Archive for the ‘Network-and-equipment’ Category
Posted by jpluimers on 2017/06/08
The RouterOS scripting language you can use on Mikrotik device immediately shows it’s origin: the console.
- It is a statement oriented language where statement separators can be both semicolons and new-lines.
- You can use the \ at the end-of the line as line-continuation character effectively spreading statements over multiple lines.
As promised some links to questions I asked:
Some questions by others that were also extremely useful:
- Functions and function parameters – MikroTik RouterOS
new function syntax, much simpler than the old syntax in Functions in CMD Scripts – MikroTik RouterOS that hopefully someone someday will convert to the new syntax.
- Functions and function parameters – MikroTik RouterOS
:typeof can return “nothing”
- Functions and function parameters – MikroTik RouterOS
Fragment that adds all scripts named “Function.*” as :global functions upon system startup.
Declare those functions when you need them, just like in the nested-function example.
- run script from terminal – MikroTik RouterOS
this is in fact very simple:
it also has the benefit that the terminal does tell you on which line and column your script is wrong (Winbox does not show that during execution):
- [Solved] Use of externally defined global variables inside import scripts, – MikroTik RouterOS
It’s better to pass information to functions as parameters (named parameters make code a lot more readable than positional parameters).
- Return IP Octet Function – MikroTik RouterOS
Parses an IP octet and returns either a specific or all octets. More elaborate: Mikrotik Scripting – Function to Split an IP Address into an Array | Paper Street Online
Note you can use bitwise operators on octets.
- How do you clear a global variable? – MikroTik RouterOS
List all global variables using /system script environment
Unset a variable with a play :set variableName
- Array Pop Function – MikroTik RouterOS
- Array Push Function – MikroTik RouterOS
- Basic XML/string parser function – MikroTik RouterOS
Function getBetween(inputString, betweenStart, betweenEnd)
- Using :find command where string is not found – MikroTik RouterOS
:if ([:len [:find "abcd" "x"]] > 0) do={:put "Found";} else={:put "Not Found";};
- Manual:Configuration Management – MikroTik Wiki
When you upload a script over ftp and have it end with auto.rsc, then it is automatically being executed and logged. For instance a file called anything.auto.rsc will have the log written to anything.auto.log.
- I did it! Script to compute UNIX time! – MikroTik RouterOS
- Understanding scripting data types – MikroTik RouterOS
:typeof, nil, nothing, str, :parse vs new-style functions (:parse can be faster!)
- Simple HTTP GET? – MikroTik RouterOS
Some escaping required…
- It is not possible to exit or break a loop statement – MikroTik RouterOS so if you want to break a :for loop early, you have to recode it into a :while loop. You can
:return from a function when inside a loop, but that’s not the same (for instance compare C# break versus return or Delphi break versus exit).
- :for loops are a strange beast so I will elaborate on those in a separate post.
And a few observations:
–jeroen
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | 1 Comment »
Posted by jpluimers on 2017/06/07
When switching my DHCP to a Mikrotik CCR1009, both the AP7920 and AP7921 failed to get IP addresses. The APC7921 would look bounce between waiting and offered states like this:
The cause is the need of DHCP Option 43 (Vendor Class Identifier) specified in RFC2132 – based on [WayBack] RFC 2131 – Dynamic Host Configuration Protocol and [WayBack] RFC 1533 – DHCP Options and BOOTP Vendor Extensions – which I found first via these links:
Read the rest of this entry »
Posted in Development, Internet, MikroTik, Power User, RouterOS, routers, Scripting, Software Development | 3 Comments »
Posted by jpluimers on 2017/06/06
The WAN sides of my Mikrotik CCR1009 are partly behind Fritz!Box routers that do NAT and contain a truckload of port-forwards.
A while ago, I wanted the CCR1009 to do PPTP as Fritz!Box 7360 and 7490: static routes over VPN don’t work (so I could only VPN to the WAN side of the CCR1009). However, it would not pass through the Fritz!Box from the outside.
