aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
AgeCommit message (Collapse)AuthorFilesLines
2024-07-16README: use :tocrlf to convert global-config-overlayGravatar Christian Hesse1-2/+2
2024-06-21certs: E1 / E5 -> ISRG Root X2Gravatar Christian Hesse1-11/+9
In the beginning of Let's Encrypt their root certificate ISRG Root X1 was not widely trusted, at least some older and/or mobile platforms were missing that certificate in their root certificate store. At that time Let's Encrypt was using an alternative chain of trust, where a certificate was cross-signed with DST Root CA X3. To make sure a valid chain of trust is available under all circumstances a set of all certificates had to be supplied: both root vertificates ISRG Root X1 & DST Root CA X3, and an intermediate certificate. This was still true after DST Root CA X3 expired, as it could still be used as a root anchor and was shipped by Let's Encrypt when requested. ðŸĪŠ This time is finally over, and we have a clean chain for trust ending in ISRG Root X1 (or ISRG Root X2). Well, actually it is the other way round... Let's Encrypt signs with different tantamount intermediate certificates. There is not only E5, but also E6 - and we can not know beforehand which one is used on renew. So let's jetzt drop the intermediate certificates now, and rely on root certificates only. We are perfectly fine with this these days. Follow-up commits will do the same for *all* certificates. The certificate is downloaded with: curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
2024-06-19Let's Encrypt changed their intermediate certificatesGravatar Christian Hesse1-7/+7
https://letsencrypt.org/2024/03/19/new-intermediate-certificates https://letsencrypt.org/certificates/ But let's keep the old ones around for now, as some sites are still using the old intermediate.
2024-04-19README: show fingerprints in outputGravatar Christian Hesse1-1/+1
This is not scrictly necessary, as we filter by fingerprint already... But it gives better overview and feeling.
2024-04-19README: remove left over certificate fileGravatar Christian Hesse1-1/+2
But use find as RouterOS 7.15rc1 removes it automatically.
2024-04-06global-functions: introduce $FetchHugerouteros-7.13-4Gravatar Christian Hesse1-1/+1
2024-04-04README: add start-time & change interval in scheduler exampleGravatar netravnen1-2/+2
Set the interval to once a day, Instead of every 1 hour. Add start-time to start-up. Thereby introducing randomization based on when the user last rebooted there device. As the interval is counted based on last boot time.
2024-03-15README: add QR code with (shortened) upstream urlGravatar Christian Hesse1-0/+2
2024-03-12global-config: support loading snippetschange-122Gravatar Christian Hesse1-0/+5
This adds support for loading snippets, which need a name starting with "global-config-overlay.d/". This allows to split off configuration if desired.
2024-01-30README: note on required hardware and limitations by storageGravatar Christian Hesse1-0/+8
2024-01-30README: make required software a paragraphGravatar Christian Hesse1-0/+2
2024-01-30global-functions: $RandomDelay: always scale to ms...routeros-7.12-1Gravatar Christian Hesse1-1/+1
... to randomize in friction of unit. This requires :tonsec from RouterOS 7.12.
2024-01-18doc/hotspot-to-wpa: reference as WPA only...Gravatar Christian Hesse1-1/+1
... as this works with WPA3 as well. 😜
2024-01-16README: set script owner on initial creationGravatar Christian Hesse1-1/+1
2023-11-07README: print name with proplist for certificate verificationGravatar Christian Hesse1-3/+4
2023-11-07README: reference stable versionGravatar Christian Hesse1-1/+1
2023-11-07global-functions: $ParseDate: drop code for old format...routeros-7.10beta5-2Gravatar Christian Hesse1-1/+1
... and increase required RouterOS. We should probably wait some time before merging this: Even current versions have some hidden places with old format: [admin@MikroTik] > /system/resource/print [...] version: 7.10.2 (stable) build-time: Jul/12/2023 09:45:11 [...] (Though this is written with capital letter and fails anyway...) Something similar goes for `/ip/neighbor`, where format depends on remote devices. Does anybody need to parse this?
2023-10-26README: explain sensitive propertyGravatar Christian Hesse1-0/+3
2023-10-26global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)Gravatar Christian Hesse1-7/+7
old chain: R3 / ISRG Root X1 new chain: E1 / ISRG Root X2 No user interaction or migration is required for existing installations as we install 'E1' and 'ISRG Root X2' for some time already.
2023-10-17introduce mod/notification-ntfy...change-109Gravatar Christian Hesse1-0/+1
... for sending notifications via Ntfy (https://ntfy.sh/). TODO: use proper formatting once supported in Android app: https://github.com/binwiederhier/ntfy/issues/889
2023-06-28README: reference stable versionGravatar Christian Hesse1-1/+1
2023-06-28global-functions: $MkDir: drop old code with smb workaround...routeros-7.9beta4-5Gravatar Christian Hesse1-1/+1
... and increase required RouterOS.
