Community discussions

Search found 220 matches

by eworm
Tue Jan 15, 2019 5:41 pm
Forum: General
Topic: remote logging to systemd journal
Replies: 0
Views: 44

remote logging to systemd journal

Hello everybody, I do use a linux server for remote logging. For some time I ran a rsyslog instance that listened for syslog messages on UDP port 514 and redirected them to systemd's journald. But the syslog implementations are bloated and complex for a simple task like this - especially if you do n...
by eworm
Mon Jan 14, 2019 9:59 am
Forum: Scripting
Topic: netwatch script compose email to multiple recipients?
Replies: 7
Views: 7827

Re: netwatch script compose email to multiple recipients?

Simply use cc... That accepts several receipients.
/tool e-mail send \
to=abc@mycompany.com \
cc=michael.manns@gmail.com,another@gmail.com \
from=KCMT@foresitewireless.com \
 subject=("Room 206 AP is down")
by eworm
Fri Jan 11, 2019 6:28 pm
Forum: General
Topic: LTE Modem Firmware upgrade
Replies: 1
Views: 152

Re: LTE Modem Firmware upgrade

Probably when 6.44 is ready... Nobody will give you a date for that.
by eworm
Fri Jan 11, 2019 1:15 am
Forum: RouterBOARD hardware
Topic: Which RB devices are upgraded to have USR LED and MODE button?
Replies: 3
Views: 188

Re: Which RB devices are upgraded to have USR LED and MODE button?

You can make the devices act on multiple mode button presses. Have a looks at mode-button-event and mode-button-scheduler. For these to function you need other scripts from routeros-scripts.
by eworm
Tue Jan 08, 2019 2:28 pm
Forum: General
Topic: IKEv2 multiple clients [SOLVED]
Replies: 5
Views: 297

Re: IKEv2 multiple clients [SOLVED]

The peer certificate is issued from a CA on your device, that only accepts trusted certificates it issued itself.
by eworm
Tue Jan 08, 2019 2:07 pm
Forum: General
Topic: IKEv2 multiple clients [SOLVED]
Replies: 5
Views: 297

Re: IKEv2 multiple clients [SOLVED]

I think your problem is that you have two peers, and only the first is matched. Try:
/ip ipsec peer remove [ find where remote-certificate=client1 ];
/ip ipsec peer set remote-certificate="" [ find ];
by eworm
Tue Jan 08, 2019 11:00 am
Forum: General
Topic: IPSEC/IKEv2, mode-config and changing ip addresses
Replies: 0
Views: 135

IPSEC/IKEv2, mode-config and changing ip addresses

Hello everybody, I have an IPSEC/IKEv2 VPN in transport mode, GRE interfaces connect to the IPSEC addresses. The real data goes through the GRE interfaces. Currently the server runs a script to update the GRE interfaces' remote addresses, according to the client addresses assigned by mode-config. Is...
by eworm
Sun Jan 06, 2019 11:39 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request (SCRIPTING)
Replies: 6
Views: 362

Re: Feature request (SCRIPTING)

It does work from script, but I just realized it fails when started from scheduler. No idea what's wrong, no logs on either side.
by eworm
Sun Jan 06, 2019 10:58 pm
Forum: General
Topic: How to get current system date and time to a variable ?
Replies: 1
Views: 171

Re: How to get current system date and time to a variable ?

Both to one variable?
:global DateTime ([ / system clock get date ] . " " . [ / system clock get time ]);
If you want each in one varaiable:
:global Date [ / system clock get date ];
:global Time [ / system clock get time ];
by eworm
Sun Jan 06, 2019 6:19 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request (SCRIPTING)
Replies: 6
Views: 362

Re: Feature request (SCRIPTING)

Import private and public key on Router A: /user ssh-keys private import private-key-file=id_rsa public-key-file=id_rsa.pub Then import public key on Router B: /user ssh-keys import user=admin public-key-file=id_rsa.pub Then ssh from Router A to Router B: /system ssh address=10.0.0.1 user=admin com...
by eworm
Fri Jan 04, 2019 7:20 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request (SCRIPTING)
Replies: 6
Views: 362

Re: Feature request (SCRIPTING)

Import private and public key on Router A: /user ssh-keys private import private-key-file=id_rsa public-key-file=id_rsa.pub Then import public key on Router B: /user ssh-keys import user=admin public-key-file=id_rsa.pub Then ssh from Router A to Router B: /system ssh address=10.0.0.1 user=admin comm...
by eworm
Fri Jan 04, 2019 12:15 pm
Forum: RouterBOARD hardware
Topic: HOW TO GET SIM CARD NUMBER
Replies: 6
Views: 319

Re: HOW TO GET SIM CARD NUMBER

:put ([ / interface lte info [ :pick [ find ] 0 ] once as-value ]->"uicc")
by eworm
Thu Jan 03, 2019 2:31 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 143
Views: 17272

Re: v6.43.8 [stable] is released!

