Archive for the ‘Hardware’ Category
Posted by jpluimers on 2017/10/09
After reading [WayBack] Script job killer – MikroTik RouterOS I put lines like these into a few of my frequently running scripts:
/system script environment get systemScriptJobCountTypeIsCommand
:global systemScriptJobCountTypeIsCommand
:local scriptsOfTypeCommandCount [$systemScriptJobCountTypeIsCommand];
:if ($scriptsOfTypeCommandCount > 4) do={
$outputError value=("$scriptName; too many runnings commands ($scriptsOfTypeCommandCount); bailing out early");
:return -1;
}
They in turn use this underlying function:
:local scriptName "Function.systemScriptJobCountTypeIsCommand.rsc"
/system script environment remove [ find where name="systemScriptJobCountTypeIsCommand" ];
:global systemScriptJobCountTypeIsCommand do={
:local result [:len [/system script job find where type=command]];
# :put "result=$result"
:return $result;
}
## Example:
## /import scripts/Function.systemScriptJobCountTypeIsCommand.rsc
## :put [$systemScriptJobCountTypeIsCommand];
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/09/29
I’ve some Fritz!Box devices on various locations that each provide VoIP access and either ISDN or PSTN lines.
Wouldn’t it be cool to be able to join them together into a virtual PBX?
I’m not sure how it’s possible and what you need for it, so here are some links that should make my future research on this easier:
–jeroen
Posted in Fritz!, Gigaset, Internet, ISDN, LifeHacker, Power User, PSTN, Telephony, VoIP | Leave a Comment »
Posted by jpluimers on 2017/09/27
When logging on a Mikrotik is high-volume, then you need to have either:
- separate logging actions (they end up in logging buffers each having the same name as the action) and logging rules for specific information that you want to retain
- log to file in stead of memory
Since my devices have plenty memory, I made a separate accountAction with a rule sending the topic account to accountAction which I then can query like either of these:
/log print detail where message~"logged"
/log print detail where message~"logged" && buffer=accountAction
Here is the /system logging export condensed result:
/system logging action add name=accountAction target=memory
/system logging add action=accountAction topics=account
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | Leave a Comment »
Posted by jpluimers on 2017/09/21
Interesting piece: Don’t Use Regular Expressions To Parse IP Addresses! [WayBack]
TL;DR:
When have neither then for quad-dotted decimal IPv4 addresses (ignoring for instance octals and grouped quads), this is suitable: regex – Regular expression to match DNS hostname or IP Address? – Stack Overflow [WayBack]
ValidIpAddressRegex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$";
Which explained looks like this:
https://regex101.com/r/Wyr2Zd/1
Regular expression:
/ ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$ / g
Explanation:
^ asserts position at start of the string
- 1st Capturing Group
(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}
{3} Quantifier — Matches exactly 3 times
A repeated capturing group will only capture the last iteration. Put a capturing group around the repeated group to capture all iterations or use a non-capturing group instead if you’re not interested in the data
- 2nd Capturing Group
([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])
- 1st Alternative
[0-9]
- Match a single character present in the list below
[0-9]
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 2nd Alternative
[1-9][0-9]
- Match a single character present in the list below
[1-9]
1-9 a single character in the range between 1 (ASCII 49) and 9 (ASCII 57) (case sensitive)
- Match a single character present in the list below
[0-9]
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 3rd Alternative
1[0-9]{2}
1 matches the character 1 literally (case sensitive)- Match a single character present in the list below
[0-9]{2}
{2} Quantifier — Matches exactly 2 times
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 4th Alternative
2[0-4][0-9]
- 2 matches the character 2 literally (case sensitive)
- Match a single character present in the list below
[0-4]
0-4 a single character in the range between 0 (ASCII 48) and 4 (ASCII 52) (case sensitive)
- Match a single character present in the list below
[0-9]
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 5th Alternative
25[0-5]
25 matches the characters 25 literally (case sensitive)- Match a single character present in the list below
[0-5]
0-5 a single character in the range between 0 (ASCII 48) and 5 (ASCII 53) (case sensitive)
\. matches the character . literally (case sensitive)
- 3rd Capturing Group
([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])
- 1st Alternative
[0-9]
- Match a single character present in the list below
[0-9]
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 2nd Alternative
[1-9][0-9]
- Match a single character present in the list below
[1-9]
1-9 a single character in the range between 1 (ASCII 49) and 9 (ASCII 57) (case sensitive)
- Match a single character present in the list below
[0-9]
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 3rd Alternative
1[0-9]{2}
1 matches the character 1 literally (case sensitive)- Match a single character present in the list below
[0-9]{2}
{2} Quantifier — Matches exactly 2 times
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 4th Alternative
2[0-4][0-9]
2 matches the character 2 literally (case sensitive)- Match a single character present in the list below
[0-4]
0-4 a single character in the range between 0 (ASCII 48) and 4 (ASCII 52) (case sensitive)
- Match a single character present in the list below
[0-9]
0-9 a single character in the range between 0 (ASCII 48) and 9 (ASCII 57) (case sensitive)
- 5th Alternative
25[0-5]
25 matches the characters 25 literally (case sensitive)- Match a single character present in the list below
[0-5]
0-5 a single character in the range between 0 (ASCII 48) and 5 (ASCII 53) (case sensitive)
$ asserts position at the end of the string, or before the line terminator right at the end of the string (if any)- Global pattern flags
g modifier: global. All matches (don’t return after first match)
–jeroen
Posted in *nix, Communications Development, Development, Internet protocol suite, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »
Posted by jpluimers on 2017/09/21
Reminder to self as it would be useful to have these Mikrotik functions in the new function syntax:
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/09/08
Some blacklist filters you can use on Mikrotik RouterOS devices:
You might consider to use these instead of action=drop:
–jeroen
Read the rest of this entry »
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | 2 Comments »
Posted by jpluimers on 2017/09/01
For debugging purposes:
/log print where buffer=memory && (message~"l2tp" || message ~"L2TP"))
This will result in an answer like this:
13:43:59 l2tp,info first L2TP UDP packet received from 93.184.216.34
13:43:59 l2tp,ppp,info,account l2tp-jeroenp logged in, 192.168.73.239
13:43:59 l2tp,ppp,info <l2tp-l2tp-jeroenp>: authenticated
13:43:59 l2tp,ppp,info <l2tp-l2tp-jeroenp>: connecteda
Some links for when you cannot get connections to work:
Before digging deeper, check the output of settings like these:
/system logging add topics=ipsec
/ip ipsec policy group print
/ip ipsec peer print
/ip ipsec remote-peers print
/ip ipsec proposal print
/ip ipsec installed-sa print
It will give you answers like these (note that a Mac OS X 10.9.5 won’t connect with camelia encryption algorithms and not do better hashing than sha1):
> /ip ipsec policy group print
Flags: * - default
# NAME
0 * default
1 pfs-modp1024
> /ip ipsec peer print
Flags: X - disabled, D - dynamic
0 address=0.0.0.0/0 local-address=:: passive=no port=500 auth-method=pre-shared-key secret="someLoooooooongPasssssword" generate-policy=port-override policy-template-group=default exchange-mode=main-l2tp send-initial-contact=yes nat-traversal=yes
hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5
> /ip ipsec remote-peers print
0 local-address=37.153.243.243 port=4500 remote-address=93.184.216.34 port=15390 state=established side=responder established=22m16s
> /ip ipsec proposal print
Flags: X - disabled, * - default
0 * name="default" auth-algorithms=sha1 enc-algorithms=aes-128-cbc lifetime=30m pfs-group=modp1024
> /ip ipsec installed-sa print
Flags: A - AH, E - ESP
0 E spi=0x965F243 src-address=93.184.216.34:15390 dst-address=37.153.243.243:4500 state=mature auth-algorithm=sha1 enc-algorithm=aes-cbc auth-key="7f15b06179d0365cd8b7d8f046201703b2ba93f1" enc-key="ffc56f51397f60002d4bc3d7b95f14ede7eaa542" addtime=oct/17/2016 13:43:58
expires-in=36m34s add-lifetime=48m/1h current-bytes=24928 replay=128
1 E spi=0xE0A95C3 src-address=37.153.243.243:4500 dst-address=93.184.216.34:15390 state=mature auth-algorithm=sha1 enc-algorithm=aes-cbc auth-key="bd936b323131dea53d26791829640471c03154bc" enc-key="cb1a3e3b21d033c39390aa48b7efe64e835fc404" addtime=oct/17/2016 13:43:58
expires-in=36m34s add-lifetime=48m/1h current-bytes=3120 replay=128
In order to switch away from default as Policy Template Group, you will have to:
- add a new
IPSec group (in /ip ipsec policy group)
- add a new
IPSec proposal (in /ip ipsec proposal) with the same PFS group name as the policy group.
- add a new
IPSec policy (in /ip ipsec policy group) with (under General) the same group name as the policy group. *and* (under Action) the same proposal name as the proposal.
Some links on hardening IPSEC with DH algorigthm:
Miscellaneous links:
–jeroen
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
The Wiert Corner - irregular stream of stuff 
