Community discussions

Search found 254 matches

by RackKing
Wed Jun 19, 2019 3:33 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

I have done some more testing on various versions of this script and typical failures that in my mind simulate a malicious attack.. Here are my findings. The script will work properly if the log messages is in this exact format: x.x.x.x phase 1 negotiation failed I believe this is when the VPN serve...
by RackKing
Tue Jun 18, 2019 3:21 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

7d does not work, max 24h, since field is just hour. Did you try then end of line $ ? :local loglist [:toarray [/log find message~"negotiation failed.\$"]] Ah - thank you for the clarification on the 24h part. The first time I ran that as I indicated in #22 I go nothing. How when I run it I do get ...
by RackKing
Tue Jun 18, 2019 2:46 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

I also went back to post #6 and re ran those scripts thinking that since we had different "negotation failed" messages these may work. But I did not receive out put from either. I did adjust the time back far enough to grab them. Below is the second one. :put [:toarray [/log find time>([/system cloc...
by RackKing
Tue Jun 18, 2019 2:38 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

I was working with the script again in an effort to get it going - here is where I at. This: [ :local loglist [:toarray [/log find (message~"negotiation failed" || message~"src_ip")]] :foreach i in=$loglist do={ :local logMessage [/log get $i message] :local ip [:pick $logMessage 0 [:find $logMessag...
by RackKing
Mon Jun 17, 2019 1:33 am
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

Again - thank you for your help. I really appreciate your help like to get his working. Here is the output from the first version https://i.imgur.com/zbjNFkZ.jpg Or this may do, make sure negotiation filed. is at the end of the line The second version did not pull anything. So the first version appe...
by RackKing
Sun Jun 16, 2019 4:41 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

Here is one where id work the IP and message = is the IP address

Image
by RackKing
Sun Jun 16, 2019 4:36 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

Thank you for your continued help in this.

This is a sample of what I get.... it is about 20-30 lines longer.

Image
by RackKing
Sun Jun 16, 2019 2:29 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

For clarity - when I use what I believe is the "within last 24 hour" part of the original script I get no output. [ :local loglist [:toarray [/log find time>([/system clock get time] -24h) message~"negotiation failed"]] :foreach i in=$loglist do={ :local logMessage [/log get $i message] :local ip [:...
by RackKing
Sun Jun 16, 2019 2:11 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

For anyone who may see this - here is some code I have cobbled together to produce the following output. To be clear - this was code that Jotone wrote and is his credit. I am simply trying to find why it does not work for me. [ :local loglist [:toarray [/log find message~"negotiation failed"]] :fore...
by RackKing
Sun Jun 16, 2019 12:47 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

Ok Jotne - Thank you for the links. I assume the script you posted works on your MTs? I would have thought that I could copy a working script and duplicate the results. I will struggle with it some more, but probably do not have the programming skills to work through it. Thanks again for your efforts.
by RackKing
Sun Jun 16, 2019 3:57 am
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

[ :local list [:toarray [/log find message~"negotiation failed"]] :put "ID-List" :put $list :put "" :put "Log lines" :foreach i in=$list do={ :put [/log print as-value where .id=$i]} ] So I ran that - and the log started filling up with lots of lines... I had to interrupt it :-) so that worked Then...
by RackKing
Sun Jun 16, 2019 3:19 am
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

When I copy that in CLI I get the following - ID-List Log lines That is it - with two blanks between. The log is filled with at least 10 "negotiation failed" lines in the last 24 hours. Could the clock be causing a problem? The log is stored in memory - I assume that is ok as default? update - I typ...
by RackKing
Sat Jun 15, 2019 2:50 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

Hi - Here is what happens with the first part - 1. dynamically created a FW address-list rule named IPSEC with and address of phase1. Timeout is correct. 2. Terminal L1: script=IPSEC_failed src_ip=phase1 3. Terminal L2: failure: already have such entry note: I deleted the previous phase1 entries for...
by RackKing
Sat Jun 15, 2019 3:25 am
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

Thanks Jotne - I will try it later and report back.
by RackKing
Fri Jun 14, 2019 4:00 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

I was trying to copy your original post in to the script windows and not CLI. Adding it Via CLI worked better. It ran and gave me a FW entry this time, but it does not pull the IP from the log entry. Here is the log add from the script: script=IPSEC_failed src_ip=phase1 That is the beginning of the ...
by RackKing
Fri Jun 14, 2019 2:31 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

When I add the all the script code via copy/paste it fails. So this must be some CR issue on my end.

I will try and sort it later.