This works:
/system script environment { :global A 10; remove "A"; :global A 20; print; remove [ find where name="A" ]; }
I do not have an explanation, though.
by eworm
Thu Jan 03, 2019 1:03 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM POE Problems
Replies: 4
Views: 341

Re: CRS328-24P-4S+RM POE Problems

Try a power cycle on the port:
/ interface ethernet poe etherX power-cycle
by eworm
Wed Jan 02, 2019 12:21 am
Forum: General
Topic: RouterOS 6.34.4 cannot import ed25519 ssh public keys.
Replies: 2
Views: 255

Re: RouterOS 6.34.4 cannot import ed25519 ssh public keys.

Currently only DSA and RSA keys are supported. I would like to see support for ed25519 keys as well... BTW, RSA is supported since RouterOS 6.31 and has been added after OpenSSH deprecated DSA in a way that you had to specify extra options to connect. Let's hope we do not need a similar event for ed...
by eworm
Tue Jan 01, 2019 4:18 pm
Forum: General
Topic: ZeroByte can you help
Replies: 4
Views: 412

Re: ZeroByte can you help

Oh, I did misread (or understand at all) this post.
Did not get that he wants to contact a user specifically. So sorry and good luck.
by eworm
Tue Jan 01, 2019 12:42 pm
Forum: Scripting
Topic: Add value to the end of an array?
Replies: 1
Views: 109

Re: Add value to the end of an array?

This creates empty array and adds a value:
:local array [ :toarray "" ];
:set array ( $array, $newvalue );
Just repeat for more values.
by eworm
Tue Jan 01, 2019 12:31 pm
Forum: General
Topic: ROS as a IKEV2 client support EAP-MSChAPv2?
Replies: 3
Views: 259

Re: ROS as a IKEV2 client support EAP-MSChAPv2?

Currently EAP authentication as initiator is not possible for IKEv2.
viewtopic.php?p=650295
by eworm
Tue Jan 01, 2019 12:27 pm
Forum: General
Topic: ZeroByte can you help
Replies: 4
Views: 412

Re: ZeroByte can you help

by eworm
Mon Dec 31, 2018 12:32 am
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 623

Re: NordVpn and mikrotik?

I just checked and it is not going to happen till ROS 7.

viewtopic.php?p=650295
Thanks for the link, msatter! In short: currently EAP authentication as initiator is not possible for IKEv2. So the website is right, no-go with Mikrotik.
by eworm
Sun Dec 30, 2018 6:45 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 623

Re: NordVpn and mikrotik?

IKEv2/IPSEC is supported by NordVPN: https://nordvpn.com/de/tutorials/windows-10/ikev2/ This is a tutorial for Windows 10, but it does not matter for the supported protocol and RouterOS does support IKEv2/IPSEC. So still: What's the issue? Just ignore what they say is not supported, probably they di...
by eworm
Sun Dec 30, 2018 3:19 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 623

Re: NordVpn and mikrotik?

Then what's the issue with NordVPN and IKEv2/IPSEC?
by eworm
Sun Dec 30, 2018 2:49 am
Forum: General
Topic: NordVpn and mikrotik?
Replies: 11
Views: 623

Re: NordVpn and mikrotik?

Well, IKEv2/IPSEC should do the trick. I do not have a NordVpn account, so can not verify.
by eworm
Sat Dec 29, 2018 11:54 pm
Forum: Scripting
Topic: Script only works in terminal, not by GUI or scheduler
Replies: 4
Views: 203

Re: Script only works in terminal, not by GUI or scheduler

You should not (never ever!) use any print and index in your scripts. Things will break badly if items are numbered different for what ever reason. Instead of this bad code: /int bridge port print remove 4,5 You should use something like this: /int bridge port remove [ find where interface=wlan1 ] r...
by eworm
Wed Dec 19, 2018 3:11 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1002
Views: 167957

Re: Feature requests

If anybody from MikroTik is reading this I would make a sugestion that I can somehow disable fetch tool log messages. I wrote a simple script for fetching public IP address for updating No-ip address, and it works OK, but now I have log flooded with fetch messages. You can get rid of this. If you d...
by eworm
Wed Dec 19, 2018 1:00 am
Forum: General
Topic: Mikrotik powered christmas tree
Replies: 2
Views: 358

