Community discussions

 
hel
Member Candidate
Member Candidate
Posts: 155
Joined: Sun Jun 12, 2011 6:31 am
Location: Kirov, Russia

Re: Feature requests

Mon Apr 15, 2019 12:11 pm

Please add attribute or other way to set total-max-limit/total-limit-at via RADIUS.
There's no way to do changes to a dynamic queues. In case of PPPoE network we can't use manual queues.
Total-max-limit is used to limit up+down to a some total value.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 5:55 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
 
User avatar
jprietove
Trainer
Trainer
Posts: 86
Joined: Fri Jun 03, 2016 3:00 pm
Location: Cádiz, Spain
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 6:45 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Isn't it the existing Session -> Close Windows?
 
akschu
newbie
Posts: 38
Joined: Thu Mar 15, 2012 2:09 am

Re: Feature requests

Mon Apr 15, 2019 11:11 pm

This is what I need, a way to make a firewall list based on ipsec identity. All that's needed to make this work is the ability to define src-address-list when responder=yes:

/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-firewallrulesA src-address-list=firewallrulesA responder=yes

/ip ipsec identity
add auth-method=rsa-signature certificate=vpnserver remote-certificate=fred generate-policy=port-strict mode-config=ike2-firewallrulesA peer=ike2 policy-template-group=ike2-policies

When someone starts IP sec with the certificate=fred, then they are connected to mod-config and added to address-list firewallrulesA where we can firewall the road-warrior to specific services by simply using the address list.

Right now the only way to do this is to define an IP pool or static address for every firewall ruleset you want to tie to a user/certificate.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 11:42 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Isn't it the existing Session -> Close Windows?
Hmmm , yea I know if I exit my winbox to a remote Mikrotik then the all the sessions associated with that winbox connection close.

What I am looking for is a simple way to have a winbox session to a remote Mikrotik , then have a quick/easy method to close all the open windows in that winbox session yet still keep my winbox session running.

Example - in my attachment image - a new selection to auto close everything with an X marked in red. Yet keep the Winbox still connected to the remote Mikrotik.
You do not have the required permissions to view the files attached to this post.
 
vadimkara
just joined
Posts: 1
Joined: Tue Apr 16, 2019 8:37 am

Re: Feature requests

Tue Apr 16, 2019 8:44 am

Please add multi peer priority/fallback to ipsec policy.
You do not have the required permissions to view the files attached to this post.
 
User avatar
jprietove
Trainer
Trainer
Posts: 86
Joined: Fri Jun 03, 2016 3:00 pm
Location: Cádiz, Spain
Contact:

Re: Feature requests - Re Winbox , close all

Tue Apr 16, 2019 11:28 am

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Or I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check it
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Apr 16, 2019 12:45 pm

I would like to see a windows list in winbox, either as a menu item or by having a button corresponding to each window in the top bar (similar to the task bar in Windows).
This can be used to raise windows that are buried after opening others.
And/or a right-click function to lower a window.

I commonly open a "Log" window and set it fullsize, then open other windows on top of it.
When I mistakenly click outside an opened window, the Log window raises to top and covers everything else, without any way to get those raised again.
One of those additions could solve that.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Tue Apr 16, 2019 5:27 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Or I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check it
OOooo :)
I must be a dummy. I see it now and it's easy.
Thanks for the info
North Idaho Tom Jones
 
dada
Member Candidate
Member Candidate
Posts: 245
Joined: Tue Feb 21, 2006 1:44 pm

Re: Feature requests - PPPoE snooping

Thu Apr 18, 2019 3:42 pm

Hi,

I would like to see PPPoE snooping feature in ROS. It could allow to identify (at login time) to what AP is an PPPoE user connected to for example.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 104
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Thu Apr 18, 2019 4:27 pm

When improving PPPoE, please look also into RFC4938. The link metrics extensions make sense with wireless links as well as with DSL, where bandwidth can change for an up-state interface.
PADQ information could be applied to QoS/queue parameters if made available by PPP event scripts (new events necessary).
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Apr 18, 2019 6:58 pm

Request - CHR ISO to allow CHR install on a bare metal platform.

Reason for request:
#1 - CHR running on the free version of VMware ESXi has a limitation of 8 CPUs per virtual hosted system.
#2 - The cost of VMware ESXi license to enable greater than 8 CPUs to a virtual hosted system can be quite expensive.

