diff options
author | Christian Hesse <mail@eworm.de> | 2020-03-27 22:15:43 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2020-03-27 22:15:43 +0100 |
commit | 54a8f2839dd32d9c8bd60c2edbbca3606b250bbb (patch) | |
tree | b8164b53f21696c30869ca2b4c3699efd3eb1579 /doc | |
parent | a87fbb4be1e1e090b01db9eebd7799a0e1d62771 (diff) | |
parent | 1d93e92dcda753b855e89295f74dafae4743bb80 (diff) |
Merge branch 'documentation'
Diffstat (limited to 'doc')
37 files changed, 1612 insertions, 46 deletions
diff --git a/doc/accesslist-duplicates.md b/doc/accesslist-duplicates.md new file mode 100644 index 0000000..2189322 --- /dev/null +++ b/doc/accesslist-duplicates.md @@ -0,0 +1,49 @@ +Find and remove access list duplicates +====================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script is supposed to run interactively to find and remove duplicate +entries in wireless access list. + +Requirements and installation +----------------------------- + +Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless +interface (`/ interface wireless`) you need to install a different script. + +For CAPsMAN: + + $ScriptInstallUpdate accesslist-duplicates.capsman; + +For local interface: + + $ScriptInstallUpdate accesslist-duplicates.local; + +Usage and invocation +-------------------- + +Run this script from a terminal: + + [admin@kalyke] > / system script run accesslist-duplicates.local + Flags: X - disabled + 0 ;;; First entry with identical mac address... + mac-address=00:11:22:33:44:55 interface=any signal-range=-120..120 allow-signal-out-of-range=10s authentication=yes forwarding=yes ap-tx-limit=0 client-tx-limit=0 private-algo=none private-key="" private-pre-shared-key="" management-protection-key="" vlan-mode=default vlan-id=1 + + 1 ;;; Second entry with identical mac address... + mac-address=00:11:22:33:44:55 interface=any signal-range=-120..120 allow-signal-out-of-range=10s authentication=yes forwarding=yes ap-tx-limit=0 client-tx-limit=0 private-algo=none private-key="" private-pre-shared-key="" management-protection-key="" vlan-mode=default vlan-id=1 + + Numeric id to remove, any key to skip! + Removing numeric id 1... + +See also +-------- + +* [Collect MAC addresses in wireless access list](collect-wireless-mac.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/bridge-port.md b/doc/bridge-port.md new file mode 100644 index 0000000..2228ac8 --- /dev/null +++ b/doc/bridge-port.md @@ -0,0 +1,84 @@ +Manage ports in bridge +====================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +These scripts are supposed to handle interfaces and switching them from +one bridge to another. + +Requirements and installation +----------------------------- + +Just install the scripts: + + $ScriptInstallUpdate bridge-port-to-default,bridge-port-toggle; + +Configuration +------------- + +The configuration goes to ports' comments (`/ interface bridge port`). + + / interface bridge port add bridge=br-guest comment="default=dhcp-client, alt=br-guest" disabled=yes interface=en1; + / interface bridge port add bridge=br-intern comment="default=br-intern, alt=br-guest" interface=en2; + / interface bridge port add bridge=br-guest comment="default=br-guest, extra=br-extra" interface=en3; + +Also dhcp client can be handled: + + / ip dhcp-client add comment="toggle with bridge port" disabled=no interface=en1; + +There is also global configuration: + +* `BridgePortTo`: specify the configuration to be applied by default + +Install [global-wait](global-wait.md) and add a scheduler to start with +default setup on system startup: + + / system scheduler add name=bridge-port-to-default on-event="/ system script { run global-wait; run bridge-port-to-default; }" start-time=startup; + +Usage and invocation +-------------------- + +The usage examples show what happens with the configuration from above. + +Running the script `bridge-port-to-default` applies all configuration given +with `default=`: + + / system script run bridge-port-to-default; + +For the three interfaces we get this configuration: + +* The special value `dhcp-client` enables the dhcp client for interface `en1`. The bridge port entry is disabled. +* Interface `en2` is put in bridge `br-intern`. +* Interface `en3` is put in bridge `br-guest`. + +Running the script `bridge-port-toggle` toggles to configuration given +with `alt=`: + + / system script run bridge-port-toggle; + +* Interface `en1` is put in bridge `br-guest`, dhcp client for the interface is disabled. +* Interface `en2` is put in bridge `br-guest`. +* Interface `en3` is unchanged, stays in bridge `br-guest`. + +Running the script `bridge-port-toggle` again toggles back to configuration +given with `default=`. + +More configuration can be loaded by setting `BridgePortTo`: + + :set BridgePortTo "extra"; + / system script run bridge-port-to-default; + +* Interfaces `en1` and `en2` are unchanged. +* Interface `en3` is put in bridge `br-intern`. + +See also +-------- + +* [Wait for configuration und functions](global-wait.