Hi!
On RouterOS v7.1, I would like to make a script to report when there is a connection to the wireguard server (road-warrior).
Any ideas please?
Thanks.
That would be the only logical way, yes. A private IP should not be able to pass a public channel.How do you ensure that IP is not accessible through a other gateway? I assume then that the IP on the other end is private and so only ping-able through the WG connection.
My apologies but this is not really understandable ...I a VPN provider and don't have then a IP that is unique at the other side of the WG connection. Netwatch exits on the OUT port and then I could force via mark routing (Mangle) it through one of the WG connections.
Thanks, it works. It would be nice if NetWatch could forced to use an exit port, instead of using 'mark routing' to archive that.
/ip firewall mangle
add action=mark-routing chain=output disabled=yes dst-address=1.1.1.1 new-routing-mark=wg-1 passthrough=no protocol=icmp
/tool netwatch
add down-script="/system script run vpn-iphone-down" host=10.10.0.2 \
up-script="/system script run vpn-iphone-up" interval=60s timeout=1000ms
# START Send Telegram Module
:local deviceName [/system identity get name]
:local client "iphone"
:local MessageText "\F0\9F\9F\A0 $deviceName: Wireguard VPN to $client is Down";
:local SendTelegramMessage [:parse [/system script get MyTGBotSendMessage source]];
$SendTelegramMessage MessageText=$MessageText;
# END Send Telegram Module
:log info "Wireguard: VPN to $client is Down"
# START Send Telegram Module
:local deviceName [/system identity get name]
:local client "iphone"
:local MessageText "\F0\9F\9F\A2 $deviceName: Wireguard VPN to $client is UP";
:local SendTelegramMessage [:parse [/system script get MyTGBotSendMessage source]];
$SendTelegramMessage MessageText=$MessageText;
# END Send Telegram Module
:log info "Wireguard: VPN to $client is UP"
add dont-require-permissions=yes name=WireGuard_down source=\
":log info message=\"vpn=wireguard status=down host=\$host\""
add dont-require-permissions=yes name=WireGuard_up source=\
":log info message=\"vpn=wireguard status=up host=\$host\""
Please, can you give me an example of what the script would be like?If you have many WireGuard VPN, it will be very cluttered with may scripte (2 fore each vpn).
So you can use $host in the script that will then show the IP of the monitored VPN server.
Here is my up down script that I use to monitor VPN. Just add one netwatch for each VPN to monitor.
Code: Select alladd dont-require-permissions=yes name=WireGuard_down source=\ ":log info message=\"vpn=wireguard status=down host=\$host\"" add dont-require-permissions=yes name=WireGuard_up source=\ ":log info message=\"vpn=wireguard status=up host=\$host\""
Same could be used with Telegram. I do send it to Splunk.