Community discussions

MUM Europe 2020
 
User avatar
tete
newbie
Topic Author
Posts: 44
Joined: Mon Jul 07, 2008 9:50 am
Location: Granada (Spain)
Contact:

Mikrotik - Sonicwall - VPN IPSEC

Thu Sep 25, 2008 9:47 pm

Hello all,

Is there some one that has get working a VPN IPSEC between a SonicWall and a Mikrotik?

I have been trying today all day... but no way... the tunnel get stablished and SAs installed but there is no traffic from the sonicwall to the Mikrotik and the policies are marked as Dynamic Invalid... so if I ping the other peer the traceroute shows I am getting out via the default gateway and not via de IPSEC tunnel.

Can some one help me?

Greeted in advance.
===========================
Antonio Sanchez
System Administrator
===========================
Image
===========================
Granada (Spain)
 
User avatar
vsaldarriaga
just joined
Posts: 6
Joined: Thu Jun 26, 2008 8:48 pm
Location: Colombia

Re: Mikrotik - Sonicwall - VPN IPSEC

Sun Oct 05, 2008 2:22 am

I've had a working tunnel since 3.10.
Next week I will try to post my configs.
 
User avatar
omega-00
Forum Guru
Forum Guru
Posts: 1167
Joined: Sat Jun 06, 2009 4:54 am
Location: Australia
Contact:

Re: Mikrotik - Sonicwall - VPN IPSEC

Sun Oct 05, 2008 7:43 am

I would be interested in seeing your config also, as I have about 3 older sonicwalls and one new one, would like to be able to replace some of the older ones with a compatible mikrotik setup.
 
paal
just joined
Posts: 1
Joined: Tue May 17, 2011 5:08 pm

Re: Mikrotik - Sonicwall - VPN IPSEC

Tue May 17, 2011 5:13 pm

I see this is an old post, anyhoo

check out http://www.datapels.com/ for IPSec setup between Mikrotik and Sonicwall
 
router
just joined
Posts: 4
Joined: Tue Sep 27, 2011 5:05 pm

Re: Mikrotik - Sonicwall - VPN IPSEC

Fri Dec 30, 2011 12:17 pm

Hi

that link is not working. I am as well interested in this setup mikrotik vs sonicwall, so may I ask you again?

Cheers
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 761
Joined: Thu Oct 15, 2009 3:52 am

Re: Mikrotik - Sonicwall - VPN IPSEC

Thu Feb 27, 2014 4:32 am

guys.... even i am breaking my head over it....

can you please help me..... a IPSec tunnel between Sonicwall and Mikrotik
by professionals, for professionals....
Don't forget to give KARMA!!!
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 761
Joined: Thu Oct 15, 2009 3:52 am

Re: Mikrotik - Sonicwall - VPN IPSEC

Thu Feb 27, 2014 2:24 pm

i wonder why http://wiki.mikrotik.com/wiki/IPSec_VPN ... S_Enhanced this page has been removed???

and still no update... from anyone on the forum on this topic....
by professionals, for professionals....
Don't forget to give KARMA!!!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5960
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Mikrotik - Sonicwall - VPN IPSEC

Thu Feb 27, 2014 2:34 pm

It is not removed, here is the full link, but appears that user who started this article did not finish it
http://wiki.mikrotik.com/wiki/IPSec_VPN ... ed_SonicOS
 
wayves
just joined
Posts: 11
Joined: Mon Feb 10, 2014 6:59 pm

Re: Mikrotik - Sonicwall - VPN IPSEC

Fri Feb 28, 2014 10:03 am

Hi...i manage to get MT to VPN to SW using IPsec site to site a couple of weeks ago.

The SW config i used is as follows
IMG-20131227-WA0005.jpg
IMG-20131227-WA0006.jpg
IMG-20131227-WA0008.jpg
As for MT...follow the wiki and use FQDN (in the form of email address, fictitious is fine) as the secret for SW.

