Community discussions

 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1196
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

am i missing something???

Sat Jul 20, 2019 1:21 am

Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 
 #     PEER                           TUNNEL SRC-ADDRESS                                                          DST-ADDRESS                                                          PROTOCOL   ACTION  LEVEL    PH2-COUNT
 0 T *                                       ::/0                                                                 ::/0                                                                 all       
 1  A  TRANS-GW #1                    yes    0.0.0.0/0                                                                a.b.23.213/32                                                    all        encrypt require          1
 2  A  TRANS-GW #1                    yes    0.0.0.0/0                                                                c.d.30.0/24                                                      all        encrypt require          1
[rtradmin@host] /ip ipsec policy> :local test1 [/ip ipsec policy get 1 dst-address ] 
[rtradmin@host] /ip ipsec policy> :put $test1                                       

[rtradmin@host] /ip ipsec policy> 
I am miserably failing, in trying something like this....
:foreach i in=[/ip route find where distance=20 and bgp and gateway~"^a.b.*\$"] do={
  :local prefix [/ip route get $i dst-address]
  :put $prefix
  :if ([/ip ipsec policy get [/ip ipsec policy find where dst-address=$prefix] dst-address] = $prefix) do={
    :put found
  } else={
    :put notfound
  }
}
The idea is to create policies for a specific IPSEC peer dynamically based on what's being routed via the routing table.
Regards,
Chris
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1196
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:

Re: am i missing something???

Sat Jul 20, 2019 1:33 am

  :if ([/ip ipsec policy get [find dst-address=10.0.0.0/16] value-name=dst-address] = 10.0.0.0/16) do={
    :put found
  } else={
    :put notfound
  }
works when there is a policy matching 10.0.0.0, but returns a "no such item" error on a check when there isn't a policy. Why return an error? shouldn't the if statement just be false?
Regards,
Chris
 
2frogs
Long time Member
Long time Member
Posts: 540
Joined: Fri Dec 03, 2010 1:38 am

Re: am i missing something???

Sat Jul 20, 2019 3:05 am

:if ([:len [/ip ipsec policy find dst-address=10.0.0.0/16]]=0) do={:put "Not Found"
} else={:put "Found"}
Or
:if ([:len [/ip ipsec policy find dst-address=10.0.0.0/16]]>0) do={:put "Found"} el
se={:put "Not Found"}
A missing value is not 0, it is null and ROS scripts can't handle nulls. But you can check for null using :len (string length.)

Who is online

Users browsing this forum: No registered users and 7 guests