Community discussions

MikroTik App

Search found 51 matches

by jayooo
Tue Dec 17, 2024 4:48 am
Forum: General
Topic: Wireguard / 2FA
Replies: 17
Views: 8986

Re: Wireguard / 2FA

What is your idea? I really doubt that you would be able to implement anything directly on the MikroTik without using a container ... and if you go the route of using a container then you should consider using TailScale instead of reinventing an advanced security feature.
by jayooo
Tue Dec 17, 2024 4:32 am
Forum: General
Topic: Routing slows down after a while
Replies: 1
Views: 228

Re: Routing slows down after a while

I have almost same setup in 1 other router, no issues as all. Are both of the routers on the same software and firmware versions? Do some tests: Swap these 2 router configs. Put the config from router-1 onto router-2, and put the config from router-2 onto router-1. Does the issue follow the router ...
by jayooo
Tue Dec 17, 2024 4:22 am
Forum: General
Topic: CRS305-1g-4s+ - issues on port mirror
Replies: 5
Views: 917

Re: CRS305-1g-4s+ - issues on port mirror

Is your source and destination interface on the same switch chip internally?
by jayooo
Tue Dec 17, 2024 4:09 am
Forum: General
Topic: hAP ax2 is registering itself in Windows DHCP with random (DHCP?) addresses
Replies: 9
Views: 975

Re: hAP ax2 is registering itself in Windows DHCP with random (DHCP?) addresses

The question is WHY is the router asking for an DHCP address? AFAIK the router is defined with a static IP address. First, "you say as far as I know the router is defined with a static IP address". That sounds like your assumption. Why don't you know for sure? Are you not the person that ...
by jayooo
Sat Dec 14, 2024 8:28 pm
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

I am not sure if you understand how safe mode works. Please read what I wrote again. "I also found a bug where routes added while in safe mode are not removed when safe mode is rolled back ." So, make a bunch of changes, including adding a route. Now, roll-back the changes by closing the ...
by jayooo
Sat Dec 14, 2024 7:23 pm
Forum: General
Topic: HELP NEW INSTALL ROUTEROS X86
Replies: 1
Views: 524

Re: HELP NEW INSTALL ROUTEROS X86

Are you saying that the SystemID field is blank in System -> License ?
by jayooo
Sat Dec 14, 2024 6:26 pm
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

Will you file a support ticket regarding that? Yes. I already submitted a bug report for what I found. I will reply to it and include what you found as well. Kind of related, I also found a bug where routes added while in safe mode are not removed when safe mode is rolled back, meaning that safe mo...
by jayooo
Sat Dec 14, 2024 6:12 pm
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

Regardless of the bug, IMHO, the use of routing rules suffices only for traffic TO the router but will not address LAN(server) return traffic back out WAN2. In other words mangling cannot be avoided but we can limit the mangling for that bit of traffic. ... .. . Thank you. That information and conf...
by jayooo
Sat Dec 14, 2024 6:08 pm
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

Will you file a support ticket regarding that?
Yes. I already submitted a bug report for what I found. I will reply to it and include what you found as well.
by jayooo
Sat Dec 14, 2024 12:33 am
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

I found the issue. Your instruction to remove the interface from the rule was the answer, but there is a bug when doing that, causing it not to actually take affect. If you change a route rule from having an interface set to NOT having an interface set, it does not actually work until you disable an...
by jayooo
Fri Dec 13, 2024 10:50 pm
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

I made that change, like this: /routing rule add action=lookup src-address=2.2.2.2/32 table=wan2 However, the results are still the same. It does not work. I cannot connect to the router or ping the router from the outside through that IP address. However, if I change the wan2 route so that it uses ...
by jayooo
Fri Dec 13, 2024 9:19 pm
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

you only have to ensure traffic coming in WAN2 is handled specially so that it goes out wan2, not wan1. Yes, what you wrote is exactly what I am trying to do. Shouldn't a route rule (without mangle) be able to do that? I really thought the following would work: /ip address add address=1.1.1.1/24 in...
by jayooo
Thu Dec 12, 2024 12:48 am
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

Re: 2 WAN active at the same time [SOLVED]

1. Yes, I want both wans externally available at the same time. For example, if I were to port forward to an internal device, I want to be able to access it through either of the public static wan IP addresses. 2. I don't care about load balancing. Everything originating from internal devices can go...
by jayooo
Tue Dec 10, 2024 7:13 am
Forum: General
Topic: 2 WAN active at the same time [SOLVED]
Replies: 19
Views: 1454

2 WAN active at the same time [SOLVED]

I have what I thought would be a simple config, but I have tried so many variations and I can't get this to work. I have 2 Internet connections connected to the Mikrotik. Static IP, each with their own gateway. I simply want to be able to ping both addresses from the Internet at the same time. That'...
by jayooo
Tue Dec 10, 2024 6:04 am
Forum: Announcements
Topic: v7.16.2 [stable] is released!
Replies: 490
Views: 189362

Re: v7.16.2 [stable] is released!

Here's a bad bug:

If you turn on safe mode, make a change to the routing table, and then roll-back ... the routing table changes are still there. Safe mode does not undo routing table changes!
by jayooo
Wed Oct 09, 2024 3:11 am
Forum: General
Topic: Whats the point of this default FW rule?
Replies: 21
Views: 1712

Re: Whats the point of this default FW rule?

This rule does get hit if you use it as intended, yes. Any NAT rule that you have dst-nat to an internal computer will be on the forward chain. You can use this default rule instead of a default drop-all so that anything dst-natted will be allowed instead of creating both a nat rule and a filter rul...
by jayooo
Wed Oct 09, 2024 1:31 am
Forum: General
Topic: [FEATURE REQUEST] Two Factor Authentication
Replies: 53
Views: 39606

Re: [FEATURE REQUEST] Two Factor Authentication

This works, except when you go to terminal inside winbox, you have to login again with a new otp code because most of the time your 30 second window has already expired before you open the terminal window.
by jayooo
Wed May 15, 2024 2:26 am
Forum: General
Topic: strange issue with mikrotik bridge and home assistant
Replies: 4
Views: 8741

Re: strange issue with mikrotik bridge and home assistant

When you say "Bridge Firewall", are you referring to Bridge -> Filter (inside the Bridge settings)? If so, why are you using that? And how exactly are you "disabling" it to make things work?
by jayooo
Wed May 15, 2024 2:18 am
Forum: General
Topic: Problem after energy loss
Replies: 1
Views: 290

Re: Problem after energy loss

You are going to have to do a lot more troubleshooting first. You gave us nothing to go on at all. You say "other locations" can't access it. So, that symptom points to an issue with whatever tunnel you are using. What kind of tunnel are you using? IPSEC? Wireguard? OVPN? You need to look ...
by jayooo
Wed May 15, 2024 2:14 am
Forum: General
Topic: Factory firmware upgrade
Replies: 8
Views: 1984

Re: Factory firmware upgrade

It's easy. Just use the built-in upgrade in Winbox. You might have to do it a few times. The first time it will upgrade to the newest 6.x and then do it again and it will go to somewhere around 7.12, and then do it again and it will go to 7.14
by jayooo
Mon May 13, 2024 4:12 pm
Forum: General
Topic: Mikrotik downloads are broken
Replies: 3
Views: 814

Re: Mikrotik downloads are broken

No, you just have to wait. It comes and goes a lot.
by jayooo
Fri Apr 05, 2024 5:45 am
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 2238

Re: Wireguard Keeps trying to reconnect

Yes but it seems like they might possibly have it enabled on the router side, as the router is logging an attempt every xx seconds.
by jayooo
Fri Apr 05, 2024 3:02 am
Forum: General
Topic: Wireguard Keeps trying to reconnect
Replies: 13
Views: 2238

Re: Wireguard Keeps trying to reconnect

Do you have persistent keepalive disabled?
by jayooo
Fri Apr 05, 2024 3:00 am
Forum: General
Topic: Mikrotik downloads are broken
Replies: 3
Views: 814

Mikrotik downloads are broken

I can't update from within Winbox, and I can't download from the Mikrotik download website.

503 Service Unavailable
No server is available to handle this request.
by jayooo
Tue Feb 20, 2024 3:16 am
Forum: General
Topic: station pseudobridge not working
Replies: 4
Views: 928

Re: station pseudobridge not working

This is the entire config: /interface bridge add name=bridge1 /interface wireless set [ find default-name=wlan1 ] disabled=no mode=station-pseudobridge ssid=MyWiFi /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys ...
by jayooo
Tue Feb 20, 2024 12:19 am
Forum: General
Topic: station pseudobridge not working
Replies: 4
Views: 928

station pseudobridge not working

I know I've done this in the past successfully, but today I was unable to make it work. I deleted the config so it is completely blank (not default) and then added only the following: Wireless: Type = station pseudobridge (and I set the ssid and password). Bridge contains wireless and ether1 That's ...
by jayooo
Thu Jan 18, 2024 6:19 am
Forum: Beginner Basics
Topic: Backup router with DHCP server
Replies: 8
Views: 2874

