Cloud Hosted Router

janisk · Mon Dec 14, 2015 10:44 am

I just upgraded the CHR to v6.34rc20 and now i` m unable to login
I *tried* to update to 6.34rc20 but I get this error message:

ERROR: not enough disk space, 26.3MiB is required and only 17.2MiB is free

This is on the default VHDX version of 6.24rc19 with The Dude package added and running. The default partition is 64MB - we either need a way to increase the partition size during operation (preferably), or during boot (at a minimum). Clearly the 64MB default will be insufficient when deploying this in a production environment and performing additional package installs and updates.

If you think you will need more storage, you should expand the storage before you install the CHR. Do that using tools provided by the VM. Then when CHR installs itself, you will have access to the larget storage.

Also, 6.34rc21 is available. Did not experience any problems with logging in the router.

raymonvdm · Mon Dec 14, 2015 11:20 am

I just upgraded the CHR to v6.34rc20 and now i` m unable to login
I *tried* to update to 6.34rc20 but I get this error message:

ERROR: not enough disk space, 26.3MiB is required and only 17.2MiB is free

This is on the default VHDX version of 6.24rc19 with The Dude package added and running. The default partition is 64MB - we either need a way to increase the partition size during operation (preferably), or during boot (at a minimum). Clearly the 64MB default will be insufficient when deploying this in a production environment and performing additional package installs and updates.
If you think you will need more storage, you should expand the storage before you install the CHR. Do that using tools provided by the VM. Then when CHR installs itself, you will have access to the larget storage.

Also, 6.34rc21 is available. Did not experience any problems with logging in the router.

This version indeed seems to be working

apteixeira · Mon Dec 14, 2015 1:37 pm

Please send supout file to MikroTik support.

Hello,

I just successfully upload the MikroTik CHR image to Amazon Web Services (AWS) and it works perfectly as router/firewall for the Amazon VPC.

The only problem is that I tried to apply the free trial P-Unlimited license but it did not work. It keeps saying free license and 1 Mbps Rx/Tx.

Is the trial license working properly?. Here are some images:

Best regards.
Hello,

I just send an email to support@mikrotik.com with all the information and supout.rif

Note: I generate new keys and try to apply new free trial license but it did not work.

Ticket# 2015121066000478

Best regards.

Hello,

I just upgrade the CHR to the latest RouterOS version (v6.34rc21) but I got the same problem trying to upgrade the free license to any trial version. It still says free but in the MikroTik account appears correctly.

Any news about it?

Best regards.

raymonvdm · Mon Dec 14, 2015 2:45 pm

I think i have the same issue after an upgrade to CHR 6.34RC21

Although the CLI is more usefull (key replaced by xxx just for privacy)

[admin@router] /system license> print 
  system-id: kThxxxxx/xx
      level: free

pietroscherer · Mon Dec 14, 2015 3:17 pm

Hi,

I'm having a issue with package IPv6. When I enable it in CHR 6.32 using Qemu, the router crashes. Somebody else with the same problem?

Thanks.
I'm getting this issue as well.

Windows Server 2008 R2
CHR version 6.34rc19
GNS3 ver 1.3.11
Qemu ver 2.4.0 (included version)

If I run the image in Qemu 2.4.93 (the latest build) then it's stable with all packages installed and enabled (well, I didn't install userman)

I would just use Qemu 2.4.93 but it's got a bug in the udp socket netdevice that makes the emulation run VERY slow and eventually crash when used. This is the type of back-end GNS3 makes when you connect an ethernet interface in the network topology, so Qemu 2.4.93 is useless for this....

Really. When I used the lastest build of qemu, the emulation runs very slow, and the rOS always got 100% of CPU. Emulating with qemu built in GNS3, it's okay. I'll try to use IPv6 package with vbox, and tell you.

pietroscherer · Mon Dec 14, 2015 4:00 pm

Hi,

I'm having a issue with package IPv6. When I enable it in CHR 6.32 using Qemu, the router crashes. Somebody else with the same problem?

Thanks.
I'm getting this issue as well.

Windows Server 2008 R2
CHR version 6.34rc19
GNS3 ver 1.3.11
Qemu ver 2.4.0 (included version)

If I run the image in Qemu 2.4.93 (the latest build) then it's stable with all packages installed and enabled (well, I didn't install userman)

I would just use Qemu 2.4.93 but it's got a bug in the udp socket netdevice that makes the emulation run VERY slow and eventually crash when used. This is the type of back-end GNS3 makes when you connect an ethernet interface in the network topology, so Qemu 2.4.93 is useless for this....
Really. When I used the lastest build of qemu, the emulation runs very slow, and the rOS always got 100% of CPU. Emulating with qemu built in GNS3, it's okay. I'll try to use IPv6 package with vbox, and tell you.

Feedbacking..

Emulating CHR 6.34rc21, IPv6 package works fine in vbox, but in qemu still crashing.

raffav · Mon Dec 14, 2015 8:58 pm

Hello,
edited the answer was already on the site

but the price for 1p-10p Up it is the price for purchases or it only a estimate ?

the license will be transferable ?

leoktv · Mon Dec 14, 2015 11:43 pm

Is a netinstall soulutions for CHR on its way as after upgrade to 6.34cr20 im not able to login to do the upgrade to rc21. and for this to work we need a main package not only image files.

wdavid · Tue Dec 15, 2015 4:09 pm

Hello,

I just successfully upload the MikroTik CHR image to Amazon Web Services (AWS) and it works perfectly as router/firewall for the Amazon VPC.

The only problem is that I tried to apply the free trial P-Unlimited license but it did not work. It keeps saying free license and 1 Mbps Rx/Tx.

Is the trial license working properly?. Here are some images:

Best regards.

Could you please share with us the steps you used to import the MikroTik CHR VM to AWS. Thank you

HiltonT · Wed Dec 16, 2015 1:53 pm

I just upgraded the CHR to v6.34rc20 and now i` m unable to login
I *tried* to update to 6.34rc20 but I get this error message:

ERROR: not enough disk space, 26.3MiB is required and only 17.2MiB is free

This is on the default VHDX version of 6.24rc19 with The Dude package added and running. The default partition is 64MB - we either need a way to increase the partition size during operation (preferably), or during boot (at a minimum). Clearly the 64MB default will be insufficient when deploying this in a production environment and performing additional package installs and updates.
If you think you will need more storage, you should expand the storage before you install the CHR. Do that using tools provided by the VM. Then when CHR installs itself, you will have access to the larget storage.

Also, 6.34rc21 is available. Did not experience any problems with logging in the router.

Yeah, I worked that out - I re-copied the VHDX, expanded it, started it and now everything lives on Disk2 in the new, expanded VHDX partition. I'm not sure there *was* a "Disk 2" before I expanded, but I can look at some time.

Also, good news on the 6.32rc21 front - may give that a go and see what Dude progress has been made...

janisk · Wed Dec 16, 2015 1:57 pm

Could you please share with us the steps you used to import the MikroTik CHR VM to AWS. Thank you

we are working to make CHR available from the amazon image store. So you can just locate it and launch your own CHR.

edit:

you can try to look up ami-fce6448f and lautnch your instance. Please be aware that amazon can charge you something.

apteixeira · Wed Dec 16, 2015 2:00 pm

Hello,

I just upgrade the CHR to the latest RouterOS version (v6.34rc21) but I got the same problem trying to upgrade the free license to any trial version. It still says free but in the MikroTik account appears correctly.

Any news about it?

Best regards.

Hello,

I have tested several times and the problem with the license persists only with the image that I uploaded to AWS. If a use the vmdk or raw image on VMware or Qemu it works fine, but when I use the raw image on AWS it did not get the correct license.

Any reason for it?.

Best regards.

Wed Dec 16, 2015 2:01 pm

Known bug with AWS, are working on it!

apteixeira · Wed Dec 16, 2015 2:24 pm

*** Please give karma ***

Hello,

Here are the steps to upload the CHR to AWS (Amazon Web Services):

Install http://qemu.weilnetz.de/w64/qemu-w64-setup-20151208.exe

[/b]Download Cloud Hosted Router Raw Disk Image (lastest)
http://download2.mikrotik.com/routeros/ ... 19.img.zip

Rename image >> chr.img

Resize image with quemu
cd "C:\Program Files\qemu\"
qemu-img resize -f raw chr.img +500M

Pre-install RouterOS
cd "C:\Program Files\qemu\"
qemu-system-x86_64w.exe chr.img

ZIP file and upload chr.img to DropBox or S3

Create credentials
*** Create new Security Credentials using Identity and Access Management (IAM) and assign policies
*** Start a new Amazon Linux AMI VM to use as AWS CLI

Download RAW Image to Amazon Linux AMI VM
sudo su
cd \
mkdir CHR
cd /CHR
wget http://xxxxxx/chr.zip

UNZIP file
unzip chr.zip

Rename image
mv chr.img chr

Save credentials on AWS CLI VM
export AWS_ACCESS_KEY=xxxxx (your credential)
export AWS_SECRET_KEY=xxxxx (your password credential)

Start AMI creation process:

ec2-create-volume --size 1 --region us-east-1 --availability-zone us-east-1a

ec2-attach-volume vol-zzzzz -i i-kkkkk --device /dev/sdb --region us-east-1

sudo dd if=/CHR/chr of=/dev/sdb bs=1M

sudo partprobe /dev/sdb

ec2-detach-volume vol-zzzzz --region us-east-1

ec2-create-snapshot --region us-east-1 -d "CHRv6.34rc21_v2" -O $AWS_ACCESS_KEY -W $AWS_SECRET_KEY vol-zzzzz

ec2-register --region us-east-1 -n AMI_CHRv6.34rc21_v2 -s snap-zzzzz -a x86_64 --virtualization-type hvm

Once the AMI have been created, then you can start a new instance.

Enjoy. Best regards.

*** Please give karma ***

apteixeira · Wed Dec 16, 2015 2:29 pm

Known bug with AWS, are working on it!

Thanks. I just wrote the process to import the image to AWS so anyone can test it.

Best regards.

leoktv · Wed Dec 16, 2015 2:50 pm

Hi any having a soulution how to upgrade from 6.34rc20 to 6.34rc21 as it is not pissible to login to the router after upgrade to rc20!

nevesjunior21 · Wed Dec 16, 2015 3:21 pm

I run the x86 version (6.34r21), pppoe server, works 100%
already aversion CHR (6.34r21) restarts on average 5 minutes.

janisk · Wed Dec 16, 2015 3:54 pm

on eu-west-1 you can look for this ami: ami-fce6448f

if this works that way.

janisk · Wed Dec 16, 2015 4:05 pm

I run the x86 version (6.34r21), pppoe server, works 100%
already aversion CHR (6.34r21) restarts on average 5 minutes.

do you have any autosupout.rif files on the router? also, create support output file and send it to support.

nevesjunior21 · Wed Dec 16, 2015 4:26 pm

ok, I will send the 2 x86 and x64!

apteixeira · Wed Dec 16, 2015 4:32 pm

on eu-west-1 you can look for this ami: ami-fce6448f

if this works that way.

Hello,

It works fine but the license upgrade does not work yet.

Here is the public AMI in us-east-1 (Virginia, EEUU): ami-c6287dac

Best regards.

wdavid · Wed Dec 16, 2015 7:04 pm

*** Please give karma ***

Hello,

Here are the steps to upload the CHR to AWS (Amazon Web Services):

......
*** Please give karma ***

Thank you for the instruction. It's working now (except the license). I was missing the qemu part with the initialization. Importing the img or vhd as is didn't worked on AWS in any form.

Regards.

janisk · Wed Dec 16, 2015 9:19 pm

Hello,

It works fine but the license upgrade does not work yet.