Thanks for your help
by RackKing
Thu Jun 13, 2019 4:16 pm
Forum: General
Topic: L2TP/IPSec more than one shared secret? [SOLVED]
Replies: 8
Views: 464

Re: L2TP/IPSec more than one shared secret? [SOLVED]

Got it - I understand and appreciate your comments.

Your concise explanations are great.
by RackKing
Thu Jun 13, 2019 2:33 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 28
Views: 1447

Re: Script to add IP of failed IPSEC login to block list

Thank you for this!
by RackKing
Thu Jun 13, 2019 1:32 pm
Forum: RouterBOARD hardware
Topic: Mikrotik SFP / Cisco
Replies: 3
Views: 454

Re: Mikrotik SFP / Cisco

Probably not massively helpful for you but I successfully use the Cisco GLC-SX-MM SFP's in all of my MT devices. Dirt cheap on the second hand market as well.
Thanks for the tip - very helpful
by RackKing
Thu Jun 13, 2019 12:38 pm
Forum: General
Topic: L2TP/IPSec more than one shared secret? [SOLVED]
Replies: 8
Views: 464

Re: L2TP/IPSec more than one shared secret? [SOLVED]

Thank you. For a road warrior scenario - is there an approach that will work? Alternative VPN or otherwise? As for firewall handling of the contractor, there is plenty of possibilities: you can set a specific remote-address in the contractor's /ppp secret item, or you can make that item refer to a d...
by RackKing
Thu Jun 13, 2019 4:35 am
Forum: General
Topic: L2TP/IPSec more than one shared secret? [SOLVED]
Replies: 8
Views: 464

Re: L2TP/IPSec more than one shared secret? [SOLVED]

Thanks sindy - Can the address be the address assigned to the them in the /ppp /secrets local-address? So when those credentials are used they always get the same IP that I can use in FW filter rules? I am assuming that "Incoming connection requests from the IP address" refers to the contractors WAN...
by RackKing
Thu Jun 13, 2019 1:44 am
Forum: General
Topic: L2TP/IPSec more than one shared secret? [SOLVED]
Replies: 8
Views: 464

Re: L2TP/IPSec more than one shared secret? [SOLVED]

Looks like there has to be a peer and an identity. Did not get it working.

It looks the the key in peer1 is taken from the L2TP server settings.
by RackKing
Wed Jun 12, 2019 2:16 pm
Forum: General
Topic: L2TP/IPSec more than one shared secret? [SOLVED]
Replies: 8
Views: 464

L2TP/IPSec more than one shared secret? [SOLVED]

I have an L2TP/IPSec VPN server up and running on our Mikrotik. I would like to add a VPN user who is outside our organization (i.e. not our employee) in order gain access to certain assets for support. I know I can specify a remote address and use firewall filter rules with that address to limit ac...
by RackKing
Tue Jun 11, 2019 11:07 am
Forum: General
Topic: LT2P/IPSec VPN working no internet access [SOLVED]
Replies: 6
Views: 375

Re: LT2P/IPSec VPN working no internet access [SOLVED]

Thank you again.
by RackKing
Mon Jun 10, 2019 2:43 pm
Forum: General
Topic: LT2P/IPSec VPN working no internet access [SOLVED]
Replies: 6
Views: 375

Re: LT2P/IPSec VPN working no internet access [SOLVED]

"So either add an interface-list=LAN item to the /ppp profile" This looks like a cleaner way to do it. Should I add the interface-list=LAN to both the default and default-encryption profile? To test, I added it to the default-encryption profile and it worked. I did not realize you could dynamically ...
by RackKing
Mon Jun 10, 2019 2:10 am
Forum: General
Topic: LT2P/IPSec VPN working no internet access [SOLVED]
Replies: 6
Views: 375

Re: LT2P/IPSec VPN working no internet access [SOLVED]

Ok - good idea # jun/09/2019 17:49:01 by RouterOS 6.44.3 /interface vlan add interface=main_bridge name=main-v10 vlan-id=10 /interface list add name=WAN add name=LAN /ip pool add name=main ranges=192.168.254.50-192.168.254.199 add name=vpn ranges=192.168.50.50-192.168.50.80 /ip dhcp-server add addre...
by RackKing
Sun Jun 09, 2019 8:52 pm
Forum: General
Topic: LT2P/IPSec VPN working no internet access [SOLVED]
Replies: 6
Views: 375

LT2P/IPSec VPN working no internet access [SOLVED]

Hi - I have an L2TP / IPSec VPN server configured and working (except for internet access) as per these instructions - https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP The VPN tunnel works and I can see the assets on the remote networks - as the firewall allows. The VPN network has a nat Masq ru...
by RackKing
Sun Jun 09, 2019 6:01 pm
Forum: General
Topic: Please check my FW rules for Unifi controller? [SOLVED]
Replies: 2
Views: 191

Re: Please check my FW rules for Unifi controller? [SOLVED]

You've mixed things together in the filter rules. As you've combined the conditions which "new" packets must meet in order to be accepted with a condition saying they must not be "new" in a single rule, no "new" packet will ever go through, so no connection will ever be initiated. You are a scholar...
by RackKing
Sun Jun 09, 2019 5:16 pm
Forum: General
Topic: Please check my FW rules for Unifi controller? [SOLVED]
Replies: 2
Views: 191

Please check my FW rules for Unifi controller? [SOLVED]

Hi, I have a Unifi controller behind a Mikrotik 3011 that works for my local gear. I want to add another site with APs that are at a friends house. I got the port list from https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used that need to be open. Can someone confirm my firewall rules ...
by RackKing
Sat Jun 08, 2019 5:56 pm
Forum: General
Topic: L2TP idle-timeout?
Replies: 0
Views: 112

L2TP idle-timeout?

Hi,

I am trying to terminate L2TP/IPSec VPN connections after 15 mins of inactivity.

I tired using PPP/Profile/Limits/Idle Timeout to make this happen it does not seem to work.

Any advice?
by RackKing
Fri Jun 07, 2019 10:45 am
Forum: Beginner Basics
Topic: DHCP reservation in or out of Pool/Scope?
Replies: 7
Views: 411

Re: DHCP reservation in or out of Pool/Scope?

Thanks guys - that was what I was looking for.
by RackKing
Fri Jun 07, 2019 1:30 am
Forum: Beginner Basics
Topic: DHCP reservation in or out of Pool/Scope?
Replies: 7
Views: 411

Re: DHCP reservation in or out of Pool/Scope?

Any ideas?
by RackKing
Fri Jun 07, 2019 1:29 am
Forum: General
Topic: Filter or NAT rule for ports Unifi?
Replies: 2
Views: 202

Re: Filter or NAT rule for ports Unifi?

anyone?
by RackKing
Thu Jun 06, 2019 3:31 pm
Forum: General
Topic: Filter or NAT rule for ports Unifi?
Replies: 2
Views: 202

Filter or NAT rule for ports Unifi?

What is the right way to do this - There is an main on premise Unifi server/controller running at 192.168.99.10. I need to allow remote owner Unifi gear in to see the controller for normal operation. Here are the ports Unifi has identified as required. - that all makes sense. https://help.ubnt.com/h...
by RackKing
Thu Jun 06, 2019 2:54 pm
Forum: Beginner Basics
Topic: DHCP reservation in or out of Pool/Scope?
Replies: 7
Views: 411

DHCP reservation in or out of Pool/Scope?

This is more of a subjective questions, but... I want comment out some the DHCP leases the router is giving out. Most of the time this is done in conjunction with assigning a specific IP address outside of the pool/scope. I am not as concerned with what the IP address is - simply who/what the host i...
by RackKing
Thu May 23, 2019 3:01 pm
Forum: General
Topic: Mikrotik router with Windows Server DHCP Server?
Replies: 2
Views: 188

Mikrotik router with Windows Server DHCP Server?

Hi, Question - I have a Tik router connected behind a sonicwall router running a 192.168.33.1/24 network. There is a Windows server running DHCP on that network at 192.168.33.6. I want to get clients connected to my Tik to pick up and address from that HDCP server at 192.168.33.6 - ISP >> Sonicwall ...
by RackKing
Thu May 16, 2019 2:17 pm
Forum: The Dude
Topic: The Dude IS Dead, really, isn't it?
Replies: 30
Views: 4399

Re: The Dude IS Dead, really, isn't it?

An update for anyone interested. I've just spent the last few weeks testing several different NMS packages. From licensed to free. Zabbix was a close contender, Solarwinds was simply outside of our price range. We've decided on NetXMS. NetXMS has ticked serveral major boxes for us. It may of easily...
by RackKing
Mon Jan 28, 2019 10:55 pm
Forum: General
Topic: DHCP philosophy - where/what is it best served by?
Replies: 9
Views: 549

Re: DHCP philosophy - where/what is it best served by?

Not just for outlook clients, if your DNS is not good in AD setup, it will brake replication, etc. In an AD environment, use Windows for DHCP and DNS, they integrate with each other and serve a much bigger picture than just IP Addressing and Name resolution to browse the web, etc Thanks CZfan. I he...
by RackKing
Mon Jan 28, 2019 10:44 pm
Forum: General
Topic: DHCP philosophy - where/what is it best served by?
Replies: 9
Views: 549

Re: DHCP philosophy - where/what is it best served by?