An ISO install version on a bare metal box could permit the following:
- Boot on USB (bare metal BIOS configured to make the USB appear as an IDE drive).
- Utilize E1000e ethernet interfaces (10-Gig).
- Utilize all cores (dual multi-core Xeon CPUs). Example - two Xeon CPUs with 28-cores (not counting HT), could allow a CHR to function with 56 (or much more) Xeon CPUs.

A bare-metal CHR may be up to hundreds of times faster than a virtual hosted CHR (with 8 CPUs), running hundreds/thousands of complex firewall rules.

I have tried x86 on bare metal , but I've experience X86 ROS lockups under heavy loads.
I am researching a v-to-p (virtual machine to physical machine) conversion - and it may be possible - but uncertain and untested.

North Idaho Tom Jones
 
McSee
newbie
Posts: 47
Joined: Tue Feb 26, 2019 12:49 pm

Re: Feature requests

Sat Apr 20, 2019 1:41 pm

Can't believe that RoS console still doesn't have such basic feature as a command history search !

Like Ctrl-R/Ctrl-S in bash. Type Ctrl-R then few letters and it will show you previous command from the history with these letters, with Ctrl-R to move to the next result up and Ctrl-S down.

And no filter in log viewer in Winbox even after numerous requests ?
 
mfr476
Member Candidate
Member Candidate
Posts: 110
Joined: Thu Oct 11, 2018 4:51 pm

Re: Feature requests

Sat Apr 20, 2019 3:08 pm

Is It posible more improvement in 5ghz ac wireless?
 
libove
newbie
Posts: 42
Joined: Tue Aug 14, 2012 5:18 pm

formal port knocking

Mon Apr 22, 2019 2:30 pm

There are several discussions in these and other forums about how to implement port knocking in RouterOS. And, at a basic level, they all can work.
In short, they tend to be "detect proto on port, add src to address-list KNOCKPHASE1", "detect proto on port2 when src already on address-list KNOCKPHASE1, add src to address-list KNOCKEDSUCCESSFULLY", "allow in when src on address-list KNOCKEDSUCCESSFULLY".
The problem is that certain types of port scans can trigger this.
So we'd also want "... and src has NOT appeared on any OTHER port, or on these ports in the wrong order".
That turns out to be messy with RouterOS as it is today. Possible, but messy. (At the least, you end up with ports on both a successfully-knocked list AND a blacklist, and rule execution order plus the admin having a good memory or good documentation is required to avoid mental confusion...)

So, a feature request for RouterOS, formal, flexible port knocking.
Knocking should allow any combination and order of ports and protocols, up to N layers deep. (At least three. e.g. TCP/4321 followed by UDP/7654 followed by ICMP type 8 subtype 0)
The formal port knocking implementation offered as part of RouterOS should have, built-in, an optional "... and no other traffic from src in the past few seconds/minutes". (That's the part that's hard to implement cleanly with today's RouterOS).

thanks,
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 104
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Thu Apr 25, 2019 2:47 am

I would like to have an option to select and enable DFS (in the variants ETSI, FCC and JP) when using 5GHz superchannel/no_country_set setting.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: formal port knocking

Thu Apr 25, 2019 10:54 am

So, a feature request for RouterOS, formal, flexible port knocking.
Knocking should allow any combination and order of ports and protocols, up to N layers deep.
I think that does not fit within the design philosophy of RouterOS (where you get low-level tools rather than high-level blocks that perform a complex task).
However, a reasonable request would be to implement a new firewall rule action "remove src from address list" (and maybe "remove dst from address list"),
which would allow you to build what you want using the existing "add" action to add addresses to a list as they walk through the desired port knocking steps,
and use the "remove" action when they do things that do not match your desired steps (so they fall back to initial state).
 
User avatar
vecernik87
Long time Member
Long time Member
Posts: 640
Joined: Fri Nov 10, 2017 8:19 am

Re: formal port knocking

Tue Apr 30, 2019 9:57 pm

I think that does not fit within the design philosophy of RouterOS (where you get low-level tools rather than high-level blocks that perform a complex task).
Kids control.
'nuff said
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 104
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Fri May 03, 2019 1:47 pm

Dear Mikrotik, what about automatic sertificates from Let's Encrypt?

Someone wrote a lightweight ACMEv2 client in C:
https://github.com/ndilieto/uacme

So it should be possible to implement as ROS package.
 
