aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile23
-rw-r--r--accesslist-duplicates.template.rsc4
-rw-r--r--accesslist-duplicates.wifi.rsc31
-rw-r--r--capsman-download-packages.template.rsc17
-rw-r--r--capsman-download-packages.wifi.rsc74
-rw-r--r--capsman-rolling-upgrade.template.rsc8
-rw-r--r--capsman-rolling-upgrade.wifi.rsc41
-rw-r--r--collect-wireless-mac.template.rsc8
-rw-r--r--collect-wireless-mac.wifi.rsc90
-rw-r--r--daily-psk.template.rsc9
-rw-r--r--daily-psk.wifi.rsc85
-rw-r--r--dhcp-lease-comment.template.rsc2
-rw-r--r--dhcp-lease-comment.wifi.rsc33
-rw-r--r--doc/accesslist-duplicates.md15
-rw-r--r--doc/capsman-download-packages.md29
-rw-r--r--doc/capsman-rolling-upgrade.md15
-rw-r--r--doc/collect-wireless-mac.md13
-rw-r--r--doc/daily-psk.md22
-rw-r--r--doc/dhcp-lease-comment.md13
-rw-r--r--doc/hotspot-to-wpa.md28
-rw-r--r--global-functions.rsc2
-rw-r--r--hotspot-to-wpa-cleanup.template.rsc10
-rw-r--r--hotspot-to-wpa-cleanup.wifi.rsc69
-rw-r--r--hotspot-to-wpa.template.rsc24
-rw-r--r--hotspot-to-wpa.wifi.rsc86
-rw-r--r--news-and-changes.rsc1
26 files changed, 692 insertions, 60 deletions
diff --git a/Makefile b/Makefile
index 100aa78..b18b09a 100644
--- a/Makefile
+++ b/Makefile
@@ -4,31 +4,38 @@
CAPSMAN = $(wildcard *.capsman.rsc)
LOCAL = $(wildcard *.local.rsc)
+WIFI = $(wildcard *.wifi.rsc)
WIFIWAVE2 = $(wildcard *.wifiwave2.rsc)
MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md)
HTML = $(MARKDOWN:.md=.html)
-all: $(CAPSMAN) $(LOCAL) $(WIFIWAVE2) $(HTML)
+all: $(CAPSMAN) $(LOCAL) $(WIFI) $(WIFIWAVE2) $(HTML)
%.html: %.md Makefile
markdown $< | sed 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' > $@
+%.capsman.rsc: %.template.rsc Makefile
+ sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wifiwave2\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \
+ -e '/^# NOT \/caps-man\/ #$$/,/^# NOT \/caps-man\/ #$$/d' \
+ -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
+ < $< > $@
+
%.local.rsc: %.template.rsc Makefile
- sed -e '/\/caps-man/d' -e '/\/interface\/wifiwave2/d' -e 's|%TEMPL%|.local|' \
- -e '/^# NOT \/interface\/wireless #$$/,/^# NOT \/interface\/wireless #$$/d' \
+ sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e '/\/interface\/wifiwave2\//d' -e 's|%TEMPL%|.local|' \
+ -e '/^# NOT \/interface\/wireless\/ #$$/,/^# NOT \/interface\/wireless\/ #$$/d' \
-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
< $< > $@
-%.capsman.rsc: %.template.rsc Makefile
- sed -e '/\/interface\/wifiwave2/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.capsman|' \
- -e '/^# NOT \/caps-man #$$/,/^# NOT \/caps-man #$$/d' \
+%.wifi.rsc: %.template.rsc Makefile
+ sed -e '/\/caps-man\//d' -e '/\/interface\/wifiwave2\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifi|' \
+ -e '/^# NOT \/interface\/wifi\/ #$$/,/^# NOT \/interface\/wifi\/ #$$/d' \
-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
< $< > $@
%.wifiwave2.rsc: %.template.rsc Makefile
- sed -e '/\/caps-man/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.wifiwave2|' \
- -e '/^# NOT \/interface\/wifiwave2 #$$/,/^# NOT \/interface\/wifiwave2 #$$/d' \
+ sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifiwave2|' \
+ -e '/^# NOT \/interface\/wifiwave2\/ #$$/,/^# NOT \/interface\/wifiwave2\/ #$$/d' \
-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
< $< > $@
diff --git a/accesslist-duplicates.template.rsc b/accesslist-duplicates.template.rsc
index beb7ef2..c83b428 100644
--- a/accesslist-duplicates.template.rsc
+++ b/accesslist-duplicates.template.rsc
@@ -18,13 +18,16 @@
:local Seen ({});
:foreach AccList in=[ /caps-man/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
+:foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
:foreach AccList in=[ /interface/wifiwave2/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
:foreach AccList in=[ /interface/wireless/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
:local Mac [ /caps-man/access-list/get $AccList mac-address ];
+ :local Mac [ /interface/wifi/access-list/get $AccList mac-address ];
:local Mac [ /interface/wifiwave2/access-list/get $AccList mac-address ];
:local Mac [ /interface/wireless/access-list/get $AccList mac-address ];
:if ($Seen->$Mac = 1) do={
/caps-man/access-list/print where mac-address=$Mac;
+ /interface/wifi/access-list/print where mac-address=$Mac;
/interface/wifiwave2/access-list/print where mac-address=$Mac;
/interface/wireless/access-list/print where mac-address=$Mac;
:local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
@@ -32,6 +35,7 @@
:if ([ :typeof $Remove ] = "num") do={
:put ("Removing numeric id " . $Remove . "...\n");
/caps-man/access-list/remove $Remove;
+ /interface/wifi/access-list/remove $Remove;
/interface/wifiwave2/access-list/remove $Remove;
/interface/wireless/access-list/remove $Remove;
}
diff --git a/accesslist-duplicates.wifi.rsc b/accesslist-duplicates.wifi.rsc
new file mode 100644
index 0000000..4ca8be8
--- /dev/null
+++ b/accesslist-duplicates.wifi.rsc
@@ -0,0 +1,31 @@
+#!rsc by RouterOS
+# RouterOS script: accesslist-duplicates.wifi
+# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# requires RouterOS, version=7.12beta1
+#
+# print duplicate antries in wireless access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "accesslist-duplicates.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:local Seen ({});
+
+:foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
+ :local Mac [ /interface/wifi/access-list/get $AccList mac-address ];
+ :if ($Seen->$Mac = 1) do={
+ /interface/wifi/access-list/print where mac-address=$Mac;
+ :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
+
