Community discussions

 
hel
Member Candidate
Member Candidate
Posts: 153
Joined: Sun Jun 12, 2011 6:31 am
Location: Kirov, Russia

Re: Feature requests

Mon Apr 15, 2019 12:11 pm

Please add attribute or other way to set total-max-limit/total-limit-at via RADIUS.
There's no way to do changes to a dynamic queues. In case of PPPoE network we can't use manual queues.
Total-max-limit is used to limit up+down to a some total value.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 933
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 5:55 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
 
User avatar
jprietove
Trainer
Trainer
Posts: 83
Joined: Fri Jun 03, 2016 3:00 pm
Location: Cádiz, Spain
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 6:45 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Isn't it the existing Session -> Close Windows?
 
akschu
newbie
Posts: 30
Joined: Thu Mar 15, 2012 2:09 am

Re: Feature requests

Mon Apr 15, 2019 11:11 pm

This is what I need, a way to make a firewall list based on ipsec identity. All that's needed to make this work is the ability to define src-address-list when responder=yes:

/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-firewallrulesA src-address-list=firewallrulesA responder=yes

/ip ipsec identity
add auth-method=rsa-signature certificate=vpnserver remote-certificate=fred generate-policy=port-strict mode-config=ike2-firewallrulesA peer=ike2 policy-template-group=ike2-policies

When someone starts IP sec with the certificate=fred, then they are connected to mod-config and added to address-list firewallrulesA where we can firewall the road-warrior to specific services by simply using the address list.

Right now the only way to do this is to define an IP pool or static address for every firewall ruleset you want to tie to a user/certificate.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 933
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 11:42 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Isn't it the existing Session -> Close Windows?
Hmmm , yea I know if I exit my winbox to a remote Mikrotik then the all the sessions associated with that winbox connection close.

What I am looking for is a simple way to have a winbox session to a remote Mikrotik , then have a quick/easy method to close all the open windows in that winbox session yet still keep my winbox session running.

Example - in my attachment image - a new selection to auto close everything with an X marked in red. Yet keep the Winbox still connected to the remote Mikrotik.
You do not have the required permissions to view the files attached to this post.
 
vadimkara
just joined
Posts: 1
Joined: Tue Apr 16, 2019 8:37 am

Re: Feature requests

Tue Apr 16, 2019 8:44 am

Please add multi peer priority/fallback to ipsec policy.
You do not have the required permissions to view the files attached to this post.
 
User avatar
jprietove
Trainer
Trainer
Posts: 83
Joined: Fri Jun 03, 2016 3:00 pm
Location: Cádiz, Spain
Contact:

Re: Feature requests - Re Winbox , close all

Tue Apr 16, 2019 11:28 am

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Or I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check it
 
pe1chl
Forum Guru
Forum Guru
Posts: 5105
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Apr 16, 2019 12:45 pm

I would like to see a windows list in winbox, either as a menu item or by having a button corresponding to each window in the top bar (similar to the task bar in Windows).
This can be used to raise windows that are buried after opening others.
And/or a right-click function to lower a window.

I commonly open a "Log" window and set it fullsize, then open other windows on top of it.
When I mistakenly click outside an opened window, the Log window raises to top and covers everything else, without any way to get those raised again.
One of those additions could solve that.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 933
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Tue Apr 16, 2019 5:27 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Or I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check it
OOooo :)
I must be a dummy. I see it now and it's easy.
Thanks for the info
North Idaho Tom Jones
 
dada
Member Candidate
Member Candidate
Posts: 245
Joined: Tue Feb 21, 2006 1:44 pm

Re: Feature requests - PPPoE snooping

Thu Apr 18, 2019 3:42 pm

Hi,

I would like to see PPPoE snooping feature in ROS. It could allow to identify (at login time) to what AP is an PPPoE user connected to for example.
 
muetzekoeln
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Thu Apr 18, 2019 4:27 pm

When improving PPPoE, please look also into RFC4938. The link metrics extensions make sense with wireless links as well as with DSL, where bandwidth can change for an up-state interface.
PADQ information could be applied to QoS/queue parameters if made available by PPP event scripts (new events necessary).
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 933
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Apr 18, 2019 6:58 pm

Request - CHR ISO to allow CHR install on a bare metal platform.

