Multi WAN failover with multiple host checks

nayanaditya · March 10, 2020, 11:10am

please give proper scrip for dual wan failover

mpadmin · March 14, 2020, 7:55pm

{
 
#-----------------------------------------------------------------------------------------------
#
# Dual WAN setup script
# Version: 1.0
# Nikolay Unguzov
# ProComp Express
#
# Usage:
# 
# 1. Set static IP addresses on WAN interfaces
# 2. Set sript for DHCP/statc convertion for DHCP ISP (if needed)
# 
#-----------------------------------------------------------------------------------------------
 
 
# Variables
:local "Interface_ISP1"             "01.ISP1";
:local "IP_ISP1"                    "3.3.3.3";
:local "GW_ISP1"                    "3.3.3.1";
:local "comment_NAT_src_ISP1"       "ISP1 NAT";
:local "comment_route_mark_ISP1_GW" "ISP1 GW";
:local "comment_mangle_ISP1_Out_IP" "ISP1 Out IP";
:local "comment_mangle_ISP1"        "ISP1"
:local "comment_route_WAN1"         "WAN1";
 
:local "Interface_ISP2"             "02.ISP2";
:local "IP_ISP2"                    "4.4.4.4";
:local "GW_ISP2"                    "4.4.4.1";
:local "commenct_NAT_src_ISP2"      "ISP2 NAT";
:local "comment_route_mark_ISP2_GW" "ISP2 GW";
:local "comment_mangle_ISP2_Out_IP" "ISP2 Out IP";
:local "comment_mangle_ISP2"        "ISP2"
:local "comment_route_WAN2"         "WAN2";
 
 
# Firewall rules
 
# ISP1
/ip firewall mangle
    add action=mark-connection chain=prerouting comment=$"comment_mangle_ISP1" \
        connection-state=new in-interface=$"Interface_ISP1" \
        new-connection-mark=from-ISP1 passthrough=yes
    add action=mark-routing chain=prerouting comment=$"comment_mangle_ISP1" \
        connection-mark=from-ISP1 new-routing-mark=to-ISP1 passthrough=yes
    add action=mark-routing chain=output comment=$"comment_mangle_ISP1" \
        connection-mark=from-ISP1 new-routing-mark=to-ISP1 passthrough=yes
    add action=mark-routing chain=output comment=$"comment_mangle_ISP1_Out_IP" \
        new-routing-mark=to-ISP1 passthrough=yes src-address=$"IP_ISP1"
 
# ISP2
/ip firewall mangle
    add action=mark-connection chain=prerouting comment=$"comment_mangle_ISP2" \
        connection-state=new in-interface=$"Interface_ISP2" \
        new-connection-mark=from-ISP2 passthrough=yes
    add action=mark-routing chain=prerouting comment=$"comment_mangle_ISP2" \
        connection-mark=from-ISP2 new-routing-mark=to-ISP2 passthrough=yes
    add action=mark-routing chain=output comment=$"comment_mangle_ISP2" \
        connection-mark=from-ISP2 new-routing-mark=to-ISP2 passthrough=yes
    add action=mark-routing chain=output comment=$"comment_mangle_ISP2_Out_IP" \
        new-routing-mark=to-ISP2 passthrough=yes src-address=$"IP_ISP2"
 
# Example - one host to ISP 2
    add action=mark-routing chain=prerouting comment="TEST - out to ISP2" \
    disabled=yes new-routing-mark=to-ISP2 passthrough=yes src-address=192.168.240.6
 
# Routing tables
/ip route
    add distance=1 gateway=$"GW_ISP1" routing-mark=ISP1 comment=$"comment_route_mark_ISP1_GW"
    add distance=1 gateway=$"GW_ISP2" routing-mark=ISP2 comment=$"comment_route_mark_ISP2_GW"
    add distance=1 gateway=$"GW_ISP1" comment=$"comment_route_WAN1"
    add distance=2 gateway=$"GW_ISP2" comment=$"comment_route_WAN2"
 
# Routing rules
/ip route rule
    add src-address=$"IP_ISP1" table=ISP1 comment=$"comment_mangle_ISP1_Out_IP"
    add src-address=$"IP_ISP2" table=ISP2 comment=$"comment_mangle_ISP2_Out_IP"
    add dst-address=10.0.0.0/8 table=main
    add dst-address=192.168.0.0/16 table=main
    add dst-address=172.16.0.0/12 table=main
    add routing-mark=to-ISP1 table=ISP1
    add routing-mark=to-ISP2 table=ISP2
/;
 
 
# NAT
/ip firewall nat
    add action=src-nat chain=srcnat comment=$"comment_NAT_src_ISP1" \
        out-interface=$"Interface_ISP1" to-addresses=$"IP_ISP1"
    add action=src-nat chain=srcnat comment=$"commenct_NAT_src_ISP2" \
        out-interface=$"Interface_ISP2" to-addresses=$"IP_ISP2"
 
}

{
#-----------------------------------------------------------------------------------------------
#
# Dual WAN Check Links
# Version: 1.2
# Nikolay Unguzov
# ProComp Express
#
# Name: check-links
#
# Usage:
# Create script check-links and scheduler
#
#-----------------------------------------------------------------------------------------------
 
:local MainInterface      "01.ISP1"
:local BackupInterface    "02.ISP2"
:local AlertEmail         ""
:local MainRouteComment   "WAN1"
:local BackupRouteComment "WAN2"
 
 
:local PingCount 2
:local PingTargets {1.1.1.1; 8.8.8.8; 77.88.8.8; 217.69.139.202}
:local PingHost
:local MainInterfaceInetOk false
:local BackupInterfaceInetOk false
:local MainPings 0
:local BackupPings 0
 
foreach PingHost in=$PingTargets do={
  :local res [/ping $PingHost count=$PingCount interface=$MainInterface]
  :set MainPings ($MainPings + $res)
  :delay 1
  :local res [/ping $PingHost count=$PingCount interface=$BackupInterface]
  :set BackupPings ($BackupPings + $res)
  :delay 1
}
 
:set MainInterfaceInetOk ($MainPings >= 1)
:set BackupInterfaceInetOk ($BackupPings >= 1)
:put "MainInterfaceInetOk=$MainInterfaceInetOk"
:put "BackupInterfaceInetOk=$BackupInterfaceInetOk"
 
:local MainGWDistance [/ip route get [find comment=$"MainRouteComment"] distance]
:local BackupGWDistance [/ip route get [find comment=$"BackupRouteComment"] distance]
:put "MainGWDistance=$MainGWDistance"
:put "BackupGWDistance=$BackupGWDistance"
 
if ($MainInterfaceInetOk && ($MainGWDistance >= $BackupGWDistance)) do={
 
  /ip route set [find comment=$"MainRouteComment"] distance=1
  /ip route set [find comment=$"BackupRouteComment"] distance=2
 
  # Clear VoIP connections
  /ip firewall connection remove [ find dst-address ~ ".*:5060" ]
  /ip firewall connection remove [ find src-address ~ ".*:5060" ]
 
  :put "Switched to MAIN Internet connection"
  /log info "Switched to MAIN Internet connection"
 
  :if ( [ :len $AlertEmail ] = 0 ) do={
    /tool e-mail send to="$AlertEmail" \
      subject="$[/system identity get name]: Switched to MAIN Internet connection" \
      body="$[/system identity get name] switched to MAIN Internet connection - $MainInterface"
  }
}
 
if (!$MainInterfaceInetOk && $BackupInterfaceInetOk && ($MainGWDistance <= $BackupGWDistance)) do={
  /ip route set [find comment=$"MainRouteComment"] distance=2
  /ip route set [find comment=$"BackupRouteComment"] distance=1
 
  # Clear VoIP connections
  /ip firewall connection remove [ find dst-address ~ ".*:5060" ]
  /ip firewall connection remove [ find src-address ~ ".*:5060" ]
 
  :put "Switched to BACKUP Internet connection"
  /log info "Switched to BACKUP Internet connection"
 
  :if ( [ :len $AlertEmail ] = 0 ) do={
    /tool e-mail send to="$AlertEmail" \
      subject="$[/system identity get name]: Switched to BACKUP Internet connection" \
      body="$[/system identity get name] switched to BACKUP Internet connection - $BackupInterface"
  }
}
 
}

{
#-----------------------------------------------------------------------------------------------
#
# Dual WAN Check Links Scheduler
#
#-----------------------------------------------------------------------------------------------
 
/system scheduler \
  add interval=1m name=check-links-schedule \
  on-event=check-links \
  start-date=jan/01/1970 \
  start-time=00:00:00
}