Winbox is a small utility that allows administration of MikroTik RouterOS using a fast and simple GUI. It is a native Win32 binary, but can be run on Linux and MacOS (OSX) using Wine. All Winbox interface functions are as close as possible mirroring the console functions, that is why there are no Winbox sections in the manual. Some of advanced and system critical configurations are not possible from winbox, like MAC address change on an interface Winbox changelog
To use WinBox under Mac OS X (possible on Intel-based Macs only), you have to install Darwine, a port of Wine and other supporting tools that allows Darwin and Mac OS X users to run Windows applications. Wine is an Open Source implementation of the Windows API on top of X and Unix.
- Wine based Winbox compilation that includes everything you need. Worth mentioning is that the Winbox for Mac software package comes with all required dependencies, so you get to use the utility.
- You should know in advance how to use Wine or any other Win32 Loader for your non-Microsoft OS. If you are using a Routerboard board, you must use the Ethernet port that is POE-capable; MAC Winbox won't work on the others (or at least, didn't work to me). In general, you must use Ether1 port.
From Winbox v3.14, the following security features are used:
- Winbox.exe is signed with an Extended Validation certificate, issued by SIA Mikrotīkls (MikroTik).
- WinBox uses ECSRP for key exchange and authentication (requires new winbox version).
- Both sides verify that other side knows password (no man in the middle attack is possible).
- Winbox in RoMON mode requires that agent is the latest version to be able to connect to latest version routers.
- Winbox uses AES128-CBC-SHA as encryption algorithm (requires winbox version 3.14 or above).
Winbox loader can be downloaded from the mikrotik download page. When winbox.exe is downloaded, double click on it and Winbox loader window will pop up. There are two Winbox loader mode: simple which is enabled by default and advanced.
When you open Winbox loader for the first time simple mode layout will be used:
To connect to the router enter IP or MAC address of the router, specify username and password (if any) and click on Connect button. You can also enter the port number after the IP address, separating them with a colon, like this 192.168.88.1:9999. The port can be changed in RouterOS services menu.
It is recommended to use IP address whenever possible. MAC session uses network broadcasts and is not 100% reliable.
You can also use neighbor discovery, to list available routers use Neighbors tab:
From list of discovered routers you can click on IP or MAC address column to connect to that router. If you click on IP address then IP will be used to connect, but if you click on MAC Address then MAC address will be used to connect to the router.
Buttons/check-boxes and Other Fields
- Connect - Connect to the router
- Connect To RoMON - Connect to RoMON Agent
- Add/set - Save/Edit any of saved router entries in Managed tab.
- Open In New Window - Leaves loader open in background and opens new windows for each device to which connection is made.
- Connect To: - destination IP or MAC address of the router
- Login - username used for authentication
- Password - password used for authentication
- Keep Password - if unchecked, password is not saved to the list
- New - Create new managed router list in specified location
- Open - Open managed router list file
- Save As - Save current managed router list to file
- Exit - Exit Winbox loader
- Advanced Mode - Enables/Disables advanced mode view
- Import - Imports saved session file
- Export - Exports saved session file
- Move Session Folder - Change path where session files are stored
- Clear cache - Clear Winbox cache
- Check For Updates - Check for updates for Winbox loader
Additional Winbox loader parameters are revealed when advanced mode is enabled with Tools → Advanced Mode:
Buttons/check-boxes and Other Fields
- Browse - Browse file directory for some specific session
- Keep Password - if unchecked, password is not saved to the list
- Secure mode - if checked, Winbox will use DH-1984 for key exchange and modified and hardened RC4-drop3072 encryption to secure session.
- Autosave session - Saves sessions automatically for devices to which connection are made.
- Session - Saved router session.
- Note - Note that is assigned to save router entry.
- Group - Group to which saved router entry is assigned.
- RoMON Agent - Select RoMON Agent from available device list
Managed routers list is encrypted, but it can still be loaded in other Winbox without problems IF the master password is not set for it!
It is possible to use command line to pass connect to, user and password parameters automatically:
For example (with no password):
Will connect to router 10.5.101.1 with user 'admin'without password.
It is possible to use command line to pass connect to, user and password parameters automatically to connect to router through RoMON. In this case RoMON Agent must be saved on Managed routers list so Winbox would know user and password for this device:
For example (with no password):
Will connect to router D4:CA:6D:E1:B5:7D through 10.5.101.1 RoMON Agent with user 'admin' without password.