Sob
Forum Guru
Forum Guru
Posts: 4178
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Fri May 03, 2019 6:35 pm

I'm sure that MikroTik can easily write their own ACME client. But it's even more important how it should fit into RouterOS and work for as many scenarios as possible.

For example, maybe you just want certificate for https WebFig (or SSTP server). Sounds easy, right? There's already a webserver on router, so simple http-01 validation can be used. But what if you don't want or can't open port 80 (AFAIK http-01 always starts with plain http on standard port 80)? It would be the case on at least half of routers where I'd like to use Let's Encrypt certificates, because there's typically only one public address and standard http(s) ports are already forwarded to some internal webserver. There would have to be support for dns-01 validation and it has different problems too.

I think it's doable, I tried some suggestions in Support for ACME/Let's Encrypt certificate management thread, but so far it doesn't look like anyone from MikroTik though "oh yes, it's super-awesome, we need to have that!" Maybe try to invent some other foolproof plan that will finally convince them.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
mtk89
just joined
Posts: 2
Joined: Sat May 04, 2019 4:49 pm

Re: Feature requests

Sat May 04, 2019 4:59 pm

I'm sure that MikroTik can easily write their own ACME client. But it's even more important how it should fit into RouterOS and work for as many scenarios as possible.

For example, maybe you just want certificate for https WebFig (or SSTP server). Sounds easy, right? There's already a webserver on router, so simple http-01 validation can be used. But what if you don't want or can't open port 80 (AFAIK http-01 always starts with plain http on standard port 80)? It would be the case on at least half of routers where I'd like to use Let's Encrypt certificates, because there's typically only one public address and standard http(s) ports are already forwarded to some internal webserver. There would have to be support for dns-01 validation and it has different problems too.

I think it's doable, I tried some suggestions in Support for ACME/Let's Encrypt certificate management thread, but so far it doesn't look like anyone from MikroTik though "oh yes, it's super-awesome, we need to have that!" Maybe try to invent some other foolproof plan that will finally convince them.
From the manual page (https://ndilieto.github.io/uacme/ ), it appears uacme supports dns-01 challenges and allows total flexibility by the --hook option, which calls an external script to accept, decline or set up the challenge environment.
If specified, uacme executes PROGRAM (a binary, a shell script or any file that can be executed by the operating system) for every challenge with the following 5 string arguments:

METHOD one of begin, done or failed.

begin is called at the beginning of the challenge. PROGRAM must return 0 to accept it. Any other return code declines the challenge. Neither done nor failed method calls are made for declined challenges.

done is called upon successful completion of an accepted challenge.

failed is called upon failure of an accepted challenge.

TYPE challenge type (for example dns-01 or http-01)

IDENT The identifier the challenge refers to

TOKEN The challenge token

AUTH The key authorization (for dns-01 already converted to the base64-encoded SHA256 digest format to be provisioned as _acme-challenge DNS TXT record).
 
mutinsa
just joined
Posts: 21
Joined: Tue Feb 06, 2018 4:55 am
Location: Moscow, Russia
Contact:

Re: Feature requests

Sun May 05, 2019 5:08 pm

SNTP Client from base package support this feature "out of box"

For NTP Client from ntp package this script may be temporary solution
https://github.com/mutin-sa/MT_ROS_Scri ... TP/ntp.txt

I've tried to search this topic, but I haven't found it (hope there are not any duplicates):

NTP Client - Possibility to use server name, not just IP address
exFAT (FAT64) or NTFS support - yes, MT is not NAS (it's slow), but it would be great to use file system capable of handling >4GB file complatible with Windows (you have HDD with big files and you want to share some files - you cannot connect it to MT, you have to reformat it to FAT32, copy everything except for big files back...)
Wireless - move Country and Distance setting to Simple Mode - you can set every other important "basic" setting in simple mode, but you have to switch to Advanced Mode for these two settings.
Quick Set - It's working with WPA1 password. It doesn't recognise, when you manually set WPA2-PSK AES only password. It requires also setting WPA1 password (even if WPA1 is not allowed), otherwise Quick Set shows WiFi password red and empty (WPA2 only is used)
Sergey Mutin
Certified Mikrotik Consultant
MikroTik: MTCNA, MTCRE, MTCIPv6E, MTCTCE, MTCUME, MTCINE, MTCWE | Cisco: CCNA R&S | Juniper: JNCIA-Junos | Zabbix: ZCU | Asterisk: dCAA | IPv6 Forum Certified Network Engineer (Silver) | HE.net IPv6: Sage
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Feature Request Client SSID dont-care on connect

Sat May 11, 2019 12:54 am

Feature Request Client SSID dont-care on connect

First - this may sound like a bit of a strange ROS feature request , but this would be a very powerful feature that no other wireless company can offer at this time.

