MikroTik

Amm0

IKEv2 is a bit more complex to setup… A bit? Hah! More like 3-10× more complicated, depending. Let's see: What'd I miss? LOL. I'll give 2× more complicated. You can use a PSK and avoid the certs. My comment was based an old hEX, that can offload IPSec encryption, but that is IPSec singular benefit....

Amm0

I'm guessing likely be better off with IPSec using IKEv2 on the older hEX, since IPSec will use hardware encryption. i.e. WireGuard will not be hardware offloaded, so might be slower. Although IKEv2 is a bit more complex to setup than ZeroTier or even WG. One side does need to be enabled with respon...

Amm0

I only have WireShark on one end, so I can't see what is going on at the other end of the EoIP tunnel. This is my first MikroTik project, so I haven't yet figured out how to use Torch ... Q: Can I use Torch to see what is going on in my remote NE location? Sure, you'd do it on the EoIP interface. I...

Amm0

The easiest thing to try is change MTU on the EoIP interface. If it's not 1500, that be worth a try. Now that will cause fragmentation over the VPN, but TiVo UDP packets may be too big to fit when a compressed MTU. You may also want to make sure "Don't Fragment" is unchecked (i.e. allow fr...

Amm0

And this why @anav is suggesting load balancing, since that is something you can do with one router and two ISP. This is theoretically possible, but with a lot of "ifs" and "provided thats". One of the "ifs" be is the 200Mb connections are via PPPoE, because "provi...

Amm0

A few years ago, I created an application to manage our mikrotik devices. It generates a configuration file for each router, based on how the router is modeled in the application, and uses TR069 to get the configuration on the routers themself. After the configuration is pushed to the routers, it a...

Amm0

Could you please elaborate? Why isn't it easy to use? You can click on "Usage" and it will sort by usage. In fairness, it is same as winbox3 which seems to be initial goal. But it ain't a great dialog box for quickly figuring out a channel to use. i.e. - usage should align on the ".&...

Amm0

Both VXLAN and EoIP approaches are covered here:
viewtopic.php?t=180369&hilit=wifiwave2

Amm0

I should have been clearer, in all likelihood using the "monitor once" in a scheduler is a better plan. I was more explaining how it works when NOT using "once"... generally speaking ;). Jokes aside, I don't have any UPS directly connected to a RouterBOARD otherwise I would have ...

Amm0

I don't know if this helps anyone, but I got Traefik to work on an RB1100 (which is actually ARM32) using this image: https://hub.docker.com/_/traefik I have to try this. Thanks Amm0 Yeah it works on RB1100AHx4 and RB5009 for sure. I use it for CORS and automatically renewing LE certs. I should cre...

Amm0

Did you look at Files in winbox, and see a dude.db someplace. If so, you're be in luck... And, one simple possibility is the "disk name", or RouterOS, slot= changed in the upgrade. For example, from disk1/ to sata1/. And the upgrade does not change the dude directory, so it's may be lookin...

Amm0

Load balancing is more effective using all available bandwidth and easier/less complex & straightforward on RouterOS — that's why I pitch it ;)... But your right failover is going to be noticeable since it's connection-based. And "hitless failure" and magic bonding is what Peplink pitc...

Amm0

Remove the "once" and it becomes a ":while (true)" loop, so it will run forever. There is an interval= that control how often the do={} code is run, i.e. 1s or 1m or 1h etc.... You can also make only run for a fixed period like duration=1m. This is useful like in a /system/schedu...

Amm0

The answer I'd like to give is use /zerotier multipath settings to do your desired bonding : https://docs.zerotier.com/multipath/ Sadly that is NOT an option . Since I occasionally use the peplink things... I kinda know how the peplink generally work... Also note there are additional recurring costs...

Amm0

The math is right. Generally MTU being right is a good thing. TCP things adjust themselves, so MTU being right is actually helpful. One side note as MTU get lower from tunnels-in-tunnels... sometimes that effects dumber UDP protocols. For example (& before it get device-lock'ed), if you run a /t...

Amm0

I'll answer myself. It turns out that RouterOS has such a wonderful thing as Netwatch! With it, you can set up host availability monitoring of almost any complexity! Yup, also in 7.16 there is a direct netwatch for type=dns — which make this even simpler: :global primary 172.17.0.2 :global backup 9...

Amm0

I find that if I blindly copy then I am not using my brain, but if I use my brain then I am ignoring the experts -- ugh. Fair enough. Again, it's about the variable types... And specifically the array type, since those are a bit complex. @rextended makes a point the unneeded parenthesis ( ) can get...

Amm0

Block Diagram is available Another strange PoE choice: the PoE-in port is off the switch, a sensible choice for a router-class device, but we then have to ask which ISP modems provide PoE input power? Stretching for a use case, You can use an always use PoE injector between ISP and ether1. i.e. if ...

Amm0

I don't understand the notion of persistent in file. Didn't mean to be confusing, perhaps "saved to a file" be clear. I just meant that your variables you [:serialize to=json] to file, come back as the same str/num/time/array type when you [:deserialize from=json] from same JSON file. And...

Amm0

If your willing to have the data as JSON, the newer [:serialize] makes quick work of this: /file/add name=test.json contents=[:serialize to=json [/system/resource/print as-value] option=json.pretty] For example, the output looks like: :put [:serialize to=json [/system/resource/print as-value] option...

Amm0

Ah, it's was PDF that has the OS bit-ness, it's the website that does not. At least I'm not crazy. On AX Lite it is the same. 64-bit processor with 32-bit OS 64-bit mean memory addressing. So with 256MB of RAM... you can use up more memory storing 64-bit "pointers" when 32-bit would do. I'...

Amm0

AX devices released this year all seem to have 256MB RAM and these IPQ-50xx boards. I'm curious how ZeroTier does on these. The IPQ-40xx in older ac wAP did always seem like a stretch with ZeroTier installed (beyond fitting in 16MB, noticeable on CPU/mem/flows). Since I recall reading ZeroTier does...

Amm0

Even in Winbox4 they still use a proportional font. I know scripting, and I have a difficult time understanding a script in winbox's dialog when the code get "compressed" by the font and [default] shorter line width. So I partially blame the font for folks scripting difficulties ;). ... /s...

Amm0

I've run into this too. It is unfortunate you cannot set IPSec profile along with GRE's ipsec-secret in the GRE config. As @TheCat12 suggests, you can do it manually. One thing to help is use the "ipsec-secret" as you have initially, but a make a copy of "D" dynamic/automatic thi...