There are 2 more pics of the SW config, but am unable to upload.
You do not have the required permissions to view the files attached to this post.
 
wayves
just joined
Posts: 11
Joined: Mon Feb 10, 2014 6:59 pm

Re: Mikrotik - Sonicwall - VPN IPSEC

Fri Feb 28, 2014 10:06 am

2 more pics of the SW config.
IMG-20131227-WA0007.jpg
IMG-20131227-WA0009.jpg
Cheers
You do not have the required permissions to view the files attached to this post.
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 761
Joined: Thu Oct 15, 2009 3:52 am

Re: Mikrotik - Sonicwall - VPN IPSEC

Fri Feb 28, 2014 10:13 am

hey man god bless you!!! :) i will definitely award you a karma for this...

can you please help me with the screenshots of mikrotik side setup.... please...
by professionals, for professionals....
Don't forget to give KARMA!!!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24379
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Mikrotik - Sonicwall - VPN IPSEC

Fri Feb 28, 2014 10:15 am

Just a quick tip Wayves - hit the "print screen" button on your keyboard, and then click "paste" in Paint or some other program. This will allow you to show screenshots without photograping the monitor :)
No answer to your question? How to write posts
 
wayves
just joined
Posts: 11
Joined: Mon Feb 10, 2014 6:59 pm

Re: Mikrotik - Sonicwall - VPN IPSEC

Fri Feb 28, 2014 10:31 am

yup...it was sent by the SW engineer over whatsapp.

I'm unable to paste the MT config at the moment as its at site and there's no remote access to the unit now. I should be getting the unit back some time next week.

But i was cracking my head for a few weeks...

I followed this

http://gregsowell.com/wp-content/upload ... k-vpn1.pdf
http://mum.mikrotik.com/presentations/HR13/kirnak.pdf

The SW was at the home office and the MT was at the remote office (actually its on a gantry holding a traffic message board). MT was using 3G USB to connect to internet and VPN back home office. Therefore it works with dynamic IP at one end. Of course you need to run a script to change policy and also a script to initiate a ping from MT back to HO to wake the tunnel. The message board doesnt send anything, so the tunnel is always down when the MT is first turned on.

I hope this helps. I'll share the config once I get access to the MT (i forgot to copy the file out).

Skol
 
User avatar
saintofinternet
Forum Veteran
Forum Veteran
Posts: 761
Joined: Thu Oct 15, 2009 3:52 am

Re: Mikrotik - Sonicwall - VPN IPSEC

Wed Mar 05, 2014 8:51 am

i have still no been able to achieve anything and i really curse sonicwall for it now....

can't understand where i fail.
by professionals, for professionals....
Don't forget to give KARMA!!!
 
wayves
just joined
Posts: 11
Joined: Mon Feb 10, 2014 6:59 pm

Re: Mikrotik - Sonicwall - VPN IPSEC

Tue Apr 15, 2014 7:17 pm

Here's my script...i've blanked out what i need to. The test VPN account info is in here, i left it there for your reference.

Hope this helps. Sorry for the delay though.

# jan/06/2014 23:38:10 by RouterOS 5.26
# software id =
#
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1600 \
mac-address=00:0C:42:C7:B6:E7 mtu=1500 name=ether1-gateway speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:C7:B6:E8 \
master-port=none mtu=1500 name=ether2-master-local poe-out=off \
poe-priority=10 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:C7:B6:E9 \
master-port=ether2-master-local mtu=1500 name=ether3-slave-local poe-out=\
off poe-priority=10 speed=100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:C7:B6:EA \
master-port=ether2-master-local mtu=1500 name=ether4-slave-local poe-out=\
off poe-priority=10 speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1598 mac-address=00:0C:42:C7:B6:EB \
master-port=ether2-master-local mtu=1500 name=ether5-slave-local poe-out=\
off poe-priority=10 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=yes enc-algorithms=\
3des lifetime=30m name=default pfs-group=modp1024
add auth-algorithms=md5 disabled=no enc-algorithms=3des lifetime=8h name=\
ITIS_Proposal pfs-group=none
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=\
static disabled=no interface=ether2-master-local lease-time=3d name=\
default
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=usb1 parity=none \
stop-bits=1
set 1 baud-rate=9600 data-bits=8 flow-control=none name=usb2 parity=none \
stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
set 1 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default
/interface ppp-client
add add-default-route=yes allow=pap,chap,mschap1,mschap2 apn=internet \
data-channel=0 dial-command=ATDT dial-on-demand=no disabled=no \
info-channel=3 keepalive-timeout=30 max-mru=1500 max-mtu=1500 modem-init=\
"" mrru=disabled name=ppp-out1 null-modem=no password="" phone="" pin="" \
port=usb1 profile=default use-peer-dns=yes user=""
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=\
ospf-in metric-bgp=auto metric-connected=20 metric-default=1 \
metric-other-ospf=auto metric-rip=20 metric-static=20 name=default \
out-filter=ospf-out redistribute-bgp=no redistribute-connected=no \
redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface ethernet poe settings
set ether1-poe-in-long-cable=no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=\
1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:3B:AF:6D:1B:7A \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.88.1/24 comment="default configuration" disabled=no \
interface=ether2-master-local network=192.168.88.0
add address=172.16.1.1/24 disabled=no interface=ether5-slave-local network=\
172.16.1.0
/ip dhcp-client
add add-default-route=yes comment="default configuration" \
default-route-distance=1 disabled=no interface=ether1-gateway \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dhcp-option="" \
dns-server=192.168.88.1 gateway=192.168.88.1 ntp-server="" wins-server=""
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=4096 servers=210.48.195.26,210.48.195.25
/ip dns static
add address=192.168.88.1 disabled=no name=router ttl=1d
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall filter
add action=accept chain=input connection-state=new disabled=no dst-port=500 \
in-interface=ppp-out1 protocol=udp
add action=accept chain=input connection-state=new disabled=no dst-port=1701 \
in-interface=ppp-out1 protocol=udp
add action=accept chain=input connection-state=new disabled=no dst-port=4500 \
in-interface=ppp-out1 protocol=udp
/ip firewall nat
add action=accept chain=srcnat disabled=no dst-address=10.1.0.0/16 \
src-address=172.16.1.0/24
add action=masquerade chain=srcnat comment="default configuration" disabled=\
no out-interface=ppp-out1
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip ipsec peer
add address=1.9.63.30/32 auth-method=pre-shared-key dh-group=modp1024 \
disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des exchange-mode=aggressive generate-policy=no \
hash-algorithm=md5 lifebytes=0 lifetime=8h my-id-user-fqdn=\
ivanlim.digi@gmail.com nat-traversal=yes port=500 proposal-check=obey \
secret=password send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=10.1.0.0/16 dst-port=any \
ipsec-protocols=esp level=require priority=0 proposal=ITIS_Proposal \
protocol=all sa-dst-address=1.9.63.30 sa-src-address=10.72.253.11 \
src-address=172.16.1.0/24 src-port=any tunnel=yes
/ip neighbor discovery
set ether1-gateway disabled=no
set ether2-master-local disabled=no
set ether3-slave-local disabled=no
set ether4-slave-local disabled=no
set ether5-slave-local disabled=no
set ppp-out1 disabled=yes
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=unlimited \
max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=\
no src-address=0.0.0.0
/ip route
add disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=10.1.1.5 scope=30 \
target-scope=10
/ip service
set telnet address="" disabled=yes port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=808
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=yes port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1-gateway queue=only-hardware-queue
set ether2-master-local queue=only-hardware-queue
set ether3-slave-local queue=only-hardware-queue
set ether4-slave-local queue=only-hardware-queue
set ether5-slave-local queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=no engine-id="" location="" trap-generators="" \
trap-target="" trap-version=1
/system clock
set time-zone-name=Asia/Kuala_Lumpur
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system identity
