Hi All!
We have multiple mikrotik RouterBoards and a few PC-s with RouterOS installed on it (3.x version mostly).
For now we decided to use RCS (mercurial) to control all configuration files on all our servers (including those with RouterOS). I’m using export at root to get a proper configuration; then first string with date and version cut and finally full export text is stored in regular file on one of our *nix servers. There is a strange things appeared: some settings changed themselfs without any administrator’s action!
See some diff results below (interval is less than one hour):
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
- default enabled=no keepalive-timeout=60 mac-address=FE:A7:01:D3:8E:D2 \
+ default enabled=no keepalive-timeout=60 mac-address=FE:31:CE:44:4E:8E \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/snmp
-set contact="" enabled=no engine-boots=3 engine-id="" location="" \
+set contact="" enabled=no engine-boots=5 engine-id="" location="" \
time-window=0 trap-sink=0.0.0.0 trap-version=1
Does it mean, that we cant use any RCS to safely run services on RouterOS? Maybe there is a solution (ugly) to cut off several strings while parsing export result? Those services are not enabled, but appears in configuration (for what purpose?) anyway. Maybe its possible to switch them off completely?