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/capsman-download-packages.md b/doc/capsman-download-packages.md new file mode 100644 index 0000000..ee4912d --- /dev/null +++ b/doc/capsman-download-packages.md @@ -0,0 +1,51 @@ +Download packages for CAP upgrade from CAPsMAN +============================================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +CAPsMAN can upgrate CAP devices. If CAPsMAN device and CAP device(s) are +differnet architecture you need to store packages for CAP device's +architecture on local storage. + +This script automatically downloads these packages. + +Requirements and installation +----------------------------- + +Just install the script on CAPsMAN device: + + $ScriptInstallUpdate capsman-download-packages; + +Optionally create a scheduler to run after startup, with a delay to ensure +internet connectivity is given: + + / system scheduler add name=capsman-download-packages on-event=":delay 2m; / system script run capsman-download-packages;" start-time=startup; + +Only packages available in older version are downloaded. For initial setup +place the required packages to CAPsMAN package path (see +`/ caps-man manager`). + +Usage and invocation +-------------------- + +Run the script manually: + + / system script run capsman-download-packages; + +... or from scheduler. + +After package download all out-of-date CAP devices are upgraded automatically. +For a rolling upgrade install extra script +[capsman-rolling-upgrade](capsman-rolling-upgrade.md). + +See also +-------- + +* [Run rolling CAP upgrades from CAPsMAN](capsman-rolling-upgrade.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/capsman-rolling-upgrade.md b/doc/capsman-rolling-upgrade.md new file mode 100644 index 0000000..e78c87a --- /dev/null +++ b/doc/capsman-rolling-upgrade.md @@ -0,0 +1,39 @@ +Run rolling CAP upgrades from CAPsMAN +===================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +CAPsMAN can upgrate CAP devices. This script runs a rolling upgrade for +out-of-date CAP devices. The idea is to have just a fraction of devices +reboot at a time, having the others to serve wireless connectivity. + + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate capsman-rolling-upgrade; + +Usage and invocation +-------------------- + +This script is intended as an add-on to +[capsman-download-packages](capsman-download-packages.md), being invoked by +that script when required. + +Alternatively run it manually: + + / system script run capsman-rolling-upgrade; + +See also +-------- + +* [Download packages for CAP upgrade from CAPsMAN](capsman-download-packages.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/certificate-renew-issued.md b/doc/certificate-renew-issued.md new file mode 100644 index 0000000..e460ce1 --- /dev/null +++ b/doc/certificate-renew-issued.md @@ -0,0 +1,47 @@ +Renew locally issued certificates +================================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script renews certificates issued by a local certificate authority (CA). +Optionally the certificates are exported with individual passphrases for +easy pick-up. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate certificate-renew-issued; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, there is just one +parameter: + +* `CertRenewPass`: an array holding individual passphrases for certificates + +Usage and invocation +-------------------- + +Run the script to renew certificates issued from a local CA. + + / system script run certificate-renew-issued; + +Only scripts with a remaining lifetime of three weeks or less are renewed. +The old certificate is revoked automatically. If a passphrase for a specific +certificate is given in `CertRenewPass` the certificate is exported and +PKCS#12 file (`cert-issued/CN.p12`) can be found on device's storage. + +See also +-------- + +* [Renew certificates and notify on expiration](check-certificates.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/check-certificates.md b/doc/check-certificates.md new file mode 100644 index 0000000..51ecd14 --- /dev/null +++ b/doc/check-certificates.md @@ -0,0 +1,52 @@ +Renew certificates and notify on expiration +=========================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script tries to download and renew certificates, then notifies about +certificates that are still about to expire. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate check-certificates; + +Configuration +------------- + +The expiry notifications just require notification settings for e-mail and +telegram. + +For automatic download and renewal of certificates you need configuration +in `global-config-overlay`, these are the parameters: + +* `CertRenewPass`: an array of passphrases to try +* `CertRenewUrl`: the url to download certificates from + +Certificates on the web server should be named `CN.pem` (`PEM` format) or +`CN.p12` (`PKCS#12` format). + +Usage and invocation +-------------------- + +Just run the script: + + / system script run check-certificates; + +... or create a scheduler for periodic execution: + + / system scheduler add interval=1d name=check-certificates on-event="/ system script run check-certificates;" start-time=startup; + +See also +-------- + +* [Renew locally issued certificates](certificate-renew-issued.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/check-health.md b/doc/check-health.md new file mode 100644 index 0000000..37f8e34 --- /dev/null +++ b/doc/check-health.md @@ -0,0 +1,43 @@ +Notify about health state +========================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script is run from scheduler periodically, sending notification on +health related events: + +* voltage jumps up or down more than configured threshold +* power supply failed or recovered +* temperature is above or below threshold + +Note that bad initial state will not trigger an event. + +Only sensors available in hardware can be checked. See what your +hardware supports: + + / system health print; + +Requirements and installation +----------------------------- + +Just install the script and create a scheduler: + + $ScriptInstallUpdate check-health; + / system scheduler add interval=1m name=check-health on-event="/ system script run check-health;" start-time=startup; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, These are the parameters: + +* `CheckHealthTemperature`: an array specifying temperature thresholds for sensors +* `CheckHealthVoltagePercent`: percentage value to trigger voltage jumps + +Also notification settings are required for e-mail and