MikroTik

levicki

After upgrading from 7.16.1 to 7.16.2 on my Audience, my bridge MAC address has changed all on its own from 48:8F:xx:xx:xx:89 to 48:8F:xx:xx:xx:8C. Log shows this message after upgrade: 15:03:42 bridge,info "bridge1" mac address changed to 48:8F:xx:xx:xx:8C This has resulted in my Audience...

levicki

Are people so idle nowadays with nothing better to do than look for things to rename and history to revise? Don't answer, it's a rhetorical question. Back on topic of Apple devices, from my testing these are the settings that work: - Authentication Type: WPA3 PSK - Encryption: CCMP - Group Encryptio...

levicki

Here's what the manual says: The feature allows the protection of RouterOS configuration and files from a physical attacker by disabling etherboot. It is called "Protected RouterBOOT". This feature can be enabled and disabled only from within RouterOS after login, i.e., there is no RouterB...

levicki

I am far from expert, and thus maybe others will chime in with other potential options, sorry. I spent quite some time experimenting and I managed to get download and upload to use full bandwidth of both connections. You need to use src-address-and-port in PCC rules so that connections from same so...

levicki

Sorry for necroing the thread but this script works for me in RouterOS 7.9: :local inetinterface "wan2"; :local addresslist "WAN2_IP"; :global CurrentIP; :if ([/interface get $inetinterface value-name=running]) do={ :local NewIP [/ip address get [find interface="$inetinterfa...

levicki

I am aware that PCC is not bonding. I was hoping that there was a method using PCC to mark connections so that connections that go to same destination address from different source ports (say using src-address-and-port) use different ISPs. As for the torrent part it's not a dedicated box so filterin...

levicki

Oh right, that works for the default route but not for the route with the table we add. Bingo... that's why I said DHCP and PPPoE client should support specifying routing table. I did try using output interface instead of gateway, and I did manage to get some sort of load balancing. However, the ma...

levicki

Ahh okay, sorry. Hmm I have plain ethernet cable on mine, and I just use the current gateway in my rules. When my ISP changes the new gateway auto populates properly with no work from me. However my primary WAN is fiber from bell and that gateway never updates on my routes just IP DHCP client so I ...

levicki

If you dont try, you wont find out. There is no need for Gateway IP in mangling rules.

I never said in mangling rules -- I said in routes, and your example shows it as well (unless it is optional).

levicki

The PCC load balancing is straight forward via PCC type rules. You will need mangling to a. prerouting --> mark connections for inbound traffic on wans b. output --> assign routing marks for same traffic returning to originator c. prerouting apply pcc rules and mark connection for LAN traffic headi...

levicki

I have two ISPs at the moment. ISP1 - fiber PPPoE (static IP) ISP2 - cable (dynamic IP) I would like to create a dual WAN configuration with load balancing where I would also perform port forwarding for some services over ISP1 and some over ISP2. I am using RouterOS 7.9. What would be the best way t...

levicki

I have 7.1 release installed on Audience AP and it seems that the Access List feature is either not working or I am not using it correctly. I have whitelisted MAC addresses of devices which I want to allow to connect, but my Apple Watch still connected with random MAC address (the latest iOS update ...

levicki

@sergejs Audience owner here, running RouterOS 7.1rc6. Only packages I have installed are routeros and wifiwave2 on it. After upgrading to 7.1rc7 I have this message in the log right after rebooting and after interfaces are brought up: error while running customized default configuration script: bad...

levicki

Sorry for bringing up an old thread, but I recently wrote an article on how you can run AD DNS on a MikroTik router. Of course, standard disclaimer applies -- you should not be doing it in an environment where: 1. You have more than one domain and/or forest 2. You need dynamic DNS updating to work 3...

levicki

I would not recommend purchasing audience until a stable firmware is released for it, but thats your choice. I already did, and I installed 7.1beta6 on it along with wifiwave2 package. So far it appears stable and I can get 485Mbps/49Mbps on 5GHz 4 chain radio (my ISP is 500/50Mbps, tested using sp...

levicki

2) two = 2 Yes, I know number to word mapping, thank you. What I was asking is whether you can configure them separately or the system sees them as a single logical device. 4) Really you ask that? Obviously, like all the other mikrotik devices, you can do what you want (if you know how to do that) ...

levicki

I am considering purchasing Audience I have a few questions regarding Audience capabilities. 1. Website shows technical specification, but doesn't show what authentication standards are supported. Is WPA3 supported? 2. Can the two 5ghz radios be configured separately? 3. Website shows AES-256-CBC th...

levicki

If you do not have a real domain (read: domain controller), and your PC is not domain-joined, then Windows (and probably Linux as well) will not append any DNS search suffix to host names when it triies to resolve them on the DNS server. On Windows, you can go to Control Panel > Network Connections ...

levicki

levicki

Switch to 7.1beta5 and enjoy that 64 bit time.

