Community discussions

Search found 253 matches

by eworm
Fri Mar 22, 2019 5:21 pm
Forum: General
Topic: How do you use ssh agent forwarding on the routeros ssh client?
Replies: 9
Views: 571

Re: How do you use ssh agent forwarding on the routeros ssh client?

You can use your Mikrotik devices as Jumphost. Just search for this keyword for details.

Example for openssh command line client:
ssh -J Mikrotik-A Mikrotik-B
You can use a chain with more than one jumphost.
by eworm
Fri Mar 22, 2019 4:29 pm
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 28
Views: 4832

Re: v6.43.13 [long-term] is released!

I have a 450G and a 750Gr3 that have had this error since upgrading: "backup,critical error creating backup file: could not read all configuration files" It happens with both encrypted and unencrypted backups; both were upgraded from 6.42.12. My 951G that was upgraded from 6.43.12 does not have thi...
by eworm
Fri Mar 22, 2019 10:09 am
Forum: General
Topic: Importing a pem certificat
Replies: 2
Views: 655

Re: Importing a pem certificat

RouterOS can not store just keys, it stores certificates and adds the key when available. This is what happens if you import client.pem: Private key -> no matching certificate -> ignored Certificate -> imported Certificate -> imported Then on second import: Private key -> matching certificate found ...
by eworm
Thu Mar 21, 2019 12:42 am
Forum: General
Topic: sms to email forwarding
Replies: 3
Views: 204

Re: sms to email forwarding

Use my script sms-forwarding. You need to set up some more scripts, read the instructions.
by eworm
Sun Mar 10, 2019 9:40 pm
Forum: Scripting
Topic: 'find' command returns nothing
Replies: 1
Views: 71

Re: 'find' command returns nothing

'find' is not supposed to print anything, it returns information other commands can use, something like:
/ ip address remove [ find where interface="etherX" ]
... will remove all ip addresses from interface "etherX".
by eworm
Sat Mar 09, 2019 11:03 pm
Forum: General
Topic: How to force Mikrotik to recognize imported private key?
Replies: 1
Views: 116

Re: How to force Mikrotik to recognize imported private key?

I know that I can generate a CA and the rest on the Mikrotik. But, signing takes 3-5 minutes, which is horrible. If I create the same certificate + key with OpenSSL and import it, Mikrotik is not able to see the private key. I have only AT flags, no 'K'? Why is that happening? This works without is...
by eworm
Sat Mar 09, 2019 10:57 pm
Forum: General
Topic: Script doesn't run [SOLVED]
Replies: 1
Views: 153

Re: Script doesn't run [SOLVED]

Hi, Annotation 2019-03-08 193039.jpg I try to run above scrip to more my cloud backup but it doesn't work at all while I can run the same script in CLI is work perfectly. What I am wrong here? You numeric index is invalid without print. Use this if you want to get rid of cloud backup in any situati...
by eworm
Fri Mar 08, 2019 7:22 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

Interface for new PWR line adapter comming next months. hAP mini & hAP lite has it. Basicly power the device and transfer data via microusb port. Also the mAP Lite 2nd (at least mine, revision r2. I'm not sure about older ones) This requires the new hardware, old mAP lite can not get this from soft...
by eworm
Fri Mar 01, 2019 1:09 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

*) gps - increase precision for dd format; Hi, could it be that the calculation from dms-format to dd-format is incorrect ? For example: in winbox/system/GPS-GUI I switch between dms and dd format. In dms I get 49 29' 6.954' when I switch to dd I get 49.004852 in my calculation it should be 49.4852...
by eworm
Thu Feb 28, 2019 9:32 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

Hi, Didn't understand this topic (how it works): *) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only); Tried to update WAP-LTE with CLI - it shows that exist new firmware - enter "upgrade" / interface lte firmware-upgrade lte1 installed: MikroTik_CP_2.160.000_v008 ...
by eworm
Wed Feb 27, 2019 10:47 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

Upgraded a RB851G (both RouterOS and RouterBOOT) from 6.42.12 today. I get errors every time I try to save a backup file (both local and cloud, same error). [admin@xxxx] > /system backup save Saving system configuration Configuration backup saved 08:54:42 echo: backup,critical error creating backup...
by eworm
Tue Feb 26, 2019 2:02 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 26409

Re: v6.44 [stable] is released!

Upgraded a RB851G (both RouterOS and RouterBOOT) from 6.42.12 today. I get errors every time I try to save a backup file (both local and cloud, same error). [admin@xxxx] > /system backup save Saving system configuration Configuration backup saved 08:54:42 echo: backup,critical error creating backup...
by eworm
Thu Feb 21, 2019 7:14 pm
Forum: Scripting
Topic: Script job killer
Replies: 7
Views: 3314

Re: Script job killer

Inside foreach you must check the script name to prevent killing himself: :if ([/system script job get $id value-name=script] != "myscriptname") do={ <killing instructions> }; Even easier: :foreach id in=[ / system script job find where script!="myscript" ] do={ / system script job remove $id; } Or...
by eworm
Wed Feb 20, 2019 10:27 pm
Forum: General
Topic: Issue with on-down in ppp profiles
Replies: 3
Views: 297

Re: Issue with on-down in ppp profiles

I've never cleared my connection table... What are your "specific situations"?
by eworm
Tue Feb 19, 2019 2:10 pm
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 10217

Re: v6.44rc [testing] is released!

On ltap, the gps gives back wrong coordinates for me. After a downgrade to stable, i see the right coordinates. How do you know which one is right? Give an example please Probably he knows the coordinates the device is located. Something about wrong coordinates has been reported for 6.44beta75: htt...
by eworm
Tue Feb 19, 2019 12:40 pm
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 10217

Re: v6.44rc [testing] is released!

Upgrading from stable to testing I have allow-none-crypto enabled : /ip ssh set allow-none-crypto=yes strong-crypto=yes I think this should default to disabled . If you want to keep the former behavior please consider setting it to disabled if strong-crypto has been enabled before. I am certain some...
by eworm
Fri Feb 15, 2019 10:41 pm
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 10217

Re: v6.44rc [testing] is released!

With this upgrade I lost the wireless package on wAP LTE, again. The files were downloaded via weak LTE connection.
Reported this before for the update to 6.44beta50: viewtopic.php?f=21&t=139057&start=250#p703960
by eworm
Thu Feb 14, 2019 4:56 pm
Forum: Announcements
Topic: v6.43.12 [stable] is released!
Replies: 49
Views: 9365

Re: v6.43.12 [stable] is released!

The script in the PPP profile is not executed!

Code: Select all

ping interface=$interface address=8.8.8.8 interval=00:00:05
That's not version specific. Anyway... Use:
ping interface=[ / interface get $interface name ] address=8.8.8.8 interval=00:00:05
by eworm
Wed Feb 13, 2019 11:30 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request - DNSCrypt support...
Replies: 138
Views: 34881

Re: Feature request - DNSCrypt support...

At FOSDEM 2019 Daniel Stenberg (the maintainer of curl) had a talk about DNS over HTTPS - the good, the bad and the ugly. Very interesting topic and he scheds some light on DoT, DNScrypt, DNSsec & Co as well.

IMHO DoH is the way to go.
by eworm
Thu Feb 07, 2019 9:57 am
Forum: Announcements
Topic: v6.43.11 [stable] is released!
Replies: 79
Views: 9328

Re: v6.43.11 [stable] is released!

Anyone noticed interface connectivity issue after upgrade? [...]
I saw this on a device that had internet detection enabled. Try this:
/ interface detect-internet set detect-interface-list=none;
by eworm
Wed Feb 06, 2019 4:26 pm
Forum: Announcements
Topic: v6.43.11 [stable] is released!
Replies: 79
Views: 9328

Re: v6.43.11 [stable] is released!

*) wireless - improved antenna gain setting for devices with built in antennas;
How is this handled with capsman?
by eworm
Tue Feb 05, 2019 4:01 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 71171

Re: v6.44beta [testing] is released!

Would it be possible (during the rework of the IPsec code) to also add a phase1 "on up" and "on down" script? (that receives parameters like the remote-id, remote-IP etc) This script could then add/delete phase2 settings e.g. a GRE tunnel. Yes, please! Hooking a script would be much appreciated. Cu...
by eworm
Thu Jan 24, 2019 10:21 pm
Forum: Scripting
Topic: script that warned me by email that a user has been added to my DHCP server
Replies: 5
Views: 1398

Re: script that warned me by email that a user has been added to my DHCP server

Do your own devices have static leases? If no...
/ ip dhcp-server lease make-static [ find where dynamic ]
Then replace
:if ($leaseBound = 1) do={
with
:if ($leaseBound = 1 && [ get [ find where mac-address=$leaseActMAC ] dynamic ] = true) do={
by eworm
Tue Jan 22, 2019 7:14 pm
Forum: Scripting
Topic: Subtract from get given IP
Replies: 1
Views: 183

Re: Subtract from get given IP

Hi, i have this problem: /global IP [/ip neighbor get number=0 address]; :set "$IP" ($IP-1); Script Error: cannot substract string from time interval But it work if i set IP variable manually, there is a way to subtract an ip address given by print or get command? Thanks How about this? :global IP ...
by eworm
Mon Jan 21, 2019 10:34 pm
Forum: General
Topic: ipsec error: peer's ID mismatched with ASN1 SubjectName
Replies: 12
Views: 491

Re: ipsec error: peer's ID mismatched with ASN1 SubjectName

And another mismatch...
* main router -> certificate "server-2019" -> ca "ca-2019"
* remote router -> certificate "client" -> "ca2019" (note the missing dash, this is a completly different CA!)

