Posted by jpluimers on 2017/06/26
Edit 20260501: be careful, as this damaged the NAND memory of my router because of too many write cycles. Root cause: too high update frequency.
Interesting: middelink/mikrotik-fwban: Use your Mikrotik firewall to do fail2ban like blocking of unwanted IPs. Written in Go.
It might beat these (that just count SSH connections, not failed connection attempts)
Posted in Development, Hardware, Internet, MikroTik, Network-and-equipment, Power User, RouterOS, routers, Scripting, Software Development, WinBox | Leave a Comment »
Posted by jpluimers on 2017/06/19
Paraphrased from MikroTik SFP module compatibility table – MikroTik Wiki [WayBack]:
SFP+ interface compatibility settings with 1G links
For MikroTik devices with SFP+ interface that support both 10G and 1G link rate following settings are needed to be set on both linked devices for required interfaces. In order to get them working in 1G link rate.
- auto-negotiation disabled
- port speed 1G
- FD
Devices which SFP+ ports support 1G links:
- All SFP+ interfaces can be used in 1G mode if required:
- Only SFP+1 supports 1G link speed, SFP+2 is for 10G links only:
Devices which SFP+ interfaces can be used only for 10G links:
Some caveats leading to the above info: CCR1036-8G-2S+ SFP Problems – MikroTik RouterOS [WayBack]
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/06/16
PCC load balancing saved my ass; here are some link I used:
Source: PCC side effect on Mikrotik Forum – MikroTik RouterOS
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/06/15
I need to really put some effort in this:
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/06/14
Some links that inspired me for various Mikrotik firewall rules:
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/06/13
For my research list:
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/06/09
When you want your Mikrotik DHCP Server handout different gateways (or DNS/WINS/NTP/.. servers and other settings), many of the answers tell you to fiddle with the DHCP networks like DHCP Server different gateways – MikroTik RouterOS [WayBack] but lack concrete examples, so here we go elaborating a lot on DHCP server with static leases – MikroTik RouterOS [WayBack]:
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/06/08
The RouterOS scripting language you can use on Mikrotik device immediately shows it’s origin: the console.
As promised some links to questions I asked:
Posted in Development, Hardware, Internet, MikroTik, Network-and-equipment, Power User, RouterOS, routers, Scripting, Software Development, WinBox | 1 Comment »
Posted by jpluimers on 2017/06/07
When switching my DHCP to a Mikrotik CCR1009, both the AP7920 and AP7921 failed to get IP addresses. The APC7921 would look bounce between waiting and offered states like this:
The cause is the need of DHCP Option 43 (Vendor Class Identifier) specified in RFC2132 – based on [WayBack] RFC 2131 – Dynamic Host Configuration Protocol and [WayBack] RFC 1533 – DHCP Options and BOOTP Vendor Extensions – which I found first via these links:
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | 3 Comments »
Posted by jpluimers on 2017/06/06
The WAN sides of my Mikrotik CCR1009 are partly behind Fritz!Box routers that do NAT and contain a truckload of port-forwards.
A while ago, I wanted the CCR1009 to do PPTP as Fritz!Box 7360 and 7490: static routes over VPN don’t work (so I could only VPN to the WAN side of the CCR1009). However, it would not pass through the Fritz!Box from the outside.
It appears you need to forward both:
Maybe one day I will ditch the Fritz!Box 7490 and directly hookup the Mikrotik to the NTU: xs4all ftth en Mikrotik router – Google Groups.
But preferably I should follow Don’t use PPTP, and don’t use IPSEC-PSK either (via: CloudCracker blog)
–jeroen
via: VPNs einrichten mit PPTP – administrator.de: Achtung mit PPTP VPN Servern hinter NAT Firewalls !
Forward both PPTP TCP port 1723 and the GRE protocol
Posted in Fritz!, Fritz!Box, Fritz!WLAN, Internet, IPSec, MikroTik, Network-and-equipment, Power User, PPTP, routers, VPN | Leave a Comment »
The Wiert Corner - irregular stream of stuff 