Accessing Mikrotik RouterOS via MAC Telnet from a Linux box

November 18, 2016

If you know Mikrotik Routers you know that you’re able to access them via MAC Telnet (see here for more details) via Layer2 with Winbox. But running Winbox via Wine on a Linux is not that great for using MAC Telnet, and there is a better way .. just use MAC-Telnet from Håkon Nessjøen. On Ubuntu/Debian you can just install the package with

sudo apt-get install mactelnet-client

and you see its feature like this:

$ mactelnet -h
MAC-Telnet 0.4.2
Usage: mactelnet <MAC|identity> [-h] [-n] [-a <path>] [-A] [-t <timeout>] [-u <user>] [-p <password>] [-U <user>] | -l [-B] [-t <timeout>]

MAC MAC-Address of the RouterOS/mactelnetd device. Use mndp to
discover it.
identity The identity/name of your destination device. Uses
MNDP protocol to find it.
-l List/Search for routers nearby (MNDP). You may use -t to set timeout.
-B Batch mode. Use computer readable output (CSV), for use with -l.
-n Do not use broadcast packets. Less insecure but requires
root privileges.
-a <path> Use specified path instead of the default: ~/.mactelnet for autologin config file.
-A Disable autologin feature.
-t <timeout> Amount of seconds to wait for a response on each interface.
-u <user> Specify username on command line.
-p <password> Specify password on command line.
-U <user> Drop privileges to this user. Used in conjunction with -n
for security.
-q Quiet mode.
-h This help.

So lets give it a try, first with searching for my home router

$ mactelnet -l
Searching for MikroTik routers... Abort with CTRL+C.
IP MAC-Address Identity (platform version hardware) uptime
10.x.x.x 0:xx:xx:xx:xx:xx jumpgate (MikroTik x.x.x. xxxx) up 139 days 5 hours XXXXX-XXXX vlanInternal

and then we’ll connect

$ mactelnet 0:xx:xx:xx:xx:xx

and we’re connected.

248 days uptime is bad for a Mikrotik running RouterOS below 6.34

November 14, 2016

I’ve some info for you, if you’re running Mikrotik RouterOS in a version below 6.34rc45 and are using a tunnel (like IPIP over IPsec). If you don’t boot the router for about 248 days, your router will get inaccessible. This is specially bad if your routers are in remote locations and you’ve got multiple routers with the same updates ( like > 100 😉 ) as you did the firmware update at the same time.

The changelog for the 6.34rc45 version states the problem, but it doesn’t tell you that the router is offline and can only be accessed via serial cable.

*) tunnel – fix complaining about loop after ~248 days;

If you look into the log via the serial port you’ll see

07:21:13 interface,info tunnel_1 link down
07:21:13 interface,info tunnel_2 link down
07:21:13 interface,info tunnel_3 link down
07:21:13 interface,info tunnel_4 link down
07:21:14 interface,warning tunnel_1 transmit loop detected, downing interface for 60 seconds
07:21:14 interface,warning tunnel_2 transmit loop detected, downing interface for 60 seconds
07:21:14 interface,warning tunnel_3 transmit loop detected, downing interface for 60 seconds
07:21:14 interface,warning tunnel_4 transmit loop detected, downing interface for 60 seconds

and nothing else. 😉

If you’re running an affected version you need to reboot before reaching 35 weeks or upgrade to a new version.

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 63 queries. 0.257 seconds.