Re: Mikrotik powered christmas tree

I've been waiting for that christmas tree. Thanks a lot for bringing it back!
by eworm
Wed Dec 19, 2018 12:46 am
Forum: General
Topic: Cloud Backup
Replies: 7
Views: 840

Re: Cloud Backup

This is a nice feature, but it has one weakness: You have to remove the backup before uploading a new one. In case the removal succeeds but the upload fails you do not have a backup at all (at least in cloud). So you should consider to either provide two upload slots, so one backup can be removed wh...
by eworm
Tue Dec 18, 2018 10:31 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51901

Re: v6.44beta [testing] is released!

What do you mean with lost package? Did you actually lose wireless package under System/Packages menu or wireless interface did not work properly? The wireless package did no longer show under System/Package, had to copy the npk file manually to recover. Tried to reproduce with a mAP lite that has ...
by eworm
Tue Dec 18, 2018 2:23 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51901

Re: v6.44beta [testing] is released!

set frequency-mode to regulatory-domain That works, thanks! Can this be the cause for my trouble with wireless package? *) package - use bundled package by default if standalone packages are installed as well; what set of packages did you have? and what did you use to upgrade? Ah, right, that could...
by eworm
Tue Dec 18, 2018 2:12 pm
Forum: General
Topic: IP CLOUD is down
Replies: 56
Views: 6384

Re: IP CLOUD is down

Normis ... How to know if you are using the old cloud or the new one ??? Is there any way to know it ???
Up to RouterOS 6.42.x: old cloud
RouterOS 6.43 and later: new cloud
by eworm
Tue Dec 18, 2018 2:06 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51901

Re: v6.44beta [testing] is released!

set frequency-mode to regulatory-domain
That works, thanks! Can this be the cause for my trouble with wireless package?
by eworm
Tue Dec 18, 2018 1:40 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51901

Re: v6.44beta [testing] is released!

Updated wAP LTE to version 6.44beta50 and lost the wireless package. :-/ The LTE connection was really weak, though - no idea if that caused the issue. After restoring my settings I can not set the country for my interface: [admin@MikroTik] /interface wireless> set country=germany wlan1 failure: on...
by eworm
Tue Dec 18, 2018 1:12 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51901

Re: v6.44beta [testing] is released!

Updated wAP LTE to version 6.44beta50 and lost the wireless package. :-/
The LTE connection was really weak, though - no idea if that caused the issue.
by eworm
Mon Dec 17, 2018 9:39 pm
Forum: General
Topic: GRE tunnel running on one side but not the other?
Replies: 3
Views: 131

Re: GRE tunnel running on one side but not the other?

Und another note... In your current situation removing stale connection may help:
/ ip firewall connection remove [ find where protocol=gre ]
by eworm
Mon Dec 17, 2018 9:11 pm
Forum: General
Topic: GRE tunnel running on one side but not the other?
Replies: 3
Views: 131

Re: GRE tunnel running on one side but not the other?

I use GRE over IPSEC. For me this happened when one side had stale connection in tracking before IPSEC was up. My solution is a simple rule in firewall:
/ ip firewall filter add action=reject chain=output ipsec-policy=out,none protocol=gre
by eworm
Fri Dec 14, 2018 11:52 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 317
Views: 51901

Re: v6.44beta [testing] is released!

[admin@MikroTik] > :global firmware [ / interface lte firmware-upgrade lte once as-value ]; [admin@Mikrotik] > :put ($firmware->"installed") MikroTik_CP_2.160.000_v010 [admin@MikroTik] > :put ($firmware->"latest") MikroTik_CP_2.160.000_v010 [admin@MikroTik] > :if (($firmware->"installed") != ($firm...
by eworm
Fri Dec 14, 2018 9:47 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1002
Views: 167957

Re: Feature requests

I would love to see the functionality of the Mode button expanded. Specifically, it would be useful to be able to assign different actions taken based on whether the button was pressed once, double-pressed, triple-pressed, or long-pressed. That is possible with scripts. See my RouterOS Scripts (or ...
by eworm
Fri Dec 14, 2018 8:32 am
Forum: Scripting
Topic: Using Wifi or User led to show signal strength
Replies: 3
Views: 486

