Feature requests

Tue Oct 19, 2010 3:24 pm

Some features have already been requested before, to better manage this, you can register on the Wiki and cast your vote there:

http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Of course, in addition, it would be great if you also posted a message here, explaining why you need that particular feature. And as usual - search before you post, maybe a topic exists already.

adrianatkins · Tue Oct 19, 2010 10:54 pm

Features ? ROS got more than enough already for the Class it is in.

omidkosari · Wed Oct 20, 2010 11:39 am

http://forum.mikrotik.com/viewtopic.php?f=2&t=43809 feature request for feature request itself

adrianatkins · Thu Oct 21, 2010 10:34 pm

A super cool thing would be for the Mikrotik to detect what it's lacking, based on how much fannying around the admin user is doing (and how often) and automatically send that info to MT so they can automatically include a new feature to do whatever the admin was doing all that time.

Auto feature request basically.

Beccara · Thu Oct 21, 2010 11:21 pm

so your asking for A.I? Dont you have something better to do than troll a router manufactures forum?

dolphinik1 · Fri Oct 22, 2010 10:51 pm

Replace racoon with openswan. With racoon ipsec on mikrotik are poooooooor.

adrianatkins · Fri Oct 22, 2010 11:28 pm

something better to do than troll a router manufactures forum?

Is there anything better ?

Maybe i need to get out more.

fewi · Fri Oct 22, 2010 11:37 pm

Replace racoon with openswan. With racoon ipsec on mikrotik are poooooooor.

I'm not sure it's the implementation. Some algorithms seem to perform poorly, though. Look at this: http://forum.mikrotik.com/viewtopic.php ... 78#p228478

Sun Oct 24, 2010 1:06 am

After DHCPv6 and finishing the other ipv6 features Mikrotik need to give IPSEC on their platform some serious love. Virtual Tunnel Interface PLEASE!!! We need this for meshed IPSEC tunnels with OSPF, it allows a true "shortest path" to the site the traffic is destined for, which is quite important for VoIP.
As an added bonus, it makes IPSEC much simpler as you do not need to have policies to encrypt the traffic, just create a route via the VTI and bingo the policy is automatically created.

This is the 3rd most popular feature request on http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests with 12 votes.

Also, as I have suggested before on the forums and via email to support (Ticket#2010072966000194), replacing VRRP with true High Availability (config sync, session failover) would be fantastic.

void · Mon Oct 25, 2010 1:59 pm

Normis,

Does this mean that Mikrotik will commit to implement the most x requested features or do we just filll in that page for fun ?

Mon Oct 25, 2010 2:00 pm

no, the list does not influence our priorities, just gives us ideas about what people want to see.

Solaris · Mon Oct 25, 2010 11:23 pm

Hmm, isn't this method quite hard to read ? what do you think of this : http://feedback.unity3d.com/forums/15792-unity , user can discuss the importance of such request, admin/mod can add status(under review, completed) of the feature, i think it just easy for mikrotik to use this as doesn't need to cross references each discussion into 1 which will be big 1 thread, just quite hard to track imho,
user also locked at 10 points max for each account, and max 3 points vote for each feature request, sure it's easy to create clone account but i think it's possible to prevent this by verified customer before registration with specific mikrotik key or other verification method, just my opinion, regards.

The service provider for this feature is : http://uservoice.com

Beccara · Tue Oct 26, 2010 3:29 am

Heh, Next you'll want a bug tracker like almost every other vendor out there has where we can submit bugs and have other users confirm it and have MT update us on it!

Trezona · Tue Oct 26, 2010 12:04 pm

Hello,

Would it be possible to reset the counters individually in the Interface list?

The only way i can do this at the moment is to reboot the mikrotik device...

Thanks.

xxiii · Tue Oct 26, 2010 8:23 pm

Here is what I just created under existing features:

Add configuration options to ping-watchdog to specify how many pings should be performed and how far apart before triggering a reboot. This can help avoid false positives when another node along the route reboots and doesn't get routing back up in time to satisfy the ping watchdog, and will let people taylor the ping watchdog to their needs (reboot immediately if things look broke, or, wait a little while and see if things work out).
-- xxiii 17:04, 26 October 2010 (UTC)

We have a lot of routers in remote locations, and use the ping watchdog to reboot them as a last resort in case we can't mac-telnet to them from a neighbor or whatever, or a human can't get to them in a reasonable time to figure out whats wrong, but we would prefer to be able to specify that they wait 10 or 15 minutes before rebooting themselves, or at least 4 minutes, so an upstream router can finish rebooting before triggering a cascade of reboots, or a reroute can occur whose detection and implementation didn't quite occur fast enough for the current ping watchdog.

The current settings let you delay when the watchdog starts, but give you no control once its running.

We'd like something like:
wait 5 minutes.
send a burst of 3 pings, 2 seconds apart, if all lost, wait 5 minutes.
send another burst of 3 pings, if all lost, wait 5 minutes,
send another burst of 3 pings, if all lost, reboot.
Any successful ping response restarts from the beginning. (or perhaps if at least 2 of the 3 are successful or something like that).

oeyre · Wed Oct 27, 2010 10:12 am

Just added this to the wiki...

I would like to see some more options when dealing with ordered lists. Particularly when new rules pop up at the bottom of a firewall config which is several hundred items, it is extremely time consuming to position them where they need to be.

Would be good if there could be additional options (and hotkeys) for items in ordered lists such as: send to top, send to bottom, up one, down one, up page & down page

oeyre · Wed Oct 27, 2010 10:52 am

I have also put in a request to throttle MAC addresses making excessive PPPoE connection attempts to prevent the router or RADIUS server from being overloaded.

omidkosari · Wed Oct 27, 2010 10:54 am

Just added this to the wiki...

I would like to see some more options when dealing with ordered lists. Particularly when new rules pop up at the bottom of a firewall config which is several hundred items, it is extremely time consuming to position them where they need to be.

Would be good if there could be additional options (and hotkeys) for items in ordered lists such as: send to top, send to bottom, up one, down one, up page & down page

http://forum.mikrotik.com/viewtopic.php?f=2&t=43809

I think it is time to start official mikrotik idea bank like http://brainstorm.ubuntu.com/ or http://ideabank.opendns.com/ . most of community driven projects have something to say your idea and vote .
The software is free , opensource , secure and simple to install and use at this address http://www.ideatorrent.org/ which used by Ubuntu.
And the old way to edit the wiki is not good way

Solaris · Wed Oct 27, 2010 6:29 pm

Heh, Next you'll want a bug tracker like almost every other vendor out there has where we can submit bugs and have other users confirm it and have MT update us on it!

I am just saying

, look back at this thread couple months from now on, it will filled with many post from many different kind of feature request, example post 11-20 discussing about feature request A, post 21-35 discussing about Feature request D, in the post 36 a new user starting again discussing about feature request A, won't be a mess? hard to track which user talk which topic, sure won't be problem for 1-5 point of feature request, what if the feature request growing into 30+

, could be 1 giant huge thread with 1000 post on it, imagine you haven't visit mikrotik forum for couple months and spending time to thread 1000 post

, search would be useful but it's not helpful for non-narrative jumping feature request discussion, imho it just not efficient.

Or another solution would be make a sticky thread in this forum with links into specific feature request dicussion, i mean for each feature request it has it's own thread but the thread will have a special tag like "[Feature-Request]Topic/Thread Name", so in that thread it would have many links to the thread, and in the wiki of course mentioned about this indexing thread. The downside of this solution is atleast mikrotik forum moderator need spend time to edit the indexing thread and manage(merge,move,delete) the new user thread about feature request, while the uservoice or other service alike is all automatic, it's a offshore hosting, separated from forum user database, the downside just user need to re-register on that uservoice.

No i don't want that bugzilla like bug indexing, it just too complicated for me and so far mikrotik just works excellence in my simple setup but i don't know about other expert/senior user who might need this. Easiest solution for tracking bug would like i've said above, special tagging or sub-forum , the downside still the same, need extra work from mod to manage new thread by lazy people who lazy to search.

dssmiktik · Thu Oct 28, 2010 5:57 am

I don't think this particular post is meant to be a discussion on feature requests particular, but a notice of where people may find the place to go and submit requests (aka. the Wiki page).

oeyre · Fri Oct 29, 2010 8:08 am

Added another request: logging of interface status changes.

Rough example: 29 Oct 2010 16:02 +10:00 Interface ether1 changed from no link to connected 100/full (auto)

This is extremely useful in other managed switches so that you can see if a particular device is losing physical connection or changing speed/duplex for no good reason.

Fri Oct 29, 2010 8:11 am

Added another request: logging of interface status changes.

Rough example: 29 Oct 2010 16:02 +10:00 Interface ether1 changed from no link to connected 100/full (auto)

This is extremely useful in other managed switches so that you can see if a particular device is losing physical connection or changing speed/duplex for no good reason.

We already have that in RC2

oeyre · Fri Oct 29, 2010 8:13 am

Added another request: logging of interface status changes.

