Community discussions

MikroTik App
 
erlinden
Forum Guru
Forum Guru
Topic Author
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

RB4011 - 7.2.1 - Rx Drop

Fri Apr 22, 2022 12:46 pm

On my RB4011, running 7.2.1, I see on my trunk and hybrid ports Rx Drops. This does not occur on the access ports.Though not very high numbers, I would like to know about the cause. How can I debug that?

The ethernet ports showing Rx Drops:
  • ether2-trunk-eetkamer (trunk port)
  • ether9-trunk-woonkamer (trunk port)
  • ether10-ap-boven (hybrid port)
Image

My current config (any improvements are more than welcome):
# model = RB4011iGS+
# serial number = **********
/interface bridge
add admin-mac=**:**:**:**:**:** auto-mac=no ingress-filtering=no name=\
    bridge-LAN protocol-mode=none vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] disabled=yes
set [ find default-name=ether2 ] name=ether2-trunk-eetkamer
set [ find default-name=ether3 ] name=ether3-printer
set [ find default-name=ether4 ] name=ether4-nassie
set [ find default-name=ether5 ] name=ether5-nassie
set [ find default-name=ether6 ] name=ether6-solar
set [ find default-name=ether7 ] name=ether7-hue
set [ find default-name=ether8 ] name=ether8-tv-boven
set [ find default-name=ether9 ] name=ether9-trunk-woonkamer
set [ find default-name=ether10 ] name=ether10-ap-boven
set [ find default-name=sfp-sfpplus1 ] name=sfp1-WAN
/interface wireguard
add listen-port=13231 mtu=1420 name=WG-Interface private-key=\
    "********************************"
/interface vlan
add interface=sfp1-WAN name=DELTA-VLAN-INTERNET vlan-id=100
add interface=bridge-LAN name=GUEST_VLAN vlan-id=51
add interface=bridge-LAN name=HOME_VLAN vlan-id=50
add interface=bridge-LAN name=MGT-LAN vlan-id=99
add interface=bridge-LAN name=SOLAR_VLAN vlan-id=53
add interface=bridge-LAN name=VIDEO_VLAN vlan-id=52
/interface bonding
add mode=802.3ad name=LCAP_DS1019+ slaves=ether4-nassie,ether5-nassie \
    transmit-hash-policy=layer-2-and-3
/interface list
add name=WAN
add name=LAN
add name=IoT
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
add dh-group=modp4096 enc-algorithm=aes-256,aes-128 hash-algorithm=sha512 \
    name=secure-profile
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=HOME_POOL ranges=192.168.50.50-192.168.50.150
add name=GUEST_POOL ranges=192.168.51.50-192.168.51.150
add name=VIDEO_POOL ranges=192.168.52.50-192.168.52.150
add name=SOLAR_POOL ranges=192.168.53.50-192.168.53.150
add name=LT2P_POOL ranges=192.168.100.50-192.168.100.150
add name=VPN_POOL ranges=192.168.89.50-192.168.89.150
add name=MGT_POOL ranges=192.168.99.50-192.168.99.150
/ip dhcp-server
add address-pool=HOME_POOL interface=HOME_VLAN lease-time=4h name=HOME_DHCP
add address-pool=GUEST_POOL interface=GUEST_VLAN lease-time=4h name=\
    GUEST_DHCP
add address-pool=VIDEO_POOL interface=VIDEO_VLAN lease-time=1d name=\
    VIDEO_DHCP
add address-pool=SOLAR_POOL interface=SOLAR_VLAN lease-time=1d name=\
    SOLAR_DHCP
add address-pool=MGT_POOL interface=MGT-LAN lease-time=1d name=MGT_DHCP
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
set *FFFFFFFE dns-server=192.168.89.254 local-address=192.168.89.254 \
    remote-address=VPN_POOL use-upnp=no
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no in-filter-chain=ospf-in name=default-v2 out-filter-chain=\
    ospf-out
/routing ospf area
add disabled=no instance=default-v2 name=backbone-v2
/routing table
add fib name=""
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,web,sniff,sensitive,api,romon,dude,rest-api"
/dude
set enabled=yes
/interface bridge port
add bridge=bridge-LAN frame-types=admit-only-vlan-tagged interface=\
    ether2-trunk-eetkamer
add bridge=bridge-LAN frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether3-printer pvid=50
add bridge=bridge-LAN frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether6-solar pvid=53
add bridge=bridge-LAN frame-types=admit-only-vlan-tagged interface=\
    ether9-trunk-woonkamer
add bridge=bridge-LAN interface=ether10-ap-boven pvid=99
add bridge=bridge-LAN frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether7-hue pvid=50
add bridge=bridge-LAN frame-types=admit-only-untagged-and-priority-tagged \
    interface=ether8-tv-boven pvid=50
add bridge=bridge-LAN frame-types=admit-only-untagged-and-priority-tagged \
    interface=LCAP_DS1019+ pvid=50
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface bridge vlan
add bridge=bridge-LAN tagged=\
    bridge-LAN,ether2-trunk-eetkamer,ether9-trunk-woonkamer,ether10-ap-boven \
    untagged=ether7-hue,ether8-tv-boven,LCAP_DS1019+ vlan-ids=50
add bridge=bridge-LAN tagged=\
    bridge-LAN,ether2-trunk-eetkamer,ether9-trunk-woonkamer,ether10-ap-boven \
    vlan-ids=51
add bridge=bridge-LAN tagged=bridge-LAN,ether2-trunk-eetkamer vlan-ids=52
add bridge=bridge-LAN tagged=bridge-LAN untagged=ether6-solar vlan-ids=53
add bridge=bridge-LAN tagged=\
    bridge-LAN,ether2-trunk-eetkamer,ether9-trunk-woonkamer untagged=\
    ether10-ap-boven vlan-ids=99
/interface l2tp-server server
set authentication=mschap1,mschap2 ipsec-secret=********** max-mru=1460 \
    max-mtu=1460 use-ipsec=required
/interface list member
add interface=HOME_VLAN list=LAN
add interface=GUEST_VLAN list=LAN
add interface=VIDEO_VLAN list=IoT
add interface=SOLAR_VLAN list=LAN
add interface=DELTA-VLAN-INTERNET list=WAN
add interface=MGT-LAN list=LAN
add interface=WG-Interface list=LAN
/interface ovpn-server server
set auth=sha1,md5
/interface wireguard peers
add allowed-address=10.0.0.51/32 comment="Mobiel Emiel" interface=\
    WG-Interface persistent-keepalive=1m public-key=\
    "*********************************************"
add allowed-address=192.168.60.0/24 comment="Site-2-site ouders" \
    endpoint-address=********************************************* endpoint-port=13231 \
    interface=WG-Interface persistent-keepalive=1m public-key=\
    "*********************************************"
add allowed-address=10.0.0.50/32 comment="ShareValue laptop" interface=\
    WG-Interface persistent-keepalive=1m public-key=\
    "*********************************************"
add allowed-address=10.0.0.55/32 comment=Travelrouter interface=WG-Interface \
    persistent-keepalive=1m public-key=\
    "*********************************************"
/ip address
add address=192.168.50.254/24 interface=HOME_VLAN network=192.168.50.0
add address=192.168.51.254/24 interface=GUEST_VLAN network=192.168.51.0
add address=192.168.52.254/24 interface=VIDEO_VLAN network=192.168.52.0
add address=192.168.53.254/24 interface=SOLAR_VLAN network=192.168.53.0
add address=192.168.99.254/24 interface=MGT-LAN network=192.168.99.0
add address=10.0.0.1/24 interface=WG-Interface network=10.0.0.0
/ip cloud
set ddns-enabled=yes update-time=no
/ip dhcp-client
add dhcp-options=clientid,hostname interface=DELTA-VLAN-INTERNET \
    use-peer-dns=no
/ip dhcp-server lease
add address=192.168.50.10 client-id=1:0:11:32:c8:3b:51 mac-address=\
    00:11:32:C8:3B:51 server=HOME_DHCP
add address=192.168.53.150 mac-address=80:97:1B:01:7A:10 server=SOLAR_DHCP
add address=192.168.50.200 client-id=1:84:2a:fd:7:5a:c5 mac-address=\
    84:2A:FD:07:5A:C5 server=HOME_DHCP
add address=192.168.99.250 client-id=1:cc:2d:e0:41:b4:6 mac-address=\
    CC:2D:E0:41:B4:06 server=MGT_DHCP
add address=192.168.99.241 mac-address=C0:74:AD:3E:50:E8 server=MGT_DHCP
add address=192.168.99.240 mac-address=00:0B:82:B5:27:7C server=MGT_DHCP
add address=192.168.99.251 client-id=1:8:55:31:14:58:80 mac-address=\
    08:55:31:14:58:80 server=MGT_DHCP
add address=192.168.99.252 client-id=1:64:d1:54:96:2e:38 mac-address=\
    64:D1:54:96:2E:38 server=MGT_DHCP
add address=192.168.99.242 mac-address=C0:74:AD:25:D4:C8 server=MGT_DHCP
add address=192.168.52.150 client-id=1:e0:50:8b:c:65:22 mac-address=\
    E0:50:8B:0C:65:22 server=VIDEO_DHCP
add address=192.168.52.151 client-id=1:24:52:6a:35:5d:2b mac-address=\
    24:52:6A:35:5D:2B server=VIDEO_DHCP
add address=192.168.99.243 mac-address=C0:74:AD:4E:1A:D8 server=MGT_DHCP
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=\
    192.168.50.23,192.168.50.24,192.168.60.24 gateway=192.168.50.254 \
    ntp-server=192.168.50.254
add address=192.168.51.0/24 dns-server=\
    192.168.50.23,192.168.50.24,192.168.60.24 gateway=192.168.51.254 \
    ntp-server=192.168.51.254
add address=192.168.52.0/24 dns-none=yes
add address=192.168.53.0/24 dns-server=9.9.9.9,208.67.222.222,208.67.220.220 \
    gateway=192.168.53.254 ntp-server=192.168.53.254
add address=192.168.99.0/24 dns-server=9.9.9.9,208.67.222.222,208.67.220.220 \
    gateway=192.168.99.254 ntp-server=192.168.99.254
/ip dns
set allow-remote-requests=yes servers=9.9.9.9,208.67.222.222,208.67.220.220
/ip dns static
add address=192.168.50.254 name=router
add address=192.168.50.10 name=nassie
add address=192.168.50.200 name=laserjet
add address=192.168.50.10 name=nassie.elconsultancy.nl
add address=192.168.60.10 name=nas
add address=192.168.60.10 name=nas.elconsultancy.nl
add address=192.168.50.254 name=vpn.elconsultancy.nl
add address=192.168.50.10 name=pihole1
add address=192.168.50.11 name=pihole2
add address=192.168.50.254 name=time.elconsultancy.nl
/ip firewall address-list
add address=roblox.com list="Games Blocklist"
add address=supercell.com list="Games Blocklist"
add address=www.roblox.com list="Games Blocklist"
add address=rbxcdn.com list="Games Blocklist"
add address=192.168.50.10 list="DNS server list"
add address=192.168.60.23 list="DNS server list"
add address=********************************************* list=WAN-IP
add address=192.168.60.24 list="DNS server list"
add address=192.168.50.24 list="DNS server list"
