All posts by Omega-00

Making your router talk – MikroTik and Telegram Bot Scripting

While there are existing ways (SNMP/SMS) to run scripts on RouterOS via external means, I’ve been meaning to show off a system I built based around Telegram Messenger – as it’s a relatively common one, and has a flexible API for interfacing with.



I began this with the older MikroTik 4096 character variable limit in mind, intending to process 1 or 2 messages at a time, but found half way through that this no longer applies (yay) – so as many as 100 messages or more could be pulled down at the same time and churned through the processing script.

Because we’re running this based around a single-threaded processing script it’s not going to be the fastest implementation, but I’m hoping this is a good start for anyone looking to expand on the functions I’ve added here.

Continue reading Making your router talk – MikroTik and Telegram Bot Scripting

MikroTik Audience – review and teardown

I was fortunate enough to get my hands on a pair of MikroTik Audience devices to put through their paces. The Audience is a new device from MikroTik, and perhaps one of the first I’ve seen that is specifically targeted to a home environment, with the stylish exterior designed not just to be a wireless powerhouse but look suitable to be placed on a shelf and give a better connectivity experience to boot.

can’t do meshing with just one..

First impressions

MikroTik are hitting some home runs with design and professionalism recently. This seems like the next step in the evolution from wAP form factor and Wireless Wire kit we have the Audience – and upgrade to both router design and packaging, opening the Audiences is more akin to an apple unboxing than anything else to come out of Mikrotik. Sure it’s nice that the boxing is still relatively simple and recyclable, but it LOOKS like what you’d expect a high end home router to look like; and I’d have no trouble selling this to someone as an upgrade on whatever they’re using now (it really is, but we’ll get to this..).

Teardown

Because I’m a heartless bastard and I know so many Latvians worked for years to create this device, I had to take one of them apart straight away before powering it up. More importantly, I had to try and do this without breaking anything, because I have to put it back together and test it afterwards. Easier said than done, but possible!

Check out the gallery of photos below with instructions on how to disassemble the device, if you’re that way inclined.

Performance

Onto the performance, this device has quad core 716MHz CPU which can be pushed as high as 896MHz (if you’re the sort of person who feels the need to overclock your router) or as low as 488MHz if you plan on the heatsink being a paperweight. During my testing I was unable to max out CPU utilisation while performing any basic routing or wireless functions and as per MikroTik’s testing this should be capable of a few hundred megabits of IPSec encrypted traffic if you have need of it. There are 3 distinct wireless cards available:

  1. 2.4GHz dual chain card (antenna on the board -used for clients)
  2. 5GHz dual chain card (antenna on the board – used for clients)
  3. 5GHz quad chain card (antenna array mounted above board – used for mesh)

Technically there’s nothing stopping a power-user from re-configuring the second 5GHz wireless card as another access point for clients, and if you just had the one Audience device I would probably recommend this for the better MIMO performance – however it was designed with a specific goal in mind – which is meshing.

In my testing – the meshing radios were able to hold a reasonable connection (consistent 60Mbps throughput using btest) through 4 double brick walls and one wooden garage wall. I placed one unit in my lounge room and the second in the detached garage at the other end of the property (a distance of about 24M / 78 feet).

By comparison, previously I have used a set of (non MikroTik) Ethernet over power adapters to deliver 60~Mbps from my office to the ground floor of this house, due to a lack of Ethernet cabling, but switching to the audience units has given me a reliable 300Mbps over the mesh wireless link in the ‘factory’ configuration, or as high as 500Mbps (through 2 walls and up one level) when adjusting the configuration of the mesh radios to use an 80MHz channel.


Even without using the mesh functions I did not coverage around the house also increased noticeably with just the one unit. I suspect some of this is a byproduct of being able to locate the AP on top of furniture, and the antennas being well positioned for good ‘home’ coverage due to the router being stood upright (vs a hAP ac2 which can be mounted on a wall/inside a cupboard/stood on its side).

It’s worth noting at this point – using quickset to configure this device actually employs the use of CAPsMAN to configure each wireless radio (including those of any repeaters) which is the first I’ve seen a product making use of MikroTik own built-in wireless control system.

Negatives / Wishlist

I am sold on the Audience and suspect I will continue using it as my primary AP(s) at home until something better comes along, but that’s not to say I don’t have some gripes.

  1. Port density – yes it’s a pretty router designed to sit up on a bench.. but maybe a stackable switch module (in the same partner-approved style) wouldn’t go astray? Or just one more Ethernet port.. there’s room in there for 3!
  2. PoE out – given WISPs and FISPs are supporters of MikroTik I would have thought it made sense to include a PoE out/pass-through option of some kind – because hey if it can power the radio on the roof, or even another Audience AP nearby.. that’s a useful feature! But the hAP ac2 is also missing this function so I’m not as surprised.
  3. USB support (either internal or externally accessible) would have been useful – yes there’s an LTE version available but the device is targeted at the home market.. how are they going to use the SMB functions now?!

Conclusion

The MikroTik Audience is a well designed and thoroughly capable wireless home router at a price point enticing for gamers and power-users alike. While it lacks the physical connectivity options of some competing platforms, everything about the device makes it clear it wasn’t design to sit connected to a modem/radio or ONT gathering dust in the cupboard – it is well positioned to deliver on the promises of better wireless by providing a platform that looks and feels like part of a modern home and in light of this I can’t wait to see what comes next.

RouterOS Bridge and Vlan Configuration for CRS devices on v6.43.X

I’ve seen a few posts recently in the MikroTik forums and MikroTik Subreddit about the confusing nature of creating native (wirespeed) vlans on the CRS range of hardware and wanted to put together a template that gives you a good idea of how these work, and what the configuration of a few different port types looks like.

While I will go into more detail on this soon – the following (designed for a CRS328-24P-4S+RM) has:

  • PC Connected ports
  • PC Connected ports with support for an inline VoIP Phone
  • Tagged/Untagged ports for Access Point administration and wireless network passthrough
  • Untagged port for a server
  • Tagged Trunk ports for passing vlans between switches
  • Adding an IP address to an Admin vlan for access to the configured switch
Continue reading RouterOS Bridge and Vlan Configuration for CRS devices on v6.43.X

Automatic bypass of hotspot devices based on MAC Address

Recently I was doing some work for a hotel that supplies a ‘Smart TV’ device with Netflix and other functions in every room. These rooms are in turn all connected to a hotspot network and the TV’s all needed to be given internet access.

As this was (as sometimes occurs) an unexpected addition to the known requirements of the installation, it fell to me to come up with a way to add these – preferably without having to have someone walk around manually collect details for 300+ TV’s.

Continue reading Automatic bypass of hotspot devices based on MAC Address

Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting

During my day job we use some MikroTik CHR deployments for (among other things) VPN session termination. The CHR’s are easy to spin up, offer a wide variety of VPN types, and for low traffic sessions can support upwards of 10,000 sessions on a single device.

It’s over 9000!

In the event of an outage though, you would run into a problem – those 10,000 sessions all want to re-establish at once.. and the CPU on the MikroTik quickly bottlenecks until it becomes unable to cope and begins to drop connections quickly becoming a vicious cycle.

We initially dealt with this by defining a hard limit on the number of new sessions per second, using 2 simple firewall rules and the connection limit classifier to keep these under 10 per second – however this meant that after an outage it would take at absolute minimum, over 15 minutes for all the sessions to come back online! So we came up with a better solution. Continue reading Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting