Hi everyone,
I have a Dahua DVR/XVR (CCTV) connected on a hap lite. The hap ac lite has ptp connected over l2tp/ipsec to an RB5009. When opening the SmartPSS app of Dahua, without starting the video streaming to watch the cameras live, it uses b/w as if the streaming is playing. Same configuration on a hap lite and no issues there. The only difference is that the Hap lite is over FTTH and the hap AC lite is over a WISP. My issue is that the WISP provides 20/4 and when opening the app it’s fully utilizing the upload without even streaming the cctv video. Any clue what could be wrong?
WISP hap AC lite conf
# oct/03/2023 14:05:52 by RouterOS 6.49.8
# software id = 6FBK-EBKY
#
# model = RB952Ui-5ac2nD
# serial number = 71XXXXXXXBDF
/interface bridge
add name=br-wlan
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=CCTV
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
"Uplink to Airtel Net Station"
/interface l2tp-client
add allow-fast-path=yes connect-to=213.7.231.xx disabled=no max-mru=1726 \
max-mtu=1726 name=l2tp_to_bbone0 use-ipsec=yes user=adu1polisl2tp
/interface list
add exclude=all include=all name="Discovery Interfaces"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=\
allowed mode=dynamic-keys name=profile1 supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=0 band=2ghz-b/g/n country=\
no_country_set disabled=no distance=indoors frequency=auto \
frequency-mode=manual-txpower mode=ap-bridge scan-list=2412,2437,2462 \
security-profile=profile1 ssid=HOME-WIFI station-roaming=enabled \
wireless-protocol=802.11 wps-mode=disabled
set [ find default-name=wlan2 ] antenna-gain=0 band=5ghz-n/ac channel-width=\
20/40mhz-XX country=no_country_set disabled=no distance=indoors \
frequency=auto frequency-mode=manual-txpower mode=ap-bridge scan-list=\
5180,5200,5220 security-profile=profile1 ssid=HOME-WIFI station-roaming=\
enabled wireless-protocol=802.11 wps-mode=disabled
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-256 \
hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc \
pfs-group=modp2048
/ip pool
add name=L2TP ranges=10.3.1.2-10.3.1.254
add name=wlan_pool ranges=192.153.50.10-192.153.50.254
add name=bridge_pool ranges=192.153.10.10-192.153.10.254
/ip dhcp-server
add address-pool=wlan_pool disabled=no interface=br-wlan lease-time=12h name=\
wlan_dhcp
/ppp profile
add change-tcp-mss=yes local-address=10.3.1.1 name=L2TP remote-address=L2TP \
use-encryption=yes
/snmp community
set [ find default=yes ] disabled=yes
add addresses=::/0 name=7tbk********
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=br-wlan interface=wlan1
add bridge=br-wlan interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list="Discovery Interfaces"
/interface l2tp-server server
set default-profile=L2TP max-mru=1700 max-mtu=1700 one-session-per-host=yes
/interface list member
add interface=ether1 list="Discovery Interfaces"
add interface=ether2 list="Discovery Interfaces"
add interface=l2tp_to_bbone0 list="Discovery Interfaces"
add interface=ether5 list="Discovery Interfaces"
/ip address
add address=192.153.10.1/30 interface=ether1 network=192.153.10.0
add address=192.168.1.2/24 interface=ether5 network=192.168.1.0
add address=192.153.50.1/24 interface=br-wlan network=192.153.50.0
/ip dhcp-client
add disabled=no interface=ether5 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server network
add address=192.153.50.0/24 dns-server=213.7.231.xx gateway=192.153.50.1
/ip dns
set servers=213.7.231.xx
/ip firewall address-list
add address=192.153.10.0/30 list=l2tp_to_bbone0
/ip firewall filter
add action=accept chain=forward comment=\
"Allow forward good connection states" connection-state=\
established,related,new
add action=accept chain=input comment="Allow incoming good connection states" \
connection-state=established,related,new
add action=drop chain=forward comment="Drop forward invalid connection state" \
connection-state=invalid
add action=drop chain=input comment="Drop input invalid connection state" \
connection-state=invalid
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes in-interface=ether1 \
new-routing-mark=l2tp_to_bbone0 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes ipsec-policy=out,none \
out-interface=l2tp_to_bbone0
add action=masquerade chain=srcnat out-interface=ether5
add action=dst-nat chain=dstnat dst-port=90 protocol=tcp to-addresses=\
192.153.10.2
add action=dst-nat chain=dstnat dst-port=11111 protocol=tcp to-addresses=\
192.153.10.2
/ip route
add disabled=yes distance=1 gateway=l2tp_to_bbone0 routing-mark=\
l2tp_to_bbone0
/ip service
set telnet disabled=yes
set ftp address=10.2.1.1/32,213.7.231.xx/32
set www disabled=yes
set ssh address=10.2.1.1/32,213.7.231.xx/32
set api disabled=yes
set winbox address=10.2.1.1/32,213.7.231.xx/32
set api-ssl disabled=yes
/ppp secret
add name=a********p profile=L2TP remote-address=10.3.1.2 service=l2tp
/snmp
set contact=admins@c*******y.com enabled=yes trap-community=\
7t*************6 trap-version=2
/system clock
set time-zone-name=Asia/Nicosia
/system identity
set name=adu-1.PA-8820POLIS.c*****ol.net
/system ntp client
set enabled=yes primary-ntp=213.7.231.xx secondary-ntp=213.7.231.xx
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes protected-routerboot=enabled reformat-hold-button=5s
/system scheduler
add interval=1d name=Backup on-event="/system script run BackupAndUpdate;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=apr/13/2023 start-time=00:00:00
/system script
add dont-require-permissions=no name=BackupAndUpdate owner=chrisckr policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script name: BackupAndUpdate\r\
\n#\r\
\n#----------SCRIPT INFORMATION-------------------------------------------\
--------\r\
\n#\r\
\n# Script: Mikrotik RouterOS automatic backup & update\r\
\n# Version: 22.11.12\r\
\n# Created: 07/08/2018\r\
\n# Updated: 12/11/2022\r\
\n# Author: Alexander Tebiev\r\
\n# Website: https://github.com/beeyev\r\
\n# You can contact me by e-mail at tebiev@mail.com\r\
\n#\r\
\n# IMPORTANT!\r\
\n# Minimum supported RouterOS version is v6.43.7\r\
\n#\r\
\n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
--------\r\
\n## Notification e-mail\r\
\n## (Make sure you have configurated Email settings in Tools -> Email)\r\
\n:local emailAddress \"admins@c*******y.com\";\r\
\n\r\
\n## Script mode, possible values: backup, osupdate, osnotify.\r\
\n# backup - Only backup will be performed. (default value, if none p\
rovided)\r\
\n#\r\
\n# osupdate - The Script will install a new RouterOS if it is availabl\
e.\r\
\n# It will also create backups before and after update proc\
ess (does not matter what value is set to `forceBackup`)\r\
\n# Email will be sent only if a new RouterOS version is ava\
ilable.\r\
\n# Change parameter `forceBackup` if you need the script to\
\_create backups every time when it runs (even when no updates were found)\
.\r\
\n#\r\
\n# osnotify - The script will send email notification only (without ba\
