Page 2 of 4

Re: Feature requests

Posted: Wed Feb 19, 2014 7:43 pm
by luqasz
ssh-rsa encoding for ssh client

this is an exact error message on cisco switch when i try to log in with ssh client on ros 6.10
SSH2 0: hostkey algo not supported: client ssh-dss, server ssh-rsa

kerberos

Posted: Wed Feb 19, 2014 7:46 pm
by luqasz
kerberos support for ssh logging.
i may be bombarded her to use radius with user-manager. problem is that radius is not as secure as kerberos. if you want to have same password for winbox and ssh you have to store and send passwords in plain-text !!!

don't you think that is a security hole ?

secure store local users passwords

Posted: Wed Feb 19, 2014 7:49 pm
by luqasz
it is verry simple to crack local user password once you have access to binnary backup for example.
Store them in sha or blowfish.
If you do this they can be exportable via /export. Also please note that importing them would be a really nice feature.


as a side note please read this and THIS.
please read my post again, because you completely missed my point. I said - why even bother encrypting it? it will just take a little more time to read. Better deal with your other security hole - why can somebody take your router and do what he pleases?
Are really so ignorant ? Why even bother ?

connection lists. split ports in separate columns

Posted: Wed Feb 19, 2014 7:55 pm
by luqasz
/ip firewall connection
25    tcp      212.77.100.128:80     91.xxx.xxx.xxx:52378  established 2h47m39s  
issuing below command:
print where src-address=212.77.100.128
will not print src addres becouse you have to write it with port. what if you do not know the port or you are just not interested in it ?

under winbox you can filter it by src-address and it works. why there are differences in console experience and winbox ?



-----------------------------


ok scratch this one. i have figured out to use scripting
/ip firewall connection print where src-address~"212.77.100.128"

general purpouse prefix lists

Posted: Wed Feb 19, 2014 8:10 pm
by luqasz
prefix lists for bgp, ospf etc. not only rip. once done you can store prefixes in some separate place making filters refer to them and resulting in more clear configuration

disable BFD interfaces

Posted: Wed Feb 19, 2014 8:12 pm
by luqasz
/routing bfd interface> disable 0
failure: cannot disable 'all' interface config
remove all interface as a default configuration. you just do not use it always.

physically disable port

Posted: Wed Feb 19, 2014 8:17 pm
by luqasz
if you set an ethernet/sfp interface as disabled link is still up. how about phisically (elecrically) disable it as well. just like a decent switch does

case insensitive mac address formats acceptance

Posted: Wed Feb 19, 2014 8:19 pm
by luqasz
if you want to find a mac address on a bridge host table you have to write it case sensitive. how about accepting it in case insensitive ?
This may be for some people a cosmetic feature but still noce one.

/file mv,cp,mkdir

Posted: Wed Feb 19, 2014 8:26 pm
by luqasz
/file mv,cp,mkdir

it is in my opinion self explanatory....

loopback interface access.

Posted: Wed Feb 19, 2014 8:50 pm
by luqasz
simply show loopback interface in interface lists.
then you will be able to add addresses to it and not make a dirty empty bridge hack.

Re: Feature requests

Posted: Wed Feb 26, 2014 8:52 pm
by nickjail
Hi!

Need snmpget, snmpwrite, snmpwalk tools to monitor and control status of remote network hardware via router. For example, monitor UPS via snmp, reboot hardware and so on.
Yes, ups package already exist but it capable with APC only and interface cable lenth is limiting factor...
Really need. Thx!

Copy cell feature

Posted: Thu Feb 27, 2014 11:27 am
by Diamond
Often MAC or IP address should copy manually from winbox. I suggest to make "cell copying" command for more convenient work...
Image

Re: Feature requests

Posted: Thu Feb 27, 2014 4:01 pm
by mishaM
Hi all,

this feature will be good:
on CLI -> command alias support , (make group of line commands to one command )

make poe monitor oids( for 750 up ) or support on api monitor function.

Re: Feature requests

Posted: Fri Feb 28, 2014 8:08 am
by mishaM
also on CLI insert privileged modes ( enable ,config ..etc) will be good

Re: Feature requests

Posted: Fri Feb 28, 2014 10:33 am
by markom
mikrotik as LNS server with LAC support and l2tp secret tor tunnel.

Re: Feature requests

Posted: Fri Feb 28, 2014 12:12 pm
by vortex
HFS+ formatted storage, AFP, Spotlight indexing, Time Machine support, SMB 2.0

Working Bonjour (mDNS) intra-router (not inter) routing across subnets with example

Re: Feature requests

Posted: Fri Feb 28, 2014 12:18 pm
by vortex
Suricata on CCR

Re: Feature requests

Posted: Sat Mar 01, 2014 9:16 pm
by nosovk
hyper-v nic support!

Feature requests

Posted: Sun Mar 02, 2014 8:58 pm
by nickjail
Please add support of receiving SNMP Traps and run scripts on this events

Re: Feature requests

Posted: Mon Mar 03, 2014 2:34 am
by nz_monkey
Suricata on CCR
Rumor has it ;)

Re: Feature requests

Posted: Thu Mar 06, 2014 1:05 pm
by IlCarletto
set the syslog remote address as fqdn or domain name and not only IP.

Re: Feature requests

Posted: Wed Mar 26, 2014 2:06 pm
by abstract
We tried CAPsMAN this week. It seems us a good tool, We haven't tried all features at the moment and we are planning to use it without SSL certificates exchange in an hotel in the next week.

We would like to suggest some enhancements for radio parameters managements.
  • The frequency provisioning does not permit to set the "auto" frequency value
  • The frequency provisioning does not permit to set the country value resulting in illegal frequency channel (in fact we cannot use the channels 2467 and 2472 that are permitted in italy)
  • Generally speaking it will be usefull having a greater control on CAP's radio parameters setting (country, power, frequency mode, antenna gain, DFS mode, etc...)
  • May result usefull let the CAP use its own radio parameters configuration, when implicit default provisioning rule is applied, or when configurations without radio parameters explicitly setted are used.

Re: Feature requests

Posted: Sun Apr 13, 2014 2:37 am
by DShmelev
Address lists of Address lists!
Urgent! :)

Re: Feature requests

Posted: Tue Apr 15, 2014 3:13 am
by blackhold
NAT64: Tayga

More info:
http://www.litech.org/tayga/
http://blackhold.nusepas.com/2014/04/nat64dns64/

it should be easy to implement, install tayga package (121kb) and configure twice firewall rules...

please, it is really important due ipv4 is out and now if you want to redirect users from a wisp you need to use policy routing and you need IPv4 inside your network to make it work.

thanks you much!

Re: Feature requests

Posted: Tue Apr 15, 2014 11:46 am
by markom
ADSL capable RB.

Re: Feature requests

Posted: Tue Apr 15, 2014 11:47 pm
by jmetcalf
I would love to get a url-server/filter command implementation what Cisco provides. (Do a search for "PIX/ASA URL Filtering" for an example of what I am referring to).

The basic idea being any website being accessed first does a quick hand-off to the filter server for a yes/no response. If yes is returned then the router allows the access to continue. If a No response is returned than the Router passes you back to the url-filter server for a block reason.

I realize that you can proxy, but this feature would open up RouterOS to the possibility alternate content control without the need of proxy servers.

Just a thought.

Re: Feature requests

Posted: Thu Apr 17, 2014 2:18 pm
by blackhold
IPv6 policy routing - really important if nat64:tayga will not be implemented yet

Re: Feature requests

Posted: Thu Apr 17, 2014 3:17 pm
by blackhold
winbox: group connections by categories

Re: Feature requests

Posted: Thu Apr 17, 2014 3:29 pm
by cdiedrich
Next feature request for Access Points (Like metal, BaseBox, etc) and their LEDs:

It'll be just fantastic for us to be able to not only add wireless signal strength to LED1-LED5 (which is somehow pointless when they're configured as access point) but alternativly CPU load and/or bandwidth utilization (in % of the theoretical configured maximum)... THIS would really help us a big deal.

Thanks,
-Chris

Re: Feature requests

Posted: Thu Apr 17, 2014 6:11 pm
by brauser
Some features have already been requested before, to better manage this, you can register on the Wiki and cast your vote there:

http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Of course, in addition, it would be great if you also posted a message here, explaining why you need that particular feature. And as usual - search before you post, maybe a topic exists already.
normis,

Wiki link is down, there is some other specific place to do feature request or here's the right/official place?
My feature request would be to have an option to turn on/off (checkbox) dynamic mode on "/ip pool" so we can have the opposite behaviour of:
Note: Whenever possible, the same ip address is given out to each client (OWNER/INFO pair).
Better if it could be possible for each pool :)

It would be very appreciated by many. Big thanx!

Re: Feature requests

Posted: Fri Apr 25, 2014 1:22 pm
by ofendt
Would be perfect in IP/ROUTES Check-Gateway to be able to specify an IP-Adress other the the default Gateway.

In Germany we get more - and more proconfigured AVM Fritzboxes as a DSL Connecting-Point.

The box is always Pingable - even if the connection behind is down. Script is possible but complicated.

---

And by the way...
Optical nice (something like UNIFI with hidden cables) RB with (RB95xxx) with 2,4 AND 5 GHz would be perfect.

And... don't forget the perfect DUDE. Its still in beta and send's me email's even if the server is down for only some seconds.
Would be perfect to give a time-limitt (if down 1 minute...)

Thanks. RB is "nearly" perfect - good stuff.

Re: Feature requests

Posted: Fri Apr 25, 2014 1:41 pm
by andriys
Would be perfect in IP/ROUTES Check-Gateway to be able to specify an IP-Adress other the the default Gateway.
It should already be possible using so called "Recursive routes".
Read more about it here. I seem to have seen an example somewhere in the wiki as well, but can't find it at the moment.

Re: Feature requests

Posted: Mon Apr 28, 2014 6:17 pm
by Chupaka
I seem to have seen an example somewhere in the wiki as well, but can't find it at the moment.
http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting

IPv6 DNS Router advertisement

Posted: Sun May 11, 2014 4:31 pm
by quux
I hope the title says it all.

We bought the CRS125-24G-1S-2HnD for the express purpose of getting IPv6 running properly on our network. Getting everything up and running, only to find that we could not advertise local DNS servers via RAs, was very disappointing! I am however very impressed by the device and by RouterOS in all other respects.

If anyone knows a clean way to do this from Windows, feel free to reply here or email me directly. I'll be very thankful!

In the meantime I'll hope this feature comes to RouterOS!

Re: Feature requests

Posted: Thu May 22, 2014 12:23 pm
by andryan
More /ip ssh settings: TCPKeepAlive, ClientAliveInterval, and ClientAliveCountMax.

Re: Feature requests

Posted: Tue May 27, 2014 6:01 am
by otgooneo
Please implement logging possibility when bridge port interface role changes. If something happen in my STP enabled network, I can`t see where was an issue and which of my routerboard changed it`s port state. Furthermore debug log should show BPDU message detail logs. But now even debug log can`t show nothing regarding bridge interface role changes.

Re: Feature requests

Posted: Sun Jun 01, 2014 11:26 pm
by wisp625
Feature request: would be nice if there was a VoIP implementation section and a POE out port as a WAN port so we could have a customer router provide power for the radio and be able to plug a telephone into it as well. A lot of Wisps are looking for this as a solution. :)

Re: Feature requests

Posted: Thu Jul 03, 2014 1:58 am
by Valerio5000
I realize that my request is not "technical" but it is possible to integrate a DLNA server for example nell'RB951 with USB that is proposed as a router at home?

Re: Feature requests

Posted: Fri Jul 04, 2014 6:00 am
by joncolby
Please add Dynamic V-Lan Assignment so we can run 3rd Party Network Access Control Software like Packetfence Please.

Re: Feature requests

Posted: Wed Jul 23, 2014 4:41 pm
by digidax
If I have opened a firewall rule, a Button to clone this rule.

I have a lot of INPUT rules, which are only different by the src IP Address.
So I can clone the rule, change the SRC IP and apply the rule.
Webmin (www.webmin.com) have it implemented for the firewall settings.

thanks
Frank

Re: Feature requests

Posted: Wed Jul 23, 2014 5:05 pm
by Chupaka
If I have opened a firewall rule, a Button to clone this rule.
you mean, 'Copy' button, which is there for may years already?..

Re: Feature requests

Posted: Sun Jul 27, 2014 6:23 am
by Utomo
Some features have already been requested before, to better manage this, you can register on the Wiki and cast your vote there:

http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Of course, in addition, it would be great if you also posted a message here, explaining why you need that particular feature. And as usual - search before you post, maybe a topic exists already.
The pages already deleted

My Feature request:
1. Utilize the USB for NAS and Cache.
so we can connect a Hard disk and use as NAS and cache (to save bandwidth)
2. Support PHP please. so we can run the PHP script on Mikrotik Router.
Now the memory size already big enough and also the Processor also fast enough.
By allowing PHP Script it will make the Router more flexible and powerful.

And also Better WEB UI / More user friendly.

Thank you .

Re: Feature requests

Posted: Mon Jul 28, 2014 9:21 pm
by Davis
I want to suggest adjustable boot-delay (under /system routerboard settings), up to 255 seconds, for all RouterBOARDs.
This would allow some safety against bricking by repeated power loss (i.e. in case electrician connects power only for a few seconds router won't yet start to boot and there would be no risk of data corruption due to power loss during boot).

Re: Feature requests

Posted: Fri Aug 08, 2014 9:48 am
by LarryPotter
Would NETCONF be of use to anyone else?

Re: Feature requests

Posted: Fri Aug 08, 2014 1:40 pm
by hzdrus
We find inability to trigger commands/scripts based on events to be very limiting, especially in MPLS VPN deployment.