I manage all aspects of a network. Routers, switches, servers, video, VoIP, and pretty much anything else that gets an IP address. If there is a real server (or servers) on the network, one or more will be handling DNS, DHCP, and pretty much any other client/server type of service. Routers are quit...
by RackKing
Mon Jan 28, 2019 3:35 pm
Forum: General
Topic: DHCP philosophy - where/what is it best served by?
Replies: 9
Views: 549

Re: DHCP philosophy - where/what is it best served by?

My view: DHCP server and DNS server are L3. If I'm in charge of L3 part of network infrastructure (i.e. address space allocation, perhaps some LAN DNS services[*]), then I'll request to deal with those services exclusively (doesn't matter if it's service running on top of some core router or dedica...
by RackKing
Mon Jan 28, 2019 2:59 pm
Forum: General
Topic: DHCP philosophy - where/what is it best served by?
Replies: 9
Views: 549

DHCP philosophy - where/what is it best served by?

Hi, This is more of a general networking questions than a Tik questions for sure. I am curious to know what others are seeing currently and what the trend it. I suspect the answer moves depending on the market we are talking about. I currently deploy Mikrotik in to a wide range of scenarios from res...
by RackKing
Thu Dec 20, 2018 2:53 am
Forum: General
Topic: Chromecast across VLANs?
Replies: 4
Views: 523

Re: Chromecast across VLANs?

Thanks for this. I am trying to get a PC to cast a chrome tab. I think the guest features only works with cast enabled apps from ios/android.

I wonder if Avahi works for this. I have never used it....
by RackKing
Wed Dec 19, 2018 4:11 pm
Forum: General
Topic: Chromecast across VLANs?
Replies: 4
Views: 523

Re: Chromecast across VLANs?

Anyone?
by RackKing
Tue Dec 18, 2018 10:42 pm
Forum: General
Topic: Chromecast across VLANs?
Replies: 4
Views: 523

Chromecast across VLANs?

How can I do this in ROS?
by RackKing
Tue Dec 11, 2018 6:06 pm
Forum: General
Topic: ISP modem reset causes MT dhcp client to get stuck at NAK
Replies: 0
Views: 217

ISP modem reset causes MT dhcp client to get stuck at NAK

This has become more of a problem recently, particularly when an ISP cable modem and Mikrotik router reset occurs due to power failure. The issue occurs when router's DHCP client makes a request prior to the modem being online and gets a private dhcp IP address from the ISP cable modem. When the lea...
by RackKing
Tue Dec 11, 2018 2:14 am
Forum: General
Topic: DHCP client script execution
Replies: 6
Views: 1022

Re: DHCP client script execution

I'll report what Wiki says: Script that will be executed after lease is assigned or de-assigned. Internal "global" variables that can be used in the script: leaseBound - set to "1" if bound, otherwise set to "0" leaseServerName - dhcp server name leaseActMAC - active mac address leaseActIP - active...
by RackKing
Mon Dec 10, 2018 10:43 pm
Forum: General
Topic: DHCP client script execution
Replies: 6
Views: 1022

Re: DHCP client script execution

I'll report what Wiki says: Script that will be executed after lease is assigned or de-assigned. Internal "global" variables that can be used in the script: leaseBound - set to "1" if bound, otherwise set to "0" leaseServerName - dhcp server name leaseActMAC - active mac address leaseActIP - active...
by RackKing
Mon Dec 10, 2018 5:50 pm
Forum: General
Topic: DHCP client script execution
Replies: 6
Views: 1022

DHCP client script execution

I see the DHCP client can execute a script. I cannot seem to make the script execute - under what circumstances should this trigger? I assumed a manual release would trigger the script. Or any change in the DHCP client status - any thoughts? Thanks.
by RackKing
Fri Dec 07, 2018 10:10 pm
Forum: General
Topic: Raw drop rule of a list... clarification needed.
Replies: 1
Views: 183

Raw drop rule of a list... clarification needed.

I have read this but want to make sure I understand correctly. If I have a "blacklist" created that is dropped bay a rule in raw - there is no need to drop it anywhere else? To put another way - anything in raw that gets dropped will never be seen by the input and forward chains in the filter? So do...
by RackKing
Fri Dec 07, 2018 5:51 pm
Forum: General
Topic: Log prefix length limit from a FW rule?
Replies: 0
Views: 190

Log prefix length limit from a FW rule?

It appears there is a limit to log prefix from a FW rule. Is there a way to increase this? They seem to get cutoff with a ":"