ckups) if a new RouterOS is available.\r\
\n# Change parameter `forceBackup` if you need the script to\
\_create backups every time when it runs.\r\
\n:local scriptMode \"backup\";\r\
\n\r\
\n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
fy`\r\
\n# Set `true` if you want the script to perform backup every time it's fi\
red, whatever script mode is set.\r\
\n:local forceBackup false;\r\
\n\r\
\n## Backup encryption password, no encryption if no password.\r\
\n:local backupPassword \"\"\r\
\n\r\
\n## If true, passwords will be included in exported config.\r\
\n:local sensetiveDataInConfig true;\r\
\n\r\
\n## Update channel. Possible values: stable, long-term, testing, developm\
ent\r\
\n:local updateChannel \"stable\";\r\
\n\r\
\n## Install only patch versions of RouterOS updates.\r\
\n## Works only if you set scriptMode to \"osupdate\"\r\
\n## Means that new update will be installed only if MAJOR and MINOR versi\
on numbers remained the same as currently installed RouterOS.\r\
\n## Example: v6.43.6 => major.minor.PATCH\r\
\n## Script will send information if new version is greater than just patc\
h.\r\
\n:local installOnlyPatchUpdates false;\r\
\n\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
\_YOU ARE DOING !!!! #\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n\r\
\n#Script messages prefix\r\
\n:local SMP \"Bkp&Upd:\"\r\
\n\r\
\n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
update\\\" started.\";\r\
\n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
\";\r\
\n\r\
\n#Check proper email config\r\
\n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
or [:len [/tool e-mail get from]] = 0) do={\r\
\n :log error (\"\$SMP Email configuration is not correct, please check\
\_Tools -> Email. Script stopped.\");\r\
\n :error \"\$SMP bye!\";\r\
\n}\r\
\n\r\
\n#Check if proper identity name is set\r\
\nif ([:len [/system identity get name]] = 0 or [/system identity get name\
] = \"MikroTik\") do={\r\
\n :log warning (\"\$SMP Please set identity name of your device (Syste\
m -> Identity), keep it short and informative.\");\r\
\n};\r\
\n\r\
\n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
\n# Function converts standard mikrotik build versions to the number.\r\
\n# Possible arguments: paramOsVer\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
rrent-RouterOS]];\r\
\n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
\n:global buGlobalFuncGetOsVerNum do={\r\
\n :local osVer \$paramOsVer;\r\
\n :local osVerNum;\r\
\n :local osVerMicroPart;\r\
\n :local zro 0;\r\
\n :local tmp;\r\
\n\r\
\n # Replace word `beta` with dot\r\
\n :local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
\n :if (\$isBetaPos > 1) do={\r\
\n :set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osV\
er (\$isBetaPos + 4) [:len \$osVer]]);\r\
\n }\r\
\n # Replace word `rc` with dot\r\
\n :local isRcPos [:tonum [:find \$osVer \"rc\" 0]];\r\
\n :if (\$isRcPos > 1) do={\r\
\n :set osVer ([:pick \$osVer 0 \$isRcPos] . \".\" . [:pick \$osVer\
\_(\$isRcPos + 2) [:len \$osVer]]);\r\
\n }\r\
\n\r\
\n :local dotPos1 [:find \$osVer \".\" 0];\r\
\n\r\
\n :if (\$dotPos1 > 0) do={\r\
\n\r\
\n # AA\r\
\n :set osVerNum [:pick \$osVer 0 \$dotPos1];\r\
\n\r\
\n :local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
\n #Taking minor version, everything after first dot\r\
\n :if ([:len \$dotPos2] = 0) do={:set tmp [:pick \$osVer (\$dotPos\
1+1) [:len \$osVer]];}\r\
\n #Taking minor version, everything between first and second dots\
\r\
\n :if (\$dotPos2 > 0) do={:set tmp [:pick \$osVer (\$dotPos1+1) \$\
dotPos2];}\r\
\n\r\
\n # AA 0B\r\
\n :if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\
\";}\r\
\n # AA BB\r\
\n :if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\r\
\n :if (\$dotPos2 > 0) do={\r\
\n :set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
\n # AA BB 0C\r\
\n :if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$\
tmp\";}\r\
\n # AA BB CC\r\
\n :if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\"\
;}\r\
\n } else={\r\
\n # AA BB 00\r\
\n :set osVerNum \"\$osVerNum\$zro\$zro\";\r\
\n }\r\
\n } else={\r\
\n # AA 00 00\r\
\n :set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
\n }\r\
\n\r\
\n :return \$osVerNum;\r\
\n}\r\
\n\r\
\n\r\
\n# Function creates backups (system and config) and returns array with na\
mes\r\
\n# Possible arguments:\r\
\n# `backupName` | string | backup file name, without \
extension!\r\
\n# `backupPassword` | string |\r\
\n# `sensetiveDataInConfig` | boolean |\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
\n:global buGlobalFuncCreateBackups do={\r\
\n :log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\"\
\_was fired.\");\r\
\n\r\
\n :local backupFileSys \"\$backupName.backup\";\r\
\n :local backupFileConfig \"\$backupName.rsc\";\r\
\n :local backupNames {\$backupFileSys;\$backupFileConfig};\r\
\n\r\
\n ## Make system backup\r\
\n :if ([:len \$backupPassword] = 0) do={\r\
\n /system backup save dont-encrypt=yes name=\$backupName;\r\
\n } else={\r\
\n /system backup save password=\$backupPassword name=\$backupName;\
\r\
\n }\r\
\n :log info (\"\$SMP System backup created. \$backupFileSys\");\r\
\n\r\
\n ## Export config file\r\
\n :if (\$sensetiveDataInConfig = true) do={\r\
\n # since RouterOS v7 it needs to be set precise that we want to e\
xport sensitive data\r\
\n :if ([:pick [/system package update get installed-version] 0 1] \
< 7) do={\r\
\n :execute \"/export compact terse file=\$backupName\";\r\
\n } else={\r\
\n :execute \"/export compact show-sensitive terse file=\$backu\
pName\";\r\
\n }\r\
\n } else={\r\
\n /export compact hide-sensitive terse file=\$backupName;\r\
\n }\r\
\n :log info (\"\$SMP Config file was exported. \$backupFileConfig, the\
\_script execution will be paused for a moment.\");\r\
\n\r\
\n #Delay after creating backups\r\
\n :delay 20s;\r\
\n :return \$backupNames;\r\
\n}\r\
\n\r\
\n:global buGlobalVarUpdateStep;\r\
\n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
\n\r\
\n:local scriptVersion \"22.11.12\";\r\
\n\r\
\n#Current date time in format: 2020jan15-221324\r\
\n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
\_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
. [:pick [/system clock get time] 6 8]);\r\
\n\r\
\n:local isSoftBased false;\r\
\n:if ([/system resource get board-name] = \"CHR\" or [/system resource ge\
t board-name] = \"x86\") do={\r\
\n :set isSoftBased true;\r\
\n}\r\
\n\r\
\n:local deviceOsVerInst [/system package update get installed-ve\
rsion];\r\
\n:local deviceOsVerInstNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$\
deviceOsVerInst];\r\
\n:local deviceOsVerAvail \"\";\r\
\n:local deviceOsVerAvailNum 0;\r\
\n:local deviceIdentityName [/system identity get name];\r\
\n:local deviceIdentityNameShort [:pick \$deviceIdentityName 0 18]\r\
\n:local deviceUpdateChannel [/system package update get channel];\r\
\n\r\
\n\r\
\n:local deviceRbModel \"CloudHostedRouter\";\r\
\n:local deviceRbSerialNumber \"--\";\r\