set name=MikroTik
/system leds
add disabled=no interface=ppp-out1 leds=user-led type=interface-status
/system logging
set 0 action=disk disabled=no prefix="" topics=info
set 1 action=disk disabled=no prefix="" topics=error
set 2 action=disk disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
add action=disk disabled=no prefix="" topics=ipsec,debug,packet
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=103.4.109.106 secondary-ntp=\
27.114.150.12
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=\
400MHz force-backup-booter=no silent-boot=no
/system scheduler
add disabled=yes interval=0s name=no-ip_ddns_update on-event=\
no-ip_ddns_update policy=ftp,read,write,test,winbox,api start-date=\
jan/06/2014 start-time=09:10:23
add disabled=no interval=5s name=update_ipsec_wan on-event=\
checkmyip-router-update policy=ftp,read,write,test,winbox,api start-date=\
jan/06/2014 start-time=09:11:00
/system script
add name=checkmyip-router-update policy=ftp,read,write,test,winbox,api \
source="# ------------------- header -------------------\r\
\n# Script by Tomas Kirnak, version 1.0.2\r\
\n# If you use this script, or edit and\r\
\n# re-use it, please keep the header intact.\r\
\n#\r\
\n# For more information and details about\r\
\n# this script please visit the wiki page at\r\
\n# http://wiki.mikrotik.com/wiki/IPSec_Policy_Dynamic\r\
\n# ------------------- header -------------------\r\
\n{\r\
\n# Configure the WAN interface name here in the interface=\"\" quotes\r\
\n:local WANip [/ip address get [find interface=\"ppp-out1\"] address]\r\
\n\r\
\n:global oWANip\r\
\n\r\
\n:set WANip [:pick \"\$WANip\" 0 ([:len \$WANip] - 3)]\r\
\n\r\
\nif (\$WANip != \$oWANip) do={\r\
\n :log warning \"WAN IP changed, fixing IPSec\"\r\
\n \r\
\n /ip ipsec policy\r\
\n disable [find]\r\
\n /ip ipsec peer\r\
\n disable [find]\r\
\n \r\
\n# /ip ipsec policy\r\
\n# set [find] tunnel=yes\r\
\n# /ip ipsec policy\r\
\n# set [find] src-address=\"\$WANip/32\"\r\
\n /ip ipsec policy\r\
\n set [find] sa-src-address=\$WANip\r\
\n /ip ipsec policy\r\
\n set [find] tunnel=yes\r\
\n \r\
\n /ip ipsec peer\r\
\n enable [find]\r\
\n /ip ipsec policy\r\
\n enable [find]\r\
\n \r\
\n :set oWANip \$WANip\r\
\n}\r\
\n}"
add name=no-ip_ddns_update policy=ftp,read,write,test,winbox,api source="# No-\
IP automatic Dynamic DNS update\r\
\n\r\
\n#--------------- Change Values in this section to match your setup -----\
-------------\r\
\n\r\
\n# No-IP User account info\r\
\n:local noipuser \"xxx@yyy.com\"\r\
\n:local noippass \"zzzzzzz\"\r\
\n\r\
\n# Set the hostname or label of network to be updated.\r\
\n# Hostnames with spaces are unsupported. Replace the value in the quotat\
ions below with your host names.\r\
\n# To specify multiple hosts, separate them with commas.\r\
\n:local noiphost \"asdfghjkl\"\r\
\n\r\
\n# Change to the name of interface that gets the dynamic IP address\r\
\n:local inetinterface \"ppp-out1\"\r\
\n\r\
\n#-----------------------------------------------------------------------\
-------------\r\
\n# No more changes need\r\
\n\r\
\n:global previousIP\r\
\n\r\
\n:if ([/interface get \$inetinterface value-name=running]) do={\r\
\n# Get the current IP on the interface\r\
\n :local currentIP [/ip address get [find interface=\"\$inetinterface\"\
\_disabled=no] address]\r\
\n\r\
\n# Strip the net mask off the IP address\r\
\n :for i from=( [:len \$currentIP] - 1) to=0 do={\r\
\n :if ( [:pick \$currentIP \$i] = \"/\") do={ \r\
\n :set currentIP [:pick \$currentIP 0 \$i]\r\
\n } \r\
\n }\r\
\n\r\
\n :if (\$currentIP != \$previousIP) do={\r\
\n :log info \"No-IP: Current IP \$currentIP is not equal to previou\
s IP, update needed\"\r\
\n :set previousIP \$currentIP\r\
\n\r\
\n# The update URL. Note the \"\\3F\" is hex for question mark (\?). Requi\
red since \? is a special character in commands.\r\
\n :local url \"http://dynupdate.no-ip.com/nic/update\\3Fmyip=\$curr\
entIP\"\r\
\n :local noiphostarray\r\
\n :set noiphostarray [:toarray \$noiphost]\r\
\n :foreach host in=\$noiphostarray do={\r\
\n :log info \"No-IP: Sending update for \$host\"\r\
\n /tool fetch url=(\$url . \"&hostname=\$host\") user=\$noipuse\
r password=\$noippass mode=http dst-path=(\"no-ip_ddns_update-\" . \$host \
. \".txt\")\r\
\n :log info \"No-IP: Host \$host updated on No-IP with IP \$cur\
rentIP\"\r\
\n }\r\
\n } else={\r\
\n :log info \"No-IP: Previous IP \$previousIP is equal to current I\
P, no update needed\"\r\
\n }\r\
\n} else={\r\
\n :log info \"No-IP: \$inetinterface is not currently running, so there\
fore will not update.\"\r\
\n}"
add name=NetWatchBoot-1.9.63.30 policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source=":if ([/ping 1.9.63.30 interval=5 count=60] =0) do={log info \"my p\
ing watchdog is down\"; /system reboot}\r\
\n"
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 starttls=no user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool netwatch
add disabled=yes down-script="/system script run NetWatchBoot-1.9.63.30" \
host=1.9.63.30 interval=1m timeout=1s up-script=""
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
"" filter-mac-address="" filter-mac-protocol="" filter-port="" \
filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no



Can anyone here help me with this post http://forum.mikrotik.com/viewtopic.php?f=13&t=81707 ?

Thanks

Who is online

Users browsing this forum: AndyGs, Bing [Bot], jz01krh, vilpalu and 132 guests