Community discussions

MikroTik App
 
ssapavlov
just joined
Topic Author
Posts: 1
Joined: Thu Mar 03, 2022 8:23 pm

TFTP + VRF in ROS 7

Wed Dec 21, 2022 7:57 pm

Are there plans to include the ability to declare a VRF for TFTP?

As of 7.6, all entries in IP/Services have the option to declare a VRF or the main table, but only FTP is listed (and it has been this way since ROS6). Like an NTP server, a TFTP server is something an ISP/MSP (or even a home user with a more complex network) would want restricted to managed LAN devices in a VRF, but there is not a Winbox or CLI command to declare that TFTP should be available for a VRF interface.

The cumulative patch notes for 7.7rc2 do not mention changes to TFTP.

I have attempted workarounds with mangle rules, but input (the only point before the TFTP packets are dropped) and the 'mark routing' option are incompatible, so I can't force TFTP requests into the VRF with anything in IP/Firewall.

The workaround I have found is to declare routes in main, disable my VRF, complete file transfers, then re-enable the VRF - this causes problems when static or dynamic routes in the VRF have the same cost as routes in main, and requires a lot of careful attention to detail for tasks (e.g. firmware upgrades) that would normally be a simple process.

Who is online

Users browsing this forum: No registered users and 14 guests