A bit of my background so that you understand my reasoning for this request :
- As a WISP (and fiber-to-the-home ISP), we have hundreds of Mikrotik APs and 1,000+ client Mikrotiks
- All APs use the same SSID
- All of our tower locations have multiple (dozens) of APs on each tower (all with the same SSID)
- Clients (nv2 Mikrotik clients) do not necessary connect to the strongest/best AP which may be facing in the direction of the client Mikrotik. As a result, we often have many many client Mikrotiks that are not connected to the best/strongest AP. This often results in everybody on that AP running a little slower because of the few clients that are connected with slower connect rates and higher wireless retries.

So , after more than 10+ years of hands-on experiencing clients often not connecting to the most preferred Mikrotik AP, I have a feature request to ask Mikrotik for …

Feature request #1
- A new SSID setting for Mikrotik wireless clients (802.11 & nv2 & nstream)
- A new optional setting on the client SSID that is a dont-care character.
- Where any AP SSID that matched the client SSID up to the dont-care character will qualify to an AP for the client to connect to.
-- Example ;
--- Client has a dont-care optional setting checked
--- The client dont-care character is a "#" character
--- The client SSID is configured at "WISP-something.com#"
--- The client sees multiple APs with these SSIDs: "WISP-something.com" and "WISP-something.com#" and "WISP-something.com#1" and "WISP-something.com#2" and "WISP-something.com#131" and "WISP-something.com#betty"
--- The Mikrotik client can connect to any SSID that starts with "WISP-something.com"

Feature request #2
- A new SSID setting for Mikrotik wireless clients ((802.11 & nv2 & nstream)
- A new option to configure Mikrotik clients to specify a preferred list of SSIDs to connect to.
- The 1st SSID selection is always the 1st SSID the client will try to connect to
- The 2nd SSID selection is only used when the client can not connect to the 1st selection
- The 3rd SSID selection is only used when the client can not connect to the 1st or 2nd selection
- The 4th SSID selection is only used when the client can not connect to the 1st or 2nd or 3rd selection.
--- Example of use , A Mikrotik Client with these optional settings:
--- 1st "WISP-something.com#2"
--- 2nd "WISP-something.com#betty"
--- 3rd "EISP-something.com#131"
--- 4th (last fall back SSID selection) "EISP-something.com#"

With feature both feature request ( 1 and 2 above ) , Mikrotik clients now have a preferred ordered connect SSID list. If the 1st and 2nd SSIDS are off-line, then the Mikrotik client will try to connect to the 3rd SSID selection in the list. If the first 3 preferred SSIDS are off-line, then the client Mikrotik can use the dont'care character and connect to any other matching SSIDs.

Something like this will surely help any WISP using Mikrotik products who have a large base of Mikrotik wireless devices.

With these 2 new requested features in Mikrotik ROS clients, a WISP can now; A - have some control as to what APs client Mikrotiks connect to & B - configure client load sharing on all WISP APs.

FYI - and yes I do know there is a connect-list feature that uses signal strength (for APs and clients) but that feature also has it's own other set of issues and problems.

North Idaho Tom Jones
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 104
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Sat May 11, 2019 1:29 pm

Why use SSID for this? This may bring compatibilty problems. Wouldn't a preferred list of AP's (e.g. by address instead of SSID) on the client alone help with your issues? So no change on the AP side necessary.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat May 11, 2019 5:54 pm

And it is already available... you can make a connect list with different MAC addresses for the same SSID.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Mon May 13, 2019 5:38 pm

And it is already available... you can make a connect list with different MAC addresses for the same SSID.
Yea , using a connect list with MAC address could almost work (almost).

Using a MAC address connect method presents a management problem for all clients when an AP needs to be replaced or upgraded.
A change of an AP, can result in a different MAC address , which then can result if every wireless client needing to be re-configured.
Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.

North Idaho Tom Jones
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Mon May 13, 2019 5:42 pm

Why use SSID for this? This may bring compatibilty problems. Wouldn't a preferred list of AP's (e.g. by address instead of SSID) on the client alone help with your issues? So no change on the AP side necessary.
Re compatibility problems - that is the reason I stated optional setting. Default on an upgrade to a newer ROS with such a feature should be default Off.
 
faraujo88
just joined
Posts: 5
Joined: Fri Feb 15, 2019 2:28 am

Re: Feature requests

Mon May 13, 2019 5:54 pm

It would be great if dhcp-server has an option to set a queue limit to each lease, and remove when the guest got out, automatically.. or RouterOs already does that?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon May 13, 2019 7:31 pm

Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
When you have to manage 300 devices you should have some mechanism in place to support remote management.
It can be done with MikroTik. I have seen solutions for that presented at MUM events.
E.g. you make a scheduled job that runs once a day and attempts to download some file with a naming convention depending on the client, and when it exists it imports that file.
(it would be a good idea to have some version numbering so you can avoid re-running the same file every day after it has been already run once)

There should be more explicit support for that in the Dude.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Mon May 13, 2019 11:01 pm

Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
When you have to manage 300 devices you should have some mechanism in place to support remote management.
It can be done with MikroTik. I have seen solutions for that presented at MUM events.
E.g. you make a scheduled job that runs once a day and attempts to download some file with a naming convention depending on the client, and when it exists it imports that file.
(it would be a good idea to have some version numbering so you can avoid re-running the same file every day after it has been already run once)

There should be more explicit support for that in the Dude.
Re: … mechanism in place to support remote management …
I have my own custom scripts (Linux for-IPs-In-a-List.txt ssh/telnet send/expect) which work very well to bulk manage my client Mikrotiks.

Re: … good idea to have some version numbering so you can avoid re-running the same file …
My custom management scripts do this and much more

The problem with bulk management is configuring an algorithm which does two thing - 1; load share connected clients on APs and 2; define a set of client preferred APs to use when available.
With my two requested features, these new settings would only need to be performed when the client is installed.

The issue is that there is a whole bunch of Mikrotik admins that do not use Dude or custom scripts and only manage client Mikrotiks manually one-at-a-time.
With my suggestion, there would be no need for any type of bulk management (if any AP is replaced) if my two feature requests would be implemented in ROS.
 
itmethod
newbie
Posts: 27
Joined: Tue Feb 18, 2014 8:44 pm

Re: Openvpn server route push

Tue May 14, 2019 1:52 am

Routeros openvpn server needs a way to push routes to the clients.
This is very much needed.

I have multiple clients windows and Linux. and need multiple usernames to have different routes pushed to them, as-well as a global route push. so I don't have to have seperate vpn servers. or multiple client config files and have to worry about user having right config file.

The current routes option in ROS is the iroute command for the ccd files. and it puts routes into the routers/servers routing table to the clients lan.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue May 14, 2019 11:00 am

The problem with bulk management is configuring an algorithm which does two thing - 1; load share connected clients on APs and 2; define a set of client preferred APs to use when available.
These issues are completely independent. You need a bulk management method to distrubute any configuration changes to your clients, but apparently you already have it.
Then you need to know WHAT you want to configure in your clients. I would say that is an application-specific problem that has to be adapted for your specific network.

The tools (e.g. connect list) are already there. You can load a connect list with a couple of MAC addresses and finally a generic SSID to connect. You should find your
clients online, and then maybe you need some form of remotely managed "scan" to know what network to connect.
This is not something you are going to solve with a complicated method such as you proposed. It will fail in some way, if not in your network then in someone else's who tries to use it.
Keep things simple and keep them in your own hands.
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 968
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Frequency Usage - add more fields (counts & average)

Tue May 14, 2019 10:14 pm

Frequency Usage - add more fields (counts & average)

Here is a suggestion - add some additional fields when performing a Frequency Usage
- Add a new field showing the Number-of-Usage-Hits for the current scan (per frequency)
- Add a new field showing the Peak-Usage-Strength for the current scan (per frequency)
- Add a new field showing the Average-Strength for the current scan (per frequency)
- Add a new field showing the total sum of Usage (per frequency)

With these additional Frequency-Usage fields, it would then be easy to run an extended length Frequency-Usage scan (Ooo say 15 minutes or so) then review the results to easily locate the least-used/most-available contiguous frequencies. Now the Mikrotik admin can add/configure APs to operate with frequencies/channels which have the least amount of background noise.

