Specifically, we want to check if ipsec is connected and if it isn't disable the l2tp interface so it doesn't endlessly pollute the log with reconnection attempts.
We have a 2 router setup at a remote location that connects to our central office via ipsec/l2tp. We chose this setup because it runs on UDP, ipsec offers hardware encryption and the use of certificates and l2tp simplifies other configs since you have an actual interface to work with rather than the interfaceless ipsec tunnel.
Each router is connected to a different wireless uplink (they are in different buldings) so if one link goes down, dynamic routes reroute the traffic to the other uplink. This means loosing one of the VPN connections is not a major concern. Though it does happen every now and then. And when it does, that router keeps on working but we want to disable the non funtional l2tp interface because it just keeps on trying to reconnect even though the ipsec connection is down (a filter rule drops l2tp traffic if it isn't encrytped).
Now, for the life of me I can't seem to move past the "no such item" error. My logical choice was:
This obviously throws "no such item" if there aren't any security associations installed. The same goes for remote peers.
Code: Select all
/ip ipsec installed-sa get 0 anyproperty
I then thought of counting the policies since there's always at least one (default) with do while and for each. But I still run into the same problem. If I query a non existing policy number the script exits with "no such item".
How do you check for a non existing item in RouterOS??