Amm0

Even in bypass, you should still be able to use the starlink app (i.e. it resolves "dishy.startlink.com", and dishy always uses 192.168.100.1)*. The app will show drops. I believe visiting 192.168.100.1 in a web browser may do something, but they steer folk to the app these days. Now, If &...

Amm0

There is also the :time command. That actually times an operation in it's command={ # code # } like

:put [:time command={ :delay 1000000000ns }]
00:00:01.001184

Amm0

I think it's the same, or at least I cannot tell. I have both v6 and v7 dudes running, nothing is different and both work. It is actually mixing Dude versions that's actually more of reason not change... if working. The Dude 32-bit client app does an update when you connect to a Dude with different ...

Amm0

I think there are issues in disks... I'm have "raid troubles" in 7.17beta4. Setup is just two identical sata drives, in raid1 config, on RB1100AHx4, with the raid1 volume as the mount (previously formatted ext4, not btfrs). I went back to 7.16, and that did NOT get the disk back either. An...

Amm0

ability to pester those far more knowledgeable One big trick, I think, is using "/system/script/edit <scriptname> source" to use Mikrotik's editor. Unlike Winbox's script editor, it will show red marks if the script is invalid (in realtime in edit). While I like @rextended, I know he uses...

Amm0

:put [:timestamp] # 2859w6d10:50:42.236575187 :put [:tonsec [:timestamp]] # 1729680660992477203 Timestamp is a "time" type since 1/1/1970 epoch. But [:tonsec] get you a "number", with nanoseconds, from any "time" type. To @rextended point... I guess it took 84760ns to ...

Amm0

More specifically are there any negative operational effects of larger image sizes ? And just to put a box around my question... - in the context of RouterOS... not some higher-performance data center use, - understood it would take more download and extract take more time (i.e. 1GB takes more time,...

Amm0

One thing.... I'm curious why @BrateloSlava adds on the Wireguard Peer the Private Key and also the Client Address and DNS as per screenshot he attached on post dated October 20. In my case I have none of them (this fields on my router are blank) and the WireGuard connection in my case works well. ...

Amm0

There are some devices that don't follow rules - totally seen that some devices need netmask explicitly set. And netmask=24 is harmless to rule-following dhcp-clients, they have the same info twice. And I'm not sure the actual value is 0, despite the docs, it is "unset" (now perhaps on som...

Amm0

Does calling a more basic script work from Dude? i.e. one that does not use /tool/fetch or global variables... In this form it works and that's enough for me. Thank you. /tool fetch mode=https url="https://api.pushover.net/1/messages.json" http-method=post http-data="token=axxxxxxx&a...

Amm0

Perhaps I need to revise the documentation, perhaps you will be so kind to be a more specific or give some more hints. I appreciate any feedback - you know, nobody's perfect 8=) Sorry, your docs were good! My comments were more a Mikrotik grip – since just WAY too many steps to add a simple contain...

Amm0

P.S: it seems nearly all of your wishes can already be accomplished by The Dude Why not just improve it [...] i.e. @fifrak #4 answer, some "dashboard" could be relatively simply: i.e. using The Dude's existing device discovery on the defconf LAN 192.168.88.1/whatever, combined with new fe...

Amm0

feature request - While winbox has long shown only the "humanized" Tx/Rx speeds everywhere... I've long wanted to have some option to show "# Xbps" speeds in some "fixed" unit since often 900 kbps looks way to similar to 900 Mbps. i.e. I just want to see 0.900 Mbps ins...

Amm0

Beside update of update RouterOS to the latest version, upgrade also you modem firmware. I had in past also some issues with unstable connection, due to old firmware. And RouterBOOT in /system/routerboard - not sure it changes... but with LTE latest with 3 versions aligning on stable is my strong r...

Amm0

It's not a permissions issue. Well I do not use notification with Dude, so IDK. But I'm not sure your Terminal test is exactly same user context as Dude running a notification. I cannot say for sure, but when Dude run calls RouterOS... that's more similar to netwatch (which uses a *sys user), than ...

Amm0

Yeah #2 just seems like a logic error... and your focus was actually the container MUS container here, not it's base image ;). Re Mosquitto and openrc ... 1.) The error described as "cgroup-error => read-only filesystem": / # rc-update add mosquitto default [...] * WARNING: mosquitto has a...

Amm0

Now I am runing traefik and cloudflared on my arm Mikrotik router. With cloudflare tunnel I don`t need even to open any port on my router. Aknowledgment: https://gero.dev/blog/cloudflared-traefik-docker That's a great approach - traefik is really solid but it's config while flexible is exacting. An...

Amm0

Hi, I have a question, not so much about pushover. I use TheDude and pushover - and it worked perfectly up until version 7.6 - in notifications it was enough to call the function "$pushover message="Service [Probe.Name] on [Device.Name] is now [Service.Status]";" just like other...

Amm0

If you started with QuickSet...
Look in /ip/dhcp-server/networks... if you see an entry for 0.0.0.0... open it and change it 192.168.88.0/24, or the IP subnet (router IP + /24) address of the LAN if not default.

Amm0

If you can throw hardware, I won't worry too much. Especially about SQLite, for several reasons: - UM does cache things (i.e. the "Sent from Cache" stat). - And the users/etc AFAIK are stored in RouterOS config, not the database. From the schema, it looks like mosts tables ("user"...

Amm0

Seems like ship sailed on alternatives. I don't have direct experience with UM.... But my thought be CHR be required for sure. After all, It's just auth requests, not traffic. So how ofter subscribers re-auth'ing? I also don't think there a lot of complex DB operations either. Perhaps few SELECT and...

Amm0

container and run whatever you like. ... as long as someone is there to do the device-mode dance. With the new "changing device-mode on upgrade" scheme here... I hope y'all are mulling how to deal with the device-lock provisioning side. I'd actually like to deploy containers as part of a ...

Amm0

Since I already build schemas for REST API , there is a spin off website that converts `curl` into /tool/fetch so `curl2rsc` spits out: /tool/fetch http-method=post url="https://rocket.example.com/api/v1/chat.postMessage" http-data="{ \"channel\": \"CHANNELID\", \&...

Amm0

You can only send RFC-2136 updates via /tool/dns-update - not forward them. You also still cannot add a PTR type as a static (so while can forward mDNS, but cannot do more basic DNS-SD) - so we're far from a "real" DNS server. And, I'm sure others have their own DNS grips.

Amm0

... or at least an updated list someplace of "known 'good' requests", similar concept to V7 routing engine overview . That allow discussion to be "diffs" – i.e. "Why isn't my feature X on the list?" A public tracking system has the advantage that people can look for sim...

