Community discussions

MikroTik App
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

Re: Feature requests

Wed Feb 19, 2014 7:43 pm

ssh-rsa encoding for ssh client

this is an exact error message on cisco switch when i try to log in with ssh client on ros 6.10
SSH2 0: hostkey algo not supported: client ssh-dss, server ssh-rsa
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

kerberos

Wed Feb 19, 2014 7:46 pm

kerberos support for ssh logging.
i may be bombarded her to use radius with user-manager. problem is that radius is not as secure as kerberos. if you want to have same password for winbox and ssh you have to store and send passwords in plain-text !!!

don't you think that is a security hole ?
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

secure store local users passwords

Wed Feb 19, 2014 7:49 pm

it is verry simple to crack local user password once you have access to binnary backup for example.
Store them in sha or blowfish.
If you do this they can be exportable via /export. Also please note that importing them would be a really nice feature.


as a side note please read this and THIS.
please read my post again, because you completely missed my point. I said - why even bother encrypting it? it will just take a little more time to read. Better deal with your other security hole - why can somebody take your router and do what he pleases?
Are really so ignorant ? Why even bother ?
Last edited by luqasz on Wed Feb 19, 2014 8:09 pm, edited 3 times in total.
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

connection lists. split ports in separate columns

Wed Feb 19, 2014 7:55 pm

/ip firewall connection
25    tcp      212.77.100.128:80     91.xxx.xxx.xxx:52378  established 2h47m39s  
issuing below command:
print where src-address=212.77.100.128
will not print src addres becouse you have to write it with port. what if you do not know the port or you are just not interested in it ?

under winbox you can filter it by src-address and it works. why there are differences in console experience and winbox ?



-----------------------------


ok scratch this one. i have figured out to use scripting
/ip firewall connection print where src-address~"212.77.100.128"
Last edited by luqasz on Wed Feb 19, 2014 9:21 pm, edited 1 time in total.
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

general purpouse prefix lists

Wed Feb 19, 2014 8:10 pm

prefix lists for bgp, ospf etc. not only rip. once done you can store prefixes in some separate place making filters refer to them and resulting in more clear configuration
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

disable BFD interfaces

Wed Feb 19, 2014 8:12 pm

/routing bfd interface> disable 0
failure: cannot disable 'all' interface config
remove all interface as a default configuration. you just do not use it always.
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

physically disable port

Wed Feb 19, 2014 8:17 pm

if you set an ethernet/sfp interface as disabled link is still up. how about phisically (elecrically) disable it as well. just like a decent switch does
Last edited by luqasz on Wed Feb 19, 2014 9:19 pm, edited 1 time in total.
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

case insensitive mac address formats acceptance

Wed Feb 19, 2014 8:19 pm

if you want to find a mac address on a bridge host table you have to write it case sensitive. how about accepting it in case insensitive ?
This may be for some people a cosmetic feature but still noce one.
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

/file mv,cp,mkdir

Wed Feb 19, 2014 8:26 pm

/file mv,cp,mkdir

it is in my opinion self explanatory....
 
User avatar
luqasz
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Aug 16, 2007 9:53 pm
Location: Poland

loopback interface access.

Wed Feb 19, 2014 8:50 pm

simply show loopback interface in interface lists.
then you will be able to add addresses to it and not make a dirty empty bridge hack.
 
nickjail
just joined
Posts: 15
Joined: Mon Feb 17, 2014 9:26 pm

Re: Feature requests

Wed Feb 26, 2014 8:52 pm

Hi!

Need snmpget, snmpwrite, snmpwalk tools to monitor and control status of remote network hardware via router. For example, monitor UPS via snmp, reboot hardware and so on.
Yes, ups package already exist but it capable with APC only and interface cable lenth is limiting factor...
Really need. Thx!
 
Diamond
newbie
Posts: 26
Joined: Tue Mar 19, 2013 7:11 pm
Location: RU

Copy cell feature

Thu Feb 27, 2014 11:27 am

Often MAC or IP address should copy manually from winbox. I suggest to make "cell copying" command for more convenient work...
Image
 
User avatar
mishaM
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Sun Oct 25, 2009 1:48 pm
Location: Georgia

Re: Feature requests

Thu Feb 27, 2014 4:01 pm

Hi all,

this feature will be good:
on CLI -> command alias support , (make group of line commands to one command )

make poe monitor oids( for 750 up ) or support on api monitor function.
 
User avatar
mishaM
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Sun Oct 25, 2009 1:48 pm
Location: Georgia

Re: Feature requests

Fri Feb 28, 2014 8:08 am

also on CLI insert privileged modes ( enable ,config ..etc) will be good
 
markom
Member Candidate
Member Candidate
Posts: 112
Joined: Thu Dec 17, 2009 10:42 pm

Re: Feature requests

Fri Feb 28, 2014 10:33 am

mikrotik as LNS server with LAC support and l2tp secret tor tunnel.
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature requests

Fri Feb 28, 2014 12:12 pm

HFS+ formatted storage, AFP, Spotlight indexing, Time Machine support, SMB 2.0

Working Bonjour (mDNS) intra-router (not inter) routing across subnets with example
Last edited by vortex on Fri Feb 28, 2014 12:39 pm, edited 3 times in total.
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature requests

Fri Feb 28, 2014 12:18 pm

Suricata on CCR
 
nosovk
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Jan 25, 2012 11:25 am
Location: Ukraine
Contact:

Re: Feature requests

Sat Mar 01, 2014 9:16 pm

hyper-v nic support!
 
nickjail
just joined
Posts: 15
Joined: Mon Feb 17, 2014 9:26 pm

Feature requests

Sun Mar 02, 2014 8:58 pm

Please add support of receiving SNMP Traps and run scripts on this events
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature requests

Mon Mar 03, 2014 2:34 am

Suricata on CCR
Rumor has it ;)
 
IlCarletto
newbie
Posts: 33
Joined: Mon May 10, 2010 3:09 pm
Location: Milan
Contact:

Re: Feature requests

Thu Mar 06, 2014 1:05 pm

set the syslog remote address as fqdn or domain name and not only IP.
 
abstract
just joined
Posts: 3
Joined: Mon Apr 12, 2010 11:36 am

Re: Feature requests

Wed Mar 26, 2014 2:06 pm

We tried CAPsMAN this week. It seems us a good tool, We haven't tried all features at the moment and we are planning to use it without SSL certificates exchange in an hotel in the next week.

We would like to suggest some enhancements for radio parameters managements.
  • The frequency provisioning does not permit to set the "auto" frequency value
  • The frequency provisioning does not permit to set the country value resulting in illegal frequency channel (in fact we cannot use the channels 2467 and 2472 that are permitted in italy)
  • Generally speaking it will be usefull having a greater control on CAP's radio parameters setting (country, power, frequency mode, antenna gain, DFS mode, etc...)
  • May result usefull let the CAP use its own radio parameters configuration, when implicit default provisioning rule is applied, or when configurations without radio parameters explicitly setted are used.
 
DShmelev
just joined
Posts: 4
Joined: Sat Mar 22, 2014 2:13 am

Re: Feature requests

Sun Apr 13, 2014 2:37 am

Address lists of Address lists!
Urgent! :)
 
User avatar
blackhold
just joined
Posts: 11
Joined: Tue Apr 15, 2014 3:12 am
Location: Catalonia
Contact:

Re: Feature requests

Tue Apr 15, 2014 3:13 am

NAT64: Tayga

More info:
http://www.litech.org/tayga/
http://blackhold.nusepas.com/2014/04/nat64dns64/

it should be easy to implement, install tayga package (121kb) and configure twice firewall rules...

please, it is really important due ipv4 is out and now if you want to redirect users from a wisp you need to use policy routing and you need IPv4 inside your network to make it work.

thanks you much!
Last edited by blackhold on Tue Apr 15, 2014 3:12 pm, edited 1 time in total.
 
markom
Member Candidate
Member Candidate
Posts: 112
Joined: Thu Dec 17, 2009 10:42 pm

Re: Feature requests

Tue Apr 15, 2014 11:46 am

ADSL capable RB.
 
jmetcalf
just joined
Posts: 1
Joined: Fri Oct 21, 2011 7:29 pm

Re: Feature requests

Tue Apr 15, 2014 11:47 pm

I would love to get a url-server/filter command implementation what Cisco provides. (Do a search for "PIX/ASA URL Filtering" for an example of what I am referring to).

The basic idea being any website being accessed first does a quick hand-off to the filter server for a yes/no response. If yes is returned then the router allows the access to continue. If a No response is returned than the Router passes you back to the url-filter server for a block reason.

I realize that you can proxy, but this feature would open up RouterOS to the possibility alternate content control without the need of proxy servers.

Just a thought.
 
User avatar
blackhold
just joined
Posts: 11
Joined: Tue Apr 15, 2014 3:12 am
Location: Catalonia
Contact:

Re: Feature requests

Thu Apr 17, 2014 2:18 pm

IPv6 policy routing - really important if nat64:tayga will not be implemented yet
 
User avatar
blackhold
just joined
Posts: 11
Joined: Tue Apr 15, 2014 3:12 am
Location: Catalonia
Contact:

Re: Feature requests

Thu Apr 17, 2014 3:17 pm

winbox: group connections by categories
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 997
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Feature requests

Thu Apr 17, 2014 3:29 pm

Next feature request for Access Points (Like metal, BaseBox, etc) and their LEDs:

It'll be just fantastic for us to be able to not only add wireless signal strength to LED1-LED5 (which is somehow pointless when they're configured as access point) but alternativly CPU load and/or bandwidth utilization (in % of the theoretical configured maximum)... THIS would really help us a big deal.

Thanks,
-Chris
 
User avatar
brauser
Trainer
Trainer
Posts: 32
Joined: Sat Aug 21, 2010 6:36 am
Location: Brazil, SP, Valinhos
Contact:

Re: Feature requests

Thu Apr 17, 2014 6:11 pm

Some features have already been requested before, to better manage this, you can register on the Wiki and cast your vote there:

http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Of course, in addition, it would be great if you also posted a message here, explaining why you need that particular feature. And as usual - search before you post, maybe a topic exists already.
normis,

Wiki link is down, there is some other specific place to do feature request or here's the right/official place?
My feature request would be to have an option to turn on/off (checkbox) dynamic mode on "/ip pool" so we can have the opposite behaviour of:
Note: Whenever possible, the same ip address is given out to each client (OWNER/INFO pair).
Better if it could be possible for each pool :)

It would be very appreciated by many. Big thanx!
 
User avatar
ofendt
just joined
Posts: 23
Joined: Mon Jun 20, 2011 10:17 pm

Re: Feature requests

Fri Apr 25, 2014 1:22 pm

Would be perfect in IP/ROUTES Check-Gateway to be able to specify an IP-Adress other the the default Gateway.

In Germany we get more - and more proconfigured AVM Fritzboxes as a DSL Connecting-Point.

The box is always Pingable - even if the connection behind is down. Script is possible but complicated.

---

And by the way...
Optical nice (something like UNIFI with hidden cables) RB with (RB95xxx) with 2,4 AND 5 GHz would be perfect.

And... don't forget the perfect DUDE. Its still in beta and send's me email's even if the server is down for only some seconds.
Would be perfect to give a time-limitt (if down 1 minute...)

Thanks. RB is "nearly" perfect - good stuff.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature requests

Fri Apr 25, 2014 1:41 pm

Would be perfect in IP/ROUTES Check-Gateway to be able to specify an IP-Adress other the the default Gateway.
It should already be possible using so called "Recursive routes".
Read more about it here. I seem to have seen an example somewhere in the wiki as well, but can't find it at the moment.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Mon Apr 28, 2014 6:17 pm

I seem to have seen an example somewhere in the wiki as well, but can't find it at the moment.
http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting
 
quux
just joined
Posts: 2
Joined: Fri May 09, 2014 4:59 am

IPv6 DNS Router advertisement

Sun May 11, 2014 4:31 pm

I hope the title says it all.

We bought the CRS125-24G-1S-2HnD for the express purpose of getting IPv6 running properly on our network. Getting everything up and running, only to find that we could not advertise local DNS servers via RAs, was very disappointing! I am however very impressed by the device and by RouterOS in all other respects.

If anyone knows a clean way to do this from Windows, feel free to reply here or email me directly. I'll be very thankful!

In the meantime I'll hope this feature comes to RouterOS!
 
andryan
newbie
Posts: 40
Joined: Fri Nov 30, 2007 10:33 pm
Location: Jakarta, Indonesia
Contact:

Re: Feature requests

Thu May 22, 2014 12:23 pm

More /ip ssh settings: TCPKeepAlive, ClientAliveInterval, and ClientAliveCountMax.
 
User avatar
otgooneo
Trainer
Trainer
Posts: 581
Joined: Tue Dec 01, 2009 3:24 am
Location: Mongolia
Contact:

Re: Feature requests

Tue May 27, 2014 6:01 am

Please implement logging possibility when bridge port interface role changes. If something happen in my STP enabled network, I can`t see where was an issue and which of my routerboard changed it`s port state. Furthermore debug log should show BPDU message detail logs. But now even debug log can`t show nothing regarding bridge interface role changes.
 
wisp625
just joined
Posts: 5
Joined: Fri Aug 30, 2013 6:58 pm

Re: Feature requests

Sun Jun 01, 2014 11:26 pm

Feature request: would be nice if there was a VoIP implementation section and a POE out port as a WAN port so we could have a customer router provide power for the radio and be able to plug a telephone into it as well. A lot of Wisps are looking for this as a solution. :)
 
Valerio5000
Frequent Visitor
Frequent Visitor
Posts: 88
Joined: Fri Dec 06, 2013 2:38 am

Re: Feature requests

Thu Jul 03, 2014 1:58 am

I realize that my request is not "technical" but it is possible to integrate a DLNA server for example nell'RB951 with USB that is proposed as a router at home?
 
joncolby
newbie
Posts: 40
Joined: Wed Nov 13, 2013 8:09 am
Location: Southern California

Re: Feature requests

Fri Jul 04, 2014 6:00 am

Please add Dynamic V-Lan Assignment so we can run 3rd Party Network Access Control Software like Packetfence Please.
 
digidax
just joined
Posts: 13
Joined: Fri May 30, 2014 10:15 am

Re: Feature requests

Wed Jul 23, 2014 4:41 pm

If I have opened a firewall rule, a Button to clone this rule.

I have a lot of INPUT rules, which are only different by the src IP Address.
So I can clone the rule, change the SRC IP and apply the rule.
Webmin (www.webmin.com) have it implemented for the firewall settings.

thanks
Frank
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Wed Jul 23, 2014 5:05 pm

If I have opened a firewall rule, a Button to clone this rule.
you mean, 'Copy' button, which is there for may years already?..
 
Utomo
just joined
Posts: 5
Joined: Sat Jul 05, 2014 8:42 am

Re: Feature requests

Sun Jul 27, 2014 6:23 am

Some features have already been requested before, to better manage this, you can register on the Wiki and cast your vote there:

http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Of course, in addition, it would be great if you also posted a message here, explaining why you need that particular feature. And as usual - search before you post, maybe a topic exists already.
The pages already deleted

My Feature request:
1. Utilize the USB for NAS and Cache.
so we can connect a Hard disk and use as NAS and cache (to save bandwidth)
2. Support PHP please. so we can run the PHP script on Mikrotik Router.
Now the memory size already big enough and also the Processor also fast enough.
By allowing PHP Script it will make the Router more flexible and powerful.

And also Better WEB UI / More user friendly.

Thank you .
 
