Latest build is can't connect to Mikrotik or?

SAOPP commented 2 years ago

Hi!

I just saw it a repo moved and a new release of bouncer. Goin to upgrade my image from 19 of March, and faced with next behaviour:

That's my stack:

  crowdsec-bouncer-mikrotik:
    image: ghcr.io/tuxtof/cs-mikrotik-bouncer:latest-working
    container_name: crowdsec-bouncer-mikrotik
    networks:
      - proxy
    depends_on:
      - crowdsec
    environment:
      - TZ=Europe/Kiev
      - CROWDSEC_BOUNCER_API_KEY=${BOUNCER_MIKROTIK_API_KEY}
      - CROWDSEC_URL=http://crowdsec:8080/
      - MIKROTIK_HOST=${MIKROTIK_HOST}
      - MIKROTIK_USER=${MIKROTIK_API_ACCESS}
      - MIKROTIK_PASS=${MIKROTIK_API_ACCESS}
      - MIKROTIK_TLS=false
      - LOG_LEVEL=0
    restart: unless-stopped
    logging:
      driver: "json-file"
      options:
        max-size: "10m"

After upgrade container (to ghcr.io/funkolab/cs-mikrotik-bouncer:latest) is loop restart every time, here is from container log:

{"level":"debug","time":"2022-05-21T17:06:00+03:00","message":"Using config: map[crowdsec_bouncer_api_key:76567b69177b455af74a227ae8a3fa43 crowdsec_url:http://crowdsec:8080/ log_level:0 mikrotik_host:192.168.0.1:8728 mikrotik_pass:pass mikrotik_tls:false mikrotik_user:user]"}
{"level":"info","time":"2022-05-21T17:06:00+03:00","message":"Connecting to mikrotik"}
{"level":"info","time":"2022-05-21T17:06:05+03:00","message":"fill 14844 entry in internal addrList\n"}
{"level":"info","time":"2022-05-21T17:06:00+03:00","message":"mikrotik ip list addr"}
{"level":"info","time":"2022-05-21T17:06:05+03:00","message":"mikrotik ipv6 list addr"}
{"level":"fatal","error":"from RouterOS device: no such command prefix","time":"2022-05-21T17:06:05+03:00","message":"address-list print failed"}
{"level":"debug","time":"2022-05-21T17:06:07+03:00","message":"Using config: map[crowdsec_bouncer_api_key:76567b69177b455af74a227ae8a3fa43 crowdsec_url:http://crowdsec:8080/ log_level:0 mikrotik_host:192.168.0.1:8728 mikrotik_pass:pass mikrotik_tls:false mikrotik_user:user]"}
{"level":"info","time":"2022-05-21T17:06:07+03:00","message":"Connecting to mikrotik"}
{"level":"info","time":"2022-05-21T17:06:07+03:00","message":"mikrotik ip list addr"}
{"level":"info","time":"2022-05-21T17:06:11+03:00","message":"fill 14844 entry in internal addrList\n"}
{"level":"info","time":"2022-05-21T17:06:11+03:00","message":"mikrotik ipv6 list addr"}
{"level":"fatal","error":"from RouterOS device: no such command prefix","time":"2022-05-21T17:06:11+03:00","message":"address-list print failed"}
{"level":"debug","time":"2022-05-21T17:06:13+03:00","message":"Using config: map[crowdsec_bouncer_api_key:76567b69177b455af74a227ae8a3fa43 crowdsec_url:http://crowdsec:8080/ log_level:0 mikrotik_host:192.168.0.1:8728 mikrotik_pass:pass mikrotik_tls:false mikrotik_user:user]"}
{"level":"info","time":"2022-05-21T17:06:13+03:00","message":"Connecting to mikrotik"}
{"level":"info","time":"2022-05-21T17:06:13+03:00","message":"mikrotik ip list addr"}
{"level":"info","time":"2022-05-21T17:06:18+03:00","message":"fill 14844 entry in internal addrList\n"}
{"level":"info","time":"2022-05-21T17:06:18+03:00","message":"mikrotik ipv6 list addr"}
{"level":"fatal","error":"from RouterOS device: no such command prefix","time":"2022-05-21T17:06:18+03:00","message":"address-list print failed"}
{"level":"debug","time":"2022-05-21T17:06:20+03:00","message":"Using config: map[crowdsec_bouncer_api_key:76567b69177b455af74a227ae8a3fa43 crowdsec_url:http://crowdsec:8080/ log_level:0 mikrotik_host:192.168.0.1:8728 mikrotik_pass:pass mikrotik_tls:false mikrotik_user:user]"}

So, what this mean: {"level":"fatal","error":"from RouterOS device: no such command prefix","time":"2022-05-21T17:06:05+03:00","message":"address-list print failed"}? - my routeros is 6.49.2 on all devices.

So I'm tagged latest working image from 19 of March, and use it now. Any suggestion what's happens? Btw, the same way on my second and third mikrotiks...

tuxtof commented 2 years ago

Hi @SAOPP

can you connect on your Mikrotik and launch me the following command

/ipv6 export

thanks

SAOPP commented 2 years ago

Hi! @tuxtof

Here is on:

/ipv6 export
# may/22/2022 18:51:55 by RouterOS 6.49.2
# software id = 3UQG-BBWY
#
# model = RouterBOARD 941-2nD
# serial number = 80ECCA707F34

tuxtof commented 2 years ago

I don't have a v6 to test can you give me the output of /system/package/print

is the ipv6 activated on your device ?

can you also try the two init command I use /ip/firewall/address-list/print where list="crowdsec" /ipv6/firewall/address-list/print where list="crowdsec"

SAOPP commented 2 years ago

No, ipv6 is disable in my case.

tuxtof commented 2 years ago

ok I knew it was coming from there :-D

just update to the last version i release this morning v0.3.0 and add the ENV variable

MIKROTIK_IPV6=false in your docker compose

and say me

SAOPP commented 2 years ago

Okay, I will try it now.

SAOPP commented 2 years ago

Alright, the issue has been solved. Thanks homie. :+1:

tuxtof commented 2 years ago

Cool good job, thanks for the issue

funkolab / cs-mikrotik-bouncer

Latest build is can't connect to Mikrotik or? #1