address [SOLVED]

What about rest api? It's very simple to find the first hostname with curl and jq from the API using: curl -s "https://api.nordvpn.com/v1/servers/recommendations?limit=3"| jq -r ".[0] | .hostname" Then using a simple rest api query you can verify if there is a change needed and i...
by elico
Fri Dec 16, 2022 4:46 am
Forum: Forwarding Protocols
Topic: Advertising Connected routes doesn't work on a SSTP connection
Replies: 1
Views: 1975

Advertising Connected routes doesn't work on a SSTP connection

OK so I have PTP SSTP connections with a centralized router. The SSTP clients network is 192.168.120.0/24 and the remote address of the centralized router over the SSTP connection is 192.168.9.250. I have multiple locations that are connected to the centralized Router each on a different geographic ...
by elico
Mon Dec 05, 2022 12:09 am
Forum: Scripting
Topic: REST API Creating and updating an ip firewall address list with domains
Replies: 2
Views: 2364

Re: REST API Creating and updating an ip firewall address list with domains

OK so I took the time to write some code and give a programmatically example of an address-list update at:
https://github.com/elico/mikrotik-web-f ... ss-domains

It requires some environment variables like MT_HOST and MT_USER and MT_PASSWORD
I hope it helps someone.
by elico
Sun Dec 04, 2022 11:28 pm
Forum: Scripting
Topic: REST API Creating and updating an ip firewall address list with domains
Replies: 2
Views: 2364

REST API Creating and updating an ip firewall address list with domains

Hey, I am using an external script to dump the DNS cache from the device and then populate an address list with specific domains. I am able to dump and find the addresses but not sure how to add a batch of domains and/or addresses to the RouterOS device via REST API. What: https://router/rest/path s...
by elico
Sun Dec 04, 2022 10:47 pm
Forum: Containers
Topic: Looking for Docker container ideas for RouterOS
Replies: 121
Views: 31500

Re: Looking for Docker container ideas for RouterOS

NMAP container ? It's something missing on routerOS to easily scan client LAN (check if a port is open on a device or not). Or if someone have a easy way for this (ssh tunnel ?) A very simple ssh container can do that. I have created one based on alpine linux 3.17 but not sure if I have published i...
by elico
Sun Dec 04, 2022 10:42 pm
Forum: Containers
Topic: Unbound container setup
Replies: 6
Views: 5450

Re: Unbound container setup

Then change the network to .17 compared to .20 and it should work. I am using the 172.20 since I have local machines with docker which the default network of choice is 172.17 so... I am using another network on the MT device so these containers can reach the DNS or another service. You should instal...
by elico
Sun Dec 04, 2022 10:31 pm
Forum: Scripting
Topic: Script to collect IPs from the DNS cache on address lists executes just first block of code.
Replies: 6
Views: 5738

Re: Script to collect IPs from the DNS cache on address lists executes just first block of code.

OK I have seen some horrible code but the above from me was a total mistake. The next one works for now: /log info ("Starting whatsapp script"); :foreach i in=[/ip dns cache all find where (name~"whatsapp")] do={ :local tmpAddress [/ip dns cache get $i name]; :if ( [/ip firewall ...
by elico
Sun Dec 04, 2022 10:23 pm
Forum: Scripting
Topic: Script to collect IPs from the DNS cache on address lists executes just first block of code.
Replies: 6
Views: 5738

Re: Script to collect IPs from the DNS cache on address lists executes just first block of code.

I took only a single piece of code and it doesn't even run on V7. It looks to me like something in the code is wrong. :log info ("Start of script"); :foreach i in=[/ip dns cache all find where (name~"whatsapp") && (type="A") && (data!="240.0.0.1&quo...
by elico
Sun Nov 20, 2022 11:18 pm
Forum: Forwarding Protocols
Topic: Use of BGP for Kubernetes hosted web services [SOLVED]
Replies: 3
Views: 4853

Re: Use of BGP for Kubernetes hosted web services [SOLVED]

Hi experts, I have 2 Raspberry PIs running Kubernetes (k3s actually) and they will be hosting various web applications. Network setup is so that ISP is directly connected to my MikroTik Hex router, and everything at home has IP from the Hex's default range of 192.168.88.0/24. Because I'm overly amb...
by elico
Sun Nov 20, 2022 1:53 am
Forum: Containers
Topic: openspeedtest mikrotik ready container Topic is solved
Replies: 18
Views: 11543

Re: openspeedtest mikrotik ready container Topic is solved

Thanks for the details. ~20% for 10Gbps is not really a lot. I just wanted to add that not all clients are equal and not all of them can handle even 1Gbps to begin with. Most recent hardware and browsers can handle this but I have been running speed tests against clients Desktops and Servers for the...
by elico
Fri Nov 18, 2022 6:24 pm
Forum: Containers
Topic: Unbound container setup
Replies: 6
Views: 5450