User avatar
Davis
Member Candidate
Member Candidate
Posts: 117
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: Feature requests

Mon Jul 28, 2014 9:21 pm

I want to suggest adjustable boot-delay (under /system routerboard settings), up to 255 seconds, for all RouterBOARDs.
This would allow some safety against bricking by repeated power loss (i.e. in case electrician connects power only for a few seconds router won't yet start to boot and there would be no risk of data corruption due to power loss during boot).
 
User avatar
LarryPotter
just joined
Posts: 2
Joined: Fri Jun 21, 2013 9:22 pm
Location: UK

Re: Feature requests

Fri Aug 08, 2014 9:48 am

Would NETCONF be of use to anyone else?
 
hzdrus
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Mon May 14, 2012 3:58 pm

Re: Feature requests

Fri Aug 08, 2014 1:40 pm

We find inability to trigger commands/scripts based on events to be very limiting, especially in MPLS VPN deployment.

The following is necessary:
1) Ability to specify inside RADIUS reply which commands/scripts to execute (e.g. similar to Cisco-AVPair)
2) Logging target to send every new log line to a script (so there is no need to use a hack with scheduler executing a script every N seconds)
 
rsaf
just joined
Posts: 4
Joined: Fri Dec 27, 2013 1:37 am

Relatively cheap FTTH CPE

Tue Aug 19, 2014 3:22 pm

Somethink lie RB951Ui-2HnD or RB951G-2HnD with SFP slot. We really need:
-single SFP slot for optical UPLINK
-SFP slot in confiurable VLAN aware switch (we have trunk on optical uplink with IPTV in separate vlan and we need to pass IPTV to one or two ethernet ports)
-at least 5 ports (5 ethernet ports and 1 sfp port will be much better)
-integrated 2.4GHz wifi
-one type with plastic case (like RB260GS) with integrated wifi antennas
-second type "board only" with U.FL antena connectors - we have own design of metal wall-mount case in which we can splice optical cable and put optical CPE (switch or mediaconverter) in it, we can put bare board in this case and use pigtails to pass antennas outside this box
-maybe mikrotik can design their own wallmount box where optical cable can be spliced and integraded routerboard in this box...
 
whippy
just joined
Posts: 1
Joined: Tue Aug 26, 2014 4:27 am

Re: Feature requests

Tue Aug 26, 2014 4:32 am

Followed the link to the wiki - doesn't look like anyone's using it though...

CAPsMAN extended to allow other interface types to be assigned to datapaths.
 
skibi82
newbie
Posts: 43
Joined: Fri Mar 22, 2013 7:09 pm

Re: Feature requests

Tue Aug 26, 2014 12:19 pm

Give MACVLAN to add the power to create Virtual interfaces.
Useful for testing or the separation of traffic.
 
Komerad
just joined
Posts: 12
Joined: Wed Jul 30, 2014 6:05 pm

Re: Feature requests

Tue Aug 26, 2014 10:57 pm

- All openvpn features.
- Auto dns lookup when non ip value is entered. Would be very handy to have router os to accept domain names for more features.
- Make adressess list true lists that can hold all kind of unique ip adresses or even hostnames in a list. Not just ranges.
^- and/or make it possible to add more sources and destinations at certain places. (Like mangle.)
 
xhaos
just joined
Posts: 10
Joined: Tue May 28, 2013 11:29 pm

Re: Feature requests

Wed Aug 27, 2014 9:22 am

Expand graphing, to show wireless connection statistics such as SnR, CCQ, Rx/Tx for AP clients and for p2p connections
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature requests

Wed Aug 27, 2014 11:27 am

Please, create universal versatile graphing that allows user to set whatever value that is readable in ROS to be graphed. Combined graphing (e.g. CPU, memory and number of connected clients together in one graph) would be something extra!

And please, ensure that power loss, reboot or ROS upgrade will not erase old graphs. It is still unsolved bug that emmerges very often still in 6.18 (contemporary latest).
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 26293
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature requests

Wed Aug 27, 2014 11:42 am

Please, create universal versatile graphing that allows user to set whatever value that is readable in ROS to be graphed. Combined graphing (e.g. CPU, memory and number of connected clients together in one graph) would be something extra!

And please, ensure that power loss, reboot or ROS upgrade will not erase old graphs. It is still unsolved bug that emmerges very often still in 6.18 (contemporary latest).
we already have it, it is called SNMP
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature requests

Wed Aug 27, 2014 2:40 pm

Normis,

you know very well that this is not the requested functionality - getting values via snmp takes time and resources, what is worse, it needs active connection to the device. I talk about autonomous graphing that will work within the ROS even if the device is disconnected from the network.

At least, I wish the graphs were stop disappearing. Finaly. Some day.

And anyway - are you working on speeding up usb storage opertions and usb storage reliability? It is tragical and too much CPU time hungry.
 
AlexS
Member Candidate
Member Candidate
Posts: 272
Joined: Thu Oct 10, 2013 7:21 am

Re: Feature requests

Sat Aug 30, 2014 9:54 am

I would like a graceful BGP and OSPF shutdown

when I reboot my router it doesn't bring down the OSPF and BGP connections and I have to wait for its peers to realize its dead

That can take a while.

and you can't just stop the BGP / OSPF instances as they will not restart on reboot !
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature requests

Sun Aug 31, 2014 3:54 am

Both of my other brands of firewalls and routers support graceful ospf/bgp restart. It's very nice when you are making a change to the routing process but don't want to dump all routes.
 
AlexS
Member Candidate
Member Candidate
Posts: 272
Joined: Thu Oct 10, 2013 7:21 am

Re: Feature requests

Mon Sep 01, 2014 12:21 am

Sorry miss understanding

I mean shutdown of the router not ospf/bgp processes
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature requests

Mon Sep 01, 2014 5:38 am

That isn't graceful restart. Graceful restart means "hold your routes until I come back, wait up to x seconds for me to finish my operation then update routes after we reestablish adjacency". The change you requested is best handled with bfd.
 
AlexS
Member Candidate
Member Candidate
Posts: 272
Joined: Thu Oct 10, 2013 7:21 am

Re: Feature requests

Mon Sep 01, 2014 6:18 am

That isn't graceful restart. Graceful restart means "hold your routes until I come back, wait up to x seconds for me to finish my operation then update routes after we reestablish adjacency". The change you requested is best handled with bfd.
I would have to disagree.

By using BFD (i looked at it, it just makes convergence faster. Good, doesn't work for me as 1 device doesn't do BFD ..)

A graceful shutdown, would do a graceful shutdown of OSPF/BGP, which would mean removing them from the network, not just turning it off.

when I work on a OSPF node, i usually disable the ospf instance, leave it for a bit till all the routes have been recalced. then I can reboot as need.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 730
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature requests

Mon Sep 01, 2014 6:29 pm

BFD detects when the peer goes away based on the interval of the BFD messages x multiplier.. So .25 second message X 3 multiplier = .75 second detection time. If OSPF is shut down on an interface, BFD will get shut down and in .75 seconds, the routes on the other end will get dropped.

Graceful restart is an rfc defined here: http://tools.ietf.org/html/rfc3623

It lets you take the OSPF process on a router offline for reconfiguration or some other reason and it notifies the remote peers to NOT drop routes for a default of 120 seconds. This is helpful if you need to make a change to the OSPF processes but still want to forward traffic through the router while the reconfiguration takes place.

If Im hearing you right, you want the remote peers to drop routes FASTER when you stop the ospf process on a router or reboot the router (faster than the ospf hello intervals). This would be BFD. So yes, BFD does speed up convergence. The second a router goes offline, everything needs to reconverge. BFD makes this happen faster.
 
pochbba
newbie
Posts: 26
Joined: Mon Jun 19, 2006 10:00 pm
Location: Argentina

Re: Feature requests

Mon Sep 08, 2014 9:38 pm

Hi there Normis,

I would really appreciate having an save file/export ping/traceroute log function of each individual winbox ping/traceroute test.

Sometimes it comes handy when doing small tests and keeping them logged.

I know there are several 3rd party applications that actually do this. But having it integrated on ROS would make my life easier.

Regards
 
Trekkie
newbie
Posts: 37
Joined: Thu Feb 07, 2013 1:48 am

Re: Feature requests

Mon Sep 08, 2014 10:17 pm

Is OVPN Client side LZO Compression and UDP support somewhere out there in plan? the wiki link is missing.
 
xhaos
just joined
Posts: 10
Joined: Tue May 28, 2013 11:29 pm

Re: Feature requests

Tue Sep 09, 2014 10:21 am

It would be very useful, to be able to setup a queue with target not only the interface name, but the interface's ingoing / outgoing /both direction.

for example I wish to configure mangle for internet QoS. Now we have to configure different mangle marking for incoming and outgoing traffic. But it would be much simpler, easier and fault-proof, if we could just mark the QoS priority markings in mangle and could have different queues for each traffic direction.
RouterOS as is, works perfectly for symmetric ethernet environments. But since we can use it for adsl router or even asymmetric wireless links, I think routerOS could provide some better tools.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Tue Sep 09, 2014 3:00 pm

you mean, simple queues? but they create up to three (upload, download and total) queues - why don't you use them all?..
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Zabbix package for ROS ? more updated/actual Active queues ?

Thu Sep 11, 2014 1:26 am

is anyway to have native Zabbix support by RouterOS in frsbl future of it ?
also would personally welcome more updated/actual Active queues in RouterOS to handle/combat/prevent Network congestion. rather than static/notorious RED algo/type present already, which unsuable for production for number of reasons.
for example, RRED would be nice. aswell as other adaptive, attack/flooding-proof variants of AQM.
also bout moving RouterOS from vanilla Linux kernels to Zero Overhead Linux gossips - is actually such plans, yet ?
(this thing http://www.tilera.com/sites/default/fil ... aper_0.pdf meant, to be exact/specific)
also finishing/completing BFG routing implementation (auth and echo ?) also may be handy.
Last edited by Zorro on Fri Sep 19, 2014 9:26 am, edited 1 time in total.
 
Ciambot
Member Candidate
Member Candidate
Posts: 144
Joined: Thu Jan 22, 2009 5:22 pm

Re: Feature requests

Fri Sep 12, 2014 10:18 am

Request:
RFC 5185 OSPF Multi-Area Adjacency
 
bds1904
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Tue Sep 10, 2013 2:52 am

Re: Feature requests

Fri Sep 12, 2014 4:49 pm

Enable the openvpn client to accept an ipv6 address as a valid target address
 
taduikis
Member
Member
Posts: 436
Joined: Sat Jul 07, 2007 12:09 pm

Re: Feature requests

Wed Sep 17, 2014 10:46 am

Add some planned upgrade feature, that gets done upon next RouterOS start, no matter if shutdown/reboot was graceful or not. This of course should be voluntarily and separately triggered with required packages being uploaded in advance. It does add some risks of course, but I bet some people would/might be willing to take them.

I know this could be done at some level using v6 partitioning or achieved with scripts, but either way, having such function that you can choose not to use if you don't want, is still better, IMO.
 
namake
just joined
Posts: 1
Joined: Fri Jan 23, 2015 11:09 am

Re: Feature requests

Fri Jan 23, 2015 11:21 am

Normis, can you add support of vmxnet adapters (that vmware esxi provide to virtual machines) ?
 
User avatar
wagguRQ
just joined
Posts: 11
Joined: Sun Feb 01, 2015 9:00 am
Location: /RUSSIA/

Re: Feature requests

Sun Feb 01, 2015 11:09 am

I would like that you will add a counter of errors (crc,drop,oversitse,collisions, e.t.c.).
It is desirable that you will add the iperf with the standard features, as well as the possibility
of using as a client or server. This tool needed for monitoring and diagnostic as well as will use
in a bundle with iperf which was installed on radios from the Ubiquiti Networks.
 
erlt
just joined
Posts: 9
Joined: Sun Oct 12, 2014 3:51 pm

Re: Feature requests

Sat Feb 14, 2015 9:37 am

MAC Address List . This is very useful especially in a topology where there are multiple subnets.
 
Buzz
just joined
Posts: 13
Joined: Sat Aug 09, 2014 11:44 am

Re: Feature requests

Sun Feb 15, 2015 1:54 am

I need to show comments from users section at active tab in hotspot (comments r missing in active tab) , because my users are login with their mac address (MAC login method) so they appear in the active tab only with their mac not with there name nor their comments , it will be more easy if these mac address appear with their comment to easily know who is online

by the way if you comment any record in ip binding the comments will appear in hosts tab with this comment

thank u in advance
 
bronx
newbie
Posts: 39
Joined: Wed Feb 11, 2015 1:04 am
Location: Turin, Italy

Re: Feature requests

Sun Feb 15, 2015 8:55 pm

Add a command in script that allow us to read string from console and save it in one variable.

It's allow us to create user interactive script, useful on setup
 
remkolodder
just joined
Posts: 3
Joined: Mon Feb 16, 2015 12:43 pm

Re: Feature requests

Mon Feb 16, 2015 12:52 pm

Hi,

I would like to request a feature to extend the OpenVPN possibilities.
I would like to run multiple OpenVPN instances on the mikrotik. One for my incoming clients, and a few for peer2peer vpn links between servers.

Setup:
Clients: share some IP space on IPv4 and IPv6 front, /27 and /64.
P2P links: use unique /30's between eachother. Used as connection point to offer OSPF routing over the links (and traffic).
 
micromaxi
newbie
Posts: 43
Joined: Fri Feb 06, 2015 10:32 am

Re: Feature requests

Mon Feb 16, 2015 7:39 pm

Please, create universal versatile graphing that allows user to set whatever value that is readable in ROS to be graphed. Combined graphing (e.g. CPU, memory and number of connected clients together in one graph) would be something extra!

And please, ensure that power loss, reboot or ROS upgrade will not erase old graphs. It is still unsolved bug that emmerges very often still in 6.18 (contemporary latest).
I would love to see uptime graph added to the graphing section. That way we dont have to run an extra snmp machine.
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Feature requests

Tue Feb 17, 2015 8:24 pm

Please add ability to set WMM, HW Protection Mode, Preamble Mode, HW Retries, Adaptive noise immunity and other advanced mode parameters with CAPsMAN (v2) ... capsman is supposed to be used as controller in hotels, conference centres and similar scenarios and these options are useful in highly congested areas.

JF
 
User avatar
pants6000
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Fri Sep 26, 2014 5:30 am

Re: Feature requests

Wed Feb 18, 2015 3:22 am

I've got some:

Configurable view of ip/firewall fields in webfig like in winbox (I really could use to see the "address list" fields in the list!)

text config export from webfig's file menu

per-interface RPF & RPF logging

"safe mode by default" option so I can *never* be locked out of a remote router (unless I want to turn safe mode off, of course)

configurable COS/DSCP mapping
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: Feature requests

Wed Feb 18, 2015 2:40 pm

I would be nice that in /ip service I could set more ip address or one addres-list
erm, you actually can do this (not with ACLs but with multiple IPs)
Image
 
Rudios
Forum Veteran
Forum Veteran
Posts: 972
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: Feature requests

Wed Feb 18, 2015 3:01 pm

I would be nice that in /ip service I could set more ip address or one addres-list
erm, you actually can do this (not with ACLs but with multiple IPs)
Image
Why not just block unwanted access by firewall?
 