It appears you need to forward both:
Maybe one day I will ditch the Fritz!Box 7490 and directly hookup the Mikrotik to the NTU: xs4all ftth en Mikrotik router – Google Groups.
But preferably I should follow Don’t use PPTP, and don’t use IPSEC-PSK either (via: CloudCracker blog)
–jeroen
via: VPNs einrichten mit PPTP – administrator.de: Achtung mit PPTP VPN Servern hinter NAT Firewalls !
Forward both PPTP TCP port 1723 and the GRE protocol
Posted in Fritz!, Fritz!Box, Fritz!WLAN, Internet, IPSec, MikroTik, Network-and-equipment, Power User, PPTP, routers, VPN | Leave a Comment »
Posted by jpluimers on 2017/06/05
Interesting:
As I always try to maximize the usage of new hardware I started to explore what is possible with this combination. In this post I will explain how you get access to your FRITZ!Box using ssh.
Source: FRITZ!Box tuning part 1: Enable remote access over ssh [WayBack]
–jeroen
Posted in Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »
Posted by jpluimers on 2017/06/02
Just one example; it applies to virtually all consumer IoT and routers I know: upgrading is hard especially if it’s undocumented on how to keep your configuration.
–jeroen
Posted in Internet, IoT Internet of Things, Power User, routers, TomatoUSB | Leave a Comment »
Posted by jpluimers on 2017/05/11
OS X
Android / Chromebook:
iOS 6:
gsp1.apple.com*.akamaitechnologies.com
iOS 7:
www.appleiphonecell.comwww.airport.us*.apple.com.edgekey.net*.akamaiedge.net*.akamaitechnologies.com
iOS 8/9:
Windows
Amazon Kindle (Fire)
OS X settings are in:
/Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist
--jeroen
via:
Posted in Captive Portal, Communications Development, Development, Hardware, Internet, Internet protocol suite, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »
Posted by jpluimers on 2017/05/09
For hooking up SFP and SFP+ ports on Mikrotik devices you basically have two options:
- Direct Access Cable (passive and affordable for 1 and 2 meters; active and more expensive for more than 3 meters)
- SFP/SFP+ modules with LC-LC optic fiber cable in between them (pairs of modules are more expensive than passive DAC, but the fiber is a lot cheaper)
Choosing the SFP/SFP+ modules is a bit intimidating as the MikroTik SFP module compatibility table – MikroTik Wiki has very few details.
Then I found sfp_all-150601132341.pdf (archived) which lists many of the SFP and SFP+ modules including their specifications.
Since neither the matrix nor the PDF contains links to the products, here is a small list of what I could source last year and is compatible with both the CCR1009 routeres and CRS226 switches:
- DAC allowing for two-way traffic compatible with both SFP and SFP+:
- 10G SFP+ modules (I think they are compatible with SFP as well):
- 1G SFP modules:
–jeroen
via: Connect CCR1009 with CSR226 over a longer distance than 3 meter – MikroTik RouterOS
Posted in Internet, MikroTik, Power User, routers | Leave a Comment »
Posted by jpluimers on 2017/04/25
MikroTik has great hardware, but getting things to work can be a bit ehm intimidating.
So here are some links that were useful getting my CCR1009 and CRS226 configurations to do what I wanted.
- Saving your configuration (two possibilities: binary backup file which only works on the same physical model device, or text based configuration export script that you can import back to any model).
- Choosing ports for WAN and LAN
- Never ever use the domain named .local for your local domain if you have Apple devices in your network:
- Many people like Winbox because they prefer visual configuration. Others like the web or terminal interface better (the terminal is especially useful for scripts)
- Manual:First time startup – MikroTik Wiki (default password for admin is empty; WinBox and web-interface are available on WAN *and* LAN interfaces!)
