Community discussions

MikroTik App

Search found 2257 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 8
by Jotne
Mon Aug 02, 2021 6:54 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 80
Views: 6196

Re: Does quouting quotes of quotes in consecutive post make any sense?

He is probably using MT wif5 to access internet ;-)
Nope, I do use a Cisco 3702i as Wifi.
by Jotne
Mon Aug 02, 2021 1:25 pm
Forum: Beginner Basics
Topic: Remote access
Replies: 3
Views: 111

Re: Remote access

DO NOT OPEN ADMIN INTRAFACE FROM INTERNET. Use VPN to administrate your device from remote location. If VPN can not be used, follow this list to make connection some more secure. 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and g...
by Jotne
Mon Aug 02, 2021 10:16 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 80
Views: 6196

Re: Does quouting quotes of quotes in consecutive post make any sense?

:D :D :D

Off course I do use MT routers, have some of them ....

For me it OK, loads ok, but long to scroll to and do not need all the old threads.
Reducing number of pages/topics will also reduce load on your webserver.
by Jotne
Sun Aug 01, 2021 4:13 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 80
Views: 6196

Re: Does quouting quotes of quotes in consecutive post make any sense?

@normis Can you reduce number of topics pr page (currently 500), to example 100. Same for post pr topics (currently 300), to example 50 Forum would load faster and I do not need to see post several years old Administrator->General->Board configuration->Post settings->Topics pr page. Default is 25 Ad...
by Jotne
Sat Jul 31, 2021 10:58 am
Forum: Scripting
Topic: Multi gateway pppoe and static [SOLVED]
Replies: 6
Views: 271

Re: Multi gateway pppoe and static [SOLVED]

@cooling
No need for crossposing same question in multiple threads.
by Jotne
Fri Jul 30, 2021 8:21 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 80
Views: 6196

Re: Does quouting quotes of quotes in consecutive post make any sense?

Thank you, but I guess there always will be Troll that find some to argue about.
by Jotne
Thu Jul 29, 2021 8:30 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 330

Re: Block or Limit Torrents

If you are a company and have control over all PC client, you can use system like Forcepoint that replaces the HTTPS certificate between the client and a proxy server that then do the examination og the internett traffic. At my company we do this. So yes its possible, but not for all type of clients...
by Jotne
Thu Jul 29, 2021 7:20 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15553

Re: Block Ping request

Off course all IP I do white-list manually or trough port knock can ping my router. This way I can test stuff from remote location.
by Jotne
Thu Jul 29, 2021 2:40 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15553

Re: Block Ping request

Haha, very funny :)

Same with this in french, I did not under stand what city this sign will take you to, did not find it on the map.
.
Toutes.jpg
by Jotne
Thu Jul 29, 2021 2:39 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 80
Views: 6196

Re: Does quouting quotes of quotes in consecutive post make any sense?

Smilies are still on for signature, but do agree that it should be open for normal posting :)
by Jotne
Thu Jul 29, 2021 2:32 pm
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15553

Re: Block Ping request

Just for the fun of it. Here are the blocked ping for 1 year!! Country count percent United States 13456 16.513874 China 8960 10.996159 United Kingdom 8193 10.054858 India 7742 9.501368 Germany 4100 5.031724 Philippines 2754 3.379846 Brazil 2383 2.924536 Russia 2189 2.686450 Norway 2005 2.460636 Pak...
by Jotne
Thu Jul 29, 2021 1:01 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 80
Views: 6196

Re: Does quouting quotes of quotes in consecutive post make any sense?

Why not just remove the quote button, so when you like to quote, you need t do it manually with [ quote][ /quote]

I just found out that I can remove email when some quote me ....
Quote.jpg
by Jotne
Thu Jul 29, 2021 8:41 am
Forum: General
Topic: Block Ping request
Replies: 31
Views: 15553

Re: Block Ping request

I do use this, never had any problem with it. /ip firewall filter add action=drop chain=input comment="Drop ICMP on outside IF" in-interface=ether1 log=yes log-prefix=FI_D_ICMP-outside protocol=icmp Does not need to be on top of rules as long as its not blocked by any other rule above. Blo...
by Jotne
Wed Jul 28, 2021 6:34 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

I am wondering how you guys get the hostname to show in the screenshots? I have the IP address instead?
Some scripts run only once every day, so if you wait one day, it should be ok.

PS post image on the forum using Attachements below the post instead of posting a link.
by Jotne
Mon Jul 26, 2021 8:21 am
Forum: Scripting
Topic: L2tP log
Replies: 1
Views: 227

Re: L2tP log

My Splunk prosjekt for MikroTik gives you a detailed graph of logged in/out VNP user.
See link in my signature.
by Jotne
Mon Jul 26, 2021 8:18 am
Forum: Scripting
Topic: hacked script
Replies: 4
Views: 422

Re: hacked script

There are only on solution to fix this and that is Netinstall. https://wiki.mikrotik.com/wiki/Manual:Netinstall
Removing the config is not enough.
by Jotne
Sat Jul 24, 2021 11:00 pm
Forum: Scripting
Topic: Dynamic DNS Update Script for No-IP DNS behind nat
Replies: 13
Views: 18630

Re: Dynamic DNS Update Script for No-IP DNS behind nat

Updated the script. Tested on 7.1beta6:
You need to change your password, since you posted it here, if you not already has done it.
by Jotne
Fri Jul 23, 2021 6:36 pm
Forum: General
Topic: time of last config change
Replies: 4
Views: 380

Re: time of last config change

In my Splunk for MikroTik I do log all config changes. For older version its not detailed as it is for version 7. With version 7 it logs all commands. See link in my signature. Example on 6.x logs: 2021-07-18 16:03:32 192.168.88.1 Ro1 admin changed nat rule 2021-07-18 15:58:21 192.168.88.1 Ro1 admin...
by Jotne
Thu Jul 22, 2021 11:34 am
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 86
Views: 52787

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

No need to use bad language. Constructive feedback is always welcome.
by Jotne
Thu Jul 22, 2021 10:47 am
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 1005

Re: Automatic backup for 100 MKT

# this create some files called auto_$certname.p12 for each certificate
Would be nice if all certificate could go to one file. If you have many routers and a handfull of certificate on all of them, it would be a large list of files.
by Jotne
Wed Jul 21, 2021 11:15 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 1005

Re: Automatic backup for 100 MKT

you can try my script
Just a quick note to your script. You should not use old and obsoleted back-tics.

Wrong:
datum=`date "+%Y-%m-%d"`
Correct
datum=$(date "+%Y-%m-%d")
by Jotne
Wed Jul 21, 2021 9:22 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 1005

Re: Automatic backup for 100 MKT

Email to an google account works fine. I do send both Export and backup file just to have both.
by Jotne
Tue Jul 20, 2021 11:42 am
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 861

Re: RouterOS Rule tester?

I do not see any need for this. All of this "Filter, NAT, Mangle..." has logging capability, and as anav writs, if you are not sure what packets reaches the rule, add a rule in front if rule to examine and log all traffic. You will then see what will hit the rule and the rule will tell you...
by Jotne
Tue Jul 20, 2021 8:24 am
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 9
Views: 660

Re: Remote Access via Winbox

Here is my default answer to user who like to access their router from a remote site. My response to that is to use VPN. And if VPN can not be used or you have no clue or possibility to set it up, I do recommend: 1. Use another port than default. 2. Use port knocking. This prevents someone from seei...
by Jotne
Tue Jul 20, 2021 8:17 am
Forum: General
Topic: Mikrotik Traffic Analysis
Replies: 1
Views: 268

Re: Mikrotik Traffic Analysis

You can see how much some downloads, what DNS request are used ++, but there are many but. IF user has DoH or some other encrypted DNS request, you do not see what DNS are used. You can not see inside HTTPS packets to see what is downloaded etc. Look at link in my signature for see how I have implem...
by Jotne
Mon Jul 19, 2021 3:14 pm
Forum: Scripting
Topic: Useful scripts
Replies: 87
Views: 145650

Re: Useful scripts

Not sure how to use the script so can you post some detail on how to use it? Here is a cleaned up version with ; removed (only needed between multiple command on same line) and tab inserted to see where the loop is. Do you need all this global variable, can the not be local? #Function to parse SNMP-...
by Jotne
Sun Jul 18, 2021 5:42 pm
Forum: Scripting
Topic: CLI specific hosts
Replies: 1
Views: 378

Re: CLI specific hosts

Not sure what you like as an output. When you search for WLR as a host-name, why do you like to just output the host-name, it will only be WLR? Correct way in script is to use find and get :put [/ip dhcp-server lease get [find where host-name="WLR"] host-name] or expanded { local id [/ip d...
by Jotne
Sun Jul 18, 2021 5:36 pm
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 861

Re: Cloud hosted routers and value/identifier not being available

@rextended
Script changes did work perfectly, thanks.
by Jotne
Wed Jul 14, 2021 7:56 pm
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 861

Re: Cloud hosted routers and value/identifier not being available

@rextended Thanks, will test, but at holidays for some days, so not time to much test :) @ ISPApp I do agree that output line number of what line the program do halts on would help allot, at least with large script. When I do write scrips, I do try to make it in various modules, so I can test part b...
by Jotne
Wed Jul 14, 2021 12:07 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13768

Re: v7 launch date

beta 7 offers far more stability.
Do you have beta7?
by Jotne
Wed Jul 14, 2021 11:07 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 861

Re: Cloud hosted routers and value/identifier not being available

This is some off topic, but here is some part of script I do use (Splunk monitor) to get Router Board info: /system routerboard :do {:set model ([get model])} on-error={:set model na} :do {:set serial ([get serial-number])} on-error={:set serial na} :do {:set ffirmware ([get factory-firmware])} on-e...
by Jotne
Wed Jul 14, 2021 10:28 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 861

Re: Cloud hosted routers and value/identifier not being available

There was only "20" on-error already used in the ispapp.rsc script at the git site :)
by Jotne
Wed Jul 14, 2021 10:18 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 861

Re: Cloud hosted routers and value/identifier not being available

What is the "right" way.
If all model except some do give firmware-type and you like to get this value, how would you make the script work on all routers?
by Jotne
Wed Jul 14, 2021 10:08 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 861

Re: Cloud hosted routers and value/identifier not being available

You can avoid error from stopping script by using on-error like this: :do { :local boardfirmwaretype [/system routerboard get firmware-type] } on-error={ :local boardfirmwaretype "n/a" } PS, you do not need semicolon ; at end of each line, only between multiple commands at same line
by Jotne
Mon Jul 12, 2021 10:01 am
Forum: General
Topic: how to use PI-Hole with mikrotik netwrok?
Replies: 6
Views: 490

Re: how to use PI-Hole with mikrotik netwrok?

