MikroTik

colinardo

Would be nice if you extend the :grep command with an additional parameter to output the grepped content only not the whole line, like the option -o in the real grep command in the linux shell. So that we don't have to use "find" and "pick" commands afterwards to extract specific...

colinardo

New :grep command crashes console when invoking with the following pattern :grep script="system clock print" pattern=".*" I know this pattern does not make any practical sense here but it crashed the console repeatedly with high cpu usage. The command used doesn't matter, it happ...

colinardo

Have the same issue on all my current RouterOS v7 systems wenn arp is "enabled". Also in version 7.11 this problem is still present. No cleanup occurs, also when using minimal config.
Setting the timeout value explicitly on the interface also does not change anything.

colinardo

Argh! Didn't follow the guide in detail - my fault! After naming the VLAN interfaces in the proper way and assigning the IPs, the container started successfully. Additionally I had to activate the Multicast Helper (set to 'full') on the wireless interfaces and disable NAT between both networks. Now...

colinardo

Thanks for your work, @colinardo! I've tried it with with your arm64 docker image and also built an own container with the help of your sources . In both cases the following error message appears while starting the container on a RB5009UG+S+ (arm64) or on a CHR (x86_64) with v7.10.2: ip: RTNETLINK ...

colinardo

Thanks! Still some issues with ssh keys: *) ssh - added support for Ed25519 key export and import in PKCS8 format; Export of hostkey in ed25519 works, reimport of the same key or other ed25519 keys will not import (tested on CHR(x86) platform): screenshot.png Also user keys ed25519 in PKCS8 Format g...

colinardo

For those interested, i created an extended container image based on the github repo and a setup script which simplifies the mDNS repeating setup: Mikrotik: mDNS Repeater as Docker-Container on the Router (ARM,ARM64,X86) (english version) Mikrotik: mDNS Repeater als Docker-Container auf dem Router (...

colinardo

Ahh found it, you have to set the key-type first:

/ip/ssh 
set host-key-type=ed25519
regenerate-host-key

screenshot.png

But custom host keys in ed25519 format still will not import via import-host-key command after changing the setting above.

colinardo

As I wrote above... This is not (yet) about public key authentication. You now have the choice to use RSA or ed25519 host keys. You can see what host key type is used in the heading of randomart Image. I know, but this is the host key, i tried to import the hostkey for the router itself not for a u...

colinardo

*) ssh - added Ed25519 host key support; Tried this, but importing an ed25519 hostkey on 7.9 beta4 (x86 CHR Image) does not work, see images how i generated the key and tried to import it screenshot.png screenshot.png Also tried a RFC4716 converted key file, but this one also refuses to import ssh-...

colinardo

*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated; I hope this not only happens when the address is deactivated but also every time the address is changed, like when a new address from a pool is assigned. Yes it does.I have tested...

colinardo

*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;

Mikrotik please also include TXT records in future fixes, see this thread
viewtopic.php?t=187840

Best regards
@colinardo

colinardo

Hi folks. You can use a firewall address list as a workaround for this. Example: /ipv6 firewall address-list { add list=google-dns address=dns.google.com :delay 1 :foreach ip in=[find list=google-dns && dynamic] do={:put [get $ip address]} } Outputs: 2001:4860:4860::8844/128 2001:4860:4860::...

colinardo

In the current 7.6beta10 and also some versions before, DOT1X Server Auth via EAP Methods does not work anymore, testet in a CHR x86 image with clean config between to Mikrotik with current beta firmware, one acting as DOT1X server and one as client. MAC Auth works by the way, but sometimes with gre...

colinardo

Positive feedback from support

Hello,

Thank you for your report. 
I managed to reproduce such behavior and we are looking forward to fixing it in the further RouterOS releases.

Best regards,
Artūrs C.

colinardo

Thanks for your clarifying post

, OK this absolutely makes sense, i will open a ticket, and report if or when it is fixed.

Regards @colinardo

colinardo

Hi folks, i have a strange issue with the integrated DNS-Proxy of a Mikrotik RB4011 with RouterOS 6.49.6 . First, to reproduce the problem i first cleared the DNS-Cache with /ip dns cache flush All other router configuration were reset to a bare minimum. For this Test i'm using cloudflare (1.1.1.1) ...

colinardo

It's fixed in Router OS 7.4beta2
viewtopic.php?t=186583
What's new in 7.4beta2 (2022-Jun-07 12:08)
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;

colinardo

What's new in 7.3beta40 (2022-May-11 12:18): *) dot1x - fixed RADIUS State attribute when client is reauthenticated; *) dot1x - fixed port based VLAN ID assignment on devices without a switch chip; *) dot1x - improved server system stability during authentication; Confirming dot1x auth with dynamic...

colinardo

does anyone know what is the "passthrough" action to use in routing filters in v7? There is no need for that in v7, ROS automatically continues in the chain when you do not reject or accept. https://help.mikrotik.com/docs/display/ROS/Routing+Filters Please do not use this thread for askin...

colinardo

What's new in 7.3beta37 (2022-Apr-25 15:29):
*) dot1x - improved server stability when using re-authentication;

dot1x vlan assignment still broken
viewtopic.php?p=925819#p925819

colinardo

Hi. in the current release there is a problem with dot1x (mac/dot1x) authentication and dynamic vlan assignment with usermanager as radius server. The same settings were successfully tested with RouterOS release 7.1.5(CHR_x86), but in the current release 7.2 (CHR_x86) the setup fails. RouterOS sends...

