Community discussions

MikroTik App

Search found 447 matches

  • 1
  • 2
by kevinds
Sat Mar 04, 2023 8:27 am
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 48899

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

Grab a support file on 7.8, downgrade to 7.7, if it works again using 7.7, open a support ticket.
by kevinds
Tue Feb 14, 2023 4:29 am
Forum: Beginner Basics
Topic: RB760igs I can't ping workstations or access shared folders
Replies: 7
Views: 845

Re: RB760igs I can't ping workstations or access shared folders

But I can't access any network maq or a printer on the network I try to ping and it doesn't find the network maq. You know what could be going on. if anyone can help me? Also remember that the Windows Firewall blocks all that stuff by default.. Check that your hosts do not have this network set as ...
by kevinds
Tue Feb 14, 2023 1:50 am
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

I did that at my parent's place when I was younger.. haha Telephone line though, for dialup..
by kevinds
Tue Feb 14, 2023 1:30 am
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

I will encourage both options.. Especially "b". :D Already have a longer-term goal of talking to the ISS as it passes over.. Likely less effort to hack the Pi-Hole server and disable the custom domain blacklists.. Quick/dirty solution to "b" would be deauths though.. ;) BOFH, I a...
by kevinds
Tue Feb 14, 2023 12:32 am
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

They tried that when I blocked YouTube...

I turned off their cellular data in response.. ;)
by kevinds
Tue Feb 14, 2023 12:03 am
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

As long as you don't blacklist EVERYTHING and only allow certain IPs/sites, there is always a way around the blocks.
Even that can be gotten around, speaking from experience.. haha Time and effort.. ;)
by kevinds
Mon Feb 13, 2023 11:50 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

As long as you don't blacklist EVERYTHING and only allow certain IPs/sites, there is always a way around the blocks. Everything can be gotten around with time and effort.. My primary method is to remove users with traffic that do not have DNS lookups, which would work for the OP and majority of use...
by kevinds
Mon Feb 13, 2023 11:19 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

How is this not on topic? That wasn't a stated requirement in the OP. Otherwise you are being dumb.. User is allowed whatever proxy and VPN they want, but still 'required' to block YouTube? No solution can do that unless internet access overall is white-listed. My network, my rules. If the user want...
by kevinds
Mon Feb 13, 2023 11:10 pm
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 48899

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

The question is, if you connect a 3.3V UART to these pads, does the firmware in the hEX S active them and allow a serial login? Yes.. Same as every RouterBoard with a console port, it is always active. As I said, I used (needed) mine to fix my RB760iGS that was stuck in RouterBoot mode. Works for t...
by kevinds
Mon Feb 13, 2023 10:48 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

So you block everything, not youtube selectively, and continue to be offtopic. No. I *only* block everything if the host continues to use DoH and/or VPN/Proxy services. No one has posted a NON-invasive method on the client device, which selectively blocks youtube ONLY, no matter if the user use VPN...
by kevinds
Mon Feb 13, 2023 7:25 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

puTTY.exe can do this too with an SSH server.

My network, I would notice both (no DNS lookups for the host), and then drop the host's traffic.
by kevinds
Mon Feb 13, 2023 7:21 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

And this is with MikroTik Router? Post your config. My AP (Cisco Aironet) has a checkbox to disallow 'randomized' MACs. PiHole blocks TikTok and YouTube (when desired). RouterOS drops 1.1.1.1, 8.8.4.4, and 8.8.8.8 and individual clients as needed. Plus a few other well-known DoH servers. I look at ...
by kevinds
Mon Feb 13, 2023 7:10 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

What I wrote, does work. Is not correct, on post #2 supposed: no control on user devices You said in Post #2, that it isn't possible.. It is.. If the client devices want internet access, they follow my rules (no VPNs and no DoH).. Internet traffic without DNS lookups, they get null-routed. I have T...
by kevinds
Mon Feb 13, 2023 5:23 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

All this posts, but still valid what is written on post #2... All is useless after that post, no matter what users writes... What I wrote, does work. My network, my rules.. Don't like my rules, you'll find your MAC address(es) blocked. My AP already doesn't allow 'randomized MACs' from connecting.
by kevinds
Mon Feb 13, 2023 12:20 am
Forum: General
Topic: How to block websites for certain ports only
Replies: 6
Views: 339

Re: How to block websites for certain ports only

UDP in your suggestion is not necessary.
Ah, you do not know the quic protocol...
I stand corrected.. ;)
by kevinds
Sun Feb 12, 2023 11:07 pm
Forum: Beginner Basics
Topic: RB2011iL-IN - how to reset to default settings
Replies: 1
Views: 296

Re: RB2011iL-IN - how to reset to default settings

Was the IP address different before you reset it? Was it something other than 192.168.88.1?

My suggestion would be to get a console cable for it (same as Cisco's).
by kevinds
Sun Feb 12, 2023 11:00 pm
Forum: Beginner Basics
Topic: Routing between two subnet without NAT
Replies: 6
Views: 1250

Re: Routing between two subnet without NAT

The issue is resolved after remove the interface from the 'bridge' that's in the default configuration. Once that's done, the ping went through, ..... I agree that it's a router after all, but Mikrotik like to make the nexthop as a 'bridge'. That I don't know why. So that 'out of the box' it works ...
by kevinds
Sun Feb 12, 2023 10:52 pm
Forum: Beginner Basics
Topic: Public IP assignment via L2TP
Replies: 7
Views: 605

Re: Public IP assignment via L2TP

Do you want all traffic to go through the L2TP VPN? Or just some? Having done this, both all traffic and 'some' traffic, I first place I would look is the routing distance set on the routes. For 'all' traffic, set a static route to the CHR to use the Ether1 gateway and remove the Ether1 0.0.0.0/0 ro...
by kevinds
Sun Feb 12, 2023 10:46 pm
Forum: Beginner Basics
Topic: No internet ping on the router, but the devices have ping [SOLVED]
Replies: 4
Views: 413

Re: No internet ping on the router, but the devices have ping [SOLVED]

Using your Mikrotik router, what are you trying to ping?
by kevinds
Sun Feb 12, 2023 9:58 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

I tried every possible way I saw on the Internet but didn't work with me, I would really appreciate your help. Thanks in advance. I accompished the goal by having some control on the clients and Pi-Hole.. Disabled DoH (DNS over HTTPS) and set Pi-Hole to block YouTube. I also have 8.8.8.8 and 8.8.4....
by kevinds
Sun Feb 12, 2023 9:54 pm
Forum: General
Topic: Block Youtube on computers and smartphone apps
Replies: 79
Views: 7897

Re: Block Youtube on computers and smartphone apps

Do you say that you can stop me from browsing where I want without having 100% control of the client? PC/Mobil etc.
How do you block DoH/DoQ/DoT?
You turn it off in the clients.
by kevinds
Sun Feb 12, 2023 9:52 pm
Forum: General
Topic: How to block websites for certain ports only
Replies: 6
Views: 339

Re: How to block websites for certain ports only

I want to block websites for port 2 only, how do I do that? Ok, if "port 2" = ether2, simply drop on firewall filter with two forward rules all traffic to UDP and TCP port 80 and 443 coming from etehr2. This do not disable sites that use nonstandard ports or VPN, etc, but at least ~99% of...
by kevinds
Sun Feb 12, 2023 9:52 pm
Forum: General
Topic: How to block websites for certain ports only
Replies: 6
Views: 339

Re: How to block websites for certain ports only

I want to block websites for port 2 only, how do I do that? Ok, if "port 2" = ether2, simply drop on firewall filter with two forward rules all traffic to UDP and TCP port 80 and 443 coming from etehr2. This do not disable sites that use nonstandard ports or VPN, etc, but at least ~99% of...
by kevinds
Sun Jan 08, 2023 8:27 am
Forum: Virtualization
Topic: CHR Trail Liscence - Wireguard
Replies: 1
Views: 219

Re: CHR Trail Liscence - Wireguard

CHR trial is the same as CHR Licensed.

The only difference is the speed.. Trial is limited to 1 mbps output on an interface.
by kevinds
Wed Jan 04, 2023 9:35 am
Forum: General
Topic: Support RFC3021 /31 Point to Point on any ROS version ?
Replies: 5
Views: 818

Re: Support RFC3021 /31 Point to Point on any ROS version ?

You do not need /30

/32 works with /31 on the remote side.
It may not work if your mentioned firewall is not set up properly and blocks the traffic or incorrectly set up a routing table that does not allow route traffic through the router.
Huh? Why would you use different masks?
by kevinds
Fri Dec 30, 2022 3:39 am
Forum: Beginner Basics
Topic: X86 licensing - linked to anything other than HDD / MB?
Replies: 4
Views: 320

Re: X86 licensing - linked to anything other than HDD / MB?

Given the only tools that can be used to refresh an x86 installation are Netinstall and "the CD-install" - what is the procedure to do so: 1. using Netinstall - how do I use it given there is no reset button to press and hold unlike on RouterBoards? 2. using "the CD-install" - t...
by kevinds
Fri Dec 30, 2022 2:01 am
Forum: Beginner Basics
Topic: X86 licensing - linked to anything other than HDD / MB?
Replies: 4
Views: 320

Re: X86 licensing - linked to anything other than HDD / MB?

License is on the storage only.

If you wipe the storage with any tool other then Mikrotik's reinstall tools, you will lose the license.

My suggestion would be to dedicate a hard drive to this. If you want to use the system for something else in the future, replace the storage drive.
by kevinds
Thu Dec 01, 2022 12:07 am
Forum: RouterBOARD hardware
Topic: what can be used to power the 2-pin terminal of the rb5009?
Replies: 23
Views: 2833

Re: what can be used to power the 2-pin terminal of the rb5009?


Coupled with these DC splitters:
You can also get those as 4+ ports.
by kevinds
Tue Nov 29, 2022 8:41 am
Forum: RouterBOARD hardware
Topic: CCR DC power supply
Replies: 1
Views: 247

Re: CCR DC power supply

Is the -48V DC power supply for CCR's still being made? (PW48V-12V85W) Anyone know where I can get 10 to 12 of them? https://www.wifi-stock.com/details/mikrotik-power-supply-pw48v-12v85w.html Says Expected 40 pcs ~ 2022-12-09 https://www.comms-express.com/products/mikrotik-pw48v-12v85w-12v-7a-open-...
by kevinds
Tue Nov 29, 2022 8:20 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

Which RouterBoot version are you all running?

My affected unit rebooted twice on the 24th, then started frequently rebooting on the 26th.
by kevinds
Mon Nov 28, 2022 11:52 pm
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

Have downgraded to 6.49.7, will see how that goes...
Going to try that tonight.
by kevinds
Mon Nov 28, 2022 9:22 pm
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

Just FYI my CCR1009 was running 7.5 for over a month without issues. I replaced it with a CCR2004, so the 1009 is not currently in use. The only issues I had with 7.x and the CCR1009 were/are: - sd card no longer works - in earlier 7.x version there was a bug with l2tp/ipsec where it would go into ...
by kevinds
Mon Nov 28, 2022 9:17 pm
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

what tool/profile showing?(keep it running)

on logical reason would be, that one of those parameters getting overloaded
Nothing of any significance, was watching it the last time a reboot happened.
by kevinds
Mon Nov 28, 2022 9:11 pm
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

7.4.1 just rebooted on me.

Less than 7.5 and 7.6 but still happening.
Every 30-60 minutes now, sometimes 5-10.
by kevinds
Mon Nov 28, 2022 9:09 pm
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

Any way of getting Mikrotik to look at the supout files to figure out why?
Open a support ticket and include the supout files..?

I just got a response that it might be related to connection tracking.
by kevinds
Mon Nov 28, 2022 8:22 pm
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

7.4.1 seems to be stable for me, I'll update here if it still crash.
7.4.1 just rebooted on me.

Less than 7.5 and 7.6 but still happening.
by kevinds
Mon Nov 28, 2022 5:29 pm
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 48899

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

I'm interested in this, is there a thread where you posted about how you did this? I have an ER-X that I have a Raspberry Pi "debug/console" cable 3.3V TTL connected all the time. It is really useful. The ER-X has header pins soldered in, the hEX S doesn't With MikroTik netinstall, it may...
by kevinds
Mon Nov 28, 2022 10:50 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

I've got the exact same issue on a CCR1009-8G-1S-1S+ that has just started in the last couple of days.

Seems a bit of a coincidence that that three of us have the same issue starting around the same time with similar models??
Indeed..
by kevinds
Mon Nov 28, 2022 8:12 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

i think is too early for netinstall.
what tool/profile showing?(keep it running)

on logical reason would be, that one of those parameters getting overloaded
Netinstall has already been done.
by kevinds
Mon Nov 28, 2022 7:39 am
Forum: RouterBOARD hardware
Topic: what can be used to power the 2-pin terminal of the rb5009?
Replies: 23
Views: 2833

Re: what can be used to power the 2-pin terminal of the rb5009?

sorry for the silly question but what adapter can be used to plug the rb5009 using the 2-pin terminal? are ther any simple dc adpater pluggable to an outlet available?
These?

https://www.te.com/usa-en/product-796634-2.html
by kevinds
Mon Nov 28, 2022 5:42 am
Forum: RouterBOARD hardware
Topic: hAP ax² dual band Wi-Fi 6 (802.11ax)
Replies: 287
Views: 48899

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

And I miss serial console, user's best friend when something goes really wrong. I opened and was thankful to find TTL console headers on the hEX S.. If that hadn't been there, the router would have been bricked.. USB serial didn't work but the TTL points did.. I *needed* to change a setting in the ...
by kevinds
Mon Nov 28, 2022 5:24 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

Trying 7.5 for now. edit #1 : 7.5 crashing, trying 7.4.1 (can't recall what version I had before 7.6). Yes, I did the same, 7.5 still crashed for me too. I had a transparent firewall set on two ports, removed them because the CCR1009 was unstable, the reboots stopped.. Tomorrow will check for blown...
by kevinds
Sun Nov 27, 2022 10:17 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

Update me if it fix it. Been a couple hours and it hasn't rebooted.. First tried restoring a rsc export after the NetInstall, that didn't go well, didn't want to restore the full backup because I didn't want to restore the corruption.. But I did because the rsc import was not good.. Been a couple h...
by kevinds
Sun Nov 27, 2022 7:45 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

I got the exact same problem with my CCR1009-8G-1S-1S+
Wasn't a power supply issue.

Very interesting that you have the same issue... When did yours start?

I sent the supout to support, trying NetInstall now..
by kevinds
Sun Nov 27, 2022 4:24 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

Re: CCR1009 Rebooting

You might want to netinstall the device to make sure there isn't an issue with the flash or the os install. I would also check the capacitors to make sure none are failing. If you have a backup power supply, I would also test that as well.
That mirrors my thoughts.. :)

Cheers
by kevinds
Sun Nov 27, 2022 3:20 am
Forum: RouterBOARD hardware
Topic: CCR1009 Rebooting
Replies: 78
Views: 7186

CCR1009 Rebooting

CCR1009-7G-1C-1S+ v7.6

Seeing this in the logs

router was rebooted without proper shutdown, probably kernel failure

then

kernel failure in previous boot

Any suggestions? Where should I look to get more information?
by kevinds
Sun Nov 27, 2022 1:10 am
Forum: RouterBOARD hardware
Topic: CCR 1009 and SD card
Replies: 11
Views: 10531

Re: CCR 1009 and SD card

Hello
We have a lot of already installed routers CCR 1009
And now we have bought SD cards for this devices
Why?

What is your plan for the cards?

I don't have an answer for you though, my main CCR is still on v6.
by kevinds
Wed Oct 05, 2022 1:45 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

Re: x86 Interfaces Missing

Was able to eventually "see" the LTE device in RouterOS but never got it working..
v7.5 seems to have fixed it.
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
Mine is a different device ID, but it is now working.
by kevinds
Sun Aug 07, 2022 5:47 am
Forum: Beginner Basics
Topic: Why does disabling 'bridge' make it impossible to connect to my router?
Replies: 24
Views: 3547

Re: Why does disabling 'bridge' make it impossible to connect to my router?


Bridge -> Ports -> Delete Ether7

IP -> Addresses -> Add ->

Address: 10.10.10.254
Network: 10.10.10.254 (this is auto generated when you leave it blank)
Interface: ether7-access
This is wrong.
by kevinds
Tue Aug 02, 2022 6:23 pm
Forum: Beginner Basics
Topic: Why does disabling 'bridge' make it impossible to connect to my router?
Replies: 24
Views: 3547

Re: Why does disabling 'bridge' make it impossible to connect to my router?

Okay so you need to create an IP address 10.10.10.254, assign it to the interface Ether7, then statically modify your laptop/PC to be 10.10.10.253/24, and then it will work From what I remember I couldn't connect even with neighbours after disabling the bridge for ethernet ports 2-10, I could be wr...
by kevinds
Tue Aug 02, 2022 5:32 am
Forum: General
Topic: CCR1016 - FAN noise, speed
Replies: 2
Views: 340

Re: CCR1016 - FAN noise, speed

For apparent no reason fans on CCR1016 began to run on high rpm. Top cover was removed to clean the dust and to do visual inspection. It was quickly discovered bulged capacitors, so by replacing them the issue went away. I didn't know that the CCR1016 had variable speed fans. I thought it was just ...
by kevinds
Tue Aug 02, 2022 5:27 am
Forum: General
Topic: All ports link down and link up
Replies: 1
Views: 486

Re: All ports link down and link up

Other than replace the router, and the problems continued, what else have you done/tried? What are the ports connected to? My first thought/guess is that all ports connect to the same switch, and that switch is acting up. All ports drop on the same second and return at the same second.. My first sug...
by kevinds
Tue Aug 02, 2022 4:41 am
Forum: Beginner Basics
Topic: Configuring a network using two RB4011iGS+RM routers which need to communicate via IP radio (two parts) [SOLVED]
Replies: 1
Views: 653

Re: Configuring a network using two RB4011iGS+RM routers which need to communicate via IP radio (two parts) [SOLVED]

Why are you using a duplicate IP in the network?

192.168.100.1 appears on two different routers, sometimes on the same network segment..

What does "IP Radio" mean? Do they function as Layer 1? Layer 2? Or Layer 3?

From your diagram, VLANs don't matter.. Are only access ports used?
by kevinds
Tue Aug 02, 2022 4:31 am
Forum: Beginner Basics
Topic: Why does disabling 'bridge' make it impossible to connect to my router?
Replies: 24
Views: 3547

Re: Why does disabling 'bridge' make it impossible to connect to my router?

To do that you just go to Bridge -> Ports -> Delete Ether7 (for example) , then go to IP -> Addresses -> Create new address -> In the entries, leave 'Network' blank, and fill in 10.10.10.254 for Address, and select Ether7 for the interface. Now, even if I disable the bridge or do anything to the ro...
by kevinds
Wed Jul 27, 2022 10:59 am
Forum: Announcements
Topic: MikroTik Devices Controller
Replies: 250
Views: 157745

Re: MikroTik Devices Controller

The ability for controller and RouterOS to connect when they are both behind (different) NAT networks.

The ability to work on "air-gapped" networks.

See changes made over time.
by kevinds
Sun Jul 24, 2022 12:04 pm
Forum: General
Topic: icmp in mikrotik
Replies: 22
Views: 1906

Re: icmp in mikrotik

Our scenario is that the user can connect to the server from any internet network And the address of the game server is not known The internet doesn't work this way. Order a pizza to be delivered to your home but hide your street address.. Similar situation.. The IP address of the server is answere...
by kevinds
Sat Jul 23, 2022 12:04 pm
Forum: General
Topic: icmp in mikrotik
Replies: 22
Views: 1906

Re: icmp in mikrotik

Why do you want to drop icmp?? Makes no sense.
It is possible that some users do unauthorized things on the server and I am afraid that the data center will raise this issue knowing that the server is online.
Like what exactly?
by kevinds
Sat Jul 23, 2022 11:59 am
Forum: General
Topic: V7 downgrade back to V6
Replies: 13
Views: 4661

Re: V7 downgrade back to V6

I cannot even get the CCR2004-16G to netinstall. holding reset during boot never does anything. Tried on ports Eth1 and Eth16.
Simply does not work.
Use the serial console and the boot menu..

But there is a reason you can't install a lower version that what it came with. Don't try.
by kevinds
Sat Jul 23, 2022 11:54 am
Forum: General
Topic: Best VPN for Mikrotik Router
Replies: 20
Views: 7094

Re: Best VPN for Mikrotik Router

This really only makes sense when done from endpoint devices (like a PC or Phone), but for some reason people want to do that from their router too. Doing it on your router allows you to use the VPN services on devices that don't have their own clients. Also allows the device to be "always&quo...
by kevinds
Sat Jul 23, 2022 11:48 am
Forum: General
Topic: Maybe I'm overthinking.. ?
Replies: 9
Views: 844

Re: Maybe I'm overthinking.. ?

I have a network im building and I have a management vlan just for the switches and another vlan just for the access points. I was pinging in-between the switches.. No admittedly the Mikrotik to Mikrotik pings are perfect. 0ms. but when I ping these Cisco 3750x switches I get pings that are a littl...
by kevinds
Sat Jul 23, 2022 11:44 am
Forum: General
Topic: Internet connection drops for 4-3 second every few moment
Replies: 47
Views: 3526

Re: Internet connection drops for 4-3 second every few moment

I recently went through this because the ISP wouldn't answer DHCP renew requests and was set for 5 minute leases.. After the lease expired, a discover was sent and that was answered immediately. The problem was that because the IP was dropped and then re-issued the masquerade rules would drop all th...
by kevinds
Sat Jul 23, 2022 11:37 am
Forum: General
Topic: disable users to use ping, but allow to be pinged
Replies: 8
Views: 616

Re: disable users to use ping, but allow to be pinged

@tomislav91 why do you want to do this?

Unless you have a really good reason, leave ICMP (including ping) alone.
by kevinds
Sat Jul 23, 2022 11:34 am
Forum: General
Topic: TLS Webfig (www-ssl) PCI DSS compliance - weak ciphers
Replies: 14
Views: 1111

Re: TLS Webfig (www-ssl) PCI DSS compliance - weak ciphers

One of my customers is subject to PCI DSS quarterly vulnerability scans. They sent me a report which enumerates several problems with www-ssl service (Webfig over TLS).
What is doing the scanning and why does it have access to the Mikrotik admin interfaces?
by kevinds
Sat Jul 23, 2022 11:25 am
Forum: General
Topic: Router + dedicated AP = no VLAN isolation
Replies: 19
Views: 1100

Re: Router + dedicated AP = no VLAN isolation

Thank you for your input. From your posts, I understood that - at least for now - I should give up with the subnets and stick to the VLANs. That won't work though.. A VLAN will need at least one subnet to work. If you use the same subnet on multiple VLANs, you are in for a world of hurt.. But multi...
by kevinds
Sat Jul 23, 2022 11:19 am
Forum: General
Topic: Starlink and Mikrotik Router Problem
Replies: 3
Views: 3018

Re: Starlink and Mikrotik Router Problem

Now, though, quite often after I power my setup down for the night (to conserve my boat batteries) and power it up in the morning the DHCP client on Mikrotik WAN interface says "searching", the dishy management interface is inaccessible and it stays like that until I power cycle my set up...
by kevinds
Sat Jul 23, 2022 11:09 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

Re: x86 Interfaces Missing

So to follow up after engaging support..

Only Atheros WiFi chipsets are supported. Intel and Broadcom WiFi do not work.