2023-06-27README: link the RouterOS button to changelogGravatar Christian Hesse1-1/+1
2023-06-13introduce fw-addr-listschange-101Gravatar Christian Hesse1-0/+1
2023-04-26mod/ssh-keys-import: make ssh-keys-import a modulerouteros-7.9beta4-3change-100Gravatar Christian Hesse1-1/+1
2023-04-18README: make the Telegram QR code a linkGravatar Christian Hesse1-1/+1
2023-04-18README: add a donate button to badgesGravatar Christian Hesse1-0/+1
2023-04-18README: generate a donate buttom from shields.ioGravatar Christian Hesse1-1/+1
2023-04-17README: note about breaking changesGravatar Christian Hesse1-1/+4
2023-04-16README: add badge to link Telegram groupGravatar Christian Hesse1-0/+1
2023-04-06README: add badge to hint required RouterOS versionGravatar Christian Hesse1-0/+1
2023-03-20README: badge in style flat and with colorGravatar Christian Hesse1-3/+3
2023-03-07rename scripts and add file extension ".rsc"change-95Gravatar Christian Hesse1-3/+3
No functional change for the user... The migration is done automatically.
2023-03-06... and update the logo in notificationsGravatar Christian Hesse1-1/+1
2023-02-17README: add a paragraph for scheduled automatic updatesGravatar Christian Hesse1-2/+4
2023-02-17README: move configuration down, make it a separate paragraphGravatar Christian Hesse1-21/+33
2023-02-13README: give hint about converting line endingsGravatar Christian Hesse1-0/+5
2023-01-31introduce telegram-chatchange-90Gravatar Christian Hesse1-0/+1
Druvis from Mikrotik produced a video "MikroTik Telegram bot - Chat with your Router?". He shows his script to chat with a Router via Telegram bot to send it commands: https://youtu.be/KLX6j3sLRIE This script is kind of limited and has several issues... ðŸĨī Let's make it robust, usable, multi-device capable and just fun! 😁 (Sadly Mikrotik has a policy to not allow links in Youtube comments. Thus my comment with several hints was removed immediately. If anybody is in contact with Druvis... Please tell him about this script!)
2023-01-11use arrows with emoji representationGravatar Christian Hesse1-1/+1
We had... ◀ Go back to main README â–ē Go back to top ... and switch to... ⮅ïļ Go back to main README ⮆ïļ Go back to top
2023-01-11README: install custom script from routeros-scripts-customGravatar Christian Hesse1-4/+1
2023-01-10README: add linked custom scripts & modulesGravatar Christian Hesse1-0/+20
2022-12-19README: RouterOS v7 path syntaxGravatar Christian Hesse1-1/+1
Missed one in b6ddc5968e7a3393bb6e9b0c0ccf96379efc62b4...
2022-11-17README: link to Github pull requestsGravatar Christian Hesse1-1/+3
2022-10-31README: copy *relevant* configuration onlyGravatar Christian Hesse1-1/+1
2022-10-20README: update notificationGravatar Christian Hesse1-1/+1
---- ✂ïļ ---- 📌 News and configuration changes The configuration version on MikroTik increased to 85, current configuration may need modification. Please review and update global-config-overlay, then re-run global-config. Changes: ● Support for e-mail notifications moved to a module. It is installed automatically if required. ● Dropped 'netwatch-syslog', filtering in firewall is advised. ---- ✂ïļ ----
2022-09-25drop 'learn-mac-based-vlan' and 'manage-umts'Gravatar Christian Hesse1-4/+0
This was undocumented and scripts did never catch up with general quality expectations, for example global-config and global functions were not used. If you need the code get it from git history. 😜
2022-09-25drop 'netwatch-syslog'change-85Gravatar Christian Hesse1-1/+0
To filter in firewall you should use something like this: /ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited; /ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
2022-09-25introduce 'mod/notification-email', split off from global-functionschange-84Gravatar Christian Hesse1-0/+1
2022-07-11... and another oneGravatar Christian Hesse1-1/+1
2022-07-07README: show a sample news and changes notificationGravatar Christian Hesse1-0/+5
2022-06-28README: How to remove a script...Gravatar Christian Hesse1-0/+12
2022-06-15drop script 'rotate-ntp'change-81Gravatar Christian Hesse1-1/+0
For RouterOS 6.x a separate package 'ntp' exists. This adds server functionality, but allows ip addresses for the client only. I added the script 'rotate-ntp' to update addresses from names... Now with RouterOS 7.x there's no extra package and the limitation does no longer exist. So let's just drop the script. This adds migration code, that... * removes the script from configuration * removes a scheduler from configuration * sets the configured ntp pool name for ntp client
2022-05-12README: RouterOS v7 path syntaxGravatar Christian Hesse1-30/+17
2022-05-05README: installing custom scripts & modulesGravatar Christian Hesse1-0/+23
2022-03-30introduce backup-partitionchange-79Gravatar Christian Hesse1-0/+1
2022-02-21add doc/mod/scriptrunonceGravatar Christian Hesse1-0/+1
2022-02-20add doc/mod/ipcalcGravatar Christian Hesse1-0/+1
2022-02-20add doc/mod/inspectvarGravatar Christian Hesse1-0/+1
2022-02-20add doc/mod/notification-matrixGravatar Christian Hesse1-0/+1
2022-02-20add doc/mod/notification-telegramGravatar Christian Hesse1-0/+1
2022-02-11README: put hint into block quoteGravatar Christian Hesse1-2/+2
2022-02-10introduce firmware-upgrade-rebootchange-77Gravatar Christian Hesse1-0/+1
2022-01-14README: drop hint on branch 'routeros-v7'Gravatar Christian Hesse1-18/+3
2022-01-14README: install correct global-config-overlay for RouterOS v6branch-routeros-v6Gravatar Christian Hesse1-2/+7
2022-01-06rename script upload-backup -> backup-uploadGravatar Christian Hesse1-1/+1
2022-01-06rename script email-backup -> backup-emailGravatar Christian Hesse1-1/+1
2022-01-06rename script cloud-backup -> backup-cloudGravatar Christian Hesse1-1/+1
2022-01-03introduce netwatch-dnschange-72Gravatar Christian Hesse1-0/+1
2022-01-03README: convert screenshots to AVIFGravatar Christian Hesse1-11/+11
2022-01-03README: convert Telegram group qr code to AVIFGravatar Christian Hesse1-1/+1
2021-12-30README: add a qr code to join Telegram groupGravatar Christian Hesse1-0/+3
2021-12-13README: changes for RouterOS v6change-71Gravatar Christian Hesse1-0/+12
2021-12-07global-config: load overlay automaticallyGravatar Christian Hesse1-2/+2
2021-12-07README: changes for RouterOS v7change-70Gravatar Christian Hesse1-0/+14
2021-11-18README: no capitals here...Gravatar Christian Hesse1-1/+1
2021-11-16reintroduce global-waitchange-68Gravatar Christian Hesse1-0/+1
2021-11-15shorten modules directory name (global-functions.d -> mod)change-67Gravatar Christian Hesse1-2/+2
2021-11-15bridge-port-to-default -> global-functions.d/bridge-port-tochange-66Gravatar Christian Hesse1-1/+1
2021-11-12add global-functions.d/bridge-port-vlanchange-65Gravatar Christian Hesse1-0/+5
2021-09-21README: add a note about date and timeGravatar Christian Hesse1-0/+4
2021-09-21README: use real screenshots...Gravatar Christian Hesse1-27/+41
... and make sure copy-and-paste with code does not fail. Also end all commands with a semicolon for Github copy button.
2021-05-18drop certificate DST Root CA X3Gravatar Christian Hesse1-12/+4
Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root X1") on July 8, 2019, but postponed several times. Finally they found another solution: A certificate 'ISRG Root X1', but cross-signed with 'DST Root CA X3' and with a livetime that exceeds that of the root CA. This is said to work for most operating system where root certificate authorities are just 'trust anchors'. I doubt this is true for RouterOS, where certificates are just imported into the certificate store. So let's migrate to 'ISRG Root X1' now.
2021-05-17add 'ipsec-to-dns'change-51Gravatar Christian Hesse1-0/+1
2021-05-07README: use svg logoGravatar Christian Hesse1-1/+1
2021-04-28README: add logoGravatar Christian Hesse1-0/+2
2021-03-04global-config-overlay: remove magicGravatar Christian Hesse1-4/+0
This allows to drop the ignore flag.
2021-02-22We have a Telegram group!change-45Gravatar Christian Hesse1-0/+7
2021-02-21README: swap stars and forksGravatar Christian Hesse1-1/+1
2021-02-18global: drop script 'global-wait'change-44Gravatar Christian Hesse1-1/+0
All scripts wait for the global functions on their own now.
2021-02-18README: fix typoGravatar Christian Hesse1-1/+1
2020-12-18README: drop Let's Encrypt Authority X3Gravatar Christian Hesse1-18/+3
2020-12-17README: also import Let's Encrypt certificate "R3"Gravatar Christian Hesse1-9/+24
2020-11-01README: optional scheduler to update scripts automaticallyGravatar Christian Hesse1-0/+5
2020-10-23ospf-to-leds: introduce script to visualize ospf state via ledschange-34Gravatar Christian Hesse1-0/+1
2020-10-15README: link to global-configGravatar Christian Hesse1-2/+2
2020-10-15global-config: do not define mail addresses by defaultGravatar Christian Hesse1-3/+3
2020-08-13fix typo: botton -> buttonGravatar Christian Hesse1-1/+1
2020-07-15add 'log-forward', drop 'early-errors'change-23Gravatar Christian Hesse1-1/+1
2020-07-14README: be more explicit on file nameGravatar Christian Hesse1-1/+1
2020-07-14global-config: dropped $ScriptUpdatesIgnore, use ignore flag in commentchange-22Gravatar Christian Hesse1-0/+4