User avatar
pants6000
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Fri Sep 26, 2014 5:30 am

Re: Feature requests

Tue Feb 24, 2015 8:34 pm

PPTP/PPPOE interfaces (all PPP? more?) are disconnected then re-connected when clicking "OK" on their /webfig/#Interfaces.Interface page, even if nothing has changed. It probably shouln't do that.
 
grisina
just joined
Posts: 2
Joined: Wed Feb 25, 2015 10:40 am
Contact:

Re: Feature requests

Wed Feb 25, 2015 10:44 am

For ease of use and functionality i would suggest to use TheDude for this - just remove probes, so no additional load anywhere, just network device map, where you can create device groups and operate with them (upgrade devices, for example). And if required, you can monitor your key routers in the network.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Feature requests

Wed Feb 25, 2015 11:45 am

Please add ability to set comment for dynamically added entries in address list.
This feature let for e.g. make script which resolves blocked IP addresses to their FQDN and puts it into comment field.
 
peper
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Tue Sep 11, 2012 8:45 pm

Linking scripts to VPN connection events

Fri Feb 27, 2015 3:42 am

There are couple of threads where users request feature to link scripts to firewall rules.
Those requests are logically rejected by developers cause this opens a pretty straightforward way to DDOSisng devices.

But there are other posts (in this thread inclusive) to link scripts to VPN events.
IMHO, this idea makes a lot of sense and is not open for DDOS attacks.
The need to use Scheduler or Netwatch for such simple task as "wake up my computer when I connect externally with VPN" is not very cool.

I've seen some requests to implement in ROS more global event triggering mechanism. It would be nice-to-have, but pretty sure, that it requires a huge development (and testing!) effort in comparison with enabling scripts for couple of selected objects, requested more often than others.
 
kraic
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Tue Oct 19, 2010 10:31 am
Location: Croatia
Contact:

Re: Feature requests

Fri Feb 27, 2015 9:54 am

background scan please
 
JOFO
just joined
Posts: 4
Joined: Wed Feb 18, 2015 3:41 pm

Re: Feature requests

Fri Feb 27, 2015 8:58 pm

Could you please add latest drivers for Realtek RTL8111 ethernet controller? With actial ROS v6.27 it's randomly freezing eth interface. It's in the iface list, but no traffic can pass through.. Only reboot resolves this state, but only for short time (sometimes it's 3 days, sometimes it crashes after couple of hours). It's useless with such behavior..
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature requests

Sat Feb 28, 2015 12:39 am

Ability to specify which prefix from-pool to use on a specific interface.

Suppose ISP assigns a /60 and I want to specify WHICH of my /64s goes to which interface....
Currently, Mikrotik ignores the bits 61-64 and chooses on its own which of the 16 prefixes to use.

In Cisco, prefix and pool are masked together, and I am spoiled by this feature:
e.g. Loop0 -> ipv6 address ISP1POOL ::ff:0:0:0:1/64

If ISP assigns /60 I would like an ability like this:
ISP --> 2001:db8:0:c000::/60 -> pool ISP
I want to be able to hard-code:
ether1 = ::1:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c001::1
ether2 = ::2:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c002::1
ether3 = ::3:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c003::1
GuestBridge = ::f:0:0:0:1/64 from-pool ISP -> 2001:db8:0:c00f::1

With current behavior, if I disable ether2 and reboot, ether3 would get 2001:db8:0:c002::1
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Feature requests

Mon Mar 02, 2015 8:32 pm

Please add ability to assign interface to DHCP network as now there is no possibility to define same subnets for different interfaces which are in different L2 domains defined by VLANs.
See this thread: http://forum.mikrotik.com/viewtopic.php ... 8b#p471529
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: Feature requests

Tue Mar 03, 2015 1:08 pm

I would be nice that in /ip service I could set more ip address or one addres-list
erm, you actually can do this (not with ACLs but with multiple IPs)
Image
Why not just block unwanted access by firewall?

exactly ... IMHO also the way more serious and clean solution

i just wanted to point out, that if someone does not want to "struggle" with firewall rules, there is also a specific ACL("-like") option here ;)
 
Garga220
just joined
Posts: 7
Joined: Wed Jan 21, 2015 1:53 pm

Re: Feature requests

Wed Mar 04, 2015 5:04 pm

Is it possible to get OIDs for average CPU, like 5min average or 1h average to be used with different monitoring tools ?
Or maby some kind od print command to get average value?
 
roli
just joined
Posts: 2
Joined: Wed Jun 28, 2006 9:49 pm

Re: Feature requests

Thu Mar 12, 2015 12:47 pm

Functionality such as DNETMAP
 
Garga220
just joined
Posts: 7
Joined: Wed Jan 21, 2015 1:53 pm

Re: Feature requests

Thu Mar 12, 2015 1:55 pm

Functionality such as DNETMAP
+1
 
avlipa
just joined
Posts: 3
Joined: Thu Mar 12, 2015 7:11 pm

Re: Feature requests

Thu Mar 12, 2015 8:49 pm

Could you please add Proxy support for the OpenVPN client on RouterOS?
Winbox utility doesn't have this option.
 
novaquadri
just joined
Posts: 1
Joined: Thu May 16, 2013 10:21 am

Re: Feature requests

Fri Mar 13, 2015 12:56 pm

Please integrate some functions to measure parameters such as swr or return loss
 
avlipa
just joined
Posts: 3
Joined: Thu Mar 12, 2015 7:11 pm

Re: Feature requests

Mon Mar 16, 2015 10:55 pm

Please add TLS-AUTH in RouterOS OpenVPN Client. AFAIK there is no possibility to connect to OpenVPN Access Server software solution without this feature.
 
User avatar
hossain2004a
Member Candidate
Member Candidate
Posts: 247
Joined: Mon Dec 22, 2014 7:34 pm
Location: Iran

Re: Feature requests

Tue Mar 17, 2015 7:51 pm

I don't know if someone tell this before.
But is it possible when you shutdown/reboot the RB, the COUNTERS wouldn't reset at all and continue working?
Last edited by hossain2004a on Fri Apr 03, 2015 9:24 pm, edited 1 time in total.
 
User avatar
dohmniq
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Sat Nov 17, 2012 12:17 pm

Re: Feature requests

Fri Apr 03, 2015 6:33 pm

New property for /ip firewall mangle rules:

tcp-length(integer[-integer]:0..65535; Default: ) Matches tcp packets with specified tcp payload length or length range in bytes.

Useful for prioritizing zero-length ack packets over other upstream traffic.

As a rough hack/work-around we can use:

packet-size=40-52

(most TCP 0-payload-length packets I've seen are either 40 or 52 bytes depending on TCP options)
 
karwos
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Thu Apr 02, 2015 7:28 pm
Location: Poland

Re: Feature requests

Sat Apr 04, 2015 5:36 pm

Add new attributes to PCQ classifier:
dst-mac-addr, src-mac-addr

IP working only on plain IP packets (etherType=0x800),
when device working in bridge mode and passing VLAN, VLAN-in-VLAN, PPPoE packets - it's not properly placing packets in queue (they are bpassed).
Solution is to make few other checks on packet (need more clock cycles), so simplier will be to add src/dst hw addr policier ...
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Mon Apr 06, 2015 8:19 pm

Functionality such as DNETMAP
+1
isn't it already here?.. just use 'action=netmap" in 'dstnat' chain...
Please add ability to set comment for dynamically added entries in address list.
This feature let for e.g. make script which resolves blocked IP addresses to their FQDN and puts it into comment field.
[admin@TestPlace] > /ip firewall address-list 
[admin@TestPlace] /ip firewall address-list> add list=mylist address=1.1.1.1 dynamic=yes comment="FQDN.HERE"
[admin@TestPlace] /ip firewall address-list> print where list=mylist 
Flags: X - disabled, D - dynamic 
 #   LIST                                                 ADDRESS                         TIMEOUT             
 0 D ;;; FQDN.HERE
     mylist                                               1.1.1.1                        
[admin@TestPlace] /ip firewall address-list> 

 
IntrusDave
Forum Guru
Forum Guru
Posts: 1286
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Feature requests

Tue Apr 07, 2015 6:44 am

MAC Address List . This is very useful especially in a topology where there are multiple subnets.
+1 on the MAC address Lists.

Even better would be MAC Address Lists with a wildcard option.
 
Buganah
just joined
Posts: 6
Joined: Wed Oct 01, 2014 6:52 pm

Re: Feature requests

Wed Apr 08, 2015 11:25 am

hi if it is possible to have the pppoe server listens to serveral interfaces instead of one interface ..
i have 7 vlans and i have to have 7 pppoe servers for each vlan interface it would be nice to have one pppoe server for 7 interfaces
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Feature requests

Wed Apr 08, 2015 11:49 am

hi if it is possible to have the pppoe server listens to serveral interfaces instead of one interface ..
i have 7 vlans and i have to have 7 pppoe servers for each vlan interface it would be nice to have one pppoe server for 7 interfaces
Create a bridge, use split bridge horizon to isolate the ports, and create a PPPoE server on that bridge.
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature requests

Thu Apr 09, 2015 10:00 am

would be nice to had offline RouterOS wiki WITHIN routerboards and CCR. so consumers may configure it, to be ONLINE,to read online version of it, without throwing hair away or running panicking in circles.
wouldn't be much space in internal storage(flash is cheap as dirt, btw). even infrequently updated/obsolete/refernce version would help, but better it become part of ROS and keept up-to date with RoS itself, consitently/smoothly.
or had credit-card-sized CD-R disc with manul in html/pdf in it, but thats less cool/easy to use(and CD/DVD drives slowly become rare/uncommon in consumers desktops/portables).

and to fix ARP filtering(mysteriously work not always). and now bout NDP filtering its work?

how about ad-hoc routing protocols. batman, open garden alike non-propretary counterparts and etc variations.

grasshopper/stribot chiper for WiFi and VPN's (and for SSH and for rest stuff).
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Feature requests

Wed Apr 15, 2015 3:53 pm

I don't think there should be wiki inside the devices or on enclosed cd as it cannot be updated on live so it would make big mess.

I would suggest to have wiki according the ros version together with the ability to show differences between two ros versions directly on wiki pages. It would be very helpful for migration of configurations and scripts that normally fail and need to be debugged many times after an update.
 
PtDragon
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Sun Apr 26, 2009 8:52 pm

Re: Feature requests

Fri Apr 17, 2015 1:45 pm

Please don't forget to add for VPN clients ability to use specific IP.
Please add good load balancing for VPNs(got lot of problems with it).
 
nickjail
just joined
Posts: 15
Joined: Mon Feb 17, 2014 9:26 pm

Re: Feature requests

Wed Jun 10, 2015 12:55 pm

Hi!

Need snmpget, snmpwrite, snmpwalk tools to monitor and control status of remote network hardware via router. For example, monitor UPS via snmp, reboot hardware and so on.
Yes, ups package already exist but it capable with APC only and interface cable lenth is limiting factor...
Really need. Thx!
 
pqatsi
just joined
Posts: 5
Joined: Thu Jun 18, 2015 3:03 pm

Re: Feature requests

Thu Jun 18, 2015 3:24 pm

Is OVPN Client side LZO Compression and UDP support somewhere out there in plan? the wiki link is missing.
OVPN Server+Client LZO+UDP+AES
 
dancms
Member Candidate
Member Candidate
Posts: 101
Joined: Fri Oct 06, 2006 5:03 am

Re: Feature requests

Thu Jul 02, 2015 11:11 pm

Feature request:

Ability to specify boot-file-name on a per static lease basis. This would add much needed flexibility for rather than using the global setting at the 'ip dhcp-server networ' level where all clients receive the same file.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Fri Jul 03, 2015 1:59 am

Feature request:

Ability to specify boot-file-name on a per static lease basis. This would add much needed flexibility for rather than using the global setting at the 'ip dhcp-server networ' level where all clients receive the same file.
for now you should be able to create Network entry per IP with changed settings (just set address=x.y.z.h/32 netmask=24 or something)
 
dancms
Member Candidate
Member Candidate
Posts: 101
Joined: Fri Oct 06, 2006 5:03 am

Re: Feature requests

Fri Jul 03, 2015 2:06 am

Creates a little more clutter than needed but good work around. Much appreciated!
 
jexem
just joined
Posts: 1
Joined: Fri Jul 03, 2015 11:02 am

Re: Feature requests

Fri Jul 03, 2015 11:07 am

Hi!

It would be fine to Support UAPSD. All Voip Wifi Phones did support and need this to work. I think many People need this to integrate in Offices an Hospitality Sector. Also Power Drain of Smartphones should be better. Is there any Progress about this thing?

Thank you
Juergen
 
User avatar
miasik
newbie
Posts: 29
Joined: Sun Mar 18, 2012 10:15 am
Location: Kiev, Ukraine

Re: Feature requests

Sat Jul 04, 2015 11:24 am

Add method POST and custom headers(as curl -H) support to /tools fetch.
Need for Yandex API, for example.
 
dukejjjj
just joined
Posts: 4
Joined: Fri Dec 23, 2011 6:00 pm

Re: Feature requests

Mon Jul 06, 2015 4:07 am

hi

Can add Shadowsocks server & client ?
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: Feature requests

Mon Jul 06, 2015 8:23 am

Hi

Can you add a Column with Src IP address in the Web Proxy Cache Contents. :)

Bigfoot
Last edited by Bigfoot on Tue Aug 18, 2015 12:40 pm, edited 1 time in total.
 
User avatar
Bigfoot
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Sat Jan 15, 2011 10:41 am
Location: South Africa

Re: Feature requests

Tue Aug 18, 2015 12:40 pm

Hi

On the Resource Graphs is possible to add voltage and temperature , UPS like the CPU, HDD & Memory on the resource graphs in web interface.

Bigfoot
 
agrevtcev
just joined
Posts: 5
Joined: Wed Jul 17, 2013 9:37 am

Re: Feature requests

Tue Aug 18, 2015 6:06 pm

It would be nice to implement ECDSA certificates support. So we could finally mitigate IPSEC IKE UDP fragmentation issue, without sacrificing certificate security level, as cryptoanalysts say. Thanks alot.
 
UMarcus
Frequent Visitor
Frequent Visitor
Posts: 95
Joined: Wed Jan 21, 2015 10:11 am
Location: Europe

Re: Feature requests

Fri Sep 04, 2015 10:22 am

 
Ivoshiee
Member
Member
Posts: 483
Joined: Sat May 06, 2006 4:11 pm

Re: Feature requests

Mon Sep 07, 2015 10:15 am

The ROMON tool should have an ability to discover IP-addresses as well.
 
mchoco
just joined
Posts: 3
Joined: Wed Jul 22, 2015 4:56 am

Re: Feature requests

Mon Sep 07, 2015 5:09 pm

Provide a simple way to use switch chip to do wire-speed IP routing. Although the switch chips can only support limited routing rules, it can serve smaller setups well.
 
marrold
Member
Member
Posts: 427
Joined: Wed Sep 04, 2013 10:45 am

Re: Feature requests

Mon Sep 07, 2015 6:21 pm

Ability to 'fetch' and save into variable without saving to file.

E.G -

$ curl ifconfig.co
45.212.4.56
 
vortex
Forum Guru
Forum Guru
Posts: 1092
Joined: Sat Feb 16, 2013 6:10 pm

Re: Feature requests

Mon Sep 07, 2015 6:51 pm

Provide a simple way to use switch chip to do wire-speed IP routing. Although the switch chips can only support limited routing rules, it can serve smaller setups well.
This is interesting. Could you please elaborate?
 