The following is necessary:
1) Ability to specify inside RADIUS reply which commands/scripts to execute (e.g. similar to Cisco-AVPair)
2) Logging target to send every new log line to a script (so there is no need to use a hack with scheduler executing a script every N seconds)

Relatively cheap FTTH CPE

Posted: Tue Aug 19, 2014 3:22 pm
by rsaf
Somethink lie RB951Ui-2HnD or RB951G-2HnD with SFP slot. We really need:
-single SFP slot for optical UPLINK
-SFP slot in confiurable VLAN aware switch (we have trunk on optical uplink with IPTV in separate vlan and we need to pass IPTV to one or two ethernet ports)
-at least 5 ports (5 ethernet ports and 1 sfp port will be much better)
-integrated 2.4GHz wifi
-one type with plastic case (like RB260GS) with integrated wifi antennas
-second type "board only" with U.FL antena connectors - we have own design of metal wall-mount case in which we can splice optical cable and put optical CPE (switch or mediaconverter) in it, we can put bare board in this case and use pigtails to pass antennas outside this box
-maybe mikrotik can design their own wallmount box where optical cable can be spliced and integraded routerboard in this box...

Re: Feature requests

Posted: Tue Aug 26, 2014 4:32 am
by whippy
Followed the link to the wiki - doesn't look like anyone's using it though...

CAPsMAN extended to allow other interface types to be assigned to datapaths.

Re: Feature requests

Posted: Tue Aug 26, 2014 12:19 pm
by skibi82
Give MACVLAN to add the power to create Virtual interfaces.
Useful for testing or the separation of traffic.

Re: Feature requests

Posted: Tue Aug 26, 2014 10:57 pm
by Komerad
- All openvpn features.
- Auto dns lookup when non ip value is entered. Would be very handy to have router os to accept domain names for more features.
- Make adressess list true lists that can hold all kind of unique ip adresses or even hostnames in a list. Not just ranges.
^- and/or make it possible to add more sources and destinations at certain places. (Like mangle.)

Re: Feature requests

Posted: Wed Aug 27, 2014 9:22 am
by xhaos
Expand graphing, to show wireless connection statistics such as SnR, CCQ, Rx/Tx for AP clients and for p2p connections

Re: Feature requests

Posted: Wed Aug 27, 2014 11:27 am
by jarda
Please, create universal versatile graphing that allows user to set whatever value that is readable in ROS to be graphed. Combined graphing (e.g. CPU, memory and number of connected clients together in one graph) would be something extra!

And please, ensure that power loss, reboot or ROS upgrade will not erase old graphs. It is still unsolved bug that emmerges very often still in 6.18 (contemporary latest).

Re: Feature requests

Posted: Wed Aug 27, 2014 11:42 am
by normis
Please, create universal versatile graphing that allows user to set whatever value that is readable in ROS to be graphed. Combined graphing (e.g. CPU, memory and number of connected clients together in one graph) would be something extra!

And please, ensure that power loss, reboot or ROS upgrade will not erase old graphs. It is still unsolved bug that emmerges very often still in 6.18 (contemporary latest).
we already have it, it is called SNMP

Re: Feature requests

Posted: Wed Aug 27, 2014 2:40 pm
by jarda
Normis,

you know very well that this is not the requested functionality - getting values via snmp takes time and resources, what is worse, it needs active connection to the device. I talk about autonomous graphing that will work within the ROS even if the device is disconnected from the network.

At least, I wish the graphs were stop disappearing. Finaly. Some day.

And anyway - are you working on speeding up usb storage opertions and usb storage reliability? It is tragical and too much CPU time hungry.

Re: Feature requests

Posted: Sat Aug 30, 2014 9:54 am
by AlexS
I would like a graceful BGP and OSPF shutdown

when I reboot my router it doesn't bring down the OSPF and BGP connections and I have to wait for its peers to realize its dead

That can take a while.

and you can't just stop the BGP / OSPF instances as they will not restart on reboot !

Re: Feature requests

Posted: Sun Aug 31, 2014 3:54 am
by roadracer96
Both of my other brands of firewalls and routers support graceful ospf/bgp restart. It's very nice when you are making a change to the routing process but don't want to dump all routes.

Re: Feature requests

Posted: Mon Sep 01, 2014 12:21 am
by AlexS
Sorry miss understanding

I mean shutdown of the router not ospf/bgp processes

Re: Feature requests

Posted: Mon Sep 01, 2014 5:38 am
by roadracer96
That isn't graceful restart. Graceful restart means "hold your routes until I come back, wait up to x seconds for me to finish my operation then update routes after we reestablish adjacency". The change you requested is best handled with bfd.

Re: Feature requests

Posted: Mon Sep 01, 2014 6:18 am
by AlexS
That isn't graceful restart. Graceful restart means "hold your routes until I come back, wait up to x seconds for me to finish my operation then update routes after we reestablish adjacency". The change you requested is best handled with bfd.
I would have to disagree.

By using BFD (i looked at it, it just makes convergence faster. Good, doesn't work for me as 1 device doesn't do BFD ..)

A graceful shutdown, would do a graceful shutdown of OSPF/BGP, which would mean removing them from the network, not just turning it off.

when I work on a OSPF node, i usually disable the ospf instance, leave it for a bit till all the routes have been recalced. then I can reboot as need.

Re: Feature requests

Posted: Mon Sep 01, 2014 6:29 pm
by roadracer96
BFD detects when the peer goes away based on the interval of the BFD messages x multiplier.. So .25 second message X 3 multiplier = .75 second detection time. If OSPF is shut down on an interface, BFD will get shut down and in .75 seconds, the routes on the other end will get dropped.

Graceful restart is an rfc defined here: http://tools.ietf.org/html/rfc3623

It lets you take the OSPF process on a router offline for reconfiguration or some other reason and it notifies the remote peers to NOT drop routes for a default of 120 seconds. This is helpful if you need to make a change to the OSPF processes but still want to forward traffic through the router while the reconfiguration takes place.

If Im hearing you right, you want the remote peers to drop routes FASTER when you stop the ospf process on a router or reboot the router (faster than the ospf hello intervals). This would be BFD. So yes, BFD does speed up convergence. The second a router goes offline, everything needs to reconverge. BFD makes this happen faster.

Re: Feature requests

Posted: Mon Sep 08, 2014 9:38 pm
by pochbba
Hi there Normis,

I would really appreciate having an save file/export ping/traceroute log function of each individual winbox ping/traceroute test.

Sometimes it comes handy when doing small tests and keeping them logged.

I know there are several 3rd party applications that actually do this. But having it integrated on ROS would make my life easier.

Regards

Re: Feature requests

Posted: Mon Sep 08, 2014 10:17 pm
by Trekkie
Is OVPN Client side LZO Compression and UDP support somewhere out there in plan? the wiki link is missing.

Re: Feature requests

Posted: Tue Sep 09, 2014 10:21 am
by xhaos
It would be very useful, to be able to setup a queue with target not only the interface name, but the interface's ingoing / outgoing /both direction.

for example I wish to configure mangle for internet QoS. Now we have to configure different mangle marking for incoming and outgoing traffic. But it would be much simpler, easier and fault-proof, if we could just mark the QoS priority markings in mangle and could have different queues for each traffic direction.
RouterOS as is, works perfectly for symmetric ethernet environments. But since we can use it for adsl router or even asymmetric wireless links, I think routerOS could provide some better tools.

Re: Feature requests

Posted: Tue Sep 09, 2014 3:00 pm
by Chupaka
you mean, simple queues? but they create up to three (upload, download and total) queues - why don't you use them all?..

Zabbix package for ROS ? more updated/actual Active queues ?

Posted: Thu Sep 11, 2014 1:26 am
by Zorro
is anyway to have native Zabbix support by RouterOS in frsbl future of it ?
also would personally welcome more updated/actual Active queues in RouterOS to handle/combat/prevent Network congestion. rather than static/notorious RED algo/type present already, which unsuable for production for number of reasons.
for example, RRED would be nice. aswell as other adaptive, attack/flooding-proof variants of AQM.
also bout moving RouterOS from vanilla Linux kernels to Zero Overhead Linux gossips - is actually such plans, yet ?
(this thing http://www.tilera.com/sites/default/fil ... aper_0.pdf meant, to be exact/specific)
also finishing/completing BFG routing implementation (auth and echo ?) also may be handy.

Re: Feature requests

Posted: Fri Sep 12, 2014 10:18 am
by Ciambot
Request:
RFC 5185 OSPF Multi-Area Adjacency

Re: Feature requests

Posted: Fri Sep 12, 2014 4:49 pm
by bds1904
Enable the openvpn client to accept an ipv6 address as a valid target address

Re: Feature requests

Posted: Wed Sep 17, 2014 10:46 am
by taduikis
Add some planned upgrade feature, that gets done upon next RouterOS start, no matter if shutdown/reboot was graceful or not. This of course should be voluntarily and separately triggered with required packages being uploaded in advance. It does add some risks of course, but I bet some people would/might be willing to take them.

I know this could be done at some level using v6 partitioning or achieved with scripts, but either way, having such function that you can choose not to use if you don't want, is still better, IMO.

Re: Feature requests

Posted: Fri Jan 23, 2015 11:21 am
by namake
Normis, can you add support of vmxnet adapters (that vmware esxi provide to virtual machines) ?

Re: Feature requests

Posted: Sun Feb 01, 2015 11:09 am
by wagguRQ
I would like that you will add a counter of errors (crc,drop,oversitse,collisions, e.t.c.).
It is desirable that you will add the iperf with the standard features, as well as the possibility
of using as a client or server. This tool needed for monitoring and diagnostic as well as will use
in a bundle with iperf which was installed on radios from the Ubiquiti Networks.

Re: Feature requests

Posted: Sat Feb 14, 2015 9:37 am
by erlt
MAC Address List . This is very useful especially in a topology where there are multiple subnets.

Re: Feature requests

Posted: Sun Feb 15, 2015 1:54 am
by Buzz
I need to show comments from users section at active tab in hotspot (comments r missing in active tab) , because my users are login with their mac address (MAC login method) so they appear in the active tab only with their mac not with there name nor their comments , it will be more easy if these mac address appear with their comment to easily know who is online

by the way if you comment any record in ip binding the comments will appear in hosts tab with this comment

thank u in advance

Re: Feature requests

Posted: Sun Feb 15, 2015 8:55 pm
by bronx
Add a command in script that allow us to read string from console and save it in one variable.

It's allow us to create user interactive script, useful on setup

Re: Feature requests

Posted: Mon Feb 16, 2015 12:52 pm
by remkolodder
Hi,

I would like to request a feature to extend the OpenVPN possibilities.
I would like to run multiple OpenVPN instances on the mikrotik. One for my incoming clients, and a few for peer2peer vpn links between servers.

Setup:
Clients: share some IP space on IPv4 and IPv6 front, /27 and /64.
P2P links: use unique /30's between eachother. Used as connection point to offer OSPF routing over the links (and traffic).

Re: Feature requests

Posted: Mon Feb 16, 2015 7:39 pm
by micromaxi
Please, create universal versatile graphing that allows user to set whatever value that is readable in ROS to be graphed. Combined graphing (e.g. CPU, memory and number of connected clients together in one graph) would be something extra!

And please, ensure that power loss, reboot or ROS upgrade will not erase old graphs. It is still unsolved bug that emmerges very often still in 6.18 (contemporary latest).
I would love to see uptime graph added to the graphing section. That way we dont have to run an extra snmp machine.

Re: Feature requests

Posted: Tue Feb 17, 2015 8:24 pm
by JanezFord
Please add ability to set WMM, HW Protection Mode, Preamble Mode, HW Retries, Adaptive noise immunity and other advanced mode parameters with CAPsMAN (v2) ... capsman is supposed to be used as controller in hotels, conference centres and similar scenarios and these options are useful in highly congested areas.

JF

Re: Feature requests

Posted: Wed Feb 18, 2015 3:22 am
by pants6000
I've got some:

Configurable view of ip/firewall fields in webfig like in winbox (I really could use to see the "address list" fields in the list!)

text config export from webfig's file menu

per-interface RPF & RPF logging

"safe mode by default" option so I can *never* be locked out of a remote router (unless I want to turn safe mode off, of course)

configurable COS/DSCP mapping

Re: Feature requests

Posted: Wed Feb 18, 2015 2:40 pm
by spippan
I would be nice that in /ip service I could set more ip address or one addres-list
erm, you actually can do this (not with ACLs but with multiple IPs)
Image

Re: Feature requests

Posted: Wed Feb 18, 2015 3:01 pm
by Rudios
I would be nice that in /ip service I could set more ip address or one addres-list
erm, you actually can do this (not with ACLs but with multiple IPs)
Image
Why not just block unwanted access by firewall?

Re: Feature requests

Posted: Tue Feb 24, 2015 8:34 pm
by pants6000
PPTP/PPPOE interfaces (all PPP? more?) are disconnected then re-connected when clicking "OK" on their /webfig/#Interfaces.Interface page, even if nothing has changed. It probably shouln't do that.

Re: Feature requests

Posted: Wed Feb 25, 2015 10:44 am
by grisina
For ease of use and functionality i would suggest to use TheDude for this - just remove probes, so no additional load anywhere, just network device map, where you can create device groups and operate with them (upgrade devices, for example). And if required, you can monitor your key routers in the network.

Re: Feature requests

Posted: Wed Feb 25, 2015 11:45 am
by BartoszP
Please add ability to set comment for dynamically added entries in address list.
This feature let for e.g. make script which resolves blocked IP addresses to their FQDN and puts it into comment field.

Linking scripts to VPN connection events

Posted: Fri Feb 27, 2015 3:42 am
by peper
There are couple of threads where users request feature to link scripts to firewall rules.
Those requests are logically rejected by developers cause this opens a pretty straightforward way to DDOSisng devices.

But there are other posts (in this thread inclusive) to link scripts to VPN events.
IMHO, this idea makes a lot of sense and is not open for DDOS attacks.
The need to use Scheduler or Netwatch for such simple task as "wake up my computer when I connect externally with VPN" is not very cool.

I've seen some requests to implement in ROS more global event triggering mechanism. It would be nice-to-have, but pretty sure, that it requires a huge development (and testing!) effort in comparison with enabling scripts for couple of selected objects, requested more often than others.

Re: Feature requests

Posted: Fri Feb 27, 2015 9:54 am
by kraic
background scan please

Re: Feature requests

Posted: Fri Feb 27, 2015 8:58 pm
by JOFO
Could you please add latest drivers for Realtek RTL8111 ethernet controller? With actial ROS v6.27 it's randomly freezing eth interface. It's in the iface list, but no traffic can pass through.. Only reboot resolves this state, but only for short time (sometimes it's 3 days, sometimes it crashes after couple of hours). It's useless with such behavior..

Re: Feature requests

Posted: Sat Feb 28, 2015 12:39 am
by ZeroByte
Ability to specify which prefix from-pool to use on a specific interface.

Suppose ISP assigns a /60 and I want to specify WHICH of my /64s goes to which interface....
Currently, Mikrotik ignores the bits 61-64 and chooses on its own which of the 16 prefixes to use.

In Cisco, prefix and pool are masked together, and I am spoiled by this feature:
e.g. Loop0 -> ipv6 address ISP1POOL ::ff:0:0:0:1/64

If ISP assigns /60 I would like an ability like this:
ISP --> 2001:db8:0:c000::/60 -> pool ISP
I want to be able to hard-code:
ether1 = ::1:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c001::1
ether2 = ::2:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c002::1
ether3 = ::3:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c003::1
GuestBridge = ::f:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c00f::1

With current behavior, if I disable ether2 and reboot, ether3 would get 2001:db8:0:c002::1

Re: Feature requests

Posted: Mon Mar 02, 2015 8:32 pm
by BartoszP
Please add ability to assign interface to DHCP network as now there is no possibility to define same subnets for different interfaces which are in different L2 domains defined by VLANs.
See this thread: http://forum.mikrotik.com/viewtopic.php ... 8b#p471529

Re: Feature requests

Posted: Tue Mar 03, 2015 1:08 pm
by spippan
I would be nice that in /ip service I could set more ip address or one addres-list
erm, you actually can do this (not with ACLs but with multiple IPs)
Image
Why not just block unwanted access by firewall?

exactly ... IMHO also the way more serious and clean solution

i just wanted to point out, that if someone does not want to "struggle" with firewall rules, there is also a specific ACL("-like") option here ;)

Re: Feature requests

Posted: Wed Mar 04, 2015 5:04 pm
by Garga220
Is it possible to get OIDs for average CPU, like 5min average or 1h average to be used with different monitoring tools ?
Or maby some kind od print command to get average value?

Re: Feature requests

Posted: Thu Mar 12, 2015 12:47 pm
by roli
Functionality such as DNETMAP

Re: Feature requests

Posted: Thu Mar 12, 2015 1:55 pm
by Garga220
Functionality such as DNETMAP
+1

Re: Feature requests

Posted: Thu Mar 12, 2015 8:49 pm
by avlipa
Could you please add Proxy support for the OpenVPN client on RouterOS?
Winbox utility doesn't have this option.

Re: Feature requests

Posted: Fri Mar 13, 2015 12:56 pm
by novaquadri
Please integrate some functions to measure parameters such as swr or return loss

Re: Feature requests

Posted: Mon Mar 16, 2015 10:55 pm
by avlipa
Please add TLS-AUTH in RouterOS OpenVPN Client. AFAIK there is no possibility to connect to OpenVPN Access Server software solution without this feature.

Re: Feature requests

Posted: Tue Mar 17, 2015 7:51 pm
by hossain2004a
I don't know if someone tell this before.
But is it possible when you shutdown/reboot the RB, the COUNTERS wouldn't reset at all and continue working?

Re: Feature requests

Posted: Fri Apr 03, 2015 6:33 pm
by dohmniq
New property for /ip firewall mangle rules:

tcp-length(integer[-integer]:0..65535; Default: ) Matches tcp packets with specified tcp payload length or length range in bytes.

Useful for prioritizing zero-length ack packets over other upstream traffic.

As a rough hack/work-around we can use:

packet-size=40-52

(most TCP 0-payload-length packets I've seen are either 40 or 52 bytes depending on TCP options)

Re: Feature requests

Posted: Sat Apr 04, 2015 5:36 pm
by karwos
Add new attributes to PCQ classifier:
dst-mac-addr, src-mac-addr

IP working only on plain IP packets (etherType=0x800),
when device working in bridge mode and passing VLAN, VLAN-in-VLAN, PPPoE packets - it's not properly placing packets in queue (they are bpassed).
Solution is to make few other checks on packet (need more clock cycles), so simplier will be to add src/dst hw addr policier ...

Re: Feature requests

Posted: Mon Apr 06, 2015 8:19 pm
by Chupaka
Functionality such as DNETMAP
+1
isn't it already here?.. just use 'action=netmap" in 'dstnat' chain...
Please add ability to set comment for dynamically added entries in address list.
This feature let for e.g. make script which resolves blocked IP addresses to their FQDN and puts it into comment field.
[admin@TestPlace] > /ip firewall address-list 
[admin@TestPlace] /ip firewall address-list> add list=mylist address=1.1.1.1 dynamic=yes comment="FQDN.HERE"
[admin@TestPlace] /ip firewall address-list> print where list=mylist 
Flags: X - disabled, D - dynamic 
 #   LIST                                                 ADDRESS                         TIMEOUT             
 0 D ;;; FQDN.HERE
     mylist                                               1.1.1.1                        
[admin@TestPlace] /ip firewall address-list> 


Re: Feature requests

Posted: Tue Apr 07, 2015 6:44 am
by IntrusDave
MAC Address List . This is very useful especially in a topology where there are multiple subnets.
+1 on the MAC address Lists.

Even better would be MAC Address Lists with a wildcard option.

Re: Feature requests

Posted: Wed Apr 08, 2015 11:25 am
by Buganah
hi if it is possible to have the pppoe server listens to serveral interfaces instead of one interface ..
i have 7 vlans and i have to have 7 pppoe servers for each vlan interface it would be nice to have one pppoe server for 7 interfaces

Re: Feature requests

Posted: Wed Apr 08, 2015 11:49 am
by tomaskir
hi if it is possible to have the pppoe server listens to serveral interfaces instead of one interface ..
i have 7 vlans and i have to have 7 pppoe servers for each vlan interface it would be nice to have one pppoe server for 7 interfaces
Create a bridge, use split bridge horizon to isolate the ports, and create a PPPoE server on that bridge.

Re: Feature requests

Posted: Thu Apr 09, 2015 10:00 am
by Zorro
would be nice to had offline RouterOS wiki WITHIN routerboards and CCR. so consumers may configure it, to be ONLINE,to read online version of it, without throwing hair away or running panicking in circles.
wouldn't be much space in internal storage(flash is cheap as dirt, btw). even infrequently updated/obsolete/refernce version would help, but better it become part of ROS and keept up-to date with RoS itself, consitently/smoothly.
or had credit-card-sized CD-R disc with manul in html/pdf in it, but thats less cool/easy to use(and CD/DVD drives slowly become rare/uncommon in consumers desktops/portables).

and to fix ARP filtering(mysteriously work not always). and now bout NDP filtering its work?

how about ad-hoc routing protocols. batman, open garden alike non-propretary counterparts and etc variations.

grasshopper/stribot chiper for WiFi and VPN's (and for SSH and for rest stuff).

Feature requests

Posted: Wed Apr 15, 2015 3:53 pm
by jarda
I don't think there should be wiki inside the devices or on enclosed cd as it cannot be updated on live so it would make big mess.

I would suggest to have wiki according the ros version together with the ability to show differences between two ros versions directly on wiki pages. It would be very helpful for migration of configurations and scripts that normally fail and need to be debugged many times after an update.

Re: Feature requests

Posted: Fri Apr 17, 2015 1:45 pm
by PtDragon
Please don't forget to add for VPN clients ability to use specific IP.
Please add good load balancing for VPNs(got lot of problems with it).

Re: Feature requests

Posted: Wed Jun 10, 2015 12:55 pm
by nickjail
Hi!

Need snmpget, snmpwrite, snmpwalk tools to monitor and control status of remote network hardware via router. For example, monitor UPS via snmp, reboot hardware and so on.
Yes, ups package already exist but it capable with APC only and interface cable lenth is limiting factor...
Really need. Thx!

Re: Feature requests

Posted: Thu Jun 18, 2015 3:24 pm
by pqatsi
Is OVPN Client side LZO Compression and UDP support somewhere out there in plan? the wiki link is missing.
OVPN Server+Client LZO+UDP+AES

Re: Feature requests

Posted: Thu Jul 02, 2015 11:11 pm
by dancms
Feature request:

Ability to specify boot-file-name on a per static lease basis. This would add much needed flexibility for rather than using the global setting at the 'ip dhcp-server networ' level where all clients receive the same file.

Re: Feature requests

Posted: Fri Jul 03, 2015 1:59 am
by Chupaka
Feature request:

Ability to specify boot-file-name on a per static lease basis. This would add much needed flexibility for rather than using the global setting at the 'ip dhcp-server networ' level where all clients receive the same file.
for now you should be able to create Network entry per IP with changed settings (just set address=x.y.z.h/32 netmask=24 or something)

Re: Feature requests

Posted: Fri Jul 03, 2015 2:06 am
by dancms
Creates a little more clutter than needed but good work around. Much appreciated!

Re: Feature requests

Posted: Fri Jul 03, 2015 11:07 am
by jexem
Hi!

It would be fine to Support UAPSD. All Voip Wifi Phones did support and need this to work. I think many People need this to integrate in Offices an Hospitality Sector. Also Power Drain of Smartphones should be better. Is there any Progress about this thing?

Thank you
Juergen

Re: Feature requests

Posted: Sat Jul 04, 2015 11:24 am
by miasik
Add method POST and custom headers(as curl -H) support to /tools fetch.
Need for Yandex API, for example.

Re: Feature requests

Posted: Mon Jul 06, 2015 4:07 am
by dukejjjj
hi

Can add Shadowsocks server & client ?

Re: Feature requests

Posted: Mon Jul 06, 2015 8:23 am
by Bigfoot
Hi

Can you add a Column with Src IP address in the Web Proxy Cache Contents. :)

Bigfoot

Re: Feature requests

Posted: Tue Aug 18, 2015 12:40 pm
by Bigfoot
Hi

On the Resource Graphs is possible to add voltage and temperature , UPS like the CPU, HDD & Memory on the resource graphs in web interface.

Bigfoot

Re: Feature requests

Posted: Tue Aug 18, 2015 6:06 pm
by agrevtcev
It would be nice to implement ECDSA certificates support. So we could finally mitigate IPSEC IKE UDP fragmentation issue, without sacrificing certificate security level, as cryptoanalysts say. Thanks alot.

Re: Feature requests

Posted: Fri Sep 04, 2015 10:22 am
by UMarcus

Re: Feature requests

Posted: Mon Sep 07, 2015 10:15 am
by Ivoshiee
The ROMON tool should have an ability to discover IP-addresses as well.

Re: Feature requests

Posted: Mon Sep 07, 2015 5:09 pm
by mchoco
Provide a simple way to use switch chip to do wire-speed IP routing. Although the switch chips can only support limited routing rules, it can serve smaller setups well.

Re: Feature requests

Posted: Mon Sep 07, 2015 6:21 pm
by marrold
Ability to 'fetch' and save into variable without saving to file.

E.G -

$ curl ifconfig.co
45.212.4.56

Re: Feature requests

Posted: Mon Sep 07, 2015 6:51 pm
by vortex
Provide a simple way to use switch chip to do wire-speed IP routing. Although the switch chips can only support limited routing rules, it can serve smaller setups well.
This is interesting. Could you please elaborate?

Re: Feature requests

Posted: Sun Sep 13, 2015 12:38 pm
by ahmedramze
Hello

Please Can Add service name on PPP active to be able to sort users according to the port or re-sellers
sermik.PNG

Re: Feature requests

Posted: Mon Sep 14, 2015 9:13 am
by mmmigoro
Add option to set BGP origin in Action-Filters see: http://forum.mikrotik.com/viewtopic.php?f=14&t=98807

Re: Feature requests

Posted: Mon Sep 14, 2015 2:41 pm
by zoj
Add option to define in radius configuration tab, IP by which will be sending always request to Radius server

I have 30 IP's and MT always is sending request to radius server via first IP. Sometimes something is wrong and MT is trying send request via other IP.
Problem is that on radius server i have configured rules to only received radius request from one IP.

Re: Feature requests

Posted: Mon Sep 14, 2015 3:39 pm
by tomaskir
Add option to define in radius configuration tab, IP by which will be sending always request to Radius server

I have 30 IP's and MT always is sending request to radius server via first IP. Sometimes something is wrong and MT is trying send request via other IP.
Problem is that on radius server i have configured rules to only received radius request from one IP.
You can already do this...
/radius
add address=1.1.1.1 secret=123456 service=login src-address=10.0.0.100

Re: Feature requests

Posted: Tue Sep 15, 2015 6:42 am
by zoj
Add option to define in radius configuration tab, IP by which will be sending always request to Radius server

I have 30 IP's and MT always is sending request to radius server via first IP. Sometimes something is wrong and MT is trying send request via other IP.
Problem is that on radius server i have configured rules to only received radius request from one IP.
You can already do this...
/radius
add address=1.1.1.1 secret=123456 service=login src-address=10.0.0.100
Thank you, so if I'm using ppp, my configuration should look like that:
add address=1.1.1.1 secret=passwd service=ppp,login src-address=212.121.121.121
1.1.1.1 - Radius IP
212.121.121.121 - IP address on MT which i would like use to send request to Radius server

That's mean that MT always sends request to Radius server by this IP ( 212.121.121.121), is it ?

Re: Feature requests

Posted: Tue Sep 15, 2015 7:35 am
by gcsuri
Hi All,

could you add a "skip" option to netwatch system, please?
So when netwatch pings a host and sometimes it has a timeout the host goes down immediately... and goes up on the next ping. It occurs because of a transmission timeout or something else but the host doesn't inaccessible.
If we had a "skip" option to be set to "3" for example then the system could skip 3 timeouts and the host doesn't get down on a simple ping timeout until it has 3 timeouts. When "skip" is "0" all goes the same than before.

thank you much!

Gabor

Re: Feature requests

Posted: Tue Sep 15, 2015 1:22 pm
by WirelessRudy
Hi All,

could you add a "skip" option to netwatch system, please?
So when netwatch pings a host and sometimes it has a timeout the host goes down immediately... and goes up on the next ping. It occurs because of a transmission timeout or something else but the host doesn't inaccessible.
If we had a "skip" option to be set to "3" for example then the system could skip 3 timeouts and the host doesn't get down on a simple ping timeout until it has 3 timeouts. When "skip" is "0" all goes the same than before.

thank you much!

Gabor
I second this! It has been asked before but it might serve to post this again. Same counts for `watchdog` feature. We should have the option to set the 'time' of a timeout and the amount of timeouts.
Now a single missing ping immediately reboots the router. At times this is not desirable....

Posted: Tue Sep 15, 2015 5:18 pm
by jarda
...

Feature requests

Posted: Tue Sep 15, 2015 5:19 pm
by jarda
I asked very long time ago for implementing full set of ping features to netwatch tool. This would solve all such particular requests at once.

Re: Feature requests

Posted: Wed Sep 16, 2015 8:59 pm
by zoj
Do you have a plan to add IPSec Road Warrior + AAA via Radius ?
I know that i can configure it on MT but it doesn't support Radius

Re: Feature requests

Posted: Sat Sep 26, 2015 11:08 pm
by jondavy
it would be interesting to show comments in the active dynamic PPPoE interfaces registered in Secrets
and also the comments registered in hotspot users to appear in Active users

as with the wireless tables

Re: Feature requests

Posted: Thu Dec 03, 2015 10:02 pm
by metricmoose
I would appreciate the ability to use multiple radius servers simultaneously. For example, having a Hotspot setup that can use the built-in Userman package as well as say, a FreeRADIUS server. Right now, if you add multiple radius servers, RouterOS will use the first one unless it times out or otherwise fails. If the first radius server replies to RouterOS telling it that the user wasn't found, then it will stop looking despite there being multiple entries for hotspot radius servers.

Re: Feature requests

Posted: Fri Dec 04, 2015 7:32 pm
by pants6000
Being able to set the RADIUS source IP to an interface instead of an explicit IP address would be useful... for me, at least!

We have ROS boxen that speak RADIUS over a VPN to our freeradius servers; if I could set the RADIUS request source IP to the VPN interface, it would make for simpler "cookie cutter" config when rolling such things out or making changes.

Re: Feature requests

Posted: Mon Dec 07, 2015 2:34 am
by omega-00
Being able to set the RADIUS source IP to an interface instead of an explicit IP address would be useful... for me, at least!

We have ROS boxen that speak RADIUS over a VPN to our freeradius servers; if I could set the RADIUS request source IP to the VPN interface, it would make for simpler "cookie cutter" config when rolling such things out or making changes.
If you're doing this as part of the deployment it's probably better (IMHO) to use part of the config script to determine the IP address for that interface and set it up because it's a once off, while your IP address on an interface could change (or an interface could have multiple IP's)

Zorp instead of "Web proxy"

Posted: Tue Dec 08, 2015 1:10 am
by Zorro
would be nice to had zorp in (future versions of?)ROS, cuz for 95% "Web Proxy" usage by networkers - its do Better. faster, low resource footpring, Way more secure, extendable/manageable, etc.

Winbox SSL Certificate

Posted: Tue Dec 08, 2015 7:53 pm
by tr00g33k
It would be really great if you could add feature, that certificate is needed on client to directly connect to winbox from anywhere. We have a lot of client, and sometimes its realy annoying to always setup vpn, or always have to coonect to office and then to clients. It would be much easies, if i would have one certificate for all client, that I could connect directly to client via winbox securly.

Maybe anybody else opinion? :)

Re: Feature requests

Posted: Tue Dec 08, 2015 11:07 pm
by Chupaka
Use ssh with key, then forward WinBox port to local router :)

Re: Feature requests

Posted: Thu Dec 10, 2015 5:23 am
by Zorro
for primarily "emergency networking management" perhaps SSTP would b better choice because its more traversable, despite overhead, delays, IMHO.
otherwise, ROS support various things starting from IPIP and other stuff, which combined with (any kind of prefered)crypto would do trick.

p.s.
perhaps would make sense for mikotik - etend ipip to ipipv2 with gcm/eax/cwc/ocb-ciphers(aside cbc/xts legacy, ought to be deprecated soon)

Re: Feature requests

Posted: Sun Dec 13, 2015 9:33 pm
by poizzon
request for RFC 4578
https://tools.ietf.org/html/rfc4578

DHCP option, Arch type for PXE.

RouterOS, has everything for it, very useful for pc's with UEFI bios

Re: Zabbix package for ROS ? more updated/actual Active queues ?

Posted: Mon Dec 14, 2015 10:59 pm
by odge
also would personally welcome more updated/actual Active queues in RouterOS to handle/combat/prevent Network congestion. rather than static/notorious RED algo/type present already, which unsuable for production for number of reasons.
for example, RRED would be nice. aswell as other adaptive, attack/flooding-proof variants of AQM.
also bout moving RouterOS from vanilla Linux kernels to Zero Overhead Linux gossips - is actually such plans, yet ?
(this thing http://www.tilera.com/sites/default/fil ... aper_0.pdf meant, to be exact/specific)
also finishing/completing BFG routing implementation (auth and echo ?) also may be handy.
AQM... codel and fq_codel... the power that this can add, to the power user, and to a wizard setup, would just be insane seller...

Re: Feature requests

Posted: Mon Dec 21, 2015 10:13 am
by 78mzm
thenk you for sbjtect

Re: Feature requests

Posted: Mon Feb 08, 2016 9:05 pm
by sney
More verbose DNS lookups. Like you can do with dig on *nix systems. It would be immensely helpful for dns troubleshooting to get more than just an ip back, e.g. record types, responding server.

Re: Feature requests

Posted: Fri Feb 12, 2016 10:18 pm
by reitblatt
Layer 2 tunneling over GRE.

Right now only IP (Layer 3) over GRE is supported, and EoIP uses the GRE protocol number, but is actually a different protocol w/ a similar header layout. Linux already support for L2 GRE (gretap), so hopefully not too onerous development.

Re: Feature requests

Posted: Mon Feb 22, 2016 5:28 pm
by lormayna
PPPoE PADO Delay.
It would perfect to provide BRAS redundancy and load balancing when you have different backhauling with different latency and load.

Re: Feature requests

Posted: Mon Feb 22, 2016 5:39 pm
by omidkosari
http://forum.mikrotik.com/viewtopic.php ... 50#p235456
Umetered Content for PPPoE . 'Unmetered Content' services aren't counted against your monthly download inclusion

http://forum.mikrotik.com/viewtopic.php?t=59745

Re: Feature requests

Posted: Wed Feb 24, 2016 5:52 am
by isolnet
I think User Manager needs improvement....

Re: Feature requests

Posted: Tue Mar 01, 2016 3:46 pm
by andersonlich
Separated or dedicated vcpu at CCR to process control-plane and data-plane. Or maybe the next ccr platfrom has 2 socket CPU, which separated to process control-plane and data-plane.

I know it seems silly but please consider the benefit of it.

Re: Feature requests

Posted: Wed Mar 23, 2016 12:59 pm
by Florian
Hi.

Is this topic still read by the devs ?

Re: Feature requests

Posted: Wed Mar 23, 2016 4:02 pm
by Chupaka
devs don't visit this forum

Re: Feature requests

Posted: Tue Mar 29, 2016 5:09 pm
by andersonlich
We know that in mikrotik is able to do DHCP with radius. But the missing tool is the accounting request in DHCP is not available yet. Can we have this feature ?

Re: Feature requests

Posted: Fri Jun 17, 2016 2:49 am
by dendzo
Route availability base on an remote IP.

I would like to have route availability based on some other IP. Let's say you add a new option below Check Gateway that would be something like check another gateway (my gateway's gateway for example) or just any other IP like 8.8.8.8. And if that IP becomes unavailable over that specific route it can make it unreachable/inactive so other route with higher Distance can became in charge. Check Gateway option does not work when your provider puts router on your premises. And if provider's router loses connection to it's remote router, you still have your gateway (because you have a router on your premises) and so for you, gateway is reachable, but you actually don't have internet access and that route looks good.

It would help very much in regards to failover.

Re: Feature requests

Posted: Fri Jun 17, 2016 5:43 am
by ZeroByte
Route availability base on an remote IP.
...
It would help very much in regards to failover.
You can do it using a recursive next hop/net watch.

Re: Feature requests

Posted: Mon Jun 20, 2016 11:52 am
by teddyhsu
Hi,

I need a sequence number for ip hotspot wall-garden and wall-garden ip list on winbox.
It can be very useful on debug wall-garden list issue.

Re: Feature requests

Posted: Mon Jun 20, 2016 3:52 pm
by Cha0s
Route availability base on an remote IP.

I would like to have route availability based on some other IP. Let's say you add a new option below Check Gateway that would be something like check another gateway (my gateway's gateway for example) or just any other IP like 8.8.8.8. And if that IP becomes unavailable over that specific route it can make it unreachable/inactive so other route with higher Distance can became in charge. Check Gateway option does not work when your provider puts router on your premises. And if provider's router loses connection to it's remote router, you still have your gateway (because you have a router on your premises) and so for you, gateway is reachable, but you actually don't have internet access and that route looks good.

It would help very much in regards to failover.
+1

I know that currently this can be achieved by using Netwatch and some scripting but it would be much easier if it were available directly on the route's properties.

Re: Feature requests

Posted: Mon Jun 20, 2016 4:33 pm
by Chupaka
I know that currently this can be achieved by using Netwatch and some scripting but it would be much easier if it were available directly on the route's properties.
it is available even without scripting: http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting

Re: Feature requests

Posted: Mon Jun 20, 2016 4:39 pm
by Cha0s
Thanks, I wasn't aware of that!

Still, it would be easier to just be able to define what IP to probe for a specific route, rather than having to create extra static routes and play with scope to achieve this (if I understand the wiki page correctly)

Re: Feature requests

Posted: Tue Jun 21, 2016 12:35 pm
by toodark
nginx package/service

I'd really like to have an nginx server inside (or at least as an add on package) in routeros. It opens up endless possibilities for application level based forwarding, reverse proxying, caching etc. I believe it's also useful for home users when they have only a single public ip: this way internal http based services could be easily mapped into a single ip.
I'm aware that one might achieves this by installing an openwrt meta package then install nginx into it, but I feel that would be a huge waste of resources.
thanks

Re: Feature requests

Posted: Tue Jun 21, 2016 9:30 pm
by ZeroByte
Thanks, I wasn't aware of that!

Still, it would be easier to just be able to define what IP to probe for a specific route, rather than having to create extra static routes and play with scope to achieve this (if I understand the wiki page correctly)
Well, even with the option to ping some specific address (other than the GW) you would still need to create a /32 route that forces the test target via a particular interface, or else the route will flap as the GW points to failed link, ping fails, route changes to backup path, ping starts working (via backup), primary route re-activated, pings fail, etc etc etc.

Re: Feature requests

Posted: Tue Jun 21, 2016 9:47 pm
by freemannnn
I want a color like blue when queue is in burst mode

Re: Feature requests

Posted: Tue Jun 21, 2016 10:12 pm
by Cha0s
Well, even with the option to ping some specific address (other than the GW) you would still need to create a /32 route that forces the test target via a particular interface, or else the route will flap as the GW points to failed link, ping fails, route changes to backup path, ping starts working (via backup), primary route re-activated, pings fail, etc etc etc.
The idea is that for the 'ping address' you define on the route, the pings to it will always go through that route's gateway address/interface.
If that route's gateway/interface is unreachable/down then the 'ping address' shouldn't get routed via any other route (even if there is another route to it). Otherwise it would be useless apparently (as you described).

In terms of the linux kernel and its networking, yes, obviously there needs to be a /32 route to that 'ping address' via that gateway/interface, and I would also add a second 'unreachable' route with distance 2 so that it won't get routed via another less specific route when the first route is down.
But all that could be handled/abstracted by routeros iteself in the background and not shown in /ip route (that would be confusing otherwise).
And all that in a way that those /32s don't interfere with other traffic to that IP (ie different/hidden routing tables).

The end result would be less work for the end user/admin, less room for errors and a much cleaner/intuitive configuration.

It believe it shouldn't be that difficult to implement.
But I wouldn't really mind if it weren't (since it can be achieved by other means, as mentioned already).
I just find it a useful feature :)

Besides, many things were added over the years that could be implemented via scripting or other methods and simplified our lives. Just to name a few: dns names on vpn intefaces, interface lists, dynamic dns client, automatic tcp mss clamping on tunnels, automatic ipsec setup on tunnels, etc, etc, etc).
Did anybody object to those because they already had scripts for them? ;) I know I didn't (even if it took me a looong time to replace my already stable scripts to those new features - which are very useful of course!)

Re: Feature requests

Posted: Wed Jun 22, 2016 3:56 am
by ZeroByte
Oh I'm ALWAYS in favor of making things 'just work right' via the usual config, especially overy scheduled scripts.

I think the suggestion is a good idea. I was simply adding to the other comment that a netwatch can accomplish the goal - noting that even specifying a remote ping target requires one more piece.

If implemented, I would expect to see a dynamic static /32 route in the routing table, and a dynamic secondary /32 blackhole.

Re: Feature requests

Posted: Wed Jun 22, 2016 11:58 am
by parham
I don't know if anyone requested adding  DPI  or User activity monitor but anyway can we have this feature Please.

Re: Feature requests

Posted: Wed Jun 22, 2016 2:11 pm
by nz_monkey
I don't know if anyone requested adding  DPI  or User activity monitor but anyway can we have this feature Please.
RouterOS is for routing, DPI is part of a UTM or NGFW solution.

Re: Feature requests

Posted: Thu Jun 23, 2016 12:21 am
by MikeFF
I hope they can add two things for the new RouterOS versions

One, Is that the OVPN client could support UDP connections, this because the OpenVPN servers in Linux (used plenty in all over the world) use this as default, and it will be pretty good feature to choose one of those in the config

Two, support TLS connections trough OVP Client, ussing ta.key for authentication, this is a very good security feature that is used also in OpenVPN.
No hand shake, no risk to be hacked or steal the certificates.....

I hope you can consider my suggestions.

Thanks a lot

Re: Feature requests

Posted: Fri Aug 26, 2016 1:07 pm
by lavv17
Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-marks" parameter stopped working.

Is it possible to create a template for the dynamic simple queues which are created for PPPoE users, so that I can specify some parameters like "packet-marks" or "queue" or "parent" there?

Re: Feature requests

Posted: Fri Aug 26, 2016 1:56 pm
by Chupaka
Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-parks" parameter stopped working.
what do you use them for?

Re: Feature requests

Posted: Sat Aug 27, 2016 5:47 pm
by Zorro
I don't know if anyone requested adding  DPI  or User activity monitor but anyway can we have this feature Please.
RouterOS is for routing, DPI is part of a UTM or NGFW solution.
i would call that bullshit.
you can't leave "bare naked" even backbone( even within private, isolated corporate network of), let alone border and etc. proportions are differ and hardware resources to cruch them, but generally thats Essential ANYWHERE. and anyone who underestimates that - will get hard/harsh lesson, im afraid.

Re: Feature requests

Posted: Tue Aug 30, 2016 12:03 pm
by lavv17
Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-parks" parameter stopped working.
what do you use them for?
I want to exclude some traffic from the rate limitation (so called local traffic). I used to mark non-local traffic and add the packet mark to all dynamic queues. Now it is not working. Please advise.

Re: Feature requests

Posted: Tue Aug 30, 2016 5:11 pm
by Chupaka
Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-parks" parameter stopped working.
what do you use them for?
I want to exclude some traffic from the rate limitation (so called local traffic). I used to mark non-local traffic and add the packet mark to all dynamic queues. Now it is not working. Please advise.
create a queue for local traffic and put it on the top. it will catch all local traffic, and all the rest will be caught by 'personal' queues

p.s. if you won't set any limits on that queue, don't forget to change at least something (like queue type) for this queue to actually work

Re: Feature requests

Posted: Mon Sep 05, 2016 11:26 am
by lavv17
create a queue for local traffic and put it on the top. it will catch all local traffic, and all the rest will be caught by 'personal' queues
p.s. if you won't set any limits on that queue, don't forget to change at least something (like queue type) for this queue to actually work
Cool! It seems to work. Much simpler and (as I suspect) faster. Thanks a lot!

Re: Feature requests

Posted: Mon Sep 05, 2016 11:56 am
by jarda
Fasttracking that traffic you want to be excluded from queues is much more efficient.
But keep the exclusion queue for the cases when some connections couldn't be fasttracked.

Re: Feature requests

Posted: Mon Sep 05, 2016 5:46 pm
by mpreissner
Please add support for EAP types on VPN connections as you do for wireless. Without EAP support, many security features such as NAP enforcement (using Microsoft NPS as RADIUS) won't work. Specifically, we need support for PEAP and EAP-MSCHAPv2 to get NAP working.

Also consider allowing the ability to set the NAS-Port-Type RADIUS attribute for VPN connections. Currently, ROS sends a NAS-Port-Type of Async for VPN connections. While this might be appropriate for a Dial-Up PPPoE, it is not appropriate for non-Dial-Up VPN connections, and would give us more flexibility in configuring access policies when using Microsoft NPS as a RADIUS server.

Re: Feature requests

Posted: Mon Sep 05, 2016 10:42 pm
by kimdobranski
When setting up a radius server, I *really,really,really* need these

1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.

2) i would like the option of putting a DNS instead if an IP (ie. radius1.myradiusserver.com, radius2.myradiusserver.com) in the address field.

Re: Feature requests

Posted: Mon Sep 05, 2016 10:45 pm
by kimdobranski
Need the WAN MAC address of the ROUTER (not the client) available as a hotspot variable.

Re: Feature requests

Posted: Tue Sep 06, 2016 12:20 am
by Chupaka
1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.
just add one more Radius Server entry with the same settings

Re: Feature requests

Posted: Tue Sep 06, 2016 10:53 am
by DmitryAVET
please add custom name for MAC-adresses and some detailed info about wireless client, like in ubnt unifi

Re: Feature requests

Posted: Tue Sep 06, 2016 12:28 pm
by lavv17
Fasttracking that traffic you want to be excluded from queues is much more efficient.
But keep the exclusion queue for the cases when some connections couldn't be fasttracked.
I have turned off connection tracking for most connections (using raw table), so it won't be efficient in my case.

Re: Feature requests

Posted: Tue Sep 06, 2016 5:04 pm
by opteron
Hi There,

We are using a Supermicro 5018 MLNT4 (https://www.supermicro.com/products/sys ... -MLTN4.cfm) with onboard C2000 SoC I354 Quad Nic.
This nic is not supportes... PLEASE ADD THE DRIVERS !

Re: Feature requests

Posted: Wed Sep 07, 2016 1:33 am
by mpreissner
Hi There,

We are using a Supermicro 5018 MLNT4 (https://www.supermicro.com/products/sys ... -MLTN4.cfm) with onboard C2000 SoC I354 Quad Nic.
This nic is not supportes... PLEASE ADD THE DRIVERS !
You're best bet there is to install a hypervisor on that server and run the CHR rather than the standard x86 ROS. Not only will you be able to use the onboard NICs, but you'll also be able to use more than 2GB RAM, and set up multiple instances so you can run in high availability.

That being said, you should have researched hardware compatibility before buying a server.

Re: Feature requests

Posted: Mon Sep 12, 2016 1:25 am
by SystemErrorMessage
DNScrypt for those filtering ISPs and for added DNS security.
Allowing the installation of software and user made libraries (perhaps java?)
Switch based STP variants and fixing route learning (all devices connected to CRS lose internet connectivity but not LAN when changing port router uses).

I know these have been asked for but for DNScrypt nothing is being said anything about despite a significant number of request (even consumer routers are using it).

Mikrotik needs to be ahead when it comes to network related features compared to what openwrt and consumer routers offer. Cant call yourselves a cisco alternative if its missing features. it doesnt need to come with printer and file sharing in the box (but software from others if can be installed can provide this feature).

Re: Feature requests

Posted: Mon Sep 12, 2016 4:07 pm
by joca
There is a possibility UPnP create firewall rules Only For Private ips ?

Re: Feature requests

Posted: Mon Sep 12, 2016 4:12 pm
by lavv17
I'd like to have a new feature: "graceful reboot".

Things to do before actual reboot:
1. disconnect ppp users (while not accepting new ones)
2. transition vrrp to backup state
3. disable external bgp peers
4. wait for routing convergence

Without these, there is a time frame when traffic loops and/or goes to a black hole; ppp users experience an abnormal connection termination.
Currently I have a script to do it, but it would be better to have it in the RouterOS.

Re: Feature requests

Posted: Tue Sep 13, 2016 1:06 pm
by hoop-banger
This one is related to winbox. Please make internal taskbar in winbox that show opened windows.
Image

Please see attached picture, taskbar is added in photo editor.

Re: Feature requests

Posted: Wed Sep 14, 2016 8:49 am
by Staj
DHCP Half-Bridge. LTE support is all well and good but without it, makes it hard to integrate into existing networks.

Re: Feature requests

Posted: Thu Sep 15, 2016 4:55 pm
by 2dfx
Hi all!
What about grouping rules in Winbox like in Microsoft TMG?
It's will be a great features!


See "Web Access Policy Group"
Image

Re: Feature requests

Posted: Thu Sep 15, 2016 6:27 pm
by ppereira
1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.
just add one more Radius Server entry with the same settings
Hi guys,

Using it like this , the next radius server will be used only when the first did not answer.

There is a way to configure it to be distributed the radius events ... like i configure 4 radius server .. and all radius traffic be process / 4 ?
Client 1 -> radius 1
Client 2 -> radius 2
Client 3 -> radius 3
Client 4 -> radius 4
Client 5 -> radius 1 ....

got it ?

I´m not saying that the actual way it works is bad or good i´m just thinking that could be nice have this option.

Re: Feature requests

Posted: Fri Sep 16, 2016 12:51 pm
by SiB
Add more details into System > History like:
  • More details in Action, the "filter rule changed" is to short, enter the details of the rule
  • Action Tab should write about "Delete/Insert/Add/Move 5 rules" with description like chain/comment/etc.
  • If I work on SafeMode then the history entry should be have a flag SafeMode - I know what will be safe or drop

Re: Feature requests

Posted: Sat Sep 17, 2016 12:44 am
by kimdobranski
1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.
just add one more Radius Server entry with the same settings
I created a second Radius Server with identical settings and changed the ip to an IP that is actually held by the same server, then i disabled the first entry, but mikrotik reports "Radius Server not responding". When i check the radius server logs, it show its authenticates correctly.

The radius server is set to listen on all ips and that is working, but for some reason the mikrotik is not receiving the response after the radius authenticates.

Re: Feature requests

Posted: Mon Sep 19, 2016 3:08 pm
by lavv17
Hello!

Nice features to have:
1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
2. NAT parameter to-addresses could refer to an IP pool.

Re: Feature requests

Posted: Tue Sep 20, 2016 6:34 pm
by LeoCombes
DHCP accounting through Radius

Would be nice if the routerOS dhcp-server allow logging with radius accounting.
We use dhcp-server from mikrotik (no radius auth) and we need have a log of each IP we offer to each client and when, through radius.

NOTE: accounting != auth

Accounting send "log" for each IP address leased or unleased to Radius server, regardless if IP address is served from external radius server or internal mikrotik DHCP server.

http://forum.mikrotik.com/viewtopic.php?f=19&t=85721

Re: Feature requests

Posted: Fri Oct 14, 2016 3:56 pm
by payam124
CloudFlare is about removing its API version 1 which allowed users to use get-only requests to modify settings.
I used an script + cloudflare free account to run my dynamic DNS

now in their new API, it is required to send header and ... https://api.cloudflare.com/#dns-records ... dns-record

it would be great if curl support become available


another reference: http://forum.mikrotik.com/viewtopic.php?t=108480

Re: Feature requests

Posted: Wed Oct 19, 2016 8:12 am
by Harlong
In any scripts for WAN failover, there's some difference for ipv4 and ipv6. When we test some host with /ping, we should know, what protocol (4 or 6) we use. For now, the only solution is to hardcode ipv4 or ipv6 addresses into script, hostnames can not be used, because we can not control, which address will be returned from :resolve.

So, it would be great, if :resolve command will have a parameter to resolve only ipv6(AAAA), only ipv4(A), or both(ANY).

Re: Feature requests

Posted: Mon Nov 07, 2016 12:13 am
by Kevo
Could we get a quickset mode for travel router. I'd like to have a mode that let's someone take a map lite and go to quickset and use it to log into the hotel wireless and have wireless repeater mode setup with an SSID they can log into for their devices. Ethernet could be setup with an option for local device access or hotel internet access if wired access exists in the room.

Right now there isn't really a mode that fits and it seems to require some manual config that is beyond the scope of what I would expect to train a traveling sales rep to deal with. Maybe there's a simpler method I'm overlooking. If so, someone please point it out to me.

Re: Feature requests

Posted: Tue Nov 08, 2016 4:59 am
by Wyz4k
Feature request: Wireless scan save-file should include all info

The current implementation of interface wireless scan 0 duration=5s save-file=temp.txt does not contain all of the information that you would see if you simply did a interface wireless scan 0 duration=5s.

More info: http://forum.mikrotik.com/viewtopic.php?f=1&t=114410

Re: Feature requests

Posted: Wed Nov 09, 2016 7:39 pm
by saaremaa
Support Radius attribute "Delegated-IPv6-Prefix"

Re: Feature requests

Posted: Thu Nov 10, 2016 9:39 pm
by soomanyquestions
It would be useful and cool to see aggregate statistics in the Graphing tool instead of just each individual interface. It should probably be quite easy to add cause all the data is allready there.

Re: Feature requests

Posted: Thu Nov 10, 2016 10:58 pm
by jiminneworleans
I'd like to see more buttons in general. Seriously though it would be nice to have a few simple firewall scripts one could choose upon first configuration based on common home or small office scenarios for the cloud routers. I find myself excessively concerned over imagined gaping holes in my firewall scripts.

Re: Feature requests

Posted: Sat Dec 03, 2016 11:14 pm
by tomasi
Is there any chance of a Zabbix agent .npk listening on port 10050?

:lol: :lol: :lol:

Re: Feature requests

Posted: Mon Dec 12, 2016 4:59 pm
by lavv17
Yet another feature request:

add netwatch options to send TCP port probes (e.g. check if port 80 is open on a server for load balancing)

Re: Feature requests

Posted: Fri Dec 30, 2016 2:21 am
by rwf
We operate a lot of hotspots, using an external AAA/RADIUS solution.
It needs a NASID from the Mikrotik, and unfortunately Mikrotik sets this using ROuter Identity field.

The problem is that this limits us to one hotspot per router which is a huge waste of resources. We sometimes have to put 3 routers at a location to run multiple hotspots.

Can it be added that we place the NASID in the Hotspot Profile, and if it is blank it uses the router identity instead. That way it performs as it does now, but those of us who need different NASIDs can choose to do so.


What do y'all think?

Re: Feature requests

Posted: Sun Jan 15, 2017 1:38 pm
by tri
hi

I'd like to see a dummy network interface like one available in generic Linux kernel (http://www.tldp.org/LDP/nag/node72.html).

If all physical interfaces are DHCP it might simplify things to be able to assign a static addresses to an internal interface to make routing and firewall rules simpler.

Re: Feature requests

Posted: Sun Jan 15, 2017 7:21 pm
by freemannnn
how about adding an icon "L" next to each firewall-mangle-nat rules that this rule is "logged" so you can see easy what is logged and not.

Re: Feature requests

Posted: Sun Jan 15, 2017 8:33 pm
by Sob
Small improvements:
1) First column is for rule numbers, logging indicator would better fit in second one, which is sort of status column already.
2) Add a button to easily toggle logging for rule. I often need logging rules that I only quickly turn on and off again, to catch just a few packets. Before this very nice feature that any rule can be also logging rule was added, I used to make a duplicate rule for the one I was interested in, turned it into logging rule and put it before original one. The huge advantage was that it could be enabled/disabled by just one click. With these new non-dedicated logging rules, it requires 3-4 clicks. It may not seem as too much, but it is a little annoying.
easy-log.png

Re: Feature requests

Posted: Mon Jan 16, 2017 2:25 am
by Chupaka
I'd like to see a dummy network interface like one available in generic Linux kernel (http://www.tldp.org/LDP/nag/node72.html).

If all physical interfaces are DHCP it might simplify things to be able to assign a static addresses to an internal interface to make routing and firewall rules simpler.
just create a bridge (call it Loopback1 :)) and assign address to it
how about adding an icon "L" next to each firewall-mangle-nat rules that this rule is "logged" so you can see easy what is logged and not.
Right Click -> Show Columns -> Log. Voila!
Add a button to easily toggle logging for rule. I often need logging rules that I only quickly turn on and off again, to catch just a few packets.
as a workaround you may enable logging in the rule and then just press 'Undo' to disable it after a few seconds

Re: Feature requests

Posted: Mon Jan 16, 2017 11:12 am
by mada3k
I'm quite satisfied for the most part, but there is some things i miss from higher-end platforms.

Re: Feature requests

Posted: Mon Jan 16, 2017 9:02 pm
by Sob
Right Click -> Show Columns -> Log. Voila!
You're right, it's there. But not visible by default and too far at the right and "lost" between other columns when enabled. Since logging is useful option available for all rules, IMHO it would deserve more prominent place. But ok, it is usable this way.

And about the toggle button, I might want to quickly not only turn logging off, but also to turn it on, so I think it would be very convenient to be able to do it using only one click. And there's plenty of space for one additional button in button bar.

Re: Feature requests

Posted: Wed Jan 18, 2017 8:10 pm
by tri
I'd like to see a dummy network interface like one available in generic Linux kernel (http://www.tldp.org/LDP/nag/node72.html).

If all physical interfaces are DHCP it might simplify things to be able to assign a static addresses to an internal interface to make routing and firewall rules simpler.
just create a bridge (call it Loopback1 :)) and assign address to it
True dat. Thanks. Actually realized this almost immediately after posting. Still, for whatever reason, in Linux there is a dummy interface in addition to bridge. I wonder if there is some overhead involved.

Re: Feature requests

Posted: Wed Jan 18, 2017 8:15 pm
by tri
I often miss "copy rule" feature in web management firewall setup. What I'd like to be able to do, is to create a new rule from the existing one so that instead of starting from blank (as in "Add New") I would start with the data of an existing rule.

While this might be really useful especially for firewall rules, I think it could also be nice e.g. in PPP and some other segments too.

//Rinne

Re: Feature requests

Posted: Wed Jan 18, 2017 8:59 pm
by savage
If it hasn't been mentioned yet... In the wireless access-lists, you can provide the VLAN ID and VLAN Type for the client's traffic to be taged. In the registration table however, this information is not displayed. So once a client connects, you have no idea to which VLAN the traffic is going (especially when VLANs are assigned via AAA).

Can we include the VLAN information in the registration tables please?

Re: Feature requests

Posted: Thu Jan 19, 2017 4:06 pm
by tri
It would be extremely useful in many cases to have a ppp interface dynamically created form the ppp secret (when more than one connection is allowed and/or there is no explicit server binding) to be automatically added to a named interface list when it's created and removed when it's deleted.

Basically there is no need to limit this to dynamically generated interfaces. It might as well apply to a static interfaces if there is an explicit server binding. In any case it would be a property in PPP secret. Something like "Add interface to list: <menu-of-existing-interface-lists>".

I'm sure this would be hugely useful for many users.

Re: Feature requests

Posted: Thu Jan 19, 2017 4:16 pm
by Railander
did a quick search and only found a very old thread.

Add OID for SFP-specific port information such as:

Rx Power
Wavelength
Link Length
Connector Type
Vendor Name
Vendor Part Number
Vendor Revision
Vendor Serial
Manufacturing Date.

Re: Feature requests

Posted: Fri Jan 20, 2017 8:42 am
by AlexeyIlinsky
Hello it would be good to have optional Radius servers round robin rotation, not only from top to the bottom.

And in Tr069 we (in our configuration) feel like router identity would be useful information in inform update requests.

If that attribute would be writable that it would be easier to change router identity in initial provisioning instead of walk-around with .alter script download containing /system set identity..

Re: Feature requests

Posted: Thu Jan 26, 2017 12:24 am
by 2dfx
Please add the ability to specify more than one server. for OpVPN and SSTP
And check box "remote random"

Thanks!

Re: Feature requests for hardware

Posted: Thu Jan 26, 2017 1:54 pm
by shortcircuitonline
i m looking into future hardware if possible i hope one day mikrotik can produce some thing like this


cpe with 2 wlan or more wlan cards and same on base station side to
advantages as under:-
bonding to increase speed
may b fail over 2 different base stations or more
different frequency
different channels like 10/20/30/40
and more possibilities are there

shortcircuitonline
raj singh

Re: Feature requests

Posted: Fri Feb 03, 2017 9:29 am
by Dmitriy34
Hello.

How about accept RADIUS Attribute "Class" in CoA requests?

Re: Feature requests

Posted: Fri Feb 03, 2017 1:31 pm
by msatter
Not only being able to extend the timeout in address lists but also being able to reduce the timeouts by entering a lower timeout by a action in a firewall rule.

Re: Feature requests

Posted: Sat Feb 04, 2017 9:16 am
by ckleea
Is it possible to add /ip cloud ddns to x86 ROS? It is already available in routerboard hardware and I think it should be extended to x86.

Thanks

Re: Feature requests

Posted: Sat Feb 04, 2017 1:53 pm
by andriys
Is it possible to add /ip cloud ddns to x86 ROS?
This has been asked here many times before. Mikrotik usually answers that /ip cloud depends on RouterBOARD serial number, so it can not be just added to x86 as it is. And there are no plans to work on any alternative solution.

Re: Feature requests

Posted: Sat Feb 04, 2017 4:16 pm
by ckleea
Is it possible to add /ip cloud ddns to x86 ROS?
This has been asked here many times before. Mikrotik usually answers that /ip cloud depends on RouterBOARD serial number, so it can not be just added to x86 as it is. And there are no plans to work on any alternative solution.
I also have a mikrotik serial number for my ROS installed on my x86 hardware. Their logic is not correct

Re: Feature requests

Posted: Sat Feb 04, 2017 4:19 pm
by andriys
I also have a mikrotik serial number for my ROS installed on my x86 hardware. Their logic is not correct
No, you don't. Software ID is not the same as hardware serial number.

Re: Feature requests

Posted: Mon Feb 06, 2017 11:37 am
by saaremaa
Please implement this command:
/ip service set dns address=192.168.0.0/24 disabled=no

Re: Feature requests

Posted: Mon Feb 06, 2017 12:33 pm
by savage
Please implement this command:
/ip service set dns address=192.168.0.0/24 disabled=no
+1 MT by default being a open resolver is a HUGE pita. You can't expect an ISP with thousands of customers to protect them all, and you can't expect thousands of Mikrotik users to know how to protect their router either. I know of multi 10GB/s ISPs that went down completely due to MT being used in DNS amplification attacks.

Yes, you can block it in firewall, but as soon as you do you loose piles of features (ala fastpath/fasttrack/connection tracking/etc). Silly that other services can be protected by /ip services, but not CRITICALLY VULNERABLE services, such as DNS, SMB, Proxy, Socks, etc. which is known to be used in exploits and DDoSes.

Would like every service MT runs (SMB, Socks, Proxy, DNS, etc.) to all have ACLs in /ip services AFAIK, and would be good to have it 'locked down' by default to say 1921.68.1.0/24 seeing that the default IP on hardware devices is 192.168.1.1/24.

Re: Feature requests

Posted: Mon Feb 06, 2017 12:54 pm
by expert
Would like every service MT runs (SMB, Socks, Proxy, DNS, etc.) to all have ACLs in /ip services AFAIK, and would be good to have it 'locked down' by default to say 1921.68.1.0/24 seeing that the default IP on hardware devices is 192.168.1.1/24.
Afaik factory default is 192.168.88.1/24, but I agree. On the other hand, DNS on MK is totally obsolete service. Running DNS service on internet gateway is fundamentally a security risc. It also does not support modern features like DNSSec, so I would rather go with Ubound or Knot running on dedicated host.

Re: Feature requests

Posted: Mon Feb 06, 2017 1:22 pm
by savage
On the other hand, DNS on MK is totally obsolete service. Running DNS service on internet gateway is fundamentally a security risc.
As is NTP Servers (ntp server magically disappeared from ROS in some version), web proxy, socks (really now, who still uses socks?), smb, and I'm sure other things too. Unfortunately, that seems to be what consumers want. Just really wish we could have all these things in separate packages so that we don't have to always have them installed.

Most of these services, belong on proper servers yes. I'm all for moving all these things (at the very least) to a meta router image, which is completely separated from ROS and installed at will, not by default. Userman is separated, dude is separated, I fail to see why the other stuff can't be made separated as well.

Re: Feature requests

Posted: Mon Feb 06, 2017 8:27 pm
by Sob
NTP server was always separate package, as long as I remember. Other stuff could be moved into one (or more) too, but there probably isn't good enough reason to do it (not counting your peace of mind :)). If you don't enable any of it, all this stuff does is taking few hundreds kilobytes of disk space at most.

And of course consumers want it, it's because it's useful for them. If you're big ISP, it does not make any sense to run e.g. DNS resolver on RouterOS (not in its current state with very limited features, that's for sure). But if you're home user or small office, then it's the exact opposite. Keeping dedicated machine for this stuff is huge overkill. Current routers are pretty powerfull and can easily handle all these little extras and still manage to stay bored.

Btw, I think SOCKS is very underrated. It works with TCP and UDP, support both outgoing and incoming connections, supports authentication, can be used as IPv4/IPv6 proxy, and still it's very lightweight. It may not sound as much now, since almost everyone took different path, but this all was available since 1996 (year of SOCKS5 RFC). Why things like HTTP CONNECT caught on instead of this is beyond me. It still has some fans. ;)

Re: Feature requests

Posted: Mon Feb 06, 2017 11:31 pm
by Arcticfox
Can you make a small feature for mAP devices such as USB-NIC?

Re: Feature requests

Posted: Tue Feb 07, 2017 9:50 am
by savage
Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)

Re: Feature requests

Posted: Tue Feb 07, 2017 10:07 am
by nz_monkey
Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)
This has been requested, and confirmed by Mikrotik for routing filters in v7.

Re: Feature requests

Posted: Tue Feb 07, 2017 10:13 am
by savage
Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)
This has been requested, and confirmed by Mikrotik for routing filters in v7.
Oh fantastic! So, when can I get V7 then :lol:

Re: Feature requests

Posted: Thu Feb 09, 2017 2:50 pm
by lavv17
Filtering packets in chain=input can affect srcnat. So it would be nice to limit filtering to local routers's IP addresses. But it would be hard to maintain such a list of addresses, if the router's configuration is changed from time to time.

So here goes a feature request: an automatic address-list "local-router" (or similar name) which is generated automatically from the local IP addresses of the router.

P.S. Thanks to msatter who pointed out the existing
dst-address-type=local
option.

Re: Feature requests

Posted: Thu Feb 09, 2017 3:25 pm
by msatter
Filtering packets in chain=input can affect srcnat. So it would be nice to limit filtering to local routers's IP addresses. But it would be hard to maintain such a list of addresses, if the router's configuration is changed from time to time.

So here goes a feature request: an automatic address-list "local-router" (or similar name) which is generated automatically from the local IP addresses of the router.
There is the option:
src-address-type (unicast | local | broadcast | multicast; Default: )

Matches source address type:

unicast - IP address used for point to point transmission
local - if address is assigned to one of router's interfaces
broadcast - packet is sent to all devices in subnet
multicast - packet is forwarded to defined group of devices
And this one can also be used if you have an dynamic WAN address.

Re: Feature requests

Posted: Thu Feb 09, 2017 4:47 pm
by agomes
It will be good if RouterOS will have integrated brute force protection and filter.
It does

http://wiki.mikrotik.com/wiki/Bruteforc ... prevention
Nice!

Re: Feature requests

Posted: Thu Feb 09, 2017 10:54 pm
by Larsa
Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)
This has been requested, and confirmed by Mikrotik for routing filters in v7.
Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?

Re: Feature requests

Posted: Fri Feb 10, 2017 12:44 am
by Chupaka
Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes

Re: Feature requests

Posted: Fri Feb 10, 2017 12:59 am
by Wyz4k
It will be good if RouterOS will have integrated brute force protection and filter.
Most definitely! The current "implementation of brute force protection" is a joke. A counter on port visits as opposed to actually checking whether the login succeeds or not.

Re: Feature requests

Posted: Fri Feb 10, 2017 11:37 am
by Larsa
Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes
Great, any chance we'll see acl's (filter groups) as well?

Re: Feature requests

Posted: Fri Feb 10, 2017 2:51 pm
by Chupaka
Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes
Great, any chance we'll see acl's (filter groups) as well?
what is that? ACLs are IP Firewall (Filter, Mangle, NAT). what else do you need?

Re: Feature requests

Posted: Fri Feb 10, 2017 3:00 pm
by lavv17
There is the option:
src-address-type (unicast | local | broadcast | multicast; Default: )
local - if address is assigned to one of router's interfaces
Cool, thanks! I'll use this feature.

Re: Feature requests

Posted: Fri Feb 10, 2017 3:27 pm
by Larsa
Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes
Great, any chance we'll see acl's (filter groups) as well?
what is that? ACLs are IP Firewall (Filter, Mangle, NAT). what else do you need?
The ability to utilize grouping of for example firewall filters is a matter of making network management more manageable and perspicuous, thus this is especially useful in complex environments. If you're familiar with Cisco ACL Object Groups you probably know what I mean...

Ref: Cisco IOS: Object Groups for ACLs

Feature request : HotSpot

Posted: Fri Feb 10, 2017 11:16 pm
by Rolek
Hi!

HotSpot Status page sometimes is not necessary

> ip hotspot user profile set open-status-page=
always http-login never

RoS v7 wishlist

Posted: Sat Feb 11, 2017 2:19 am
by Larsa
RoS v7 wishlist 2017-02-11

I’m rather new to the MT-world since about a year ago and it’s probably way too late to influence R&D at this stage but anyhow, here is my wish list for v7:

- A good object oriented scripting language with a small “footprint” for embedded system such as Lua (eLua), Python, Squirrel, TinyC, Tcl, JavaScript, AngelScript, Picobit, Forth
- Object oriented interfaces for all hardware resources and network related elements for example:
Ethernet eth1 = router.hardware.ether1;

eth1.ip.address = “192.168.0.1”;
eth1.status = enabled;

log (“Eth1 - current speed: “ + eth1.speed);
- Script libraries.
- Event triggers on all objects that have properties that may change.
- Object groups for acl’s, routing policies, interfaces, queue, etc.
- Enhanced debugging/tracing that can show the whole packet path through all chains, queues and possible stops.
- Simplified interface for queue management in complex environments.
- Virtual hardware interface for direct attached AP's, BaseBox SXT LTE, etc in order to check and control important properties and subscribe to real time events like link status etc.
- Pluggable interfaces and protocols to preserve resources.
- Pluggable controller to enable Software Defined Networking.
- Fast and structured storage like sqlite for scripting purposes..
- The ability to develop and run third party pluggable add-ons running on a sandboxed environment (e.g. Linux Docker) for supplementary services like:
  • hotspot management
    accounting and billing
    two factor authentication
    OpenVPN AS
    performance tools
    enhanced management services
    storage providers
    move User-Manager and Netwatch here
- API using standardized interfaces and RCP techniques such as, or similar to:
  • JSON/REST
    CORBA RPC
    ONC RPC
    DCE RPC
- Encrypted key storage for storing passwords used in scripts, certificate private keys, etc.
- Security enhancements
  • Two factor authentication for management access and VPN tunnels.
    Password (or possible ACL) protected files and settings
    LDAP integration for management access.
    Real brute force protection
- Network Monitoring and Management
  • - Pluggable module for Network Management (NMS) with support for:
    OpenFlow/NetFlow (SDN)
    RMAN2
    CIM/WBEM (SBLIM)
    SNMPv3 with enhanced security
    Enhanced MIB-II trees
    SNAP traps for all manageable objects (both hw and sw)
- Various protocol enhancements: IKEv2, OpenVPN UDP + options like ZLE/EAS/TLS-AUTH etc, 2FA, DNSSEC, IPSEC/VT, NAT64.
- Multiple MAC’s and IP’s per ethernet/sfp interface.

Work out a new license model and divide the above into different level of capabilities that will also make it possible to run on less powerful devices.

Re: Feature requests

Posted: Sat Feb 11, 2017 4:47 am
by Sob
Nice list, but you have to ask yourself - do you want to see RouterOS v7 before or after 2020? ;)

Re: Feature requests

Posted: Sat Feb 11, 2017 1:22 pm
by Larsa
Nice list, but you have to ask yourself - do you want to see RouterOS v7 before or after 2020? ;)
Well, most definitely not before 2020 if they choose to develop everything from scratch. :lol:

It's actually possible to create a working prototype with most of the features from the wishlist on a small device like the Raspberry Pi in just a couple of days. And yes, you obviously need to configure everything manually the typical Linux way through shell scripts and edit tons of files. But it's quite doable and I've done it my self although the configuration process was definitely the major obstacle. You could probably even use a RB to implement your own prototype: HOWTO: Dual-booting RouterOS and OpenWRT on RouterBoard

Hopefully they'll implement RoS v7 on a new and flexible platform using frameworks such as XDP/eBPF/NFtables, pluggable kernel modules for example communication and management protocols, and using Linux Docker as sandbox environment for third party add-ons. And there are plenty of open source protocol stacks that can act as base for further work. An example of a company that make heavy use of open source is Brocade and you can even find the complete src for the old Vyatta Vrouter. If R&D at MikrotIk choose this way of working they can initially implement the basic functionality quite fast and work their way up in the food chain so to speak.

There's nothing new under the sun and everything is up for grabs but hopefully they'll make it happen! :D

Re: Feature requests

Posted: Sat Feb 11, 2017 4:20 pm
by Sob
The trouble with working prototypes is that while you can create one in couple of days, you then need couple of months to turn them into something you can share with others, and much more if you want to reliably tackle all corner cases. I imagine there are quite a few in something with RouterOS size. So while I hope to see some of your suggestions make it into v7, I think a lot of others can be just distant dream for v8 or so.

Re: Feature requests

Posted: Sat Feb 11, 2017 6:15 pm
by Larsa
The trouble with working prototypes is that while you can create one in couple of days, you then need couple of months to turn them into something you can share with others, and much more if you want to reliably tackle all corner cases. I imagine there are quite a few in something with RouterOS size. So while I hope to see some of your suggestions make it into v7, I think a lot of others can be just distant dream for v8 or so.
Yeah, the prototype is usually just a part of a POC they probably did ages ago. If they are smart, they'll release a version that will match the functionality in v6 and continues from there when things have stabilised. One thing is for sure, the folks at marketing will have to cope with all the people that have extremely high expectations of v7 and that believes it will solve all problems in the world! :-D

Anyhow, I would guess that much of the work is put on developing their own nftable bytecode compiler/decompiler "engine" that needs to be tightly integrated into the user interface. In general it's a quite big step to move from iptables to nftables but in the long run, the operation and management of the development projects will become greatly simplified in regards of correcting bugs and adding new features.

And they will of course need to integrate new protocol stacks that's not part of the standard kernel but I really hope they'll avoid develop new protocols themselves and instead put all effort in integrating open source or licensed software...

Re: Feature requests

Posted: Sat Feb 11, 2017 6:42 pm
by Larsa
Btw, are there currently any big showstoppers in regards of bugs or missing features that would actually force people to pick other vendors even if they preferred MT?

Re: Feature requests

Posted: Sun Feb 12, 2017 12:40 am
by SystemErrorMessage
All i want is for mikrotik routerOS for routerboards at least to have all the features that both consumer and prosumer routers have and many features that industrial routers have as well. By that i mean in consumer routers in the config you can use domains in some of the configuration which is resolved when used rather than stored as an IP. If you look at openwrt and what linux based consumer routers can really do if you get into the linux bit and start adding and changing config files, it really makes those routers flexible. Mikrotik routerOS is only flexible with what you see infront of you, being able to add rules but you cant do really complex things without having to deal with MT's script and scheduler which tends to get broken and fixed multiple times. Last month i updated to 6.37 and it broke the scheduler and the OpenDNS update script timed out. Updated to lastest firmware today for the TILE and while the scripts work now the scheduler still doesnt work. I use the commands you would use in the command lines to run multiple scripts from 1 schedule which worked till i updated to version 6.37.

Re: Feature requests

Posted: Mon Feb 13, 2017 9:07 am
by craterman
RFC 3021

Re: Feature requests

Posted: Mon Feb 13, 2017 9:46 am
by Larsa
RFC 3021
What about this workaround? http://forum.mikrotik.com/viewtopic.php?t=7367#p32149. You might even save some addresses...

Re: Feature requests

Posted: Wed Feb 15, 2017 8:17 am
by dukejjjj
I have a suggestions

ip firewall connections add new columns like IP Geo / country / ISP .... information

Re: Feature requests

Posted: Thu Feb 16, 2017 11:24 am
by dattl
Hi,
First: I love Mikrotiks, I have allready 60+ pieces brought out to a lot of Customers.
One litte thing that would be very handy for me is:
IPSec Policy with ADDRESSLIST
feature instead of 1 policy per subnet on same VPN-Peer, as I have 1 customer with around 150 subnets and this is a total overkill for searching throug policis.
The Mailfirewall there is a Sonicwall and this supports subnetgroups for VPN-Policies. So the similar thing would be addresslists in Mikrotik.

Thank you for youre great work!
Best
-Dattl

Re: Feature requests

Posted: Sun Feb 19, 2017 2:47 am
by SDFadfasdfadsf
RFC 8092 BGP Large Communities implementation Feature Requested 2016090522001073

timeline available?

Re: Feature requests

Posted: Thu Feb 23, 2017 12:58 pm
by JanezFord
Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.

Re: Feature requests

Posted: Thu Feb 23, 2017 1:14 pm
by mrz
Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.
This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.

Re: Feature requests

Posted: Thu Feb 23, 2017 8:30 pm
by JanezFord
This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.
Thank you, I will look at your suggestion ... but anyway I find it would be way more user friendly to have for example a "Locate" button in Routerboard menu instead of having to program scripts for such a task.

JF.

Re: Feature requests

Posted: Mon Feb 27, 2017 5:40 pm
by anuser
What about enhancing CAPSMAN:
- centralized upgrade for RouterBoot (button for "/system routerboard upgrade") would be nice.
- "Right click" into remote CAPs list and directly connect to one of the CAP device itself
- management of all routerboards, also without wifi

Re: Feature requests

Posted: Wed Mar 01, 2017 3:16 am
by CerpinTaxt
Usermanager:
Currently, maintaining users via web browser provides more information than can be obtained using the CLI directly on the router (e.g. Total time left/Till Time can be seen on browser, but not Winbox) this makes using the API to get this information impossible. Could this be added in the output of
/tool user-manager user print
or even
/tool user-manager user print detail
would be great. The CLI should have everything a GUI has (plus more?!)

Feature requests: In Winbox, copy from Log panel to clip board.

Posted: Sat Mar 04, 2017 10:02 pm
by gilson
While using Winbox, I always missed the ability to allow to mark and copy form the log panel to clip board, as well a Find box. It would be very useful.

Re: Feature requests

Posted: Mon Mar 06, 2017 3:04 am
by Wyz4k
The ability to copy and paste data more easily.
1) Selected text from the log to the clipboard.
2) From random tables into the clipboard in csv format.

Re: Feature requests

Posted: Mon Mar 06, 2017 6:15 am
by hyperpaccket
More than 2GB of ram for the X86 Build.

Re: Feature requests

Posted: Fri Mar 10, 2017 2:39 pm
by JanezFord
Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.
This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.
Hmm... can't make any of the 20 wAP devices beep.... is it just me or the damn thing does not have a beeper??? The 850Gx2 beeps OK...

JF.

Re: Feature requests

Posted: Fri Mar 10, 2017 11:43 pm
by mlow
RFC6939 for the DHCPv6 relay.
Would be extremely useful for doing MAC address based DHCPv6 reservationsRFC4649

Re: Feature requests

Posted: Mon Mar 13, 2017 7:55 am
by exploit
1. I believe that you need to add ability to associate an IP address with two different mac-addresses. This allows you to give the same network address to a device that connects at different times from different interfaces (for example, ethernet or Wi-Fi in laptops)
This feature is implemented in dnsmasq (for example, dhcp-host=38:B1:DB:38:B4:23,28:d2:44:d0:e0:3e,192.168.0.111)

2. I do not receive the network route specified in the profile of the l2tp client. This topic was previously discussed in your forum: viewtopic.php?t=56079
This feature is implemented in SoftEther

Thus, both possibilities requested by me are technically feasible.

Re: Feature requests

Posted: Wed Mar 15, 2017 4:29 pm
by meckanix
Can we add a VRF setting to the DHCP relay so that the relay can be used within a VRF?

Re: Feature requests

Posted: Fri Mar 17, 2017 1:18 pm
by neticted
I use wireless roaming feature and I have set Signal range in Access list to kick clients with low signals.

It works fine for most of the time but sometimes some clients got kicked frequently even with good signal.

After some time of monitoring this issue I concluded that problem is that it happens that client momentarily is received with low signal, and Mikrotik kicks it at once.