North Idaho Tom Jones
 
anuser
Member
Member
Posts: 350
Joined: Sat Nov 29, 2014 7:27 pm

Re: Feature requests

Thu May 16, 2019 4:09 pm

Reboot-Button within WinBox => CAPsMAN => Remote CAP, i.e. click on cap and simply reboot it.
 
jaceyk
just joined
Posts: 4
Joined: Wed May 15, 2019 3:54 pm

Re: Feature requests

Mon May 20, 2019 3:36 pm

The ability run traffic-generator with a single core on a multi-core device.

The reason is that multi-core Mikrotik routers don't seem to be able to detect Out-of-Order packets. The single-core routers that I've tried have no such problem.

Even though using a single core would bring the performance way down, it would still be sufficient for a sequence-error test.

I could test from one point to another with all cores to check bandwidth, and test again with one core sending 100mbps for 24 hours to check for reordering.

To be clear, I'm only speculating that the reason that CCRs can't see OoO packets with Traffic-Generator is because they're multi-cored. If that's wrong then my feature request is just to fix traffic-generator for CCRs.
 
stejjh
just joined
Posts: 1
Joined: Sat Apr 07, 2018 6:16 pm

Re: Feature requests

Thu May 23, 2019 8:14 am

I have seen this mentioned elsewhere but not here – add digest authentication support to fetch for http/https requests please

Thanks

J
 
neticted
Member Candidate
Member Candidate
Posts: 117
Joined: Wed Jan 04, 2012 10:36 am

Re: Feature requests

Fri May 24, 2019 11:18 am

Using a MAC address connect method presents a management problem for all clients when an AP needs to be replaced or upgraded.
A change of an AP, can result in a different MAC address , which then can result if every wireless client needing to be re-configured.
Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
I had similar issue (although I do not run commercial ISP but community network). My solution was to use my own MAC addresses (invented for the purpose) for network adapters.That means, after I replace adapter, I set designated MAC for that AP and clients see no difference.
 
neticted
Member Candidate
Member Candidate
Posts: 117
Joined: Wed Jan 04, 2012 10:36 am

Re: Feature requests

Fri May 24, 2019 11:43 am

I would like to propose some improvements in user interface of Winbox


- Allow changing order of columns in tabular view.

Now, order is fixed and it becomes quite cumbersome if you have to follow some columns that are last in the row and you do not have large enough screen. Allowing user to set order of columns would help him ordering columns due to current importance.


- Allow selecting visible columns (option Show Columns) in more user friendly manner.

Selecting columns that are visible is quite cumbersome on data that has lots of columns. User has to scroll down through the list to find columns, and when he selects column list is closed, so, for another column, you have to start adding from scratch.

Better solution would be that Select Columns is modal windows (dialog) which provides list of columns avoiding need for scrolling throuugh the list and with check boxes, so user can in single pass set or unset columns that he wants to be visible.



- Comments should be treated as any other column

Comments have different treatment comparing to other row data as they may be displayed in separate line (which is good). Sometimes it is more practical to see them as columns and there is option to set it but that setting lives only until Winbox is closed. On restart, columns are again displayed as separate line. I am not referring to global setting but for custom setting for specific table view.

It should be treated as ordinary column, meaning if user selects is to be visible as column it should stay that way.



- Some columns could be treated as comment

When comment is displayed not inline there is usually plenty of empty space where additional info could be shown. It would be good if we could have option to choose some columns that would be displayed in comment space. That would provide better space usage and improvement of user experience.

For example, when I set logging on firewall rule, it would be great if that information is visible in comment space.



- Allow customization of toolbar on main window

Every admin has set of options he frequently use and it would be good to have them easily accessible instead going through menus again and again. Make toolbar on main windows that can be customized in two ways:

1) user can simply set button that opens specified settings

2) user can set button that starts specified script




- Allow Hide Password option to be directly accessible

One that was option set on main window so user could simply check or uncheck password visibility. Now, that option is hidden in menu. That causes two user experience problems: option is hidden so user has to look for it through the menu, and password visibility status is not visible, meaning, user may leave password visibility inappropriately set to visible as he does not see option status.

In most occasions, password visibility is needed just temporarily and for very short time, so it is better user experience if it is possible to see status and change it quickly by simple click.

