How are /system/package/update verified for transport malleability / MITM attacks if there are no TLS trust roots provided with base OS? Signing with asymmetric keys?
ok, but why not maintain an official list, or justackage the Mozilla one like most other systems? If storage is a concern why not make it a separate package? How about revocations? Or maybe go the Microsoft approach and download root certs from a trusted source as needed.
Can you please add the possibility of using xray core and singbox to Mikrotik router.I now have to install openwrt on the router to be able to use this option, which also has its own problems. Please do this
Why does mikrotik download updates in the clear using HTTP?!?! I love the products, but this drives my crazy and what I thought was convenience was broken security
Most of my BSD servers end up having the ca_root_nss package installed which is the root cert database from Mozilla. I'm surprised RouterOS doesn't have a similar package that imports a well maintained complete root cert list. I guess the router doesn't need to access TLS services that often but seems incredibly clunky to have to manually provide root certificates individually.
Works fine via Wine as well, can't say anything about complex use cases but it did the job well enough when I set up my switch. Obviously native would be better but so long as it works I'm not complaining much
I tried one of your devices and even though I love your enthusiast concept the wireless signal was awful, taking me back to poor wifi quality from 20 years ago. Is it because I bought a budget device from your brand and they suck or is the quality of your radios poor across your entire offering? It is a shame that you use hardware that's worse than the one provided for free by my ISP. I also tried other two well known brands, by the way, and the quality was also subpar. I love the ability to customize everything you offer, but it's not enough if you can't provide good signal levels across a shoebox sized 2 bedroom apartment like mine. No hate, just trying to understand. Meanwhile I am stuck with my ISP's router because I am not going to spend 500 euros on a router.
@@Soda88 The problem wasn't speed but coverage for smart home devices. I wonder if the issues were more related to the power, but like you say, most of the time we see information on the speed, not on the strength of the signal. It's a shame because the system is very complex and would be fun to learn.
Dunno what Mikrotik device you have. I have two hAP ax2 devices and I have MASSIVE wifi coverage. Make sure you configure your wifi settings the right way. Leaving it at default will not give it the most signal.
Mikrotik has become my favourite IT learning resource.
funny you post this now since last week i had to figure out just that to make work the cert check for the new adlist feature.
How are /system/package/update verified for transport malleability / MITM attacks if there are no TLS trust roots provided with base OS? Signing with asymmetric keys?
ok, but why not maintain an official list, or justackage the Mozilla one like most other systems? If storage is a concern why not make it a separate package? How about revocations? Or maybe go the Microsoft approach and download root certs from a trusted source as needed.
Can you please add the possibility of using xray core and singbox to Mikrotik router.I now have to install openwrt on the router to be able to use this option, which also has its own problems. Please do this
Why does mikrotik download updates in the clear using HTTP?!?! I love the products, but this drives my crazy and what I thought was convenience was broken security
When is mikrotik going to develop qrcode for remote access for devices
I use DoH here, ive imported the certificate for adlist, but still not working.
If you use DoH, you are not using the local DNS. You must choose which server will be your DNS server, you can't have both
@@mikrotik ok, thank you.
Nice refresher, thank you
Will the certificate auto update?
What linux distro used in 2:42?
EndeavourOS
can it's work with squid cache ?
@mikrotik ????????????????
i use ssl on ros for sstp with windows machines
Most of my BSD servers end up having the ca_root_nss package installed which is the root cert database from Mozilla. I'm surprised RouterOS doesn't have a similar package that imports a well maintained complete root cert list. I guess the router doesn't need to access TLS services that often but seems incredibly clunky to have to manually provide root certificates individually.
Maybe because of package size
I love how you guys are using Linux, but there is still no native Linux WinBox...
for what? use ssh
Works fine via Wine as well, can't say anything about complex use cases but it did the job well enough when I set up my switch. Obviously native would be better but so long as it works I'm not complaining much
CFIE
Too bad CRL doesnt work
I tried one of your devices and even though I love your enthusiast concept the wireless signal was awful, taking me back to poor wifi quality from 20 years ago. Is it because I bought a budget device from your brand and they suck or is the quality of your radios poor across your entire offering? It is a shame that you use hardware that's worse than the one provided for free by my ISP. I also tried other two well known brands, by the way, and the quality was also subpar.
I love the ability to customize everything you offer, but it's not enough if you can't provide good signal levels across a shoebox sized 2 bedroom apartment like mine. No hate, just trying to understand. Meanwhile I am stuck with my ISP's router because I am not going to spend 500 euros on a router.
Maybe you could've specified exact model of the device, Mikrotik still offers devices with b/g/n only radios.
@@Soda88 The problem wasn't speed but coverage for smart home devices. I wonder if the issues were more related to the power, but like you say, most of the time we see information on the speed, not on the strength of the signal. It's a shame because the system is very complex and would be fun to learn.
Dunno what Mikrotik device you have. I have two hAP ax2 devices and I have MASSIVE wifi coverage.
Make sure you configure your wifi settings the right way. Leaving it at default will not give it the most signal.
Pre AX routers from mikrotik used to have low gain antennas
@@sadcatboi2137 Nice to know! I will check what I had later