User avatar
ahmedramze
Member Candidate
Member Candidate
Posts: 111
Joined: Mon Feb 21, 2005 9:29 am
Location: IRAQ
Contact:

Re: Feature requests

Sun Sep 13, 2015 12:38 pm

Hello

Please Can Add service name on PPP active to be able to sort users according to the port or re-sellers
sermik.PNG
You do not have the required permissions to view the files attached to this post.
 
mmmigoro
newbie
Posts: 39
Joined: Mon Feb 14, 2011 3:48 pm
Location: PRAHOVA, Romania

Re: Feature requests

Mon Sep 14, 2015 9:13 am

Add option to set BGP origin in Action-Filters see: http://forum.mikrotik.com/viewtopic.php?f=14&t=98807
 
zoj
just joined
Posts: 10
Joined: Sat Aug 18, 2012 12:33 am

Re: Feature requests

Mon Sep 14, 2015 2:41 pm

Add option to define in radius configuration tab, IP by which will be sending always request to Radius server

I have 30 IP's and MT always is sending request to radius server via first IP. Sometimes something is wrong and MT is trying send request via other IP.
Problem is that on radius server i have configured rules to only received radius request from one IP.
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Feature requests

Mon Sep 14, 2015 3:39 pm

Add option to define in radius configuration tab, IP by which will be sending always request to Radius server

I have 30 IP's and MT always is sending request to radius server via first IP. Sometimes something is wrong and MT is trying send request via other IP.
Problem is that on radius server i have configured rules to only received radius request from one IP.
You can already do this...
/radius
add address=1.1.1.1 secret=123456 service=login src-address=10.0.0.100
 
zoj
just joined
Posts: 10
Joined: Sat Aug 18, 2012 12:33 am

Re: Feature requests

Tue Sep 15, 2015 6:42 am

Add option to define in radius configuration tab, IP by which will be sending always request to Radius server

I have 30 IP's and MT always is sending request to radius server via first IP. Sometimes something is wrong and MT is trying send request via other IP.
Problem is that on radius server i have configured rules to only received radius request from one IP.
You can already do this...
/radius
add address=1.1.1.1 secret=123456 service=login src-address=10.0.0.100
Thank you, so if I'm using ppp, my configuration should look like that:
add address=1.1.1.1 secret=passwd service=ppp,login src-address=212.121.121.121
1.1.1.1 - Radius IP
212.121.121.121 - IP address on MT which i would like use to send request to Radius server

That's mean that MT always sends request to Radius server by this IP ( 212.121.121.121), is it ?
 
gcsuri
newbie
Posts: 35
Joined: Wed Sep 03, 2008 10:20 am

Re: Feature requests

Tue Sep 15, 2015 7:35 am

Hi All,

could you add a "skip" option to netwatch system, please?
So when netwatch pings a host and sometimes it has a timeout the host goes down immediately... and goes up on the next ping. It occurs because of a transmission timeout or something else but the host doesn't inaccessible.
If we had a "skip" option to be set to "3" for example then the system could skip 3 timeouts and the host doesn't get down on a simple ping timeout until it has 3 timeouts. When "skip" is "0" all goes the same than before.

thank you much!

Gabor
 
WirelessRudy
Forum Guru
Forum Guru
Posts: 3119
Joined: Tue Aug 08, 2006 5:54 pm
Location: Spain

Re: Feature requests

Tue Sep 15, 2015 1:22 pm

Hi All,

could you add a "skip" option to netwatch system, please?
So when netwatch pings a host and sometimes it has a timeout the host goes down immediately... and goes up on the next ping. It occurs because of a transmission timeout or something else but the host doesn't inaccessible.
If we had a "skip" option to be set to "3" for example then the system could skip 3 timeouts and the host doesn't get down on a simple ping timeout until it has 3 timeouts. When "skip" is "0" all goes the same than before.

thank you much!

Gabor
I second this! It has been asked before but it might serve to post this again. Same counts for `watchdog` feature. We should have the option to set the 'time' of a timeout and the amount of timeouts.
Now a single missing ping immediately reboots the router. At times this is not desirable....
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Tue Sep 15, 2015 5:18 pm

...
Last edited by jarda on Tue Sep 15, 2015 5:20 pm, edited 1 time in total.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Feature requests

Tue Sep 15, 2015 5:19 pm

I asked very long time ago for implementing full set of ping features to netwatch tool. This would solve all such particular requests at once.
 
zoj
just joined
Posts: 10
Joined: Sat Aug 18, 2012 12:33 am

Re: Feature requests

Wed Sep 16, 2015 8:59 pm

Do you have a plan to add IPSec Road Warrior + AAA via Radius ?
I know that i can configure it on MT but it doesn't support Radius
 
jondavy
Member Candidate
Member Candidate
Posts: 143
Joined: Tue May 12, 2009 11:14 pm
Location: Brasil

Re: Feature requests

Sat Sep 26, 2015 11:08 pm

it would be interesting to show comments in the active dynamic PPPoE interfaces registered in Secrets
and also the comments registered in hotspot users to appear in Active users

as with the wireless tables
 
metricmoose
newbie
Posts: 48
Joined: Sat Nov 21, 2015 2:03 am

Re: Feature requests

Thu Dec 03, 2015 10:02 pm

I would appreciate the ability to use multiple radius servers simultaneously. For example, having a Hotspot setup that can use the built-in Userman package as well as say, a FreeRADIUS server. Right now, if you add multiple radius servers, RouterOS will use the first one unless it times out or otherwise fails. If the first radius server replies to RouterOS telling it that the user wasn't found, then it will stop looking despite there being multiple entries for hotspot radius servers.
 
User avatar
pants6000
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Fri Sep 26, 2014 5:30 am

Re: Feature requests

Fri Dec 04, 2015 7:32 pm

Being able to set the RADIUS source IP to an interface instead of an explicit IP address would be useful... for me, at least!

We have ROS boxen that speak RADIUS over a VPN to our freeradius servers; if I could set the RADIUS request source IP to the VPN interface, it would make for simpler "cookie cutter" config when rolling such things out or making changes.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Feature requests

Mon Dec 07, 2015 2:34 am

Being able to set the RADIUS source IP to an interface instead of an explicit IP address would be useful... for me, at least!

We have ROS boxen that speak RADIUS over a VPN to our freeradius servers; if I could set the RADIUS request source IP to the VPN interface, it would make for simpler "cookie cutter" config when rolling such things out or making changes.
If you're doing this as part of the deployment it's probably better (IMHO) to use part of the config script to determine the IP address for that interface and set it up because it's a once off, while your IP address on an interface could change (or an interface could have multiple IP's)
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Zorp instead of "Web proxy"

Tue Dec 08, 2015 1:10 am

would be nice to had zorp in (future versions of?)ROS, cuz for 95% "Web Proxy" usage by networkers - its do Better. faster, low resource footpring, Way more secure, extendable/manageable, etc.
 
tr00g33k
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Sun Mar 29, 2015 3:58 pm

Winbox SSL Certificate

Tue Dec 08, 2015 7:53 pm

It would be really great if you could add feature, that certificate is needed on client to directly connect to winbox from anywhere. We have a lot of client, and sometimes its realy annoying to always setup vpn, or always have to coonect to office and then to clients. It would be much easies, if i would have one certificate for all client, that I could connect directly to client via winbox securly.

Maybe anybody else opinion? :)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Tue Dec 08, 2015 11:07 pm

Use ssh with key, then forward WinBox port to local router :)
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature requests

Thu Dec 10, 2015 5:23 am

for primarily "emergency networking management" perhaps SSTP would b better choice because its more traversable, despite overhead, delays, IMHO.
otherwise, ROS support various things starting from IPIP and other stuff, which combined with (any kind of prefered)crypto would do trick.

p.s.
perhaps would make sense for mikotik - etend ipip to ipipv2 with gcm/eax/cwc/ocb-ciphers(aside cbc/xts legacy, ought to be deprecated soon)
 
poizzon
Member Candidate
Member Candidate
Posts: 113
Joined: Fri Jun 21, 2013 12:53 pm

Re: Feature requests

Sun Dec 13, 2015 9:33 pm

request for RFC 4578
https://tools.ietf.org/html/rfc4578

DHCP option, Arch type for PXE.

RouterOS, has everything for it, very useful for pc's with UEFI bios
 
odge
Member Candidate
Member Candidate
Posts: 110
Joined: Mon Nov 29, 2010 2:53 pm

Re: Zabbix package for ROS ? more updated/actual Active queues ?

Mon Dec 14, 2015 10:59 pm

also would personally welcome more updated/actual Active queues in RouterOS to handle/combat/prevent Network congestion. rather than static/notorious RED algo/type present already, which unsuable for production for number of reasons.
for example, RRED would be nice. aswell as other adaptive, attack/flooding-proof variants of AQM.
also bout moving RouterOS from vanilla Linux kernels to Zero Overhead Linux gossips - is actually such plans, yet ?
(this thing http://www.tilera.com/sites/default/fil ... aper_0.pdf meant, to be exact/specific)
also finishing/completing BFG routing implementation (auth and echo ?) also may be handy.
AQM... codel and fq_codel... the power that this can add, to the power user, and to a wizard setup, would just be insane seller...
 
78mzm
just joined
Posts: 1
Joined: Sun Jul 20, 2014 7:36 am

Re: Feature requests

Mon Dec 21, 2015 10:13 am

thenk you for sbjtect
 
sney
just joined
Posts: 2
Joined: Sat Oct 10, 2015 8:35 pm

Re: Feature requests

Mon Feb 08, 2016 9:05 pm

More verbose DNS lookups. Like you can do with dig on *nix systems. It would be immensely helpful for dns troubleshooting to get more than just an ip back, e.g. record types, responding server.
 
reitblatt
just joined
Posts: 1
Joined: Fri Feb 12, 2016 10:05 pm

Re: Feature requests

Fri Feb 12, 2016 10:18 pm

Layer 2 tunneling over GRE.

Right now only IP (Layer 3) over GRE is supported, and EoIP uses the GRE protocol number, but is actually a different protocol w/ a similar header layout. Linux already support for L2 GRE (gretap), so hopefully not too onerous development.
 
lormayna
just joined
Posts: 2
Joined: Tue Apr 07, 2015 7:04 pm

Re: Feature requests

Mon Feb 22, 2016 5:28 pm

PPPoE PADO Delay.
It would perfect to provide BRAS redundancy and load balancing when you have different backhauling with different latency and load.
 
User avatar
omidkosari
Trainer
Trainer
Posts: 640
Joined: Fri Sep 01, 2006 4:18 pm
Location: Canada, Toronto

Re: Feature requests

Mon Feb 22, 2016 5:39 pm

http://forum.mikrotik.com/viewtopic.php ... 50#p235456
Umetered Content for PPPoE . 'Unmetered Content' services aren't counted against your monthly download inclusion

http://forum.mikrotik.com/viewtopic.php?t=59745
 
User avatar
isolnet
newbie
Posts: 45
Joined: Sat Jan 30, 2016 7:28 am
Location: India

Re: Feature requests

Wed Feb 24, 2016 5:52 am

I think User Manager needs improvement....
 
andersonlich
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Feb 26, 2009 1:05 pm

Re: Feature requests

Tue Mar 01, 2016 3:46 pm

Separated or dedicated vcpu at CCR to process control-plane and data-plane. Or maybe the next ccr platfrom has 2 socket CPU, which separated to process control-plane and data-plane.

I know it seems silly but please consider the benefit of it.
 
Florian
Member Candidate
Member Candidate
Posts: 117
Joined: Sun Mar 13, 2016 9:45 am
Location: France

Re: Feature requests

Wed Mar 23, 2016 12:59 pm

Hi.

Is this topic still read by the devs ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Wed Mar 23, 2016 4:02 pm

devs don't visit this forum
 
andersonlich
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Feb 26, 2009 1:05 pm

Re: Feature requests

Tue Mar 29, 2016 5:09 pm

We know that in mikrotik is able to do DHCP with radius. But the missing tool is the accounting request in DHCP is not available yet. Can we have this feature ?
 
dendzo
just joined
Posts: 11
Joined: Mon Aug 05, 2013 11:39 pm

Re: Feature requests

Fri Jun 17, 2016 2:49 am

Route availability base on an remote IP.

I would like to have route availability based on some other IP. Let's say you add a new option below Check Gateway that would be something like check another gateway (my gateway's gateway for example) or just any other IP like 8.8.8.8. And if that IP becomes unavailable over that specific route it can make it unreachable/inactive so other route with higher Distance can became in charge. Check Gateway option does not work when your provider puts router on your premises. And if provider's router loses connection to it's remote router, you still have your gateway (because you have a router on your premises) and so for you, gateway is reachable, but you actually don't have internet access and that route looks good.

It would help very much in regards to failover.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature requests

Fri Jun 17, 2016 5:43 am

Route availability base on an remote IP.
...
It would help very much in regards to failover.
You can do it using a recursive next hop/net watch.
 
teddyhsu
just joined
Posts: 2
Joined: Sun Nov 16, 2014 5:56 pm

Re: Feature requests

Mon Jun 20, 2016 11:52 am

Hi,

I need a sequence number for ip hotspot wall-garden and wall-garden ip list on winbox.
It can be very useful on debug wall-garden list issue.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature requests

Mon Jun 20, 2016 3:52 pm

Route availability base on an remote IP.

I would like to have route availability based on some other IP. Let's say you add a new option below Check Gateway that would be something like check another gateway (my gateway's gateway for example) or just any other IP like 8.8.8.8. And if that IP becomes unavailable over that specific route it can make it unreachable/inactive so other route with higher Distance can became in charge. Check Gateway option does not work when your provider puts router on your premises. And if provider's router loses connection to it's remote router, you still have your gateway (because you have a router on your premises) and so for you, gateway is reachable, but you actually don't have internet access and that route looks good.

It would help very much in regards to failover.
+1

I know that currently this can be achieved by using Netwatch and some scripting but it would be much easier if it were available directly on the route's properties.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Mon Jun 20, 2016 4:33 pm

I know that currently this can be achieved by using Netwatch and some scripting but it would be much easier if it were available directly on the route's properties.
it is available even without scripting: http://wiki.mikrotik.com/wiki/Advanced_ ... _Scripting
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature requests

Mon Jun 20, 2016 4:39 pm

Thanks, I wasn't aware of that!

Still, it would be easier to just be able to define what IP to probe for a specific route, rather than having to create extra static routes and play with scope to achieve this (if I understand the wiki page correctly)
 
toodark
just joined
Posts: 2
Joined: Sat Jun 27, 2015 1:06 am

Re: Feature requests

Tue Jun 21, 2016 12:35 pm

nginx package/service

I'd really like to have an nginx server inside (or at least as an add on package) in routeros. It opens up endless possibilities for application level based forwarding, reverse proxying, caching etc. I believe it's also useful for home users when they have only a single public ip: this way internal http based services could be easily mapped into a single ip.
I'm aware that one might achieves this by installing an openwrt meta package then install nginx into it, but I feel that would be a huge waste of resources.
thanks
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature requests

Tue Jun 21, 2016 9:30 pm

Thanks, I wasn't aware of that!

Still, it would be easier to just be able to define what IP to probe for a specific route, rather than having to create extra static routes and play with scope to achieve this (if I understand the wiki page correctly)
Well, even with the option to ping some specific address (other than the GW) you would still need to create a /32 route that forces the test target via a particular interface, or else the route will flap as the GW points to failed link, ping fails, route changes to backup path, ping starts working (via backup), primary route re-activated, pings fail, etc etc etc.
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: Feature requests

Tue Jun 21, 2016 9:47 pm

I want a color like blue when queue is in burst mode
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1135
Joined: Tue Oct 11, 2005 4:53 pm

Re: Feature requests

Tue Jun 21, 2016 10:12 pm

Well, even with the option to ping some specific address (other than the GW) you would still need to create a /32 route that forces the test target via a particular interface, or else the route will flap as the GW points to failed link, ping fails, route changes to backup path, ping starts working (via backup), primary route re-activated, pings fail, etc etc etc.
The idea is that for the 'ping address' you define on the route, the pings to it will always go through that route's gateway address/interface.
If that route's gateway/interface is unreachable/down then the 'ping address' shouldn't get routed via any other route (even if there is another route to it). Otherwise it would be useless apparently (as you described).

