MikroTik

HughPH

Awesome, thanks

My need was just for a number - which is how I came across this post, and not the others.

HughPH

It disappeared again from about 16:15 to about 00:15, disabling & re-enabling the interface didn't make any difference.

HughPH

Neat, thanks! I suppose that could be adapted to derive a number from the generated password - just by using the hex conversion and multiplying up before adding the next value. A lot of it would go away if you just want a 64bit random number. :local hexSrc ([/certificate scep-server otp generate min...

HughPH

How about Perlin Noise? The GLSL for a simplified noise based on Perlin would be float rand(float n){return fract(sin(n) * 43758.5453123);} Obviously we don't have sin so we would need to take an approximation from somewhere. What about Bhaskara I's sine approximation formula? https://en.wikipedia.o...

HughPH

As per subject. I'm using The Dude to keep a log of CQI and RSRP, and graph them, so I can make an objective comparison when switching antenna and changing antenna position (height, location) Today the link went down for a moment, then came back up, but since then CQI has been missing. If I open a t...

HughPH

Immediate desire/need: I have some devices on my network that I would like to limit, and it would be neater to have their MAC addresses in a list such that the Bridge Filter would have a condition called "Src MAC List". This way I could simply add MAC addresses to the list, or remove them,...

HughPH

I had tried all of the above except for the DHCPv6 client being set up to get a prefix. None of it worked, even that. In the end I've just given the modem a 172.16 address and added the port back to the bridge with rules that drop any input or forward for connections that are !(new | established) Th...

HughPH

Many thanks Metod This is about what I'd expect to be true. I have a question firstly about the DHCP client: Is the pool name my local name to which I will refer to the /64 prefix? Or is it something that's known to the DHCP server, and which I would need to find out to correctly configure DHCP clie...

HughPH

Hi, RouterOS people. I would be very grateful for your thoughts on this. No neighbours are discovered, but if I ping something from my laptop, it appears in the Neighbours list with a zero'd out MAC address and the laptop can't get any replies. I CAN traceroute and ping 2000::/3 addresses from my Mi...

HughPH

OK, thanks for that!

I guess I could create two unencrypted tunnels and run OVPN over the asymmetric "line" if I wanted it to be secure.

HughPH

Brilliant, thanks Chris! This seems like exactly what I was looking for.

Bearing in mind my b/w is unlikely to increase from ~25-30Mbps in the foreseeable future, is ipsec overhead really a concern?

Cheers

HughPH

Thanks Bartosz With VDSL being primary, I would get my wish to have inbound traffic only on VDSL. Do you know if I could cleanly force all traffic to use LTE for outgoing? Or would I need to block traffic between the bonding interface and physical interface, and rely on fallback? I imagine that coul...

HughPH

What if I used Broadcast bonding but blocked outbound traffic from the VDSL interface to the bonding interface here, and outbound traffic from the bonding interface to the LTE line at the CHR?

HughPH

I was hoping to leverage the CHR in AWS as a connection aggregation point. Something like:

LTE -> CHR
VDSL -> CHR

CHR -> Rest of World

HughPH

So this might sound a bit mad, but I want to send my outbound traffic through one interface and receive traffic through another interface. I'm using an RB2011. I do have the luxury of a CHR in AWS, and one static IP here. I have two lines, one is VDSL (with static IP), the other is LTE (with dynamic...

HughPH

Yeah, makes sense - thanks! How do packets get routed to fast-path or not?

HughPH

Thanks tr00g33k

Turning off "Allow FastPath" does indeed appear to have solved the problem.

Do you know why this would be the case?

Once again, many thanks for your help with this.

HughPH

I thought I'd solved this, but I haven't. Editing... With prerouting as the chain for your middle command, I got the exact same behaviour as I was seeing previously. (I already had the lookup rule - sorry, forgot to mention it.) I might change back to marking the *connection* and then marking connec...

HughPH

Thanks for the suggestion.

No chain in this one, do you think it should be prerouting or output?

/ip firewall mangle add src-address=10.0.32.1 dst-address=0.0.0.0/0 action=mark-routing new-routing-mark=direct passthrough=yes

HughPH

Thanks for your reply tr00g33k.

The VPN works perfectly, and fast.

The problem I have is with traffic that's NOT going over the VPN - the routing-mark applies to the ISP's gateway.

HughPH

So I've looked at the various tutorials on using routing-mark.and as far as I can see, I've done everything right. I have a VPN connection set up in the Router which uses IPSec. The default route for 0.0.0.0/0 to use the VPN gateway is created automatically (add-default-route=yes in the l2tp-client ...

HughPH

I didn't say I "cannot get it working" - I was limited by time and attention :) Somehow the SSID acquired a space inbetween an uppercase and lowercase character (e.g. "MyRouter" would have become "My Router") - no idea how this happened. Maybe I subconsciously added it ...

HughPH

Having a working downgrade might help too... Why do I need a new netinstall? I expect a lot of people are going to get caught out by this. I should just be able to consider that I'm using Wireless, not have to remember that I'm using a specific package. Even if this was my day job, I probably wouldn...

HughPH

Unfortunately it appears not to be as straightforward as just enabling wireless-cm2.

HughPH

To clarify, I guess the usage of wireless-fp happened when I copied the config. The disappearance is definitely the 6.36 wireless package change.

HughPH

I enabled the package, rebooted and the wlan1 interface reappeared but disabled. I've enabled it, but it's not running. Did this through the terminal, I'll have to set up a port forwarding rule on my AWS CHR to get into Webfig from my current location. Doable, but not in the immediate term.

HughPH

You hit the nail on the head with packages, the router had wireless-fp installed but it's vanished. I guess this happened when I copied the config from a hAP Lite.

HughPH

Firstly, many thanks for your reply and my apologies for the brevity of my initial post.

Sorry, you're right - 6.36!!

I've been using Webfig but I can look in Winbox. No wlan interfaces are listed in /interfaces print, however.

RouterBoard is at v3.33 (latest at time of creation of this thread)

HughPH

RB2011UiAS-2HnD

Upgraded to 3.36, I have no wlan interface and no associated menus.

Also, Downgrade didn't work.

HughPH

I'm going to add to this my personal want: Ability to read more than 4096 bytes from a file. I understand the content property of a file is a string, and that's where the limitation comes from. Perhaps it just needs a binarycontent property that's a byte[]. That could underpin the capacity to read a...

HughPH

Yep, so "Stacking" and/or "Clustering" is really what I meant. You'd need the high-speed interface where you want to, for example, set a master port for an interface on a different router, or include a port (or master port) in a bridge or some other configuration that would neces...

HughPH

Hey, it's just an idea! :) I don't know the architecture of RouterOS, but I could imagine that if the API also drives Webfig and Winbox (which would make sense) then you could quite easily build an aggregation façade to pick up a composite view of the "clustered" environment from any node ...

HughPH

I looked into reading the file and performing the 'transformation' in-line - unfortunately the maximum size of a string is 4096 bytes, and it seems that the only way to get a file's contents is through the contents property of the object (which is a string.) So perhaps I should really be asking for ...

HughPH

I'm not talking about: Interface teaming / bonding, Managing multiple APs, or Connecting to other routers over SSH I'm talking about merging two (or potentially more) physical routers into one logical router, so that all the interfaces appear to be part of one device. The LCD panel on either device,...

HughPH

Thanks, that's what I thought you meant. So I'd still need to perform some transformation from the source.

HughPH

Thanks pe1chl! I obviously haven't read enough of the manual - especially around scripting... It's not immediately obvious how to import an address list, do you mean that I'd need to do what I suggested above, or that there's an inbuilt command? I can't find anything under /ip firewall address-list ...

HughPH

What I mean by Router Teaming is really just that I'd like to "daisychain" two routers, so that one becomes the "Parent" and one becomes the "Child", and they work in tandem and present the same Configuration (which applies to both.) I could then, say, wire two 2011s to...

HughPH

Let's say I want to mitigate attacks on my corporate network, and have a list of IP addresses that come from China. (I operate in the Western Hemisphere only and I'm not concerned about branching out to China at this time.) I would like to be able to load that IP address list from file. (Right now I...

HughPH

Thanks, all.

HughPH

Updated regex, still no joy :( # NAME REGEXP 0 Streaming Content (GET .*\.(webm|mp4|ogg|flv)$) 1 Streaming audio Content-Type: audio 2 Streaming video Content-Type: video

HughPH

Looking at that GET RegEx again, it should also capture any page with "webm" in the name, e.g. "webmail" - I should be able to get that to work by attempting to GET /webmail on any server (e.g. www.amazon.com/webmail) - the server will return an error page, but I will have sent a...

HughPH

Hello, I understand that RouterOS will capture the first n frames / n bytes of a connection and run the RegEx against that data. However, I'm just not getting any results. The problem: I want to identify Streaming Media - so I have the following partial RegExps: GET .*(webm|mp4|ogg) .*Content-Type:....

HughPH

Many thanks ZeroByte - I was sure I was getting "leakage" from the 2nd bridge to the "primary" (default) bridge - but I must be mistaken. The idea is that for traffic to reach the internet, it must always pass through the monitoring device situated between the LAN and ether4 - ev...

HughPH

I seem to have achieved my goal by increasing the path cost to ether2 - but I'm keen to understand if there are better ways to achieve this. (And to understand why this would work at all!)

HughPH

Hi guys, Apologies if this has been asked before. I'm using a hAP Lite, and this is my first RouterOS device. I have played with a Cisco router before now - sadly the ADSL was awful and the WiFi was old, so it just turned into an experience... I want to "wire" wlan1 to ether4 only, so that...

Search found 45 matches