segunda-feira, 23 de novembro de 2015

Mikrotik - script para resetar a vpn

script

if
ping 10.1.1.35 source 172.16.0.1
ou
/tool netwatch add host=10.1.1.35  ????????

/ip ipsec policy disable
/ip ipsec peer disable

:delay 60

/ip ipsec policy enable
/ip ipsec peer enable





----
/system scheduler
add comment="" disabled=no interval=1m name=checkmypeer-schedule on-event=\
   "checkmypeer-router-update" policy=\
   ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive \
   start-date=jan/01/1970 start-time=00:00:01

/system scheduler
add comment="" disabled=no interval=1m name=checkmyip-schedule on-event=checkmyip-router-update \
   start-date=jan/01/1970 start-time=00:00:01

---
:if ([/ip firewall connection find where dst-address ~"192.168.31.2:5066" and assured=no] != "") do={:log warning "sip-fix script has run"
[/interface disable ether2]
[:delay 10]
[/interface enable ether2]
[/tool e-mail send to=admin@example.com subject="sip-fix script has run" body="sip-fix script has run" start-tls=yes]
}
-----
Code:

# ------------------- header -------------------
# Script by Tomas Kirnak, version 1.0.1
# If you use this script, or edit and
# re-use it, please keep the header intact.
#
# For more information and details about
# this script please visit the wiki page at
# http://wiki.mikrotik.com/wiki/IPSec_Policy_Dynamic
# ------------------- header -------------------
{
:global oWANip

# Configure the WAN interface name here
:local WANip [/ip address get [find interface="pppoe-openwebtest"] address]

:set WANip [:pick "$WANip" 0 ([:len $WANip] - 3)]

if ($WANip != $oWANip) do={
  :log warning "WAN IP changed, fixing IPSec"

  # I assume you only have a single ipsec policy
  /ip ipsec policy disable 0
  /ip ipsec peer disable 0

  /ip ipsec policy set 0 tunnel=yes
  /ip ipsec policy set 0 src-address="$WANip/32"
  /ip ipsec policy set 0 sa-src-address=$WANip
  /ip ipsec policy set 0 tunnel=no

  /ip ipsec peer enable 0
  /ip ipsec policy enable 0


  :set oWANip $WANip
}
}
-------------------------------------------

/system script add name=pinging source={
  :if ([/ping 1.1.1.1 count=5] = 0) do={
    /tool e-mail send \
      to=example@example.com \
      subject="Can't ping 1.1.1.1"
    }
  }



--------------

# Following script is copied from the Mikrotik forum.
# Thanks to mainTAP and rextended for sharing
# http://forum.mikrotik.com/viewtopic.php?f=9&t=85505
# Modified few contents to suite local requirements and added descriptions
# Regard's / Syed Jahanzaib / https://aacable.wordpress.com

# Script Starts here...
# Internet Host to be checked You can modify them as per required, JZ
:local host1   "8.8.8.8"
:local host2   "208.67.222.123"

# Do not modify data below without proper understanding.
:local i 0;
:local F 0;
:local date;
:local time;
:global InternetStatus;
:global InternetLastChange;

# PING each host 5 times
:for i from=1 to=5 do={
if ([/ping $host1 count=1]=0) do={:set F ($F + 1)}
if ([/ping $host2 count=1]=0) do={:set F ($F + 1)}
:delay 1;
};

# If both links are down and all replies are timedout, then link is considered down
:if (($F=10)) do={
:if (($InternetStatus="UP")) do={
:log error "WARNING : The INTERNET link seems to be DOWN. Please Check";
:set InternetStatus "DOWN";

##      ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
##     /ip route set [find comment="Default Route"] distance=3
##     /ip firewall nat disable [find comment="Your Rules, Example"]

:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
} else={:set InternetStatus "DOWN";}
} else={

##      If reply is received , then consider the Link is UP
:if (($InternetStatus="DOWN")) do={
:log warning "WARNING :The INTERNET link have been restored";
:set InternetStatus "UP";

##      ADD YOUR RULES HERE, LIKE ROUTE CHANGE OR WHAT EVER IS REQUIRED, Example is below ...
##     /ip route set [find comment="Default Route"] distance=1
##     /ip firewall nat enable  [find comment="Your Rules, Example"]

:set date [/system clock get date];
:set time [/system clock get time];
:set InternetLastChange ($time . " " . $date);
} else={:set InternetStatus "UP";}
}

# Script Ends Here.
# Thank you




/system scheduler
add disabled=no interval=5m name="Monitor WAN connectivity Scheduler / JZ" on-event=monitor policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=jun/12/2014 start-time=\
00:00:00
---------------

:global strDate [/system clock get date]
:global strTime [/system clock get time]
:global strSystemName [/system identity get name]

:if ([/ping 10.104.7.187 interface=pppoe-out1 count=5] = 0 && [/ping 8.8.4.4 interface=pppoe-out1 count=5] = 0 && [/ip route get [find comment="Primary"] disabled]=false) do={
    :log info "Disabling Primary";
    /ip route set [find comment="Primary"] disabled=yes
    /tool e-mail send from="yyyyy@gmail.com" to="xxxx@gmail.com" subject="Route Failover - $strDate $strTime - $strSystemName" body="Failover to Telecom occurred at $strDate $strTime on $strSystemName"
    :delay 3
    /system reboot

} else= {
    :log info "No Failover Necessary";
}
----
:delay 10;
:if ([/ip route get [find comment="Primary"] disabled]=true) do={
    /interface ethernet set numbers=4 disabled=no

     /ip route set [find comment="Primary"] disabled=no
     /ip route set [find comment="Primary"] distance=3
    :delay 10
    :if ([/ping 10.104.7.187 routing-table=Primary count=5] > 0 && [/ping 8.8.4.4 routing-table=Primary count=5] > 0) do={

       /ip route set [find comment="Primary"] distance=1
       /system reboot
    }
     else= {

        /ip route set [find comment="Primary"] distance=3

    }
} else= {
    :log info "No Failover Necessary";
}


--------------------
http://alsacecom.fr/blog/2012/05/24/mikrotik-routeros-site-to-site-configuration-for-peers-with-dynamic-ip/
http://forum.mikrotik.com/viewtopic.php?t=90428
http://wiki.mikrotik.com/wiki/IPSec_Policy_Dynamic
http://wiki.mikrotik.com/wiki/VPN_(any_type)_between_2_Mikrotik_routers_and_no_static_IP_addresses
http://gregsowell.com/?p=1523
http://blog.greypuddles.net/?p=249

https://www.mikrotik.com/testdocs/ros/2.8/appex/scripting1.php

https://aacable.wordpress.com/2014/06/12/mikrotik-wan-monitoring-script-with-multiple-host-check/

--- failover com netwatch
http://mk-auth.com.br/forum/topics/failover


---- varios exemplos

https://www.mikrotik.com/testdocs/ros/2.8/system/scripting.php

http://wiki.mikrotik.com/wiki/Manual:Scripting-examples
http://wiki.mikrotik.com/wiki/Manual:Scripting

Reações:

0 comentários: