-
Notifications
You must be signed in to change notification settings - Fork 117
Getting started
RouterOS is the flag product of the company MikroTik and is a powerful router software. One of its many abilities is to allow control over it via an API. This package provides a client for that API, in turn allowing you to use PHP to control RouterOS hosts.
The requirements to watch out for are:
- PHP 5.3.0 or later.
- A host with RouterOS v3 or later.
- Enabled API service on the RouterOS host.
- Enabled outgoing connections with PHP's stream_socket_client() (check your OS' firewall)
- Enabled incoming connections to the API port in the firewall of RouterOS (check any rules in the "input" chain).
Other requirements are not a problem in most scenarios. For reference, they are:
- The PCRE and SPL extensions (compiled into PHP by default)
- PEAR2_Net_Transmitter (bundled in the archive; installed automatically by Pyrus and Composer)
- [optional] The iconv extension (compiled into PHP by default; required only if you want to use automatic charset conversion)
- [optional] The OpenSSL extension (bundled with PHP by default; needs to be enabled in php.ini or during compilation; required only if you want to use encrypted connections)
- [optional] PEAR2_Cache_SHM (bundled in the archive; needed only if you use persistent connections)
- [optional] PEAR2_Console_CommandLine (bundled in the archive; needed only when using the API console)
- [optional] PEAR2_Console_Color (bundled in the archive; needed only if you'd like to have colors in the API console)
- [optional] A PSR-0 or PSR-4 compliant autoloader (highly recommended; PEAR2_Autoload is one PSR-0 autoloader that is bundled in the archive)
-
The API service in RouterOS is disabled by default in versions prior to 6.0. To enable it, you need to execute
/ip service set numbers="api" address="" disabled="no"
from a RouterOS terminal. The "address" argument in the command above allows you to limit access to this service only to certain client IP addresses. For security's sake, it's better that you limit connections only to the IP address(es) of the server(s) from which PHP will access RouterOS. An empty value will allow anyone to use the API (as long as they can login).
-
Many shared web hosts choose to disable stream_socket_client(), and it's close relative fsockopen() as well. When they don't disable them, they often render them useless by forbidding outgoing connections with the server's firewall. A frequently possible workaround is to use the API service on a different, more popular port, such as 21, 80, 443, or something similar. If even that doesn't work, you need to contact your host. If you're on your own server, and fail to connect, configure your server's firewall so that it enables PHP to make outgoing connections (at least to the ip:port combo of where your router uses the API service). Depending on how you run PHP as:
PHP running as (SAPI) | Executable folder | Executable file to whitelist | |
---|---|---|---|
UNIX | Windows | ||
Apache module | Apache's "bin" folder | httpd | httpd.exe |
(F)CGI | PHP's folder | php-cgi | php-cgi.exe |
CLI | PHP's folder | php | php.exe |
See the SELinux documentation for details.
- Linux distributions that don't include SELinux typically use [iptables](http://www.netfilter.org/projects/iptables/) instead. It acts similarly to RouterOS' firewall, in that it can (apparently?) enable/disable only based on packet contents, and not based on application. You can enable outgoing connections to port 8728 (from any interface, to any IP) with the command:
```sh
iptables -A OUTPUT -p tcp --dport 8728 -j ACCEPT
```
See [iptables' documentation](http://www.netfilter.org/documentation/) for details.
- Many RouterBOARD devices come, by default, with a rule in "/ip firewall filter" that drops any incoming connections to the router, coming from the WAN interface. If your web server is outside the LAN (e.g. a web host, as opposed to your own web server inside your network), you must explicitly whitelist RouterOS' API port or (not recommended) disable that rule entirely. You can whitelist the API port for all interfaces with the following command:
/ip firewall filter add \ place-before=[:pick [find where chain="input"] 0] \ chain="input" action="accept" \ protocol="tcp" dst-port=[/ip service get "api" "port"]
If you download the ".phar" archive, you can just include the archive, and be ready to go.
To keep the names of the classes short, you may also add a "use" statement, so for example:
<?php
use PEAR2\Net\RouterOS;
require_once 'PEAR2_Net_RouterOS-1.0.0b6.phar';
//Use any PEAR2_Net_RouterOS class from here on
(See this page from the PHP manual if you want to learn more about namespaces and aliasing in general)
In virtually all places of this documentation, the line
require_once 'PEAR2/Autoload.php';
can be replaced with the path to the PHAR file, e.g.
require_once 'PEAR2_Net_RouterOS-1.0.0b6.phar';
and then everything should work the same.
Installation with Pyrus/PEAR2
Assuming you have installed Pyrus, you can install PEAR2_Net_RouterOS from the PEAR2 channel with just
php pyrus.phar install PEAR2_Net_RouterOS-beta
or, if you want to also get the optional dependencies (see above), you can use
php pyrus.phar install -o PEAR2_Net_RouterOS-alpha
You might notice that the version number of PEAR2_Net_RouterOS suggests it's a beta, and yet we use "-alpha" in the command above. Well, yes, PEAR2_Net_RouterOS is a beta, but it has optional dependencies which are in an alpha state. To avoid getting errors, you need to use "-alpha" until those packages reach beta.
Note also that this package is a "beta" according to the PEAR2 version standard, which essentially means that it works, it's documented, has large code coverage (100% in this case), but future versions of it are still a potential subject to breaking API changes (e.g. the next release could rename methods, add/remove/rename classes, swap arguments, etc.) as long as those changes are still working, documented and covered by tests. In other words, the "beta" does not refer to error prone-ness of this version, but to "how likely is it that your code will break when upgrading this package".
If you've decided to not use the PEAR2 channel, but instead install directly from the archive distributed at the project page, you can use
php pyrus.phar install /path/to/downloaded/archive.tgz
If you haven't installed PEAR_Net_Transmitter previously, Pyrus will install the one at the PEAR2 channel (not the bundled version, although the two are equivalent at the time of this writing).
Installation with PEAR
Like most PEAR2 packages, PEAR2_Net_RouterOS is compatible with the PEAR installer. However, since the "pear2" channel is not its default channel, you need to be more explicit (at least the first time around):
pear install pear2.php.net/PEAR2_Net_RouterOS-beta
or
pear install -a pear2.php.net/PEAR2_Net_RouterOS-alpha
to install optional dependencies as well.
Installation with Composer
This package is available from packagist.org, so all you have to do is to go to your project's directory (where your composer.json is), and run
composer require pear2/net_routeros:*@beta
Due to the way composer works, you need to add each optional dependency manually. So for example, if you want to use persistent connections, you'd also need to execute
composer require pear2/cache_shm:*@alpha
and if you want to use the API console
composer require pear2/console_commandline:*@alpha
composer require pear2/console_color
In virtually all places of this documentation, the line
require_once 'PEAR2/Autoload.php';
can be replaced with the autoloader generated by Composer, e.g.
require_once 'vendor/autoload.php';
and then everything should work the same.
Instead of using the PEAR(2) installer or Composer, you can just download a packaged archive, and extract its contents. To emulate the PEAR(2) installer, you can place the files from the "src" folder at a folder that's within your include_path. The packaged archive includes a version of PEAR2_Net_Transmitter (as well as all optional dependencies), so there's nothing to worry about beyond extracting the archive, and including the bundled 'PEAR2/Autoload.php' file.
Installation from the repository (with Git)
If you want to get the "bleeding edge", unpackaged version of PEAR2_Net_RouterOS, you'll need to have Git. Once you have it, create a folder to place the package and its dependencies in, navigate to it from the command line, and execute the following commands:
git clone https://github.com/pear2/Net_RouterOS.git Net_RouterOS.git
git clone https://github.com/pear2/Net_Transmitter.git Net_Transmitter.git
git clone https://github.com/pear2/Cache_SHM.git Cache_SHM.git
Once you've cloned the repositories, switch to the "develop" branch on each of them. The "master" branch contains the latest released versions, while the "develop" branch contains the unreleased versions.
Note: If you plan to contribute to this project, please use GitHub's "fork" feature instead, and then apply "git clone" on it, instead of the original repository. This will then allow you to easily make pull requests from your fork. Needless to say that pull requests should be based on the "develop" branch.
If the package doesn't work, you can download the "phar" file (maybe rename it from ".phar" to ".php"), and run it in your browser or command line.
When you do that, you should see the version of the package, along with some messages indicating if you're missing any of the requirements. If all requirements are present, you'll see a message suggesting you use the PHAR itself as a console. Try doing that, and see if any error messages show up. If all is OK, the console will start with no error messages on screen, and you should be able to start typing input. Otherwise, you'll see whether the problem is at login or at connecting, and see the exact error message from the OS, which should hopefully make it easier to see where the problem is.
If the console works, but a web page fails, then there are two possible problems left. Either the PHP in the web server is a different one (a different version and/or configured by a separate php.ini), or a different executable needs to be whitelisted in the OS' firewall.
To check the first issue, you can rename the PHAR file to ".php", and run it from a web browser. The output should be the same as from the command line.
To check the second issue, try to run the following test code from a web browser (replacing the router details accordingly of course):
<?php
use PEAR2\Net\RouterOS;
require_once 'PEAR2_Net_RouterOS-1.0.0b6.phar';
try {
$client = new RouterOS\Client('192.168.88.1', 'admin', 'password');
echo 'OK';
} catch (Exception $e) {
die($e);
}
If you don't see "OK", and yet the console works, the most likely issue is the web server's firewall. See the Notes section above.
The rest of this documentation contains more tutorials and examples on how to use this package. If you have trouble doing a certain thing with the RouterOS API, the best place to ask for help is MikroTik's forum on scripting. If you believe you've found a bug in this package or would like to have a certain feature, don't hesitate to submit an issue for it.