Compare commits
2 commits
91a254cdec
...
f3bae25ff1
| Author | SHA1 | Date | |
|---|---|---|---|
 Philip Henning
|
f3bae25ff1 | ||
|
Philip Henning
|
15120cdd4f |
31
README.md
31
README.md
|
|
@ -14,6 +14,7 @@ to manage RouterOS devices or extend their functionality.
|
|||
- [Table of Contents](#table-of-contents)
|
||||
- [Requirements](#requirements)
|
||||
- [Installation](#installation)
|
||||
- [Prerequisites (a.k.a. Install certificates)](#prerequisites-aka-install-certificates)
|
||||
- [Initial Setup](#initial-setup)
|
||||
- [Adding a script](#adding-a-script)
|
||||
- [Available scripts](#available-scripts)
|
||||
|
|
@ -29,6 +30,36 @@ follow the instructions there for the basic installation and setup.
|
|||
|
||||
## Installation
|
||||
|
||||
### Prerequisites (a.k.a. Install certificates)
|
||||
|
||||
The update script does server certificate verification, so first step is to download the certificates. If you intend to download the scripts from a different location (for example from github.com) install the corresponding certificate chain.
|
||||
|
||||
```rsc
|
||||
/tool/fetch "https://letsencrypt.org/certs/isrgrootx1.pem" dst-path="isrgrootx1.pem";
|
||||
```
|
||||
|
||||
Note that the commands above do not verify server certificate, so if you want to be safe download with your workstations's browser and transfer the file to your MikroTik device.
|
||||
|
||||
- [ISRG Root X1](https://letsencrypt.org/certificates/)
|
||||
- You'll need the ISRG Root X1 (self-signed) certificate in pem format
|
||||
|
||||
Then we import the certificate.
|
||||
|
||||
```rsc
|
||||
/certificate/import file-name=isrgrootx1.pem passphrase="";
|
||||
```
|
||||
|
||||
Do not worry that the command is not shown - that happens because it contains a sensitive property, the passphrase.
|
||||
|
||||
For basic verification we rename the certificate and print it by fingerprint. Make sure exactly this one certificate ("ISRG-Root-X1") is shown.
|
||||
|
||||
/certificate/set name="ISRG-Root-X1" [ find where common-name="ISRG Root X1" ];
|
||||
/certificate/print proplist=name,fingerprint where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6";
|
||||
|
||||
Always make sure there are no certificates installed you do not know or want!
|
||||
|
||||
All following commands will verify the server certificate. For validity the certificate's lifetime is checked with local time, so make sure the device's date and time is set correctly!
|
||||
|
||||
### Initial Setup
|
||||
|
||||
Download the `global-functions-custom-phg.rsc` script:
|
||||
|
|
|
|||
|
|
@ -14,26 +14,27 @@
|
|||
:global GlobalFunctionsCustomPhgReady false;
|
||||
|
||||
# global functions
|
||||
:global SafelyResolve
|
||||
:global SafeResolve
|
||||
|
||||
# Function: safelyResolve
|
||||
# - Takes a DNS string (e.g. "example.com")
|
||||
# - Takes an IP type [ipv4, ipv6]
|
||||
# - Returns a string of and IP address or false if it can't be resolved
|
||||
:set SafelyResolve do={
|
||||
:set SafeResolve do={
|
||||
:do {
|
||||
:local DomainName [ :tostr $1 ];
|
||||
:if ( [ :tostr $2 ] = "ipv4" or [ :tostr $2 ] = "ipv6" ) do={
|
||||
:local IPType [ :tostr $2 ];
|
||||
:local IPType;
|
||||
:if ( ([ :tostr $2 ] = "ipv4") or ([ :tostr $2 ] = "ipv6") ) do={
|
||||
:set IPType [ :tostr $2 ];
|
||||
} else={
|
||||
:local IPType "ipv4";
|
||||
:global ExitError; $ExitError false $0;
|
||||
}
|
||||
:local IP [:resolve domain-name="$DomainName" type=$IPType];
|
||||
:return "$IP";
|
||||
:local ResolvedIP [:resolve domain-name="$DomainName" type=$IPType];
|
||||
:return "$ResolvedIP";
|
||||
} on-error={
|
||||
return false;
|
||||
:return false;
|
||||
}
|
||||
}
|
||||
|
||||
# signal we are ready
|
||||
:set GlobalFunctionsCustomPhgReady true;
|
||||
:set GlobalFunctionsCustomPhgReady true;
|
||||
|
|
|
|||
Loading…
Reference in a new issue