Here is the public AMI in us-east-1 (Virginia, EEUU): ami-c6287dac

Best regards.

we are working to fix the license. And there will be updated AMIs with latest RouterOS release available.

wa4zlw · Mon Dec 21, 2015 3:21 am

also you need to provide correct templates for Hyper_V and VMWare, etc.

what is out there does not even work.

Leon
it is not virtual instance template or anything of that sort. It is just an disk image, that you add to the guest instance.

please provide correct templates for the VMs you are supporting. It takes more time to do it this way. It should be plug and ply. the whole purpose of a template is to have an environment that comes up right away.

Leon

janisk · Mon Dec 21, 2015 12:13 pm

it is not a template. These are specifically made this way so it is not a template for your router. We do not know what setup you have, what are your requirements. There is no way on how to predict that.

Your router is not plug and play. This is not a SOHO appliance where you have NAT, one WAN port, and several LAN ports.

Buster2 · Tue Dec 22, 2015 12:59 am

Why should hundreds of admins convert your base disk image to templates to get it imported properly, when one guy at MikroTik could do this? It's not like only one person asked here.

Rudios · Tue Dec 22, 2015 10:40 am

Hi folks....I pulled down the VM images and Hyper-V gets an IMPORT FAILED!

A server Error occurred while attempting to import the virtual machine.

Import failed.

Import failed. Unable to find virtual machine import files under location "D:\xfer\Mikrotik\VM\". You can import a virtual machine
only if you used Hyper-V to create and export it.

I am successfully running two VMs under Hyper-V one from Watchguard for their Dimension server and a w10-32bit image running other Watchguard management tools as well as the Dude windows x86

So how does one get this running please?

Thanks leon

You have to create a VM yourself and apply the supplied VHD(x) file as its harddrive.

@Janisk:
I have downloaded latest available image today (6.34rc23) but it still keeps rebooting after installation

Tue Dec 22, 2015 11:50 am

Guys, if you are asking for a template. What should the config be? How many interfaces and disk sizes etc? Is there some common standard?

janisk · Tue Dec 22, 2015 1:09 pm

@Janisk:
I have downloaded latest available image today (6.34rc23) but it still keeps rebooting after installation

We are working on the issue regarding WIndows 10 pro and Hyper-V that CHR is going into the reboot loop after the installation is complete. We have test setup working, well, rebooting indefinitely.

Tue Dec 22, 2015 1:11 pm

@Janisk:
I have downloaded latest available image today (6.34rc23) but it still keeps rebooting after installation

We are working on the issue regarding WIndows 10 pro and Hyper-V that CHR is going into the reboot loop after the installation is complete. We have test setup working, well, rebooting indefinitely.

In the meantime, you can use legacy network adapters. Those work fine.

wdavid · Tue Dec 22, 2015 4:18 pm

Guys, if you are asking for a template. What should the config be? How many interfaces and disk sizes etc? Is there some common standard?

In case we are talking about an EC2 AMI image then the number network interfaces are not relevant. It's set during the configuration of the instance. The disk size has to be minimum of 1Gb but I would recommend going with 8Gb. Used to be the default for linux instances.
edit: the image of the pfSense router from Netgate also comes with 8Gb as default

AlexS · Wed Dec 23, 2015 1:55 am

Cool Cool Cool.

Is there any path for upgrading the ROS licences into CHR licenses ?

AlexS · Wed Dec 23, 2015 2:19 am

I have downloaded the vmdk - vmware disk. I have created a new VM. other - linux 64 add in 1 nic vmxnet3
I go to add the downloaded disk - have to edit the vm as I can't add during creation and i see the disk is an ide not scsi is that right ?

Quick fiddle with the vmdk change ide to lsilogic

Also I notice there is not vmware tools install - is this planned to be added ?

Any chance to get the licensing to happen via a proxy ...

janisk · Wed Dec 23, 2015 12:16 pm

still no 3rd party tool supprt as in - tools from the wendor. In future there are plans to add things that you will be able to do as if you had tools.

Regarding AMI - http://wiki.mikrotik.com/wiki/Manual:CH ... stallation

rdeclaux · Thu Dec 24, 2015 12:45 pm

How can i install it on vultr.com they want .ISO image but i couldn't convert it, some people say that just rename .img to .iso but it doesn't work.

Is there any other way of installing it? Is iPXE installing works for chr?

HellMind · Fri Dec 25, 2015 10:44 pm

Im using router CHR on an esx with a vm with 8 cores .
I'm being attack with a simple udp flood and its eating a lot of cpu.
I droped the attack on the firewall but still the resource usage is too much

http://puu.sh/m8n6s/7327dfed8e.png
http://puu.sh/m8mWN/77add21c6a.png

http://puu.sh/m8pPU/8e1fbdf3df.png

apteixeira · Sat Dec 26, 2015 1:58 pm

we are working to fix the license. And there will be updated AMIs with latest RouterOS release available.

Hello janisk,

Is there any soon update that fix AWS CHR AMI license. I am using CHR on production environment in AWS for a new VPC but it is limited to 1 Mbps.

Please fix it. It would be great!! Thank you.

Best regards.

apteixeira · Sat Dec 26, 2015 1:59 pm

Im using router CHR on an esx with a vm with 8 cores .
I'm being attack with a simple udp flood and its eating a lot of cpu.
I droped the attack on the firewall but still the resource usage is too much

http://puu.sh/m8n6s/7327dfed8e.png
http://puu.sh/m8mWN/77add21c6a.png

http://puu.sh/m8pPU/8e1fbdf3df.png

Hello,

Can you share your firewall filter configuration?.

Best regards.

HellMind · Sat Dec 26, 2015 2:37 pm

Im using router CHR on an esx with a vm with 8 cores .
I'm being attack with a simple udp flood and its eating a lot of cpu.
I droped the attack on the firewall but still the resource usage is too much

http://puu.sh/m8n6s/7327dfed8e.png
http://puu.sh/m8mWN/77add21c6a.png

http://puu.sh/m8pPU/8e1fbdf3df.png
Hello,

Can you share your firewall filter configuration?.

Best regards.

Sure:

[admin@MikroTik] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=forward action=drop protocol=udp in-interface=ether1 packet-size=28 log=no log-prefix="" 

 1 XI  chain=forward action=drop protocol=udp in-interface=ether1 dst-port=10091 log=no log-prefix="" 

 2    ;;; Add address to block list when try to connect fast
      chain=input action=add-dst-to-address-list protocol=tcp address-list=blocked-addr address-list-timeout=1d connection-limit=10,32 log=no log-prefix="" 

 3 XI  chain=input action=drop dst-address=167.114.219.211 log=no log-prefix="" 

 4    chain=input action=drop protocol=udp in-interface=ether1 dst-port=53 log=no log-prefix="" 

 5    chain=input action=drop connection-state=invalid log=no log-prefix="" 

 6    chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 7 XI  ;;; SYN Flood protect
      chain=forward action=jump jump-target=SYN-Protect tcp-flags=syn connection-state=new protocol=tcp log=no log-prefix="" 

 8    chain=SYN-Protect action=accept tcp-flags=syn connection-state=new protocol=tcp limit=400,5 log=no log-prefix="" 

 9    chain=SYN-Protect action=drop tcp-flags=syn connection-state=new protocol=tcp log=no log-prefix="" 
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic 
 0 XI  chain=dstnat action=dst-nat to-addresses=0.0.0.1 protocol=udp dst-address=167.114.219.211 log=no log-prefix="" 

 1    ;;; 014
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=198.50.192.167 log=no log-prefix="" 

 2    ;;; 015
      chain=srcnat action=src-nat to-addresses=198.50.192.164 src-address=192.168.137.15 log=no log-prefix="" 

 3    ;;; 015
      chain=dstnat action=dst-nat to-addresses=192.168.137.15 dst-address=198.50.192.164 log=no log-prefix="" 

 4    ;;; 014
      chain=srcnat action=src-nat to-addresses=198.50.192.167 src-address=192.168.137.14 log=no log-prefix="" 

 5    ;;; 043
      chain=dstnat action=dst-nat to-addresses=192.168.137.16 dst-address=198.27.86.232 log=no log-prefix="" 

 6    ;;; 043
      chain=srcnat action=src-nat to-addresses=198.27.86.232 src-address=192.168.137.43 log=no log-prefix="" 

 7    ;;; 016 tsdns1
      chain=dstnat action=dst-nat to-addresses=192.168.137.234 protocol=tcp dst-address=198.50.192.165 dst-port=41144 log=no log-prefix="" 

 8    ;;; 016
      chain=dstnat action=dst-nat to-addresses=192.168.137.16 dst-address=198.50.192.165 log=no log-prefix="" 

 9    ;;; 016 irc
      chain=srcnat action=src-nat to-addresses=198.50.192.165 src-address=192.168.137.16 log=no log-prefix="" 

10    ;;; 017
      chain=dstnat action=dst-nat to-addresses=192.168.137.16 dst-address=198.50.192.166 log=no log-prefix="" 

11    ;;; 017
      chain=srcnat action=src-nat to-addresses=198.50.192.166 src-address=192.168.137.17 log=no log-prefix="" 

12    ;;; 234 tsdns
      chain=dstnat action=dst-nat to-addresses=192.168.137.234 dst-address=192.99.203.7 log=no log-prefix="" 

13    ;;; 234
      chain=srcnat action=src-nat to-addresses=192.99.203.7 src-address=192.168.137.234 log=no log-prefix="" 

14    ;;; 037
      chain=dstnat action=dst-nat to-addresses=192.168.137.37 dst-address=198.50.154.174 log=no log-prefix="" 

15    ;;; 037
      chain=srcnat action=src-nat to-addresses=198.50.154.174 src-address=192.168.137.37 log=no log-prefix="" 

16    ;;; 041
      chain=dstnat action=dst-nat to-addresses=192.168.137.41 dst-address=198.100.152.246 log=no log-prefix="" 

17    ;;; 041
      chain=srcnat action=src-nat to-addresses=198.100.152.246 src-address=192.168.137.41 log=no log-prefix="" 

18    ;;; 057 ntopng
      chain=dstnat action=dst-nat to-addresses=192.168.137.57 dst-address=142.4.206.216 log=no log-prefix="" 

19    ;;; 057
      chain=srcnat action=src-nat to-addresses=142.4.206.216 src-address=192.168.137.57 log=no log-prefix="" 

20    ;;; 066 ts3ca no publicado
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.211 log=no log-prefix="" 

21    ;;; 066
      chain=srcnat action=src-nat to-addresses=167.114.219.211 src-address=192.168.137.66 log=no log-prefix="" 

22    ;;; 067 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=198.50.239.113 log=no log-prefix="" 

23    ;;; 067
      chain=srcnat action=src-nat to-addresses=198.50.239.113 src-address=192.168.137.66 log=no log-prefix="" 

24    ;;; 068 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=198.50.158.222 log=no log-prefix="" 

25    ;;; 068
      chain=srcnat action=src-nat to-addresses=198.50.158.222 src-address=192.168.137.66 log=no log-prefix="" 

26    ;;; 069 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=198.50.155.239 log=no log-prefix="" 

27    ;;; 069
      chain=srcnat action=src-nat to-addresses=198.50.155.239 src-address=192.168.137.66 log=no log-prefix="" 

28    ;;; 070 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=198.50.155.145 log=no log-prefix="" 

29    ;;; 070
      chain=srcnat action=src-nat to-addresses=198.50.155.145 src-address=192.168.137.66 log=no log-prefix="" 

30    ;;; 071 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=142.4.201.104 log=no log-prefix="" 

