mirror of
https://github.com/eworm-de/routeros-scripts.git
synced 2026-07-04 08:21:37 +00:00
Compare commits
87 commits
7a1543bf8a
...
99af1b6175
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
99af1b6175 | ||
|
|
efa5bd2abe | ||
|
|
017ccf44d8 | ||
|
|
adee675eb0 | ||
|
|
f59a0d1bbb | ||
|
|
2f83857b76 | ||
|
|
99945d1334 | ||
|
|
574b86f024 | ||
|
|
cb8b8b36d6 | ||
|
|
e0f6546b2d | ||
|
|
51e7d6a593 | ||
|
|
7cb536c829 | ||
|
|
74cc03474b | ||
|
|
d54eabb085 | ||
|
|
822559afbc | ||
|
|
305200ca1b | ||
|
|
77cf23ab95 | ||
|
|
d81c075b59 | ||
|
|
a024aff5f1 | ||
|
|
c58501b1fb | ||
|
|
7548b5e5a8 | ||
|
|
8a8dee53dc | ||
|
|
0d455c4a7b | ||
|
|
27a793bab5 | ||
|
|
42abd26f0c | ||
|
|
8053b21f1f | ||
|
|
d4fbe5286a | ||
|
|
3f97d9111d | ||
|
|
6e09ab8e94 | ||
|
|
a930ec53c4 | ||
|
|
76ee34913e | ||
|
|
6501c08fd6 | ||
|
|
24d635542c | ||
|
|
4b81df0081 | ||
|
|
18097e10e6 | ||
|
|
01aa94082e | ||
|
|
ce8d3b4753 | ||
|
|
a632b15bff | ||
|
|
89e66670fe | ||
|
|
5a546114c9 | ||
|
|
d7b0f66736 | ||
|
|
db90f8d306 | ||
|
|
2a2975a491 | ||
|
|
4cd0504548 | ||
|
|
546aaa80d0 | ||
|
|
dcc39e6fb0 | ||
|
|
95cc6b2822 | ||
|
|
869c75b53d | ||
|
|
51e6c32f8c | ||
|
|
6855ae2b6f | ||
|
|
f54e501121 | ||
|
|
1ead0d484d | ||
|
|
4a5071fab5 | ||
|
|
77c336e99b | ||
|
|
4fde1fa49a | ||
|
|
46c5aecb6b | ||
|
|
5db0eaed99 | ||
|
|
ef1e851197 | ||
|
|
5ea97f97c9 | ||
|
|
c1aba692e5 | ||
|
|
5cf3a88714 | ||
|
|
59d1137943 | ||
|
|
5b57d5c58c | ||
|
|
fbf83f9f7b | ||
|
|
2761cadede | ||
|
|
19cf74c5bc | ||
|
|
87a026c442 | ||
|
|
e78bae595c | ||
|
|
a2d845c861 | ||
|
|
abf2a5a809 | ||
|
|
13d7cf76a0 | ||
|
|
9a36fd1f1f | ||
|
|
24b04a2b43 | ||
|
|
f82ba60f53 | ||
|
|
7998fc68a5 | ||
|
|
da20b386e6 | ||
|
|
656b7057b5 | ||
|
|
63b8660f94 | ||
|
|
e4a07419fc | ||
|
|
ab5ff7b1c1 | ||
|
|
ea5f4aff27 | ||
|
|
71c190b478 | ||
|
|
a3de8aa081 | ||
|
|
2a6567135e | ||
|
|
7ad60ac704 | ||
|
|
59e0c4460e | ||
|
|
6f2eb69ee0 |
11 changed files with 26 additions and 26 deletions
|
|
@ -18,9 +18,9 @@ Run the complete base installation:
|
|||
|
||||
{
|
||||
:local BaseUrl "https://rsc.eworm.de/main/";
|
||||
:local CertCommonName "Root YE";
|
||||
:local CertFileName "Root-YE.pem";
|
||||
:local CertFingerprint "e14ffcad5b0025731006caa43a121a22d8e9700f4fb9cf852f02a708aa5d5666";
|
||||
:local CertCommonName "ISRG Root X2";
|
||||
:local CertFileName "ISRG-Root-X2.pem";
|
||||
:local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
|
||||
|
||||
:local CertSettings [ /certificate/settings/get ];
|
||||
:if (!((($CertSettings->"builtin-trust-store") ~ "fetch" || \
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 2.6 KiB After Width: | Height: | Size: 2.7 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 4.9 KiB After Width: | Height: | Size: 5 KiB |
12
README.md
12
README.md
|
|
@ -122,18 +122,18 @@ If you intend to download the scripts from a
|
|||
different location (for example from github.com) install the corresponding
|
||||
certificate chain.
|
||||
|
||||
/tool/fetch "https://rsc.eworm.de/main/certs/Root-YE.pem" dst-path="root-ye.pem";
|
||||
/tool/fetch "https://rsc.eworm.de/main/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem";
|
||||
|
||||

|
||||
|
||||
> ℹ️ **Info**: Note that the command above does *not* verify server
|
||||
> certificate, so if you want to be safe download with your workstations's
|
||||
> browser from CA's website and transfer the file to your MikroTik device:
|
||||
> *Let's Encrypt* / *ISRG* [Root YE ↗️](https://letsencrypt.org/certs/gen-y/root-ye.pem)
|
||||
> *Let's Encrypt* / *ISRG* [ISRG Root X2 ↗️](https://letsencrypt.org/certs/isrg-root-x2.pem)
|
||||
|
||||
Then we import the certificate.
|
||||
|
||||
/certificate/import file-name="root-ye.pem" passphrase="";
|
||||
/certificate/import file-name="isrg-root-x2.pem" passphrase="";
|
||||
|
||||
Do not worry that the command is not shown - that happens because it contains
|
||||
a sensitive property, the passphrase.
|
||||
|
|
@ -141,11 +141,11 @@ a sensitive property, the passphrase.
|
|||

|
||||
|
||||
For basic verification we rename the certificate and print it by
|
||||
fingerprint. Make sure exactly this one certificate ("*Root-YE*")
|
||||
fingerprint. Make sure exactly this one certificate ("*ISRG-Root-X2*")
|
||||
is shown.
|
||||
|
||||
/certificate/set name="Root-YE" [ find where common-name="Root YE" ];
|
||||
/certificate/print proplist=name,fingerprint where fingerprint="e14ffcad5b0025731006caa43a121a22d8e9700f4fb9cf852f02a708aa5d5666";
|
||||
/certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
|
||||
/certificate/print proplist=name,fingerprint where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
|
||||
|
||||

|
||||
|
||||
|
|
|
|||
|
|
@ -12,12 +12,12 @@ DOMAINS_DUAL = \
|
|||
cloudflare-dns.com/SSL-com-Root-Certification-Authority-ECC \
|
||||
dns.google/GTS-Root-RX \
|
||||
dns.quad9.net/DigiCert-Global-Root-G3 \
|
||||
git.eworm.de/Root-YE \
|
||||
git.eworm.de/ISRG-Root-X2 \
|
||||
gitlab.com/USERTrust-RSA-Certification-Authority \
|
||||
lists.blocklist.de/GTS-Root-R4 \
|
||||
matrix.org/GTS-Root-R4 \
|
||||
raw.githubusercontent.com/ISRG-Root-X1 \
|
||||
rsc.eworm.de/Root-YE \
|
||||
rsc.eworm.de/ISRG-Root-X2 \
|
||||
upgrade.mikrotik.com/ISRG-Root-X1
|
||||
DOMAINS_IPV4 = \
|
||||
1.1.1.1/SSL-com-Root-Certification-Authority-ECC \
|
||||
|
|
|
|||
|
|
@ -30,8 +30,7 @@
|
|||
}
|
||||
|
||||
:local TempToNum do={
|
||||
:global CharacterReplace;
|
||||
:local T [ :toarray [ $CharacterReplace $1 "." "," ] ];
|
||||
:local T [ :toarray delimiter="." $1 ];
|
||||
:return ($T->0 * 10 + $T->1);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -30,8 +30,7 @@
|
|||
:global ValidateSyntax;
|
||||
|
||||
:local TempToNum do={
|
||||
:global CharacterReplace;
|
||||
:local T [ :toarray [ $CharacterReplace $1 "." "," ] ];
|
||||
:local T [ :toarray delimiter="." $1 ];
|
||||
:return ($T->0 * 10 + $T->1);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -70,11 +70,13 @@
|
|||
:local Data false;
|
||||
:local TimeOut [ $EitherOr [ :totime ($List->"timeout") ] $FwAddrListTimeOut ];
|
||||
|
||||
:if ([ :len ($List->"cert") ] > 0) do={
|
||||
:set CheckCertificate true;
|
||||
:if ([ $CertificateAvailable ($List->"cert") "fetch" ] = false) do={
|
||||
$LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \
|
||||
" / " . $List->"url" . ") failed, trying anyway.");
|
||||
:foreach Cert in=[ :toarray delimiter=":" ($List->"cert") ] do={
|
||||
:if ([ :len ($Cert) ] > 0) do={
|
||||
:set CheckCertificate true;
|
||||
:if ([ $CertificateAvailable $Cert "fetch" ] = false) do={
|
||||
$LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \
|
||||
" / " . $List->"url" . ") failed, trying anyway.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -112,11 +112,11 @@
|
|||
:global FwAddrLists {
|
||||
# "allow"={
|
||||
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/allow";
|
||||
# cert="Root YE"; timeout=1w };
|
||||
# cert="ISRG Root X2:Root YE"; timeout=1w };
|
||||
# };
|
||||
"block"={
|
||||
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/block";
|
||||
# cert="Root YE" };
|
||||
# cert="ISRG Root X2:Root YE" };
|
||||
{ url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt";
|
||||
# # higher level (decrease the numerical value) for more addresses, and vice versa
|
||||
cert="ISRG Root X1" };
|
||||
|
|
@ -131,7 +131,7 @@
|
|||
};
|
||||
# "mikrotik"={
|
||||
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/mikrotik";
|
||||
# cert="Root YE"; timeout=1w };
|
||||
# cert="ISRG Root X2:Root YE"; timeout=1w };
|
||||
# };
|
||||
};
|
||||
:global FwAddrListTimeOut 1d;
|
||||
|
|
|
|||
|
|
@ -1243,7 +1243,8 @@
|
|||
:global SymbolForNotification;
|
||||
:global ValidateSyntax;
|
||||
|
||||
:if ([ $CertificateAvailable "Root YE" "fetch" ] = false) do={
|
||||
:if ([ $CertificateAvailable "ISRG Root X2" "fetch" ] = false || \
|
||||
[ $CertificateAvailable "Root YE" "fetch" ] = false) do={
|
||||
$LogPrint warning $0 ("Downloading certificate failed, trying without.");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@
|
|||
:local ScriptName [ :jobname ];
|
||||
|
||||
:global CertificateAvailable;
|
||||
:global CharacterReplace;
|
||||
:global EitherOr;
|
||||
:global IsDNSResolving;
|
||||
:global LogPrint;
|
||||
|
|
@ -100,7 +99,7 @@
|
|||
}
|
||||
|
||||
:foreach DohServer in=$DohServers do={
|
||||
:foreach DohCert in=[ :toarray [ $CharacterReplace ($DohServer->"doh-cert") ":" "," ] ] do={
|
||||
:foreach DohCert in=[ :toarray delimiter=":" ($DohServer->"doh-cert") ] do={
|
||||
:if ([ :len $DohCert ] > 0) do={
|
||||
:if ([ $CertificateAvailable $DohCert "fetch" ] = false || \
|
||||
[ $CertificateAvailable $DohCert "dns" ] = false) do={
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue