Community discussions

MikroTik App

Search found 93 matches

by majestic
Mon Dec 18, 2023 8:05 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253333

Re: v7.13 [stable] is released!

I don't have the Wireless Wire, but a CubeG-5ac60ad kit. Both have similar hardware. Updated both units the day 7.13 was released. 60G link has an uptime of over 3 days now. No issues so far, should be safe to update. I can confirm that Wireless Wire has upgraded successfully. It took approx 3-4 mi...
by majestic
Mon Dec 18, 2023 7:42 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253333

Re: v7.13 [stable] is released!

I don't have the Wireless Wire, but a CubeG-5ac60ad kit. Both have similar hardware.
Updated both units the day 7.13 was released. 60G link has an uptime of over 3 days now.
No issues so far, should be safe to update.
Thanks very much, guess its upgrade time, cheers again.
by majestic
Mon Dec 18, 2023 7:06 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253333

Re: v7.13 [stable] is released!

Upgraded my RB5009UPr+S+ successfully.

However, I am a little hesitant in upgrading my Wireless Wire (which is really two wAP60G). I was wondering if anyone has upgraded these safely?

Thanks in advance.
by majestic
Wed Mar 08, 2023 10:46 pm
Forum: General
Topic: Feature Request: Ed25519 SSH keys
Replies: 57
Views: 19780

Re: Feature Request: Ed25519 SSH keys

+1 this should really of been added in many years ago. This should not be too hard to implment.
by majestic
Fri Feb 24, 2023 8:33 pm
Forum: General
Topic: [Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"
Replies: 6
Views: 1266

Re: [Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"

Confirmed with Mikrotik support that there is a bug in 7.6 ROS with the RB5009UPr+S+IN which they managed to reproduce in their labs. This I am told will be fixed in the upcoming new release but no ETA on when this will be (yet). Thanks Mikrotik support for reproducing and creating a fix for this. ...
by majestic
Sat Dec 10, 2022 1:42 pm
Forum: General
Topic: Is missing connection-state=invalid hugely bad?
Replies: 10
Views: 8313

Re: Is missing connection-state=invalid hugely bad?

So you indeed have routing triangle which upsets connection tracking machinery on RB5009. Here's how it goes: device A (from local LAN, let's say its IP address is 10.29.10.200) tries to communicate with device B (beyond VPN tunnel , let's say its IP address is 10.19.255.200) ... or the other way a...
by majestic
Sat Dec 10, 2022 12:15 pm
Forum: General
Topic: Is missing connection-state=invalid hugely bad?
Replies: 10
Views: 8313

Re: Is missing connection-state=invalid hugely bad?

Thank you very much for your reply @mkx. So to get an idea of the layout, I am enclosing below: So we have a RB5009 which feeds this site, there are seveal vlans setup, nothing too special. A couple of remote ways into winbox/ssh and a server in the lan but all are ACL down to a few selected IPs. We...
by majestic
Sat Dec 10, 2022 2:18 am
Forum: General
Topic: Is missing connection-state=invalid hugely bad?
Replies: 10
Views: 8313

Re: Is missing connection-state=invalid hugely bad?

I can also bare witness that sometimes they can be valid when mikrotik believes they are not. Tonight I was debugging an issue where a site to site VPN done via netmaker on another server, which routes several blocks over, found that packets was being dropped. I can understand why because they didn'...
by majestic
Wed Nov 23, 2022 2:19 pm
Forum: General
Topic: [Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"
Replies: 6
Views: 1266

Re: [Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"

Confirmed with Mikrotik support that there is a bug in 7.6 ROS with the RB5009UPr+S+IN which they managed to reproduce in their labs. This I am told will be fixed in the upcoming new release but no ETA on when this will be (yet). Thanks Mikrotik support for reproducing and creating a fix for this. K...
by majestic
Tue Nov 22, 2022 12:28 am
Forum: General
Topic: [Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"
Replies: 6
Views: 1266

Re: [Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"

4th topic's the charm. File a bug report. Thanks, will do. Applogies, I didn't notice any others, my bad. I now see that you were refering to myself/posts. This was an accdent, the post wasn't submitting, so I was shrinking it down as I thought the code was causing the problem. I then found saving ...
by majestic
Tue Nov 22, 2022 12:11 am
Forum: General
Topic: [Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"
Replies: 6
Views: 1266

[Issue/Bug] RB5009UPr+S+IN suffering with log spam saying "etherX detected poe-out status: no_valid_psu"