That option could be simply set as checkbox on far right on main windows toolbar as it used to be.



- Allow setting favorite connections

With large number of routers tabular list of saved router connections becomes cluttered. Grouping and notes do help sorting it out, but it would really help if user can set some connections that he needs frequently as favorites so he can have them easily accessible in some way (listed in separate tab or listed on top or some other method).
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 956
Joined: Fri May 26, 2006 1:25 am

Re: Feature requests - Re Winbox , close all

Sun May 26, 2019 11:42 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
I would love to see this also. Often on lower end RBs people dont realize how much CPU load winbox/mgmt can have on the device. the more winbox windows open, the more updates that have to be sent, thus more CPU load (im talking in a single winbox session/window / connected to a single routerboard).

The suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed). the new feature im looking for (and i think this user above too), is a button or menu option to close all windows in the current session, without exiting winbox. Often pressing ESC key will close some windows, but there are quite a few that ESC does not work on (like terminal windows, understandably).
thanks
:beep :beep :beep
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests - Re Winbox , close all

Mon May 27, 2019 2:51 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
I would love to see this also.
Then why did you not notice the replies made to Tom that this feature is already available?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8273
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests - Re Winbox , close all

Mon May 27, 2019 7:02 pm

The suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed).
wrong
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 956
Joined: Fri May 26, 2006 1:25 am

Re: Feature requests - Re Winbox , close all

Tue May 28, 2019 1:50 am

The suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed).
wrong
oh wow, you are correct, choosing session-> close all windows , does infact accomplish this (wo existing the app). thanks!
:beep :beep :beep
 
moham96
just joined
Posts: 23
Joined: Thu Dec 21, 2017 3:08 pm

Re: Feature requests

Thu Jun 13, 2019 2:51 pm

How about adding "use peer DNS" to the OVPN Client similar to other clients like PPPoE and dhcp client, right now when i establish a connection to the openvpn server I'm forced to have the advertised openvpn dns server, I can disable the dns server on the openvpn server but I would like other clients to have the vpn dns resolver and only one of my routers to disable peer dns
2019-06-13-142337_1020x512_scrot.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Jun 13, 2019 4:19 pm

It would be nice to have some feature to move an entire network with all its interface-related settings to another interface.
I.e. interface list, bridge port, IP/IPv6 addresses, dhcp client or server, firewall entries, and all other config that refers to an interface.
Use case: you want to move an internal network or the ISP link to another port or from a port to a bridge or a VLAN.
As a workaround it is of course possible to always use a bridge instead of directly attaching config to an interface, but you have to know that beforehand :-)
 
User avatar
luciano
just joined
Posts: 10
Joined: Fri Nov 25, 2005 12:32 am
Location: Ponta Grossa/PR
Contact:

Re: Feature requests

Thu Jun 13, 2019 10:26 pm

Will be nice if Socks and Webproxy became individual packages. So we can disable and hardening the box.
Computers are like air-conditioners. When you open "Windows" they stop work.

My bio is here: http://www.about.me/luciano_santos
MTCNA and MTCRE
 
Sob
Forum Guru
Forum Guru
Posts: 4178
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Fri Jun 14, 2019 12:35 am

Both proxies are disabled by default, so they just take space in menu and little bit on disk, but that's it. Ability to uninstall them completely wouldn't change much, they already don't do anything if you don't enable them. I can understand that seeing some things in menu can annoy people for whatever reason (they don't use them, believe that they don't belong on router, ...). But there's a question if making everything separate package is really worth the effort.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5350
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon Jun 24, 2019 5:49 pm

Please add possibility to add "unknown" entries in the /ip dns static list.
This is useful especially with regexp entries like ".*\.168\.192\.in-addr\.arpa$" -> unknown.
(to avoid bombarding the upstream resolver with requests about rdns for local networks)
 
ivanfm
newbie
Posts: 45
Joined: Sun May 20, 2012 5:07 pm

Re: Feature requests

Tue Jun 25, 2019 5:27 pm

Hey, Mikrotik team!
Please extend "netwatch" funtionality a little bit. It is a nice feature, but so undeveloped.
It will be nice to have an option to set amount of ping to send before change status to down and at its frequency.
..and the possibility to set source address (e.g. remote ipsec hosts)
netwatch with option to set src-address will make easier to test connections on multi connection routers.

Who is online

Users browsing this forum: No registered users and 7 guests