The WAP ax was disconnected and relocated to the "lab area" of the site After powering it back on today, removing the statically assigned slave wifi interfaces from the bridge, removing the "static slaves" in the settings of CAP it magically started to work as expected even befor...

Thanks for the suggestions but it seems like something is off with this WAP ax: The provisioning rules for AX devices are correct -- I've got a CAP ax, reset it into CAP mode and it jumped right in to the network with the correct VLAN IDs on both master and slave interfaces. Had to switch on vlan fi...

Greetings, I'm banging my head over a seemingly trivial problem that should work out of the box but for some reason donesn't... I have a 5009 operating as CAPSMAN (running 7.18) servicing a bunch of WAP ac's and one new WAP ax (running 7.18.2). I need to serve 3 SSIDs and traffic from each have to b...

The error is the a-b-c of any programming language: Do not use reserved words as variables name: comment =$ comment As usual the title of the topic is wrong, is not a problem on RouterOS, is a problem on user knowledge. NO COMMENT... Right, pardon my noob question, but is there a list of reserved w...

Thanks for the suggestion, but changing the variable name from "routes" to "myroutes" didn't help the cause

Greetings, I have encountered a strange problem that is reproducible on 6.49.13 and 7.16.1: I have a route in my routing table as so: [akliouev@tat] > /ip route print detail where comment="foo.bar.com" Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp,...

Greetings, I've bumped into a very strange behaviour on a ROS 7.14.3 system yesterday and I wonder if this is by design or a bug: I have a script in /system/scritps called "telegramSend" that sends the content of a variable "message" to the preconfigured chat with a preconfigured...

Update: GCM ciphers are broken only between version 6.41 I've downgraded one of my HAPac to 6.39 (bugfix branch) and reverted the proposals back to GCM. Amazingly the SAs kicked in. So for those using GCM for IPSec please be aware that if your router and the remote peer are on 6.41 GCM will fail If ...

It appears that running both a L2TP and an OVPN server is impossible on a HAP ac
When enabling OVPN established L2TP sessions are getting kicked out and new sessions are failing to establish. It looks like enabling OVPN just shuts down or filters out L2TP trafic

After upgrading two HAP-AC units to the latest 6.41 my site-to-site tunnel refused to come back up. I've spent several days debugging the problem and it turned out that the previously working proposal or AES-GCM started to fail in phase 2 negotiations The only way to make the tunnel work again was t...

Hi!

I need to migrate from my existing TIK to a new HAP ac. I have several IPSec VPNs that are using key auth and I have my TIKs private key in the /ip ipsec keys database

Is there any way to export the private IPSec key and import it on another TIK?

(The SW is 6.35.2)

Regards,
Alex

Greetings! I noticed that both Winbox and Webmin do report incorrectly the IPSec installed SA's properties. Here's some examples: Winbox report of installed SAs and details about a particular SA. Please note that the encryption algorithm is empty while the key is present: Winbox.png Webmin's report ...

For those wondering -- the order of the commands in the script was totally wrong. The script was chocking on the /interface ethernet switch port commands that created the HW VLANs and assigned those to physical ports prior to higher-level definitions I hope that in the future a config migration will...

Thanks for the tip but it didn't work -- Win Box does see the 951 before the config load and stops to see the 951 after the load. I've noticed that the config I'm loading contains "/ip service set winbox disabled=yes", and that should disable WinBox on the router. WinBox is able to sense t...

Hi! I have an operational 751G 2HnD unit with some setting and I've purchased a new 951G 2HnD unit to replace the old one as I need more processing power. Both units are running the latest 6.15 SW I'm trying to achieve a very simple thing -- move the existing configuration from the 751 to the 951 bu...

UPDATE:

Just reconfigured my Mikrotik to provide a WEP network. The results are exactly the same -- the client joins the network, gets the IP address and then fails to communicate completely -- no pings.

Please help

Greetings, I experience a very strange problem: My Mikrotik runs very smoothly for several years now but one of my wireless clients (namely an iHealth wireless scale) fails to operate properly in the WiFi network. It seems to join the network without problems but can't transmit or receive any traffi...

Hi! I had a very similar problem and I managed to find a combination of the settings than worked for me. In my case Port 1 untagged is to go to VLAN 100, Port 1 also can receive tagged frames from VLAN 200. Port 2 is to operate in untagged mode in VLAN 200 The rest of the ports to operate in VLAN 10...

Greetings! I have a RB260GS unit that I've purchased to do some VLAN magic and I've encountered a strange problem. The task was to receive both tagged and untagged frames on a trunk port and do a very basic VLAN operation -- port 1 trunk, port 2 VLAN 200, ports 3-6 default VAN. Every time I configur...