Hi Guys, I have recently purchased a RB5009UPr+S+IN (https://mikrotik.com/product/rb5009upr_s_in) and configrued it tonight. I have this powered by a CISCO SG250-08HP POE Switch with POE power being sent though ether1 . Its has a bond (LACP) with ether1 and ether2 going back to the CISCO switch for ...
by majestic
Sun Nov 13, 2022 9:58 pm
Forum: Wireless Networking
Topic: Wireless Wire (product) dropouts
Replies: 1
Views: 447

Wireless Wire (product) dropouts

Hello Guys, Today I receved my Wireless Wire which was ment to get aorund a problem I have in my new home. Apartment was built around 1969, its not that big, around 59 square meters on single floor, but the walls are solid/, lighting/socket cabling is old, its in pyro, so powerline adpators are not ...
by majestic
Wed Sep 19, 2018 6:51 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 35
Views: 26034

Re: Public IP over a tunnel ( SOLVED )

One address or twelve, there's not much difference, you can use the same method, it will work.
Aye, confirmed myself with multiple addresses, works like a dream, thank you.
by majestic
Sat Sep 15, 2018 9:24 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 35
Views: 26034

Re: Public IP over a tunnel ( SOLVED )

I am using a Hetzner Cloud VPS and ive found using a single vCPU, you can get around 400MBits, which ant bad at all. Adding an additional CPU produces around 800Mits. It seems to be CPU limited due to encryption so im looking at tweaking it a bit and see if can get a bit more out of it. Does Hetzne...
by majestic
Sat Sep 15, 2018 9:22 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 35
Views: 26034

Re: Public IP over a tunnel ( SOLVED )

Wrong source address, if I understand correctly that it's 94.xxx.xxx.150, it must be caused by another srcnat/masquerade rule. Instead of adding another srcnat, it's better to use accept rule, to exclude 195.xxx.xxx.6 from srcnat completely. It doesn't need any, it already has correct address. IPv6...
by majestic
Sat Sep 15, 2018 2:44 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 35
Views: 26034

Re: Public IP over a tunnel

Hi Sob, One thing I have noticed is, the outgoing packets seems to have the wrong source address. If you say do a curl ifconfig.io you will see the public IP of the end point which you used the IP's from. Iv'e tried to add an SNAT rule but didn't help, I expect its because of the interface/way I tri...
by majestic
Sat Sep 15, 2018 2:10 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 35
Views: 26034

Re: Public IP over a tunnel ( SOLVED )

Hi @Sob,

On an additional note, you don't by any chance have a working IPv6 version of this?

This would need to be IPv6 over IPv4 i.e. for sites which don't have native IPv6 yet.

If you have anything which you wouldn't mind sharing I would really be apresahted.

Thank you.

Kind Regards,

Majestic
by majestic
Sat Sep 15, 2018 1:29 pm
Forum: Forwarding Protocols
Topic: Public IP over a tunnel ( SOLVED )
Replies: 35
Views: 26034

Re: Public IP over a tunnel ( SOLVED )

Hi Guys, Just wanted to chime in here, this works abosulty awesome and thank you so much @Sob for taking the time to share your solution. I am using a Hetzner Cloud VPS and ive found using a single vCPU, you can get around 400MBits, which ant bad at all. Adding an additional CPU produces around 800M...
by majestic
Sat Jun 24, 2017 4:33 pm
Forum: General
Topic: DHCP classless issues
Replies: 1
Views: 1270

DHCP classless issues

Hi Guys, I wonder if someone could be kind enough to point out what I am doing wrong. What I am trying to achieve is to set a classless route via DHCP as shown below. https://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server#Options Now what I am trying to do is the following.. VPN network/server Network...
by majestic
Mon Jun 12, 2017 2:59 pm
Forum: General
Topic: Feature Request: zerotier vpn
Replies: 32
Views: 17342

Re:

I don't understand why it is necessary or useful for routers. +1 I agree, it would be really useful as Mikrotik doesn't currently support dynamic multipoint VPN (DMVPN) or similar technology. Zeroteir is a really a very easy/user friendly DMVPN clone (of sorts) which a lot of people deploy when the...
by majestic
Sun Jun 04, 2017 1:29 am
Forum: General
Topic: SSTP: AES-GCM support, granular control of cipher suites.
Replies: 8
Views: 5262

Re: SSTP: AES-GCM support, granular control of cipher suites.

+1 This would be really helpful if ROS had AES-GCM support as theres a huge performance boot for all. That means lower hardware can achieve higher throughput which likely would be more cost effective.
by majestic
Thu May 25, 2017 5:09 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80708

Re: Feature request - DNSCrypt support...