Rough example: 29 Oct 2010 16:02 +10:00 Interface ether1 changed from no link to connected 100/full (auto)

This is extremely useful in other managed switches so that you can see if a particular device is losing physical connection or changing speed/duplex for no good reason.
We already have that in RC2

Good stuff!

Apologies for the duplicate, but did not see this anywhere in the changelog.

mattx86 · Fri Oct 29, 2010 1:10 pm

I posted about it in the 5.0rc2 thread, but, it seems its simple in what it logs (up/down status without speed and duplex).

Edit: Actually, would I have to make logging more verbose, perhaps, in order to get speed/duplex logged?

Fri Oct 29, 2010 1:17 pm

in what cases does your link speed change without unplugging the cable? is it really so often that you need special log entry?

mattx86 · Fri Oct 29, 2010 1:28 pm

Er, not without unplugging. I mean when I unplug the cable and plug it back in.

On 5.0rc2 on RB532 (mipsle), this is all I get by default (no speed+duplex info logged; only down/up status):

/log print
...
10:12:18 interface,info ether3 link down
10:12:22 interface,info ether3 link up

If there is a way to get it to show the speed and duplex, I'm not sure how to do it at the moment.

Chupaka · Fri Oct 29, 2010 2:19 pm

yep, it would be nice... like on managed switches:

2010-10-27 22:25:28 INFO(6) Port 3 link up, 1000Mbps FULL duplex
2010-10-27 22:25:01 INFO(6) Port 3 link down

oeyre · Fri Oct 29, 2010 4:39 pm

in what cases does your link speed change without unplugging the cable? is it really so often that you need special log entry?

Not often, but handy to know when customer is calling you asking about bad link performance

If you've already gone to the trouble of putting in logging of up/down status: whats the harm in also putting in speed, duplex and auto/manual negotiation also?

n21roadie · Sat Oct 30, 2010 5:34 pm

My request is for a "Auto Roll back" option for upgrades?

(1) full backup is stored on the router,
(2) after uploading upgrade you reboot but...
(3) if for whatever reason the new upgrade caused loss of connectivity or you may have forgotten to change a setting before you clicked reboot ...
(4) having a default 5min countdown to restore on reboot,the router will automatically restore the original configuration back,
(5) if no loss of connectivity you can stop the countdown to restore original OS,
(6) the roll back file remains stored on the router, this for fast restore if say after a few days the upgrade has created new issues?

What i am suggesting is similiar to video adapters when you change display setting it automatically restores back after 15seconds if "use" new setting are not clicked,
If you cannot access the router to stop the countdown then wait 5mins and your router will auto roll back to the original OS before upgrade and connectivity should be restored?

gustkiller · Sun Oct 31, 2010 4:28 am

mpls ecmp support ( forward using two or more destinations even using mpls)
bgp support ldp

ejansson · Sun Oct 31, 2010 6:12 am

Win box

Drop down box for last 10 (or more) IP addresses visited

dubak · Sun Oct 31, 2010 1:31 pm

Ability to use more options of the VPN server (like those normally speficied in the .conf file of the OpenVPN server when running on Linux)
For me presonally the following option would be really nice:

push "redirect-gateway"

It has been discussed here:
http://forum.mikrotik.com/viewtopic.php?f=2&t=46110

CommanddeR · Mon Nov 01, 2010 7:48 pm

I would like to set the timeout for pppoe-client connection, which sometimes takes longer to connect. If it is possible to set a time delay that is used to connect each time after a disconnect.

http://forum.mikrotik.com/viewtopic.php?f=13&t=46312

pppoe client connection by winxp

pppoe-client can not connect by RouterOS.

pppoe-client disconnect modem before RouterOS will receive packet

xxiii · Mon Nov 01, 2010 8:08 pm

in what cases does your link speed change without unplugging the cable? is it really so often that you need special log entry?
Not often, but handy to know when customer is calling you asking about bad link performance

We have some sites that are very noisy RF environments, and they occasionally screw up ethernet links. We've tried various remedies, which I won't go into here, as this isn't the appropriate thread for it, but it would be handy to have logging of the speed/duplex for us as well.

EMOziko · Tue Nov 02, 2010 9:31 am

It will be good if RouterOS will have integrated brute force protection and filter.

Tue Nov 02, 2010 9:32 am

It will be good if RouterOS will have integrated brute force protection and filter.

It does

http://wiki.mikrotik.com/wiki/Bruteforc ... prevention

kozmai · Tue Nov 02, 2010 2:09 pm

I would be nice that in /ip service I could set more ip address or one addres-list

Tue Nov 02, 2010 2:16 pm

I would be nice that in /ip service I could set more ip address or one addres-list

use firewall in that case

mattx86 · Wed Nov 03, 2010 4:06 am

I sorted the feature requests by number of votes: http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Wed Nov 03, 2010 8:20 am

I sorted the feature requests by number of votes: http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

thanks, much clearer now.

mattx86 · Wed Nov 03, 2010 5:16 pm

thanks, much clearer now.

No problem. I should mention that some new ideas and votes came in since I posted, and that I've re-sorted the list based on number of votes.

So if you're wondering where your idea or vote went, you can search the page with your browser's find function, or check the page history when logged into the wiki: near the top, you'll see four tabs: Page, Edit, History, and Watch; click on "History." (Of course, you can always get notified of changes by checking out the "Watch" tab.)

mihaimikrotik · Thu Nov 04, 2010 1:28 am

Finally a feature request, something I need and RouterOS is lacking: rate limit by destination (without any connection being involved in this) so that I can do a clean pipe in case of ddos.

Thank you for taking it into consideration!

markit · Thu Nov 04, 2010 1:58 am

hmm it`s a small feature

it would be very nice to be a able to rename a file, on the cli (and in scripts)

eg.:

/file set [/file find name="xyz.txt"] name="sata1/xyz.txt"

currently this is only possible remotely via ftp,.
and even winbox (drag & drop) can move between folders,..
and imho a cli should have more features than a gui

but to make a small feature-request biger,..
imho the whole /file section could need some improvments

e.g. its not possible to use the add command for anything useful

/file add contents="test"
error - contact MikroTik support and send a supout file (3)

same happens with copy-from,.. (in "all" RouterOS versions)

i know i can create files with e.g. print file="newfile" but why have an add command, if it can not create anything?

Markus

p.s. it`s not the first time someone wants this:

http://forum.mikrotik.com/viewtopic.php ... le#p117320

Copper · Thu Nov 04, 2010 11:30 am

Add coretemp kernel module for x86 ROS.

adrianatkins · Fri Nov 05, 2010 10:23 pm

Temperature sensing depends on there being a temperature sensor on the Board.

If the board has not got one, you can't magically make one in software.

Copper · Sat Nov 06, 2010 12:00 am

Temperature sensing depends on there being a temperature sensor on the Board.

If the board has not got one, you can't magically make one in software.

Linux kernel driver coretemp permits reading temperature sensor embedded inside Intel CPU
without sensors on a motherboard.

adrianatkins · Sat Nov 06, 2010 12:09 am

If the sensor exists, and it is an Intel chip, then it should be available as data.

I have a pile of about 70 AMD Geode based ALIX boards here in a box (Intel Compatible).

Is there a temperature sensor in those as well ?

Copper · Sat Nov 06, 2010 12:35 am

adrianatkins, i want to control the temperature of processors Intel Quad/i5/i7, but not on AMD Geode.

adrianatkins · Sat Nov 06, 2010 10:13 pm

Both CPUs would use the same MikroTik x86 firmware - as would some others, as they are x86 architecture.

The problem would be more than just making a driver work on your specific CPU chip.
They would have to make/get a driver that would work on all x86 CPUs.

Copper · Sat Nov 06, 2010 11:14 pm

They would have to make/get a driver that would work on all x86 CPUs.

It does not happen. Other equipment requires different drivers.
Hundreds of drivers are part of the system, but when you start the system only those loading that match your hardware.

omidkosari · Tue Nov 09, 2010 11:30 am

feature request : Umetered Content for PPPoE . 'Unmetered Content' services aren't counted against your monthly download inclusion . added to feature request page . just vote for it

oeyre · Wed Nov 10, 2010 1:46 am

feature request : Umetered Content for PPPoE . 'Unmetered Content' services aren't counted against your monthly download inclusion . added to feature request page . just vote for it

Not sure what your setup is, but have you considered checking whether your billing system supports NetFlow?

omidkosari · Wed Nov 10, 2010 9:49 am

feature request : Umetered Content for PPPoE . 'Unmetered Content' services aren't counted against your monthly download inclusion . added to feature request page . just vote for it
Not sure what your setup is, but have you considered checking whether your billing system supports NetFlow?

No . it is radius .