31    ;;; 071
      chain=srcnat action=src-nat to-addresses=142.4.201.104 src-address=192.168.137.66 log=no log-prefix="" 

32    ;;; 072 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=158.69.3.137 log=no log-prefix="" 

33    ;;; 072
      chain=srcnat action=src-nat to-addresses=158.69.3.137 src-address=192.168.137.66 log=no log-prefix="" 

34    ;;; 073
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.210 log=no log-prefix="" 

35    ;;; 073
      chain=srcnat action=src-nat to-addresses=167.114.219.210 src-address=192.168.137.66 log=no log-prefix="" 

36    ;;; 074 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=158.69.3.116 log=no log-prefix="" 

37    ;;; 074
      chain=srcnat action=src-nat to-addresses=158.69.3.116 src-address=192.168.137.66 log=no log-prefix="" 

38    ;;; 075 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=198.27.88.239 log=no log-prefix="" 

39    ;;; 075
      chain=srcnat action=src-nat to-addresses=198.27.88.239 src-address=192.168.137.66 log=no log-prefix="" 

40    ;;; 076 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.207 log=no log-prefix="" 

41    ;;; 076
      chain=srcnat action=src-nat to-addresses=167.114.219.207 src-address=192.168.137.66 log=no log-prefix="" 

42    ;;; 077
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.208 log=no log-prefix="" 

43    ;;; 077
      chain=srcnat action=src-nat to-addresses=167.114.219.208 src-address=192.168.137.66 log=no log-prefix="" 

44    ;;; 078
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.209 log=no log-prefix="" 

45    ;;; 078
      chain=srcnat action=src-nat to-addresses=167.114.219.209 src-address=192.168.137.66 log=no log-prefix="" 

46    ;;; 079 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.213 log=no log-prefix="" 

47    ;;; 079
      chain=srcnat action=src-nat to-addresses=167.114.219.213 src-address=192.168.137.66 log=no log-prefix="" 

48    ;;; 080
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.214 log=no log-prefix="" 

49    ;;; 080
      chain=srcnat action=src-nat to-addresses=167.114.219.214 src-address=192.168.137.66 log=no log-prefix="" 

50    ;;; 081
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.215 log=no log-prefix="" 

51    ;;; 081
      chain=srcnat action=src-nat to-addresses=167.114.219.215 src-address=192.168.137.66 log=no log-prefix="" 

52    ;;; 082 ts3ca
      chain=dstnat action=dst-nat to-addresses=192.168.137.66 dst-address=167.114.219.216 log=no log-prefix="" 

53    ;;; 082
      chain=srcnat action=src-nat to-addresses=167.114.219.216 src-address=192.168.137.66 log=no log-prefix="" 

54    ;;; General rule
      chain=srcnat action=masquerade src-address=192.168.137.0/24 out-interface=ether1 log=no log-prefix=""

HellMind · Sat Dec 26, 2015 2:39 pm

I filter the attack with this rule

0 chain=forward action=drop protocol=udp in-interface=ether1 packet-size=28 log=no log-prefix=""
This speeds are for this rule: http://puu.sh/m8n6s/7327dfed8e.png

AlexS · Tue Dec 29, 2015 12:49 am

Hi

How can I set / show the RX/TX ethernet buffer size. for a VMWare VM I would like to set the buffer size for the vmxnet3 nic.

I have had a look at /interface ethernet

is it currently set to max 4096 ?

AlexS · Tue Dec 29, 2015 2:11 am

Been doing some simple testing VMWare esxi 5.5
using iperf

2 Centos 6.6 vm.

iperf -c <serverip> -i 10 -w 128M -t 300
iperf -s -i 10 -w 128M

[ 4] 40.0-50.0 sec 11.6 GBytes 9.99 Gbits/sec
[ 4] 50.0-60.0 sec 11.7 GBytes 10.0 Gbits/sec
[ 4] 60.0-70.0 sec 11.4 GBytes 9.79 Gbits/sec
[ 4] 70.0-80.0 sec 11.7 GBytes 10.0 Gbits/sec

VM -> CHR -> VM
[ 4] 0.0-300.9 sec 61.0 GBytes 1.74 Gbits/sec
2 cpu VM ... 100% cpu

iperf -c 10.172.208.220 -i 10 -w 128M -t 300 -P 2
[SUM] 0.0-300.4 sec 70.5 GBytes 2.02 Gbits/sec

Am i missing something

HellMind · Tue Dec 29, 2015 3:01 pm

VMXNET3 is recommended ?

janisk · Tue Dec 29, 2015 4:39 pm

yes, VMXNET3 is recommended for vmware/esxi

Tue Dec 29, 2015 4:44 pm

What about Qemu? Is VMXNET3 also recommended for it? I noticed virtio-net-pci is also supported, but which one is (at least in theory) better for Qemu?

nevesjunior21 · Wed Dec 30, 2015 4:04 pm

hello, someone had successfully pppoe server? here with me RouterOS-CHR reboots, since the RouterOS-32bit works normal.

HellMind · Wed Dec 30, 2015 10:45 pm

I still need some help to set up routeros chr in xenserver and xen 4.4
Thank you

apteixeira · Thu Dec 31, 2015 7:04 pm

Hello,

CHR license is working on AWS since version 6.34rc30. It is confirmed.

What's new in 6.34rc30 (2015-Dec-30 13:57):
*) chr - license fix for AWS and similar solutions;

Best regards

HellMind · Fri Jan 01, 2016 4:25 pm

I need the xen cfg to try it on xen 4.4 :/

dirtonth · Mon Jan 04, 2016 1:50 pm

Hey Guys,

I am using CHR on AWS using the AMI you provided, and upgraded it to the latest RC30.

Everytime the router is restarted, the hostname changes to the reverse-dns. Is there a way of blocking this from happening ?

Thanks,

Matthew.

xezen · Tue Jan 05, 2016 2:32 pm

tried everything and keep getting this error

error.jpg

Tue Jan 05, 2016 2:33 pm

tried everything and keep getting this error

The error clearly says your PC disk is full

xezen · Tue Jan 05, 2016 2:44 pm

tried everything and keep getting this error
The error clearly says your PC disk is full

size.jpg

Tue Jan 05, 2016 2:48 pm

ESXi configuration includes some other disk that is used, please see VMware manual to fix this. The screenshot shows disks that the virtual machine can use, but there are others configured in the ESXI config.

ploquets · Tue Jan 05, 2016 3:02 pm

tried everything and keep getting this error
error.jpg

I'm getting same error here....

When installing routerOS..... almost done and it fails with same error:

The error is while installing the OS (from the download image)

What I've tried:

Install OS from VMware Workstation: Works.
Resize disk with VMware Workstation: Works
Migrate resized and installed image to ESXi: Work for sometime but after disk write it fails with same error
Download image and resize the RAW image with qemu: Resize Works
Convert RAW image to VMDK with qemu: Works
Create a Virtual Machine inside ESXi with the resized vmdk image by qemu: Works
Start virtual Machine on ESXi and start install: works
Finished install: SAME ERROR!

What is wrong ??!?!?!

HELP PLEASE!

xezen · Tue Jan 05, 2016 3:13 pm

funny when i install any other vmware hdd image it works or install any other vmware os it works just when i add mikrotiks i get this error

Tue Jan 05, 2016 3:16 pm

Right-click the VM and go to Edit Settings > Options tab > Swapfile location. Select one of the other options ("Always store with the virtual machine" is recommended and will probably work for you since that datastore has a lot of free space). As far as cleaning up that datastore, you can right-click it and Browse and poke around to see what kind of files are taking up the space. It may be likely that your host is configured to use a different datastore for all VMs by default and it is just taken up by swap files at this point.

HellMind · Tue Jan 05, 2016 3:23 pm

Any news on runing it on xen, or xenserver ?

janisk · Tue Jan 05, 2016 3:24 pm

ploquets - there an issue on ESXi and XVM (including Amazon) that when you want to import the installer image that is provided on the download page you have to run through the installer and then that image should be used in AMI or virtual machine creation on XEN, ESXi or Amazon (that is XEN)

xezen · Tue Jan 05, 2016 3:28 pm

Right-click the VM and go to Edit Settings > Options tab > Swapfile location. Select one of the other options ("Always store with the virtual machine" is recommended and will probably work for you since that datastore has a lot of free space). As far as cleaning up that datastore, you can right-click it and Browse and poke around to see what kind of files are taking up the space. It may be likely that your host is configured to use a different datastore for all VMs by default and it is just taken up by swap files at this point.

that didnt work i did try it as you say with the swap files

cleaned up the stores and also tryed it with just the mikrotik image on it

did a clean install created chr-6.34rc30 and same error then added all the other vm's and they started with no problem

xezen · Tue Jan 05, 2016 3:33 pm

ploquets - there an issue on ESXi and XVM (including Amazon) that when you want to import the installer image that is provided on the download page you have to run through the installer and then that image should be used in AMI or virtual machine creation on XEN, ESXi or Amazon (that is XEN)

i did see this the image it creates but if i use that image it tells me that the operating systems missing

ploquets · Tue Jan 05, 2016 3:34 pm

... datastore has a lot of free space). As far as cleaning up that datastore, you can right-click it and Browse and poke around to see what kind of files are taking up the space. It may be likely that your host is configured to use a different datastore for all VMs by default and it is just taken up by swap files at this point.

DataStore has plenty space

Even after changing the swap files for every possible option, I get same error.
Seems that the VMware snapshot engine is causing this, because the error is at the .s001 which seems to be linked with the snapshot system.

But I've tried to make the disk Independent (supposedly will disable snapshot engine) but it fails again.

apteixeira · Tue Jan 05, 2016 3:37 pm

Hey Guys,

I am using CHR on AWS using the AMI you provided, and upgraded it to the latest RC30.

Everytime the router is restarted, the hostname changes to the reverse-dns. Is there a way of blocking this from happening ?

Thanks,

Matthew.

Hello dirtonth,

You can try disabling the DHCP client options in CHR.

Best regards.

ClayE · Tue Jan 05, 2016 7:30 pm

Just downloaded chr-6.34rc30.vhdx. It looks like it gets stuck trying to start services and reboots itself.
Windows 8.1 - Hyper-v
VM has 2GB of ram (tried 512MB also)
Anyone have a link to an older RC that I can try ?

*Edit*
Scratch that, looks like RC 30,29,21 all seem to reboot continuously. Anyone have a recommendation?

*Edit 2*
Scratch all of this. It looks like the CHR will not boot / function on my laptop (Win 8.1 64bit) with Hyper-v (possibly something broken on my end). Looks like the VM boots on a test bed server 2012R2 + Hyper-v.

lorenzo95 · Wed Jan 06, 2016 12:24 am

... datastore has a lot of free space). As far as cleaning up that datastore, you can right-click it and Browse and poke around to see what kind of files are taking up the space. It may be likely that your host is configured to use a different datastore for all VMs by default and it is just taken up by swap files at this point.
DataStore has plenty space

Even after changing the swap files for every possible option, I get same error.
Seems that the VMware snapshot engine is causing this, because the error is at the .s001 which seems to be linked with the snapshot system.

But I've tried to make the disk Independent (supposedly will disable snapshot engine) but it fails again.

The only way around that issue with ESXi that I have found so far is to first run the disk in VMware Workstation and let it install. Then export the working VM to an OVA or OVF and use that via "deploy ova" in the Vsphere client. It's the only way I have been able to successfully deploy CHR on ESXi.

janisk · Wed Jan 06, 2016 3:49 pm

Just downloaded chr-6.34rc30.vhdx. It looks like it gets stuck trying to start services and reboots itself.
Windows 8.1 - Hyper-v
VM has 2GB of ram (tried 512MB also)
Anyone have a link to an older RC that I can try ?