+ :if ([ :typeof $Remove ] = "num") do={
+ :put ("Removing numeric id " . $Remove . "...\n");
+ /interface/wifi/access-list/remove $Remove;
+ }
+ }
+ :set ($Seen->$Mac) 1;
+}
diff --git a/capsman-download-packages.template.rsc b/capsman-download-packages.template.rsc
index 80f1988..7b37c36 100644
--- a/capsman-download-packages.template.rsc
+++ b/capsman-download-packages.template.rsc
@@ -25,6 +25,7 @@ $ScriptLock $0;
$WaitFullyConnected;
:local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ];
+:local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ];
:local PackagePath [ $CleanFilePath [ /interface/wifiwave2/capsman/get package-path ] ];
:local InstalledVersion [ /system/package/update/get installed-version ];
:local Updated false;
@@ -55,7 +56,8 @@ $WaitFullyConnected;
}
}
-# NOT /interface/wifiwave2 #
+# NOT /interface/wifi/ #
+# NOT /interface/wifiwave2/ #
:if ([ :len [ /system/logging/find where topics~"error" !(topics~"!error") \
!(topics~"!caps") action=memory !disabled !invalid ] ] < 1) do={
$LogPrintExit2 warning $0 ("Looks like error messages for 'caps' are not sent to memory. " . \
@@ -81,19 +83,25 @@ $WaitFullyConnected;
:set Updated true;
}
}
-# NOT /interface/wifiwave2 #
-# NOT /caps-man #
+# NOT /interface/wifiwave2/ #
+# NOT /interface/wifi/ #
+# NOT /caps-man/ #
:if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={
$LogPrintExit2 info $0 ("No packages available, downloading default set.") false;
:foreach Arch in={ "arm"; "arm64" } do={
+# NOT /interface/wifi/ #
:foreach Package in={ "routeros"; "wifiwave2" } do={
+# NOT /interface/wifi/ #
+# NOT /interface/wifiwave2/ #
+ :foreach Package in={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" } do={
+# NOT /interface/wifiwave2/ #
:if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
:set Updated true;
}
}
}
}
-# NOT /caps-man #
+# NOT /caps-man/ #
:if ($Updated = true) do={
:local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0);
@@ -101,6 +109,7 @@ $WaitFullyConnected;
/system/script/run $Script;
} else={
/caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ];
+ /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
/interface/wifiwave2/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
}
}
diff --git a/capsman-download-packages.wifi.rsc b/capsman-download-packages.wifi.rsc
new file mode 100644
index 0000000..3552924
--- /dev/null
+++ b/capsman-download-packages.wifi.rsc
@@ -0,0 +1,74 @@
+#!rsc by RouterOS
+# RouterOS script: capsman-download-packages.wifi
+# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
+# Michael Gisbers <michael@gisbers.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# download and cleanup packages for CAP installation from CAPsMAN
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "capsman-download-packages.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global CleanFilePath;
+:global DownloadPackage;
+:global LogPrintExit2;
+:global MkDir;
+:global ScriptLock;
+:global WaitFullyConnected;
+
+$ScriptLock $0;
+$WaitFullyConnected;
+
+:local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ];
+:local InstalledVersion [ /system/package/update/get installed-version ];
+:local Updated false;
+
+:if ([ :len $PackagePath ] = 0) do={
+ $LogPrintExit2 warning $0 ("The CAPsMAN package path is not defined, can not download packages.") true;
+}
+
+:if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={
+ :if ([ $MkDir $PackagePath ] = false) do={
+ $LogPrintExit2 warning $0 ("Creating directory at CAPsMAN package path (" . \
+ $PackagePath . ") failed!") true;
+ }
+ $LogPrintExit2 info $0 ("Created directory at CAPsMAN package path (" . $PackagePath . \
+ "). Please place your packages!") false;
+}
+
+:foreach Package in=[ /file/find where type=package \
+ package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
+ :local File [ /file/get $Package ];
+ :if ($File->"package-architecture" = "mips") do={
+ :set ($File->"package-architecture") "mipsbe";
+ }
+ :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
+ ($File->"package-architecture") $PackagePath ] = true) do={
+ :set Updated true;
+ /file/remove $Package;
+ }
+}
+
+:if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={
+ $LogPrintExit2 info $0 ("No packages available, downloading default set.") false;
+ :foreach Arch in={ "arm"; "arm64" } do={
+ :foreach Package in={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" } do={
+ :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
+ :set Updated true;
+ }
+ }
+ }
+}
+
+:if ($Updated = true) do={
+ :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0);
+ :if ([ :len $Script ] > 0) do={
+ /system/script/run $Script;
+ } else={
+ /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
+ }
+}
diff --git a/capsman-rolling-upgrade.template.rsc b/capsman-rolling-upgrade.template.rsc
index fc6872c..10245b5 100644
--- a/capsman-rolling-upgrade.template.rsc
+++ b/capsman-rolling-upgrade.template.rsc
@@ -24,21 +24,25 @@ $ScriptLock $0;
:local InstalledVersion [ /system/package/update/get installed-version ];
:local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ];
+:local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ];
:local RemoteCapCount [ :len [ /interface/wifiwave2/capsman/remote-cap/find ] ];
:if ($RemoteCapCount > 0) do={
:local Delay (600 / $RemoteCapCount);
:if ($Delay > 120) do={ :set Delay 120; }
:foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={
+ :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={
:foreach RemoteCap in=[ /interface/wifiwave2/capsman/remote-cap/find where version!=$InstalledVersion ] do={
:local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ];
+ :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ];
:local RemoteCapVal [ /interface/wifiwave2/capsman/remote-cap/get $RemoteCap ];
:if ([ :len $RemoteCapVal ] > 1) do={
-# NOT /caps-man #
+# NOT /caps-man/ #
:set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
-# NOT /caps-man #
+# NOT /caps-man/ #
$LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
" (" . $RemoteCapVal->"identity" . ")...") false;
/caps-man/remote-cap/upgrade $RemoteCap;
+ /interface/wifi/capsman/remote-cap/upgrade $RemoteCap;
/interface/wifiwave2/capsman/remote-cap/upgrade $RemoteCap;
} else={
$LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
diff --git a/capsman-rolling-upgrade.wifi.rsc b/capsman-rolling-upgrade.wifi.rsc
new file mode 100644
index 0000000..3e13bf4
--- /dev/null
+++ b/capsman-rolling-upgrade.wifi.rsc
@@ -0,0 +1,41 @@
+#!rsc by RouterOS
+# RouterOS script: capsman-rolling-upgrade.wifi
+# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
+# Michael Gisbers <michael@gisbers.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: capsman-rolling-upgrade
+#
+# upgrade CAPs one after another
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "capsman-rolling-upgrade.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global LogPrintExit2;
+:global ScriptLock;
+
+$ScriptLock $0;
+
+:local InstalledVersion [ /system/package/update/get installed-version ];
+
+:local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ];
+:if ($RemoteCapCount > 0) do={
+ :local Delay (600 / $RemoteCapCount);
+ :if ($Delay > 120) do={ :set Delay 120; }
+ :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={
+ :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ];
+ :if ([ :len $RemoteCapVal ] > 1) do={
+ :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
+ $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
+ " (" . $RemoteCapVal->"identity" . ")...") false;
+ /interface/wifi/capsman/remote-cap/upgrade $RemoteCap;
+ } else={
+ $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
+ }
+ :delay ($Delay . "s");
+ }
+}
diff --git a/collect-wireless-mac.template.rsc b/collect-wireless-mac.template.rsc
index 75073a4..97760d6 100644
--- a/collect-wireless-mac.template.rsc
+++ b/collect-wireless-mac.template.rsc
@@ -29,23 +29,28 @@
$ScriptLock $0 false 10;
:if ([ :len [ /caps-man/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
:if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
:if ([ :len [ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
/caps-man/access-list/add comment="--- collected above ---" disabled=yes;
+ /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes;
/interface/wifiwave2/access-list/add comment="--- collected above ---" disabled=yes;
/interface/wireless/access-list/add comment="--- collected above ---" disabled=yes;
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false;
}
:local PlaceBefore ([ /caps-man/access-list/find where comment="--- collected above ---" disabled ]->0);
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0);
:local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ]->0);
:local PlaceBefore ([ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ]->0);
:foreach Reg in=[ /caps-man/registration-table/find ] do={
+:foreach Reg in=[ /interface/wifi/registration-table/find ] do={
:foreach Reg in=[ /interface/wifiwave2/registration-table/find ] do={
:foreach Reg in=[ /interface/wireless/registration-table/find where ap=no ] do={
:local RegVal;
:do {
:set RegVal [ /caps-man/registration-table/get $Reg ];
+ :set RegVal [ /interface/wifi/registration-table/get $Reg ];
:set RegVal [ /interface/wifiwave2/registration-table/get $Reg ];
:set RegVal [ /interface/wireless/registration-table/get $Reg ];
} on-error={
@@ -54,11 +59,13 @@ $ScriptLock $0 false 10;
:if ([ :len ($RegVal->"mac-address") ] > 0) do={
:local AccessList ([ /caps-man/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
+ :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
:local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
:local AccessList ([ /interface/wireless/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
:if ([ :len $AccessList ] > 0) do={
$LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \
[ /caps-man/access-list/get $AccessList comment ]) false;
+ [ /interface/wifi/access-list/get $AccessList comment ]) false;
[ /interface/wifiwave2/access-list/get $AccessList comment ]) false;
[ /interface/wireless/access-list/get $AccessList comment ]) false;
}
@@ -87,6 +94,7 @@ $ScriptLock $0 false 10;
"first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
$LogPrintExit2 info $0 $Message false;
/caps-man/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
+ /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
/interface/wifiwave2/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
/interface/wireless/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
$SendNotification2 ({ origin=$0; \
diff --git a/collect-wireless-mac.wifi.rsc b/collect-wireless-mac.wifi.rsc
new file mode 100644
index 0000000..40ad4d2
--- /dev/null
+++ b/collect-wireless-mac.wifi.rsc
@@ -0,0 +1,90 @@
+#!rsc by RouterOS
+# RouterOS script: collect-wireless-mac.wifi
+# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script, order=40
+#
+# collect wireless mac adresses in access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "collect-wireless-mac.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global Identity;
+
+:global EitherOr;
+:global FormatLine;
+:global FormatMultiLines;
+:global GetMacVendor;
+:global LogPrintExit2;
+:global ScriptLock;
+:global SendNotification2;
+:global SymbolForNotification;
+
+$ScriptLock $0 false 10;
+
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
+ /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes;
+ $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false;
+}
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0);
+
+:foreach Reg in=[ /interface/wifi/registration-table/find ] do={
+ :local RegVal;
+ :do {
+ :set RegVal [ /interface/wifi/registration-table/get $Reg ];
+ } on-error={
+ $LogPrintExit2 debug $0 ("Device already gone... Ignoring.") false;
+ }
+
+ :if ([ :len ($RegVal->"mac-address") ] > 0) do={
+ :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
+ :if ([ :len $AccessList ] > 0) do={
+ $LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \
+ [ /interface/wifi/access-list/get $AccessList comment ]) false;
+ }
+
+ :if ([ :len $AccessList ] = 0) do={
+ :local Address "no dhcp lease";
+ :local DnsName "no dhcp lease";
+ :local HostName "no dhcp lease";
+ :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
+ :if ([ :len $Lease ] > 0) do={
+ :set Address [ /ip/dhcp-server/lease/get $Lease active-address ];
+ :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
+ :set DnsName "no dns name";
+ :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
+ :if ([ :len $DnsRec ] > 0) do={
+ :set DnsName ({ [ /ip/dns/static/get $DnsRec name ] });
+ :foreach CName in=[ /ip/dns/static/find where type=CNAME cname=($DnsName->0) ] do={
+ :set DnsName ($DnsName, [ /ip/dns/static/get $CName name ]);
+ }
+ }
+ }
+ :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
+ :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
+ :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
+ "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
+ $LogPrintExit2 info $0 $Message false;
+ /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
+ $SendNotification2 ({ origin=$0; \
+ subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
+ message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
+ [ $FormatLine "Controller" $Identity ] . "\n" . \
+ [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \
+ [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \
+ [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \
+ [ $FormatLine "Vendor" $Vendor ] . "\n" . \
+ [ $FormatLine "Hostname" $HostName ] . "\n" . \
+ [ $FormatLine "Address" $Address ] . "\n" . \
+ [ $FormatMultiLines "DNS name" $DnsName ] . "\n" . \
+ [ $FormatLine "Date" $DateTime ]) });
+ }
+ } else={
+ $LogPrintExit2 debug $0 ("No mac address available... Ignoring.") false;
+ }
+}
diff --git a/daily-psk.template.rsc b/daily-psk.template.rsc
index ad9198a..e7d9b54 100644
--- a/daily-psk.template.rsc
+++ b/daily-psk.template.rsc
@@ -56,17 +56,22 @@ $WaitFullyConnected;
:local NewPsk [ $GeneratePSK $Date ];
:foreach AccList in=[ /caps-man/access-list/find where comment~$DailyPskMatchComment ] do={
+:foreach AccList in=[ /interface/wifi/access-list/find where comment~$DailyPskMatchComment ] do={
:foreach AccList in=[ /interface/wifiwave2/access-list/find where comment~$DailyPskMatchComment ] do={
:foreach AccList in=[ /interface/wireless/access-list/find where comment~$DailyPskMatchComment ] do={
:local SsidRegExp [ /caps-man/access-list/get $AccList ssid-regexp ];
+ :local SsidRegExp [ /interface/wifi/access-list/get $AccList ssid-regexp ];
:local SsidRegExp [ /interface/wifiwave2/access-list/get $AccList ssid-regexp ];
:local Configuration ([ /caps-man/configuration/find where ssid~$SsidRegExp ]->0);
+ :local Configuration ([ /interface/wifi/configuration/find where ssid~$SsidRegExp ]->0);
:local Configuration ([ /interface/wifiwave2/configuration/find where ssid~$SsidRegExp ]->0);
:local Ssid [ /caps-man/configuration/get $Configuration ssid ];
+ :local Ssid [ /interface/wifi/configuration/get $Configuration ssid ];
:local Ssid [ /interface/wifiwave2/configuration/get $Configuration ssid ];
:local OldPsk [ /caps-man/access-list/get $AccList private-passphrase ];
+ :local OldPsk [ /interface/wifi/access-list/get $AccList passphrase ];
:local OldPsk [ /interface/wifiwave2/access-list/get $AccList passphrase ];
- # /caps-man /interface/wifiwave2 above - /interface/wireless below
+ # /caps-man/ /interface/wifi/ /interface/wifiwave2/ above - /interface/wireless/ below
:local IntName [ /interface/wireless/access-list/get $AccList interface ];
:local Ssid [ /interface/wireless/get $IntName ssid ];
:local OldPsk [ /interface/wireless/access-list/get $AccList private-pre-shared-key ];
@@ -75,10 +80,12 @@ $WaitFullyConnected;
:if ($NewPsk != $OldPsk) do={
$LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false;
/caps-man/access-list/set $AccList private-passphrase=$NewPsk;
+ /interface/wifi/access-list/set $AccList passphrase=$NewPsk;
/interface/wifiwave2/access-list/set $AccList passphrase=$NewPsk;
/interface/wireless/access-list/set $AccList private-pre-shared-key=$NewPsk;
:if ([ :len [ /caps-man/actual-interface-configuration/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={
+ :if ([ :len [ /interface/wifi/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
:if ([ :len [ /interface/wifiwave2/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
:if ([ :len [ /interface/wireless/find where name=$IntName !disabled ] ] = 1) do={
:if ($Seen->$Ssid = 1) do={
diff --git a/daily-psk.wifi.rsc b/daily-psk.wifi.rsc
new file mode 100644
index 0000000..a8b1320
--- /dev/null
+++ b/daily-psk.wifi.rsc
@@ -0,0 +1,85 @@
+#!rsc by RouterOS
+# RouterOS script: daily-psk.wifi
+# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
+# Michael Gisbers <michael@gisbers.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# update daily PSK (pre shared key)
