Community discussions

MikroTik App
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon Jul 16, 2018 2:18 pm

A WiFi TDMA mode that is compatible with UBNT airMAX.
We usually have a mix of MikroTik/UBNT access points and clients in our network so we can only use bare 802.11 even when TDMA would perform much better.
Alternative: an IEEE standard for this mode that is implemented by both companies.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Jul 17, 2018 10:36 am

Netinstall for Linux, or documentation of the netinstall process so it can be programmed for Linux by someone else.
 
diode
newbie
Posts: 32
Joined: Sun Sep 13, 2009 8:40 pm

Re: Feature requests

Tue Jul 17, 2018 12:24 pm

Having an integrated 5 GHz Backup in LHG 60.

Now I need to mount 2 dishes plus a HEX POE for power ...
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Feature requests

Tue Jul 17, 2018 2:29 pm

A WiFi TDMA mode that is compatible with UBNT airMAX.
We usually have a mix of MikroTik/UBNT access points and clients in our network so we can only use bare 802.11 even when TDMA would perform much better.
Alternative: an IEEE standard for this mode that is implemented by both companies.
Now you'd wish manufacturers to give one of their main tools to keep clients with them away...

tdma is 'proprietary' protocol. Meaning every radio manufacturer can deviate from the IEEE standard to improve (or at least try to...) the standard on their own. Hence they do and each and every manufacturer has its own ideology and arguments to do it the way they do.

And why should Mikrotik allow Ubiquity to use their standard, or vice versa. And others?
Many wisp made a choice some years ago to go for one brand. Now they are 'married' to that brand if they use tdma. Imagine tdma could be freely used in-between brands. Mikrotik probably would have been bankrupt by then since many WISPs would over time then have move to other platforms.

And to show how complicate it is anyway. The eCambium 'elevate' product line was supposed to be working with 3rd party devices. So far after 2 years of promises it still only worked for Ubnt devices and I believe one model of Mikrotik.

So if you really want to stick to a 'multi brand' network you have to stick to plain 802.11 and to be honest, if you use 'ac' with good antennas and properly configure (RTS/CTS!) that protocol might work in several circumstances better then tdma what I already proved in some posts and just the last week still see is the case. Even after the latest ROS v.6.42.6 I have some P2MP network running in 802.11 instead of NV2 because it give much more capacity for the single client and in total over the AP...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Jul 17, 2018 2:47 pm

We are operating an amateur radio network and we do not control the manufacturer of equipment chosen by the users.
And in fact, the product gamma of the two main manufacturers has been varying over time to give preference to one or the other.
e.g. before the LHG there was no cheap MikroTik user device with some gain, the SXT was too small for many users.
UBNT has the AirGRID devices which, although single-polarization, work over longer distances.
Now with the LHG this has changed, but we still have:
- sites with UBNT AP and a mix of AirGRID and LHG/SXT clients
- sites with MikroTik AP and a mix of AirGRID and LHG/SXT clients
Pracitce shows that the UBNT AP works better in the presence of interference (less problems with spurious RADAR detection)
but the LHG is the better choice for user equipment because it uses both polarisations.

It would be nice if both of them could operate under the same managed access protocol. I have no idea of the internals
of the different protocols now in use. The term TDMA is a bit worrying, hopefully (and likely) it does not mean there is a fixed
timeslot allocation for clients. A good protocol would use some form of round-robin polling of the clients with polling priority
dropping when traffic is low. Something more like DAMA.

I think when neither MikroTIk nor UBNT come up with some openness, the IEEE should publish a standard. Then both
manufacturers can do nothing but implement that standard (possibly alongside their own offering) or they would lose all
their marketshare to a manufacturer that does.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature requests

Tue Jul 17, 2018 4:32 pm

Netinstall for Linux, or documentation of the netinstall process so it can be programmed for Linux by someone else.
+1

Also it would be nice if a MikroTik installation itself can be a netinstall server for another RouterBoard.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Jul 17, 2018 5:44 pm

And install of a clean new RouterOS in an inactive partition on a router with 2 or more partitions.
Router running from Active partition part0, download new npk files and do "install into part1",
optionally copy config from part0 to part1, set part1 to Active and reboot: new clean install without doing netinstall.
 
andreiroos
just joined
Posts: 12
Joined: Sat Oct 01, 2016 8:22 pm

Re: Feature requests

Wed Jul 18, 2018 4:26 pm

I saw that it is mentioned to have the ability to set limits in queues from child queues to be expressed in a percentage value of the parent, This have been mentioned about in 2012 (Saw it on tab 5). Would also like it to be implemented especially for the fact that our internet connections get throttled (shaped) at times and this would make life much easier to adjust only the parent queue to implement speed changes.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Jul 18, 2018 11:40 pm

Winbox proxy ???

It might be nice to be able to connect to another Mikrotik using the 1st mikrotik as a proxy to be able to connect up to a 2nd Mikrotik.

Where , an admin might not be able to directly connecte to the 2nd mikrotik, but if the 1st mikrotik can mac/IP connect to the 2nd then allow a winbox proxy connection through the 1st mikrotik to a 2nd mikrotik.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 835
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: Feature requests

Thu Jul 19, 2018 1:04 am

@TomjNorthIdaho
RoMON
https://wiki.mikrotik.com/wiki/Manual:RoMON

Regards,
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Jul 19, 2018 11:43 am

@TomjNorthIdaho
RoMON
RoMON works only over L2 transparent links. A proxy could be operating at IP level. A nice feature would be to add an IP-level layer to RoMON so you can
extend the RoMON network like this:

PC <---------IP link--------------->Router1<----------L2 link ----------->Router2

and then access Router2 "via RoMON" from the PC. This can now be done only at commandline-level, not winbox.
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: Feature requests

Thu Jul 19, 2018 12:04 pm

 
craterman
just joined
Posts: 22
Joined: Tue Oct 14, 2014 1:26 pm

Re: Feature requests

Thu Jul 19, 2018 2:31 pm

Please make the opportunity to make rules for the firewall with timerange starting today and ending at some time tomorrow. For example from 20:00:00 to 06:00:00
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature requests

Thu Jul 19, 2018 2:37 pm

[admin@rOS] /ip firewall> filter add time=

Time ::= [!]Start-End,Day
Start -- 0s..1d (time interval)
End -- 0s..1d (time interval)
Day ::= sun|mon|tue|wed|thu|fri|sat[,Day*]
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Feature requests

Fri Jul 20, 2018 1:08 am

When testing P2MP networks for best throughput and latency you need to run a test from several CPE's (in a 'all MT' network) and then switch between the different protocols and setting to see what gives best result.
Each time though the connection with AP is lost due a config change, the CPE needs to be opened up again in its winbox session. And each time all settings for the bandwidth test are gone... each time you need to fill these again..

Can bandwidth test not be made to at least remember its settings? It has to be stopped when the CPE drops the connection over the interface the test runs, but it would be o so helpful if the settings for the test just come back after the winbox session is opened again. Just click on 'run' and the test can run again..

Would make it a great time saver in troubleshooting and fine tuning P2MP networks...
 
metricmoose
newbie
Posts: 48
Joined: Sat Nov 21, 2015 2:03 am

Re: Feature requests

Sat Jul 28, 2018 5:25 am

I would like some way of hiding profiles in usermanager from the customer-facing parts, like in the signup and user pages. This would allow us to generate vouchers that will be priced differently or have different limitations than what's available on the self-signup, without making those packages available to self-signup customers.
 
wpeople
Member
Member
Posts: 378
Joined: Sat May 26, 2007 6:36 pm

Re: Feature requests

Sat Jul 28, 2018 4:21 pm

Winbox proxy ???

It might be nice to be able to connect to another Mikrotik using the 1st mikrotik as a proxy to be able to connect up to a 2nd Mikrotik.

Where , an admin might not be able to directly connecte to the 2nd mikrotik, but if the 1st mikrotik can mac/IP connect to the 2nd then allow a winbox proxy connection through the 1st mikrotik to a 2nd mikrotik.
If you can connect to 1st mikrotik via TCP (ssh), than using putty, you can configure additional port forwards on the fly.
(using linux, port forward should be added at connection - windows based putty allows on the fly)

Like: ssh into box1, open putty configuration (connection/ssh/tunnels) add new tunnel: 8291 -> 192.168.1.2:8291

that means connection to localhost:8291, putty will grab those packets, push to ssh server (remote mikrotik) what forwards them to 192.168.1.2:8291 on remote site.
and vice versa
 
taduikis
Member
Member
Posts: 436
Joined: Sat Jul 07, 2007 12:09 pm

Re: Feature requests

Sat Jul 28, 2018 5:53 pm

When testing P2MP networks for best throughput and latency you need to run a test from several CPE's (in a 'all MT' network) and then switch between the different protocols and setting to see what gives best result.
Each time though the connection with AP is lost due a config change, the CPE needs to be opened up again in its winbox session. And each time all settings for the bandwidth test are gone... each time you need to fill these again..

Can bandwidth test not be made to at least remember its settings? It has to be stopped when the CPE drops the connection over the interface the test runs, but it would be o so helpful if the settings for the test just come back after the winbox session is opened again. Just click on 'run' and the test can run again..

Would make it a great time saver in troubleshooting and fine tuning P2MP networks...


I use The Dude for this. Leave the Btest windows open and configure as you want..
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Wed Aug 01, 2018 9:04 am

Please implement a proper auto channel selection that looks at the usage and noise floor of each frequency in the scanlist before choosing a channel.

And not one that just counts how many devices it sees per frequency (as per now): viewtopic.php?f=7&t=122063&p=677377#p600476
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Aug 01, 2018 6:05 pm

Please implement a proper auto channel selection that looks at the usage and noise floor of each frequency in the scanlist before choosing a channel.

And not one that just counts how many devices it sees per frequency (as per now): viewtopic.php?f=7&t=122063&p=677377#p600476
+1
When a WISP has multiple APs with the same SSID (nv2 APs), often a client will not select the best AP but rather the 1st AP it finds.

I would like to see some client optional settings that will allow an administrator to define some parameters when scanning for an AP to connect to. Such options might include:
- Scan time prior to making a connection to an AP
- AP selection by one of the following:
-- Strongest AP signal strength
-- Best Signal To Noise ratio
-- Best estimated CCQ
-- Fastest connect receive rate

The current client scan to find an AP is not adiquate and very often does NOT select the best possible AP when there are many candidate APs to connect to.


Example … As a LAB test … If you use SuperChannel with a scan list of 5000-6000 and you have 30 APs. The clients will probably NOT select the best AP to connect to. And also some APs might never get a connection and some APs will get almost all of the client connections. There needs to be a better system for client to AP load distribution so that multiple APs balanced with near equal clients per AP.


Or one possible solution --- I suspect the current client scan for AP mechanism scans starting at the lowest frequency in the scan list then walks up through higher frequencies. I suspect a better client scan system might be to randomize the scan list search order to find an AP. Then multiple APs might have near equal client connection counts.

North Idaho Tom Jones
 
DmitryAVET
Member Candidate
Member Candidate
Posts: 112
Joined: Thu Mar 26, 2015 12:27 am
Location: Ukraine, Mukachevo
Contact:

Re: Feature requests

Wed Aug 08, 2018 11:07 am

Hello,

Graphing is very cool tool, but... it killing Flash when using "Store on Disk" option (Interface/Queue/Resources).

7 days = 100K+ writes to flash...

Please, add posibility to store data on external storage, like USB Flash or microSD card.
You do not have the required permissions to view the files attached to this post.
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Wed Aug 08, 2018 11:13 am

Please add all items that are in wireless -> registration table to CAPSMAN -> registration table. I regularly use the last-ip column for example which is not available in CAPSMAN.
 
mlow
just joined
Posts: 18
Joined: Sun Oct 05, 2014 10:42 am

Re: Feature requests

Thu Aug 09, 2018 3:10 pm

I'm throwing this on the list a second time.
Support for RFC6939, i.e, the client link-layer address option, enabling a DHCPv6 relay to pass a client's link-layer address (MAC address) as an option (number 79) to a DHCPv6 server, whereupon the server can use that information for static lease reservation, etc.

The need for such is currently described on the DHCPv6 wikipedia page, here: https://en.wikipedia.org/wiki/DHCPv6#RF ... ess_Option
 
dimonana
just joined
Posts: 3
Joined: Thu Aug 09, 2018 3:19 pm

Re: Feature requests

Thu Aug 09, 2018 3:23 pm

I'd like to ask to complete IPSEC/IKEv2 implementation.
Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing.
 
Lombart
just joined
Posts: 18
Joined: Mon Mar 05, 2012 11:18 am

Re: Feature requests

Mon Aug 13, 2018 6:34 am

add dual-wan mode at quickset
it realy help for us

thank you
 
liwest_alx
just joined
Posts: 3
Joined: Mon Jul 07, 2008 4:00 pm

Re: Feature requests

Mon Aug 13, 2018 1:30 pm

CRS112-8P-4S:
SNMP Oid's for PSU1 + PSU2 Voltage or at least a status.
Currently only Temperature under system health supported.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Feature requests

Mon Aug 13, 2018 1:33 pm

CRS112-8P-4S:
SNMP Oid's for PSU1 + PSU2 Voltage or at least a status.
Currently only Temperature under system health supported.
So you see it under /system healt print ?
If so you can us Script/Syslog/Splunk to graph it.

See here on how I monitor Temperature.
viewtopic.php?t=137338
 
magnavox
Member
Member
Posts: 357
Joined: Thu Jun 14, 2007 1:03 pm

Re: Feature requests

Mon Aug 13, 2018 9:23 pm

Hi Mikrotik Staff,
any chance for implement MLPPP server ?

Read: viewtopic.php?f=1&t=66192&p=679772#p679772
 
eroberts9
just joined
Posts: 7
Joined: Tue May 29, 2018 12:26 am

Re: Feature requests

Tue Aug 14, 2018 4:15 am

DFS certification for the US .
 
paulct
Member
Member
Posts: 336
Joined: Fri Jul 12, 2013 5:38 pm

Re: Feature requests

Tue Aug 14, 2018 10:53 am

Until there is version 7, or whatever it is called. Can we get a BGP peer priority?

e.g say if you need to upgrade ROS, swap out a CCR, or reboot - each BGP is assigned a priority and receives/sends routes according to that policy in order?
e.g:
Peer 1 - default route (priority 1)
IX route server - priority 2
IX2 route server - priority 3
Private peer 1 - Priority 4
Private peer 2 - Priority 5

In that way, essential peer routes are loaded into the routing table first according to what you decide. This would help when provider A peers on a route server and you privately peer with them - rather load the routes from the route server first and so on. We know ROS is not great loading thousands of routes - but at least with this method there is some control.

Maybe even a timer or such?

Basically a stop gap solution until we have higher clocked CPU's / better software.
 
User avatar
LucZWFM
Member Candidate
Member Candidate
Posts: 130
Joined: Tue Dec 26, 2017 10:47 pm
Location: Bergen op Zoom, The Netherlands

Re: Feature requests

Tue Aug 14, 2018 1:06 pm

Making the headers of the tables sticky, so when one scrolls down one still sees the header...

What I mean with header:

Image
Image
Image
Image

Make the gray part sticky please. It's much more comfortable that it will not dissapear when scrolling down...

Thanks!
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - SNMP OID Ethernet link speed

Tue Aug 14, 2018 5:59 pm

Feature requests - SNMP OID Ethernet link speed

It would be great to have SNMP OIDs for Ethernet link speeds. (if they are there , I have not spotted them yet).

These could be very useful to detect when an Ethernet link changes link speed. Such as when what is/was supposed to be a 1-Gig link changes to a 100 meg link.

North Idaho Tom Jones
 
Omniflux
just joined
Posts: 12
Joined: Sun Sep 19, 2004 1:27 am
Location: Nephi, UT. USA
Contact:

Re: Feature requests - SNMP OID Ethernet link speed

Tue Aug 14, 2018 8:22 pm

Feature requests - SNMP OID Ethernet link speed

It would be great to have SNMP OIDs for Ethernet link speeds. (if they are there , I have not spotted them yet).

These could be very useful to detect when an Ethernet link changes link speed. Such as when what is/was supposed to be a 1-Gig link changes to a 100 meg link.

North Idaho Tom Jones
$ snmpwalk -v2c -c public 192.168.88.1 |grep ifSpeed
IF-MIB::ifSpeed.1 = Gauge32: 0
IF-MIB::ifSpeed.2 = Gauge32: 1000000000
IF-MIB::ifSpeed.3 = Gauge32: 1000000000
IF-MIB::ifSpeed.4 = Gauge32: 0
IF-MIB::ifSpeed.5 = Gauge32: 100000000
IF-MIB::ifSpeed.6 = Gauge32: 1000000000
IF-MIB::ifSpeed.7 = Gauge32: 0
IF-MIB::ifSpeed.8 = Gauge32: 0
IF-MIB::ifSpeed.9 = Gauge32: 1000000000
IF-MIB::ifSpeed.10 = Gauge32: 1000000000
IF-MIB::ifSpeed.12 = Gauge32: 100000000
IF-MIB::ifSpeed.14 = Gauge32: 1000000000
IF-MIB::ifSpeed.15 = Gauge32: 0
IF-MIB::ifSpeed.17 = Gauge32: 0
IF-MIB::ifSpeed.18 = Gauge32: 100000000
IF-MIB::ifSpeed.21 = Gauge32: 10000000
IF-MIB::ifSpeed.22 = Gauge32: 0
IF-MIB::ifSpeed.24 = Gauge32: 0
IF-MIB::ifSpeed.25 = Gauge32: 1000000000
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Feature requests - SNMP OID Ethernet link speed

Tue Aug 14, 2018 10:53 pm

Feature requests - SNMP OID Ethernet link speed

It would be great to have SNMP OIDs for Ethernet link speeds. (if they are there , I have not spotted them yet).

These could be very useful to detect when an Ethernet link changes link speed. Such as when what is/was supposed to be a 1-Gig link changes to a 100 meg link.

North Idaho Tom Jones
+1 !!!!!!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Aug 14, 2018 11:06 pm

As was written above, this feature is already available. And has been for as long as I use RouterOS. So "that could be" and "+1" is completely meaningless.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Feature requests

Wed Aug 15, 2018 8:25 am

It works fine on my hEX RB750Gr3
snmpwalk -v2c -c public 192.168.0.1  .1.3.6.1.2.1.2.2.1.5
IF-MIB::ifSpeed.1 = Gauge32: 1000000000
IF-MIB::ifSpeed.2 = Gauge32: 100000000
IF-MIB::ifSpeed.3 = Gauge32: 0
IF-MIB::ifSpeed.4 = Gauge32: 1000000000
IF-MIB::ifSpeed.5 = Gauge32: 1000000000
IF-MIB::ifSpeed.6 = Gauge32: 10000000
IF-MIB::ifSpeed.8 = Gauge32: 1000000000
IF-MIB::ifSpeed.9 = Gauge32: 100000000
IF-MIB::ifSpeed.10 = Gauge32: 1000000000

snmpwalk -v2c -c public 192.168.0.1 .1.3.6.1.2.1.2.2.1.2
IF-MIB::ifDescr.1 = STRING: ether1-Wan
IF-MIB::ifDescr.2 = STRING: bridge_vlan1
IF-MIB::ifDescr.3 = STRING: ether3
IF-MIB::ifDescr.4 = STRING: ether4-Win_Server
IF-MIB::ifDescr.5 = STRING: ether5-Linux_server
IF-MIB::ifDescr.6 = STRING: pptp-in1
IF-MIB::ifDescr.8 = STRING: ether2-Cisco-Switch
IF-MIB::ifDescr.9 = STRING: bridge-vlan20
IF-MIB::ifDescr.10 = STRING: eth2-vlan20
And on hAP lite 941-2
snmpwalk -v2c -c public 192.168.0.80 .1.3.6.1.2.1.2.2.1.2
IF-MIB::ifDescr.1 = STRING: wlan1
IF-MIB::ifDescr.2 = STRING: ether1
IF-MIB::ifDescr.3 = STRING: ether2
IF-MIB::ifDescr.4 = STRING: ether3
IF-MIB::ifDescr.5 = STRING: ether4
IF-MIB::ifDescr.6 = STRING: bridge

snmpwalk -v2c -c public 192.168.0.80 .1.3.6.1.2.1.2.2.1.5
IF-MIB::ifSpeed.1 = Gauge32: 50000000
IF-MIB::ifSpeed.2 = Gauge32: 100000000
IF-MIB::ifSpeed.3 = Gauge32: 0
IF-MIB::ifSpeed.4 = Gauge32: 0
IF-MIB::ifSpeed.5 = Gauge32: 10000000
IF-MIB::ifSpeed.6 = Gauge32: 100000000
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Aug 15, 2018 7:26 pm

It would be nice if there was a "print oid" output result that contained the OID for ethernet link speed.

North Idaho Tom Jones
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: Feature requests

Sat Aug 25, 2018 3:09 pm

Feature request: AES hardware acceleration for OpenVPN
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: Feature requests

Tue Aug 28, 2018 12:11 am

hi guys, it seems to me that it is still not possible to change the date format in dd/mm/yyyy. It would be very useful as I also work with userman reports.
Does anyone have a solution?
thank you
Valerio
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Feature requests

Wed Aug 29, 2018 1:00 am

rfc 6286 - AS-wide Unique BGP Identifier for BGP-4 support for routerOS BGP.

it relaxes some strict definitions: routerid can be now an arbitrary 32 bit unsigned integer, while the older definition restricts it to "valid unicast address".
this breaks BGP compatibility with mikrotik devices right now if not taken in consideration.

in general you only need to remove the check that was required in rfc4271.

this needs to be worked out with IPv6-only devices where you don't have no IPv4 address to be used as bgp identifer.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Aug 29, 2018 1:05 am

A somewhat simple feature I would like to see in ROS.
The ability to restore a backup and have the option to "Do Not Re-Write MAC Addresses"

it would be great to be able to restore a Mikrotik and have the option to NOT re-write every ethernet & wlan & bridge MAC address
North Idaho Tom Jones
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Feature Request CLI site-survey include Radio-Name

Wed Aug 29, 2018 10:17 pm

Feature Request CLI site-survey include Radio-Name

I would like to see the CLI site-survey include "Radio-Name" in the results.
When using winbox, you can see "Radio-Name" in the site-survey results - however when using the CLI such as my example below:
/interface wireless> scan wlan1 duration=90 save-file=SiteSurvey.txt
the CLI site-survey does not include "Radio-Name" in the results.

FYI - I am using NV2
FYI - in all of my Mikrotik APs, I use radio names similar to this: Radio-Name 172-16-10-89-Mica-N/AC-2x2
FYI - I can't simply use SSID , because I have hundreds of Mikrotiks APs using the same SSID.

Without the radio-name in the survey results, it makes it difficult to quickly identify which APs are actually being seen and I have to refer back to MAC addresses and frequency to determine which AP is actually being seen.

North Idaho Tom Jones
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Wed Jan 03, 2018 10:17 am

Re: Feature requests

Mon Sep 03, 2018 5:40 pm

resend syslog email if fail to send, currently any syslog email will be discard if fail to send which raise a problem if wan or mail server down.
 
Simono
newbie
Posts: 49
Joined: Tue Mar 20, 2018 9:41 am

Re: Feature requests

Mon Sep 03, 2018 5:56 pm

Support for ups APC Back-CS via USB cable.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue Feb 20, 2018 12:31 am

Re: Feature requests

Mon Sep 03, 2018 8:35 pm

hi guys, it seems to me that it is still not possible to change the date format in dd/mm/yyyy. It would be very useful as I also work with userman reports.
Does anyone have a solution?
thank you
Valerio
news?
 
thobias
newbie
Posts: 25
Joined: Thu Nov 30, 2017 8:45 pm

Re: Feature requests

Mon Sep 03, 2018 9:22 pm

1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
Please this to be able to use several lists on a single rule without having to copy them together manually or by scripting.
http://prntscr.com/kq653h
Also do the same on src/dst-address and in/out-interface so we don't have to create a list if just needing a rule with two or three addresses as it makes config more neat.
 
helipos
Member Candidate
Member Candidate
Posts: 132
Joined: Sat Jun 25, 2016 11:32 am

Re: Feature requests

Wed Sep 05, 2018 12:14 pm

I would like to see something like triggers when an interface state changes, so router can run a script (like ip-up/ip-down on "real" Linuxes).
+1
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Wed Sep 05, 2018 2:10 pm

1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
Please this to be able to use several lists on a single rule without having to copy them together manually or by scripting.
http://prntscr.com/kq653h
Also do the same on src/dst-address and in/out-interface so we don't have to create a list if just needing a rule with two or three addresses as it makes config more neat.
The underlying Linux mechanism does have a "list of lists" feature so it would be easy to add a "list12" that has "list1" and "list2" as members and then specify that as src-address-list.
There is no support to have several lists or several addresses in a single firewall item. You can only do that by having several separate items and indeed that is what happens when you try that in Linux.
(you insert a simple rule with different addresses and when you look later you have several rules in your table)
 
User avatar
Moky
just joined
Posts: 6
Joined: Sat Apr 08, 2017 10:50 pm

Re: Feature requests

Wed Sep 05, 2018 3:29 pm

Hi,

I would like to suggest two things:
  1. Webproxy HTTPS support (any of two listed options or both):
    • Possibility to address HTTPS domains with SNI parameter like "tls-host" option in MikroTik filter (e.g. ability to create rules in webproxy with "tls-host").
    • MitM HTTPS decryption support with imported certificate which is trusted on client machines.
  2. NTP client option to show more information about NTP server (like "stratum" etc. - Cisco has a nice info about any configured remote NTP server).

Kind regards,
Moky
 
thobias
newbie
Posts: 25
Joined: Thu Nov 30, 2017 8:45 pm

Re: Feature requests

Wed Sep 05, 2018 4:12 pm

1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
Please this to be able to use several lists on a single rule without having to copy them together manually or by scripting.
http://prntscr.com/kq653h
Also do the same on src/dst-address and in/out-interface so we don't have to create a list if just needing a rule with two or three addresses as it makes config more neat.
The underlying Linux mechanism does have a "list of lists" feature so it would be easy to add a "list12" that has "list1" and "list2" as members and then specify that as src-address-list.
There is no support to have several lists or several addresses in a single firewall item. You can only do that by having several separate items and indeed that is what happens when you try that in Linux.
(you insert a simple rule with different addresses and when you look later you have several rules in your table)
But what is preventing Mikrotik from making it possible to create hidden lists from several IPs specified in a single rule or having a rule match if IP exists in list A or list B?
 
w0lt
Long time Member
Long time Member
Posts: 537
Joined: Wed Apr 02, 2008 2:12 pm
Location: Minnesota USA

Feature requests: Winbox

Wed Sep 05, 2018 4:36 pm

1. Please allow the ability to make multiple window column selections instead of "one at a time".
2. Please move the "Torch" selection from the "Tools" to the "Main Menu" !!! :D

Thanks

-tp
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Wed Sep 05, 2018 5:56 pm

But what is preventing Mikrotik from making it possible to create hidden lists from several IPs specified in a single rule or having a rule match if IP exists in list A or list B?
It would not be a good idea to do that because it introduces new possibilities for bugs.
It is also not good for your own network management.

On routers in complicated networks I have lots of address lists often with only a single address or subnet in them, sometimes 2 or 3, and I use them all over the place in the firewall.
That makes it much easier to maintain things, once you get the hang of it (and have a good naming convention).

I can understand the utility of having the list-of-lists feature so you can define a list which contains other lists as members, I sometimes have multiple lists containing the same addresses in different combinations, and that could be cleaned up this way.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

NV2 - increase NV2 client scan-for-AP b4 connect to AP

Wed Sep 05, 2018 10:47 pm

NV2 - increase NV2 client scan-for-AP b4 connect to AP


I need/want a longer nv2 client scan time prior to an nv2 client connecting to an nv2 AP (a new setting would be nice for nv2 scan time before connecting to a nv2 AP)

The wireless AP enviornment:
- The small town/city I am in has 20+ nv2 APs (soon to be 40+ APs)
- All nv2 APs are the same SSID
- nv2 APs do NOT receive near-equal nv2 client connection counts.
- almost 400 nv2 wireless clients
- sustained customer bandwidth during peak periods is always more than 325 meg

The problem:
- Almost always , nv2 wireless clients will connect to APs that are the lowest frequencies in the scan list
- Very often , nv2 wireless clients are not connecting to the best/strongest nv2 APs that are in the upper frequency part of a client nv2 scan list
- This mostly results in an un-blanaced nv2 AP customer-connected-load (where lower frequency APs normally take 80+ percent of all nv2 client connections.
- nv2 APs in the upper part of wireless nv2 client scan lists often only get 20 percent of all clients (the other 80 percent always favor lower frequency APs in the scan list)

Info - I believe that nv2 clients have a limited scan time prior to the nv2 client making a decision on what nv2 AP to connect to. I believe the client scan period needs to be extended/lengthened by about 250 percent longer. With a longer client nv2 scan time-period, nv2 clients searching for a nv2 AP can then choose the best nv2 AP to connect to instead of the lowest-frequency first-found nv2 APs.
If all nv2 clients could fully scan everything in the full (superchannel) nv2 scan list, then all APs would be better client-connect balanced -and- the entire nv2 network could run much faster because the lower frequency APs would not be saturated with nv2 client connections.

Mikrotik , is it possible to add a feature (optional setting) for nv2 clients to have more time to perform a nv2 client scan prior to connecting to an nv2 AP ?

I really like Mikrotik's hybrid version of TDMA ( nv2 ) , however the nv2 client scan time has always been a problem. Unlike 802.11 or nstream, nv2 clients do not background scan for better APs to connect or roam to. All client nv2 connections want to stay connected to the original nv2 AP they first connected to. Longer nv2 client scan times would at least get equal client-connect loads distributed evenly among all nv2 APs of equal signal strength found in the client nv2 scan list.


North Idaho Tom Jones
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: NV2 - increase NV2 client scan-for-AP b4 connect to AP

Thu Sep 06, 2018 2:44 pm

NV2 - increase NV2 client scan-for-AP b4 connect to AP

Unlike 802.11 or nstream, nv2 clients do not background scan for better APs to connect or roam to. All client nv2 connections want to stay connected to the original nv2 AP they first connected to. Longer nv2 client scan times would at least get equal client-connect loads distributed evenly among all nv2 APs of equal signal strength found in the client nv2 scan list.


North Idaho Tom Jones
Tom:
As far as I know nstream and 802.11 also cannot do a background scan and then connect/roam to the best signalled AP. The background scan is possible, but only to 'see' what is out there. The client stays connected to what he was. So its only a manual tool the operator can use which in NV2 indeed is not even available. But correct me if I'm wrong! Maybe you have some script that forces de CPE to switch to another AP when that other one has better signal?

Second; I agree on the scan 'low frequencies first'. I observed the same when running a scan or when I have a CPE that is allowed to connect to two or three different AP's (Even with different SSID's). If both frequencies come with roughly the same strength the low ones are picked up first and if allowed used to connect.

But why have free roaming clients to start with? If you are using NV2 I'd presume all your clients are fixed installations? Like we have.
I just make sure all clients that have the option to connect to 2, or 3 different AP's it connects to the best one upon my decision as an operator.
Because I know what the average usage is on each AP.
So if I have 2 options for a client to connect to, I'd look to which AP gives the best signal and pick that one. But if signals are good for both AP's I decide to make it connect only to the one with the best P2MP network. And here comes the amount of connected CPE's as well the signals they all have in consideration. I know how the AP's perform in general.
So I'd balance the client load then more based upon my insight as network operator which usually beast any automated process. (Don't forget that most data that could be used in an automated decision making process is variable anyway. Signals vary, traffic vary, which clients are generating traffic vary.. etc.)

As soon as the decision is made that specific client will be add into the 'access list' of that preferred AP, and that same preferred AP will be add as first listing in the 'connect to' list of the CPE.
I might have both units (AP + CPE) to know about the other but in the AP's 'access list' only in a 'disabled' function. So only in case AP1 goes down, I stil allows the CPE to connect to AP2 so at least we can still serve the client. (Most of the times we disable the alternative 'connect to' listing because the setback is that when we do an upgrade on AP1 the clients jumps to AP2. After that we can upgrade AP2 so the client jumps back but for some clients it might be the other way around. And sometimes you just need to reboot an AP and I don't want the kind of client to jump to the alternative AP)
This is all manual work. MT units are pretty reliable so it happens rarely we have to make use of a 'backup AP' because one AP goes down.

A semi automated proces as you suggest imho is hardly achievable. Even when CPE's would automatically populate AP's in a more balanced way by numbers of associated clients to AP, it still doesn't mean you really balance the load on an AP. It is still pretty expectable that one AP has much more traffic then the other. And that variate between those AP's too....
The client would be best connect to an AP with little (overall) traffic then one with high traffic even with only a handful of clients.

I think the experience of the operator is a much more better decisive tool then any automated proces performed in these little intelligent devices.
We set everything manual and in 98% of the case we never have to adjust or change the client's CPE preferred AP any more...
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Sep 06, 2018 6:06 pm

Wireless Rudy

Thanks for your reply post

Re: Maybe you have some script that forces de CPE to switch to another AP when that other one has better signal?
I don't have a client script to do this. I am not that good of a programmer. However I think a client boot-up script to first scan and then have the script select the best AP and modify the scan list for the best AP. And - upon failure , re-scan and select the 2nd best AP and upon failure of ability to connect to any AP in the site-survey , the fall back to the default (or custom configured scan lists.

Re: But why have free roaming clients to start with? If you are using NV2 I'd presume all your clients are fixed installations?
correct

Here is an example of a potential issue with many nv2 APs and many nv2 clients:
- lets say you have a bunch on nv2 APs and a bunch of nv2 clients (all using the same SSID)
-- You have the ability to update the client ROS versions (no problem here)
--- When you update the ROS on your bunch of nv2 APs , there is a problem. When you update an nv2 AP and reboot the nv2 AP, nv2 clients are then forced to re-scan & re-connect to a different AP. After your ROS updates of your bunch of nv2 APs, you end up with the majority of your nv2 clients connected to the nv2 AP that has been up the longest and few nv2 clients connected to your nv2 APs that are the most recent updated/rebooted AP. This forces the Mikrotik network admin to manually bounce weak nv2 clients off of some nv2 APs so that they can again reconnect.
---- Thus , with 20 nv2 APs, updating those AP in sequence of AP#1, then AP#2 through AP#19, AP#20, you will end up with the bulk of nv2 clients connected to lowere # APs and fewer nv2 client connections to your higher # AP. Thus , it may well be worth it to have a nightly script fire off on all nv2 clients to auto-scan and re-distribute the client to AP connect loads. (my thoughts).
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests (ability to view wireless capabilities)

Thu Sep 06, 2018 6:37 pm

Re: Feature requests (ability to view wireless capabilities)

Is there a feature to see/view the capabilities of a wireless wlan ?
If not , then I would like to see a new feature to show the wireless capabilities and possible settings.

My issue, I have more than 1,000 nv2 client Mikrotiks. I currently use a Linux expect script to sequentially connect up to each client and perform some commands. The results of the commands are stored in a directory on my Linux machine (results-directory/IP-address-of-client-mikrotik). I am then able to grep the results-directory for pattern matches I am looking for and with this list, I am then able to obtain a client list of IP addresses I am searching for.

I am searching for a method to find all client Mikrotiks that are AC capable, and/or Ceee capable, and/or 2x2 capable. My problem is, I don't know the client wireless capabilities without actually attempting to configure the wireless interface. Thus, it would be a nice feature to be able to print the wireless capabilities without actually making wireless configuration changes.

North Idaho Tom Jones
 
Simono
newbie
Posts: 49
Joined: Tue Mar 20, 2018 9:41 am

Re: Feature requests

Thu Sep 06, 2018 7:58 pm

Address lists on Simple queue as target
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Feature requests (ability to view wireless capabilities)

Fri Sep 07, 2018 1:09 pm

Re: Feature requests (ability to view wireless capabilities)

Is there a feature to see/view the capabilities of a wireless wlan ?
If not , then I would like to see a new feature to show the wireless capabilities and possible settings.

My issue, I have more than 1,000 nv2 client Mikrotiks. I currently use a Linux expect script to sequentially connect up to each client and perform some commands. The results of the commands are stored in a directory on my Linux machine (results-directory/IP-address-of-client-mikrotik). I am then able to grep the results-directory for pattern matches I am looking for and with this list, I am then able to obtain a client list of IP addresses I am searching for.

I am searching for a method to find all client Mikrotiks that are AC capable, and/or Ceee capable, and/or 2x2 capable. My problem is, I don't know the client wireless capabilities without actually attempting to configure the wireless interface. Thus, it would be a nice feature to be able to print the wireless capabilities without actually making wireless configuration changes.

North Idaho Tom Jones
How about performing an IP / neighbor command on your main router (that should 'see' all units) and order by device type? You'll immediately see if a units is 'n' or 'ac'. My antenas all have their designated AP in their name so I can then also set the filter and thus see in an instance which units are 'n' or 'ac' (and thus can do 80Mhz wide channel in 'ac') for each AP.
 
xxiii
Member Candidate
Member Candidate
Posts: 234
Joined: Wed May 31, 2006 12:55 am

Re: Feature requests

Fri Sep 07, 2018 8:19 pm

Just ran into this issue today. Can't establish peering with a neighbor because of:

10:57:39 route,bgp,error Remote RouterId is not a valid unicast address: 247.255.0.240

ros 6.42.7
rfc 6286 - AS-wide Unique BGP Identifier for BGP-4 support for routerOS BGP.

it relaxes some strict definitions: routerid can be now an arbitrary 32 bit unsigned integer, while the older definition restricts it to "valid unicast address".
this breaks BGP compatibility with mikrotik devices right now if not taken in consideration.

in general you only need to remove the check that was required in rfc4271.

this needs to be worked out with IPv6-only devices where you don't have no IPv4 address to be used as bgp identifer.
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Feature requests

Fri Sep 07, 2018 11:12 pm

Just ran into this issue today.
opened a support request for it earlier today:

Ticket#2018090722004616
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Sep 13, 2018 3:26 pm

Please add the ability to authenticate with a ssh certificate in Winbox - thereby providing an alternative to passwords.

Yes, this is available for ssh, but lots of people (myself included) prefer using Winbox most of the time.
 
tnrclkr
newbie
Posts: 27
Joined: Tue Aug 25, 2015 8:36 am

Re: Feature requests

Tue Sep 18, 2018 3:47 pm

Advanced management for cap devices,

it would be great if i can change my all cap devices user password, port, service, interface status etc.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Sep 18, 2018 9:23 pm

Stop the use of the bundle package, deliver the routers with the packages required for typical home router use:
advanced-tools, dhcp, ppp, security, system, wireless (the latter only on devices that have wireless) and most important:
add some method in system->packages to download and install packages selecting them from a list of available packages on the download server.

This will make it easy for everyone to add the packages they require, no need to download and unpack zip files and update part of them to the router.
The required files are already on the download server, because upgrade of a router with separate packages downloads only what is required.
Maybe an index file would have to be added and it would be downloaded when you click the new "add package" button.
A list of available packages is displayed, you select one or more of them and click "download&install" just as when upgrading.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: Feature requests

Tue Sep 18, 2018 9:46 pm

Within Winbox I would like to see a "reboot button" within capsman for all CAP devices
Reason: If you have 2 CAPSMAN controller in active-active configuration, you have CAP devices on both controllers. If you upgrade one of them the CAPs use the other controller to connect to. But they won´t go connect back to their primary controller. So we need a simple "reboot" button after which they will connect to the primary one.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Tue Sep 18, 2018 10:43 pm

One of the things I would like to see for all new ROS updates/upgrades is more information as to what the new/fixed featured do.

Example - with the following two lines below - it is not clear what the problem was and what was fixed and what actually improved:

*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;

More information on new features & things fixed & things improved is almost always useful.

Even a URL in the upgrade menu for more information about the upgrade features/functions/fixes would be very much appreciated.

North Idaho Tom Jones
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: Feature requests

Wed Sep 19, 2018 3:17 pm

I didnt find, but sorry if exists.
There sould be a new section, a table in webfig and in winbox for global variables with initial values.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Sep 20, 2018 4:30 am

A bit of fun - but a potential very useful tool …

Info - back in the late 1980s and early 1990s, early notebook computers did not have sound cards , however they ususally had the PC-speaker (in this case a piezo speaker was normally mounted on the motherboard and used for the beep sounds) , well back then there was a Windows piezo speaker driver that could be loaded which offered the ability to play anything that would come out of your normal sound card computer speakers.

Now thinking about Mikrotiks routers with basically the same piezo speaker on the mother board and 99 percent the same electronics, it could be a usefull tool to be able to play a small sound file to/out the Mikrotik piezo speaker. Software PC-motherboard-piezo driver to emulate sound cards have been available for almost 30 years.

I suspect all that might be needed would be an optional Mikrotik ROS package to drive the Mikrotik piezo to behave like a sound card speaker. The software drivers are already out there.

Now as to why this might be a usefull , nifty, handy tool on a Mikrotik ... Rather than a script playing beeps of varing levels , a script could possibly just play a small sound file. This could come in handy for script files that beep messages. Instead , a Mikrotik could announce something you want to hear and a person could know about right away rather than get an alert via another computer device. A WISP could possibly use something like this to play a sound file that contains "Warning - Internet WAN connection is down/up" and/or "Call your ISP tech support at phone number xxx-yyy-zzzz" and/or play any usefull sound file such as "Wireless network information - new device connected using WPA2 encryption". The sound files could be small files with high compression which could fit in the flash file system.

Any-ways , I think the ability for a script to play a sound file could be a very usefull tool.

And to really totally show off your Mikrotik router (such as at a trade show or something) , then have it play full blown music out the piezo --- that would get everybody stopping by your booth.

I've used such tools on old notebook 16 MHz CPU computers with motherboard piezo speakers only and even watched full blown movies with the piezo speaker drivers hundreds of times , it works. If the Mikrotik motherboard hardware is already there then how about an optional ROS package to enable the piezo to do much much more.

North Idaho Tom Jones
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Thu Sep 20, 2018 5:59 am

A WISP could possibly use something like this to play a sound file ...
@TomjNorthIdaho: So it's enterprise feature then? That's good, it won't agitate people for being another frivolous home feature. :D
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Sep 20, 2018 5:54 pm

A WISP could possibly use something like this to play a sound file ...
@TomjNorthIdaho: So it's enterprise feature then? That's good, it won't agitate people for being another frivolous home feature. :D
It would pretty much be a tool for what ever a Mikrotik admin might want/need. Also , because I am suggesting it be an optional package, it would not necessarily be pre-loaded on a fresh Mikrotik router. This optional package could potentially be a nifty tool when used with scripts (including netwatch) to provide audio/verbal information. Also , because I know this type of motherboard speaker driver works on old/slow 16 MHz 16-bit computers , it would not be a Mikrotik resource drain sucking performance away from L2/L3 throughput.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Sep 20, 2018 6:17 pm

Related to optional ROS packages …

Because ROS is Linux based (and many of us know Linux very well) -and- because Linux/Unix may be one of the top two popular operating systems of all time , I would like to ask Mikrotik to consider a creating an optional developer package for ROS. Something that provides real programmer features and a compiler/cross-compiler which also includes an ability to make custom packages.

There are hundreds of small Linux developer motherboards out there already. Why not make a ROS programmer developer package. Who knows what the limits are for a RB ROS developer package ... A programmer could create custom drivers for PCI interfaces. Heck , I could see a possible use for a custom wireless/networked controller in many common things such as security systems, new additional drivers , hardware/interface/software/firmware support for use in all kinds of electric/electronic devices from heating & cooling systems, environmental systems and many everyday home/business devices already being developed using non-Mikrotik motherboards. I for one would tinker with it and see what useful devices I could create.

FYI - Did you know that Linksys released a full-blown Linux developer system with all of their Linksys source code and documentation for their Linux based wireless routers over 10 years ago (for free)? Where do you think DD-WRT came from (and many other systems) - and some of those operating systems derived/created from the Linksys developer system run on Mikrotik devices as a Virtual system right now ???

And also related to this post , when I started my WISP , I started out with 1,000 Linksys WRT routers running DD-WRT. I was very pleased with the DD-WRT Linux back then and it worked great.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Thu Sep 20, 2018 9:06 pm

Good luck with that. It doesn't seem to me that MikroTik is much for opening up. For example, according to developer of open-source MAC telnet, they don't even want to share details about new 6.43+ authentication, which is something that has no reason to be secret. And you want them to let you plug in your own code in their kernel...

But it could be nice. Even if it was something significantly more modest, just custom packages for strictly user-space non-root stuff. You could easily add custom services, simple web server, full-featured DNS server, UDP proxy, etc. Things that people sometimes want and MikroTik is not eager to implement. Combine it with some API to integrate own configuration interface for these things in WinBox/WebFix/CLI and it would be wonderful. But I'm not holding my breath.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Sep 20, 2018 10:32 pm

Good luck with that. It doesn't seem to me that MikroTik is much for opening up. For example, according to developer of open-source MAC telnet, they don't even want to share details about new 6.43+ authentication, which is something that has no reason to be secret. And you want them to let you plug in your own code in their kernel...

But it could be nice. Even if it was something significantly more modest, just custom packages for strictly user-space non-root stuff. You could easily add custom services, simple web server, full-featured DNS server, UDP proxy, etc. Things that people sometimes want and MikroTik is not eager to implement. Combine it with some API to integrate own configuration interface for these things in WinBox/WebFix/CLI and it would be wonderful. But I'm not holding my breath.
How about the possibilities of a new wireless driver for Wireless chipsets ? With a developent package , a new wireless driver could be created (using all of the available Atheros chipset registers/settings) to make new high-performance high-thoughput wireless drivers (such as a new/better nv2 'TDMA') system that might way outperform the current Mikrotik properitery hybrid TDMA (nv2). Or how about the tens of thousands of Linux drivers and applications/tools/utilities already freely available.

I think a development package would give the Mikrotik ROS the ability to enter other markets - more sales for Mikrotik in custom verticle markets. Even the US DOD could use this because they could then run their version of high-secirity high-encription special-functionality because they could then control their code and what does what. (I've been down this road a few times in the past...)

EDIT - back in the 90s, I was part a team that sold some custom very low power motherboards which supported special DOD software to control some battlefield devices and communications. Thanks to a software developer system , we were able to make $$$ millions in DOD sales of motherboards. With an optional Mikrotik ROS software developer package, new markets could be made available. A single order could potentially add many zeros to Mikrotik's $$$ income - ( I know - been there and did that !!! )
Last edited by TomjNorthIdaho on Thu Sep 20, 2018 11:10 pm, edited 2 times in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Sep 20, 2018 11:04 pm

I think MikroTik want to be in the market of selling relatively inexpensive hardware with a relatively powerful routing OS which is relatively easy to configure and which can be supported.
(all those parameters of course can vary a little and some may have different opinions about them than others)

It appears you want hardware with an open software environment. However, that is already widely available from other manufacturers.
(many network-oriented system boards are available from our Chinese friends and there is also a lot of Linksys-like hardware)

You can install Linux or OpenWRT and do everything yourself. However, it is difficult to support when everyone can add their own things.
Some other manufacturers have experimented with partly-open boxes (e.g. you enter some code and it becomes open, and you lose support).
But some of them have reverted that and now you cannot do that anymore without installing entirely your own software.
And you can already do that on MikroTik's hardware!

To be successful and make money you have to find some market where people want your product and you can manufacture and support it at reasonable cost.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Thu Sep 20, 2018 11:26 pm

I don't know, maybe there are people or organizations willing to make drivers for RouterOS (or port existing Linux drivers) and keep up with possible changes done by MikroTik, instead of just using completely free Linux and have everything under their control. I can't really say. Another matter is how attractive prospect it would be for MikroTik. If they like to be in control, it would end, because driver can do anything. For this, "my plan" (if we can call it that) seems more realistic, because even though they would lose some control, isolated package could not easily mess up whole system. It could also be interesting for more people, because dealing with drivers is not for everyone, but to compile some simple daemon, that could be done by almost anyone.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Fri Sep 21, 2018 10:06 am

"my plan" (if we can call it that) seems more realistic, because even though they would lose some control, isolated package could not easily mess up whole system.
Yes it would certainly be nice to have user-mode daemons under isolated user IDs so they cannot mess with the MikroTik part of the system, but frankly I doubt that the infrastructure for that is currently in place.
I mean: probably now everything runs as root and there has been no attention to file and directory permissions for a long time, so first that would have to be prepared.
It would improve overall security and decrease the risk for vulnerabilities as we have recently seen when services would run as restricted users, but apparently the webserver runs as root (only Linux system where I have seen that for a long long time!).
Of course the CHR provides a way to look into that, maybe I will do some research now that we have a shiny new ESXi server with lots of spare capacity.
 
Dragonk
just joined
Posts: 1
Joined: Fri Sep 21, 2018 10:46 am

Re: Feature requests

Fri Sep 21, 2018 10:51 am

I join the request, i need secure way to use NordVPN.

I'd like to ask to complete IPSEC/IKEv2 implementation.
Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing.
 
helipos
Member Candidate
Member Candidate
Posts: 132
Joined: Sat Jun 25, 2016 11:32 am

Re: Feature requests

Mon Sep 24, 2018 2:23 am

There sould be a new section, a table in webfig and in winbox for global variables with initial values.
System > scripts > environment (both winbox and webfig) ( it's only the current values however)

It would be nice to be able to properly append to text files. So we can get around the whole reading the file to another variable, adding what we needed and then writing the whole thing out again.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature requests

Tue Sep 25, 2018 11:30 am

I join the request, i need secure way to use NordVPN.

I'd like to ask to complete IPSEC/IKEv2 implementation.
Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing.
Such request is pretty useless. Defince what you consider "complete"? Which features you are missing?
 
bennyh
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Fri Mar 03, 2017 12:37 pm

Re: Feature requests

Tue Sep 25, 2018 1:04 pm

Please fix webproxy with IPv6 sites.
It doesnt work, more people said in the forum, that there is some problem with IPv6 sites trough webproxy. Someone said, only direct ip address works in url (if remote webserver accepts direct IP address behalf domain name).
I tried with IPv6 address of the IPv6-test.com, and i got the error message of the remote webserver ("these aren't the droids you're looking for").

IPv6 test webpage (http://testipv6.com/) results trough proxy:
Test with IPv4 DNS record ok (2.023s) using ipv4
Test with IPv6 DNS record timeout (17.107s)
Test with Dual Stack DNS record ok (2.022s) using ipv4
Test for Dual Stack DNS and large packeto ok (3.011s) using ipv4
Test IPv4 without DNS skipped (3.118s)
Test IPv6 without DNS skipped (17.099s)
Test IPv6 large packet timeout (17.110s)
Test if your ISP's DNS server uses IPv6 ok (3.013s) using ipv4
Find IPv4 Service Provider ok (0.782s) using ipv4 ASN 8990
Find IPv6 Service Provider timeout (16.692s)
 
logicwrath
just joined
Posts: 5
Joined: Wed Nov 04, 2015 10:28 pm

Re: Feature requests

Tue Sep 25, 2018 11:39 pm

Please consider adding FQDN and DDNS support to the Local and Remote Address fields of the GRE Interface.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Wed Sep 26, 2018 9:19 am

Please consider adding FQDN and DDNS support to the Local and Remote Address fields of the GRE Interface.
This can be done using scripting. The underlying mechanism in the kernel does not support a DNS name so it would have to be solved in a similar way.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Wed Sep 26, 2018 1:18 pm

Please consider adding FQDN and DDNS support to the Local and Remote Address fields of the GRE Interface.
Isn't the support already here for some time?.. quite long time...
What's new in 6.33 (2015-Nov-06 12:49):

*) tunnels - eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address;
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Wed Sep 26, 2018 4:48 pm

Yes, it's there, but only for remote address. Local address accepts only IP address.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Wed Sep 26, 2018 5:36 pm

Yes, it's there, but only for remote address. Local address accepts only IP address.
Why not just unset it? :)

What should router do if FQDN resolves to non-local address?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Wed Sep 26, 2018 6:22 pm

Well, when you unset the local address, you cannot enable IPsec.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Wed Sep 26, 2018 6:47 pm

Good point. Then I vote for the ability to set local-interface instead of local-address, so that IP address from that interface got used automagically.

As a workaround, simple scripting does this job.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Sep 26, 2018 8:03 pm

Hey Mikrotik marketing staff …

I think Mikrotik should include a Mikrotik bumper sticker in every Mikrotik product box shipped from Mikrotik.

Guess I'll have to stick around and see what happens.

North Idaho Tom Jones
 
2jarek
Member Candidate
Member Candidate
Posts: 151
Joined: Thu May 17, 2007 3:28 pm
Location: Poland

Re: Feature requests

Wed Sep 26, 2018 10:06 pm

Please add Multipath TCP according to RFC 6824.
 
scampbell
Trainer
Trainer
Posts: 487
Joined: Thu Jun 22, 2006 5:20 am
Location: Wellington, NZ
Contact:

Re: Feature requests

Thu Sep 27, 2018 8:10 am

I would like to see an "add comment" feature on any rule that allows you to add an address to an address list so the created address list entry has info about why it was added.

e.g

/ip firewall filter
add action=add-src-to-address-list address-list=Blacklist address-list-timeout=5d chain=input protocol=tcp dst-port=8291 address-list-comment="Winbox Attempt"
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Feature requests

Thu Sep 27, 2018 9:19 am

A few suggestions I'd love:

1) Line item groupings, specifically in firewall stuff - basically a completely empty 'rule' / line thats just a comment, stays in block when comments are set to inline. The work around for this is setting dummy unmatchable rules or putting the comment on the first line in the block, but then I also like to comment all my rules, so having a 'header' comment stay in block and all the normal comments go inline would help organise firewall tables with heaps of chains/100's of rules etc.

2) Custom release cycle channel, basically to make it easier for the router you add custom, set a name to it and give it a URL, that URL might be a format that Mikrotik provide / documentation on how we should respond to the server to give it the latest firmware we want it to have. An example would be, im currently keeping my fleet of Routerboards on 6.42.x (mix of 5/6/7), as I haven't been able to test some of the bigger changes in 6.43.x, but some staff will just hit the check for updates and do updates that way, if we could have a custom release channel maintained by ourselves I could keep routers more inline.

There's plenty more but thats just some 'smaller' ideas I dont think would be too hard to implement.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Sep 27, 2018 9:32 am

I agree with the above two. In addition with #2 I would like to add the possibility to make the release channel refer to some URL on a local webserver that
has information about the releases to track. E.g. a single version, or a major/minor version (like 6.42.x). So the routers configured that way will upgrade
to a version you set on a central system and you can change it without having to go all along those routers.
E.g. you set a custom release channel with URL http(s)://server.local.domain/mikrotik-release which would return a small textfile with either a MikroTik
release channel name (current, bugfix or whatever) or a specific version (6.42.7) or version range (6.42.x) and you can change that as a result of your local
testing outcome and/or security announcements. Of course you can have several of those URLs internal to your organisation so you can test on a couple
of routers first.
This also covers the problem that "current' is suddenly updated by MikroTik but you don't want to jump to it immediately but wait a week or two, but still
want to update some routers from an even older version.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Thu Sep 27, 2018 11:51 am

Well, as I can see, you just create static DNS entry on the router "upgrade.mikrotik.com" with the IP of your server, then run HTTP server on that IP, serving one-line files "/routeros/LATEST.(6|6fix|6rc|7)" containing "$VERSION $TIMESTAMP" (for example, "1.0 1"). Then create "/routeros/$VERSION" dir with CHANGELOG (any text you want to see) and .npk files. Done :)
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Sep 27, 2018 12:57 pm

Well in that case it would be nice when there was a custom setting that allows to configure another DNS name for the "upgrade.mikrotik.com" in a router.
Preferably two different settings: one foe the LATEST file and another one for the actual npk files.
In that case one can choose to retrieve the LATEST file from a local server and still get the npk files from "upgrade.mikrotik.com".
(so it is not required to keep a complete mirror of those files)

But of course it should be possible to mimic that with a reasonably flexible "transparent proxy" (that allows some files to be served locally and the remainder to be proxied)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Thu Sep 27, 2018 1:26 pm

In that case one can choose to retrieve the LATEST file from a local server and still get the npk files from "upgrade.mikrotik.com".
(so it is not required to keep a complete mirror of those files)

But of course it should be possible to mimic that with a reasonably flexible "transparent proxy" (that allows some files to be served locally and the remainder to be proxied)
Yeah, in nginx you simply use try_files for your custom files on local server and proxy_pass to the original MikroTik server for the rest :)
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Feature requests

Thu Sep 27, 2018 2:02 pm

Please add:

MAC address lists
Port lists in Firewall
 
nicolasemmanuelc
just joined
Posts: 8
Joined: Fri Dec 01, 2017 1:25 am
Location: Argentina

Re: Feature requests

Thu Sep 27, 2018 4:44 pm

Hello!
Please add an option to do "force cloud update" in an time interval, that is useful when have public dynamic IP
And yes, I know that this can be done with an script but will be great and easy if we have an "auto update in X time" function!

MikroTik is great! Have a good day!
 
logicwrath
just joined
Posts: 5
Joined: Wed Nov 04, 2015 10:28 pm

Re: Feature requests

Fri Sep 28, 2018 9:22 pm

Please consider adding FQDN and DDNS support to the Local and Remote Address fields of the GRE Interface.
Isn't the support already here for some time?.. quite long time...
What's new in 6.33 (2015-Nov-06 12:49):

*) tunnels - eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address;
I should have provided more detail.

If you use an FQDN on the remote address I suspect it then resolves it to an IP one time for the IPSec policy. There does not appear to be any kind of ongoing resolution of that FQDN. The support I am looking for would be compatible with the IPSec wizardry that is built into using the IPSec Secret field. The idea here would be to better support for creating GRE/IPSec tunnels with dynamic IPs without resorting to scripting.
 
logicwrath
just joined
Posts: 5
Joined: Wed Nov 04, 2015 10:28 pm

Re: Feature requests

Fri Sep 28, 2018 9:31 pm

Please add:

MAC address lists
Port lists in Firewall
+1 for allowing MAC address prefixes in lists as well for identify entire classes of devices like VoIP phones.

We currently have a script that does this using the ARP table.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Fri Sep 28, 2018 10:11 pm

+1 for allowing MAC address prefixes in lists as well for identify entire classes of devices like VoIP phones.
Having MAC addresses in a list would not be very useful for that. What you want is to match MAC address by prefix, usually by the first 3 octets (manufacturer).
It looks like you can now only match the full MAC address in rules, it should allow a partial address and match that from the left.
(of course this is already possible in the where clause in commands)
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature requests

Sat Sep 29, 2018 1:47 pm

Well, as I can see, you just create static DNS entry on the router "upgrade.mikrotik.com" with the IP of your server, then run HTTP server on that IP, serving one-line files "/routeros/LATEST.(6|6fix|6rc|7)" containing "$VERSION $TIMESTAMP" (for example, "1.0 1"). Then create "/routeros/$VERSION" dir with CHANGELOG (any text you want to see) and .npk files. Done :)
So, updates work via plain HTTP? No encryption?

Shame!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Sep 29, 2018 6:01 pm

So, updates work via plain HTTP? No encryption?

Shame!
Why shame? There is absolutely no problem with that!
Remember the update files themselves are signed! The signature is verified before they are installed.
So http is fine.

You know, Windows is using http download for windows update as well.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature requests

Sat Sep 29, 2018 6:09 pm

Why shame?
Because there is no excuse anymore for any service to run without TLS. Certificates are free (if not dirt cheap for those that don't - for whatever reason - like Let's Encrypt).
Why should any entity between the router and the update server even need to know what is being downloaded? TLS will prevent any type of eavesdropping.
Remember the update files themselves are signed! The signature is verified before they are installed.
So http is fine.
Yeah, it's fine. Until it somehow gets exploited in the future.
Winbox was considered safe as well, and we all saw the mess we got into recently.
Just because it seems secure now, it doesn't mean it will always be.
You know, Windows is using http download for windows update as well.
Microsoft's policies are not an example to be copied.

So I'll stick to my original comment on this. Shame.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Sep 29, 2018 7:30 pm

I don't agree with you. TLS is a hype and some people believe that nothing can be done without encryption anymore.
But that is of course not true at all. In the case of downloading updates, encryption is not an issue (everyone knows what is being
downloaded!) and the only issue is authenticity. This is guarded MUCH BETTER with the signing using a keypair managed by
the signing authority themselves (as it is done now by MikroTik and also by Microsoft) than by any publicly signed TLS certificate.
The whole system of signing of certificates by "trusted issuers" has too many unreliable parties so it really cannot be relied
upon (anymore) for authenticity. And there is really no point at all in downloading updates using TLS when they are verified
before installation anyway.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature requests

Sat Sep 29, 2018 8:59 pm

Sure,

So next time you login to your web-banking do not check for TLS. Just go blindly with http. Don't even check if you typed the correct domain or weather you got hijacked and redirected to another domain. What's the point anyway? Too many parties involved! :facepalm:

People, it's 2018. Not 1996. Everything MUST be TLS. For encryption, authenticity, everything. Having anything over the public internet in clear text is stupid. It doesn't matter what the content is.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Sat Sep 29, 2018 9:31 pm

It's a little different. Well, completely different. I don't want anyone on the way to see what info I exchange with my bank and I don't want evil hacker substituting target account number with their own, when I send some money out. I couldn't care less about downloaded RouterOS updates (*). Even if an evil hacker hijacks the connection and sends me something different instead, RouterOS won't be able to verify signature and will reject it. No harm done.

(*) As long as there's no flaw in MikroTik's package signing. So yeah, TLS would not hurt and could help some people sleep better. But it's not like there must necessarily be an apocalypse without it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Sep 29, 2018 10:16 pm

Sure,

So next time you login to your web-banking do not check for TLS.
I never inferred that. Logging in to some website is COMPLETELY DIFFERENT from downloading a firmware update.
Please don't post crap like that!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Sep 29, 2018 10:18 pm

So yeah, TLS would not hurt and could help some people sleep better.
TLS would remove the possibility to have a local update repository on a closed network. At least until the update URL is made configurable.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Sun Sep 30, 2018 2:26 am

So the problem is that you don't trust MikroTik package signing and you do trust TLS and some "trusted" certification authorities (or just trust it more). It's your choice.

But the problem is you don't actually have a choice :) At least for now.
 
helipos
Member Candidate
Member Candidate
Posts: 132
Joined: Sat Jun 25, 2016 11:32 am

Re: Feature requests

Sun Sep 30, 2018 5:07 am

The ability to force CPU, uptime, date etc on all winbox sessions.
Instead of having to do it individually
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Wed Oct 03, 2018 4:59 am

Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working.
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Feature requests

Wed Oct 03, 2018 5:34 am

Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working.
This is done in 'graphing' you can set up resource graphs and access them through webfig (at login hit the 'Graphs' button underneath the login)

This will keep a daily, weekly and yearly graph if i remember correctly, daily being 5 minute poll, weekly being 2 hour and yearly being 1 day or something to that effect.
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Feature requests

Wed Oct 03, 2018 5:37 am

The ability to force CPU, uptime, date etc on all winbox sessions.
Instead of having to do it individually
Create a 'viw' /session, with those things enabled (And maybe your favourite screens setup and layed out), then use that as your default session view, along with unticking autosave so no matter what you do in that session it resets next time you log-in.

I have 5 or 6 different sessions, some set up for BGP routers, others for Shapers, for PPPoE Servers etc, to give me relevant information as quick as possible.


On this note though, my feature request would be to perhaps have a quick-access drop down of your session files (top left/right), so when logging into a router, you can quickly swap between different views based on what you want to look at (Firewall centric view, wireless centric view, routing centric view etc etc)
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Wed Oct 03, 2018 5:59 am

Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working.
This is done in 'graphing' you can set up resource graphs and access them through webfig (at login hit the 'Graphs' button underneath the login)

This will keep a daily, weekly and yearly graph if i remember correctly, daily being 5 minute poll, weekly being 2 hour and yearly being 1 day or something to that effect.
That would be almost okay if the graphs had some authentication built into them as well as opposed to just an ip whitelist.

First prize would still be something that doesn't require the graphs though, which can be scripted through the CLI.
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Feature requests

Wed Oct 03, 2018 6:15 am

You are correct, I dont use the graphs for the same reason, but I generate the same graphs using one of many SNMP based monitoring tools out there, so I have a clear idea on CPU usage of routers.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Feature requests

Wed Oct 03, 2018 8:11 am

Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working.
Here is a screenshot form my Splunk Mikrotik project found here: viewtopic.php?t=137338
.
CPU.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Oct 03, 2018 6:11 pm

Although my graph below is way to small to read - On some of my Mikrotiks I graph everthing. I can go back years and see , interface bandwidths , CPU loads, temperature , frequency , signal-to-noise , Signal-strengths , TX & RX rates , connected client counts.

Most SNMP based bandwidth graphing programs allow you to use just about any SNMP Mib OID you want and turn it into a graph item. I use Cacti.
The graph below shows an entire year for one of my Mikrotiks. On some devices, I have graphs going back to the early 2000s.
graphs.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Oct 03, 2018 6:21 pm

Re graphing , I suggest using a 3rd party SNMP server and not using the Mikrotik graphing utility because it helps to lessen the Mikrotik CPU load and overhead which helps increase Mikrotik throughput and reduce L2/L3 packet propagation delay
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Oct 04, 2018 3:11 am

I just want to see average cpu usage on a router somewhere in the field.

Now I either have to run:
1) unsecured graphing which can't be queried using a script anyway
2) have to run a 3rd party snmp server because there is no snmp server from Mikrotik and no ability to query snmp registers from the router itself.

Surely there's a point where it's simpler to just add in an average counter in the resources tab which can be scripted...
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: Feature requests

Thu Oct 04, 2018 3:57 am

1) unsecured graphing which can't be queried using a script anyway
If IP whitelist is not enough, you can limit it to VPN via firewall.
2) have to run a 3rd party snmp server because there is no snmp server from Mikrotik
Mikrotik has "The Dude" which works well enough as SNMP server. It is not masterpiece, has its own bugs, but works.
... and no ability to query snmp registers from the router itself.
Unsure what do you mean. You can query SNMP from router.
Surely there's a point where it's simpler to just add in an average counter in the resources tab which can be scripted...
Everyone will ask for different average. Someone will ask for 5m, someone for 1hour, someone for 1day... Cmon, if you have such specific requirements, is it really that hard to make own script, which will grab SNMP counters and show you absolutely anything you can imagine?

To sum up - we got two methods - either very simple graphing, or fully featured SNMP. You want something simple, yet advanced...
 
ilovepancakes
newbie
Posts: 25
Joined: Thu Oct 04, 2018 4:37 am

Re: Feature requests

Thu Oct 04, 2018 4:39 am

Would like a way to be able to send user agent header with the fetch tool. For example, Google DDNS with Google Domains and other DDNS providers can accept IP updates through HTTPS get requests, but they need a valid user agent sent with the request. Right now, a script to do this returns a "badagent" error from Google. A way to send and even customize a user agent with the fetch tool would be great.
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Oct 04, 2018 4:57 am

My mistake. I thought this was the "Feature requests" topic, not the "We'll find creative ways to partially solve your problems in inefficient ways" topic.

That being said the snmp get functionality on the mikrotik is useful and isn't something that I've used before. Thanks for that suggestion. I'll look into it.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Thu Oct 04, 2018 5:40 am

@Wyz4k: Actually, people are trying to help. Problem with your original request is that averages are not very useful. If you check your router and see daily CPU average 40%, what does it tell you? It could mean plenty of power to spare, but it can also mean that CPU is maxed out during whole business hours and router is struggling to survive. And the longer interval, the more useless the numbers get. So what would be such misleading feature good for?
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: Feature requests

Thu Oct 04, 2018 6:15 am

@Wyz4k No. I should apologize. I didn't realize it will sound so aggressive. This is certainly about "feature requests". Sometime, requests are great. Sometime not - people submit them due to misunderstanding or lack of information. I just tried to correct some of your statements and I didn't mean to offend you
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Oct 04, 2018 11:27 am

@Wyz4k No. I should apologize. I didn't realize it will sound so aggressive. This is certainly about "feature requests". Sometime, requests are great. Sometime not - people submit them due to misunderstanding or lack of information. I just tried to correct some of your statements and I didn't mean to offend you
It's okay, I apologize for getting a bit irritated as well. I appreciate your suggestion and will give it a try.
 
fneto
just joined
Posts: 5
Joined: Tue Oct 02, 2018 12:40 am

Re: Feature requests

Thu Oct 04, 2018 5:04 pm

Hello!!

I'm new to the forum, and I'd like to know where is the right place for a feature request.

Actually I think Mikrotik should authenticate itself through radius in a uniform way, Winbox uses CHAP-MD5 what's on, but terminal uses PAP??? We uses centralized authentication in a very hostile environment and transmit password in clear way is not an option for us!!

Thanks!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Oct 04, 2018 8:54 pm

I'm new to the forum, and I'd like to know where is the right place for a feature request.
Your feature is already implemented in RC/testing version. And some people don't like it...
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Feature requests

Fri Oct 05, 2018 9:14 am

Clustered PPPoE servers....to an extent of course.

Basically only really IP Pool clustering - with limited IP addressing and a decentralised core, I currently have 4 different routers doing PPP termination. Rather than split up a /25 and have to try manage enough IP's in the pool between the routers, would be cool if I could give the whole range in the pool, and have the routers be aware of each others state and not give out an already used address.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Fri Oct 05, 2018 11:26 am

That is already possible via RADIUS!
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Feature requests

Fri Oct 05, 2018 2:40 pm

That is already possible via RADIUS!
No, RADIUS is not a pool manager it can assign statics, software behind RADIUS would need to still manage a pool, which can get out of sync if you miss a stop record or something.
 
tinodj
just joined
Posts: 22
Joined: Fri Oct 05, 2018 4:04 pm

Re: Feature requests

Fri Oct 05, 2018 4:07 pm

What about Copy rule option in Webfig?

It would be nice to be there. Thanks.
 
dihrmax
just joined
Posts: 8
Joined: Wed Nov 23, 2016 11:00 pm

Re: Feature requests

Fri Oct 05, 2018 11:17 pm

Hi,

It's not a feature request but a model request. I didn't find a Topic about it.
I need a CCR with 4S+. I know there have a 1072 with 8S+ but it's to high and expensive for what I need. I need like CCR1009-8G-4S+ (1016 or 1036) dual PSU rackmount. (Doesn't matter how many Gig port)

Thank you
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Oct 06, 2018 11:49 am

Maybe when you don't really need the full 10G performance you could use one of the new SFP+ switches together with a CCR1009 as router-on-a-stick?
 
expert
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sun Dec 04, 2016 1:22 pm

Re: Feature requests

Sat Oct 06, 2018 12:27 pm

1. Please allow adding many to many entries into vlan table for CRS1xx,2xx. Currently, only many to one entries are allowed:
Current:
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=200
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=201

Proposed:
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=200,201
The same should also work for egress-vlan-tag table.

2. This is improvement over point (1). Please allow interface lists to be added into vlan table for CRS1xx,2xx:
Current:
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=200
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=201

Proposed:
/interface list add name=sfp-list
/interface list member add interface=sfp1 list=sfp-list
/interface list member add interface=sfp2 list=sfp-list
/interface ethernet switch vlan add ports=sfp-list vlan-id=200,201
The same should also work for egress-vlan-tag table.
Idea: vlan lists similar to interface lists would be amazing...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Oct 06, 2018 1:08 pm

Remember that interface lists are handled by the CPU. An interface list is just a bit set in the interface definition which can be matched e.g. in the firewall ("is this bit set for the interface where this packet arrived") by the processor.
This is entirely different from switch programming, where a fixed mapping between devices and vlans is programmed in an external chip essentially one-time (at startup) and the mapping is only used by the switch chip, not by the processor.
 
expert
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sun Dec 04, 2016 1:22 pm

Re: Feature requests

Sat Oct 06, 2018 6:40 pm

Remember that interface lists are handled by the CPU. An interface list is just a bit set in the interface definition which can be matched e.g. in the firewall ("is this bit set for the interface where this packet arrived") by the processor.
This is entirely different from switch programming, where a fixed mapping between devices and vlans is programmed in an external chip essentially one-time (at startup) and the mapping is only used by the switch chip, not by the processor.
Thanks for explanation, I didn't know what's the underlying implementation of interface lists. Well, the idea(1) is still nice to have, since my vlan table entries contain same trunk ports.
 
logicwrath
just joined
Posts: 5
Joined: Wed Nov 04, 2015 10:28 pm

Re: Feature requests

Wed Oct 10, 2018 11:24 pm

It would be great if all forms in Winbox.exe had a help button you could press that would take you to the relevent online documentation.

example:
http://prntscr.com/l4lfty
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: Feature requests

Thu Oct 11, 2018 3:21 am

MT please consider doing some BGP and routing-related fixes for christmas.
Would make A LOT of MT users very, very happy! Just to give some examples:
- multi-threading
- BGP4 SNMP MIBs
- better BGP convergence time
- faster route table searches
- fix ipv6 route reflection
- add RPKI support

:-)
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests (IP Services)

Fri Oct 12, 2018 10:56 pm

It might be a new nice feature to add a couple of items under IP-Services.
In /ip service , add the follwoing:
snmp ( normally SNMP uses port 161 , add ability to set what IP addresses can even get to the SNMP service )
icmp ( add ability to set what IP addresses can even get to the icmp service when pings are directed to a Mikrotik )

And yes , I am aware in Mikrotik ROS there is the ability in SNMP access using the /snmp community addresses=IPs name=community , however should this possibley be added to /ip service ???

Re icmp , withoug going into firewall rule settings , shouldnt icmp be located in /ip service ?

Also - what other services are running on Mikrotik ROS that can/should be also in the /ip service area ?
Any possible btest server settings in /ip service ?

What about any service that uses a username (where we want to control what IPs have access to the service and the ability to control which username can be accessed from different IP-lists.

Also - If there is a IP service which is locked down by username (and possibly an IP-address-list) , if the service is running then there is a possibility of a denial-of-service attack. So , any ideas about adding additional functionality in the [/i] /ip service area ?

Also - re /ip service for any Mikrotik service running , how do we limit repeated connections from the same remote IP address over and over again --- Such as a remote attacker repeatedly trying usernames and passwords using a dictionary sequence of logins/passwords ( telnet , ssh , winbox , http , https , snmp , ftp , api ).




North Idaho Tom Jones
 
raymondr15
Member Candidate
Member Candidate
Posts: 118
Joined: Fri Sep 05, 2014 1:11 am
Location: East London, South Africa
Contact:

Re: Feature requests

Sat Oct 13, 2018 4:12 pm

It would be really nice if MikroTik would add the ability to graph health information such as voltage and temperature and no I'm not referring about SNMP and API, I am referring to tools->graphing,the same way as resources, queues and interfaces are graphed.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Oct 13, 2018 4:51 pm

It would be really nice if MikroTik would add the ability to graph health information such as voltage and temperature and no I'm not referring about SNMP and API, I am referring to tools->graphing,the same way as resources, queues and interfaces are graphed.
There should simply be the possibility to add "user graphing" where an SNMP OID is entered and the value is graphed. It has been requested before.
 
giorgiop
Trainer
Trainer
Posts: 25
Joined: Tue Oct 17, 2017 8:58 pm
Location: Chania, Crete, Greece

Re: Feature requests

Sat Oct 20, 2018 6:57 pm

Features Request!

a. Winbox, lets suppose we want to remove 5 columns and add 6 more. That would require to do 11 times the same thing since the list closes every time. Wouldn't it be easier (for the users not the programmer!) to have check box in front of every option, so as to check-uncheck whatever needed?
b. Winbox again. Wouldn't a rule copy from the start page be easier using the right click? got add-remove-enable-disable etc but no copy. Less windows-less clicks
c. Again winbox! Start page of a menu again (e.g. Firewall). A drop menu for the options (when double-clicked?) would be much faster to change an option. Combined with the second request, making a copy of rule and changing one option would be sth like right click-->copy rule--> double click new rule option-->choose new option.

:-)
 
marosi
just joined
Posts: 12
Joined: Tue Apr 15, 2014 6:00 pm

Capsman SNMP Clients per AP

Mon Oct 22, 2018 1:36 pm

I would like to have the capsmanager push back informations to an accesspoint about connected clients (per interface)
this would be the easiest way to put snmp queries into dude for each ap (or any other monitoring tool), place accesspoints on a map and see how many clients connected.
 
facubertran
just joined
Posts: 19
Joined: Sat Sep 24, 2016 4:18 pm
Location: Argentina
Contact:

Re: Feature requests

Wed Oct 24, 2018 7:02 pm

Hello, why mikrotik does not have the ability to better define user permissions based on roles?
 
facubertran
just joined
Posts: 19
Joined: Sat Sep 24, 2016 4:18 pm
Location: Argentina
Contact:

Re: Feature requests

Wed Oct 24, 2018 7:04 pm

MT please consider doing some BGP and routing-related fixes for christmas.
Would make A LOT of MT users very, very happy! Just to give some examples:
- multi-threading
- BGP4 SNMP MIBs
- better BGP convergence time
- faster route table searches
- fix ipv6 route reflection
- add RPKI support

:-)
PLEASE!
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature requests

Wed Oct 24, 2018 11:22 pm

There's still not quick (or slow) way of seeing which port are all devices connected to.

If a port is in a bridge, the latter is shown in the ARP table. It also does not show the DHCP name, just the IP address.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Wed Oct 24, 2018 11:44 pm

Hello, why mikrotik does not have the ability to better define user permissions based on roles?
Hello. It's not a feature request.
 
Swordforthelord
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Thu Jul 08, 2010 10:18 pm

Re: Feature requests

Thu Oct 25, 2018 4:15 pm

I would love to see the functionality of the Mode button expanded. Specifically, it would be useful to be able to assign different actions taken based on whether the button was pressed once, double-pressed, triple-pressed, or long-pressed.
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Feature requests

Thu Oct 25, 2018 6:31 pm

Features Request!

a. Winbox, lets suppose we want to remove 5 columns and add 6 more. That would require to do 11 times the same thing since the list closes every time. Wouldn't it be easier (for the users not the programmer!) to have check box in front of every option, so as to check-uncheck whatever needed?
b. Winbox again. Wouldn't a rule copy from the start page be easier using the right click? got add-remove-enable-disable etc but no copy. Less windows-less clicks
c. Again winbox! Start page of a menu again (e.g. Firewall). A drop menu for the options (when double-clicked?) would be much faster to change an option. Combined with the second request, making a copy of rule and changing one option would be sth like right click-->copy rule--> double click new rule option-->choose new option.

:-)
I fully underwrite these features requests. The problem is only I have made almost the same, and more, request on Winbox improvement several times over the years and never even got a reply..... None of these 'ergonomic' adjustments are ever implemented.

Long pull down list need every setting apply to be opened again to go to the next setting. My keyboard wear out only by the use of winbox!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat Oct 27, 2018 5:21 pm

And now, for something completely different: (no, not the larch)
With all those YouTube videos from MUM taken from all over the world, it would be nice when the language of the video is always visible in the title.
Some of them are in English or another language I could understand, but more often they are completely incomprehensible to me and it would be useful to make that selection already in the title listing.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Mon Oct 29, 2018 4:37 pm

And now, for something completely different: (no, not the larch)
With all those YouTube videos from MUM taken from all over the world, it would be nice when the language of the video is always visible in the title.
Some of them are in English or another language I could understand, but more often they are completely incomprehensible to me and it would be useful to make that selection already in the title listing.
Yup - it can be a little frustrating when a video about Mikrotik is not in English (the only language I know).
But - I am also very aware that English is not the only language used in the world. - However , with todays technology , I suspect that somewhere there just might be a really smart computer than in real-time can verbally translate the spoken language in a video to English and optionally print the translated language on the bottom of the video at the same time.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon Oct 29, 2018 8:04 pm

But - I am also very aware that English is not the only language used in the world.
Very true! Note that in no way I would suggest not to put videos in other languages on the channel.
It is very good that they are there, it only would be much more convenient when you can look in the listing and play only videos in languages you understand.
Which of course is different for everyone.
- However , with todays technology , I suspect that somewhere there just might be a really smart computer than in real-time can verbally translate the spoken language in a video to English and optionally print the translated language on the bottom of the video at the same time.
Youtube has that, but it is not really usable right now except when you want to have fun.
 
NEOhidra
just joined
Posts: 8
Joined: Sun Apr 08, 2018 10:01 am

Re: Feature requests

Tue Oct 30, 2018 2:56 am

Indeed - it would be nice to separate the non-English videos.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Oct 30, 2018 10:46 am

Indeed - it would be nice to separate the non-English videos.
I don't want to advocate separating English from non-English videos. We should not consider one language "better" than another.
I just would like to see the language of the video in the listing.
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: Feature requests

Wed Oct 31, 2018 9:09 pm

RPKI/ROV guys, please. No need to re-invent the wheel.
See RTRlib for a lightweight, open-source C library: http://rpki.realmv6.org/

PS: Perfect for a weekend hackathon @ Mikrotik HQ while the weather outside is bad ;-)
 
chubbs596
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Fri Dec 06, 2013 6:07 pm

Re: Feature requests

Thu Nov 01, 2018 7:18 am

RPKI/ROV guys, please. No need to re-invent the wheel.
See RTRlib for a lightweight, open-source C library: http://rpki.realmv6.org/

PS: Perfect for a weekend hackathon @ Mikrotik HQ while the weather outside is bad ;-)
RPKI is really needed
 
User avatar
pants6000
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Fri Sep 26, 2014 5:30 am

Re: Feature requests

Fri Nov 02, 2018 5:43 pm

Actual tcpdump.

I know and use the existing local and remote sniffing tools, but they are not a satisfying replacement for a quick and simple "tcpdump -X" from the CLI.
 
bkusic
just joined
Posts: 1
Joined: Fri Nov 02, 2018 7:52 pm

Re: Feature requests

Fri Nov 02, 2018 7:58 pm

Hi,
it would be great to develop a new product - an edge next-generation firewall (NGFW)...

My whole network is Mikrotik based - its GREAT. The only thing I would see is a real and fancy Mikrotik firewall.

Bruno Kusic
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Sat Nov 03, 2018 2:06 pm

What's not real in current firewall? :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Feature requests

Tue Nov 06, 2018 5:34 pm

I am an english speaker and quite enjoy foreign language MUM and mikrotik youtube videos. One can sense the passion for the products in the voices.
Of course it helps when some languages revert to use english for the numbers LOL. All to say, the only comment I have is the lack of PDFs and/or videos for some of the presentations can be frustrating. At least a PDF I can translate very easily. I am with pelchi in that diversity is grand and an indication of which language would be helpful.
I was looking at DHCP leases (static) on youtube just last night and went through a number of non-english ones. Some were rather long, but in the end it was
either choose the dhcp lease menu selection of (make static) or right click on the mouse for that lease and at the popup windows type menu, select at the bottom (make static) and in both cases the mysterious D (dynamic) disappears on the far left of the lease line. There, Video of about 20 seconds. :-)
 
StreamlinkUK
just joined
Posts: 10
Joined: Thu Nov 23, 2017 11:55 am
Location: Southampton, UK

Re: Feature requests

Tue Nov 06, 2018 11:50 pm

Would be great to get support for either dnsmasq, or some other feature to enable forwarding of mac-address to remote DNS server, (i,e for parental controls and other applications)
http://www.thekelleys.org.uk/dnsmasq/do ... q-man.html

specifically these options :

--add-mac[=base64|text]
Add the MAC address of the requestor to DNS queries which are forwarded upstream. This may be used to DNS filtering by the upstream server. The MAC address can only be added if the requestor is on the same subnet as the dnsmasq server. Note that the mechanism used to achieve this (an EDNS0 option) is not yet standardised, so this should be considered experimental. Also note that exposing MAC addresses in this way may have security and privacy implications. The warning about caching given for --add-subnet applies to --add-mac too. An alternative encoding of the MAC, as base64, is enabled by adding the "base64" parameter and a human-readable encoding of hex-and-colons is enabled by added the "text" parameter.
--add-cpe-id=<string>
Add an arbitrary identifying string to o DNS queries which are forwarded upstream.
 
OnixJonix
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Feature requests

Mon Nov 12, 2018 12:01 pm

Something like TORCH on firewall rule!
It would be great if i can select firewall rule and click on torch - and see what traffic is triggering on that rule!
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon Nov 12, 2018 2:29 pm

Something like TORCH on firewall rule!
It would be great if i can select firewall rule and click on torch - and see what traffic is triggering on that rule!
It is sort of possible to do that, by clicking the "log" checkmark on the last page (the matched traffic will appear in the log).
Of course you must be careful when doing this on large amounts of traffic. But I have often used it for traffic that has only
a few pkts/second and it works fine.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature requests

Mon Nov 12, 2018 5:06 pm

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log. The first two and last one/two lines are writen so the time between lines can by seen.

First the two logline written. When it is repeated then the shown counter is increased:
.
time - same logline
time - same logline
the line above are repteated X times.
time - end of repeated lines
|
time - new logline
.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon Nov 12, 2018 7:11 pm

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log.
As long as you have connection tracking, and do not use the log on the "established/related" rule (which should be at or near the top of the list), logging on rules further down the list will usually have less volume and certainly not a duplication of the same info.
Of course there can still be a lot of new connections logged this way.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Feature requests

Mon Nov 12, 2018 7:36 pm

the line above are repeated X times.
When you dealing with external logs, this is something you like to avoid at all cost like here in my Splunk - Mikrotik project:
viewtopic.php?t=137338

When you read logs external programs its hard to understand what is repeated and get the message back together.
And do you have many boxes that sends syslog to same server, it makes it even worse.
So if implemented, this need to be an option.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature requests

Mon Nov 12, 2018 8:44 pm

On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log.
As long as you have connection tracking, and do not use the log on the "established/related" rule (which should be at or near the top of the list), logging on rules further down the list will usually have less volume and certainly not a duplication of the same info.
Of course there can still be a lot of new connections logged this way.
In RAW I don't have those control options and thinking further about it.

On enabling logging the option to group logline for that specific rule. Control is so still with the user.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature requests

Mon Nov 12, 2018 8:49 pm

the line above are repeated X times.
When you dealing with external logs, this is something you like to avoid at all cost like here in my Splunk - Mikrotik project:
viewtopic.php?t=137338

When you read logs external programs its hard to understand what is repeated and get the message back together.
And do you have many boxes that sends syslog to same server, it makes it even worse.
So if implemented, this need to be an option.
Making it optional on rule level is the way to go. The user have to decide, if it is going to be used or not.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Nov 13, 2018 4:18 pm

Please consider implementing a way to run a user program in an environment as far protected as possible, but lighter than MetaROUTER which requires a full OS and hardware virtualization.
Some discussion is on page 4 of the Feature Request: OpenVPN [ovpn] udp tunnels topic.

E.g. make a folder on the flash device or external storage, the user puts the executable binary there and possible configuration data, RouterOS runs the executable
in a chroot to that folder, normal networking is possible but possibly also a tun/tap device that is configured just like for the MetaROUTER.
User code is run as a nonprivileged user and without any access to RouterOS configuration or environment.

This would allow users to run their own OpenVPN server, Wireguard server, advanced DNS server, DNS to HTTPS relay and more, without
having to wait for MikroTik implementing those services.
Only support required would be some common shared library files to link to (others could be statically linked).
Users can use the usual gcc cross-compilation facilities to generate their binaries.
Advanced tricks like virtual machines with their associated stability issues and unavailability on certain processors would be unnecessary for this feature.
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Nov 15, 2018 8:11 am

RFC 5424 compliant syslog client so that I can use a cloud syslog server. https://help.sumologic.com/03Send-Data/ ... log-Source
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: Feature requests

Sat Nov 17, 2018 8:38 am

Hello, I just posted a feature request in a separate thread but wanted to at least link it here for possible visibility:

[Feature Request] :resolve DNS Client Improvements

One of the advantages of RouterOS is its scriptability and the strength of its shell syntax for getting things done. New improvements in the :system and :tool areas have given us more tools than ever, and augmenting existing features with script="" hooks have given us even more places to use those tools. However, it seems like an important scripting primitive (for a network device, at least) has been neglected for some time: :resolve.

The rest can be found in the thread here.

Thanks!
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Feature requests

Sat Nov 17, 2018 7:25 pm

  • Netinstall for Linux/BSD
  • DMVPN or something smilar would be great
  • SNMP monitoring of OSPF-neighbour and BGP peer-status
  • Sectioned view in Firewall/Filter.
  • TACACS
  • 802.1x
Last edited by mada3k on Sun Nov 18, 2018 10:56 am, edited 5 times in total.
 
User avatar
GuJack20
Trainer
Trainer
Posts: 345
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Feature requests

Sat Nov 17, 2018 9:25 pm

Indeed - it would be nice to separate the non-English videos.
I don't want to advocate separating English from non-English videos. We should not consider one language "better" than another.
I just would like to see the language of the video in the listing.
You are right. That’s why in this year’s MUM in Tirana i changed the title and description of my presentations from English to Albanian (the language I was going to give them) :)
So the video in youtube has an Albanian title, the .pdf has an albanian name too. Very easy i think for everyone.
MikroTik should just ask the presenter to write the title and description of each presentation in the language that is going to be given. ☺️☺️
 
usv111
just joined
Posts: 1
Joined: Thu Nov 22, 2018 1:31 pm

Re: Feature requests

Thu Nov 22, 2018 1:40 pm

Please,

add multi-cpu(multi-core) support to Bandwidth Test Tool.

this is required for 10G/SFP+ speeds testing between CCR1036/ or between CRS317-1G-16S+RM devices.
At the moment Bandwidth Test Tool can generate only 2Gbps and utilize only 1 core on CCR routers.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Fri Nov 23, 2018 2:11 pm

add multi-cpu(multi-core) support to Bandwidth Test Tool.

this is required for 10G/SFP+ speeds testing between CCR1036/ or between CRS317-1G-16S+RM devices.
At the moment Bandwidth Test Tool can generate only 2Gbps and utilize only 1 core on CCR routers.
https://wiki.mikrotik.com/wiki/Manual:T ... _Generator
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Feature requests

Fri Nov 23, 2018 3:24 pm

When do we ever see the option of select and copy text in the winbox log files? This has been asked for years.
Plus the option to search for string of caracters?

When studying your logs in winbox it's at times hard to get the eyes focused on what you want to see if there are many lines to read through.
And copy and paste into a text file would make is so easy to quickly select what you are looking for.
 
expert
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sun Dec 04, 2016 1:22 pm

Re: Feature requests

Fri Nov 23, 2018 5:20 pm

When do we ever see the option of select and copy text in the winbox log files? This has been asked for years.
Plus the option to search for string of caracters?

When studying your logs in winbox it's at times hard to get the eyes focused on what you want to see if there are many lines to read through.
And copy and paste into a text file would make is so easy to quickly select what you are looking for.
What's hard on doing
ssh mikrotik "/log print" | less
?
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Feature requests

Fri Nov 23, 2018 5:50 pm

When do we ever see the option of select and copy text in the winbox log files? This has been asked for years.
Plus the option to search for string of caracters?

When studying your logs in winbox it's at times hard to get the eyes focused on what you want to see if there are many lines to read through.
And copy and paste into a text file would make is so easy to quickly select what you are looking for.
What's hard on doing
ssh mikrotik "/log print" | less
?
1. I am not doing ssh. 2. I don't want to print anything. I just want to quickly look in my log and highlight a line or try to find just one setting (one mac leaving or connectiong for example on an antenna) so I can see what happened or where something went wrong.
Why do I need to ssh into it when I am after 15 years still perfectly happy with winbox. And why should I need to print a log first before I do the things that is already any other program running on my screen?
What is so hard to just make my mouse highlight a line? This feature has been asked for by many over the years...
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Feature request: address lists for routes

Sat Dec 01, 2018 7:21 pm

I have a small feature request. For me it would be very helpful. There are some (about 35) IP networks better reachable by a special gateway than by default gateway (no BGP!).
It would be great if there would be an address list table where all these networks listet and add only one ip route for the list. Today address lists can only be used in firewall.

I know one can use firewall rules to establish routes, but I find this a little bit confusing.

Please make address lists available as destinations in ip route menu.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature request: address lists for routes

Sat Dec 01, 2018 11:31 pm

Please make address lists available as destinations in ip route menu.
That is actually already possible.
You add a route to 0.0.0.0/0 via your special gateway in the ip route table with a routing mark name you choose.
Then in your ip firewall mangle table you add a forward rule matching your address list and setting the action "mark routing" and select your mark name.
 
schadom
Member Candidate
Member Candidate
Posts: 156
Joined: Sun Jun 25, 2017 2:47 am

Re: Feature requests

Sun Dec 02, 2018 8:35 am

I'd love to see some routing and BGP-related improvements and features (like RPKI Origin Validation).
According to ROS changelogs, it's now almost over a year ago since the last BGP-related fix has been released:

What's new in 6.41 (2017-Dec-22 11:55):
...
*) bgp - added 32-bit private ASN support;
...

We've seen a lot of bridge, cloud, wireless and w60g-related stuff going on during the last months.
Now it's really the time to focus a little bit on routing again... make routing great again ;-)
 
lucasimo88
just joined
Posts: 10
Joined: Fri Apr 06, 2018 8:43 pm

Re: Feature requests

Mon Dec 03, 2018 9:56 pm

I'd like to ask to complete IPSEC/IKEv2 implementation.
Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing.
i need me too complete supporto for IPSEC/IKEv2 with EAP Authentication implementation for NordVPN
Last edited by lucasimo88 on Tue Dec 04, 2018 4:04 pm, edited 1 time in total.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

RFC 4191

Tue Dec 04, 2018 2:37 pm

Please support preference field in IPv6 router advertisements. Incoming and outgoing. RFC 4191.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Wed Dec 05, 2018 2:49 am

Please,

add multi-cpu(multi-core) support to Bandwidth Test Tool.

this is required for 10G/SFP+ speeds testing between CCR1036/ or between CRS317-1G-16S+RM devices.
At the moment Bandwidth Test Tool can generate only 2Gbps and utilize only 1 core on CCR routers.
Of note: I have some CHRs running on VMware ESXi servers with 10-Gig network cards.
A single btest session uses a single CPU - however … multiple btest sessions (a mix of send & receive btest(s) appear to use multiple CPUs.
A single CPU assigned to my CHR ROS system can actually btest using vmxnet-3 Ethernet interfaces through the physical 10-Gig network cards can reach near 10-Gig throughput to another CHR btest device on a different VMware ESXi server.
Additionally , two CHRs running on the same physical VMware ESXi servers using vmxnet-3 interfaces can easily btest to each other at rates faster than 10-Gig (in my case , I have tested two CHRs on the same system at almost 19-Gig. And , a CHR running a btest to the loopback interface 127.0.0.1 can easily hit over 20-Gig. I have never seen a Mikrotik motherboard btest to the loopback 127.0.0.1 interface at even 1/4th that speed.
Also - in my opinion , a CHR running on a decent SuperMicro with fast Intel XEON CPUs and lots of CPU cache has always totally and easily way out performed all Mikrotik motherboards that I have tested. For example, a full BGP load on a 10-Gig feed is almost 10-times faster than a CCR1036 Mikrotik router.
Also - again in my opinion, a CCR1036 is good at speeds less than 2-Gig , and a CRS is more of a switch than a router and they are slower. On both your CCRs and CRS mikrotiks , run a btest to 127.0.0.1 and you will discover they are not all that fast or even in the neighborhood of performance a CHR with good hardware can deliver.


North Idaho Tom Jones
 
User avatar
antonsb
MikroTik Support
MikroTik Support
Posts: 385
Joined: Sun Jul 24, 2016 3:12 pm
Location: Riga, Latvia

Re: Feature requests

Wed Dec 05, 2018 8:24 am

Multithread support for btest is already added:
Version 6.44beta39 has been released.
*) btest - added multithreading support for both UDP and TCP tests;
 
Guntis
MikroTik Support
MikroTik Support
Posts: 153
Joined: Fri Jul 20, 2018 1:40 pm

Re: Feature requests

Wed Dec 05, 2018 8:42 am

Please,

add multi-cpu(multi-core) support to Bandwidth Test Tool.

this is required for 10G/SFP+ speeds testing between CCR1036/ or between CRS317-1G-16S+RM devices.
At the moment Bandwidth Test Tool can generate only 2Gbps and utilize only 1 core on CCR routers.
Of note: I have some CHRs running on VMware ESXi servers with 10-Gig network cards.
A single btest session uses a single CPU - however … multiple btest sessions (a mix of send & receive btest(s) appear to use multiple CPUs.
A single CPU assigned to my CHR ROS system can actually btest using vmxnet-3 Ethernet interfaces through the physical 10-Gig network cards can reach near 10-Gig throughput to another CHR btest device on a different VMware ESXi server.
Additionally , two CHRs running on the same physical VMware ESXi servers using vmxnet-3 interfaces can easily btest to each other at rates faster than 10-Gig (in my case , I have tested two CHRs on the same system at almost 19-Gig. And , a CHR running a btest to the loopback interface 127.0.0.1 can easily hit over 20-Gig. I have never seen a Mikrotik motherboard btest to the loopback 127.0.0.1 interface at even 1/4th that speed.
Also - in my opinion , a CHR running on a decent SuperMicro with fast Intel XEON CPUs and lots of CPU cache has always totally and easily way out performed all Mikrotik motherboards that I have tested. For example, a full BGP load on a 10-Gig feed is almost 10-times faster than a CCR1036 Mikrotik router.
Also - again in my opinion, a CCR1036 is good at speeds less than 2-Gig , and a CRS is more of a switch than a router and they are slower. On both your CCRs and CRS mikrotiks , run a btest to 127.0.0.1 and you will discover they are not all that fast or even in the neighborhood of performance a CHR with good hardware can deliver.


North Idaho Tom Jones
Since beta version "6.44beta39", bandwidth test utilizes all of the CPU cores.
 
shiyiqiang08
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Wed Dec 05, 2018 7:35 am

Re: Feature requests

Wed Dec 05, 2018 9:04 am

can rb450Gx4 add wireless?
i need small device but high performance ,but the rb450Gx4 or RB850G has no wireless.
 
User avatar
iperezandres
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Mon Feb 13, 2017 1:17 pm
Location: Madrid
Contact:

Re: Feature requests

Wed Dec 05, 2018 10:51 am

It would be awesome to be able to save the winbox personalized views, instead of having to rearrange every window every time we connect to a new device.

UPDATE: as it turns out, it already exists the solution: viewtopic.php?f=14&t=120033 :)
 
marosi
just joined
Posts: 12
Joined: Tue Apr 15, 2014 6:00 pm

MPTCP-Kernel, Pound

Thu Dec 06, 2018 11:42 am

So dudes, christmas is coming soon and here are my wishes

- a mptcp enabled kernel
- sstp vpn combined with mptcp

this would make it possible to take (v)dsl lines combined with 4G/lte and establish vpn tunnels to a central vpn server.
the reassambling of packets is done by the mptcp kernel.

this would be a outstanding feature.
https://en.wikipedia.org/wiki/Multipath_TCP

and the second one would be to implement pound as a loadbalancer service combined with letsencrypt certificates, wich would be my third wish.
implement letsencrypt including automatisation for certificare renewals.
the ppl could use routerboard hardware from 3011 to ccr1072 as loadbalancers for reasonable costs and connect the ports direct to a webfarm.

the useability in sum would increase quadratically.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: MPTCP-Kernel, Pound

Thu Dec 06, 2018 12:15 pm

- a mptcp enabled kernel

+1, although it's status is "experimental". Would also play nicely together with LISP (RFC6830) viewtopic.php?f=19&t=81674&p=699943&hil ... 30#p699943. In addition BBR is included in mptcp, which would be great.
BBR together with a proxy service (see below) would help for legacy end user devices with old tcp stacks.

pound as a loadbalancer service

+1, something like Pound would be really useful!

implement letsencrypt including automatisation for certificare renewals.

+1 again ;-)
Last edited by muetzekoeln on Wed Feb 13, 2019 1:04 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Wed Dec 12, 2018 11:25 am

winbox: please add some "windows list" feature, e.g. a button for every open window to the right of the "Session:" field below the menu bar.
this can be useful to have an overview what windows are open and to raise them when they are inadvertently lowered below another window.

I normally have the "Log" open fullsize and open all other windows on top of that. When I click somewhere outside of a window by accident,
all opened windows disappear behind that Log window and I have to re-open them from the menu.

Alternatively, it could be useful to have a "lower window" widget or right-click option so I can lower the Log window again (so all other open
windows appear on top of it).
 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: Feature requests

Wed Dec 12, 2018 6:12 pm

pe1chl +1,
that would be awesome. hate to fiddle around the various windows...

Also a green/yellow/red color field within WINBOX to indicate if you are still connected to the router (green - connected, yellow - don't know, red-disconnected)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Wed Dec 12, 2018 7:46 pm

Also a green/yellow/red color field within WINBOX to indicate if you are still connected to the router (green - connected, yellow - don't know, red-disconnected)
That isn't required because when you have no link, you will be disconnected (far to) quickly and lose the open window (reverts to connections list)!
What I would like to see is an option to disconnect only after 1-2 minutes of link-down, so it is possible to survive a router reboot somewhere inbetween.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature requests

Fri Dec 14, 2018 9:47 pm

I would love to see the functionality of the Mode button expanded. Specifically, it would be useful to be able to assign different actions taken based on whether the button was pressed once, double-pressed, triple-pressed, or long-pressed.
That is possible with scripts. See my RouterOS Scripts (or at github), especially mode-button-event and mode-button-scheduler.
 
solelunauno
Member Candidate
Member Candidate
Posts: 119
Joined: Mon Jul 16, 2012 7:00 pm
Location: Roseto Capo Spulico CS Italy
Contact:

Re: Feature requests

Wed Dec 19, 2018 11:47 am

I use the USB port to activate a N.O. relais that will remove power form an IP surveillance camera to hard reset it.
I use the N.O. relais because 1) a relais failure will let the camera ON, instead than OFF; 2) the relais consumes almost 0,6W of power and my installations are often battery powered (solar panels, etc).
But until now there isn't a feature in RouterOS to let usb power OFF all the time, so I use a script scheduled at startup:
/system routerboard usb power-reset duration=720d
It will be great if I could power ON and OFF usb as I already do with POE output.
Thanks
You do not have the required permissions to view the files attached to this post.
 
bmatic
just joined
Posts: 20
Joined: Fri Oct 21, 2016 8:40 am

Re: Feature requests

Wed Dec 19, 2018 1:36 pm

If anybody from MikroTik is reading this I would make a sugestion that I can somehow disable fetch tool log messages.

I wrote a simple script for fetching public IP address for updating No-ip address, and it works OK, but now I have log flooded with fetch messages.


Log.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Feature requests

Wed Dec 19, 2018 3:11 pm

If anybody from MikroTik is reading this I would make a sugestion that I can somehow disable fetch tool log messages.

I wrote a simple script for fetching public IP address for updating No-ip address, and it works OK, but now I have log flooded with fetch messages.
You can get rid of this. If you do not need the file just add "keep-result=no" to your fetch command. If you do need the file I suppose you read the content later? Just switch to return value to a variable.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Feature requests: zero-wait DFS

Thu Dec 20, 2018 12:44 pm

It would be nice to have zero-wait DFS in RouterOS, like AVM and Aerohive have it.

This is to eliminate wait time on 5GHz band after changing operational channel because of Radar detection.

RouterOS could do continuous background scanning (using Scanlist) to find "available" and "unavailable" channels (https://www.etsi.org/deliver/etsi_en/30 ... 20007a.pdf). On radar detection (on active channel) it could (randomly) choose a new channel from the available channels and inform clients of the frequency change before shutting down current operational channel and switch to the new channel.
Last edited by muetzekoeln on Thu Sep 26, 2019 2:59 pm, edited 1 time in total.
 
WeWiNet
Long time Member
Long time Member
Posts: 591
Joined: Thu Sep 27, 2018 4:11 pm

Re: Feature requests

Fri Dec 21, 2018 1:56 pm

Pe1chl
Also a green/yellow/red color field within WINBOX to indicate if you are still connected to the router (green - connected, yellow - don't know, red-disconnected)
That isn't required because when you have no link, you will be disconnected (far to) quickly and lose the open window (reverts to connections list)!
What I would like to see is an option to disconnect only after 1-2 minutes of link-down, so it is possible to survive a router reboot somewhere inbetween.
Not true on MacOS/Wine Winbox.
You get disconnected but it won't through you out (but the clock stops to work!). I can open still windows, with data/settings, modify them etc.
Then after a while you might really get thrown out but you won't know when the disconnect happened, and from which point
onwards the modifications were lost.
For this a clear flag (green=clock updates, yellow=no update for 1-3 seconds, red= no update for over 4 seconds) would be really helpful.
Knowing that the clock is precised and stops (even on Mac) using that as trigger should be simple to implement and really nice at same time.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Fri Dec 21, 2018 2:13 pm

Not true on MacOS/Wine Winbox.
You get disconnected but it won't through you out (but the clock stops to work!).
Strange! Under Windows and with Linux/Wine this does not happen, whenever the link is lost you get disconnected within 3 seconds.
Very inconvenient, because sometimes I have 3-4 devices open at the same time and when I reboot one of them I lose all windows even before BGP+BFD re-calculates the routes.
I would in fact prefer such a status indicator and some more patience from winbox (and the router at the other side) so that it survives such events.
 
cowgirl
just joined
Posts: 5
Joined: Tue Dec 18, 2018 12:10 am
Location: South-West-Germany
Contact:

Re: Feature requests

Fri Dec 21, 2018 4:35 pm

Multi Chassis Link Aggregation for CCR1xxx and CRS3xx

Best regards
Alexandra
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Jan 15, 2019 2:38 pm

In "queue tree" please provide the option of specifying limit-at and max-limit as a percentage of the limit on the next higher layer.
(within a queue tree, the values in the parent item. in the top item, maybe the interface speed when available. or percentages could be disallowed there)

When the value of the limit in the parent item changes, automatically re-calculate the values specified by percentage.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Tue Jan 15, 2019 4:55 pm

In "queue tree" please provide the option of specifying limit-at and max-limit as a percentage of the limit on the next higher layer.
When the value of the limit in the parent item changes, automatically re-calculate the values specified by percentage.
+1

Yes please, this is very useful!
 
User avatar
SaurVLZ
just joined
Posts: 2
Joined: Thu Nov 29, 2018 12:02 am

Re: Feature requests

Wed Jan 16, 2019 1:09 pm

Please add temperature and voltage to the dashboard of the Winbox.
Often it is necessary to monitor the parameters and the location on the dashboard would simplify this at times.
winbox upg.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
iperezandres
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Mon Feb 13, 2017 1:17 pm
Location: Madrid
Contact:

Re: Feature requests

Wed Jan 16, 2019 3:01 pm

Please add temperature and voltage to the dashboard of the Winbox.
Often it is necessary to monitor the parameters and the location on the dashboard would simplify this at times.
winbox upg.jpg
Now that you mention this, what about being able to personalize the parameters being shown on the dashboard? It would be useful to use a script to show any value or calculation.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Wed Jan 16, 2019 3:42 pm

Of course when you need a dashboard with all kinds of customized parameters it is easy to make that using SNMP.
I would make such a thing on a local webserver in Perl or PHP but undoubtedly there exist "user friendly" packages for Windows that can do that too.
And of course MikroTik have "the Dude" which can do that as well.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Feature request: IEEE 1588 support

Fri Jan 18, 2019 2:19 pm

RouterOS includes limited (S)NTP support for syncing clocks. For many applications (e.g. in telecoms and industry) more time precision is required. Protocol IEEE 1588-2008 (aka PTP, IEEE1588v2) is used for this. It would be a great benefit if Mikrotik devices would support IEEE 1588 and function as transparent clock, better yet boundary clock. Maybe some of the built-in switch chips already support for IEEE1588 timestamping in hardware.

You find some information about IEEE 1588 here:
https://www.endruntechnologies.com/pdf/PTP-1588.pdf
https://www.endace.com/ptp-timing-whitepaper

This forum already had some discussion about IEEE 1588:
viewtopic.php?f=1&t=70793&p=534801&hili ... 88#p534801
viewtopic.php?f=1&t=87471&p=465496&hili ... 88#p465496
viewtopic.php?f=1&t=79304&p=421858&hili ... 88#p421858
viewtopic.php?f=21&t=121198&p=605388&hilit=1588#p605388

Of course one has to have a grandmaster clock accessible to make use of IEEE 1588. Mikrotik devices only could transport PTP packets better, if supported.
Last edited by muetzekoeln on Fri Apr 12, 2019 12:41 pm, edited 1 time in total.
 
MikrotikOdessa
just joined
Posts: 23
Joined: Wed Feb 14, 2018 11:14 am

Re: Feature requests

Sat Jan 19, 2019 11:48 am

I would like to receive SNMP traps when WiFi client registration occurs...

for example:
[WIRELESS]--Association:11G STA 80:b0:3d:xx:xx:xx associated with WLAN1 SSID = Mikrotik


It's very useful for smart home automation scenarios
 
Pada
Member Candidate
Member Candidate
Posts: 150
Joined: Tue Dec 08, 2009 11:37 pm
Location: South Africa, Stellenbosch

Re: Feature requests

Mon Jan 28, 2019 11:10 pm

I would love the following Winbox (and WebFix) features to be added:
  1. Setting default options for Tools > Torch, because I always have to first deselect "Src. Address6" & "Dst. Address6" and then select "Port" & "Protocol"
  2. Setting to prevent drag & drop of Firewall rules to prevent accidental changes in firewall order
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: Feature requests

Mon Jan 28, 2019 11:54 pm

I would like to receive SNMP traps when WiFi client registration occurs...

for example:
[WIRELESS]--Association:11G STA 80:b0:3d:xx:xx:xx associated with WLAN1 SSID = Mikrotik


It's very useful for smart home automation scenarios
You could replicate this with logging and a syslog (remote) logging server. Bit of a workaround
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Feature requests

Tue Jan 29, 2019 8:42 am

I would like to receive SNMP traps when WiFi client registration occurs...
As joegoldman write, syslog is your friend. Look at the project in my signature using Splunk to monitor Mikrotik.
I there dropped using SNMP at all, since then have to add/scan for all new devices.
Now a script on the router calls home with all information needed.

This is how the log lines looks like from Router using Syslog (even shows the signal strength and what VLAN used)
2019-01-24 08:48:09	wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -45
2019-01-24 08:36:55	wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -43
2019-01-24 07:51:17	wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -39
2019-01-23 10:05:08	wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -32
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Fri Feb 01, 2019 2:32 pm

winbox: please have some feature to set (or completely disable) the live update interval of pages that show counters etc.

When managing a router via a slow network or when using winbox over something like RDP or X2GO and when it shows a page that has a lot of counters (e.g. firewall filter wih >200 filters) the winbox client is very busy with updating the page and it becomes difficult to actually do something (like moving a rule).
I would like to just pause the updating or configure it to update like every minute instead of "all the time".
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature requests

Fri Feb 01, 2019 2:45 pm

winbox: please have some feature to set (or completely disable) the live update interval of pages that show counters etc.

++

While at it, do it for WebFig as well.
 
DmitryAVET
Member Candidate
Member Candidate
Posts: 112
Joined: Thu Mar 26, 2015 12:27 am
Location: Ukraine, Mukachevo
Contact:

Re: Feature requests

Sat Feb 02, 2019 11:29 pm

Dear Mikrotik, what about automatic sertificates from Let's Encrypt?

Keenetic (ex Zyxel) provide AUTOMATIC sertificates by Let's Encrypt:
https://blog.keenetic.com/keenetic-join ... r-society/

Why Mikrotik can't provide same?

SSL for WWW services, include WebFig, especcially remote, hotspot...

Check this out:
ssl.png
its cool!
You do not have the required permissions to view the files attached to this post.
 
User avatar
kiler129
Member
Member
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: Feature requests

Sun Feb 03, 2019 7:57 am

A simple yet I think important request: provide IPv6 out of the box. This really requires a package to be present and some default firewall & stateless configuration enabled. I don't see the reason why in 2019 they are shipped with IPv4 only where even cheap consumer routers are IPv6 enabled OOB.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature requests

Sun Feb 03, 2019 10:24 am

A simple yet I think important request: provide IPv6 out of the box. This really requires a package to be present and some default firewall & stateless configuration enabled. I don't see the reason why in 2019 they are shipped with IPv4 only where even cheap consumer routers are IPv6 enabled OOB.

++

Specially so as loading IPv6 package means it doesn't have default settings (i.e. firewall rules) and user has to perform factory reset to get decent configuration as starting point - but loosing whatever already done in other parts (IPv4, wlan, VLAN, ...).
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sun Feb 03, 2019 11:41 am

That is certainly true, but frankly even more important is to bring the IPv6 functionality up to par with what is available in IPv4.
There is a separate topic about that.
Unfortunately it appears the IPv6 developer has left the company (maybe he was also the BGP developer?)
 
User avatar
krafg
Forum Guru
Forum Guru
Posts: 1020
Joined: Sun Jun 28, 2015 7:36 pm

Re: Feature requests

Sun Feb 03, 2019 3:37 pm

A request:

Please create a 2g/3g/4g high gain antenna (dual chain). mANT LTE 5o is very little.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature requests

Sun Feb 03, 2019 3:46 pm

A request:

Please create a 2g/3g/4g high gain antenna (dual chain). mANT LTE 5o is very little.

There are plenty of high-quality third-party antennae available ... one only needs appropriate connector coverters (many antennae come with FME connectors, so one needs SMAtoFME pigtails).
 
User avatar
kiler129
Member
Member
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: Feature requests

Mon Feb 04, 2019 1:59 am

(...)user has to perform factory reset to get decent configuration as starting point - but loosing whatever already done in other parts (IPv4, wlan, VLAN, ...).
Actually you can do
/system default-configuration print file=default-cfg
after installing IPv6 package and you will get the default config with IPv6 related stuff ;)
Unfortunately it appears the IPv6 developer has left the company (maybe he was also the BGP developer?)
Why do you think so? Did they said something (even unofficially)?
 
metricmoose
newbie
Posts: 48
Joined: Sat Nov 21, 2015 2:03 am

Re: Feature requests

Mon Feb 04, 2019 6:39 am

We started renting Mikrotik routers to our customers as a basic managed WiFi solution and one thing that any ISP will run into with this type of setup is the customer hitting the damn reset button.

We'd love a way to change the default configuration that doesn't involve netinstall. It's extremely tedious to have someone sit there and netinstall a stack of routers with our custom configuration. There needs to be a better way! Mikrotiks are so close to being perfect for deploying as managed wifi.

To go with that, a basic Tr069 ACS able to run on RouterOS, like Dude or Userman, would be very useful. As long as it can handle applying configurations, setting wifi info and PPPoE logins, it will get people most of the there. Monitoring bandwidth, latency and WiFi stats would also be useful.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Feature requests

Mon Feb 04, 2019 8:50 am

(...)user has to perform factory reset to get decent configuration as starting point - but loosing whatever already done in other parts (IPv4, wlan, VLAN, ...).
Actually you can do
/system default-configuration print file=default-cfg
after installing IPv6 package and you will get the default config with IPv6 related stuff ;)

I know that ... but vast majority of SOHO users (and those seem to be the focus of MT lately) don't ... they struggle to enable IPv6 and don't bother with the rest of config ... just as they don't bother about IPv4 config, but luckily the default firewall for IPv4 is quite decent lately.
 
4lphanumeric
newbie
Posts: 27
Joined: Wed Jan 16, 2019 1:00 pm

Re: Feature requests

Tue Feb 05, 2019 8:08 am

Ability to swap the rx/tx representation in the graphing setting.

Normal : In -> green, Out -> blue
Swapped: In -> blue, Out -> green
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Feb 05, 2019 11:52 am

Unfortunately it appears the IPv6 developer has left the company (maybe he was also the BGP developer?)
Why do you think so? Did they said something (even unofficially)?
I think so, because NO development of these components has appeared aside from some minor bug fixes, for several years.
And also note they are trying to hire new developers for quite some time already.

Also, it appears the watchful eye that reminds the others in the room at the development meeting that IPv6 exists has disappeared.
New features like Kid Control and Detect Internet are developed and released WITHOUT IPv6 support.
 
neos14
just joined
Posts: 7
Joined: Thu Feb 09, 2012 2:29 pm

Re: Feature requests

Mon Feb 11, 2019 11:02 am

Please add support for SNMP views.
To be able to provide limited set of OID's for specific SNMP community.
 
dravnieks
newbie
Posts: 28
Joined: Sun May 08, 2011 12:11 am
Location: Gorey, Ireland
Contact:

Re: Feature requests

Tue Feb 12, 2019 4:45 pm

flashing every router with netinstall is minor, and fast process, only issue, in later versions configuration is not persistant after reset.

Have you tried to aply default configuration on 40 Fritzbox routers?

40 Hap AC2 i would get flashed in less than 2 hours, get 24 port poe switch and pile of patch leads. Uploading config to Fritz will take 10 minutes per router because of endless reboots and button confirmations.


We started renting Mikrotik routers to our customers as a basic managed WiFi solution and one thing that any ISP will run into with this type of setup is the customer hitting the damn reset button.

We'd love a way to change the default configuration that doesn't involve netinstall. It's extremely tedious to have someone sit there and netinstall a stack of routers with our custom configuration. There needs to be a better way! Mikrotiks are so close to being perfect for deploying as managed wifi.

To go with that, a basic Tr069 ACS able to run on RouterOS, like Dude or Userman, would be very useful. As long as it can handle applying configurations, setting wifi info and PPPoE logins, it will get people most of the there. Monitoring bandwidth, latency and WiFi stats would also be useful.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

PPPoE event scripts

Wed Feb 13, 2019 1:09 pm

It would be useful to have link-up and link-down event scripts for PPPoE client.
And please make "message" from Authenticate-Ack and Authenticate-Nak available for parsing.

Some carriers communicate DSL connection speed by using Authenticate-Ack message [PAP AuthAck id=0x1 "SRU=uploadspeed#SRD=downloadspeed#]:
https://www.ip-phone-forum.de/threads/s ... st-2274697
https://www.onlinekosten.de/forum/showt ... ost2466544
Last edited by muetzekoeln on Tue May 07, 2019 5:22 pm, edited 2 times in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature requests

Wed Feb 13, 2019 3:19 pm

PPP profile already has on-up on-down events.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Feature requests

Wed Feb 13, 2019 4:43 pm

It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping
 
raffav
Member
Member
Posts: 345
Joined: Wed Oct 24, 2012 4:40 am

Re: Feature requests

Wed Feb 13, 2019 6:53 pm

It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping
+infinity agree with that, Why in the logs cannot log the hostname/comment if is there, is very annoying to see/debug: mac abc123 connected mac abc123 disconnected
 
logistic69
just joined
Posts: 23
Joined: Sat Dec 11, 2010 2:24 am
Location: Panama
Contact:

Re: Feature requests

Wed Feb 13, 2019 11:14 pm

Please Include VPN templates for IOS, windows 10.
it is nightmare trying to make work 6.43 to accept IOS 12.1 simply don't work.
or post a update wiki how to do it, avaery time a new router OS release came up it broke something in VPN.
sadly i need to change to other brand in other to do it.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Mar 14, 2019 11:35 pm

Feature Request (1 of 2):
Mikrotik's wireless nv2 protocol ( a version of TDMA ) currently does not use encryption ( I think I am correct here … ).
I would like to see an ability to use a WPA-2 encryption on nv2 wireless networks.

Feature Request (2 of 2):
This is from a post I originally placed in the General forum under Public-Mikrotik-Bandwidth-Test-Server(s).

I would like to see a new optional Mikrotik ROS package which can perform http speedtests between Mikrotiks and client connected computers (something similar to http://my-mikrotik-IP-address/speed-btest).
… Where an optional login/password could be used to perform a http UDP-or-TCP up-or-down bandwidth test
… Where a client computer behind NATted Mikrotik could perform speedtests to their inside Mikrotik gateway IP address , and/or to any Mikrotik IP address out on the Internet.
… Where the Mikrotik admin has some control for maximum bandwidth, number of simultaneous speed-btest testers, and setting to limit how often a client can perform a http speed-btest.
… The Mikrotik http speed-btest should be a simple TCP-up, then TCP-down, then UDP-up then UDP down, followed by a round-trip-ping response time.
… The output after the http speed-btest could then report all kinds of information , including the number of dropped packets during each test -and- it would also be nice to show at what speeds RED ( Random Early Detection ) begins kicking in with dropped packets.
I suspect this type of a Speed-btest server could become very very popular. And the http speed-btest web page could show some pre-configured ISP hosting information and a URL indicating "Powered by Mikrotik" which links to Mikrotik. Mikrotik just might get a boost in sales from something like this.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 835
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: Feature requests

Thu Mar 14, 2019 11:54 pm

It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping
DHCP server lease script can help you:
:local leaseHostName;
:if ($leaseBound = 1) do={
:set leaseHostName $"lease-hostname";
:log info ("DHCP server: $leaseServerName => MAC: $leaseActMAC => IP: $leaseActIP => Host Name: " . $leaseHostName);
};
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Fri Mar 15, 2019 11:50 am

Mikrotik's wireless nv2 protocol ( a version of TDMA ) currently does not use encryption ( I think I am correct here … ).
https://wiki.mikrotik.com/wiki/Manual:N ... v2_network
 
User avatar
DanielJB
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Mon May 27, 2013 3:05 pm

"/interface ppp-client at-chat" wait missing

Wed Mar 20, 2019 12:51 pm

It is extremely useful to use the 'wait' parameter in "/interface lte at-chat" eg wait=yes.

Please can it be added for "/interface ppp-client at-chat" also as is missing?
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Wed Mar 20, 2019 3:39 pm

Can we get standard 802.11s support?
+1
802.11s would be useful to mesh for example with OpenWRT based devices (some of which may be routerboards ;-)

But to mesh RouterOS with coming commercial devices it would need Wi-Fi EasyMesh:
https://www.wi-fi.org/discover-wi-fi/wi-fi-easymesh

Please implement mesh protocols compatible with non-RouterOS devices!
 
User avatar
DanielJB
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Mon May 27, 2013 3:05 pm

Re: Feature requests - SSH autologout for security

Thu Mar 28, 2019 4:42 am

For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great!

On my Unix systems, I set TMOUT for root in a similar way.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests - SSH autologout for security

Thu Mar 28, 2019 11:26 am

For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great!
I see that feature on some systems but frankly I just find it irritating (session has been logged out when you come back to it after studying how to solve some issue),
and frankly I don't see how that adds any security. Maybe a little more for telnet where you conceivably could take over the open session when you are at an
intermediate router, but for SSH that does not work.
 
User avatar
DanielJB
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Mon May 27, 2013 3:05 pm

Re: Feature requests - SSH autologout for security

Thu Mar 28, 2019 12:07 pm

For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great!
I see that feature on some systems but frankly I just find it irritating (session has been logged out when you come back to it after studying how to solve some issue),
and frankly I don't see how that adds any security. Maybe a little more for telnet where you conceivably could take over the open session when you are at an
intermediate router, but for SSH that does not work.
SSH forwarding introduces a session takeover scenario, so there is security value of this feature (which is why other vendors implement it). Perhaps a default of 1h or never is better.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Mar 28, 2019 2:46 pm

I think other vendors only implement it because it is on standard recommendation (or even requirement) lists, not really for security.
Similar to requiring (very) frequent password changes, requiring complicated passwords, etc.
All things that could be valuable in some limited scenarios but are imposed on everyone and everything just for the sake of being able to set a checkmark.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Apr 09, 2019 4:25 pm

When a user or admin logs in incorrectly the following message is logged:

system,error,critical login failure for user xxxxx from ...

Please remove the username (xxxxx in this case) from this log message or provide a system setting to do that.
Logging the username for login failures is a security risk.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Apr 11, 2019 11:03 am

Please add an ARP mode that replies to ARP requests with info from the local ARP cache.
E.g. local-proxy-arp-cache
When the router receives an ARP request on an interface where this is enabled, it first does a lookup in its own ARP table.
When the entry is found there, a reply is sent that is exactly the same as when that particular device would answer the ARP.
When not, either an ARP request is made first and after reply the data is replied from the cache as above, or the router
replies with its own MAC address as in local-proxy-arp. (whatever is more convenient to implement)

This is useful in large WiFi installations where filtering has been implemented to reduce the amount of broadcast traffic.
Usually in such a setup, devices can not communicate with each other because they do not hear each other's ARP requests.
A workaround for that is to setup local-proxy-arp in the router, but the result is that all such communication is flowing
via the router. This can be optimized by telling the requester the MAC address of the desired peer device on behalf of
that device.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Thu Apr 11, 2019 12:27 pm

Dear Mikrotik, what about automatic sertificates from Let's Encrypt?
+1 again ;-)

viewtopic.php?t=92673
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Thu Apr 11, 2019 12:31 pm

The topic is marked as "Solved" :)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Thu Apr 11, 2019 5:33 pm

Yeah, about that "solved"... If Let's Encrypt support is solved by the solution (workaround is better word(*)) presented in that thread, then we can magically solve all other RouterOS shortcomings right away. Why didn't we think about it before, it's so simple, just add Linux machine to your router! You can solve pretty much anything that way.

(*) Don't get me wrong, I don't have anything against it, it's nice idea, definitely better than nothing and can be good enough for someone.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Feature requests

Thu Apr 11, 2019 6:50 pm

I already did that Sob! I added an RPI for my DNS. ;-)
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Feature requests

Thu Apr 11, 2019 11:04 pm

IEEE1588 and SyncE would be great, but requires specific support in hardware level.

A more stressful issue is the need for BGP RKPI support.
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: Feature requests

Fri Apr 12, 2019 2:48 am

To be honest, this is one of features which would be amazing and very appreciated.
Although it is possible to do through third-party device, it would be much more convenient to do it directly through ROS.
Unfortunately, I am afraid it won't happen because it would be very specific integration of 3rd party service and that never happened in the past (same as we don't have integrated support for 3rd party ddns or 3rd party VPN provider)
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Fri Apr 12, 2019 8:56 am

IEEE1588 and SyncE would be great, but requires specific support in hardware level

IEEE1588 works without hardware support, but performance is not so good. It even works over WLAN:
https://www.researchgate.net/profile/Wu ... ion_detail

There are switch chips (also from QC) with support for IEEE1588 and sometimes SyncE since many years. It would be nice to know which Mikrotik products already have these built-in. Someone with this knowledge out there??

It could also support a better TDMA protocol as suggested here:
viewtopic.php?t=87471#p465494
viewtopic.php?t=70793&start=100#p515551

Maybe Mikrotik can also offer an affordable GNSS-based POE-powered IEEE1588 grandmaster-clock device for mast mounting ....
 
User avatar
dohmniq
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Sat Nov 17, 2012 12:17 pm

Re: Feature requests

Fri Apr 12, 2019 2:19 pm

Can we get standard 802.11s support?
+1
802.11s would be useful to mesh for example with OpenWRT based devices (some of which may be routerboards ;-)
[...]
Please implement mesh protocols compatible with non-RouterOS devices!
Also +1
I'm involved in a commercial project that is looking to use 802.11s but I have to install OpenWRT on Routerboards to get 802.11s support.
AFAIK, 802.11s is baked into the Linux kernel which is also used for RouterOS?
Using wireless snooper on RouterOS you wouldn't even know there was a 802.11s mesh on your frequency!
 
hel
Member Candidate
Member Candidate
Posts: 199
Joined: Sun Jun 12, 2011 6:31 am
Location: Kirov, Russia

Re: Feature requests

Mon Apr 15, 2019 12:11 pm

Please add attribute or other way to set total-max-limit/total-limit-at via RADIUS.
There's no way to do changes to a dynamic queues. In case of PPPoE network we can't use manual queues.
Total-max-limit is used to limit up+down to a some total value.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 5:55 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
 
User avatar
jprietove
Trainer
Trainer
Posts: 212
Joined: Fri Jun 03, 2016 3:00 pm
Location: Cádiz, Spain
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 6:45 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Isn't it the existing Session -> Close Windows?
 
akschu
Frequent Visitor
Frequent Visitor
Posts: 57
Joined: Thu Mar 15, 2012 2:09 am

Re: Feature requests

Mon Apr 15, 2019 11:11 pm

This is what I need, a way to make a firewall list based on ipsec identity. All that's needed to make this work is the ability to define src-address-list when responder=yes:

/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-firewallrulesA src-address-list=firewallrulesA responder=yes

/ip ipsec identity
add auth-method=rsa-signature certificate=vpnserver remote-certificate=fred generate-policy=port-strict mode-config=ike2-firewallrulesA peer=ike2 policy-template-group=ike2-policies

When someone starts IP sec with the certificate=fred, then they are connected to mod-config and added to address-list firewallrulesA where we can firewall the road-warrior to specific services by simply using the address list.

Right now the only way to do this is to define an IP pool or static address for every firewall ruleset you want to tie to a user/certificate.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Mon Apr 15, 2019 11:42 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Isn't it the existing Session -> Close Windows?
Hmmm , yea I know if I exit my winbox to a remote Mikrotik then the all the sessions associated with that winbox connection close.

What I am looking for is a simple way to have a winbox session to a remote Mikrotik , then have a quick/easy method to close all the open windows in that winbox session yet still keep my winbox session running.

Example - in my attachment image - a new selection to auto close everything with an X marked in red. Yet keep the Winbox still connected to the remote Mikrotik.
You do not have the required permissions to view the files attached to this post.
 
vadimkara
just joined
Posts: 20
Joined: Tue Apr 16, 2019 8:37 am

Re: Feature requests

Tue Apr 16, 2019 8:44 am

Please add multi peer priority/fallback to ipsec policy.
You do not have the required permissions to view the files attached to this post.
 
User avatar
jprietove
Trainer
Trainer
Posts: 212
Joined: Fri Jun 03, 2016 3:00 pm
Location: Cádiz, Spain
Contact:

Re: Feature requests - Re Winbox , close all

Tue Apr 16, 2019 11:28 am

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Or I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check it
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue Apr 16, 2019 12:45 pm

I would like to see a windows list in winbox, either as a menu item or by having a button corresponding to each window in the top bar (similar to the task bar in Windows).
This can be used to raise windows that are buried after opening others.
And/or a right-click function to lower a window.

I commonly open a "Log" window and set it fullsize, then open other windows on top of it.
When I mistakenly click outside an opened window, the Log window raises to top and covers everything else, without any way to get those raised again.
One of those additions could solve that.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests - Re Winbox , close all

Tue Apr 16, 2019 5:27 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Or I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check it
OOooo :)
I must be a dummy. I see it now and it's easy.
Thanks for the info
North Idaho Tom Jones
 
dada
Member Candidate
Member Candidate
Posts: 245
Joined: Tue Feb 21, 2006 1:44 pm

Re: Feature requests - PPPoE snooping

Thu Apr 18, 2019 3:42 pm

Hi,

I would like to see PPPoE snooping feature in ROS. It could allow to identify (at login time) to what AP is an PPPoE user connected to for example.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Thu Apr 18, 2019 4:27 pm

When improving PPPoE, please look also into RFC4938. The link metrics extensions make sense with wireless links as well as with DSL, where bandwidth can change for an up-state interface.
PADQ information could be applied to QoS/queue parameters if made available by PPP event scripts (new events necessary).
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Thu Apr 18, 2019 6:58 pm

Request - CHR ISO to allow CHR install on a bare metal platform.

Reason for request:
#1 - CHR running on the free version of VMware ESXi has a limitation of 8 CPUs per virtual hosted system.
#2 - The cost of VMware ESXi license to enable greater than 8 CPUs to a virtual hosted system can be quite expensive.

An ISO install version on a bare metal box could permit the following:
- Boot on USB (bare metal BIOS configured to make the USB appear as an IDE drive).
- Utilize E1000e ethernet interfaces (10-Gig).
- Utilize all cores (dual multi-core Xeon CPUs). Example - two Xeon CPUs with 28-cores (not counting HT), could allow a CHR to function with 56 (or much more) Xeon CPUs.

A bare-metal CHR may be up to hundreds of times faster than a virtual hosted CHR (with 8 CPUs), running hundreds/thousands of complex firewall rules.

I have tried x86 on bare metal , but I've experience X86 ROS lockups under heavy loads.
I am researching a v-to-p (virtual machine to physical machine) conversion - and it may be possible - but uncertain and untested.

North Idaho Tom Jones
 
McSee
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Tue Feb 26, 2019 12:49 pm

Re: Feature requests

Sat Apr 20, 2019 1:41 pm

Can't believe that RoS console still doesn't have such basic feature as a command history search !

Like Ctrl-R/Ctrl-S in bash. Type Ctrl-R then few letters and it will show you previous command from the history with these letters, with Ctrl-R to move to the next result up and Ctrl-S down.

And no filter in log viewer in Winbox even after numerous requests ?
 
mfr476
Member Candidate
Member Candidate
Posts: 213
Joined: Thu Oct 11, 2018 4:51 pm

Re: Feature requests

Sat Apr 20, 2019 3:08 pm

Is It posible more improvement in 5ghz ac wireless?
 
libove
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Tue Aug 14, 2012 5:18 pm

formal port knocking

Mon Apr 22, 2019 2:30 pm

There are several discussions in these and other forums about how to implement port knocking in RouterOS. And, at a basic level, they all can work.
In short, they tend to be "detect proto on port, add src to address-list KNOCKPHASE1", "detect proto on port2 when src already on address-list KNOCKPHASE1, add src to address-list KNOCKEDSUCCESSFULLY", "allow in when src on address-list KNOCKEDSUCCESSFULLY".
The problem is that certain types of port scans can trigger this.
So we'd also want "... and src has NOT appeared on any OTHER port, or on these ports in the wrong order".
That turns out to be messy with RouterOS as it is today. Possible, but messy. (At the least, you end up with ports on both a successfully-knocked list AND a blacklist, and rule execution order plus the admin having a good memory or good documentation is required to avoid mental confusion...)

So, a feature request for RouterOS, formal, flexible port knocking.
Knocking should allow any combination and order of ports and protocols, up to N layers deep. (At least three. e.g. TCP/4321 followed by UDP/7654 followed by ICMP type 8 subtype 0)
The formal port knocking implementation offered as part of RouterOS should have, built-in, an optional "... and no other traffic from src in the past few seconds/minutes". (That's the part that's hard to implement cleanly with today's RouterOS).

thanks,
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Thu Apr 25, 2019 2:47 am

I would like to have an option to select and enable DFS (in the variants ETSI, FCC and JP) when using 5GHz superchannel/no_country_set setting.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: formal port knocking

Thu Apr 25, 2019 10:54 am

So, a feature request for RouterOS, formal, flexible port knocking.
Knocking should allow any combination and order of ports and protocols, up to N layers deep.
I think that does not fit within the design philosophy of RouterOS (where you get low-level tools rather than high-level blocks that perform a complex task).
However, a reasonable request would be to implement a new firewall rule action "remove src from address list" (and maybe "remove dst from address list"),
which would allow you to build what you want using the existing "add" action to add addresses to a list as they walk through the desired port knocking steps,
and use the "remove" action when they do things that do not match your desired steps (so they fall back to initial state).
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 882
Joined: Fri Nov 10, 2017 8:19 am

Re: formal port knocking

Tue Apr 30, 2019 9:57 pm

I think that does not fit within the design philosophy of RouterOS (where you get low-level tools rather than high-level blocks that perform a complex task).
Kids control.
'nuff said
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Fri May 03, 2019 1:47 pm

Dear Mikrotik, what about automatic sertificates from Let's Encrypt?

Someone wrote a lightweight ACMEv2 client in C:
https://github.com/ndilieto/uacme

So it should be possible to implement as ROS package.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Fri May 03, 2019 6:35 pm

I'm sure that MikroTik can easily write their own ACME client. But it's even more important how it should fit into RouterOS and work for as many scenarios as possible.

For example, maybe you just want certificate for https WebFig (or SSTP server). Sounds easy, right? There's already a webserver on router, so simple http-01 validation can be used. But what if you don't want or can't open port 80 (AFAIK http-01 always starts with plain http on standard port 80)? It would be the case on at least half of routers where I'd like to use Let's Encrypt certificates, because there's typically only one public address and standard http(s) ports are already forwarded to some internal webserver. There would have to be support for dns-01 validation and it has different problems too.

I think it's doable, I tried some suggestions in Support for ACME/Let's Encrypt certificate management thread, but so far it doesn't look like anyone from MikroTik though "oh yes, it's super-awesome, we need to have that!" Maybe try to invent some other foolproof plan that will finally convince them.
 
mtk89
just joined
Posts: 2
Joined: Sat May 04, 2019 4:49 pm

Re: Feature requests

Sat May 04, 2019 4:59 pm

I'm sure that MikroTik can easily write their own ACME client. But it's even more important how it should fit into RouterOS and work for as many scenarios as possible.

For example, maybe you just want certificate for https WebFig (or SSTP server). Sounds easy, right? There's already a webserver on router, so simple http-01 validation can be used. But what if you don't want or can't open port 80 (AFAIK http-01 always starts with plain http on standard port 80)? It would be the case on at least half of routers where I'd like to use Let's Encrypt certificates, because there's typically only one public address and standard http(s) ports are already forwarded to some internal webserver. There would have to be support for dns-01 validation and it has different problems too.