DannyZ · Thu Nov 11, 2010 6:40 pm

How about something like Ubicom Stream Engine?

adrianatkins · Sun Nov 14, 2010 10:21 pm

I suppose a Magic Pixie chooses which driver.

spaxton · Tue Nov 16, 2010 1:39 pm

Hi,

Please add feature that will allow me to add DNS name instead of exact IP address. I need this to connect 2 or more MKT routers (PPTP connection) if they are connected to internet thru ADSL and theirs IP addresses are dynamic. I hope that you understand what I am saying and that we can expect this feature in new ROS.

bye,

Tue Nov 16, 2010 3:35 pm

spaxton, we are aware of such feature. Currently you need to use something like this,
http://wiki.mikrotik.com/wiki/Manual:Sc ... _host-name

Docteh · Sat Nov 20, 2010 8:21 pm

I'd like to be able to get a list of streams within a PCQ to make sure I don't have things set up backwards

luqasz · Mon Nov 22, 2010 4:53 pm

Hi,

Please add feature that will allow me to add DNS name instead of exact IP address. I need this to connect 2 or more MKT routers (PPTP connection) if they are connected to internet thru ADSL and theirs IP addresses are dynamic. I hope that you understand what I am saying and that we can expect this feature in new ROS.

bye,

i think that this should be global. anywhere you specify a dns name it should be resolved.

luqasz · Mon Nov 22, 2010 5:09 pm

many users write some scripts (many of them are not version compatibile) to backup and export configuration

maybe some feature like /tool backup to write backup and rsc file and send it via ftp, tftp, scp to a remote host. verry important feature would be to write files to memory and not internal storage. if you will do it verry often then your mikrotik will break.

this would resolve all problems with backups. no script incompatibility etc.

second feature request is to enable sending files via ftp, tftp. something like fetch but working in the other way.

roadracer96 · Tue Nov 23, 2010 4:22 am

i think that this should be global. anywhere you specify a dns name it should be resolved.

I wouldnt go that far, but anything service based, like PPTP/SSTP/Ovpn/IPSEC connections (In particular the last 3, that is part of how a certificate is supposed to work.. DERR!!!). RADIUS, syslog, etc.

Not firewall rules. That is pointless.

TheProgrammer · Wed Nov 24, 2010 8:46 pm

it will be great if this future are available
[*]from CACHE CONTENTES i can select one or more files and delete it from cache or download it to my PC
[*] increase performance by ad by default or as option that cache come with speed of lan because if it take profile speed or Queues speed will no point from it
[*] The most Important thing and this is will be the most great thing to MikroTik Server it can protect Server from NetCut Attacker and hide MAC in any scan in network because any one can scan and get MAC an ip and change his MAC and IP to login without any problem

this very bad problem in MikroTik Must Fixed as soon as possible because every body know it now and most of customer use it and make me lose so much

oeyre · Thu Nov 25, 2010 1:43 am

Another one: on bridge ports (or entire bridge), limit the number of MAC addresses that may be learned to prevent one user from flooding the bridge table.

Chupaka · Thu Nov 25, 2010 5:22 pm

[*] The most Important thing and this is will be the most great thing to MikroTik Server it can protect Server from NetCut Attacker and hide MAC in any scan in network because any one can scan and get MAC an ip and change his MAC and IP to login without any problem

impossible. should be solved either on managed access switches, or using authentication like PPPoE

mangust · Wed Dec 01, 2010 9:36 am

1. backup_filename=Identity-date.
2. Possibility to reverse interface speed graphics - I mean make Upload=Downlad, and Download=Upload for specific interface.

rodolfo · Wed Dec 01, 2010 9:44 pm

I will have a "DEFAULT HORIZON" in a bridge.
this could be useful to avoid traffic from clients (i.e. dhcp) in an access point, when this clients are in dynamic wds mode and become to a default bridge.

luqasz · Mon Dec 06, 2010 12:59 pm

many users write some scripts (many of them are not version compatibile) to backup and export configuration

maybe some feature like /tool backup to write backup and rsc file and send it via ftp, tftp, scp to a remote host. verry important feature would be to write files to memory and not internal storage. if you will do it verry often then your mikrotik will break.

this would resolve all problems with backups. no script incompatibility etc.

second feature request is to enable sending files via ftp, tftp. something like fetch but working in the other way.

i think that enabling feature in system auto-backup to senr rsc and/or backup files via tftp or ftp to a specyfied host. encrypted ftp sessions would be even better.

Chupaka · Mon Dec 06, 2010 9:32 pm

1. backup_filename=Identity-date.

isn't it exactly like that now?..

2. Possibility to reverse interface speed graphics - I mean make Upload=Downlad, and Download=Upload for specific interface.

interface do not have neither download nor upload. it has received and sent packets. why do you need that madness?..

mangust · Mon Dec 06, 2010 11:36 pm

1. backup_filename=Identity-date.
isn't it exactly like that now?..

Nope . For now Identity=Mikrotik.
If somebody don't have special command or script to make backup (like me

) and use drag&drop to download backup , then it's always need to rename backup localy (on PC).

2. Possibility to reverse interface speed graphics - I mean make Upload=Downlad, and Download=Upload for specific interface.
....
interface do not have neither download nor upload. it has received and sent packets. why do you need that madness?..

My point of view is very simple ...
Historically on all monitoring system most people use Green for download and Blue color for Upload or ... as you say for RX and TX.
However there are lot of routers there for one "WAN" interface there are a lot of LANs interfaces (like example VLANS). One more thing – basically most Internet traffic is “Download ” so picture with traffic looks very nicely – blue line on green background . Sometimes customers who are connected by Vlans interfaces wanna see a bandwidth graph. For now I should provide them picture with blue line and some “small” green background on the bottom of the graph … In this case I always should to say them that : “blue is download (because it’s download for customer ) and green is upload”…
So I think that It's could be very flexible to have opportunity to reverse graphics... and I think it's could not be very difficult to add such functionality.

roadracer96 · Tue Dec 07, 2010 1:00 am

1. backup_filename=Identity-date.
isn't it exactly like that now?..

2. Possibility to reverse interface speed graphics - I mean make Upload=Downlad, and Download=Upload for specific interface.
interface do not have neither download nor upload. it has received and sent packets. why do you need that madness?..

I know where he is going with it.. In simple queues, it is kind of confusing when you are putting in a queue for a wan connection, your perception of upload and download is different. It thinks upload is RX when upload is really TX. It makes sense if you think of it logically, as data being uploaded to the router, but when you take an intermediate tech and put them in front of it, chances are good they will setup a queue backwards.

luqasz · Tue Dec 07, 2010 1:09 pm

new policy in /user group.
special policy to log in via api called api, now it can be blocked via winbox policy only.
please separate those two.

xxiii · Tue Dec 07, 2010 9:23 pm

Added to existing features:

Add timeout field to firewall address list entries so one can see how much time is remaining before an entry expires.

janisk · Wed Dec 08, 2010 1:27 pm

dynamically added address-list entries have timeout set by firewall rule. static entries does not have that parameter.

Athan · Wed Dec 08, 2010 2:48 pm

Just a "/log clear" command. I'm surprised such a basic feature is still missing.

Wed Dec 08, 2010 2:49 pm

Just a "/log clear" command. I'm surprised such a basic feature is still missing.

so that somebody can take your password (keylog it, whatever) change rules, and then clear the log? not much of a log then, is it?

Athan · Wed Dec 08, 2010 3:10 pm

Just a "/log clear" command. I'm surprised such a basic feature is still missing.
so that somebody can take your password (keylog it, whatever) change rules, and then clear the log? not much of a log then, is it?

What stops him to do this now by using memory-lines? For God shake normis, it's just a shortcut command.

Wed Dec 08, 2010 3:15 pm

well you said yourself, you can already do it with one command

Athan · Wed Dec 08, 2010 3:32 pm

well you said yourself, you can already do it with one command

I know that normis, though it's not one command but two. What I suggested was a simple "/log clear" shortcut command implemented in exactly the right path where it belongs; that's all.
If it is so hard for MT developers to implement this you can simply ignore my suggestion. No need for "bad guys" stories.

xxiii · Wed Dec 08, 2010 9:10 pm

dynamically added address-list entries have timeout set by firewall rule. static entries does not have that parameter.

I realize that, but I still want to see the time remaining (and possibly the original total time, if its easy to do) for the dynamic entries. The static entries can just have blank, or N/A or infinite or something like that; or it could be a read-only field that shows up in pr stat or winbox when its appropriate, but can't be set at all.

It might be nice on occasion to be able to add a dynamic entry manually as well.

Also, a "remove all dynamic" button might be handy (while I'm brainstorming). I haven't had to do that very often, but when I have, and its a huge address list, I just reboot the router currently.

dssmiktik · Wed Dec 08, 2010 10:58 pm

dynamically added address-list entries have timeout set by firewall rule. static entries does not have that parameter.
I realize that, but I still want to see the time remaining (and possibly the original total time, if its easy to do) for the dynamic entries. The static entries can just have blank, or N/A or infinite or something like that; or it could be a read-only field that shows up in pr stat or winbox when its appropriate, but can't be set at all.

It might be nice on occasion to be able to add a dynamic entry manually as well.

Also, a "remove all dynamic" button might be handy (while I'm brainstorming). I haven't had to do that very often, but when I have, and its a huge address list, I just reboot the router currently.

