And yes, wifiwave2 capsman does not have capsman forwarding anymore (for now ?). But that has nothing to do with VLANs. Those are 2 different things. While they are separate things, in the context of access points, they solve a similar problem. With the benefit of CAPsMAN forwarding not requiring a...

Just wanted to confirm, Netinstall over EoIP tunnel ist possible, if another (remote) Mikrotik device is connected to the BOOT port of the device that needs to be recovered. Steps: On local Mikrotik device, create SSTP (or other VPN) client to dial into remote site On local Mikrotik device, confirm ...

The ISP found an error with their own routing, and by their own words "assigned their router 2A00:1234:5:D00::1/125", which to me looks basically like a transfer net that only includes their router, and our router's WAN address, and now they route everything for 2A00:1234:5:D00::/56 to 2A0...

I contacted the ISP, and one thing that isn't necessary when communicating with our ISP is anonymization of the IP addresses (which I obviously did here "1234:5"), and one issue already was me transposing two digits on the LAN address anyway (45 vs 54). Although fixing that didn't fix the ...

I really don't understand either post. I got a /56 network from my ISP, that leaves me with 256 /64 nets. I configured one /64 for WAN, one /64 for internal. Both the router and internal machines have addresses that still lie within the /56 network that my ISP gave me. What am I missing here? Re: AR...

Thanks for your reply, I am literally open to any suggestion. I did this - after removing all old addresses: /ipv6 address add address=2a00:1234:5:d00::2/56 interface=wan eui-64=no advertise=no /ipv6 address add address=2a00:1234:5:d00:2::1/64 interface=lan eui-64=no advertise=yes Ping from router w...

Hi, and thanks for taking the time to answer. There is no DHCP on the WAN interface. Just out of curiosity, I set up DHCP client, and it keeps stuck on "Searching". It's not a typical Internet provider, but a data center/colocation, although our office is directly connected via Ethernet. S...

Recently, I tried to get IPv6 connectivity working, with mixed results. Our ISP gave us static IPv6 addresses: IPv6 Default Gateway : 2A00:1234:5:D00::1/56 IPv6 Network: 2A00:1234:5:D00::/56 So I configured pool, firewall and addresses on LAN and WAN (specific firewall rules to make it easier to cou...

Unfortunately, ROS can't do it, although I feel it would be a useful feature, especially in front of a DMZ. It wouldn't need to be a full-fledged HTTPS application proxy, just SNI-based firewall-routing would be enough to pipe the traffic to the right internal host (although you can't use directory-...

Until MikroTik decides to properly document the feature (and give it a UI probably), the easiest way is to regularly call the /certificate enable-ssl-certificate dns-name=xy command yourself via the scheduler. 30 days would be a good number, that's well before it is actually expiring, but you're sti...

In the meantime, a number of manufacturers of appliances and routers have already integrated support for Let's Encrypt into their devices. It's certainly possible to fully automate certificate creation by either using DNS for domain validation, or by routing port 80 of the router to a device that do...

I was wondering on how CAPsMAN implemented the tunneling from non-forwarding cAPs to the CAPsMAN router, and investigating a packet capture, I found the cAP tunneling it's data in ethernet frames with the protocol number 0x88bc. This isn't an official protocol, nor is there any info on the protocol ...

There is a difference between DNS resolvers: Cloudflare: C:\Users\User>nslookup - 1.1.1.1 Default Server: one.one.one.one Address: 1.1.1.1 > 449xxxxxxxxe9.sn.mynetname.net. Server: one.one.one.one Address: 1.1.1.1 *** one.one.one.one can't find 449xxxxxxxxe9.sn.mynetname.net.: Server failed Google: ...

Hi, the way I see it, the /tool dns-update function only allows for forward "IN A" entries to be updated. It would be nice to be able to also update "IN PTR" in .in-addr.arpa zones. The feature was already requested in 2015. Is there any way to get this implemented soon? Thank yo...