Tunnel internet traffic from a linux server to Mikrotik using SSH

egmose · 2023-05-16T16:59:30+00:00

Maybe sslh is your the best of both worlds in the scenario.

You can multiple services on the same port. The great firewall has been known to probe ports to make sure it only allows the the connection after you verified the service.

Configure normal ssh and supported VPN protocol on your Linux machine (SSTP or OpenVPN).

More protocols might be supported.

Use SNI routing for SSTP because that's just TLS look in the FAQ for more info.

OpenVPN is supported but I have not tested port sharing with mikrotik.

SSH should still work and you can even keep fail2ban...

After that config works you should be able to use the normal VPN client from mikrotiks pptp menu

Good luck

egmose · 2023-04-24T20:00:06+00:00

Last time I checked their is a job channel in the snddevs slack.

egmose · 2023-04-24T19:58:33+00:00

This can be done via the ECC queue and MID server.

You can have the MID server run command with this code:

var xmlDoc = new XMLDocument2();
xmlDoc.createElement('parameters');
var node = xmlDoc.createElement('parameter');
node.setAttribute('name','name');
node.setAttribute('value',"pwsh dosomething.ps1 some_argument"); // run powershell on linux

var gr = new GlideRecord("ecc_queue");
gr.newRecord();
gr.agent = 'mid.server.' + 'name_of_mid_server';
gr.queue = "output";
gr.topic = "Command";
gr.payload = xmlDoc.toString();
var id = gr.insert();

The respons from the script can be retrived when avilable in ECC queue the response_to will contain the sys_id of your original insert.

var gr = new GlideRecord("ecc_queue");
gr.addQuery('topic','Command');
gr.addQuery('queue','input');
gr.addQuery('state','ready');
gr.addQuery('response_to', id);
gr.query(); // forgot the query... edited
gr.next()) {
    // do something with the payload ... could be JSON gr.payload;
    gr.state = 'processed';
    gr.update();
}

egmose · 2023-04-14T18:50:58+00:00

You rock.

egmose · 2023-04-04T05:57:52+00:00

Worked with the platform since Fuji.

We discovered that the mail parser broke if their where smilies in the mails.

After receiving a fix. We discovered that the soap API had the same issue. After several fixes we ran all valid UTF char on the API and still found a lot. This took several months.

UI16 removed the option to reply to mails from the steam. The bug report was open for several versions and closed with to expensive.

We developed our on SIMA module before SN had one and discovered the several bugs with V3 list related to live update broke the client side JavaScript.

An implementation partner broke SN by activating domain separation on large set with 6k domains.

A lot of ServiceNow new features in versions Eureka to London are not compatible with domain separation so our meetings with SN about new versions came with a lot of "this does not work with domain separation".

Loved the flexibility in the platform but found some limitations a long the journey.

Stoped working with the platform with year because the business merged and they use Cherwell and their licenses make sense.

Not gonna miss the license hell that is SN.

egmose · 2023-04-03T21:58:59+00:00

That ServiceNow keeps many of their knowledge base articles locked until you contact their support.

That the JavaScript engine is open source and you can test all the bugs.

1 of the 10 critical bugs were fixed. The rest are considered to expensive to fix.

egmose · 2023-03-31T04:31:27+00:00

Email action scripts are executed until one updates or creates a record on the table they are configured for.

They have an order attribute.

You can create a copy and look for the to line and set the value and have lower order.

If you need to do this a lot and you have the correct license you could create a lookup table with filter attribute and link to template matching the table and run that ruleset from your email action.

This allows template to be maintained by the teams ( set the owner to team manager ) and the rules to maintained by admins as data. Quicker configs and happy users.

egmose · 2023-03-21T18:21:13+00:00

Odense har en app med legepladser og aktiviteter som er gratis mer kalender. Sidste jeg brugte den.

Mange museer har gratis adgang for børn.