In terms of the linux kernel and its networking, yes, obviously there needs to be a /32 route to that 'ping address' via that gateway/interface, and I would also add a second 'unreachable' route with distance 2 so that it won't get routed via another less specific route when the first route is down.
But all that could be handled/abstracted by routeros iteself in the background and not shown in /ip route (that would be confusing otherwise).
And all that in a way that those /32s don't interfere with other traffic to that IP (ie different/hidden routing tables).

The end result would be less work for the end user/admin, less room for errors and a much cleaner/intuitive configuration.

It believe it shouldn't be that difficult to implement.
But I wouldn't really mind if it weren't (since it can be achieved by other means, as mentioned already).
I just find it a useful feature :)

Besides, many things were added over the years that could be implemented via scripting or other methods and simplified our lives. Just to name a few: dns names on vpn intefaces, interface lists, dynamic dns client, automatic tcp mss clamping on tunnels, automatic ipsec setup on tunnels, etc, etc, etc).
Did anybody object to those because they already had scripts for them? ;) I know I didn't (even if it took me a looong time to replace my already stable scripts to those new features - which are very useful of course!)
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: Feature requests

Wed Jun 22, 2016 3:56 am

Oh I'm ALWAYS in favor of making things 'just work right' via the usual config, especially overy scheduled scripts.

I think the suggestion is a good idea. I was simply adding to the other comment that a netwatch can accomplish the goal - noting that even specifying a remote ping target requires one more piece.

If implemented, I would expect to see a dynamic static /32 route in the routing table, and a dynamic secondary /32 blackhole.
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: Feature requests

Wed Jun 22, 2016 11:58 am

I don't know if anyone requested adding  DPI  or User activity monitor but anyway can we have this feature Please.
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature requests

Wed Jun 22, 2016 2:11 pm

I don't know if anyone requested adding  DPI  or User activity monitor but anyway can we have this feature Please.
RouterOS is for routing, DPI is part of a UTM or NGFW solution.
 
MikeFF
just joined
Posts: 14
Joined: Sun Apr 20, 2014 7:27 pm

Re: Feature requests

Thu Jun 23, 2016 12:21 am

I hope they can add two things for the new RouterOS versions

One, Is that the OVPN client could support UDP connections, this because the OpenVPN servers in Linux (used plenty in all over the world) use this as default, and it will be pretty good feature to choose one of those in the config

Two, support TLS connections trough OVP Client, ussing ta.key for authentication, this is a very good security feature that is used also in OpenVPN.
No hand shake, no risk to be hacked or steal the certificates.....

I hope you can consider my suggestions.

Thanks a lot
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Fri Aug 26, 2016 1:07 pm

Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-marks" parameter stopped working.

Is it possible to create a template for the dynamic simple queues which are created for PPPoE users, so that I can specify some parameters like "packet-marks" or "queue" or "parent" there?
Last edited by lavv17 on Mon Dec 12, 2016 4:56 pm, edited 1 time in total.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Fri Aug 26, 2016 1:56 pm

Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-parks" parameter stopped working.
what do you use them for?
 
Zorro
Long time Member
Long time Member
Posts: 675
Joined: Wed Apr 16, 2014 2:43 pm

Re: Feature requests

Sat Aug 27, 2016 5:47 pm

I don't know if anyone requested adding  DPI  or User activity monitor but anyway can we have this feature Please.
RouterOS is for routing, DPI is part of a UTM or NGFW solution.
i would call that bullshit.
you can't leave "bare naked" even backbone( even within private, isolated corporate network of), let alone border and etc. proportions are differ and hardware resources to cruch them, but generally thats Essential ANYWHERE. and anyone who underestimates that - will get hard/harsh lesson, im afraid.
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Tue Aug 30, 2016 12:03 pm

Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-parks" parameter stopped working.
what do you use them for?
I want to exclude some traffic from the rate limitation (so called local traffic). I used to mark non-local traffic and add the packet mark to all dynamic queues. Now it is not working. Please advise.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Tue Aug 30, 2016 5:11 pm

Some time ago the possibility to change dynamic simple queues was removed, so my script which adds "packet-parks" parameter stopped working.
what do you use them for?
I want to exclude some traffic from the rate limitation (so called local traffic). I used to mark non-local traffic and add the packet mark to all dynamic queues. Now it is not working. Please advise.
create a queue for local traffic and put it on the top. it will catch all local traffic, and all the rest will be caught by 'personal' queues

p.s. if you won't set any limits on that queue, don't forget to change at least something (like queue type) for this queue to actually work
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Mon Sep 05, 2016 11:26 am

create a queue for local traffic and put it on the top. it will catch all local traffic, and all the rest will be caught by 'personal' queues
p.s. if you won't set any limits on that queue, don't forget to change at least something (like queue type) for this queue to actually work
Cool! It seems to work. Much simpler and (as I suspect) faster. Thanks a lot!
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature requests

Mon Sep 05, 2016 11:56 am

Fasttracking that traffic you want to be excluded from queues is much more efficient.
But keep the exclusion queue for the cases when some connections couldn't be fasttracked.
 
mpreissner
Member
Member
Posts: 357
Joined: Tue Mar 11, 2014 11:16 pm
Location: Columbia, MD

Re: Feature requests

Mon Sep 05, 2016 5:46 pm

Please add support for EAP types on VPN connections as you do for wireless. Without EAP support, many security features such as NAP enforcement (using Microsoft NPS as RADIUS) won't work. Specifically, we need support for PEAP and EAP-MSCHAPv2 to get NAP working.

Also consider allowing the ability to set the NAS-Port-Type RADIUS attribute for VPN connections. Currently, ROS sends a NAS-Port-Type of Async for VPN connections. While this might be appropriate for a Dial-Up PPPoE, it is not appropriate for non-Dial-Up VPN connections, and would give us more flexibility in configuring access policies when using Microsoft NPS as a RADIUS server.
 
kimdobranski
newbie
Posts: 43
Joined: Mon Aug 03, 2015 9:39 pm

Re: Feature requests

Mon Sep 05, 2016 10:42 pm

When setting up a radius server, I *really,really,really* need these

1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.

2) i would like the option of putting a DNS instead if an IP (ie. radius1.myradiusserver.com, radius2.myradiusserver.com) in the address field.
You do not have the required permissions to view the files attached to this post.
 
kimdobranski
newbie
Posts: 43
Joined: Mon Aug 03, 2015 9:39 pm

Re: Feature requests

Mon Sep 05, 2016 10:45 pm

Need the WAN MAC address of the ROUTER (not the client) available as a hotspot variable.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Tue Sep 06, 2016 12:20 am

1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.
just add one more Radius Server entry with the same settings
 
DmitryAVET
Member Candidate
Member Candidate
Posts: 112
Joined: Thu Mar 26, 2015 12:27 am
Location: Ukraine, Mukachevo
Contact:

Re: Feature requests

Tue Sep 06, 2016 10:53 am

please add custom name for MAC-adresses and some detailed info about wireless client, like in ubnt unifi
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Tue Sep 06, 2016 12:28 pm

Fasttracking that traffic you want to be excluded from queues is much more efficient.
But keep the exclusion queue for the cases when some connections couldn't be fasttracked.
I have turned off connection tracking for most connections (using raw table), so it won't be efficient in my case.
 
opteron
just joined
Posts: 3
Joined: Tue Sep 06, 2016 4:36 pm

Re: Feature requests

Tue Sep 06, 2016 5:04 pm

Hi There,

We are using a Supermicro 5018 MLNT4 (https://www.supermicro.com/products/sys ... -MLTN4.cfm) with onboard C2000 SoC I354 Quad Nic.
This nic is not supportes... PLEASE ADD THE DRIVERS !
 
mpreissner
Member
Member
Posts: 357
Joined: Tue Mar 11, 2014 11:16 pm
Location: Columbia, MD

Re: Feature requests

Wed Sep 07, 2016 1:33 am

Hi There,

We are using a Supermicro 5018 MLNT4 (https://www.supermicro.com/products/sys ... -MLTN4.cfm) with onboard C2000 SoC I354 Quad Nic.
This nic is not supportes... PLEASE ADD THE DRIVERS !
You're best bet there is to install a hypervisor on that server and run the CHR rather than the standard x86 ROS. Not only will you be able to use the onboard NICs, but you'll also be able to use more than 2GB RAM, and set up multiple instances so you can run in high availability.

That being said, you should have researched hardware compatibility before buying a server.
 
SystemErrorMessage
Member
Member
Posts: 383
Joined: Sat Dec 22, 2012 9:04 pm

Re: Feature requests

Mon Sep 12, 2016 1:25 am

DNScrypt for those filtering ISPs and for added DNS security.
Allowing the installation of software and user made libraries (perhaps java?)
Switch based STP variants and fixing route learning (all devices connected to CRS lose internet connectivity but not LAN when changing port router uses).

I know these have been asked for but for DNScrypt nothing is being said anything about despite a significant number of request (even consumer routers are using it).

Mikrotik needs to be ahead when it comes to network related features compared to what openwrt and consumer routers offer. Cant call yourselves a cisco alternative if its missing features. it doesnt need to come with printer and file sharing in the box (but software from others if can be installed can provide this feature).
 
joca
just joined
Posts: 2
Joined: Sun Aug 26, 2012 1:29 am

Re: Feature requests

Mon Sep 12, 2016 4:07 pm

There is a possibility UPnP create firewall rules Only For Private ips ?
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Mon Sep 12, 2016 4:12 pm

I'd like to have a new feature: "graceful reboot".

Things to do before actual reboot:
1. disconnect ppp users (while not accepting new ones)
2. transition vrrp to backup state
3. disable external bgp peers
4. wait for routing convergence

Without these, there is a time frame when traffic loops and/or goes to a black hole; ppp users experience an abnormal connection termination.
Currently I have a script to do it, but it would be better to have it in the RouterOS.
 
hoop-banger
just joined
Posts: 6
Joined: Tue Jun 13, 2006 2:33 pm

Re: Feature requests

Tue Sep 13, 2016 1:06 pm

This one is related to winbox. Please make internal taskbar in winbox that show opened windows.
Image

Please see attached picture, taskbar is added in photo editor.
 
Staj
just joined
Posts: 20
Joined: Tue Jun 04, 2013 9:35 am

Re: Feature requests

Wed Sep 14, 2016 8:49 am

DHCP Half-Bridge. LTE support is all well and good but without it, makes it hard to integrate into existing networks.
 
2dfx
newbie
Posts: 26
Joined: Tue Mar 05, 2013 6:30 pm

Re: Feature requests

Thu Sep 15, 2016 4:55 pm

Hi all!
What about grouping rules in Winbox like in Microsoft TMG?
It's will be a great features!


See "Web Access Policy Group"
Image
 
User avatar
ppereira
just joined
Posts: 9
Joined: Mon Sep 09, 2013 10:24 pm

Re: Feature requests

Thu Sep 15, 2016 6:27 pm

1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.
just add one more Radius Server entry with the same settings
Hi guys,

Using it like this , the next radius server will be used only when the first did not answer.

There is a way to configure it to be distributed the radius events ... like i configure 4 radius server .. and all radius traffic be process / 4 ?
Client 1 -> radius 1
Client 2 -> radius 2
Client 3 -> radius 3
Client 4 -> radius 4
Client 5 -> radius 1 ....

got it ?

I´m not saying that the actual way it works is bad or good i´m just thinking that could be nice have this option.
 
User avatar
SiB
Forum Guru
Forum Guru
Posts: 1888
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Feature requests

Fri Sep 16, 2016 12:51 pm

Add more details into System > History like:
  • More details in Action, the "filter rule changed" is to short, enter the details of the rule
  • Action Tab should write about "Delete/Insert/Add/Move 5 rules" with description like chain/comment/etc.
  • If I work on SafeMode then the history entry should be have a flag SafeMode - I know what will be safe or drop
 
kimdobranski
newbie
Posts: 43
Joined: Mon Aug 03, 2015 9:39 pm

Re: Feature requests

Sat Sep 17, 2016 12:44 am

1) having a secondary (or multiple) IP address in the event the first IP becomes unavailable or times out.
just add one more Radius Server entry with the same settings
I created a second Radius Server with identical settings and changed the ip to an IP that is actually held by the same server, then i disabled the first entry, but mikrotik reports "Radius Server not responding". When i check the radius server logs, it show its authenticates correctly.

The radius server is set to listen on all ips and that is working, but for some reason the mikrotik is not receiving the response after the radius authenticates.
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Mon Sep 19, 2016 3:08 pm

Hello!

Nice features to have:
1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
2. NAT parameter to-addresses could refer to an IP pool.
Last edited by lavv17 on Wed Sep 21, 2016 10:02 am, edited 1 time in total.
 
LeoCombes
Frequent Visitor
Frequent Visitor
Posts: 78
Joined: Mon May 28, 2007 3:56 pm

Re: Feature requests

Tue Sep 20, 2016 6:34 pm

DHCP accounting through Radius

Would be nice if the routerOS dhcp-server allow logging with radius accounting.
We use dhcp-server from mikrotik (no radius auth) and we need have a log of each IP we offer to each client and when, through radius.

NOTE: accounting != auth

Accounting send "log" for each IP address leased or unleased to Radius server, regardless if IP address is served from external radius server or internal mikrotik DHCP server.

http://forum.mikrotik.com/viewtopic.php?f=19&t=85721
 
User avatar
payam124
Trainer
Trainer
Posts: 19
Joined: Thu Jan 07, 2016 11:44 pm
Location: https://MoLuke.net
Contact:

Re: Feature requests

Fri Oct 14, 2016 3:56 pm

CloudFlare is about removing its API version 1 which allowed users to use get-only requests to modify settings.
I used an script + cloudflare free account to run my dynamic DNS

now in their new API, it is required to send header and ... https://api.cloudflare.com/#dns-records ... dns-record

it would be great if curl support become available


another reference: http://forum.mikrotik.com/viewtopic.php?t=108480
 
Harlong
just joined
Posts: 1
Joined: Wed Oct 19, 2016 7:30 am

Re: Feature requests

Wed Oct 19, 2016 8:12 am

In any scripts for WAN failover, there's some difference for ipv4 and ipv6. When we test some host with /ping, we should know, what protocol (4 or 6) we use. For now, the only solution is to hardcode ipv4 or ipv6 addresses into script, hostnames can not be used, because we can not control, which address will be returned from :resolve.

So, it would be great, if :resolve command will have a parameter to resolve only ipv6(AAAA), only ipv4(A), or both(ANY).
 
Kevo
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Wed Oct 12, 2011 1:38 am

Re: Feature requests

Mon Nov 07, 2016 12:13 am

Could we get a quickset mode for travel router. I'd like to have a mode that let's someone take a map lite and go to quickset and use it to log into the hotel wireless and have wireless repeater mode setup with an SSID they can log into for their devices. Ethernet could be setup with an option for local device access or hotel internet access if wired access exists in the room.