I notice here that some Android client just have Google IP's hardcoded in them and they still are doing lookups to 8.8.8.8 / 8.8.4.4 even while having the Pihole offered to them via DHCP
Chromecast is one of them with fixed DNS to google.
by Jotne
Mon Jul 05, 2021 2:01 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

If I understand you, you do not get the " MikroTik " prefix? system,info,account MikroTik : sys=22: user hidden logged out from 1.2.3.4 via winbox The whole app with field extraction etc are based on this tag, so If that changes or are removed, lots of the stuff inn the app must be rewritt...
by Jotne
Sun Jul 04, 2021 5:14 pm
Forum: Scripting
Topic: [Script] Healthchecks notification
Replies: 1
Views: 465

Re: [Script] Healthchecks notification

If you like to do it all your self and not put it on an external server, you can use Splunk (Free for up to 500MB log pr day)

See my signature.
viewtopic.php?t=137338
by Jotne
Sat Jul 03, 2021 11:35 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13768

Re: v7 launch date

As 7.1beta7 runs stable for a month already I can't complain at the moment.
So Beta7 was released at the same time (or close to same time) as Beta6?
What's new in 7.1beta6 (2021-May-18 14:49):
by Jotne
Fri Jul 02, 2021 12:32 pm
Forum: General
Topic: MIkrotik Syslog New Format
Replies: 23
Views: 1162

Re: MIkrotik Syslog New Format

That is why in principle it is a good idea to, when the format would change, change it to something that a good parser could analyse even when new fields are added. That is why I like Key=Value peer. + Easy to automatic decode. + New fields would be easy recognized. - Larger logs du to keys for all...
by Jotne
Fri Jul 02, 2021 11:21 am
Forum: General
Topic: MIkrotik Syslog New Format
Replies: 23
Views: 1162

Re: MIkrotik Syslog New Format

Problem with syslog is that there are no defined format for the Message field. Its up to each to create their own. From Wikipedia Since each process, application, and operating system was written independently, there is little uniformity to the payload of the log message. For this reason, no assumpt...
by Jotne
Thu Jul 01, 2021 1:34 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13768

Re: v7 launch date

Did you get a date?

PS no need to quote the whole post above you,
by Jotne
Thu Jul 01, 2021 8:29 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 124
Views: 13768

Re: v7 launch date

This thread should be closed. It does not longer discuss "v7 launch date"
MT never have a fixed "launch date". It will be released when they think it stable enough, sometime in future.
by Jotne
Tue Jun 29, 2021 6:58 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

The app do use IP as hostname and do sort everything after that, so when IP changes, it will see it as a new device. What can be done is to tag all packed with an id so that all router can be identified even after IP change. Example, change from: /system logging add action=logserver prefix=MikroTik ...
by Jotne
Fri Jun 25, 2021 6:39 pm
Forum: Scripting
Topic: A problem with this script: enable/disable CAPsMAN
Replies: 7
Views: 977

Re: A problem with this script: enable/disable CAPsMAN

It may be a copy/past using different writing tools that has changed the " and -
You are correct that this will totally break the script :)
by Jotne
Thu Jun 24, 2021 7:43 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 80
Views: 6196

Re: Does quouting quotes of quotes in consecutive post make any sense?

Since MikroTik do use phpBB, everything can be tweaked.
Here is one thread about quoting.
https://www.phpbb.com/community/viewtop ... #p15506426
by Jotne
Thu Jun 24, 2021 3:14 pm
Forum: Scripting
Topic: A problem with this script: enable/disable CAPsMAN
Replies: 7
Views: 977

Re: A problem with this script: enable/disable CAPsMAN

I cannot see anything directly wrong with your script. But I guess you could use local instead of global variable if you do not need to use them in other scripts. Do use code tag when posing code and use tab in script to make it more readable. Here is a reformatted version. #Check CAPsMAN Priority #...
by Jotne
Sun Jun 20, 2021 11:38 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

Everything is already logged in menu Overview -> MikroTik Admin user login . There you see both logged inn and blocked user. You have changed from the default log action setup and do loose a lot of information since you do only log some. Change back to what is posted inn first post and you get all b...
by Jotne
Sun Jun 20, 2021 4:10 pm
Forum: Scripting
Topic: bandwidth test and telegram message
Replies: 7
Views: 1048

Re: bandwitch test and telegram message

I have not tested it, so it may still be wrong, but since you do not use code tags, or maybe not tab, you do not see when there is a start { and a stop } Example :if ($status = "connected") do={ { This will fail. Here is a re post wit code tags and tabs. (also without ; at end of line, not...
by Jotne
Fri Jun 18, 2021 12:26 pm
Forum: Scripting
Topic: Extract firmware version to a email
Replies: 7
Views: 875

Re: Extract firmware version to a email

User serial number (that should be unique fore each box)
subject="$[/system identity get name] $[/system routerboard get serial-number], Mikrotik System Backup, CCR2004-1G-12S+2XS @ 08:00" 
Firmware
[/system routerboard get current-firmware]
by Jotne
Wed Jun 16, 2021 7:51 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

You can send anything to logs, in for example this form.
:log info message="This is a test"
Then in splunk you should be able to see this by search for:
"This is a test"
by Jotne
Wed Jun 16, 2021 5:48 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

Remember with this: add action=remote prefix=MikroTik topics=account add action=remote prefix=MikroTik topics=critical You only get all account and critical logs and nothing else from the internal logs. That is what I do use: /system logging add action=logserver prefix=MikroTik topics=dhcp /system l...
by Jotne
Sun Jun 13, 2021 4:06 pm
Forum: General
Topic: mikrotik used as a spoof ddns
Replies: 5
Views: 465

Re: mikrotik used as a spoof ddns

If you log your DNS request, you would also see who i requesting DNS from your Router. dns MikroTik: query from 192.168.10.21: #430899 clientservices.googleapis.com. A dns MikroTik: query from 192.168.10.217: #430896 growth-pa.googleapis.com. A dns MikroTik: query from 192.168.10.217: #430895 connec...
by Jotne
Sun Jun 13, 2021 3:55 pm
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 1581

Re: A Better Wireless Auto Frequency Selection

I did not tell you to put all in one if, that will not work, but run it 3 times
foreach i in=[:toarray "802.11,nv2,nstreme"]  do={
	some code
		if ($ScanLine~$i) do={
			:set $ScansSignal value=[:pick $ScanLine [find $ScanLine ",-"] ([find $ScanLine "$i"] -1)]
		}
}
by Jotne
Sun Jun 13, 2021 8:56 am
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 1581

Re: A Better Wireless Auto Frequency Selection

You cant change to use an variable?
:set $ScansSignal value=[:pick $ScanLine [find $ScanLine ",-"] [find $ScanLine $i]]

You are still mixing space and tabs in front of lines. And you do miss tabs for several groups.
Every time some starts with {, rest should be tabbed in one
by Jotne
Sat Jun 12, 2021 4:41 pm
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 1581

Re: A Better Wireless Auto Frequency Selection

you must create a scan file called "Scan5.rsc" with preferably a full scan-list of 5180-5825. How? I do not understand what to do to create the file. Here is a re post with correct tabs. (you have a mix of spaces and tabs in front of lines, makes i hard to see each section.) { :local Scan...
by Jotne
Sat Jun 12, 2021 11:02 am
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 1581

Re: A Better Wireless Auto Frequency Selection

It seems that it may be shorten some, like if ($ScanLine~"802.11") do={ if ($ScanLine~"nv2") do={ if ($ScanLine~"nstreme") do={ Looks equal, and may be shorten to run one group test 3 times with different input instead of 3 different group test. Example foreach i in=[:t...
by Jotne
Sat Jun 12, 2021 10:43 am
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 1581

Re: A Better Wireless Auto Frequency Selection

Do you need all variable to be global ? if not use local . Here it the same version but with tab for all groups. (gives better reading) :log warning message=[:time { :global Scan :global ScanLine :global LineEnd :global Scans [:toarray ""] :global ScansSignal :global CurrentChannel value=0...
by Jotne
Fri Jun 11, 2021 7:36 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1080

Re: Confused about chains

If you come on Italy close to my city, I'm pleased to offer a Pizza :))
Maybe I will one day :)
Coming from the cold north a pizza is always welcome...
by Jotne
Fri Jun 11, 2021 3:49 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1080

Re: Confused about chains

Pfff, where is the hospitality these days ;-)
You are very welcome to visit me, but just use the correct door, or else you may loose your head :)
by Jotne
Fri Jun 11, 2021 3:47 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1080

Re: Confused about chains

Here you go:
https://tehnoblog.org/ip-tools/ip-address-aggregator/

Input
1.2.232.0
1.2.232.1
1.2.232.2
1.2.232.3
1.2.232.4
1.2.232.5
1.2.232.6
1.2.32.0/23
1.2.34.0/23
Result
1.2.32.0/22
1.2.232.0/30
1.2.232.4/31
1.2.232.6/32
by Jotne
Fri Jun 11, 2021 3:31 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1080

Re: Confused about chains

Anyone who tries 1 port on my router that are not default open (like 443 is open) will be banned for all ports for 24 hour, even the open ports (443).
There are avrund 5000 to 10000 ip in the block list at any time.
by Jotne
Fri Jun 11, 2021 2:03 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1080

Re: Confused about chains

3-stage is pretty secure with extremely small chance of somebody ever hitting the jackpot ;-)
65535^3 = 281,462,092,005,375 (depends on how you implement it)
by Jotne
Fri Jun 11, 2021 10:34 am
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1080

Re: Confused about chains

Not an answer to your question, but for me it seems that you have Winbox open to internet????? If so, you are at high risk of being hacked. (older RouterOS has a big bug) Use VPN to access winbox, then you do not need to block anyone. If VPN can not be used, follow these steps. 1. Use another port t...
by Jotne
Thu Jun 10, 2021 6:39 pm
Forum: Scripting
Topic: Wildcard port on find src-address
Replies: 9
Views: 978

Re: Wildcard port on find src-address

Ahh, thanks, learned some today as well :)
by Jotne
Thu Jun 10, 2021 6:35 pm
Forum: Scripting
Topic: Wildcard port on find src-address
Replies: 9
Views: 978

Re: Wildcard port on find src-address

@rextended

Did you try this?

