2018-07-03 20:46:57 +02:00
RouterOS Scripts
================
[RouterOS ](https://mikrotik.com/software ) is the operating system developed
2018-08-24 22:43:19 +02:00
by [MikroTik ](https://mikrotik.com/aboutus ) for networking tasks. This
2018-07-03 20:46:57 +02:00
repository holds a number of [scripts ](https://wiki.mikrotik.com/wiki/Manual:Scripting )
to manage RouterOS devices or extend their functionality.
2018-08-24 22:43:19 +02:00
*Use at your own risk!*
2018-08-27 08:59:05 +02:00
Requirements
------------
Latest version of the scripts require at least **RouterOS 6.43** to function
properly. The changelog lists the corresponding change as follows:
> *) fetch - added "as-value" output format;
2019-04-01 10:41:42 +02:00
Specific scripts may require even newer RouterOS version, for example cloud
backup was added in 6.44.
2018-08-24 22:43:19 +02:00
Initial setup
-------------
2018-12-17 23:15:23 +01:00
### Get me ready!
If you know how things work just copy and paste the
[initial commands ](initial-commands ). Remember to edit and rerun
`global-config` !
First time useres should take the long way below.
2019-03-12 21:00:39 +01:00
### Live presentation
Want to see it in action? I've had a presentation [Repository based
RouterOS script distribution](https://www.youtube.com/watch?v=B9neG3oAhcY)
including demonstation recorded live at [MUM Europe
2019](https://mum.mikrotik.com/2019/EU/) in Vienna.
2018-12-17 23:15:23 +01:00
### The long way in detail
2018-08-24 22:43:19 +02:00
The update script does server certificate verification, so first step is to
2018-09-14 20:40:21 +02:00
download the certificates. If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
certificate chain.
2018-08-24 22:43:19 +02:00
2019-08-30 13:28:14 +02:00
[admin@MikroTik ] > / tool fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/Let%27s%20Encrypt%20Authority%20X3.pem" dst-path="letsencrypt.pem"
2018-08-24 22:43:19 +02:00
status: finished
2018-10-16 16:31:57 +02:00
downloaded: 3KiBC-z pause]
total: 3KiB
2018-08-24 22:43:19 +02:00
duration: 1s
Note that the commands above do *not* verify server certificate, so if you
want to be safe download with your workstations's browser and transfer the
files to your MikroTik device.
* [ISRG Root X1 ](https://letsencrypt.org/certs/isrgrootx1.pem.txt )
* [Let's Encrypt Authority X3 ](https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt )
Then we import the certificates.
2018-10-16 16:31:57 +02:00
[admin@MikroTik ] > / certificate import file-name=letsencrypt.pem passphrase=""
2018-12-20 17:25:23 +01:00
certificates-imported: 3
2018-08-24 22:43:19 +02:00
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
2018-10-16 15:45:45 +02:00
For basic verification we rename the certifiactes and print their count. Make
2018-12-20 17:25:23 +01:00
sure the certificate count is **three** .
2018-09-14 10:31:11 +02:00
[admin@MikroTik ] > / certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ]
[admin@MikroTik ] > / certificate set name="Let-s-Encrypt-Authority-X3" [ find where fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" ]
2018-12-20 17:25:23 +01:00
[admin@MikroTik ] > / certificate set name="DST-Root-CA-X3" [ find where fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ]
[admin@MikroTik ] > / certificate print count-only where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739"
3
2018-09-14 10:31:11 +02:00
2018-09-14 20:40:21 +02:00
Always make sure there are no certificates installed you do not know or want!
2018-12-20 17:25:23 +01:00
Actually we do not require the certificate named `DST Root CA X3` , but as it
is used by `Let's Encrypt` to cross-sign we install it anyway - this makes
sure things do not go wrong if the intermediate certificate is replaced.
The IdenTrust certificate *should* be available from their
[download page ](https://www.identrust.com/support/downloads ). The site is
crap and a good example how to *not* do it.
2018-09-14 10:31:11 +02:00
Now let's download the main scripts and add them in configuration on the fly.
2018-08-24 22:43:19 +02:00
2019-08-30 13:28:14 +02:00
[admin@MikroTik ] > :foreach Script in={ "global-config"; "global-functions"; "script-updates" } do={ / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); }
2018-08-24 22:43:19 +02:00
2018-09-14 20:40:21 +02:00
The configuration needs to be tweaked for your needs. Make sure not to send
your mails to `mail@example.com` !
2018-08-24 22:43:19 +02:00
[admin@MikroTik ] > / system script edit global-config source
2019-01-03 16:05:54 +01:00
And finally load configuration and functions and add the schedulers.
2018-08-24 22:43:19 +02:00
[admin@MikroTik ] > / system script run global-config
2019-01-03 16:05:54 +01:00
[admin@MikroTik ] > / system script run global-functions
2019-08-29 09:28:34 +02:00
[admin@MikroTik ] > / system scheduler add name="global-config" start-time=startup on-event="/ system script run global-config;"
[admin@MikroTik ] > / system scheduler add name="global-functions" start-time=startup on-event="/ system script run global-functions;"
2018-08-24 22:43:19 +02:00
Updating scripts
----------------
2018-09-13 22:25:38 +02:00
To update existing scripts just run `script-updates` .
2018-08-24 22:43:19 +02:00
[admin@MikroTik ] > / system script run script-updates
Adding a script
---------------
To add a script from the repository create a configuration item first, then
update scripts to fetch the source.
2019-08-29 09:28:34 +02:00
[admin@MikroTik ] > / system script add name="check-routeros-update"
2018-08-24 22:43:19 +02:00
[admin@MikroTik ] > / system script run script-updates
Scheduler and events
--------------------
Most scripts are designed to run regularly from
[scheduler ](https://wiki.mikrotik.com/wiki/Manual:System/Scheduler ). We just
added `check-routeros-update` , so let's run it every hour to make sure not to
miss an update.
2019-08-29 09:28:34 +02:00
[admin@MikroTik ] > / system scheduler add name="check-routeros-update" interval=1h on-event="/ system script run check-routeros-update;"
2018-08-24 22:43:19 +02:00
Some events can run a script. If you want your DHCP hostnames to be available
in DNS use `dhcp-to-dns` with the events from dhcp server. For a regular
cleanup add a scheduler entry.
2019-08-29 09:28:34 +02:00
[admin@MikroTik ] > / system script add name="dhcp-to-dns"
2018-08-24 22:43:19 +02:00
[admin@MikroTik ] > / system script run script-updates
[admin@MikroTik ] > / ip dhcp-server set lease-script=dhcp-to-dns [ find ]
2019-08-29 09:28:34 +02:00
[admin@MikroTik ] > / system scheduler add name="dhcp-to-dns" interval=5m on-event="/ system script run dhcp-to-dns;"
2018-08-24 22:43:19 +02:00
There's much more to explore... Have fun!
2018-07-03 20:46:57 +02:00
### Upstream
URL:
[GitHub.com ](https://github.com/eworm-de/routeros-scripts#routeros-scripts )
Mirror:
2019-08-30 13:28:14 +02:00
[eworm.de ](https://git.eworm.de/cgit/routeros-scripts/about/ )
2018-07-03 20:46:57 +02:00
[GitLab.com ](https://gitlab.com/eworm-de/routeros-scripts#routeros-scripts )
2019-01-02 21:04:54 +01:00
---
[▲ Go back to top ](#top )