Re: Unbound container setup

I have followed the instructions as per the wiki on setting up Pi and it works great! Now I would like to setup Unbound as a container for a DNS solution but can't find any information on how to do this on the Mikrotik. Any help would be appreciated! Just a recursive caching DNS server? A simple un...
by elico
Fri Nov 18, 2022 2:17 am
Forum: Containers
Topic: Rustdesk-server container with many neat features Topic is solved
Replies: 11
Views: 9889

Rustdesk-server container with many neat features Topic is solved

Rustdesk is an opensource alternative for Anydesk and Teamviewer (cannot 100% replace Teamviewer but is good enough for the price). Rustdesk is composed of couple components: A server (api and registration) A relay server A client An installer I have added a "secure" (password protected) h...
by elico
Fri Nov 18, 2022 1:34 am
Forum: Containers
Topic: openspeedtest mikrotik ready container Topic is solved
Replies: 18
Views: 11543

Re: openspeedtest mikrotik ready container Topic is solved

Any idea what is going wrong here? Maybe the user is not root? Thanks, dksoft Nov 17 21:02:55 router container,info,debug INFO: /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration Nov 17 21:02:55 router container,info,debug INFO: /docker-entrypoint.sh: L...
by elico
Thu Nov 17, 2022 6:06 pm
Forum: Containers
Topic: Minio container is ready
Replies: 10
Views: 4329

Minio container is ready

There are minio containers out there but non of them are for armv7 so I took the time to build a compressed minio container. The binaries are compessed with upx and are more or less 30% compressed. ie 30MB compared to 90MB. The container includes both minio and mc (client). If you don't know what mi...
by elico
Thu Nov 17, 2022 2:49 am
Forum: Containers
Topic: Looking for Docker container ideas for RouterOS
Replies: 121
Views: 31500

Re: Looking for Docker container ideas for RouterOS

I looked at my ESXi server and the VM's it's running, and I'm considering moving what I can over to my CCR2116. pi-hole - Already moved Asterisk/FreePBX Beta Unifi/UISP servers And with 2-4TB NVMe SSD, I could do OwnTone (DAAPd) to replace macOS 12 running iTunes 24/7 ownCloud/NextCloud NAS (NFS, S...
by elico
Thu Nov 17, 2022 2:24 am
Forum: Containers
Topic: ifconfig.io container is ready
Replies: 3
Views: 2825

Re: ifconfig.io container is ready

Hi, Thank you, Any instructions or walkthroughs on establishing an HTTPS connection? Regards, Hey, It depends on how this would be setup. You either have a pre-existing certificate and chain and everything or you will use some lets encrypt. For lets encrypt It would be much smarter to put a simple ...
by elico
Wed Nov 16, 2022 11:40 pm
Forum: Containers
Topic: Releasing Prometheus RouterOS exporter container
Replies: 2
Views: 7236

Releasing Prometheus RouterOS exporter container

Prometheus is known for it's metric scrapping graphing and alerting capabilities. When combined with grafana it can be a very powerful tool to visualize IT systems and routers statistics and to know about trends in a system over time. I have created a container for Mikrotik RouterOS devices metric s...
by elico
Wed Nov 16, 2022 7:43 pm
Forum: Containers
Topic: openspeedtest mikrotik ready container Topic is solved
Replies: 18
Views: 11543

Re: openspeedtest mikrotik ready container Topic is solved

How does this test (server side in container) perform on a mid-range Routerboard? Is it light enough on CPU to saturate 1Gbps LAN without hitting CPU limit? (First it got max to 70% CPU utilization) And well.. it's based on Javascript/html5 and nginx. It's really a very simple speed test but well w...
by elico
Tue Nov 15, 2022 5:18 pm
Forum: Containers
Topic: IPsubnet calculator container
Replies: 0
Views: 2450

IPsubnet calculator container

Based on old work of mine I have created a simple IP Subnet Calculator html5 web container: The source of the calculator is from: https://github.com/jmpep/IPsubnet The container details are at: https://github.com/elico/ipcalc-container To install the container you can use the next commands and then ...
by elico
Tue Nov 15, 2022 4:50 am
Forum: Containers
Topic: openspeedtest mikrotik ready container Topic is solved
Replies: 18
Views: 11543

openspeedtest mikrotik ready container Topic is solved

After seeing couple issues with containers I took the liberty to compose a speedtest container based on: openspeedtest https://openspeedtest.com/ https://github.com/openspeedtest/Speed-Test 1Gbps-local-speedtest.png The sources for the container and the Makefile to build it for amd64/arm64/armv7: ht...
by elico
Tue Nov 15, 2022 3:35 am
Forum: Containers
Topic: ifconfig.io container is ready
Replies: 3
Views: 2825

ifconfig.io container is ready

After a while trying to cross compile couple Golang based server I managed to find the right way to make it work inside a container. The current build repo is at: https://github.com/elico/ifconfig.io The binary and the actual container is separated into two separated processes. In golang you can sim...
by elico
Mon Nov 14, 2022 10:42 pm
Forum: Containers
Topic: /dev/stdout and /dev/stderr permission denied on many containers
Replies: 2
Views: 3030

/dev/stdout and /dev/stderr permission denied on many containers

Hey, I wanted to run a PHP based service inside a container on my RB4011. The image I found that is compatible and slim is: https://github.com/erseco/alpine-php-webserver There are couple issues that are preventing the container from operation. The first is that it's tries to write into /dev/stderr ...
by elico
Tue Aug 30, 2022 9:34 pm
Forum: General
Topic: Is it possible to read hap ac2 and ac3 input voltage? [SOLVED]
Replies: 1
Views: 651

Is it possible to read hap ac2 and ac3 input voltage? [SOLVED]

I have couple hap ac2 and it doesn't have /system/health output at all. I have a power supply that stopped working and I wanted to read the voltage so I would know before something fishy is going with the power supply. However compared to other devices it seems like it doesn't have the input voltage...
by elico
Sun Aug 21, 2022 6:18 am
Forum: Scripting
Topic: Script to enable and disable a NAT
Replies: 3
Views: 800

Re: Script to enable and disable a NAT

Hey,

Did you managed to find a solution for your use case?
by elico
Sun Aug 21, 2022 6:07 am
Forum: Virtualization
Topic: CHR + EVE-NG Basics
Replies: 4
Views: 7890

Re: CHR + EVE-NG Basics

Can you share the relevant YouTube links?
by elico
Sun Mar 27, 2022 7:18 am
Forum: Scripting
Topic: REST API - Send SMS
Replies: 1
Views: 3911

Re: REST API - Send SMS

Hello, I have a mikrotik router with LTE interface. I want to send SMS via REST API, but I'm not able to be success. This command runs OK: curl -k -u admin: 'https://192.168.8.95/rest/tool/sms' With this result: {"allowed-number":"","auto-erase":"false","...
by elico
Sun Mar 27, 2022 7:08 am
Forum: General
Topic: V7.1.3 Rest API is it possible to add multiple values in a single request?
Replies: 5
Views: 1188

Re: V7.1.3 Rest API is it possible to add multiple values in a single request?

API is the same as CLI, you can add only one entry by one "add" command. What about the PUT command? Can I add multiple values in a single command? ie how would I add multiple values with the next curl command? what json content will add more then one entry per request? Currently I am run...
by elico
Fri Mar 25, 2022 2:35 am
Forum: Scripting
Topic: REST API: PowerShell running a script remotely from windows [SOLVED]
Replies: 0
Views: 2114

REST API: PowerShell running a script remotely from windows [SOLVED]

I wrote a powershell script that runs a script on the RouterOS device remotely via REST API. https://gist.github.com/elico/9110bc2a7eab12b9e65a1c1b3e4f8c69 add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { ...
by elico
Mon Mar 14, 2022 9:11 pm
Forum: General
Topic: V7.1.3 Rest API is it possible to add multiple values in a single request?
Replies: 5
Views: 1188

V7.1.3 Rest API is it possible to add multiple values in a single request?

I have been working with V7 rest API for quite some time and it's wonderful. In bash I am running the next request: curl -s -k -u "${USERNAME}:${PASSWORD}" -X POST "https://${HOST}/rest/ip/firewall/address-list/add" \ --data "{\"address\":\"${ADDRESS}\",\...
by elico
Mon Jan 31, 2022 6:48 pm
Forum: General
Topic: 7.1.1 script formatting in winbox
Replies: 12
Views: 4206

Re: 7.1.1 script formatting in winbox

I wonder how they managed to not reproduce it, it's clearly there: Well it's pretty easy to reproduce with webfig when creating a new script on 7.1.1. I have tried creating a simple script with 5 lines and while on webfig when writing and editing it looks fine, in winbox and on export it has line e...
by elico
Mon Jan 31, 2022 12:15 pm
Forum: General
Topic: RB450Gx4 not able to give proper throughput
Replies: 2
Views: 897

Re: RB450Gx4 not able to give proper throughput

Hey, The device is Rated for 1Gbps like many other only with FastTrack enabled. With FastTrack enabled you can't load balance traffic between WAN connections, ie the only way that I know to use these devices with proper speed is with proper Routing and FastTrack Enabled. You will first need to make ...
by elico
Mon Jan 31, 2022 11:39 am
Forum: General
Topic: firewall address list domains resolution frequency [SOLVED]
Replies: 6
Views: 2257

Re: firewall address list domains resolution frequency [SOLVED]

It's supposed to use TTL. What RouterOS version do you have? I am using both 6.49.2 and 7.1.1. However now I have captured the dns requests and responses on the DNS server to make sure what happens and... It seems that indeed the TTL is being considered but, some domains have very weird ttl's. For ...
by elico
Sun Jan 30, 2022 6:53 pm
Forum: General
Topic: firewall address list domains resolution frequency [SOLVED]
Replies: 6
Views: 2257

firewall address list domains resolution frequency [SOLVED]

I have used for quite some time domain names in the firewall address lists. Lately I have started monitoring my devices with syslog and I am seeing that every second the RouterOS device is sending a DNS query for all the domains in the address lists. I assumed that the device will do that a bit smar...
by elico
Wed Jan 26, 2022 4:04 pm
Forum: Virtualization
Topic: MY FIRST CHR POST STUCK no INTERNET
Replies: 17
Views: 6869

Re: MY FIRST CHR POST STUCK no INTERNET

I am using CHR on-top of hyper-v both V6 and V7 for the last couple years. The basics are that you need: * Gen 1 VM (will not boot at all on Gen 2) * Meet minimum RAM requirements, 128MB+ for V6 and 256MB+ for V7, I am using 384MB for 2 CPUS and 8 interfaces for V7 * Basic understanding of how Hyper...
by elico
Tue Dec 14, 2021 8:28 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 226755

Re: v7.1 is released!

Testing the CHR vhdx on-top of Windows 10 hype-v with 8 nics (gen1 vm). * Can only see the first network interface * ACPI reboot+shutdown doesn't work (reboot is stuck with the "Rebooting..." text" [admin@MikroTik] > /system/resource/print uptime: 3m37s version: 7.1 (testing) build-ti...
by elico
Thu May 13, 2021 3:10 pm
Forum: Scripting
Topic: Trying to get DynU DynamicDNS script working
Replies: 13
Views: 4962

Re: Trying to get DynU DynamicDNS script working

Do you still need help with this?
by elico
Mon Apr 05, 2021 10:45 am
Forum: Scripting
Topic: Disable and Enable interface
Replies: 17
Views: 14014

Re: Disable and Enable interface

You should try to use recursive routes.
It will automatically ping a specific destination but you will need to have a static ping address per route.
for one route you can use 8.8.8.8
and the other 1.1.1.1

https://help.mikrotik.com/docs/display/ROS/Failover
by elico
Mon Apr 05, 2021 10:39 am
Forum: Scripting
Topic: Sending telegram bot message
Replies: 6
Views: 15366

Re: Sending telegram bot message

This script works well for me for internal interfaces at the moment and for system/cpu temperature and if you go to my other thread, trying to do so for UPS log entry! https://forum.mikrotik.com/viewtopic.php?f=9&t=173565&p=849993#p849993 The one thing I would like to add from the first exa...
by elico
Wed Mar 24, 2021 2:47 pm
Forum: Scripting
Topic: match long domain name [SOLVED]
Replies: 10
Views: 2672

Re: match long domain name [SOLVED]

Try this this one: ^[a-z0-9]{6,}\\.example\\.com\$ :put ("xyz.example.com" ~ "^[a-z0-9]{6,}\\.example\\.com\$") = false :put ("xyzxyz.example.com" ~ "^[a-z0-9]{6,}\\.example\\.com\$") = true You need extra "\" when you are inside a string/text in Ro...
by elico
Tue Mar 23, 2021 11:46 pm
Forum: Scripting
Topic: Sending telegram bot message
Replies: 6
Views: 15366

Sending telegram bot message

An example for sending a group or a single private message using a telegram bot. :do { :local telegramBotToken "xxxxxxxxx:secondpartOfTheToken"; :local destination "Number"; :local requestUrl "https://api.telegram.org/bot$telegramBotToken/sendMessage"; :local httpData &...
by elico
Tue Mar 23, 2021 10:38 pm
Forum: Scripting
Topic: Why command "fetch" doesn't wait for output?
Replies: 11
Views: 9227

Re: Why command "fetch" doesn't wait for output?

You should try to see if there is some kind of error using a do and on-error like: :local cronUrl "https://xxxxxxxxxxxxx.php"; /log info "start"; :do { /tool fetch url=$cronUrl; } on-error={ /log info "finished with error"; } /log info "finished"; The log and ...
by elico
Tue Mar 23, 2021 10:18 pm
Forum: Scripting
Topic: MikroTik failover script based on latency
Replies: 2
Views: 1871

Re: MikroTik failover script based on latency

You can use netwatch for ping tests and do the failover using a script call.
Jitter is a whole another story.
by elico
Tue Mar 23, 2021 10:12 pm
Forum: Scripting
Topic: Get log line from memory log
Replies: 15
Views: 6687