Amm0

Thanks so much. I'll make sure printing from a PC with a manually entered IP works across the VLANs in question first to confirm the routing is working, then I will dig into mDNS.

Great plan. If you have troubles, just post your config.

Amm0

I'm pretty sure on the 5G modems, it's locked down in hardware. Some older modem modems did have occasionally have basic command to do, but even that was not common.

Amm0

The new mDNS repeater in 7.16 is in in /ip/dns via CLI/webbox - it's basic: it will "copy" the multicast mDNS traffic between the interfaces defined. Now... @eabs points out if you have firewall/routing rules that block inter-vlan communications, those have to be adjusted to allow the resu...

Amm0

This is HOTEL Mikrotik, you can never leave!!
Or even a Casino

Casinos also have no clocks, apparently also similar to Mikrotik.

Amm0

Some issue with the band locking seems more likely to me. LTE Band in interface is not some "band preference", it filters other bands from being used. But, if it were a memory leak, that be easy to check /system/resource before rebooting. Now since this seems to happen a regular intervals,...

Amm0

Yeah this is the downside of "band locking"... When you set something like Band 7, it does not "failover" to another band. And tower may be "steering traffic" to use another band if band 7/whatever becomes congested. One thing to do is add a /tool/netwatch using type=ic...

Amm0

What about version v6?
What about version v6?
Is there a video explaining this?

PCC has not changed. So video likely apply. It is ECMP that did between V6 and V7.

Amm0

The issue is probably not the naming but the lack of resources for maintaining separate 2 code trees... It's as folks think Mikrotik just declaring something makes it so. A bug-free version is not solved by nomenclature. There thousands of fix from say 7.12.x to 7.16.1 - each one of those made some...

Amm0

I needed a simple way to manage the reverse proxy server, already tried to check: - nginx - nginx proxy manager - caddy - trafik I liked traefik the most, a more convenient dynamic configuration, and decided to try to expand its capabilities so as not to write configs and add hosts via winbox I tri...

Amm0

The high-level answer is if you just set the distance= the same in /ip/route for the 4 DSL lines (* in V6, add MULTIPLE gateway to same 0.0.0.0 /ip/route), you'll create an ECMP. Traffic is divided by hashes, so it's not quite "equal" (*in 7.16 ECMP can be "more even" with l4 has...

Amm0

Like playing live on some chiptune party over rtpMIDI with furnace :) LOL. And with few Mikrotiks with beepers, you can have a whole orchestra to deal with chords/multitones — be a real party. Just to cover the all the "audio interfaces" of RouterOS, there is also audio input via HTTP ava...

Amm0

Mikrotik+us are in a bit a box... the #1 rules is existing script have to still work - so some inconsistencies" cannot be fixed, since folk may rely on the "wrong" behavior. And also there just are a lot implicit type conversations - since script and config are same system. So as &quo...

Amm0

Is there a way to reed all UserManager User-Statistic Date via one request? At the WinBox, you also get all infos listed. If you have a comma-separated list of .id's that can be used in user-manager/user/monitor - JSON is still a string for .id - but it can take multiple .id's curl -k -u $USER:$PAS...

Amm0

Regardless what forum denizens think... QuickSet should work reliably. And it's useful - instead of visiting 5-10+ dialogs/CLI cmds, you can get a router online with IP and routing in ONE screen. And, the CCR2004-1G-12S+2XS's website suggests as much: The “Improvise. Adapt. Overcome.” mindset can be...

Amm0

Creating support ticket is the most effective tool we have. * with a supout.rif - even if you think the problem is obvious and easily tested... In same PSA category... if someone does try 7.17... then find a problem and downgrades... I'd recommend always generating the supout.rif before downgrade ,...

Amm0

So, in the end, we can say that Alpine adviced the board hAPacX and installed linux for v6, this is why it worked. Yep! The "linux/arm/v6" of hAPac# will limit what you can pull from DockerHub - you'll find way more linux/arm/v7 images on DockerHub since most popular RaspberyPi uses (and ...

Amm0

does anyone know how to get tabs on sub menus, is there a setting I am missing? I see tabs on main menus but not sub menus (eg firewall rule), this is harder to view at a glance as you need to expand each section to see the action for example. Oh you're not missing anything, MT only changed the &qu...

Amm0

FWIW, Alpine Linux has most of the same package as Arch/Ubuntu/etc So your step 1 to 7 steps are exactly the same for most other Linux package offered by Alpine. Basically you just change the "apk add" & /container cmd= changes in your step 8 or 8). :) 8) open terminal on Winbox and op...

Amm0

Installing NR needs quite a lot, about 5 minutes, that's a sign it works slow, for sure not the proper platform for it. The beginning 174MB free RAM (after booting router) can go to low to 58 during the installation, as well about 60 while installing palette, processor can go about 35%, looks that ...

Amm0

But you ain't replacing a keyboard or mixer with :beep anytime soon. Hope I did not sound too serious. Nope. More inspirational. And, I forgot to mention, https://mountainutilities.eu/miditools – since not everyone may have MIDI devices/interfaces – but Midi Tools app can use rtpMIDI. So it is poss...

Amm0

Ps. Feature request: MIDI Drivers for MT! There is always midimonster , which can translate/map MIDI into a bunch of protocols and scripts... The only overlap is MQTT, since both RouterOS and midimonster support it. I have a Behringer XTouch , so ended familar with midimonster. And have MQTT setup ...

Amm0

i somehow stuck here /file get test.html contents /file set test.html contents=[/file get test.html contents; :find "http://"; :pick replace with "https://"] but there is no replace....of course.. :oops: The reason why @normis suggested RouterOS is missing `sed` is that it's a l...

Amm0

This is a decades old issue. Similar discussion/complaints here: https://forum.mikrotik.com/viewtopic.php?t=149315&hilit=tobool The basic logic is 0 is "false", and all other numbers make a bool "true". Provide any other type in a [:tobool] the bool becomes will get you a [:n...

Amm0

no color in the logs ( only black ). +1 - Adding to @TomjNorthIdaho's point... it really does help operationally to quickly spot troubles. i.e. if you see a lot of red when scrolling logs, in just couple seconds ... you know there is an issue. On "colorization needs", I'd add: - Log shoul...

Amm0

FWIW, even with all the ANSI codes... $PIANO, surprising, renders perfectly in WinBox4 beta & new fonts really look nice. Both Dark Mode and Light Mode.

EvenDarkModeWorks.png

RouterOSPlayerPianoUsingBeep.png

Amm0

Note I'm mentioning more "realtime" things.... These do get tricky on what to do... And some of these protocols have built-in mechanism for failover... so using the protocol-specific failover thing be better, than complex RouterOS config. Most traffic is web traffic, generally speaking. So...