\n:local deviceRbCurrentFw \"--\";\r\
\n:local deviceRbUpgradeFw \"--\";\r\
\n\r\
\n:if (\$isSoftBased = false) do={\r\
\n :set deviceRbModel [/system routerboard get model];\r\
\n :set deviceRbSerialNumber [/system routerboard get serial-number];\
\r\
\n :set deviceRbCurrentFw [/system routerboard get current-firmwar\
e];\r\
\n :set deviceRbUpgradeFw [/system routerboard get upgrade-firmwar\
e];\r\
\n};\r\
\n\r\
\n:local isOsUpdateAvailable false;\r\
\n:local isOsNeedsToBeUpdated false;\r\
\n\r\
\n:local isSendEmailRequired true;\r\
\n\r\
\n:local mailSubject \"\$SMP Device - \$deviceIdentityNameShort.\";\r\
\n:local mailBody \"\";\r\
\n\r\
\n:local mailBodyDeviceInfo \"\\r\\n\\r\\nDevice information: \\r\\nIden\
tity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial numbe\
r: \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/s\
ystem package update get channel]) \$[/system resource get build-time] \\r\
\\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
stem resource get uptime]\";\r\
\n:local mailBodyCopyright \"\\r\\n\\r\\nMikrotik RouterOS automatic ba\
ckup & update (ver. \$scriptVersion) \\r\\nhttps://github.com/beeyev/Mikro\
tik-RouterOS-automatic-backup-and-update\";\r\
\n:local changelogUrl (\"Check RouterOS changelog: https://mikroti\
k.com/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
\n\r\
\n:local backupName \"v\$deviceOsVerInst_\$deviceUpdateChannel_\
\$dateTime\";\r\
\n:local backupNameBeforeUpd \"backup_before_update_\$backupName\";\r\
\n:local backupNameAfterUpd \"backup_after_update_\$backupName\";\r\
\n\r\
\n:local backupNameFinal \$backupName;\r\
\n:local mailAttachments [:toarray \"\"];\r\
\n\r\
\n\r\
\n:local updateStep \$buGlobalVarUpdateStep;\r\
\n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
{}\r\
\n:if ([:len \$updateStep] = 0) do={\r\
\n :set updateStep 1;\r\
\n}\r\
\n\r\
\n\r\
\n## STEP ONE: Creating backups, checking for new RouterOs version and sen\
ding email with backups,\r\
\n## steps 2 and 3 are fired only if script is set to automatically update\
\_device and if new RouterOs is available.\r\
\n:if (\$updateStep = 1) do={\r\
\n :log info (\"\$SMP Performing the first step.\");\r\
\n\r\
\n # Checking for new RouterOS version\r\
\n if (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\
\r\
\n log info (\"\$SMP Checking for new RouterOS version. Current ver\
sion is: \$deviceOsVerInst\");\r\
\n /system package update set channel=\$updateChannel;\r\
\n /system package update check-for-updates;\r\
\n :delay 5s;\r\
\n :set deviceOsVerAvail [/system package update get latest-version\
];\r\
\n\r\
\n # If there is a problem getting information about available Rout\
erOS from server\r\
\n :if ([:len \$deviceOsVerAvail] = 0) do={\r\
\n :log warning (\"\$SMP There is a problem getting information\
\_about new RouterOS from server.\");\r\
\n :set mailSubject (\$mailSubject . \" Error: No data about\
\_new RouterOS!\")\r\
\n :set mailBody (\$mailBody . \"Error occured! \\r\\nM\
ikrotik couldn't get any information about new RouterOS from server! \\r\\\
nWatch additional information in device logs.\")\r\
\n } else={\r\
\n #Get numeric version of OS\r\
\n :set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsV\
er=\$deviceOsVerAvail];\r\
\n\r\
\n # Checking if OS on server is greater than installed one.\r\
\n :if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
\n :set isOsUpdateAvailable true;\r\
\n :log info (\"\$SMP New RouterOS is available! \$deviceOs\
VerAvail\");\r\
\n } else={\r\
\n :set isSendEmailRequired false;\r\
\n :log info (\"\$SMP System is already up to date.\");\r\
\n :set mailSubject (\$mailSubject . \" No new OS updates.\
\");\r\
\n :set mailBody (\$mailBody . \"Your system is up to \
date.\");\r\
\n }\r\
\n };\r\
\n } else={\r\
\n :set scriptMode \"backup\";\r\
\n };\r\
\n\r\
\n if (\$forceBackup = true) do={\r\
\n # In this case the script will always send email, because it has\
\_to create backups\r\
\n :set isSendEmailRequired true;\r\
\n }\r\
\n\r\
\n # if new OS version is available to install\r\
\n if (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) d\
o={\r\
\n # If we only need to notify about new available version\r\
\n if (\$scriptMode = \"osnotify\") do={\r\
\n :set mailSubject (\$mailSubject . \" New RouterOS is avai\
lable! v.\$deviceOsVerAvail.\")\r\
\n :set mailBody (\$mailBody . \"New RouterOS version is \
available to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$chang\
elogUrl\")\r\
\n }\r\
\n\r\
\n # if we need to initiate RouterOs update process\r\
\n if (\$scriptMode = \"osupdate\") do={\r\
\n :set isOsNeedsToBeUpdated true;\r\
\n # if we need to install only patch updates\r\
\n :if (\$installOnlyPatchUpdates = true) do={\r\
\n #Check if Major and Minor builds are the same.\r\
\n :if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerI\
nstNum]-2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]\
-2)]) do={\r\
\n :log info (\"\$SMP New patch version of RouterOS fir\
mware is available.\");\r\
\n } else={\r\
\n :log info (\"\$SMP New major or minor vers\
ion of RouterOS firmware is available. You need to update it manually.\");\
\r\
\n :set mailSubject (\$mailSubject . \" New RouterOS\
: v.\$deviceOsVerAvail needs to be installed manually.\");\r\
\n :set mailBody (\$mailBody . \"New major or min\
or RouterOS version is available to install: v.\$deviceOsVerAvail (\$updat\
eChannel). \\r\\nYou chose to automatically install only patch updates, so\
\_this major update you need to install manually. \\r\\n\$changelogUrl\");\
\r\
\n :set isOsNeedsToBeUpdated false;\r\
\n }\r\
\n }\r\
\n\r\
\n #Check again, because this variable could be changed during \
checking for installing only patch updats\r\
\n if (\$isOsNeedsToBeUpdated = true) do={\r\
\n :log info (\"\$SMP New RouterOS is going to be\
\_installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail\");\r\
\n :set mailSubject (\$mailSubject . \" New RouterOS is \
going to be installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
\n :set mailBody (\$mailBody . \"Your Mikrotik will b\
e updated to the new RouterOS version from v.\$deviceOsVerInst to v.\$devi\
ceOsVerAvail (Update channel: \$updateChannel) \\r\\nFinal report with the\
\_detailed information will be sent when update process is completed. \\r\
\\nIf you have not received second email in the next 10 minutes, then prob\
ably something went wrong. (Check your device logs)\");\r\
\n #!! There is more code connected to this part and first \
step at the end of the script.\r\
\n }\r\
\n\r\
\n }\r\
\n }\r\
\n\r\
\n ## Checking If the script needs to create a backup\r\
\n :log info (\"\$SMP Checking If the script needs to create a backup.\
\");\r\
\n if (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeeds\
ToBeUpdated = true) do={\r\
\n :log info (\"\$SMP Creating system backups.\");\r\
\n if (\$isOsNeedsToBeUpdated = true) do={\r\
\n :set backupNameFinal \$backupNameBeforeUpd;\r\
\n };\r\