Was able to eventually "see" the LTE device in RouterOS but never got it working..
by kevinds
Fri Jul 08, 2022 11:39 am
Forum: General
Topic: V7 downgrade back to V6
Replies: 13
Views: 4661

Re: V7 downgrade back to V6

Since you can't install it, what does it matter? Where there is a will, there is a way? lol That is how I know that the license breaks when one installs a version previous to the factory version.. Other people have (found a way to) installed a previous version.. Even if the drivers are there, you s...
by kevinds
Fri Jul 08, 2022 10:23 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

Re: x86 Interfaces Missing

including support only for 32-bit installs (which imposes 2GB RAM limitation) and every time some MT staffer said that users should install CHR to overcome the problems. So in reality, x86 installs were not supported in the last 5 years (or more) even though officially x86 was not discontinued. v7 ...
by kevinds
Fri Jul 08, 2022 10:00 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

Re: x86 Interfaces Missing

Mobile/lte cards are USB peripherals - is there USB lines connected to that mPCIe port? Yes.... WWAN and WLAN both work great in other operating systems. is this still repeatable in v7? if yes - please contact support with supout.rif file. SUP-86589 created v7 is a little different, but it still do...
by kevinds
Fri Jul 08, 2022 9:12 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

Re: x86 Interfaces Missing

Recently VM hypervisors indeed started to support HW pass-through meaning VMs will have to support such hardware natively. With v7 there are better chances to see support for relatively recent hardware, with v6 this was lost case long ago due to hopelessly outdated kernel used (and I guess this was...
by kevinds
Fri Jul 08, 2022 9:00 am
Forum: General
Topic: Cannot access customer's routers through Winbox or SSH [SOLVED]
Replies: 4
Views: 613

Re: Cannot access customer's routers through Winbox or SSH [SOLVED]

I work for an ISP where our customer's CPEs are all MikroTik routers. I have a problem where I cannot log into about 500 of the devices through Winbox or any other means like SSH, or Webfig, for that matter. I am able to access these routers through mac-telnet one at a time. But I need to be able t...
by kevinds
Fri Jul 08, 2022 8:49 am
Forum: General
Topic: V7 downgrade back to V6
Replies: 13
Views: 4661

Re: V7 downgrade back to V6

The license is broken when you install a version older than 'factory version' too.
by kevinds
Fri Jul 08, 2022 8:48 am
Forum: General
Topic: OpenVPN connected but doesn't change IP
Replies: 8
Views: 645

Re: OpenVPN connected but doesn't change IP

Huh? To start with, please provide a diagram with how your network(s?) is/are setup. What IP subnets are you using on each network? You are connecting DHCP and then making an OpenVPN connection, to the same network? You can't ping from a computer, to an IP on the same network? Or a different network...
by kevinds
Fri Jul 08, 2022 8:36 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

Re: x86 Interfaces Missing

Different platform builds of ROS include different drivers. So if you used MC7355 on a MIPSBE or ARM device, it doesn't mean x86 build will include those drivers as well. If true, that is very, very frustrating.. It is listed here for example https://wiki.mikrotik.com/wiki/Manual:Peripherals https:...
by kevinds
Fri Jul 08, 2022 8:33 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

Re: x86 Interfaces Missing

Native x86/64 installation is no longer supported, use CHR to get access to all device drivers.
Huh? Source?

CHR has less hardware drivers than the bare-metal install does..
by kevinds
Fri Jul 08, 2022 1:12 am
Forum: General
Topic: x86 Interfaces Missing
Replies: 15
Views: 889

x86 Interfaces Missing

Howdy, During the last ISP outage here I tried to boot my laptop with RouterOS (x86) to act as a modem, updated to v6.49.6 My two serial ports and 56k modem did show as 'ports', two Intel NICs showed as ether1 and ether2.. WLAN (Broadcom BCM4352HMB) and WWAN (Sierra Wireless MC7355) were missing.. I...
by kevinds
Fri Jul 08, 2022 1:02 am
Forum: RouterBOARD hardware
Topic: CCR1009 and CCR1016
Replies: 2
Views: 545

Re: CCR1009 and CCR1016

I have 3 routers with dead PSU, 2 x CCR1009 and one CCR1016. Seems that the PSUs are the same. All routers are quite old, seems to be same. Where is possible to order the PSU for the first (with one PSU) revisions of the routers? Some vendors have them.. Where are you located? They are usually fixe...
by kevinds
Mon Jun 27, 2022 5:40 am
Forum: Beginner Basics
Topic: Second Layer Port Forwarding
Replies: 16
Views: 1212

Re: Second Layer Port Forwarding

4000XG. I'll look through the instructions for it though
It definitely has a bridge-mode..

No idea if you will need to setup PPPoE or not though. If you do, you will likely need to get the user/pass from CenturyLink.
by kevinds
Sun Jun 26, 2022 11:04 pm
Forum: Beginner Basics
Topic: hEX (RB750Gr3) Serial Console
Replies: 12
Views: 5126

Re: hEX (RB750Gr3) Serial Console

Yeah, it sounds like the USB-Serial on v7 is messy from other threads.

Automatic speed negotiation isn't a feature though... 115200,8n1
by kevinds
Sat Jun 25, 2022 1:21 pm
Forum: Beginner Basics
Topic: Second Layer Port Forwarding
Replies: 16
Views: 1212

Re: Second Layer Port Forwarding

If the ISP is doing NAT (CGNAT) then you will not get a public IP address, (unless the ISP allows for that, mostly payed for, option), and does a specific port-forwarding for your address) Easily recognised because the address you get is in the private ranges. 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0...
by kevinds
Sat Jun 25, 2022 12:42 am
Forum: Beginner Basics
Topic: Need Help to block access to MT from hotspot users
Replies: 6
Views: 626

Re: Need Help to block access to MT from hotspot users

Thank you for the links you have provided. Will definitely have a look on it and hopefully I'll be able to learn and apply them. By the way, when you say Trusted IP and range interface are you referring to the public IP address of my ISP I used to remotely access the MT? Honestly, I only use cellul...
by kevinds
Fri Jun 24, 2022 11:49 pm
Forum: Beginner Basics
Topic: Second Layer Port Forwarding
Replies: 16
Views: 1212

Re: Second Layer Port Forwarding

I don't think I can bridge mode the ISP router. The thing is a kind of limited CenturyLink model with no CLI. At one point I tried to do static assigned DHCP leases to it and wound up bricking it and having to factory reset it, which does not make me confident in my ability to reconfigure it in any...
by kevinds
Fri Jun 24, 2022 3:41 am
Forum: Beginner Basics
Topic: Second Layer Port Forwarding
Replies: 16
Views: 1212

Re: Second Layer Port Forwarding

Re-reading this, I may be understanding it a bit more... Sleep helps too.. ;) I would strongly suggest putting (or finding a way) the ISP's modem/gateway/router onto bridge mode, allowing your Mikrotik to get a public IP. You are trying to port-forward on the ISP's gateway to your Mikrotik? Many NAT...
by kevinds
Wed Jun 22, 2022 4:56 am
Forum: General
Topic: Netinstall and Windows 11
Replies: 20
Views: 2188

Re: Netinstall and Windows 11

You should not default to a position of "MS is wrong, because MS" rather than considering that non-RFC compliant use of UDP and IP is the real problem.
If you are turning off the M$ firewall or allowing a program, and it is still blocked, yes, M$ issue.
by kevinds
Tue Jun 21, 2022 2:06 pm
Forum: General
Topic: Powering hEX S by POE
Replies: 4
Views: 378

Re: Powering hEX S by POE

https://mikrotik.com/product/hex_s

PoE in 802.3af/at
PoE out Passive PoE up to 57V

The RB750Gr3 is passive PoE in.
by kevinds
Tue Jun 21, 2022 1:16 am
Forum: General
Topic: DNS request through wireguard
Replies: 57
Views: 4455

Re: DNS request through wireguard

You can use DoH directly in IP>DNS, don't forget to download the certs and inject that into the router for security. Cert: https://curl.se/ca/cacert.pem i've tried many DoH but all of them block Iran IPs. Are you sure that it isn't your RouterOS not accept the responses from certificate issues?
by kevinds
Tue Jun 21, 2022 1:14 am
Forum: General
Topic: Connectivity to all customers MT's
Replies: 2
Views: 257

Re: Connectivity to all customers MT's

SSTP or L2TP and some routing rules could definitely do this.

Why do you want to connect to their subnet?
by kevinds
Tue Jun 21, 2022 1:12 am
Forum: General
Topic: Why (Not) MikroTik? (Packet Pushers podcast)
Replies: 6
Views: 598

Re: Why (Not) MikroTik? (Packet Pushers podcast)

Because currently you can't upgrade and/or even license a system that doesn't have IPv4 connectivity. The check-for-update and download definitely works over IPv6, not sure about the CHR licensing server though.. This is causing me issues because of a RouterOS broken BGP feature that isn't a featur...
by kevinds
Tue Jun 21, 2022 1:07 am
Forum: General
Topic: Powering hEX S by POE
Replies: 4
Views: 378

Re: Powering hEX S by POE

RB760iGS wants standard, 802.3af PoE..

Then it will work without issue.
by kevinds
Tue Jun 21, 2022 1:04 am
Forum: Beginner Basics
Topic: Second Layer Port Forwarding
Replies: 16
Views: 1212

Re: Second Layer Port Forwarding

This looks like CGNAT.. If so, it won't be possible.
by kevinds
Mon Jun 20, 2022 5:36 pm
Forum: General
Topic: Netinstall and Windows 11
Replies: 20
Views: 2188

Re: Netinstall and Windows 11

No, it has been tested with the Firewall on or off with no change. Transferring data via broadcast storm on a layer-2 network should never be done, and has (less so these days of course with higher bandwidth) the potential to cause network collapse. No, just no. Computer and RouterBoard is the netw...
by kevinds
Mon Jun 20, 2022 9:16 am
Forum: General
Topic: Netinstall and Windows 11
Replies: 20
Views: 2188

Re: Netinstall and Windows 11

So this is a Windows defect, not a Mikrotik one.. use of UDP broadcasts for file transfer is a bad idea. Putting this back on Microsoft for what could be a security improvement to their network stack is not justified as it's not backed by any data. You allow and traffic and it is still being blocke...
by kevinds
Mon Jun 20, 2022 8:16 am
Forum: General
Topic: DNS request through wireguard
Replies: 57
Views: 4455

Re: DNS request through wireguard

What happens if you do a traceroute with the public DNS server IP? I'm interested in the next hop.

This might be a silly question, but did you change the IP stack on the VPS install to allow packet forwarding?
by kevinds
Mon Jun 20, 2022 8:12 am
Forum: General
Topic: Netinstall and Windows 11
Replies: 20
Views: 2188

Re: Netinstall and Windows 11

However I will say that I am seriously pissed at Mikrotik for the way that Netinstall actually works and why it's broken on Windows 11. the system completely fails on Windows 11 because the initial "offer" broadcast packet is send via UDP using Source port 5000 and Destination port 5000, ...
by kevinds
Sun Jun 19, 2022 1:50 am
Forum: General
Topic: DNS request through wireguard
Replies: 57
Views: 4455

Re: DNS request through wireguard

I am actually surprised it works at all with this configuration, as the configuration contains no default route the Mikrotik itself could use without additional settings - the only default route is in routing table WG and nothing tells Mikrotik or clients to use that table. Me too. No NAT rules eit...
by kevinds
Thu Jun 16, 2022 9:45 pm
Forum: General
Topic: Is it possible to upload/download files using the serial console ?
Replies: 8
Views: 981

Re: Is it possible to upload/download files using the serial console ?

I have a dead RouterBoard because I can only transfer RouterBoot using XModem, it won't accept RouterOS using XModem. If you can upload RouterBoot via serial, you should be able to install RouterOS using Netinstall. But if the single Netinstall-capable Ethernet port is dead, it's the end of all hop...
by kevinds
Thu Jun 16, 2022 7:32 pm
Forum: General
Topic: Is it possible to upload/download files using the serial console ?
Replies: 8
Views: 981

Re: Is it possible to upload/download files using the serial console ?

