MikroTik

Another bug, causing some of our scripts to fail:

Generally an iP address with netmask can be entered via CLI like this, for example setting the IP address: or Starting with 6.39.1 this doesn't work with ipsec policy anymore: Entering netmask in the form /24 instead of 255.255.255.0 still works.
Seems that only ipsec policy is affected by this bug.

Please correct.
Uwe

SrcAddress ::= Prefix6 | Prefix4
Prefix4 ::= A.B.C.D/M (IP prefix)
Prefix6 ::= IPv6/0..128 (IPv6 prefix)

Policy does not support windows-like netmasks.

Hi mrz,

thank you for your reply, but this worked until 6.38.5

Is your answer (definition of prefix) specified somewhere in the documentation?

Uwe

Hi guys, having the same issue with adding this line, it won't accept dst address:

/ip ipsec policy add src-address=10.0.35.0/24:any dst-address=10.0.10.0/24:any sa-src-address=10.0.56.30 sa-dst-address=10.0.56.29 tunnel=yes action=encrypt proposal=default

invalid value for argument dst-address:
value of prefix6 must have IPv6 address before '/'
value of prefix4 must have number address after '/'

/ip ipsec policy add src-address=10.0.35.0/24:any dst-address=24/10.0.10.0:any sa-src-address=10.0.56.30 sa-dst-address=10.0.56.29 tunnel=yes action=encrypt proposal=default

invalid value for argument dst-address:
value of prefix6 must have IPv6 address before '/'
value of prefix4 must have ip address before '/'

Anything wrong there???

ROS 6.47.4

Thanks

Why do you need the ":any"?

Oh, don't know, just tried to play with some wiki sample

Thank you