I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc? Thanks, James
If it's something made prior to v6.13 you can use http://www.mikrotik-routeros.com/password-recovery-tool/ If it's something made since then; provided you clicked the "don't encrypt" option when taking your backup that should still work. - Andrew On 27 September 2015 at 16:41, James Hodgkinson <yaleman@ricetek.net> wrote:
I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc?
Thanks,
James
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Hi James, Although there is no /official/ way to do it, I have seen a few online password extraction apps on the web (just try your favourite search engine) - but I urge caution - use them at your own risk! :-} Cheers! Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Sunday, 27 September 2015 4:42 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] Decrypting a backup offline?
I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc?
Thanks,
James
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
Yeah, I don't care about the passwords etc, I actually needed the config. I ended up giving up and just rebuilding it from scratch, even though it seems like the hAP's wireless bridge is stopping me from doing the horrible hairpin NAT rules I've always run. Going to have to buy something to replace the RB750G, looks like a CRS might be in my future :D Thanks all, James On Mon, 28 Sep 2015, at 10:07, Mike Everest wrote:
Hi James,
Although there is no /official/ way to do it, I have seen a few online password extraction apps on the web (just try your favourite search engine) - but I urge caution - use them at your own risk! :-}
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Sunday, 27 September 2015 4:42 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] Decrypting a backup offline?
I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc?
Thanks,
James
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
For this reason, I tend to export a plaintext backup, and then encrypt that with a PGP key. I then keep this in a local git repo. Might be worth considering something similar in case you encounter such an issue again? At least this way you don't have to rely on a particular product for decryption :) On Mon, 28 Sep 2015, James Hodgkinson wrote:
Yeah, I don't care about the passwords etc, I actually needed the config. I ended up giving up and just rebuilding it from scratch, even though it seems like the hAP's wireless bridge is stopping me from doing the horrible hairpin NAT rules I've always run.
Going to have to buy something to replace the RB750G, looks like a CRS might be in my future :D
Thanks all,
James
On Mon, 28 Sep 2015, at 10:07, Mike Everest wrote:
Hi James,
Although there is no /official/ way to do it, I have seen a few online password extraction apps on the web (just try your favourite search engine) - but I urge caution - use them at your own risk! :-}
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Sunday, 27 September 2015 4:42 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] Decrypting a backup offline?
I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc?
Thanks,
James
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
There's a nice 'mtrancid' script for rancid - I pull all my mikrotik configs into my rancid install - which then means I can view RouterOS configs along with the configs for all my other gear in Observium :) Makes it SO much easier if something dies ;) On 29 September 2015 at 22:07, Stephen <mailman@tuxcon.com> wrote:
For this reason, I tend to export a plaintext backup, and then encrypt that with a PGP key. I then keep this in a local git repo. Might be worth considering something similar in case you encounter such an issue again? At least this way you don't have to rely on a particular product for decryption :)
On Mon, 28 Sep 2015, James Hodgkinson wrote:
Yeah, I don't care about the passwords etc, I actually needed the config. I ended up giving up and just rebuilding it from scratch, even though it seems like the hAP's wireless bridge is stopping me from doing the horrible hairpin NAT rules I've always run.
Going to have to buy something to replace the RB750G, looks like a CRS might be in my future :D
Thanks all,
James
On Mon, 28 Sep 2015, at 10:07, Mike Everest wrote:
Hi James,
Although there is no /official/ way to do it, I have seen a few online password extraction apps on the web (just try your favourite search engine) - but I urge caution - use them at your own risk! :-}
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Sunday, 27 September 2015 4:42 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] Decrypting a backup offline?
I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc?
Thanks,
James
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
Yep, already written myself a script to automagically dump the config and download it, next step's to make it an automatic regular thing. (It's for my home network and I'm building a dedicated "backup" box next :) Thanks for the help everyone. James On Tue, 29 Sep 2015, at 22:07, Stephen wrote:
For this reason, I tend to export a plaintext backup, and then encrypt that with a PGP key. I then keep this in a local git repo. Might be worth considering something similar in case you encounter such an issue again? At least this way you don't have to rely on a particular product for decryption :)
On Mon, 28 Sep 2015, James Hodgkinson wrote:
Yeah, I don't care about the passwords etc, I actually needed the config. I ended up giving up and just rebuilding it from scratch, even though it seems like the hAP's wireless bridge is stopping me from doing the horrible hairpin NAT rules I've always run.
