Skip to content
Aug 27 / Greg

Mikrotik Newsletter 61

Find the newsletter here.

NetMetal5

netmetal5
netmetal5b

  • 2X2 dual chain
  • 802.11AC
  • datarates of up to 866Mbps (for D models)256-QAM modulation
  • 20/40/80MHz channels
  • JJ might see 80MHz channels out in the mountains, but not in my town…too dirty for that here.

    mANT30 Dishes

    mant30
    A new round of 30dBi dishes. They look to be modeled after rocket dishes along with a quick mount for the mANT. They look very UBNT-esqe, and with the Mikrotik logo on the side I’m betting they are going to be solid pieces of kit.

    SXT AC

    sxtac

  • Up to 1300mW RF output
  • Up to 540Mbps throughput
  • Supports passive PoE and 802.3af/at PoE input (15-60V)
  • These cute little SXTs run AC. Claims of 540Mb P2P have me all a twitter. If this is exaggerated I’d still be pleased to see 220Mb.

    mAP 2n

    map

  • PoE in 10-57V
  • Built in 2GHz AP
  • microUSB for a 3G/4G modem (includes adapter to standard USB), or for power input
  • Station or AP mode wireless
  • Any type PoE input 802.3af and 802.3at
  • Passive PoE output (same as input voltage)
  • These cute little guys are more expensive than I would have liked(I believe the 951 is cheaper), but they look fun non-the-less…and they are giving them out at the MUM!

    CRS109

    crswireless

  • Full wire speed switching
  • Configure ports as switch, or for routing
  • If required, full RouterOS routing power right there
  • Built in 802.11b/g/n Wireless AP 1000mW
  • Desktop case
  • Color touchscreen LCD
  • So I was waaaay off on my price guest. So I know Cox has one of these and he says they are getting better…perhaps it’s time to try one? Line-rate gig with an SFP port…it appears to have built in wireless. I think if I wanted a gig switch with SFP uplinks I would check out the TP-Link. What the Link doesn’t have is an SFP+ port…nor does it route. The routing performance on the CRS is equivalent to a 2011. I suppose it may fit well in a small soho.

    So you guys excited about the AC stuff or what?

    Aug 27 / Greg

    RouterOS v6.19 released

    What’s new in 6.19 (2014-Aug-26 14:05):

    *) wireless – improvements for nv2 and 802.11ac I’ve heard good things…anyone running this production yet?
    *) sstp – make sstp work on i386 as well;Yaaarrrrrrr
    *) ippool – improve performance when acquiring address without preference;
    *) partitions – copying partitions did not work on some boards;
    *) bridge – added “Auto Isolate” stp enhancement (802.1q-2011, 13.25.6)
    *) ipsec – when peer config is changed kill only relevant SAs;
    *) vpls – do not abort BGP connection when receiving invalid 12 byte
    nexthop encoding;
    *) dns-update – fix zone update;
    *) dhcpv4 server – support multiple radius address lists;
    *) console – added unary operator ‘any’ that evaluates to true if argument
    is not null or nothing value;
    *) CCR – improved performance;
    *) firewall – packet defragmenting will only happen with connection tracking enabled;Let’s all say a big thank you to Janis for the following FW updates.
    *) firewall – optimized option matching order with-in a rule;
    *) firewall – rules that require CONNTRACK to work will now have Invalid flag
    when CONNTRACK is disabled;
    *) firewall – rules that require use-ip-firewall to work will now have invalid flag
    when use-ip-firewall is disabled;
    *) firewall – rules that have interface with “Slave” flag specified as in-/out-interface
    will now have Invalid flag;
    *) firewall – rules that have interface without “Slave” flag specified as in-/out-bridge-port
    will now have Invalid flag;
    *) firewall – rules with Invalid flags will now be auto-commented to explain why;
    *) l2tp – force l2tp to not use MPPE encryption if IPsec is used;I just want to say how convenient configuring l2tp for clients has become…yep…
    *) sstp – force sstp to not use MPPE encryption (it already has TLS one);
    *) sstp – make it work for x86 systemsThey are so proud of this one they mention it twice..hehe
    *) winbox – added dual PSU stats in health menu
    *) ipv6 – Gre6 can now correctly fragment large packets
    *) simple queue performance optimisation/improvement for multi-core RouterOS devices (especially CCR)I’m assuming this is x86 also?

    Aug 14 / Greg

    Linux Script To Test Secure POP3

    I placed the script int he root folder as /root/poptest.sh.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    
    #!/bin/bash
     
    echo "x" | openssl s_client -connect 127.0.0.1:995 > /root/pop3test.txt
     
    if grep -Fq "POP3 server ready" /root/pop3test.txt
    then
        # code if found
        echo "found"
    else
        # code if not found
        echo "not found"
        service zimbra restart
    fi

    I then created a cron job that runs every 15 minutes and calls the script.