\n if (\$scriptMode != \"backup\") do={\r\
\n :set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
\n };\r\
\n\r\
\n :set mailSubject (\$mailSubject . \" Backup was created.\");\
\r\
\n :set mailBody (\$mailBody . \"System backups were created \
and attached to this email.\");\r\
\n\r\
\n :set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$b\
ackupNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$sen\
setiveDataInConfig];\r\
\n } else={\r\
\n :log info (\"\$SMP There is no need to create a backup.\");\r\
\n }\r\
\n\r\
\n # Combine fisrst step email\r\
\n :set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyrig\
ht);\r\
\n}\r\
\n\r\
\n## STEP TWO: (after first reboot) routerboard firmware upgrade\r\
\n## steps 2 and 3 are fired only if script is set to automatically update\
\_device and if new RouterOs is available.\r\
\n:if (\$updateStep = 2) do={\r\
\n :log info (\"\$SMP Performing the second step.\");\r\
\n ## RouterOS is the latest, let's check for upgraded routerboard firm\
ware\r\
\n if (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
\n :set isSendEmailRequired false;\r\
\n :delay 10s;\r\
\n :log info \"\$SMP Upgrading routerboard firmware from v.\$device\
RbCurrentFw to v.\$deviceRbUpgradeFw\";\r\
\n ## Start the upgrading process\r\
\n /system routerboard upgrade;\r\
\n ## Wait until the upgrade is completed\r\
\n :delay 5s;\r\
\n :log info \"\$SMP routerboard upgrade process was completed, goi\
ng to reboot in a moment!\";\r\
\n ## Set scheduled task to send final report on the next boot, tas\
k will be deleted when is is done. (That is why you should keep original s\
cript name)\r\
\n /system scheduler add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-e\
vent=\":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOO\
T; :global buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupA\
ndUpdate;\" start-time=startup interval=0;\r\
\n ## Reboot system to boot with new firmware\r\
\n /system reboot;\r\
\n } else={\r\
\n :log info \"\$SMP It appers that your routerboard is already up \
to date, skipping this step.\";\r\
\n :set updateStep 3;\r\
\n };\r\
\n}\r\
\n\r\
\n## STEP THREE: Last step (after second reboot) sending final report\r\
\n## steps 2 and 3 are fired only if script is set to automatically update\
\_device and if new RouterOs is available.\r\
\n:if (\$updateStep = 3) do={\r\
\n :log info (\"\$SMP Performing the third step.\");\r\
\n :log info \"Bkp&Upd: RouterOS and routerboard upgrade process was co\
mpleted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: \
v.\$deviceRbCurrentFw.\";\r\
\n ## Small delay in case mikrotik needs some time to initialize connec\
tions\r\
\n :log info \"\$SMP The final email with report and backups of upgrade\
d system will be sent in a minute.\";\r\
\n :delay 1m;\r\
\n :set mailSubject (\$mailSubject . \" RouterOS Upgrade is complete\
d, new version: v.\$deviceOsVerInst!\");\r\
\n :set mailBody \"RouterOS and routerboard upgrade process was c\
ompleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard fir\
mware: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of \
the upgraded system are in the attachment of this email. \$mailBodyDevice\
Info \$mailBodyCopyright\";\r\
\n :set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
pNameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$sens\
etiveDataInConfig];\r\
\n}\r\
\n\r\
\n# Remove functions from global environment to keep it fresh and clean.\r\
\n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
r={}\r\
\n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
ror={}\r\
\n\r\
\n##\r\
\n## SENDING EMAIL\r\
\n##\r\
\n# Trying to send email with backups in attachment.\r\
\n\r\
\n:if (\$isSendEmailRequired = true) do={\r\
\n :log info \"\$SMP Sending email message, it will take around half a \
minute...\";\r\
\n :do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
\$mailBody file=\$mailAttachments;} on-error={\r\
\n :delay 5s;\r\
\n :log error \"\$SMP could not send email message (\$[/tool e-mail\
\_get last-status]). Going to try it again in a while.\"\r\
\n\r\
\n :delay 5m;\r\
\n\r\
\n :do {/tool e-mail send to=\$emailAddress subject=\$mailSubject b\
ody=\$mailBody file=\$mailAttachments;} on-error={\r\
\n :delay 5s;\r\
\n :log error \"\$SMP could not send email message (\$[/tool e-\
mail get last-status]) for the second time.\"\r\
\n\r\
\n if (\$isOsNeedsToBeUpdated = true) do={\r\
\n :set isOsNeedsToBeUpdated false;\r\
\n :log warning \"\$SMP script is not going to initialise u\
pdate process due to inability to send backups to email.\"\r\
\n }\r\
\n }\r\
\n }\r\
\n\r\
\n :delay 30s;\r\
\n\r\
\n :if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status]\
\_= \"succeeded\") do={\r\
\n :log info \"\$SMP File system cleanup.\"\r\
\n /file remove \$mailAttachments;\r\
\n :delay 2s;\r\
\n }\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n# Fire RouterOs update process\r\
\nif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\r\
\n :if (\$isSoftBased = false) do={\r\
\n ## Set scheduled task to upgrade routerboard firmware on the nex\
t boot, task will be deleted when upgrade is done. (That is why you should\
\_keep original script name)\r\
\n /system scheduler add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global\
\_buGlobalVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\
\" start-time=startup interval=0;\r\
\n } else= {\r\
\n ## If the scrip is executed on CHR, step 2 will be skipped\r\
\n /system scheduler add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global\
\_buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpdate;\
\" start-time=startup interval=0;\r\
\n };\r\
\n\r\
\n\r\
\n :log info \"\$SMP everything is ready to install new RouterOS, going\
\_to reboot in a moment!\"\r\
\n ## command is reincarnation of the \"upgrade\" command - doing exact\
ly the same but under a different name\r\
\n /system package update install;\r\
\n}\r\
\n\r\
\n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
\\\" completed it's job.\\r\\n\";"
/tool e-mail
set address=mail.c*****ol.com from=r1@c*****ol.com port=587 start-tls=yes \
user=r1@c*****ol.com
/tool netwatch
add down-script="tool e-mail send to=admins@c*******y.com subject=adu-1.PA-\
8820POLIS.c*****ol.com start-tls=yes body=CCTV_on_ether1_of_adu-1.PA-882\
0POLIS.c*****ol.com_is_UNREACHABLE." host=192.153.10.2 up-script="tool e\
-mail send to=admins@c*******y.com subject=adu-1.PA-8820POLIS.ckrcontro\
l.com start-tls=yes body=CCTV_on_ether1_of_adu-1.PA-8820POLIS.c*****ol.c\
om_is_UP."
add disabled=yes down-script="tool e-mail send to=admins@c*******y.com subj\
ect=adu-1.PA-8820POLIS.c*****ol.com start-tls=yes body=Internet_of_adu-1\
.PA-8820POLIS.c*****ol.com_is_DOWN_Ping_to_8.8.8.8_failed." host=\
8.8.8.8 timeout=5s up-script="tool e-mail send to=admins@c*******y.com \
subject=adu-1.PA-8820POLIS.c*****ol.com start-tls=yes body=Internet_of_a\
du-1.PA-8820POLIS.c*****ol.com_is_UP_Ping_to_8.8.8.8_was_successful."
