Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
redeyes
Sep 14, 2002

by Fluffdaddy
Dude EXACT same poo poo with my network with the same router. Is your phone a google device? Supposedly Google cast services on google phones might be flooding networks with multicast packets.

quote:

https://www.extremetech.com/computing/262237-chromecast-google-home-may-overloading-wifi

redeyes fucked around with this message at 16:18 on Jan 20, 2018

Adbot
ADBOT LOVES YOU

Phayray
Feb 16, 2004

redeyes posted:

Dude EXACT same poo poo with my network with the same router. Is your phone a google device? Supposedly Google cast services on google phones might be flooding networks with multicast packets.

Ohh that's makes sense - it actually started when I updated Android on my Galaxy S6, when the wifi stopped working I assumed it was the update until I saw that my TV, laptop, etc also couldn't connect, so I figured it must be my router and the update was just a coincidence. I guess I'll keep my phone's wifi off at home until there's a fix.

redeyes
Sep 14, 2002

by Fluffdaddy

Phayray posted:

Ohh that's makes sense - it actually started when I updated Android on my Galaxy S6, when the wifi stopped working I assumed it was the update until I saw that my TV, laptop, etc also couldn't connect, so I figured it must be my router and the update was just a coincidence. I guess I'll keep my phone's wifi off at home until there's a fix.

Update all the apps on the phone for starters. I think I did that sometime yesterday and my wifi has been solid since.

CuddleChunks
Sep 18, 2004

Pendent posted:

In the next six months we're still going to move to an ASR since as an organization we just don't feel like we can trust Mikrotik for anything really important anymore.

This seems to be the lesson you learn with MikroTik over and over again.

It's a strange beast of a product. It does some stuff really well and then finds ways to ruin your network due to Bestest Latvian Engineering.



I still have a soft spot for the goofy little things and just bought a hEX for use at work as a stunt router. It gives me a ton of programmability and tricks I can do for $30. Not too shabby.

PUBLIC TOILET
Jun 13, 2009

Where are you folks purchasing your MikroTik gear from? I've been getting it on Amazon, but I'm now interested in shopping distributors to see if they can provide better pricing. r0c-n0c seems to be one.

thebigcow
Jan 3, 2001

Bully!
I've always bought from Tom at roc-noc.

Two other places I'm aware of but never bought from:

https://www.balticnetworks.com/
https://www.ispsupplies.com/

PUBLIC TOILET
Jun 13, 2009

Thanks for the information.

So, uhhh, noticing a weird issue that's probably a new(er) bug. I haven't seen it in versions prior to 6.39.3. I have the scheduler set with a scheduled item. It creates an entry in the firewall addresses list that shouldn't expire for one hour. The scheduled item is set to run every five minutes regardless. I've been watching the scheduled item run, it creates the firewall addresses entry and the addresses entry starts counting down from one hour. After about one minute, the item disappears from the addresses list. It's now completely gone until the scheduled item runs again after five minutes. This cycle keeps repeating. The configuration hasn't changed, only the router firmware. Anyone seen this?

Or better yet: what's the ideal configuration for safe remote winbox access that won't break? just allow all connection attempts but use a strong password? :ughh:

edit: I think this will work better- http://wiki.bluecrow.net/index.php/Mikrotik:Snippets#Dynamically_updating_address_lists

PUBLIC TOILET fucked around with this message at 19:56 on Jan 24, 2018

redeyes
Sep 14, 2002

by Fluffdaddy

PUBLIC TOILET posted:

Thanks for the information.

So, uhhh, noticing a weird issue that's probably a new(er) bug. I haven't seen it in versions prior to 6.39.3. I have the scheduler set with a scheduled item. It creates an entry in the firewall addresses list that shouldn't expire for one hour. The scheduled item is set to run every five minutes regardless. I've been watching the scheduled item run, it creates the firewall addresses entry and the addresses entry starts counting down from one hour. After about one minute, the item disappears from the addresses list. It's now completely gone until the scheduled item runs again after five minutes. This cycle keeps repeating. The configuration hasn't changed, only the router firmware. Anyone seen this?

Or better yet: what's the ideal configuration for safe remote winbox access that won't break? just allow all connection attempts but use a strong password? :ughh:

edit: I think this will work better- http://wiki.bluecrow.net/index.php/Mikrotik:Snippets#Dynamically_updating_address_lists

I just allow connections from a couple known addresses.. with a strong password.

thebigcow
Jan 3, 2001

Bully!
I have that expiring problem. A few people posted on the MikroTik forums with no answer.

