Fisrt thing, I am amazed at all of the possibilities of the RouterOS and RouterBOARD. For those who have the RouterBOARD with programable User LED’s you can easily program them to indicate the status of your VPN connection (or any remote pingable site)
I am using the RouterBOARD 750
First thing first make sure you have a route set so the routerOS knows how to get to your remote VPN site. in this case I added the Destination network (Remote network via VPN) 1.1.1.0/24 and specified the ether2 local Master as the gateway interface (or whatever your alias is for the port with the assigned LAN gatway IP). Without adding this route the RouterOS was unable to push ping traffic via the VPN (ipsec)
Next you need to add the remote IP your are monitoring (at the remote VPN site). The best way to do this is to utilize the RouterOS’ Netwatch. Open up netwatch and add a new instance. Enter the the remote gateway address or IP you wish to monitor (this will send pings accrost your vpn). You can also set the ping interval time here. The next part is to add the simple LED script to tell the RouterBOARD to turn on the LED if the ping status is up or turn off the LED of the ping status is down.
First click on the UP tab and enter the follwing line to the box:
:led user-led=yes;
Second click on the Down tab and enter the follwing line to the box:
:led user-led=no;
Click apply and your done. This will turn on or off the user-led on the RouterBOARD. Note - the user-led on the RouterBOARD 750 is the ACT LED next to the PWR LED.
NOT related but noteworthy regarding IPSEC tunnels: I noticed the VPN may hang if you disconnect the interface to the internet and reconnect it. The LED works perfect but the VPN may or may not reconnect because it still has the old VPN states that are not cleard out. Best fix for this is to enable DPD and hope the VPN connection will reset the tunnel. In my case it fixed the hanging tunnel (not relevent to this VPN LED Script).
enjoy