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "daily-psk.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global DailyPskMatchComment;
+:global DailyPskQrCodeUrl;
+:global Identity;
+
+:global FormatLine;
+:global LogPrintExit2;
+:global ScriptLock;
+:global SendNotification2;
+:global SymbolForNotification;
+:global UrlEncode;
+:global WaitForFile;
+:global WaitFullyConnected;
+
+$ScriptLock $0;
+$WaitFullyConnected;
+
+# return pseudo-random string for PSK
+:local GeneratePSK do={
+ :local Date [ :tostr $1 ];
+
+ :global DailyPskSecrets;
+
+ :global ParseDate;
+
+ :set Date [ $ParseDate $Date ];
+
+ :local A ((14 - ($Date->"month")) / 12);
+ :local B (($Date->"year") - $A);
+ :local C (($Date->"month") + 12 * $A - 2);
+ :local WeekDay (7000 + ($Date->"day") + $B + ($B / 4) - ($B / 100) + ($B / 400) + ((31 * $C) / 12));
+ :set WeekDay ($WeekDay - (($WeekDay / 7) * 7));
+
+ :return (($DailyPskSecrets->0->(($Date->"day") - 1)) . \
+ ($DailyPskSecrets->1->(($Date->"month") - 1)) . \
+ ($DailyPskSecrets->2->$WeekDay));
+}
+
+:local Seen ({});
+:local Date [ /system/clock/get date ];
+:local NewPsk [ $GeneratePSK $Date ];
+
+:foreach AccList in=[ /interface/wifi/access-list/find where comment~$DailyPskMatchComment ] do={
+ :local SsidRegExp [ /interface/wifi/access-list/get $AccList ssid-regexp ];
+ :local Configuration ([ /interface/wifi/configuration/find where ssid~$SsidRegExp ]->0);
+ :local Ssid [ /interface/wifi/configuration/get $Configuration ssid ];
+ :local OldPsk [ /interface/wifi/access-list/get $AccList passphrase ];
+ :local Skip 0;
+
+ :if ($NewPsk != $OldPsk) do={
+ $LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false;
+ /interface/wifi/access-list/set $AccList passphrase=$NewPsk;
+
+ :if ([ :len [ /interface/wifi/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
+ :if ($Seen->$Ssid = 1) do={
+ $LogPrintExit2 debug $0 ("Already sent a mail for SSID " . $Ssid . ", skipping.") false;
+ } else={
+ :local Link ($DailyPskQrCodeUrl . \
+ "?scale=8&level=1&ssid=" . [ $UrlEncode $Ssid ] . "&pass=" . [ $UrlEncode $NewPsk ]);
+ $SendNotification2 ({ origin=$0; \
+ subject=([ $SymbolForNotification "calendar" ] . "daily PSK " . $Ssid); \
+ message=("This is the daily PSK on " . $Identity . ":\n\n" . \
+ [ $FormatLine "SSID" $Ssid ] . "\n" . \
+ [ $FormatLine "PSK" $NewPsk ] . "\n" . \
+ [ $FormatLine "Date" $Date ] . "\n\n" . \
+ "A client device specific rule must not exist!"); link=$Link });
+ :set ($Seen->$Ssid) 1;
+ }
+ }
+ }
+}
diff --git a/dhcp-lease-comment.template.rsc b/dhcp-lease-comment.template.rsc
index 0f16285..05b1254 100644
--- a/dhcp-lease-comment.template.rsc
+++ b/dhcp-lease-comment.template.rsc
@@ -24,10 +24,12 @@ $ScriptLock $0;
:local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
:local NewComment;
:local AccessList ([ /caps-man/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
+ :local AccessList ([ /interface/wifi/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
:local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
:local AccessList ([ /interface/wireless/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
:if ([ :len $AccessList ] > 0) do={
:set NewComment [ /caps-man/access-list/get $AccessList comment ];
+ :set NewComment [ /interface/wifi/access-list/get $AccessList comment ];
:set NewComment [ /interface/wifiwave2/access-list/get $AccessList comment ];
:set NewComment [ /interface/wireless/access-list/get $AccessList comment ];
}
diff --git a/dhcp-lease-comment.wifi.rsc b/dhcp-lease-comment.wifi.rsc
new file mode 100644
index 0000000..fe34b09
--- /dev/null
+++ b/dhcp-lease-comment.wifi.rsc
@@ -0,0 +1,33 @@
+#!rsc by RouterOS
+# RouterOS script: dhcp-lease-comment.wifi
+# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script, order=60
+#
+# update dhcp-server lease comment with infos from access-list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "dhcp-lease-comment.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global LogPrintExit2;
+:global ScriptLock;
+
+$ScriptLock $0;
+
+:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic=yes status=bound ] do={
+ :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
+ :local NewComment;
+ :local AccessList ([ /interface/wifi/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
+ :if ([ :len $AccessList ] > 0) do={
+ :set NewComment [ /interface/wifi/access-list/get $AccessList comment ];
+ }
+ :if ([ :len $NewComment ] != 0 && $LeaseVal->"comment" != $NewComment) do={
+ $LogPrintExit2 info $0 ("Updating comment for DHCP lease " . $LeaseVal->"active-mac-address" . ": " . $NewComment) false;
+ /ip/dhcp-server/lease/set comment=$NewComment $Lease;
+ }
+}
diff --git a/doc/accesslist-duplicates.md b/doc/accesslist-duplicates.md
index ba5ac4b..7cb0bc2 100644
--- a/doc/accesslist-duplicates.md
+++ b/doc/accesslist-duplicates.md
@@ -17,11 +17,16 @@ entries in wireless access list.
Requirements and installation
-----------------------------
-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script.
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate accesslist-duplicates.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate accesslist-duplicates.wifiwave2;
@@ -38,7 +43,7 @@ Usage and invocation
Run this script from a terminal:
- /system/script/run accesslist-duplicates.local;
+ /system/script/run accesslist-duplicates.wifi;
![screenshot: example](accesslist-duplicates.d/01-example.avif)
diff --git a/doc/capsman-download-packages.md b/doc/capsman-download-packages.md
index f6e6f96..ccd2ee5 100644
--- a/doc/capsman-download-packages.md
+++ b/doc/capsman-download-packages.md
@@ -18,11 +18,16 @@ This script automatically downloads these packages.