For me, I do get red \, to that is not accepted.
Using ^ works fine
Using $ at end of line give hit for all lines , like .*
So some is not following regex standard.
by Jotne
Thu Jun 10, 2021 6:25 pm
Forum: Scripting
Topic: Wildcard port on find src-address
Replies: 9
Views: 978

Re: Wildcard port on find src-address

This is regex, so if you search for 1.1.1.1 it will also hit 11.1.1.1 and 21.1.1.1 +++
/ip firewall connection print where src-address~"1.2.3.4"
Will find 1.2.3.4 as well as 11.2.3.4
by Jotne
Wed Jun 09, 2021 7:29 pm
Forum: Scripting
Topic: Print in log the public ip [SOLVED]
Replies: 4
Views: 1046

Re: Print in log the public ip [SOLVED]

Many ISP say that you get static IP, but in fact its just DHCP with long lease time. As long as your modem/router are online, it will not change. Here is just one script I found using goolge to monitor and log outside IP changes. https://mhelp.pro/mikrotik-scripts-notification-when-the-external-ip-a...
by Jotne
Wed Jun 09, 2021 11:28 am
Forum: General
Topic: DoH max concurrent queries reached
Replies: 15
Views: 5361

Re: DoH max concurrent queries reached

I do get the same error on a small home network now and then using nextdns DoH server. Last couple of days log: 2021-06-09 05:27:43 GV-ABBC-192.168.1.1 server connection error remote disconnected http exchange 2021-06-09 04:41:07 GV-ABBC-192.168.1.1 server connection error remote disconnected http e...
by Jotne
Wed Jun 09, 2021 11:08 am
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 117
Views: 25642

Re: v6.48.3 [stable] is released!

DoH causes memory leak!
See this post.
viewtopic.php?f=2&t=174836
by Jotne
Tue Jun 08, 2021 9:42 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

No need for command line. If you run Splunk in Windows or as root in Linux (not recommended), you can do: Settings->Data Inputs->UDP->New Local UDP Port: 514 -> Next Select Source Type: Operating system-> Syslog Review->Submit Then you should be good to go. BUT As I do recommend using Linux and not ...
by Jotne
Tue Jun 08, 2021 3:49 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

There has to be something that blocks the UDP packets, or Splunk does not listen on UDP. Still not sure how you run Splunk. On Windows or on Linux? If splunk runs on Windows and you have open port 514 in Windows Splunk setup, as an administrator run the following command from CMD netstat -toan You s...
by Jotne
Tue Jun 08, 2021 2:40 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 700

Re: VLAN1 is not working with Cisco Switch

Was there anything wrong with my previous post. I did not mention quoting in it. Just try to help out.
by Jotne
Tue Jun 08, 2021 2:22 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 700

Re: VLAN1 is not working with Cisco Switch

I do use VLAN (and VLAN1) with hEX RB750G r3 and cisco WS-C3560CX-12PC-S without any problem.
Without posting config from both devices its hard to help out.
by Jotne
Tue Jun 08, 2021 1:35 pm
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 792

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

@anav
You are welcome :)
What should the day be without a good laugh...
by Jotne
Tue Jun 08, 2021 1:15 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

For Splunk, Linux is the best option, but it works in Windows as well. (Install VmWare Workstation on your Windows and add a Ubuntu 20.04 to use with Splunk. As far as I know there are no easy way to send udp packets from Windows. To use NetCat (nc) you need a linux device for testing, it can be a r...
by Jotne
Tue Jun 08, 2021 10:21 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

Here is how I test if syslog do sends data to Splunk server with IP 192.168.0.50 From a linux server (192.168.0.10) use the following command. echo '<14>_sourcehost_ messagetext' | nc -v -u -w 0 192.168.0.50 514 Then on the Splunk web console do a search like this: host="192.168.0.10" or j...
by Jotne
Tue Jun 08, 2021 8:58 am
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 792

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

Hmm, it looks fine in my chrome browser with out dot.
Dot added now to make other browser looks ok.
by Jotne
Tue Jun 08, 2021 8:56 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 4845

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

I see it tries to verify DoH cert even if DoH is turned off. Can be removed, but do not think that should give any problem. Do not see any other big configuration errors. You can try to remove DNS cache-size=4800KiB so it uses the default one. Just to see if there are any error in the allocation of ...
by Jotne
Tue Jun 08, 2021 8:47 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 4845

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

/interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface="ether3 lan" add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf disabled=yes interface="ether5 wan" Why have you added WAN inte...
by Jotne
Tue Jun 08, 2021 8:27 am
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 792

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

Its better to include config and logs in the post using code tags: # jun/07/2021 23:52:01 by RouterOS 6.48.3 # software id = 34UR-Q9CX # # model = RB760iGS # serial number = E1F20EB4BA90 /interface bridge add admin-mac=2C:C8:1B:20:72:8D auto-mac=no comment=defconf name=bridge /interface list add com...
by Jotne
Mon Jun 07, 2021 8:55 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 4845

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

@mxcone17
Do you have a DNS problem or DoH problem.
Post complete config (export hide-sensitive) togseter with what hardware you are using and what RouterOS you have.
by Jotne
Sun Jun 06, 2021 7:52 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 15
Views: 1970

Re: someone hack my routrs - can someone help?

You should upgrade to one version that fixes the Winbox. I thing it was 6.40.8. But take care, MT did change the way switch / bridge works, so test it out before add to production. 6,23 are more than 6 years old and there has been many security fixes, so upgrade are needed. If that is not possible, ...
by Jotne
Sun Jun 06, 2021 3:43 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 15
Views: 1970

Re: someone hack my routrs - can someone help?

Your router are used as relay to hide identity of user for maybe illegal activity. Netinstall seems to be the only valid solution to make sure every thing is gone. You do not write what version of RouterOS you have? I guess you have an older version that is open fore WinBox hack. Strange that you ha...
by Jotne
Sun Jun 06, 2021 10:25 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 4845

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

Try change to another DoH provider.
by Jotne
Sat Jun 05, 2021 10:59 pm
Forum: Scripting
Topic: Error handling
Replies: 4
Views: 865

Re: Error handling

There are no solution for that in an MikroTik router.
by Jotne
Fri Jun 04, 2021 12:08 pm
Forum: Announcements
Topic: WinBox v3.28 released!
Replies: 34
Views: 13519

Re: WinBox v3.28 released!

FINALLY... i can paste all 12000 lines of DNS entry (blocked for Italian law) instead to paste 3/400 lines per time
This is exactly why I like DoH. IPhone with IOS >= 14.x do use DoH as default and will bypass the DNS block list.
by Jotne
Fri Jun 04, 2021 8:33 am
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 145
Views: 20813

Re: v6.47.10 [long-term] is released!

@avn and @rextended
You should make an own thread with upgrade problems for hAP Lite.
This problem is not unique to 6.47.10
by Jotne
Fri Jun 04, 2021 8:27 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 341
Views: 47380

Re: v7.1beta6 [development] is released!

On STATIC all type are set and searchable except for "A" (with or without quotes are useless) Not sure what you mean. For me :put [/ip dns cache find where type="A"] This only gets type "A" record, NOT "AAAA" :put [/ip dns cache find where type="AAAA&quo...
by Jotne
Thu Jun 03, 2021 2:35 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 145
Views: 20813

Re: v6.47.10 [long-term] is released!

I did see that it was remote after the comment about not downgrade <6.40.
And as other write, if there is nothing you need in 6.47.10, stay on 6.47.9 if it works.
With the risk of loosing it when some goes wring, I would have waited until I was physical with the device.
by Jotne
Wed Jun 02, 2021 10:24 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 145
Views: 20813

Re: v6.47.10 [long-term] is released!

Any other ideas?
Try <6.40 if possible. (smaller, the better)
Also look if there are any files that can be deleted.
by Jotne
Wed Jun 02, 2021 7:56 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 145
Views: 20813

Re: v6.47.10 [long-term] is released!

Sooo, hap lite no longer support upgrade, is that it? channel: long-term installed-version: 6.47.9 latest-version: 6.47.10 status: ERROR: not enough disk space, 7.0MiB is required and only 6.4MiB is free Downgrade to an older smaller version, then upgrade to latest version. This has been discussed ...
by Jotne
Wed Jun 02, 2021 7:44 pm
Forum: Scripting
Topic: SFP monitor array
Replies: 2
Views: 853

Re: SFP monitor array

I do not have any SFP, so can not test it, but you do miss a } at the end. You do not need ; at end of each line, only when havning multiple command at one line. Using tab makes it simpler to see missing } Using code tabs make script show tabs when posing </> #Hugh's SFP script :local thisbox [/syst...
by Jotne
Tue Jun 01, 2021 8:34 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 169
Views: 43364

Re: v6.49beta [testing] is released!

Should I contact support and send them a supout.rif file?
Yes

I have not seen this on any of my routers.
by Jotne
Sun May 30, 2021 9:50 am
Forum: Scripting
Topic: Help! Create script for possible future security Ddos
Replies: 11
Views: 1385

Re: Help! Create script for possible future security Ddos

I did an ACL where only certain IPs can access the winbox, and it works great! This in it self is not enough, you should implement more of the list in my first post. Do no use default port for the first. Many scans for this port since it has been flawed before. Port knock will prevent any from seei...
by Jotne
Sat May 29, 2021 8:23 pm
Forum: Scripting
Topic: Help! Create script for possible future security Ddos
Replies: 11
Views: 1385

Re: Help! Create script for possible future security Ddos

@jotne, would be nice to see your 'set' of rule(s) that do this blocking for 24 hours etc Here you go. (it may not bee perfect, but works for me) Upper blocking part (not at top, but high in the filter list) /ip firewall filter add action=jump chain=input comment="Drop user that has tried port...
by Jotne
Sat May 29, 2021 11:10 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

I did for some hour have a 4.3 script posted with a small error.
Try copy it again.