- One of the first things I did was binding some ports to use LAN and others to use WAN. The LAN ports are in a bridge: Configure one port for WAN and others for LAN – MikroTik RouterOS
- Manual:IP/DHCP Server – MikroTik Wiki and Manual:IP/Pools – MikroTik Wiki
- I had a lot of DHCP entries on my LAN before switching to the MikroTik for which some I wanted to add statically. Couldn’t find out how to do that in the IP pool, but it appeared there is a different way to do it:
- Assign fixed / static IP address via Mikrotik DHCP server
- Notes:
- the MAC address cab be either (:) separated or minus (-) separated. And yes: there is a RegEx for that.
- usually you don’t pass the client-id (it’s here just as an example that you could use it, but most DHCP clients do NOT use a client-ID, as they only use the MAC address)
/ip dhcp-server lease add address=192.168.100.10 mac-address=70:F1:A1:D1:49:49 client-id="client10"
- Manual:IP/DNS – MikroTik Wiki
- If you use the MikroTik as a caching DNS server, then you need to enable “/ip dns set allow-remote-requests=yes”, but also immediately disable DNS TCP and UDP on all your WAN ports. See:
- nslookup on the Mikrotik itself is called
put[: resolv ...] syntax: nslookup on Mikrotik – MikroTik RouterOS
- Examples (first uses the internal DNS, second one one of the Google DNS servers):
put [:resolve shell.xs4all.nl]put [:resolve shell.xs4all.nl 8.8.8.8]put [:resolve 194.109.21.9]
- tolaris.com · Synchronising DHCP and DNS on Mikrotik routers (script available on Github: Tolaris/mikrotik-dns-dhcp).
- Hardening (since my Guest WiFi is outside of the Mikrotik LAN and WAN realm, I’ve left some things open, for instance MAC service is available, but on a limit set of interfaces):
- Manual:Upgrading RouterOS – MikroTik Wiki
- Manual:IP/Route – MikroTik Wiki (if you think routing is a massive topic, read about firewall rules).
- Not sure this is a good idea, but you can get a DDNS address in the sn.mynetname.net domain and VPN to it (for instance using PPTP): Quick Set Home AP — How to use vpn provided? – MikroTik RouterOS
- You need to setup both the clock (date/time) and SNTP in one step:
- Setup SNTP (Winbox) aka NTP (shell):
/system ntp client set enabled=yes server-dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
After a few seconds the Winbox will update the SNTP Client dialog and a few seconds later, the Clock dialog will also update itself.
- Manual:IP/Firewall/NAT – MikroTik Wiki
- I like these ones as they use Winbox:
- Sharing Ideas … Mikrotik with Kannel/playSMS
- Connect CCR1009 with CSR226 over a longer distance than 3 meter – MikroTik RouterOS
- Graphing: ensure you only limit this to IP-addresses that you want graphs to be visible on (0.0.0.0/0 makes it visible to ALL): Manual:Tools/Graphing – MikroTik Wiki
- DNS – MikroTik RouterOS: I would like to have my router to stop all the DNS coming from my clients and not reaching my ISP provider.
- Email sending can now also use the DNS-name of the SMTP server: Why does the email server configuration only allow IP-addresses? – MikroTik RouterOS
- Dynamic DNS Update Script for No-IP DNS for Router OS V.6.7 – MikroTik RouterOS
- Script for Ransomware Tracker by abuse.ch. Tracking Ransomware Infrastructure around the globe. Source: How I fight ransomware (crypto viruses) with Mikrotik – MikroTik RouterOS
/ip firewall mangle add chain=prerouting action=change-ttl new-ttl=increment:1
very simple solution for a traceroute to Hide ip address – MikroTik RouterOS- Using staged address list to perform Bruteforce login prevention – MikroTik Wiki
Very advanced stuff:
- VPN
- VLAN
- DNS Conditional forwarders with Mikrotik RouterOS | Dale Macartney
- Pointing Mikrotik RouterOS hardware logging to a remote Syslog server | Dale Macartney
- trying to setup CRS226-24G-2S+IN, could use some help : mikrotik
- Video: VLANs using the Switching chips do not take the brdige penalty when you can do switching
- Be carful with CRS226 and SFP+ link aggregation
- Vlans on Mikrotik environment – MikroTik Wiki
- Block traffic like WhatsApp.
- API Links – MikroTik RouterOS (in various language, for which I’m most interested in C#, Delphi, Perl and Python.
- Routing from mikrotik two IP addresses to same gateway – Server Fault
- RouterOS – public subnet routed and NAT-ed to internal clients – MikroTik RouterOS
- Known issues and bugs – a list – MikroTik RouterOS
- Tutorials blogs and other helpful RouterOS resources – MikroTik RouterOS
- ethernet ports overrunning – default interface queue (only-hardware-queue) not working well – MikroTik RouterOS
- MAC-Ping is described in Manual:Tools/Ping – MikroTik Wiki but *only* works for MikroTik devices having MAC-Ping Server enabled.
- How to auto-reboot if remote IP down for 5 minutes – MikroTik RouterOS
- ping, traceroute, log files, torch, sniffer, bandwidth tester, profile: Manual:Troubleshooting tools – MikroTik Wiki
- majbthrd/miksms: controlling external devices with Mikrotik RouterOS
- Howto Recover Mikrotik ADMIN account Forgotten Password | Syed Jahanzaib Personal Blog to Share Knowledge !
- Mikrotik script to change PUBLIC ip from available pool | Syed Jahanzaib Personal Blog to Share Knowledge !
- Mikrotik Firewall / Short Notes + Scripts | Syed Jahanzaib Personal Blog to Share Knowledge !
- SIP Poblem with Mikrotik | Syed Jahanzaib Personal Blog to Share Knowledge !
- VPN/PPTP Static Routes Loose gateway when client reconnects | Syed Jahanzaib Personal Blog to Share Knowledge !
Packet flow (maybe the toughest part to wrap your head around):
Scripts:
Load balancing:
Syntax highlighting:
Pictures
Very well written blog:
Manito Network’s Mikrotik solutions blog. In-depth articles on Mikrotik routing, security, best practices, VPN, and more.
Source: Mikrotik — Manito Networks
Solutions for RouterOS-based Mikrotik networks. Includes security and best practices, VPN, routing, switching, and more.
Source: Mikrotik-1 — Manito Networks
–jeroen
Posted in DNS, Internet, IPSec, MikroTik, Network-and-equipment, OpenVPN, Power User, PPTP, routers, VPN | Leave a Comment »
Posted by jpluimers on 2017/03/30
I tried to power both Raspberry B+ and Raspberry 2 B devices via the USB ports of both a Fritz!Box 7490 and Fritz!Box 7360.
At first this works, but the Raspberry B+ devices over time would become unstable: not being able to ping and/or boot.
So below are some links on power requirements and powering Raspberry Pi A, B, A+, B+, 2B and zero.
Fazit/TL;DR: use an external power supply when available.
Read the rest of this entry »
Posted in *nix, Development, Fritz!, Fritz!Box, Hardware Development, Internet, Linux, openSuSE, Power User, Raspberry Pi, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2017/03/13
I hadn’t done a lot with pfSense in the past, which I regret a bit since I discovered this really cool feature: Sniffers, Packet Capture – PFSenseDocs.
The coolness isn’t so much that you can capture packets, but that it’s compatible with tcpdump and Wireshark (which has become available natively for Mac like 2 years ago).
Which means that you can download captures and open them in Wireshark.
So it’s as easy as 1,2,3:
- Set-up the capture on your router https://a.b.c.d/diag_packet_capture.php and start it
- Stop the capture and download the file
- Open the file in Wireshark or convert it to text using tshark
–jeroen
Posted in *nix, *nix-tools, Internet, Monitoring, pfSense, Power User, routers, tcpdump, Wireshark | Leave a Comment »
The Wiert Corner - irregular stream of stuff 