How to Create a Folder in MikroTik RouterOS

If you need to create a new folder in MikroTik RouterOS, you have probably navigated to the Files menu and looked for a ‘create new folder’ button. Then not finding one, you’ve Googled to find out what command to use to create a folder.

I’ll save you the effort of looking… there isn’t one!  The only search results that come up explain how to use ftp or sftp to create a folder that way.  All very complicated and messy.
Continue reading “How to Create a Folder in MikroTik RouterOS” »

Securing Your MikroTik RouterOS

There has been an ever growing amount of press similar to this most recent blog about security vulnerabilities being found in RouterOS.

What can we do to protect ourselves?

Do we need to constantly upgrade all the time and be worried about what is going to be discovered next, while our attention is distracted?

The answer is actually quite simple:

Continue reading “Securing Your MikroTik RouterOS” »

Wi-Fi Protected Access 3 – WPA3

Back in January 2018, the Wi-Fi Alliance announced in their Press Release that a new Wi-Fi Protected Access®  (aka WPA) certification program had been launched. First there was WPA™, then there was WPA2™, unsurprisingly therefore the new system was called WPA3™. (Note that WPA, WPA2 and WPA3 are not ‘standards’, nor are they ‘protocols’, they are ‘Wi-Fi Alliance certification programs‘. In fact, the standard for WPA2 was actually 802.11i).
Continue reading “Wi-Fi Protected Access 3 – WPA3” »

Which MikroTik RouterOS package channel should I use ?

We are often asked about the different versions of MikroTik RouterOS, and thought we would clarify when each should be used.

MikroTik RouterOS System Packages – Check For Updates

When you go to click the “Check for updates” button in System -> Packages in any recent versions of RouterOS, you are presented with a set of choices in the channel dropdown:
Continue reading “Which MikroTik RouterOS package channel should I use ?” »

News: MikroTik and Ubiquiti fix WPA2 Client Vulnerability

For those unfamiliar with this latest WPA2 Security Vulnerability, please bear in mind the problem is on the client device, not the AP. Therefore rushing to patch your APs is not going to solve all the problems in your network from this vulnerability!

Of course, if you’re using WPA-TKIP (or using ‘both’ TKIP and AES), you DO have more problems than this attack. Therefore please ensure that any support for TKIP is disabled!  If you’re using WEP, this vulnerability will not affect you, but then again, you have even bigger problems anyway!
Continue reading “News: MikroTik and Ubiquiti fix WPA2 Client Vulnerability” »

News: MikroTik release RouterOS 6.38.7 (bugfix tree)

MikroTik have a new release in the bugfix tree.
https://mikrotik.com/download

What’s new in 6.38.7 (2017-Jun-20 10:55):

!) bridge – fixed BPDU rx/tx when “protocol-mode=none”;
!) bridge – reverted bridge BPDU processing back to pre-v6.38 behaviour (v6.40 will have another separate VLAN-aware bridge implementation);
*) 6to4 – fixed wrong IPv6 “link-local” address generation;
Continue reading “News: MikroTik release RouterOS 6.38.7 (bugfix tree)” »

MikroTik release RouterOS 6.36

MikroTik have released 6.36 in the current release channel. Here is their changelog:

What’s new in 6.36 (2016-Jul-20 14:09):

*) arm – added Dude server support;
*) dude – (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=110428);
*) dude – server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from our cloud. So workstations on which client is used will require access to wan. Alternatively upgrade must be done by reinstalling the client on each new release;
Continue reading “MikroTik release RouterOS 6.36” »

HowTo: MikroTik Secure VPN Part 1.5 MikroTik to MikroTik with IPSec

This is a short HowTo which will cover the set-up of Mikrotik to Mikrotik VPN but secured with IPsec. The use of IPsec can be very CPU intensive and it is recommended that the VPN server be set up on a Mikrotik which supports hardware based AES/IPsec encryption such as the Mikrotik RB850Gx2RB3011 or any CCR series router.

I will be using a RB850Gx2 as my VPN server and a Mikrotik mAP as my VPN clients, all the heavy IPsec processing will be done on the RB850Gx2 which has AES hardware for offloading IPsec calculations. ROS 6.33.3 or higher on the client side is required in order to make use of the ‘easy IPsec connect’ feature.
Continue reading “HowTo: MikroTik Secure VPN Part 1.5 MikroTik to MikroTik with IPSec” »

HowTo: Optimising MikroTik Firewall rules

When creating complex firewall rules on MikroTik routers, especially those with high levels of packet throughput, it is important that any rules are processed in an efficient manner. Firewall rules are processed top down. Every new packet is tested against each rule until a match is found. For high packet count traffic, this could mean that all those packets are having to be processed many times before it is matched. This can require a higher processing power than necessary and if the CPU reaches 100%, packet loss will occur.
Continue reading “HowTo: Optimising MikroTik Firewall rules” »

News: CVE-2015-0235 RouterOS NOT affected by GHOST glibc security risk

mikrotik_router

 

MikroTik have confirmed that no version of RouterOS suffers from the security vulnerability CVE-2015-0235. See Mikrotik Forum for confirmation.