Fore more efficient network management, different tasks in MikroTik can be automated using scripts. For example, you can create a script to check the availability of some host(s), and it run manually, or automatically using the MikroTik scheduler. This guide will show you how to create, run, and schedule a script on MikroTik RouterOS. (more…)
mikrotik
MikroTik: Enabling HTTPS for WebFig & API
MikroTik supports HTTPS for WebFig and API, but it is disabled by default.
Transferring data over HTTP is not secure, even within a Local Area Network (LAN), because HTTP does not encrypt the data being transmitted. This can include sensitive information such as login credentials, configuration details, or any other data sent to or from your MikroTik router over HTTP.
If any devices on your LAN are compromised, an attacker can intercept HTTP traffic between you and your MikroTik router.
To improve security and encrypt communications with your MikroTik router, you need to enable HTTPS. This is not a straightforward process, as enabling HTTPS on MikroTik for WebFig and API requires you to manually configure and use a valid certificate.
In this post, you will learn how to generate a self-signed SSL certificate on MikroTik, enable HTTPS for WebFig and API, and disable services that use insecure HTTP. (more…)
MikroTik: NordVPN Setup
MikroTik routers support many VPN services, including NordVPN.
Starting from RouterOS v6.45, it is possible to establish IKEv2 secured tunnel to NordVPN servers using EAP authentication.
Learn how to set up NordVPN on your MikroTik router for enhanced privacy and security.
Follow these simple steps to safeguard your network traffic and enjoy seamless protection. (more…)
MikroTik: Telegram Notification on Login Attempt
MikroTik logs are valuable on their own, but they are even more useful when paired with Telegram notifications.
Receiving notifications on Telegram when someone is trying to log in to your MikroTik router can help to detect suspicious login attempts, including potential hacking attempts, allowing you to take appropriate action in a timely manner.
In this article, I will guide you through the process of configuring a separate log file on your MikroTik router that will only contain authentication log entries.
And also I will show how to set up a scheduled script that will be sending a notification about each login attempt to Telegram. (more…)
MikroTik: Send Message to Telegram
Notifications are an important part of monitoring of a MikroTik router’s health, performance and different events, including potential security issues.
Telegram is a popular messaging app that offers a variety of features, including notifications.
It can be used to receive notifications from various sources, including MikroTik.
This post provides a step-by-step guide on how to configure MikroTik to send messages to Telegram and integrate it into MikroTik scripts. (more…)
MikroTik: Simple Guest WiFi Setup on hAP ax³ (WifiWave2)
MikroTik routers with WiFi, like hAP ax³ with wifiwave2 package, can be used to create a “guest WiFi network”.
The guest WiFi gives clients access to the Internet, but isolates them from your main network, so they can’t see and don’t have ability to access any of your devices on it.
For example, to improve the security, you can put all your IoT devices on the guest WiFi network, so if one of them is hacked, the attacker won’t be able to get access to the devices on the main network.
This post shows how to perform a quick setup of the simple guest WiFi network on MikroTik hAP ax³ with wifiwave2 package. (more…)
MikroTik: Block Internet Access by IP/MAC
More and more smart devices with an Internet connectivity are appearing in our homes.
If you don’t want your smart socket, robot vacuum cleaner or IP camera to leak your personal data, you can block these devices from accessing the Internet by their IP/MAC addresses.
In this post I will show you how to block an Internet access by IP/MAC using a MikroTik router. (more…)
MikroTik: Get Default Configuration
There can be many reasons why you need to get the default configuration of your MikroTik router.
One of them is to compare the current settings with the default ones, while troubleshooting some issues.
This short post shows how to print the default MikroTik configuration. (more…)
MikroTik: OpenVPN Server Setup
Configuring an OpenVPN server on a MikroTik router can be a complex task, especially for beginners with limited experience in networking.
Below you will find how to setup the OpenVPN server on your MikroTik router from a command-line (terminal) quickly and easily, and how to connect to it using an OpenVPN client. (more…)
MikroTik: Downgrade RouterOS & RouterBOARD Firmware
A complete MikroTik firmware downgrade requires a downgrade of two components: 1️⃣ MikroTik RouterOS – an operating system (OS), and 2️⃣ MikroTik RouterBOARD firmware – a bootloader.
Before starting the MikroTik router downgrade, make sure that you have a backup of your current router configuration, as this is important in case of something goes wrong during the downgrade process.
Cool Tip: How to backup and restore a MikroTik router! Read more →
MikroTik Downgrade
Get the information about the current MikroTik RouterOS version, factory software version and device architecture, by going to ⚙️ “System” → “Resources”:
ℹ️ The factory software is the oldest version supported by the MikroTik device.
Also list the installed packages by going to ⚙️ “System” → “Packages”:
To get this information from a command-line (terminal), execute:
[admin@MikroTik] > /system resource print - sample output - uptime: 13m7s version: 7.10.2 (stable) build-time: Jul/12/2023 09:45:11 factory-software: 7.5 free-memory: 617.5MiB total-memory: 928.0MiB cpu: ARM64 cpu-count: 4 cpu-frequency: 1320MHz cpu-load: 1% free-hdd-space: 94.1MiB total-hdd-space: 128.5MiB write-sect-since-reboot: 50 write-sect-total: 684906 bad-blocks: 0.7% architecture-name: arm64 board-name: hAP ax^3 platform: MikroTik [admin@MikroTik] > /system package print - sample output - Columns: NAME, VERSION # NAME VERSION 0 routeros 7.10.2 1 wifiwave2 7.10.2
1️⃣ MikroTik RouterOS Downgrade
To downgrade the MikroTik router it is required to downgrade not the RouterOS only but all the installed packaged, otherwise the downgrade won’t succeed and the MikroTik version won’t change after reboot.
Download the packages to which you want to downgrade your MikroTik router (they should match your device architecture).
In the example below I am downloading the routeros-7.6-arm64.npk package and the all_packages-arm64-7.6.zip archive that contains the wifiwave2-7.6-arm64.npk package that also has to be upgraded:
Upload the .npk packages to the MikroTik device through the 📁 “Files” menu:
From the command-line (terminal) you can upload them, for example, using scp:
$ scp Downloads/routeros-7.5-arm64.npk admin@192.168.88.1: $ scp Downloads/wifiwave2-7.6-arm64.npk admin@192.168.88.1:
To downgrade the MikroTik RouterOS, go to ⚙️ “System” → “Resources” and click on “Downgrade”:
To downgrade the MikroTik RouterOS from the command-line (terminal), execute:
[admin@MikroTik] > /system package downgrade
The router will be rebooted and the MikroTik RouterOS will be downgraded.
2️⃣ MikroTik RouterBOARD Firmware Downgrade
After downgrading the MikroTik RouterOS, it is always recommended to downgrade the firmware of the MikroTik RouterBOARD.
To downgrade the MikroTik RouterBOARD firmware using Winbox/Winfig, go to ⚙️ “System” → “RouterBOARD” and click on “Upgrade”:
After the MikroTik RouterBOARD firmware downgrade, reboot the router for changes to take effect (⚙️ “System” → “Reboot”).
To downgrade the MikroTik RouterBOARD firmware from the command-line (terminal), execute:
[admin@MikroTik] > /system routerboard print - sample output - routerboard: yes board-name: hAP ax^3 model: C53UiG+5HPaxD2HPaxD serial-number: ******** firmware-type: ipq6000 factory-firmware: 7.6 current-firmware: 7.10.2 upgrade-firmware: 7.6 [admin@MikroTik] > /system routerboard upgrade [admin@MikroTik] > /system reboot
Cool Tip: Upgrade MikroTik RouterOS & RouterBOARD firmware! Read more →