MikroTik

eworm

Hello everybody, I do use a linux server for remote logging. For some time I ran a rsyslog instance that listened for syslog messages on UDP port 514 and redirected them to systemd's journald. But the syslog implementations are bloated and complex for a simple task like this - especially if you do n...

eworm

Simply use cc... That accepts several receipients.

/tool e-mail send \
to=abc@mycompany.com \
cc=michael.manns@gmail.com,another@gmail.com \
from=KCMT@foresitewireless.com \
 subject=("Room 206 AP is down")

eworm

Probably when 6.44 is ready... Nobody will give you a date for that.

eworm

You can make the devices act on multiple mode button presses. Have a looks at mode-button-event and mode-button-scheduler. For these to function you need other scripts from routeros-scripts.

eworm

The peer certificate is issued from a CA on your device, that only accepts trusted certificates it issued itself.

eworm

I think your problem is that you have two peers, and only the first is matched. Try:

/ip ipsec peer remove [ find where remote-certificate=client1 ];
/ip ipsec peer set remote-certificate="" [ find ];

eworm

Hello everybody, I have an IPSEC/IKEv2 VPN in transport mode, GRE interfaces connect to the IPSEC addresses. The real data goes through the GRE interfaces. Currently the server runs a script to update the GRE interfaces' remote addresses, according to the client addresses assigned by mode-config. Is...

eworm

It does work from script, but I just realized it fails when started from scheduler. No idea what's wrong, no logs on either side.

eworm

Both to one variable?

:global DateTime ([ / system clock get date ] . " " . [ / system clock get time ]);

If you want each in one varaiable:

:global Date [ / system clock get date ];
:global Time [ / system clock get time ];

eworm

Import private and public key on Router A: /user ssh-keys private import private-key-file=id_rsa public-key-file=id_rsa.pub Then import public key on Router B: /user ssh-keys import user=admin public-key-file=id_rsa.pub Then ssh from Router A to Router B: /system ssh address=10.0.0.1 user=admin com...

eworm

Import private and public key on Router A: /user ssh-keys private import private-key-file=id_rsa public-key-file=id_rsa.pub Then import public key on Router B: /user ssh-keys import user=admin public-key-file=id_rsa.pub Then ssh from Router A to Router B: /system ssh address=10.0.0.1 user=admin comm...

eworm

:put ([ / interface lte info [ :pick [ find ] 0 ] once as-value ]->"uicc")

eworm

/system health print file=file.txt

eworm

This works:

/system script environment { :global A 10; remove "A"; :global A 20; print; remove [ find where name="A" ]; }

I do not have an explanation, though.

eworm

Try a power cycle on the port:

/ interface ethernet poe etherX power-cycle

eworm

Currently only DSA and RSA keys are supported. I would like to see support for ed25519 keys as well... BTW, RSA is supported since RouterOS 6.31 and has been added after OpenSSH deprecated DSA in a way that you had to specify extra options to connect. Let's hope we do not need a similar event for ed...

eworm

Oh, I did misread (or understand at all) this post.
Did not get that he wants to contact a user specifically. So sorry and good luck.

eworm

This creates empty array and adds a value:

:local array [ :toarray "" ];
:set array ( $array, $newvalue );

Just repeat for more values.

eworm

Currently EAP authentication as initiator is not possible for IKEv2.
viewtopic.php?p=650295

eworm

How to write posts.

eworm

I just checked and it is not going to happen till ROS 7.

viewtopic.php?p=650295

Thanks for the link, msatter! In short: currently EAP authentication as initiator is not possible for IKEv2. So the website is right, no-go with Mikrotik.

eworm

IKEv2/IPSEC is supported by NordVPN: https://nordvpn.com/de/tutorials/windows-10/ikev2/ This is a tutorial for Windows 10, but it does not matter for the supported protocol and RouterOS does support IKEv2/IPSEC. So still: What's the issue? Just ignore what they say is not supported, probably they di...

eworm

Then what's the issue with NordVPN and IKEv2/IPSEC?

eworm

Well, IKEv2/IPSEC should do the trick. I do not have a NordVpn account, so can not verify.

eworm

You should not (never ever!) use any print and index in your scripts. Things will break badly if items are numbered different for what ever reason. Instead of this bad code: /int bridge port print remove 4,5 You should use something like this: /int bridge port remove [ find where interface=wlan1 ] r...

eworm

If anybody from MikroTik is reading this I would make a sugestion that I can somehow disable fetch tool log messages. I wrote a simple script for fetching public IP address for updating No-ip address, and it works OK, but now I have log flooded with fetch messages. You can get rid of this. If you d...

eworm

I've been waiting for that christmas tree. Thanks a lot for bringing it back!

eworm

This is a nice feature, but it has one weakness: You have to remove the backup before uploading a new one. In case the removal succeeds but the upload fails you do not have a backup at all (at least in cloud). So you should consider to either provide two upload slots, so one backup can be removed wh...

eworm

What do you mean with lost package? Did you actually lose wireless package under System/Packages menu or wireless interface did not work properly? The wireless package did no longer show under System/Package, had to copy the npk file manually to recover. Tried to reproduce with a mAP lite that has ...

eworm

set frequency-mode to regulatory-domain That works, thanks! Can this be the cause for my trouble with wireless package? *) package - use bundled package by default if standalone packages are installed as well; what set of packages did you have? and what did you use to upgrade? Ah, right, that could...

eworm

Normis ... How to know if you are using the old cloud or the new one ??? Is there any way to know it ???