You really should clean up and control your mess.
by eworm
Mon Jan 21, 2019 10:27 pm
Forum: General
Topic: ipsec error: peer's ID mismatched with ASN1 SubjectName
Replies: 12
Views: 491

Re: ipsec error: peer's ID mismatched with ASN1 SubjectName

Perhaps you should clean it up to get it working.

If I get the bits right the settings still do not match:
* For main router: peer 0.0.0.0/0 -> profile_4 -> dh-group=none
* For remote router: peer 1.1.1.1/32 -> profile_2 -> dh-group=modp1024

And you still have "remote-certificate=" set...
by eworm
Mon Jan 21, 2019 6:17 pm
Forum: General
Topic: ipsec error: peer's ID mismatched with ASN1 SubjectName
Replies: 12
Views: 491

Re: ipsec error: peer's ID mismatched with ASN1 SubjectName

Your proposal setting do not match... One has "pfs-group=none", the other "pfs-group=modp1024".

If this still does not work please give config from both sides with:
/ ip ipsec export hide-sensitive
And show detailed infos about certificates with:
/ certificate print detail
by eworm
Mon Jan 21, 2019 12:06 am
Forum: General
Topic: ipsec error: peer's ID mismatched with ASN1 SubjectName
Replies: 12
Views: 491

Re: ipsec error: peer's ID mismatched with ASN1 SubjectName

You should be more specific about configuration and certificates.

Wild guess: You did not mix certificates from old and new CA, no?
by eworm
Sun Jan 20, 2019 11:18 pm
Forum: General
Topic: ipsec error: peer's ID mismatched with ASN1 SubjectName
Replies: 12
Views: 491

Re: ipsec error: peer's ID mismatched with ASN1 SubjectName

The code snippet is from your main router, no? It will accept only one client, the one with certificate "client-2019", everything else is rejected. To fix:
/ ip ipsec peer set remote-certificate=none [ find ]
by eworm
Sun Jan 20, 2019 9:57 pm
Forum: General
Topic: 2 parallel IPsec IKEv2 tunnels to CHR server
Replies: 3
Views: 492

Re: 2 parallel IPsec IKEv2 tunnels to CHR server

Without detailed information and configuration it is hard to tell. Guess into the blue: Your road worriors have different certificates, no? Using the same certificate will make the first being kicked when the second connects. Your central router does need just one public address for multiple clients...
by eworm
Fri Jan 18, 2019 2:35 pm
Forum: Scripting
Topic: DHCP logic to work with PXE
Replies: 1
Views: 169

Re: DHCP logic to work with PXE

This has been requested several time. I think it is still not possible:

viewtopic.php?t=95674
viewtopic.php?t=89883
by eworm
Fri Jan 18, 2019 12:16 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 71171

Re: v6.44beta [testing] is released!

!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only); [admin@MikroTik] /system backup cloud> print -- connecting Server error: Backend error. Try again later. Breakage in version or issue with servers? Edit: Works again, was a server issue. *) console - updated cop...
by eworm
Thu Jan 17, 2019 6:30 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 71171

Re: v6.44beta [testing] is released!

I am running testing versions on my wAP with R11e-LTE. Recently the lte interface does not reliably connect after boot, I have to reboot the device then. This worked pretty well before, so I am sure this is a regression from beta50 to beta54.
by eworm
Tue Jan 15, 2019 5:41 pm
Forum: General
Topic: remote logging to systemd journal
Replies: 0
Views: 174

remote logging to systemd journal

Hello everybody, I do use a linux server for remote logging. For some time I ran a rsyslog instance that listened for syslog messages on UDP port 514 and redirected them to systemd's journald. But the syslog implementations are bloated and complex for a simple task like this - especially if you do n...
by eworm
Mon Jan 14, 2019 9:59 am
Forum: Scripting
Topic: netwatch script compose email to multiple recipients?
Replies: 7
Views: 8239

Re: netwatch script compose email to multiple recipients?

Simply use cc... That accepts several receipients.
/tool e-mail send \
to=abc@mycompany.com \
cc=michael.manns@gmail.com,another@gmail.com \
from=KCMT@foresitewireless.com \
 subject=("Room 206 AP is down")
by eworm
Fri Jan 11, 2019 6:28 pm
Forum: General
Topic: LTE Modem Firmware upgrade
Replies: 1
Views: 291

Re: LTE Modem Firmware upgrade

Probably when 6.44 is ready... Nobody will give you a date for that.
by eworm
Fri Jan 11, 2019 1:15 am
Forum: RouterBOARD hardware
Topic: Which RB devices are upgraded to have USR LED and MODE button?
Replies: 3
Views: 321

Re: Which RB devices are upgraded to have USR LED and MODE button?

