Age | Commit message (Expand) | Author | Files | Lines |
2024-07-16 | README: use :tocrlf to convert global-config-overlay | Christian Hesse | 1 | -2/+2 |
2024-06-21 | certs: E1 / E5 -> ISRG Root X2•••In the beginning of Let's Encrypt their root certificate ISRG Root X1
was not widely trusted, at least some older and/or mobile platforms were
missing that certificate in their root certificate store.
At that time Let's Encrypt was using an alternative chain of trust,
where a certificate was cross-signed with DST Root CA X3.
To make sure a valid chain of trust is available under all circumstances
a set of all certificates had to be supplied: both root vertificates
ISRG Root X1 & DST Root CA X3, and an intermediate certificate.
This was still true after DST Root CA X3 expired, as it could still be
used as a root anchor and was shipped by Let's Encrypt when requested. ðĪŠ
This time is finally over, and we have a clean chain for trust ending in
ISRG Root X1 (or ISRG Root X2).
Well, actually it is the other way round... Let's Encrypt signs with
different tantamount intermediate certificates. There is not only E5, but
also E6 - and we can not know beforehand which one is used on renew.
So let's jetzt drop the intermediate certificates now, and rely on root
certificates only. We are perfectly fine with this these days.
Follow-up commits will do the same for *all* certificates.
The certificate is downloaded with:
curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
| Christian Hesse | 1 | -11/+9 |
2024-06-19 | Let's Encrypt changed their intermediate certificates•••https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/
But let's keep the old ones around for now, as some sites are still
using the old intermediate.
| Christian Hesse | 1 | -7/+7 |
2024-04-19 | README: show fingerprints in output•••This is not scrictly necessary, as we filter by fingerprint already...
But it gives better overview and feeling.
| Christian Hesse | 1 | -1/+1 |
2024-04-19 | README: remove left over certificate file•••But use find as RouterOS 7.15rc1 removes it automatically.
| Christian Hesse | 1 | -1/+2 |
2024-04-06 | global-functions: introduce $FetchHugerouteros-7.13-4 | Christian Hesse | 1 | -1/+1 |
2024-04-04 | README: add start-time & change interval in scheduler example•••Set the interval to once a day, Instead of every 1 hour.
Add start-time to start-up. Thereby introducing randomization based on when
the user last rebooted there device. As the interval is counted based on last
boot time.
| netravnen | 1 | -2/+2 |
2024-03-15 | README: add QR code with (shortened) upstream url | Christian Hesse | 1 | -0/+2 |
2024-03-12 | global-config: support loading snippets•••This adds support for loading snippets, which need a name starting with
"global-config-overlay.d/". This allows to split off configuration if
desired.
change-122 | Christian Hesse | 1 | -0/+5 |
2024-01-30 | README: note on required hardware and limitations by storage | Christian Hesse | 1 | -0/+8 |
2024-01-30 | README: make required software a paragraph | Christian Hesse | 1 | -0/+2 |
2024-01-30 | global-functions: $RandomDelay: always scale to ms...•••... to randomize in friction of unit.
This requires :tonsec from RouterOS 7.12.
routeros-7.12-1 | Christian Hesse | 1 | -1/+1 |
2024-01-18 | doc/hotspot-to-wpa: reference as WPA only...•••... as this works with WPA3 as well. ð
| Christian Hesse | 1 | -1/+1 |
2024-01-16 | README: set script owner on initial creation | Christian Hesse | 1 | -1/+1 |
2023-11-07 | README: print name with proplist for certificate verification | Christian Hesse | 1 | -3/+4 |
2023-11-07 | README: reference stable version | Christian Hesse | 1 | -1/+1 |
2023-11-07 | global-functions: $ParseDate: drop code for old format...•••... and increase required RouterOS.
We should probably wait some time before merging this: Even current
versions have some hidden places with old format:
[admin@MikroTik] > /system/resource/print
[...]
version: 7.10.2 (stable)
build-time: Jul/12/2023 09:45:11
[...]
(Though this is written with capital letter and fails anyway...)
Something similar goes for `/ip/neighbor`, where format depends on
remote devices. Does anybody need to parse this?
routeros-7.10beta5-2 | Christian Hesse | 1 | -1/+1 |
2023-10-26 | README: explain sensitive property | Christian Hesse | 1 | -0/+3 |
2023-10-26 | global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)•••old chain: R3 / ISRG Root X1
new chain: E1 / ISRG Root X2
No user interaction or migration is required for existing installations
as we install 'E1' and 'ISRG Root X2' for some time already.
| Christian Hesse | 1 | -7/+7 |
2023-10-17 | introduce mod/notification-ntfy...•••... for sending notifications via Ntfy (https://ntfy.sh/).
TODO: use proper formatting once supported in Android app:
https://github.com/binwiederhier/ntfy/issues/889
change-109 | Christian Hesse | 1 | -0/+1 |
2023-06-28 | README: reference stable version | Christian Hesse | 1 | -1/+1 |
2023-06-28 | global-functions: $MkDir: drop old code with smb workaround...•••... and increase required RouterOS.
routeros-7.9beta4-5 | Christian Hesse | 1 | -1/+1 |
2023-06-27 | README: link the RouterOS button to changelog | Christian Hesse | 1 | -1/+1 |
2023-06-13 | introduce fw-addr-listschange-101 | Christian Hesse | 1 | -0/+1 |
2023-04-26 | mod/ssh-keys-import: make ssh-keys-import a modulerouteros-7.9beta4-3change-100 | Christian Hesse | 1 | -1/+1 |
2023-04-18 | README: make the Telegram QR code a link | Christian Hesse | 1 | -1/+1 |
2023-04-18 | README: add a donate button to badges | Christian Hesse | 1 | -0/+1 |
2023-04-18 | README: generate a donate buttom from shields.io | Christian Hesse | 1 | -1/+1 |
2023-04-17 | README: note about breaking changes | Christian Hesse | 1 | -1/+4 |
2023-04-16 | README: add badge to link Telegram group | Christian Hesse | 1 | -0/+1 |
2023-04-06 | README: add badge to hint required RouterOS version | Christian Hesse | 1 | -0/+1 |
2023-03-20 | README: badge in style flat and with color | Christian Hesse | 1 | -3/+3 |
2023-03-07 | rename scripts and add file extension ".rsc"•••No functional change for the user... The migration is done
automatically.
change-95 | Christian Hesse | 1 | -3/+3 |
2023-03-06 | ... and update the logo in notifications | Christian Hesse | 1 | -1/+1 |
2023-02-17 | README: add a paragraph for scheduled automatic updates | Christian Hesse | 1 | -2/+4 |
2023-02-17 | README: move configuration down, make it a separate paragraph | Christian Hesse | 1 | -21/+33 |
2023-02-13 | README: give hint about converting line endings | Christian Hesse | 1 | -0/+5 |
2023-01-31 | introduce telegram-chat•••Druvis from Mikrotik produced a video "MikroTik Telegram bot - Chat with
your Router?". He shows his script to chat with a Router via Telegram
bot to send it commands: https://youtu.be/KLX6j3sLRIE
This script is kind of limited and has several issues... ðĨī
Let's make it robust, usable, multi-device capable and just fun! ð
(Sadly Mikrotik has a policy to not allow links in Youtube comments.
Thus my comment with several hints was removed immediately. If anybody
is in contact with Druvis... Please tell him about this script!)
change-90 | Christian Hesse | 1 | -0/+1 |
2023-01-11 | use arrows with emoji representation•••We had...
â Go back to main README
âē Go back to top
... and switch to...
âŽ
ïļ Go back to main README
âŽïļ Go back to top
| Christian Hesse | 1 | -1/+1 |
2023-01-11 | README: install custom script from routeros-scripts-custom | Christian Hesse | 1 | -4/+1 |
2023-01-10 | README: add linked custom scripts & modules | Christian Hesse | 1 | -0/+20 |
2022-12-19 | README: RouterOS v7 path syntax•••Missed one in b6ddc5968e7a3393bb6e9b0c0ccf96379efc62b4...
| Christian Hesse | 1 | -1/+1 |
2022-11-17 | README: link to Github pull requests | Christian Hesse | 1 | -1/+3 |
2022-10-31 | README: copy *relevant* configuration only | Christian Hesse | 1 | -1/+1 |
2022-10-20 | README: update notification•••---- âïļ ----
ð News and configuration changes
The configuration version on MikroTik increased to 85, current configuration may need modification. Please review and update global-config-overlay, then re-run global-config.
Changes:
â Support for e-mail notifications moved to a module. It is installed automatically if required.
â Dropped 'netwatch-syslog', filtering in firewall is advised.
---- âïļ ----
| Christian Hesse | 1 | -1/+1 |
2022-09-25 | drop 'learn-mac-based-vlan' and 'manage-umts'•••This was undocumented and scripts did never catch up with general
quality expectations, for example global-config and global functions
were not used.
If you need the code get it from git history. ð
| Christian Hesse | 1 | -4/+0 |
2022-09-25 | drop 'netwatch-syslog'•••To filter in firewall you should use something like this:
/ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
/ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
change-85 | Christian Hesse | 1 | -1/+0 |
2022-09-25 | introduce 'mod/notification-email', split off from global-functionschange-84 | Christian Hesse | 1 | -0/+1 |
2022-07-11 | ... and another one | Christian Hesse | 1 | -1/+1 |
2022-07-07 | README: show a sample news and changes notification | Christian Hesse | 1 | -0/+5 |
2022-06-28 | README: How to remove a script... | Christian Hesse | 1 | -0/+12 |
2022-06-15 | drop script 'rotate-ntp'•••For RouterOS 6.x a separate package 'ntp' exists. This adds server
functionality, but allows ip addresses for the client only. I added the
script 'rotate-ntp' to update addresses from names...
Now with RouterOS 7.x there's no extra package and the limitation does
no longer exist. So let's just drop the script.
This adds migration code, that...
* removes the script from configuration
* removes a scheduler from configuration
* sets the configured ntp pool name for ntp client
change-81 | Christian Hesse | 1 | -1/+0 |
2022-05-12 | README: RouterOS v7 path syntax | Christian Hesse | 1 | -30/+17 |
2022-05-05 | README: installing custom scripts & modules | Christian Hesse | 1 | -0/+23 |
2022-03-30 | introduce backup-partitionchange-79 | Christian Hesse | 1 | -0/+1 |
2022-02-21 | add doc/mod/scriptrunonce | Christian Hesse | 1 | -0/+1 |
2022-02-20 | add doc/mod/ipcalc | Christian Hesse | 1 | -0/+1 |
2022-02-20 | add doc/mod/inspectvar | Christian Hesse | 1 | -0/+1 |
2022-02-20 | add doc/mod/notification-matrix | Christian Hesse | 1 | -0/+1 |
2022-02-20 | add doc/mod/notification-telegram | Christian Hesse | 1 | -0/+1 |
2022-02-11 | README: put hint into block quote | Christian Hesse | 1 | -2/+2 |
2022-02-10 | introduce firmware-upgrade-rebootchange-77 | Christian Hesse | 1 | -0/+1 |
2022-01-14 | README: drop hint on branch 'routeros-v7' | Christian Hesse | 1 | -18/+3 |
2022-01-14 | README: install correct global-config-overlay for RouterOS v6branch-routeros-v6 | Christian Hesse | 1 | -2/+7 |
2022-01-06 | rename script upload-backup -> backup-upload | Christian Hesse | 1 | -1/+1 |
2022-01-06 | rename script email-backup -> backup-email | Christian Hesse | 1 | -1/+1 |