Right now there isn't really a mode that fits and it seems to require some manual config that is beyond the scope of what I would expect to train a traveling sales rep to deal with. Maybe there's a simpler method I'm overlooking. If so, someone please point it out to me.
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Tue Nov 08, 2016 4:59 am

Feature request: Wireless scan save-file should include all info

The current implementation of interface wireless scan 0 duration=5s save-file=temp.txt does not contain all of the information that you would see if you simply did a interface wireless scan 0 duration=5s.

More info: http://forum.mikrotik.com/viewtopic.php?f=1&t=114410
 
User avatar
saaremaa
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Feb 02, 2010 7:48 pm
Location: Baltijos šalių miestas

Re: Feature requests

Wed Nov 09, 2016 7:39 pm

Support Radius attribute "Delegated-IPv6-Prefix"
 
soomanyquestions
newbie
Posts: 35
Joined: Sat Aug 20, 2016 6:35 pm

Re: Feature requests

Thu Nov 10, 2016 9:39 pm

It would be useful and cool to see aggregate statistics in the Graphing tool instead of just each individual interface. It should probably be quite easy to add cause all the data is allready there.
 
User avatar
jiminneworleans
just joined
Posts: 8
Joined: Wed Dec 30, 2015 11:19 pm

Re: Feature requests

Thu Nov 10, 2016 10:58 pm

I'd like to see more buttons in general. Seriously though it would be nice to have a few simple firewall scripts one could choose upon first configuration based on common home or small office scenarios for the cloud routers. I find myself excessively concerned over imagined gaping holes in my firewall scripts.
 
User avatar
tomasi
Frequent Visitor
Frequent Visitor
Posts: 98
Joined: Fri Oct 03, 2014 6:40 pm
Location: Brazil
Contact:

Re: Feature requests

Sat Dec 03, 2016 11:14 pm

Is there any chance of a Zabbix agent .npk listening on port 10050?

:lol: :lol: :lol:
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Mon Dec 12, 2016 4:59 pm

Yet another feature request:

add netwatch options to send TCP port probes (e.g. check if port 80 is open on a server for load balancing)
 
rwf
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Fri Dec 22, 2006 11:38 pm

Re: Feature requests

Fri Dec 30, 2016 2:21 am

We operate a lot of hotspots, using an external AAA/RADIUS solution.
It needs a NASID from the Mikrotik, and unfortunately Mikrotik sets this using ROuter Identity field.

The problem is that this limits us to one hotspot per router which is a huge waste of resources. We sometimes have to put 3 routers at a location to run multiple hotspots.

Can it be added that we place the NASID in the Hotspot Profile, and if it is blank it uses the router identity instead. That way it performs as it does now, but those of us who need different NASIDs can choose to do so.


What do y'all think?
 
tri
just joined
Posts: 14
Joined: Tue Sep 01, 2015 6:23 pm

Re: Feature requests

Sun Jan 15, 2017 1:38 pm

hi

I'd like to see a dummy network interface like one available in generic Linux kernel (http://www.tldp.org/LDP/nag/node72.html).

If all physical interfaces are DHCP it might simplify things to be able to assign a static addresses to an internal interface to make routing and firewall rules simpler.
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: Feature requests

Sun Jan 15, 2017 7:21 pm

how about adding an icon "L" next to each firewall-mangle-nat rules that this rule is "logged" so you can see easy what is logged and not.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Sun Jan 15, 2017 8:33 pm

Small improvements:
1) First column is for rule numbers, logging indicator would better fit in second one, which is sort of status column already.
2) Add a button to easily toggle logging for rule. I often need logging rules that I only quickly turn on and off again, to catch just a few packets. Before this very nice feature that any rule can be also logging rule was added, I used to make a duplicate rule for the one I was interested in, turned it into logging rule and put it before original one. The huge advantage was that it could be enabled/disabled by just one click. With these new non-dedicated logging rules, it requires 3-4 clicks. It may not seem as too much, but it is a little annoying.
easy-log.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Mon Jan 16, 2017 2:25 am

I'd like to see a dummy network interface like one available in generic Linux kernel (http://www.tldp.org/LDP/nag/node72.html).

If all physical interfaces are DHCP it might simplify things to be able to assign a static addresses to an internal interface to make routing and firewall rules simpler.
just create a bridge (call it Loopback1 :)) and assign address to it
how about adding an icon "L" next to each firewall-mangle-nat rules that this rule is "logged" so you can see easy what is logged and not.
Right Click -> Show Columns -> Log. Voila!
Add a button to easily toggle logging for rule. I often need logging rules that I only quickly turn on and off again, to catch just a few packets.
as a workaround you may enable logging in the rule and then just press 'Undo' to disable it after a few seconds
 
mada3k
Long time Member
Long time Member
Posts: 682
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Feature requests

Mon Jan 16, 2017 11:12 am

I'm quite satisfied for the most part, but there is some things i miss from higher-end platforms.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Mon Jan 16, 2017 9:02 pm

Right Click -> Show Columns -> Log. Voila!
You're right, it's there. But not visible by default and too far at the right and "lost" between other columns when enabled. Since logging is useful option available for all rules, IMHO it would deserve more prominent place. But ok, it is usable this way.

And about the toggle button, I might want to quickly not only turn logging off, but also to turn it on, so I think it would be very convenient to be able to do it using only one click. And there's plenty of space for one additional button in button bar.
 
tri
just joined
Posts: 14
Joined: Tue Sep 01, 2015 6:23 pm

Re: Feature requests

Wed Jan 18, 2017 8:10 pm

I'd like to see a dummy network interface like one available in generic Linux kernel (http://www.tldp.org/LDP/nag/node72.html).

If all physical interfaces are DHCP it might simplify things to be able to assign a static addresses to an internal interface to make routing and firewall rules simpler.
just create a bridge (call it Loopback1 :)) and assign address to it
True dat. Thanks. Actually realized this almost immediately after posting. Still, for whatever reason, in Linux there is a dummy interface in addition to bridge. I wonder if there is some overhead involved.
 
tri
just joined
Posts: 14
Joined: Tue Sep 01, 2015 6:23 pm

Re: Feature requests

Wed Jan 18, 2017 8:15 pm

I often miss "copy rule" feature in web management firewall setup. What I'd like to be able to do, is to create a new rule from the existing one so that instead of starting from blank (as in "Add New") I would start with the data of an existing rule.

While this might be really useful especially for firewall rules, I think it could also be nice e.g. in PPP and some other segments too.

//Rinne
 
savage
Forum Guru
Forum Guru
Posts: 1262
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Feature requests

Wed Jan 18, 2017 8:59 pm

If it hasn't been mentioned yet... In the wireless access-lists, you can provide the VLAN ID and VLAN Type for the client's traffic to be taged. In the registration table however, this information is not displayed. So once a client connects, you have no idea to which VLAN the traffic is going (especially when VLANs are assigned via AAA).

Can we include the VLAN information in the registration tables please?
 
tri
just joined
Posts: 14
Joined: Tue Sep 01, 2015 6:23 pm

Re: Feature requests

Thu Jan 19, 2017 4:06 pm

It would be extremely useful in many cases to have a ppp interface dynamically created form the ppp secret (when more than one connection is allowed and/or there is no explicit server binding) to be automatically added to a named interface list when it's created and removed when it's deleted.

Basically there is no need to limit this to dynamically generated interfaces. It might as well apply to a static interfaces if there is an explicit server binding. In any case it would be a property in PPP secret. Something like "Add interface to list: <menu-of-existing-interface-lists>".

I'm sure this would be hugely useful for many users.
 
Railander
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Thu Jun 16, 2016 11:30 pm

Re: Feature requests

Thu Jan 19, 2017 4:16 pm

did a quick search and only found a very old thread.

Add OID for SFP-specific port information such as:

Rx Power
Wavelength
Link Length
Connector Type
Vendor Name
Vendor Part Number
Vendor Revision
Vendor Serial
Manufacturing Date.
 
AlexeyIlinsky
newbie
Posts: 25
Joined: Fri Jan 20, 2017 8:34 am

Re: Feature requests

Fri Jan 20, 2017 8:42 am

Hello it would be good to have optional Radius servers round robin rotation, not only from top to the bottom.

And in Tr069 we (in our configuration) feel like router identity would be useful information in inform update requests.

If that attribute would be writable that it would be easier to change router identity in initial provisioning instead of walk-around with .alter script download containing /system set identity..
 
2dfx
newbie
Posts: 26
Joined: Tue Mar 05, 2013 6:30 pm

Re: Feature requests

Thu Jan 26, 2017 12:24 am

Please add the ability to specify more than one server. for OpVPN and SSTP
And check box "remote random"

Thanks!
 
shortcircuitonline
just joined
Posts: 14
Joined: Thu Jan 19, 2012 11:54 pm
Location: ayia napa cyprus

Re: Feature requests for hardware

Thu Jan 26, 2017 1:54 pm

i m looking into future hardware if possible i hope one day mikrotik can produce some thing like this


cpe with 2 wlan or more wlan cards and same on base station side to
advantages as under:-
bonding to increase speed
may b fail over 2 different base stations or more
different frequency
different channels like 10/20/30/40
and more possibilities are there

shortcircuitonline
raj singh
 
Dmitriy34
just joined
Posts: 16
Joined: Wed Sep 09, 2015 7:03 am

Re: Feature requests

Fri Feb 03, 2017 9:29 am

Hello.

How about accept RADIUS Attribute "Class" in CoA requests?
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature requests

Fri Feb 03, 2017 1:31 pm

Not only being able to extend the timeout in address lists but also being able to reduce the timeouts by entering a lower timeout by a action in a firewall rule.
 
ckleea
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sun Apr 21, 2013 12:19 pm

Re: Feature requests

Sat Feb 04, 2017 9:16 am

Is it possible to add /ip cloud ddns to x86 ROS? It is already available in routerboard hardware and I think it should be extended to x86.

Thanks
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature requests

Sat Feb 04, 2017 1:53 pm

Is it possible to add /ip cloud ddns to x86 ROS?
This has been asked here many times before. Mikrotik usually answers that /ip cloud depends on RouterBOARD serial number, so it can not be just added to x86 as it is. And there are no plans to work on any alternative solution.
 
ckleea
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sun Apr 21, 2013 12:19 pm

Re: Feature requests

Sat Feb 04, 2017 4:16 pm

Is it possible to add /ip cloud ddns to x86 ROS?
This has been asked here many times before. Mikrotik usually answers that /ip cloud depends on RouterBOARD serial number, so it can not be just added to x86 as it is. And there are no plans to work on any alternative solution.
I also have a mikrotik serial number for my ROS installed on my x86 hardware. Their logic is not correct
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature requests

Sat Feb 04, 2017 4:19 pm

I also have a mikrotik serial number for my ROS installed on my x86 hardware. Their logic is not correct
No, you don't. Software ID is not the same as hardware serial number.
 
User avatar
saaremaa
Member Candidate
Member Candidate
Posts: 162
Joined: Tue Feb 02, 2010 7:48 pm
Location: Baltijos šalių miestas

Re: Feature requests

Mon Feb 06, 2017 11:37 am

Please implement this command:
/ip service set dns address=192.168.0.0/24 disabled=no
 
savage
Forum Guru
Forum Guru
Posts: 1262
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Feature requests

Mon Feb 06, 2017 12:33 pm

Please implement this command:
/ip service set dns address=192.168.0.0/24 disabled=no
+1 MT by default being a open resolver is a HUGE pita. You can't expect an ISP with thousands of customers to protect them all, and you can't expect thousands of Mikrotik users to know how to protect their router either. I know of multi 10GB/s ISPs that went down completely due to MT being used in DNS amplification attacks.

Yes, you can block it in firewall, but as soon as you do you loose piles of features (ala fastpath/fasttrack/connection tracking/etc). Silly that other services can be protected by /ip services, but not CRITICALLY VULNERABLE services, such as DNS, SMB, Proxy, Socks, etc. which is known to be used in exploits and DDoSes.

Would like every service MT runs (SMB, Socks, Proxy, DNS, etc.) to all have ACLs in /ip services AFAIK, and would be good to have it 'locked down' by default to say 1921.68.1.0/24 seeing that the default IP on hardware devices is 192.168.1.1/24.
 
expert
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Sun Dec 04, 2016 1:22 pm

Re: Feature requests

Mon Feb 06, 2017 12:54 pm

Would like every service MT runs (SMB, Socks, Proxy, DNS, etc.) to all have ACLs in /ip services AFAIK, and would be good to have it 'locked down' by default to say 1921.68.1.0/24 seeing that the default IP on hardware devices is 192.168.1.1/24.
Afaik factory default is 192.168.88.1/24, but I agree. On the other hand, DNS on MK is totally obsolete service. Running DNS service on internet gateway is fundamentally a security risc. It also does not support modern features like DNSSec, so I would rather go with Ubound or Knot running on dedicated host.
 
savage
Forum Guru
Forum Guru
Posts: 1262
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Feature requests

Mon Feb 06, 2017 1:22 pm

On the other hand, DNS on MK is totally obsolete service. Running DNS service on internet gateway is fundamentally a security risc.
As is NTP Servers (ntp server magically disappeared from ROS in some version), web proxy, socks (really now, who still uses socks?), smb, and I'm sure other things too. Unfortunately, that seems to be what consumers want. Just really wish we could have all these things in separate packages so that we don't have to always have them installed.

Most of these services, belong on proper servers yes. I'm all for moving all these things (at the very least) to a meta router image, which is completely separated from ROS and installed at will, not by default. Userman is separated, dude is separated, I fail to see why the other stuff can't be made separated as well.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Mon Feb 06, 2017 8:27 pm

NTP server was always separate package, as long as I remember. Other stuff could be moved into one (or more) too, but there probably isn't good enough reason to do it (not counting your peace of mind :)). If you don't enable any of it, all this stuff does is taking few hundreds kilobytes of disk space at most.

And of course consumers want it, it's because it's useful for them. If you're big ISP, it does not make any sense to run e.g. DNS resolver on RouterOS (not in its current state with very limited features, that's for sure). But if you're home user or small office, then it's the exact opposite. Keeping dedicated machine for this stuff is huge overkill. Current routers are pretty powerfull and can easily handle all these little extras and still manage to stay bored.

Btw, I think SOCKS is very underrated. It works with TCP and UDP, support both outgoing and incoming connections, supports authentication, can be used as IPv4/IPv6 proxy, and still it's very lightweight. It may not sound as much now, since almost everyone took different path, but this all was available since 1996 (year of SOCKS5 RFC). Why things like HTTP CONNECT caught on instead of this is beyond me. It still has some fans. ;)
 
Arcticfox
just joined
Posts: 19
Joined: Fri Mar 29, 2013 2:29 pm

Re: Feature requests

Mon Feb 06, 2017 11:31 pm

Can you make a small feature for mAP devices such as USB-NIC?
 
savage
Forum Guru
Forum Guru
Posts: 1262
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Feature requests

Tue Feb 07, 2017 9:50 am

Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 2095
Joined: Mon Jan 14, 2008 1:53 pm
Location: Over the Rainbow
Contact:

Re: Feature requests

Tue Feb 07, 2017 10:07 am

Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)
This has been requested, and confirmed by Mikrotik for routing filters in v7.
 
savage
Forum Guru
Forum Guru
Posts: 1262
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Feature requests

Tue Feb 07, 2017 10:13 am

Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)
This has been requested, and confirmed by Mikrotik for routing filters in v7.
Oh fantastic! So, when can I get V7 then :lol:
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Thu Feb 09, 2017 2:50 pm

Filtering packets in chain=input can affect srcnat. So it would be nice to limit filtering to local routers's IP addresses. But it would be hard to maintain such a list of addresses, if the router's configuration is changed from time to time.

So here goes a feature request: an automatic address-list "local-router" (or similar name) which is generated automatically from the local IP addresses of the router.

P.S. Thanks to msatter who pointed out the existing
dst-address-type=local
option.
Last edited by lavv17 on Fri Feb 10, 2017 3:09 pm, edited 1 time in total.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature requests

Thu Feb 09, 2017 3:25 pm

Filtering packets in chain=input can affect srcnat. So it would be nice to limit filtering to local routers's IP addresses. But it would be hard to maintain such a list of addresses, if the router's configuration is changed from time to time.

So here goes a feature request: an automatic address-list "local-router" (or similar name) which is generated automatically from the local IP addresses of the router.
There is the option:
src-address-type (unicast | local | broadcast | multicast; Default: )

Matches source address type:

unicast - IP address used for point to point transmission
local - if address is assigned to one of router's interfaces
broadcast - packet is sent to all devices in subnet
multicast - packet is forwarded to defined group of devices
And this one can also be used if you have an dynamic WAN address.
 
User avatar
agomes
newbie
Posts: 38
Joined: Thu Mar 17, 2016 8:16 am

Re: Feature requests

Thu Feb 09, 2017 4:47 pm

It will be good if RouterOS will have integrated brute force protection and filter.
It does

http://wiki.mikrotik.com/wiki/Bruteforc ... prevention
Nice!
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Feature requests

Thu Feb 09, 2017 10:54 pm

Another good one, IMHO...

Route-Filters - have the ability to synchronize prefixes received/withdrew to dynamic access-lists.

This gives us the ability to very easily match entire ASNs in firewall rules :)
This has been requested, and confirmed by Mikrotik for routing filters in v7.
Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Fri Feb 10, 2017 12:44 am

Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Fri Feb 10, 2017 12:59 am

It will be good if RouterOS will have integrated brute force protection and filter.
Most definitely! The current "implementation of brute force protection" is a joke. A counter on port visits as opposed to actually checking whether the login succeeds or not.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Feature requests

Fri Feb 10, 2017 11:37 am

Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes
Great, any chance we'll see acl's (filter groups) as well?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Fri Feb 10, 2017 2:51 pm

Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes
Great, any chance we'll see acl's (filter groups) as well?
what is that? ACLs are IP Firewall (Filter, Mangle, NAT). what else do you need?
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Fri Feb 10, 2017 3:00 pm

There is the option:
src-address-type (unicast | local | broadcast | multicast; Default: )
local - if address is assigned to one of router's interfaces
Cool, thanks! I'll use this feature.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Feature requests

Fri Feb 10, 2017 3:27 pm

Is Route-Filter equivalent (or similar) to the Cisco Route-Maps?
yes
Great, any chance we'll see acl's (filter groups) as well?
what is that? ACLs are IP Firewall (Filter, Mangle, NAT). what else do you need?
The ability to utilize grouping of for example firewall filters is a matter of making network management more manageable and perspicuous, thus this is especially useful in complex environments. If you're familiar with Cisco ACL Object Groups you probably know what I mean...

Ref: Cisco IOS: Object Groups for ACLs
 
Rolek
just joined
Posts: 1
Joined: Mon Jan 28, 2013 3:49 pm

Feature request : HotSpot

Fri Feb 10, 2017 11:16 pm

Hi!

HotSpot Status page sometimes is not necessary

> ip hotspot user profile set open-status-page=
always http-login never
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

RoS v7 wishlist

Sat Feb 11, 2017 2:19 am

RoS v7 wishlist 2017-02-11

I’m rather new to the MT-world since about a year ago and it’s probably way too late to influence R&D at this stage but anyhow, here is my wish list for v7:

- A good object oriented scripting language with a small “footprint” for embedded system such as Lua (eLua), Python, Squirrel, TinyC, Tcl, JavaScript, AngelScript, Picobit, Forth
- Object oriented interfaces for all hardware resources and network related elements for example:
Ethernet eth1 = router.hardware.ether1;

eth1.ip.address = “192.168.0.1”;
eth1.status = enabled;

log (“Eth1 - current speed: “ + eth1.speed);
- Script libraries.
- Event triggers on all objects that have properties that may change.
- Object groups for acl’s, routing policies, interfaces, queue, etc.
- Enhanced debugging/tracing that can show the whole packet path through all chains, queues and possible stops.
- Simplified interface for queue management in complex environments.
- Virtual hardware interface for direct attached AP's, BaseBox SXT LTE, etc in order to check and control important properties and subscribe to real time events like link status etc.
- Pluggable interfaces and protocols to preserve resources.
- Pluggable controller to enable Software Defined Networking.
- Fast and structured storage like sqlite for scripting purposes..
- The ability to develop and run third party pluggable add-ons running on a sandboxed environment (e.g. Linux Docker) for supplementary services like:
  • hotspot management
    accounting and billing
    two factor authentication
    OpenVPN AS
    performance tools
    enhanced management services
    storage providers
    move User-Manager and Netwatch here
- API using standardized interfaces and RCP techniques such as, or similar to:
  • JSON/REST
    CORBA RPC
    ONC RPC
    DCE RPC
- Encrypted key storage for storing passwords used in scripts, certificate private keys, etc.
- Security enhancements
  • Two factor authentication for management access and VPN tunnels.
    Password (or possible ACL) protected files and settings
    LDAP integration for management access.
    Real brute force protection
- Network Monitoring and Management
  • - Pluggable module for Network Management (NMS) with support for:
    OpenFlow/NetFlow (SDN)
    RMAN2
    CIM/WBEM (SBLIM)
    SNMPv3 with enhanced security
    Enhanced MIB-II trees
    SNAP traps for all manageable objects (both hw and sw)
- Various protocol enhancements: IKEv2, OpenVPN UDP + options like ZLE/EAS/TLS-AUTH etc, 2FA, DNSSEC, IPSEC/VT, NAT64.
- Multiple MAC’s and IP’s per ethernet/sfp interface.

Work out a new license model and divide the above into different level of capabilities that will also make it possible to run on less powerful devices.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Sat Feb 11, 2017 4:47 am

Nice list, but you have to ask yourself - do you want to see RouterOS v7 before or after 2020? ;)
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Feature requests

Sat Feb 11, 2017 1:22 pm

Nice list, but you have to ask yourself - do you want to see RouterOS v7 before or after 2020? ;)
Well, most definitely not before 2020 if they choose to develop everything from scratch. :lol:

It's actually possible to create a working prototype with most of the features from the wishlist on a small device like the Raspberry Pi in just a couple of days. And yes, you obviously need to configure everything manually the typical Linux way through shell scripts and edit tons of files. But it's quite doable and I've done it my self although the configuration process was definitely the major obstacle. You could probably even use a RB to implement your own prototype: HOWTO: Dual-booting RouterOS and OpenWRT on RouterBoard

Hopefully they'll implement RoS v7 on a new and flexible platform using frameworks such as XDP/eBPF/NFtables, pluggable kernel modules for example communication and management protocols, and using Linux Docker as sandbox environment for third party add-ons. And there are plenty of open source protocol stacks that can act as base for further work. An example of a company that make heavy use of open source is Brocade and you can even find the complete src for the old Vyatta Vrouter. If R&D at MikrotIk choose this way of working they can initially implement the basic functionality quite fast and work their way up in the food chain so to speak.

There's nothing new under the sun and everything is up for grabs but hopefully they'll make it happen! :D
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature requests

Sat Feb 11, 2017 4:20 pm

The trouble with working prototypes is that while you can create one in couple of days, you then need couple of months to turn them into something you can share with others, and much more if you want to reliably tackle all corner cases. I imagine there are quite a few in something with RouterOS size. So while I hope to see some of your suggestions make it into v7, I think a lot of others can be just distant dream for v8 or so.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Feature requests

Sat Feb 11, 2017 6:15 pm

The trouble with working prototypes is that while you can create one in couple of days, you then need couple of months to turn them into something you can share with others, and much more if you want to reliably tackle all corner cases. I imagine there are quite a few in something with RouterOS size. So while I hope to see some of your suggestions make it into v7, I think a lot of others can be just distant dream for v8 or so.
Yeah, the prototype is usually just a part of a POC they probably did ages ago. If they are smart, they'll release a version that will match the functionality in v6 and continues from there when things have stabilised. One thing is for sure, the folks at marketing will have to cope with all the people that have extremely high expectations of v7 and that believes it will solve all problems in the world! :-D

Anyhow, I would guess that much of the work is put on developing their own nftable bytecode compiler/decompiler "engine" that needs to be tightly integrated into the user interface. In general it's a quite big step to move from iptables to nftables but in the long run, the operation and management of the development projects will become greatly simplified in regards of correcting bugs and adding new features.

And they will of course need to integrate new protocol stacks that's not part of the standard kernel but I really hope they'll avoid develop new protocols themselves and instead put all effort in integrating open source or licensed software...
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Feature requests

Sat Feb 11, 2017 6:42 pm

Btw, are there currently any big showstoppers in regards of bugs or missing features that would actually force people to pick other vendors even if they preferred MT?
 
SystemErrorMessage
Member
Member
Posts: 383
Joined: Sat Dec 22, 2012 9:04 pm

Re: Feature requests

Sun Feb 12, 2017 12:40 am

All i want is for mikrotik routerOS for routerboards at least to have all the features that both consumer and prosumer routers have and many features that industrial routers have as well. By that i mean in consumer routers in the config you can use domains in some of the configuration which is resolved when used rather than stored as an IP. If you look at openwrt and what linux based consumer routers can really do if you get into the linux bit and start adding and changing config files, it really makes those routers flexible. Mikrotik routerOS is only flexible with what you see infront of you, being able to add rules but you cant do really complex things without having to deal with MT's script and scheduler which tends to get broken and fixed multiple times. Last month i updated to 6.37 and it broke the scheduler and the OpenDNS update script timed out. Updated to lastest firmware today for the TILE and while the scripts work now the scheduler still doesnt work. I use the commands you would use in the command lines to run multiple scripts from 1 schedule which worked till i updated to version 6.37.
 
craterman
just joined
Posts: 22
Joined: Tue Oct 14, 2014 1:26 pm

Re: Feature requests

Mon Feb 13, 2017 9:07 am

RFC 3021
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Feature requests

Mon Feb 13, 2017 9:46 am

RFC 3021
What about this workaround? http://forum.mikrotik.com/viewtopic.php?t=7367#p32149. You might even save some addresses...
 
dukejjjj
just joined
Posts: 4
Joined: Fri Dec 23, 2011 6:00 pm

Re: Feature requests

Wed Feb 15, 2017 8:17 am

I have a suggestions

ip firewall connections add new columns like IP Geo / country / ISP .... information
 
dattl
just joined
Posts: 10
Joined: Sun Sep 27, 2015 1:57 pm

Re: Feature requests

Thu Feb 16, 2017 11:24 am

Hi,
First: I love Mikrotiks, I have allready 60+ pieces brought out to a lot of Customers.
One litte thing that would be very handy for me is:
IPSec Policy with ADDRESSLIST
feature instead of 1 policy per subnet on same VPN-Peer, as I have 1 customer with around 150 subnets and this is a total overkill for searching throug policis.
The Mailfirewall there is a Sonicwall and this supports subnetgroups for VPN-Policies. So the similar thing would be addresslists in Mikrotik.

Thank you for youre great work!
Best
-Dattl
 
SDFadfasdfadsf
just joined
Posts: 23
Joined: Sun Feb 07, 2016 2:21 am

Re: Feature requests

Sun Feb 19, 2017 2:47 am

RFC 8092 BGP Large Communities implementation Feature Requested 2016090522001073

timeline available?
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Feature requests

Thu Feb 23, 2017 12:58 pm

Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature requests

Thu Feb 23, 2017 1:14 pm

Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.
This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Feature requests

Thu Feb 23, 2017 8:30 pm

This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.
Thank you, I will look at your suggestion ... but anyway I find it would be way more user friendly to have for example a "Locate" button in Routerboard menu instead of having to program scripts for such a task.

JF.
 
anuser
Long time Member
Long time Member
Posts: 601
Joined: Sat Nov 29, 2014 7:27 pm

Re: Feature requests

Mon Feb 27, 2017 5:40 pm

What about enhancing CAPSMAN:
- centralized upgrade for RouterBoot (button for "/system routerboard upgrade") would be nice.
- "Right click" into remote CAPs list and directly connect to one of the CAP device itself
- management of all routerboards, also without wifi
 
CerpinTaxt
just joined
Posts: 5
Joined: Wed Mar 01, 2017 3:12 am

Re: Feature requests

Wed Mar 01, 2017 3:16 am

Usermanager:
Currently, maintaining users via web browser provides more information than can be obtained using the CLI directly on the router (e.g. Total time left/Till Time can be seen on browser, but not Winbox) this makes using the API to get this information impossible. Could this be added in the output of
/tool user-manager user print
or even
/tool user-manager user print detail
would be great. The CLI should have everything a GUI has (plus more?!)
 
gilson
just joined
Posts: 3
Joined: Sat Mar 04, 2017 9:44 pm

Feature requests: In Winbox, copy from Log panel to clip board.

Sat Mar 04, 2017 10:02 pm

While using Winbox, I always missed the ability to allow to mark and copy form the log panel to clip board, as well a Find box. It would be very useful.
Last edited by gilson on Thu Apr 13, 2017 2:30 pm, edited 1 time in total.
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Mon Mar 06, 2017 3:04 am

The ability to copy and paste data more easily.
1) Selected text from the log to the clipboard.
2) From random tables into the clipboard in csv format.
 
hyperpaccket
just joined
Posts: 5
Joined: Mon Mar 06, 2017 6:10 am

Re: Feature requests

Mon Mar 06, 2017 6:15 am

More than 2GB of ram for the X86 Build.
 
JanezFord
Member Candidate
Member Candidate
Posts: 269
Joined: Wed May 23, 2012 10:58 am

Re: Feature requests

Fri Mar 10, 2017 2:39 pm

Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.
This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.
Hmm... can't make any of the 20 wAP devices beep.... is it just me or the damn thing does not have a beeper??? The 850Gx2 beeps OK...

JF.
 
mlow
just joined
Posts: 18
Joined: Sun Oct 05, 2014 10:42 am

Re: Feature requests

Fri Mar 10, 2017 11:43 pm

RFC6939 for the DHCPv6 relay.
Would be extremely useful for doing MAC address based DHCPv6 reservationsRFC4649
Last edited by mlow on Mon Apr 03, 2017 2:53 am, edited 1 time in total.
 
exploit
just joined
Posts: 3
Joined: Fri Mar 10, 2017 1:36 pm
Location: Krasnodar, Russia

Re: Feature requests

Mon Mar 13, 2017 7:55 am

1. I believe that you need to add ability to associate an IP address with two different mac-addresses. This allows you to give the same network address to a device that connects at different times from different interfaces (for example, ethernet or Wi-Fi in laptops)
This feature is implemented in dnsmasq (for example, dhcp-host=38:B1:DB:38:B4:23,28:d2:44:d0:e0:3e,192.168.0.111)

2. I do not receive the network route specified in the profile of the l2tp client. This topic was previously discussed in your forum: viewtopic.php?t=56079
This feature is implemented in SoftEther

Thus, both possibilities requested by me are technically feasible.
 
meckanix
just joined
Posts: 4
Joined: Sat Nov 09, 2013 11:22 am

Re: Feature requests

Wed Mar 15, 2017 4:29 pm

Can we add a VRF setting to the DHCP relay so that the relay can be used within a VRF?
 
neticted
Member Candidate
Member Candidate
Posts: 137
Joined: Wed Jan 04, 2012 10:36 am

Re: Feature requests

Fri Mar 17, 2017 1:18 pm

I use wireless roaming feature and I have set Signal range in Access list to kick clients with low signals.