/tool romon
set enabled=yes
hap lite over FTTH
# oct/03/2023 14:06:41 by RouterOS 6.49.8
# software id = B8BE-SCNF
#
# model = RB941-2nD
# serial number = D1XXXXXXE0
/interface bridge
add name=br_eoip
/interface ethernet
set [ find default-name=ether1 ] comment="Uplink to PTCPE" loop-protect=on
set [ find default-name=ether2 ] comment=CCTV loop-protect=on
set [ find default-name=ether3 ] disabled=yes loop-protect=on
set [ find default-name=ether4 ] comment="local mgnt" loop-protect=on
/interface l2tp-client
add allow-fast-path=yes connect-to=213.7.231.xx disabled=no max-mru=1726 \
max-mtu=1726 name=l2tp_to_bbone0 use-ipsec=yes user=a********p
/interface l2tp-server
add name=l2tp_to_adu-2.hq user=adu1hqc*****olcom
/interface pwr-line
set [ find default-name=pwr-line1 ] disabled=yes
/interface eoip
add local-address=10.10.1.1 mac-address=02:B0:E8:45:BD:3D mtu=1500 name=\
eoip_to_adu-2.hq remote-address=10.10.1.2 tunnel-id=10
add local-address=10.2.1.150 mac-address=02:02:73:98:7B:43 mtu=1500 name=\
eoip_to_bbone0 remote-address=10.2.1.1 tunnel-id=11
/interface list
add exclude=all include=all name="Discovery interfaces"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=\
dynamic-keys name=wifi-profile supplicant-identity="" unicast-ciphers=\
tkip,aes-ccm
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country="united states" \
disabled=no frequency=auto mode=ap-bridge security-profile=wifi-profile \
ssid=CHOME-AP wps-mode=disabled
/ip ipsec peer
add address=213.7.231.xx/32 local-address=192.168.2.10 name=bbone0
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-256 \
hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc \
pfs-group=modp2048
/ip pool
add name=dhcp_pool_wlan ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool3 ranges=192.150.150.10-192.150.150.254
/ip dhcp-server
add address-pool=dhcp_pool_wlan disabled=no interface=wlan1 lease-time=2h \
name=dhcp-wlan
add address-pool=dhcp_pool3 disabled=no interface=br_eoip name=eoip_dhcp
/ppp profile
add change-tcp-mss=yes local-address=10.10.1.1 name=L2TP use-encryption=yes
add name=pptp_to_cisco use-encryption=required
/interface pptp-client
add allow=mschap2 connect-to=213.7.231.xx name=pptp_to_cisco.HQ profile=\
pptp_to_cisco user=PPTP_Cisco
/snmp community
set [ find default=yes ] disabled=yes
add addresses=10.2.1.1/32 name=nn*******Q
/interface bridge port
add bridge=br_eoip interface=eoip_to_adu-2.hq
add bridge=br_eoip interface=eoip_to_bbone0
/ip neighbor discovery-settings
set discover-interface-list="Discovery interfaces"
/interface l2tp-server server
set allow-fast-path=yes default-profile=L2TP enabled=yes max-mru=1730 \
max-mtu=1730
/interface list member
add interface=ether2 list="Discovery interfaces"
add interface=l2tp_to_bbone0 list="Discovery interfaces"
add interface=ether4 list="Discovery interfaces"
/ip address
add address=192.168.2.10/24 interface=ether1 network=192.168.2.0
add address=192.150.20.1/30 interface=ether2 network=192.150.20.0
add address=192.168.10.1/24 interface=wlan1 network=192.168.10.0
add address=192.150.150.1/24 interface=br_eoip network=192.150.150.0
/ip dhcp-server network
add address=192.150.150.0/24 dns-server=213.7.231.xx gateway=192.150.150.1
add address=192.168.10.0/24 dns-server=213.7.231.xx gateway=192.168.10.1
/ip dns
set servers=213.7.231.xx
/ip firewall address-list
add address=192.100.30.2 list=l2tp-to-bbhq
/ip firewall filter
add action=accept chain=input dst-port=500,1701,4500 protocol=udp \
src-address=213.7.231.xx
add action=drop chain=input dst-port=500,1701,4500 protocol=udp src-address=\
0.0.0.0/0
add action=accept chain=forward comment=\
"Allow forward good connection states" connection-state=\
established,related,new
add action=accept chain=input comment="Allow incoming good connection states" \
connection-state=established,related,new
add action=drop chain=forward comment="Drop forward invalid connection state" \
connection-state=invalid
add action=drop chain=input comment="Drop input invalid connection state" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat dst-port=11111 protocol=tcp to-addresses=\
192.150.20.2
add action=dst-nat chain=dstnat dst-port=90 in-interface=l2tp_to_bbone0 \
protocol=tcp to-addresses=192.150.20.2
/ip ipsec identity
add peer=bbone0
/ip ipsec policy
add dst-address=213.7.231.xx/32 dst-port=1701 peer=bbone0 protocol=udp \
src-address=192.168.2.10/32 src-port=1701
/ip route
add distance=1 gateway=192.168.2.1
add distance=1 dst-address=10.2.1.0/24 gateway=l2tp_to_bbone0
add distance=1 dst-address=172.168.188.3/32 gateway=l2tp_to_bbone0
/ip service
set telnet disabled=yes
set ftp address=213.7.231.xx/32,10.2.1.1/32
set www address=213.7.231.xx/32,10.2.1.1/32 disabled=yes
set ssh address=213.7.231.xx/32,10.2.1.1/32
set api disabled=yes
set winbox address=213.7.231.xx/32,10.2.1.1/32
set api-ssl disabled=yes
/ppp secret
add name=adu1hqc*****olcom profile=L2TP remote-address=10.10.1.2 service=\
l2tp
add disabled=yes name=bbone0c*****olcom profile=L2TP remote-address=\
10.10.1.3 service=l2tp
/snmp
set contact=admin@c*******y.com enabled=yes trap-community=\
n**********Q trap-target=213.7.231.xx trap-version=2
/system clock
set time-zone-name=Asia/Nicosia
/system identity
set name=adu-1.PA-8010ANDGER7.c*****ol.net
/system ntp client
set enabled=yes primary-ntp=213.7.231.xx secondary-ntp=213.7.231.xx
/system package update
set channel=long-term
/system scheduler
add interval=1d name=Backup on-event="/system script run BackupAndUpdate;" \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jun/16/2023 start-time=00:00:00
/system script
add dont-require-permissions=no name=BackupAndUpdate owner=chrisckr policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
\_Script name: BackupAndUpdate\r\
\n#\r\
\n#----------SCRIPT INFORMATION-------------------------------------------\
--------\r\
\n#\r\
\n# Script: Mikrotik RouterOS automatic backup & update\r\
\n# Version: 22.11.12\r\
\n# Created: 07/08/2018\r\
\n# Updated: 12/11/2022\r\
\n# Author: Alexander Tebiev\r\
\n# Website: https://github.com/beeyev\r\
\n# You can contact me by e-mail at tebiev@mail.com\r\
\n#\r\
\n# IMPORTANT!\r\
\n# Minimum supported RouterOS version is v6.43.7\r\
\n#\r\
\n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
--------\r\
\n## Notification e-mail\r\
\n## (Make sure you have configurated Email settings in Tools -> Email)\r\
\n:local emailAddress \"admins@c*******y.com\";\r\
\n\r\
\n## Script mode, possible values: backup, osupdate, osnotify.\r\
\n# backup - Only backup will be performed. (default value, if none p\
rovided)\r\
\n#\r\
\n# osupdate - The Script will install a new RouterOS if it is availabl\
e.\r\
\n# It will also create backups before and after update proc\
ess (does not matter what value is set to `forceBackup`)\r\
\n# Email will be sent only if a new RouterOS version is ava\
ilable.\r\
\n# Change parameter `forceBackup` if you need the script to\