Doesn't this supersede DNScrypt, plus, is now an accepted standard? https://tools.ietf.org/html/rfc7858 But it is still a very fresh RFC If you could add support for this, it would be great for everyone or even DNSCrypt which a lot of people use and is more common/known to them. Either would be acc...
by majestic
Mon Apr 03, 2017 6:51 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 4189

Re: Is routerOS and CHR capable of using Intel AES-NI?

Brilliant, thank you very much.
by majestic
Wed Mar 08, 2017 1:54 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 211519

Re: Blacklist Filter update script

Using RBL's crossed my mind but then the amount of traffiic would be the same like it is with BGP. When using DNS you will also have some traffic but the main part is distributed by external DNS severs as I see it. Distributed & cached which the cache will lower the amount of traffic needed. Ho...
by majestic
Tue Mar 07, 2017 8:47 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 211519

Re: Blacklist Filter update script

I have an idea how to bring back the traffic generated by the Blacklist. When I lookup sites I get sometimes a list of IP addresses back: Name: microsoft.com Addresses: 23.100.122.175 23.96.52.53 191.239.213.197 104.40.211.35 104.43.195.251 So if you can convert the list and put it in a DNS, then o...
by majestic
Tue Mar 07, 2017 8:36 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80708

Re: Feature request - DNSCrypt support...

I would also like to add my vote for DNScrypt support! I currently run a separate server for this.
likewise.
by majestic
Tue Feb 28, 2017 9:17 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 4189

Re: Is routerOS and CHR capable of using Intel AES-NI?

I actually had an 1100AHx2 connected with a 300mbps cable connection to a CHR on esxi/vmware using a Xeon ES-2650 @2.6Ghz. GRE+IPSEC AES-128-CBC. Could only manage around 100Mbps with connection tracking turned off and no QoS features.. Does that seem odd to you? I thought the 1100 could handle mor...
by majestic
Tue Feb 28, 2017 7:59 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 4189

Re: Is routerOS and CHR capable of using Intel AES-NI?

How is the performance? Mind if I ask what hardware you are using? I'm looking to do something similar. A hub and spoke set up using GRE+IPSEC. I'm hoping to find something for Spokes to get up ~300Mbps. The best ive tested so far was some HP desktop I found lying around, had an interl i3 processor...
by majestic
Tue Feb 28, 2017 4:30 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 4189

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors. Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC. HTH How is the performance? Mind...
by majestic
Tue Feb 28, 2017 3:56 pm
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 4189

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors. Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC. HTH How is the performance? Mind...
by majestic
Tue Feb 28, 2017 12:52 pm
Forum: Virtualization
Topic: RouterOS CHR + XenServer 7 does not resize disk
Replies: 1
Views: 3117

Re: RouterOS CHR + XenServer 7 does not resize disk

I have imported the CHR image to XenServer 7 but when it starts up for the first time, although it prints on console the resizing disks message, doing /system resource print shows it's still using the 128MB partition. Thats interesting, I am using XenServer 7 as well as CHR images with resized disk...
by majestic
Tue Feb 28, 2017 12:16 pm
Forum: Virtualization
Topic: x86 on XenServer?
Replies: 7
Views: 6097

Re: x86 on XenServer?

I am successfully running CHR on XenServer 7 without any issues... The free versions of x86 and CHR have different limitations. Since I am want to use this device for some bandwidth testing, the 1 Mbps limitation of CHR is too restrictive. I am also successfully running CHR on XenServer. The error ...
by majestic
Tue Feb 28, 2017 3:54 am
Forum: General
Topic: Is routerOS and CHR capable of using Intel AES-NI?
Replies: 11
Views: 4189

Re: Is routerOS and CHR capable of using Intel AES-NI?

Looking to see if routeros and CHR is able to use these instructions in the intel processors.
Can't be 100% certain but I do believe it does because the CPU usage which I see is extremely low and this is when i'm using the GRE+IPSEC VPN links which uses AES-256-CBC.

HTH
by majestic
Tue Feb 28, 2017 3:49 am
Forum: Virtualization
Topic: x86 on XenServer?
Replies: 7
Views: 6097

Re: x86 on XenServer?

I am successfully running CHR on XenServer 7 without any issues in a couple of data centres.

The image that I used was the VMware image (https://download2.mikrotik.com/routeros ... .37.4.vmdk), then just imported that directly into xenserver. Works perfect.

HTH
by majestic
Tue Feb 28, 2017 12:10 am
Forum: Forwarding Protocols
Topic: Second opinion two routers BGP/OSPF
Replies: 2
Views: 2941

Re: Second opinion two routers BGP/OSPF

@ZeroByte Thanks very much for all your tips, they have been a great help. I know this is a little late from when you originally posted this but with a little luck this will still get to you. After reading and re-reading what you have posted theres still a small thing I don't understand and I wonder...
by majestic
Sat Feb 18, 2017 9:23 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 25939

Re: v6.37.4 [bugfix] is released!