Only way to transfer files over serial is to set up PPP connection over it instead of console. Then you can run IP and winbox or SSH/SFTP over it.
Interesting.. I didn't know this was possible.. May need to try it, just to know that it works and I can say I did it... ;)
by kevinds
Thu Jun 16, 2022 7:31 pm
Forum: General
Topic: Is it possible to upload/download files using the serial console ?
Replies: 8
Views: 981

Re: Is it possible to upload/download files using the serial console ?

nowadays is not only about enabling a feature, is about not creating a security risk with it If someone has access to the console port of your device, you have already lost all security.. I have a dead RouterBoard because I can only transfer RouterBoot using XModem, it won't accept RouterOS using X...
by kevinds
Thu Jun 16, 2022 10:21 am
Forum: General
Topic: static ip vpn through modem not working
Replies: 17
Views: 849

Re: static ip vpn through modem not working

i know this but avoiding it
But does that fix it?
by kevinds
Thu Jun 16, 2022 8:35 am
Forum: General
Topic: static ip vpn through modem not working
Replies: 17
Views: 849

Re: static ip vpn through modem not working

hahah i tire the html hack see the password as text but its encrypted or some isps lock the macaddress of the dialing modem so that any other modem on th line with correct username and password would not dial Certificate sometimes, username and password, usually. MAC address, not really Having stat...
by kevinds
Thu Jun 16, 2022 8:11 am
Forum: General
Topic: static ip vpn through modem not working
Replies: 17
Views: 849

Re: static ip vpn through modem not working

Yes, Different ISP's (both have public , static ip. Can ping them from outside. ok so wan1 has a fiber epon , thats on bridge mode hence it is configured as pppoe in mikrotik and has a static ip from isp, in this vpn connects from outside wan2 has a modem that is not in bridge. this is also epon bu...
by kevinds
Thu Jun 16, 2022 3:55 am
Forum: General
Topic: Help with Loggin topics [SOLVED]
Replies: 2
Views: 546

Re: Help with Loggin topics [SOLVED]

Because they are just "info, system" you can't.. If they were "info, system, route" then you could.. I have a similar complaint about "info, system, ssh" Logging changes that a user makes does seem log worthy though. You can also clear the log completely if you don't wa...
by kevinds
Thu Jun 16, 2022 3:50 am
Forum: General
Topic: How to configure IPv6 Load Balancing? (PCC, multiple ISPs/GUAs)
Replies: 8
Views: 1745

Re: How to configure IPv6 Load Balancing? (PCC, multiple ISPs/GUAs)

instead of mapping the prefix addresses 1-to-1 as it should. Not sure what the best course of action is now tbh. I think I'll probably have to mail about this to support or something? This is currently broken in RouterOS, nothing you can do about it.. Open a ticket to say "Me too", but th...
by kevinds
Thu Jun 16, 2022 3:36 am
Forum: General
Topic: static ip vpn through modem not working
Replies: 17
Views: 849

Re: static ip vpn through modem not working

Your post is not clear.... Please make a diagram with how things are set up and how you want things to work. Are you getting RFC1918 IPs from your ISP? Or are they public IPs you just changing? The WAN2 modem and DMZ configuration throws up a red flag... What is happening and why? You are actually d...
by kevinds
Thu Jun 16, 2022 3:15 am
Forum: General
Topic: Testing v7, no need for ipv6
Replies: 28
Views: 2398

Re: Testing v7, no need for ipv6

Basic tenet of security. Enable what you use, disable what you don't. Every unnecessary function you enable adds potential vulnerability's. IPv6 evangelists aside, the need for IPv6 is dubious at best. For me at least it is absolutely unnecessary. It's less efficient than ipv4. It's more complex th...
by kevinds
Thu Jun 16, 2022 2:48 am
Forum: General
Topic: cant discover mikrotik devices with my laptop [SOLVED]
Replies: 4
Views: 869

Re: cant discover mikrotik devices with my laptop [SOLVED]

Do you have Discovery turned off?
by kevinds
Thu Jun 16, 2022 2:47 am
Forum: General
Topic: Is it possible to upload/download files using the serial console ?
Replies: 8
Views: 981

Re: Is it possible to upload/download files using the serial console ?

Hello, Is it possible to dowload/upload backup files using the serial console port (RJ45 port) ? And if it is possible, how can this be achieved ? Thank you in advance! Only the RouterBoot firmware... Been there, tried that, I was trying reload the entire OS. RouterOS has to come from the Ethernet ...
by kevinds
Thu Jun 16, 2022 2:36 am
Forum: General
Topic: CVE-2020-11881 PATCH [SOLVED]
Replies: 23
Views: 5152

Re: CVE-2020-11881 PATCH [SOLVED]

@millap Did you even read that screenshot? Or do you need some other tool to do that for you? :) @millap your "scan/detection tool" is terrible... It is going show an issue with every 7. release because it says that 7.x is vulnerable. From that screenshot, until RouterOS v8 comes out, it ...
by kevinds
Thu Jun 16, 2022 2:17 am
Forum: General
Topic: Make DNS server to respond to specific IP addresses only and forward rest
Replies: 5
Views: 895

Re: Make DNS server to respond to specific IP addresses only and forward rest

DHCP server is already configured to handout Pi Hole as default dns server - so everything is OK with clients config. But some clients get an domain resolved even if it was already present on blacklist. To put it as shortest as possible: Mikrotik DNS is used by Pi devices only. All other devices ar...
by kevinds
Thu Jun 16, 2022 2:06 am
Forum: General
Topic: DNS request through wireguard
Replies: 57
Views: 4455

Re: DNS request through wireguard

hi, is it possible to route Mikrotik DNS request through Wireguard tunnel (interface)? my ISP block dns port of common DNS servers like 8.8.8.8. i want to Mikrotik resolved dns by sending request to dns servers through Wireguard interface. Thanks If your IP is assigned with DHCP, change the default...
by kevinds
Thu Jun 16, 2022 1:56 am
Forum: General
Topic: DC power jack specs
Replies: 4
Views: 771

Re: DC power jack specs

The standard Mikrotik power supply fits my video camera and switcher. I want to buy spare 12v 3 amp power supplies but need to know the mm specs on the plug. 5.5x2.1mm, this is the most common size for 5v and 12v devices. 5.5x2.5mm is the second most common. My un-scientific numbers from experience...
by kevinds
Thu Jun 16, 2022 1:49 am
Forum: General
Topic: DC power jack specs
Replies: 4
Views: 771

Re: DC power jack specs

i have seen an special situation on rb3011, it has a longer jack to properly reach the internal board
The RB2011 did this too...
by kevinds
Thu Jun 16, 2022 1:44 am
Forum: Beginner Basics
Topic: New router (fresh config), It's working, but barely. Lots of strange behavior
Replies: 9
Views: 808

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

The default MTU size and auto negotiation were specific configurations Verizon told us to make. It's a business fiber link, they sent a configuration email with a /30 address (later changed to /29), an MTU size, as well as speed and duplex of 100 full. They were not talking about an MTU setting.. M...
by kevinds
Tue Jun 14, 2022 7:28 pm
Forum: General
Topic: VPN APPs block on Mikrotik
Replies: 15
Views: 2265

Re: VPN APPs block on Mikrotik

I would just like the rules of networks to be imposed on everyone, even on open networks, in which they are subject to fraud, because of VPN APPs, but I've seen that an NGW is needed for that. When I refer to imposed rules, it would be rules that the user connected to this open network, due to the ...
by kevinds
Tue Jun 14, 2022 7:27 am
Forum: General
Topic: Idea for a new product (Modular router)
Replies: 1
Views: 272

Re: Idea for a new product (Modular router)

In particular an onboard adsl/vdsl modem card would be very disruptive in the market. Plus, with the flexibility of RouterOS, I imagine we could use the adsl/vdsl ports to do a point to point link between 2 remote Mikrotiks where only a phone cable is available.... Mikrotik could make extra money b...
by kevinds
Tue Jun 14, 2022 7:19 am
Forum: General
Topic: 5 email per hour
Replies: 16
Views: 1167

Re: 5 email per hour

hello guys
I have problem with spamhaus, all of my ip blocked in spamhaus
I wanna set rule in firewall to limit 5 Email per hour

how to configuration this rule ?
can you help me ?
Why? How do you figure that will help??

Fix the SPAM problem, or if you are the SPAM problem, stop sending SPAM..
by kevinds
Tue Jun 14, 2022 7:03 am
Forum: General
Topic: Site-to-Site and Client VPN Servers
Replies: 2
Views: 396

Re: Site-to-Site and Client VPN Servers

Hello, I want to setup site-to-site vpn between two routers. I also want these two routers to host client to site VPN servers independently so that external laptops etc can connect to the network. Is this possible? Will there be collisions with the ports because they are expecting incoming vpn clie...
by kevinds
Tue Jun 14, 2022 6:57 am
Forum: General
Topic: VPN APPs block on Mikrotik
Replies: 15
Views: 2265

Re: VPN APPs block on Mikrotik

I'm just trying to improve the security controls in my network. I'm referring to a public HOTSPOT network in this case, where I don't have control of the client's device, but I would like to restrict the network level (protocol) if possible, How will blocking VPNs in any way improve security contro...
by kevinds
Thu Jun 09, 2022 7:45 pm
Forum: General
Topic: Gmail SMTP authentication doesn't work anymore, oauth needed
Replies: 6
Views: 1274

Re: Gmail SMTP authentication doesn't work anymore, oauth needed


EDIT. Ok it now appeared as available after enabling two factor authentication. Seems it may be the solution to this.
Yes, two-factor-authentication is required for app passwords.
by kevinds
Thu Jun 09, 2022 7:37 pm
Forum: Beginner Basics
Topic: script to turn on and off wlan
Replies: 4
Views: 344

Re: script to turn on and off wlan

Could use a firewall rule on the interface to drop traffic during those hours..
by kevinds
Thu Jun 09, 2022 7:35 pm
Forum: Beginner Basics
Topic: script to turn on and off wlan
Replies: 4
Views: 344

Re: script to turn on and off wlan

Could use a simple Queue on the interface that limits the speed to a really, really low number on the interface during those times.
by kevinds
Tue Jun 07, 2022 7:02 pm
Forum: Beginner Basics
Topic: New router (fresh config), It's working, but barely. Lots of strange behavior
Replies: 9
Views: 808

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

The cables are all new, and they've been swapped out for new cables. I don't think it's physical, unless it's the actual router or port. I'm not ruling that out completely, but, I've installed over 100 of these and I don't think I've ever had a failure out of the box. There's a theory that our ISP ...
by kevinds
Tue Jun 07, 2022 2:20 am
Forum: General
Topic: USB to Serial PL2303 RB750Gr3
Replies: 4
Views: 1170

Re: USB to Serial PL2303 RB750Gr3

0x23c3 is not " USB to Serial Bridge Controllers" but is " USB HID to I2C Bridge Controller" From Prolific web: Please be warned that counterfeit (fake) PL-2303HX (Chip Rev A) USB to Serial Controller ICs using Prolific's trademark logo, brandname, and device drivers, were being...
by kevinds
Tue Jun 07, 2022 2:13 am
Forum: General
Topic: Serial to USB - Problem
Replies: 5
Views: 612

Re: Serial to USB - Problem

Please tell me how to fix this!!

The problem exists with ROSv6.49.6 and ROSv7.2.3
Did you reboot the router after connecting the USB-Serial adapter?
by kevinds
Tue Jun 07, 2022 2:10 am
Forum: General
Topic: Serial to USB - Problem
Replies: 5
Views: 612

Re: Serial to USB - Problem

old chips not supported by new drivers Prolific = Avoid at all costs!! Prolific has stopped this now.. FTDI did the same thing for a while too, eventually they stopped. newer chips causing windows driver to BSOD on removal Only if the port was open.. I've had this happen on a few chipsets, not just...
by kevinds
Tue Jun 07, 2022 2:06 am
Forum: Beginner Basics
Topic: Block internet when VPN is lost
Replies: 7
Views: 933

Re: Block internet when VPN is lost

Basically, I am looking for option (VPN or none), no VPN -> no internet traffic
Have the 0.0.0.0/0 route use the VPN as the gateway. Set a static route for the VPN's IP to use the 'normal' gateway.
by kevinds
Tue Jun 07, 2022 2:03 am
Forum: Beginner Basics
Topic: Subnet to ports
Replies: 2
Views: 281

Re: Subnet to ports

From blank.. Create a bridge with all the ports except the one you are connecting to your ISP.. IP - Addresses Add 2.2.2.185/29 to the bridge interface. Assign 1.1.1.82/30 to the interface connected to your ISP. IP - Route 0.0.0.0/0 gateway 1.1.1.81 Add firewall rules as desired, but the above will ...
by kevinds
Tue Jun 07, 2022 1:52 am
Forum: Beginner Basics
Topic: New router (fresh config), It's working, but barely. Lots of strange behavior
Replies: 9
Views: 808

Re: New router (fresh config), It's working, but barely. Lots of strange behavior

There's also duplex and auto negotiation errors in the log sporadically.
Check layer 1 first...

My suggestion is to replace all of the network cables as a first step.

Duplex and auto-negotiation errors screams hardware issue.. Defective cables or defective devices.
by kevinds
Tue Jun 07, 2022 1:47 am
Forum: Beginner Basics
Topic: ntp-client status waiting [SOLVED]
Replies: 10
Views: 1868

Re: ntp-client status waiting [SOLVED]

Try turning the NTP client off (uncheck Enabled), Hit Ok, then go back and turn it back on...

I had this recently on one of mine and that fixed it.
by kevinds
Sun Jun 05, 2022 12:42 pm
Forum: Beginner Basics
Topic: IP Range Extend
Replies: 13
Views: 1451

Re: IP Range Extend

Ok I understand about the pools. On Firewall NAT what rule would exactly should be customize?

Regards.
The mascaraed rule.. Default was 192.168.88.0/24? Would need to be adjusted to /23 as well.
by kevinds
Sun Jun 05, 2022 10:58 am
Forum: Beginner Basics
Topic: IP Range Extend
Replies: 13
Views: 1451

Re: IP Range Extend

Thank you for your responses. I have done everything correct is working. But only one issue I have, when a device is new get a lease 192.168.0.255 is not having internet connection. How to disable the .255 to not forward this lease. Also on IP Pool what is the correct scenario? To extend the IP ran...
by kevinds
Fri Jun 03, 2022 1:58 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Adding more lists just for learning purposes, which one is duplicated?
Most of your blocklist.de entries. Not sure of your other lists though.
by kevinds
Thu Jun 02, 2022 5:38 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Apologies for another dumb question, looking and found some great IP lists, Darklist.de, Greensnow.co and Snort are returning an error, any idea why? Here are the ones found; What error? You are missing some required variables. Why are you adding so many IP lists? Especially ones that duplicate eac...
by kevinds
Thu Jun 02, 2022 12:06 am
Forum: General
Topic: What is the best wayside/IP console/backdoor access method? [SOLVED]
Replies: 6
Views: 868

Re: What is the best wayside/IP console/backdoor access method? [SOLVED]

I get your sentiment, but if one has to go to such lengths, why are we using Mikrotik again? I already spent more than a grand on each of these routers and have been using Mikrotik for two decades at this point. The whole point of the Mikrotik platform is supposed to be its power for customization,...
by kevinds
Wed Jun 01, 2022 11:52 pm
Forum: General
Topic: What is the best wayside/IP console/backdoor access method? [SOLVED]
Replies: 6
Views: 868

Re: What is the best wayside/IP console/backdoor access method? [SOLVED]

These are nearly top of the line routers, I feel like there should be a way to do this without extra hardware. In the case of the datacentre end, I pay for extra U. Keeping this in the single U will save me a multiple of cost. Does paying double, just for backup access make so much sense? OOB (out ...
by kevinds
Wed Jun 01, 2022 11:17 pm
Forum: General
Topic: What is the best wayside/IP console/backdoor access method? [SOLVED]
Replies: 6
Views: 868

Re: What is the best wayside/IP console/backdoor access method? [SOLVED]

I have a CCR1036 with a full out 10gb/s fibre gateway. I also have a cable modem connection plugged into it that I want to use for when SHTF so I can still winbox or ssh into the router when the main gateway is having a bad day. I just want the extra cable Internet connection to let me backdoor adm...
by kevinds
Wed Jun 01, 2022 10:54 pm
Forum: General
Topic: Help With Ont And Mikrotik
Replies: 3
Views: 381

Re: Help With Ont And Mikrotik

The data suplied from my ISP is this: login: XXXXXX password: XXXXXXX VPI / VCI: 8 / 35 protocollo: PPPoE encapsulation: LLC ip statici: 11.12.13.22/32 DNS primario: 46.31.104.208 DNS secondario: 46.31.104.209 VPI / VCI: 8 / 35 Those are DSL settings, not fibre.. Otherwise.. https://wiki.mikrotik.c...
by kevinds
Wed Jun 01, 2022 10:33 pm
Forum: Beginner Basics
Topic: IP Range Extend
Replies: 13
Views: 1451

Re: IP Range Extend

You need to make more changes..

IP Addresses and Firewall for example.
by kevinds
Wed Jun 01, 2022 10:25 pm
Forum: Beginner Basics
Topic: BGP aggregation on OS 6.49.6
Replies: 2
Views: 341

Re: BGP aggregation on OS 6.49.6

I have a BGP session with a C class that needs to be broken down into a /25 and two /26 as a static route to 3 other routers (the BGP router simply distributes) Now if I establish the BGP with a single /24 static route to one router all works great Up to this point, everything was good.. Go back to...
by kevinds
Tue May 31, 2022 9:23 pm
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

I don't care about SSH attempts.. I would be happy to not log them at all.. Unfortunately failed SSH logs don't use the SSH "topic".. May be a bug... for ignore completly SSH: from: :foreach rlog in=[find where message~"((25[0-5]|(2[0-4]|[01]\?[0-9]\?)[0-9])\\.){3}(25[0-5]|(2[0-4]|[0...
by kevinds
Mon May 30, 2022 1:11 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

delimiter=("\n") seems to be mandatory also on your updated version of the script, correct? No, just sometimes the correct delimiter isn't detected properly. Just like sometimes there is a URL about the list as the first line of the file and the script detects it as a list of FQDNs rather...
by kevinds
Thu May 26, 2022 6:13 pm
Forum: General
Topic: I can not join computers to the domain by VPN
Replies: 6
Views: 890

Re: I can not join computers to the domain by VPN


Thanks for your answer!, i have that configuration on my topology, but, my DNS server on remotes sites prefers the other DNS server and no take information from my principal DNS server,
Then then fix/correct your DNS server config.
by kevinds
Wed May 25, 2022 9:31 pm
Forum: General
Topic: Unknown IP address on ether1
Replies: 39
Views: 2872

Re: Unknown IP address on ether1

It’s not supposed to be a static ip it’s supposed to be dhcp
IP-Addresses and delete the ether1 IP(s).

IP-Route Delete the 0.0.0.0/0 ones.

IP-DHCPClient - + symbol, select ether1 in the dropdown, check for DNS, check for Add/Use Default Gateway

Ok

Done
by kevinds
Wed May 25, 2022 8:16 pm
Forum: General
Topic: [FEATURE REQUEST] Two Factor Authentication
Replies: 46
Views: 27478

Re: [FEATURE REQUEST] Two Factor Authentication

This is great news. I installed user manager and setup a radius user with the otp code but I can't seem to find a way to authenticate. Is winbox and the web interface still in the works to prompt for the otp code? Any eta? Your RADIUS client would need to prompt for the TOTP before sending it to th...
by kevinds
Wed May 25, 2022 8:10 pm
Forum: General
Topic: I can not join computers to the domain by VPN
Replies: 6
Views: 890

Re: I can not join computers to the domain by VPN

Do you are just having DNS issues?

Setup a local recursive DNS server at the remote sites that forwards (or as a slave) the internal domain to the DNS server at the 'main office' and all other requests to the DNS server of your choice.

Then point all local hosts to use this DNS server.
by kevinds
Wed May 25, 2022 7:50 pm
Forum: General
Topic: Remotely Access Static IP without DHCP
Replies: 1
Views: 223

Re: Remotely Access Static IP without DHCP

How will I make devices on bridge 2 accessible remotely over L2TP without adding a DHCP server for bridge 2?
Static IPs?

Which devices? The clients? Or the radios?

Your post really doesn't make sense..

If you want to access the clients, use the IP from the PPPoE connections?
by kevinds
Wed May 25, 2022 5:57 pm
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

Remember asyncronous ":execute"...
Nice. Thank you.
by kevinds
Wed May 25, 2022 3:15 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

Leaving open SSH you say to the world "Hey, I have SSH open, try to guess username and password, is free!!!"... Go for it, I don't care, they are not getting in. Normal systems have the PasswordAuthentication No parameter set.. So those systems disconnect without even offering the "P...
by kevinds
Wed May 25, 2022 3:06 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

About the script, a best practice is to not run another job for same script, but at least wait the end, or leave the script auto-call himself at the end... Interesting.. Put it in the startup scheduler and then have the script call itself at the end.. If I have the last command as 'system script ru...
by kevinds
Wed May 25, 2022 2:55 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

Yes, if SSH is used for RouterBOARD remote management, close SSH and use VPN. If SSH is used inside the network, drop all SSH traffic on RAW, regardless if someone try to login or not, and allow only secure source IPs (or again, use VPN) or put that IP on whitelist for x hours after correct port kn...
by kevinds
Wed May 25, 2022 2:43 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

I have already maded one similar script, I just need to modify it to do what required from OP: Is there any way to increase the efficiency of this script? It is taking well over two minutes to execute with just DHCP entries.. I logged a firewall drop rule and it created 30-40 entries and the script...
by kevinds
Tue May 24, 2022 7:08 am
Forum: General
Topic: Unknown IP address on ether1
Replies: 39
Views: 2872

Re: Unknown IP address on ether1

All I did was update software why would that change configuration Bug in the beta maybe.. Beta versions, expect bugs... Did you backup the configuration before you updated? Otherwise, you need to find out from your ISP what kind of IP you need to use.. I suspect DHCP, but there is/was a static IP s...
by kevinds
Tue May 24, 2022 5:34 am
Forum: General
Topic: /24 subnet
Replies: 3
Views: 605

Re: /24 subnet

ok what need to be done is the core router has a /24 that will go over a private fiber (rented form comcast ) to the office that is 50 miles around. The 2 office needs to use the /24 for servers there. what is the best way of doing this still Vpls? Use an RFC1918 /30 network, route the /24 to the o...
by kevinds
Tue May 24, 2022 5:26 am
Forum: General
Topic: Unknown IP address on ether1
Replies: 39
Views: 2872

Re: Unknown IP address on ether1

How do I enable dhcp client
IP-DHCP Client

Is that what you are supposed to use?
by kevinds
Tue May 24, 2022 5:24 am
Forum: Beginner Basics
Topic: NTP server
Replies: 5
Views: 1606

Re: NTP server

This is what I am using at home:
This doesn't help the OP because they have three servers to pick from in a drop-down to pick from.
by kevinds
Tue May 24, 2022 5:13 am
Forum: General
Topic: Unknown IP address on ether1
Replies: 39
Views: 2872

Re: Unknown IP address on ether1

How do I do this?
First, contact your ISP and find out what it is *supposed* to be.

DHCP?

Static IP? Ask (confirm) what IP you should be using, along with the subnet mask, and gateway.

Or Other?
by kevinds
Tue May 24, 2022 5:04 am
Forum: Beginner Basics
Topic: VPN Access in Quick Set leaves ESP traffic filtered
Replies: 1
Views: 303

Re: VPN Access in Quick Set leaves ESP traffic filtered

My suggestion is not to use QuickSet.. It helps but doesn't set all the configuration that it should.
by kevinds
Tue May 24, 2022 5:01 am
Forum: Beginner Basics
Topic: NTP server
Replies: 5
Views: 1606

Re: NTP server

Will it accept a NTP server from a DHCP request?

Otherwise a DNS server to answer one of the options with the local IP.
by kevinds
Mon May 23, 2022 11:37 pm
Forum: General
Topic: CCR2004-16G-2S+PC + POE-IN usage
Replies: 8
Views: 1843

Re: CCR2004-16G-2S+PC + POE-IN usage

Once the router is back, run a script on the switch disabling all client switch ports and reenabling them after some seconds. The link down/up will trigger DHCP renewal for wired clients. On a MT switch running ROS, this can be automated using a startup script with a proper delay for the router to ...
by kevinds
Mon May 23, 2022 10:52 pm
Forum: General
Topic: can I make interactive script?
Replies: 8
Views: 1185

Re: can I make interactive script?

Probably, my supposition, for autoconfig script, that once executed (on interactive terminal, obviously)
ask for SSID, passwords, RouterOS users names and passwords, IP???, etc.
So a replacement for Quick-Set?
by kevinds
Mon May 23, 2022 10:44 pm
Forum: General
Topic: Low 10GbE transfer speeds after replacing old router with MikroTik hAP ac3
Replies: 32
Views: 1595

Re: Low 10GbE transfer speeds after replacing old router with MikroTik hAP ac3

How much 'custom' configuration do you have on your network? Firewall rules, VLANs? Static IPs? Being that you upgraded from a very old version to the newest.. I wonder if there are some issues hiding.. Consider resetting everything to defaults and seeing what happens? But to confirm, you workstatio...
by kevinds
Mon May 23, 2022 10:22 pm
Forum: General
Topic: Low 10GbE transfer speeds after replacing old router with MikroTik hAP ac3
Replies: 32
Views: 1595

Re: Low 10GbE transfer speeds after replacing old router with MikroTik hAP ac3

Yes, both should be 10Gbps interfaces, as mentioned above, they worked fine giving me 700-800MBps speeds, now its much slower. If I disconnect everything from router and connect NAS with workstation directly using one cable, im getting speeds "from before". 700-800 mbps on 10 gbps interfa...
by kevinds
Mon May 23, 2022 10:18 pm
Forum: General
Topic: can I make interactive script?
Replies: 8
Views: 1185

Re: can I make interactive script?

hello ,
can I make an interactive script where I waiting for replay and then save it?
*if* you could, what would you want it to do?

Basically, why do you want to?
by kevinds
Mon May 23, 2022 10:14 pm
Forum: General
Topic: Hex S or hAP ac3
Replies: 4
Views: 691

Re: Hex S or hAP ac3

Does the hAP ac2 has better switching chips, processor bus etc. ? I mean the model RBD52G-5HACD2HND-TC. The hAP ac x models that I've use seem to run hot.. Hotter than I was comfortable with for long-term use anyways.. https://mikrotik.com/product/hex_s#fndtn-testresults https://mikrotik.com/produc...
by kevinds
Mon May 23, 2022 10:07 pm
Forum: General
Topic: IPv6 Support? When actually?
Replies: 2
Views: 309

Re: IPv6 Support? When actually?

Why, oh why is the local address a consecutive number that is so hard to manipulate or change?? fe80::14/64 fe80::15/64 for some reason fe80::21/64 has been a pain in the a** for me, another mikrotik also loves to use it as a local address on a vpn, i do not know how to tell them "please, not,...
by kevinds
Mon May 23, 2022 10:01 pm
Forum: General
Topic: CCR2004-16G-2S+PC + POE-IN usage
Replies: 8
Views: 1843

Re: CCR2004-16G-2S+PC + POE-IN usage

The CCR2004-16G-2S+PC has 2 SFP+ ports and 1 POE-In ports and I am wondering how to use it. I was thinking to use a POE switch and connecting one SFP+ port to the router sfp+port and 1 1G port to the switch to power it. Would it work though? Is this the expected usage? I do NOT recommend you run yo...
by kevinds
Mon May 23, 2022 9:50 pm
Forum: General
Topic: Unable to open a particular website
Replies: 9
Views: 873

Re: Unable to open a particular website

Hello friends, Recently i have joined in one ISP. there i have faced a issue that is unable to open a particular site. i have contacted site admin and they replied there is no blocking from their side. when i try to open im getting "403 forbidden" i have tried with src-nat to another publ...
by kevinds
Mon May 23, 2022 9:37 pm
Forum: General
Topic: Connecting 2 Lans ,each LAN with its own DHCP server on RB2011
Replies: 2
Views: 294

Re: Connecting 2 Lans ,each LAN with its own DHCP server on RB2011

This isn't going to work.. LAN2's network is in use by LAN1.. LAN1 will never route traffic to LAN2 because it is already 'local' to LAN1. Your routing needs to be done on the two 2911 routers. What is the purpose of the RB2011 and why it is also labelled as a 1941? I have the two ports on bridge mo...
by kevinds
Mon May 23, 2022 9:30 pm
Forum: General
Topic: Have internet, but switch will not update.
Replies: 3
Views: 293

Re: Have internet, but switch will not update.

Check the Mikrotik's DHCP client for a setting about Use DNS..
by kevinds
Mon May 23, 2022 9:16 pm
Forum: General
Topic: SIP Issues
Replies: 38
Views: 3025

Re: SIP Issues

Mikrotik does have a SIP-ALG that you likely want to disable.. IP - Firewall - Service Ports If just your SIP phone/ATA is behind your Mikrotik router, change your SIP device's "local SIP port" ran into this with one site a couple weeks ago. SIP-ALG had no effect, changing the local SIP po...
by kevinds
Mon May 23, 2022 9:05 pm
Forum: Beginner Basics
Topic: Why so hard to give friendly name to a client?
Replies: 26
Views: 4692

Re: Why so hard to give friendly name to a client?

In most Routers/Firewalls/HotSpots I have used, there is some very simple & consistent method of giving a friendly/memorable name to a client, As a RouterOS newbie I really struggle with the lack of a consistent approach to this - for example in DHCP Server I can add a 'Comment' to give a frien...
by kevinds
Mon May 23, 2022 8:58 pm
Forum: Beginner Basics
Topic: How to get access to banned sites?
Replies: 13
Views: 1367

Re: How to get access to banned sites?

I saw that VPN connection speed of my Mikrotik client is very very slow. If I connect to VPN server from my PC VPN connection speed is normal. And all banned sites open. Maybe this is the reason?
VPN on Mikrotik can be very, very slow depending on the settings used, something for you to fix..
by kevinds
Mon May 23, 2022 8:55 pm
Forum: Beginner Basics
Topic: NTP stuck on Waiting....
Replies: 76
Views: 14609

Re: NTP stuck on Waiting....

I had this a couple days ago with a restored CHR (re-installed CHR and then restored my backup).

What I did to fix it... Disabled the NTP client, then re-enabled it.. It synced in a second or two after that. I had a time server entered.

Does appear to be a bug..
by kevinds
Mon May 16, 2022 1:31 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 20
Views: 16043

Re: Feature Request : Browser on Winbox

It would be very helpfull to have a web Browser on Winbox, that way I can manage lots of my equipment on private Ip from remote connections without vpn'ing ... Gino You shouldn't have the Winbox port open to the web in the first place... There are many other ways to accomplish what you are trying t...
by kevinds
Mon May 16, 2022 1:27 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 20
Views: 16043

Re:

The point is that we assing all our infrastructure equipment private ip's (192.168.xxx.xxx), thus if im outside my network I cant acces this gear without a VPN into my network. Sometimes we need to do some quick change on the network and it woulb be a great tool to be able to do it from any pc with...
by kevinds
Mon May 16, 2022 1:24 am
Forum: General
Topic: Slow internet speed in Mikrotik 2011 behind FritzBox 7590
Replies: 4
Views: 657

Re: Slow internet speed in Mikrotik 2011 behind FritzBox 7590

Fastpath will help a LOT but I doubt that a RB2011 will be able to do NAT at 250 mbps..

After 125-150 mbps depending on the router's configuration, it simply didn't have enough power to do the job..
by kevinds
Mon May 16, 2022 1:19 am
Forum: General
Topic: USB over IP
Replies: 10
Views: 1860

Re: USB over IP

What USB devices are you wanting to do this with?
by kevinds
Mon May 16, 2022 1:16 am
Forum: Beginner Basics
Topic: Dont know how to port forward correctly.
Replies: 3
Views: 498

Re: Dont know how to port forward correctly.

Do you have an internet service with a 'real public IP' that would allow you to port-forward? Or are you double-NAT'd already?

I'm going to guess that you have already tried because you said 'dont know how to correctly' but if your ISP doesn't allow incoming connections (CGNAT) it will never work.
by kevinds
Mon May 16, 2022 1:13 am
Forum: Beginner Basics
Topic: how to hide Mikrotik from ISP [SOLVED]
Replies: 10
Views: 2115

Re: how to hide Mikrotik from ISP [SOLVED]

What do *you* mean by hide Mikrotik from ISP?

I thought those proposed drop rules were already there by default..
by kevinds
Mon May 16, 2022 1:11 am
Forum: Beginner Basics
Topic: NTP protocol Is Blocked by ISP [SOLVED]
Replies: 47
Views: 5279

Re: NTP protocol Is Blocked by ISP [SOLVED]

Which means that one needs another device to serve as (poor accuracy) NTP server ... not sure if a raspberry pi would do (does it have RTC?). No, but they are simple and cheap to add.. Adding a GNSS module instead of an RTC would provide very accurate time, and could then serve time for the network..
by kevinds
Mon May 16, 2022 1:06 am
Forum: Beginner Basics
Topic: Route public /24 ip block to clients and no nat
Replies: 3
Views: 482

Re: Route public /24 ip block to clients and no nat

we would like to know how we can distribute our /24 block example 1.1.1.1/24 to our clients with NO nat
DHCP?

Question though.. Is your ISP advertising your /24 and routing it to you?
by kevinds
Sun May 15, 2022 11:18 pm
Forum: Scripting
Topic: Write to a .txt file
Replies: 5
Views: 1131

Re: Write to a .txt file

This is the 'checkIP' script that I use, scheduled to run every 5 minutes. :global actualIP; :local newIP [/ip address get [find interface="ether1"] address]; :if ($newIP != $actualIP) do={ :put "ip address $actualIP changed to $newIP"; :set actualIP $newIP; /system script run TH...
by kevinds
Sun May 15, 2022 9:51 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Can the 'type' be set on line with the URL too? # set posix depending of type of data used in the list :if ($sline ~ $ipv4Posix) do={:set $posix $ipv4Posix; :set $iden "List identified as a IPv4 list"} :if ($sline ~ $ipv4rangePosix) do={:set $posix $ipv4rangePosix; :set $iden "List id...
by kevinds
Sun May 15, 2022 9:31 pm
Forum: Scripting
Topic: help me please .. how to limit users according to amount of download
Replies: 3
Views: 725

Re: help me please .. how to limit users according to amount of download

Not directly related to your issue but something I noticed.. :for i from=1 to= 254 do={ What is the IP of your router? Is it in the 10.10.10.0/24 network? Or Is your network a /23 or larger? You likely don't want your router's IP in the script's range. Second thing I see is that if users have admin ...
by kevinds
Tue May 10, 2022 2:01 am
Forum: Beginner Basics
Topic: NTP protocol Is Blocked by ISP [SOLVED]
Replies: 47
Views: 5279

Re: NTP protocol Is Blocked by ISP [SOLVED]

That fits into the crazy department - they don't provide a service that damn near everyone uses, and then block any attempt to use any one of the many available public NTP servers.
Yeah.. It doesn't make sense...

Which ISP?

If it is true, setting up your own isn't complicated..
by kevinds
Tue May 10, 2022 1:44 am
Forum: Beginner Basics
Topic: How to properly enable UPnP ? [SOLVED]
Replies: 12
Views: 2054

Re: How to properly enable UPnP ? [SOLVED]

Thanks, that makes a lot more sense. Could this be a temporary problem because of the new 5G (5G NSA) network development that might be fixed in the future? Or is this how simply 4G/5G networks work, with additional NAT on ISP side? I've seen this for many, many years... Even 3G networks.. CGNAT un...
by kevinds
Thu May 05, 2022 9:37 pm
Forum: Forwarding Protocols
Topic: BGP Multi Peer at same ISP
Replies: 2
Views: 691

Re: BGP Multi Peer at same ISP

Should I simply setup 2x BGP connections, 1 to each address and somehow prioritise their usage?
Yes. Personally, I wouldn't bother with prioritizing, make connections to both, their network should do that part.
by kevinds
Wed May 04, 2022 8:15 am
Forum: General
Topic: VoIP calls not reaching from satellite to satellite
Replies: 10
Views: 749

Re: VoIP calls not reaching from satellite to satellite

Sindy, please see info on slack. I am unable to ping from Satellite to Satellite. I will have to confirm if calls go thru server. I will post tomorrow. Thanks! Calls go through the server for signalling but use an invite/re-invite system for the media (audio) to go directly between the phones. Beca...
by kevinds
Wed May 04, 2022 3:38 am
Forum: General
Topic: VoIP calls not reaching from satellite to satellite
Replies: 10
Views: 749

Re: VoIP calls not reaching from satellite to satellite

We are able to call the central office from any of the satellites and vice/versa but are unable to call satellite to satellite. This becomes a different issue... The satellites can ring each other but no Audio. We dial an extension so the call manager is located at the CO. SIP signalling (TCP or UD...
by kevinds
Wed May 04, 2022 2:47 am
Forum: Beginner Basics
Topic: Connect to L2TP/IPSec VPN server from iPhone
Replies: 10
Views: 2449

Re: Connect to L2TP/IPSec VPN server from iPhone

I asked for a screen shot of what the Secret prompt looks like, Will you please also post what it looks like when you tap secret.. iOS' PSK vs x.509 prompts.. You said it is just On/Off.. YVW. thats an ON and OFF option it works with RSA no password. I guess just a handshake. So I responded with So ...
by kevinds
Wed May 04, 2022 2:39 am
Forum: Beginner Basics
Topic: Connect to L2TP/IPSec VPN server from iPhone
Replies: 10
Views: 2449

Re: Connect to L2TP/IPSec VPN server from iPhone

The "secret" refers to PSK.
But you said,
YVW. thats an ON and OFF option it works with RSA no password. I guess just a handshake.
So now I am very confused..
by kevinds
Wed May 04, 2022 2:31 am
Forum: Beginner Basics
Topic: Connect to L2TP/IPSec VPN server from iPhone
Replies: 10
Views: 2449

Re: Connect to L2TP/IPSec VPN server from iPhone

YVW. thats an ON and OFF option it works with RSA no password. I guess just a handshake.
So where do you put the IPSec secret?
by kevinds
Wed May 04, 2022 1:45 am
Forum: Beginner Basics
Topic: Connect to L2TP/IPSec VPN server from iPhone
Replies: 10
Views: 2449

Re: Connect to L2TP/IPSec VPN server from iPhone

Thank you..

Seems obvious where to put the password and PSK secret

Will you please also post what it looks like when you tap secret.. iOS' PSK vs x.509 prompts..
by kevinds
Wed May 04, 2022 12:27 am
Forum: Beginner Basics
Topic: Connect to L2TP/IPSec VPN server from iPhone
Replies: 10
Views: 2449

Re: Connect to L2TP/IPSec VPN server from iPhone

I don't know for sure, but I sent this to a user, because I have no Apple devices to test/confirm with, and I didn't hear back after..

https://campus.barracuda.com/product/ne ... entication
by kevinds
Wed May 04, 2022 12:22 am
Forum: Beginner Basics
Topic: NTP protocol Is Blocked by ISP [SOLVED]
Replies: 47
Views: 5279

Re: NTP protocol Is Blocked by ISP [SOLVED]

There must be practical limits on the length of the GPS antenna's coax cable back to the receiver. Parasitic dB losses, interference, etc. Coupled with the short maximum practical length of USB cables, there are buildings where you can't even get out to a nearby wall with a USB GPS clock. Not reall...
by kevinds
Thu Apr 28, 2022 12:45 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

Thank you for the script. I have tested and works great, but there is a trouble. When a remove a blacklist entry, at the next script run it will put again the blacklist entry. How to avoid this? You create a second address list with your address to white-list with a rule that is accepted, before th...
by kevinds
Wed Apr 27, 2022 3:44 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

I have already maded one similar script, I just need to modify it to do what required from OP: https://forum.mikrotik.com/viewtopic.php?p=917307#p917428 I knew I saw it somewhere in the past, couldn't find it again. Thank you rextended!! *offers digital drink* :if ([:len [/user find where name=$use...
by kevinds
Wed Apr 27, 2022 1:32 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

Why? Because Wor6Eqs2FWqA then probably is the PASSWORD for a user known in the system. And because log information could become available to others more easily than you would desire (e.g. when an external log server is used, or when critical messages are picked up by a monitoring system and sent a...
by kevinds
Wed Apr 27, 2022 1:17 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

I prefer a script that will put in a blacklist all the usernames login attempts (more than 3 attempts) that are not users of the system.
I'd rather blacklist/drop on the first attempt of using a wrong username, but that is the idea..
by kevinds
Mon Apr 25, 2022 2:23 pm
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

I am not sure if the message that are logged are different if its wrong user or wrong password.
They are not logged differently. That would make this too easy.. ;)
Login failure for user x from a.b.c.d via service" 
by kevinds
Mon Apr 25, 2022 6:01 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

When testing my default script I got this message: failure: closing connection: <301 Moved Permanently "https:// view.sentinel.turris .cz/greylist-data/"> 217.31.192.69:443 (5) so I have adapt the URL in my script. This because RouterOS is not following 301 redirects. Yeah, that was where...
by kevinds
Mon Apr 25, 2022 2:43 am
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 48
Views: 6975

Re: Can a script be created if a wrong login name is used

# Add user who tries wrong user or password to address-list What if I don't care about wrong passwords? Only wrong usernames? I'm thinking an if-then else-then? Supplying a list of usernames, or fetching the list of users from /system/users, if matches a username, do nothing, else add IP? But only ...
by kevinds
Sat Apr 23, 2022 9:00 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I read this: https://project.turris.cz/en/greylist/ And look at the dates of the files: https://project.turris.cz/greylist-data/ Is Turris then support wrong on this? https://view.sentinel.turris.cz/greylist-data/archive/2022/ Shows a new file everyday :) $update url=https://lists.blocklist.de/list...
by kevinds
Mon Apr 18, 2022 2:19 pm
Forum: General
Topic: S-31DLC20D on RB-760iGS RX Lose
Replies: 10
Views: 828

Re: S-31DLC20D on RB-760iGS RX Lose

LC-LC duplex single mode cables ... bright yellow color. https://www.tokopedia.com/bb20/patch-cord-lc-lc-1-m-duplex-single-mode Yes, the TX is there but no Rx (-40 dB and RX lose ticked).. Did you get all of them at the same time, from the same supplier? Do you have any from an alternate supplier? ...
by kevinds
Mon Apr 18, 2022 10:35 am
Forum: General
Topic: S-31DLC20D on RB-760iGS RX Lose
Replies: 10
Views: 828

Re: S-31DLC20D on RB-760iGS RX Lose

I don't see any light coming out of the SFP ports as I would expect from a fiber device. Is the light "that weak" that it is not "visible" enough by eye? No, human eyes can't see the single-mode wavelength. Some can see the 850 nm multi-mode light though. Try a cell phone camera...
by kevinds
Sun Apr 17, 2022 2:43 pm
Forum: General
Topic: S-31DLC20D on RB-760iGS RX Lose
Replies: 10
Views: 828

Re: S-31DLC20D on RB-760iGS RX Lose

I just got 2 sets of RB-760iGS with S-31DLC20D and connected them with a short 1m LC/LC duplex patch cord. The SFP is detected, but no-link is ever established. Have tried changing SFP modules and patch cords to new ones, no luck. 1. Does the SFP have polarity? Should I cross connect the patch cord...
by kevinds
Sat Apr 16, 2022 7:36 am
Forum: General
Topic: Gigabit ethernet port becomes fast ethernet port [SOLVED]
Replies: 15
Views: 2704

Re: Gigabit ethernet port becomes fast ethernet port [SOLVED]

It's only interesting when you don't have to face it.
Putting a switch between the printer and router would fix it..

I have small gigabit switches I can't even give away.. So yeah, seems like a $5 fix..

The bug itself is interesting..
by kevinds
Sat Apr 16, 2022 7:29 am
Forum: General
Topic: Gigabit ethernet port becomes fast ethernet port [SOLVED]
Replies: 15
Views: 2704

Re: Gigabit ethernet port becomes fast ethernet port [SOLVED]

Seriously, you gotta ask that? :))
Yes, I try and assume nothing..

Overall, interesting bug...
by kevinds
Sat Apr 16, 2022 7:21 am
Forum: General
Topic: Gigabit ethernet port becomes fast ethernet port [SOLVED]
Replies: 15
Views: 2704

Re: Gigabit ethernet port becomes fast ethernet port [SOLVED]

Have you tried replacing the network cables?
by kevinds
Sat Apr 16, 2022 1:45 am
Forum: RouterBOARD hardware
Topic: CCR1036 memory upgrade question
Replies: 31
Views: 21902

Re: CCR1036 memory upgrade question

I'm using routeros as base os and running my applications over it. I have enabled the devel account in order to access to the shell, then installed a complete busybox (as the one which comes with routeros is very limited). regards Antonio I've been looking off and on for a few weeks on how to do th...
by kevinds
Fri Apr 15, 2022 1:43 am
Forum: Beginner Basics
Topic: VPN killswitch in ROS7 [SOLVED]
Replies: 7
Views: 2118

Re: VPN killswitch in ROS7 [SOLVED]

I would remove the default route going to your ISP. Set a single route for the VPN server..

With the default route set for the VPN, no other traffic will have a route if the VPN is down.

Removing other src-nat rules so that only the VPN's interface src-nat rule provides NAT would work too.
by kevinds
Fri Apr 15, 2022 1:39 am
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 64
Views: 59211

Re: Recommend way to block Ads with Mikrotik

I know there is i.e. Pi-hole but I'm afraid pages loading will work slower if there will be requests to raspberry. Your fears are unfounded.. Pi-Hole only answers the DNS queries (they are tiny chunks of data), all your internet traffic doesn't go through the Pi board when using Pi-Hole.. You can a...
by kevinds
Fri Apr 15, 2022 1:32 am
Forum: Beginner Basics
Topic: Licence not valid
Replies: 1
Views: 268

Re: Licence not valid

CHR or 'bare metal' install?
by kevinds
Thu Apr 14, 2022 8:51 am
Forum: General
Topic: mikrotik website down?
Replies: 7
Views: 539

Re: mikrotik website down?

Seems to be back up now.
Confirmed. :) Looks like they changed some things..
by kevinds
Thu Apr 14, 2022 5:38 am
Forum: General
Topic: mikrotik website down?
Replies: 7
Views: 539

Re: mikrotik website down?

Same.

Direct links to the pages also fail..
by kevinds
Thu Apr 14, 2022 4:02 am
Forum: Forwarding Protocols
Topic: How do I set source-IP? [SOLVED]
Replies: 13
Views: 3317

Re: How do I set source-IP? [SOLVED]

As in, the preferred-source field of IPv6 routes simply doesn't work? I haven't had a reason to try and set it and I want to make sure I'm understanding what you ran into. Exactly. It gives an error when trying to enter an IPv6 address. Edit: Specifically the set-pref-src in BGP route filters, disc...
by kevinds
Thu Apr 14, 2022 3:44 am
Forum: Forwarding Protocols
Topic: How do I set source-IP? [SOLVED]
Replies: 13
Views: 3317

Re: How do I set source-IP? [SOLVED]

This solution doesn't work for IPv6 though.. Opened a bug-report today. So the bug isn't a bug because they never designed it to work for IPv6, but this is needed for the same reasons it is needed for IPv4.. Not working as documented seems like a bug to me.. Overall though, this breaks other featur...
by kevinds
Thu Apr 14, 2022 3:27 am
Forum: General
Topic: clickbite: How do members of the Forum feel about this article?
Replies: 54
Views: 3388

Re: How MikroTik Routers Became a Cybercriminal Target

Is there any truth to this?
Half-truths at best and really bizare interpretations of the results of the reseachers' "tests"...
by kevinds
Wed Apr 13, 2022 9:53 am
Forum: General
Topic: Netinstall macOS? [SOLVED]
Replies: 11
Views: 7572

Re: Netinstall macOS? [SOLVED]

I did once try to get the Windows Netinstall binary to run in a Parallels VM bridged to the network, but couldn't get it to work. I had three to NetInstall today and I couldn't get it to work in normal Win10.. Booted into Linux and it worked first try using the Linux NetInstall command.. The Window...
by kevinds
Wed Apr 13, 2022 3:28 am
Forum: General
Topic: [HELP] Redirecting DoH requests to internal DNS
Replies: 15
Views: 1867

Re: [HELP] Redirecting DoH requests to internal DNS

Uuu DoH evil!! beware of DoH!! boo!
Stop spying on your users.
No, you can't do what you want.
From a network/systems admin point of view, DoH is a huge PITA!

I don't really care what the users themselves do.. I do care what lookups malware is doing though.
by kevinds
Wed Apr 13, 2022 3:19 am
Forum: General
Topic: Public IP routing
Replies: 2
Views: 305

Re: Public IP routing

Hello this may be easy ? but our isp give use a ip to use on our router 50.231.92.xx/30. and we set that to our ccr2004, They give use 50.221.144.xx/29 and 50.231.91.xx/30 and told me that 50.231.92.xx/30 will be our gateway (CCR2004). how can i set this up to pass the ip to servers. the CCR is has...
by kevinds
Wed Apr 13, 2022 3:12 am
Forum: General
Topic: Netinstall macOS? [SOLVED]
Replies: 11
Views: 7572

Re: Netinstall macOS? [SOLVED]

This wouldn't work on the new Mac CPU architecture, but curious if you tried the Linux CLI NetInstall application instead of using wine.
by kevinds
Wed Apr 13, 2022 3:09 am
Forum: General
Topic: Unable to block internet access for smartphones
Replies: 11
Views: 1275

Re: Unable to block internet access for smartphones

I want to block internet for couple of devices so this is what I have done: 192.168.1.115 = static IP on my mobile phone connected wirelessly, default gateway IP of router 192.168.1.1 How do you plan on dealing with the new mobile OS's generating random MAC addresses when connecting to WiFi network...
by kevinds
Mon Apr 11, 2022 2:22 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

I changed the list to $update url=https://lists.blocklist.de/lists/all.txt listname=BlockList-DE timeout=1d noerase=1 And get this output /system script run BlockList-DE Starting import of address-list: BlockList-DE Entries not conditional deleted in address-list: BlockList-DE List identified as a ...
by kevinds
Thu Apr 07, 2022 3:05 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

It is a weekly list so just update it at 06H30 am and polling it will only create mor load on their side.
According to the Turris support, it is updated daily.
by kevinds
Tue Apr 05, 2022 10:18 pm
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Does the "Import was NOT successful!" error appear if there were no changes to the list, when using the noerase= option? [k@a] > /system script run Advanced-Downloader Starting import of address-list: turris Entries not conditional deleted in address-list: turris List identified as a IPv4 ...
by kevinds
Mon Apr 04, 2022 7:08 pm
Forum: Forwarding Protocols
Topic: How do I set source-IP? [SOLVED]
Replies: 13
Views: 3317

Re: How do I set source-IP? [SOLVED]

Using pref-src / "Pref. Source" / "Preferred Source" on route without involving consuming firewall rules???
I did try those first..

This solution doesn't work for IPv6 though.. Opened a bug-report today.
by kevinds
Mon Apr 04, 2022 11:58 am
Forum: Forwarding Protocols
Topic: How do I set source-IP? [SOLVED]
Replies: 13
Views: 3317

Re: How do I set source-IP? [SOLVED]

Sure thing. I’m curious what your use case is that requires it. :D By default RouterOS is trying to use the IP on the interface closest to the destination for it's output traffic, for exchanges, it is using the exchange IP, which can't be replied to because they are not routed. For example, the ban...
by kevinds
Mon Apr 04, 2022 11:27 am
Forum: Forwarding Protocols
Topic: How do I set source-IP? [SOLVED]
Replies: 13
Views: 3317

Re: How do I set source-IP? [SOLVED]

According to the :routing filter documentation [1] it looks like you can use the :routing filter set set-pref-src=<ip_address> option in inbound filters.
Thank you!

That is not where I was expecting. Cool
by kevinds
Mon Apr 04, 2022 11:05 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

.I challenge you to explain the origin of the name "hei" rule
Something from the Czech language?
by kevinds
Mon Apr 04, 2022 10:33 am
Forum: Forwarding Protocols
Topic: How do I set source-IP? [SOLVED]
Replies: 13
Views: 3317

How do I set source-IP? [SOLVED]

BGP on v6.49.5 https://forum.mikrotik.com/viewtopic.php?t=135754#p668646 Each route has a parameter pref-src whose value specifies the local IP address of the router which should be used for locally originated packets sent down that route. I'm having an issue that my router is using non-routed IPs f...
by kevinds
Mon Apr 04, 2022 10:16 am
Forum: General
Topic: Ping my public ip
Replies: 17
Views: 1111

Re: Ping my public ip

No, 'drop all' is a bad idea.. What's the reasoning behind that? If I dont know about the traffic or care enough that I dont notice it coming in why allow it access? If I did care about the traffic being dropped I would notice it and put it on a address list or rule accepting it? I am interested to...
by kevinds
Mon Apr 04, 2022 5:39 am
Forum: Scripting
Topic: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)
Replies: 208
Views: 52954

Re: Address lists downloader (DShield, Spamhaus DROP/EDROP, etc)

Example: $update url=https://project.turris.cz/greylist-data/greylist-latest.csv delimiter=, listname=turris timeout=8d heirule=dns|sip I may have missed the answer above, but does dns|sip mean the IP is added if 'dns' or 'sip' is in the line? Or does it mean that 'dns' and 'sip' need to be present...
by kevinds
Sun Apr 03, 2022 4:11 am
Forum: General
Topic: Where do i see mikrotik public WAN ip?
Replies: 56
Views: 6862

Re: Where do i see mikrotik public WAN ip?

By the time am done, the security will be so tight that, you will have to physically access the router/switches to hack me
Send me the best hacker in the world, they wont get anywhere!!!
So much for a newbie asking dumb questions
Oh.. *shaking my head*
by kevinds
Sun Apr 03, 2022 2:56 am
Forum: Beginner Basics
Topic: Is there a RAM usage function?
Replies: 1
Views: 286

Is there a RAM usage function?

/tool profile will show CPU usage.. Is there an equivalent for RAM usage?
by kevinds
Sun Apr 03, 2022 2:54 am
Forum: Beginner Basics
Topic: hEX (RB750Gr3) Serial Console
Replies: 12
Views: 5126

Re: hEX (RB750Gr3) Serial Console

Or.. A USB-Serial adapter for both your PC and the RouterBoard and a null-modem cable between them...

My computers have real serial ports but I have used a USB-Serial adapter on my RB750Gr3 and RB760iGS.
by kevinds
Sun Apr 03, 2022 2:48 am
Forum: Beginner Basics
Topic: Where to find SIM phone number in MikroTik RBSXTR&R11e-LTE6 (SXT LTE6 kit)
Replies: 3
Views: 741

Re: Where to find SIM phone number in MikroTik RBSXTR&R11e-LTE6 (SXT LTE6 kit)

Router OS 3 i think
many thanks
RouterOS 3??

Otherwise, my first thought is AT commands.
by kevinds
Sun Apr 03, 2022 2:44 am
Forum: Beginner Basics
Topic: Cut Myself Off From WinBox Connection!
Replies: 9
Views: 855

Re: Cut Myself Off From WinBox Connection!

Maybe I'm having a brain-fart about what your issue is, but if you are really stuck trying to regain access.. Why not just reset-to-defaults the router?

To regain access without reset, serial console?
by kevinds
Sun Apr 03, 2022 2:39 am
Forum: Beginner Basics
Topic: 00:00:00:00:00:00 on MAC address in DHCP Server Leases( conflict)
Replies: 1
Views: 650

Re: 00:00:00:00:00:00 on MAC address in DHCP Server Leases( conflict)

If you connect a computer or a mobile device, does that work?

My first thought is that the cameras you are connecting don't actually have MAC addresses assigned to them..

I've seen this on cheap sh*t.. Occasionally on better devices as a manufacturing defect.
by kevinds
Sun Apr 03, 2022 1:29 am
Forum: General
Topic: Ping my public ip
Replies: 17
Views: 1111

Re: Ping my public ip

Drop all ICMP is a bad idea. There is a reason it is allowed in the default rules with the drop-all at the end.
by kevinds
Sun Apr 03, 2022 1:16 am
Forum: General
Topic: Ping my public ip
Replies: 17
Views: 1111

Re: Ping my public ip

Just make sure your firewall drops all except your own incoming traffic like vpn.
No, 'drop all' is a bad idea..
by kevinds
Sun Apr 03, 2022 1:14 am
Forum: General
Topic: Ping my public ip
Replies: 17
Views: 1111

Re: Ping my public ip

why so many pings to a domestic IP? Domestic to whom? AWS leases resources to anyone and the US has more IP addresses than any other country. There are many groups out there that 'scan' every IPv4 address, hourly, for different things just because they can. Some of the 'researchers' try and connect...
by kevinds
Sat Apr 02, 2022 1:42 pm
Forum: General
Topic: Ping my public ip
Replies: 17
Views: 1111

Re: Ping my public ip

"Normal" crap traffic fluctuates a lot, but I agree that 1.3MB in 17 hours doesn't register on any scale.

Years ago when I was on dialup internet, trying to download something, 1MB would take 20 minutes to transfer.. Your 1MB took almost 17 hours.. That isn't worth paying attention to.
by kevinds
Thu Mar 31, 2022 3:36 am
Forum: General
Topic: Where do i see mikrotik public WAN ip?
Replies: 56
Views: 6862

Re: Where do i see mikrotik public WAN ip?

What am asking is about essential services that MUST be on for things to work
None of them are needed for things to work.

System-Packages, if you mess with those, then stuff will break.
by kevinds
Thu Mar 31, 2022 12:41 am
Forum: General
Topic: Where do i see mikrotik public WAN ip?
Replies: 56
Views: 6862

Re: Where do i see mikrotik public WAN ip?

Please let me know what services i need on and if this is a good idea
You need the services on that you plan to use.

We can't answer that for you.
by kevinds
Thu Mar 31, 2022 12:38 am
Forum: General
Topic: What is the best way to prevent internal traffic from leaving? [SOLVED]
Replies: 56
Views: 4736

Re: What is the best way to prevent internal traffic from leaving? [SOLVED]

You can peel an orange only once.....
If its peeled for you why complain? ;-)
Packets are endless, not just once.
by kevinds
Wed Mar 30, 2022 10:07 pm
Forum: General
Topic: What is the best way to prevent internal traffic from leaving? [SOLVED]
Replies: 56
Views: 4736

Re: What is the best way to prevent internal traffic from leaving? [SOLVED]

At that point it doesn't matter if the customers are blocking the bogons or not, because I do it first for everyone ...
I could ask someone else to tie my shoes everytime I put them on because they could.. Wouldn't it be better if I tied my own?
  • 1
  • 2