Do this search, you should see uptime for every 5 min.
module=script script=resource | table _time host uptime
by Jotne
Sat May 29, 2021 11:00 am
Forum: Scripting
Topic: Help! Create script for possible future security Ddos
Replies: 11
Views: 1385

Re: Help! Create script for possible future security Ddos

This is some I have posted several times. If you need to access Winbox remote use VPN. If VPN is not and option: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good password. 4. Use access list to prevent any random internet fr...
by Jotne
Fri May 28, 2021 7:36 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 341
Views: 47380

Re: v7.1beta6 [development] is released!

keep in mind that mikrotik doesn't have to 'port' a lot of things from v6
They have removed IP accounting.
by Jotne
Fri May 28, 2021 5:05 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

Never seen that before, If for some reason, you can not download, I can make a like to it.
by Jotne
Fri May 28, 2021 5:01 pm
Forum: Scripting
Topic: dhcp-server lease find where host-name (contains|in) [stuff] doesn't return anything? [SOLVED]
Replies: 8
Views: 1277

Re: dhcp-server lease find where host-name (contains|in) [stuff] doesn't return anything? [SOLVED]

print is not the right way to do it, you need to use find and get . Eks /ip dhcp-server lease find where host-name="Chromecast" Will find all with name "Chromecast" To get some output, you need to use put :put [/ip dhcp-server lease find where host-name="Chromecast"] T...
by Jotne
Fri May 28, 2021 9:45 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

Script updated to 4.3 Script now gets firmware information from the Router Board. Will be added to upcoming 3.3 app. To upgrade: Select the script data from section 2f in the first post and edit srcipt Data_to_Splunk_using_Syslog ont the router, replace all data. This is not a needed upgrade, just t...
by Jotne
Thu May 27, 2021 3:26 pm
Forum: Scripting
Topic: firewall login Dst-Address\TCP State
Replies: 5
Views: 833

Re: firewall login Dst-Address\TCP State

Live attack shows location of IP address that are trying ports on my router that are not open. It does not show when some tries to attack the http server and other open ports.
by Jotne
Wed May 26, 2021 3:41 pm
Forum: Scripting
Topic: Logging nray60g singal in script
Replies: 7
Views: 821

Re: Logging nray60g singal in script

If you can put it, would it not be possible to store to variable or log it?
:log info ([/interface w60g monitor wlan60-1 once as-value]->"rssi")
by Jotne
Wed May 26, 2021 12:10 pm
Forum: Scripting
Topic: Logging nray60g singal in script
Replies: 7
Views: 821

Re: Logging nray60g singal in script

Try this script: :local Wireless true # Sends wireless client data to log server # ---------------------------------- if ($Wireless) do={ :do { :if ([:len [/interface wireless find ]]>0) do={ :foreach logline in=[/interface wireless registration-table find] do={ :local output "$[/interface wire...
by Jotne
Wed May 26, 2021 11:44 am
Forum: Scripting
Topic: firewall login Dst-Address\TCP State
Replies: 5
Views: 833

Re: firewall login Dst-Address\TCP State

Use get instead of print : :foreach i in=[/ip firewall connection find where src-address~"10.0.0.111"] do={:put [/ip firewall connection get $i dst-address] } What do you mean by bad? Do you have a list of IP. I do use Splunk for investigation. You can make a bad list and a filter rule wit...
by Jotne
Tue May 25, 2021 11:47 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 341
Views: 47380

Re: v7.1beta6 [development] is released!

In v7, will there be done any to logging.

Like using RFC for time log format and fix the logging prefix mess?
When I made a support request for it, I was told that you would work on it.

viewtopic.php?t=124291
by Jotne
Sat May 22, 2021 10:19 pm
Forum: Scripting
Topic: Firewall Rule Action Trigger Script
Replies: 4
Views: 979

Re: Firewall Rule Action Trigger Script

hmm... a third party software
Only the second part.
by Jotne
Fri May 21, 2021 3:16 pm
Forum: Scripting
Topic: Firewall Rule Action Trigger Script
Replies: 4
Views: 979

Re: Firewall Rule Action Trigger Script

You can log firewall rule to memory log, then make a scheduled script that search trough the logs and do some when triggered.
Or you can send data to Syslog server like Splunk, then Splunk can do various action. Script/email +++
by Jotne
Tue May 18, 2021 11:41 pm
Forum: Scripting
Topic: Black list for failed login to IPSec VPN
Replies: 11
Views: 8021

Re: Black list for failed login to IPSec VPN

Mikrotik write this about time log format:
You can store the logs remotely in a Syslog server, and there choose format that you like most.
I do use Syslog and Splunk

There has been several request to MT to use propper time log format like ISO8601
by Jotne
Tue May 18, 2021 8:04 pm
Forum: Beginner Basics
Topic: How do I find the uptime of my router?
Replies: 8
Views: 820

Re: How do I find the uptime of my router?

He may have more than on device :)
by Jotne
Tue May 18, 2021 8:01 pm
Forum: General
Topic: Using Splunk to analyse MikroTik logs
Replies: 104
Views: 33973

Re: Using Splunk to analyse MikroTik logs

You are posting on an old and obsolete thread. Start a new one.

I do not now anything about Splunk Enterprise Security and DNS.
Why DNS view in ES does not see DNS logs, I guess may be due to that Mikrotik logs DNS in another format compare to what ES needs to be able to understand.
by Jotne
Tue May 18, 2021 11:20 am
Forum: Beginner Basics
Topic: How do I find the uptime of my router?
Replies: 8
Views: 820

Re: How do I find the uptime of my router?

How do you know its a switch OS?
Telnet/SSH may be blocked.
by Jotne
Tue May 18, 2021 7:17 am
Forum: Beginner Basics
Topic: How do I find the uptime of my router?
Replies: 8
Views: 820

Re: How do I find the uptime of my router?

Title of the thread is "How do I find the uptime of my router?" and "RB"is mention.
So OP should post what software/hardware and version he has.
by Jotne
Mon May 17, 2021 7:46 pm
Forum: General
Topic: L2TP IPSEC site to site behind NAT [SOLVED]
Replies: 17
Views: 2066

Re: L2TP IPSEC site to site behind NAT [SOLVED]

If you see two private ip in the traceroute, you normally have two nat.
by Jotne
Mon May 17, 2021 6:00 pm
Forum: Beginner Basics
Topic: How do I find the uptime of my router?
Replies: 8
Views: 820

Re: How do I find the uptime of my router?

One of the first thing I did find when googling RotuerOS uptime.
https://www.youtube.com/watch?v=qWlHOwD9gwg
by Jotne
Mon May 17, 2021 5:23 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 156
Views: 84250

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

But I have for sure not done anything remotely connected to DDoS, mostly surfing :)
by Jotne
Mon May 17, 2021 2:21 pm
Forum: General
Topic: Using Splunk to analyse MikroTik logs
Replies: 104
Views: 33973

Re: Using Splunk to analyse MikroTik logs

Try this search to see if anything comes inn.
index=*
You have tagged the events? Section 2b (in new thread)
Has it worked before?
MikroTik
Capital M and T'

NB this is an obsolete thread, use this:
viewtopic.php?f=2&t=137338
by Jotne
Mon May 17, 2021 11:30 am
Forum: Scripting
Topic: How to get value in wireless monitor?
Replies: 11
Views: 1241

Re: How to get value in wireless monitor?

It's not off topic.

1. Most here are on 6.47+, so this is what they know about.
2. Much has change since 6.19 so config are not the same (master/slave gone)
3. You put your system at risk if its connected to internet. (even worse if you do remote admin )
by Jotne
Mon May 17, 2021 8:45 am
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 156
Views: 84250

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

Should not these rules contain Wan as in interface?
I did get my internal PC blocked due to wrongly logged as d-dos
by Jotne
Mon May 17, 2021 8:04 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Do you verify the certificate?
by Jotne
Fri May 14, 2021 2:48 pm
Forum: Scripting
Topic: How to get value in wireless monitor?
Replies: 11
Views: 1241

Re: How to get value in wireless monitor?

ROs 6.19
I do hope this is a standalone network not connected to internet.
If its connected to internet, you should upgrade. 6.19 are very old an have many security flaws.
by Jotne
Fri May 14, 2021 2:34 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

This should be taken out of 6.48.2 thread and over to a new thread.
Nothing to do with 6.48.2 release.
by Jotne
Thu May 13, 2021 9:33 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 136812

Re: Using RouterOS to VLAN your network

Negative as a homeowner, don't agree and it leads to nothing but problems. I totally agree with you. This was just from what I do see from real life situation. Most starts off with a basic router with all in VLAN 1, then add more VLANs as needed. In a good deign, management VLAN should be it own VL...
by Jotne
Thu May 13, 2021 7:22 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

This is just part of the config and it looks ok. To see what the problem is we need the rest. Post output of /export hide-sensitive and use code tags </> If it was broken, you would have seen hundreds of post complaining about it's not working. For Torrent, you can do a test using UPnP instead of ma...
by Jotne
Thu May 13, 2021 4:51 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Port forwarding stop working. Downgrading to 6.47.8 all works fine.
This has to be a config error at you site. It works fine.
Post you config.
by Jotne
Wed May 12, 2021 9:28 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 169
Views: 43364

Re: v6.49beta [testing] is released!

Depending on previous image size. If previous+current = to big, you can do one of two.