Re: Get log line from memory log

Thanks! It turns out that /log get does exist. It does not auto-complete with tab, strange. But it works. And the /print as-value trick also works. I remembered that I had seen examples but could not find them using the search.... To find the ids you can use: :put [find .id ] or loop the [find .id ...
by elico
Tue Mar 23, 2021 10:05 pm
Forum: Scripting
Topic: /tool fetch command using API issue
Replies: 1
Views: 1166

Re: /tool fetch command using API issue

You would need something like: $fileUrl = "http://".$localIP."/".$remoteSysModel."/".$fileName; $remoteAPI->write('/tool/fetch', false); $remoteAPI->write('=url='.$fileUrl); In api lines it should be something like: /tool/fetch =url=http://192.168.1.1/fileName =dst-path...
by elico
Tue Mar 23, 2021 9:58 pm
Forum: Scripting
Topic: match long domain name [SOLVED]
Replies: 10
Views: 2672

Re: match long domain name [SOLVED]

I want to set up static dns in ros for matching any long (over 5 characters) subdomains eg. I want to match any domain like xyzxyz.example.com or abcabcabc.example.com, but don't want to match xyz.example.com or abcab.example.com. I was using ^.*\{6,\}\.example.com, but what I got in static record ...
by elico
Tue Mar 23, 2021 1:15 am
Forum: Scripting
Topic: Trying to create a multiline file using Ruby API client
Replies: 0
Views: 1471

Trying to create a multiline file using Ruby API client

I am writing a keep-alive script from a proxy server to RB. I have an array of proxies which I am managing from a master node. The master keeps track on the proxies and updates the MT if one or more proxies are down and changes the mangle rules accordingly. Instead of re-creating the whole rules or ...
by elico
Mon Mar 01, 2021 9:54 pm
Forum: General
Topic: DHCP Option 82 / DHCP-Snooping
Replies: 11
Views: 23773

Re: DHCP Option 82 / DHCP-Snooping

@alexcherry what is your configuration looking like? Please send me your configuration i will give a try on that. Agent-Circuit-Id should be configurable with placeholders like %m = MAC-Address of Interface %n = Name of Interface (custom name) %i = ID of Interface XX (eg 01, 02, 03....) The informa...
by elico
Wed Feb 03, 2021 12:57 am
Forum: Virtualization
Topic: Web cache proxy for Isp
Replies: 5
Views: 7395

Re: Web cache proxy for Isp

What about squid/nginx/varnish?

Squid-Cache is the general solution for http/1.x .
If you have a specific service you want to cache there might be a solution for this specific issue.
What do you need it for? windows updates?
by elico
Sun Jan 24, 2021 10:26 am
Forum: Scripting
Topic: Two questions about DHCP leases script. [SOLVED]
Replies: 10
Views: 12804

Re: Two questions about DHCP leases script. [SOLVED]

based on: https://forum.mikrotik.com/viewtopic.php?f=9&t=171750&p=840220#p840220 I have just tested that it's possible to do the same as on-up with lease-script. You don't need to set a global variable and just need to use the dont-require-permissions and use a script for the lease-script. /...
by elico
Sun Jan 24, 2021 7:56 am
Forum: Scripting
Topic: using fetch tool on ppp on-up script [SOLVED]
Replies: 6
Views: 2510

Re: using fetch tool on ppp on-up script [SOLVED]

Thanks, Eventually I managed to make it work with the next is my script: :do { :local Url ("http://ngtech.co.il/index.html"); /tool fetch url=$Url keep-result=no; :log info "*****$user Connected"; } on-error={ :log info "Error"; } :log info "#####$user Connected&qu...
by elico
Wed Jan 20, 2021 4:26 pm
Forum: Scripting
Topic: using fetch tool on ppp on-up script [SOLVED]
Replies: 6
Views: 2510

Re: using fetch tool on ppp on-up script [SOLVED]

@mrz, I am trying to figure out how to do that but can't. I have the next in the ppp on-up script: :log info "****** $user Connected"; /system script run test; and in the test script: :log info "#####$user Connected"; The logs shows: ****** eliezer Connected ##### Connected So it...
by elico
Tue Jan 19, 2021 7:10 pm
Forum: Scripting
Topic: using fetch tool on ppp on-up script [SOLVED]
Replies: 6
Views: 2510

Re: using fetch tool on ppp on-up script [SOLVED]

My main concern is the user variable.
I need it for the fetch script.