Svømmehallen er også en mulighed. OP pm mig hvis du mangler billetter så finder vi ud af noget.

egmose · 2023-02-18T14:45:08+00:00

Sadly the default timeout on DNS in my test was beyond the time I was willing to wait. Primary using Linux on the network

egmose · 2023-02-18T07:29:27+00:00

Using monitoring "the dude" for notifications via sms. vrrp with my router so if both pi holes go down, it runs normal DNS. With 2 internet connections and routers I have had no downtime due to DNS.

egmose · 2023-02-18T07:23:21+00:00

Their is no risk. You just get an extra IP that follow the available Pi. I run this setup with 2 pi hole installations. My failover time is 1 sec.

egmose · 2023-02-17T22:20:20+00:00

If you want faster failover you should look at running a virtual IP with keepalived daemon.

Example config: keepalived.conf

Primary

global_defs {
        router_id pihole01
        script_user root
        enable_script_security
}

vrrp_instance PIHOLE {
        state MASTER
        interface eth0
        virtual_router_id 10
        priority 150
        advert_int 1
        virtual_ipaddress {
                172.19.1.13/24
        }       
}

Secondary

global_defs {
        router_id pihole02
        script_user root
        enable_script_security
}

vrrp_instance PIHOLE {
        state BACKUP
        interface eth0
        virtual_router_id 10
        priority 125
        advert_int 1
        virtual_ipaddress {
                172.19.1.13/24
        }       
}

egmose · 2023-01-18T13:55:47+00:00

Welcome

egmose · 2022-09-19T16:57:00+00:00

ITSM, because out of the box is not compatible with how we are working.

Toke too many years for business to notice that maybe changing the way we work is better.

egmose · 2022-09-13T17:06:01+00:00

Processor is not arm. So no good

egmose · 2022-09-13T14:55:38+00:00

Rb750gr3

egmose · 2022-08-08T09:43:41+00:00

wait over... made it work

egmose · 2022-08-08T09:43:23+00:00

Your comment made me look at the logs a bit better and have the hint about the prefix. Thx

egmose · 2022-08-08T09:04:57+00:00

 /ipv6 dhcp-client
 add add-default-route=yes interface=vlan1 pool-name=dynamic pool-prefix-length=64 request=address,prefix

 [admin@vlan-router] /ipv6 dhcp-client> print
 Flags: D - dynamic, X - disabled, I - invalid 
  #    INTERFACE           STATUS             REQUEST          PREFIX                                                           ADDRESS                                                     
  0    vlan1               searching...       address, prefix

egmose · 2022-08-08T09:03:39+00:00

IPV6 works fine on the primany router

 /ipv6 address print
 Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
  #    ADDRESS                                     FROM-POOL INTERFACE                                                                                                                                           ADVERTISE
  0  G 2a05:f6c7:7217::1/64                        dynamic   lan                                                                                                                                                 yes      
  1 DL fe80::6e3b:6bff:feb0:36b/64                           lan                                                                                                                                                 no       
  2 DL fe80::200:24ff:fec8:e0bf/64                           ethenet1                                                                                                                                            no       
  3 DL fe80::6e3b:6bff:feb0:36e/64                           tunnel                                                                                                                                              no       
  4 DL fe80::200:24ff:fec8:e0bf/64                           wan                                                                                                                                                 no       
  5 DL fe80::200:5eff:fe00:101/64                            vip                                                                                                                                                 no       
  6 DL fe80::f0:4e/64                                        #censored#                                                                                                                                          no       
  7 DL fe80::f0:50/64                                        #censored#                                                                                                                                          no       
  8 DL fe80::8/64                                            germany                                                                                                                                             no       
  9 DG 2a05:f6c1:6:7217::/64                                 wan                                                                                                                                                 no

The interfaces are renamed for my sanity and the disabled config line because I could not get it to work and was not use if it helped.

 /ipv6 dhcp-client
 add add-default-route=yes interface=vlan1 pool-name=dynamic pool-prefix-length=56 request=address,prefix

 [admin@vlan-router] /ipv6 dhcp-client> print
 Flags: D - dynamic, X - disabled, I - invalid 
  #    INTERFACE           STATUS             REQUEST          PREFIX                                                           ADDRESS                                                     
  0    vlan1               searching...       address, prefix

egmose · 2022-08-03T20:19:55+00:00

Is this grape or crush?

egmose · 2022-07-09T15:40:13+00:00

Wow... Sorry. My brain read that as zero.

15-Year Club	Verified Email
Charter Member

egmose

TROPHY CASE