1. Netinstall
2. Downgrade to older and smaller image before upgrade.
by Jotne
Wed May 12, 2021 10:47 am
Forum: Scripting
Topic: Scheduling script to enable / disable Netwatch
Replies: 2
Views: 665

Re: Scheduling script to enable / disable Netwatch

This work fine on my router. [test] /tool netwatch> /tool netwatch disable [find host=8.8.8.8] [test] /tool netwatch> print Flags: X - disabled # HOST TIMEOUT INTERVAL STATUS SINCE 0 X 8.8.8.8 998ms 10s unknown may/12/2021 09:46:08 [test] /tool netwatch> /tool netwatch enable [find host=8.8.8.8] [te...
by Jotne
Thu May 06, 2021 8:59 pm
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 1151

Re: VPN L2TP/IPSEC RouterOS 6.11->6.47.9

There has been so many big security upgrade since 6.11 (released 2014-06-09!!!!!), so if its connected to internet in some form, it should be upgraded. If it's on a closed network without internet involved, then this may work.


PPTP VPN has no security at all, everything goes in clear text :)
by Jotne
Thu May 06, 2021 3:21 pm
Forum: Announcements
Topic: v6.47.9 [long-term] is released!
Replies: 77
Views: 24781

Re: v6.47.9 [long-term] is released!

Not fixed. Read this:
viewtopic.php?f=2&t=174836
by Jotne
Wed May 05, 2021 2:47 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

It was just a comparison. DNS unencrypted. Syslog unencrypted. Syslog-TLS encrypted. DoH - DNS encrypted.
by Jotne
Tue May 04, 2021 11:20 pm
Forum: Scripting
Topic: Backup Script RSC
Replies: 8
Views: 1134

Re: Backup Script RSC

I do suggest that you also send an export file. If you for some reason need to change to an other type of MT router, it will be hard to restore a backup file. Here is my Gmail backup script. # # Created Jotne 2020 v1.0 # # Takes two different backup and send then to email # # backup.rsc readable bac...
by Jotne
Tue May 04, 2021 11:16 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

Ahh it was that you mean. This is why I like to use DoH. I not like all inn the middle can look at all my DNS request.
by Jotne
Tue May 04, 2021 9:26 pm
Forum: General
Topic: Feature requests
Replies: 1374
Views: 343475

Re: Feature requests

Strange. I do get lots of module info. Look at example in my link: https://forum.mikrotik.com/viewtopic.php?t=124291 Try to remove the check mark for BSD Syslog format and see if it changes. I do log to Splunk directly, but I have tested it with rsyslog server and it works there as well. Here are so...
by Jotne
Tue May 04, 2021 1:21 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

I have naver seen any problems with my pain text syslog, but TLS would be a good enhancement. You can set access list on who can send syslog to your server and also monitor when you get new hosts trying to send syslog message. One reason that I do not see many wrong attempts, is that I have a rule t...
by Jotne
Tue May 04, 2021 1:16 pm
Forum: General
Topic: Feature requests
Replies: 1374
Views: 343475

Re: Feature requests

Can you post an example on how it looks like and how you would like it to be.
I do use lots of logging in Splunk for Mikrotik, see my signature, and not sure what you miss.

PS no need to quote the complete message above you. Use Post Reply button blow the post, please.
by Jotne
Tue May 04, 2021 8:05 am
Forum: General
Topic: Feature requests
Replies: 1374
Views: 343475

Re: Feature requests

That is fixed text. I want to see the topics that are visible when logging in memory. These differ per message. E.g. [system,info,account] or [ipsec,error] See my post here from 2017. MT has not fixed anything of this yet. https://forum.mikrotik.com/viewtopic.php?t=124291 Support has only sad that ...
by Jotne
Mon May 03, 2021 6:12 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

It reports the syslog sending IP. Host is the host field in Splunk for the incoming logs.

PS no need to quote the whole post above you. Use Post Reply button under the post.
by Jotne
Mon May 03, 2021 2:50 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

I'd suggest putting that in the original guidepost itself. A good Ide, I will add that. What can I do to ensure MikroTik to Splunk Server communication is encrypted and not sent in plaintext? Since MikroTik does not support TLS syslog (please add), the only workaround I do see is to send log to a l...
by Jotne
Mon May 03, 2021 2:22 pm
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

You can try to enable info logging and add that firewall should not be included, like this:
.
logging.jpg
by Jotne
Mon May 03, 2021 11:40 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 184
Views: 136812

Re: Using RouterOS to VLAN your network

@pcunite Nice guide I do suggest you edit your header to Using RouterOS(6.41+) to VLAN your network. And Title: Using RouterOS to VLAN your network the new way with RouterOS 6.41+ This to make i clear what type of VLAN implementation you are using in this guid. In Router-Switch-AP (all in one) you d...
by Jotne
Sun May 02, 2021 6:25 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 169
Views: 43364

Re: v6.49beta [testing] is released!

The latest beta build still has the DoH memory leak bug, this bug is present since first 6.48 stable build, hope for a fix.
In this thread you see how DoH bugs arrive and how to avoid it when using DoH.
viewtopic.php?f=2&t=174836
by Jotne
Thu Apr 29, 2021 7:04 pm
Forum: General
Topic: DDoS story, or WARNING: use 'conection-limit' with caution!
Replies: 156
Views: 84250

Re: DDoS story, or WARNING: use 'conection-limit' with caution!

I do have a problem with this filter. Often my syslog sending servers gets blocked by the filter rules.
To fix this I Split the rules in two.
1. Jump all TCP
2. Jump all UDP except Syslog port
by Jotne
Thu Apr 29, 2021 8:30 am
Forum: Scripting
Topic: Ip search by address and enable
Replies: 10
Views: 1018

Re: Ip search by address and enable

@rextended You are correct. Since it regex it should be like this for 10.100.0.* : :put [/ip address find where address~"10\\.100\\.0\\.[0-9]+"] Or even more correct :put [/ip address find where address~"10\\.100\\.0\\.[0-9]{1,3}"] And for 10.100.*.1 : :put [/ip address find wher...
by Jotne
Thu Apr 29, 2021 8:06 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Try some extra reboot.
by Jotne
Wed Apr 28, 2021 11:17 pm
Forum: General
Topic: DoH memory bug.
Replies: 11
Views: 1784

Re: DoH memory bug.

You are free to do what you do, but I do not like and many other does not like it. :)
by Jotne
Wed Apr 28, 2021 10:14 pm
Forum: Scripting
Topic: Read ROS Values with an ESP8266 [SOLVED]
Replies: 8
Views: 1605

Re: Read ROS Values with an ESP8266 [SOLVED]

@jeppu31 @neogoth

Please use "Post Reply" button below the post when you do reply on a post. Not need to Quote the whole post above you. And Quoting the Quoting the Quoting just fills up the thread.
by Jotne
Wed Apr 28, 2021 10:10 pm
Forum: General
Topic: DoH memory bug.
Replies: 11
Views: 1784

Re: DoH memory bug.

@rextended Did not help, raising again, so going back to https://dns.nextdns.io/dns-query

Please do not quote the whole post directly above you. There is a "Post Reply" button to use below the post.
by Jotne
Wed Apr 28, 2021 6:03 pm
Forum: General
Topic: DoH memory bug.
Replies: 11
Views: 1784

Re: DoH memory bug.

Support ticket: SUP-47171

Reverted back to https://cloudflare-dns.com/dns-query and will test rextended suggestion.
by Jotne
Wed Apr 28, 2021 12:33 pm
Forum: General
Topic: DoH memory bug.
Replies: 11
Views: 1784

DoH memory bug.

I have done som more investigation in the DoH memory leakage on all Router OS. In previous setup I have replaced the DNS with IP in DNS setup and some comment that the certificate was by name only. So here are the reult of my test. Setup 1 [ cloudflare ] DoH -> https://cloudflare-dns.com/dns-query S...
by Jotne
Tue Apr 27, 2021 4:20 pm
Forum: Scripting
Topic: Ip search by address and enable
Replies: 10
Views: 1018

Re: Ip search by address and enable

~ Does contain some.
by Jotne
Tue Apr 27, 2021 1:46 pm
Forum: Scripting
Topic: Ip search by address and enable
Replies: 10
Views: 1018

Re: Ip search by address and enable

addresses with network 10.100.0.0/24 or address like 10.100.*.1 If these ranges only contain one IP this should work, { /ip address :local IPID [find where address~"10.100.0.*"] :if ([:len $IPID]=0) do={ :put "ip not found" } else={ :local IPStatus [get $IPID disabled] :if ([:le...
by Jotne
Tue Apr 27, 2021 1:18 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 8
Views: 2386

Re: Importing IP List from file

There is a bug in folder part of the script. Folder not needed so this does work fine. foreach i in={ "NL"; "CN"; "RU"; "DE"; "UA"} do={ /tool fetch url="http://www.iwik.org/ipcountry/mikrotik/$i" dst-path=$i /ip firewall address-list remov...
by Jotne
Tue Apr 27, 2021 12:35 pm
Forum: Scripting
Topic: Ip search by address and enable
Replies: 10
Views: 1018

Re: Ip search by address and enable

There are several error in your logic. You search for a range of IP, but you does not tell where the disable command should look. Also what would you like to happen if it find three IP and 2 are enabled a 1 is disabled? To use wildcard, you can use: :put [/ip address find where address~"10.100....
by Jotne
Tue Apr 27, 2021 12:19 pm
Forum: General
Topic: L2TP IPSEC site to site behind NAT [SOLVED]
Replies: 17
Views: 2066

Re: L2TP IPSEC site to site behind NAT [SOLVED]

To be able to connect to an L2TP IPSec server behind NAT, you need to open:

To allow Internet Key Exchange (IKE), open UDP 500.
To allow IPSec Network Address Translation (NAT-T) open UDP 5500.
To allow L2TP traffic, open UDP 1701.