Winbox supports IPv6 connectivity. To connect to the routers IPv6 address, it must be placed in square braces the same as in web browsers when connecting to IPv6 server. Example:
when connecting to link local address interface index must be entered after the %:
Port number is set after the square brace when it is necessary to connect Winbox to other port than default:
Winbox neighbor discovery is capable of discovering IPv6 enabled routers. There are two entries for each IPv6 enabled router, one entry is with IPv4 address and another one with IPv6 link-local address. You can easily choose to which one you want to connect.
Run Winbox on macOS Catalina
Starting with macOS 10.15 Catalina, Apple has removed support for 32bit applications, meaning it is no longer possible to use regular Wine and regular Winbox in this OS. Wine has made available a 64bit version for macOS, and MikroTik has released a special Winbox64.exe version as well.
If you have used Wine previously, we recommend you first delete the previous Wine application and the Wine settings directory in your home folder:
To run Winbox64 the following steps are required.
- Install Wine Staging from WineHQ official download page and make sure you have downloaded the winbox64.exe executable from the MikroTik download page.
- During installation, you must mark '64 bit support' (by default it is not checked).
- In macOS terminal, make sure your set to use ZSH as the new shell like this (and restart Terminal after this command):
- Edit your zprofile file to add environment variables, pointing the wine64 command to the correct installation path of Wine Staging:
The file should look like this (make sure your paths are correct here):
- Restart (quit and reopen) your macOS terminal
- Launch Winbox64 with wine64 like this:
Run Winbox on Linux
It is possible to run Winbox on linux by using Wine emulation software. Make sure that Microsoft font pack is installed, otherwise you may see distortions.
Winbox interface has been designed to be intuitive for most of the users. Interface consists of:
- Main toolbar at the top where users can add various info fields, like CPU and memory usage.
- Menu bar on the left - list of all available menus and sub-menus. This list changes depending on what packages are installed. For example if IPv6 package is disabled, then IPv6 menu and all it's sub-menus will not be displayed.
- Work area - area where all menu windows are opened.
Title bar shows information to identify with which router Winbox session is opened. Information is displayed in following format:
From screenshot above we can see that user krisjanis is logged into router with IPv4/IPv6 address [fe80::4e5e:cff:fef6:c0ab%3]. Router's ID is 3C18-Krisjanis_GW, currently installed RouterOS version is v6.36rc6, RouterBoard is CCR1036-12G-4S and platform is tile.
On the Main toolbar's left side is located:
- Safe Mode
- Currently loaded session
More about Safe mode and undoing performed actions read in this article.
On the right side is located:
- indicator that shows whether Winbox session uses encryption
- Winbox traffic indicator displayed as a green bar,
- Custom info fields that can be added by the user by right clicking on the toolbar and picking available info fields from the list
Winbox has MDI interface meaning that all menu configuration (child) widows are attached to main (parent) Winbox window and are showed in work area.
Child windows can not be dragged out of working area. Notice in screenshot above that Interface window is dragged out of visible working area and horizontal scroll bar appeared at the bottom. If any window is outside visible work area boundaries the vertical or/and horizontal scrollbars will appear.
Child window menu bar
Each child window has its own toolbar. Most of the windows have the same set of toolbar buttons:
- Add - add new item to the list
- Remove - remove selected item from the list
- Enable - enable selected item (the same as enable command from console)
- Disable - disable selected item (the same as disable command from console)
- Comment - add or edit comment
- Sort - allows to sort out items depending on various parameters.
Read more >>
Almost all windows have quick search input field at the right side of the toolbar. Any text entered in this field is searched through all the items and highlighted as illustrated in screenshot below
Notice that at the right side next to quick find input filed there is a drop-down box. For currently opened (IP Route) window this drop-down box allows to quickly sort out items by routing tables. For example if main is selected, then only routes from main routing table will be listed.
Similar drop-down box is also in all firewall windows to quickly sort out rules by chains.
Sorting out displayed items
Almost every window has a Sort button. When clicking on this button several options appear as illustrated in screenshot below
Example shows how to quickly filter out routes that are in 10.0.0.0/8 range
- Press Sort button
- Chose Dst.Address from the first drop-down box.
- Chose in form the second drop-down box. 'in' means that filter will check if dst address value is in range of specified network.
- Enter network against which values will be compared (in our example enter '10.0.0.0/8')
- These buttons are to add or remove another filter to the stack.
- Press Filter button to apply our filter.
As you can see from screenshot Winbox sorted out only routes that are within 10.0.0.0/8 range.
