diff --git a/doh-scripts/mullvad-family.rsc b/doh-scripts/mullvad-family.rsc new file mode 100644 index 0000000..c28e8f1 --- /dev/null +++ b/doh-scripts/mullvad-family.rsc @@ -0,0 +1,44 @@ +# Mullvad requires HTTP2 that is not supported by MikroTik, yet! + + + + +# TODO: Verify the connection if possible +# Ref: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls + +# disable doh (temporarily) + +/ip dns set verify-doh-cert=no + +# Mullvad uses LetsEncrypt certs that in turn uses ISRG Root X1 as of Nov 2024 +:local result [ /tool fetch url=https://letsencrypt.org/certs/isrgrootx1.pem dst-path=mullvad-x1.pem as-value ]; +:do { :delay 2s } while=( $result->"status" != "finished" ) +# Let's prepare for the transition (to ISRG Root X2), though; ref: https://letsencrypt.org/certificates/ +:local result [ /tool fetch url=https://letsencrypt.org/certs/isrg-root-x2.pem dst-path=mullvad-x2.pem as-value ]; +:do { :delay 2s } while=( $result->"status" != "finished" ) + +/certificate remove [find name~"mullvad-x1.pem"] +/certificate remove [find name~"mullvad-x2.pem"] +/certificate import file-name=mullvad-x1.pem passphrase="" +/certificate import file-name=mullvad-x2.pem passphrase="" +/file remove mullvad-x1.pem +/file remove mullvad-x2.pem + +/ip dns + static remove [find name="family.dns.mullvad.net"] + static add name=family.dns.mullvad.net address=194.242.2.6 comment="mullvad IPv4" + # static add name=family.dns.mullvad.net address=149.112.112.112 comment="mullvad IPv4 - secondary" + static add name=family.dns.mullvad.net address=2a07:e340::6 comment="mullvad IPv6" + # static add name=family.dns.mullvad.net address=2620:fe::fe comment="mullvad IPv6 - secondary" + + set use-doh-server=https://family.dns.mullvad.net/dns-query verify-doh-cert=yes + +# optional steps +/ip dns set servers="2a07:e340::6,194.242.2.6" +/ip dhcp-client set use-peer-dns=no [find] + +# flush existing cache +/ip dns cache flush + +# Post-install step: remove this file manually +# /file remove mullvad.rsc diff --git a/scripts/ntp-client-v6.rsc b/scripts/ntp-client-v6.rsc new file mode 100644 index 0000000..43d6246 --- /dev/null +++ b/scripts/ntp-client-v6.rsc @@ -0,0 +1,58 @@ +# List of public servers... https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94b0453 + +# variables +# timezone +:local tz +:set tz "+05:30" + +# To be used as the primary NTP server +:local ipNTP +:local ipNTPcomment +# IP based NTP server - when DNS is unavailable. +:set ipNTP "128.138.140.44" +:set ipNTPcomment "From https://tf.nist.gov/tf-cgi/servers.cgi" + +# To be used as the secondary NTP server +:local poolNTPorg +:set poolNTPorg [:resolve pool.ntp.org] + +# To be used for DNS based NTP servers +:local ntp1 +:local ntp2 +:set ntp1 "time.cloudflare.com" +:set ntp2 "time.google.com" + +:put "Primary NTP: $ipNTP ($ipNTPcomment)" +:put "Secondary NTP: $poolNTPorg (pool.ntp.org)" +:put "DNS NTP 1: $ntp1" +:put "DNS NTP 2: $ntp2" + +# configure timezone +# /system clock manual set time-zone=$tz +:put "Timezone: $tz\n" +:put "Clock info..." + +/system clock print + +# Find Router OS version + +:local rosVersion +:set rosVersion [:tonum [:pick [/system resource get version] 0 1]] +# following works as well. +# :set rosVersion [:pick [/system/routerboard/get current-firmware] 0 1] + +:put "\nRouter OS Version: $rosVersion\n" + + +if ( $rosVersion = 6 ) do={ + /system ntp client + set primary-ntp=128.138.140.44 + set secondary-ntp=[ :resolve pool.ntp.org ] + set server-dns-names=time.cloudflare.com,time.google.com +} + +/system ntp client set enabled=yes + + +:put "NTP client info..." +/system ntp client print diff --git a/scripts/ntp-client.rsc b/scripts/ntp-client-v7.rsc similarity index 84% rename from scripts/ntp-client.rsc rename to scripts/ntp-client-v7.rsc index 84b5865..eaa5d62 100644 --- a/scripts/ntp-client.rsc +++ b/scripts/ntp-client-v7.rsc @@ -45,18 +45,11 @@ if ( $rosVersion = 7 ) do={ - :put "Code for ROSv7 executed." /system ntp client servers add address=128.138.140.44 comment="NIST.gov" add address=[ :resolve pool.ntp.org ] comment="pool.ntp.org" add address=time.google.com add address=time.cloudflare.com -} else={ - :put "Code for ROSv6 executed." - /system ntp client - set primary-ntp=128.138.140.44 - set secondary-ntp=[ :resolve pool.ntp.org ] - set server-dns-names=time.cloudflare.com,time.google.com } /system ntp client set enabled=yes