(edit: re-wrote this because I fixed the scripts, and no longer have a question.)
These scripts are a dirty and hopefully temporary fix for the problem where SIP phones connecting to a PBX server across an IPSEC tunnel will not register, typically seen after one side of the VPN’s Internet has gone down (SIP connections show “U” in connection tracker). Some people with this problem address it with a script that deletes unreplied SIP connections from the connection tracker, but that doesn’t work in my case. Briefly disabling and re-enabling the ether port of the PBX phone server is the simplest fix I’ve found, and one I can do from a script. The phone server is 192.168.31.2 and it is connected to ether2.
These two scripts seemed to work during testing. This first one assumes the SIP helper is in use.
:if ([/ip firewall connection find where connection-type=sip and assured=no] != "") do={:log warning "sip-fix script has run"
[/interface disable ether2]
[:delay 10]
[/interface enable ether2]
[/tool e-mail send to=admin@example.com subject="sip-fix script has run" body="sip-fix script has run" start-tls=yes]
}
This one checks for a specific connection and port instead of SIP, for when the SIP helper is disabled or SIP port is non-standard.
:if ([/ip firewall connection find where dst-address ~"192.168.31.2:5066" and assured=no] != "") do={:log warning "sip-fix script has run"
[/interface disable ether2]
[:delay 10]
[/interface enable ether2]
[/tool e-mail send to=admin@example.com subject="sip-fix script has run" body="sip-fix script has run" start-tls=yes]
}