Community discussions

MikroTik App

Search found 1817 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7
by Jotne
Fri Oct 09, 2020 6:30 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 20
Views: 2843

Re: Torrent blocking working in y2020

If you go to some PitateBay proxy or other Torrent site they tell you to not download if you do not use a VPN, and with VPN your rules does not work at all.
by Jotne
Wed Oct 07, 2020 9:49 pm
Forum: Scripting
Topic: Script doensn't working on a router without Wireless
Replies: 5
Views: 429

Re: Script doensn't working on a router without Wireless

You need to declare variable before using set. I have no wifi router at the moment, so can not test it fully, but this runs without error on my test router: [ :local wifistatus :local registeredclients :local overalltxccq :local channel2 :local noisefloor :do { :if ([:len [/interface wireless find ]...
by Jotne
Mon Oct 05, 2020 8:19 pm
Forum: Scripting
Topic: Script modem reboot
Replies: 5
Views: 257

Re: Script modem reboot

If you can not figure out what the problem hang is, then change modem, change ISP.
Rebooting should not be needed.
by Jotne
Mon Oct 05, 2020 3:32 pm
Forum: Scripting
Topic: Script modem reboot
Replies: 5
Views: 257

Re: Script modem reboot

Here is the solution for you:
power adapter.jpg
http://www.networktechinc.com/control-power.html#tab-5

Connect this power adapter on the power for the modem. Then set it to auto ping an IP address.
If ping stops, then the adapter power cycle the modem.
by Jotne
Sat Oct 03, 2020 9:06 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 20
Views: 2843

Re: Torrent blocking working in y2020

So if the speed limit is 100 kph and I have a car that can run 200 kph, we need to close the road?
Torrent are not illegal, sharing copyright material are.
Closing one service just move user to another :)
by Jotne
Sat Oct 03, 2020 8:59 am
Forum: Scripting
Topic: Script doensn't working on a router without Wireless
Replies: 5
Views: 429

Re: Script doensn't working on a router without Wireless

on-error needs to be connected to the :do block, not the :if command My routers that do not have wifi accept the wireless command with out error so I do get: No active wifi interfaces Also use code tags <\> button while posting to more easy see the structure of your code (using tab) Since this code...
by Jotne
Sat Oct 03, 2020 8:31 am
Forum: Scripting
Topic: View log file
Replies: 3
Views: 222

Re: View log file

See my signature on how I do use Splunk to handle log files. I do not know how to use API.
by Jotne
Sat Oct 03, 2020 8:28 am
Forum: Scripting
Topic: Scripting Engine bug or am I missing something?
Replies: 2
Views: 167

Re: Scripting Engine bug or am I missing something?

This can not bee your whole script? It do miss an end }

You are using variable the wrong way, see my post yesterday here:
viewtopic.php?p=820135#p820135
by Jotne
Fri Oct 02, 2020 12:31 pm
Forum: Scripting
Topic: How to log Wireless Registration table information locally
Replies: 12
Views: 4678

Re: How to log Wireless Registration table information locally

I wanted to log Tx/Rx signal strength, Tx/Rx CCQ, Signal to Noise and some other parameter from Wireless Registration Table in a log file stored locally. Hi. If you look at link in my Signature, you will find link to Splunk with MikroTik. There you store all log information externally and graph it ...
by Jotne
Fri Oct 02, 2020 11:26 am
Forum: Scripting
Topic: Cool scripts
Replies: 2
Views: 265

Re: Cool scripts

- Commenting interfaces based on looking up the hostname of what is connected to a port on Bridge -> Hosts This should be easy to do, but what with: * Client do changes, so interface needs to be updated by a schedule and then interface name would change. * What if there are multiple clients? (Switc...
by Jotne
Fri Oct 02, 2020 10:57 am
Forum: Scripting
Topic: Need help picking Array Values []
Replies: 2
Views: 259

Re: Need help picking Array Values []

You are handling the variables the wrong way. Correct way are to declare the variable, set it and then print/log. I always use wrap code with [] and cut paste code to terminal to test it. So this does work: [ :local attackip :local logEntryMessage "<110.54.203.170>: user ppp1 authentication failed" ...
by Jotne
Tue Sep 29, 2020 3:00 pm
Forum: Announcements
Topic: v6.47.4 [stable] is released!
Replies: 67
Views: 14312

Re: v6.47.4 [stable] is released!

I cant install current frmwre to hAP lite "smips".
no space! =(
Install an older/smaller version of the software like 6.44.x then upgrade
by Jotne
Mon Sep 21, 2020 1:16 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 20
Views: 2843

Re: Torrent blocking working in y2020

Im uTorrent
Options->Prefences->BitTorrent-Protocol Encryption set it to Enabled, then test if your rule still blocks it.
by Jotne
Sun Sep 20, 2020 3:53 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

Did this solution work with splunk linux docker version as well ? In my case, splunk receives mikrotik syslog data but in this plugin shows no devices All message need to be tagged "MikroTik", so message should look like this using this search: index=* (section 2b) dns MikroTik : done query: #30835...
by Jotne
Tue Sep 15, 2020 11:31 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 270
Views: 69366

Re: v7.1beta2 [development] is released!

I guess you have opened the admin (web/winbox/ssh or other) from internet.
Do you use VPN or secure your ruter better.
by Jotne
Mon Sep 14, 2020 12:07 pm
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 39
Views: 8579

Re: v6.46.7 [long-term] is released!

Wow, i thought MT had forgotten the 6.46 train.
For long time it as not been listed under "ANNOUNCEMENTS" section, so you had to search for it to find it.
by Jotne
Fri Sep 11, 2020 11:16 am
Forum: General
Topic: Logging prefix is a mess
Replies: 6
Views: 2117

Re: Logging prefix is a mess

When using external logging tools like Splunk to analyse logs, this old and messy format gives a lot of extra work.
I have sent this request two times to MikroTik so they know about it.
by Jotne
Fri Sep 04, 2020 8:07 am
Forum: Announcements
Topic: v6.47.3 [stable] is released!
Replies: 50
Views: 9901

Re: v6.47.3 [stable] is released!

Note to self - never upgrade ROS unless you are on site.
That is why I always let it go some weeks before I upgrade, and only after testing it on a similar device that has same config and software version.
by Jotne
Wed Aug 26, 2020 7:47 pm
Forum: Announcements
Topic: v6.47.2 [stable] is released!
Replies: 90
Views: 16366

Re: v6.47.2 [stable] is released!

@trancenet and other regarding 5Ghz DFS legal compliance. This has nothing to do with 6.47.2 It was change several version back, so trancenet did only see this because he skipped many upgrade. No, I have always the latest (stable) version, I did not skip new updates. The problem appeared only after...
by Jotne
Tue Aug 25, 2020 10:23 pm
Forum: Announcements
Topic: v6.47.2 [stable] is released!
Replies: 90
Views: 16366

Re: v6.47.2 [stable] is released!

@trancenet and other regarding 5Ghz DFS legal compliance. This has nothing to do with 6.47.2 It was change several version back, so trancenet did only see this because he skipped many upgrade.
by Jotne
Mon Aug 24, 2020 10:31 pm
Forum: Announcements
Topic: v6.47.2 [stable] is released!
Replies: 90
Views: 16366

Re: v6.47.2 [stable] is released!

I will never update to a new version again! Did you try to setup the config from scratch, or did you just upgrade and it stopped working. I have seen some stuff changes when upgrade so you need to manually configure it to get it working. If 5 GHz did stops working for every one, 6.47.2 would be rem...
by Jotne
Mon Aug 24, 2020 12:06 pm
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

Instead of relay on an external service to get password, you can use this solution.
viewtopic.php?f=9&t=164114
by Jotne
Mon Aug 24, 2020 12:05 pm
Forum: Scripting
Topic: random wifi password
Replies: 19
Views: 15308

Re: random wifi password

Instead of relay on an external service to get password, you can use this solution.
viewtopic.php?f=9&t=164114
by Jotne
Mon Aug 24, 2020 11:50 am
Forum: Scripting
Topic: My Backup file contains malicious scripts
Replies: 4
Views: 500

Re: My Backup file contains malicious scripts

Do you have any admin possibility from the internet? If so that is a way inn. VPN is the only good solution for remote admin.
What version did your router have? Old version should be upgraded.
by Jotne
Fri Aug 21, 2020 8:22 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 270
Views: 69366

Re: v7.1beta2 [development] is released!

any hint on how to flash this on a HAP MINI? On previous beta, it said internal storage is not enough to upgrade... it's a brand new model, factory Do a search on this forum and you find many answer. Netinstall is one way. You can also downgrade to an older version that is much smaller, like some 6...
by Jotne
Fri Aug 21, 2020 10:41 am
Forum: Announcements
Topic: v6.47.2 [stable] is released!
Replies: 90
Views: 16366

Re: v6.47.2 [stable] is released!

hAP Lite - not enough space for upgrade
Downgrade to an older smaller version like 6.44, then upgrade to latest. PS this may give problem with your current configuration.
by Jotne
Tue Aug 18, 2020 11:00 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 8
Views: 2060

Re: [Script] Automatically change DNS if Pi-hole is no longer working

Can i change mac address automatically by script on every day?..
Yes it can be do.
Post it as a new question.
by Jotne
Tue Aug 18, 2020 11:22 am
Forum: General
Topic: Feature requests
Replies: 1278
Views: 289198

Re: Feature requests

If the reboot reason is written to the log before syslog is up and running, it will not send it out externally. So you need to look in local logs.
by Jotne
Tue Aug 11, 2020 8:23 am
Forum: Beginner Basics
Topic: Netwatch and SNMP monitoring
Replies: 2
Views: 723

Re: Netwatch and SNMP monitoring

I would think its better to use syslog for this.
In a script, run the ping test, if it fail, send a syslog to a monitoring system.