I agree. For whatever reason, I seem to remember a time-left property of an address-list entry (I just can't remember where / what version I saw it in, or I could be mistaken). Simple: /ip firewall address-list get <id> time-left = (empty or time interval).

As for removing all dynamic entries, you can achieve this with a simple script (so an extra feature may not be necessary).

TKITFrank · Thu Dec 09, 2010 12:09 pm

IPSec Improvements I would like to see in final RouterOS 5.0

Most wanted =)
1; SHA-256, SHA-512
2; PFS Group 14,15,16
3; Winbox support for twofish and camellia ciphers.

Optional
1; Twofish-256 (The most secure publicly available cipher?)
2; IPv6 (it's coming so better to be ready

)

mangust · Mon Dec 13, 2010 10:07 pm

Is there way to change max conntrack number in /proc/net/ip_conntrack in feature releases?
BTW. What is the max conntrack number for 4.x and for 5.x?

luqasz · Thu Dec 16, 2010 8:46 pm

new policy in /user group.
special policy to log in via api called api, now it can be blocked via winbox policy only.
please separate those two.

any chance for this ?
we have almost 1000k mikrotiks and counting in network and we woul love to use one password for entire countru to log in via api. giving such a privilage to winbox also would lead to a leak of admin password for all mikrotiks in all country.

i think that this is an understandable feature request

janisk · Fri Dec 17, 2010 9:35 am

max conntrack number depends on free resources on the router, more RAM more entries available.

We are looking into addition of new policy. That will be added in 5.0rc6

mangust · Fri Dec 17, 2010 6:57 pm

max conntrack number depends on free resources on the router, more RAM more entries available.

Looks like it limited ... Because x86 with 2G RAM, and RB1100 with 512 Mb RAM has the same Value - 524288.

May be a good idea to have a way (like example: from console only) to increase it.
The value of 524288 may be not enough for high load routers with of 250-300 Mbit/s of traffic.

bangom · Sun Dec 19, 2010 2:50 am

When adding bridge into /ip dhcp-server alerts: except "valid-servers mac" also option to specify valid in bridge port (uplink port where dhcp offers are ok to arrive).

complete2006 · Mon Dec 20, 2010 9:10 am

AP-Sync to remove self disturbing at tower location or (much better) FDD
Frequency-Hopping
Fully developed MPLS with the missing feature

And for the Hardware

SFP-Slots

chadd · Mon Dec 20, 2010 10:01 am

One of the biggest annoyances I have had with MT since I have been using it is that you have to reconfigure your wireless settings if you need to swap out a bad wireless card, even if it is an exact replacement. I have used other equipment in the past that ties wireless settings to the slot rather than the actual mac of the card, similar to what you guys do with the Ethernet ports. I know it would be possible for someone to replace the wireless card with a card with different capabilities and possible hose the configuration anyway but if it is the same chipset as the previous card it would make assembling and configuring new clients so much easier and less time consuming.

Thanks,
Chadd

janisk · Mon Dec 20, 2010 1:26 pm

in this case use /interface wireless export file=<file name>

and get all the settings associated with wireless, edit all the unnecessary stuff out, save file on router. When new module is installed just import the script and your settings are back in the way it is intended, not some weird - if this than that, if chip same but power amplifier is only for other frequency, your configuration is screwed.

As it is now, you know for sure, that when you enter new card, you have to set up settings that are interface specific.

edit:
about number of conntrack entries - there might be different reasons for this, for example, one of machines ipv6 is disabled on the other enabled. And i would like to see you exceed this 500K+ limitation in conntrack. Also, when table fills up, timeouts are reduced, as result it gets empty faster.

bangom · Mon Dec 20, 2010 6:24 pm

feature request: implement certificate revocation lists (CRL) in OpenVPN server.

explanation: when client certificate used for OVPN connection is compromised/revoked by CA, mikrotik OVPN server has no option to block it (except to change username/password in /ppp secrets).

roadracer96 · Mon Dec 20, 2010 7:41 pm

feature request: implement certificate revocation lists (CRL) in OpenVPN server.

explanation: when client certificate used for OVPN connection is compromised/revoked by CA, mikrotik OVPN server has no option to block it (except to change username/password in /ppp secrets).

THIS. Except for everything that uses certificates. SSTP, IPSEC, Ovpn.

rmichael · Tue Dec 21, 2010 6:08 am

When troubleshooting latency problems I would like to be able to output traceroute to a variable. If capturing of traceroute output was possible, script could record path and source of congestion as it happens.

In addition return value of ping should be expanded as well to include more information, like latency. Sometimes, a test ping would return no packet loss but high latency renders the link unacceptable. Monitoring latency via script would also open the possibility of measuring approx. jitter.

thank you.

dssmiktik · Tue Dec 21, 2010 11:07 am

When troubleshooting latency problems I would like to be able to output traceroute to a variable. If capturing of traceroute output was possible, script could record path and source of congestion as it happens.

In addition return value of ping should be expanded as well to include more information, like latency. Sometimes, a test ping would return no packet loss but high latency renders the link unacceptable. Monitoring latency via script would also open the possibility of measuring approx. jitter.

thank you.

To expand, maybe array format (like [find] returns) would probably work good, of course this would mean re-writing current scripts that use the ping command's current output (only successful ping count).

rmichael · Tue Dec 21, 2010 6:31 pm

To expand, maybe array format (like [find] returns) would probably work good, of course this would mean re-writing current scripts that use the ping command's current output (only successful ping count).

EDIT: MT could add another command switch to return latency/hops values in array format.

bangom · Wed Dec 22, 2010 4:20 am

Update memtest in new 5.0 mikrotik to current version (4.10?). Mikrotik 5.0rc6 has old memtest v3.4 so when testing mem on new boards (supermicro X7SPE-HF-D525) there are memory errors. But memory is ok with new version of memtest...

Also, am I wrong, but there is no cpu-test (stress test) on new mikrotik 5.0?

seviljskibrijac · Sun Jan 23, 2011 10:11 pm

Firewall rules dealing with multiple interface selection for input and output with OR and AND switches between interfaces.

example:

wan1
wan2
eth3-pppoeser
+<pppoe1>
+<pppoe2>
+<pppoe3>
+<pppoe...>

it would be nice to create rules like this:
1)
chain=input input-interfaces=(wan1 && wan2) src-address=1.1.1.1 drop
2)
chain=prerouting input-interfaces=!(wan1 OR wan2) action=mark
3)
upnp enable interface=!(static intefaces ....) type=internal

thank you

alexspils · Wed Jan 26, 2011 12:00 am

Please add src/dst address list support to torch. It can be useful to see what is going to oversea traffic for example.

rmichael · Thu Feb 10, 2011 6:27 pm

Please add src/dst address list support to torch. It can be useful to see what is going to oversea traffic for example.

I like your idea. Speaking of torch, please add a connection/packet mark filters.

oeyre · Thu Feb 17, 2011 8:14 am

I'd like to see Ethernet OAM capabilities, not only for link performance but its a good box to check when selling "carrier/metro Ethernet" to customers.

I've added this to the wiki.

oeyre · Mon Mar 07, 2011 11:02 am

Added 2 more to the wiki:

For interfaces, output the comment of each interface to SNMP as ifAlias from IF-MIB
Add option for IP Pool that tries to give out a different address every time vs the current behaviour of trying to give out the same address every time

krakenant · Tue Mar 08, 2011 4:00 am

A couple of things that I would like to see:

Have dst-MAC added as an available option. Currently SRC-MAC is an option but not DST-MAC address. Thus we cannot create a rule to log any traffic to or from a MAC address on a network that does DHCP. If the users address were to change, we have to reconfigure the rules.

A way to tie the absolute SRC Address and Port, the NAPTed SRC Address and Port, and the DST Address and Port together for RIAA requests. Current the logging only shows the original SRC Address and Port from the users request and the DST Address and Port from the Users request. When we get complaints, they have the header information of the NAPTed packet and the time. We need something to tie this back to a user and to do that, we need the all six data items, Original SRCIP/Port, the new SRCIP/Port of the NATed packet, and the DSTIP/Port.

Chupaka · Wed Mar 09, 2011 4:31 pm

Have dst-MAC added as an available option. Currently SRC-MAC is an option but not DST-MAC address

you do have this option. in Bridge Filter. it's not possible in IP Firewall, because at that moment DST MAC is unknown (also, output interface can be PPP)

A way to tie the absolute SRC Address and Port, the NAPTed SRC Address and Port, and the DST Address and Port together for RIAA requests. Current the logging only shows the original SRC Address and Port from the users request and the DST Address and Port from the Users request. When we get complaints, they have the header information of the NAPTed packet and the time. We need something to tie this back to a user and to do that, we need the all six data items, Original SRCIP/Port, the new SRCIP/Port of the NATed packet, and the DSTIP/Port.

yep, it would be nice to have that info, for example, in NetFlow v9 output... just a dream...

mohammed0592 · Thu Mar 10, 2011 12:27 am

hello
please add reset counter(download and upload) for online users (this feature already exists in users) but I need in in active connection in ppoe and hotspot

because I developed php script this script can calculate traffic users from 8:00 am to 11:00 pm, some users stay connected for long time i need to reset counter for active session at 6:50 using php and API mikrotik but i can't.

paoloaga · Mon Mar 28, 2011 5:18 am

It would be nice unix tar or zip support on files, so it is possible to transfer (via FTP / SFTP / drag'n'drop / whatever) a single file and then check integrity and extract the contents inside the router, through CLI.

It would be useful (as an example) for remote firmware upgrades. It happened to me a few times to have partial .npk uploaded files that caused to lose the remote router because of missing features (ppp) or need of a complete netinstall.

lavv17 · Mon Mar 28, 2011 1:45 pm

Please add timeout info to output of
ip firewall address-list print detail
for dynamic entries.

n21roadie · Sun Apr 03, 2011 2:47 pm

I would like to suggest as a addition to the present "Manual" link in winbox which when opened you have to browse to the section you require infromation on, is to have a help field on the item opened, for example when interface wireless is opened then help should point direct to information on interface wireless,

smatsak · Fri Apr 15, 2011 4:06 pm

feature request: implement certificate revocation lists (CRL) in OpenVPN server.

explanation: when client certificate used for OVPN connection is compromised/revoked by CA, mikrotik OVPN server has no option to block it (except to change username/password in /ppp secrets).

THIS. Except for everything that uses certificates. SSTP, IPSEC, Ovpn.

Hi guys,
What does it mean "Except for everything that uses certificates"?
I really need to use CRL on STTP server.
I want to know: who should be killed to get it?

I hope to get it (CRL on SSTP server) in the very near future.

voxframe · Fri Apr 15, 2011 8:05 pm

I have a simple "Feature" request...

Test ROS more thoroughly before actually making it a release!

5.1 should not exist outside of BETA yet, what a disaster.

I know everything has a life cycle, and that there must be bugs before things become stable. But this is beyond normal.

If it's marked BETA then people know that they get what they asked for, but when it's released as stable there should not be bugs much beyond very obscure things or spelling errors. Not where half of the boards crash when you update them.

sinisa · Sun Apr 17, 2011 12:56 am

I have asked this on MUM in Budapest:

I would like to see something like triggers when an interface state changes, so router can run a script (like ip-up/ip-down on "real" Linuxes).

That way router would not have to schedule script to check every minute if something has changed, especially if that change really happens only once in a week, and waste precious CPU time (not a real issue on x86, but can become problem on RBs).

xezen · Sat Apr 23, 2011 8:10 pm

adding something like cacti to ROS would be nice to have

morzex · Sat Apr 23, 2011 9:28 pm

- Some options for DNS server:
realy need:
1. "Don't cache negative" - to cache only positive answers.
2. "Use all servers" - to send all queries to all available servers. The reply from the server which (positive!) answers first will be returned to the original requestor. This boosts resolving for small networks.
would be nice:
3. "Disable cache"
4. "Minimum TTL" - replace TTL if it lower this setting.
5. "Maximum TTL" - replace TTL if it higher this setting.
4. "Rules" - Custom servers (or no-forward) and cache options for custon domains or IP-lists.

- Change metrics of default routes of PPP clients like DHCP clients.
- Set routing marks to default routes of PPP and DHCP clients in client options.

lavv17 · Mon Apr 25, 2011 9:44 am

Currently ROS sets irq smp_affinity to a single core, thus the interrupts of a single ethernet card with one irq do not get distributed over the cores. It would be nice if the command "system resource irq set ... cpu=0,1,2,3" worked and set the affinity mask to multiple cores.

It is reported that with NAPI such interrupt distribution does not cause packet reordering.

Lupin · Tue Apr 26, 2011 9:33 pm

When we can have a MTR Tool like this?

http://winmtr.net/

xezen · Wed Apr 27, 2011 8:36 pm

can you add second password to usermen

so there is a password for pppoe,pptp,winbox etc connections

and a password for web interface login

Thu Apr 28, 2011 7:54 am

can you add second password to usermen

so there is a password for pppoe,pptp,winbox etc connections

and a password for web interface login

basically you need a new permission option in groups, so that you can make RouterOS users who can access userman, and who can't

petro25 · Fri Apr 29, 2011 8:01 am

Very much I want to see in the following version grathing for radio

1) Noise level
2) Signal level
3) Speed of connection
4) Quality of tx of rx

siprox · Fri Apr 29, 2011 10:55 am

i want from torch i can right click and then select the address on torch running and then make mangle or address list from firewall directly. i think this is make admnistrator easy to check traffic and manage it, hope this is possible..

xezen · Mon May 02, 2011 11:16 am

can you add second password to usermen

so there is a password for pppoe,pptp,winbox etc connections

and a password for web interface login
basically you need a new permission option in groups, so that you can make RouterOS users who can access userman, and who can't

what i was saying is that when users change that password the pppoe cassword also changes i want a password for users profile and anothe password to reset pppoe password

Mon May 02, 2011 11:18 am

but the user is the same, if you need separate settings, you need separate accounts. that's why it's a centralized database of users, so you only have to change one thing.

dadaniel · Thu May 05, 2011 4:09 pm

I have multiple IPs on my external interface. I need to set the Dst. Address of the dst-nat made by UPnP, but I have not found a way to do this.

Thank you!

morzex · Fri May 06, 2011 8:42 pm

The web proxy is wery slow - it does not "Keep Alive" connections. For example "ping" at speedtest.net - time to load small data grows up to 240 ms!

enk · Fri May 06, 2011 9:09 pm

Provide Bug tracking system. Provide complete release notes with detailed information about linux kernels used and packages. Provide complete information about security vulns in RoS. Provide bug description for each confirmed bug (versions affected, fixed versions, workarounds)

Mon May 09, 2011 2:26 pm

Provide Bug tracking system. Provide complete release notes with detailed information about linux kernels used and packages. Provide complete information about security vulns in RoS. Provide bug description for each confirmed bug (versions affected, fixed versions, workarounds)

looks like you are not following this forum so much. request was discussed before, and will not happen anytime soon for many reasons.

enk · Thu May 12, 2011 11:42 am

Provide Bug tracking system. Provide complete release notes with detailed information about linux kernels used and packages. Provide complete information about security vulns in RoS. Provide bug description for each confirmed bug (versions affected, fixed versions, workarounds)
looks like you are not following this forum so much. request was discussed before, and will not happen anytime soon for many reasons.

Yeah. I know, but I think that it is not bad once again to remind about this issue. Maybe you will have pity on us and give us the solution, I know that it is hard, but it is absolutely needed.

chadd · Thu May 12, 2011 9:19 pm

Provide Bug tracking system. Provide complete release notes with detailed information about linux kernels used and packages. Provide complete information about security vulns in RoS. Provide bug description for each confirmed bug (versions affected, fixed versions, workarounds)
looks like you are not following this forum so much. request was discussed before, and will not happen anytime soon for many reasons.

You should at a minimum provide a list of known issues with a release to keep someone from installing an update and breaking things. Say like when upgrading to 5.0 from 4.16 could disable your wireless package. I know you don't always know when something is release what the bugs are but once you find out it should be listed some place.

Chadd

enk · Fri May 13, 2011 9:24 am

Provide Bug tracking system. Provide complete release notes with detailed information about linux kernels used and packages. Provide complete information about security vulns in RoS. Provide bug description for each confirmed bug (versions affected, fixed versions, workarounds)
looks like you are not following this forum so much. request was discussed before, and will not happen anytime soon for many reasons.
You should at a minimum provide a list of known issues with a release to keep someone from installing an update and breaking things. Say like when upgrading to 5.0 from 4.16 could disable your wireless package. I know you don't always know when something is release what the bugs are but once you find out it should be listed some place.

Chadd

Or for example when you upgrading from 4.17 to 5.2 - mac address settings on wireless interfaces changes to the BIA, although it was configured manually.

newkirk · Tue May 17, 2011 6:40 pm

Minor addition to graphs html pages: Include any comments in the page for a particular port's traffic graphs.

Interface <ether07> Statistics

* Last update: Tue May 17 11:28:08 2011

Right there between those two lines would be fantastic.

I don't know about others, but I use the comment field for ethernet ports to identify the destinations out that port, IE name of network segment, servers, fiber, etc. But the graphs pages show only 'ether07' etc.

j

THG · Fri May 20, 2011 4:27 pm

MAC address list.

mramos · Sat May 21, 2011 3:47 pm

On Winbox, when you decide to show or hide specific columns once, left this way from now on, at least at the used PC/notebook.

Example: wireless reg table, I don't use WDS, don't want to see MACs, but I want room to keep distance, TDMA TX&TX size, CCQ, etc within the visible window without scrolling it horizontally.

The same apply to simple queues, want to keep TX & RX speed etc but by default there's name, target address, rx max lim, tx max lim ... and under circumstances I want to keep rx av rate, tx av rate ...

Some sessions later, this "setup" is missing and is necessary to select the wanted rows again.