\_create backups every time when it runs (even when no updates were found)\
.\r\
\n#\r\
\n# osnotify - The script will send email notification only (without ba\
ckups) if a new RouterOS is available.\r\
\n# Change parameter `forceBackup` if you need the script to\
\_create backups every time when it runs.\r\
\n:local scriptMode \"backup\";\r\
\n\r\
\n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
fy`\r\
\n# Set `true` if you want the script to perform backup every time it's fi\
red, whatever script mode is set.\r\
\n:local forceBackup false;\r\
\n\r\
\n## Backup encryption password, no encryption if no password.\r\
\n:local backupPassword \"\"\r\
\n\r\
\n## If true, passwords will be included in exported config.\r\
\n:local sensetiveDataInConfig true;\r\
\n\r\
\n## Update channel. Possible values: stable, long-term, testing, developm\
ent\r\
\n:local updateChannel \"stable\";\r\
\n\r\
\n## Install only patch versions of RouterOS updates.\r\
\n## Works only if you set scriptMode to \"osupdate\"\r\
\n## Means that new update will be installed only if MAJOR and MINOR versi\
on numbers remained the same as currently installed RouterOS.\r\
\n## Example: v6.43.6 => major.minor.PATCH\r\
\n## Script will send information if new version is greater than just patc\
h.\r\
\n:local installOnlyPatchUpdates false;\r\
\n\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
\_YOU ARE DOING !!!! #\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n\r\
\n#Script messages prefix\r\
\n:local SMP \"Bkp&Upd:\"\r\
\n\r\
\n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
update\\\" started.\";\r\
\n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
\";\r\
\n\r\
\n#Check proper email config\r\
\n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
or [:len [/tool e-mail get from]] = 0) do={\r\
\n :log error (\"\$SMP Email configuration is not correct, please check\
\_Tools -> Email. Script stopped.\");\r\
\n :error \"\$SMP bye!\";\r\
\n}\r\
\n\r\
\n#Check if proper identity name is set\r\
\nif ([:len [/system identity get name]] = 0 or [/system identity get name\
] = \"MikroTik\") do={\r\
\n :log warning (\"\$SMP Please set identity name of your device (Syste\
m -> Identity), keep it short and informative.\");\r\
\n};\r\
\n\r\
\n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
\n# Function converts standard mikrotik build versions to the number.\r\
\n# Possible arguments: paramOsVer\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
rrent-RouterOS]];\r\
\n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
\n:global buGlobalFuncGetOsVerNum do={\r\
\n :local osVer \$paramOsVer;\r\
\n :local osVerNum;\r\
\n :local osVerMicroPart;\r\
\n :local zro 0;\r\
\n :local tmp;\r\
\n\r\
\n # Replace word `beta` with dot\r\
\n :local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
\n :if (\$isBetaPos > 1) do={\r\
\n :set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osV\
er (\$isBetaPos + 4) [:len \$osVer]]);\r\
\n }\r\
\n # Replace word `rc` with dot\r\
\n :local isRcPos [:tonum [:find \$osVer \"rc\" 0]];\r\
\n :if (\$isRcPos > 1) do={\r\
\n :set osVer ([:pick \$osVer 0 \$isRcPos] . \".\" . [:pick \$osVer\
\_(\$isRcPos + 2) [:len \$osVer]]);\r\
\n }\r\
\n\r\
\n :local dotPos1 [:find \$osVer \".\" 0];\r\
\n\r\
\n :if (\$dotPos1 > 0) do={\r\
\n\r\
\n # AA\r\
\n :set osVerNum [:pick \$osVer 0 \$dotPos1];\r\
\n\r\
\n :local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
\n #Taking minor version, everything after first dot\r\
\n :if ([:len \$dotPos2] = 0) do={:set tmp [:pick \$osVer (\$dotPos\
1+1) [:len \$osVer]];}\r\
\n #Taking minor version, everything between first and second dots\
\r\
\n :if (\$dotPos2 > 0) do={:set tmp [:pick \$osVer (\$dotPos1+1) \$\
dotPos2];}\r\
\n\r\
\n # AA 0B\r\
\n :if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\
\";}\r\
\n # AA BB\r\
\n :if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\r\
\n :if (\$dotPos2 > 0) do={\r\
\n :set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
\n # AA BB 0C\r\
\n :if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$\
tmp\";}\r\
\n # AA BB CC\r\
\n :if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\"\
;}\r\
\n } else={\r\
\n # AA BB 00\r\
\n :set osVerNum \"\$osVerNum\$zro\$zro\";\r\
\n }\r\
\n } else={\r\
\n # AA 00 00\r\
\n :set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
\n }\r\
\n\r\
\n :return \$osVerNum;\r\
\n}\r\
\n\r\
\n\r\
\n# Function creates backups (system and config) and returns array with na\
mes\r\
\n# Possible arguments:\r\
\n# `backupName` | string | backup file name, without \
extension!\r\
\n# `backupPassword` | string |\r\
\n# `sensetiveDataInConfig` | boolean |\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
\n:global buGlobalFuncCreateBackups do={\r\
\n :log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\"\
\_was fired.\");\r\
\n\r\
\n :local backupFileSys \"\$backupName.backup\";\r\
\n :local backupFileConfig \"\$backupName.rsc\";\r\
\n :local backupNames {\$backupFileSys;\$backupFileConfig};\r\
\n\r\
\n ## Make system backup\r\
\n :if ([:len \$backupPassword] = 0) do={\r\
\n /system backup save dont-encrypt=yes name=\$backupName;\r\
\n } else={\r\
\n /system backup save password=\$backupPassword name=\$backupName;\
\r\
\n }\r\
\n :log info (\"\$SMP System backup created. \$backupFileSys\");\r\
\n\r\
\n ## Export config file\r\
\n :if (\$sensetiveDataInConfig = true) do={\r\
\n # since RouterOS v7 it needs to be set precise that we want to e\
xport sensitive data\r\
\n :if ([:pick [/system package update get installed-version] 0 1] \
< 7) do={\r\
\n :execute \"/export compact terse file=\$backupName\";\r\
\n } else={\r\
\n :execute \"/export compact show-sensitive terse file=\$backu\
pName\";\r\
\n }\r\
\n } else={\r\
\n /export compact hide-sensitive terse file=\$backupName;\r\
\n }\r\
\n :log info (\"\$SMP Config file was exported. \$backupFileConfig, the\
\_script execution will be paused for a moment.\");\r\
\n\r\
\n #Delay after creating backups\r\
\n :delay 20s;\r\
\n :return \$backupNames;\r\
\n}\r\
\n\r\
\n:global buGlobalVarUpdateStep;\r\
\n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
\n\r\
\n:local scriptVersion \"22.11.12\";\r\
\n\r\
\n#Current date time in format: 2020jan15-221324\r\
\n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
\_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
. [:pick [/system clock get time] 6 8]);\r\
\n\r\
\n:local isSoftBased false;\r\
\n:if ([/system resource get board-name] = \"CHR\" or [/system resource ge\
t board-name] = \"x86\") do={\r\
\n :set isSoftBased true;\r\
\n}\r\
\n\r\
\n:local deviceOsVerInst [/system package update get installed-ve\
rsion];\r\
\n:local deviceOsVerInstNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$\
deviceOsVerInst];\r\
\n:local deviceOsVerAvail \"\";\r\
\n:local deviceOsVerAvailNum 0;\r\
