Tag: RouterOS

MikroTik Tutorial: How to enable DNS over HTTPS (DoH)

MikroTik Tutorial: How to enable DNS over HTTPS (DoH)

In this MikroTik Tutorial I will show you how to configure DNS over HTTPS on your MikroTik router using either Cloudflare DNS servers or Google DNS servers.

The latest stable version of RouterOS 6.47 adds support for DNS over HTTPS or DoH. DoH is a protocol for performing remote DNS over HTTPS protocol. It is similar to DoT (DNS over TLS) but not exactly the same.

DNS Queries over HTTPS (DoH) is an accept IETF standard RFC8484.

Read More Read More

MikroTik Tutorial: show mac address table

MikroTik Tutorial: show mac address table

Here are the commands to show the mac address table on a MikroTik Router. In addition to using the command line to show the mac address table, this tutorial I will also show you how to search for a specific MAC address and filter the table to show mac addresses learned through a specific port. There are actually several commands that you should know, depending on how your router is configured.

Read More Read More

The Perfect MikroTik Config Restore Script

The Perfect MikroTik Config Restore Script

Restoring config files on MikroTik routers have always been a pain. I set out to make the perfect config restore script for MikroTik routers.

Have your every tried to paste configuration commands into a MikroTik router? Yeah, it doesn’t work. As soon as the script adds an interface to a bridge or changes an IP you get disconnected and the rest of the script lines fail to restore.

Using the ‘run after reset‘ method is really the best way to restore a MikroTik router’s configuration but it has its own little caveats like editing the script first and adding a :delay 15s; line at the top.

After reboot, there is no clear indication if the import was successful or failed. While troubleshooting an error riddled backup I had the idea of introducing an audible beep before and after the import process. This lead me to develop this script.

Read More Read More

MikroTik Script: Router Rebooted Script

MikroTik Script: Router Rebooted Script

This is a useful little RouterOS script that will email you a nice report when your router reboots. The emailed report contains recent critical log events that may point you to the cause for the reboot. ie “router was rebooted without proper shutdown” or “out of memory condition was detected”.

Read More Read More

MikroTik Tutorial: Firewall ruleset for IPsec whitelisting

MikroTik Tutorial: Firewall ruleset for IPsec whitelisting

This article will show you how to setup a firewall whitelist for IPsec peer associations on a MikorTik router. The firewall ruleset will make use of address-lists to allow UDP 500 traffic only from trusted networks.

The address list for trusted networks will be called ipsec-trusted-nets and all other hosts that attempt IPsec traffic will be added to the list ipsec-uninvited.

Read More Read More

MikroTik Script: Authentication Logging w/ Email Reports

MikroTik Script: Authentication Logging w/ Email Reports

In this article I will show you how to configure a separate log file on a MikroTik router that will only contain authentication log entries.  The log file will contain log entries for winbox, webfig, ssh, telnet, ftp as well as VPN user authentications.  Additionally,  we will configure a scheduled script to email this log file to ourselves daily.

Read More Read More

MikroTik RouterOS Automation with NAPALM

MikroTik RouterOS Automation with NAPALM

In this tutorial, we will explore using the NAPALM python module to query data from a MikroTik Router.

Before we begin, you are expected to have python3 and pip installed as well as access to a MikroTik router running RouterOS. NAPALM will attempt to connect to the router on the default API port of 8728. You will need to enable the API service which is found in IP | Services using winbox

Read More Read More