MikroTik

td32

wouldn't a simple dns block work for this case, redirect all dns port 53 requests to your local dns resolver(in case they use any third party dns) and set a static dns to 0.0.0.0 for youtube.com

td32

if i'm not wrong user manager does not supports WPA2 enterprise

td32

I've tried going into the "Interfaces" tab and disabling one of the WLAN interfaces at a time, but it appears that no matter which one I disable the other defaults back to 5GHz. There is no way for this to happen, default wlan1 interface is 2.4GHz and wlan2 is the 5Ghz only If your IoT is only 2.4G...

td32

it might be a failing power adapter.

td32

were does your pihole get its dns?
you must allow requests from pihole ip to reach the dns resolver the pihole uses

td32

well you can block access to port 80 to the modem ip from all ips in your subnet and add an allow rule over the drop one only for the ips you want to access it

td32

doubt this was on default config.
On default config wan port drops all input traffic

td32

Post full IPsec debug logs. If I recall correctly, you have to use my-id=key-id when connecting to cisco XAuth server.

thanks this was the missing info

my-id=key-id
my-id=groupID

td32

# mar/02/2019 00:22:06 by RouterOS 6.42.12 /ip ipsec policy group set [ find default=yes ] name=groupID /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha512,sha256,sha1,md5 \ enc-algorithms=aes-256-cbc,aes-256-ctr,aes-256-gcm,3des pfs-group=none add auth-algorithms=sha256 enc-algorith...

td32

i'm bumping this once again
Anyone has any idea if this can be done?
does ROS support IPSec Xauth PSK client-to-site with a cisco router?

td32

So, if you don't have allowed addresses in Winbox IP service, but you have an input accept filter rule with address list for 8291, you're vulnerable?

only from the accept list ips

td32

its not enough, change your password also

td32

I'm afraid of upgrading my 941 and 952 devices as they don't have the 60mb for the leak and most of them are remote (like 20 hour plane ride away)

"20 hour plane ride away", my god Please don't. Stay on bugfix or Long-term how it's called now.

td32

try to sleep a second between knocks

td32

SAFE MODE- reinventing the wheel

td32

try to run netinstall as admin
try another ros version like 6.42.9

td32

you can change the password all day long but if someone has remote access on you pc most probably has installed a keyloger also 11/5/18 22:38:15 system,info,account user NewUserCreated logged in from ??:3B:??:22:??:AC via mac-telnet system,info,account user NewUserCreated logged in from ??:3B:??:22:...

td32

what about this

http://openwrt.wk.cz/trunk/mr-mips/packages/openssl-util_1.0.1-1_mr-mips.ipk

td32

i think you can get the ssl packages directly from the openwrt website, available with each release
example

https://archive.openwrt.org/chaos_calmer/15.05/ar71xx/mikrotik/packages/

td32

there are some issues with the device communication with netistall, i have had luck different times setting the speed&duplex to 10Mbps Full Duplex, or 100Mbps Full Duplex,

last time i had luck with 100Mbps Full Duplex

td32

here you can try this ugly solution 1- create a batch file containing the following ::@echo off SET NewWifiPass= SET /p NewWifiPass= NewWifiPass(min 8 char long): copy /Y changewifi.txt changewifi.temp.txt sed -i s/OldWIFIPASS/%NewWifiPass%/g changewifi.txt START /W putty.exe -ssh mikrotikUSER@mikro...

td32

It looks like the default routerboot boot mode has changed from "nand if fail then ethernet" to "try-ethernet-once-then-nand". This wasn't mentioned in the release note. However, I think it is a good idea, I already set difficult-to-access devices that way. Advantage: you can netinstall a device by...

td32

whoever has a vertical screen resolution of 768 and below is faced with the No scroll issue. CLI is a work around, but it is still an issue in winbox

td32

i guess he got pwned on the previous version(stolen user pass), then upgraded but did not change access credentials.
But they still have the credentials to login.

td32

https://mikrotik.com/product/RB951-2n#f ... ifications
24V 0.8A power adapter

https://mikrotik.com/product/RB951G-2Hn ... ifications
12V 1A power adapter

td32

sure you can, set the wireless interface in station mode, set it as dhcp client and as gateway

td32

Does this indicate that my OVPN has been compromised??? I've disabled my ovpn in the meantime.

nope just service scanners

td32

not supported for STX lte
viewtopic.php?f=7&t=103377&p=649246&hil ... ge#p626478

td32

what ros version is the hap ac?
it might be infected.

td32

its just a simple fix, there is no need for a third part solution only for this.

td32

I have noticed this issue is present with Huawei P10lite also, max you can get on 2.4Ghz is 54Mbps.

td32

bump for this feature, i hope it gets on the todo list

td32

add the following over that rule to allow lan access

/ip firewall filter
chain=input action=accept src-address=YourLanRange dst-port=8291 protocol=tcp

or you can just drop input only from your wan interface

/ip firewall filter
chain=input action=drop in-interface=YourWanInterface

td32

get on bug fix, no issues at all on my side

td32

The notifications caused the 40 second delay on each post submission. You can vote which one you prefer :) There are a LOT of users on this forum, notifications seem to be broken in latest PHPBB releases, we will keep following on any changes in that regard. well for sure posting is the Main featur...

td32

The hAP ac2 is missing a few features that the hAP ac had:
- PoE out on ether5
- SFP port

dual chain wireless vs triple chain for hAP ac

td32

hAP ac² - CPU is IPQ-4018 716 MHz
PDF: https://uloz.to/!KboRhNGccV6O/en-datash ... -tower-pdf

Storage size 16 MB!!!!
yet another 16MB flash device...

td32

In this release address list entry timeout option is broken! Entry is removed from address list randomly, but much more faster than specified amount of time

many have raised this bug but no answer yet, perhaps it will be fixed in the next bugfix

td32

Is there a notification problem withe the forum in the last days, i don't get notifications anymore about the subscribed topic? (on the user account icon in the top right there use to be a red sign).

td32

*) userman - added support for ARM and MMIPS platforms;

a miracle after 3 years

what a news...
so next step: support EAP

td32

create a mangle rule
preroute destination port 5060, action mark routing, l2tpvpn
then add a static route that points to l2tp interface with routing mark l2tpvpn

td32

The Mikrotik had a public IP and it wasn't doing any DHCP. It was working purely as a router. Not sure how will that help ? Thanks, The wireless Network was not doing DHCP. I just connect to it, but I don't get an IP from it. There is no way I can get in via the IP perhaps. if the wireless interfac...

td32

What if you assign a static ip to your windows client?

td32

never run btest on the same device you want to measure performance, you will get much lower results because btest consumes most of the cpu resources

td32

Wap by default won't let you connect through the ethernet port because it is configured as WAN. By default it has an open wifi AP, you can connect through wifi and it will let you connect with winbox, you can modify the firewall rules this way so that you can connect from the ethernet port in the fu...

td32

User-Manager does not support any EAP method
you can use freeradius on an external machine

td32

you must test final client(pc) to client(pc), testing is cpu hungry and running it on the same mikrotik device will not show real link results since cpu is used for generating traffic and the remaining for routing it.

td32

Hi, When adding a IP to an IP>firewall>address list with a timeout (say 4d 00:00:00) and adding a comment in 6.39.3, it drops off within 24hours (and not when the timeout is reached). Doing the same in v6.38.7 it doesnt drop off and continues to count down till its timeout is reached. I have tested...

td32

Well routeros is closed source.
You should look at lede/openwrt if you need to customize stuff (hardware compatibility and features)

td32

it seams the CRS is enough for your needs

Search found 83 matches