2022-01-06 | rename script cloud-backup -> backup-cloud | Christian Hesse | 1 | -1/+1 |
2022-01-03 | introduce netwatch-dnschange-72 | Christian Hesse | 1 | -0/+1 |
2022-01-03 | README: convert screenshots to AVIF | Christian Hesse | 1 | -11/+11 |
2022-01-03 | README: convert Telegram group qr code to AVIF | Christian Hesse | 1 | -1/+1 |
2021-12-30 | README: add a qr code to join Telegram group | Christian Hesse | 1 | -0/+3 |
2021-12-13 | README: changes for RouterOS v6change-71 | Christian Hesse | 1 | -0/+12 |
2021-12-07 | global-config: load overlay automatically | Christian Hesse | 1 | -2/+2 |
2021-12-07 | README: changes for RouterOS v7change-70 | Christian Hesse | 1 | -0/+14 |
2021-11-18 | README: no capitals here... | Christian Hesse | 1 | -1/+1 |
2021-11-16 | reintroduce global-waitchange-68 | Christian Hesse | 1 | -0/+1 |
2021-11-15 | shorten modules directory name (global-functions.d -> mod)change-67 | Christian Hesse | 1 | -2/+2 |
2021-11-15 | bridge-port-to-default -> global-functions.d/bridge-port-tochange-66 | Christian Hesse | 1 | -1/+1 |
2021-11-12 | add global-functions.d/bridge-port-vlanchange-65 | Christian Hesse | 1 | -0/+5 |
2021-09-21 | README: add a note about date and time | Christian Hesse | 1 | -0/+4 |
2021-09-21 | README: use real screenshots...•••... and make sure copy-and-paste with code does not fail.
Also end all commands with a semicolon for Github copy button.
| Christian Hesse | 1 | -27/+41 |
2021-05-18 | drop certificate DST Root CA X3•••Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root
X1") on July 8, 2019, but postponed several times.
Finally they found another solution: A certificate 'ISRG Root X1', but
cross-signed with 'DST Root CA X3' and with a livetime that exceeds that
of the root CA. This is said to work for most operating system where root
certificate authorities are just 'trust anchors'.
I doubt this is true for RouterOS, where certificates are just imported
into the certificate store. So let's migrate to 'ISRG Root X1' now.
| Christian Hesse | 1 | -12/+4 |
2021-05-17 | add 'ipsec-to-dns'change-51 | Christian Hesse | 1 | -0/+1 |
2021-05-07 | README: use svg logo | Christian Hesse | 1 | -1/+1 |
2021-04-28 | README: add logo | Christian Hesse | 1 | -0/+2 |
2021-03-04 | global-config-overlay: remove magic•••This allows to drop the ignore flag.
| Christian Hesse | 1 | -4/+0 |
2021-02-22 | We have a Telegram group!change-45 | Christian Hesse | 1 | -0/+7 |
2021-02-21 | README: swap stars and forks | Christian Hesse | 1 | -1/+1 |
2021-02-18 | global: drop script 'global-wait'•••All scripts wait for the global functions on their own now.
change-44 | Christian Hesse | 1 | -1/+0 |
2021-02-18 | README: fix typo | Christian Hesse | 1 | -1/+1 |
2020-12-18 | README: drop Let's Encrypt Authority X3 | Christian Hesse | 1 | -18/+3 |
2020-12-17 | README: also import Let's Encrypt certificate "R3" | Christian Hesse | 1 | -9/+24 |
2020-11-01 | README: optional scheduler to update scripts automatically | Christian Hesse | 1 | -0/+5 |
2020-10-23 | ospf-to-leds: introduce script to visualize ospf state via ledschange-34 | Christian Hesse | 1 | -0/+1 |
2020-10-15 | README: link to global-config | Christian Hesse | 1 | -2/+2 |
2020-10-15 | global-config: do not define mail addresses by default | Christian Hesse | 1 | -3/+3 |
2020-08-13 | fix typo: botton -> button | Christian Hesse | 1 | -1/+1 |
2020-07-15 | add 'log-forward', drop 'early-errors'change-23 | Christian Hesse | 1 | -1/+1 |
2020-07-14 | README: be more explicit on file name | Christian Hesse | 1 | -1/+1 |
2020-07-14 | global-config: dropped $ScriptUpdatesIgnore, use ignore flag in commentchange-22 | Christian Hesse | 1 | -0/+4 |