Regards;

Chupaka · Sun May 22, 2011 2:19 pm

"Load Previous Session" and "Exit" button on the left side (NOT 'Close (X)' the window, don't ask me why) should help...

mramos · Sun May 22, 2011 2:38 pm

"Load Previous Session" and "Exit" button on the left side (NOT 'Close (X)' the window, don't ask me why) should help...

Hi

Winbox loader is by default load previous sessios marked. The previous sessions windows really load again the next session, sometimes keeping those selected rows, sometimes not. Right now I tried (x) at the topmost right corner and still keeping the selected rows btw.

How long?

Just kidding, I always use the exit button at least to be sure not to left some "active user" waiting to ROS time it out.

Another example: the same netbook I'm using now at home. Setup certain rows to show up ... shut it down ... go to the field with it, climb a tower ... and restart winbox from wb loader. Wireless reg table still there but with the default rows.

Anyway, I'll check.

BTW, any thoughts abt those tablets x android 2.1 or 2.2 X webfig? Or a future android winbox version?

Regards;

WirelessRudy · Sun May 22, 2011 4:36 pm

From v3.xx on I already asked several times MT if it wasn't possible to have the default start settings of winbox windows edited by user.
After every reboot (upgrade, power cycle, power cut) all preset settings of user is reset every time again.

Like Ramos said, many default settings in several windows (colums, info that is shown) is nothing I have any interest in, other settings that imho are more important are not default set so you have to set these each time again.

Also formats of windows sizes, culumn wideness etc, should be more free as now.

Now I know some might come back with: "I found this program..", or; "with this tool you can do it better" etc. but that is not what I want.
Winbox is a good tool and could be made so much ergonomic with just a little bit more freedom in its settings.
If it than also could be made so that settings are saved at local PC or laptop that would be even better!
I work with 3 PC's side by side (6 monitors in total!) but the last session of a certain routerboard that is closed on no matter which PC predicts what next time is shown when it is opened again.

Example:
One PC (my office server) shows (it is running anyway from first in the morning until I go to bed...) my main Gateway with all single queues of clients and the interfaces to my two bandwith supplier and to my network together with some info from other programs. This way I can with a blink of an eye see how busy the network is, if the both suppliers are ´up´ and what traffic they get, which clients are using most traffic etc.

Now if I need to add, change or delete customer or change any other setting of this router I open a winbox session on an other PC (My network ´work´ PC with 3 monitors, really handy workspace!).
Now first I have to clear all windows I don't need and open new onces to work with. After work done I have to close this session before I close my server session.
Now, regurlarly I work until deep in the night so when I than fall of my chair I shut everything down to go to sleep.
Next morning when I first start my server I found that last night its session wasn't the last to close so my whole setting is fucked up. I have to set it all again like I want (opening proper windows, open the right columns, set the right window and column sizes etc. etc.). Very inconveniant, special since the keyboard of this server is hanging on its side on the wall to make room for other stuff...
If this server now always could open with the same settings this would make my life so much easier!
I´ll bet Ramos, and probably many others have many more examples like this as I have!

So MT, please do something about this!

"Load Previous Session" and "Exit" button on the left side (NOT 'Close (X)' the window, don't ask me why) should help...

I use both, but to be honest never noticed any differences between them. "X" leaves as many settings in place as "exit" and vice versa.

n21roadie · Mon May 23, 2011 3:42 pm

Could we have a section in the board index especially for WISP's, at present there is no specific area in the board index i am aware of ?

Mon May 23, 2011 3:45 pm

most of you here are WISPs, who else uses wireless routers

?

newkirk · Tue May 24, 2011 7:27 am

BTW, any thoughts abt those tablets x android 2.1 or 2.2 X webfig? Or a future android winbox version?;

An Android variant of Winbox would be great, but I wouldn't expect Mikrotik to dedicate the time and effort it would require, that's just not reasonable at this time. If Android tablets continue to proliferate it might become reasonable, but ATM I'm sure it's too much of a 'niche market' for them to devote efforts that could be better spent on RouterOS itself.

I can log into webfig just fine with my android 2.2 device, but every 5-10 seconds it pops up a 'router disconnected' message and I have to login again. Multiple browsers, connecting over wifi, not cell data service. (default browser, Opera, and Firefox) I was watching the Interfaces list and could see it updating packet/byte counts, so it was continuing to communicate up until the message popped up.

And on that note, a feature request: PLEASE PLEASE get rid of the 'D' button in Webfig interfaces that disables the interface... Just offer Disable/Enable in per-interface view, and get confirmation before disabling. Trying to touch-scroll the list I accidentally disabled an interface with the expected catastrophic results. (the router is 40 miles from here, it's 11pm, 1000+ clients affected, etc) There's no need IMHO (even without tonight's mishap

) to have an interface disable link embedded in every line of the interfaces list, and I can think of at least one good reason NOT to...

j

PS - can we get SSL webfig plz? The only way I'm comfortable with using it right now is through a VPN connection, which isn't always possible.

Tue May 24, 2011 8:49 am

PS - can we get SSL webfig plz? The only way I'm comfortable with using it right now is through a VPN connection, which isn't always possible.

we already do have SSL webfig ...

mangust · Tue May 24, 2011 12:46 pm

/ip dns allow-remote-requests=yes ...
It would be just great to have opportunity make dns accessible only on specific interface.
I understand that it's possible to restrict by firewall , however ...

Tue May 24, 2011 12:52 pm

you already answered it, you must use firewall. why make the same configuration in two places?

pedja · Fri May 27, 2011 8:15 am

you already answered it, you must use firewall. why make the same configuration in two places?

Because, for each service it is LOGICAL to have an option what interfaces (or even IP's) to run it on. It is not job for firewall to block it.

But as we all know, logic, user friendliness and usability ar enot strong sides of Mikrotik.

Athan · Fri May 27, 2011 9:55 am

Because, for each service it is LOGICAL to have an option what interfaces (or even IP's) to run it on. It is not job for firewall to block it.
But as we all know, logic, user friendliness and usability ar enot strong sides of Mikrotik.

Well said!

Fri May 27, 2011 9:58 am

I don't think it's logical at all. Or user friendly!

RouterOS users expect that all access rules are managed by the firewall. Why run to 10 different places to turn on/off some service access when you can do it all in one place, with easy overview of all rules and their priorities.

Chupaka · Fri May 27, 2011 10:12 am

for each service it is LOGICAL to have an option what interfaces (or even IP's) to run it on. It is not job for firewall to block it.

But as we all know, logic, user friendliness and usability ar enot strong sides of Mikrotik.

is Cisco logical?.. how can one allow management connections to some IP addresses of router and forbid ones to another addresses (users' default gateways, for example)?..

enk · Fri May 27, 2011 2:00 pm

cisco is far far away from MT. It is not good things to compare...

Chupaka · Fri May 27, 2011 2:49 pm

I mean, either cisco router allows binding services to specific interface/address and is far away, or it doesn't, and it's not logical, not user-friendly and not usable

enk · Fri May 27, 2011 4:20 pm

I mean, either cisco router allows binding services to specific interface/address and is far away, or it doesn't, and it's not logical, not user-friendly and not usable

For RoS it is not logical to binding services to specific interface/address (although sometimes it use this method - pppoe server, hotspot etc.) , but for IOS it is because of the architecture and used practice for plain old packet filtering assignment behavior to interface.

pedja · Sun May 29, 2011 9:26 am

I don't think it's logical at all. Or user friendly!

Well, I said: logic, user friendliness and usability are not strong sides of Mikrotik.

I must say, Mikrotik is the first platform where, when one sets service, he/she has no options to set interface/ip bindings for it.

ahmedramze · Mon May 30, 2011 4:55 am

Can add this ?
http://forum.mikrotik.com/viewtopic.php?f=9&t=11532

Signal can reached with out need to login like Graph.

for easy to align etc.

and please I'm still dreaming on below

graph.gif

ahmedramze · Mon May 30, 2011 4:57 am

Let give it name Mikrotik Status page.

test.gif

ahmedramze · Mon May 30, 2011 5:39 am

Setup Wizard.

on first startup for new users on mikrotik to make it ease and simple.

A-DHCP must be enabled on ether1 with address 192.168.88.1/24.
B- on welcome screen (( First time login ))

1-Configure and select WAN interface ( IP type static DHCP PPPOE, IP Route, DNS ,time zone,NTP client etc).
2-Configure and select LANs ineterfaces with two option (( DHCP or HOTSPOT))
3-Masquerade LAN network ( yes or no )
4-Save and reboot.

I know most of these are enabled and its easy to access for us but for new users its good to make a simple clicks to configure most of important thinks.

and for Point A its must be added on V6.0 , users unable to download winbox or webconfig with limited network connection or windows 7 security center block mac access for winbox at most time.

and lets remeber we not talk about expert network user or ITs , Who have adsl at home he can buy mikrotik router and with 5 click on NEXT NEXT NEXT NEXT SAVE he will made his local network. this option on most public SOHO routers like D-Link , Linksys etc.

and for router board , I'm looking for New RB750GAPN Giga Ethernet with Access point with N tech with 2 internal antenna for home use. I'm use 433 with wireless and small antenna with black router board box.