The filter rules have the selector ipsec-policy which you can set e.g. to ipsec-policy=in,none or ipsec-policy=in,ipsec to create rules that handle traffic that is not protected or traffic that is protected. You will need something like: add action=reject chain=input ipsec-policy=in,none protocol=g...
by majestic
Sat Feb 18, 2017 6:20 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 25939

Re: v6.37.4 [bugfix] is released!

I don't see this issue. make sure your firewall rules are correct. Without the proper rules it can sometimes work because dynamic rules are created on the outbound connection and the "established/related" rule then accepts the traffic in the other direction. However, this is not the prope...
by majestic
Sat Feb 18, 2017 12:51 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 25939

Re: v6.37.4 [bugfix] is released!

Anyone having an issue where ipsec tunnels connect, but don't seem to be passing traffic? Have to kill them a couple of times before they connect properly? I am also experiencing the same issue but it seems to happen completely random. It does not do it all the time and when it does, its not all of...
by majestic
Tue Feb 14, 2017 9:35 pm
Forum: General
Topic: [Q] Hetzner routing using Mikrotik (solved)
Replies: 1
Views: 2732

[Q] Hetzner routing using Mikrotik (solved)

Hi guys, Yesterday I grabbed a license (CHR) for one of my VM's running on Xen but I am having problems in connecting it to Hetzners network. As you might know that they use a subnet outside of the routed block and its locked to the core/physical machines MAC and usually you use the core box as a ro...
by majestic
Sun Feb 12, 2017 12:07 pm
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 25939

Re: v6.37.4 [bugfix] is released!

Majestic: it is a well known problem (at least in BGP) and it "will all be fixed in version 7".
Ahh thanks very much, glad its not me going mad ;)

I can live with it, just wanted to make sure mikrotik was aware.
by majestic
Sun Feb 12, 2017 11:55 am
Forum: Announcements
Topic: v6.37.4 [bugfix] is released!
Replies: 38
Views: 25939

Re: v6.37.4 [bugfix] is released!

Hi guys, Not sure if this is the right place to post this but as this is related to 6.37.4 I thought it be best here. If its in the wrong place, could a mod please move it, thank you. I believe I have found a "possible" bug in v6.37.4 [bugfix] release. It may also be present in other versi...
by majestic
Fri Feb 10, 2017 2:53 am
Forum: General
Topic: [Q] CHR license de-allocate/assign?
Replies: 0
Views: 788

[Q] CHR license de-allocate/assign?

Hi Guys, I wonder if someone with experience with the Cloud Hosted Router licenses could answer a few questions for me. I am currently running several different virtualisation platforms including OpenSource XEN, XenServer and KVM physical machines. Now I am in the process of moving all of them to Xe...
by majestic
Sat Jan 21, 2017 7:14 pm
Forum: Virtualization
Topic: â–ºOpenVZ VPS Gre Tunnel
Replies: 2
Views: 3872

Re: â–ºOpenVZ VPS Gre Tunnel

You need to talk to your VPS provider to see if they are willing to "tweak" their host node to allow you to add the gre interfaces into your VM. Assuming you can get them, its the same as linux to MT config nothings special. Give this info to your provider and they should if they are nice ...
by majestic
Tue Jan 17, 2017 9:23 am
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 39462

Re: v6.38.1 [current]

Latest for Mac hasn't been done yet... http://joshaven.com/resources/tools/winbox-for-mac/ Still stuck on 3.7.. wonder if joshaven hides out here somewhere, if so, would you be so kind and give us a 3.9 version when you get a few minutes. Thank you. **Update** I have just dropped joshaven a quick e...
by majestic
Mon Jan 16, 2017 7:06 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 39462

Re: v6.38.1 [current]

Latest for Mac hasn't been done yet... http://joshaven.com/resources/tools/winbox-for-mac/ Still stuck on 3.7.. wonder if joshaven hides out here somewhere, if so, would you be so kind and give us a 3.9 version when you get a few minutes. Thank you. **Update** I have just dropped joshaven a quick em...
by majestic
Mon Jan 16, 2017 6:23 pm
Forum: Announcements
Topic: Winbox 3.9 released!
Replies: 35
Views: 29619

Re: Winbox 3.9 released!

