Community discussions

 
roe1974
newbie
Topic Author
Posts: 30
Joined: Mon Dec 31, 2018 2:14 pm

ovpn client down .... ether disable/enable

Fri Jan 11, 2019 4:15 pm

i need help for s script ...

I have a LT-AP connected (OVPN) to my home router (RB4011)
what i need:

when the ppp interface ovpn-client is down (due to LTE link down/up every 12h) i need a wait 10sec (for coming tunnel back), Ether1 disable, wait 5sec, Ether1 enable .

Its for my homematic Lan Gateway attached on the Lan Port to reconnect ...

is this possible?

regards richard
 
algisr
just joined
Posts: 18
Joined: Sat Apr 28, 2018 11:30 am

Re: ovpn client down .... ether disable/enable

Thu Jan 31, 2019 11:14 pm

This Monday I wrote a script at work for one customer (his VPN tunnel periodically stuck – I believe it's due bad ISP hardware, but because it's stuck on random times and kinda rarely we have no proof). Problem is that VPN is stuck not down so it takes random times for MikroTik to drop bad VPN connection and reconnect (can take between 10-600 seconds). So I tried different approach:
Added Netwatch script which tries to ping Remote site internal IP via VPN tunnel. If IP is not pingable for some time/reason Netwatch enables Scheduler which disables VPN interface connection and after few seconds enables it (disabling VPN forces bad VPN connection to close so it works for me).
Anyways copy/paste code below to a script, edit global variables. You can just ignore WEB HOOK ID (we use it for slack reporting) – I commented out. Run script once. It should create: NETWATCH, and disabled Scheduler which is enabled/disabled by NETWATCH. Edit those as you see fit.
vpnCnNm – real interface name (which is in MikroTik), interface gets disabled/enabled by that name
IPExt – some kind of IP which can be pinged (make sure that when your connection is UP – device is pingable, when connection DOWN – pinging device you'll get timeouts).
schdNm – any name you like
MTNm – ignore this since this is for slack reporting Web Hook service.
WWWHk – ignore this since this is for slack reporting Web Hook service.
intPing – interval between pings for NetWatch
intDown – interval after which NetWatch enables HOST DOWN script (after first ping is lost) if after that time NetWatch still cannot ping Device
###################################################
################GLOBAL VARIABLES###################
###################################################
#VPN connection/interface name
:local vpnCnNm "XXXX"
#External IP (Netwatch to ping)
:local IPExt "5.5.5.5"
#Scheduler name
:local schdNm "Restart-VPN-To-XXXX"
#Device Name
:local MTNm "MikroTik XXXX-Main"
#Custom WEB HOOK PATH ID STRING
:local WWWHk "https://hooks.slack.com/services/XXXXX/YYYYYYYYYYYYY"
#Interval to check VPN
:local intPing "00:00:05"
#After how much timeout VPN considered as down (in seconds)
:local intDown "5"
###################################################
#################HOST UP SCRIPT####################
###################################################
#HOST UP script string
:local hstUP "#SET INFO in LOG\r\n:log info \"********************************************************************\"\r\n:log info \"NETWATCH: DISABLED Scheduler\"\r\n:log info \"********************************************************************\"\r\n\r\n#Current time and date\r\n:local cTime [/system clock get time]\r\n:local cDate [/system clock get date]\r\n\r\n#Disable Schedule\r\n/system scheduler disable \"$schdNm\"\r\n\r\n#Inform via Slack\r\n#/tool fetch mode=https url=\"$WWWHk\" http-method=post http-data=\"payload={\\\"attachments\\\": [ { \\\"title\\\": \\\"[DEBUG]$MTNm NETWATCH - VPN problem fixed\\\", \\\"text\\\": \\\"<[\$cDate \$cTime]> Netwatch DISABLED Schedule [$schdNm]\\\",  \\\"color\\\": \\\"good\\\" } ] }\""

###################################################
################HOST DOWN SCRIPT###################
###################################################
#HOST DOWN script string
:local hstDOWN "#SET INFO in LOG\r\n:log info \"********************************************************************\"\r\n:log info \"NETWATCH: ENABLED Scheduler\"\r\n:log info \"********************************************************************\"\r\n\r\n#Current time and date\r\n:local cTime [/system clock get time]\r\n:local cDate [/system clock get date]\r\n\r\n#Enable Schedule\r\n/system scheduler enable \"$schdNm\"\r\n\r\n#Inform via Slack\r\n#/tool fetch mode=https url=\"$WWWHk\" http-method=post http-data=\"payload={\\\"attachments\\\": [ { \\\"title\\\": \\\"[DEBUG]$MTNm NETWATCH - VPN problem\\\", \\\"text\\\": \\\"<[\$cDate \$cTime]> Netwatch ENABLED Schedule [$schdNm]\\\",  \\\"color\\\": \\\"danger\\\" } ] }\""

###################################################
#################SCHEDULER CODE####################
###################################################
#Scheduler code
:local schCd "###################################################\r\n################GLOBAL VARIABLES###################\r\n###################################################\r\n#VPN connection name\r\n:local vpnCnNm \"$vpnCnNm\"\r\n\r\n###################################################\r\n###################################################\r\n###################################################\r\n###################################################\r\n\r\n#Disable VPN interface\r\n/interface disable \$vpnCnNm\r\n\r\n#Sleep 2 seconds\r\n:delay 2s\r\n\r\n#Enable VPN interface\r\n/interface enable \$vpnCnNm"

###################################################
###################################################
###################################################

#Create Netwatch
/tool netwatch add comment="Force Restart VPN tunnel" host=$IPExt interval=$intPing timeout=$intDown down-script=$hstDOWN up-script=$hstUP
#Create Disabled Scheduler
/system scheduler add comment="Restart VPN Interface" name=$schdNm interval=00:00:10 disabled=yes on-event=$schCd

Who is online

Users browsing this forum: No registered users and 3 guests