Community discussions

Search found 83 matches

  • 1
  • 2
by td32
Mon Jul 15, 2019 9:22 pm
Forum: Beginner Basics
Topic: Block Youtube but not with gmail
Replies: 11
Views: 529

Re: Block Youtube but not with gmail

wouldn't a simple dns block work for this case, redirect all dns port 53 requests to your local dns resolver(in case they use any third party dns) and set a static dns to 0.0.0.0 for youtube.com
by td32
Mon Jul 01, 2019 2:34 pm
Forum: Wireless Networking
Topic: User manager wireless VLAN
Replies: 4
Views: 653

Re: User manager wireless VLAN

if i'm not wrong user manager does not supports WPA2 enterprise
by td32
Sun Jun 09, 2019 4:48 am
Forum: Wireless Networking
Topic: Temporarily disabling 5GHz wi-fi band on hAP ac router
Replies: 2
Views: 236

Re: Temporarily disabling 5GHz wi-fi band on hAP ac router

I've tried going into the "Interfaces" tab and disabling one of the WLAN interfaces at a time, but it appears that no matter which one I disable the other defaults back to 5GHz. There is no way for this to happen, default wlan1 interface is 2.4GHz and wlan2 is the 5Ghz only If your IoT is only 2.4G...
by td32
Tue Apr 30, 2019 4:15 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: wAP ac serious problem! maybe a bug?
Replies: 12
Views: 660

Re: wAP ac serious problem! maybe a bug?

it might be a failing power adapter.
by td32
Sun Apr 28, 2019 8:15 am
Forum: General
Topic: Force Users to Use Specific DNS Server
Replies: 4
Views: 322

Re: Force Users to Use Specific DNS Server

were does your pihole get its dns?
you must allow requests from pihole ip to reach the dns resolver the pihole uses
by td32
Sun Apr 28, 2019 7:45 am
Forum: Beginner Basics
Topic: Blocking stuff [Help needed]
Replies: 5
Views: 407

Re: Blocking stuff [Help needed]

well you can block access to port 80 to the modem ip from all ips in your subnet and add an allow rule over the drop one only for the ips you want to access it
by td32
Thu Apr 25, 2019 11:29 pm
Forum: General
Topic: RB1100AHx4 Dude Edition insecure by default
Replies: 11
Views: 535

Re: RB1100AHx4 Dude Edition insecure by default

doubt this was on default config.
On default config wan port drops all input traffic
by td32
Tue Mar 05, 2019 7:54 pm
Forum: General
Topic: IPSec Xauth PSK client-to-site? [SOLVED]
Replies: 6
Views: 1825

Re: IPSec Xauth PSK client-to-site? [SOLVED]

Post full IPsec debug logs. If I recall correctly, you have to use my-id=key-id when connecting to cisco XAuth server.
thanks this was the missing info
my-id=key-id
my-id=groupID
by td32
Sat Mar 02, 2019 1:26 am
Forum: General
Topic: IPSec Xauth PSK client-to-site? [SOLVED]
Replies: 6
Views: 1825

Re: IPSec Xauth PSK client-to-site? [SOLVED]

# mar/02/2019 00:22:06 by RouterOS 6.42.12 /ip ipsec policy group set [ find default=yes ] name=groupID /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha512,sha256,sha1,md5 \ enc-algorithms=aes-256-cbc,aes-256-ctr,aes-256-gcm,3des pfs-group=none add auth-algorithms=sha256 enc-algorith...
by td32
Fri Mar 01, 2019 1:55 am
Forum: General
Topic: IPSec Xauth PSK client-to-site? [SOLVED]
Replies: 6
Views: 1825

Re: IPSec Xauth PSK client-to-site? [SOLVED]

i'm bumping this once again
Anyone has any idea if this can be done?
does ROS support IPSec Xauth PSK client-to-site with a cisco router?
by td32
Tue Feb 26, 2019 8:25 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 67
Views: 4908

Re: Security issue when Winbox exposed

So, if you don't have allowed addresses in Winbox IP service, but you have an input accept filter rule with address list for 8291, you're vulnerable?
only from the accept list ips
by td32
Thu Feb 21, 2019 8:11 am
Forum: General
Topic: Unauthorized access to MikroTiK
Replies: 20
Views: 2404

Re: Unauthorized access to MikroTiK

its not enough, change your password also
by td32
Tue Feb 05, 2019 8:24 am
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 31319

Re: v6.43.8 [stable] is released!

I'm afraid of upgrading my 941 and 952 devices as they don't have the 60mb for the leak and most of them are remote (like 20 hour plane ride away)
"20 hour plane ride away", my god Please don't. Stay on bugfix or Long-term how it's called now.
by td32
Fri Jan 11, 2019 10:14 am
Forum: General
Topic: hAP ac2 - port knocking doesn't work (kind of)
Replies: 7
Views: 499

Re: hAP ac2 - port knocking doesn't work (kind of)

try to sleep a second between knocks
by td32
Mon Nov 19, 2018 3:40 pm
Forum: Beginner Basics
Topic: plan-B
Replies: 5
Views: 406

Re: plan-B

SAFE MODE- reinventing the wheel
by td32
Thu Nov 08, 2018 7:12 pm
Forum: General
Topic: Netinstall does'nt working(?)
Replies: 8
Views: 607

Re: Netinstall does'nt working(?)

try to run netinstall as admin
try another ros version like 6.42.9
by td32
Tue Nov 06, 2018 10:41 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 330
Views: 72569

Re: Winbox vulnerability: please upgrade

you can change the password all day long but if someone has remote access on you pc most probably has installed a keyloger also 11/5/18 22:38:15 system,info,account user NewUserCreated logged in from ??:3B:??:22:??:AC via mac-telnet system,info,account user NewUserCreated logged in from ??:3B:??:22:...
by td32
Thu Nov 01, 2018 9:15 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 236712

Re: Metarouter images

what about this
http://openwrt.wk.cz/trunk/mr-mips/packages/openssl-util_1.0.1-1_mr-mips.ipk
by td32
Thu Nov 01, 2018 1:51 am
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 236712

Re: Metarouter images

i think you can get the ssl packages directly from the openwrt website, available with each release
example
https://archive.openwrt.org/chaos_calmer/15.05/ar71xx/mikrotik/packages/
by td32
Sat Oct 20, 2018 9:54 pm
Forum: General
Topic: Bricked hAP ac (962UiGS-5HacT2HnT)
Replies: 5
Views: 510

Re: Bricked hAP ac (962UiGS-5HacT2HnT)

there are some issues with the device communication with netistall, i have had luck different times setting the speed&duplex to 10Mbps Full Duplex, or 100Mbps Full Duplex,

last time i had luck with 100Mbps Full Duplex
by td32
Sat Oct 20, 2018 2:57 am
Forum: Beginner Basics
Topic: Change wifi password by batch file / script
Replies: 1
Views: 376

Re: Change wifi password by batch file / script

here you can try this ugly solution 1- create a batch file containing the following ::@echo off SET NewWifiPass= SET /p NewWifiPass= NewWifiPass(min 8 char long): copy /Y changewifi.txt changewifi.temp.txt sed -i s/OldWIFIPASS/%NewWifiPass%/g changewifi.txt START /W putty.exe -ssh mikrotikUSER@mikro...
by td32
Fri Aug 24, 2018 9:51 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 29150

Re: v6.42.7 [current] is released!

It looks like the default routerboot boot mode has changed from "nand if fail then ethernet" to "try-ethernet-once-then-nand". This wasn't mentioned in the release note. However, I think it is a good idea, I already set difficult-to-access devices that way. Advantage: you can netinstall a device by...
by td32
Thu May 31, 2018 1:16 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 22456

Re: Winbox 3.14 released!

whoever has a vertical screen resolution of 768 and below is faced with the No scroll issue. CLI is a work around, but it is still an issue in winbox
by td32
Thu May 24, 2018 1:25 am
Forum: Announcements
Topic: v6.42.2 [current]
Replies: 65
Views: 13513

Re: v6.42.2 [current]

i guess he got pwned on the previous version(stolen user pass), then upgraded but did not change access credentials.
But they still have the credentials to login.
by td32
Fri May 04, 2018 8:22 am
Forum: Beginner Basics
Topic: Is it possible to get a rb951ui-2hnd to pickup wifi? Then route it..
Replies: 7
Views: 578

