Without really knowing I'd assume you'd have to configure both sied as if they'd be road warriors to each other...
Or like site-to-site but with DDNS names instead of IPs (which finally would be the same)

My subnet is rather large 10.0.0.0/16 (no, I don't need 65k clients, but it's convenient to use 10.0.A.0, 10.0.B.0, ... for various categories / persons). I also have a working WireGuard Road Warrior configuration in a dedicated 172.17.20.0.1/24 subnet. I wouldn't mind to keep it as it is right but ...

For dynamic WANIPs the dst nat rule usually has something like in-interface-list=WAN, which we replace with dst-address-list=external_wan where externel_wan is a firewall address list entry with an address=DDNSname If you have public address directly on router, you can skip DDNS and use this as DHC...

@Amm0 Not that I need or want to use this kind of trickery, but one could use *any* setting that can be easily found and use the comment field (disabling the setting), i.e. one could use (as an example) a (bogus, disabled) static route or a firewall nat or filter rule? All true. Same concept: use s...

If I may, it is not particularly easy to read when you use variable names that are also common names or properties. If I get this right, your snippet, using var_1, var_2 instead of name and value is: :local var_1 "foo"; :local var_2 [/system/script/environment/get [/system/script/environm...

For a global variable with the "fixed" name "foo" one could just do: :global foo; For a global variable where the name is "dynamic", eg. because it is e.g. derieved from :jobname one could write :global variablename [:jobname]; :global value; [:parse "global $vari...

Is there a more elegant solution to retrieve the value of a global variable without defining one? :local name "foo"; :local value [/system/script/environment/get [/system/script/environment/find name="$name"] value]; This is a just minimal example but instead of the fixed value &...

I'd love $0 to return the script name. This definetly needs to be a RouterOS functionality as one cannot work around on its own. (Use case would be similar to busybox where one has one binary which behaves differntly depending on the name of the symbolic link used to call it.) One could use e.g. th...

I'd love $0 to return the script name. This definetly needs to be a RouterOS functionality as one cannot work around on its own. (Use case would be similar to busybox where one has one binary which behaves differntly depending on the name of the symbolic link used to call it.) One could use e.g. the...

The globals can be set up by another script (as far as I understood the scripting system) so that this script could be easily shared, e.g. here or in my documentation about my ride to set up the router... Seems omitting the value of the globals works only when called via shell or by the PPP profile...

BTW my current solution was to "unroll" the script and get rid of the functions, but that feels very strange to me as I tried to train myself to seprate stuff and have small working parts and now I have to do the opposite... Here is the result for DDNs updates used for PPP on-up events. It...

For scripts that have many functions like this sms-read.rsc I'm using global functions since it will be needed to pass a lot functions arguments it they are local, but in this case I'm unsettling them ( :set SomeGlobalVar ) after script is done just to avoid functions hanging in environment. Using ...

Whole system has to fit in 16MB, so there are some limits on how many features scripting can have... so no linter to find the "use of undefined global in function". There is ":import verbose=yes <scriptfile.rsc>" that helps find what line something is failing. 16MB is really no ...

As a software engineer by profession it still boggles my mind why I have to refere to already globally defined variables... It is done to prevent accidental access/modification of global variables. Remember it is not required to declare local variables, so any set command could unintentionally use ...

Many thanks for the replies. It really bugged me why it was not working. Now I understood that without referring to the variable it would be undefined and instead of :local result [/tool fetch url=$afraidSyncURL as-value output=user] I was actually calling :local result [/tool fetch url= as-value ou...

I'm trying to get my feet wet with MikroTik scripts. After having a basic script I'm trying to clean it up a bit and wrap certain parts into functions. When doing this with the fetch function it seems to behave different: # MikroTik script to update the DNS entry when Internet connection has been # ...

I have a similar issue. The working setup on my RB5009UG+S+ is based on 7.7 and uses a SFP (Zyxel PMG3000-D20B), had to skip 7.8 and 7.9 since the SFP was not recognized.
With 7.10.2 the SFP is shut down due to temperature, but the SFP is no hotter than 51° at anytime ...

I'd like to suggest a dedicated "Feature requests" sub-forum. A sub-forum would allow one feature request per topic and discussion on this specific topic alone. Having all feature requests thrown into one thread is not helpful on discussion or working out details on a solution which would ...

Is there a way on how to address eventual shortcomings of the REST API? I just got started playing with it are finding smaller issues here and there... My list (yet): CORS (naturally), for the time being I use a CORS proxy but that's just not as it should be. Pagination - is there a way to do this? ...

But I do think improving the "Let's Encrypt" support to allow different auth method would also help this "quickest path to playing with REST" use case. A broader definition of: /certificate/enable-ssl-certificate could, optionally, generate a self-signed certs to make HTTPS work...

It would be very much appreciated if this requirement gets dropped. It adds additional burden on people just wanting to "play" with the REST API. For people who want to secure their network, I guess they wouldn't consider to activate telnet or www at all. For the rest of us, please let us ...

Many thanks for the feedback and the useful tipps. I directly adopted your version

Some long time ago I have written a configuration (with a lot of help from the forum) which was initially targeting the "hEX RB750GR3". Now people started using it also with "HAP ac lite". The main difference is that the former has 5 ports and the later only 4. As the people usin...

After some fiddling I got it working. All LAN interfaces can be used either for PPPoE or to access the hEX to configure it. The rules for the firewall filter are used to make the hEX reachable as a DNS server (which it was not before since the PPPoE interfaces are not regarded as LAN). See: https://...

It's probably rule #5 which blocks all accesses via PPPoE connections to router itself. My suggestion: add exceptions such as add chain=input action=accept src-address=192.168.200.0/24 protocol=tcp dst-port=53 place-before=5 add chain=input action=accept src-address=192.168.200.0/24 protocol=udp ds...

What about your firewall filters in chain=input, isn't it blocked there? Havent changed anything on the firewall since I really don't know much about firewalls :roll: Here is the (still untouched) firewall filter configuration: [admin@MikroTik] /ip firewall filter> print Flags: X - disabled, I - in...

Using a hEX v6.46 (factory resetted and configured as router gettings its address via DHCP) I created a PPPoE server which provides its services over VLAN7. The purpose is to be able to use any port (ether2-5) to access the hEX and also to be able to use the same ports for PPPoE if required. I might...

I'm testing software which goes as an add-on on routers. These routers are special insofar as they connect to uplink only via PPPoE on VLAN7 so I cannot just attach them to a regular switch and get started. (And I don't want to use these test-devices as my main router because of possible downtime an...