Age | Commit message (Collapse) | Author | Files | Lines |
|
No functional change for the user... The migration is done
automatically.
|
|
|
|
|
|
|
|
|
|
Druvis from Mikrotik produced a video "MikroTik Telegram bot - Chat with
your Router?". He shows his script to chat with a Router via Telegram
bot to send it commands: https://youtu.be/KLX6j3sLRIE
This script is kind of limited and has several issues... 🥴
Let's make it robust, usable, multi-device capable and just fun! 😁
(Sadly Mikrotik has a policy to not allow links in Youtube comments.
Thus my comment with several hints was removed immediately. If anybody
is in contact with Druvis... Please tell him about this script!)
|
|
We had...
◀ Go back to main README
▲ Go back to top
... and switch to...
⬅️ Go back to main README
⬆️ Go back to top
|
|
|
|
|
|
Missed one in b6ddc5968e7a3393bb6e9b0c0ccf96379efc62b4...
|
|
|
|
|
|
---- ✂️ ----
📌 News and configuration changes
The configuration version on MikroTik increased to 85, current configuration may need modification. Please review and update global-config-overlay, then re-run global-config.
Changes:
● Support for e-mail notifications moved to a module. It is installed automatically if required.
● Dropped 'netwatch-syslog', filtering in firewall is advised.
---- ✂️ ----
|
|
This was undocumented and scripts did never catch up with general
quality expectations, for example global-config and global functions
were not used.
If you need the code get it from git history. 😜
|
|
To filter in firewall you should use something like this:
/ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
/ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
|
|
|
|
|
|
|
|
|
|
For RouterOS 6.x a separate package 'ntp' exists. This adds server
functionality, but allows ip addresses for the client only. I added the
script 'rotate-ntp' to update addresses from names...
Now with RouterOS 7.x there's no extra package and the limitation does
no longer exist. So let's just drop the script.
This adds migration code, that...
* removes the script from configuration
* removes a scheduler from configuration
* sets the configured ntp pool name for ntp client
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
... and make sure copy-and-paste with code does not fail.
Also end all commands with a semicolon for Github copy button.
|
|
Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root
X1") on July 8, 2019, but postponed several times.
Finally they found another solution: A certificate 'ISRG Root X1', but
cross-signed with 'DST Root CA X3' and with a livetime that exceeds that
of the root CA. This is said to work for most operating system where root
certificate authorities are just 'trust anchors'.
I doubt this is true for RouterOS, where certificates are just imported
into the certificate store. So let's migrate to 'ISRG Root X1' now.
|
|
|
|
|
|
|
|
This allows to drop the ignore flag.
|
|
|
|
|
|
All scripts wait for the global functions on their own now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright (C) 2013-2020 Christian Hesse <mail@eworm.de>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
https://www.gnu.org/licenses/#GPL
https://www.gnu.org/licenses/gpl.html
https://www.gnu.org/licenses/gpl.md
|
|
|
|
RouterOS 6.43 can be considered obsolete these days.
|
|
|
|
|
|
https://shields.io/category/social
|
|
|
|
|
|
|
|
This is not intended for installation...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Now that we have a proper $UrlEncode function... Fetch certificates
by CommonName.
Also remove the PEM after import.
|
|
|
|
Now that release channel 'long-term' is at 6.43.x...
|
|
|
|
___ _ ___ __
/ _ )(_)__ _ / _/__ _/ /_
/ _ / / _ `/ / _/ _ `/ __/
/____/_/\_, / /_/ \_,_/\__/
_ __ /___/ _ __
| | / /___ __________ (_)___ ____ _/ /
| | /| / / __ `/ ___/ __ \/ / __ \/ __ `/ /
| |/ |/ / /_/ / / / / / / / / / / /_/ /_/
|__/|__/\__,_/_/ /_/ /_/_/_/ /_/\__, (_)
/____/
RouterOS has some odd behavior when it comes to variable names. Let's
have a look at the interfaces:
[admin@MikroTik] > / interface print where name=en1
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
0 RS en1 ether 1500 1598
That looks ok. Now we use a script:
{ :local interface "en1";
/ interface print where name=$interface; }
And the result...
[admin@MikroTik] > { :local interface "en1";
{... / interface print where name=$interface; }
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
0 RS en1 ether 1500 1598
... still looks ok.
We make a little modification to the script:
{ :local name "en1";
/ interface print where name=$name; }
And the result:
[admin@MikroTik] > { :local name "en1";
{... / interface print where name=$name; }
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
0 RS en1 ether 1500 1598
1 S en2 ether 1500 1598
2 S en3 ether 1500 1598
3 S en4 ether 1500 1598
4 S en5 ether 1500 1598
5 R br-local bridge 1500 1598
Ups! The filter has no effect!
That happens whenever the variable name ($name) matches the property
name (name=).
And another modification:
{ :local type "en1";
/ interface print where name=$type; }
And the result:
[admin@MikroTik] > { :local type "en1";
{... / interface print where name=$type; }
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU
Ups! Nothing?
Even if the variable name ($type) matches whatever property name (type=)
things go wrong.
The answer from MikroTik support (in Ticket#2019010222000454):
> This is how scripting works in RouterOS and we will not fix it.
To get around this we use variable names in CamelCase. Let's hope
Mikrotik never ever introduces property names in CamelCase...
*fingers crossed*
|
|
|
|
|
|
This should prevent endless certificate switching for Let's Encrypt
cross-signed intermediate certificates.
|
|
This is used by Let's Encrypt to cross-sign.
|
|
|
|
|
|
|
|
|
|
|