What are my options?
by elico
Mon Jan 18, 2021 2:44 pm
Forum: Scripting
Topic: using fetch tool on ppp on-up script [SOLVED]
Replies: 6
Views: 2510

using fetch tool on ppp on-up script [SOLVED]

I have a nice setup with pppoe/l2tp/pptp server it works great of course. I wanted to trigger a remote api call using "/tool fetch" however it doesn't work. I am trying to run the next: /tool fetch address=192.168.200.80 host=192.168.200.80 mode=http src-path=login output=none; :log info &...
by elico
Mon Dec 28, 2020 5:42 pm
Forum: Scripting
Topic: help to solve issue in script " dns to address lists scripts " [SOLVED]
Replies: 11
Views: 7167

Re: help to solve issue in script " dns to address lists scripts " [SOLVED]

I tried the script from the wiki at: https://wiki.mikrotik.com/wiki/Manual:Scripting-examples#Block_access_to_specific_websites But it just didn't ran.. So I came up with: :foreach i in=[/ip dns cache find name~"(youtube-ui.l.google.com|youtube.com|googlevideo.com)\$" && $type ~ &q...
by elico
Mon Dec 28, 2020 5:03 pm
Forum: Scripting
Topic: Removing ip addresses in a list based on another
Replies: 13
Views: 4283

Re: Removing ip addresses in a list based on another

OK Now I got it.
I will try it later and see how it goes.
by elico
Thu Dec 17, 2020 2:22 pm
Forum: Scripting
Topic: Removing ip addresses in a list based on another
Replies: 13
Views: 4283

Re: Removing ip addresses in a list based on another

There's no "/ip firewall remove". This works for me: /ip firewall address-list remove [/ip firewall address-list find list="test" address="1.2.3.4"] but only when I write list name and address like this, I can't find a way how to make it work with variables. I assume i...
by elico
Sat Dec 12, 2020 11:49 pm
Forum: Scripting
Topic: Removing ip addresses in a list based on another
Replies: 13
Views: 4283

Removing ip addresses in a list based on another

I have a set of lists I want to cleanup a specific IP from another address list. It's not working.. What am I doing wrong? :local lists {"test1"; "test2"; "test3";}; :foreach ip in=[/ip firewall address-list find where list="CLEANUP"] do={ :local ipAddresss [/...
by elico
Fri Nov 06, 2020 1:36 pm
Forum: General
Topic: "Zoom" best practices
Replies: 10
Views: 5502

Re: "Zoom" best practices

I am curious how this went for you. I have been bombarded with zoom problems and they always seem to be mikrotik customers. I have tried disabling sip alg and udplite but it still seems like I get a lot of complaints from my customers at sites where I am running mikrotik routers and waps. Today I f...
by elico
Fri Nov 06, 2020 1:18 pm
Forum: General
Topic: Disney+ [SOLVED]
Replies: 5
Views: 4111

Re: Disney+ [SOLVED]

Hey,

You can send me or anyone else a supfie or export the router config so we can see if there is something specific.
The issues are limited to:
* Routing
* DNS
* Firewall

Since you are receiving a 403 it's probably not basic Firewall rules.
by elico
Wed Nov 04, 2020 11:22 pm
Forum: Forwarding Protocols
Topic: VRF Lite [SOLVED]
Replies: 6
Views: 13376

Re: VRF Lite [SOLVED]

Hi again As I wrote, it's a hub and spoke topology. Ipsec, OSPF, tunnels, - everything runs fine. Connected clients on the spokes gets a iperf3 throughput ~180Mb. That's fine. If I implement "VRF Lite" on a spoke router,- thoughput becomes very unstable, 180Mb - then 1Kb - then 0 - then 1...
by elico
Wed Nov 04, 2020 8:34 pm
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 20
Views: 18362

Re: Significant Speed Issues with MikroTik [SOLVED]

Hey @elico, you obviously use sub-optimal config for your hardware. Furthermore, the link you provided suggest 1Gbps routing performance for gr3... Wrt testing, have a look at https://mum.mikrotik.com/presentations/MX19/presentation_6766_1555080654.pdf & https://youtu.be/rQX0inNcPuM Just poping...
by elico
Wed Nov 04, 2020 8:18 pm
Forum: Beginner Basics
Topic: RB2011 slow internet even with fasttrack [SOLVED]
Replies: 104
Views: 43225

Re: RB2011 slow internet even with fasttrack [SOLVED]

So....disabling route cache got you the speeds you were looking for? I'm having the same problem as you. I don't want to downgrade if I don't have to. Disabling route cache means disabling also FastTrack which technically is a "flow" offload into either hardware or software. For normal an...
by elico
Tue Nov 03, 2020 2:33 am
Forum: General
Topic: IPsec s2s VPN between Mikrotik RB4011 and Palo Alto PA-220 multiple policies problem
Replies: 6
Views: 6205

Re: IPsec s2s VPN between Mikrotik RB4011 and Palo Alto PA-220 multiple policies problem

Hey, The basic config of a GRE tunnel between PA and MT would be a bit different from MT to MT. With MT to MT the IPSec tunnel would be negotiated with the PSK defined in the GRE configuration. With PA and MT I assume that you would be required to to create another tunnel ontop of the IKE and the ip...
by elico
Thu Oct 29, 2020 4:21 pm
Forum: General
Topic: NordVPN
Replies: 2
Views: 638

Re: NordVPN

You might be able to use IP routes with different metrics per gateway to force the VPN via a specific ISP.
ISP 1 metric 10
ISP 2 metric 20
Route of specific subnet or /32 host via ISP X Gateway/Interface with metric 5.
by elico
Thu Oct 29, 2020 4:17 pm
Forum: General
Topic: Home setup
Replies: 2
Views: 600

Re: Home setup

Have you tried to look at:
/tool mac-server export verbose
Output?

For the winbox to be open to eveywhere you should first set these:
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
by elico
Thu Oct 29, 2020 4:13 pm
Forum: General
Topic: Mikrotik L2TP VPN IP Public Port Forward
Replies: 13
Views: 6675

Re: Mikrotik L2TP VPN IP Public Port Forward

Hey, What have you tried until now? There are some missing pieces to understand the technical issue. Who is behind the Mikrotik device? What are the routes on the Mikrotik device? /ip route print Might help to understand. What you technically need to do is add a dnat rule on the l2tp\sstp interface ...
by elico
Thu Oct 29, 2020 3:50 pm
Forum: General
Topic: TCP Bottleneck
Replies: 6
Views: 2098

Re: TCP Bottleneck

The network structure is not well understood to me. What is the IP of each device in each end of the setup? From what I remember both RB2011 and Powerbox Pro has the same CPU and they cannot perform better then 200Mbps ~ without RouteCache +FastTrack and FastPath. In any case a PtP it is preferable ...
by elico
Thu Oct 29, 2020 3:38 pm
Forum: General
Topic: ISP failover + VRF with BGP
Replies: 2
Views: 1423

Re: ISP failover + VRF with BGP

Can you please share more about this setup details?
I wan to try and run it locally with couple devices.
by elico
Thu Oct 29, 2020 3:34 pm
Forum: General
Topic: Randomly loosing connection with router from internet
Replies: 9
Views: 1453

Re: Randomly loosing connection with router from internet

Hey, Pings can be dropped from time to time on the Internet so it's not a solid measurement for RDP. I would start with basic RDP debug. What Windows versions are you using? What connection are you using? TCP+UDP or just TCP? What do you see in the windows event log? You can try to disable Route-Cac...
by elico
Wed Oct 28, 2020 10:58 pm
Forum: General
Topic: IPsec s2s VPN between Mikrotik RB4011 and Palo Alto PA-220 multiple policies problem
Replies: 6
Views: 6205

Re: IPsec s2s VPN between Mikrotik RB4011 and Palo Alto PA-220 multiple policies problem

Hey, I am working here on an IPSEC s2s setup with Palo Alto and Mikrotik CHR. It would help to understand both sides setup. In the PA side you can use the default PH1 and PH2 IKEv2 and IPSEC profiles. ** EDIT ** For most use cases you will need to set on the PA side the IKE Gateway side "Peer I...
by elico
Fri Feb 07, 2020 12:06 am
Forum: General
Topic: IPv6 dynamic global address on bridge-only RouterBoard?
Replies: 9
Views: 4100

Re: IPv6 dynamic global address on bridge-only RouterBoard?

Also, IPv6 has redirect message that end user hosts has to obey if received - that is, if network infrastructure knows a better route to the host via another router in the same network, it can send the redirect to the end user host. After that, the end user host has to send all the traffic using ga...
by elico
Fri Dec 06, 2019 4:56 am
Forum: General
Topic: Feature Request: WOL For Winbox
Replies: 4
Views: 2821

Re: Feature Request: WOL For Winbox

Hey please! After 6 years, still not WoL in Winbox. It is just a button (for example in the DHCP Server/Leases menu, It would be great to wake computers by clicking on the MAC, mouse right button, WAKE!). +1 here I actually tested a nice script that runs every specified interval and checks for a li...
by elico
Wed Aug 14, 2019 7:59 pm
Forum: Beginner Basics
Topic: RB2011 slow internet even with fasttrack [SOLVED]
Replies: 104
Views: 43225

Re: RB2011 slow internet even with fasttrack [SOLVED]

EDIT: It appears that the browser on client cannot reach higher speed then 500 ~ Mbps on the HTTP SpeedTest. So I tried again with iperf and found out the next: via RB2011 using iperf with or without NAT I am able to reach 750 ~ Mbps. However when I am disabling route cache I am reaching a limit of:...
by elico
Mon Jul 29, 2019 2:53 am
Forum: Beginner Basics
Topic: RB2011 slow internet even with fasttrack [SOLVED]
Replies: 104
Views: 43225

Re: RB2011 slow internet even with fasttrack [SOLVED]

I have a local RB2011 (FW 6.44.3)with 2 LAN segments: LAN - 10.0.0.138/24 SERVERS - 192.168.89.1/24 Client: 10.0.0.65 LAN SpeedTest Server: 10.0.0.79/10.0.0.13 SERVERS SpeedTest Server: 192.168.89.42 It works for a very long time now but always with the same max routing speed of 250-280 Mbps from on...
by elico
Mon Jul 29, 2019 1:11 am
Forum: Beginner Basics
Topic: Significant Speed Issues with MikroTik [SOLVED]
Replies: 20
Views: 18362

Re: Significant Speed Issues with MikroTik [SOLVED]

I have couple RB750Gr3 but none of them were able to reach more then 300 Mbps for file transfer in routing only mode (No NAT). To test this issue try to use the "Bandwidth Test" tool of mikrotik. Take a look at this post: https://forum.mikrotik.com/viewtopic.php?t=104266 It has ip addresse...
by elico
Tue Feb 26, 2019 3:08 am
Forum: Wireless Networking
Topic: Hap ac2 TX power tables info missing
Replies: 9
Views: 8350

Re: Hap ac2 TX power tables info missing

Hi normis, can this "issue" or "feature" can be published in the product wireless chip spec so I and others can see it while evaluating the product?
(this post is good enough for me but if it was on the specs I wouldn't be required to search the forum)
Sounds fair?
by elico
Mon Oct 15, 2018 5:38 pm
Forum: General
Topic: Limitations on Maximum Available Routing Marks?
Replies: 3
Views: 2817

Re: Limitations on Maximum Available Routing Marks?

<r>Depends on the OS forced limit and also the CPU arch. Iptables mark can be up to very very high ie from: https://www.frozentux.net/iptables-tutorial/chunkyhtml/x2702.html section "10.3.10. Mark match" it seems that the mark themselves can be much higher then 250. The next link give some...
by elico
Mon Oct 15, 2018 9:31 am
Forum: General
Topic: Random Reboots
Replies: 7
Views: 3953

Re: Random Reboots

What about memory?
by elico
Sun Nov 26, 2017 3:00 am
Forum: General
Topic: Serving static files from a usb on HAP devices
Replies: 0
Views: 668

Serving static files from a usb on HAP devices

I have a bunch(20+) HAP and RB750G devices which has a USB port. I have a USB Disk On Key with static html files that I want to be accessible via the network. The way I did that until now is using SMB and a public read-only share. I was wondering if it's possible to serve static files on a specific ...
by elico
Fri Jun 09, 2017 6:59 am
Forum: General
Topic: Problem with Squid Server Cache
Replies: 1
Views: 1679

Re: Problem with Squid Server Cache

Was this answered?
I can write a tutorial on how to make a Linux squid work with mikrotik.
I have been working on som daemon that will throw rules to the edge router about what IP's to intercept and to what proxy forward the traffic.
by elico
Sun May 21, 2017 3:00 am
Forum: General
Topic: Configuring RouterOS devices with ansible?
Replies: 1
Views: 2522

Configuring RouterOS devices with ansible?

Anyone tried to configure RouterOS devices with ansible? Basically it's based on ssh so it should be doable and maybe in some way Anisble can be used as the "controller" for a RouterOS cluster. It would be similar to a "Control Plane" which is a cli\scripting\webui that sends com...
by elico
Sun May 21, 2017 2:34 am
Forum: General
Topic: Features Request: SYNPROXY
Replies: 2
Views: 1993

Re: Features Request: SYNPROXY

You can use FastNetMon for DDoS Sync attack. It has support for rOS.

https://github.com/pavel-odintsov/fastnetmon

M.
When taking a peek at the FastNetMon github issues I have seen that there is an open issue about a specific issue and it's yet clear to me if it was fixed or not.
by elico
Mon Feb 13, 2017 9:05 am
Forum: General
Topic: [RESOLVED]PBR to and L2TP over PPOE
Replies: 0
Views: 741

[RESOLVED]PBR to and L2TP over PPOE

I am connected to work over a PPPOE connection but to some systems I am required to have a L2TP tunnel. I tried to follow the next tutorials: http://wiki.mikrotik.com/wiki/Policy_Base_Routing http://wiki.mikrotik.com/wiki/PBR_PTP_IPIP In order to implement PBR for specific hosts on my network. The f...
by elico
Sat Dec 10, 2016 12:22 pm
Forum: General
Topic: New feature Loop Protect - how it works
Replies: 6
Views: 13488

Re: New feature Loop Protect - how it works

Will it only work for routers or also for SWOS?
by elico
Mon Nov 07, 2016 9:52 pm
Forum: Announcements
Topic: SwOS version 1.17 released
Replies: 14
Views: 16210

Re: SwOS version 1.17 released

I tried to upgrade a 260GSP using firefox and it required me to rely on a the wiki article: http://wiki.mikrotik.com/wiki/SwOS#Reinstall_SwOS_firmware But on a rb750gr2 the defaults are to have 192.168.88.0/24 I had to use the combination of the article and use the existing address-pool instead of c...