*Edit*
Scratch that, looks like RC 30,29,21 all seem to reboot continuously. Anyone have a recommendation?

*Edit 2*
Scratch all of this. It looks like the CHR will not boot / function on my laptop (Win 8.1 64bit) with Hyper-v (possibly something broken on my end). Looks like the VM boots on a test bed server 2012R2 + Hyper-v.

there are problems on Windows 10 Pro Hyper-V, probably you have the same problem on your version of Windows. We are working on the issue for Windows 10 Pro at the moment. From get go we tested on Windows server.

HellMind · Wed Jan 06, 2016 5:37 pm

Nobody need chr on xenserver or xen?
I think everyone is using old versions.

xezen · Thu Jan 07, 2016 11:00 am

... datastore has a lot of free space). As far as cleaning up that datastore, you can right-click it and Browse and poke around to see what kind of files are taking up the space. It may be likely that your host is configured to use a different datastore for all VMs by default and it is just taken up by swap files at this point.
DataStore has plenty space

Even after changing the swap files for every possible option, I get same error.
Seems that the VMware snapshot engine is causing this, because the error is at the .s001 which seems to be linked with the snapshot system.

But I've tried to make the disk Independent (supposedly will disable snapshot engine) but it fails again.
The only way around that issue with ESXi that I have found so far is to first run the disk in VMware Workstation and let it install. Then export the working VM to an OVA or OVF and use that via "deploy ova" in the Vsphere client. It's the only way I have been able to successfully deploy CHR on ESXi.

did that and also worked for me

Nunak · Fri Jan 08, 2016 10:21 am

... datastore has a lot of free space). As far as cleaning up that datastore, you can right-click it and Browse and poke around to see what kind of files are taking up the space. It may be likely that your host is configured to use a different datastore for all VMs by default and it is just taken up by swap files at this point.
DataStore has plenty space

Even after changing the swap files for every possible option, I get same error.
Seems that the VMware snapshot engine is causing this, because the error is at the .s001 which seems to be linked with the snapshot system.

But I've tried to make the disk Independent (supposedly will disable snapshot engine) but it fails again.
The only way around that issue with ESXi that I have found so far is to first run the disk in VMware Workstation and let it install. Then export the working VM to an OVA or OVF and use that via "deploy ova" in the Vsphere client. It's the only way I have been able to successfully deploy CHR on ESXi.

[/quote]

Dear Mikrotik,

when will be this problem solved ? I would like to test Cloud hosted router... but if I have not workstation it is not possible for me.

It is so difficult for mikrotik guys did ova ? It is only about did export from vmware ..

Thanks
Nunak

xezen · Fri Jan 08, 2016 4:24 pm

how do i upgrade chr to latest version

tells me dns dont resolve

ilnicchio · Fri Jan 08, 2016 4:43 pm

I also want to use CHR with XenServer 6.5.0 but doesn't start also with viridian=false... what we need to do?

HellMind · Fri Jan 08, 2016 9:22 pm

I also want to use CHR with XenServer 6.5.0 but doesn't start also with viridian=false... what we need to do?

I cant make it start with xen 4.4
But also I need it for xen 6.2 SP 1

AlexS · Sat Jan 09, 2016 11:27 pm

Any one been able to get more than 2Gb/s on CHR on VMWare with vmxnet3 drivers for 1 tcp stream ?

janisk · Tue Jan 12, 2016 12:17 pm

those that have problems on XEN/AMI etc try to run the image under kvm or similar. You have to finish the installation and use the image then. Before that you can resize the image as after the installation resizing is not possible.

ploquets · Tue Jan 12, 2016 1:29 pm

Making the OVF does work.Thanks!

ploquets · Tue Jan 12, 2016 1:46 pm

I'm trying to use a CHR as PPPoE Server with Radius authentication.
But every time a client reach a full traffic specified on queue... the CHR reboots.

This happens specially when using a SpeedTest.

If I kill the queue related to the PPPoE client, everything works OK. But then I cannot limit the client.
The queue is generated automatically, but even if I try to setup manually the same kind of queue, same thing happens.

Using latest version 6.34rc34

Please Help!

------------------------------------------------------------------------------------------------------------------------------------
Edit:
I've installed the stable version, 6.33.3 x86 on top of ESXi and everything went well.
Same scenario from the CHR, but CHR reboots it self when queue reaches the top.

It's probably a bug from CHR. Thanks

sb1349 · Tue Jan 12, 2016 8:26 pm

Nunak
To get this working in vsphere 6 I had to use the vmware standalone converter. First import the disk image and create a template on the esx server but do not power it on. Copy the folder to your computer and then run it in the converter application. After this I was able to re-size the vm hard drive size without corrupting it.

HellMind · Wed Jan 13, 2016 9:19 pm

Anyone successfull with xenserver?

Sanity · Thu Jan 14, 2016 10:59 am

Just 2 environments

* Confirmed running and well behaving on Hyper-V? Then I will grab one and start playing with it for our external hub link.
* Did anyone get it running on Azure? I Know Azure has their own service for VPN etc. - but besides the cost of it (which is unreasonable) - I consider adding some machines to Azure and want to standardize the whole routing infrastructure on Mikrotik. What is the setup for Azure? VM with IPLP so one has full control over the IP?

janisk · Thu Jan 14, 2016 11:02 am

Hyper-V there is an issue on Windows 10Pro. It is working on Windows Server 2012 rc2 without any issues.

Sanity · Fri Jan 15, 2016 12:09 am

Which is what I use - so I will start testing it on our chicago node

Any word on Azure?

HellMind · Fri Jan 15, 2016 12:12 am

There is very large number of people asking for XENSERVER support.

Anyone knows how to fix this?
http://puu.sh/mvStA/c2dfa0360e.png

adamnash · Fri Jan 15, 2016 7:51 am

Why call it "Cloud Hosted"? Is there the ability to actually have a custom RouterOS installation hosted on a general hosting provider (NOT a specialized provider that would let you run custom VMs...)?

Have you guys (at MikroTik) considered maybe offering such a service (preferably one which, just like this VM, has full functionality, but with rate limits). If you do, I for one would certainly end up using it, as right now, to test my API client, I need to set up a VM on my PC, and no 3rd party CI service allows me to do the same with their infrastructure.

As it currently stands, this "Cloud Hosted Router" is really more like "RouterOS VM Edition".

According to me
cloud hosting is much better than other hosting solution as cloud hosting is more depended
that why i prefer MikroTik cloud hosting

janisk · Fri Jan 15, 2016 12:15 pm

There is very large number of people asking for XENSERVER support.

Anyone knows how to fix this?
http://puu.sh/mvStA/c2dfa0360e.png

what you did? Did you try to start KVM using this image so that installer finishes and then run XEN using this.

HellMind · Fri Jan 15, 2016 1:33 pm

There is very large number of people asking for XENSERVER support.

Anyone knows how to fix this?
http://puu.sh/mvStA/c2dfa0360e.png
what you did? Did you try to start KVM using this image so that installer finishes and then run XEN using this.

No, I dont know how KVM works.
I tried kvm img but it fails.

That error can be fixed runing kvm on it?

I got a working img in xen.4.4 , should I try import that image?

mpreissner · Fri Jan 15, 2016 2:43 pm

Anyone have performance metrics related to AWS instance size? I'm looking at using the CHR as a VPN/Router for a corporate cloud infrastructure, and want to be able to price out the instance sizes in terms of routing performance within the VPC as well as number of concurrent users I can support via VPN (most likely SSTP).

Any info is greatly appreciated!

HellMind · Fri Jan 15, 2016 7:43 pm

There is very large number of people asking for XENSERVER support.

Anyone knows how to fix this?
http://puu.sh/mvStA/c2dfa0360e.png
what you did? Did you try to start KVM using this image so that installer finishes and then run XEN using this.
No, I dont know how KVM works.
I tried kvm img but it fails.

That error can be fixed runing kvm on it?

I got a working img in xen.4.4 , should I try import that image?

Its working

I uploaded the runing image from xen

xe vdi-import uuid=dca021e7-bb63-4758-804d-68bdee20ab0e filename=chr-6.34rc34.img

janisk · Mon Jan 18, 2016 2:38 pm

for amazon cloud - you have to update to 6.34rc39 or newer.

Here is the new AMI IDs (~1GB of storage):
AMI ID us-west1 ami-8fba10fc (on us-east1 ami-5081a53a)

p.s. if there is important update we will create new AMI image so it is easier to launch as generic CHR as it is possible.

Hammy · Mon Jan 18, 2016 3:24 pm

You guys need to make an OVA for VMWare deployment.

i4jordan · Mon Jan 18, 2016 5:23 pm

@Janisk

For now the 6.34rc39 version is not available. The latest is 6.34rc36.

apteixeira · Mon Jan 18, 2016 5:42 pm

Anyone have performance metrics related to AWS instance size? I'm looking at using the CHR as a VPN/Router for a corporate cloud infrastructure, and want to be able to price out the instance sizes in terms of routing performance within the VPC as well as number of concurrent users I can support via VPN (most likely SSTP).

Any info is greatly appreciated!

Hello mpreissner,

I just launched tree t2.nano instances in VPC in production environment. The performance is very nice. The maximum throughput is like 150 Mbps using that kind of instance (smallest one in AWS). I am using as VPN server and gateway, and also running BGP.

I am very happy with the stability and performance.

I asume that the performance will increase if you use another instance like m3, or bigger.

Best regards.

Sent from my SM-A500Y using Tapatalk

mpreissner · Mon Jan 18, 2016 8:04 pm

Anyone have performance metrics related to AWS instance size? I'm looking at using the CHR as a VPN/Router for a corporate cloud infrastructure, and want to be able to price out the instance sizes in terms of routing performance within the VPC as well as number of concurrent users I can support via VPN (most likely SSTP).

Any info is greatly appreciated!
Hello mpreissner,

I just launched tree t2.nano instances in VPC in production environment. The performance is very nice. The maximum throughput is like 150 Mbps using that kind of instance (smallest one in AWS). I am using as VPN server and gateway, and also running BGP.

I am very happy with the stability and performance.

I asume that the performance will increase if you use another instance like m3, or bigger.

Best regards.

Sent from my SM-A500Y using Tapatalk

Thanks! This is exactly the kind of info I'm looking for. The environment I'm looking to support is essentially a handful of servers, with about 50 users that will sporadically connect to pull down Group Policy from the AD and run compliance checks on their systems. It sounds like I can get away with a t2 instance pretty easily, so that'll look great when I go ask for budget!

janisk · Tue Jan 19, 2016 9:24 am

@Janisk

For now the 6.34rc39 version is not available. The latest is 6.34rc36.

Eventually, this will become available for other architectures too. So yeah, 6.34rc39 for CHR fixes important problem on AWS. So get this if you are launching new instances.

AtmanActive · Wed Jan 20, 2016 10:13 pm

Hello,

Am I doing something wrong or as of now (2016-01-20) it is still not possible to buy a license for CHR.

I am running v6.34rc41 and whenever I try to follow the instructions published here:

http://wiki.mikrotik.com/wiki/Manual:CHR#CHR_Licencing

... I get the error message 'ERROR: This System ID with old ID already received trial license key' on the Renew License window where I need to type in my MikroTik shop account username and password.

License window shows System ID 'WtgfTcn7YNA', level 'free', Next Renewal At:'', Deadline At:'', but even when I try 'Generate New ID', still I get the same result.

Is it possible to buy a CHR license right now, or is it something planned for the future?

Thanks.

P.S. Come on guys, I want to send money your way

kasparskr · Thu Jan 21, 2016 9:49 am

Hello,

... I get the error message 'ERROR: This System ID with old ID already received trial license key' on the Renew License window where I need to type in my MikroTik shop account username and password.

License window shows System ID 'WtgfTcn7YNA', level 'free', Next Renewal At:'', Deadline At:'', but even when I try 'Generate New ID', still I get the same result.

AtmanActive, am I understanding you correctly that even after generating new System ID it remains the same 'WtgfTcn7YNA'?

How did you install this VM, did you clone/copy it from another which already had a trial license? What is the ID of that machine?

AtmanActive · Thu Jan 21, 2016 10:40 am

No, every time I click on 'Generate New ID', I do indeed get a new ID, but even then, when I try to buy the license, I get the same error.

I installed it through AWS Web UI via AMI 'ami-c6287dac'. After that I did several Package Upgrades directly from MikroTik's WinBox UI. Strangely, now when I visit my instance details, under 'AMI ID' field I see this text: 'Cannot load details for ami-c6287dac. You may not be permitted to view it.'.
.
>> What is the ID of that machine?

Which ID exactly? Where can I see it?

janisk · Thu Jan 21, 2016 11:28 am

you need newer CHR version. at least 6.34rc39. look up tese ami images eu-west1 ami-8fba10fc and on us-east1 ami-5081a53a and launch new instance. These AMIs are created by us.

AtmanActive · Thu Jan 21, 2016 3:35 pm

Yup.
That worked.
Thank you very much for you support.

Somehow I imagined that just upgrading RouterOS packages will be enough to keep it up to date, but obviously the old AMI just got stuck.
Now I re-instantiated with 'ami-5081a53a' and everything works as expected.

Now I am a proud owner of a CHR paid license.

syadnom · Fri Jan 22, 2016 12:37 am

Ok, I'm testing CHR 6.34rc41 on a vCloud system hw version 10. I'm using VMXNET3 on interfaces.

My goal is to move to a hosted router for our wISP. A LOT of advantages to not running hardware and letting our upstream datacenter handle that.

So, I'm having a throughput issue and I'd like to know what we should expect from CHR.

With 1Ghz and 1GB RAM, and the VM set for highest resource priority so there is no contention, I'm getting somewhat erratic iperf3 results across the CHR with no fw, no queues, nothing at all. Averaging about 350Mbps one way, 165Mbps duplex.

I can get MUCH more than this off hardware. A small 1Ghz ALIX APU board can do nearly Gigabit full duplex with RouterOS.

Where is the performance target for this? Are you guys planning on near performance parity with hardware?

s802 · Fri Jan 22, 2016 7:34 pm

Working well in Azure, convert vhdx disk to vhd for azure, upload to azure and do the usual to make it a disk (mark as Linux).
let's assume you have azure PowerShell working
PS C:\> Add-AzureVhd -Destination https://<yourstore>.blob.core.windows.net/vhds/mikrotik.vhd -LocalFilePath c:\vhd\chr-6.34rc39.vhd

In the azure classic portal, browse to virtual machines,
then browse to disks, click add (browse to images if you plan to deploy a few of these you can store it as an image in your library)
Select the VHD from the library where you uploaded, give it a name, tick this disk contains an operating system, set it as Linux.

if all goes well your in business, new, compute, from gallery, My Images/My disk, you should see it there, follow the usual azure deployment procedure, I found it easier to load it as an image then I could fire up a few Mikrotik routers for testing

Azure brought in the ability to use a VM as a gateway late last year, this works with mikrotik
Run this powershell.

Get-AzureVM -Name MikrotikRouter -ServiceName MikrotikRouter | Set-AzureIPForwarding -Enable

Then your going to need to follow the guise below to setup your custom routing table

https://azure.microsoft.com/en-us/docum ... -overview/

I've only got the free licence running so limited to 1Mbit (limit only seems to apply to send) I;ve managed to get 100Mbit on receive tests. Happy to test both ways if there is a trial licence going

Static ip allocation through the azure portal works fine (it's just dhcp), trying to change the Ethernet interface Ip manually does appear to break things (like all azure services) .

Running my test boxes on Azure A0 without issue, so 11 euro a month to run if on 24x7.

Openvpn works fine, haven't got round to trying pptp/l2tp/ipsec yet.

yllwfsh · Mon Jan 25, 2016 2:05 am

Hi guys,

Got it running on our XenServer 6.5 environment (CHR 6.34rc41), however, when I try to 'migrate' the vm to a different host it freezes. Also shutdown via Xen doesn't work (restart does).

Would it be possible to give the XenServer host some info via the Kernel? It currently looks like this:

Screen Shot 2016-01-25 at 00.58.59.png

I know that Xen support is possible via the Linux kernel because Debian/Ubuntu works (says Virtualisation state 'Optimised' and OS name) even without Xen Tools.

On a positive note: got full Gigabit performance between a Routerboard and CHR with the built-in speedtest. Nice.

I'm really looking forward to implement CHR in our environment. Starting as secondary router initially but who knows...

metricmoose · Mon Jan 25, 2016 5:11 am

The CHR is working mostly great from my brief tests on VMware and Hyper-V. I'd love to virtualize a couple old hotspot routers, though I've noticed an issue with Usermanager. For some reason, when I click on the "Maintenance" button, I immediately get a message saying "Invalid/unknown response from server:". Then I'm kicked out to the login screen with a "Your session has been reset due to inactivity" message. Should I create a support ticket for this issue?

Also, I really like the CHR licensing setup with the System IDs and the account interface to move around licenses. It makes a lot more sense to me than tying it to the CF card / HDD. Are there any plans to bring this licensing setup to the regular X86 image or other Routerboards?

paranoid · Mon Jan 25, 2016 12:13 pm

I'm trying to use a CHR as PPPoE Server with Radius authentication.
But every time a client reach a full traffic specified on queue... the CHR reboots.

This happens specially when using a SpeedTest.

If I kill the queue related to the PPPoE client, everything works OK. But then I cannot limit the client.
The queue is generated automatically, but even if I try to setup manually the same kind of queue, same thing happens.

Using latest version 6.34rc34

Please Help!

------------------------------------------------------------------------------------------------------------------------------------
Edit:
I've installed the stable version, 6.33.3 x86 on top of ESXi and everything went well.
Same scenario from the CHR, but CHR reboots it self when queue reaches the top.

It's probably a bug from CHR. Thanks

Hi

I use CHR 6.34rc41 on linux kvm ubuntu 14.04

If I enable mangling rules and queue tree, routeros reboots on queue limit. Seems to be the same bug.

Kind regards

s802 · Mon Jan 25, 2016 6:03 pm

Ok some more simple tests today in azure, (thanks to support for the test license)

Getting good bandwidth on receive tests inside Azure,

634 Mbps

Having some problems on send tests im looking at, ill update soon

One thing worth noting, every shutdown and restart enables a new interface, so after 7 startups I am on ether7 for my lan interface. This is probably udev related, ive seen this on centos on azure before.

https://azure.microsoft.com/en-us/docum ... hd-centos/

Going to try some vpn tunnels next, I have BGP already runnning over an openvpn tunnel between AWS & AZURE (two private networks, AWS ), very stable & low latency.

syadnom · Tue Jan 26, 2016 1:14 am

Running pretty well in VMWare vCloud using VMXNET3. Not as well as on hardware, but I'm getting ~1.4Gbps raw TCP across 2 interfaces w/ 1 2Ghz CPU. I'm getting about 800Mbps across a simple queue.

When can we expect an upgradable release? I don't want to go through the process of making a vCloud compatible ovf more than once (VMWare workstation create VM w/ VMDK file, export, convert to vCloud ovf, upload to vCloud! ).

Thanks.

HaPe · Tue Jan 26, 2016 1:24 am

CHR 6.34rc41 (Release candidate) doesn't work with HYPER-V 1st generation. There is a boot loop after DSK key generation...
WIN 10 pro+hyper-v.

janisk · Tue Jan 26, 2016 10:33 am

Ok some more simple tests today in azure, (thanks to support for the test license)

Getting good bandwidth on receive tests inside Azure,

634 Mbps

Having some problems on send tests im looking at, ill update soon

One thing worth noting, every shutdown and restart enables a new interface, so after 7 startups I am on ether7 for my lan interface. This is probably udev related, ive seen this on centos on azure before.

https://azure.microsoft.com/en-us/docum ... hd-centos/

Going to try some vpn tunnels next, I have BGP already runnning over an openvpn tunnel between AWS & AZURE (two private networks, AWS ), very stable & low latency.

create support output file on running, then shut down/start and if interface name has changed again - create another support output file and send it to us so we can check what is the issue with this.

syadnom
whan you mean - upgradable? It should be from the start upgradable to newer version. Only when you run out of the lincese time upgrade is not possible.

zylantha · Tue Jan 26, 2016 12:41 pm

Got it running on our XenServer 6.5 environment (CHR 6.34rc41)

What is the trick to get it running in XenServer? All of us are stuck with the dreaded "Booting kernel failed: Invalid argument" message.

syadnom · Tue Jan 26, 2016 6:56 pm

syadnom
whan you mean - upgradable? It should be from the start upgradable to newer version. Only when you run out of the lincese time upgrade is not possible.

right now I only see the images on the download page, no 'upgrade' packages.

I'm on rc41, but rc45 is available. How do I upgrade?

nik247 · Tue Jan 26, 2016 7:27 pm

syadnom
whan you mean - upgradable? It should be from the start upgradable to newer version. Only when you run out of the lincese time upgrade is not possible.
right now I only see the images on the download page, no 'upgrade' packages.
I'm on rc41, but rc45 is available. How do I upgrade?

Current:

/system package update
set channel=current
check-for-updates

/system package update
set channel=current
download

/system reboot

Release-candidate:

/system package update
set channel=release-candidate
check-for-updates

/system package update
set channel=release-candidate
download

/system reboot

syadnom · Tue Jan 26, 2016 11:14 pm

got it. thanks.

yllwfsh · Wed Jan 27, 2016 12:41 am

Got it running on our XenServer 6.5 environment (CHR 6.34rc41)
What is the trick to get it running in XenServer? All of us are stuck with the dreaded "Booting kernel failed: Invalid argument" message.

I downloaded the VDI image, then made a new VM in VirtualBox with that VDI as hard disk (according howto on page 1). Started the machine in VirtualBox to let the image install. Then exported the machine and imported it in XenServer 6.5 with the profile 'Other install media' and voila it boots!

Don't worry about adding the right number of interfaces beforehand, you can do that in XenServer.

Tip for expanding the hard drive of the image: just increase the disk size with XenServer and then boot the vm with Gparted Live iso. Expand the partition, reboot, eject the iso and you're done.

yllwfsh · Wed Jan 27, 2016 12:56 am

Don't know if it's allowed to share the XenServer image according to forum rules, but here goes:

Download here

It's a 96MB .xva export with two interfaces and 1GB disk. Enjoy testing.

Disclaimer: Own risk, no support etc etc (standard stuff)

janisk · Wed Jan 27, 2016 1:06 pm

if you increase the virtual disk size before hand, then when RouterOS installs, it will take that new size. So, you can increase the image before the virtualbox.

juanvi · Wed Jan 27, 2016 2:13 pm

http://www.mikrotik.com/chr-6.34rc45.img.zip not available

How I can resize VMware disk image file before installs?

biomesh · Wed Jan 27, 2016 3:11 pm

Juanvi, you can use the vmware provided tool vmware-vdiskmanager for the pre deployment resizing.

syadnom · Wed Jan 27, 2016 3:51 pm

I just uses VMware workstation to do it.