Amm0

Separate from jaclaz question, why not consider VRRP as a way to create a seamless connection from the client (lan) perspective, or will not work in your zooom example. ???? VRRP only help if you had TWO routers. And, for example, someone tripping one routers power/other cable, or your doing up upd...

Amm0

1) is masquerade preferrable also on static setup ( because of the way It handles inherently the existing connections in case of failover) The topic is well-described these days: https://help.mikrotik.com/docs/display/ROS/NAT#NAT-Masquerade .. Every time when interface disconnects and/or its IP add...

Amm0

There is an "option 0 or ♾️"... you can just unplug a WAN cable to cause failover.... if distance=1 on 1st WAN & distance=2 on 2nd WAN default routes... This actually the default on LTE devices (dhcp-client on WAN use default-route-distance=1 & LTE APN uses default-route-distance=2...

Amm0

Isnt that partially taken care of by using masquerade on source nat vice action=srcnat ( for a fixed static IP?).. @anav is point is right, masquerade does a lot of heavy-lifting without any more config. IMO, if you want simple... don't mess with connections or trying optimize failover for ALL traf...

Amm0

Well, you are damned right - I break the one-process-one-container rule. [...] Building a lot of different containers for mikrotik in the past, this theory runs as I thought of and makes no trouble at all. I don't disagree with your sentiment. In context of Mikrotik container, the needs are bit dif...

Amm0

Just to complete the visuals of the "bits&bytes", as parsed by [:convert]*, with some added /iot/mqtt/publish's, now the `mqttui` tool view looks nicer: Screenshot 2024-10-09 at 11.25.12 AM.png # publish each parsed value as new MQTT topic, using array key in topic with MQTT value matc...

Amm0

Feel free to ignore the script – it shared since I had it and what I used to test. But kinda I'm out suggestions. You have: - ext4 format on USB - using slash-less paths for root-dir / tmpdir - an image that match the architecture – on hAPac2/3 this may not be easy but we confirmed DockerHub has lin...

Amm0

Here is [unclean] script that installs and removes NodeRed using functions. :global containerImageTag "nodered/node-red:3.1.12-minimal" :global makeContainer do={ :local tag $1 :global containerImageTag :if ([:typeof $tag]!="str") do={ :set tag $containerImageTag } # calc default...

Amm0

Ah... I tried it when this thread started on RB1100AHx4, with is also 32-bit ARM... And I check again, still works using :latest. BUT... RB1100AHx4 processor can use linux/arm/ v7 as the architecture. I believe, and don't have one to check, but the hAP ac 3 needs linux/arm/ v6 (as I that's what's ne...

Amm0

There is more code that wires up MQTT to logging, but since this was a text heavy post. The net result here is a log message with Unicode Emoji's Screenshot 2024-10-08 at 3.50.43 PM.png :global parseMqttJson do={ :local fn $decoder :local msg [:deserialize from=json $1] :set ($msg->"values"...

Amm0

What's new in 7.16 (2024-Sep-20 16:00): *) console - added additional byte-array option to :convert command; *) console - improved :serialize and :deserialize commands and added support for DSV (delimiter separated values) format; What's new in 7.17beta2 (2024-Sep-27 10:07): *) console - added to/f...

Amm0

Beyond formatting the USB on RouterOS, which sounds like you've. And do not reuse the same root-dir name, without make sure is deleted from files .... This does looks like another gotcha with starting "paths with slash". In RouterOS scripts/config, file paths do NOT generally start with wi...

Amm0

Well you would not be the first to want such a function... see 2018 thread: https://forum.mikrotik.com/viewtopic.php?t=131692&hilit=regex+sed#p646804 yes i did, but i thought its possible to change it. So, any ideas? It's not easy, and limited. But you can :find and :pick your way through it... ...

Amm0

And I guess to complete the 7.16/7.17 new scripting commands examples... While above shows new [:serialize to=json $myarray options=json.pretty] ... Mikrotik also added [:serialize] / [:deserialize] to CSV to RouterOS arrays – to me that actually more generically useful than byte-array things (but s...

Amm0

Mikrotik recently add newer to/from= in the still new [:convert] function adding to/from =byte-array, =num, =bit-array-msb, =bit-array-lsb ... so I thought I'd provide an concrete example of using them. The =num is new in 7.17, but think the rest are in 7.16. I have a few Dragino LHG65-E1 and KNOT L...

Amm0

@normis asked a 2nd question here... ========== NEW QUESTION ========== Thank you all for input. New question. What specific features would you like to provision in these controller type of setups. What is your #1 use case , which config is most often needed to apply "en masse" or to multi...

Amm0

I also had [yet] another idea / feature request : "Terminal" window should be dockable – similar to how a browser's "Inspect" window works (or VSCode, etc.). And since we lost "Windows" option on left to see the window list...my terminal windows keep getting lost behind...

Amm0

IDK your OS... but why not exempt *.mikrotik.com in the network settings for the proxy?

Amm0

That's one way of enforcing the spacing requirements for the SFPs.

Amm0

I was going to ask for a feature to be able to ping check in route to any arbitrary address instead of just the gateway, but Amm0's suggestion is even more flexible and would greatly simplify multi-wan setups. That was my original thought too. But realized, you want more than just some check-gatewa...

Amm0

I'm still not sure why using "filename" as variable likely cause the issue. Good to hear, I ended up re-writing half your script so never know if works... . So you're new downloadMib / uploadMib will just round and lose the "after the decimal part", since RouterOS only plain inte...

Amm0

multi-passphrase is not supported for the WPA3-PSK authentication type. WPA3 will never support PPSK as currently implemented. A simple Google query for WPA3 and PPSK will get you all sorts of information from a variety of networking resources. [...] PPSK gets me back to here, WPA3 and alternative ...

Amm0

I'm resuming this discussion after a long time as the project had been put on hold. I was hoping the new [:serialize $array to=dsv delim=","] introduced in v7.16 would help. But it does not like the data from [/user-manager/session/print]. And I thought your issue was not using a [:tostr ...

Amm0

Some kind of warning/reminder would be appropriate.

Yup.

Even if the default config on CHR just had some config to add a "note" would help:

/system/note/set note="Using free license, speed limited to 1Mb/s"

Amm0

And because the array does not have keys (I hope that's the right term), the values in the array are referenced by their position using: $i-># as in: :local currentInterfaceName ($i->0) Correct? Yup. Let me provide a quick example that you can try... And show using "named" array elements ...