Are all this open?
by Jotne
Mon Apr 26, 2021 3:30 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Interesting, changed to next dns (downloaded cert and enabled verification)
New
https://45.90.28.0/dns-query
Old
https://1.1.1.1/dns-query

Will in some hour see if memory goes up.
by Jotne
Mon Apr 26, 2021 1:23 pm
Forum: Beginner Basics
Topic: Port forwarding not working
Replies: 4
Views: 452

Re: Port forwarding not working

With DHCP, you do not see outside IP in config.
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
To see IP, you need type
/ip dhcp-client print
or
/ip address print
by Jotne
Mon Apr 26, 2021 12:04 pm
Forum: Beginner Basics
Topic: Port forwarding not working
Replies: 4
Views: 452

Re: Port forwarding not working

I can not see any direct errors in you config. You have a public outside IP (you are not behind another NAT router)? Try this site to test your ports (TCP): https://canyouseeme.org/ Look at winbox and see both at NAT and Filter Rules that you get packet counts. PS, you do not need to-ports when its ...
by Jotne
Mon Apr 26, 2021 11:49 am
Forum: General
Topic: 100% CPU usage at random times
Replies: 10
Views: 3369

Re: 100% CPU usage every Peak hours

PPPoE server with have 600 clients
Hi, have you tried using Splunk to monitor your solution. I have made a Splunk program for Mikrotik and there are a section for PPPoE.
I am interest in feedback on it. See link in my signature.
by Jotne
Mon Apr 26, 2021 11:26 am
Forum: General
Topic: Ookla Speed Test with RB750gr3 [SOLVED]
Replies: 6
Views: 833

Re: Ookla Speed Test with RB750gr3 [SOLVED]

Since your router has 6.48, you have upgraded after it was hacked, so you have had this problem some time. Problem is that there was som older version of RouterOS that was open for attack when winbox was open from internet. I have posted this information several times on the forum. -----------------...
by Jotne
Sun Apr 25, 2021 12:26 am
Forum: General
Topic: Running out of disk space
Replies: 5
Views: 689

Re: Running out of disk space

It does. Problem is that you sometimes does not have enough space to upgrade on device with small disk spaces.
On trick is to downgrade to older smaller image, the upgrade to latest of you choice.
But take care if the older image does not support your settings.
by Jotne
Sun Apr 25, 2021 12:02 am
Forum: Scripting
Topic: DHCP via script
Replies: 14
Views: 1568

Re: DHCP via script

And also there is a Post Reply button blow the post to reply the post. No need to quote the post above your :)
by Jotne
Sat Apr 24, 2021 11:15 pm
Forum: Scripting
Topic: DHCP via script
Replies: 14
Views: 1568

Re: DHCP via script

You can edit your own post to add more information. Its the pencil symbol (edit post)
by Jotne
Sat Apr 24, 2021 8:28 pm
Forum: General
Topic: Running out of disk space
Replies: 5
Views: 689

Re: Running out of disk space

My RB750Gr3 is 93.75% full, so this is normal.
by Jotne
Fri Apr 23, 2021 1:42 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Yes:

SUP-47171
by Jotne
Fri Apr 23, 2021 12:18 pm
Forum: Scripting
Topic: ! Variables in firewall filters [SOLVED]
Replies: 4
Views: 947

Re: ! Variables in firewall filters [SOLVED]

In cli wrap the code i brackets. {code}
{
:global eruWAN ether1
/ip firewall filter add chain=forward out-interface=!($eruWAN) ....
}
by Jotne
Fri Apr 23, 2021 11:39 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

When I read stuff like this I get a little mad with myself. Why oooo why did I not think of this! I will implement this on the main resolver at once. That will just be like pee in the pants to get worm. Short term solution. You do not know what other stuff may go wrong due to the memory leakage. I ...
by Jotne
Thu Apr 22, 2021 11:47 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47486

Re: v7.1beta5 [development] is released!

I use that and have no reboots.

I do not have reboot, but a big memory leakage.
viewtopic.php?p=854375#p854375
by Jotne
Thu Apr 22, 2021 11:24 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

I did disable certificate verification and it did go down by itself. No reboot.
At every color change, I did change settings.
by Jotne
Thu Apr 22, 2021 11:23 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 293
Views: 47486

Re: v7.1beta5 [development] is released!

Does anybody know what RouterOS could be doing every about 4 hours?
Do you use DoH with certificate verification?
by Jotne
Thu Apr 22, 2021 10:44 pm
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 1213

Re: RB4011 ROS takes up an order of magnitude more space

You marked it as solved, what did you find out?
File output did not show much.

PS no need to Quote a message above you, use "Post Reply" button below the post.
by Jotne
Thu Apr 22, 2021 10:22 pm
Forum: General
Topic: RB4011 ROS takes up an order of magnitude more space
Replies: 15
Views: 1213

Re: RB4011 ROS takes up an order of magnitude more space

In a terminal windows, run the following command and post the output of it.
/file print
by Jotne
Thu Apr 22, 2021 10:19 pm
Forum: Beginner Basics
Topic: Configuration Restore from RB3011 to RB4011
Replies: 6
Views: 1072

Re: Configuration Restore from RB3011 to RB4011

Copy the file to a notepad, the cut and past part by part to the terminal of the new router. If some goes wrong, you can see what part you have pasted and fix the errors.
by Jotne
Thu Apr 22, 2021 10:16 pm
Forum: General
Topic: Ookla Speed Test with RB750gr3 [SOLVED]
Replies: 6
Views: 833

Re: Ookla Speed Test with RB750gr3 [SOLVED]

Its not a hardware error, since my RB750Gr3 runes Ookla Speed test without any problem.
Here is a test on my 100/100 fiber line.
Its limited for one user to max 90Mbps download and 80Mbps upload. (without limit, I get close to 100/100)
.
speed_test.jpg
by Jotne
Thu Apr 22, 2021 10:06 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Follow up on memory leakage on 6.48.2 using DoH (and all other RouterOS that supports DoH).
This is measured over 9 days with and without verify DoH turned on/off.
Graph shows percent memory used.
.
doh_mem4.jpg
by Jotne
Thu Apr 22, 2021 8:16 pm
Forum: General
Topic: Firewall filter hits multiple rules
Replies: 6
Views: 475

Re: Firewall filter hits multiple rules

<removed>
by Jotne
Thu Apr 22, 2021 8:13 pm
Forum: General
Topic: Firewall filter hits multiple rules
Replies: 6
Views: 475

Re: Firewall filter hits multiple rules

Quick question Jotne,
Just a couple of server. For me this works. I do have other ports in the same rule, not just FTP (21)
by Jotne
Thu Apr 22, 2021 1:29 pm
Forum: General
Topic: Firewall filter hits multiple rules
Replies: 6
Views: 475

Re: Firewall filter hits multiple rules

This is how rules works. Going from top to bottom until there are some stopping it. So it will be added to 1st list even if its already added to 2nd list and with 1 week that will for sure happen. I do use these rules to block multiple login on ftp over a 2 hour time period. add action=jump chain=fo...
by Jotne
Wed Apr 21, 2021 10:09 pm
Forum: Scripting
Topic: Why is there a "*" in front of the interface number
Replies: 7
Views: 864

Re: Why is there a "*" in front of the interface number

5 post in 20 minutes :) You know you can use the Edit button. Mikrotik does not write why they add a * in front of an ID, but here you see some info. https://wiki.mikrotik.com/wiki/Manual:Scripting id (internal ID) - hexadecimal value prefixed by '*' sign. Each menu item has assigned unique number -...
by Jotne
Mon Apr 19, 2021 3:13 pm
Forum: Scripting
Topic: Bridge Hosts to Interface Comments Script
Replies: 2
Views: 442

Re: Bridge Hosts to Interface Comments Script

Some like this: It looks up all data in " ip arp " For each entry it gets IP and MAC The we lookup the mac in " ip bridge host " to get physical interface :foreach i in=[/ip arp find] do={ :local if :local localmac [get $i mac-address] :local address [get $i address] :do { :set i...
by Jotne
Mon Apr 19, 2021 8:09 am
Forum: General
Topic: New hack/bug? User accounts wiped
Replies: 7
Views: 739

Re: New hack/bug? User accounts wiped

Post your original config.
/export hide-sensitive
by Jotne
Fri Apr 16, 2021 1:30 pm
Forum: Scripting
Topic: Telegram
Replies: 8
Views: 2028

Re: Telegram

I do send backup using gmail, both readable file and bin backup.
Easy to setup and work all the time.
by Jotne
Fri Apr 16, 2021 11:26 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Can confirm that DoH only has memory leakage when verification of certificate is turned on.
Turn it off and memory usage stays flat.
.
doh_mem3.jpg
by Jotne
Fri Apr 16, 2021 8:01 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

If you pass more than 500MB/day on free license, it will stop showing new data, not stop receiving data. If once device can send data and its shown in Splunk, splunk is ok. It may be some blocking your data, or device it self does not send data. Look at the config and see if all are correct.
by Jotne
Thu Apr 15, 2021 12:56 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

I mean RouterOS is a routing OS, not a full-fledged DNS resolver solution. You could either offload that to a Pi or host it yourself on the cloud. This you can say about nearly all the function. Should the be on the router or on another device? Cloud VPN Hotspot NTP serve Dude +++ As long as its on...
by Jotne
Thu Apr 15, 2021 8:01 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

you can write to support (support@mikrotik.com) and send them a file supout.rif?
After removing Verify DoH Certificate, no more memory leakage.
Removed around 22:45 yesterday and log looks like this.
Email sent to support. SUP-47171
.
doh_mem2.jpg
by Jotne
Thu Apr 15, 2021 7:53 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Your RouterBoard has exactly the same name. One work, another not. As other writes, try some more reboots.
Mine has worked fine with all the version, so there may be a combination of factors that gives this problem
by Jotne
Wed Apr 14, 2021 11:57 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Model "RB750Gr3" displays status, but model "RouterBOARD 750G r3" does not
Info from my router.
RouterBOARD 750G r3
So its not correct what you write, mine works.
by Jotne
Wed Apr 14, 2021 11:55 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

But I do not see the memory issue at all BUT I do not verify the certificate. I would like to but read that this is what is causing the memory issue so I do not do this.
I have removed the verification of the certificate. Will have a look at log tomorrow.
by Jotne
Wed Apr 14, 2021 10:43 pm
Forum: Beginner Basics
Topic: Forcing IP requests to a specific WAN
Replies: 8
Views: 608

Re: Forcing IP requests to a specific WAN

Some like this may do then /ip firewall nat add action=masquerade chain=srcnat dst-address=138.68.0.0/16 out-interface="ether1 WAN1" add action=masquerade chain=srcnat out-interface="ether1 WAN1" add action=masquerade chain=srcnat out-interface="ether2 WAN2" PS No need ...
by Jotne
Wed Apr 14, 2021 10:27 pm
Forum: Beginner Basics
Topic: Forcing IP requests to a specific WAN
Replies: 8
Views: 608

Re: Forcing IP requests to a specific WAN

If you change from /ip firewall nat add action=masquerade chain=srcnat out-interface="ether1 WAN1" add action=masquerade chain=srcnat out-interface="ether2 WAN2" to: /ip firewall nat add action=masquerade chain=srcnat out-interface="ether1 WAN1" You will only have one w...
by Jotne
Wed Apr 14, 2021 10:24 pm
Forum: Beginner Basics
Topic: Forcing IP requests to a specific WAN
Replies: 8
Views: 608

Re: Forcing IP requests to a specific WAN

Post the file in the forum and add code tags like I have done with your file. # apr/14/2021 20:13:21 by RouterOS 6.48.1 # software id = U3XR-QKMS # # model = RouterBOARD 941-2nD # serial number = 661606E70404 /interface bridge add name=bridge1 /interface ethernet set [ find default-name=ether1 ] nam...
by Jotne
Wed Apr 14, 2021 10:05 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Its the Splunk monitoring tool I have created for Mikrotik.