For vcloud you can just use it as is, then resize it once deployed. Boot up your fav partitioning iso and resize.

juanvi · Wed Jan 27, 2016 4:36 pm

My walkaround:

Starting with raw. Downloaded chr-6.34rc19.img from this thread link.

Then qemu:
Resize image with quemu
cd "C:\Program Files\qemu\"
qemu-img resize -f raw chr.img +500M

And convert to VM:
qemu-img convert -f raw -O vmdk chr-6.31rc9.img chr-6.31rc9.vmdk

Working well. Updated with winbox to 6.34rc45 with no problems now. Thanks to all. No know about these tools for pre-deployment.

Hammy · Thu Jan 28, 2016 3:12 am

Any updates on making an OVA so it doesn't take 47 steps to get into vSphere?

syadnom · Thu Jan 28, 2016 3:23 am

Any updates on making an OVA so it doesn't take 47 steps to get into vSphere?

I just did it once and have imported the same 'bare image' a bunch of times. Then generate a new ID once you've booted it up. Now that I figured out (...was told what to do...) updating, this is really simple and takes just 30-40 seconds to spawn a new CHR from the template.

janisk · Thu Jan 28, 2016 10:13 am

just do not downgrade below 6.34rc25 as older versions will not have licensing. So, when using /system package update, make sure to what version your CHR is going to be changed (upgraded or downgraded)

s802 · Thu Jan 28, 2016 7:20 pm

Quick update on azure, as a cold start (start from shutdown) results in a new mac address (static mac addresses are on the roadmap for azure). your interface number will increment eat every boot, so ether2 becomes ether3 etc.... If your planning to go 24x7 that is not really an issue, if your planning to stop and start a lot you could run into issues. Do not hard code any interface names into any rules etc...

eugenics61 · Fri Jan 29, 2016 8:46 pm

Running CHR 6.34 VHDX server 2012R2 an Fatal error.
Disk formatting, it is unnecessary

sacwireless · Fri Jan 29, 2016 10:37 pm

for amazon cloud - you have to update to 6.34rc39 or newer.

Here is the new AMI IDs (~1GB of storage):
AMI ID us-west1 ami-8fba10fc (on us-east1 ami-5081a53a)

p.s. if there is important update we will create new AMI image so it is easier to launch as generic CHR as it is possible.

I could only find the ami-5081a53a in us-east-1, could not find anything in us-west-1 or us-west-2.

I was able to launch the ami-5081a53a and then create my own AMI image from the instance I launched, but it would not import the SSH key when launching a new instance, it only kept the original imported SSH key when I launched from your AMI.

Is there something I am missing from being able to have SSH keys imported from AWS when launching?

Sat Jan 30, 2016 6:30 am

Using CHR 6.34 on Qemu 2.4.0, I can duplicate the error eugenics61 mentions above with the vmdk, vdi and img images.

paranoid · Mon Feb 01, 2016 1:16 pm

I'm trying to use a CHR as PPPoE Server with Radius authentication.
But every time a client reach a full traffic specified on queue... the CHR reboots.

This happens specially when using a SpeedTest.

If I kill the queue related to the PPPoE client, everything works OK. But then I cannot limit the client.
The queue is generated automatically, but even if I try to setup manually the same kind of queue, same thing happens.

Using latest version 6.34rc34

Please Help!

------------------------------------------------------------------------------------------------------------------------------------
Edit:
I've installed the stable version, 6.33.3 x86 on top of ESXi and everything went well.
Same scenario from the CHR, but CHR reboots it self when queue reaches the top.

It's probably a bug from CHR. Thanks
Hi

I use CHR 6.34rc41 on linux kvm ubuntu 14.04

If I enable mangling rules and queue tree, routeros reboots on queue limit. Seems to be the same bug.

Kind regards

Hi

Updated to CHR 6.34 release, same issue. RouterOS reboots when firewall mangling an queue tree enabled. Ubuntu 14.04 KVM virtio net and blk.
Any Idea?

kind regards,

janisk · Mon Feb 01, 2016 3:27 pm

Using CHR 6.34 on Qemu 2.4.0, I can duplicate the error eugenics61 mentions above with the vmdk, vdi and img images.

try with at least 128MB of RAM.

Tue Feb 02, 2016 4:36 am

Using CHR 6.34 on Qemu 2.4.0, I can duplicate the error eugenics61 mentions above with the vmdk, vdi and img images.
try with at least 128MB of RAM.

Huh... It worked.

I was about to suggest you update the Wiki, but I see you've already done just that. Nice.

janisk · Tue Feb 02, 2016 12:29 pm

yes, the inclusion of the dude in the CHR by default caused this problem during the installation phase. After the installation, it is possible to reduce the RAM assigned to the CHR.

janisk · Tue Feb 02, 2016 12:51 pm

btw, updated AMI image to the 6.34 new AMI IDs are as follows for the regions eu-west1 ami-7d77c10e, on us-east1 ami-07ddf26d

You can copy the AMI to the other region where you reside.

janisk · Tue Feb 02, 2016 4:13 pm

I'm trying to use a CHR as PPPoE Server with Radius authentication.
But every time a client reach a full traffic specified on queue... the CHR reboots.

This happens specially when using a SpeedTest.

If I kill the queue related to the PPPoE client, everything works OK. But then I cannot limit the client.
The queue is generated automatically, but even if I try to setup manually the same kind of queue, same thing happens.

Using latest version 6.34rc34

Please Help!

------------------------------------------------------------------------------------------------------------------------------------
Edit:
I've installed the stable version, 6.33.3 x86 on top of ESXi and everything went well.
Same scenario from the CHR, but CHR reboots it self when queue reaches the top.

It's probably a bug from CHR. Thanks

do you have support output file generated for this setup, if so, then send it to support.

aboiles · Tue Feb 02, 2016 4:23 pm

Server 2012R2 CHR as VM
Router OS c6.35rc2

Microsoft-Windows-Hyper-V-VmSwitch
EventID 27
Networking driver in chr loaded but has a different version from the server. Server version 5.0 Client version 3.2 (Virtual machine ID 59ECB3F6-B990-41F1-9013-786895557B5C). The device will work, but this is an unsupported configuration. This means that technical support will not be provided until this problem is resolved. To fix this problem, upgrade the integration services. To upgrade, connect to the virtual machine and select Insert Integration Services Setup Disk from the Action menu.

Are there plans to upgrade the native drivers for Hyper-V?

sacwireless · Wed Feb 03, 2016 7:23 am

btw, updated AMI image to the 6.34 new AMI IDs are as follows for the regions eu-west1 ami-7d77c10e, on us-east1 ami-07ddf26d

You can copy the AMI to the other region where you reside.

I get the following when trying to copy the us-east1 AMI:

"You do not have permission to access the storage of this ami"

To make sure I could actually copy an AMI, I made a copy Amazon's own ami-60b6c60a, which went without a hitch.

janisk · Thu Feb 04, 2016 12:53 pm

sorry about that. Snapshots are made public now for US N.Arizona and EU Irelan clusters.

yllwfsh · Thu Feb 04, 2016 1:05 pm

Any update on Xen kernel support for upcoming releases? CHR itself is working nicely but it's useless to me in a XenServer environment if I cannot make it migrate between servers.

sacwireless · Thu Feb 04, 2016 10:34 pm

sorry about that. Snapshots are made public now for US N.Arizona and EU Irelan clusters.

perfect! i was able to copy the ami and launch an instance in us-west-2 without any issues, thank you!!

sacwireless · Fri Feb 05, 2016 4:50 am

sorry about that. Snapshots are made public now for US N.Arizona and EU Irelan clusters.

I just noticed that no matter what you set the disk size to on AWS EC2 when launching the official AMI(or copied), it seems to be only around 100MB...

[admin@] > /system resource print
uptime: 3m39s
version: 6.34 (stable)
build-time: Jan/29/2016 10:25:47
free-memory: 479.0MiB
total-memory: 496.3MiB
cpu: Intel(R)
cpu-count: 1
cpu-frequency: 2400MHz
cpu-load: 0%
free-hdd-space: 64.1MiB
total-hdd-space: 95.2MiB
write-sect-since-reboot: 2224
write-sect-total: 2225
architecture-name: x86_64
board-name: CHR
platform: MikroTik

Trying to import a 245MB Dude export obviously fails because there is not enough storage. Thoughts/Fixes?

sacwireless · Fri Feb 05, 2016 10:29 pm

I have managed to expand the partition myself on AWS and give the instance I launched more space, it would be nice though if the official AMI actually used the 1GB of space it was built with originally.

I am sure some people out there might have large Dude backups that they would want to import/export, or other optional services/files that run on MikroTik that might require more space that we had running on x86 version of MikroTik.

Sat Feb 06, 2016 12:35 am

You can use secondary drive for Dude.

Sanity · Sun Feb 07, 2016 6:31 pm

Just installing my first install CHR and playing with it. Hyper-V host.

The time service is off. It seems to take the time from the host. But it ignores the datetime offset.

If I configure CHR timezone, the offset gets applied twice

Quite obvious for me, as I am in europe, the machine in chicago and the server is running US local time.

In order to get the correct time, I must set it to Etc/GMT+0 - which neither me nor the machine have.

syadnom · Sun Feb 07, 2016 6:40 pm

Just installing my first install CHR and playing with it. Hyper-V host.

The time service is off. It seems to take the time from the host. But it ignores the datetime offset.

If I configure CHR timezone, the offset gets applied twice Quite obvious for me, as I am in europe, the machine in chicago and the server is running US local time.

In order to get the correct time, I must set it to Etc/GMT+0 - which neither me nor the machine have.

Hyper-v has given me issues setting the hardware time on Linux vms. I suspect this is just hyper-v being peculiar.

brwainer · Sun Feb 07, 2016 10:19 pm

Just installing my first install CHR and playing with it. Hyper-V host.

The time service is off. It seems to take the time from the host. But it ignores the datetime offset.

If I configure CHR timezone, the offset gets applied twice Quite obvious for me, as I am in europe, the machine in chicago and the server is running US local time.

In order to get the correct time, I must set it to Etc/GMT+0 - which neither me nor the machine have.
Hyper-v has given me issues setting the hardware time on Linux vms. I suspect this is just hyper-v being peculiar.

Do you try to use the Hyper-V "Integration feature" of "Time synchronization"? try setting up VMs with that on and off and see if there is a difference. I never have time issues with Time Synchronization on, but I only use Centos 6/7 on Hyper-V, and I always install the hyper-v tools in the guest via yum.

janisk · Mon Feb 08, 2016 11:40 am

sorry about that. Snapshots are made public now for US N.Arizona and EU Irelan clusters.
I just noticed that no matter what you set the disk size to on AWS EC2 when launching the official AMI(or copied), it seems to be only around 100MB...

[admin@] > /system resource print
uptime: 3m39s
version: 6.34 (stable)
build-time: Jan/29/2016 10:25:47
free-memory: 479.0MiB
total-memory: 496.3MiB
cpu: Intel(R)
cpu-count: 1
cpu-frequency: 2400MHz
cpu-load: 0%
free-hdd-space: 64.1MiB
total-hdd-space: 95.2MiB
write-sect-since-reboot: 2224
write-sect-total: 2225
architecture-name: x86_64
board-name: CHR
platform: MikroTik

Trying to import a 245MB Dude export obviously fails because there is not enough storage. Thoughts/Fixes?

my bad. Here are new AMIs with 6.34.1 and proper image size: eu-west1 ami-bef141cd; us-east1 ami-3f486355

as any size below 1GB is not reasonable as that is the smallest possible image size.

Edit: all fixed now
Edit: even us-east1 permissions fixed. Also, there are 2 AMIs usually, so any of you can copy any of those to the other cluster.

pfalconi · Thu Feb 11, 2016 5:14 pm

Hi Normis,

I can purchase a license and assign it to CHR?

