Community discussions

MikroTik App
 
vaizki
newbie
Topic Author
Posts: 25
Joined: Wed Mar 23, 2011 3:44 pm
Location: Finland

new free tier CHR instances refuse login

Mon Jun 22, 2020 10:13 am

So I installed 2x CHR instances in AWS last week and they were working ok. I did not license them yet because it was a proof of concept to demonstrate that this config works.

Now I cannot SSH to the CHRs any more, all logins are refused on both. Tried rebooting one of them but that didn't help...

I thought that the free tier does not require any kind of activation etc and I could run them under that for a week before activating with paid licenses?
Any ideas on whart has caused this and how to recover?
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1130
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 10:22 am

Were they properly firewalled?
 
vaizki
newbie
Topic Author
Posts: 25
Joined: Wed Mar 23, 2011 3:44 pm
Location: Finland

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 11:10 am

Yes, they had very strict access lists both in the CHRs and outside (AWS security groups). Both were updated to latest packages last week during install (because the AMI has old versions)...
 
elbob2002
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 11:34 am

I believe you have to activate them. Once they evaluation period lapses they enter the "free tier"

You won't be able to update them though.

However you should still be able to access them sa I believe if they haven't been activated they revert to a 1Mb limit on the interfaces.
RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1130
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 11:38 am

Free tier does not need any kind of activation or renewal.

Trial mode of any paid tier lasts for 60 days.
And even after that it will still let you log in.

So your problem has nothing to do with CHR licensing.
 
vaizki
newbie
Topic Author
Posts: 25
Joined: Wed Mar 23, 2011 3:44 pm
Location: Finland

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 11:41 am

I did not even start a trial so they were on the free tier all the time. And they still answer SSH, just refuse all my credentials for all users.

Maybe the issue is that I upgraded them without activating a trial? Doesn’t sound very reasonable to have a ”free forever” tier which can’t be upgraded?
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1130
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 12:21 pm

This is not license related.

Try other methods of getting into them - winbox, www - anything else open except ssh?
Any "local" console access from amazon interface?

If you didn't change anything in the configuration lately, then most likely they were compromised.
 
vaizki
newbie
Topic Author
Posts: 25
Joined: Wed Mar 23, 2011 3:44 pm
Location: Finland

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 5:03 pm

Thanks for the info on licensing details.

The reason why I'm so baffled by this is that these 2 instances were:
  • installed on the same day
  • went "bad" pretty much at the same time a week later
  • not connected in any way, the instances were on completely different VPCs and different regions without any interconnection etc
  • were my first CHR installs in AWS and from official Mikrotik AMI
  • did not have anything open to the world in AWS security policies, only pinholes to my management network
  • the first mikrotiks ever to behave like this and I have been running routerboards and CHRs for over 10 years
I guess I need to snapshot the disks and try to make a forensic examination.. but I had not configured logging to disk so probably nothing there.
 
elbob2002
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 7:39 pm

Free tier does not need any kind of activation or renewal.

Trial mode of any paid tier lasts for 60 days.
And even after that it will still let you log in.

So your problem has nothing to do with CHR licensing.
You are wrong. 60 day trial requires an account on Mikrotik.com and you need to login to it using the license settings in RouterOS. Says right there so in the Wiki.

60-day trial

In addition to the limited Free installation, you can also test the increased speed of P1/P10/PU licenses with a 60 trial.

You will have to have an account registered on MikroTik.com. Then you can request the desired license level for trial from your router that will assign your router ID to your account and enable a purchase of the license from your account. All the paid license equivalents are available for trial. A trial period is 60 days from the day of acquisition, after this time passes, your license menu will start to show "Limited upgrades", which means that RouterOS can no longer be upgraded.

If you plan to purchase the selected license, you must do it within 60 days of the trial end date. If your trial ends, and there are no purchases within 2 months after it ended, the device will no longer appear in your MikroTik account. You will have to make a new CHR installation to make a purchase within the required time frame.

To request a trial license, you must run the command "/system license renew" from the CHR device command line. You will be asked for the username and password of your mikrotik.com account.
If you do not activate the trial you will revert to 1Mb per interface. And it says that right there on the wiki also:

The free license level allows CHR to run indefinitely. It is limited to 1Mbps upload per interface. All the rest of the features provided by CHR are available without restrictions. To use this, all you have to do is download disk image file from our download page and create a virtual guest.
RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR
 
User avatar
xvo
Forum Guru
Forum Guru
Posts: 1130
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: new free tier CHR instances refuse login

Mon Jun 22, 2020 9:18 pm

You are wrong. 60 day trial requires an account on Mikrotik.com and you need to login to it using the license settings in RouterOS. Says right there so in the Wiki.
Please show me where I stated the opposite.

Who is online

Users browsing this forum: No registered users and 3 guests