Going to have to buy something to replace the RB750G, looks like a CRS might be in my future :D
Thanks all,
James
On Mon, 28 Sep 2015, at 10:07, Mike Everest wrote:
Hi James,
Although there is no /official/ way to do it, I have seen a few online password extraction apps on the web (just try your favourite search engine) - but I urge caution - use them at your own risk! :-}
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Sunday, 27 September 2015 4:42 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] Decrypting a backup offline?
I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc?
Thanks,
James
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
I guess at the simplest.. 0 0 * * * /usr/bin/ssh admin@router "/export compact" | gzip > /export/backups/router/router.config.`date +%Y%m%d`.txg.gz in cron so it runs once a day :) On 30 September 2015 at 07:40, James Hodgkinson <yaleman@ricetek.net> wrote:
Yep, already written myself a script to automagically dump the config and download it, next step's to make it an automatic regular thing. (It's for my home network and I'm building a dedicated "backup" box next :)
Thanks for the help everyone.
James
On Tue, 29 Sep 2015, at 22:07, Stephen wrote:
For this reason, I tend to export a plaintext backup, and then encrypt that with a PGP key. I then keep this in a local git repo. Might be worth considering something similar in case you encounter such an issue again? At least this way you don't have to rely on a particular product for decryption :)
On Mon, 28 Sep 2015, James Hodgkinson wrote:
Yeah, I don't care about the passwords etc, I actually needed the config. I ended up giving up and just rebuilding it from scratch, even though it seems like the hAP's wireless bridge is stopping me from doing the horrible hairpin NAT rules I've always run.
Going to have to buy something to replace the RB750G, looks like a CRS might be in my future :D
Thanks all,
James
On Mon, 28 Sep 2015, at 10:07, Mike Everest wrote:
Hi James,
Although there is no /official/ way to do it, I have seen a few online password extraction apps on the web (just try your favourite search engine) - but I urge caution - use them at your own risk! :-}
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Sunday, 27 September 2015 4:42 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: [MT-AU Public] Decrypting a backup offline?
I've just gone through a lovely electrical storm in Brisbane and my router's let the smoke out. Thankfully I've got a spare hAP that'll do the duties for now - is there a way to decrypt the backup (I have the passwords) from my RB750G so I can get out things like firewall config and NAT rules etc?
Thanks,
James
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder
I have a setup based on a backup script (originally written by Andrew Cox) which emails a backup (both the binary and text version of the config - binary for faster restores, and text to make diffs easier) to a special-purpose mailbox, which is then polled by a script which pulls down the attachments and pushes them into git. I have uploaded it to https://bitbucket.org/thomasjackson/mikrotikscripts/ if anyone is interested. The script is very rough, but has been working for about a year for us without any problems. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Wednesday, 30 September 2015 7:41 AM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] Decrypting a backup offline? Yep, already written myself a script to automagically dump the config and download it, next step's to make it an automatic regular thing. (It's for my home network and I'm building a dedicated "backup" box next :) Thanks for the help everyone. James
I use this Gets me a backup and a export. admin-ssh is setup for key access LSRV --- list of servers ROUTEROS is all of my routers hostnames #!/bin/bash if [ -r /root/scripts/LSRV ] then . /root/scripts/LSRV fi for x in $ROUTEROS do DT="$(/bin/date "+%Y%m%d")" FL="${x}-${DT}" echo -n ">> ${x}[${FL}]: " ssh admin-ssh@$x /system backup save name=${FL} password=<SOMEPASSWORD> ssh admin-ssh@$x /export file=${FL} scp -q admin-ssh@$x:${FL}.backup /var/lib/tftpboot/ scp -q admin-ssh@$x:${FL}.rsc /var/lib/tftpboot/ echo done -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Thomas Jackson Sent: Wednesday, 30 September 2015 8:24 AM To: 'MikroTik Australia Public List' <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Decrypting a backup offline? I have a setup based on a backup script (originally written by Andrew Cox) which emails a backup (both the binary and text version of the config - binary for faster restores, and text to make diffs easier) to a special-purpose mailbox, which is then polled by a script which pulls down the attachments and pushes them into git. I have uploaded it to https://bitbucket.org/thomasjackson/mikrotikscripts/ if anyone is interested. The script is very rough, but has been working for about a year for us without any problems. -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of James Hodgkinson Sent: Wednesday, 30 September 2015 7:41 AM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] Decrypting a backup offline? Yep, already written myself a script to automagically dump the config and download it, next step's to make it an automatic regular thing. (It's for my home network and I'm building a dedicated "backup" box next :) Thanks for the help everyone. James _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (7)
-
Alex Samad - Yieldbroker
-
Andrew Cox
-
Damien Gardner Jnr
-
James Hodgkinson
-
Mike Everest
-
Stephen
-
Thomas Jackson