Up to RouterOS 6.42.x: old cloud
RouterOS 6.43 and later: new cloud

eworm

set frequency-mode to regulatory-domain

That works, thanks! Can this be the cause for my trouble with wireless package?

eworm

Updated wAP LTE to version 6.44beta50 and lost the wireless package. :-/ The LTE connection was really weak, though - no idea if that caused the issue. After restoring my settings I can not set the country for my interface: [admin@MikroTik] /interface wireless> set country=germany wlan1 failure: on...

eworm

Updated wAP LTE to version 6.44beta50 and lost the wireless package. :-/
The LTE connection was really weak, though - no idea if that caused the issue.

eworm

Und another note... In your current situation removing stale connection may help:

/ ip firewall connection remove [ find where protocol=gre ]

eworm

I use GRE over IPSEC. For me this happened when one side had stale connection in tracking before IPSEC was up. My solution is a simple rule in firewall:

/ ip firewall filter add action=reject chain=output ipsec-policy=out,none protocol=gre

eworm

[admin@MikroTik] > :global firmware [ / interface lte firmware-upgrade lte once as-value ]; [admin@Mikrotik] > :put ($firmware->"installed") MikroTik_CP_2.160.000_v010 [admin@MikroTik] > :put ($firmware->"latest") MikroTik_CP_2.160.000_v010 [admin@MikroTik] > :if (($firmware->"installed") != ($firm...

eworm

I would love to see the functionality of the Mode button expanded. Specifically, it would be useful to be able to assign different actions taken based on whether the button was pressed once, double-pressed, triple-pressed, or long-pressed. That is possible with scripts. See my RouterOS Scripts (or ...

eworm

[...] : local a [/interface wireless registration-table get value-name=signal-strength [ find where mac-address=00:11:22:33:44:55 ] ] [...] I will test it out, but then you also have to manually find the mac of the link and edit the script. If MAC address changes because it is not always the same c...

eworm

But there are some bugs with it. When I start it with a client connected it runs fine. Stop the client and no more blink. But turn on the client again and i do not get any blink. IF I do run this command it will work again /interface wireless registration-table print stats Never ever use item index...

eworm

You define an option set named "legacy", but it is not used anywhere. I do not think this works.

eworm

Hello ,
when I look at the powering specifications of the mAp-2n , is said:
PoE in 802.3af/at
PoE out Passive PoE

what does is mean?
I mean the poe-out ?

if I have a 12V poe camera ,
can I connect it to it?

Output voltage is the same as input.

eworm

Looks interesting, but have some question. The readme file I found only describe how the script update process. Do the DHCP script runs at the DHCP or scheduled? What if you have set a DNS name for a host manual, do it get overwritten? Some scripts need extra documentation... Will look into that wh...

eworm

The script that I use is this one: check-routeros-update on github or cgit Its primary purpose is to notify me about updates, but now that fetch command can put results in variable (Thanks Mikrotik!) I added an auto-upgrade functionality. Only thing required is a http server to give the version. (Th...

eworm

I have another one:
dhcp-to-dns on github or cgit.

(This depends on other scripts from the same repository, see README to setup.)

eworm

Try this:

add name=($brname . $br) comment=($brcomm . $br) ...

eworm

May be this could be change to use default interface name, since I have change mine to some else.

Yes, you need to change that.

As said... Check the condition.

(I did a quick copy and paste on my tablet and missed the changed interface name.)

eworm

Never address items with index! Replace "0" with find command: :if ([/ip route get [ find where gateway=ether1 ] active] = true) do={/lcd interface display ether1} else={/lcd interface display ether7} Check if the condition is correct... Well you can if you print :D That's true... But it is still p...

eworm

Never address items with index! Replace "0" with find command:

:if ([/ip route get [ find where gateway=ether1 ] active] = true) do={/lcd interface display ether1} else={/lcd interface display ether7}

Check if the condition is correct...

eworm

and keep always-allow-password-login set to no : [admin@mikrotik] > /ip ssh set always-allow-password-login=no Password login is no longer possibly and brute force attack can never succeed. Regarding this, that is not actualy the case. Even with this option set to no (which is by the way already se...

Search found 220 matches