\n:local deviceIdentityName [/system identity get name];\r\
\n:local deviceIdentityNameShort [:pick \$deviceIdentityName 0 18]\r\
\n:local deviceUpdateChannel [/system package update get channel];\r\
\n\r\
\n\r\
\n:local deviceRbModel \"CloudHostedRouter\";\r\
\n:local deviceRbSerialNumber \"--\";\r\
\n:local deviceRbCurrentFw \"--\";\r\
\n:local deviceRbUpgradeFw \"--\";\r\
\n\r\
\n:if (\$isSoftBased = false) do={\r\
\n :set deviceRbModel [/system routerboard get model];\r\
\n :set deviceRbSerialNumber [/system routerboard get serial-number];\
\r\
\n :set deviceRbCurrentFw [/system routerboard get current-firmwar\
e];\r\
\n :set deviceRbUpgradeFw [/system routerboard get upgrade-firmwar\
e];\r\
\n};\r\
\n\r\
\n:local isOsUpdateAvailable false;\r\
\n:local isOsNeedsToBeUpdated false;\r\
\n\r\
\n:local isSendEmailRequired true;\r\
\n\r\
\n:local mailSubject \"\$SMP Device - \$deviceIdentityNameShort.\";\r\
\n:local mailBody \"\";\r\
\n\r\
\n:local mailBodyDeviceInfo \"\\r\\n\\r\\nDevice information: \\r\\nIden\
tity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial numbe\
r: \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/s\
ystem package update get channel]) \$[/system resource get build-time] \\r\
\\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
stem resource get uptime]\";\r\
\n:local mailBodyCopyright \"\\r\\n\\r\\nMikrotik RouterOS automatic ba\
ckup & update (ver. \$scriptVersion) \\r\\nhttps://github.com/beeyev/Mikro\
tik-RouterOS-automatic-backup-and-update\";\r\
\n:local changelogUrl (\"Check RouterOS changelog: https://mikroti\
k.com/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
\n\r\
\n:local backupName \"v\$deviceOsVerInst_\$deviceUpdateChannel_\
\$dateTime\";\r\
\n:local backupNameBeforeUpd \"backup_before_update_\$backupName\";\r\
\n:local backupNameAfterUpd \"backup_after_update_\$backupName\";\r\
\n\r\
\n:local backupNameFinal \$backupName;\r\
\n:local mailAttachments [:toarray \"\"];\r\
\n\r\
\n\r\
\n:local updateStep \$buGlobalVarUpdateStep;\r\
\n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
{}\r\
\n:if ([:len \$updateStep] = 0) do={\r\
\n :set updateStep 1;\r\
\n}\r\
\n\r\
\n\r\
\n## STEP ONE: Creating backups, checking for new RouterOs version and sen\
ding email with backups,\r\
\n## steps 2 and 3 are fired only if script is set to automatically update\
\_device and if new RouterOs is available.\r\
\n:if (\$updateStep = 1) do={\r\
\n :log info (\"\$SMP Performing the first step.\");\r\
\n\r\
\n # Checking for new RouterOS version\r\
\n if (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\
\r\
\n log info (\"\$SMP Checking for new RouterOS version. Current ver\
sion is: \$deviceOsVerInst\");\r\
\n /system package update set channel=\$updateChannel;\r\
\n /system package update check-for-updates;\r\
\n :delay 5s;\r\
\n :set deviceOsVerAvail [/system package update get latest-version\
];\r\
\n\r\
\n # If there is a problem getting information about available Rout\
erOS from server\r\
\n :if ([:len \$deviceOsVerAvail] = 0) do={\r\
\n :log warning (\"\$SMP There is a problem getting information\
\_about new RouterOS from server.\");\r\
\n :set mailSubject (\$mailSubject . \" Error: No data about\
\_new RouterOS!\")\r\
\n :set mailBody (\$mailBody . \"Error occured! \\r\\nM\
ikrotik couldn't get any information about new RouterOS from server! \\r\\\
nWatch additional information in device logs.\")\r\
\n } else={\r\
\n #Get numeric version of OS\r\
\n :set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsV\
er=\$deviceOsVerAvail];\r\
\n\r\
\n # Checking if OS on server is greater than installed one.\r\
\n :if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
\n :set isOsUpdateAvailable true;\r\
\n :log info (\"\$SMP New RouterOS is available! \$deviceOs\
VerAvail\");\r\
\n } else={\r\
\n :set isSendEmailRequired false;\r\
\n :log info (\"\$SMP System is already up to date.\");\r\
\n :set mailSubject (\$mailSubject . \" No new OS updates.\
\");\r\
\n :set mailBody (\$mailBody . \"Your system is up to \
date.\");\r\
\n }\r\
\n };\r\
\n } else={\r\
\n :set scriptMode \"backup\";\r\
\n };\r\
\n\r\
\n if (\$forceBackup = true) do={\r\
\n # In this case the script will always send email, because it has\
\_to create backups\r\
\n :set isSendEmailRequired true;\r\
\n }\r\
\n\r\
\n # if new OS version is available to install\r\
\n if (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) d\
o={\r\
\n # If we only need to notify about new available version\r\
\n if (\$scriptMode = \"osnotify\") do={\r\
\n :set mailSubject (\$mailSubject . \" New RouterOS is avai\
lable! v.\$deviceOsVerAvail.\")\r\
\n :set mailBody (\$mailBody . \"New RouterOS version is \
available to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$chang\
elogUrl\")\r\
\n }\r\
\n\r\
\n # if we need to initiate RouterOs update process\r\
\n if (\$scriptMode = \"osupdate\") do={\r\
\n :set isOsNeedsToBeUpdated true;\r\
\n # if we need to install only patch updates\r\
\n :if (\$installOnlyPatchUpdates = true) do={\r\
\n #Check if Major and Minor builds are the same.\r\
\n :if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerI\
nstNum]-2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]\
-2)]) do={\r\
\n :log info (\"\$SMP New patch version of RouterOS fir\
mware is available.\");\r\
\n } else={\r\
\n :log info (\"\$SMP New major or minor vers\
ion of RouterOS firmware is available. You need to update it manually.\");\
\r\
\n :set mailSubject (\$mailSubject . \" New RouterOS\
: v.\$deviceOsVerAvail needs to be installed manually.\");\r\
\n :set mailBody (\$mailBody . \"New major or min\
or RouterOS version is available to install: v.\$deviceOsVerAvail (\$updat\
eChannel). \\r\\nYou chose to automatically install only patch updates, so\
\_this major update you need to install manually. \\r\\n\$changelogUrl\");\
\r\
\n :set isOsNeedsToBeUpdated false;\r\
\n }\r\
\n }\r\
\n\r\
\n #Check again, because this variable could be changed during \
checking for installing only patch updats\r\
\n if (\$isOsNeedsToBeUpdated = true) do={\r\
\n :log info (\"\$SMP New RouterOS is going to be\
\_installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail\");\r\
\n :set mailSubject (\$mailSubject . \" New RouterOS is \
going to be installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
\n :set mailBody (\$mailBody . \"Your Mikrotik will b\
e updated to the new RouterOS version from v.\$deviceOsVerInst to v.\$devi\
ceOsVerAvail (Update channel: \$updateChannel) \\r\\nFinal report with the\
\_detailed information will be sent when update process is completed. \\r\
\\nIf you have not received second email in the next 10 minutes, then prob\
ably something went wrong. (Check your device logs)\");\r\
\n #!! There is more code connected to this part and first \
step at the end of the script.\r\
\n }\r\
\n\r\
\n }\r\
\n }\r\
\n\r\
\n ## Checking If the script needs to create a backup\r\
\n :log info (\"\$SMP Checking If the script needs to create a backup.\
\");\r\
\n if (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeeds\
ToBeUpdated = true) do={\r\
\n :log info (\"\$SMP Creating system backups.\");\r\
\n if (\$isOsNeedsToBeUpdated = true) do={\r\
\n :set backupNameFinal \$backupNameBeforeUpd;\r\
\n };\r\
\n if (\$scriptMode != \"backup\") do={\r\
\n :set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
\n };\r\
\n\r\
\n :set mailSubject (\$mailSubject . \" Backup was created.\");\
\r\
\n :set mailBody (\$mailBody . \"System backups were created \
and attached to this email.\");\r\
\n\r\
\n :set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$b\
ackupNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$sen\
setiveDataInConfig];\r\
\n } else={\r\
\n :log info (\"\$SMP There is no need to create a backup.\");\r\
\n }\r\
\n\r\
\n # Combine fisrst step email\r\
\n :set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyrig\
ht);\r\
\n}\r\
\n\r\
\n## STEP TWO: (after first reboot) routerboard firmware upgrade\r\
\n## steps 2 and 3 are fired only if script is set to automatically update\
\_device and if new RouterOs is available.\r\
\n:if (\$updateStep = 2) do={\r\
\n :log info (\"\$SMP Performing the second step.\");\r\
\n ## RouterOS is the latest, let's check for upgraded routerboard firm\
ware\r\
\n if (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
\n :set isSendEmailRequired false;\r\
\n :delay 10s;\r\
\n :log info \"\$SMP Upgrading routerboard firmware from v.\$device\
RbCurrentFw to v.\$deviceRbUpgradeFw\";\r\
\n ## Start the upgrading process\r\
\n /system routerboard upgrade;\r\
\n ## Wait until the upgrade is completed\r\
\n :delay 5s;\r\
\n :log info \"\$SMP routerboard upgrade process was completed, goi\
ng to reboot in a moment!\";\r\
\n ## Set scheduled task to send final report on the next boot, tas\
k will be deleted when is is done. (That is why you should keep original s\
cript name)\r\
\n /system scheduler add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-e\
vent=\":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOO\
T; :global buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupA\
ndUpdate;\" start-time=startup interval=0;\r\
\n ## Reboot system to boot with new firmware\r\
\n /system reboot;\r\
\n } else={\r\
\n :log info \"\$SMP It appers that your routerboard is already up \
to date, skipping this step.\";\r\
\n :set updateStep 3;\r\
\n };\r\
\n}\r\
\n\r\
\n## STEP THREE: Last step (after second reboot) sending final report\r\
\n## steps 2 and 3 are fired only if script is set to automatically update\
\_device and if new RouterOs is available.\r\
\n:if (\$updateStep = 3) do={\r\
\n :log info (\"\$SMP Performing the third step.\");\r\
\n :log info \"Bkp&Upd: RouterOS and routerboard upgrade process was co\
mpleted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: \
v.\$deviceRbCurrentFw.\";\r\
\n ## Small delay in case mikrotik needs some time to initialize connec\
tions\r\
\n :log info \"\$SMP The final email with report and backups of upgrade\
d system will be sent in a minute.\";\r\
\n :delay 1m;\r\
\n :set mailSubject (\$mailSubject . \" RouterOS Upgrade is complete\
d, new version: v.\$deviceOsVerInst!\");\r\
\n :set mailBody \"RouterOS and routerboard upgrade process was c\
ompleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard fir\
mware: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of \
the upgraded system are in the attachment of this email. \$mailBodyDevice\
Info \$mailBodyCopyright\";\r\
\n :set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
pNameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$sens\
etiveDataInConfig];\r\
\n}\r\
\n\r\
\n# Remove functions from global environment to keep it fresh and clean.\r\
\n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
r={}\r\
\n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
ror={}\r\
\n\r\
\n##\r\
\n## SENDING EMAIL\r\
\n##\r\
\n# Trying to send email with backups in attachment.\r\
\n\r\
\n:if (\$isSendEmailRequired = true) do={\r\
\n :log info \"\$SMP Sending email message, it will take around half a \
minute...\";\r\
\n :do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
\$mailBody file=\$mailAttachments;} on-error={\r\
\n :delay 5s;\r\
\n :log error \"\$SMP could not send email message (\$[/tool e-mail\
\_get last-status]). Going to try it again in a while.\"\r\
\n\r\
\n :delay 5m;\r\
\n\r\
\n :do {/tool e-mail send to=\$emailAddress subject=\$mailSubject b\
ody=\$mailBody file=\$mailAttachments;} on-error={\r\
\n :delay 5s;\r\
\n :log error \"\$SMP could not send email message (\$[/tool e-\
mail get last-status]) for the second time.\"\r\
\n\r\
\n if (\$isOsNeedsToBeUpdated = true) do={\r\
\n :set isOsNeedsToBeUpdated false;\r\
\n :log warning \"\$SMP script is not going to initialise u\
pdate process due to inability to send backups to email.\"\r\
\n }\r\
\n }\r\
\n }\r\
\n\r\
\n :delay 30s;\r\
\n\r\
\n :if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status]\
\_= \"succeeded\") do={\r\
\n :log info \"\$SMP File system cleanup.\"\r\
\n /file remove \$mailAttachments;\r\
\n :delay 2s;\r\
\n }\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n# Fire RouterOs update process\r\
\nif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\r\
\n :if (\$isSoftBased = false) do={\r\
\n ## Set scheduled task to upgrade routerboard firmware on the nex\
t boot, task will be deleted when upgrade is done. (That is why you should\
\_keep original script name)\r\
\n /system scheduler add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global\
\_buGlobalVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\
\" start-time=startup interval=0;\r\
\n } else= {\r\
\n ## If the scrip is executed on CHR, step 2 will be skipped\r\
\n /system scheduler add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global\
\_buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpdate;\
\" start-time=startup interval=0;\r\
\n };\r\
\n\r\
\n\r\
\n :log info \"\$SMP everything is ready to install new RouterOS, going\
\_to reboot in a moment!\"\r\
\n ## command is reincarnation of the \"upgrade\" command - doing exact\
ly the same but under a different name\r\
\n /system package update install;\r\
\n}\r\
\n\r\
\n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
\\\" completed it's job.\\r\\n\";"
/tool e-mail
set address=mail.c*****ol.com from=r1@c*****ol.com port=587 user=\
r1@c*****ol.com
/tool netwatch
add down-script="tool e-mail send to=c*******@h****l.com subject=adu-1.\
PA-8010ANDGER7.c*****ol.com start-tls=yes body=CCTV_on_ether2_of_adu-1.P\
A-8010ANDGER7.c*****ol.com_is_UNREACHABLE." host=192.150.20.2 \
up-script="tool e-mail send to=c*******@h****l.com subject=adu-1.PA\
-8010ANDGER7.c*****ol.com start-tls=yes body=CCTV_on_ether2_of_adu-1.PA-\
8010ANDGER7.c*****ol.com_is_UP."