Requirements and installation
-----------------------------
-Just install the script on CAPsMAN device. Depending on whether you use
-`wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN
-(`/caps-man`) you need to install a different script.
+Just install the script on CAPsMAN device.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`)
+you need to install a different script.
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate capsman-download-packages.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate capsman-download-packages.wifiwave2;
@@ -30,7 +35,12 @@ For legacy CAPsMAN:
$ScriptInstallUpdate capsman-download-packages.capsman;
-Optionally add a scheduler to run after startup. For `wifiwave2`:
+Optionally add a scheduler to run after startup. For `wifi` (RouterOS 7.13
+and later):
+
+ /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.wifi;" start-time=startup;
+
+For `wifiwave2` (up to RouterOS 7.12):
/system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.wifiwave2;" start-time=startup;
@@ -42,8 +52,11 @@ Packages available in local storage in older version are downloaded
unconditionally.
If no packages are found the script tries to download missing packages for
-legacy CAPsMAN by guessing from system log. For `wifiwave2` a default set
-of packages (`routeros` and `wifiwave2` for *arm* and *arm64*) is downloaded.
+legacy CAPsMAN by guessing from system log. For `wifi` and `wifiwave2` a
+default set of packages is downloaded.
+
+ * `wifi`: `routeros`, `wifi-qcom` and `wifi-qcom-ac` for *arm* and *arm64*
+ * `wifiwave2`: `routeros` and `wifiwave2` for *arm* and *arm64*
> ℹ️ **Info**: If you have packages in the directory and things go wrong for
> what ever unknown reason: Remove **all** packages and start over.
@@ -53,7 +66,7 @@ Usage and invocation
Run the script manually:
- /system/script/run capsman-download-packages.wifiwave2;
+ /system/script/run capsman-download-packages.wifi;
... or from scheduler.
diff --git a/doc/capsman-rolling-upgrade.md b/doc/capsman-rolling-upgrade.md
index 5c038e9..bbc8e14 100644
--- a/doc/capsman-rolling-upgrade.md
+++ b/doc/capsman-rolling-upgrade.md
@@ -20,11 +20,16 @@ parallel.
Requirements and installation
-----------------------------
-Just install the script on CAPsMAN device. Depending on whether you use
-`wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN
-(`/caps-man`) you need to install a different script.
+Just install the script on CAPsMAN device.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`)
+you need to install a different script.
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate capsman-rolling-upgrade.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate capsman-rolling-upgrade.wifiwave2;
@@ -41,7 +46,7 @@ that script when required.
Alternatively run it manually:
- /system/script/run capsman-rolling-upgrade.wifiwave2;
+ /system/script/run capsman-rolling-upgrade.wifi;
See also
--------
diff --git a/doc/collect-wireless-mac.md b/doc/collect-wireless-mac.md
index 6407c3a..e73cf58 100644
--- a/doc/collect-wireless-mac.md
+++ b/doc/collect-wireless-mac.md
@@ -22,11 +22,16 @@ and modify it to your needs.
Requirements and installation
-----------------------------
-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script.
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate collect-wireless-mac.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate collect-wireless-mac.wifiwave2;
diff --git a/doc/daily-psk.md b/doc/daily-psk.md
index f551e46..6eb656c 100644
--- a/doc/daily-psk.md
+++ b/doc/daily-psk.md
@@ -21,12 +21,18 @@ Requirements and installation
Just install this script.
-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script and add
-schedulers to run the script:
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script and add schedulers to run the script:
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate daily-psk.wifi;
+ /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.wifi;" start-time=03:00:00;
+ /system/scheduler/add name=daily-psk@startup on-event="/system/script/run daily-psk.wifi;" start-time=startup;
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate daily-psk.wifiwave2;
/system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.wifiwave2;" start-time=03:00:00;
@@ -58,7 +64,11 @@ The configuration goes to `global-config-overlay`, these are the parameters:
> [`global-config`](../global-config.rsc) (the one without `-overlay`) to
> your local `global-config-overlay` and modify it to your specific needs.
-Then add an access list entry. For `wifiwave2`:
+Then add an access list entry. For `wifi` (RouterOS 7.13 and later):
+
+ /interface/wifi/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" passphrase="ToBeChangedDaily";
+
+For `wifiwave2` (up to RouterOS 7.12):
/interface/wifiwave2/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" passphrase="ToBeChangedDaily";
diff --git a/doc/dhcp-lease-comment.md b/doc/dhcp-lease-comment.md
index cd29641..ae0edfb 100644
--- a/doc/dhcp-lease-comment.md
+++ b/doc/dhcp-lease-comment.md
@@ -15,11 +15,16 @@ from wireless access list.
Requirements and installation
-----------------------------
-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script.
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate dhcp-lease-comment.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate dhcp-lease-comment.wifiwave2;
diff --git a/doc/hotspot-to-wpa.md b/doc/hotspot-to-wpa.md
index 4909eef..f0ffce9 100644
--- a/doc/hotspot-to-wpa.md
+++ b/doc/hotspot-to-wpa.md
@@ -19,11 +19,18 @@ Requirements and installation
You need a properly configured hotspot on one (open) SSID and a WP2 enabled
SSID with suffix "`-wpa`".
-Then install the script. Depending on whether you use `wifiwave2` package
-(`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) you need
-to install a different script and set it as `on-login` script in hotspot.
+Then install the script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`)
+you need to install a different script and set it as `on-login` script in
+hotspot.
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate hotspot-to-wpa.wifi;
+ /ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifi" [ find ];
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate hotspot-to-wpa.wifiwave2;
/ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifiwave2" [ find ];
@@ -39,7 +46,12 @@ With just `hotspot-to-wpa` installed the mac addresses will last in the
access list forever. Install the optional script for automatic cleanup
and add a scheduler.