You can make the devices act on multiple mode button presses. Have a looks at mode-button-event and mode-button-scheduler. For these to function you need other scripts from routeros-scripts.
by eworm
Tue Jan 08, 2019 2:28 pm
Forum: General
Topic: IKEv2 multiple clients [SOLVED]
Replies: 7
Views: 651

Re: IKEv2 multiple clients [SOLVED]

The peer certificate is issued from a CA on your device, that only accepts trusted certificates it issued itself.
by eworm
Tue Jan 08, 2019 2:07 pm
Forum: General
Topic: IKEv2 multiple clients [SOLVED]
Replies: 7
Views: 651

Re: IKEv2 multiple clients [SOLVED]

I think your problem is that you have two peers, and only the first is matched. Try:
/ip ipsec peer remove [ find where remote-certificate=client1 ];
/ip ipsec peer set remote-certificate="" [ find ];
by eworm
Tue Jan 08, 2019 11:00 am
Forum: General
Topic: IPSEC/IKEv2, mode-config and changing ip addresses
Replies: 0
Views: 206

IPSEC/IKEv2, mode-config and changing ip addresses

Hello everybody, I have an IPSEC/IKEv2 VPN in transport mode, GRE interfaces connect to the IPSEC addresses. The real data goes through the GRE interfaces. Currently the server runs a script to update the GRE interfaces' remote addresses, according to the client addresses assigned by mode-config. Is...
by eworm
Sun Jan 06, 2019 11:39 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request (SCRIPTING)
Replies: 6
Views: 558

Re: Feature request (SCRIPTING)

It does work from script, but I just realized it fails when started from scheduler. No idea what's wrong, no logs on either side.
by eworm
Sun Jan 06, 2019 10:58 pm
Forum: General
Topic: How to get current system date and time to a variable ?
Replies: 1
Views: 224

Re: How to get current system date and time to a variable ?

Both to one variable?
:global DateTime ([ / system clock get date ] . " " . [ / system clock get time ]);
If you want each in one varaiable:
:global Date [ / system clock get date ];
:global Time [ / system clock get time ];
by eworm
Sun Jan 06, 2019 6:19 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request (SCRIPTING)
Replies: 6
Views: 558

Re: Feature request (SCRIPTING)

Import private and public key on Router A: /user ssh-keys private import private-key-file=id_rsa public-key-file=id_rsa.pub Then import public key on Router B: /user ssh-keys import user=admin public-key-file=id_rsa.pub Then ssh from Router A to Router B: /system ssh address=10.0.0.1 user=admin com...
by eworm
Fri Jan 04, 2019 7:20 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request (SCRIPTING)
Replies: 6
Views: 558

Re: Feature request (SCRIPTING)

Import private and public key on Router A: /user ssh-keys private import private-key-file=id_rsa public-key-file=id_rsa.pub Then import public key on Router B: /user ssh-keys import user=admin public-key-file=id_rsa.pub Then ssh from Router A to Router B: /system ssh address=10.0.0.1 user=admin comm...
by eworm
Fri Jan 04, 2019 12:15 pm
Forum: RouterBOARD hardware
Topic: HOW TO GET SIM CARD NUMBER
Replies: 6
Views: 585

Re: HOW TO GET SIM CARD NUMBER

:put ([ / interface lte info [ :pick [ find ] 0 ] once as-value ]->"uicc")
by eworm
Thu Jan 03, 2019 2:31 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 28180

Re: v6.43.8 [stable] is released!

This works:
/system script environment { :global A 10; remove "A"; :global A 20; print; remove [ find where name="A" ]; }
I do not have an explanation, though.
by eworm
Thu Jan 03, 2019 1:03 am
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM POE Problems
Replies: 5
Views: 649

Re: CRS328-24P-4S+RM POE Problems

Try a power cycle on the port:
/ interface ethernet poe etherX power-cycle
by eworm
Wed Jan 02, 2019 12:21 am
Forum: General
Topic: RouterOS 6.34.4 cannot import ed25519 ssh public keys.
Replies: 2
Views: 334

Re: RouterOS 6.34.4 cannot import ed25519 ssh public keys.

Currently only DSA and RSA keys are supported. I would like to see support for ed25519 keys as well... BTW, RSA is supported since RouterOS 6.31 and has been added after OpenSSH deprecated DSA in a way that you had to specify extra options to connect. Let's hope we do not need a similar event for ed...
by eworm
Tue Jan 01, 2019 4:18 pm
Forum: General
Topic: ZeroByte can you help
Replies: 4
Views: 496

Re: ZeroByte can you help

Oh, I did misread (or understand at all) this post.
Did not get that he wants to contact a user specifically. So sorry and good luck.