Re: Backup router with DHCP server

I have found that if you set the dhcp server to use the vrrp interface, instead of the actual interface, then the dhcp server is automatically enabled/disabled with the vrrp interface itself getting enabled/disabled.
by jayooo
Thu Jan 18, 2024 6:15 am
Forum: General
Topic: vrrp with multiple dhcp servers
Replies: 0
Views: 774

vrrp with multiple dhcp servers

I've been reading here about various methods to deal with 2 routers each having a dhcp server, and how to stop 1 from serving addresses. Some methods include a script to enable/disable on vrrp up/down. Or to set 1 dhcp server to 10 seconds so it wont sever unless the primary doesn't respond. Or to s...
by jayooo
Thu Jan 18, 2024 5:23 am
Forum: General
Topic: vrrp in firewall filter rules
Replies: 7
Views: 1547

vrrp in firewall filter rules

Everything I read says that in firewall filter rules, use the actual vlan interface for interface matching instead of the vrrp-interface. However, for in-interface, it only matches if I use the vrrp interface. I have a bridge with a few vlans. Each of those vlans contains 1 vrrp interface (vrrp is i...
by jayooo
Mon Sep 04, 2023 5:26 am
Forum: General
Topic: Lowering the interface MTU doesn't seem to do anything.
Replies: 2
Views: 1153

Re: Lowering the interface MTU doesn't seem to do anything.

I found that it actually works as expected if I change the WAN interface MTU instead of the LAN interface MTU. I don't know why though.

On the LAN side, I changed the bridge and the individual interfaces, but that didn't make any difference. There is no vlan.
by jayooo
Mon Sep 04, 2023 1:49 am
Forum: General
Topic: Lowering the interface MTU doesn't seem to do anything.
Replies: 2
Views: 1153

Lowering the interface MTU doesn't seem to do anything.

I can do ping -f -l 1472 walmart.com from my laptop and it returns a successful ping. GOOD. I can do ping -f -l 1473 walmart.com from my laptop and it says packet needs to be fragmented. GOOD. Then, I change the MTU on the LAN interface in Mikrotik from 1500 to 1300. I would expect both test above w...
by jayooo
Fri Aug 25, 2023 4:19 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

The VLAN issues seem to be fixed in 7.12beta3! I just installed it, and re-enabled HW, all is good.
by jayooo
Wed Aug 23, 2023 6:30 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

That isn't an upgrade issue then, assuming you did actually downgrade both the package and the router board firmware. but i tried with another acess point i still get bad wifi speed. before i update mikrotik .i didnt had problem. with cable i get full speed. its very strange problem That isn't a mi...
by jayooo
Wed Aug 23, 2023 4:44 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

İ have tplink acess point on mikrotik LDF5 outdoor. İ had 7.10.2 version . i updated 7.11 after that my tplink acess point wifi speed about 1 mbps or more less but my with cat6 cable speed 86 mbps. i downrage 7.10.2 but still nothing change. its seems my wifi totaly broken with all version software...
by jayooo
Wed Aug 23, 2023 12:28 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!


All upgrade went well (no issues) BUT I have 2 hEX S with VLANs and those simple come up but users get timeout. Doing a downgrade restores the process so I think there is a bug there.
The hex vlan workaround is a few posts up. No need to downgrade.
by jayooo
Mon Aug 21, 2023 4:05 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

Mikrotik replied to my supout ticket and they have confirmed that they have reproduced the VLAN issues on HEX/HEX-S in 7.11 and are working on that fix.
by jayooo
Sat Aug 19, 2023 1:03 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

Thanks again for the feedback! The issue with vlan-filtering bridge running together with CAPsMAN has been reproduced and we are looking for a fix. @ bommi, jayooo, dredex - regarding issues with HW offloaded vlan-filtering bridges on hEX or hEX-S. Can please you share supout.rif files to support@m...
by jayooo
Sat Aug 19, 2023 1:00 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

Wait, you did a upload and downgrade? Invited downgrade, no result. Upload and reboot, no success. Didn’t try this option. If I can get a connection again I will try this If you are manually rebooting, you are doing it wrong. Upload the old package file, then click Downgrade button. It will reboot ...
by jayooo
Fri Aug 18, 2023 12:40 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

Thanks for the feedback on RB4011/RB1100AHx4 with HW offloaded vlan-filtering. The problem is reproduced, and we are working on a solution. It is related to the FastPath fix (introduced in v7.11rc1): *) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath Running Torch o...
by jayooo
Thu Aug 17, 2023 11:53 pm
Forum: General
Topic: VLAN issue with 7.11 and 7.12
Replies: 5
Views: 1967

VLAN issue with 7.11 and 7.12

The following works properly with 7.10, no problems at all. However, upgrading to either 7.11 or 7.12 beta causes the network speed to barely above 0. Almost nothing works. I'm not sure if my config is bad, and it just happens to work on 7.10, or if something in 7.11/7.12 is broken. Downgrading to 7...
by jayooo
Thu Aug 17, 2023 1:20 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 180071

Re: v7.11 [stable] is released!

