All posts by Omega-00

Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting

During my day job we use some MikroTik CHR deployments for (among other things) VPN session termination. The CHR’s are easy to spin up, offer a wide variety of VPN types, and for low traffic sessions can support upwards of 10,000 sessions on a single device.

It’s over 9000!

In the event of an outage though, you would run into a problem – those 10,000 sessions all want to re-establish at once.. and the CPU on the MikroTik quickly bottlenecks until it becomes unable to cope and begins to drop connections quickly becoming a vicious cycle.

We initially dealt with this by defining a hard limit on the number of new sessions per second, using 2 simple firewall rules and the connection limit classifier to keep these under 10 per second – however this meant that after an outage it would take at absolute minimum, over 15 minutes for all the sessions to come back online! So we came up with a better solution. Continue reading Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting

The basics of reading and writing files in RouterOS

My good friend Greg was asking about how to store data to files onboard a MikroTik device so I thought I’d elaborate here with some information and examples.

Before we get started, some things to note:

  1. While you can fetch and read the contents of any file, you are limited to working with 4096 character files as this is a limitation on the amount of information that can be contained in a string variable in RouterOS at this time.
  2. When creating new files in RouterOS via terminal the extension .txt will be appended to anything that doesn’t already have .txt at the end.
  3. You can work with newlines \n\r as delimeters (which is super helpful when downloading something list of IP addresses from somewhere)

The basic commands for working with a file, using variables in place of static content or file names:
1. To create a new file

/file print file=$filename

2. To read an existing file

:set $filedata [/file get $filename contents]

3. To write to an existing file

/file set $filename contents=$newdata

4. To append to an existing file

/file set $filename contents=([get $filename contents] . $newdata)

Scriptlet: Halt MikroTik scheduled scripts if multiple instances are detected.

The following script can be run in terminal (or via any automation tool that can login to your MikroTik devices via SSH) and checks for any duplicate script ‘jobs’ and kills them.

I wrote this after noticing a few of my scripts that use fetch would hang periodically and leave multiple jobs open.

#kill duplicate script jobs
:global counter
:global counter2
:foreach counter in=[/system script job find] do={
:global job [/system script job get $counter script]
:if ([:len [/system script job find where script=$"job"]] > 0 && [:len $job] > 0) do={
:put "Duplicate script running: $job - terminating all"
:foreach counter2 in=[/system script job find where script=$"job"] do={
/system script job remove $counter2
}
}
}

Continue reading Scriptlet: Halt MikroTik scheduled scripts if multiple instances are detected.

Crosspost from Pebkac.io – MikroTik CHR in Microsoft Azure (ARM)

This post originally from Pebkac.io and reproduced with permission.

At the time of writing, Mikrotik’s current CHR build is 6.35rc49.

While purported to work in a Hyper-V VM, there are no instructions I could find to get one up and running in Microsoft Azure (with ARM).

Knowing that it should be theoretically possible, given Azure utilises a hypervisor with the same origins as Hyper-V, I went down the rabbit hole. Continue reading Crosspost from Pebkac.io – MikroTik CHR in Microsoft Azure (ARM)

Scriptlet: Find Default Route Interface Names (and a free licence!)

Today I’m giving you the task of reviewing and improving a small script I’ve written, and one of you will win a free Level 4 RouterOS licence. 

Background: I had need of a script to find the interfaces associated with any default routes in order to create matching firewall entries, and it had to work with RouterOS v6.

This script searches through any default route (dst-address=0.0.0.0/0) and adds it to an array so long as the interface can’t already be found in the array. I don’t often use arrays in MikroTik so the first version has a search function that doesn’t loop through the array, but instead just converts it to a string again to run the find command (Line 8)

Continue reading Scriptlet: Find Default Route Interface Names (and a free licence!)