I agree having a native version for MacOS would be really nice to have as I am sure if you do a poll to see how many OSX users there are more then you think. Meanwhile the Wine version which is floating around works quite well, most of the time. You have to remember a lot of us and organisations do...
by majestic
Mon Jan 16, 2017 6:11 pm
Forum: Announcements
Topic: Winbox 3.9 released!
Replies: 35
Views: 29619

Re: Winbox 3.9 released!

I agree having a native version for MacOS would be really nice to have as I am sure if you do a poll to see how many OSX users there are more then you think. Meanwhile the Wine version which is floating around works quite well, most of the time. You have to remember a lot of us and organisations do ...
by majestic
Mon Jan 16, 2017 6:03 pm
Forum: Announcements
Topic: v6.38.1 [current]
Replies: 73
Views: 39462

Re: v6.38.1 [current]

Awesome for releasing this release so soon. Will see if I can test it out later tonight on my RB750Gr3's and will report back once its done and tested. I really hope the 6.38 bugs are squashed :)
by majestic
Sun Jan 15, 2017 2:56 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 211519

Re: Blacklist Filter update script

If external USB or SD disk available, NAND wearing can be avoided by write temporary files to them. PS. Downloading and executing rsc from not own server and/or by insecure channel look dangerous. May I please be so bold, whats the commands to change the temporary file storage location? I use a RB7...
by majestic
Sun Jan 15, 2017 2:48 am
Forum: Forwarding Protocols
Topic: [Q] OSPF Hiding link address in traceroute?
Replies: 0
Views: 1093

[Q] OSPF Hiding link address in traceroute?

Hi Guys, I am new to OSPF, but I have finally managed to get it working after reading much documentation about ospf and vpns. I have a small question to ask as I am not sure if its possible or not but I thought it would be worth asking nevertheless. What I would like to do is hide or change the IP a...
by majestic
Thu Jan 12, 2017 10:26 am
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 2688

Re: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

Privacy extensions is client-side stuff, so it can be easily disabled. But even when it's enabled, there's always the main address (with lower 64 bits based on MAC address) and it stays the same. You can tell your SSH client to bind outgoing connection to this addres (-b option) and it should not b...
by majestic
Thu Jan 12, 2017 10:22 am
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 2688

Re: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

IMO better would be to accept prefix and adjust the thinking for IPv6 - so, work with prefixes and get used to things. While many claim that IPv6 is just longer addresses - that is not so. There are quite a lot of other reasons why use IPv6 that are not so obvious when first time you configure and ...
by majestic
Wed Jan 11, 2017 10:07 am
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

Adding an extra repo wouldn't effect anything, wouldn't touch the existing versions available, it only would give users an alternative to install, I.e old stable. I agree! But the quoted question was not to add an extra version, it was about to replace the current bugfix-version. I support adding a...
by majestic
Wed Jan 11, 2017 10:00 am
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 2688

Re: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

SSH client uses (from Linux hosts) uses new temporary IPv6 address for each SSH session. You can check for the addresses via $ip -6 addr | grep temporary. That is a normal behaviour. Thanks for the reply, sadly your right, after doing some research it's called privacy setting or something and it au...
by majestic
Wed Jan 11, 2017 9:54 am
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

Please can 6.37.x be made the bugfix release? There has to be a convenient way to update routers to this version that proves to be quite stable, and avoid the current problems with 6.38 without having to go back to 6.36.4 No, please NOT!!! 6.36.4 is the only version which works with some older WIFI...
by majestic
Tue Jan 10, 2017 12:03 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

Please can 6.37.x be made the bugfix release? There has to be a convenient way to update routers to this version that proves to be quite stable, and avoid the current problems with 6.38 without having to go back to 6.36.4 Agree. It would be nice if after every new release that a new repo say called...
by majestic
Mon Jan 09, 2017 5:10 pm
Forum: Scripting
Topic: Backup to External FTP Useful script
Replies: 11
Views: 45630

Re: Backup to External FTP Useful script

Thanks very much for the script ideas, I was that impressed, I thought I would make myself a version of this to save locally onto my microSD and instead reinventing the wheel I decided to use some of your existing code and adjusted it to my purpose. Credit goes to the original author and if you want...
by majestic
Sun Jan 08, 2017 11:43 am
Forum: General
Topic: Improving VPN speed to remote sites (How to?)
Replies: 7
Views: 11430

Re: Improving VPN speed to remote sites (How to?)

Thanks very much for the information.
by majestic
Sat Jan 07, 2017 1:29 am
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 2393

Re: [Q] Rate limit single server's IP

Glad you found what you were looking for. There's always more than one way to "skin a cat."
Aye so it seems.