Reason for request:
#1 - CHR running on the free version of VMware ESXi has a limitation of 8 CPUs per virtual hosted system.
#2 - The cost of VMware ESXi license to enable greater than 8 CPUs to a virtual hosted system can be quite expensive.

An ISO install version on a bare metal box could permit the following:
- Boot on USB (bare metal BIOS configured to make the USB appear as an IDE drive).
- Utilize E1000e ethernet interfaces (10-Gig).
- Utilize all cores (dual multi-core Xeon CPUs). Example - two Xeon CPUs with 28-cores (not counting HT), could allow a CHR to function with 56 (or much more) Xeon CPUs.

A bare-metal CHR may be up to hundreds of times faster than a virtual hosted CHR (with 8 CPUs), running hundreds/thousands of complex firewall rules.

I have tried x86 on bare metal , but I've experience X86 ROS lockups under heavy loads.
I am researching a v-to-p (virtual machine to physical machine) conversion - and it may be possible - but uncertain and untested.

North Idaho Tom Jones
 
McSee
just joined
Posts: 21
Joined: Tue Feb 26, 2019 12:49 pm

Re: Feature requests

Sat Apr 20, 2019 1:41 pm

Can't believe that RoS console still doesn't have such basic feature as a command history search !

Like Ctrl-R/Ctrl-S in bash. Type Ctrl-R then few letters and it will show you previous command from the history with these letters, with Ctrl-R to move to the next result up and Ctrl-S down.

And no filter in log viewer in Winbox even after numerous requests ?
 
mfr476
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Thu Oct 11, 2018 4:51 pm

Re: Feature requests

Sat Apr 20, 2019 3:08 pm

Is It posible more improvement in 5ghz ac wireless?
 
libove
newbie
Posts: 42
Joined: Tue Aug 14, 2012 5:18 pm

formal port knocking

Mon Apr 22, 2019 2:30 pm

There are several discussions in these and other forums about how to implement port knocking in RouterOS. And, at a basic level, they all can work.
In short, they tend to be "detect proto on port, add src to address-list KNOCKPHASE1", "detect proto on port2 when src already on address-list KNOCKPHASE1, add src to address-list KNOCKEDSUCCESSFULLY", "allow in when src on address-list KNOCKEDSUCCESSFULLY".
The problem is that certain types of port scans can trigger this.
So we'd also want "... and src has NOT appeared on any OTHER port, or on these ports in the wrong order".
That turns out to be messy with RouterOS as it is today. Possible, but messy. (At the least, you end up with ports on both a successfully-knocked list AND a blacklist, and rule execution order plus the admin having a good memory or good documentation is required to avoid mental confusion...)

So, a feature request for RouterOS, formal, flexible port knocking.
Knocking should allow any combination and order of ports and protocols, up to N layers deep. (At least three. e.g. TCP/4321 followed by UDP/7654 followed by ICMP type 8 subtype 0)
The formal port knocking implementation offered as part of RouterOS should have, built-in, an optional "... and no other traffic from src in the past few seconds/minutes". (That's the part that's hard to implement cleanly with today's RouterOS).

thanks,
 
muetzekoeln
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Thu Apr 25, 2019 2:47 am

I would like to have an option to select and enable DFS (in the variants ETSI, FCC and JP) when using 5GHz superchannel/no_country_set setting.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5105
Joined: Mon Jun 08, 2015 12:09 pm

Re: formal port knocking

Thu Apr 25, 2019 10:54 am

So, a feature request for RouterOS, formal, flexible port knocking.
Knocking should allow any combination and order of ports and protocols, up to N layers deep.
I think that does not fit within the design philosophy of RouterOS (where you get low-level tools rather than high-level blocks that perform a complex task).
However, a reasonable request would be to implement a new firewall rule action "remove src from address list" (and maybe "remove dst from address list"),
which would allow you to build what you want using the existing "add" action to add addresses to a list as they walk through the desired port knocking steps,
and use the "remove" action when they do things that do not match your desired steps (so they fall back to initial state).

Who is online

Users browsing this forum: No registered users and 5 guests