Have a look at my Syslog -> Splunk post linked in my signature.
by Jotne
Wed Aug 05, 2020 9:12 am
Forum: General
Topic: iOS14 "Use Private Address" Random MAC (Default) and Hotspot
Replies: 3
Views: 1338

Re: iOS14 "Use Private Address" Random MAC (Default) and Hotspot

It will see the IOS devices as a new device every time it changes its mac address. So if you have some in your system that are dependent of the mac address, it will break. That will be hostspot where you have whitelist mac, static IP for devices like i do ++ I did find this list: 1 Users are always ...
by Jotne
Sun Aug 02, 2020 3:10 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

It did work with 7.0 beta, have not had time to look at 7.1 Most negative thing with the new >= 7.0 beta 8 is that they have removed accounting. We now have to use Netflow to log detailed data. This gives around 10 times larger logs, and need extra port not just syslog port. Much more complicated se...
by Jotne
Fri Jul 31, 2020 7:42 am
Forum: General
Topic: DNS resolution vulnerability
Replies: 14
Views: 2417

Re: DNS resolution vulnerability

To all. Look at the date of the thread. For some reason alfred998 responded to a thread that is 1 1/2 year old. Where m4rk did not post his config. I guess he did see that and left the thread.
by Jotne
Thu Jul 30, 2020 8:17 am
Forum: General
Topic: Mikrotik OS 6.45.6 Hacked
Replies: 10
Views: 5809

Re: Mikrotik OS 6.45.6 Hacked

I guess you all had router opened for remote access using winbox, ssh, telnet or web access. Winbox was hacked some time back and are fixed in later version. (lots of scan was done to the winbox port 8291, so 2. in list below would have helped) VPN is the best option for remote access to the router....
by Jotne
Tue Jul 28, 2020 8:13 am
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

00:01:00
Every minute.
by Jotne
Tue Jul 28, 2020 8:10 am
Forum: Scripting
Topic: Loop through submenus [SOLVED]
Replies: 3
Views: 915

Re: Loop through submenus [SOLVED]

Why do you need to delete these filter/nat rules?
Post example comments.
by Jotne
Tue Jul 28, 2020 8:07 am
Forum: Scripting
Topic: Script to Reboot Routerboard
Replies: 16
Views: 39054

Re: Script to Reboot Routerboard

Adding reboot does just remove symptoms of a problem. Fix the problem. Upgrade to a good version.
by Jotne
Mon Jul 27, 2020 10:30 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

You need to try an test and learn some scripting.
I just give you idea on how to solve it.

your_profile need to be set to an real profile.
by Jotne
Mon Jul 27, 2020 8:15 am
Forum: General
Topic: Add emoji to the ssid name
Replies: 27
Views: 7203

Re: Add emoji to the ssid name

4) You will see it on your mobile phone:
And as well in Windows 10
Wifi.jpg
by Jotne
Mon Jul 27, 2020 8:05 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

Some like this?
{
:local new ([/certificate scep-server otp generate minutes-valid=0 as-value]->"password")
:interface wireless security-profiles set your_profile wpa2-pre-shared-key="$new"
}
by Jotne
Sun Jul 26, 2020 6:40 pm
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

If you use the time base password script it will be the same all time.
Did you try this?

viewtopic.php?p=807658
by Jotne
Sat Jul 25, 2020 9:35 pm
Forum: General
Topic: Add emoji to the ssid name
Replies: 27
Views: 7203

Re: Add emoji to the ssid name

Cool SSID showing up on your pc/phone.

Like this ssid:
I am happy :)
by Jotne
Sat Jul 25, 2020 4:56 pm
Forum: General
Topic: Add emoji to the ssid name
Replies: 27
Views: 7203

Re: Add emoji to the ssid name

And you tried with what version?
by Jotne
Fri Jul 24, 2020 5:46 pm
Forum: Scripting
Topic: One line password generation without fetch tool
Replies: 6
Views: 698

Re: One line password generation without fetch tool

wow, this was interesting. Seems to generate a random hex string on 20 character each time its run. Should be fine as a password. It seems to store each run in this view for some time: /certificate scep-server otp print # PASSWORD EXPIRES USED 0 677d57c658119f4f8804 0s no 1 bd4a331ef703af86d1ac 0s n...
by Jotne
Fri Jul 24, 2020 5:28 pm
Forum: Scripting
Topic: Script for mass reboot
Replies: 2
Views: 587

Re: Script for mass reboot

Why? Reboot should not be needed.
by Jotne
Fri Jul 24, 2020 3:21 pm
Forum: Scripting
Topic: Auto Delete User Script
Replies: 7
Views: 1654

Re: Auto Delete User Script

Problem with RouterOS is that it does not follow any standard time format. I have made a script that convert date/time to epoc that can be used to calculate time difference. This is some that MT should add as a standard.
by Jotne
Thu Jul 23, 2020 9:22 am
Forum: Scripting
Topic: Regular Expressions modificators?
Replies: 3
Views: 1381

Re: Regular Expressions modificators?

$str~"^OK(\r|\n|\r\n|\$)"
Since there are lots of or and it only match the \r\n
This could be used as well
$str~"^OK\r\n"
But it depends on your real input as well.
by Jotne
Wed Jul 22, 2020 8:43 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

Problem is that if you do use longer name, RouterOS starts to chop off characters. So to solve this MikroTik needs to modify the RouterOS.
This is why I in first post added sample on how to name the filter rules to have some contoll.
by Jotne
Mon Jul 20, 2020 11:32 pm
Forum: Beginner Basics
Topic: Webfig login hack
Replies: 14
Views: 3762

Re: Webfig login hack

I guess you post will be reported and deleted. Who do you expect someone reply to your post using this type of language. Starting by calling MT Routers a pieces of shit. A better question would be: I have a remote router (mine) that I have lost password to. Is there a way to enter it, maybe using a ...
by Jotne
Mon Jul 20, 2020 8:21 am
Forum: Scripting
Topic: Script that creates a new virtual AP
Replies: 1
Views: 625

Re: Script that creates a new virtual AP

This is not tested and my need some modification /interface wireless security-profiles add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\ Test supplicant-identity="" wpa2-pre-shared-key=[/system routerboard get serial-number] /interface wireless a...
by Jotne
Sat Jul 18, 2020 7:12 pm
Forum: Beginner Basics
Topic: Webfig login hack
Replies: 14
Views: 3762

Re: Webfig login hack

No there are no simple way to hack this stupid router. Its very secure.
by Jotne
Sat Jul 18, 2020 11:51 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

Since my script log events as info and you have this: add action=disk1 topics=critical add action=disk1 topics=error add action=disk1 topics= info You do tell that all info log should go to the disk as well. Why can you not give your ISP access to your Splunk? They will then get the same log as you ...
by Jotne
Fri Jul 17, 2020 11:41 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

Du a search like this to see if any data comes inn to splunk.
index=*
by Jotne
Fri Jul 17, 2020 8:45 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

The point with the script is to send all information using syslog. If you selet that log should be sent to disk, it will also go there. As far as I know, you can not split the logg saying that some should go to disk, some to memory and some to disk. I still do not understand why you need logs to dis...
by Jotne
Thu Jul 16, 2020 11:50 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

the files are showing on my disk because i have a rule that send the logs there
You have selected to write the logs to your disk so it will write it there. I do not understand the problem. Just remove the log to the disk?
by Jotne
Thu Jul 16, 2020 11:41 pm
Forum: Scripting
Topic: SoS ..small script needed
Replies: 2
Views: 616

Re: SoS ..small script needed

by the way iam using v5 of microtik
v5???
Its so old that you can not find v5 on the archive files: https://mikrotik.com/download/archive

Start by upgrading to some of the latest release.
by Jotne
Thu Jul 16, 2020 11:41 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

Thank you I going to try this somewhere in the next day's.
Should work as long as data gets inn to Splunk and are tagged correctly "MikroTik"
by Jotne
Thu Jul 16, 2020 11:35 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

is there a way to make the script output not be reflected on the memory or disk log?, only send it to the remote splunk server?
I do not see those files on my disk. Can you download one of them to your PC and list whats in the file?
by Jotne
Mon Jul 13, 2020 3:10 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 58331

Re: v6.47.1 [stable] is released!

Did not now that this was possible. Will test it out.
by Jotne
Sun Jul 12, 2020 12:40 pm
Forum: General
Topic: Monthly Reboot
Replies: 3
Views: 916

Re: Monthly Reboot

how to reboot the router monthly
Why?
by Jotne
Sun Jul 12, 2020 12:17 am
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 58331

Re: v6.47.1 [stable] is released!

I think this is broken in 6.47
What is this? Post info here, not a link..
by Jotne
Sat Jul 11, 2020 8:47 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 58331

Re: v6.47.1 [stable] is released!

Hi i dont believe that i will be able to upgrade my hex3. Only 4.9MiB free but nothing on the flash. Anybody an idea ? Im about 50km away from this box. I would downgrade to an older, much smaller version then upgrade to latest, but in your case that may give problem if you loose some function so t...
by Jotne
Sat Jul 11, 2020 11:40 am
Forum: Scripting
Topic: VK Basic Monitoring
Replies: 3
Views: 737

Re: VK Basic Monitoring

It would be fine if you edit first post and explain when you use it, for what and what is VK.
by Jotne
Fri Jul 10, 2020 2:25 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 147
Views: 58331

Re: v6.47.1 [stable] is released!

Great!
But Winbox CRASH DOWN, when Press + under System -> IPsec-> Policies.

Please fix that bug...
Its IP -> IPsec -> Policies not System and it works fine with Winbox 3.24 (latest)
by Jotne
Fri Jul 10, 2020 8:29 am
Forum: Beginner Basics
Topic: Port forwarding using DDNS doesn't work
Replies: 12
Views: 1947

Re: Port forwarding using DDNS doesn't work

This is wrong. Your are only the 10th this week with this error. :) /ip address add address=192.168.1.1/24 comment=defconf interface= ether2 network=\ 192.168.1.0 When using bringing, the IP should be on the bridge (or VLAN if that is used), not one of the interface belongs to the bridge. Correct /i...
by Jotne
Thu Jul 09, 2020 8:35 am
Forum: Scripting
Topic: Script to get interface WAN IP on PPPoE connections and DHCP connections
Replies: 2
Views: 689

Re: Script to get interface WAN IP on PPPoE connections and DHCP connections

This part fails: [/ip address get [find where interface=$ipgw] value-name=address] For my routers, interface does not show IP default-gateway 92.xxx.xxx.1 . So you can not use default-gateway to find what IP address you have on public interface. Example: /ip address print Flags: X - disabled, I - in...
by Jotne
Wed Jul 08, 2020 2:07 pm
Forum: Scripting
Topic: I need a script for SSID passkey using serial No.
Replies: 3
Views: 608

Re: I need a script for SSID passkey using serial No.

That is not to complicated to make: /interface wireless security-profiles add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=\ Test supplicant-identity="" wpa2-pre-shared-key=[/system routerboard get serial-number] This will create a security profil...
by Jotne
Tue Jul 07, 2020 8:56 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 126
Views: 50313

Re: v6.48beta [testing] is released!

*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v 6.46 ); *) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v 6.47 ); *) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v 6...
by Jotne
Tue Jul 07, 2020 12:50 pm
Forum: General
Topic: Feature request for v7.x
Replies: 280
Views: 75431

Re: Feature request for v7.x

Monthly traffic per interface. Dont tell me about graphing. Its not fine for me.
Log interface traffic counter to a syslog server. There you can see it number or you can graph it if you like.
See link in my signature on how to set up Splunk (syslog server) to log MikroTik Routers.
by Jotne
Tue Jul 07, 2020 8:08 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

@itforeverru

It looks like you are inn to some. Here is memory usage on MT 6.47 (running on a vmware)
This router only do DoH and used for testing only.
A reboot was done 5 July
Memory leak.jpg


My RB750Gv3 that is much more loaded, does not show this behaviour. 6.45.9
Memory leak2.jpg
by Jotne
Mon Jul 06, 2020 8:30 am
Forum: Wireless Networking
Topic: High Battery usage with 6.47 stable
Replies: 9
Views: 1980

Re: High Battery usage with 6.47 stable

On thing may create problem for you. You have added lan IP on an interface and not an bridge. You are not the first and for sure 100% not the last one to make this error. DHCP server is correctly configured on the bridge, so why did you miss the main IP? I guess you have upgraded from an older versi...
by Jotne
Mon Jul 06, 2020 8:10 am
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 20
Views: 2843

Re: Torrent blocking working in y2020

Block Bittorrent and P2P using latest MikroTik RouterOS 6.43.3
This was posted 5 Juli 2020. 6.43.3 is very old and far far from latest Router OS (from 18.10.2018). Latest stable 6.47 and long term 6.45.9
I would not have used this old version due to lots of missing security patches.
by Jotne
Fri Jul 03, 2020 8:43 am
Forum: General
Topic: L2TP VPN can not connect on Windows 10
Replies: 15
Views: 8808

Re: L2TP VPN can not connect on Windows 10

This is the solution:
Maybe you should write that this is in spanish?
Also no need for posting the same multiple places.
by Jotne
Fri Jul 03, 2020 8:39 am
Forum: Beginner Basics
Topic: Is a hEX (RB750Gr3) powerfull enough...
Replies: 6
Views: 1051

Re: Is a hEX (RB750Gr3) powerfull enough...

Its not important how many devices you have on the inside lan. A 100Mpgs internet line should be no problem for the router to handle.
by Jotne
Wed Jul 01, 2020 12:14 pm
Forum: General
Topic: LAN to LAN forwarding [SOLVED]
Replies: 62
Views: 8189

Re: LAN to LAN forwarding [SOLVED]

I need port based forwards so I can migrate one service at a time to my new server instead of having to migrate them all at once. The reason for different (and non standard) ports is that I have several instances of services already running in Docker on new server for test purposes. Send out inform...
by Jotne
Wed Jul 01, 2020 12:00 am
Forum: General
Topic: LAN to LAN forwarding [SOLVED]
Replies: 62
Views: 8189

Re: LAN to LAN forwarding [SOLVED]

@Diresta

Changing server may be an normal operation to do with new IP. This is why we have DNS. Just redirect DNS to new server.
But why do you need to change port? What services is this that you have on port 150 or port 10000? Not standard ports?
by Jotne
Mon Jun 29, 2020 10:19 am
Forum: General
Topic: missed up my firewall filter rules
Replies: 9
Views: 1406

Re: missed up my firewall filter rules

19 chain= input action=accept protocol=tcp dst-address=1.2.3.4 in-interface=wan dst-port=80 20 chain= input action=accept protocol=tcp dst-address=1.2.3.4 in-interface=wan dst-port=443 Where are IP 1.2.3.4 located? on the router it self? if not this will do nothing. Input chain is only used for tra...
by Jotne
Mon Jun 29, 2020 9:44 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

Script creating password based on time will never work on RouterOS. Send an request to MikroTik to add a random password generator.
by Jotne
Sun Jun 28, 2020 10:48 pm
Forum: General
Topic: Feature requests
Replies: 1278
Views: 289198

Re: Feature requests

option to specify multiple adress lists inside single firewall rule?
You can make a jump rule and add multiple rules to it, all with an address list. Not exactly the same, but should work.
by Jotne
Sun Jun 28, 2020 8:09 pm
Forum: General
Topic: Two networks over one cable
Replies: 3
Views: 897

Re: Two networks over one cable

Her in Norway, if I do use my ISP router, it will send data untagged VLAN to all my PC etc. Then IPTV goes on a separate VLAN. But if I change my ISP router to bridge, I will have one port on ISP router where my Router connects using NAT. Another port sends out IPTV on a tagger VLAN (not sure if it ...
by Jotne
Sun Jun 28, 2020 8:00 pm
Forum: Scripting
Topic: Need syntax help (interface --> interface list)
Replies: 4
Views: 955

Re: Need syntax help (interface --> interface list)

There is an error.
wrong:
:put [/interface/list get [find name=Double-WAN-List]
correct
:put [/interface get [find name="Double-WAN-List]" ] tx-byte]
No list and double quote.
by Jotne
Sun Jun 28, 2020 5:34 pm
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

Did you try the url in a browser?
https://www.random.org/passwords/\?num=1&len=20&format=plain&rnd=new
It seems that they have added some DDoS protection using java.
DDoS protection by Cloudflare

So it may prevent the download to work from Mikrotik.
Try to find another password site.
by Jotne
Sun Jun 28, 2020 5:26 pm
Forum: Scripting
Topic: Need syntax help (interface --> interface list)
Replies: 4
Views: 955

Re: Need syntax help (interface --> interface list)

Cut and past this to terminal. Do you get any output. :put [/interface find name=Double-WAN-List] If this is ok, try: :put [/interface/list get [find name=Double-WAN-List] Post output of /interface print detail Edit: It may be the hyphen - giving problems. Try to rename interface to DoubleWANList
by Jotne
Sun Jun 28, 2020 11:33 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

When you past it to terminal, you do wrap it on brackets? { }
{
your code
}
If not it will not work.

6.44.6 are getting some old. Oktober 2019. It should work with the script.
by Jotne
Sun Jun 28, 2020 9:46 am
Forum: Scripting
Topic: ASK [random wifi password generator]
Replies: 41
Views: 7499

Re: ASK [random wifi password generator]

I can not explain why a script stops working. Try to run it on the terminal to see what is going on.
Upgrade your RouterOS if you do run an older version.
by Jotne
Fri Jun 26, 2020 8:29 pm
Forum: Scripting
Topic: Export specific address list
Replies: 2
Views: 715

Re: Export specific address list

I can send the address list to Splunk using script. On Splunk you can do a lot of stuff with it. What is your goal?
by Jotne
Thu Jun 25, 2020 4:01 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

Script updated to 4.1 to get CAPsMANN inforamtion.

Read section 2f) if you like to use CAPsMANN function.
by Jotne
Thu Jun 25, 2020 2:13 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved

Splunk for MikroTik updated to v3.1 Mayor changes is the CAPsMAN view If you like to use the CAPsMAN, update script to 4.1 and add capsmann script fond in section 2f first post: To upgrade, delete the folder /splunk/etc/app/Mikrotik Then install the unpacked spl (use winrar/winzip) file, install app...
by Jotne
Wed Jun 24, 2020 8:51 am
Forum: General
Topic: NTP server with GMT DST
Replies: 12
Views: 1520

Re: NTP server with GMT DST

Hence why I was asking if you read the first post.
And my reply to that is you cant. NTP only sends UTC format. Its up to each device to stets the correct time zone.
If that can not be done on your devices, some I find very strange, you should complain to that hardware manufacture.
by Jotne
Wed Jun 24, 2020 8:45 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

I will make a view that shows total traffic in/out, what IP it does come from and what IP it goes to. That is not the problem. What I would like to know is what port is used, there i were the problem lays. Look at line 1 and line 2 in the above post. Both comes from same IP 193.212.a.a, both goes to...
by Jotne
Tue Jun 23, 2020 5:36 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

After talking more than one hour with a super spesialist in Netflow, I do start to get the grip on how things works. There are no way you can se in a Netflow packets, if its traffic returning from an started inside session or if it some from outside starting to sending inn data. You can look at port...
by Jotne
Tue Jun 23, 2020 1:16 pm
Forum: Scripting
Topic: How to get SNMP interface index in a script.
Replies: 4
Views: 814

Re: How to get SNMP interface index in a script.

If you look at my post over here you will see why. https://forum.mikrotik.com/viewtopic.php?p=801674#p801674 Netflow packet do contain what interface they are sent trough. Name of the filed is inputSNMPidx or outputSNMPidx. So I do know that with SNMP i can find the corresponding interface. line _ti...
by Jotne
Tue Jun 23, 2020 12:12 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Look at this table line _time src_ip s_port dest_ip d_port next_ip byte pacet prot in_if out_if 1 2020-06-23 10:50:11.280 193.212.a.a 42744 92.220.b.b 514 10.10.10.50 3903 35 17 1 2 0 2 2020-06-23 10:50:00.570 193.212.a.a 22 92.220.b.b 55774 10.10.10.32 1312380 2191 6 1 2 24 3 2020-06-23 10:50:00.54...
by Jotne
Tue Jun 23, 2020 11:16 am
Forum: Scripting
Topic: How to get SNMP interface index in a script.
Replies: 4
Views: 814

Re: How to get SNMP interface index in a script.

Hmm. This seems to be hard to solve.
Rotuer OS do send interface id in all netflow packets, but there are no easy way to get hold of them, since OID only shows it on the print command and not on the get command.
by Jotne
Tue Jun 23, 2020 8:09 am
Forum: Scripting
Topic: Useful scripts
Replies: 67
Views: 129372

Re: Useful scripts

Please only post script or comment for script here.
If you like a script, post a request here:
viewforum.php?f=9
by Jotne
Mon Jun 22, 2020 10:54 am
Forum: Scripting
Topic: How to get SNMP interface index in a script.
Replies: 4
Views: 814

How to get SNMP interface index in a script.

