Category: How To

MikroTik Tutorial: How to enable DNS over HTTPS (DoH)

MikroTik Tutorial: How to enable DNS over HTTPS (DoH)

In this MikroTik Tutorial I will show you how to configure DNS over HTTPS on your MikroTik router using either Cloudflare DNS servers or Google DNS servers.

The latest stable version of RouterOS 6.47 adds support for DNS over HTTPS or DoH. DoH is a protocol for performing remote DNS over HTTPS protocol. It is similar to DoT (DNS over TLS) but not exactly the same.

DNS Queries over HTTPS (DoH) is an accept IETF standard RFC8484.

Read More Read More

MikroTik Tutorial: How to recover RouterOS passwords from a backup file

MikroTik Tutorial: How to recover RouterOS passwords from a backup file

These steps will help you recover a forgotten password from an unencrypted RouterOS backup file. To complete these step we will use a python tool called RouterOS-Backup-Tools written by Lorenzo Santina (BigNerd95). I have included steps specific to Windows and Linux which vary slightly.

Read More Read More

MikroTik Tutorial: show mac address table

MikroTik Tutorial: show mac address table

Here are the commands to show the mac address table on a MikroTik Router. In addition to using the command line to show the mac address table, this tutorial I will also show you how to search for a specific MAC address and filter the table to show mac addresses learned through a specific port. There are actually several commands that you should know, depending on how your router is configured.

Read More Read More

The Perfect MikroTik Config Restore Script

The Perfect MikroTik Config Restore Script

Restoring config files on MikroTik routers have always been a pain. I set out to make the perfect config restore script for MikroTik routers.

Have your every tried to paste configuration commands into a MikroTik router? Yeah, it doesn’t work. As soon as the script adds an interface to a bridge or changes an IP you get disconnected and the rest of the script lines fail to restore.

Using the ‘run after reset‘ method is really the best way to restore a MikroTik router’s configuration but it has its own little caveats like editing the script first and adding a :delay 15s; line at the top.

After reboot, there is no clear indication if the import was successful or failed. While troubleshooting an error riddled backup I had the idea of introducing an audible beep before and after the import process. This lead me to develop this script.

Read More Read More

MikroTik Script: Router Rebooted Script

MikroTik Script: Router Rebooted Script

This is a useful little RouterOS script that will email you a nice report when your router reboots. The emailed report contains recent critical log events that may point you to the cause for the reboot. ie “router was rebooted without proper shutdown” or “out of memory condition was detected”.

Read More Read More

How to convert 48V PoE to 24V PoE

How to convert 48V PoE to 24V PoE

48V PoE (Power over Ethernet) is also known as 802.3af and 802.3at (PoE+) is the most common voltage. Some devices from manufacturers like Ubiquiti require 24V PoE.  In this article I will highlight some of the inexpensive devices that you can use to convert 48V PoE to 24V PoE as well as

Read More Read More

ffmpeg: AMD & NVIDIA hardware video encoding (h264, h265)

ffmpeg: AMD & NVIDIA hardware video encoding (h264, h265)

I recently needed to export some video from an Enterprise Video Surveillance system. The system will only export mjpeg avi videos, which are huge files. I ended up using ffmpeg to encode these videos into h.264 mp4 files. I performed the video encoding on a machine with an AMD GPU. This article documents some of the ffmpeg command line switches require to perform hardware video encoding on both NVIDIA and AMD GPUs.

Read More Read More

MikroTik Tutorial: Firewall ruleset for IPsec whitelisting

MikroTik Tutorial: Firewall ruleset for IPsec whitelisting

This article will show you how to setup a firewall whitelist for IPsec peer associations on a MikorTik router. The firewall ruleset will make use of address-lists to allow UDP 500 traffic only from trusted networks.

The address list for trusted networks will be called ipsec-trusted-nets and all other hosts that attempt IPsec traffic will be added to the list ipsec-uninvited.

Read More Read More

Custom Device Labels in “The Dude” nms

Custom Device Labels in “The Dude” nms

The Dude is a powerful network monitoring server from MikroTik. The majority of people I see only use it to monitor their MikroTik routers and wireless devices. In this article I will introduce you to a variety of ways I use The Dude to query SNMP values from many different types of devices.

Out of the box, The Dude will sometimes (if SNMP credentials are correct) display CPU load, memory and disk usage for monitored devices. This data is presented in the device’s label. The following screenshot illustrates how to edit the label.

Read More Read More

MikroTik Script: Authentication Logging w/ Email Reports

MikroTik Script: Authentication Logging w/ Email Reports

In this article I will show you how to configure a separate log file on a MikroTik router that will only contain authentication log entries.  The log file will contain log entries for winbox, webfig, ssh, telnet, ftp as well as VPN user authentications.  Additionally,  we will configure a scheduled script to email this log file to ourselves daily.

Read More Read More

How to configure a MikroTik IKEv2 VPN (RouterOS v6) & connect iOS devices (iPhone/iPad)

How to configure a MikroTik IKEv2 VPN (RouterOS v6) & connect iOS devices (iPhone/iPad)

This tutorial is based on RouterOS v6, this configuration does not work on RouterOS v7

So you want a better Remote Access VPN option for MikroTik?

Lets look at what it takes to setup a IKEv2 VPN that works with iOS Devices.

Read More Read More

MikroTik Router as a SCADA Serial Server

MikroTik Router as a SCADA Serial Server

A large number of MikroTik Router models have a serial port that can be used to configure the device. The serial port can also be configured as an IP-based serial server. This is article I will show you how to configure a MikroTik Router to all TCP connects that get mapped to a serial connected SCADA device.

Historically, a dedicated hardware serial server such as the Lantronix EDS2100 would be deployed to connect a SCADA control to the network. At most of these sites, we already have a MikroTik router in the enclosure that provides backhaul IP networking and traffic encryption. By utilizing the existing MikroTik Router as a serial server we can eliminate the dedicated serial server. One caveat to the approach is that the Router only has one serial port so if the SCADA control device requires multiple serial ports we still install a dedicated serial server.

Read More Read More