See more here: viewtopic.php?t=137338
by Jotne
Wed Apr 14, 2021 8:41 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 5654

Re: Time Sync with SNTP client and IP Cloud Not Working

There was a bug (not sure if it is solved) that if you get NTP server from your ISP (DHCP client set to accept NTP) and the IP you did get was not a valid NTP address, the NTP client did not synchronise. Even if you set a valid IP your self, it did not synced. Workaround was to not accept ISP NTP se...
by Jotne
Wed Apr 14, 2021 8:26 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

How's it going with the doh? I'm also waiting for a leak fix to drag this function to the router. Does not look to good. It may be to short, but as seen below DoH enabled around 12:00 and sine then it has raised around 1%. Will report back after some days. Before I added DoH the memory was around 2...
by Jotne
Wed Apr 14, 2021 12:59 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Mine 750G r3 do show System Health on RouterOS 6.48.2 using WinBox
.
System Healt.jpg

DoH turned on to test if there are still memory leakage.


After upgrade and reboot
* Average memory 28% -> 20% used
* Average cpu 8% -> 2%
But this may go up some after some time up.
by Jotne
Tue Apr 13, 2021 9:42 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

You don't need DoH.
I do not need PTP uPnP OSPF PPoE +++.
But as long as a function is there, it should work.
by Jotne
Tue Apr 13, 2021 9:26 pm
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 154
Views: 30346

Re: v6.48.2 [stable] is released!

Hmm, nothing about DoH memory leakage fix.
by Jotne
Mon Apr 12, 2021 7:46 pm
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 5654

Re: Time Sync with SNTP client and IP Cloud Not Working

DoH stops working on HAP AC after power loss (and possibly on other devices without a battery too) because DoH replies on HTTPS, and HTTPS doesn't function without the correct system time. Without a working DNS, IP Cloud also stops working which breaks the Cloud Timesync. DoH is confirmed broken an...
by Jotne
Sun Apr 11, 2021 1:03 pm
Forum: Beginner Basics
Topic: blocking devices off your network
Replies: 17
Views: 1457

Re: blocking devices off your network

MT router have some steep learning curve. But when you get the hang of it, you will love it.

To reserve an IP for Winbox or Webif gui.

IP->DHCP Server->Leases->+-> add IP and Mac address->OK

Or start a terminal and cut/past command I posted above. Set mac correct first.
by Jotne
Sun Apr 11, 2021 12:35 pm
Forum: Beginner Basics
Topic: blocking devices off your network
Replies: 17
Views: 1457

Re: blocking devices off your network

I do not find any DHCP reservation or access rule for 192.168.88.40. Some like this: /ip dhcp-server lease add address=192.168.88.40 mac-address=AA:AA:AA:00:FE:CC server=defconf You have named DHCP as "defconf" , not a good name to use. I can not see at first glims any big error in the con...
by Jotne
Sun Apr 11, 2021 12:27 pm
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 34
Views: 11975

Re: Torrent blocking working in y2020

As long as the client uses encryption (that can be turned on for utorrent) this does not work.
by Jotne
Sun Apr 11, 2021 12:18 am
Forum: Beginner Basics
Topic: blocking devices off your network
Replies: 17
Views: 1457

Re: blocking devices off your network

Could it be that fact that this router was given to me by my isp and has some presets in the firewall thing???
Yes, and as Anav posted, without seeing you configuration, it would be hard to help.
by Jotne
Fri Apr 09, 2021 12:00 pm
Forum: Scripting
Topic: Multiple IF Statement match and action accordingly
Replies: 14
Views: 6911

Re: Multiple IF Statement match and action accordingly

A cleaned up version. No need for ; at the end of line, and removed extra parentheses. { :local var1 "DOWN" :local var2 "DOWN" :if ($var1 = "DOWN" && $var2 = "DOWN") do={ :put "Both are DOWN" } else={ :put "UP" } } You can any of th...
by Jotne
Wed Apr 07, 2021 11:58 am
Forum: Scripting
Topic: bug in ROS or in my head?
Replies: 2
Views: 602

Re: bug in ROS or in my head?

This may be due to that time format in logs are not equal over new day change. IF Mikrotik has used RFC-3164 in their log format, this would have been fixed. Look at these two log messages. apr/05 12:59:00 system,info,account user xyz logged out from 10.12.12.178 via ssh 11:01:32 system,info,account...
by Jotne
Wed Apr 07, 2021 11:53 am
Forum: Scripting
Topic: how to fix Hotspot queue simple
Replies: 1
Views: 350

Re: how to fix Hotspot queue simple

Is this a question or a solution?
You may add some more to this post, so we understand what you are talking about.
by Jotne
Tue Apr 06, 2021 5:25 pm
Forum: Beginner Basics
Topic: Dynamic DNS remove
Replies: 5
Views: 469

Re: Dynamic DNS remove

DOH doesnt work yet from what I understand.
DoH works, but have a memory leakage in all current version of RouterOS
by Jotne
Tue Apr 06, 2021 12:12 pm
Forum: General
Topic: Block Anydesk
Replies: 17
Views: 22704

Re: Block Anydesk

Just add a DoH client on your PC and you bypass the DNS server completely.
Also adding static name would bypass a DNS server.

Your approach only work for user that accidental tries to reach a site. For any user who know some about network, this does not work.
by Jotne
Tue Apr 06, 2021 12:08 pm
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1910

Re: why youtube is not blocked?

I do not get any warning in any browser. For me all looks normal, only when I look at the certification path, I do see that its our company certificate and not the web site certificate. So for the user this is 100% transparent. There are several sites that are whitelisted, like banking etc. Also if ...
by Jotne
Tue Apr 06, 2021 12:05 pm
Forum: Beginner Basics
Topic: blocking devices off your network
Replies: 17
Views: 1457

Re: blocking devices off your network

Some like this:
/ip firewall filter
add action=drop chain=forward src-address=192.168.88.40
by Jotne
Mon Apr 05, 2021 9:58 pm
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1910

Re: why youtube is not blocked?

That requires you to break the security of https. Not something you would want to do in the long run, and also not something that will be tolerated by websites forever. (there are all kinds of efforts to bind the specific certificate in use to a specific website, so the fake cert used by such proje...
by Jotne
Mon Apr 05, 2021 5:50 pm
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1910

Re: why youtube is not blocked?

As I have written before, you can have full control and block stuff by using products like Forecepoint.
To make this to work, you need to have full control of the client as well, some you can do with company polices.
by Jotne
Mon Apr 05, 2021 11:49 am
Forum: Scripting
Topic: Random Time Script
Replies: 7
Views: 1267

Re: Random Time Script

Clever solution. Here is a small update. You can declare variable first time its used. Added leading "0" to look better if its only one digit. { :local otp ([/certificate scep-server otp generate minutes-valid=0 as-value]->"password") :local a [:pick "$otp" 0 1] :local ...
by Jotne
Sun Apr 04, 2021 9:58 pm
Forum: Scripting
Topic: Random Time Script
Replies: 7
Views: 1267

Re: Random Time Script

See here on how to generate number in RouterOS.
viewtopic.php?f=9&t=164114

You may convert this to some time settings.
by Jotne
Sat Apr 03, 2021 10:27 pm
Forum: Beginner Basics
Topic: blocking devices off your network
Replies: 17
Views: 1457

Re: blocking devices off your network

Make a static DHCP for the mac of the client, then block the IP.
But as I said, if that is a clever person, he just changes his mac. Some I do at airports to get a new free wifi periode.
by Jotne
Sat Apr 03, 2021 10:23 pm
Forum: Beginner Basics
Topic: Last octet bit of of IP address
Replies: 5
Views: 658

Re: Last octet bit of of IP address

You can change it from command line with a command some like this: /ip address set [find where address~"192.168.88.1"] address=192.168.88.2/24 Or in Winbox IP->Address-><open current ip>Change address to new, then OK Remember that you will loose ssh/winbox connection and you need to connec...
by Jotne
Sat Apr 03, 2021 9:32 pm
Forum: Beginner Basics
Topic: blocking devices off your network
Replies: 17
Views: 1457

Re: blocking devices off your network

Blocking a device on lan to not use your net may not be easy. He can change IP to a new that is working. MAC address can be changed if that is blocked. PPPoE may give some control. Only good solution is to prevent physical access to the network.
by Jotne
Sat Apr 03, 2021 9:28 pm
Forum: Beginner Basics
Topic: please help
Replies: 1
Views: 324

Re: please help

1. No need to create a new thread. If no one reply, you can post a bump at the bottom of the post to get it up to the top.
2. Please Help is not a good header. Many do not read it.
by Jotne
Sat Apr 03, 2021 9:05 pm
Forum: Beginner Basics
Topic: Last octet bit of of IP address
Replies: 5
Views: 658