colinardo

1. mac-winbox show nothing IF the interface on the router has no ip address OR the windows ethernet port setting obtain automatically. the setting is allowed from any interfaces [admin@MikroTik] > tool/mac-server/mac-winbox/print allowed-interface-list: all Hi, is neighbor discovery enabled for the...

colinardo

With 7.1.1. log entry is missing details what changed when adding/deleting/changing routing table entries :

screenshot.png

colinardo

Thanks for the update! Routing-Table Box for IPv6 routes is still missing in Winbox GUI, so route has to be completed or added via console when using different routing table. screenshot.png This seems to fix the Wireguard issue where adding allowed-addresses as ::/0 will disappear if done through Wi...

colinardo

will the RB5009 and CCR2004 be initially released with the current beta firmware or dedicated factory release?
Dedicated 7.0.4 (stable)

Thanks for your response!, So already with all new features of RouterOS 7 which is still in beta state?

colinardo

Nice new products! 👍

So RouterOS 7 will be soon in "release" state? Or will the RB5009 and CCR2004 be initially released with the current beta firmware or dedicated factory release?

Best regards
@colinardo

colinardo

Upgrade with RB4011iGS+RM, RB951G-2HnD and RBwAPG-5HacD2HnD (wAP AC) from 6.47.8 to 6.48.3 went without issues so far. Thanks for the update.

colinardo

can I use ipv6 over ipv4? that is vtep will be ipv4 but servers will communicate on ipv6.

Yes you can. VXLAN-Interface forms a transparent L2 tunnel, so you can use IPv6 inside it.

Best regards.

colinardo

@wojo Found a LOG problem with an IPv6 DHCP-CLIENT . The log says there was an error adding the dynamic prefix pool, but it actually is created correctly. Cosmetic problem? dhcp,error failed to add ipv6 pool MYPOOL: ok ..... ....... Yes, I have a similar issue:with the current release 6.43 dhcp,erro...

colinardo

Nice work!

Found a LOG problem with an IPv6 DHCP-CLIENT. The log says there was an error adding the dynamic prefix pool, but it actually is created correctly. Cosmetic problem?

dhcp,error failed to add ipv6 pool MYPOOL: ok

Confused

.

Best regards
@colinardo

colinardo

Since v3.15 when opening a static IPv6 route that has a link-local gateway causes 100% cpu usage on winbox using Win7 x64. Have the same symptom here in the CAPsMAN Channel-List. Sometimes when copying channel and editing either frequency name or other items for that channel, the dialog freezes and...

colinardo

Hi there,
developed my own solution with a MetaROUTER Instance to renew Let's Encrypt certificates on the router itself.
Have a look at https://www.administrator.de/contentid/355746 for a tutorial (german).

Best regards
@colinardo

colinardo

Found the problem, damn: ... same MAC-Addresses by copying interfaces in CAPsMan, arghhhhhhh.

screenshot.png

Sorry.

For reference
viewtopic.php?f=7&t=66314

colinardo

Hello everyone, i'm facing a problem with a cAP Lite in conjunction with a CAPsMan Setup (CAPsMan running on a RB951G-2HnD). I have tow other wAP-AC running successfully with the same CAPsMan each AP is running 2 SSIDs The following weird behavior makes me crazy: The cAP Lite ist running fine when p...

colinardo

For information:
RB951G-2Hnd was OK after upgrading to 6.39. But when you try installing the "multicast" 6.39-mipsbe package after installing 6.39, you get stuck in a boot loop with constant beeps. Netinstall was needed to recover.

Better wait upgrading this device.

Best regards

colinardo

Hi. I discovered the following problem with the current 6.38 Release on a RB951G-2HnD with the auto certificate feature of CAPsMan: If you request certificate with a CAP on the same device as the CAPsMAN , the device is unable to issue the private key for the certificate. The certificate for CAP is ...

Search found 37 matches

Re: v7.13beta [testing] is released!

Re: v7.13beta [testing] is released!

Re: ARP entries building up

Re: mDNS repeater feature

Re: mDNS repeater feature

Re: v7.9rc is released!

Re: mDNS repeater feature

Re: v7.9beta [testing] is released!

Re: v7.9beta [testing] is released!

Re: v7.9beta [testing] is released!

Re: v7.9beta [testing] is released!

Re: v7.7 [stable] is released!

Re: IPv6 Version of Resolve?

DOT1X Port Auth via Usermanager does not work anymore in CHR x86 image

Re: Mikrotik RouterOS 6.49.6 strange issue when requesting TXT records from integrated DNS proxy

Re: Mikrotik RouterOS 6.49.6 strange issue when requesting TXT records from integrated DNS proxy

Mikrotik RouterOS 6.49.6 strange issue when requesting TXT records from integrated DNS proxy

Re: OpenSSH future RSA host key deprecation

Re: v7.3beta [testing] is released!

Re: v7.2.2 [stable] and v7.2.3 [stable] are released!

Re: v7.3beta [testing] is released!

Re: v7.2 is released!

Re: v7.1.2 is released!

Re: v7.1.1 is released!

Re: WinBox v3.32 released!

Re: Newsletter 101

Re: Newsletter 101

Re: v6.48.3 [stable] is released!

Re: VxLAN example configuration

Re: v6.43 [current] is released!

Re: v6.43 [current] is released!

Re: Winbox v3.16 released!

Re: Support for ACME/Let's Encrypt certificate management [SOLVED]

Re: cAP Lite Problem with wireless virtual interfaces in conjunction with CAPsMAN [SOLVED]

cAP Lite Problem with wireless virtual interfaces in conjunction with CAPsMAN [SOLVED]

Re: v6.39.1 [current]

Re: v6.38 [current] is released!