I need the SNMP_IDX for each interface in Router OS. This give me all interface { :foreach id in=[interface find] do={ :local Name [interface get $id name] :put "ifname=$Name" } } But to get the SNMP Index I need to use print, there are no get. Value i need are the last digit for all ODI :put [/inte...
by Jotne
Mon Jun 22, 2020 9:05 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Some more investigation. Snmpidx are the interfaces on the router. You can get it using SNMP like this: snmpwalk -v2C -c public 10.10.10.1 ifname IF-MIB::ifName.1 = STRING: ether1 IF-MIB::ifName.2 = STRING: Bridge1 IF-MIB::ifName.3 = STRING: ether3 IF-MIB::ifName.4 = STRING: ether4 IF-MIB::ifName.5 ...
by Jotne
Mon Jun 22, 2020 12:20 am
Forum: General
Topic: Disable port over snmp
Replies: 6
Views: 2474

Re: Disable port over snmp

Here is how to do it on a Cisco device:

Interface UP:
snmpset -v1 -c community hostname IF-MIB::ifAdminStatus.interface i 1
Interface DOWN:
snmpset -v1 -c community hostname IF-MIB::ifAdminStatus.interface i 2
by Jotne
Mon Jun 22, 2020 12:08 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

I will look at it. Should be doable to separate input/output like I did no the accounting dashboard. Maybe by looking at public/private net.
by Jotne
Sun Jun 21, 2020 9:41 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Maybe this should be an add on module for the MikroTik app since it would involve lots of extra stuff. Using wan IP as a trigger is not good enough, since this will change for many user and then you need to have some sort of auto update. But after looking at input_snmpidx and output_snmpidx (input/o...
by Jotne
Sun Jun 21, 2020 7:30 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

I got it up and running. Some more complicated when Splunk do not run as an admin (what I do recommend to do).
Not sure why there are so many low number on source port like 443. That is normal destination port. Will examine it, make a SPL search that graph it and post it here.
by Jotne
Sun Jun 21, 2020 5:35 pm
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 12
Views: 9143

Re: I did it! Script to compute UNIX time!

Good catch, fixed the original post.
by Jotne
Sun Jun 21, 2020 4:43 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Have not had time to look at much yet, but it look possible som complicated to set up. It have to much possibility, not sure of saved format is ok. I would like a small program that listen for netflow and save them one line at a time. Then Splunk can index it. System we have to day with just sending...
by Jotne
Sun Jun 21, 2020 2:52 pm
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1905

Re: Have I been hacked?

Did you use the Hotspot function?
by Jotne
Sun Jun 21, 2020 11:19 am
Forum: Beginner Basics
Topic: Use MikroTik as second router
Replies: 13
Views: 2093

Re: Use MikroTik as second router

@jotne: if the addresses were like in your example, then indeed there would be some weird stuff going on. However, OP's diagram (in initial post) indicates completely separate IP subnets and in that case, the effects you're describing don't happen. Did not catch that, but you are right. I would not...
by Jotne
Sun Jun 21, 2020 10:47 am
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1905

Re: Have I been hacked?

Some more analyses. I have expanded the script and renamed variables to make it some more readable. Firs script looks for a hotspot user with name Mikroticket and set current time/date and mac to the user. Then it seems to send information about the router (time/date/serial number etc) to an externa...
by Jotne
Sun Jun 21, 2020 9:29 am
Forum: Scripting
Topic: Have I been hacked?
Replies: 7
Views: 1905

Re: Have I been hacked?

What version of RouterOS do you have on your router? Can you administrate your router on internet using Winbox (or http/ssh/telnet)? Its clear that this is a hack, since no one would use variable name like this in normal programming: P6oHA7pLvicrO8ub2fa2 :local P6oHA7pLvicrO8ub2fa2 [/ip hotspot user...
by Jotne
Sat Jun 20, 2020 11:34 am
Forum: General
Topic: Block gamers UDP traffic
Replies: 14
Views: 2783

Re: Block gamers UDP traffic

I agree with pe1chl. Blocking every UDP may not help. You will end up with an unstable net, where stuff that should work does not work, and thing you try to block, just change from UDP to an TCP port. So if this an work place, make every one sign a contract, where misuse has consequences. Also do in...
by Jotne
Sat Jun 20, 2020 9:33 am
Forum: Scripting
Topic: Script makes a new line on every loop
Replies: 6
Views: 1315

Re: Script makes a new line on every loop

Not sure what your goal is. For me this give a text file with one IP pr line. And you need what?

No need for semicolon ; at the end of each line, only between commands on the same line.
by Jotne
Fri Jun 19, 2020 12:16 pm
Forum: Beginner Basics
Topic: Use MikroTik as second router
Replies: 13
Views: 2093

Re: Use MikroTik as second router

If your ISP Router has default gw of 192.168.88.1 Mikrotik has IP 192.168.88.2 and as a route 0.0.0.0/0 -> 192.168.88.1 Client with IP 192.168.88.55 has default gw 192.168.88.2 Then data going out will be redirected at MT to ISP router. When packet coming back inn, ISP will see the client on the sam...
by Jotne
Fri Jun 19, 2020 11:12 am
Forum: General
Topic: where can I create a script in RouterOS?
Replies: 11
Views: 7845

Re: where can I create a script in RouterOS?

I do see many struggle to get script to work on the terminal. Example if you cut and past this to terminal, you do not get anything out. But will work fine as a saved script. :local test "My script" :put $test To get it to work in the terminal wrap it in brackets {} { :local test "My script" :put $t...
by Jotne
Fri Jun 19, 2020 11:08 am
Forum: Beginner Basics
Topic: Use MikroTik as second router
Replies: 13
Views: 2093

Re: Use MikroTik as second router

To get queues to work traffic need to pass trough your Mikrotik.

ISP
-
Mikrotik
-
Clients

If you can not set ISP router in bridge mode, you will have double NAT, but other than that, most stuff should work.
by Jotne
Fri Jun 19, 2020 8:23 am
Forum: Beginner Basics
Topic: block Imo, Whatsapp, Viber in Mikrotik router
Replies: 3
Views: 913

Re: block Imo, Whatsapp, Viber in Mikrotik router

Blocking using DNS are easy to overcome. Just add a host mapping.
https://play.google.com/store/apps/deta ... ver.change
Want to help how to block Imo, Whatsapp, Viber in Mikrotik router.Please co-operate me.
Why?
Bandwidth limitation.
Governmental control.
Other.
by Jotne
Fri Jun 19, 2020 8:09 am
Forum: Scripting
Topic: RemoteWinBox [review]
Replies: 9
Views: 2187

Re: RemoteWinBox [review]

Updated post that any can just brute-force try to access it. If you have a weak password, it should not be hard to access the router, since all user/password will work and you can connect to the VPN connection from anywhere without two way authentication.
by Jotne
Fri Jun 19, 2020 12:32 am
Forum: Beginner Basics
Topic: IP-Cloud Dynamic IP WAN Behind Nat
Replies: 5
Views: 1709

Re: IP-Cloud Dynamic IP WAN Behind Nat

See my post here:
viewtopic.php?f=9&t=162583
by Jotne
Fri Jun 19, 2020 12:25 am
Forum: Scripting
Topic: RemoteWinBox [review]
Replies: 9
Views: 2187

Re: RemoteWinBox [review]

I tried this today and I was not able to get this to work.. You did copy past link to the Winbox software not to a browser? It sure is simple, but I'm less sure about security. If the posted config is all you get, then SSTP client will happily connect to any server provided by MITM. The attacker wo...
by Jotne
Fri Jun 19, 2020 12:22 am
Forum: Useful user articles
Topic: How to create an account for the wiki pages?
Replies: 8
Views: 1925

Re: How to create an account for the wiki pages?

How do we then flag articles on the wiki that need to be updated then?
Send an email to support@mikrotik.com
by Jotne
Fri Jun 19, 2020 12:20 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

I'm currently playing around with the PMACCT-packages and writing out some CSV-style files. (other formats possible too like json) This is interesting. CSV is perfect, and better than json since its smaller. Splunk app do show traffic accounting using the accounting on the Router it self and sends ...
by Jotne
Thu Jun 18, 2020 1:25 pm
Forum: Scripting
Topic: RemoteWinBox [review]
Replies: 9
Views: 2187

RemoteWinBox [review]

Disclaimer: I have nothing to do with RemoteWinBox and are not getting paid for this review. I do see this all over the forum. How to administrate my router over internet? My router are behind NAT, how to reach it for admin? My response to that is to use VPN. And if VPN can not be used or you have n...
by Jotne
Thu Jun 18, 2020 12:19 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

To see DNS loogs, your router needs to be the one and only DNS server.

Up time 1 is one day so it show 1. It also takes time (days) to get graphs for up time, so have a look after some days :)
by Jotne
Wed Jun 17, 2020 5:34 pm
Forum: General
Topic: Logging prefix is a mess
Replies: 6
Views: 2117

Re: Logging prefix is a mess

I can see that v7 beta has not fixed anything regarding log format.
by Jotne
Wed Jun 17, 2020 4:16 pm
Forum: RouterOS v7 BETA
Topic: Feature Request For Centrally Handling All Authentication Failures
Replies: 2
Views: 669

Re: Feature Request For Centrally Handling All Authentication Failures

For the user: no more parsing the logs via a lame script :-) This is were Splunk or other Syslog tools does it work. I have added various view to show different types of error logs. See my signature. But I agree that Splunk has a long way to clean up its logging system. Look at this post: https://f...
by Jotne
Wed Jun 17, 2020 11:02 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

DoH just moves your concerns from the ISP/Government to the DoH service provider. It all just depends on who you trust more.
Its a huge difference. I can choose between someone I know and some I do not know. How many can see my DNS request, I do not now, but with DoH I have some clue.
by Jotne
Wed Jun 17, 2020 10:05 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

And when it comes to it, I would rather Cloudflare have my data than my shitty government/ISP.
Maybe that the people here that do no like DoH DoT are ISP them self ;)
by Jotne
Wed Jun 17, 2020 9:56 am
Forum: Beginner Basics
Topic: IP-Cloud Dynamic IP WAN Behind Nat
Replies: 5
Views: 1709

Re: IP-Cloud Dynamic IP WAN Behind Nat

I do agree with @martinclaro. I use a L2TP/IPsec tunnel from the remote router to a sentral VPN. This way I can reach the router and configure it even if it behind some other NAT. Also VPN is one of the most secure way to configure a remote router over internet. Since SNMP can not sent trough NAT th...
by Jotne
Wed Jun 17, 2020 9:17 am
Forum: Scripting
Topic: Script for If enivorment = then do
Replies: 14
Views: 2102

Re: Script for If enivorment = then do

I think its the else that makes problem. Can not see in your script that you have set the macaddress. All variables needs to be set or declared. Do not use global variable if you do not need it. Only when passing data from one script to another or store the variable for later use. Even then you need...
by Jotne
Wed Jun 17, 2020 7:44 am
Forum: Scripting
Topic: Script for If enivorment = then do
Replies: 14
Views: 2102

Re: Script for If enivorment = then do

Not ok:
:if $provisionedstatus do={} else={/tool fetch url=<space>$configserver output=file; :log info "download provision"}
OK:
:if $provisionedstatus do={} else={/tool fetch url=$configserver output=file; :log info "download provision"}
by Jotne
Sun Jun 14, 2020 10:20 am
Forum: General
Topic: NTP server with GMT DST
Replies: 12
Views: 1520

Re: NTP server with GMT DST

Time zone is always set on the device. NTP just helps to correct the time.
by Jotne
Sat Jun 13, 2020 10:59 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 64961

Re: v7.0beta8 [development] is released!