Re: Last octet bit of of IP address

If you select a larger network like 192.168.80.0/20, you will have a network that covers from 192.168.80.0 to 192.168.95.255 (Some more than 4000 IP large network), you can set 192.168.88.0 as an valid IP on your router. Normally IP is set on the bridge interface that is used on the inside. You can ...
by Jotne
Sat Apr 03, 2021 8:57 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2971

Re: port 53 open despite firewall rules

This is why users should use DoH / DNSCrypt / etc to prevent this kind of abuse from ISPs. ¨ Sadly its broken in all current version of RouterOS with a memory leakage. When that is fixed I will for sure turn DoH back on. There are noe reason for my ISP (government or other) to be able to look at my...
by Jotne
Fri Apr 02, 2021 10:20 pm
Forum: RouterOS v7 BETA
Topic: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5
Replies: 8
Views: 1729

Re: hap ac2 (128MB Edition) upgrade to 7.1 Beta 4,5

I have quite some hap ac2 devices.
I do hope this is just for test, since v7 is far from stable and should not be used in production.
by Jotne
Fri Apr 02, 2021 10:07 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2971

Re: port 53 open despite firewall rules

I do use 6.48.1, so you can try to upgrade. Test using default config is a mayor operation, so that may not be possible. Try to add these two rule at the bottom of you filter list to pick up anything that has not been logged before. /ip firewall filter add action=log chain=input protocol=tcp add act...
by Jotne
Fri Apr 02, 2021 9:52 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2971

Re: port 53 open despite firewall rules

Did test my server with the same command as above. nmap -sS -sU -sV -Pn -p 53 92.220.xx.yy Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-02 20:43 CEST Nmap scan report for x.y.z(92.220.xx.yy) Host is up. PORT STATE SERVICE VERSION 53/tcp filtered domain 53/udp open|filtered domain Service detec...
by Jotne
Fri Apr 02, 2021 9:16 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2971

Re: port 53 open despite firewall rules

Configuration looks OK. Normally you should not need to block port 53 on outside, nor should it be open by it self.
I have no linux server outside, so can not test my port.

Do you see any count increase on your firewall rule when you test port 53?
by Jotne
Fri Apr 02, 2021 8:37 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2971

Re: port 53 open despite firewall rules

Edit your post.
Select the code part and click the code button. </>

Do you scan the router on the WAN or LAN side?
by Jotne
Fri Apr 02, 2021 8:35 pm
Forum: Scripting
Topic: hAP AC2 - Mode button to enable/disable wifi [SOLVED]
Replies: 5
Views: 1950

Re: hAP AC2 - Mode button to enable/disable wifi [SOLVED]

You do not need to test both wifi interface since you always change them at the same time. But if for some reason interface are not the same status, you change is ok. Your log info are the same for on/off, so you need to fix that. PS no need to quote the whole post above you. Use Post Reply button u...
by Jotne
Fri Apr 02, 2021 7:39 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2971

Re: port 53 open despite firewall rules

Why do you need my LAN config for a firewall problem? It gets a better overall picture on what is going on. What other ports open/service running. How the bridge/ports are configured. If you post /export hide-sensitive and remove all sensitive IP, I do not see any reason for not posting your config...
by Jotne
Fri Apr 02, 2021 6:46 pm
Forum: General
Topic: port 53 open despite firewall rules
Replies: 42
Views: 2971

Re: port 53 open despite firewall rules

Post the complete configuration.
/export hide-sensitive 
by Jotne
Fri Apr 02, 2021 6:29 pm
Forum: Scripting
Topic: How to do a Fuzzy query [SOLVED]
Replies: 10
Views: 2098

Re: How to do a Fuzzy query [SOLVED]

It must be my head that was not on the correct place

This works
/ip firewall address-list print where address in 42.117.0.0/16
and I guess its faster than regex.
by Jotne
Fri Apr 02, 2021 6:25 pm
Forum: Scripting
Topic: Enable/Disable wlan with scheduler
Replies: 4
Views: 1022

Re: Enable/Disable wlan with scheduler

Here is another day of week. https://wiki.mikrotik.com/wiki/Script_t ... f_the_week
Not sure what is the main different from yours, but its not the same.
by Jotne
Fri Apr 02, 2021 5:29 pm
Forum: Scripting
Topic: hAP AC2 - Mode button to enable/disable wifi [SOLVED]
Replies: 5
Views: 1950

Re: hAP AC2 - Mode button to enable/disable wifi [SOLVED]

Here you go. (Tested on hAP AC2) Make a script with name wifi-change :if ([/interface wireless get wlan1 disabled]=yes) do={ /interface wireless set wlan1 disabled=no :log info message="Wifi turned on" } else={ /interface wireless set wlan1 disabled=yes :log info message="Wifi turned ...
by Jotne
Fri Apr 02, 2021 4:49 pm
Forum: Scripting
Topic: How to do a Fuzzy query [SOLVED]
Replies: 10
Views: 2098

Re: How to do a Fuzzy query [SOLVED]

@pe1chl You are correct about the double \\ Was just written without testing :) This works: /ip firewall address-list print where address~"^42.117\\." This does not work for me /ip firewall address-list print where 42.117.0.0/16 in address /ip firewall address-list print where "42.117...
by Jotne
Fri Apr 02, 2021 12:45 pm
Forum: Scripting
Topic: How to do a Fuzzy query [SOLVED]
Replies: 10
Views: 2098

Re: How to do a Fuzzy query [SOLVED]

I have found the answer /ip rou pr where dst-address ~ "172.17." this char "~" is the key , (same as "include" ) This will fail for two reason. 1. It will take IP with your search in the middle, like 10.172.17.13.1 2. Dot will be like any character, so it will hit on 1...
by Jotne
Thu Apr 01, 2021 6:02 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 32825

Re: v6.48.1 [stable] is released!

In Webfig and Winbox: No /system/heath output at all
You upgraded the routerboard as well to 6.48.1 as well and rebooted?
System->Routerboard->Upgrade
by Jotne
Thu Apr 01, 2021 11:06 am
Forum: Scripting
Topic: Torrent blocking working in y2020
Replies: 34
Views: 11975

Re: Torrent blocking working in y2020

In uTorrent
Options->Prefences->BitTorrent-Protocol Encryption set it to Enabled, then test if your rule still blocks it.
It still blocks encrypted torrent as asked about above?
by Jotne
Tue Mar 30, 2021 11:46 pm
Forum: Beginner Basics
Topic: Winbox can no longer connect
Replies: 7
Views: 672

Re: Winbox can no longer connect

And you are using latest WinBox? Try another PC as well.
by Jotne
Tue Mar 30, 2021 11:38 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

Warning!!!

Try paste this command line:
:delay 1ms
You will get a warning like this:
Warning: value of delay-time was rounded down to 0s
And this is not a good thing. Look at CPU load. My router goes from 0-1% to 25% CPU usage.
by Jotne
Tue Mar 30, 2021 12:59 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

Script is just a proof of concept. It does print message to terminal, no beep. (do not have beep on my router) You need to change the lines :put "wifi connected" to some with beeps within them. You also need to set :global run 1 To make it run. Add { } around the whole script and copy past...
by Jotne
Mon Mar 29, 2021 9:36 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

Updated version that should not miss any message, since it test number of message and then compare 1 and 1. But not 100% sure what happens when log reaches 999 entry. You can add as many test as you like, since it reads all log entry 1 by one. :global run :local LogInfo :local LogLength :local LogTo...
by Jotne
Mon Mar 29, 2021 7:00 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

You have modified the script look for eth down?
Script I made only search for Wifi connected. (1 of 4 option in connecting/disconnecting wifi/eth)
by Jotne
Mon Mar 29, 2021 3:27 pm
Forum: Beginner Basics
Topic: Winbox can no longer connect
Replies: 7
Views: 672

Re: Winbox can no longer connect

Do you get wrong username/password or does it not show up in Winobox.
You could try using Winbox on lan side and connect using mac address connection.
by Jotne
Mon Mar 29, 2021 3:25 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

It will work for all.
Just look in the log how it looks like while connecing/disconnecing wifi/ethernet. Change script to look for data in that line.
by Jotne
Mon Mar 29, 2021 3:15 pm
Forum: General
Topic: why youtube is not blocked?
Replies: 13
Views: 1910

Re: why youtube is not blocked?

Maybe it has something to do with QUIC?
viewtopic.php?t=144452
by Jotne
Mon Mar 29, 2021 3:11 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

Do you need a script for connecting ethernet ports or wifi connecting devices?
by Jotne
Mon Mar 29, 2021 1:45 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

This should let you go :global run :local loginfo :local prevlog :while ($run=1) do={ :set loginfo [/log find time>([/system clock get time] - 2s) topics~"wireless" message~": connected"] if ($loginfo!=$prevlog and [:len $prevlog]=0) do={ :beep frequency=10000 length=1s } :set pr...
by Jotne
Mon Mar 29, 2021 12:09 pm
Forum: Scripting
Topic: Beep sound wifi device connect/disconnet
Replies: 18
Views: 1759

Re: Beep sound wifi device connect/disconnet

There are not a quick way to do it. You have too look at log and if it see a line some like this, then send a beep. wireless,info MikroTik: EA:XX:XX:92:EB:0E@wlan: connected, signal strength -80 This need to be scheduled, so it will not be real time. I will have look at it to see if there are other ...
by Jotne
Mon Mar 29, 2021 11:56 am
Forum: Useful user articles
Topic: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved
Replies: 437
Views: 190582

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything) Topic is solved

Thanks for info, I will remove snmp for the main post, since we do not need this type of log, since its already logged by the SNMP
by Jotne
Sat Mar 27, 2021 6:46 pm
Forum: General
Topic: Block Anydesk
Replies: 17
Views: 22704

Re: Block Anydesk

4. Try to block DOH dropping tcp 443 with dst.addr. list with known doh servers ip addresses .
That will only be a short term solution since new server arrives all the time.
Here is one list.
https://dnscrypt.info/public-servers/
  • 1
  • 2
  • 3
  • 4
  • 5
  • 8