    It uses the openssl client to connect to the server. It then pipes this to a file named pop3test.txt. After this it checks the file for “POP3 server ready” which is the all clear message at the end of the file.

    If it passes it does nothing. If it fails it restarts the zimbra service(this happens to be running on a zimbra server).

    Good luck and happy popping.

    Jul 31 / Greg

    Belkin/Netgear Routers And Microsoft – Mikrotik Hotspot

    So new Belkin routers will give you serious heartburn on your Mikrotik Hotspots.

    In a normal hotspot server, you will hijack all internet traffic until a user either accepts trial access or logs in. This normally works great with any PC/MAC/Router…unless you are using a newer Belkin router.

    If a Belkin router can’t connect to the internet it will take you to an internal page saying “Everything is terrible and life is over.” Since it grabs your traffic, it will never allow you to get to the hotspot page…and thus never be able to authenticate.

    So when the Belkin boots up and pulls and IP it tries to ping heartbeat.belkin.com. If it is unable to access the site it thinks everything is down. The easiest thing to do is add an ip exclusion:

    1
    2
    
    /ip hotspot walled-garden ip
    add action=accept comment=belkin-router-bypass disabled=no dst-address=67.20.176.130

    The routers will be able to reach the internet, and all will be right with the world.

    Alternately, and vastly more fun, is to set a DNS entry in the Mikrotik for heartbeat.belkin.com to resolve to 127.0.0.1. This way the router would just ping itself and thus always remain available. This also means that if Belkin were to change the IP that this address resolves to it would continue to work :P

    1
    2
    
    /ip dns static
    add address=127.0.0.1 name=heartbeat.belkin.com

    Justin added Netgear to my list with:

    1
    2
    
    /ip hotspot walled-garden ip
    add action=accept comment=Netgear.com disabled=no dst-address=206.16.44.90

    JJ just added Microsoft internet detection bypass:

    1
    2
    3
    4
    
    /ip hotspot walled-garden ip
    add action=accept comment=WindowsNetDetect disabled=no dst-address=131.107.255.255
    /ip hotspot walled-garden
    add comment=WindowsNetDetect dst-host=*.msftncsi.com"
    Jul 21 / thebrotherswisp

    TheBrothersWISP 18 – GPON, GAON, AirFiber, New Mikrotik, New Ubiquiti, Mimosa

    It’s been ages since we’ve gotten together, but we had a pretty good showing. Greg Sowell, Tom Smyth, Justin Miller, Mike Hammet, and JJ Boyd talk shop.

    Some of the things discussed:
    GPON
    airFiber/New Ubiquiti Gear
    New Mikrotik gear – Thanks for assembling everything Andrew Cox!
    New Mimosa gear
    Observium monitoring tools
    Cacti monitoring tools
    A little about IPTV and content rights.

    Click here to view the post!

    May 25 / Greg

    Settlers of Catan: Why I Can’t Game

    Over the weekend I was at a work function with several of my fellow employees. We ended up playing a board game called Settlers of Catan. I was being very resistant to playing it at first. I mean, I like playing Trivial Pursuit and Pictionary, but these long involved strategy games just don’t do it for me…but why is that?

    I started to think about on a run this morning. I know I used to like strategy games like Warcraft and Command and Conquer, but they hold little interest for me know. I think I hit on the answer at about mile 3. I live in a strategy game…only with much higher stakes. The balance of networking that I do on a daily basis if done wrong could cost thousands, tens of thousands, or even hundreds of thousands in damages if done wrong. That and my employment would be in question as well as the future long-term stability of my family’s well being. Beyond that we work with dangerous equipment on a semi-regular basis.

    When comparing a few brick cards or lumber, how can a serious board game compare? I suppose that’s why I just stick with the trivia and drawing dumb picture games…keeps life light. Oh, and BTW, I won Catan…like a boss!

    May 16 / Greg

    Mikrotik V6.13 Released

    What’s new in 6.13

    *) console – comments are now accepted where new command can start, that is,
    where ‘/’ or ‘:’ characters can be used to start new command, e.g.
    /interface { # comment until the end of the line
    print
    }
    *) backup – backups by default are encrypted now (with user password).
    To use backup on older versions, you should disable encryption with dont-encrypt
    flag when creating it;
    I’m assuming this means those sites that will decrypt your passwords won’t work any more.
    *) files with ‘.sensitive.’ in the filename require ‘sensitive’
    permission to manipulate;
    My.Grocery.List.sensitive.txt
    *) lcd – reduce CPU usage when displaying static screens;
    *) l2tp – fixed occasional server lockup;
    *) pptp – fixed memory leak;
    *) sstp – fixed crashes;
    Nice fix on the leaks and crashes. I was thinking of trying out an SSTP concentrator ;)