telegram. + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/check-lte-firmware-upgrade.md b/doc/check-lte-firmware-upgrade.md new file mode 100644 index 0000000..c71dee5 --- /dev/null +++ b/doc/check-lte-firmware-upgrade.md @@ -0,0 +1,41 @@ +Notify on LTE firmware upgrade +============================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script is run from scheduler periodically, checking for LTE firmware +upgrades. Currently supported LTE hardware: + +* R11e-LTE +* R11e-LTE-US +* R11e-4G +* R11e-LTE6 + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate check-lte-firmware-upgrade; + +... and create a scheduler: + + / system scheduler add interval=1d name=check-lte-firmware-upgrade on-event="/ system script run check-lte-firmware-upgrade;" start-time=startup; + +Configuration +------------- + +Notification setting are required for e-mail and telegram. + +See also +-------- + +* [Notify on RouterOS update](check-routeros-update.md) +* [Install LTE firmware upgrade](unattended-lte-firmware-upgrade.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/check-routeros-update.md b/doc/check-routeros-update.md new file mode 100644 index 0000000..c94381c --- /dev/null +++ b/doc/check-routeros-update.md @@ -0,0 +1,55 @@ +Notify on RouterOS update +========================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +The primary use of this script is to notify about RouterOS updates. + +Run from a terminal you can start the update process or schedule it. + +Centrally managing update process of several devices is possibly by +specifying versions safe to be updated on a web server. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate check-routeros-update; + +And add a scheduler for automatic update notification: + + / system scheduler add interval=1d name=check-routeros-update on-event="/ system script run check-routeros-update;" start-time=startup; + +Configuration +------------- + +Configuration is required only if you want to control update process with +safe versions from a web server. The configuration goes to +`global-config-overlay`, this is the parameter: + +* `SafeUpdateUrl`: url to check for safe update, the channel (`long-term`, +`stable` or `testing`) is appended + +Usage and invocation +-------------------- + +Be notified when run from scheduler or run it manually: + + / system script run check-routeros-update; + +If an update is found you can install it right away. + +Installing script [packages-update](packages-update.md) gives extra options. + +See also +-------- + +* [Manage system update](packages-update.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/cloud-backup.md b/doc/cloud-backup.md new file mode 100644 index 0000000..bda1267 --- /dev/null +++ b/doc/cloud-backup.md @@ -0,0 +1,46 @@ +Upload backup to Mikrotik cloud +=============================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script uploads [binary backup to Mikrotik cloud](https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#Backup). + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate cloud-backup; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, this is the only parameter: + +* `BackupPassword`: password to encrypt the backup with + +Also notification settings are required for e-mail and telegram. + +Usage and invocation +-------------------- + +Just run the script: + + / system script run cloud-backup; + +Creating a scheduler may be an option: + + / system scheduler add interval=1w name=cloud-backup on-event="/ system script run cloud-backup;" start-time=09:20:00; + +See also +-------- + +* [Send backup via e-mail](email-backup.md) +* [Upload backup to server](upload-backup.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/collect-wireless-mac.md b/doc/collect-wireless-mac.md new file mode 100644 index 0000000..45489bf --- /dev/null +++ b/doc/collect-wireless-mac.md @@ -0,0 +1,54 @@ +Collect MAC addresses in wireless access list +============================================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script adds unknown MAC addresses of connected wireless devices to +address list. In addition a notification is sent. + +By default the access list entry is disabled, but you can easily enable +and modify it to your needs. + +Requirements and installation +----------------------------- + +Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless +interface (`/ interface wireless`) you need to install a different script. + +For CAPsMAN: + + $ScriptInstallUpdate collect-wireless-mac.capsman; + +For local interface: + + $ScriptInstallUpdate collect-wireless-mac.local; + +Configuration +------------- + +On first run a disabled access list entry acting as marker (with comment +"`--- collected above ---`") is added. Move this entry to define where new +entries are to be added. + +Also notification settings are required for e-mail and telegram. + +Usage and invocation +-------------------- + +Run this script from a dhcp server as lease-script to collect the MAC +address when a new address is leased. You may want to use +[lease-script](lease-script.md). + +See also +-------- + +* [Comment DHCP leases with info from access list](dhcp-lease-comment.md) +* [Create DNS records for DHCP leases](dhcp-to-dns.md) +* [Run other scripts on DHCP lease](lease-script.