Now enjoying the best of both worlds :) fast track + rate limit = bliss :)

https://www.dropbox.com/s/bin0rbkam44s6 ... 5.png?dl=0
by majestic
Sat Jan 07, 2017 1:17 am
Forum: General
Topic: Improving VPN speed to remote sites (How to?)
Replies: 7
Views: 11430

Re: Improving VPN speed to remote sites (How to?)

Open VPN and SSTP are TCP based protocols.This limits your performance. IPSEC (with L2TP) performs better, especially if you reduce MTU to avoid the packet reordering bug. Reorder bug? what sort of MTU would you suggest? I am planing to start connecting all my data centre sites using IPSEC, GRE and...
by majestic
Fri Jan 06, 2017 11:15 pm
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 2393

Re: [Q] Rate limit single server's IP

Here's an older thread covering this very topic: http://forum.mikrotik.com/viewtopic.php?t=98133 Revelation, thank you so much for sending me that link again. I can confirm the answer is within that link that you kindly posted but as I am a nice guy, i'm going to post the exact config that I used t...
by majestic
Fri Jan 06, 2017 3:00 pm
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 2393

Re: [Q] Rate limit single server's IP

Here's an older thread covering this very topic: http://forum.mikrotik.com/viewtopic.php?t=98133 Thanks again, i've just had a read and about the third post from the bottom shows a way how I can do what I want and still keep fast track for the other connections. I am not at home right now but in a ...
by majestic
Fri Jan 06, 2017 2:51 pm
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 2393

Re: [Q] Rate limit single server's IP

Here's an older thread covering this very topic:

http://forum.mikrotik.com/viewtopic.php?t=98133
Thank you very much, reading now.
by majestic
Fri Jan 06, 2017 2:48 pm
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 2393

Re: [Q] Rate limit single server's IP

One thing I would check is to ensure you have fasttrack disabled. Oh I thought having fast track was good. Are you saying that you can't use fast track if your using any form of rate limit even if it's just for one IP? And fyi it's enabled. Typically fast track is good. When fast track is enabled, ...
by majestic
Fri Jan 06, 2017 1:29 am
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 2393

Re: [Q] Rate limit single server's IP

One thing I would check is to ensure you have fasttrack disabled. Oh I thought having fast track was good. Are you saying that you can't use fast track if your using any form of rate limit even if it's just for one IP? And fyi it's enabled. Will test by removing so a big ty for that tip. However do...
by majestic
Thu Jan 05, 2017 10:30 pm
Forum: General
Topic: [Q] Rate limit single server's IP
Replies: 10
Views: 2393

[Q] Rate limit single server's IP

Hi Guys, I have recently switched from my old router (RTN66U custom firmware) to a nice new Mikrotik RB750Gr3. Most of everything i've managed to setup but a few things I still haven't and this is one of those things that I haven't managed to. Ive been trying to get the same feature(s) which I used ...
by majestic
Thu Jan 05, 2017 6:28 pm
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 2688

Re: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

did you try running traceroute, did you check ipv6 neighbours. Can you reach the other end of the tunnel? Hi there, Thanks for the reply. Yes I did and I have just tracked down the issue. What the problem is that the IPv6 address is changing thus booting me off the SSH session. I only noticed this ...
by majestic
Thu Jan 05, 2017 11:45 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 211519

Re: Blacklist Filter update script

Hi there, I would be interested to know which source you are using to get this list of IP addresses to block? Would you care to share this? I would be interested to integrate the list you are serving into Blocklister ( Github ). Thanks for your help and keep up the good work! The OP said in a previ...
by majestic
Thu Jan 05, 2017 10:39 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 211519

Re: Blacklist Filter update script

If external USB or SD disk available, NAND wearing can be avoided by write temporary files to them. PS. Downloading and executing rsc from not own server and/or by insecure channel look dangerous. May I please be so bold, whats the commands to change the temporary file storage location? I use a RB7...
by majestic
Thu Jan 05, 2017 10:31 am
Forum: General
Topic: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.
Replies: 5
Views: 4197

Re: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.

Cool, thanks. That seems to rule out something platform specific to the RB750Gr3. Guess I'll need to strip the config down a bit more and see if it will kick in. Oh well, the little hAP Lite does 17Mbps with OVPN .. ok for proof-of-concept. If you purge your openVPN related bits from the firewall a...
by majestic
Wed Jan 04, 2017 10:18 pm
Forum: General
Topic: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.
Replies: 5
Views: 4197

Re: RB750Gr3 - OpenVPN Client - Works on other RB models, but not on this one.

I have been attempting to use the OpenVPN Client on the RB750Gr3, per this setup: https://support.hidemyass.com/hc/en-us/articles/204558497-Mikrotik-Client-Setup This works perfectly on a RB2011. This works perfectly on a hAP Lite (RB941-2nD). This does not work on a RB750Gr3. * The OVPN Client est...
by majestic
Wed Jan 04, 2017 9:15 pm
Forum: Beginner Basics
Topic: [Q] RB750Gr3 saving to microSD slot [issues]
Replies: 2
Views: 2126

Re: [Q] RB750Gr3 saving to microSD slot [issues]

/system backup save name="/disk1/backup"
Thank you very much. I must admit I never tried to put the full path in, this will save me keep dragging the backups to the right location on the microSD.
by majestic
Wed Jan 04, 2017 9:13 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 1006
Views: 1114260

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

I just wanted to say, thank you for the access to your test servers. Its helped me dearly to tweak my QoS rules so I can now saturate the line without breakups.
by majestic
Wed Jan 04, 2017 7:48 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

Hi Guys, I have just received another RB750Gr3 in the post today and I decided to update the firmware and rOS as the first things I do before configuring it. After doing the upgrade(s) I started to adjust the packages which are installed by default as there are a few which isn't so useful to me like...
by majestic
Wed Jan 04, 2017 5:14 pm
Forum: General
Topic: [Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router
Replies: 8
Views: 2688

[Q] IPv6 6in4 tunnel SSH woes using RB750Gr3 router

Hi Guys, I have a strange issue I thought I would see if anyone knows the answer. I have a 6in4 tunnel with an ISP I work for and since I have had this setup on my Mikrotik RB750Gr3, I have been experiencing timeouts on any of the servers that I connect into via SSH from the LAN. This only happens o...
by majestic
Wed Jan 04, 2017 3:03 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

Just upgraded my shiny new HEX (RB750GR3) from v6.37.3 to latest stable v6.38. Unfortunately it did not come back. Instead it keeps beeping every 10sec. I am not using any fancy stuff just natting between an telco edge router and my internal network. A reset did not work. Will try a Netinstall in a...
by majestic
Wed Jan 04, 2017 2:00 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

i get in logs a critical system error "memory overclocked"
Mikrotik has confirmed to ignore it if you haven't manually overlocked it. Its a feature they are improving on.
by majestic
Wed Jan 04, 2017 12:39 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

Really would appreciate you or others to confirm if there is a serious problem with this upgrade on RB750Gr3.

Thanks in advance.
I experienced no problems when upgrading my RB750Gr3 from version 6.37.3 to version 6.38
Thanks very much for letting me know.
by majestic
Wed Jan 04, 2017 11:38 am
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 63330

Re: v6.38 [current] is released!

Just upgraded my shiny new HEX (RB750GR3) from v6.37.3 to latest stable v6.38. Unfortunately it did not come back. Instead it keeps beeping every 10sec. I am not using any fancy stuff just natting between an telco edge router and my internal network. A reset did not work. Will try a Netinstall in a...
by majestic
Wed Jan 04, 2017 10:58 am
Forum: Beginner Basics
Topic: VPN stops working when server IP changes
Replies: 10
Views: 3720

Re: VPN stops working when server IP changes

For now I used dynu DNS instead of mikrotik's DNS address, and configured a script to run and update IP every 15 minutes. It would be nice to come up with a solution inside the mikrotik though, as networkfudge mentioned. Alternatively you may want to check this script posted by one of the users. ht...
by majestic
Mon Dec 26, 2016 7:44 pm
Forum: General
Topic: NTP client bug
Replies: 13
Views: 7091

Re: NTP client bug

Hi there, Try the following which is what I use here: /system ntp client set enabled=yes primary-ntp=195.66.241.2 secondary-ntp=129.250.35.250 Replace the IP's with whatever you want to use. These are ntp0.linx.net & 0.uk.pool.ntp.org which are the ones with the lowest latency for me. /system nt...
by majestic
Mon Dec 26, 2016 7:20 pm
Forum: General
Topic: Support for ACME/Let's Encrypt certificate management [SOLVED]
Replies: 114
Views: 71637

Re: Support for ACME/Let's Encrypt certificate management [SOLVED]

+1 for support, it would make things much easier for a lot of us.
by majestic
Mon Dec 26, 2016 1:54 pm
Forum: Beginner Basics
Topic: VPN stops working when server IP changes
Replies: 10
Views: 3720

Re: VPN stops working when server IP changes

I believe the OP is not referring that the connection drops because i'm sure he's aware that it would. What he's referring to is that he can't reconnect back to the VPN until he reboots the router. Im sadly am not a mikrotik expert as I am just starting out with them so I can't give you the exact co...
by majestic
Mon Dec 26, 2016 5:02 am
Forum: Beginner Basics
Topic: [Q] RB750Gr3 saving to microSD slot [issues]
Replies: 2
Views: 2126

