Greetings folks,
So far I managed to find almost every answer I needed here on the forum, but i haven’t had any luck with this one.
Pardon me if it’s already mentioned somewhere and I missed it.
I’m trying to make a script that checks the number of installed-sa’s, compares dst-address for every entry, and flushes everything if there is two or more installed-sa’s that have the same dst-address. (please don’t ask why xD)
At first everything was going OK, but at a certain point one snippet stopped returning output:
...
:global text "";
:global count [/ip ipsec installed-sa print count-only];
:if ($count > 0) do={
:for x from=0 to=($count-1) step=1 do={
:set $text ($text . "," . [/ip ipsec installed-sa get $x dst-address]);
}
}
:log error $text;
...
Eventhough there is always at least two entries in [/ip ipsec installed-sa], the script wouldn’t return any output.
Then I opened a new script and wrote only this inside, thinking there’s an error somewhere in my syntax or logic:
:global ipAddress [/ip ipsec installed-sa get 0 dst-address];
:log info $ipAddress;
When I run it, all I get is a blank line in the log, but when I paste :put [/ip ipsec installed-sa get 0 dst-address] into the terminal, it returns the IP address without problems.
Now comes the fun part.
When I reboot the router, the bug disappears and the script snippet works fine…but after some time (still haven’t managed to figure out the interval) it gets broken again.
I tried to upgrade to the latest RouterOS version (6.34.3) from (6.22) and still no luck.
The router itself is a virtual computer on VMware with x86 platform RouterOS.
Please advise guys!