Thanks.

mehrzud · Wed Jun 15, 2011 9:00 pm

Any idea about this:
http://forum.mikrotik.com/viewtopic.php?f=1&t=52447

Ibersystems · Thu Jun 16, 2011 1:12 am

Folders/groups in the startup window of winbox. With hundreds of diferent customers and many RBs in each customer, I need to group them to easy find the correct RBs.

It will be very good to let us make a tree with folders to keep our winbox saved entrys easy to find.

Ibersystems · Thu Jun 16, 2011 1:14 am

Editable winbox options/menu like in webfig

scold · Sun Jun 19, 2011 12:13 am

Hi,
listed in the Cisco NAC and VMPS service protocols?

B.r.:
Istvan Hidegkuti

janisk · Mon Jun 20, 2011 12:40 pm

Folders/groups in the startup window of winbox. With hundreds of diferent customers and many RBs in each customer, I need to group them to easy find the correct RBs.

It will be very good to let us make a tree with folders to keep our winbox saved entrys easy to find.

For ease of use and functionality i would suggest to use TheDude for this - just remove probes, so no additional load anywhere, just network device map, where you can create device groups and operate with them (upgrade devices, for example). And if required, you can monitor your key routers in the network.

Ibersystems · Mon Jun 20, 2011 1:06 pm

Folders/groups in the startup window of winbox. With hundreds of diferent customers and many RBs in each customer, I need to group them to easy find the correct RBs.

It will be very good to let us make a tree with folders to keep our winbox saved entrys easy to find.
For ease of use and functionality i would suggest to use TheDude for this - just remove probes, so no additional load anywhere, just network device map, where you can create device groups and operate with them (upgrade devices, for example). And if required, you can monitor your key routers in the network.

It's easyer directly in winbox : / It's not easy to do?

oeyre · Thu Jun 23, 2011 3:13 am

What are the odds of seeing a Cisco compatible implementation of DMVPN?

n21roadie · Mon Aug 01, 2011 1:36 pm

Wireless connect list protocol option to select "NV2 Nsteame 802.11" combined and not at present seperate?

In the connect list, each wireless protocol is separate (802.11 or NV2 or Nstreme or Any ) and no option for combination, I have found with my network, CPE's wireless connectivity issues when using "Any" protocol but work OK when selected "NV2 Nstreme 802.11" combination and would like to have carried that configuration forward to Ptp station connect list.

RogerWilco · Tue Aug 02, 2011 3:19 am

It would be nice to have the drivers so the MiniPCIe drive could be used for a small SSD for extra storage or cache space.

Tue Aug 02, 2011 11:37 am

It would be nice to have the drivers so the MiniPCIe drive could be used for a small SSD for extra storage or cache space.

There is no plan for it and I do not see any strong reason to run SSD on MiniPCIe.

RogerWilco · Wed Aug 03, 2011 2:33 am

There is no plan for it and I do not see any strong reason to run SSD on MiniPCIe.

Because the 411U board only has one USB port and I'm using it for a 3G modem.
My ISP won't allow any device to be used that isn't issued by them so the MiniPCIe port for me is 100% useless. Extra storage would be nice to use for a cache and without buying another board and changing my setup, I can't do this.

w0lt · Wed Aug 03, 2011 3:17 am

It would be handy to have "auto-mtu discovery" ....

ok2slc · Fri Sep 30, 2011 4:39 pm

feature request: implement certificate revocation lists (CRL) in OpenVPN server.

explanation: when client certificate used for OVPN connection is compromised/revoked by CA, mikrotik OVPN server has no option to block it (except to change username/password in /ppp secrets).

+1

rpingar · Sat Oct 01, 2011 7:45 am

Pleas add MLPPP on PPPoE Server side!!!!

thanks
Ros

vemax78 · Mon Oct 03, 2011 1:49 pm

Accept FQDN into connect-to OpenVPN client.
The field accept only ipaddress and it is very limited.

shap2001 · Mon Oct 10, 2011 10:44 pm

UDP support for OpenVpn, It's very useful

omega-00 · Tue Oct 11, 2011 8:23 pm

Implementation of TRILL (Transparent Interconnection of Lots of Links) as a future alternative to RSTP.

TRILL allows usage of multiple links simultaneously removing the biggest restriction in RSTP which is waste of bandwidth due to offline links.

http://tools.ietf.org/wg/trill/
http://en.wikipedia.org/wiki/TRILL_(computing)

Detailed explanation of advantages of TRILL over STP/RSTP - http://bradhedlund.com/2010/05/07/setti ... for-trill/

fewi · Tue Oct 11, 2011 8:35 pm

Implementation of TRILL (Transparent Interconnection of Lots of Links) as a future alternative to RSTP.

TRILL allows usage of multiple links simultaneously removing the biggest restriction in RSTP which is waste of bandwidth due to offline links.

http://tools.ietf.org/wg/trill/
http://en.wikipedia.org/wiki/TRILL_(computing)

Detailed explanation of advantages of TRILL over STP/RSTP - http://bradhedlund.com/2010/05/07/setti ... for-trill/

A challenger appears: http://en.wikipedia.org/wiki/IEEE_802.1aq
http://www.nanog.org/meetings/nanog50/p ... oisman.pdf

Supporting both would be great.

Lakis · Sun Oct 16, 2011 4:50 pm

Change Tx Power TAB on wlan interface
-auto detect max radio power
and put slider

slide.JPG

Mon Oct 17, 2011 1:24 pm

-auto detect max radio power

this is default behavior if you set "default"

SviMik · Sun Nov 20, 2011 1:15 am

Feature request: DHCP-client option
I wondering, why there is no such trivial thing?

In %another_router_brand% I can put any custom options to DHCP client. For example, if I need to set dhcp-requested-address (option number 50), I can:

dhcp client txoptions add intf=ipKmInet option=dhcp-requested-address value=(addr)x.x.x.x

But there is no way to do this with mikrotik

I found similar question here: http://forum.mikrotik.com/viewtopic.php?f=2&t=46855
(option 60 (Vendor class identifier) in this case)
And the answer was: it is not possible.

So, if there is
/ip dhcp-server option
would be nice to have also
/ip dhcp-client option

WirelessRudy · Sun Nov 20, 2011 1:17 pm

Feature request: DHCP-client option
I wondering, why there is no such trivial thing?

In %another_router_brand% I can put any custom options to DHCP client. For example, if I need to set dhcp-requested-address (option number 50), I can:
Code: Select all
dhcp client txoptions add intf=ipKmInet option=dhcp-requested-address value=(addr)x.x.x.x
But there is no way to do this with mikrotik

I found similar question here: http://forum.mikrotik.com/viewtopic.php?f=2&t=46855
(option 60 (Vendor class identifier) in this case)
And the answer was: it is not possible.

So, if there is
/ip dhcp-server option
would be nice to have also
/ip dhcp-client option

Out of interest and to gain some understanding: What is it you want?
"Vendor class identifier", what is that meaning? I found the article that describes the dhcp options but its all acadabra to me. Can you explain in plain wordings what option 60 does and what you are trying to obtain here?

SviMik · Sun Nov 20, 2011 1:45 pm

Again misunderstanding.
In another router (Thomson TG784 in my example) I can add any custom option with custom value, and this fields will be transmitted with DHCP request.
So, here I need same function to add any options I want.
There are *many* options in DHCP protocol (255, as I understand). The option number is just a number 1-255, and option value - is just a few possible formats (IP address, string, byte, etc.)
And anything DHCP client have to do is to append all custom options to DHCP request (it does not need to know what each option means actually).

Mon Nov 21, 2011 10:28 am

no, the question was, "why" do you need to do that? what is the result?

SviMik · Mon Nov 21, 2011 11:30 am

no, the question was, "why" do you need to do that? what is the result?

I'm just trying to tell, that there may be many reasons to do that (for example, I have no idea why somebody need option #60, but I can tell why I need option #50).

My story is long and not interesting. But if you wish... (sorry for my bad english)
My ISP does not give static IP addresses. But I don't want to change my IP. The solution is simple: in DHCP protocol the client can (and most DHCP clients do) tell preferred IP (usually this is previous IP, which client remember). And, if this IP is valid (exists in DHCP server pool) and not used by somebody else, then DHCP server can give requested IP address (or can ignore this option, depending on server implementation and configuration). This works with my ISP: I can take back my IP even if it changes. But to do that, I need to modify option #50 (dhcp-requested-address).

My problem may look silly... But, this is what I can do with another router (and also can with linux and even windows), and can't with mikrotik.

Yes, I know this is wrong way (the better was to get static IP from my ISP, but he does not provide such service).
Yes, I know that sometime I loose my IP anyway, but my task is only to minimize number of changes if I can.

Silencept · Fri Mar 09, 2012 4:09 am

Not silly at all , without option 60 i dont get a DHCP offer from my ISP , thought Mikrotik was the solution for my problem and it seems that i've go to go elsewhere ...
Im sure there are other ISP's that require other options beside 50 and 60 so the possibility of using them would be a good for mikrotik and for the people who buy mikrotik and i'm sure it wouldn't be to hard to implement. After all it doesn't require that much modification to the actual client.

mjjochen · Fri Mar 09, 2012 5:11 pm

I know it has been asked for before, but want to add my vote to be able to use /tool fetch over https. So SSL savvy fetch please!

I cringe sending my login info for my dynamic dns unencrypted (but that is all I have). My provider does not use dns-update, so must go over http with fetch.

gsloop · Thu Mar 15, 2012 6:50 am

1) HTTPS fetch
2) fping support
3) PPTP classless routing fix for Windows clients

Chupaka · Thu Mar 15, 2012 12:01 pm

3) PPTP classless routing fix for Windows clients

?..

lavv17 · Thu Mar 15, 2012 1:22 pm

integrate udpxy. Very useful for IPTV over WiFi for home users.

piyokos · Fri Mar 16, 2012 8:51 pm

add option to ppp profile to call one script when client connects (post ip assignment) and another script when client disconnects, and pass all relevant information to script like username, service, caller id, assigned remote ipv4 address, assigned remote ipv6 address, uptime, total tx/rx bytes.

intention being so accounting/abuse tracking can be conducted without dealing with radius, also opens the door for many other things, like scripting smart firewall rules for vpn/pppoe users.

markom · Fri Mar 16, 2012 10:30 pm

It would be great to have possibility to send SNMP commands from MT to some network devices. My problem is that I would like to send command to APC to turn off outlet X and bring power again after Y seconds on some events.

Edit:

And of course Adaptec raid controller driver or (&) Intel raid controller support. We are using this for greater demands customers http://www.supermicro.com/products/chas ... 2L-200.cfm

There is space for 2 SAS HDD mobo have Intel and Adaptec controller integrated ad would be great if we have redundancy of 2 hdd in router

rmichael · Fri Mar 16, 2012 11:18 pm

Add new filter "connection mark X" to the Torch to be able to track the performance of the PCQ/Queue Tree

mihaimikrotik · Sun Mar 18, 2012 5:25 pm

I also have an "internal" feature request: better granularity for multi-cpu/core x86 systems.

In systems running multiple full bgp feed peers the table will grow quite big. 3 bgp full-feed peers with one ibgp peer with redistribution will grow the table to +1M routes.

I do not know how ROS works internally but I can tell you this: if I have firewall, qos and BGP active, that's trouble every time we get high packet rate (+100kpps), every time the firewall will do something, or every time there will be some dynamically added routes to the main table. The router will just go into resource starvation.

For example: if we disconnect and reconnect 2 peers, one core will go up to 100%, mostly everything else will lock up, winbox will disconnect and sometimes all the peers will disconnect.

I find this a very serious issue and it should be resolved by adding the possibility to specify which ROS process would go to which processor/processing core. For example we could specify that bgp instance default would go to cpu 0 and the firewall would be processed on on cpu 1 instead of automatically using the same cpu for everything the router does software and putting that in 100% which will sometimes break things.

EDIT: and oh yes, support for +2 GB of RAM.

Chupaka · Mon Mar 19, 2012 10:12 am

add option to ppp profile to call one script when client connects (post ip assignment) and another script when client disconnects

even more: not only 'on connect' and 'on disconnect', but 'before connect' so that it would be possible to set, for example, server address from the list of servers (RR DNS, etc.)

GREG3f · Mon Mar 26, 2012 3:24 pm

In Winbox, add two options to right click when clicking on a wireless client in the registration table to allow (1) Bandwidth Test and (2) Launch Winbox to open client in addition to existing mactelnet, torch etc.

sanya · Sun Apr 01, 2012 6:49 pm

integrate udpxy. Very useful for IPTV over WiFi for home users.

It would be really nice to have this feature integrated. Just a few words why it's really needed:

There are a couple of RB hardware models oriented for home use. And a lot of home users (at least here in Ukraine) have IPTV from their ISP and prefer working over wireless. However transmitting multicast over WiFi is always a bad idea because multicast over WiFi transmits without acknolege and therefore uses the lowest possible rate to assure packets delivery. Yes, it's possible to increase base rate for multicast, however the more we increase rate, the more packets we lose. That's why you will never get fast rate for multicast over WiFi. At the same time proxying multicast to TCP can offer maximum rate with no packet loss.

Honestly, lack of udpxy functionality in RouterOS is the only thing why I can't suggest RouterBoard hardware for a lot of home users. I mean, each user who has IPTV from his ISP. Here in Kiev, those are at least 30% of home users.

vik1988 · Mon Apr 02, 2012 4:18 pm

Hi,

Don't know how to add feature request in Wiki so adding here

Winbox Plugin inside Winbox :- Is it possible to add a winbox features inside ROS like Telnet/Mac-telnet/SSH. Many times we need to access other routers inside ROS which are not reachable directly from PC. So it would be nice if we can open other ROS on GUI, inside from the RouterOS....

gled · Tue Apr 03, 2012 8:19 pm

Added request for MLPPP client support on PPTP on the wiki, hope that someone will take a look at it !

lwq · Tue Apr 03, 2012 9:46 pm

I don't think it's logical at all. Or user friendly!

RouterOS users expect that all access rules are managed by the firewall. Why run to 10 different places to turn on/off some service access when you can do it all in one place, with easy overview of all rules and their priorities.

Oukey, so why are on different places made oportunity to allow access only from specified IPs ? /ip services /user and so on for example ?

lwq · Tue Apr 03, 2012 10:01 pm

I have so feature reqs ... I think useful for a lots of users

- read out of serial port, in script, not in terminal only
- 1-wire bus support
- script debug posibility (error report e.g. like PHP)
- export/import winbox list to useful format like CSV, not address-book format only
- quality and complete MIB file for SNMP read/write
- posibility to make/read/change files directly in Winbox (like F3/F4 in midnight cmdr)
- option to run script at scheduler not only upon specified time but also upon specified event like system power on, wireless running-check on/off, uplink signal under/over, ethernet on/off, ...

The most needed feature is read out from serial port and to run script upon even.

What you think about ?

titius · Mon Apr 09, 2012 11:47 am

Is it possibile to implement simple web browser?

It is useful if you have lots of generic client CPEs with bridged interface and need to set those CPEs with fresh settings. usually they have some 192.168.xx addresses. And we have to make eoip tunnels to do access those cpes.

With web broser all you have to do is add another Ip on interface and then easily access CPEs.

herschel · Tue Apr 10, 2012 8:30 pm

EoUDP - Ethernet Over UDP, similar to EoIP, but carries data over UDP. One end is 'server', one end is 'client'. Server port can be set to user's choice, client port determined by OS/NAT. Has adjustable ping to maintain end-to-end connectivity. Simple and high performance ethernet tunneling for scenarios where one end cannot use Layer2 protocols (EoIP, IPIP, etc) for whatever reason.

sashavl · Wed Apr 11, 2012 12:20 am

DNSCrypt - new OpenDNS feature, we now have to use client for mac or windows, it installs proxy on local comp which makes encrypted dns requests for you, i think it would be easy to implement this in routeros beacuse it already has dns server, some of the modded router firmwares already has it

tnx for your support

herschel · Wed Apr 11, 2012 8:39 am

Create network interface over USB with Apple iPhone. Open source iPhone tethering driver for Linux has been available for some time now (ipheth) and I think it is now part of the kernel...

omidkosari · Tue Apr 17, 2012 6:26 pm

Unmetered content for ppp server specially in pppoe server . a featue which a router allows not to count some addresses in radius accounting .
for example we want pppoe users don't pay for opening www.mikrotik.com

Chupaka · Tue Apr 17, 2012 6:32 pm

Unmetered content for ppp server specially in pppoe server . a featue which a router allows not to count some addresses in radius accounting .
for example we want pppoe users don't pay for opening http://www.mikrotik.com

+1, extremely actual

I'd even upgrade my v3.28 pptp concentrator to v5 or even v6

Karas · Sat Apr 21, 2012 3:15 am

Hi

Would it be possible to have a 'Port List'

Sort of like the Address Lists just with ports

I do ALOT of Mangle and port forwarding both for Myself and client and always comment exactly what each port is for to save myself time/confusion later on.

It would make things alot easier (for me at least) if I could handle them via one page, as I do with my Address Lists.

ropebih · Sun May 06, 2012 10:25 pm

integrate udpxy. Very useful for IPTV over WiFi for home users.

It would be great, one "like" for udpxy.

Chupaka · Mon May 07, 2012 12:43 pm

well, now (v6, AFAIR) ROS can send mutlicast paskets as unicast frames, so udpxy is not actual just for wifi

pateutz · Mon May 07, 2012 3:24 pm

Hi team,

i don't know if this request has been made but it will be possible this "parent proxy that need user and password for authentication?".

I saw this topic and seams that has end into 2008:

http://forum.mikrotik.com/viewtopic.php?f=2&t=23490

Best Regards,

Daniel