Amm0

The A record is not "explicit". It also matches foobar.nas.home.arpa. True. But to @kenzo's point RouterOS is ill-suited to this. Along the "home.arap" A records, it's also very likely SRV and PTR ones too also with ".home.arpa" that escape too. So, theoretically, you ...

Amm0

It seems to me that administrative control over DNS leakage is lacking on RouterOS. That jumped the shark since a client can just use DoH etc... Plus "content filtering" is rapidly moving target...and RouterOS development is not rapid. And they give you some tools, like regex/match-subdom...

Amm0

what could be so f***ed up that you can't fix it from the fully working command line, but you can type "partition activate" command? Not theoretical - related to "downgrade" device mode 3rd party LTE modems breaking after a version upgrade While rare (and good work by LTE folks)...

Amm0

- People who want to know what exactly will happen, and who have not yet read the previous posts. I try to answer them. Using CLI/scripting – say from defconf or netinstall script – how do you check if a particular "device-mode" is activate? All the usual CLI/scripting things cannot get t...

Amm0

Just some clarification, all devices with LTE and WiFI come with default password for at least a year, I think. I have to check for up to date info. I think the last remaining devices with no password are CCR series. and if y'all add eSIM support... you'd have to provision something in config for L...

Amm0

Sure, "interesting case" here, as @optio put... But solution is for @normis/team to update the netinstall and reset-configuration docs to clarify to REMOVE any potential internet source, including SIM cards. So, yes, "what if my SIM is stuck" - you hopefully find this thread. But...

Amm0

is it possible to modify a files which are uploaded into Files in mikrotik routers via cli? I need to change some link inside it. I can access edit it via file edit value-name=contents test.txt but how to change set it there through terminal /file set test.txt contents="Did you want to write s...

Amm0

I think your bigger problem is the newer wifi-qcom / wifi-qcom-ac wi-fi drivers (former is used on hAPax3) ... do not support SNMP data at present. Even if you wanted to use the Dude, it won't work for Wi-Fi stats. Same with Zabbix/etc/etc. You need some source data, and RouterOS does not send any f...

Amm0

/user disable [find where user~"abc123"] there is a different six-digit order of numbers, which is always different on all routers. @rextended is showing using a regular expression with the "~" instead of "=". That is critical here. I don't know what your trying to mat...

Amm0

The better question is why the standard upgrade process does not work... Mikrotik does document the LTE firmware upgrade here: https://help.mikrotik.com/docs/display/ROS/LTE#LTE-Modemfirmwareupgrade So some additional details would help. Likely trying the latest "stable" V7, if not already...

Amm0

device-mode [...] send somebody to unplug it from power ONCE in it's lifetime [...] [...] you guys are adding both fixes and features in RouterOS 7 at a fast, steady pace (for which we are grateful). [...] Switching back to the previous partition gets us back to a known state (version + config) qui...

Amm0

I totally agree. Everything should be handled consistently and users shouldn't have to know all the little exceptions that could lead to serious issues. At the very least, the documentation should have clear warnings about these risks. Basically anything that appears on the right-side "Actions...

Amm0

I think the FUD is a bit overblown. There is nothing to worry about a SIM being in a new unit with factory defaults. The default firewall will protect you and all LTE devices come with a firewall. And on newer AX things, there not a lot of reasons for netinstall, less so in starting from empty confi...

Amm0

This is the 100th post in this thread! :D (The Amm0 's one... ;) ) Well, in honor of my 4,000th post (at time of writing), I decided to follow @ rextended's lead in consolidation. While back, I created a GitHub org called TIKOCI - https://github.com/tikoci - with that idea, but never got to the con...

Amm0

Oh you should file a bug report. The "reset-counters" should handle the case there is a find & it's nothing.

Just because it's explainable, does mean it makes sense.

Amm0

($var->"val") != "<> ~> => " Sorry to hijack your thread - this was a duplicated post originally used to test forum's phpBB: [ font = 'JetBrains Mono' ]some->text[ / font ] worked (without spaces) In Chrome, with JetBrain Mono loaded, it does. Safari, no.

Amm0

Good news. I didn't think it was very heavy-weight - but worth testing. FWIW, `top` inside the container may not be the best test, since, I think, memory includes all user available memory, excluding kernel. While the RouterOS values include both. But I'm not 100%... Your stop/start test, and math, ...

Amm0

I have posted further updates to the manual, so all your Device mode questions should be answered in there . https://help.mikrotik.com/docs/display/ROS/Device-mode Similar question... under "bandwidth-test" ... it does not discuss /tool/speed-test. I guess it's not included if one believe...

Amm0

- return ESC shortcut to close sub windows I like the ESC to close — but my issue is that is closes dialogs that are dirty (have changes, but no "apply"). ESC should not close a dialog if it causes data loss . Perhaps it could prompt to apply it before closing would work too. But right no...

Amm0

The scripting, and the concepts behind it, are way beyond me, but I am curious what this script does? What problem does it solve? OP uses an array to define what config to later do wrt to interfaces. Mikrotik @dru has a video on arrays here: https://www.youtube.com/watch?v=eWCJw0uZ-lE To summarize,...

Amm0

So it is not a quirk of the find command in itsellf, but rather a "wrong implied default" of "all" in the command /ip hotspot user reset-counters? That's what I'm suggesting: it's the command's logic, not find's logic at issue. A zero-length list is NOT nil/[:nothing], so reset-...

Amm0

Now I get it. I ain't arguing this is great. But it's rational. /ip/hotspot/user/reset-counters has some trickier logic... here "numbers=" attribute is optional . And numbers= is actual name of attribute used by the unnamed arg used by [find name=a]. So "reset-counter" already as...

Amm0

It may be permissions (fetch specifically, see docs on /system/script). One tip in scheduler you can use just "on-event=ScheduleDynDNS" to run a script, without the /system/script/run part. Another approach is /ip/cloud – that avoid scripting. You can use CNAME at in your hosted DNS, to ke...

Amm0

No. [find] mean "all". It's a filter, so if you don't apply any filters like name="a" to match, the default is return all. Otherwise, the would be no way to express "find everything". You can test find by using it standalone: :put [/ip hotspot user find name=a] *29 :put...

Amm0

It's a list of lists, so index es are just the numbers, wrapped in (). So... ($interfaceConfigs->0->1) would be 52821 Notes: - Do not use ($interfaceConfig->"1") as that will not work in the case, plain numbers for a list. The ($array->"1") syntax - with quotes - is for map array...

Amm0

NOT a fully tested script, only the needed info and the commands I used manually. I can offer a self-service solution to building them.... FWIW, you/anyone to rebuild the image using any script with GitHub running it using "GitHub Actions". Basically, the steps to "Creating your own ...

