Community discussions

Search found 35 matches

by alli
Thu Nov 01, 2018 6:08 pm
Forum: Wireless Networking
Topic: Big Mall Wireless Design
Replies: 1
Views: 458

Big Mall Wireless Design

We want to design wireless network (hotspot) that covers and provide internet for every point of a big mall with several floor. There is single cable internet cable at the center of each floor. My question is what are the best Mikrotik hardware for this job and which aspects of device matters here? ...
by alli
Wed Sep 12, 2018 8:50 am
Forum: General
Topic: DNS Server TTL problem
Replies: 14
Views: 1335

Re: DNS Server TTL problem

You are correct, but the problem is DNS server is not usable as a proxy server. Anyway having this option would not hurt anyone.
by alli
Tue Sep 11, 2018 11:22 am
Forum: General
Topic: DNS Server TTL problem
Replies: 14
Views: 1335

DNS Server TTL problem

We are using Mikrotik CHR as a firewall and its DNS Server as a DNS proxy in our infrastructure. The problem is Mikrotik DNS Server reports it's TTL as domain TTL instead of the real one. For example if domain example.com has a TTL of 1 hour after 59 minute it reports 1 Minute as the domain TTL and ...
by alli
Sat Jul 07, 2018 1:45 pm
Forum: General
Topic: How can you load-balance between a pppoe gateway and a static gateway on the bridge?
Replies: 62
Views: 3044

Re: How can you load-balance between a pppoe gateway and a static gateway on the bridge?

you must srcnat traffic going to gateways, it's easy for gateways with master interface, but for gateways inside the bridge you must srcnat to router ip address inside the bridge (usually 192.168.88.1) by checking the connection mark, so the internal gateway respond to router instead of directly to ...
by alli
Sun Jul 01, 2018 1:55 pm
Forum: General
Topic: DNS Cache full of junk [BUG]
Replies: 11
Views: 1560

Re: DNS Cache full of junk [BUG]

A good client wouldn't query unknown names again and again. Then we can handle the bad client in the firewall. Actually a lot of repetitive queries for names that do not exist are made; probably even more than for repeated queries of valid names. That is the reason that failed lookups are cached as...
by alli
Sun Jul 01, 2018 1:10 pm
Forum: General
Topic: DNS Cache full of junk [BUG]
Replies: 11
Views: 1560

Re: DNS Cache full of junk [BUG]

Good client wouldn't send nonsense queries either. And if you could handle the bad client in firewall then, why not now? :) Because before handling it, DNS cache would be filled with junks, and also there is no way to flush cache selectively. Anyway I don't see any reason to cache unresolved names.
by alli
Sun Jul 01, 2018 1:03 pm
Forum: General
Topic: DNS Cache full of junk [BUG]
Replies: 11
Views: 1560

Re: DNS Cache full of junk [BUG]

Does that mean, you would like your mikrotik to open connection to another DNS and do the resolve again and again, even if it know that it cant be resolved? Such approach opens plenty of other attack options. Caching is normal. It is up to you to set up cache. For example you can lower maximum cach...
by alli
Sun Jul 01, 2018 11:38 am
Forum: General
Topic: Bandwith of multiple PPPoE link
Replies: 2
Views: 399

Re: Bandwith of multiple PPPoE link

You can have one PPPoE connection over two link using MLPPP (https://wiki.mikrotik.com/wiki/Manual:M ... iple_links), but you can not combine two PPPoE.
by alli
Sun Jul 01, 2018 11:30 am
Forum: General
Topic: Block HTTPS sites
Replies: 11
Views: 1965

Re: Block HTTPS sites

Hello, I have to block HTTPS connection for costumers that don't pay and redirect every connection to a page that says "You forgot to pay this month" and other things. How can I do that? You can't redirect HTTPS, because when browser try to connect to a HTTPS site for example https://facebook.com i...
by alli
Sun Jul 01, 2018 11:05 am
Forum: General
Topic: Simple Queue using PCQ
Replies: 3
Views: 1188

Re: Simple Queue using PCQ

Max-Limit is the total bandwidth for all clients in this queue, so if one is using 4M others get nothing. You should configure pcq-upload-default and pcq-download-default in queue-types and probably set Max-Limit to unlimited or required bandwidth if there are other queues. in pcq-upload-default and...
by alli
Sun Jul 01, 2018 10:56 am
Forum: General
Topic: DNS Cache full of junk [BUG]
Replies: 11
Views: 1560

Re: DNS Cache full of junk [BUG]

Alli - I believe you should find out which device in your network is causing that. Entries like this usually appear, when DNS request cannot be resolved. Maybe there is some rogue software trying to scan stuff? If you start logging DNS, it might help you. There are more than 200 client in our netwo...
by alli
Sun Jul 01, 2018 8:40 am
Forum: General
Topic: DNS Cache full of junk [BUG]
Replies: 11
Views: 1560

DNS Cache full of junk [BUG]

DNS Cache stores a lot of junk names with type unknown and ip address of 0.0.0.0. As you can see in attached image there are more than 40000 of them, they occupy all dns cache and decrease system performance.
by alli
Sat Jun 30, 2018 8:35 pm
Forum: General
Topic: OpenVPN Client Adds Peer DNS Servers
Replies: 4
Views: 931

Re: OpenVPN Client Adds Peer DNS Servers

On what platform do you use the client?
Windows, linux, Mikrotik ...
Mikrotik OpenVPN client itself adds provided DNS addresses by the server to the dynamic DNS servers.
by alli
Fri Jun 15, 2018 3:45 am
Forum: Scripting
Topic: Add element to associate array with custom key from variable: x {$key=$val};
Replies: 10
Views: 1865

Re: Add element to associate array with custom key from variable: x {$key=$val};

Frozer HA-HA! It's so easy! Add dynamic elements with :set command, when key doesn't exist! { :local key1 "MyKey1"; :local key2 "MyKey2"; :local val1 "MyValue1"; :local val2 "MyValue2"; :local a ({}); #Add dynamic elements! :set ($a->$key1) $val1; :set ($a->$key2) $val2; :-) Hm... It seems so many ...
by alli
Thu Jun 14, 2018 10:04 am
Forum: General
Topic: Can not upgrade RB1100Dx4 to 6.42 due to double package installation
Replies: 5
Views: 1047

Re: Can not upgrade RB1100Dx4 to 6.42 due to double package installation

I made this mistake too an I can confirm mikrotik install bundled package again and then uninstalling, disabling, or upgrading package will not work. It's a bug
by alli
Thu Jun 14, 2018 9:28 am
Forum: General
Topic: [Feature Request] UPnP client for ROS
Replies: 15
Views: 3082

Re: [Feature Request] UPnP client for ROS

This is a great feature, when providing server why not client?
by alli
Wed Jun 13, 2018 4:17 am
Forum: Scripting
Topic: i want remove variable in array
Replies: 5
Views: 1234

Re: i want remove variable in array

Calling :set on variable or array elements without any value seems to work like unset (v6.42.3), check this:
:global a {b=1}
/environment print
:set ($a->"b")
/environment print
:set $a
/environment print
by alli
Wed Jun 13, 2018 4:16 am
Forum: Scripting
Topic: How to remove entry in associative array?
Replies: 1
Views: 1041

Re: How to remove entry in associative array?

Calling :set on variable or array elements without any value seems to work like unset (v6.42.3), check this:
:global a {b=1}
/environment print
:set ($a->"b")
/environment print
:set $a
/environment print
by alli
Wed Jun 13, 2018 4:14 am
Forum: Scripting
Topic: Scripting.. missing :unset command
Replies: 4
Views: 2610

Re: Scripting.. missing :unset command

Calling :set on variable without any value seems to work like unset (v6.42.3), check this:
:global a 1
/environment print
:set $a 
/environment print
it works even on array's elements.
by alli
Thu May 31, 2018 7:38 pm
Forum: General
Topic: Two PPPOE with same gateway recursive route [SOLVED]
Replies: 17
Views: 1889

Re: Two PPPOE with same gateway recursive route [SOLVED]

The stupid recursive routes are normally there to allow you to check that via a given WAN link, you can reach not only the ISP's infrastructure but also the real destinations further in the internet. Without them, your failover will not detect a problem between the ISP and the internet. That's not ...
by alli
Thu May 31, 2018 5:56 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 365
Views: 244558

Re: Metarouter images

This is lede for metaroute:
https://github.com/cuihaoleo/lede-mr-mips
by alli
Thu May 31, 2018 5:37 pm
Forum: General
Topic: Two PPPOE with same gateway recursive route [SOLVED]
Replies: 17
Views: 1889

Re: Two PPPOE with same gateway recursive route [SOLVED]

I assigned my failover ping IPs (4.2.2.1|4.2.2.2|4.2.2.3) directly to the PPPOE connection. Huh, that is unexpected... And it's unexpectedly useful xD I'll probably edit my Wiki article about failover to add that... This helped beyond my question, got rid of of all those stupid recursive routes! :l...
by alli
Thu May 31, 2018 5:08 pm
Forum: General
Topic: Two PPPOE with same gateway recursive route [SOLVED]
Replies: 17
Views: 1889

Re: Two PPPOE with same gateway recursive route [SOLVED]

How changing the remote IP help with same gateway problem? Those IPs will be your new gateways, and the secret is that you set different IPs :) Well, you may also try gateway=5.202.112.166%p-pish1 and gateway=5.202.112.166%p-pish2, but if they change for some reason - you'll need to change your rou...
by alli
Thu May 31, 2018 4:50 pm
Forum: General
Topic: Two PPPOE with same gateway recursive route [SOLVED]
Replies: 17
Views: 1889

Re: Two PPPOE with same gateway recursive route [SOLVED]

Create separate Profile for each connection, set Remote IP to something you want - this will override the address that's given to you by the server. ISP assign public random IPs to each PPPOE connection, does ISP allow to assign my own remote IP? How changing the remote IP help with same gateway pr...
by alli
Thu May 31, 2018 4:34 pm
Forum: General
Topic: Two PPPOE with same gateway recursive route [SOLVED]
Replies: 17
Views: 1889

Two PPPOE with same gateway recursive route [SOLVED]

I have 3 pppoe connection on 3 ethernet, 2 of them have one gateway (Same ISP). I want to load balance the traffic between them with failover so if one ISP is down the other is used. The problem is recursive routing is only available with IP gateway (Bad Mikrotik), so I can only use one of those lin...
by alli
Wed May 16, 2018 5:01 pm
Forum: General
Topic: tls-host no document [SOLVED]
Replies: 18
Views: 5780

Re: tls-host no document [SOLVED]

Sadly it doesn't work with QUIC
by alli
Sat May 05, 2018 1:42 pm
Forum: General
Topic: OpenVPN SHA256 + UDP
Replies: 56
Views: 24174

Re: OpenVPN SHA256 + UDP

+1 for both
by alli
Tue Jan 09, 2018 12:23 pm
Forum: General
Topic: OpenVPN Client Adds Peer DNS Servers
Replies: 4
Views: 931

OpenVPN Client Adds Peer DNS Servers

OpenVPN client adds dynamic DNS servers forcefully, It must have an option "Use peer DNS" like PPPoE client.
by alli
Thu Aug 24, 2017 10:09 am
Forum: General
Topic: WiFi Hotspot Easily Hackable
Replies: 3
Views: 3757

WiFi Hotspot Easily Hackable

There are lots of thread about MAC cloning, but there is no satisfying answer to this problem and I didn't know how serious it's till I did some tests. My testing device is 951Ui-2HnD, I created a virtual AP with WPA2 authentication, and created a hotspot using the Hotspot Setup wizard. After connec...
by alli
Sat Aug 12, 2017 11:16 am
Forum: General
Topic: How Mikrotik Hotspot Distinguish Sessions?
Replies: 0
Views: 379

How Mikrotik Hotspot Distinguish Sessions?

I wonder how Mikrotik Hotspot distinguish sessions after user is logged in? I mean when a user login to hotspot how mikrotik knows traffic is coming from his device? I can't think of anything other than MAC address matching as there is no cookie at network layer. If it's the case, as MAC addresses a...
by alli
Wed Aug 09, 2017 5:11 pm
Forum: General
Topic: Apple CNA problem
Replies: 0
Views: 517

Apple CNA problem

As I tested, apple CNA login page doesn't store cookies in any versions of ios (8,9,10) (Although there is an article suggesting it does http://appleinsider.com/articles/16/01/20/apple-patches-ios-captive-portal-bug-that-let-hackers-impersonate-victims-online, but I couldn't find how), So I think th...
by alli
Sat Jul 08, 2017 7:15 pm
Forum: Wireless Networking
Topic: How antenna gain affects WiFi performance?
Replies: 3
Views: 3483

Re: How antenna gain affects WiFi performance?

Forget about antenna gain, look at Sensitivity at MCS7 as a reference (also Transmit Power, but to a lesser extent, there's no point on stations being able to "hear" the AP if the AP cannot "hear them" to begin with). wAP & Hap lite: Sensitivity: -71, Tx Power: 16 dbM 951Ui: Sensitivity: -78, Tx Po...
by alli
Sat Jul 08, 2017 12:59 pm
Forum: Wireless Networking
Topic: How antenna gain affects WiFi performance?
Replies: 3
Views: 3483

How antenna gain affects WiFi performance?

I don't know much about antenna and antenna gain, but when comparing different SOHO wireless devices, the only parameter about wifi is the antenna gain: RB951Ui-2HnD --> 2.5 wAP --> 2 hAP lite classic -> 1.5 There are a lot of advance and confusing stuff about antenna gain out there but I just want ...
by alli
Thu Jun 22, 2017 11:46 am
Forum: General
Topic: BUG: Traffic flow destination mac address is always 00:00:00:00:00:00
Replies: 0
Views: 335

BUG: Traffic flow destination mac address is always 00:00:00:00:00:00

Traffic flow destination mac address is always 00:00:00:00:00:00 I tried different interfaces, V9 and IPFIX, and while searching for the issue I saw it's the same in other user's report although they asked about other things. { last_switched: 25033130, first_switched: 25033130, in_pkts: 3, in_bytes:...
by alli
Tue Jan 24, 2017 5:53 pm
Forum: General
Topic: Access public IP dst-nat from local subnet
Replies: 22
Views: 12042

Re: Access public IP dst-nat from local subnet

I had same problem accessing our net cameras from local subnet, I added a static address for the cloud domain pointing to the router local IP, and masquerade the local network and it works ok!