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/daily-psk.md b/doc/daily-psk.md new file mode 100644 index 0000000..e6d7aae --- /dev/null +++ b/doc/daily-psk.md @@ -0,0 +1,56 @@ +Use wireless network with daily psk +=================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script is supposed to provide a wifi network which changes the +passphrase to a pseudo-random string daily. + +Requirements and installation +----------------------------- + +Just install this script and [global-wait](global-wait.md). + +Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless +interface (`/ interface wireless`) you need to install a different script. + +For CAPsMAN: + + $ScriptInstallUpdate daily-psk.capsman,global-wait; + +For local interface: + + $ScriptInstallUpdate daily-psk.local,global-wait; + +And add schedulers to run the script: + + / system scheduler add interval=1d name=daily-psk-nightly on-event="/ system script run daily-psk.local;" start-date=may/23/2018 start-time=03:00:00; + / system scheduler add name=daily-psk-startup on-event=":global WaitTimeSync; / system script { run global-wait; \$WaitTimeSync; run daily-psk.local; }" start-time=startup; + +These will update the passphrase on boot and nightly at 3:00. + +Configuration +------------- + +The configuration goes to `global-config-overlay`, these are the parameters: + +* `DailyPskMatchComment`: pattern to match the wireless access list comment +* `DailyPskSecrets`: an array with pseudo random strings + +Then add an access list entry: + + / interface wireless access-list add comment="Daily PSK" interface=wl-daily private-pre-shared-key="ToBeChangedDaily"; + +Also notification settings are required for e-mail and telegram. + +See also +-------- + +* [Wait for configuration und functions](global-wait.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/dhcp-lease-comment.md b/doc/dhcp-lease-comment.md new file mode 100644 index 0000000..caba7d6 --- /dev/null +++ b/doc/dhcp-lease-comment.md @@ -0,0 +1,49 @@ +Comment DHCP leases with info from access list +============================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script adds comments to dynamic dhcp server leases. Infos are taken +from wireless access list. + +Requirements and installation +----------------------------- + +Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless +interface (`/ interface wireless`) you need to install a different script. + +For CAPsMAN: + + $ScriptInstallUpdate dhcp-lease-comment.capsman; + +For local interface: + + $ScriptInstallUpdate dhcp-lease-comment.local; + +Configuration +------------- + +Infos are taken from wireless access list. Add entries with proper comments +there. You may want to use [collect-wireless-mac](collect-wireless-mac.md) +to prepare entries. + +Usage and invocation +-------------------- + +Run this script from a dhcp server as lease-script to update the comment +just after a new address is leased. You may want to use +[lease-script](lease-script.md). + +See also +-------- + +* [Collect MAC addresses in wireless access list](collect-wireless-mac.md) +* [Create DNS records for DHCP leases](dhcp-to-dns.md) +* [Run other scripts on DHCP lease](lease-script.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/dhcp-to-dns.md b/doc/dhcp-to-dns.md new file mode 100644 index 0000000..3f25659 --- /dev/null +++ b/doc/dhcp-to-dns.md @@ -0,0 +1,42 @@ +Create DNS records for DHCP leases +================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script adds (and removes) dns records based on dhcp server leases. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate dhcp-to-dns; + +Then run it from dhcp server as lease script. You may want to use +[lease-script](lease-script.md). + +A scheduler cares about cleanup: + + / system scheduler add interval=15m name=dhcp-to-dns on-event="/ system script run dhcp-to-dns;" start-time=startup; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, these are the parameters: + +* `Domain`: the domain used for dns records +* `HostNameInZone`: whether or not to add the dhcp/dns server's hostname + +See also +-------- + +* [Collect MAC addresses in wireless access list](collect-wireless-mac.md) +* [Comment DHCP leases with info from access list](dhcp-lease-comment.md) +* [Run other scripts on DHCP lease](lease-script.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/email-backup.md b/doc/email-backup.md new file mode 100644 index 0000000..7f89a06 --- /dev/null +++ b/doc/email-backup.md @@ -0,0 +1,52 @@ +Send backup via e-mail +====================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script sends binary backup (`/ system backup save`) and complete +configuration export (`/ export terse`) via e-mail. + + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate email-backup; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, These are the parameters: + +* `BackupSendBinary`: whether to send binary backup +* `BackupSendExport`: whether to send configuration export +* `BackupPassword`: password to encrypt the backup with +* `EmailBackupTo`: e-mail address to send to +* `EmailBackupCc`: e-mail address(es) to send in copy + +Also valid e-mail settings in `/ tool e-mail` are required to send mails. + +Usage and invocation +-------------------- + +Just run the script: + + / system script run email-backup; + +Creating a scheduler may be an option: + + / system scheduler add interval=1w name=email-backup on-event="/ system script run email-backup;" start-time=09:15:00; + +See also +-------- + +* [Upload backup to Mikrotik cloud](cloud-backup.md) +* [Upload backup to server](upload-backup.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/global-wait.md b/doc/global-wait.md new file mode 100644 index 0000000..9fcaa96 --- /dev/null +++ b/doc/global-wait.md @@ -0,0 +1,34 @@ +Wait for configuration und functions +==================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +The global scripts `global-config`, `global-config-overlay` and +`global-functions` are run by scheduler at system startup. Running another +script at system startup may result in race condition where configuration +and/or function are not yet available. This script is supposed to wait +for everything being prepared. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate global-wait; + +... and add it to your scheduler, for example in combination with +[bridge-port](bridge-port.md): + + / system scheduler add name=bridge-port-to-default on-event="/ system script { run global-wait; run bridge-port-to-default; }" start-time=startup; + +See also +-------- + +* [Manage ports in bridge](bridge-port.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/gps-track.md b/doc/gps-track.md new file mode 100644 index 0000000..a7b3d7f --- /dev/null +++ b/doc/gps-track.md @@ -0,0 +1,34 @@ +Send GPS position to server +=========================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script is supposed to run periodically from scheduler and send GPS +position data to a server for tracking. + +A hardware GPS antenna is required. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate gps-track; + +... and create a scheduler: + + / system scheduler add interval=1m name=gps-track on-event="/ system script run gps-track;" start-time=startup; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, the only parameter is: + +* `GpsTrackUrl`: the url to send json data to + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/hotspot-to-wpa.md b/doc/hotspot-to-wpa.md new file mode 100644 index 0000000..fbb9640 --- /dev/null +++ b/doc/hotspot-to-wpa.md @@ -0,0 +1,48 @@ +Use WPA2 network with hotspot credentials +========================================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +RouterOS supports an unlimited number of MAC address specific passphrases +for WPA2 encrypted wifi networks via access list. The idea of this script +is to transfer hotspot credentials to MAC address specific WPA2 passphrase. + +Requirements and installation +----------------------------- + +You need a properly configured hotspot on one (open) SSID and a WP2 enabled +SSID with suffix "`-wpa`". + +Then install the script: + + $ScriptInstallUpdate hotspot-to-wpa; + +Configure your hotspot to use this script as `on-login` script: + + / ip hotspot user profile set on-login=hotspot-to-wpa [ find ]; + +Configuration +------------- + +On first run a disabled access list entry acting as marker (with comment +"`--- hotspot-to-wpa above ---`") is added. Move this entry to define where new +entries are to be added. + +Usage and invocation +-------------------- + +Create hotspot login credentials: + + / ip hotspot user add add comment="Test User 1" name=user1 password=v3ry; + / ip hotspot user add add comment="Test User 2" name=user2 password=s3cr3t; + +Now let the users connect and login to the hotspot. After that the devices +(identified by MAC address) can connect to the WPA2 network, using the +passphrase from hotspot credentials. + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/ip-addr-bridge.md b/doc/ip-addr-bridge.md new file mode 100644 index 0000000..44dac6a --- /dev/null +++ b/doc/ip-addr-bridge.md @@ -0,0 +1,32 @@ +Manage IP addresses with bridge status +====================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +With RouterOS an IP address is always active, even if an interface is down. +Other venders handle this differently - and sometimes this behavior is +expected. This script mimics this behavior. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate ip-addr-bridge; + +... and make it run from scheduler: + + / system scheduler add name=ip-addr-bridge on-event="/ system script run ip-addr-bridge;" start-time=startup; + +This will disable IP addresses on bridges without at lease one running port. +The IP address is enabled if at least one port is running. + +Note that IP addresses on bridges without a single port (acting as loopback +interface) are ignored. + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/ipv6-update.md b/doc/ipv6-update.md new file mode 100644 index 0000000..93ada42 --- /dev/null +++ b/doc/ipv6-update.md @@ -0,0 +1,56 @@ +Update configuration on IPv6 prefix change +========================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +With changing IPv6 prefix from ISP this script handles to update... + +* ipv6 firewall address-list +* dns records + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate ipv6-update; + +Your ISP needs to provide an IPv6 prefix, your device receives it via dhcp: + + / ipv6 dhcp-client add add-default-route=yes interface=ppp-isp pool-name=isp request=prefix script=ipv6-update; + +Note this already adds this script as `script`. The pool name (here: "`isp`") +is important, we need it later. + +Also this expects there is an address assigned from pool to an interface: + + / ipv6 address add from-pool=isp interface=br-local; + +Sometimes dhcp client is stuck on reconnect and needs to be released. +Installing [ppp-on-up](ppp-on-up.md) may solve this. + +Configuration +------------- + +An address list entry is updated with current prefix and can be used in +firewall rules, comment has to be "`ipv6-pool-`" and actual pool name: + + / ipv6 firewall address-list add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern; + +Static DNS records need a special comment to be updated. Again it has to +start with "`ipv6-pool-`" and actual pool name, followed by a comma, +"`interface=`" and the name of interface this address is connected to: + + / ip dns static add address=2003:cf:2f0f:de00:1122:3344:5566:7788 comment="ipv6-pool-isp, interface=br-local" name=test.example.com ttl=15m; + +See also +-------- + +* [Run scripts on ppp connection](ppp-on-up.