So far I've not been able to find a free Netflow collector that actually works. Did try netflow for Splunk, but does not get it to work. It also add a new port to listen to, not only Syslog. Not sure if nteflow work over long internet connection. Why not just leave the working accounting that are i...
by Jotne
Sat Jun 13, 2020 10:54 pm
Forum: Scripting
Topic: i want remove variable in array
Replies: 7
Views: 2223

Re: i want remove variable in array

Delete " mar " from array " aaa " Loop trough the array, send to new array all except " mar " :local delete "mar" :local array [:toarray ""] :local aaa ([:toarray "jan,feb,mar,apr"]) :foreach i in=$aaa do={ :if ( $i!=$delete ) do={ :set array ( $array, $i ) } } :set aaa $array :put $aaa There may by...
by Jotne
Sat Jun 13, 2020 10:13 pm
Forum: General
Topic: Feature requests
Replies: 1278
Views: 289198

Re: Feature requests

This just add more to why block by country is not a good thing. Quality of search a service would never be high and you can bypass it using proxy/VPN. It looks like millenium7 like this to protect input chain that is used to admin the router. VPN should give the needed security.
by Jotne
Fri Jun 12, 2020 7:18 pm
Forum: General
Topic: No Internet on WIFI
Replies: 3
Views: 660

Re: No Internet on WIFI

/ip address add address=192.168.88.1/24 comment=defconf interface= ether2 network=192.168.88.0 This is wrong. Many, many have it wrong. If you look at DHCP server that is correct, it connected to the bridge. /ip dhcp-server add address-pool=dhcp disabled=no interface= bridge lease-script=":local DH...
by Jotne
Fri Jun 12, 2020 2:09 pm
Forum: Useful user articles
Topic: USB Outdoor temperature sensor
Replies: 16
Views: 7553

Re: USB Outdoor temperature sensor

Jotne's waveform? It's temperature: Day and night change...
My router is up in the attic, so outside temperature and sun on the roof makes nice sinus curves :)
by Jotne
Fri Jun 12, 2020 10:33 am
Forum: General
Topic: Feature requests
Replies: 1278
Views: 289198

Re: Feature requests

That would not be an 'input' chain, that would be forward chain. Then Is see what you do wrong. There should be no input rules coming from the outside using the input chain. VPN is the way to go if you need to access services on the router. If you can not use VPN to manage your router, follow this:...
by Jotne
Fri Jun 12, 2020 10:16 am
Forum: Scripting
Topic: bridge setup
Replies: 1
Views: 343

Re: bridge setup

I would say that is some dangerous thing to do.
Can be done, but you need to exclude ether1, bridge and possible other, like wlan, pppoe +++
by Jotne
Thu Jun 11, 2020 10:59 pm
Forum: General
Topic: Hairpin NAT: Is there a simple solution?
Replies: 25
Views: 4232

Re: Hairpin NAT: Is there a simple solution?

If you just have one web server and you have a DNS server on your router, you can add a static DNS entry to it. Example you server is www.cnn.com and internal IP is 192.168.88.10, then just add a DNS with that informatin. User on outside will use the public IP and user on inside will use the inside ...
by Jotne
Thu Jun 11, 2020 10:51 pm
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

Maybe that apple use a fixed IP like Chrome cast use 8.8.8.8 and not the DNS it gets from the DHCP.
This can be fixed by redirect all request to port 53 to your DNS server. Then Chrome Cast and other stupid devices that does not follow normal regulation will still work.
by Jotne
Thu Jun 11, 2020 10:48 pm
Forum: General
Topic: Feature requests
Replies: 1278
Views: 289198

Re: Feature requests

Hmm. here is a counter use-case: Imagine you have a service for users from your own country only. Then it makes sense to block all login attempts from any other country. Q.E.D. :-) And as I did write, how to access these services if the user are out travelling in another country? If I would like to...
by Jotne
Thu Jun 11, 2020 10:33 pm
Forum: Scripting
Topic: Editing a firewall rule using Net_RouterOS
Replies: 3
Views: 581

Re: Editing a firewall rule using Net_RouterOS

Id is just and internal value at the moment you search for some. You need to find the filter rule by using where and then some field that make it unique. Best way is to add an custom id to the comment field and then search for it. Example add a comment to the rule with some like this " AZ43 ", then ...
by Jotne
Thu Jun 11, 2020 2:44 pm
Forum: Scripting
Topic: Editing a firewall rule using Net_RouterOS
Replies: 3
Views: 581

Re: Editing a firewall rule using Net_RouterOS

.id are some temporary stuff in RouterOS and can not be used directly. Eks I see with /ip firewall filter print that rule I need to edit is marked 4. This I can not use. If I do use find like this (since I know the comment is drop ): :put [/ip firewall filter find where comment~"drop"] Same rule in ...
by Jotne
Thu Jun 11, 2020 2:33 pm
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 106
Views: 57381

Re: Winbox v3.24 released!

v3.24 has adjustable font size. in the loader, tools > zooom in
For me its not under tools, but under setting. You should name stuff the same on Windows/Mac :)
by Jotne
Thu Jun 11, 2020 8:48 am
Forum: General
Topic: SNTP vs GPS time accuracy [SOLVED]
Replies: 6
Views: 1191

Re: SNTP vs GPS time accuracy [SOLVED]

I would say it does not matter. GPS will give more exact time then NTP, but both are good enough to give you correct time. When going up the NTP chain three you will see that they uses GPS as well to get their time synced. https://www.masterclock.com/company/masterclock-inc-blog/network-synchronizat...
by Jotne
Thu Jun 11, 2020 8:38 am
Forum: Scripting
Topic: script that drops old ovpn connections
Replies: 1
Views: 365

Re: script that drops old ovpn connections

Not easy, since MT does not follow ieee standards on time format, that it makes it nearly impossible to calculate time difference. Take a look at this post on how to convert MT time format to Linux epoch format that you can use to convert it. Then it should be possible to calculate time difference. ...
by Jotne
Thu Jun 11, 2020 8:31 am
Forum: General
Topic: Feature requests
Replies: 1278
Views: 289198

Re: Feature requests

There are very good reasons for country blocking, first and foremost is for many people there's absolutely zero need to allow ANY kind of incoming traffic from overseas. You may think so. Take an example. On your server you have a small web server that is for you local bicycle club. There user can ...
by Jotne
Thu Jun 11, 2020 8:13 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

For those who have DoH configured with CloudFlare, does first test ""Secure DNS" shows to you as a green? https://www.cloudflare.com/ssl/encrypted-sni/ Thanks Yes. You need the certificate, check by type: /certificate print detail Flags: K - private-key, L - crl, C - smart-card-key, A - authority, ...
by Jotne
Thu Jun 11, 2020 8:03 am
Forum: Announcements
Topic: v6.45.9 [long-term] is released!
Replies: 83
Views: 63751

Re: v6.45.9 [long-term] is released!

Someone needs to tell Mikrotik that there is a bug in OSPFv3 (tested in 6.44.5, 6.44.6 and 6.45.8) when the router is experiencing high IPv6 traffic (1.5gbps here started to give problems).
You can do that: support@mikrotik.com
by Jotne
Wed Jun 10, 2020 12:07 pm
Forum: General
Topic: SNMP Number of DHCP lease used in pool
Replies: 7
Views: 2895

Re: SNMP Number of DHCP lease used in pool

"-Cc" flag to snmpwalk.
That did the trick. Thanks.
by Jotne
Wed Jun 10, 2020 11:45 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

Trail and error gave me the second certificate installed is the only needed one.
Name: cacert.pem_1
Issuer: OU=GlobalSign Root CA - R2,O=GlobalSign,CN=GlobalSign
by Jotne
Wed Jun 10, 2020 11:11 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

And from this list what is the root certificate needed for DoH to work? 1 T cacert.pem_0 GlobalSign Root CA ebd41040e4bb3ec742c9e38... 2 L T cacert.pem_1 GlobalSign ca42dd41745fd0b81eb9023... 3 T cacert.pem_2 VeriSign Class 3 Public... eb04cf5eb1f39afa762f2bb... 4 T cacert.pem_3 Entrust.net Certific...
by Jotne
Wed Jun 10, 2020 11:01 am
Forum: General
Topic: SNMP Number of DHCP lease used in pool
Replies: 7
Views: 2895

Re: SNMP Number of DHCP lease used in pool

To find the number of leases per scope you need to walk the .1.3.6.1.2.1.9999.1.1.6.4.1.4 OID and group/count the entries (the address is part of the OID, the value of each entry is the type static/dynamic/waiting). Seems to be a bug in RouterOS when getting DHCP information. I have around 200 addr...
by Jotne
Wed Jun 10, 2020 10:18 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

This contains GlobalSign Root CA - R2, among others, which is what dns.google uses: https://curl.haxx.se/ca/cacert.pem
This worked, but installed 137 Certificates :-o
Do I need all? Can I see what is use?
by Jotne
Wed Jun 10, 2020 10:06 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

What do you mean? How did you add a second DoH server?
Just as Sindy writes. Using a fail-over script to a second server.
What can also be done, is to setup three routes. One with two DNS points to the two other. Then the two other running each own DoH.
Will test the google cert
by Jotne
Wed Jun 10, 2020 8:19 am
Forum: Scripting
Topic: Skip a block if a command is failing in the script
Replies: 3
Views: 735

Re: Skip a block if a command is failing in the script

I did a copy past error in test script above. The true stat is used as an override if you do not use the function. Fixed the line. But this still does not work. If I add this to my script, nothing is run on a router without CAPsMAN local CAPsMAN true :do { /caps-man registration-table find :put "cap...
by Jotne
Tue Jun 09, 2020 10:43 pm
Forum: General
Topic: SNMP Number of DHCP lease used in pool
Replies: 7
Views: 2895

Re: SNMP Number of DHCP lease used in pool

I have skipped use SNMP, since I need to set up SNMP for each new router. Instead I make the router send me the data using Syslog, including DHCP pool information. See how to use Splunk with MikrotTik using link in my signature. Or click here to just show the DHCP example. https://forum.mikrotik.com...
by Jotne
Tue Jun 09, 2020 7:25 pm
Forum: Scripting
Topic: Enable, disable the rule in NAT using the button
Replies: 22
Views: 3189

Re: Enable, disable the rule in NAT using the button

id changes all the time and can not be used in any script. You need to find the id as part of the script when it runs.
by Jotne
Tue Jun 09, 2020 2:19 pm
Forum: Scripting
Topic: Skip a block if a command is failing in the script
Replies: 3
Views: 735

Skip a block if a command is failing in the script

I try to add CAPsMAN log to my Splunk script. Some like this :local CAPsMAN true :do { if ($CAPsMAN) do={ :local capsregistered ([/caps-man registration-table print count-only]) /caps-man interface :local name :local mac # ignore all master interfaces :foreach p in=[find where master-interface="none...
by Jotne
Tue Jun 09, 2020 9:04 am
Forum: Scripting
Topic: wireless info hw-info question
Replies: 3
Views: 760

Re: wireless info hw-info question

I would guess it can use all frequency between 4920 and 6100.
5825-5825 is between this number so no extra line is needed.
And for 2.4 GHz 2733-2483 can not be used, so therefor two lines.

I see the same number as you on my hAP ac2
by Jotne
Tue Jun 09, 2020 8:48 am
Forum: Scripting
Topic: Reading "value-name" from cli does not work as expected
Replies: 3
Views: 653

Re: Reading "value-name" from cli does not work as expected

Even some shorter, since you already are in correct location.
:put [/ip dhcp-client get [find comment="ISP2"] default-route-distance]]
by Jotne
Tue Jun 09, 2020 8:43 am
Forum: Scripting
Topic: Add to Address List
Replies: 6
Views: 953

Re: Add to Address List

Agree with pe1chl Scanning all ports will hit the one port that opens all. I have done the following. You need to knock three port in correct order withing certain time limit. If you try one port that is not part of the knock or is not open for a service, you will be added to a black list for 24 hou...
by Jotne
Tue Jun 09, 2020 8:34 am
Forum: Scripting
Topic: How to set the same field of all list members to the same value? [SOLVED]
Replies: 5
Views: 1384

Re: How to set the same field of all list members to the same value? [SOLVED]

Why do you run this in a loop? Just set the value for all at a time:
Ahh, thanks
Did not now you could set all in one go. I was just caught up in the first post.
This is even shorter with the not needed semi column at the ende :)
set [ find ] address=192.168.20.2
by Jotne
Mon Jun 08, 2020 7:54 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

You have done some liket this:
viewtopic.php?p=787643#p787643

Post output of /ip dns export
by Jotne
Mon Jun 08, 2020 12:19 am
Forum: Scripting
Topic: Enable, disable the rule in NAT using the button
Replies: 22
Views: 3189

Re: Enable, disable the rule in NAT using the button

Why on the computer?

Could this not be done with the button on the router.
Or a script that triggers the NAT change based on x,y,z

I try to see why you need to do this remote and not on the router itself.
by Jotne
Mon Jun 08, 2020 12:05 am
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

Best is to remove internet complete, than your are a lot more secure. :)
by Jotne
Sun Jun 07, 2020 11:37 pm
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

It like saying McDonalds is healthy, because you order a salad with you burger and sugary drink. And if you connect to the "free" Wifi in McDonald, the they can spy on all your DNS requests to see what the clients surf on when thy are there. A VPN is a better solution, but just shows that any can s...
by Jotne
Sun Jun 07, 2020 11:34 pm
Forum: Scripting
Topic: Enable, disable the rule in NAT using the button
Replies: 22
Views: 3189

Re: Enable, disable the rule in NAT using the button

>Why would you like to change the NAT rule?
I want to enable and disable from an application on a computer or phone
Why would you like to do that?

Also what button? Physical on the router or in a program on a computer?

I do try to see what you try to do. There may be other way to solve it.
by Jotne
Sun Jun 07, 2020 10:19 pm
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

You can argue that are free to choose a more private aware DNS servers but 99% will use Google and Cloudflare in the end....sounds of popping champagne bottles in the background. I was in Turkey last year, and there Wikipedia was blocked used DNS block. DoH agent om my PC solved this fine. Also I d...
by Jotne
Sun Jun 07, 2020 10:10 pm
Forum: Scripting
Topic: Enable, disable the rule in NAT using the button
Replies: 22
Views: 3189

Re: Enable, disable the rule in NAT using the button

Why would you like to change the NAT rule?
When would you change the rule?
What button do you like to use? The mode button on the router?
Could his be done using a script on the router?
by Jotne
Sun Jun 07, 2020 8:09 pm
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

do static entries have precedence over DoH? If yes, I'd rather use
I can confirm that it is. And agree that a static entry is a better solution.
by Jotne
Sun Jun 07, 2020 5:18 pm
Forum: General
Topic: DNS over HTTPS
Replies: 147
Views: 29721

Re: DNS over HTTPS

We did have a discussion about that over here: https://forum.mikrotik.com/viewtopic.php?p=798678#p798678 I have added a second DoH server. Did not find out how/where to get the certificate for it, so it will use Cloud Flare with certificate and google without. :local result yes :do {tool fetch url="...
by Jotne
Sun Jun 07, 2020 4:50 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

And now please explain me the idea behind hiding where you browse from your ISP or government when you can, but cowardly reverting to plaintext DNS whenever it fails. It not so much what I need, but more that I can do :) DNS is one of the things that ISP still has control over (until DoH and other ...
by Jotne
Sun Jun 07, 2020 4:18 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

Works perfectly, and thanks for the explanation of commands. Learning some new every day, even if I am not 20 any more :)
by Jotne
Sun Jun 07, 2020 3:35 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

Thanks. It seems to not work in the fail situation. If I cut an past this to terminal { :if ([ :do { tool fetch url="https://1.1.1.21/dns-query\?name=mikrotik.com%26type=A" output=file dst-path=result http-header-field=accept:application/dns-json } on-error={:nothing} ] = ";") do={ /ip dns set serve...
by Jotne
Sun Jun 07, 2020 2:03 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

Thanks sindy, your script works. But when I try to add commands to it, it does not work. :if ([:do {tool fetch url="https://1.1.1.1/dns-query\?name=mikrotik.com%26type=A" output=file dst-path=result http-header-field=accept:application/dns-json} on-error={/ip dns set allow-remote-requests=yes server...
by Jotne
Sun Jun 07, 2020 9:12 am
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

If I have DoH + normal DNS configured which one is used? Is there a fallback if DoH is inaccessible? Personally, since it's uncertain, I removed the normal DNS and set CF DoH only. I did comment this as well in the 6.47 thread. There are no way to see if the router uses DoH server or the DNS, so th...
by Jotne
Sat Jun 06, 2020 11:46 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

Wow DoH saved me from internet censorship. In your photo I can see that you are using DoH DNS with name, but there are no static or dynamic DNS to resolve its own DoH DNS name. In MikroTiks wiki example they suggest that you add 1.1.1.1 I do use IP instead of name to skip the extra "needed" dns ser...
by Jotne
Sat Jun 06, 2020 10:22 pm
Forum: Beginner Basics
Topic: What am I doing wrong for remote login?
Replies: 6
Views: 997

Re: What am I doing wrong for remote login?

VPN is the best way to administrate the router from a remote location. But if you can not use VPN 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good password. 4. Use access list to prevent any random internet from accessing yo...
by Jotne
Sat Jun 06, 2020 7:52 am
Forum: Wireless Networking
Topic: 4k over wifi
Replies: 35
Views: 5677

Re: 4k over wifi

# may/20/2020 16:37:30 by RouterOS 6.43.11
You are running an rather old version of RouterOS. You should upgrade to latest "long term" 6.45.9 or latest stable 6.47.
by Jotne
Sat Jun 06, 2020 12:32 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 64961

Re: v7.0beta8 [development] is released!

Did forget about Netflow. Will have a look at it.
I do see that this needs an extra input to work on my server. Accounting do work with Syslog that I already uses.
by Jotne
Sat Jun 06, 2020 12:00 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

No need to change the thread header. I may be better to start a new thread.
by Jotne
Fri Jun 05, 2020 11:48 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 64961

Re: v7.0beta8 [development] is released!

IP Acccounting is deprecated and removed from ROS v7.
What do I use then to get traffic data from each client that I do use in Splunk for MikroTik?
SNMP is not an option.

Script will then fail 100% if some do an upgrade to 7.x, since on-error seem to not handle this situation.
.
Accounting.jpg
by Jotne
Fri Jun 05, 2020 10:44 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 64961

Re: v7.0beta8 [development] is released!

/ip accouning is missing in latest beta. This breaks my Splunk script. :local AccuntData true # Get traffic data (accounting data) # ---------------------------------- if ($AccuntData) do={ # Test if fasttrack is enabled and give warning :if ([/ip firewall filter find where (action=fasttrack-connec...
by Jotne
Fri Jun 05, 2020 8:48 am
Forum: Beginner Basics
Topic: How can I block website / mp3 etc (string) without proxy ?
Replies: 5
Views: 1729

Re: How can I block website / mp3 etc (string) without proxy ?

/ip pool add name=dhcp_pool1 ranges=192.168.88.2-192.168.88.254 add name=dhcp_pool2 ranges=192.168.88.2-192.168.88.126 add name=dhcp_pool3 ranges=192.168.88.2-192.168.88.126 You have some error in your config. These three pools are overlapping or duplicate. I guess you only need the first line. It ...
by Jotne
Fri Jun 05, 2020 8:37 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

I do think that is a better solution. It clear where DNS go, since you only have DoH configured. Wiki should at least be updated with that no password are needed.

Are there option to use other DoH than Cloudflare?
by Jotne
Fri Jun 05, 2020 8:15 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

Everyone - DNS wiki page has been updated - https://wiki.mikrotik.com/wiki/Manual:IP/DNS#DNS_over_HTTPS Just a comment to the Wiki that it does miss some information. When importing the certificate, you are asked for a password phrase. This is not mention in the Wiki and it not clear for me when to...
by Jotne
Thu Jun 04, 2020 10:02 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

2. When I exported my settings with command export file=yyyy-mm-dd-export all ports are exported with speed=100Mbps , so the export looks like: set [ find default-name=ether15 ] speed=100Mbps set [ find default-name=ether16 ] speed=100Mbps set [ find default-name=ether17 ] disabled=yes speed=100Mbp...
by Jotne
Thu Jun 04, 2020 8:12 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

i have no idea how to make more free space...
hAP lite
Install an older smaller image, then upgrade to latest.
by Jotne
Thu Jun 04, 2020 4:24 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 64961

Re: v7.0beta8 [development] is released!

Test this instead:
/ip dns
set allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query
Looks like your router does not resolve the name for cloudflare-dns.com
by Jotne
Thu Jun 04, 2020 2:23 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 64961

Re: v7.0beta7 [development] is released!

Does it work without certificates? Just to test the DoH to see what is wrong?
by Jotne
Thu Jun 04, 2020 2:19 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 64961

Re: v7.0beta7 [development] is released!

DoH works fine for me.

Just added
https://1.1.1.1/dns-query
Did not select "Verify DoH Certificate" since this is just a test.
by Jotne
Thu Jun 04, 2020 8:43 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

My hAP ac2 did upgrade without problem to 6.47.
I guess you now that you have to select stable in channel to see the upgrade?
by Jotne
Thu Jun 04, 2020 8:24 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Script updated to 4.0 Removed double stuff Added write-sector-total PS script can be updated without update Splunk software. Here is an example view on write sector increase last 10 hour that will be included in Splunk for MikroTik 3.1 * 10.10.10.1 hEX 6.45.9 (will have a look at this after upgrade ...
by Jotne
Thu Jun 04, 2020 8:14 am
Forum: General
Topic: How to block AnyDesk (TeamViewer analog)?
Replies: 3
Views: 1019

Re: How to block AnyDesk (TeamViewer analog)?

Blocking IP may can give problems. Example AnyDesk server is on a big amazon server with hundreds of other web servers. Then you block them all.
by Jotne
Thu Jun 04, 2020 8:12 am
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

you can go to https://1.1.1.1/dns-query using the web browser
There are no webpage opening at this url.
by Jotne
Thu Jun 04, 2020 8:01 am
Forum: Scripting
Topic: Script not Running
Replies: 5
Views: 1049

Re: Script not Running

Script /ip firewall filter move 2 destination=11; Schedule /system script run script1; Semicolon at the end of the line has not been needed for many years, and will not help here. You should not use ID number for anything in the script since its temporary and is not the same as the number you see i...
by Jotne
Wed Jun 03, 2020 11:00 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

Why?

Do you thing my ISP opens up the https packets and look for DNS packets?
I will add certificate later. This was just for testing purpose, since DoH was just released.
by Jotne
Wed Jun 03, 2020 10:52 pm
Forum: General
Topic: Add DNS over HTTPS (DoH) support
Replies: 135
Views: 96280

Re: Add DNS over HTTPS (DoH) support

I did not use any certificate, just added:
/ip dns
set allow-remote-requests=yes use-doh-server=https://1.1.1.1/dns-query
One line only for DNS and it works fine.
by Jotne
Wed Jun 03, 2020 10:45 pm
Forum: Beginner Basics
Topic: Set multipe DHCP severs on Bridged Interface
Replies: 9
Views: 1511

Re: Set multipe DHCP severs on Bridged Interface

@anav
It may be a very small animal hospital :)
" DHCP server cannot run on slave interface". How can i set DHCP on them ?
What version of routerOS do you run on the router. The message above may tell that its rather old, and it may be at risk security wise.
by Jotne
Wed Jun 03, 2020 10:15 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Sorry to waste your time over this!
No problem. You have not done anything wrong, just in another way. :)
I will add a comment about in the DHCP view, that if you add static release outside the pool,but within the subnet, i will give wrong number.
by Jotne
Wed Jun 03, 2020 10:01 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

Interesting. I see this is a way you can handle DHCP, and it will confuse the system. Its not easy to take inn to account every possibility. In my work (20000 + computers 2500+ servers), we have only DHCP, and all server IP are within the DHCP scope. But we to convert DHCP leases to static for all t...
by Jotne
Wed Jun 03, 2020 8:50 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

There may be some wrong with that part. Its on part of the script that is not made by me ;) For me it looks correct /ip pool print # NAME RANGES 0 DHCP-Pool-vlan1-Home 10.10.10.55-10.10.11.254 Then the script shows this: script,info MikroTik: script=pool pool=DHCP-Pool-vlan1-Home used=158 total=455 ...
by Jotne
Wed Jun 03, 2020 4:22 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

You can copy all files you have modified to another folder. Remove all MikroTik files, install 3.0, then restore your files. Its also possible to use 7-zip/winrar to extract all the files from 3.0 manuall, then add one by one. If your edit is interesting for other, you could send me them, and I coul...
by Jotne
Wed Jun 03, 2020 7:57 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

system,error,critical error while running customized default configuration script: no such item system,error,critical Same here, after update to 6.47 my RB4011iGS+5HacQ2HnD-IN and cAP Ac.. Antena gain was gone.. See this post https://forum.mikrotik.com/viewtopic.php?p=797466#p797466 MT We added an ...
by Jotne
Tue Jun 02, 2020 10:16 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 95949

Re: v6.47 [stable] is released!

My hope.
6.46 - > long term
6.47 - > stable
6.48.. no, no more 6 series
7.01 - > testing
by Jotne
Tue Jun 02, 2020 11:14 am
Forum: RouterOS v7 BETA
Topic: Ac 2 never came back to life after update to ros7 [SOLVED]
Replies: 6
Views: 2068

Re: Ac 2 never came back to life after update to ros7 [SOLVED]

Do a google search for "netinstall mikrotik tutorial"
by Jotne
Tue Jun 02, 2020 8:35 am
Forum: RouterOS v7 BETA
Topic: Feature Request: Data usage
Replies: 7
Views: 1649

Re: Feature Request: Data usage

Problem is to store log data on the routers. Some routers does nearly have space free at all.
It simple and free (upp to 500MB log a day) to setup a Splunk server. Se link in my signature. (I do use 30 min)
by Jotne
Tue Jun 02, 2020 8:28 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 70
Views: 16977

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I have honey-pot IP addresses, anything that attempts to connect to them, gets their IP added to the block list, these addresses have never been used, so nothing legitimate would have any reason to try and connect. I do nearly the same. Since I do not have an extra public IP, I have and access rule...
by Jotne
Mon Jun 01, 2020 12:04 pm
Forum: General
Topic: Log catch and analyze tool
Replies: 8
Views: 2579

Re: Log catch and analyze tool

Also do not add link to the forum. Click the Attachments below the post and add the file/picture to the post.
All your links are dead/down.
by Jotne
Mon Jun 01, 2020 10:15 am
Forum: Wireless Networking
Topic: How to measure WiFi performance from a Mikrotik AP to a Mac? [SOLVED]
Replies: 6
Views: 1578

Re: How to measure WiFi performance from a Mikrotik AP to a Mac? [SOLVED]

Just some posting tip. :)

No quote the post above you. Only quote some part if needed. Use the "Post reply" button (below) instead.
No multipost. If you add some information, just edit previous post if someone has not posted in between. Bump is ok if someone has not replied on some time.
by Jotne
Mon Jun 01, 2020 8:15 am
Forum: Beginner Basics
Topic: How to block SSH attackers after 3 bad logins?
Replies: 19
Views: 8956

Re: How to block SSH attackers after 3 bad logins?

If you do not access your router from outside using SSH and there are not NAT rules for SSH, you do not need to worry to much. They will not get inn to you. Here is what I do. If your try one port on my outside that are not open, example port 22, then your IP will go to a black list and stay there f...
by Jotne
Mon Jun 01, 2020 7:59 am
Forum: Beginner Basics
Topic: does winbox use ssh for connection ? [SOLVED]
Replies: 2
Views: 907

Re: does winbox use ssh for connection ? [SOLVED]

Are you going to use winbox on the outside interface? If so, do use VPN (but not PPTP) to secure the connection. If you can not use VPN, then: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good password. 4. Use access list to ...
by Jotne
Mon Jun 01, 2020 12:28 am
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 2456

Re: Help with firewall

Seems that you are running some old software 6.44 and the older system with master port and IP bind to that port (ether2). If you do have many VPN services up and running. PPTP LT2P SSTP. Turn off all you do not need. One should do for for all types (not PPTP since no security) I see various rules d...
by Jotne
Sun May 31, 2020 8:07 pm
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 2456

Re: Help with firewall

Where are your config?
And why two threads?
by Jotne
Sun May 31, 2020 7:47 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 4250

Re: three newbie questions [SOLVED]

that didn't work.
Not sure what the problem is. The user in this tread changed his IP without problem.
viewtopic.php?f=7&t=161687
by Jotne
Sun May 31, 2020 7:38 pm
Forum: Scripting
Topic: Accessing to ISP's modem with Scripting?
Replies: 3
Views: 1078

Re: Accessing to ISP's modem with Scripting?

