jy wrote:
問一下提外話請問下圖...(恕刪)
Winbox裡面有一個Terminal的工具,打開後在裡面輸入即可
What's new in 7.8 (2023-Feb-24 11:03):
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier - fixed routes after VRF change;
a22548546 wrote:1.
想請問一下有關Wireguard...(恕刪)
首要您要知道WG在Office1端,與Office2端的ip各是什麼?
絕對不是public-ip,
非Office1的192.168.90.1/24
非Office2的192.168.80.1/24
您要仔細確認,是WG的ip-address。假設:
WG在Office1端ip為172.23.0.1/24
WG在Office2端ip為172.23.0.2/24
2.
WG的allow-address有防火牆作用,需讓本地連線可以穿越WG。
Office1 WG的allow-address設:
10.1.202.0/24
172.23.0.1/24
Office2 WG的allow-address設:
10.1.101.0/24
172.23.0.2/24
或者Office1與Office的WG的allow-address皆設置0.0.0.0/0也可以,
讓任何ip皆能穿越WG隧道。
3.
在Office1的/ip route新增:
dst-address=10.1.101.0/24 gateway=172.23.0.2 distance=1
在Office2的/ip route新增:
dst-address=10.1.202.0/24 gateway=172.23.0.1 distance=1
4.這樣就大功告成了。
至於route table是用來設定翻牆指標的,
讓Office1的電腦透過Office2瀏覽網際網路;
或者Office2的電腦透過Office1瀏覽網際網路。
用不到的話可以忽視這段落...
我在ROS 系統下輸入
/tool fetch url="https://freedns.afraid.org/dynamic/update.php?cW16aE1kczZ9RXIxOUtCbEFBZkdmVW90OjIwNDk3MTg5" keep-result=no
會出現
status: failed
failure: closing connection: <404 Not Found> 69.42.215.252:443 (4)
但我在WINDOWS 命令下用CURL 輸入
CURL -k https://freedns.afraid.org/dynamic/update.php?cW16aE1kczZ9RXIxOUtCbEFBZkdmVW90OjIwNDk3MTg5
會出現
Address 59.136.124.50 has not changed
代表應該是有成功
但為什麼 ROS 下現在不行了?ROS連接方式有更動嗎?
之前因為忘記 admin 的密碼,胡搞之後,我的 RB450Gx4 就掛了
從 Serial Port 看到的訊息如下:
主要狀況:
1. 一直都從 backup booter 來開
2. kernel not found or data is corrupted
RouterBOOT backup booter 6.42
RB450Gx4
CPU frequency: 716 MHz
Memory size: 1024 MiB
NAND size: 512 MiB
Press any key within 2 seconds to enter setup..
loading kernel... kernel not found or data is corrupted
我試過 netinstall 就算可以成功更新
重開機後還是一樣的狀況
(netinstall 很怪,我用 v6 去更新,從網路封包看起來... 像是 RB450Gx4 無法抓到 ip-addr)
(至少要用 netinstall-6.49.7 或是 v7 的版本才能更新)
有搜尋到一篇文章:
https://forum.mikrotik.com/viewtopic.php?p=682925
裡面提到,可以透過 upgrade firmware over serial port (X-Modem) 可以成功修好
但是 npk file 我不管怎麼上傳,他都出現 invalid upgrade file id
這句話應該就是說,檔案是不對的
尋求 mikrotik support 說已經沒有這個檔案可以提供了
在 mikrotik 的論壇上詢問,得知 npk 那一包裡面是有這個檔案的
果然,在 routeros-arm-6.42.10.npk\etc 裡面有三個 fwf 檔案 (請用 7zip 解壓,並忽略任何錯誤訊息)
因為 CPU 不同,要看看哪一個餵進去後可以成功更新
RB450Gx4 要用 ipq4000-6.42.10.fwf
RouterBoard info 可以看到 firmware-type: ipq4000
routerboard: yes
model: RB450Gx4
serial-number: xxxxxxxxxxx
firmware-type: ipq4000
factory-firmware: 6.45.8
current-firmware: 7.8
upgrade-firmware: 7.8
餵進去後,重開機,還是會出現 kernel not found or data is corrupted
但是,已經回到 第一顆 booter, 而且 FW version 也更新了
這時,再用 netinstall 就可以成功回復了
從 https://mikrotik.com/download/changelogs 可以看到
What's new in 6.42.2 (2018-May-17 09:20)
*) filesystem - fixed NAND memory going into read-only mode;
我在猜,應該就是 6.42 這一版有 bug 導致 netinstall 更新成功也是沒用的
分享一下,如果有遇到 routerboard 掛掉 (非硬體的問題的話,應該可以用 serial port 來修復)
PS. netinstall 或是 serail port x-modem 我這邊是在 Ubuntu 上操作的 會有比較明確的訊息可以看
PS. mikrotik support 在我更新成功後,也提供了以下訊息:
X-MODEM can be used to transfer .fwf files, which are RouterBOOT files (which are no longer needed unless it is a specific case). Netinstall should be able to solve any "kernel failure" nowadays.
We have added a .fwf file on the download page:
https://mikrotik.com/product/rb450gx4#fndtn-downloads
內文搜尋
從 APP 打開
X