IP Route updating? For VPN

RouterOS Scripting
1

Hi there,
I have a router (RB750G) which I take with me where ever I go to access my VPN; but at the moment I have to manually change the config before the VPN will connect:

Screenshot 1 - shows the gateway unreachable
Screenshot 2 - shows the gateway reachable

IP Routes List:
In one of the routes for the VPN:
Dst Address (VPN server) - remains the same
Gateway (my current ip on ethernet 1) - this I have to manually update.

Is there anyway I can make a script to remove the old route rule and create a new one?
Also upon reboot/restart/startup if the VPN tries to make a connection but can’t for some reason is it possible to disable the VPN interface and send an email?
scren1.png
scren2.png

2

How would the script know the updated gateway at the new location?

3

Well the gateway is actually set by DHCP, so it would be a matter of matching the ethernet1 IP address and checking if that has changed from the route ip.

4

Yes, that’s possible.

The bluntest approach would be to just have a script that is scheduled to run every minute and blindly updates.

Please post - wrapped in code tags - the output of “/ip dhcp-client export”, “/interface print detail”, “/ip address print detail”, and “/ip route print detail” when the router has successfully bound to a DHCP lease.

5

Hi Fewi,

Thanks for your reply, here is the information you wanted:

Also by taking a blunt approach like that wouldn’t the connection go down every minute whilst the rules update?

Bridge has all ethernet ports 2-5 attached to it.
Ethernet 1 is the WAN port

Before VPN connection:

/ip dhcp-client
add add-default-route=yes comment="default configuration" \
    default-route-distance=5 disabled=no interface=ether1-gateway use-peer-dns=\
    yes use-peer-ntp=yes




/interface print detail                      
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="ether1-gateway" type="ether" mtu=1500 l2mtu=1524 

 1  R  name="ether2-local-master" type="ether" mtu=1500 l2mtu=1524 

 2     name="ether3-local-slave" type="ether" mtu=1500 l2mtu=1524 

 3  R  name="ether4-local-slave" type="ether" mtu=1500 l2mtu=1524 

 4     name="ether5-local-slave" type="ether" mtu=1500 l2mtu=1524 

 5  X  name="PPTPgates.com" type="pptp-out" 

 6  X  name="sstp-vpn" type="sstp-out" 

 7  X  name="vpn-l2tp -L2TP" type="l2tp-out" 

 8  R  name="bridge1" type="bridge" mtu=1500 l2mtu=1524




/ip address print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 
     interface=bridge1 actual-interface=bridge1 

 1 D address=91.74.11.139/24 network=91.74.11.0 broadcast=91.74.11.255 
     interface=ether1-gateway actual-interface=ether1-gateway




/ip route print detail 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=91.74.11.1 
        gateway-status=91.74.11.1 reachable ether1-gateway distance=5 scope=30 
        target-scope=10 vrf-interface=ether1-gateway 

 1 A S  ;;; route for PPTPgates
        dst-address=89.149.227.157/32 gateway=91.74.11.1 
        gateway-status=91.74.11.1 reachable ether1-gateway distance=1 scope=30 
        target-scope=10 

 2 ADC  dst-address=91.74.11.0/24 pref-src=91.74.11.139 gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10 

 3 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge1 
        gateway-status=bridge1 reachable distance=0 scope=10

VPN Connected:

/ip dhcp-client
add add-default-route=yes comment="default configuration" \
    default-route-distance=5 disabled=no interface=ether1-gateway \
    use-peer-dns=yes use-peer-ntp=yes




/interface print detail 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 0  R  name="ether1-gateway" type="ether" mtu=1500 l2mtu=1524 

 1  R  name="ether2-local-master" type="ether" mtu=1500 l2mtu=1524 

 2     name="ether3-local-slave" type="ether" mtu=1500 l2mtu=1524 

 3  R  name="ether4-local-slave" type="ether" mtu=1500 l2mtu=1524 

 4     name="ether5-local-slave" type="ether" mtu=1500 l2mtu=1524 

 5  R  name="PPTPgates.com" type="pptp-out" mtu=1380 

 6  X  name="sstp-vpn" type="sstp-out" 

 7  X  name="vpnl2tp -L2TP" type="l2tp-out" 

 8  R  name="bridge1" type="bridge" mtu=1500 l2mtu=1524




/ ip address print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; default configuration
     address=192.168.88.1/24 network=192.168.88.0 broadcast=192.168.88.255 
     interface=bridge1 actual-interface=bridge1 

 1 D address=91.74.11.139/24 network=91.74.11.0 broadcast=91.74.11.255 
     interface=ether1-gateway actual-interface=ether1-gateway 

 2 D address=192.168.177.3/32 network=192.168.177.1 broadcast=0.0.0.0 
     interface=PPTPgates.com actual-interface=PPTPgates.com




/ ip route print detail   
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=192.168.177.1 
        gateway-status=192.168.177.1 reachable PPTPgates.com distance=1 
        scope=30 target-scope=10 

 1  DS  dst-address=0.0.0.0/0 gateway=91.74.11.1 
        gateway-status=91.74.11.1 reachable ether1-gateway distance=5 
        scope=30 target-scope=10 vrf-interface=ether1-gateway 

 2 A S  ;;; route for vpngates PPTP
        dst-address=89.149.227.157/32 gateway=91.74.11.1 
        gateway-status=91.74.11.1 reachable ether1-gateway distance=1 
        scope=30 target-scope=10 

 3 ADC  dst-address=91.74.11.0/24 pref-src=91.74.11.139 gateway=ether1-gateway 
        gateway-status=ether1-gateway reachable distance=0 scope=10 

 4 ADC  dst-address=192.168.88.0/24 pref-src=192.168.88.1 gateway=bridge1 
        gateway-status=bridge1 reachable distance=0 scope=10 

 5 ADC  dst-address=192.168.177.1/32 pref-src=192.168.177.3 
        gateway=PPTPgates.com gateway-status=PPTPgates.com reachable 
        distance=0 scope=10
6

Unless I’m thinking about this wrong, it should be as simple as this - code untested as I don’t have time to lab the scenario up:

# change into ip route context
/ip route
# find the current default route on the ether1-gateway interface
:local gateway [get [find vrf-interface=ether1-gateway AND dst-address="0.0.0.0/0"] gateway];
# set that gateway on the specific PPTP headend route
set [find dst-address="89.149.227.157/32"] gateway=$gateway

Schedule that to run frequently. It won’t bounce anything - if nothing changes it resets the gateway to the already existing value, so the situation stays the same. It would be easy to add an if condition to only apply settings on changes but I don’t think it’s even necessary, and simpler is better.

As far as emails when the connection fails - sorry, no experience with emails on ROS at all.

7

Hey Fewi,

First off let me say thank you for your help on this. Your are a true asset to the forum and this is like the 100th time your help me out :slight_smile:

On note with this script, it doesn’t seem to be working - it not change the values - or anything that i can see for that matter?

8

Thanks!

Try this:

:local gateway [/ip route get [/ip route find dst-address="0.0.0.0/0" and gateway!="192.168.177.1"] gateway];
/ip route set [/ip route find dst-address="89.149.227.157/32"] gateway=$gateway

If that doesn’t work, what do you get when you run this manually via the CLI (not scripted):

:local gateway [/ip route get [/ip route find dst-address="0.0.0.0/0" and gateway!="192.168.177.1"] gateway]; :put "Gateway: $gateway";

That works for me on a router running 4.16.

9

Nice Fewi, very nice - hit the nail on the head there. I was using 5rc1; just downgraded and it worked.

(on a side note its not the first time changing the software has fixed the same setup)

Karma point to you.

And once again many thanks for that. I’ll be able to test it out in the wild tomorrow; but it seems to be working when try it here.