Return to Level1Techs.com

Any Mikrotik users know how to securely send config from RouterOS?

#1

I’ve been trying to set it up to periodically email its config (as a form of backup), and it works, but it doesn’t actually check the TLS cert of the server it’s connecting to - any random server side cert will still let it send email and authenticate against any random host.

Has anyone run into this before?

(I’ve asked on Mikrotik forums, even though they’re all Mikrotik users they’re less technical on average, so I’m trying my luck by asking here as well).

0 Likes

#2

I know the feeling :smiley:

I use a central CHR router to manage all my other Mikrotik devices via
IPsec tunnels and a few firewall rules.

I just use SSH with only access to a specific VPN subnet to increase the security.

You can then use any Linux machine to fetch the config via SSH from the Mikrotik router and store it on a remote server and encrypt the backup the ROS backup file or send it from the Linux machine?

Thats my 2 cents :wink:

0 Likes

#3

I actually got a reply from support in the meantime where they confirmed the email implementation doesn’t check certs, there’s no way to make it check. It’s a shame as that would simplify so much stuff - all I’d need would be one process listening on one port with something from letsencrypt - no tunnels, no magical other crypto, none of that stuff.

0 Likes

#4

Maby ROS 7 can save us :unamused:

0 Likes