Snippet: Mikrotik VPN Setup

 Networking, Scripting, Tutorials  No Responses »
Jun 222023
 

It has been a loooong time since I’ve posted…a lot has happened, but finally back on the blog!

I’ve been working a lot with Mikrotik devices lately, and I’ve written up a few bits and bobs to make my life easier.

Below is the snippet I’ve written to quickly set up an OpenVPN server on a Mikrotik router.

#### VARIABLES
#### UPDATE BEFORE RUNNING SCRIPT

# This variable sets the DNS server that will be used by the clients on the VPN
:global netVPNDNSServer 8.8.8.8

# Sets the company and export passphrase that will be used for the cert
:global Company "YOUR COMPANY"
:global CertExportPassphrase YOURPASSPHRASE

# Sets up a user and password for the VPN
:global vpnuser joebloggs
:global vpnpass bloggsvpn

## Certificate Setup
/log info "generating certs"

## You may want to update your country, state, etc, but it's not necessary

/certificate add name=CA country=AU state=WA locality=WA organization=$Company unit=IT common-name=CA trusted=yes key-usage=key-cert-sign,crl-sign days-valid=3650
/certificate add name=server country=AU state=WA locality=WA organization=$Company unit=IT common-name=server trusted=yes key-usage=digital-signature,key-encipherment,tls-server days-valid=3650
/certificate add name=client country=AU state=WA locality=WA organization=$Company unit=IT common-name=client key-usage=tls-client days-valid=3650

# If you're copy and pasting this into terminal, paste each certificate sign line separately, and ignore the delay lines

/log info "signing certs"
/certificate sign CA name=CA
/log info "30 sec wait"
/delay 30000ms
/certificate sign server ca=CA 
/log info "30 sec wait"
/delay 30000ms
/certificate set server trusted=yes
/certificate sign client ca=CA
/log info "30 sec wait"
/delay 30000ms
/log info "exporting certs"
/certificate export-certificate CA
/certificate export-certificate client export-passphrase=$CertExportPassphrase
## OpenVPN Config

# This is where the IP addresses are set for the OpenVPN Clients.
# If you need to change them, this is the spot.

/ip pool add comment="OVPN Pool" name=Pool-VPN ranges=10.0.100.10-10.0.100.200
/ppp profile add dns-server=$netVPNDNSServer local-address=10.0.100.1 name=Profile-VPN only-one=no remote-address=Pool-VPN use-encryption=required
/interface ovpn-server server set auth=sha1 certificate=server cipher=aes256 default-profile=Profile-VPN enabled=yes require-client-certificate=yes
/ppp secret add name=$vpnuser password=$vpnpass profile=Profile-VPN service=ovpn
Share

Snippet: Recovering USB Sticks With ddrescue

 Linux, Scripting, Tutorials  1 Response »
Sep 272019
 

It’s been a while since my last post!

I recently had to recover a dying USB stick that kept spitting out read errors. ddrescue‘s default parameters could only help so much as the flash controller would hang the instant it hit a bad read error, necessitating a unplug and replug of the USB stick before it could carry on.

I decided to hack up a little script so I could recover select areas of the USB stick first and control what blocks ddrescue was attempting. Using ddrescueview, I could see which blocks had and had not been attempted. Using the information from the Block Inspector, I could obtain a hex address of the block I wanted to start from.

Block Inspector

Copying the text from the blocks into my hex-to-decimal script gave me a block to start from.

$ ./gethex.sh 'Non-tried0x1EB10000 (491.06 MiB)0x001FCB40 (1.99 MiB)
> '
0x1EB10000
514916352

The gethex.sh script is just a simple bash script to extract the starting block from the output

#!/bin/bash
INPUT=$1
INPUT=${INPUT/> /}
STRING=$(echo $INPUT | cut -d ' ' -f 1)
STRING=${STRING/Non-trimmed/}
HEX=${STRING/Non-tried/}
echo $HEX
printf "%d\n" $HEX

That block number lets me use the -i parameter to set a starting point and -s to set sector size. Then I use a loop to scan through a certain amount of blocks at a time

START=514916352;for x in {0..20000}; do echo $(($START+512*$x)); ddrescue -i $(($START+512*
$x)) -a 1024 -s 512 -O -d /dev/sdx imagefile mapfile; if [[ $? -gt 0 ]]; then START=$(($START+512)); break;fi; done;START=$((
$START+512*$x+512));echo $START;

Related Posts
Share

Powershell Snippet: Hyphen-less MAC Address from DHCP Server

 Powershell, Scripting  No Responses »
Feb 142018
 

I needed to get all MAC addresses without hyphens today so I could match against some MAC Address barcodes.
Ended up writing this one-liner to get what I needed. I’ve added some variables to make it a bit easier to read here.

$svrDHCP = "DHCP Server"
$scope = "10.10.0.0"
Get-DhcpServerv4Lease -ComputerName $svrDHCP -scope $scope | select IPAddress,ClientID,Hostname | ForEach-Object { Add-Member -InputObject $_ -name Mac -MemberType NoteProperty -Value $($_.clientID -replace "-",""); write-output $_} | out-gridview

Related Posts

Share

Snippet: Update Debian Netboot PXE Image

 Linux, Scripting  No Responses »
Sep 272017
 

I wrote a little snippet to update my PXE server’s Debian netboot image so I can schedule this to run every month or so to ensure that my Netboot image is up to date.

The variables are to set the Debian mirror, architecture, and paths and filenames for the downloaded image file, and where the image file should be un-tarred to.
I have architecture in there because I had some old machines which require i386 kernels. If you don’t need i386, then you can replace all the arch variables and hardcode amd64 instead.

#!/bin/bash
debmirror=http://mirror.internode.on.net/pub/debian
arch=amd64
tmpfile=/tmp/$arch-netboot.tar.gz
tftppath=/srv/tftp/deb-stable/$arch
wget $debmirror/dists/stable/main/installer-$arch/current/images/netboot/netboot.tar.gz -O $tmppath
tar -C $tftppath -xzf $tmpfile ./debian-installer/amd64/initrd.gz ./debian-installer/amd64/linux --strip-components=3

Related Posts
Share

Snippet: Emailing Lots Of Screenshots From Motion

 Linux, Raspberry Pi, Scripting, Tutorials  No Responses »
Oct 242016
 

A while ago, I setup my Motion server to send me snapshots of any motion detected when a picture is saved by motion.
Continue reading »

Related Posts
Share
 Older Entries  Newer Entries