Are you seriously suggesting to use beta software in production environment?!? o.0

levicki

Let me also add that for a certificate created today with 3652 days it is showing Days Valid as 3652 , but it shows Expires After as 3636 days, so there seems to be more wrong than just 32-bit cutoff. I found a discussion about that here and after reading it I still don't understand where this error...

levicki

The imported certificate's Days Valid field is displaying wrong value -- it is showing 6090 days for a certificate which has 36524 days validity (100 years). The reason for this seems to be the date handling in the OS caused by using 32-bit Unix time_t structure (a.k.a. the Year 2038 Problem ) -- th...

levicki

I think I found a bug. The imported certificate's Days Valid field is displaying wrong value -- it is showing 6090 days for a certificate which has 36524 days validity (100 years). The reason for this seems to be the date handling in the OS caused by using 32-bit Unix time_t structure (a.k.a. the Ye...

levicki

Are you the ISP ? No. Just someone who wants to have undisturbed Teams experience with coworkers when working from home regardless of what other members of the household (or even myself) are doing on the internet. I have Mikrotik hardware good enough to solve that problem. I don't see any real-worl...

levicki

Hello, I would like to implement QoS for Microsoft Teams. As per Microsoft's documentation, the following address ranges should be optimized for Teams: 13.107.64.0/18 52.112.0.0/14 Docs are here: https://docs.microsoft.com/en-us/microsoftteams/prepare-network And here: https://docs.microsoft.com/en-...

levicki

You've answered yourself. Fasttracking means bypass of all firewall rules, fasttracked packets only pass through the connection-tracking part of the firewall.

Is there a way to still mark / count this traffic or is the only way for proper bandwidth management to have fasttracking disabled?

levicki

I have a RDP server on LAN which is forwarded to WAN: add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-mark=rdp-connection-mark passthrough=yes port=3389 protocol=tcp add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS&quo...

levicki

I have a RDP server on LAN which is forwarded to WAN: add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS" new-connection-mark=rdp-connection-mark passthrough=yes port=3389 protocol=tcp add action=mark-connection chain=prerouting comment="MARK RDP CONNECTIONS&quo...

levicki

Sorry for necroing an old thread, but it might be useful to mention that it is possible to drop packets before dstnat by using Raw rules in prerouting chain. An example: /ip firewall raw add action=drop chain=prerouting dst-port=3389 in-interface=your_wan_interface protocol=tcp src-address-list=\ !T...

levicki

It would be nice if MikroTik would add a variable that could be used in place of src-address, dst-address, or to-addresses in NAT commands. Vyatta has this option where you can reference for example ADDRv4_eth2 to get current eth2 IP address anywhere in NAT rule and it is replaced and maintained tra...

levicki

Hopefully my comment won't come through as rude, but to me it seems a bit irresponsible (or at least over-confident) to say "we are highly certain" without having an actual sample of the malware to analyze and confirm that it was exploiting the old vulnerability and not some new one you m...

levicki

Hopefully my comment won't come through as rude, but to me it seems a bit irresponsible (or at least over-confident) to say "we are highly certain" without having an actual sample of the malware to analyze and confirm that it was exploiting the old vulnerability and not some new one you mi...

levicki

MikroTik (just like Ubiquiti and many others for that matter) are depending on the hardware (CPU/chipset) manufacturer for major upgrades. Those manufacturers are the ones who provide SDK and drivers (the latter usually in binary form only due to patents), and those drivers cannot be loaded on newer...

levicki

Cloudflared (daemon for cloudflare services including DNS over HTTPS) is open-source and written in Go language, you can find it on GitHub and port to MikroTik.

levicki

Hello, new MikroTik owner here. I'd also like to see DNS over HTTPS support. I am not sure if the forum will let me post a link but I will try anyway. This is the source code of cloudflared (daemon) which can act as DNS over HTTPS proxy. It is written in Go language, it should be straightforward to ...

Search found 35 matches

Re: v7.16.2 [stable] is released!

Re: WiFi with Apple Products

Re: Upgrading Rooterboot factory software

Re: Dual WAN with port forwarding

Re: Update address list with script

Re: Dual WAN with port forwarding

Re: Dual WAN with port forwarding

Re: Dual WAN with port forwarding

Re: Dual WAN with port forwarding

Re: Dual WAN with port forwarding

Dual WAN with port forwarding

Re: v7.1 is released!

Re: v7.1rc7 [development] is released!

Re: DNS in mikrotik and DC on Windows Server

Re: Audience AP question

Re: Audience AP question

Audience AP question

Re: Windows DNS client problem

Regular expression too complex

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Re: [BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

[BUG] Certificate Days Valid shows wrong value due to 32-bit time_t

Re: v6.48.2 [stable] is released!

Re: Help with Microsoft Teams QoS

Help with Microsoft Teams QoS

Re: Not all RDP traffic seems to be marked in firewall mangle

Not all RDP traffic seems to be marked in firewall mangle

Not all RDP traffic seems to be marked in firewall mangle

Re: Firewall Filter Rule before NAT rule

[FR] A way to reference IP address on any interface in NAT

Re: VPNfilter official statement

Re: VPNfilter official statement

Re: RouterOS v7.0 beta1 - when?

Re: CloudFlare DNS over TLS

Re: CloudFlare DNS over TLS