Re: Using Wifi or User led to show signal strength

[...] : local a [/interface wireless registration-table get value-name=signal-strength [ find where mac-address=00:11:22:33:44:55 ] ] [...] I will test it out, but then you also have to manually find the mac of the link and edit the script. If MAC address changes because it is not always the same c...
by eworm
Fri Dec 14, 2018 1:23 am
Forum: Scripting
Topic: Using Wifi or User led to show signal strength
Replies: 3
Views: 486

Re: Using Wifi or User led to show signal strength

But there are some bugs with it. When I start it with a client connected it runs fine. Stop the client and no more blink. But turn on the client again and i do not get any blink. IF I do run this command it will work again /interface wireless registration-table print stats Never ever use item index...
by eworm
Fri Dec 14, 2018 1:09 am
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature request] conditional dhcp options
Replies: 14
Views: 3703

Re: [Feature request] conditional dhcp options

You define an option set named "legacy", but it is not used anywhere. I do not think this works.
by eworm
Thu Dec 13, 2018 4:50 pm
Forum: General
Topic: POE out of mAP-2N ? passive?
Replies: 4
Views: 218

Re: POE out of mAP-2N ? passive?

Hello ,
when I look at the powering specifications of the mAp-2n , is said:
PoE in 802.3af/at
PoE out Passive PoE

what does is mean?
I mean the poe-out ?

if I have a 12V poe camera ,
can I connect it to it?
Output voltage is the same as input.
by eworm
Thu Dec 13, 2018 3:16 pm
Forum: Scripting
Topic: Sync DNS entries with DHCP leases
Replies: 9
Views: 2522

Re: Sync DNS entries with DHCP leases

Looks interesting, but have some question. The readme file I found only describe how the script update process. Do the DHCP script runs at the DHCP or scheduled? What if you have set a DNS name for a host manual, do it get overwritten? Some scripts need extra documentation... Will look into that wh...
by eworm
Wed Dec 12, 2018 11:14 pm
Forum: Scripting
Topic: Auto upgrade script
Replies: 12
Views: 15201

Re: Auto upgrade script

The script that I use is this one: check-routeros-update on github or cgit Its primary purpose is to notify me about updates, but now that fetch command can put results in variable (Thanks Mikrotik!) I added an auto-upgrade functionality. Only thing required is a http server to give the version. (Th...
by eworm
Wed Dec 12, 2018 10:23 pm
Forum: Scripting
Topic: Sync DNS entries with DHCP leases
Replies: 9
Views: 2522

Re: Sync DNS entries with DHCP leases

I have another one:
dhcp-to-dns on github or cgit.

(This depends on other scripts from the same repository, see README to setup.)
by eworm
Wed Dec 12, 2018 10:12 pm
Forum: Scripting
Topic: How to create a loop to add bridge with pre-defined configuration?
Replies: 4
Views: 310

Re: How to create a loop to add bridge with pre-defined configuration?

Try this:
add name=($brname . $br) comment=($brcomm . $br) ...
by eworm
Wed Dec 12, 2018 10:00 pm
Forum: General
Topic: if else won't run script but run on terminal !
Replies: 17
Views: 537

Re: if else won't run script but run on terminal !

May be this could be change to use default interface name, since I have change mine to some else.
Yes, you need to change that. :wink: As said... Check the condition. :roll: (I did a quick copy and paste on my tablet and missed the changed interface name.)
by eworm
Wed Dec 12, 2018 9:57 pm
Forum: General
Topic: if else won't run script but run on terminal !
Replies: 17
Views: 537

Re: if else won't run script but run on terminal !

Never address items with index! Replace "0" with find command: :if ([/ip route get [ find where gateway=ether1 ] active] = true) do={/lcd interface display ether1} else={/lcd interface display ether7} Check if the condition is correct... Well you can if you print :D That's true... But it is still p...
by eworm
Wed Dec 12, 2018 7:00 pm
Forum: General
Topic: if else won't run script but run on terminal !
Replies: 17
Views: 537

Re: if else won't run script but run on terminal !

Never address items with index! Replace "0" with find command:
:if ([/ip route get [ find where gateway=ether1 ] active] = true) do={/lcd interface display ether1} else={/lcd interface display ether7}
Check if the condition is correct...
by eworm
Mon Dec 10, 2018 12:14 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 31
Views: 7073

Re: Securing your device is important

and keep always-allow-password-login set to no : [admin@mikrotik] > /ip ssh set always-allow-password-login=no Password login is no longer possibly and brute force attack can never succeed. Regarding this, that is not actualy the case. Even with this option set to no (which is by the way already se...