[Q] RB750Gr3 saving to microSD slot [issues]

Hi guys, Today I received my all singing, dancing new router and I have a few questions/problems to ask. The main one is that as it has a microSD card slot, I've installed a nice new endurance 8GB microSD card into its slot. Now I have formatted it as ext3 which should be better then fat32 and it se...
by majestic
Sun Dec 18, 2016 11:05 pm
Forum: General
Topic: Feature request - DNSCrypt support...
Replies: 173
Views: 80708

Re: Feature request - DNSCrypt support...

Thanks, this is the first time ive seen this RFC being mentioned. Thank you. I was about to say +1 for adding this feature but to also to allow for custom dnscrypt installs (i.e support custom provider-key, provider-name and providor address) as a lot of us don't use OpenDNS or any other open public...
by majestic
Thu Dec 15, 2016 10:17 pm
Forum: Scripting
Topic: How to making scripts for measuring packet loss
Replies: 2
Views: 2072

Re: How to making scripts for measuring packet loss

The way we usully do exactly this on our networks is to use something called "Smokeping". Go here for more info: http://oss.oetiker.ch/smokeping

Out of the box it would do what you want i.e. monitoring an address, if that suffers XYZ packet loss to alert you via mail/script.
by majestic
Thu Dec 15, 2016 7:41 pm
Forum: RouterBOARD hardware
Topic: Is RB3011UiAS-RM suitable for VPN?
Replies: 7
Views: 9428

Re: Is RB3011UiAS-RM suitable for VPN?

Thank you mrz for your reply. This is more then fine for its curent uses. Right now they are mostly for home use and most of the lines are 80/20 with the aim to use them with PPPoE+OpenVPN+OPSF (so it will work out the shortest path/link) and from my understanding and reserch on your forum that it s...
by majestic
Thu Dec 15, 2016 6:51 pm
Forum: General
Topic: EoIP Weirdness
Replies: 6
Views: 1821

Re: EoIP Weirdness

Your very welcome.
by majestic
Thu Dec 15, 2016 6:50 pm
Forum: RouterBOARD hardware
Topic: Is RB3011UiAS-RM suitable for VPN?
Replies: 7
Views: 9428

Re: Is RB3011UiAS-RM suitable for VPN?

Thanks everyone. Just ordered a RB750Gr3 as suggested by Black and should be here just before christmas. Assuming this all goes well, I will be ordering 3-4 more as they should be perfect for VPN tunnels between the DC's as we don't curently need to push anything more then what they do right now. Go...
by majestic
Thu Dec 15, 2016 2:07 am
Forum: General
Topic: EoIP Weirdness
Replies: 6
Views: 1821

Re: EoIP Weirdness

At an educated guess, check the MTU as EoIP will add an overhead to the packet (forgot exactly how much from memory but a quick google will tell you). Personally from what your describing it sounds more like an MTU issue to me especially with the sites that you mention i.e. speedtest.net as its very...
by majestic
Thu Dec 15, 2016 12:44 am
Forum: RouterBOARD hardware
Topic: Is RB3011UiAS-RM suitable for VPN?
Replies: 7
Views: 9428

Re: Is RB3011UiAS-RM suitable for VPN?

Wow, thank you so much.

Just been looking now at the Hexv3 as you suggested..

https://routerboard.com/RB750Gr3

I am impressed, its less power, more vpn throughput and less money! can get three plus of these for price of one of the 3011. This is just perfect. Thank you.
by majestic
Thu Dec 15, 2016 12:26 am
Forum: RouterBOARD hardware
Topic: Is RB3011UiAS-RM suitable for VPN?
Replies: 7
Views: 9428

Re: Is RB3011UiAS-RM suitable for VPN?

Hi Guys, I trully am sorry for the late reply. For some reason I never had an email alert or anything so I wasn't aware that anyone replied. I just thought I would manualy check as its getting closer to time to buy and was plesently surpised that I had some replies. I wont make that mistake again :)...
by majestic
Mon Dec 05, 2016 11:46 am
Forum: RouterBOARD hardware
Topic: Is RB3011UiAS-RM suitable for VPN?
Replies: 7
Views: 9428

Is RB3011UiAS-RM suitable for VPN?

Hi Guys, I am contemplating on purchasing a "RB3011UiAS-RM" for use with connecting several VPN connections to home as well as sending all my traffic down to the main data center (VPN). First however, I have a few questions to ask before I place my order to make sure that it would be suita...