Thanks for your reply.

shaoranrch · Mon Feb 15, 2016 2:31 am

Hi,

Could anyone tell me if Bridge Filter works on CHR? Been working on some simulations, need to filter traffic comming from an especific port with an especific VLAN tag, but the problem is, the rules never "trigger". It's a simple rule matching:

1.- In-Interface (the interface belongs to a bridge)
2.- MAC Protocol = VLAN
3.- VLAN ID = 100

Running V6.33.5

syadnom · Mon Feb 15, 2016 3:38 am

What virt environment? Some don't support vlans...

shaoranrch · Mon Feb 15, 2016 4:35 am

What virt environment? Some don't support vlans...

This is running on GNS3 I can see the tags by using Wireshark, so the issue is not a lack of support.

As a matter of fact I've tested the VLANS a lot with virtual switches connected to the mk boxes and mikrotik connected to another mikrotik. The issue is the rules never trigger. Even though the interface is receiving tagged traffic.

Enviado desde mi MotoE2(4G-LTE) mediante Tapatalk

Mon Feb 15, 2016 8:18 am

Bridge firewall has to be enabled explicitly. It is off by default.

Chupaka · Mon Feb 15, 2016 4:01 pm

Bridge firewall has to be enabled explicitly. It is off by default.

did you mean 'use-ip-firewall' in bridge settings? it should not affect Bridge Filter

Mon Feb 15, 2016 5:21 pm

I did. Even CHR may behave differently, I realised that when I needed to use filter rules on bridge level I needed to switch this option on. Maybe I am wrong, it was just hint that could be tried easily within a second.

shaoranrch · Mon Feb 15, 2016 6:29 pm

It shouldn't do that. That option is for using the /ip firewall. Anyway I tried still no success. I did upgrade to 6.34.1 same issue.

The interface is inside the bridge, I'm talking about the physical interface not a vlan interface. The frames are being received tagged. The rule is a simple in-interface; mac-protocol; vlan-tag.

Whatever I do it doesn't trigger.

Enviado desde mi MotoE2(4G-LTE) mediante Tapatalk

shaoranrch · Tue Feb 16, 2016 2:31 am

So I did try the rule on real equipment and works as intended. I think this is a bug of some sort or a non-supported feature on CHR (which would be nice to have)

nmaton · Tue Feb 16, 2016 8:46 pm

Is there any news regarding SR-IOV support?
I've demo installed a Cloud hosted router in openstack but I can't seem to see my SR-IOV interface?
Has this been cancelled? We would really like to use the CHR as our routing engine in Openstack, however without SR-IOV we can't use it decently.

Thanks!

shaoranrch · Wed Feb 17, 2016 1:58 am

Also, still got issues with BGP and CHR, routes being advertised by other routers don't appear in the:

/routing bgp advertisements print

But the routes are installed inside the routing table.

V6.34.1

raffav · Wed Feb 17, 2016 3:00 pm

iam getting this here

[raffaello@CHR-1] > system license renew account=raffav level=p1
password: ******
status: ERROR: This System ID with old ID already received trial
license key pause]

[raffaello@CHR-1] > system license print
system-id: Bfj8Y2IKdRJ
level: free
[raffaello@CHR-1] > system license generate-new-id
Your license will become invalid. Continue, yes? [y/N]:
y
[raffaello@CHR-1] > system license print
system-id: CCpSFPsCZkE
level: free
[raffaello@CHR-1] >
[raffaello@CHR-1] > system license renew account=raffav level=p1
password: ******
status: ERROR: This System ID with old ID already received trial
license key pause]

[raffaello@CHR-1] >
/system resource> print
uptime: 9m56s
version: 6.35rc8 (testing)
build-time: Feb/11/2016 07:07:30
free-memory: 219.7MiB
total-memory: 245.8MiB
cpu: Intel(R)
cpu-count: 4
cpu-frequency: 2394MHz
cpu-load: 0%
free-hdd-space: 14.8GiB
total-hdd-space: 14.9GiB
write-sect-since-reboot: 1176
write-sect-total: 1177
architecture-name: x86_64
board-name: CHR
platform: MikroTik

aboiles · Wed Feb 17, 2016 5:14 pm

I am no longer able to update the CHR,

/system license> print
system-id: -
level: p1
limited-upgrades:yes
next-renewal-at: feb/21/2016 19:03:55
deadline-at: feb/16/2016 21:59:59

HellMind · Wed Feb 17, 2016 5:43 pm

iam getting this here

[raffaello@CHR-1] > system license renew account=raffav level=p1
password: ******
status: ERROR: This System ID with old ID already received trial
license key pause]

[raffaello@CHR-1] > system license print
system-id: Bfj8Y2IKdRJ
level: free
[raffaello@CHR-1] > system license generate-new-id
Your license will become invalid. Continue, yes? [y/N]:
y
[raffaello@CHR-1] > system license print
system-id: CCpSFPsCZkE
level: free
[raffaello@CHR-1] >
[raffaello@CHR-1] > system license renew account=raffav level=p1
password: ******
status: ERROR: This System ID with old ID already received trial
license key pause]

[raffaello@CHR-1] >
/system resource> print
uptime: 9m56s
version: 6.35rc8 (testing)
build-time: Feb/11/2016 07:07:30
free-memory: 219.7MiB
total-memory: 245.8MiB
cpu: Intel(R)
cpu-count: 4
cpu-frequency: 2394MHz
cpu-load: 0%
free-hdd-space: 14.8GiB
total-hdd-space: 14.9GiB
write-sect-since-reboot: 1176
write-sect-total: 1177
architecture-name: x86_64
board-name: CHR
platform: MikroTik

Same to me,
I bought a new p1 also to use it , And it doesnt work,
I dont see it in the mikrotik webpage.
I got my system down

HellMind · Wed Feb 17, 2016 6:28 pm

How can I change the old ID?
I really need to active the routeros again.
I cant doit with a trial or with a paid license.
Im trapped

HellMind · Wed Feb 17, 2016 6:31 pm

I bought 2 upgrade license p1
and I see nothing in the site:(
http://puu.sh/nbmT0/75256a753a.png

raffav · Wed Feb 17, 2016 7:08 pm

maybe because the license is not 100% available for sell
and i think that for the trial time for now was supposed to able renew it

HellMind · Wed Feb 17, 2016 7:18 pm

Well the system is available , it let you pay without problem.
Its sad I dont get a reply from mikrotik

aboiles · Wed Feb 17, 2016 7:19 pm

I am no longer able to update the CHR,

/system license> print
system-id: -
level: p1
limited-upgrades:yes
next-renewal-at: feb/21/2016 19:03:55
deadline-at: feb/16/2016 21:59:59

update
purchased license, renewed from winbox and rebooted.
system upgraded to 6.35rc11

HellMind · Wed Feb 17, 2016 7:31 pm

There must be a way at least to get the 24 h unlimited license!

raffav · Wed Feb 17, 2016 7:53 pm

any one have some idea how this will work
Perpetual is a lifetime license (buy once, use forever). It is possible to transfer a perpetual license to another CHR instanse.

HellMind · Wed Feb 17, 2016 8:08 pm

How can I generate a new sys id , Chould I change cpu mac or something?

HellMind · Wed Feb 17, 2016 8:16 pm

How can I contact Mikrotik besides email support@mikrotik.com ?
It seems they arent working, or dont reply about chr anymore

HellMind · Wed Feb 17, 2016 9:35 pm

I get no reply in 5 hours!
Im limited at 1Mb.

HellMind · Thu Feb 18, 2016 4:43 am

Solved myself reinstalling the whole vps

swoky · Thu Feb 18, 2016 10:24 am

I bought a p1 license ,but the CHR's license is still free,how can i make it work ?

i tried to renew and also restarted the CHR,but it is still free

[admin@MikroTik] > /system license renew
account: ***
password: ************
level: p1
status: done

[admin@MikroTik] > /system license print
system-id: *****
level: free
[admin@MikroTik] >

i also sent email to support@mikrotik.com,but no response,

i am really in a hurry to fix this problem, pls reply soon

enginechassisworks · Fri Feb 19, 2016 8:02 am

Hi guys,

Got it running on our XenServer 6.5 environment (CHR 6.34rc41), however, when I try to 'migrate' the vm to a different host it freezes. Also shutdown via Xen doesn't work (restart does).

Would it be possible to give the XenServer host some info via the Kernel? It currently looks like this:

Screen Shot 2016-01-25 at 00.58.59.png
I know that Xen support is possible via the Linux kernel because Debian/Ubuntu works (says Virtualisation state 'Optimised' and OS name) even without Xen Tools.

On a positive note: got full Gigabit performance between a Routerboard and CHR with the built-in speedtest. Nice.

I'm really looking forward to implement CHR in our environment. Starting as secondary router initially but who knows...

How do you get CHR to work on Xenserver . Still be trying with no luck .

ploquets · Mon Feb 22, 2016 4:44 pm

Is there any stable version for CHR ?
On mikrotik download page we can find a stable version, but, after installing, it recognizes as x86, which make our license invalid.

Thanks

janisk · Tue Feb 23, 2016 2:07 pm

is GNS3 by itself aware of the VLANs sometimes these virtual systems just bork the VLAN tags.

Tue Feb 23, 2016 6:17 pm

is GNS3 by itself aware of the VLANs sometimes these virtual systems just bork the VLAN tags.

While I haven't played with VLANs myself, I've noticed that GNS3 switches have the option to specify a VLAN at each port, and there's no "pass-through" option - you must specify a VLAN, and it defaults to 1.

So it's very much possible that GNS3 effectively ignores all of your VLAN settings, in favor of whatever the switch node says.

Hubs on the other hand have no VLAN setting, so these should definitely preserve VLAN settings.

Ascendo · Tue Feb 23, 2016 9:00 pm

I bought a p1 license ,but the CHR's license is still free,how can i make it work ?

i tried to renew and also restarted the CHR,but it is still free

[admin@MikroTik] > /system license renew
account: ***
password: ************
level: p1
status: done

[admin@MikroTik] > /system license print
system-id: *****
level: free
[admin@MikroTik] >

i also sent email to support@mikrotik.com,but no response,

i am really in a hurry to fix this problem, pls reply soon

Same problem here except with trial license. Did you ever get it working?

apteixeira · Wed Feb 24, 2016 5:17 am

* POST UPDATED: 24-02-2016 @ 09:12AM

How to run CHR on AWS (Amazon Web Services) VPC (Virtual Private Cloud) as the default firewall / router gateway

Many people have been asking me how to use the CHR as the default firewall / router of your VMs behind a VPC in AWS. Here is a guide that will guide you step by step. Is not as hard as it seems.

Basic concepts:

What is AWS?
https://aws.amazon.com/

What is an EC2?
https://aws.amazon.com/ec2/

What is a VPC?
https://aws.amazon.com/vpc/

Considerations
- You have to define different LAN/WAN segments for your CHR and for your VMs behind the CHR
- Your LAN segment on the CHR will be different from your LAN segment on your VMs. AWS will route then for you
- The VPC will control the routes between your networks

Network layout:

Steps:

1. Create a VPC using the wizard. Choose "VPC with Public and Private Subnets"
* LAN for VMs: 10.10.21.0/24 (LAN1)
* LAN for CHR: 10.10.11.0/24 (LAN2)

2. Once done you will need to delete the NAT gateway or NAT instance automatically created by the wizard. The CHR will replace this NAT instance.