IIRC time is accelerated but not displayed that way. It was roughly 7 minutes for either 12 or 24 hours, don't remember which. So an address list entry with a 12 hour expiry would disappear in 7 minutes.
edit: you could probably set your expiry for 120 hours and get roughly what you need

thebigcow fucked around with this message at 06:04 on Jan 25, 2018

PUBLIC TOILET
Jun 13, 2009

thebigcow posted:

I have that expiring problem. A few people posted on the MikroTik forums with no answer.

IIRC time is accelerated but not displayed that way. It was roughly 7 minutes for either 12 or 24 hours, don't remember which. So an address list entry with a 12 hour expiry would disappear in 7 minutes.
edit: you could probably set your expiry for 120 hours and get roughly what you need

I actually just got rid of the expiring scheduled task entirely and replaced it with a script and an entry in scheduler that's set to run the script every ten minutes. This is the script. It looks for an entry in the firewall address list and will update it to reflect the new IP resolution to the FQDN. Working well so far.

PUBLIC TOILET
Jun 13, 2009

So MikroTik released information for their new hAP AC2 model (https://mikrotik.com/product/hap_ac2). Only problem is when you dig down into the specifications, it sounds :flaccid:. It looks more like an OK replacement for the hAP AC Lite but that's really it. The hAP AC2 has no PoE out, no triple chain Wi-Fi and no 5GHz wireless statistics/tests. I like how it runs on ARM architecture, but that's about it.

redeyes
Sep 14, 2002

by Fluffdaddy
Yeah thats a downgrade for most people. On the other hand, I have zero triple chain devices.

Thanks Ants
May 21, 2004

#essereFerrari


The hAP is a pretty sweet looking device. Is Mikrotik Wi-Fi better than it used to be?

redeyes
Sep 14, 2002

by Fluffdaddy
What do you mean better?

yoloer420
May 19, 2006

Thanks Ants posted:

The hAP is a pretty sweet looking device. Is Mikrotik Wi-Fi better than it used to be?

It's still great unless you compare it to ubiquiti or stuff that costs 10x as much.

redeyes
Sep 14, 2002

by Fluffdaddy
I've got a RB3011UiAS I just installed to route 200/200 Century Link Fiber. I think I might have a download problem. At best I get maybe 140mb/s directly connected to the thing with a Core i5 desktop with a gigabit connection. When I do a speed test I get like 1-3% cpu usage so its not that.

I'm using default firewall rules with one port forward. I don't get it.

Help?

thebigcow
Jan 3, 2001

Bully!
Can you plug straight into whatever box Century Link gave you and find out if they're actually giving the advertised speed? Or are you actually using the SFP cage they insist on putting in everything now.

redeyes
Sep 14, 2002

by Fluffdaddy

thebigcow posted:

Can you plug straight into whatever box Century Link gave you and find out if they're actually giving the advertised speed? Or are you actually using the SFP cage they insist on putting in everything now.

It's pretty similar plugged directly in. Huh. The tech said run iperf, not bandwidth tests @_@

falz
Jan 29, 2005

01100110 01100001 01101100 01111010
The tech is right, run iperf.

redeyes
Sep 14, 2002

by Fluffdaddy

falz posted:

The tech is right, run iperf.

Yeah I know. ;_;

One thing, does it make sense for the upload to be generally a lot faster than download?

Pendent
Nov 16, 2011

The bonds of blood transcend all others.
But no blood runs stronger than that of Sanguinius
Grimey Drawer
That's low enough speed that something like speedtest.net should still be pretty accurate tbh

thebigcow
Jan 3, 2001

Bully!
6.40 is the bugfix release now.

Debating what weekend I will update and deal with the bridge changes.

redeyes
Sep 14, 2002

by Fluffdaddy
I had a feeling the wiring guy was a POS so I replaced all the inside patch cables with CAT6 and magically, speeds are right around 200 now. Jesus christ, never underestimate cheap bastards.

thebigcow
Jan 3, 2001

Bully!
Was it the finest cat 5 from 20 years ago with hand made connectors?


I'm on 6.40.6 and I was confused that I still had ports with a master port setting. Turns out the big bridge change is 6.41.x so that nightmare is down the road a ways.

thebigcow
Jan 3, 2001

Bully!
6.40.1 seems to have fixed the premature timeout problem with address lists. Hooray.

PUBLIC TOILET
Jun 13, 2009

thebigcow posted:

6.40.1 seems to have fixed the premature timeout problem with address lists. Hooray.