Comparison operators (Number 3 in screenshot) may be different for each window. For example 'Ip Route' window has only two is and in. Other windows may have operators such as 'is not', 'contains', 'contains not'.
Winbox allows to build stack of filters. For example if there is a need to filter by destination address and gateway, then
- set first filter as described in example above,
- press [+] button to add another filter bar in stack.
- set up second filter to filter by gateway
- press Filter button to apply filters.
You can also remove unnecessary filter from the stack by pressing [-] button.
Customizing list of displayed columns
By default Winbox shows most commonly used parameters. However sometimes it is needed to see another parameters, for example 'BGP AS Path' or other BGP attributes to monitor if routes are selected properly.
Winbox allows to customize displayed columns for each individual window. For example to add BGP AS path column:
- Click on little arrow button (1) on the right side of the column titles or right mouse click on the route list.
- From popped up menu move to Show Columns (2) and from the sub-menu pick desired column, in our case click on BGP AS Path (3)
Changes made to window layout are saved and next time when Winbox is opened the same column order and size is applied.
It is also possible to enable Detail mode. In this mode all parameters are displayed in columns, first column is parameter name, second column is parameter's value.
To enable detail mode right mouse click on the item list and from the popup menu pick Detail mode
It is possible to list items by categories. In this mode all items will be grouped alphabetically or by other category. For example items may be categorized alphabetically if sorted by name, items can also be categorized by type like in screenshot below.
To enable Category view, right mouse click on the item list and from the popup menu pick Show Categories
Drag & Drop
It is possible to upload and download files to/from router using Winbox drag & drop functionality. You can also download file by pressing right mouse button on it and selecting 'Download'.
Winbox can be used as a tool to monitor traffic of every interface, queue or firewall rule in real-time. Screenshot below shows Ethernet traffic monitoring graphs.
This shows how easy it is to copy an item in Winbox. In this example, we will use the COPY button to make a Dynamic PPPoE server interface into a Static interface.
This image shows us the initial state, as you see DR indicates 'D' which means Dynamic:
Double-Click on the interface and click on COPY:
A new interface window will appear, a new name will be created automatically (in this case pppoe-in1)
After this Down/Up event this interface will be Static:
- Managed router transfer - In the File menu, use Save As and Open functions to save managed router list to file and open it up again on a new workstation.
- Router sessions transfer - In Tools menu, use Export and Import functions to save existing sessions to file and import them again on a new workstation.
Winbox cannot connect to the router's IP address
Make sure that Windows firewall is set to allow Winbox connections or disable windows firewall.
I get an error '(port 20561) timed out' when connecting to routers mac address
Windows (7/8) does not allow mac connection if file and print sharing is disabled.
I can't find my device in WinBox IPv4 Neighbors list or MAC connection fails with 'ERROR could not connect to XX-XX-XX-XX-XX-XX'
Winbox For Mac Mikrotik
Most of the network drivers will not enable IP stack unless your host device has an IP configuration. Set IPv4 configuration on your host device.
Sometimes the device will be discovered due to caching, but MAC connection will still fail with 'ERROR: could not connect to XX:XX:XX:XX:XX:XX
Was wondering if anyone has had success getting Winbox to run on a Mac running Mac OS X 10.6.3.
I have a MacBook Pro (the new 13-inch model that just came out, unibody 2.4GHz Intel Core 2 Duo) which is running Snow Leopard (Mac OS X10.6.3) and an older iMac (White 17' Intel Core Duo) running Leopard (Mac OS X 10.5.. X11 is installed on the iMac running Leopard and I downloaded the pre-packaged Winebox version of the Winbox app from the Wiki and it worked. X11 automatically opened as well when I clicked to open the app and came up to the Connect window. I did not actually connect to a RouterBOARD to test full functionality, but I'm just trying to get my MacBook running Snow Leopard to that point. The Snow Leopard machine did not have X11 on it at first so I put in my Install DVD and loaded X11. When I click on the Winbox app the icon pops up on the dock and the Menu Bar gives me the same Wine options as when I run it on the Leopard machine, but the Connect window never appears. X11 does not open like it does on the Leopard machine and even if I open X11 manually and then run the app, I still never see the Connect window.
Anyone have any suggestions or links to How-To's that get Winbox working on Snow Leopard (as close to natively as possible). I don't want to have to hack my machine to pieces to get Winbox working in OS X. In that case, I'll just create a Boot Camp partition and install Windows, but I just hate to install Windows on my machine for one simple app, not to mention I won't have access to my E-mail, preferred web browser, Skype, etc. when I'm in a board configuring or troubleshooting.