3. Now you need to create another subnet that will connect the CHR to the internet
* WAN for CHR: 10.10.12.0/24 (WAN)

4. At the VPC subnets menu you have to change the route table assigned to the new subnet. You have to choose the NOT main table where target for 0.0.0.0/0 will be something like this "igw-c064bfa4"

5. Create you CHR VM based on AMI (image)
* Assign and IP from WAN network
* Create and assign a security profile with full access (because the CHR will be your firewall)

6. Once created you have to disable "Source/Destination Check" to allow the CHR to be the gateway of your VMs

7. Create and assign an elastic IP for you CHR
* Now you can access your CHR from internet
* Highly recommended: change default password of the CHR
* Check that you can access the CHR, then shutdown the VM

* UPDATED: 24-02-2016 @ 09:12AM
8. Create a new network interface and assign it to the CHR
* Assign and IP from LAN2 (this will be used to reach your VMs)
* Also disable "Source/Destination Check" on this new interface (check step 6)

* UPDATED: 24-02-2016 @ 09:12AM
9. VPC main routing table: you have to change the VPC main routing table to allow you CHR to be the default gateway of your VMs. To do that you have to:
* Modify the main routing table selecting your CHR VM as gateway for destination 0.0.0.0/0

10. Start your CHR VM
* Access it using winbox or webfig (use elastix IP)

11. Add a DHCP client on the ether2 (subnet to access LAN servers) without default route

12. Add a static route to reach the LAN segment

13. Create and start a new VM and assign to your LAN1 segment (10.10.21.0/24)
* Assign a security profile with full access (because the CHR will be your firewall)

14. Once started you should ping it from your CHR

15. Create the appropriate masquerade rule and a dst-nat to access your VM.

16. Finally access your VM from the public IP

17. Configuring your CHR as firewall, vpn server, etc

18. You can access the actual example CHR to see the configuration (use winbox):
IP: 52.72.63.46
User: mikrotik
Password: mikrotik
Group: read

* UPDATED: 24-02-2016 @ 09:12AM
19. Access the web server behind the CHR
* To check that is working you can access via web browser to http://52.72.63.46:380/
* There is a dst-nat to access the web server on the Ubuntu server behind the CHR

StubArea51 · Wed Feb 24, 2016 10:52 am

is GNS3 by itself aware of the VLANs sometimes these virtual systems just bork the VLAN tags.

The GNS switches are VLAN aware if you change the port from access to dot1q. I've been using VLANs with CHR in GNS3 successfully since the CHR 6.32 image

syadnom · Mon Feb 29, 2016 5:54 pm

just linking in my request http://forum.mikrotik.com/viewtopic.php?f=1&t=105277

I really would like to have this setup in HA, but need the integration tools/kernel module to do so. I believe this should be pretty easy to integrate, but can only be done by mikrotik.. Thanks.

yllwfsh · Tue Mar 01, 2016 9:19 am

just linking in my request http://forum.mikrotik.com/viewtopic.php?f=1&t=105277

I really would like to have this setup in HA, but need the integration tools/kernel module to do so. I believe this should be pretty easy to integrate, but can only be done by mikrotik.. Thanks.

As per my earlier request I second that.

syadnom · Tue Mar 01, 2016 4:27 pm

I can live-migrate... but without the xentools kernel module installed, the CHR is freezing on resume. I've found plenty of posts about the linux kernel freezing the same way then xentools isnt installed. I can't pull anything of value out of the CHR's logs so can only assume this is the issue.

Also, xentools implies he PV NIC drivers. It's apparent that these are not in use because the network performance is 1/3 of what it is in VMWARE with VMXNET3.

Just to maybe entice mikrotik, here is a VERY nice scenario

2x XenServer hosts with glusterfs on dom0 using local storage, exported via nfs, and used in XenCenter as NAS storage. CHR hosted on this storage and able to be configured HA *and* able to be live migrated between XenServer hosts. This is a FANTASTIC 2 node, redundant cluster for hosting CHR, as well as ntopng, dns servers, etc in service to a wISP and can be done in 2U as to not break the bank if your uplink is a datacenter.. This cannot be done with vmware... Can be done with Hyper-V and kvm too.

I guess what I'm saying is please don't make vmware the only priority, xen pv and kvm pv will certainly be ideal hosts and hyper-v potentially .

C0ReDuMP · Thu Mar 03, 2016 8:31 pm

CHR 6.34rc41 (Release candidate) doesn't work with HYPER-V 1st generation. There is a boot loop after DSK key generation...
WIN 10 pro+hyper-v.

Using the synthetic network adapter the boot loop occurs also on Windows 2012 R2 and Windows 8.1. With legacy network adapter the CHR boot correctly but the speed is limited to 100 Mbps.

On Windows 2012 (not R2) the CHR boots correctly also with synthetic network adapter. Probably it works also on Windows 8 (I didn't test this last configuration).

Could MikroTik help us to solve this problem? In our server farm all the hypervisors are 2012 R2 and we would like to buy some CHR licenses.

Thanks in Advace,
Davide

kbuska · Thu Mar 03, 2016 10:39 pm

So stupid question time, unlimited license is still per interface or its unlimited?

C0ReDuMP · Fri Mar 04, 2016 2:43 am

CHR 6.34rc41 (Release candidate) doesn't work with HYPER-V 1st generation. There is a boot loop after DSK key generation...
WIN 10 pro+hyper-v.
Using the synthetic network adapter the boot loop occurs also on Windows 2012 R2 and Windows 8.1. With legacy network adapter the CHR boot correctly but the speed is limited to 100 Mbps.

On Windows 2012 (not R2) the CHR boots correctly also with synthetic network adapter. Probably it works also on Windows 8 (I didn't test this last configuration).

Could MikroTik help us to solve this problem? In our server farm all the hypervisors are 2012 R2 and we would like to buy some CHR licenses.

Thanks in Advace,
Davide

Hello,
I found a solution on Windows 2012 R2: I set the Synthetic network adapter as connected and I assigned a static MAC address to it. It seems that if you leave the synthetic network adapter disconnected the reboot loop occurs.

Now I'm facing another problem related to MikroTik:
I set the VMSwitch port connected to the VM on my hypervisor 2012 R2 in trunk mode using the powershell command:

Set-VMNetworkAdapterVlan –VMName MyVM –Trunk –AllowedVlanIdList 150-155 –NativeVlanId 1

as suggested here: https://technet.microsoft.com/en-us/lib ... 79878.aspx

then I created the vlan150 (ID: 150) on MikroTik device and assigned an IP to it. Unfortunately the VM can't reach any other server on the VLAN 150.

I tried installing a debian jessie VM instead of CHR and I created the VLAN 150 on the linux VM. From the linux VM I can reach all other servers in VLAN 150.

I read in some thread that some versions of the synthetic network adapter driver (included in Linux Integration Services) have problems working with VLAN.

I hope that someone at MikroTik could help us to solve this issue.

Thanks in Advace,
Davide

kbuska · Mon Mar 07, 2016 9:57 pm

So stupid question time, unlimited license is still per interface or its unlimited?

Bump.

brotherdust · Mon Mar 07, 2016 10:37 pm

Any thoughts on offering a lab-type license?
- No limits on anything
- Can be cloned infinitely

I'm sure there could be some concern over lost revenue due to possibility of someone using this in production. Maybe have something like Cisco VIRL where it's all in a self-contained VM image?

Or, perhaps, a time-limit on how long the instance of a router can be live before some kind of soft-expiration that causes the 1Mbps limit to again be enforced.

Thoughts?

Mon Mar 07, 2016 11:59 pm

http://wiki.mikrotik.com/wiki/Manual:CHR#60-day_trial

kbuska · Tue Mar 08, 2016 12:37 am

http://wiki.mikrotik.com/wiki/Manual:CHR#60-day_trial

I read this, and it leads me to believe the P1 and P10 is per interface and the P-Unlimited is just that, Unlimited. You pay $250 and Mikrotik doesn't care how many interfaces you have on your CHR and at what speed. I'm just trying to clear up my confusion as I don't want to tell my supervisor one thing and then have to go back and tell him something different later.

Regards,
Ken

brotherdust · Tue Mar 08, 2016 6:27 am

http://wiki.mikrotik.com/wiki/Manual:CHR#60-day_trial

I was hoping to avoid the trial license because it will require a new one every time I spin up an instance.

janisk · Tue Mar 08, 2016 8:34 am

A 60-day trial is really good for some field testing. It is possible to build and test the intended setup.

For more lab work in network topologies, Free tier is enough as it provides just enough bandwidth.

Also, it is not "per-interface" license it is per instance license. The limitation is per interface. So with either license, it is possible to run as many interfaces as you want on the router.

munkitkat · Wed Mar 09, 2016 3:17 pm

I don´t understand that 1Mbit limitation. It is only usefull to see if it runs or not.
For testing I would be much more happy with the 24h test-version (or even less time), to see how it performs compared to the "old" virtualized x86 version.

raffav · Thu Mar 10, 2016 3:17 am

I don´t understand that 1Mbit limitation. It is only usefull to see if it runs or not.
For testing I would be much more happy with the 24h test-version (or even less time), to see how it performs compared to the "old" virtualized x86 version.

Hello
Please read the wiki for chr
You can test 60 day for free all the 3 license type
1gb,10gb or unlimited speed
All functions is unlocked even on the free 1mbit speed limited
The 1 mbit is free and is for lab, training or maybe for dude monitoring
I can't see why a 24h is better than 60day

raffav · Thu Mar 10, 2016 3:25 am

The license transfer has some kind of limit count or some type of cool down period to do a transfer again?

janisk · Wed Mar 23, 2016 1:53 pm

just heads up post:

CHR since 6.35rc37 will not require initial installation at first boot. So you can use this without issues on XEN or ESXi that had issues and image hat to bee booted up in KVM or similar to perform the installation. Another nice feature is an automatic expansion of storage, if you increase image in size, CHR will automatically adjust to the new size (do not attempt to reduce the size). So, shutdown the guest, increase image size, start the guest and enjoy additional storage available. Also, a lot of fixes for Hyper-V VMS - It is now working on Windows 8/10, VLANs are fixed, you have to enable them for the guest.

Wed Mar 23, 2016 5:26 pm

Automatic expansion! That's something! Will it work for x86 too?

Wed Mar 23, 2016 7:40 pm

IMHO, it might be wiser to have a command in RouterOS to expand the storage, and perhaps also another one that compresses the partition to a point. This would give better control over disk size and partitions.

That said, yeah, having CHR be already installed is great.

Wed Mar 23, 2016 9:57 pm

I am with boen robot. His ideas are much better. But please, implement it on x86 too.

raffav · Wed Mar 23, 2016 10:27 pm

Hello

On proxmox i'am getting this bug

janisk · Thu Mar 24, 2016 12:03 pm

expansion will work on new installations only. It was removed from standard x86 due to it causing problems. It is not possible to reduce the size.

we decided, that if you increased image size, you want the router to use more storage. Why make 2 steps when you can do this in one.

Thu Mar 24, 2016 12:10 pm

So it will not expand on reboot everytime when there is a space for expand? Can you solve the problems to allow it for x86 too?

janisk · Thu Mar 24, 2016 12:22 pm

on x86 (non-chr) it formats the disk and tries to use entire disk when installing. CHR is for virtual machines and the assumption is that it is running on the virtual disk, that can be expanded if you so desire.

if CHR sees that disk suddenly has expanded, it will attempt to expand the storage partition. On CHR installation that was done with the version older than 6.35rc36 this will not work as additional partition table changes were needed for this to work at all

Thu Mar 24, 2016 2:32 pm

Many of us are running virtualized x86 ros. The possibility to enable the disk expansion will be very useful anyway.
And not only during the installation, because the systems are already running and there will be very bad to loose the license.