Re: Is it possible to get a rb951ui-2hnd to pickup wifi? Then route it..

sure you can, set the wireless interface in station mode, set it as dhcp client and as gateway
by td32
Thu Apr 26, 2018 5:53 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 42294

Re: v6.42.1 [current]


Does this indicate that my OVPN has been compromised??? I've disabled my ovpn in the meantime.
nope just service scanners
by td32
Sat Apr 07, 2018 10:36 pm
Forum: Beginner Basics
Topic: SXT as lte modem only
Replies: 4
Views: 604

Re: SXT as lte modem only

by td32
Fri Apr 06, 2018 5:19 pm
Forum: General
Topic: Huge outgoing DNS requests (100gb in week)
Replies: 9
Views: 850

Re: Huge outgoing DNS requests (100gb in week)

what ros version is the hap ac?
it might be infected.
by td32
Tue Mar 06, 2018 5:38 pm
Forum: General
Topic: Date in Logs!!!!!
Replies: 7
Views: 733

Re: Date in Logs!!!!!

its just a simple fix, there is no need for a third part solution only for this.
by td32
Fri Mar 02, 2018 1:57 am
Forum: Wireless Networking
Topic: Xiaomi phone low Wifi TX rate [SOLVED]
Replies: 112
Views: 25074

Re: Xiaomi phone low Wifi TX rate [SOLVED]

I have noticed this issue is present with Huawei P10lite also, max you can get on 2.4Ghz is 54Mbps.
by td32
Fri Mar 02, 2018 1:12 am
Forum: Wireless Networking
Topic: "Management frame protection" - 802.11w compatibility
Replies: 10
Views: 3215

Re: "Management frame protection" - 802.11w compatibility

bump for this feature, i hope it gets on the todo list
by td32
Tue Feb 13, 2018 11:42 am
Forum: General
Topic: Whats is correct way firewalling access from WAN? [SOLVED]
Replies: 2
Views: 321

Re: Whats is correct way firewalling access from WAN? [SOLVED]

add the following over that rule to allow lan access
/ip firewall filter
chain=input action=accept src-address=YourLanRange dst-port=8291 protocol=tcp
or you can just drop input only from your wan interface
/ip firewall filter
chain=input action=drop in-interface=YourWanInterface
by td32
Thu Feb 08, 2018 11:30 pm
Forum: RouterBOARD hardware
Topic: Mikrotik hAP AC 2.4ghz utterly unusable?
Replies: 5
Views: 948

Re: Mikrotik hAP AC 2.4ghz utterly unusable?

get on bug fix, no issues at all on my side
by td32
Fri Jan 26, 2018 10:20 pm
Forum: General
Topic: Forum notifications!
Replies: 8
Views: 686

Re: Forum notifications!

The notifications caused the 40 second delay on each post submission. You can vote which one you prefer :) There are a LOT of users on this forum, notifications seem to be broken in latest PHPBB releases, we will keep following on any changes in that regard. well for sure posting is the Main featur...
by td32
Fri Jan 26, 2018 8:43 am
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 76
Views: 13464

Re: ARM based new goodies on the horizon

The hAP ac2 is missing a few features that the hAP ac had:
- PoE out on ether5
- SFP port
dual chain wireless vs triple chain for hAP ac
by td32
Thu Jan 25, 2018 6:28 pm
Forum: RouterBOARD hardware
Topic: ARM based new goodies on the horizon
Replies: 76
Views: 13464

Re: ARM based new goodies on the horizon

hAP ac² - CPU is IPQ-4018 716 MHz
PDF: https://uloz.to/!KboRhNGccV6O/en-datash ... -tower-pdf
Storage size 16 MB!!!!
yet another 16MB flash device...
by td32
Thu Jan 25, 2018 6:23 pm
Forum: Announcements
Topic: v6.39.3 [bugfix] is released!
Replies: 47
Views: 14657

Re: v6.39.3 [bugfix] is released!

In this release address list entry timeout option is broken! Entry is removed from address list randomly, but much more faster than specified amount of time
many have raised this bug but no answer yet, perhaps it will be fixed in the next bugfix
by td32
Thu Jan 25, 2018 1:42 am
Forum: General
Topic: Forum notifications!
Replies: 8
Views: 686

Forum notifications!

Is there a notification problem withe the forum in the last days, i don't get notifications anymore about the subscribed topic? (on the user account icon in the top right there use to be a red sign).
by td32
Thu Jan 25, 2018 12:36 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 92391

Re: v6.42rc [release candidate] is released!

*) userman - added support for ARM and MMIPS platforms;

a miracle after 3 years
what a news...
so next step: support EAP
by td32
Sat Dec 30, 2017 12:54 pm
Forum: General
Topic: L2TP VPN to pass only 5060 traffic
Replies: 1
Views: 224

Re: L2TP VPN to pass only 5060 traffic

create a mangle rule
preroute destination port 5060, action mark routing, l2tpvpn
then add a static route that points to l2tp interface with routing mark l2tpvpn
by td32
Sun Dec 24, 2017 12:24 am
Forum: Beginner Basics
Topic: Lost access to my Mikrotik , JAILED !
Replies: 8
Views: 1198

Re: Lost access to my Mikrotik , JAILED !

The Mikrotik had a public IP and it wasn't doing any DHCP. It was working purely as a router. Not sure how will that help ? Thanks, The wireless Network was not doing DHCP. I just connect to it, but I don't get an IP from it. There is no way I can get in via the IP perhaps. if the wireless interfac...
by td32
Sat Dec 23, 2017 10:15 pm
Forum: Beginner Basics
Topic: Lost access to my Mikrotik , JAILED !
Replies: 8
Views: 1198

Re: Lost access to my Mikrotik , JAILED !

What if you assign a static ip to your windows client?
by td32
Tue Dec 19, 2017 11:48 am
Forum: Wireless Networking
Topic: wAP AC poor performance
Replies: 4
Views: 984

Re: wAP AC poor performance

never run btest on the same device you want to measure performance, you will get much lower results because btest consumes most of the cpu resources
by td32
Sun Dec 17, 2017 8:21 pm
Forum: General
Topic: Winbox can't connect to wAP MAC address
Replies: 5
Views: 1843

Re: Winbox can't connect to wAP MAC address

Wap by default won't let you connect through the ethernet port because it is configured as WAN. By default it has an open wifi AP, you can connect through wifi and it will let you connect with winbox, you can modify the firewall rules this way so that you can connect from the ethernet port in the fu...
by td32
Sun Dec 17, 2017 4:23 am
Forum: Wireless Networking
Topic: Usermanager WPA2 EAP encryption - 2
Replies: 4
Views: 1161

Re: Usermanager WPA2 EAP encryption - 2

User-Manager does not support any EAP method
you can use freeradius on an external machine
by td32
Tue Nov 28, 2017 12:41 pm
Forum: General
Topic: Bonding two Dynadish 5 WiFi links
Replies: 15
Views: 1046

Re: Bonding two Dynadish 5 WiFi links

you must test final client(pc) to client(pc), testing is cpu hungry and running it on the same mikrotik device will not show real link results since cpu is used for generating traffic and the remaining for routing it.
by td32
Fri Nov 17, 2017 5:55 pm
Forum: Announcements
Topic: v6.39.3 [bugfix] is released!
Replies: 47
Views: 14657

Re: v6.39.3 [bugfix] is released!

Hi, When adding a IP to an IP>firewall>address list with a timeout (say 4d 00:00:00) and adding a comment in 6.39.3, it drops off within 24hours (and not when the timeout is reached). Doing the same in v6.38.7 it doesnt drop off and continues to count down till its timeout is reached. I have tested...
by td32
Mon Jun 19, 2017 2:46 pm
Forum: Beginner Basics
Topic: RouterOS for custom device
Replies: 2
Views: 431

Re: RouterOS for custom device

Well routeros is closed source.
You should look at lede/openwrt if you need to customize stuff (hardware compatibility and features)
by td32
Wed May 31, 2017 4:13 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-RM vs RB3011UiAS-RM benchmark
Replies: 7
Views: 2276

Re: CRS125-24G-1S-RM vs RB3011UiAS-RM benchmark

it seams the CRS is enough for your needs
  • 1
  • 2