It works fine for most of the time but sometimes some clients got kicked frequently even with good signal.

After some time of monitoring this issue I concluded that problem is that it happens that client momentarily is received with low signal, and Mikrotik kicks it at once.

If I set lowest allowed signal to very low, client does not get kicked. But, that ruins whole idea of roaming as then clients stay connected to node even with very low signal.

My proposal is to introduce option to set hysteresis (delay) to kicking clients if signal is out of specified level range. Goal is to kick client if it really has low signal for some time not just because it is measured low for a moment.
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Wed Mar 29, 2017 3:41 pm

Hello!

RouterOS "ip route print where dst-address in x.x.x.x/z" is fast. But for a reason the same for ipv6 is slow (when the number of routes is large).

Please, make ipv6 route lookups fast as well.
 
savage
Forum Guru
Forum Guru
Posts: 1262
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: Feature requests

Wed Mar 29, 2017 3:44 pm

Hello!

RouterOS "ip route print where dst-address in x.x.x.x/z" is fast. But for a reason the same for ipv6 is slow (when the number of routes is large).

Please, make ipv6 route lookups fast as well.
And IPv6 filter on dst-address doesn't work at all in Winbox
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Mar 30, 2017 4:09 am

Bridge-like filtering (L2) for Mesh.
 
lavv17
Member Candidate
Member Candidate
Posts: 120
Joined: Sat Sep 01, 2007 9:01 am

Re: Feature requests

Tue Apr 04, 2017 12:34 pm

It would be nice if routing updates were more atomic. Currently converging BGP full view can lead to temporary routing loops. They last for a minute or two.

My setup consists of 3 CCR1036 routers facing different providers; iBGP between each pair of them. When a router boots up, a temporary loop can be created for a pair of minutes.

Also I'd like to repeat my plea of a graceful reboot option: viewtopic.php?f=1&t=45934&p=556840&hili ... ul#p556840
 
Nee
just joined
Posts: 1
Joined: Tue Apr 11, 2017 4:45 pm

Re: Feature requests

Tue Apr 11, 2017 5:03 pm

1. dstnat for output chain - i.e. to route Mikrotik's DNS requests to different DNS servers / interfaces
2. hardware ipsec acceleration for processors, which support it (i.e. RB3011) - maximum ipsec performance is the must for many modern configs, imho
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Apr 13, 2017 8:11 am

Please add a button to clear the log. It's practically impossible to try and debug routers over crappy connections when just attempting to load the log causes the connection to break. If I could periodically clear the log it would reduce the traffic enough for the connection to remain viable.

I've tried the methods listed on the forum and they no longer work.
 
OnixJonix
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Feature requests - CAPS Logs explained

Thu Apr 13, 2017 10:32 am

Please come up with CAPS logs explanation!!!!
Stuck with capsman problems - see problems in log files, but not sure what it mean an what direction look for!!

for example:
caps,error removing stale connection [E4:XX:8C:D4:11:99/18/b823,Run,[E4:XX:8C:D4:11:99]] because of ident conflict with [E4:XX:8C:D4:11:99/18/e84d,Join,[E4:XX:8C:D4:11:99]]
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature requests - CAPS Logs explained

Thu Apr 13, 2017 11:39 am

caps,error removing stale connection [E4:XX:8C:D4:11:99/18/b823,Run,[E4:XX:8C:D4:11:99]] because of ident conflict with [E4:XX:8C:D4:11:99/18/e84d,Join,[E4:XX:8C:D4:11:99]]
You might be using the same certificate on multiple CAPs. Take this as an educated guess, not a definitive answer.
 
OnixJonix
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Feature requests - CAPS Logs explained

Thu Apr 13, 2017 1:08 pm

caps,error removing stale connection [E4:XX:8C:D4:11:99/18/b823,Run,[E4:XX:8C:D4:11:99]] because of ident conflict with [E4:XX:8C:D4:11:99/18/e84d,Join,[E4:XX:8C:D4:11:99]]
You might be using the same certificate on multiple CAPs. Take this as an educated guess, not a definitive answer.
No certificates at all!! Maybe thats the problem??
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature requests - CAPS Logs explained

Thu Apr 13, 2017 1:33 pm

No certificates at all!! Maybe thats the problem??
Another guess- CAPs with duplicated MAC addresses. Do you happen to use backup/restore to clone configuration of CAP devices?
 
felipelinkmais
just joined
Posts: 3
Joined: Thu Oct 20, 2016 1:32 pm

Re: Feature requests

Thu Apr 13, 2017 9:31 pm

Will be nice if mikrotik create a new OLT package.. to turn any mikrotik device with sfp slot in one GPON/EPON OLT.
 
OnixJonix
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Thu Jun 22, 2006 11:35 am
Location: Latvia

Re: Feature requests - CAPS Logs explained

Tue Apr 18, 2017 8:25 am

No certificates at all!! Maybe thats the problem??
Another guess- CAPs with duplicated MAC addresses. Do you happen to use backup/restore to clone configuration of CAP devices?
Have ~50Caps - in Capsman Radio list shows all, and in the list no dublicated macs!!! This was my first gues, but seems there everything is ok!!
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Tue Apr 18, 2017 10:34 am

Please make it possible to change the comment associated with a connection without it restarting said connection.
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Wed Apr 19, 2017 6:39 am

Could we get the LAC (local area code) also being displayed in in the info box for 3G/4G modems? This information is required to locate the sim. Currently the cellid is being displayed and it's possible to determine MCC and MNC. See http://cellidfinder.com/
 
scus
just joined
Posts: 6
Joined: Mon Aug 08, 2016 3:29 pm

Re: Feature requests

Wed Apr 19, 2017 3:54 pm

In case that public key authentication is used (and passwords are disabled) the SSH server should drop the connection immediately if no public key is provided by the client (instead of asking for a password and denying access even if a valid password is provided). There should also be a configuration option to allow password authentication in addition to public key authentication.

I have thousands of failed login attempts (from different IPs), all trying to login as admin, user, test, etc. using passwords...
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Feature requests

Wed Apr 19, 2017 5:06 pm

[Active Users (Admins)]
Is there any way to cut the connection of a remote admin.
Amazing how this feature does not exist!
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature requests

Wed Apr 19, 2017 9:21 pm

Do you want to be cut off by a hacker?
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Feature requests

Thu Apr 20, 2017 3:25 pm

Look this:
How do I delete previous sessions stuck in an easy way?
You do not have the required permissions to view the files attached to this post.
 
User avatar
macsrwe
Forum Guru
Forum Guru
Posts: 1007
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: Feature requests (DNS names input instead of IP address)

Fri Apr 21, 2017 9:29 pm

Hi,

Please add feature that will allow me to add DNS name instead of exact IP address. I need this to connect 2 or more MKT routers (PPTP connection) if they are connected to internet thru ADSL and theirs IP addresses are dynamic. I hope that you understand what I am saying and that we can expect this feature in new ROS.

bye,

;-)
i think that this should be global. anywhere you specify a dns name it should be resolved.
Yes, but not immediately - it should be stored as a DNS name and resolved in real time. For example, it's pointless to resolve /tool email server once and store it as a numeric address, which is why ROS will store it as a name. However, /system watchdog resolves the same server once and then stores it as a number, which is wrong. Also, you don't want things to fail because they can't be resolved immediately when you are configuring a router on a workbench and it has no connection to your network.
 
User avatar
macsrwe
Forum Guru
Forum Guru
Posts: 1007
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: Feature requests

Fri Apr 21, 2017 9:34 pm

Please make it possible to change the comment associated with a connection without it restarting said connection.
This would be good for both /int wireless access and /int wireless connection; also the "add to access list" and "add to connection list" operations, where you already know that the resulting entry will not be incompatible with the connection that already exists, because it is being generated from that connection.
 
User avatar
macsrwe
Forum Guru
Forum Guru
Posts: 1007
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: Feature requests

Fri Apr 21, 2017 9:38 pm

Please add some kind of "find router" feature. I often take over projects from other people and have to search for bunch of devices sometimes in many rooms even buildings. A simple "beep constantly" feature could save me a lot of time. You wouldn't believe where people put their routers and wifi access points. This way devices can be located without disrupting their operation. Beep constantly + maybe some kind of LED visual feedback would be nice to have.

JF.
This is already possible, there is a :beep console command and also leds can be turned on/off. Simple script will do the trick.
Hmm... can't make any of the 20 wAP devices beep.... is it just me or the damn thing does not have a beeper??? The 850Gx2 beeps OK...

JF.
Many of the newer, lower-cost devices have no beepers. :-( I have come to rely on the beepers for so much diagnosis (esp. SXT setup) and I really miss them. I would pay the extra buck.
 
User avatar
horhay
newbie
Posts: 29
Joined: Sat Jun 20, 2015 7:19 pm
Location: Ontario, Canada
Contact:

Re: Feature requests

Fri Apr 21, 2017 11:44 pm

Help us old keyboarders out and add ALT tags to menu and buttons.

This way we can use ALT C for a Close button or ALT O for OK.
 
skuykend
Member Candidate
Member Candidate
Posts: 274
Joined: Tue Oct 06, 2015 7:28 am

Re: Feature requests

Sat Apr 22, 2017 3:59 am

During an Export of /Interface/Ethernet/Switch/Ports it would be nice to have it use a [ find default-name=xxxxx ] like the /interface ethernet export instead just the set#.
 
Andrew08
just joined
Posts: 2
Joined: Thu Jul 23, 2015 8:11 am

Re: Feature requests

Sat Apr 22, 2017 10:32 am

Ip dns port support
So for example we can use 208.67.220.220:443
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: Feature requests

Sat Apr 22, 2017 4:39 pm

Requesting for neater and more readable exports

currently:
export compact
/something1
some config
/something2
some config
suggestion:
export compact
/something1
some config

/something2
somet config
spacing them out improves readability a lot.
 
Zero3K
just joined
Posts: 17
Joined: Sat Apr 22, 2017 11:25 pm
Location: Louisville, KY, USA

Re: Feature requests

Sun Apr 23, 2017 1:33 am

It would be nice if there was an option to display a box containing the Ethernet and DHCP Clients (with the Mac, IP, and how long it has been online) connected to it in the Quick Set page.
 
tawhwat
just joined
Posts: 15
Joined: Fri Oct 28, 2016 5:45 pm

Re: Feature requests

Sun Apr 23, 2017 5:29 pm

I believe this request can be implemented very fast but it helps the ROS management with Multiple WAN a lot! :wink:
The "/ping" and "/system ssh" allow user to specify the "src-address" parameter so that the command can initiate the network connection on specific WAN easily.
BUT "/tool fetch" doesn't include "src-address" parameter.

The problem is one ISP blocks all incoming ping request, thus I cannot use ping as a remote monitoring facility, I need to find alternatives to archive this goal.
I write script to carry out the monitoring job, but as I know, "/system ssh" cannot be executed under script environment, which means I cannot use "/system ssh" to do this job.
The only way to choose is to use "/tool fetch" facility to monitor the remote ROS, BUT it lacks "src-address" parameter, to supplement this deficiency, before using the "/tool fetch", I need to specify a temporary custom route to fix the outgoing path for remote target.

The whole situation can be simplified tremendously by only adds the "src-address" parameter to "/tool fetch"
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 228
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: Feature requests

Sun Apr 23, 2017 7:26 pm

I believe this request can be implemented very fast but it helps the ROS management with Multiple WAN a lot! :wink:
The "/ping" and "/system ssh" allow user to specify the "src-address" parameter so that the command can initiate the network connection on specific WAN easily.
BUT "/tool fetch" doesn't include "src-address" parameter.

The problem is one ISP blocks all incoming ping request, thus I cannot use ping as a remote monitoring facility, I need to find alternatives to archive this goal.
I write script to carry out the monitoring job, but as I know, "/system ssh" cannot be executed under script environment, which means I cannot use "/system ssh" to do this job.
The only way to choose is to use "/tool fetch" facility to monitor the remote ROS, BUT it lacks "src-address" parameter, to supplement this deficiency, before using the "/tool fetch", I need to specify a temporary custom route to fix the outgoing path for remote target.

The whole situation can be simplified tremendously by only adds the "src-address" parameter to "/tool fetch"
+1
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: Feature requests

Mon Apr 24, 2017 8:02 pm

please, MSTP & PVRSTP next version...
 
sparker
just joined
Posts: 23
Joined: Mon Jan 23, 2012 5:48 pm
Location: Russia / Chelyabinsk

Re: Feature requests

Tue Apr 25, 2017 9:49 am

+1
Really need, please!
 
biatche
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Oct 13, 2015 6:50 am

Re: Feature requests

Wed Apr 26, 2017 5:55 am

request: a default set if IPv6 firewall rules with IPv6 enabled be default
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Wed Apr 26, 2017 6:46 am

Please add the ability to do a where query in [] with any valid-variable.

fail example:
:local identity "testRouter"
:local interface [/ip neighbor find where identity=$identity]

fail reason:
result differs from :local interface [/ip neighbor find where identity="testRouter"]
contains several interface which don't have the specified identity.

pass example:
:local macAddress "00:11:22:33:44:55"
:local interface [/ip neighbor find where mac-address=$macAddress]

pass reason:
gives exact same result as :local interface [/ip neighbor find where mac-address="00:11:22:33:44:55"]
contains only interfaces that have that MAC address
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Thu Apr 27, 2017 2:08 am

The problem is one ISP blocks all incoming ping request, thus I cannot use ping as a remote monitoring facility, I need to find alternatives to archive this goal.
I write script to carry out the monitoring job, but as I know, "/system ssh" cannot be executed under script environment, which means I cannot use "/system ssh" to do this job.
The only way to choose is to use "/tool fetch" facility to monitor the remote ROS, BUT it lacks "src-address" parameter, to supplement this deficiency, before using the "/tool fetch", I need to specify a temporary custom route to fix the outgoing path for remote target.

The whole situation can be simplified tremendously by only adds the "src-address" parameter to "/tool fetch"
setup some VPN tunnel between the routers :)
then you may ping inside the VPN, or just use VPN Interface state to detect remote failure
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Thu Apr 27, 2017 2:15 am

Please add the ability to do a where query in [] with any valid-variable.

fail example:
:local identity "testRouter"
:local interface [/ip neighbor find where identity=$identity]

fail reason:
result differs from :local interface [/ip neighbor find where identity="testRouter"]
contains several interface which don't have the specified identity.
that's because the variable name "identity" is the same as parameter name "identity". the following code works correctly:
:local id "testRouter"
:local interface [/ip neighbor find where identity=$id]
by the way, use the following is also correct:
:local interface [/ip neighbor find where $identity=$id]
:local interface [/ip neighbor find $identity=$id]
 
Wyz4k
Member Candidate
Member Candidate
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: Feature requests

Thu Apr 27, 2017 5:39 am

Thank you, I will try it out!
 
User avatar
doneware
Trainer
Trainer
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

dhcp clientid in dns req

Thu Apr 27, 2017 9:37 pm

this one can be quite neat if someone is into parental control

https://datatracker.ietf.org/doc/draft- ... -clientid/

the code is there in dnsmasq since 2.76

Who is online

Users browsing this forum: Google [Bot], GoogleOther [Bot], kazza, Soleous75 and 74 guests