-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+ $ScriptInstallUpdate hotspot-to-wpa-cleanup.wifi,lease-script;
+ /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifi;" start-time=startup;
+
+For `wifiwave2` (up to RouterOS 7.12):
$ScriptInstallUpdate hotspot-to-wpa-cleanup.wifiwave2,lease-script;
/system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifiwave2;" start-time=startup;
@@ -86,7 +98,11 @@ Additionally templates can be created to give more options for access list:
* `vlan-mode`: set the VLAN mode for device
For a hotspot called `example` the template could look like this. For
-`wifiwave2`:
+`wifi` (RouterOS 7.13 and later):
+
+ /interface/wifi/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
+
+For `wifiwave2` (up to RouterOS 7.12):
/interface/wifiwave2/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
diff --git a/global-functions.rsc b/global-functions.rsc
index 90ed0b6..f0446bd 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -12,7 +12,7 @@
:local 0 "global-functions";
# expected configuration version
-:global ExpectedConfigVersion 113;
+:global ExpectedConfigVersion 114;
# global variables not to be changed by user
:global GlobalFunctionsReady false;
diff --git a/hotspot-to-wpa-cleanup.template.rsc b/hotspot-to-wpa-cleanup.template.rsc
index 8cc732b..0f89cec 100644
--- a/hotspot-to-wpa-cleanup.template.rsc
+++ b/hotspot-to-wpa-cleanup.template.rsc
@@ -4,9 +4,9 @@
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
#
# provides: lease-script, order=80
-# NOT /caps-man #
+# NOT /caps-man/ #
# requires RouterOS, version=7.12beta3
-# NOT /caps-man #
+# NOT /caps-man/ #
#
# manage and clean up private WPA passphrase after hotspot login
# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
@@ -36,8 +36,10 @@ $ScriptLock $0 false 10;
}
:foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
+:foreach Client in=[ /interface/wifi/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
:foreach Client in=[ /interface/wifiwave2/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
:local ClientVal [ /caps-man/registration-table/get $Client ];
+ :local ClientVal [ /interface/wifi/registration-table/get $Client ];
:local ClientVal [ /interface/wifiwave2/registration-table/get $Client ];
:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
mac-address=($ClientVal->"mac-address") ] do={
@@ -51,15 +53,18 @@ $ScriptLock $0 false 10;
}
:foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
+:foreach Client in=[ /interface/wifi/access-list/find where comment~"^hotspot-to-wpa:" \
:foreach Client in=[ /interface/wifiwave2/access-list/find where comment~"^hotspot-to-wpa:" \
!(comment~[ /system/clock/get date ]) ] do={
:local ClientVal [ /caps-man/access-list/get $Client ];
+ :local ClientVal [ /interface/wifi/access-list/get $Client ];
:local ClientVal [ /interface/wifiwave2/access-list/get $Client ];
:if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
mac-address=($ClientVal->"mac-address") ] ] = 0) do={
$LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
" did not connect to WPA, removing from access list.") false;
/caps-man/access-list/remove $Client;
+ /interface/wifi/access-list/remove $Client;
/interface/wifiwave2/access-list/remove $Client;
}
}
@@ -71,6 +76,7 @@ $ScriptLock $0 false 10;
$LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
" was not seen for " . ($LeaseVal->"last-seen") . ", removing.") false;
/caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
+ /interface/wifi/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
/interface/wifiwave2/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
mac-address=($LeaseVal->"mac-address") ];
/ip/dhcp-server/lease/remove $Lease;
diff --git a/hotspot-to-wpa-cleanup.wifi.rsc b/hotspot-to-wpa-cleanup.wifi.rsc
new file mode 100644
index 0000000..1cee316
--- /dev/null
+++ b/hotspot-to-wpa-cleanup.wifi.rsc
@@ -0,0 +1,69 @@
+#!rsc by RouterOS
+# RouterOS script: hotspot-to-wpa-cleanup.wifi
+# Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script, order=80
+# requires RouterOS, version=7.12beta3
+#
+# manage and clean up private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "hotspot-to-wpa-cleanup.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global EitherOr;
+:global LogPrintExit2;
+:global ParseKeyValueStore;
+:global ScriptLock;
+
+$ScriptLock $0 false 10;
+
+:local DHCPServers ({});
+:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
+ :local ServerVal [ /ip/dhcp-server/get $Server ]
+ :local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
+ :if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
+ :set ($DHCPServers->($ServerVal->"name")) \
+ [ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
+ }
+}
+
+:foreach Client in=[ /interface/wifi/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
+ :local ClientVal [ /interface/wifi/registration-table/get $Client ];
+ :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
+ mac-address=($ClientVal->"mac-address") ] do={
+ :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
+ $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+ " connected to WPA, making lease static.") false;
+ /ip/dhcp-server/lease/make-static $Lease;
+ /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
+ }
+ }
+}
+
+:foreach Client in=[ /interface/wifi/access-list/find where comment~"^hotspot-to-wpa:" \
+ !(comment~[ /system/clock/get date ]) ] do={
+ :local ClientVal [ /interface/wifi/access-list/get $Client ];
+ :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
+ mac-address=($ClientVal->"mac-address") ] ] = 0) do={
+ $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+ " did not connect to WPA, removing from access list.") false;
+ /interface/wifi/access-list/remove $Client;
+ }
+}
+
+:foreach Server,Timeout in=$DHCPServers do={
+ :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
+ server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
+ :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
+ $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
+ " was not seen for " . ($LeaseVal->"last-seen") . ", removing.") false;
+ /interface/wifi/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
+ mac-address=($LeaseVal->"mac-address") ];
+ /ip/dhcp-server/lease/remove $Lease;
+ }
+}
diff --git a/hotspot-to-wpa.template.rsc b/hotspot-to-wpa.template.rsc
index c676fe6..a858285 100644
--- a/hotspot-to-wpa.template.rsc
+++ b/hotspot-to-wpa.template.rsc
@@ -36,22 +36,28 @@ $ScriptLock $0;
:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
:if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
:if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
/caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
+ /interface/wifi/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
/interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
$LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
}
:local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
:local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
:if ([ :len [ /caps-man/access-list/find where \
+:if ([ :len [ /interface/wifi/access-list/find where \
:if ([ :len [ /interface/wifiwave2/access-list/find where \
comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
/caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
+ /interface/wifi/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
/interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
$LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
}
:local Template [ /caps-man/access-list/get ([ find where \
+:local Template [ /interface/wifi/access-list/get ([ find where \
:local Template [ /interface/wifiwave2/access-list/get ([ find where \
comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
@@ -65,45 +71,55 @@ $ScriptLock $0;
$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
" (user " . $UserName . ").") false;
/caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
+/interface/wifi/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
/interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
/caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
+/interface/wifi/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
/interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
action=reject place-before=$PlaceBefore;
:local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
+:local Entry [ /interface/wifi/access-list/find where mac-address=$MacAddress \
:local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \
comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
-# NOT /caps-man #
+# NOT /caps-man/ #
:set ($Template->"private-passphrase") ($Template->"passphrase");
-# NOT /caps-man #
+# NOT /caps-man/ #
:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
:if ([ :len $PrivatePassphrase ] > 0) do={
:if ($PrivatePassphrase = "ignore") do={
/caps-man/access-list/set $Entry !private-passphrase;
+ /interface/wifi/access-list/set $Entry !passphrase;
/interface/wifiwave2/access-list/set $Entry !passphrase;
} else={
/caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
+ /interface/wifi/access-list/set $Entry passphrase=$PrivatePassphrase;
/interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase;
}
}
:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
:if ([ :len $SsidRegexp ] > 0) do={
/caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
+ /interface/wifi/access-list/set $Entry ssid-regexp=$SsidRegexp;
/interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp;
}
:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
:if ([ :len $VlanId ] > 0) do={
/caps-man/access-list/set $Entry vlan-id=$VlanId;
+ /interface/wifi/access-list/set $Entry vlan-id=$VlanId;
/interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId;
}
-# NOT /interface/wifiwave2 #
+# NOT /interface/wifi/ #
+# NOT /interface/wifiwave2/ #
:local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
:if ([ :len $VlanMode] > 0) do={
/caps-man/access-list/set $Entry vlan-mode=$VlanMode;
}
-# NOT /interface/wifiwave2 #
+# NOT /interface/wifiwave2/ #
+# NOT /interface/wifi/ #
:delay 2s;
/caps-man/access-list/set $Entry action=accept;
+/interface/wifi/access-list/set $Entry action=accept;
/interface/wifiwave2/access-list/set $Entry action=accept;
diff --git a/hotspot-to-wpa.wifi.rsc b/hotspot-to-wpa.wifi.rsc
new file mode 100644
index 0000000..f7c99a9
--- /dev/null
+++ b/hotspot-to-wpa.wifi.rsc
@@ -0,0 +1,86 @@
+#!rsc by RouterOS
+# RouterOS script: hotspot-to-wpa.wifi
+# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# add private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "hotspot-to-wpa.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global EitherOr;
+:global LogPrintExit2;
+:global ParseKeyValueStore;
+:global ScriptLock;
+
+$ScriptLock $0;
+
+:local MacAddress $"mac-address";
+:local UserName $username;
+
+:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
+ $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
+}
+
+:local Date [ /system/clock/get date ];
+:local UserVal ({});
+:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
+ :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
+}
+:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
+:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
+
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
+ /interface/wifi/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
+ $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
+}
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
+
+:if ([ :len [ /interface/wifi/access-list/find where \
+ comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
+ /interface/wifi/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
+ $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
+}
+:local Template [ /interface/wifi/access-list/get ([ find where \
+ comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
+
+:if ($Template->"action" = "reject") do={
+ $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
+}
+
+# allow login page to load
+:delay 1s;
+
+$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
+ " (user " . $UserName . ").") false;
+/interface/wifi/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
+/interface/wifi/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
+ mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
+ action=reject place-before=$PlaceBefore;
+
+:local Entry [ /interface/wifi/access-list/find where mac-address=$MacAddress \
+ comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
+:set ($Template->"private-passphrase") ($Template->"passphrase");
+:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
+:if ([ :len $PrivatePassphrase ] > 0) do={
+ :if ($PrivatePassphrase = "ignore") do={
+ /interface/wifi/access-list/set $Entry !passphrase;
+ } else={
+ /interface/wifi/access-list/set $Entry passphrase=$PrivatePassphrase;
+ }
+}
+:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
+:if ([ :len $SsidRegexp ] > 0) do={
+ /interface/wifi/access-list/set $Entry ssid-regexp=$SsidRegexp;
+}
+:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
+:if ([ :len $VlanId ] > 0) do={
+ /interface/wifi/access-list/set $Entry vlan-id=$VlanId;
+}
+
+:delay 2s;
+/interface/wifi/access-list/set $Entry action=accept;
diff --git a/news-and-changes.rsc b/news-and-changes.rsc
index 64e114f..d0b3820 100644
--- a/news-and-changes.rsc
+++ b/news-and-changes.rsc
@@ -27,6 +27,7 @@
111="Modified 'dhcp-to-dns' to allow multiple records for one mac address.";
112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys.";
113="Added helper functions for easier setup to Matrix notification module.";
+ 114="All relevant scripts were ported to new wifi package for RouterOS 7.13 and later. Migration is complex and thus not done automatically!";
};
# Migration steps to be applied on script updates