i need some help with some scripts i created, it works but not very well.
I'll explain the scenario
Behind the Mikrotik I have a Cisco 891, which closes a VPN with our central, but sometimes this VPN falls, and in the Mikrotik in (IP> Firewall> Connections), the Cisco local network begins to appear.
For this metoto I am validating that the Cisco VPN is active or not.
And with that information I try to take down the VPN for him to make a new request.
Code: Select all
######################## Check-VPN - 5M (ENABLE) ########################
:local CISCO "ether10 - Cisco"
:local DELAY "30s"
:global CHECKVPN true
:global CONTVPN
:global CONTREBOOT1
:if ($CONTVPN >= 20) do={
:set CONTREBOOT1 ($CONTREBOOT)
:set CHECKVPN false
:set CONTVPN 0
/system scheduler enable AlternIP; delay 5s
:log warning "Check-VPN > AlternIP ENABLE"
/interface ethernet set $CISCO disabled=yes ; :delay 120s; /interface ethernet set $CISCO disabled=no
/ip firewall connection remove numbers=[find protocol="ipsec-esp"]
/ip firewall connection tracking set enabled=no; :delay $DELAY; /ip firewall connection tracking set enabled=yes
/ip dns cache flush
:log warning "Check-VPN > Restart Interface $CISCO"
:set CONTREBOOT ($CONTREBOOT1)
} else {
:while ($CHECKVPN) do={
:set CONTVPN ($CONTVPN+ 1);
:delay $DELAY;
:if ([:len [/ip firewall connection find src-address~"11.76." ]] > 0) do={
/system scheduler enable Clean-Connections
:log warning "VPN DOWN"
:log warning "Check-VPN > Clean-Connections ENABLE"
} else {
:set CHECKVPN false
:set CONTVPN 0
/system scheduler set Check-VPN interval=4m
:log warning "VPN OK"
}
}
}
Code: Select all
######################## Clean-Connections - 1,3M (DISABLE) ########################
:global REBOOT true
:global CONTREBOOT
:if ([:len [/ip firewall connection find src-address~"11.76." ]] > 0) do={
/ip firewall connection remove numbers=[find src-address~"11.76."]
/ip firewall connection remove numbers=[find src-address~"10.20.30."]
/ip firewall connection remove numbers=[find src-address~"192.168.1.5"]
/ip firewall connection remove numbers=[find src-address~"192.168.1.6"]
/ip dns cache flush
/system scheduler enable Reboot
:log warning "Clean-Connections > Reboot ENABLE"
} else {
:set REBOOT false
:set CONTREBOOT 0
:set CHECKVPN false
:set CONTVPN 0
/system scheduler set Reboot interval=10s; /system scheduler disable Reboot
/system scheduler disable Clean-Connections
:log warning "VPN OK"
:log warning "Clean-Connections > Reboot DISABLE"
:log warning "Clean-Connections > Clean-Connections DISABLE"
}
}
Code: Select all
######################## Reboot - 10s (DISABLE) ########################
:local CISCO "ether10 - Cisco"
/system scheduler set Reboot interval=60m
:while ($REBOOT) do={
:set CONTREBOOT ($CONTREBOOT + 1);
:log warning "Reboot > CONTREBOOT=$CONTREBOOT"
/system script run LinkDown
:delay 30s;
:if ($CONTREBOOT >= 20) do={
/system scheduler enable AlternIP; delay 5s
:log warning "Reboot > AlternIP ENABLE"
/system scheduler disable Reboot; /system scheduler set Reboot interval=10s
:set REBOOT false
:set CONTREBOOT 0
/system scheduler disable Clean-Connections
/interface ethernet set $CISCO disabled=no
/system scheduler set Check-VPN interval=1m
:log warning "Reboot > Mikrotik Rebooted"
/system script run Mikrotik-Rebooted; :delay 5s
/system reboot
}
}
Code: Select all
######################## AlternIP - 1s (DISABLE) ########################
:local IPCISCO
:if ([:len [/ip dhcp-server lease find active-address="192.168.1.5" ]] > 0) do={
:set IPCISCO 192.168.1.6
/ip dhcp-server lease set [find host-name~"Store"] address=$IPCISCO
/system scheduler disable AlternIP
:log warning "AlternIP > SET IP=$IPCISCO"
} else {
/ip dhcp-server lease make-static [find host-name~"Store"]
:set IPCISCO 192.168.1.5
/ip dhcp-server lease set [find host-name~"Store"] address=$IPCISCO
/system scheduler disable AlternIP
:log warning "AlternIP > SET IP=$IPCISCO"
}
}