add address=192.168.50.23 list="DNS server list"
add address=********************************************* list=WAN-IP-ouders
add address=10.0.0.0/24 list=allowed_to_router
add address=192.168.60.0/24 list=allowed_to_router
add address=192.168.50.0/24 list=allowed_to_router
add address=192.168.99.0/24 list=allowed_to_router
add address=127.0.0.1 list=allowed_to_router
/ip firewall filter
add action=accept chain=input comment="Accept established,related, untracked" \
    connection-state=established,related,untracked
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=accept chain=input comment="Wireguard rule" dst-port=13231 \
    in-interface=DELTA-VLAN-INTERNET log-prefix=WIREGUARD protocol=udp
add action=accept chain=input comment="Allow input ICMP" protocol=icmp
add action=accept chain=input comment="Allow access to addresslist" \
    src-address-list=allowed_to_router
add action=drop chain=input comment="Drop everything else"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "Accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
# inactive time
add action=drop chain=forward comment="Drop Games 11:30 - 15:00 (za-zo)" \
    dst-address-list="Games Blocklist" time=11h30m-15h,sun,sat
# inactive time
add action=drop chain=forward comment="Drop Games 22:30 - 0:00 (ma-zo)" \
    dst-address-list="Games Blocklist" time=\
    22h30m-23h59m59s,sun,mon,tue,wed,thu,fri,sat
# inactive time
add action=drop chain=forward comment="Drop Games 8:30 - 15:00 (ma-vr)" \
    dst-address-list="Games Blocklist" time=8h30m-15h,mon,tue,wed,thu,fri
add action=accept chain=forward comment="Wireguard forwards" dst-address=\
    192.168.60.0/24 src-address=192.168.50.0/24
add action=accept chain=forward dst-address=192.168.50.0/24 src-address=\
    192.168.60.0/24
add action=accept chain=forward dst-address=10.0.0.0/24 src-address=\
    192.168.50.0/24
add action=accept chain=forward dst-address=192.168.50.0/24 src-address=\
    10.0.0.0/24
add action=accept chain=forward dst-address=192.168.60.0/24 src-address=\
    10.0.0.0/24
add action=accept chain=forward dst-address=192.168.99.0/24 src-address=\
    10.0.0.0/24
add action=accept chain=forward comment="Allow forward to DNS" \
    dst-address-list="DNS server list" dst-port=53 protocol=tcp
add action=accept chain=forward dst-address-list="DNS server list" dst-port=\
    53 protocol=udp
add action=accept chain=forward comment="Allow forward from Marian to backup" \
    dst-address=192.168.50.10 dst-port=6281 protocol=tcp src-address=\
    *********************************************
add action=accept chain=forward comment="Allow forward to Jamulus" \
    dst-address=192.168.50.10 dst-port=22124 protocol=udp
add action=accept chain=forward comment="Allow access to Internet" \
    in-interface=HOME_VLAN out-interface-list=WAN
add action=accept chain=forward in-interface=GUEST_VLAN out-interface-list=\
    WAN
add action=accept chain=forward in-interface=SOLAR_VLAN out-interface-list=\
    WAN
add action=accept chain=forward in-interface=MGT-LAN out-interface-list=WAN
add action=accept chain=forward in-interface=WG-Interface out-interface-list=\
    WAN
add action=accept chain=forward comment=Camera in-interface=HOME_VLAN \
    out-interface=VIDEO_VLAN
add action=accept chain=forward in-interface=WG-Interface out-interface=\
    VIDEO_VLAN
add action=drop chain=forward in-interface=VIDEO_VLAN out-interface=\
    DELTA-VLAN-INTERNET
add action=drop chain=forward in-interface=VIDEO_VLAN out-interface=HOME_VLAN
add action=accept chain=forward comment="Management VLAN" in-interface=\
    HOME_VLAN out-interface=MGT-LAN
add action=drop chain=forward comment="Drop everything else" log=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Default masquerade" \
    out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Synology backup Marian" \
    dst-address-list=WAN-IP dst-port=6281 protocol=tcp src-address=\
    ********************************************* to-addresses=192.168.50.10 to-ports=6281
add action=dst-nat chain=dstnat comment="Jamulus server" dst-address-list=\
    WAN-IP dst-port=22124 log=yes protocol=udp to-addresses=192.168.50.10 \
    to-ports=22124
/ip firewall service-port
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add comment="Wireguard ouders" disabled=no distance=1 dst-address=\
    192.168.60.0/24 gateway=WG-Interface pref-src="" routing-table=main \
    scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Amsterdam
/system identity
set name=RB4011
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=0.nl.pool.ntp.org
add address=1.nl.pool.ntp.org
add address=2.nl.pool.ntp.org
add address=3.nl.pool.ntp.org
/system resource irq rps
set sfp1-WAN disabled=no
/tool graphing interface
add interface=DELTA-VLAN-INTERNET
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB4011 - 7.2.1 - Rx Drop

Sat Apr 23, 2022 12:02 am

Very nice setup,

(1) Why do you have DNS in forward chain, assuming the router is providing DNS services and thus rules should be in input chain??
Do you redirect users to DNSs on different LANS, and why do you include the .60 which is not even on your router???

(2) Purpose of this??
add address=127.0.0.1 list=allowed_to_router

(3) Not sure what ouders is, but this looks like another MT device or fixed site Wireguard location............. and thus the allowed IPs should include its wireguard address!!!
add allowed-address=192.168.60.0/24, 10.0.0.5X/32? comment="Site-2-site ouders" \
endpoint-address=********************************************* endpoint-port=13231 \
interface=WG-Interface persistent-keepalive=1m public-key=\

(4) Why is your list allowed access to the router in the inPUT chain SO BIG??
why not add the kitchen sink!! Yes I am your mother LOL.

add address=10.0.0.0/24 list=allowed_to_route-->r (what will you use this access for??, by virtue of the IP address and allowed IPs, you can ping etc and dont need this access)
add address=192.168.60.0/24 list=allowed_to_router -------- > an entire remote subnet needs access to your router???
add address=192.168.50.0/24 list=allowed_to_router --------- > all the local users on this subnet need access to your router???
add address=192.168.99.0/24 list=allowed_to_router ---------> Yes, this one makes sense as its a managment LAn.....
add address=127.0.0.1 list=allowed_to_router


(5) For stuff coming into the router from external I like to make my firewall rules a tad more instructive.
add action=accept chain=forward dst-address=192.168.50.0/24 src-address=\
192.168.60.0/24 in-interface=wireguard

(6) I am not sure how these rules fit in, aka what purpose they are constructed FOR?? Certainly not to pass traffic or config etc..
I suspect they are strictly for the ability to ping between devices/sites??? Just not sure either why it would be required or allowed for all Users???

add action=accept chain=forward dst-address=10.0.0.0/24 src-address=\
192.168.50.0/24
add action=accept chain=forward dst-address=192.168.50.0/24 src-address=\
10.0.0.0/24
add action=accept chain=forward dst-address=192.168.60.0/24 src-address=\
10.0.0.0/24
add action=accept chain=forward dst-address=192.168.99.0/24 src-address=\
10.0.0.0/24

(7) THese two rules to allow some LAN to LAN traffic seem okay, at least the first one, the second one allows ALL to access the server (too wide open??)
The first one is limited by a source address list, the second rule has no limitations ????

add action=accept chain=forward comment="Allow forward from Marian to backup" \
dst-address=192.168.50.10 dst-port=6281 protocol=tcp src-address=\
*********************************************
add action=accept chain=forward comment="Allow forward to Jamulus" \
dst-address=192.168.50.10 dst-port=22124 protocol=udp
??????????

(8) YOu have Six forward rules to WAN, only need ONE!!!
add action=accept chain=forward comment="Allow access to Internet" \
in-interface=HOME_VLAN out-interface-list=WAN
add action=accept chain=forward in-interface=GUEST_VLAN out-interface-list=\
WAN
add action=accept chain=forward in-interface=SOLAR_VLAN out-interface-list=\
WAN
add action=accept chain=forward in-interface=MGT-LAN out-interface-list=WAN
add action=accept chain=forward in-interface=WG-Interface out-interface-list=\
WAN
add action=drop chain=forward in-interface=VIDEO_VLAN out-interface=\
DELTA-VLAN-INTERNET


add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN

(This rule is not required, you have the drop all rule which will take care of it!!! (remember video is part of iot list, not LAN list)
add action=drop chain=forward in-interface=VIDEO_VLAN out-interface=\
DELTA-VLAN-INTERNET

(10) LIkewise this rule is not required as its dropped by the DROP All rule!!!
add action=drop chain=forward in-interface=VIDEO_VLAN out-interface=HOME_VLAN
 
erlinden
Forum Guru
Forum Guru
Topic Author
Posts: 1900
Joined: Wed Jun 12, 2013 1:59 pm
Location: Netherlands

Re: RB4011 - 7.2.1 - Rx Drop

Sat Apr 23, 2022 9:05 am

Really appreciate your constructive feedback, anav!

I'll try to explain all items, and in addition:
There is a site-2-site (through Wireguard) vpn in place with my parents (= ouders in Dutch).
Both on my site and remote I run 4 AdGuard DNS servers. Primary and secondary are local, third DNS is one of the remotes.

1. Running AdGuard in Docker containers, 2 per site. Hence they are in the forward chain. I added the source address list to make it more instructive.

2. The 127.0.0.1 turned out to be used by MikroTik's implementation of Wireguard, not sure why it is necessary.

3. The remote site uses 192.168.60.0/24 for my part of the network (and 192.168.61.0/24 for their network). It is sufficient for having the 60.0 as allowed.

4. The 10.0.0.0/24 is their for me being able when connected to my network through Wireguard to access everything I need. I choose to have all my clients being able to access the router, either remote or at my parents or locally.

5. Agree (and added)

6. The first rule was unnecessary, the other rules are in place for having access as mentioned in 4.

7. I added these rules for my port forwards. The first rule is prohibited to a single source address, the second rule is to make this service publicly available

8. Agree (and changed)

9. and 10. Both rules are indeed unnecessary, I added them to keep the log clean (as these rules do not log, while the Drop everything else does).
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: RB4011 - 7.2.1 - Rx Drop

Sat Apr 23, 2022 5:40 pm

i think RX-drop is an interesting question.

I currently have an rb4011igs+rm connected only by sfp+ to a switch to do a very simple routing task in fast-path:

/ip firewall connection tracking
set enabled=no
/ip neighbor discovery-settings
set discover-interface-list=all
/ip address
add address=10.xxx.xxx.xxx/30 interface=sfp-sfpplus1 network=10.xxx.xxx.xxx
add address=pub.lic.ipa.dre/27 interface=sfp-sfpplus1 network=pub.lic.ips.ubn
/ip route
add distance=1 gateway=10.xxx.xxx.xxx
router control plane is protected by filtering on the switch

i have tested in this config can pass up to 8 gbps of traffic with big packets of 1400bytes

but

even with less than 1gbps of traffic i see some rx-drops, i dont have any problem works very well

what would be the correct way to interpret these rx-drop counters ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RB4011 - 7.2.1 - Rx Drop

Sat Apr 23, 2022 8:27 pm

2. 2. The 127.0.0.1 turned out to be used by MikroTik's implementation of Wireguard, not sure why it is necessary.
I dont have this on any of my wireguard implementations, and dont think its necessary and not seen on any source wireguard documentation??

Who is online

Users browsing this forum: Bing [Bot] and 98 guests