If you do use the MT cloud service you can use this command to get your public IP.
:put [/ip cloud get public-address]
by Jotne
Sun May 31, 2020 7:15 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 8
Views: 2060

Re: [Script] Automatically change DNS if Pi-hole is no longer working

Here is my version of DoH server not working any more. Thanks again for the idea. Added logging when things change. I love to log everything (see my signature) :local currentDNS [/ip dns get server] :local DoHDNS "192.168.20.10" :local backupDNS "8.8.8.8,1.1.1.1" :local testDomain "www.google.com" :...
by Jotne
Sun May 31, 2020 6:43 pm
Forum: Scripting
Topic: [Script] Automatically change DNS if Pi-hole is no longer working
Replies: 8
Views: 2060

Re: [Script] Automatically change DNS if Pi-hole is no longer working

Thanks for the script. I do see a use for it in my case. I have a DoH server running separately on an MT running 6.47 beta. On my main MT Router i have one DNS point to that DoH MT router. If add a second DNS on main router, that will be used without going trough the DoH server. So I can use the scr...
by Jotne
Sun May 31, 2020 8:35 am
Forum: Wireless Networking
Topic: rb4011or rt5300ac
Replies: 14
Views: 2471

Re: rb4011or rt5300ac

IP on bridge now looks correct.

Do past you code in code tags. Select you code text a click the code button </>
by Jotne
Sun May 31, 2020 1:12 am
Forum: Wireless Networking
Topic: rb4011or rt5300ac
Replies: 14
Views: 2471

Re: rb4011or rt5300ac

/ip address add address=192.168.88.1/24 comment=defconf interface=ether2 network=\ 192.168.88.0 This is wrong. your main ip should be on the bridge and not on an interface, when that interface is part of a bridge, same as you correctly configured DHCP server /ip dhcp-server add address-pool=dhcp di...
by Jotne
Sat May 30, 2020 11:46 pm
Forum: General
Topic: Log filtration
Replies: 2
Views: 648

Re: Log filtration

I do not think you can just remove parts of log for one user. If you have remote scripts that do log in to the router and does stuff, it will be logged. This is way I removed all remote script and also SNMP, and instead made the router itself sending out all that you need to monitor my rotuers. Look...
by Jotne
Sat May 30, 2020 11:43 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 4250

Re: three newbie questions [SOLVED]

Are you saying that I just enter this and the old one is overwritten?
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
Yes. You may loose contact with the router, but you should be able to reconnect.
by Jotne
Sat May 30, 2020 11:04 pm
Forum: Beginner Basics
Topic: Using hex as switch?
Replies: 9
Views: 1668

Re: Using hex as switch?

All MT devices with more than on part can run fine as Switches. Just configure all part inn to one bridge group, and add IP if admin is needed.
Can not comment about the speed of it, but I think it should do well.
by Jotne
Sat May 30, 2020 10:57 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 4250

Re: three newbie questions [SOLVED]

This IP is the main internal IP of the router. When you do have a bridge, you do connect DHCP/IP etc to the bridge, not to an interface part of the bridge. So not like this: /ip address add address=192.168.88.1/24 comment=defconf interface= ether2 network=192.168.88.0 But like this: /ip address add ...
by Jotne
Sat May 30, 2020 10:51 pm
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 2456

Re: Help with firewall

If you do use PPTP, you should change to L2TP/IPSec.
If you do not use PPTP, you should disable it.

Post your config here.
/export hide-sensitive
Cut and past it in a post and wrap it in code block. Select your code and click the </> button.
by Jotne
Sat May 30, 2020 9:34 pm
Forum: Scripting
Topic: Script needed
Replies: 8
Views: 2028

Re: Script needed

I do suggest you create a new thread. Not all are equal good to create an informative title.
So for example. Need a script to move IP from one address list to another.
And in new thread also specify what criteria needed to move the IP addresses.
by Jotne
Sat May 30, 2020 10:41 am
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7774

Re: V7 questions?

I do agree with anav, asking for syn packets in a "V7 question" topic is a bit off. Better to start another thread.
by Jotne
Fri May 29, 2020 8:55 pm
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 4250

Re: three newbie questions [SOLVED]

Yeah I'm pissed Jotne obscured the process ...........
Uff, that was not my intention :mrgreen:
by Jotne
Fri May 29, 2020 9:38 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2515

Re: Think i'm being attacked

192.168.88.0/24 and 172.16.22.0/24 are both c net. 256 Address.
Was just asking since your scope was so small :)

172.16.0.0/16 is a b net

10.0.0.0/8 is a a net
by Jotne
Fri May 29, 2020 9:27 am
Forum: General
Topic: RouterBOARD 750G r3 no HW Offload ?
Replies: 10
Views: 1673

Re: RouterBOARD 750G r3 no HW Offload ?

Yes I do use VLAN, did forget abut this table :)
by Jotne
Fri May 29, 2020 9:25 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.1 (Graphing everything) Topic is solved
Replies: 362
Views: 139464

Re: Tool: Using Splunk to analyse MikroTik logs 3.0 (Graphing everything) Topic is solved

This is some wrong:
sourcetype=mikrotik counter>0  |chart values(counter) by name
Buts not easy to fix when I do not see the real log data.
Sent you a private message.
by Jotne
Fri May 29, 2020 8:54 am
Forum: General
Topic: Run a script if a firewall rule is triggered
Replies: 8
Views: 1623

Re: Run a script if a firewall rule is triggered

Not a simple solution, but I do monitor lots of stuff using Splunk (see my signature) There is a specific view that show all filter rule action, so can see what is going on, I do log my last port of chain in port-knock to Splunk, so can see who enters. So far its only me, since no automatic script t...
by Jotne
Fri May 29, 2020 8:42 am
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 4250

Re: three newbie questions [SOLVED]

(2) Typical rookie mistake. See if you can see it. Can this error come from upgrading from older version where we did have a master port? So an upgrade of OS did this, or is it just normal that so many do this wrong? Here is the config so no need to download file :) # may/28/2020 18:26:55 by Router...
by Jotne
Fri May 29, 2020 8:35 am
Forum: General
Topic: RouterBOARD 750G r3 no HW Offload ?
Replies: 10
Views: 1673

Re: RouterBOARD 750G r3 no HW Offload ?

My STP was set to none and showing no Hardware Offload.
Did try to change to STP stil no HW, then back to none, still no HW
6.45.8
by Jotne
Fri May 29, 2020 8:30 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2515

Re: Think i'm being attacked

Not sure why you have a DHCP pool on only 10 IP when you are using a C net.
Maybe you have only a few host, or lots of devices with fixed IP?
by Jotne
Fri May 29, 2020 8:23 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2515

Re: Think i'm being attacked

I think this:
add action=dst-nat chain=dstnat dst-port=8999 in-interface=bridge protocol=\
    tcp to-addresses=192.168.88.101
Should be your utside interface not bridge.
add action=dst-nat chain=dstnat dst-port=8999 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.88.101
by Jotne
Fri May 29, 2020 8:10 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2515

Re: Think i'm being attacked

That is one of your problem.

You have to many open port.
L2TP/IPSec needs UDP/500 1701 4500
Rest should be removed.
by Jotne
Fri May 29, 2020 12:11 am
Forum: General
Topic: RouterBOARD 750G r3 no HW Offload ?
Replies: 10
Views: 1673

Re: RouterBOARD 750G r3 no HW Offload ?

I do see the same as you . 750G r3 /interface bridge port print detail Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload 0 I interface=ether3 bridge=Bridge1 priority=0x80 path-cost=10 internal-path-cost=10 edge=auto point-to-point=auto learn=auto horizon=none hw=yes auto-isolate=no rest...
by Jotne
Thu May 28, 2020 11:47 pm
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 2515

Re: Think i'm being attacked

I agree with Sindy, PPTP should not be used on the public internet. What you can do. * Block the 92.63.194.0/24 net. * Use a script that block the ip if wrong username is used. One of these scripts should work with just some small modification: https://forum.mikrotik.com/viewtopic.php?p=730484#p7304...
by Jotne
Thu May 28, 2020 7:47 pm
Forum: General
Topic: Script environment suspicious !
Replies: 7
Views: 1349

Re: Script environment suspicious !

It was a bug typo..... fixed ;)
by Jotne
Thu May 28, 2020 7:41 pm
Forum: General
Topic: Run a script if a firewall rule is triggered
Replies: 8
Views: 1623

Re: Run a script if a firewall rule is triggered

it is a nightmare to calculate e.g. "2 hours 3 minutes 9 seconds from now" with the datetime format in ROS scripting, so it is much easier to create an address list item with this lifetime, and link the next action to expiration of this item (or, in another words, to the whole address-list becoming...
by Jotne
Thu May 28, 2020 6:06 pm
Forum: General
Topic: Lots of global variables on hAP ac2
Replies: 5
Views: 1271

Re: Lots of global variables on hAP ac2

Ok thanks.
But how to upgrade when I am on latest 6.47.rc2?
by Jotne
Thu May 28, 2020 6:01 pm
Forum: General
Topic: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.
Replies: 18
Views: 2592

Re: Upgrade to HexS (RB760iGS) cannot get ultra fibre speed.

What is "ultra fibre speed"? 1Ebps :)
by Jotne
Thu May 28, 2020 5:47 pm
Forum: Scripting
Topic: Get Identity On Traceroute
Replies: 2
Views: 627

Re: Get Identity On Traceroute

It seems that it is not possible to pass the output from the tool traceroute to a script.
by Jotne
Thu May 28, 2020 5:42 pm
Forum: General
Topic: Run a script if a firewall rule is triggered
Replies: 8
Views: 1623

Re: Run a script if a firewall rule is triggered

Why would you a function like this? I do ask, since If I do now the reason, I may see another way to solve this. I do use Splunk to do handle stuff that I need to monitor. Not a simle solution to solve this, but if you like to add an ip to an access list, and drop it. # Send packet to chain "Demo" o...
by Jotne
Thu May 28, 2020 2:16 pm
Forum: Scripting
Topic: Firewall Filter RATE: How to access value in script?
Replies: 4
Views: 2163

Re: Firewall Filter RATE: How to access value in script?

Please use code tags for code. Click </> button when code is selected ; is not neded, so removed. (only needed when multiple commands on same line) and extra not needed else removed Tab added to better see strukture. #START :local comm "COMMENT" :local time 1 :local bt0 [/ip firewall filter get [fin...
by Jotne
Thu May 28, 2020 7:54 am
Forum: Beginner Basics
Topic: three newbie questions [SOLVED]
Replies: 27
Views: 4250

Re: three newbie questions [SOLVED]

question 1: jan/02/1970 00:04:14 This tell me that you have not setup NTP at your router. You should do. . Not sure what your DHCP problem is, but is not ether1 your outside? how come your router list a private address like 192.168.100.11 ? . . question 2: I enter the recommended command below and ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 7