Nice, but I've already switched to a scheduler/script method :lol:. So what is this giant bridge change anyway? I read a little bit about it.

jeeves
May 27, 2001

Deranged Psychopathic
Butler Extraordinaire

thebigcow posted:

Was it the finest cat 5 from 20 years ago with hand made connectors?


I'm on 6.40.6 and I was confused that I still had ports with a master port setting. Turns out the big bridge change is 6.41.x so that nightmare is down the road a ways.

6.41 is the one that breaks switch groups, I believe.

I'm probably going to be on 6.40 for quite a while at work.

thebigcow
Jan 3, 2001

Bully!

PUBLIC TOILET posted:

Nice, but I've already switched to a scheduler/script method :lol:. So what is this giant bridge change anyway? I read a little bit about it.

Instead of having a master port for several ports they all get attached to software bridges now, but it sends everything through the switch chip if it can just be switched.

I think this is supposed to fix something with spanning tree, and allow for more interesting switching hardware.

It's going to be like half a year before 6.41 is the bugfix chain so I'll deal with it then.

Also very disappointed that bugfix just became the last minor version number, but not very surprised.

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA
Ok, I'm super sad the pony guide for setup no longer works/exists. I was gonna show that to a buddy who just bought one, but alas.

thebigcow
Jan 3, 2001

Bully!
QuickFig is pretty good for most uses. What is he trying to do?

Methylethylaldehyde
Oct 23, 2004

BAKA BAKA

thebigcow posted:

QuickFig is pretty good for most uses. What is he trying to do?

I just wanted to show it to him as a 'see this is the kind of thing that exists'. It's like a rule of the internet, you can find someone who put a pony in anything, including a setup guide for a strange Latvian router os.

falz
Jan 29, 2005

01100110 01100001 01101100 01111010
.."many victims were attacked through compromised routers made by MikroTik. Routers download and run various DLL files in the normal course of business"..

https://www.kaspersky.com/blog/web-sas-2018-apt-announcement-2/21514/

spiritual bypass
Feb 19, 2008

Grimey Drawer
Wonder if it's Winbox specific or if it affects everyone running these things...

redeyes
Sep 14, 2002

by Fluffdaddy
they don't run 'dll's so who knows, maybe people that dont update?

Da Mott Man
Aug 3, 2012


rt4 posted:

Wonder if it's Winbox specific or if it affects everyone running these things...

Looks like the router is compromised and injects dll's into the Winbox updater stream, these then attempt to infect other systems on the network.

Thanks Ants
May 21, 2004

#essereFerrari


Has anybody had any experience with the IPQ-4018 based models yet? The hAP ac2 and the cAP ac are both pretty much the same and look really decent on paper.

redeyes
Sep 14, 2002

by Fluffdaddy
I just installed a hAP ac2 yesterday. Sadly all it does is be a normal boring router with wifi. Works great for that though. I couldn't really test past about 100mb but it did that easily.

Thanks Ants
May 21, 2004

#essereFerrari


How was the Wi-Fi performance? I'm not after anything world-beating but the plan is to serve maybe 8 devices on a 150Mbps Internet service so it would be nice to know it was at least up to that.

redeyes
Sep 14, 2002

by Fluffdaddy
I just don't know yet. Maybe in a week or so I'll have a better idea how it is handling. 8 computers are hardwired and there are 4-5 laptops and at least that many phones/tablets.

Adbot
ADBOT LOVES YOU

Thanks Ants
May 21, 2004

#essereFerrari


Initial reports are that the Wi-Fi is living down to my expectations. I've emailed their support with the configs to see if they can see what the problem is.

Signal strength is fine (as observed from a client) but the PHY rate is consistently lower than my experience with other AC access points, (not seen higher than 400Mbps on a 40MHz wide AC channel, client is 3 metres away in clear space) and performance drops off very quickly. I am connected to an old AirPort Express through two floors and it's happily running at a 300Mbps PHY, the cAP AC is a third of that, and delivering TCP throughput of ~50Mbps. The Rx seems very weak as well - only 10Mbps of throughput going from the client back to the AP.

It's disappointing as the form-factor is ideal for the use case - having a pretty powerful router (e.g. enough to cope with a decent home connection) and AP combined is perfect for the small apartment that I want to put it in, but the performance just isn't there.

If MikroTik support come back with anything I'll update the thread, it's likely that I'll be returning this though. Not going to bother with their forums because I'll just get told to use a cable if I need throughput and that 50Mbps is fine.

Thanks Ants fucked around with this message at 16:03 on Mar 17, 2018

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply