Cloudflare Gateway DNS over HTTPS on MikroTik Rout...
# general-helpr
rulim34
05/24/2023, 1:36 AMDoes anyone ever setup a Cloudflare Zero Trust's DNS over HTTPS on MikroTik RouterOS?
I tried to set it up by following this (https://jcutrer.com/howto/networking/mikrotik/mikrotik-dns-over-https) tutorial, but getting error log "certificate not yet valid (6)".
Any idea how to fix this?
c
Cyb3r-Jok3
05/24/2023, 1:39 AMI'd check the time on your router to make sure it is current
r
rulim34
05/24/2023, 1:40 AMIt's already synced
rulim34
05/24/2023, 1:42 AMWhen I tried to uncheck the Verify DoH Certificate option, it gave me 303 error.
c
Cyb3r-Jok3
05/24/2023, 1:42 AMr
rulim34
05/24/2023, 1:45 AMI've read that, and already imported both root cacert.pem and Cloudflare_CA.pem from the docs.
rulim34
05/24/2023, 1:46 AMTried to use https://one.one.one.one/dns-query and it does work fine
c
Cyb3r-Jok3
05/24/2023, 1:46 AMThose are only for origin certificates I'm pretty sure
Cyb3r-Jok3
05/24/2023, 1:47 AMOh looks like the cert CA might have changed. Try
Copy code
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""r
rulim34
05/24/2023, 1:52 AMYes I tried to import that one from Digicert too. But the Zero Trust DNS still doesn't work
c
Cyb3r-Jok3
05/24/2023, 1:53 AMWhat version of RouterOS are you on?
r
rulim34
05/24/2023, 2:03 AMWait a sec, I'm logging in again
rulim34
05/24/2023, 2:05 AM6.47.8
rulim34
05/24/2023, 2:18 AMOk now it's no longer giving "certificate not yet valid (6)" error, but "DoH server response not OK: 303: "
rulim34
05/24/2023, 7:14 AMSo, any idea what might wrong?
c
Cyb3r-Jok3
05/24/2023, 9:43 PMI'm trying to setup a RouterOS VM to debug more
Cyb3r-Jok3
05/24/2023, 10:11 PMI was able to get it to work with this:
> /tool fetch url=https://curl.se/ca/cacert.pem
> /certificate import file-name=cacert.pem
r
rulim34
05/25/2023, 7:18 AMAre you using the Cloudflare Sero Trust Gateway DNS?
rulim34
05/25/2023, 8:32 AMI'm still getting error 303 on it with Cloudflare CA.pem, and getting SSL handshake failed if I remove the Cloudflare CA.pem
c
Cyb3r-Jok3
05/25/2023, 9:31 PMYup using a Zero Trust Gateway DNS endpoint
https://cdn.discordapp.com/attachments/1110743067977334814/1111406323653955644/firefox_3Z3VnOlzfY.png▾
Cyb3r-Jok3
05/25/2023, 9:33 PMhttps://cdn.discordapp.com/attachments/1110743067977334814/1111406629741678682/WindowsTerminal_SLz01po8Si.png▾
https://cdn.discordapp.com/attachments/1110743067977334814/1111406630026887379/firefox_ubd9w2UI6q.png▾
a
Albony
05/26/2023, 10:02 AMwhy are you still on routerOS v6.x ?
Albony
05/26/2023, 10:02 AMalso which model is that
Albony
05/26/2023, 10:03 AMOh nvm it's a VM
r
rulim34
05/26/2023, 11:24 AMHmm, weird, why doesn't it work on my MikroTik. Still giving 303 error last time I tried.
c
Cyb3r-Jok3
05/26/2023, 5:25 PMNot sure. Are you able to get any DoH provider to work?
r
rulim34
05/27/2023, 1:19 AMYes, as I said, one.one.one.one works fine
c
Cyb3r-Jok3
05/27/2023, 1:29 AMMaybe try upgrading to 7? Otherwise I don't know
Cyb3r-Jok3
05/27/2023, 1:41 AMCould also try posting on the MikroTik forum to see why it works on one and not another
8 Views