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/lease-script.md b/doc/lease-script.md new file mode 100644 index 0000000..3c774f1 --- /dev/null +++ b/doc/lease-script.md @@ -0,0 +1,36 @@ +Run other scripts on DHCP lease +=============================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script is supposed to run from dhcp server as lease script. Currently +it does: + +* run [dhcp-to-dns](dhcp-to-dns.md) +* run [collect-wireless-mac](collect-wireless-mac.md) +* run [dhcp-lease-comment](dhcp-lease-comment.md) + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate lease-script; + +... and add it as `lease-script` to your dhcp server: + + / ip dhcp-server set lease-script=lease-script [ find ]; + +See also +-------- + +* [Collect MAC addresses in wireless access list](collect-wireless-mac.md) +* [Comment DHCP leases with info from access list](dhcp-lease-comment.md) +* [Create DNS records for DHCP leases](dhcp-to-dns.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/leds-mode.md b/doc/leds-mode.md new file mode 100644 index 0000000..e0f7cf3 --- /dev/null +++ b/doc/leds-mode.md @@ -0,0 +1,50 @@ +Manage LEDs dark mode +===================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +These scripts control LEDs mode and allow to run your device +completely dark. Hardware support for dark mode is required. + +Requirements and installation +----------------------------- + +Just install the scripts: + + $ScriptInstallUpdate leds-day-mode,leds-night-mode,leds-toggle-mode; + +Usage and invocation +-------------------- + +To switch the device to dark mode: + + / system script run leds-night-mode; + +... and back to normal mode: + + / system script run leds-day-mode; + +To toggle between the two modes: + + / system script run leds-toggle-mode; + +Add these schedulers to switch to dark mode in the evening and back to +normal mode in the morning: + + / system scheduler add interval=1d name=leds-day-mode on-event="/ system script run leds-day-mode;" start-time=07:00:00; + / system scheduler add interval=1d name=leds-night-mode on-event="/ system script run leds-night-mode;" start-time=21:00:00; + +The script `leds-toggle-mode` can be used from [mode button](mode-button.md) +to toggle mode. + +See also +-------- + +* [Mode botton with multiple presses](mode-button.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/mode-button.md b/doc/mode-button.md new file mode 100644 index 0000000..5018d6e --- /dev/null +++ b/doc/mode-button.md @@ -0,0 +1,40 @@ +Mode botton with multiple presses +================================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +These scripts extend the functionality of mode button. Instead of just one +you can trigger several actions by pressing the mode button several times. + +The hardware needs to have a mode button, see +`/ system routerboard mode-button`. + +Requirements and installation +----------------------------- + +Just install the scripts: + + $ScriptInstallUpdate mode-button-event,mode-button-scheduler; + +Then configure the mode-button to run `mode-button-event`: + + / system routerboard mode-button set enabled=yes on-event="/ system script run mode-button-event;"; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, the only parameter is: + +* `ModeButton`: an array with defined actions + +Usage and invocation +-------------------- + +Press the mode button. :) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/netwatch-notify.md b/doc/netwatch-notify.md new file mode 100644 index 0000000..51768ff --- /dev/null +++ b/doc/netwatch-notify.md @@ -0,0 +1,36 @@ +Notify on host up and down +========================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script sends notifications about host UP and DOWN events. In comparison +to just netwatch (`/ tool netwatch`) and its `up-script` and `down-script` +this script implements a simple state machine. Host down events are triggered +only if the host is down for several checks to avoid false alerts. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate netwatch-notify; + +Then add a scheduler to run it periodically: + + / system scheduler add interval=1m name=netwatch-notify on-event="/ system script run netwatch-notify;" start-time=startup; + +Configuration +------------- + +The hosts to be checked have to be added to netwatch with specific comment: + + / tool netwatch add comment="notify, hostname=example.com" host=[ :resolve "example.com" ] timeout=5s; + +Also notification settings are required for e-mail and telegram. + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/netwatch-syslog.md b/doc/netwatch-syslog.md new file mode 100644 index 0000000..9a28bb9 --- /dev/null +++ b/doc/netwatch-syslog.md @@ -0,0 +1,34 @@ +Manage remote logging +===================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +RouterOS supports sending log messages via network to a remote syslog server. +If the server is not available no log messages (with potentially sensitive +information) should be sent. This script disables remote logging by +availability. + +Requirements and installation +----------------------------- + +Let's assume there is a remote log action and associated logging rule: + + / system logging action set remote=10.0.0.1 [ find where name="remote" ]; + / system logging add action=remote topics=info; + +Just install the script: + + $ScriptInstallUpdate netwatch-syslog; + +... and create a netwatch matching the IP address from logging action above: + + / tool netwatch add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog; + +All logging rules are disabled when host is down. + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/packages-update.md b/doc/packages-update.md new file mode 100644 index 0000000..882ce80 --- /dev/null +++ b/doc/packages-update.md @@ -0,0 +1,46 @@ +Manage system update +==================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +In rare cases RouterOS fails to properly downlaod package on update +(`/ system package update install`), resulting in borked system with missing +packages. This script tries to avoid this situation by doing some basic +verification. + +But it provides some extra functionality: + +* send backup via e-mail if [email-backup](email-backup.md) is installed +* upload backup if [upload-backup](upload-backup.md) is installed +* schedule reboot at night + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate packages-update; + +It is automatically run by [check-routeros-update](check-routeros-update.md) +if available. + +Usage and invocation +-------------------- + +Alternatively run it manually: + + / system script run packages-update; + +See also +-------- + +* [Notify on RouterOS update](check-routeros-update.md) +* [Send backup via e-mail](email-backup.md) +* [Upload backup to server](upload-backup.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/ppp-on-up.md b/doc/ppp-on-up.md new file mode 100644 index 0000000..432a640 --- /dev/null +++ b/doc/ppp-on-up.md @@ -0,0 +1,34 @@ +Run scripts on ppp connection +============================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script is supposed to run on established ppp connection. Currently +it does: + +* release IPv6 dhcp leases (and thus force a renew) +* run [update-tunnelbroker](update-tunnelbroker.md) + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate ppp-on-up; + +... and make it the `on-up` script for ppp profile: + + / ppp profile set on-up=ppp-on-up [ find ]; + +See also +-------- + +* [Update configuration on IPv6 prefix change](ipv6-update.md) +* [Update tunnelbroker configuration](update-tunnelbroker.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/rotate-ntp.md b/doc/rotate-ntp.md new file mode 100644 index 0000000..eb04f5c --- /dev/null +++ b/doc/rotate-ntp.md @@ -0,0 +1,40 @@ +Rotate NTP servers +================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +RouterOS requires NTP servers to be configured by IP address. Servers from a +pool may appear and disappear, leaving broken NTP configuration. + +This script allows to rotate IP addresses from a given pool. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate rotate-ntp; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, this is the parameter: + +* `NtpPool`: dns name of ntp server pool + +Usage and invocation +-------------------- + +Just run the script to update the NTP configuration with actual IP +addresses from pool if required. + +Alternatively a scheduler can be created: + + / system scheduler add interval=5d name=rotate-ntp on-event="/ system script run rotate-ntp;" start-time=startup; + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/sms-action.md b/doc/sms-action.md new file mode 100644 index 0000000..df9e14f --- /dev/null +++ b/doc/sms-action.md @@ -0,0 +1,49 @@ +Act on received SMS +=================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +RouterOS can act on received SMS. Reboot the device from remote or do +whatever is required. + +A broadband interface with SMS support is required. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate sms-action; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, this is the only parameter: + +* `SmsAction`: an array with pre-defined actions + +Then enable SMS actions: + + / tool sms set allowed-number=+491234567890 receive-enabled=yes secret=s3cr3t; + +Usage and invocation +-------------------- + +Send a SMS from allowed number to your device's phone number: + + :cmd s3cr3t script sms-action action=reboot; + +The value given by "`action=`" is one of the pre-defined actions from +`SmsAction`. + +See also +-------- + +* [Forward received SMS](sms-forward.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/sms-forward.md b/doc/sms-forward.md new file mode 100644 index 0000000..28fc39b --- /dev/null +++ b/doc/sms-forward.md @@ -0,0 +1,36 @@ +Forward received SMS +==================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +RouterOS can receive SMS. This script forwards SMS as notification. + +A broadband interface with SMS support is required. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate sms-forward; + +... and add a scheduler to run it periodically: + + / system scheduler add interval=2m name=sms-forward on-event="/ system script run sms-forward;" start-time=startup; + +Configuration +------------- + +Notification settings are required for e-mail and telegram. + +See also +-------- + +* [Act on received SMS](sms-action.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/ssh-keys-import.md b/doc/ssh-keys-import.md new file mode 100644 index 0000000..d221072 --- /dev/null +++ b/doc/ssh-keys-import.md @@ -0,0 +1,33 @@ +Import SSH keys +=============== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script imports public SSH keys (files with extension "`pub`") into +local store for user authentication. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate ssh-keys-import; + +Usage and invocation +-------------------- + +Copy files with extension "`pub`" containing public SSH keys for your device. +Then run the script: + + / system script run ssh-keys-import; + +Starting with an `authorized_keys` file you can split it on a shell: + + while read type key name; do echo $type $key $name > $name.pub; done < authorized_keys + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/super-mario-theme.md b/doc/super-mario-theme.md new file mode 100644 index 0000000..68484dc --- /dev/null +++ b/doc/super-mario-theme.md @@ -0,0 +1,31 @@ +Play Super Mario theme +====================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script plays Super Mario theme. + +The hardware needs a beeper. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate super-mario-theme; + +Usage and invocation +-------------------- + +Just run the script to play: + + / system script run super-mario-theme; + +For extra fun use it for dhcp lease script. :) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/template.md b/doc/template.md deleted file mode 100644 index bc86c32..0000000 --- a/doc/template.md +++ /dev/null @@ -1,46 +0,0 @@ -Script `template` -================= - -[◀ Go back to main README](../README.md) - -Description ------------ - -Short description... - -In detail ---------- - -Get all the details... - -Requirements and installation ------------------------------ - -We need... - -... then we install: - - [admin@MikroTik] > / system script add name=template - [admin@MikroTik] > / system script run script-updates - -Configuration -------------- - -The configuration goes to `global-config`, These are the parameters: - -* ... - -Usage and invocation --------------------- - -This is intended... - -See also --------- - -* [another script](template.md) -* ... - ---- -[◀ Go back to main README](../README.md) -[▲ Go back to top](#top) diff --git a/doc/unattended-lte-firmware-upgrade.md b/doc/unattended-lte-firmware-upgrade.md new file mode 100644 index 0000000..68c74a1 --- /dev/null +++ b/doc/unattended-lte-firmware-upgrade.md @@ -0,0 +1,42 @@ +Install LTE firmware upgrade +============================ + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script upgrades LTE firmware on compatible devices: + +* R11e-LTE +* R11e-LTE-US +* R11e-4G +* R11e-LTE6 + +A temporary scheduler is created to be independent from terminal. Thus +starting the upgrade process over the broadband connection is supported. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate unattended-lte-firmware-upgrade; + +Usage and invocation +-------------------- + +Run the script if an upgrade for your LTE hardware is available: + + / system script run unattended-lte-firmware-upgrade; + +Then be patient, go for a coffee and wait for the upgrade process to finish. + +See also +-------- + +* [Notify on LTE firmware upgrade](check-lte-firmware-upgrade.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/update-gre-address.md b/doc/update-gre-address.md new file mode 100644 index 0000000..870759e --- /dev/null +++ b/doc/update-gre-address.md @@ -0,0 +1,38 @@ +Update GRE configuration with dynamic addresses +=============================================== + +[◀ Go back to main README](../README.md) + +Description +----------- + +Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is +easy to configure on client, but has an issue on server side: client IP +addresses are assigned dynamically via mode-config and have to be updated +for GRE interface. + +This script handles the address updates and disables the interface if the +client is disconnected. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate update-gre-address; + +... and add a scheduler to run the script periodically: + + / system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup; + +Configuration +------------- + +The configuration goes to interface's comment. Add the client's IKEv2 +certificate CN into the comment: + + / interface gre set comment="ikev2-client1" gre-client1; + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/update-tunnelbroker.md b/doc/update-tunnelbroker.md new file mode 100644 index 0000000..3641588 --- /dev/null +++ b/doc/update-tunnelbroker.md @@ -0,0 +1,41 @@ +Update tunnelbroker configuration +================================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +Connecting to [tunnelbroker.net](//tunnelbroker.net) from dynamic public +ip address requires the address to be sent to the remote, and to be set +locally. This script does both. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate update-tunnelbroker; + +Installing [ppp-on-up](ppp-on-up.md) makes this script run when ever a ppp +connection is established. + +Configuration +------------- + +The configuration goes to interface's comment: + + / interface 6to4 set comment="tunnelbroker, user=user, pass=s3cr3t, id=12345" tunnelbroker; + +Also enabling dynamic DNS in Mikrotik cloud is required: + + / ip cloud set ddns-enabled=yes; + +See also +-------- + +* [Run scripts on ppp connection](ppp-on-up.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) diff --git a/doc/upload-backup.md b/doc/upload-backup.md new file mode 100644 index 0000000..bbfbcc4 --- /dev/null +++ b/doc/upload-backup.md @@ -0,0 +1,62 @@ +Upload backup to server +======================= + +[◀ Go back to main README](../README.md) + +Description +----------- + +This script uploads binary backup (`/ system backup save`) and complete +configuration export (`/ export terse`) to external server. + +Requirements and installation +----------------------------- + +Just install the script: + + $ScriptInstallUpdate upload-backup; + +Configuration +------------- + +The configuration goes to `global-config-overlay`, these are the parameters: + +* `BackupSendBinary`: whether to send binary backup +* `BackupSendExport`: whether to send configuration export +* `BackupPassword`: password to encrypt the backup with +* `BackupUploadUrl`: url to upload to +* `BackupUploadUser`: username for server authentication +* `BackupUploadPass`: password for server authentication + +Also notification settings are required for e-mail and telegram. + +### Issues with SFTP client + +The RouterOS SFTP client is picky if it comes to authentication methods. +I had to disable all but password authentication on server side. For openssh +edit `/etc/ssh/sshd_config` and add a directive like this, changed for your +needs: + + Match User mikrotik + AuthenticationMethods password + +Usage and invocation +-------------------- + +Just run the script: + + / system script run upload-backup; + +Creating a scheduler may be an option: + + / system scheduler add interval=1w name=upload-backup on-event="/ system script run upload-backup;" start-time=09:25:00; + +See also +-------- + +* [Send backup via e-mail](email-backup.md) +* [Upload backup to Mikrotik cloud](cloud-backup.md) + +--- +[◀ Go back to main README](../README.md) +[▲ Go back to top](#top) |