I think it's doable, I tried some suggestions in Support for ACME/Let's Encrypt certificate management thread, but so far it doesn't look like anyone from MikroTik though "oh yes, it's super-awesome, we need to have that!" Maybe try to invent some other foolproof plan that will finally convince them.
From the manual page (https://ndilieto.github.io/uacme/ ), it appears uacme supports dns-01 challenges and allows total flexibility by the --hook option, which calls an external script to accept, decline or set up the challenge environment.
If specified, uacme executes PROGRAM (a binary, a shell script or any file that can be executed by the operating system) for every challenge with the following 5 string arguments:

METHOD one of begin, done or failed.

begin is called at the beginning of the challenge. PROGRAM must return 0 to accept it. Any other return code declines the challenge. Neither done nor failed method calls are made for declined challenges.

done is called upon successful completion of an accepted challenge.

failed is called upon failure of an accepted challenge.

TYPE challenge type (for example dns-01 or http-01)

IDENT The identifier the challenge refers to

TOKEN The challenge token

AUTH The key authorization (for dns-01 already converted to the base64-encoded SHA256 digest format to be provisioned as _acme-challenge DNS TXT record).
 
mutinsa
just joined
Posts: 24
Joined: Tue Feb 06, 2018 4:55 am
Location: Plettenberg Bay, South Africa
Contact:

Re: Feature requests

Sun May 05, 2019 5:08 pm

SNTP Client from base package support this feature "out of box"

For NTP Client from ntp package this script may be temporary solution
https://github.com/mutin-sa/MT_ROS_Scri ... TP/ntp.txt

I've tried to search this topic, but I haven't found it (hope there are not any duplicates):

NTP Client - Possibility to use server name, not just IP address
exFAT (FAT64) or NTFS support - yes, MT is not NAS (it's slow), but it would be great to use file system capable of handling >4GB file complatible with Windows (you have HDD with big files and you want to share some files - you cannot connect it to MT, you have to reformat it to FAT32, copy everything except for big files back...)
Wireless - move Country and Distance setting to Simple Mode - you can set every other important "basic" setting in simple mode, but you have to switch to Advanced Mode for these two settings.
Quick Set - It's working with WPA1 password. It doesn't recognise, when you manually set WPA2-PSK AES only password. It requires also setting WPA1 password (even if WPA1 is not allowed), otherwise Quick Set shows WiFi password red and empty (WPA2 only is used)
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Feature Request Client SSID dont-care on connect

Sat May 11, 2019 12:54 am

Feature Request Client SSID dont-care on connect

First - this may sound like a bit of a strange ROS feature request , but this would be a very powerful feature that no other wireless company can offer at this time.

A bit of my background so that you understand my reasoning for this request :
- As a WISP (and fiber-to-the-home ISP), we have hundreds of Mikrotik APs and 1,000+ client Mikrotiks
- All APs use the same SSID
- All of our tower locations have multiple (dozens) of APs on each tower (all with the same SSID)
- Clients (nv2 Mikrotik clients) do not necessary connect to the strongest/best AP which may be facing in the direction of the client Mikrotik. As a result, we often have many many client Mikrotiks that are not connected to the best/strongest AP. This often results in everybody on that AP running a little slower because of the few clients that are connected with slower connect rates and higher wireless retries.

So , after more than 10+ years of hands-on experiencing clients often not connecting to the most preferred Mikrotik AP, I have a feature request to ask Mikrotik for …

Feature request #1
- A new SSID setting for Mikrotik wireless clients (802.11 & nv2 & nstream)
- A new optional setting on the client SSID that is a dont-care character.
- Where any AP SSID that matched the client SSID up to the dont-care character will qualify to an AP for the client to connect to.
-- Example ;
--- Client has a dont-care optional setting checked
--- The client dont-care character is a "#" character
--- The client SSID is configured at "WISP-something.com#"
--- The client sees multiple APs with these SSIDs: "WISP-something.com" and "WISP-something.com#" and "WISP-something.com#1" and "WISP-something.com#2" and "WISP-something.com#131" and "WISP-something.com#betty"
--- The Mikrotik client can connect to any SSID that starts with "WISP-something.com"

Feature request #2
- A new SSID setting for Mikrotik wireless clients ((802.11 & nv2 & nstream)
- A new option to configure Mikrotik clients to specify a preferred list of SSIDs to connect to.
- The 1st SSID selection is always the 1st SSID the client will try to connect to
- The 2nd SSID selection is only used when the client can not connect to the 1st selection
- The 3rd SSID selection is only used when the client can not connect to the 1st or 2nd selection
- The 4th SSID selection is only used when the client can not connect to the 1st or 2nd or 3rd selection.
--- Example of use , A Mikrotik Client with these optional settings:
--- 1st "WISP-something.com#2"
--- 2nd "WISP-something.com#betty"
--- 3rd "EISP-something.com#131"
--- 4th (last fall back SSID selection) "EISP-something.com#"

With feature both feature request ( 1 and 2 above ) , Mikrotik clients now have a preferred ordered connect SSID list. If the 1st and 2nd SSIDS are off-line, then the Mikrotik client will try to connect to the 3rd SSID selection in the list. If the first 3 preferred SSIDS are off-line, then the client Mikrotik can use the dont'care character and connect to any other matching SSIDs.

Something like this will surely help any WISP using Mikrotik products who have a large base of Mikrotik wireless devices.

With these 2 new requested features in Mikrotik ROS clients, a WISP can now; A - have some control as to what APs client Mikrotiks connect to & B - configure client load sharing on all WISP APs.

FYI - and yes I do know there is a connect-list feature that uses signal strength (for APs and clients) but that feature also has it's own other set of issues and problems.

North Idaho Tom Jones
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: Feature requests

Sat May 11, 2019 1:29 pm

Why use SSID for this? This may bring compatibilty problems. Wouldn't a preferred list of AP's (e.g. by address instead of SSID) on the client alone help with your issues? So no change on the AP side necessary.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Sat May 11, 2019 5:54 pm

And it is already available... you can make a connect list with different MAC addresses for the same SSID.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Mon May 13, 2019 5:38 pm

And it is already available... you can make a connect list with different MAC addresses for the same SSID.
Yea , using a connect list with MAC address could almost work (almost).

Using a MAC address connect method presents a management problem for all clients when an AP needs to be replaced or upgraded.
A change of an AP, can result in a different MAC address , which then can result if every wireless client needing to be re-configured.
Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.

North Idaho Tom Jones
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Mon May 13, 2019 5:42 pm

Why use SSID for this? This may bring compatibilty problems. Wouldn't a preferred list of AP's (e.g. by address instead of SSID) on the client alone help with your issues? So no change on the AP side necessary.
Re compatibility problems - that is the reason I stated optional setting. Default on an upgrade to a newer ROS with such a feature should be default Off.
 
faraujo88
just joined
Posts: 14
Joined: Fri Feb 15, 2019 2:28 am

Re: Feature requests

Mon May 13, 2019 5:54 pm

It would be great if dhcp-server has an option to set a queue limit to each lease, and remove when the guest got out, automatically.. or RouterOs already does that?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon May 13, 2019 7:31 pm

Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
When you have to manage 300 devices you should have some mechanism in place to support remote management.
It can be done with MikroTik. I have seen solutions for that presented at MUM events.
E.g. you make a scheduled job that runs once a day and attempts to download some file with a naming convention depending on the client, and when it exists it imports that file.
(it would be a good idea to have some version numbering so you can avoid re-running the same file every day after it has been already run once)

There should be more explicit support for that in the Dude.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Feature requests

Mon May 13, 2019 11:01 pm

Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
When you have to manage 300 devices you should have some mechanism in place to support remote management.
It can be done with MikroTik. I have seen solutions for that presented at MUM events.
E.g. you make a scheduled job that runs once a day and attempts to download some file with a naming convention depending on the client, and when it exists it imports that file.
(it would be a good idea to have some version numbering so you can avoid re-running the same file every day after it has been already run once)

There should be more explicit support for that in the Dude.
Re: … mechanism in place to support remote management …
I have my own custom scripts (Linux for-IPs-In-a-List.txt ssh/telnet send/expect) which work very well to bulk manage my client Mikrotiks.

Re: … good idea to have some version numbering so you can avoid re-running the same file …
My custom management scripts do this and much more

The problem with bulk management is configuring an algorithm which does two thing - 1; load share connected clients on APs and 2; define a set of client preferred APs to use when available.
With my two requested features, these new settings would only need to be performed when the client is installed.

The issue is that there is a whole bunch of Mikrotik admins that do not use Dude or custom scripts and only manage client Mikrotiks manually one-at-a-time.
With my suggestion, there would be no need for any type of bulk management (if any AP is replaced) if my two feature requests would be implemented in ROS.
 
itmethod
newbie
Posts: 34
Joined: Tue Feb 18, 2014 8:44 pm

Re: Openvpn server route push

Tue May 14, 2019 1:52 am

Routeros openvpn server needs a way to push routes to the clients.
This is very much needed.

I have multiple clients windows and Linux. and need multiple usernames to have different routes pushed to them, as-well as a global route push. so I don't have to have seperate vpn servers. or multiple client config files and have to worry about user having right config file.

The current routes option in ROS is the iroute command for the ccd files. and it puts routes into the routers/servers routing table to the clients lan.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Tue May 14, 2019 11:00 am

The problem with bulk management is configuring an algorithm which does two thing - 1; load share connected clients on APs and 2; define a set of client preferred APs to use when available.
These issues are completely independent. You need a bulk management method to distrubute any configuration changes to your clients, but apparently you already have it.
Then you need to know WHAT you want to configure in your clients. I would say that is an application-specific problem that has to be adapted for your specific network.

The tools (e.g. connect list) are already there. You can load a connect list with a couple of MAC addresses and finally a generic SSID to connect. You should find your
clients online, and then maybe you need some form of remotely managed "scan" to know what network to connect.
This is not something you are going to solve with a complicated method such as you proposed. It will fail in some way, if not in your network then in someone else's who tries to use it.
Keep things simple and keep them in your own hands.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Frequency Usage - add more fields (counts & average)

Tue May 14, 2019 10:14 pm

Frequency Usage - add more fields (counts & average)

Here is a suggestion - add some additional fields when performing a Frequency Usage
- Add a new field showing the Number-of-Usage-Hits for the current scan (per frequency)
- Add a new field showing the Peak-Usage-Strength for the current scan (per frequency)
- Add a new field showing the Average-Strength for the current scan (per frequency)
- Add a new field showing the total sum of Usage (per frequency)

With these additional Frequency-Usage fields, it would then be easy to run an extended length Frequency-Usage scan (Ooo say 15 minutes or so) then review the results to easily locate the least-used/most-available contiguous frequencies. Now the Mikrotik admin can add/configure APs to operate with frequencies/channels which have the least amount of background noise.

North Idaho Tom Jones
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: Feature requests

Thu May 16, 2019 4:09 pm

Reboot-Button within WinBox => CAPsMAN => Remote CAP, i.e. click on cap and simply reboot it.
 
jaceyk
just joined
Posts: 4
Joined: Wed May 15, 2019 3:54 pm

Re: Feature requests

Mon May 20, 2019 3:36 pm

The ability run traffic-generator with a single core on a multi-core device.

The reason is that multi-core Mikrotik routers don't seem to be able to detect Out-of-Order packets. The single-core routers that I've tried have no such problem.

Even though using a single core would bring the performance way down, it would still be sufficient for a sequence-error test.

I could test from one point to another with all cores to check bandwidth, and test again with one core sending 100mbps for 24 hours to check for reordering.

To be clear, I'm only speculating that the reason that CCRs can't see OoO packets with Traffic-Generator is because they're multi-cored. If that's wrong then my feature request is just to fix traffic-generator for CCRs.
 
stejjh
just joined
Posts: 6
Joined: Sat Apr 07, 2018 6:16 pm

Re: Feature requests

Thu May 23, 2019 8:14 am

I have seen this mentioned elsewhere but not here – add digest authentication support to fetch for http/https requests please

Thanks

J
 
neticted
Member Candidate
Member Candidate
Posts: 137
Joined: Wed Jan 04, 2012 10:36 am

Re: Feature requests

Fri May 24, 2019 11:18 am

Using a MAC address connect method presents a management problem for all clients when an AP needs to be replaced or upgraded.
A change of an AP, can result in a different MAC address , which then can result if every wireless client needing to be re-configured.
Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
I had similar issue (although I do not run commercial ISP but community network). My solution was to use my own MAC addresses (invented for the purpose) for network adapters.That means, after I replace adapter, I set designated MAC for that AP and clients see no difference.
 
neticted
Member Candidate
Member Candidate
Posts: 137
Joined: Wed Jan 04, 2012 10:36 am

Re: Feature requests

Fri May 24, 2019 11:43 am

I would like to propose some improvements in user interface of Winbox


- Allow changing order of columns in tabular view.

Now, order is fixed and it becomes quite cumbersome if you have to follow some columns that are last in the row and you do not have large enough screen. Allowing user to set order of columns would help him ordering columns due to current importance.


- Allow selecting visible columns (option Show Columns) in more user friendly manner.

Selecting columns that are visible is quite cumbersome on data that has lots of columns. User has to scroll down through the list to find columns, and when he selects column list is closed, so, for another column, you have to start adding from scratch.

Better solution would be that Select Columns is modal windows (dialog) which provides list of columns avoiding need for scrolling throuugh the list and with check boxes, so user can in single pass set or unset columns that he wants to be visible.



- Comments should be treated as any other column

Comments have different treatment comparing to other row data as they may be displayed in separate line (which is good). Sometimes it is more practical to see them as columns and there is option to set it but that setting lives only until Winbox is closed. On restart, columns are again displayed as separate line. I am not referring to global setting but for custom setting for specific table view.

It should be treated as ordinary column, meaning if user selects is to be visible as column it should stay that way.



- Some columns could be treated as comment

When comment is displayed not inline there is usually plenty of empty space where additional info could be shown. It would be good if we could have option to choose some columns that would be displayed in comment space. That would provide better space usage and improvement of user experience.

For example, when I set logging on firewall rule, it would be great if that information is visible in comment space.



- Allow customization of toolbar on main window

Every admin has set of options he frequently use and it would be good to have them easily accessible instead going through menus again and again. Make toolbar on main windows that can be customized in two ways:

1) user can simply set button that opens specified settings

2) user can set button that starts specified script




- Allow Hide Password option to be directly accessible

One that was option set on main window so user could simply check or uncheck password visibility. Now, that option is hidden in menu. That causes two user experience problems: option is hidden so user has to look for it through the menu, and password visibility status is not visible, meaning, user may leave password visibility inappropriately set to visible as he does not see option status.

In most occasions, password visibility is needed just temporarily and for very short time, so it is better user experience if it is possible to see status and change it quickly by simple click.

That option could be simply set as checkbox on far right on main windows toolbar as it used to be.



- Allow setting favorite connections

With large number of routers tabular list of saved router connections becomes cluttered. Grouping and notes do help sorting it out, but it would really help if user can set some connections that he needs frequently as favorites so he can have them easily accessible in some way (listed in separate tab or listed on top or some other method).
 
jo2jo
Forum Guru
Forum Guru
Posts: 1003
Joined: Fri May 26, 2006 1:25 am

Re: Feature requests - Re Winbox , close all

Sun May 26, 2019 11:42 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
I would love to see this also. Often on lower end RBs people dont realize how much CPU load winbox/mgmt can have on the device. the more winbox windows open, the more updates that have to be sent, thus more CPU load (im talking in a single winbox session/window / connected to a single routerboard).

The suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed). the new feature im looking for (and i think this user above too), is a button or menu option to close all windows in the current session, without exiting winbox. Often pressing ESC key will close some windows, but there are quite a few that ESC does not work on (like terminal windows, understandably).
thanks
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests - Re Winbox , close all

Mon May 27, 2019 2:51 pm

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
I would love to see this also.
Then why did you not notice the replies made to Tom that this feature is already available?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests - Re Winbox , close all

Mon May 27, 2019 7:02 pm

The suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed).
wrong
 
jo2jo
Forum Guru
Forum Guru
Posts: 1003
Joined: Fri May 26, 2006 1:25 am

Re: Feature requests - Re Winbox , close all

Tue May 28, 2019 1:50 am

The suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed).
wrong
oh wow, you are correct, choosing session-> close all windows , does infact accomplish this (wo existing the app). thanks!
 
moham96
newbie
Posts: 33
Joined: Thu Dec 21, 2017 3:08 pm

Re: Feature requests

Thu Jun 13, 2019 2:51 pm

How about adding "use peer DNS" to the OVPN Client similar to other clients like PPPoE and dhcp client, right now when i establish a connection to the openvpn server I'm forced to have the advertised openvpn dns server, I can disable the dns server on the openvpn server but I would like other clients to have the vpn dns resolver and only one of my routers to disable peer dns
2019-06-13-142337_1020x512_scrot.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Jun 13, 2019 4:19 pm

It would be nice to have some feature to move an entire network with all its interface-related settings to another interface.
I.e. interface list, bridge port, IP/IPv6 addresses, dhcp client or server, firewall entries, and all other config that refers to an interface.
Use case: you want to move an internal network or the ISP link to another port or from a port to a bridge or a VLAN.
As a workaround it is of course possible to always use a bridge instead of directly attaching config to an interface, but you have to know that beforehand :-)
 
User avatar
luciano
just joined
Posts: 12
Joined: Fri Nov 25, 2005 12:32 am
Location: Ponta Grossa/PR
Contact:

Re: Feature requests

Thu Jun 13, 2019 10:26 pm

Will be nice if Socks and Webproxy became individual packages. So we can disable and hardening the box.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Fri Jun 14, 2019 12:35 am

Both proxies are disabled by default, so they just take space in menu and little bit on disk, but that's it. Ability to uninstall them completely wouldn't change much, they already don't do anything if you don't enable them. I can understand that seeing some things in menu can annoy people for whatever reason (they don't use them, believe that they don't belong on router, ...). But there's a question if making everything separate package is really worth the effort.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon Jun 24, 2019 5:49 pm

Please add possibility to add "unknown" entries in the /ip dns static list.
This is useful especially with regexp entries like ".*\.168\.192\.in-addr\.arpa$" -> unknown.
(to avoid bombarding the upstream resolver with requests about rdns for local networks)
 
ivanfm
newbie
Posts: 48
Joined: Sun May 20, 2012 5:07 pm

Re: Feature requests

Tue Jun 25, 2019 5:27 pm

Hey, Mikrotik team!
Please extend "netwatch" funtionality a little bit. It is a nice feature, but so undeveloped.
It will be nice to have an option to set amount of ping to send before change status to down and at its frequency.
..and the possibility to set source address (e.g. remote ipsec hosts)
netwatch with option to set src-address will make easier to test connections on multi connection routers.
 
flyfinlander
just joined
Posts: 4
Joined: Tue Nov 27, 2018 4:47 pm

Re: Feature requests

Tue Jul 23, 2019 10:12 am

Can you please add the option in "IPSEC policy" to choose Dst. and Src. address from an IP list, not just one IP or range?
 
ekerlostw
just joined
Posts: 5
Joined: Sun Nov 25, 2012 9:40 pm

Re: Feature requests

Fri Jul 26, 2019 10:45 am

Need feature to detect if device have poe-out interfaces - now any poe-command (even print command) causes error in script if HW doesn't have poe-out interfaces...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Feature requests

Fri Jul 26, 2019 11:35 am

any poe-command (even print command) causes error in script if HW doesn't have poe-out interfaces...

Can you post the command that fails? There may be a solution to test for poe interface before command is run.

Who is online

Users browsing this forum: Ahrefs [Bot], GoogleOther [Bot] and 89 guests