If I set lowest allowed signal to very low, client does not get kicked. But, that ruins whole idea of roaming as then clients stay connected to node even with very low signal.

My proposal is to introduce option to set hysteresis (delay) to kicking clients if signal is out of specified level range. Goal is to kick client if it really has low signal for some time not just because it is measured low for a moment.

Re: Feature requests

Posted: Wed Mar 29, 2017 3:41 pm
by lavv17
Hello!

RouterOS "ip route print where dst-address in x.x.x.x/z" is fast. But for a reason the same for ipv6 is slow (when the number of routes is large).

Please, make ipv6 route lookups fast as well.

Re: Feature requests

Posted: Wed Mar 29, 2017 3:44 pm
by savage
Hello!

RouterOS "ip route print where dst-address in x.x.x.x/z" is fast. But for a reason the same for ipv6 is slow (when the number of routes is large).

Please, make ipv6 route lookups fast as well.
And IPv6 filter on dst-address doesn't work at all in Winbox

Re: Feature requests

Posted: Thu Mar 30, 2017 4:09 am
by Wyz4k
Bridge-like filtering (L2) for Mesh.

Re: Feature requests

Posted: Tue Apr 04, 2017 12:34 pm
by lavv17
It would be nice if routing updates were more atomic. Currently converging BGP full view can lead to temporary routing loops. They last for a minute or two.

My setup consists of 3 CCR1036 routers facing different providers; iBGP between each pair of them. When a router boots up, a temporary loop can be created for a pair of minutes.

Also I'd like to repeat my plea of a graceful reboot option: viewtopic.php?f=1&t=45934&p=556840&hili ... ul#p556840

Re: Feature requests

Posted: Tue Apr 11, 2017 5:03 pm
by Nee
1. dstnat for output chain - i.e. to route Mikrotik's DNS requests to different DNS servers / interfaces
2. hardware ipsec acceleration for processors, which support it (i.e. RB3011) - maximum ipsec performance is the must for many modern configs, imho

Re: Feature requests

Posted: Thu Apr 13, 2017 8:11 am
by Wyz4k
Please add a button to clear the log. It's practically impossible to try and debug routers over crappy connections when just attempting to load the log causes the connection to break. If I could periodically clear the log it would reduce the traffic enough for the connection to remain viable.

I've tried the methods listed on the forum and they no longer work.

Re: Feature requests - CAPS Logs explained

Posted: Thu Apr 13, 2017 10:32 am
by OnixJonix
Please come up with CAPS logs explanation!!!!
Stuck with capsman problems - see problems in log files, but not sure what it mean an what direction look for!!

for example:
caps,error removing stale connection [E4:XX:8C:D4:11:99/18/b823,Run,[E4:XX:8C:D4:11:99]] because of ident conflict with [E4:XX:8C:D4:11:99/18/e84d,Join,[E4:XX:8C:D4:11:99]]

Re: Feature requests - CAPS Logs explained

Posted: Thu Apr 13, 2017 11:39 am
by andriys
caps,error removing stale connection [E4:XX:8C:D4:11:99/18/b823,Run,[E4:XX:8C:D4:11:99]] because of ident conflict with [E4:XX:8C:D4:11:99/18/e84d,Join,[E4:XX:8C:D4:11:99]]
You might be using the same certificate on multiple CAPs. Take this as an educated guess, not a definitive answer.

Re: Feature requests - CAPS Logs explained

Posted: Thu Apr 13, 2017 1:08 pm
by OnixJonix
caps,error removing stale connection [E4:XX:8C:D4:11:99/18/b823,Run,[E4:XX:8C:D4:11:99]] because of ident conflict with [E4:XX:8C:D4:11:99/18/e84d,Join,[E4:XX:8C:D4:11:99]]
You might be using the same certificate on multiple CAPs. Take this as an educated guess, not a definitive answer.
No certificates at all!! Maybe thats the problem??

Re: Feature requests - CAPS Logs explained

Posted: Thu Apr 13, 2017 1:33 pm
by andriys
No certificates at all!! Maybe thats the problem??
Another guess- CAPs with duplicated MAC addresses. Do you happen to use backup/restore to clone configuration of CAP devices?

Re: Feature requests

Posted: Thu Apr 13, 2017 9:31 pm
by felipelinkmais
Will be nice if mikrotik create a new OLT package.. to turn any mikrotik device with sfp slot in one GPON/EPON OLT.

Re: Feature requests - CAPS Logs explained

Posted: Tue Apr 18, 2017 8:25 am
by OnixJonix
No certificates at all!! Maybe thats the problem??
Another guess- CAPs with duplicated MAC addresses. Do you happen to use backup/restore to clone configuration of CAP devices?
Have ~50Caps - in Capsman Radio list shows all, and in the list no dublicated macs!!! This was my first gues, but seems there everything is ok!!

Re: Feature requests

Posted: Tue Apr 18, 2017 10:34 am
by Wyz4k
Please make it possible to change the comment associated with a connection without it restarting said connection.

Re: Feature requests

Posted: Wed Apr 19, 2017 6:39 am
by Wyz4k
Could we get the LAC (local area code) also being displayed in in the info box for 3G/4G modems? This information is required to locate the sim. Currently the cellid is being displayed and it's possible to determine MCC and MNC. See http://cellidfinder.com/

Re: Feature requests

Posted: Wed Apr 19, 2017 3:54 pm
by scus
In case that public key authentication is used (and passwords are disabled) the SSH server should drop the connection immediately if no public key is provided by the client (instead of asking for a password and denying access even if a valid password is provided). There should also be a configuration option to allow password authentication in addition to public key authentication.

I have thousands of failed login attempts (from different IPs), all trying to login as admin, user, test, etc. using passwords...

Re: Feature requests

Posted: Wed Apr 19, 2017 5:06 pm
by juliokato
[Active Users (Admins)]
Is there any way to cut the connection of a remote admin.
Amazing how this feature does not exist!

Re: Feature requests

Posted: Wed Apr 19, 2017 9:21 pm
by jarda
Do you want to be cut off by a hacker?

Re: Feature requests

Posted: Thu Apr 20, 2017 3:25 pm
by juliokato
Look this:
How do I delete previous sessions stuck in an easy way?

Re: Feature requests (DNS names input instead of IP address)

Posted: Fri Apr 21, 2017 9:29 pm
by macsrwe
Hi,

Please add feature that will allow me to add DNS name instead of exact IP address. I need this to connect 2 or more MKT routers (PPTP connection) if they are connected to internet thru ADSL and theirs IP addresses are dynamic. I hope that you understand what I am saying and that we can expect this feature in new ROS.

bye,

;-)
i think that this should be global. anywhere you specify a dns name it should be resolved.
Yes, but not immediately - it should be stored as a DNS name and resolved in real time. For example, it's pointless to resolve /tool email server once and store it as a numeric address, which is why ROS will store it as a name. However, /system watchdog resolves the same server once and then stores it as a number, which is wrong. Also, you don't want things to fail because they can't be resolved immediately when you are configuring a router on a workbench and it has no connection to your network.

Re: Feature requests

Posted: Fri Apr 21, 2017 9:34 pm
by macsrwe
Please make it possible to change the comment associated with a connection without it restarting said connection.
This would be good for both /int wireless access and /int wireless connection; also the "add to access list" and "add to connection list" operations, where you already know that the resulting entry will not be incompatible with the connection that already exists, because it is being generated from that connection.

Re: Feature requests

Posted: Fri Apr 21, 2017 9:38 pm
by macsrwe
Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.
This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.
Hmm... can't make any of the 20 wAP devices beep.... is it just me or the damn thing does not have a beeper??? The 850Gx2 beeps OK...

JF.
Many of the newer, lower-cost devices have no beepers. :-( I have come to rely on the beepers for so much diagnosis (esp. SXT setup) and I really miss them. I would pay the extra buck.

Re: Feature requests

Posted: Fri Apr 21, 2017 11:44 pm
by horhay
Help us old keyboarders out and add ALT tags to menu and buttons.

This way we can use ALT C for a Close button or ALT O for OK.

Re: Feature requests

Posted: Sat Apr 22, 2017 3:59 am
by skuykend
During an Export of /Interface/Ethernet/Switch/Ports it would be nice to have it use a [ find default-name=xxxxx ] like the /interface ethernet export instead just the set#.

Re: Feature requests

Posted: Sat Apr 22, 2017 10:32 am
by Andrew08
Ip dns port support
So for example we can use 208.67.220.220:443

Re: Feature requests

Posted: Sat Apr 22, 2017 4:39 pm
by biatche
Requesting for neater and more readable exports

currently:
export compact
/something1
some config
/something2
some config
suggestion:
export compact
/something1
some config

/something2
somet config
spacing them out improves readability a lot.

Re: Feature requests

Posted: Sun Apr 23, 2017 1:33 am
by Zero3K
It would be nice if there was an option to display a box containing the Ethernet and DHCP Clients (with the Mac, IP, and how long it has been online) connected to it in the Quick Set page.

Re: Feature requests

Posted: Sun Apr 23, 2017 5:29 pm
by tawhwat
I believe this request can be implemented very fast but it helps the ROS management with Multiple WAN a lot! :wink:
The "/ping" and "/system ssh" allow user to specify the "src-address" parameter so that the command can initiate the network connection on specific WAN easily.
BUT "/tool fetch" doesn't include "src-address" parameter.

The problem is one ISP blocks all incoming ping request, thus I cannot use ping as a remote monitoring facility, I need to find alternatives to archive this goal.
I write script to carry out the monitoring job, but as I know, "/system ssh" cannot be executed under script environment, which means I cannot use "/system ssh" to do this job.
The only way to choose is to use "/tool fetch" facility to monitor the remote ROS, BUT it lacks "src-address" parameter, to supplement this deficiency, before using the "/tool fetch", I need to specify a temporary custom route to fix the outgoing path for remote target.

The whole situation can be simplified tremendously by only adds the "src-address" parameter to "/tool fetch"

Re: Feature requests

Posted: Sun Apr 23, 2017 7:26 pm
by juliokato
I believe this request can be implemented very fast but it helps the ROS management with Multiple WAN a lot! :wink:
The "/ping" and "/system ssh" allow user to specify the "src-address" parameter so that the command can initiate the network connection on specific WAN easily.
BUT "/tool fetch" doesn't include "src-address" parameter.

The problem is one ISP blocks all incoming ping request, thus I cannot use ping as a remote monitoring facility, I need to find alternatives to archive this goal.
I write script to carry out the monitoring job, but as I know, "/system ssh" cannot be executed under script environment, which means I cannot use "/system ssh" to do this job.
The only way to choose is to use "/tool fetch" facility to monitor the remote ROS, BUT it lacks "src-address" parameter, to supplement this deficiency, before using the "/tool fetch", I need to specify a temporary custom route to fix the outgoing path for remote target.

The whole situation can be simplified tremendously by only adds the "src-address" parameter to "/tool fetch"
+1

Re: Feature requests

Posted: Mon Apr 24, 2017 8:02 pm
by biatche
please, MSTP & PVRSTP next version...

Re: Feature requests

Posted: Tue Apr 25, 2017 9:49 am
by sparker
+1
Really need, please!

Re: Feature requests

Posted: Wed Apr 26, 2017 5:55 am
by biatche
request: a default set if IPv6 firewall rules with IPv6 enabled be default

Re: Feature requests

Posted: Wed Apr 26, 2017 6:46 am
by Wyz4k
Please add the ability to do a where query in [] with any valid-variable.

fail example:
:local identity "testRouter"
:local interface [/ip neighbor find where identity=$identity]

fail reason:
result differs from :local interface [/ip neighbor find where identity="testRouter"]
contains several interface which don't have the specified identity.

pass example:
:local macAddress "00:11:22:33:44:55"
:local interface [/ip neighbor find where mac-address=$macAddress]

pass reason:
gives exact same result as :local interface [/ip neighbor find where mac-address="00:11:22:33:44:55"]
contains only interfaces that have that MAC address

Re: Feature requests

Posted: Thu Apr 27, 2017 2:08 am
by Chupaka
The problem is one ISP blocks all incoming ping request, thus I cannot use ping as a remote monitoring facility, I need to find alternatives to archive this goal.
I write script to carry out the monitoring job, but as I know, "/system ssh" cannot be executed under script environment, which means I cannot use "/system ssh" to do this job.
The only way to choose is to use "/tool fetch" facility to monitor the remote ROS, BUT it lacks "src-address" parameter, to supplement this deficiency, before using the "/tool fetch", I need to specify a temporary custom route to fix the outgoing path for remote target.

The whole situation can be simplified tremendously by only adds the "src-address" parameter to "/tool fetch"
setup some VPN tunnel between the routers :)
then you may ping inside the VPN, or just use VPN Interface state to detect remote failure

Re: Feature requests

Posted: Thu Apr 27, 2017 2:15 am
by Chupaka
Please add the ability to do a where query in [] with any valid-variable.

fail example:
:local identity "testRouter"
:local interface [/ip neighbor find where identity=$identity]

fail reason:
result differs from :local interface [/ip neighbor find where identity="testRouter"]
contains several interface which don't have the specified identity.
that's because the variable name "identity" is the same as parameter name "identity". the following code works correctly:
:local id "testRouter"
:local interface [/ip neighbor find where identity=$id]
by the way, use the following is also correct:
:local interface [/ip neighbor find where $identity=$id]
:local interface [/ip neighbor find $identity=$id]

Re: Feature requests

Posted: Thu Apr 27, 2017 5:39 am
by Wyz4k
Thank you, I will try it out!

dhcp clientid in dns req

Posted: Thu Apr 27, 2017 9:37 pm
by doneware
this one can be quite neat if someone is into parental control

https://datatracker.ietf.org/doc/draft- ... -clientid/

the code is there in dnsmasq since 2.76