Amm0

Why no SFP+ port (or two)?

My guess: the additional heat from SFPs requires fan/more complex cooling. See CRS304 (plastic) vs CRS305 (metal).
(& reason alone for the nomenclature variance IMO)

Amm0

So it seems that when you try to setup partitions while not having that device-mode option set, it just corrupts the device? That is even worse than being unable to switch partitions after upgrade... That be my take. I only went down the rabbit hole since the RB1100 had a physical serial port. Clea...

Amm0

feature request - Support Apple Passwords/Keychain/Secure Enclave to store RouterOS username/passwords Since we now have a native app, it be nice if I could read/store the RouterOS creds with all my other passwords in the Keychain used by iOS/MacOS. To me, this is more secure, than some encrypted f...

Amm0

@pe1chl, I kinda figured that, since you can see those options in /partition – I just played dumb, and followed winbox... it wanted asked to reboot, so I just said yes & wanted to see what happen. And, I confirmed it was running the matching firmware before doing this too. But after reboot, I co...

Amm0

I sure hope there will be a clear explanation of what happens to existing devices that use those features, for all reasonable existing device-mode settings. On my test RB1100AHx4 with 7.17beta2, it showed partitioning menu (with device-mode showing "mode: advanced" and container=yes"...

Amm0

From what I’ve seen, creating a skin through WebFig first, then using that folder for your uploads, seems to be the workaround. I've also run into similar problems where SCP alone didn’t cut it. That's the best advice: let webfig create it first. Especially if you have an older router, I'm not 100%...

Amm0

Just registered to say thank you for sharing this! Thanks! I recently created a Postman "code generator" to convert a Postman Request JSON, into the right /tool/fetch. I'm still working on it & Postman needs to accept it. But the project would allow RouterOS /tool/fetch "code sni...

Amm0

BY the way I'm curious how you modified settings.json having only NR, on settings it doesn't seem possible. Maybe you used NR nodes to open and edit file? Regular Docker allows you do a -p 80:1880 to map port..,so the node-red image assumes that how to re-map ports. Now, some/most containers let yo...

Amm0

Question is: Can I modify the value of the remote-address of my IPIPv6 from the same script? First thought that PUTting /interface ipipv6 ipipv6-DGN remote-address=$AFTRname would work, but nay... I think you're missing a "set" in your command: /interface ipipv6 set ipipv6-DGN remote-addr...

Amm0

In the other topic Amm0 wrote about https and certificates, I suppose they may be useful for the DNS purpose he focused to solve, is it correct? About NR interface is just necessary to work with http, it's fine. Correct, HTTPS was strictly needed in the "poor-man's" captive portal NodeRED...

Amm0

If the DNS server run by RouterOS has two /ip/dns/static records (in that order): nas.home.arpa A 192.168.1.101 *.home.arpa$ NXDOMAIN Then, per my understanding of the docs, client’s request for nas.home.arpa is going to match [2]. Am i wrong? Yes, you're wrong. The regex entry matches instead. FWI...

Amm0

Basically I agree with @sindy: I would expect gentlemen in Riga to provide either "BIOS CHR" and "UEFI CHR" images or a "universal CHR" image off the shelf rather than offloading that task to volunteers. [...] so a UEFI boot in a hosting is not a niche case any more. Tw...

Amm0

Somehow, I would expect gentlemen in Riga to provide either "BIOS CHR" and "UEFI CHR" images or a "universal CHR" image off the shelf rather than offloading that task to volunteers. [...] Yeah that was my point to @jaclaz – Mikrotik should fix the UEFI & they'd kno...

Amm0

I have not studied @jonte's Splunk scripts, so bit blind on what they might capture. Fundamentally, the logging system has some limits - which @jonte/others have cataloged. The one trick logging does have is adding more/"duplicate" /system/logging/actions (and use them for different subset...

Amm0

@jaclaz, I wouldn't get too crazy. The 2-3 cases of AppleVZ, Vultr, and potentially "Gen2" Hyper-V. And I do kinda think it be better to use the official Mikrotik ones if at all possible & those do work on BIOS system. So the fact these are EUFI only is kinda a safety net. Plus, there ...

Amm0

Tried also with NVMe interface, I'm running also Debian arm64 with Apple Virtualization and it requires NVMe to avoid FS corruption, unfortunately for ROS boot same result. Well we tried. There not a lot options to tweak, and I'd image the issue with AppleVM + CHR + ARM64 isn't partitioning. Thanks!

Amm0

Fair enough, it on the Alpine mirror list (https://mirrors.alpinelinux.org). The docs use "dl-cdn.alpinelinux.org", so the complex DNS name caught me off guard. Now you violating the core Docker philosophy with openrc (i.e. one container, one thing) ;). But I'm not such a purist. Especiall...

Amm0

Since I have it running on Intel mac, on arm mac was just POC tryout. Yeah same boat, I have 2019 MacBook Pro with Intel i9. Since I do deal with [Intel] VMs enough, I didn't want to mess with Rosetta ;). The only thing else to try for UTM+Apple+ARM64 be checking the "Use NVMe"box – that ...

Amm0

And in this post, there are the CLI commands for upgrading LTE things:
viewtopic.php?t=199087&hilit=band+66#p1025119

Amm0

No luck, same issue as with my modifications on image. com.apple.Virtualization.VirtualMachine stuck on 400% cpu, it seems loop, no output on serial console or display. Remove the display – that does not work in UTM+Apple. It's serial only on X86, so imagine it's the same on ARM64. I think Apple us...

Amm0

Good news. Sorry if I sounded short, but 7.5 was just a bad idea. And totally get it was some Mikrotik that who somehow broke it, to require the roof + netinstall. And, clearly MT should remove that "7.5" reference (or update the page so highlight that someone re-confirmed it ;) ) to avoid...

Amm0

Test them both using Apple Virtualization (in UTM and Swift Playground), so they generally work. Tested on mac with arm64 or x86_64 arch? Since I'm running the CHR superstore, I built an ARM64 image with the FAT modification for 7.17beta2: https://github.com/tikoci/fat-chr/releases/tag/Build1108629...

Amm0

This has gotten silly. I don't know what to tell you. You should run latest LTE firmware, RouterBOOT and RouterOS to start and troubleshoot any issues from there. FWIW... now you've likely downgraded the RouterBOOT firmware to 7.5. And if there was somehow fix for netinstall in the firmware between ...

Amm0

Netinstall problems are rare. Well, other than not be able to run it because of OS security block DHCP/TFTP (aka windows), or doing the "reset button dance" incorrectly. More relevant than "factory-*" version, at least to netinstall, is current-firmware= in /system/routerboard. T...

Amm0

@jaclaz, you're the boss - 7.17.beta2 mangled using your gdisk magic made Vultr happy. And I rebuilt the 7.15.3 and 7.16 images to use/default to the @jaclaz variant on GitHub: 7.15.3 - https://github.com/tikoci/fat-chr/releases/tag/Build11085737402-jaclaz 7.16 - https://github.com/tikoci/fat-chr/r...

Amm0

I'd netinstall 7.16, and try that. Based on what? The manual is clear - 7.5. What is there to try? Well... a decade of knowing Mikrotik is not great at updating documentation. And, you have a pretty locked down router, so if you have security needs... there no security patches/hotfixes/etc in older...

Amm0

Nifty work. But is there a reason you're not using the Alpine CDN URLs? In Dockerfile, RUN echo 'https://ftp.halifax.rwth-aachen.de/alpine/v3.20/main/' >> /etc/apk/repositories \ && echo 'https://ftp.halifax.rwth-aachen.de/alpine/v3.20/community' >> /etc/apk/repositories \ && apk add...

Amm0

I'd netinstall 7.16, and try that. If there was some security patch, you'd be force to upgrade form 7.5 anyway & have these same troubles (except it could be potentially be back on roof) . If you troubleshoot 7.16 while it NOT on the pole, you'd be better set for future updates. And, importantly...

Amm0

No need to have the vlan interfaces created on the ethernet interface, just one pppoe-server specifying all the vlan id where it could work and applied on the ethernet interface. What if I want that one specific vlan on a range operates on a different profile? What if I want that one specific vlan ...

Amm0

Few notes here since this whole 16MB flash comes up in my world... - The only thing that truly cleans things is doing netinstall. And, if want to run wifi-qcom-ac, IMO, you should go through the trouble of netinstall. - The amount of free space even if clean can still vary because not everyone is go...

Amm0

I think ChatGPT has already had too many drinks.

Let me know how well that works out for you. Dude's permissions follow Winbox permission, and that level of granularity isn't possible. If not, please let me know.

Amm0

fetch is a log topic, so first thing you want to do is enable that in /system/logging! You may need to add !raw - as it can log too much! e.g. Here is 301 Redirect "hard failure" in 7.17 shown in logs: 2024-09-27 17:41:08 fetch,debug Download from https://wttr.in/@mikrotik.com?format=4 to ...

Amm0

You should look at webfig, but I just tried to do this & the SVG with Dude map in webfig is NOT controllable by skins... But a skin can limit what a user would see to just all maps. It them seeing only one map that be a problem.

Amm0

Must've just been a fluke one off, that severely angered me. Back to using Winbox4 beta... FWIW, if that's in some scheduled script, I'd add some "... print" before remove - just possibly prevent stale/in-flight config/realtime data from being used (i.e. kinda like F5 in winbox gets a ref...

Amm0

Not in the Dude, basically there is database & user has either read/write or read. It's policy system is even worse the RouterOS... But... if it's just the maps or a map... One approach is to use webfig to show them . While webfig [unforentely] does not show very much from the dude, it would sho...

Amm0

Looks mostly right from a quick read. I'd make sure the VRRP in the same interface-list as the VLAN is, since traffic go in/out of VRRP directly (which might not be treated same as VLAN depending on specific FW rules). Now its queuing strategy could use some work IMO. But I'm not the expert & so...

Amm0

You can have a couple of .home.arpa records in the DNS and at the end a *.home.arpa$ record with NXDOMAIN. From the docs : [...] In case an entry does not conform with DNS naming standards I never tried that, but doesn't that mean all *.home.arpa recrods going to be effectively NXDOMAIN'd? Oh the a...

Amm0

The width of the current terminal does affect how many columns it outputs.... sure it ain't that? Very sure Hmm, I couldn't repo in 7.17beta, RB1100AHx, WinBox4 terminal: routing/route/print where afi~"ip6" Flags: U - UNREACHABLE, A - ACTIVE; c - CONNECT, d - DHCP; H - HW-OFFLOADED; B - B...

Amm0

as soon as Sindy will be able to (hopefully) report success in the environment(s) he uses, the matter should be pseudo-solved. Sorry, it was neither soon nor 100% success. Both the pre-cooked images from @Amm0 I've tried, i.e. chr-7.16.uefi-fat.raw and chr-7.16.uefi-fat-kriszos.raw, [...] neither o...

Amm0

Ran the 3 image scripts (jaclaz, kriszos, no-gdisk) again with 7.17beta2. Same as 7.16, kriszos script fails in middle because of the "overlap", the other two work. @jaclaz's gdisk script gets to "The operation has completed successfully.". Apple requires only FAT, so all three w...

Amm0

On the stats from 7.16 to 7.17beta2, there are +74 new commands and +803 new attributes (although the "group-by" gins up the numbers since that in a lot of places ;)) *) zerotier - upgraded to version 1.14.0; +1 +½ There are also newer options in ZeroTier too that are not exposed... yet? ...

Amm0

subtle usability - show new package download like the winbox upgrade in top bar In the WinBox4 scheme, the new System>Packages dialog is actually more confusing IMO. Perhaps I'm dumb, but actually I keep hitting OK instead of hitting the action button. I get this follows the new scheme, but winbox3...

Amm0

on 7.16 and above > routing/route/print where afi=l2vpn Flags: H - HW-OFFLOADED Columns: DST-ADDRESS, AFI DST-ADDRESS AFI before 7.16 > routing/route/print where afi=l2vpn Flags: U - UNREACHABLE, A - ACTIVE; b - BGP; H - HW-OFFLOADED; + - ECMP Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TA...

Amm0

As I said, I use only SSH to connect to any of the routers and all other methods were intentionally disabled for security reasons.

Gotcha. Well, then it's getting it off the roof/tower to reset it one way or another.

I'll note at some level, you can get too crazy locking these down...

Amm0

Okay, I have no idea now. Make sure to include the supout.rif in your support case, as that has logs/config for them.

Amm0

I just try this example and does't seem to work... i just use: "usb2-part1/debian/container1"

For some weird reason the alpine image works...

What partitioning is used on the usb2-part1? If it's FAT you'd want to keep the names shorter. And if FAT, maybe use an ext4 partition.

Amm0

That seems like good news — If you can get into the ATL via ssh and 192.168.188.1 - there is no need for going to mast. No, it's the opposite. Quoting myself: I can't ping anything (even the gateway), I can't SSH to the gateway. And you tried winbox to see if shows up as "Neighbor" with M...

Amm0

In simplier terms, root-dir= is the file name for the container image so it has to be unique. Despite having "-dir" in the name. No slash at start or end!

Amm0

I really would try in the form "root-dir=usb1-part1/some-new-name" from CLI

And make sure you're using the "mount point" shown in "/disk print" (which may not be usb1-part1 in my example).

Amm0

Hmm, if you don't have a preceding slash. Just make sure to pick a new name - I'm not sure what happens if you have had an image file already at the same name. Also keep in mind despite the name "root-dir=", it's actually the name of the container, not a directory to use. So if you keep pi...

Amm0

After upgrade to 7.17beta2, my RB1100AHx4 test router upgraded no problem. However...a ROSE RAID "disk" did not mount. ROSE-not-working-v7.17beta2.png I rebooted and still did not mount. I removed the RAID "disk", and re-added it again, still did not work. I disabled/renabled the...

Amm0

Good grief! Who memorizes ip's? Feature request - resolve DNS name in ALL fields that require an IP or IPv6 address There are a few place where WinBox3 does take a DNS and will resolve it to IP inside of winbox (i.e. where the CLI/APIs want an "ip"/"ipv6" type). Perhaps some con...

Amm0

Well, it annoying and wrong. But I suspect you just need to use "root-dir=usb1-part1/debian-root" — without a leading "/". The mounts don't care about a leading slash, but for some reason root-dir= in main container does. This, I think, is a historic artifact, but CLI never like ...

Amm0

Sorry I was finishing my thread since I like to keep the options together ;). Reading your response. That seems like good news — If you can get into the ATL via ssh and 192.168.188.1 - there is no need for going to mast. Next question be is the LTE connection working, since something there go wrong ...

Amm0

Anyway RouterOS has lots of options to do avoid a netinstall. Just to complete the thread... If you do get to needing a netinstall... you can run it as a container on the hAP. See https://hub.docker.com/r/ammo74/netinstall - this avoid all the setup required on Windows for netinstall Netinstall on ...

Amm0

Also, since I think you have a hAP... this won't help now... but if you enable RoMON & the hAP was on same network as ATL, then RoMON be able to get into ATL via the hAP. It does require using winbox, where you connect to romon on the hAP, and assuming romon was enabled on ATL, winbox then show ...

Amm0

I guess I'm confused. Are you not able to get in after upgrade? Or does it just not work for LTE after upgrade? To clarify my earlier answer: Or is anyone using remote/difficult-to-reach-physically devices doomed to such issues? As noted, the "winbox" client app using ethernet(layer2) so e...

Amm0

And in recent V7... this would be much easier with [:convert]'s byte-array and bit-array-msb/lsb but I know you got V6.

Amm0

Now I see where the "string with 10101" OR needs come up in from your other thread. FWIW, if you control what being sent...you can make your parsing on the RouterOS easier. The printf % stuff is pretty flexible, so you can do stuff like add a "0x" with leading zeros (%#010x) or j...

Amm0

Without any concrete needs/use, are all useless.

See viewtopic.php?t=211251

Amm0

Another newsletter, and still looking some new products in your nifty "half rack, half U" form form factor(RB5009/L009/...) – like a PoE switch or SFP-only RB5xxxx (to interconnect with other RB5009s in a rack). - CRS304 10G Ethernet switch (no modules needed!) That is a nifty device. But ...

Amm0

Are you using winbox? Assuming you have the defaults, you should be able to get in via its MAC, not IP, address in the WinBox app from the LAN side of the router. If you can get in, look at the Logs & do an :export at Terminal and paste those here if you'd like. If Winbox with MAC address does N...

Amm0

Abandoning Winbox 4 [...] I issued a command to delete an address list, [...] Command: /ip firewall address-list remove [find list=z-blocklist_FireHOL_L1 dynamic=yes] This means that beta releases of Winbox should not be used to manage remote devices/systems. Hold on. If you enter a command into th...

Amm0

It has to be at the end of what returned to RouterOS from your device's serial. The "OK" mean command is done/finished to that what trigger at-chat to put the data from input= to the OK into the variable. sprintf(&UART0.TX, "A%d \r\nOK\r\n" , PA4.VALUE) should work... the lin...

Amm0

Please tell me, Amm0! Do you not know how the support for AT commands works? I mean, how should the device accessed by the ppp-out interface return the data so that it is "correctly" returned by the interface? I'll explain. There is a programmable version of the device that I described he...

Amm0

Unfortunately, the module does not support the AT exchange format, so we cannot receive data from the input lines of the module, but we can control the digital outputs by setting their state to "1" or "0". If you connect a relay block to them, you can control low-voltage or high...

Amm0

That would help to create a versatile desktop file. On .desktop file topic for Debian/Ubuntu... some SVG version of the WinBox icon be nice (winbox.svg). That allow `/usr/share/icons/hicolor/scalable/apps` to be used and keep the icon "pretty". (and @eworm know if SVG icon help for Arch)

Amm0

i have an issue with winbox 4vb8... i can not start winbox. I see it in the processes but the windows of winbox is not starting.. any hints/tipps?

OS / version give more clues... Did it work in previous beta before?

Amm0

It's the "docker build" vs "docker buildx". I'm not sure Mikrotik's Pi-Hole building instructions are right for recent RouterOS. Since GitHub will build Docker images for free for public projects... I just use their "GitHub Actions" to deal with the docker stuff. Works ...

Amm0

I have a 20 year old one in a HDHomeRun box. I'm going to have to bring that out, these HDHomeRun come up every month in the forum. But that won't help, since I think it's the "firewall" in your diagram. i.e. your PDF shows a firewall & broadcast do not go through a firewall: HDHomeRun...

Amm0

FWIW, docs on winbox suggest: "WinBox uses AES128-CBC-SHA as an encryption algorithm (requires WinBox version 3.14 or above)." So hard to know... But IMO dude/winbox protocol should NEVER run over internet (outside a VPN). The dude/winbox/routeros login password should be encrypted... but ...

Amm0

If you do "Upgrade" it just downloads the packages AFAIK, so a reboot of the device is what's needed get the applied. If you use "Force Upgrade" that will cause it be applied. AFAIK, you do need all of the package, including any extra-packages in same folder (assuming your device...

Amm0

If you disable/re-enable the dude in winbox, does that fix it?

You can try to do a "/dude/vacuum-db" to see if that fixes it or gets an error.

Amm0

Post your config. It really should work if on the same LAN subnet.

Is it possible that the cisco switch is blocking broadcast to/from Mikrotik? You'd need add a bridge filter rule to actually block broadcast on RouterOS side.

Are we talking SwOS or RouterOS?

Search found 4560 matches