Upgrading to 7.11 makes my HEX unusable. Internet speed is barely above 0, and nowhere even near 1mbps. I am using vlans, both tagged and untagged. I see that there are a lot of vlan changes in the changelog. Based on the fact that so many people here are having no issues, I assume it is something t...
by jayooo
Mon Jun 26, 2023 7:06 am
Forum: General
Topic: Bridge use-ip-firewall + mangle + queue doesn't work
Replies: 2
Views: 1072

Bridge use-ip-firewall + mangle + queue doesn't work

v7.10 If I use a Bridge, with bridge-filter to mark packets, and use that mark-packet in Queue Tree, the Queue Tree bandwidth limiting works properly. Everything is good. However, if I then disable the bridge-filter rules, and put them in the ip firewall mangle rules, and turn on use-ip-firewall... ...
by jayooo
Mon Jun 26, 2023 4:58 am
Forum: General
Topic: I need Interface-List for Queue Tree Parent
Replies: 0
Views: 563

I need Interface-List for Queue Tree Parent

v7.10 Scenario: No Routing, only transparent traffic shaping with bridge Bridge interface 1-5 interface 1 goes to the uplink gateway interface 2-5 goes to internal devices Bridge Filters: Outgoing interface 1 mark-packet=upload Interface List interface-5 mark-packet=download (and other packets marke...
by jayooo
Tue Apr 12, 2022 12:09 am
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 50993

Re: v7.2.1 [testing] is released!

upgrade 7.2 to 7.2.1 on hAP941 fix memory and cpu usage on hEXr3? i lost, all bridges, all filter and nat rules, all wireguard interface (peers is ok) :-( not fix, one hAP have still problem 19:43:31 system,error,critical router was rebooted without proper shutdown 19:43:31 system,error,critical ke...
by jayooo
Tue Apr 12, 2022 12:09 am
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 50993

Re: v7.2.1 [testing] is released!

Would this fix be related to running scripts such as the ATT gateway bypass? My ATT gateway bypass was broken in 7.2 but working in 7.1.5 EDIT: Just tested on an RB4011, ATT gateway script still not working. Reverted back to 7.1.5. This fix is ONLY to stop routers getting bricked during an upgrade ...
by jayooo
Tue Apr 12, 2022 12:04 am
Forum: General
Topic: GRE Local-Address breaks tunnel
Replies: 3
Views: 529

Re: GRE Local-Address breaks tunnel

The local-address has to be a valid address on the router, and when there is NAT involved it has to be the NAT'ted address (not the external address).
Yes, it is. It is attached to an empty bridge. And, I can ping both addresses from both routers.
by jayooo
Mon Apr 11, 2022 7:48 pm
Forum: General
Topic: GRE Local-Address breaks tunnel
Replies: 3
Views: 529

GRE Local-Address breaks tunnel

I have GRE tunnels in multiple places, manually setup over an IPSEC tunnel. It works great, except at 1 place I have this oddity: I have an IPSec tunnel, 10.0.0.1 at site-A and 10.0.0.2 at site-B. The routers can ping each other with those addresses, no problem there, the IPSec tunnel is solid. Now,...
by jayooo
Mon Apr 11, 2022 6:49 pm
Forum: Announcements
Topic: v7.2.1 [stable] is released!
Replies: 240
Views: 50993

Re: v7.2.1 [testing] is released!

Regarding this particular release - it fixes a very rare situation when a router could brick itself during the upgrade process by removing/corruption filesystem so the device could not read system files anymore. So, basically the way I am reading this, if we are already on 7.2, there is no need to ...
by jayooo
Mon Mar 21, 2022 5:26 am
Forum: General
Topic: Partition on CHR
Replies: 1
Views: 350

Partition on CHR

Why isn't partition available on CHR? There is obviously going to be plenty of space, and it would be beneficial for the same reasons that it is used on routerboards that support it.
by jayooo
Sun Feb 20, 2022 12:11 am
Forum: Announcements
Topic: v7.2rc2 and v7.2rc3 is released!
Replies: 222
Views: 90936

Re: v7.2rc2 and v7.2rc3 is released!

Using Windows Remote Desktop through a Wireguard connection that terminates on Mikrotik 7.2rc3, I am often getting this Remote Desktop error message: "Because of an error in data encryption, this session will end. Please try connecting to the remote computer again." This is Client PC -> Mi...
by jayooo
Mon Sep 27, 2021 6:28 am
Forum: General
Topic: Trying to route client ip through gre tunnel
Replies: 0
Views: 635

Trying to route client ip through gre tunnel

I have 2 Mikrotik boxes, connected by a GRE tunnel. I have a tcp port from box #1 dst-natted to box #2. Box #2 forwards that to a PC with a web server. Ok. so I connect my device to the IP address of box #1 and the forwarded port, and I successfully hit the web server IF I use masquerade on the GRE ...