Community discussions

MikroTik App
 
Santi70
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Mon Sep 07, 2020 12:35 am

Activate Wireguard VPN

Tue Feb 07, 2023 1:08 am

Hello, a while ago I think I read something, but now that I have time I can not find it, it turns out that I have a mikrotikA under CGNAT, this connects you via Wireguard to another mikrotikB that has a public ip, but when this public ip changes, the mikrotikA stays dizzy, I understand that the problem is because it does not verify the ip that is set in Endpoint, where is the domain name that gives me mikrotik in the mikrotikB that has changed the public ip.
I am not sure how to set a script in the mikrotikA to check the public ip of the mikrotikB and if it has changed it will disable and enable the peer to lift the VPN.
I have thought of creating a netwach, with the ip of the other side of the VPN where in Down put a script that disables the peer and re-enables it, normally with that it connects again.
Then in the Test tab put a script that verifies the status of the netwatch if it is Down then try again to lift the VPN disabling and then enabling the peer.
I have the ideas but I don't know how to do it, if someone could guide me.
Thanks
Last edited by Santi70 on Tue Feb 07, 2023 11:25 am, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Activate Wireguard VPN

Tue Feb 07, 2023 1:13 am

Too lazy to remove spam??????????
 
Santi70
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Mon Sep 07, 2020 12:35 am

Re: Activate Wireguard VPN

Tue Feb 07, 2023 11:25 am

I left it in case it was not well understood, you should know that it is only a translation, I do not write in English.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Activate Wireguard VPN

Tue Feb 07, 2023 2:51 pm

See viewtopic.php?t=182373

Paragraph F
And then further on to point 6
 
Santi70
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 54
Joined: Mon Sep 07, 2020 12:35 am

Re: Activate Wireguard VPN

Tue Feb 07, 2023 10:21 pm

After searching and working like crazy because the syntax of the script apparently have changed a lot I got what I wanted, with the netwatch, this is throwing me a pin every 30 seconds to the other side of the VPN, in the Up and Down events I didn't put anything, because these are only fired once, for this I used the Test event that runs at the end of any of the two previous events. In this I put a script that asks for the state of the netwatch in case of being Down it disables me the peer, waits 3 seconds and it re-enables it, with this it is enough, if already the pin is restored it does not happen but for him, in case of not being restored it returns again it has to disable and to enable the peer until it raises.
Here's how it worked with version 7.7
/tool netwatch
add disabled=no down-script="" host=172.16.1.1 http-codes="" interval=30s \
    test-script=":local HOST \$host\r\
    \n:local NameHost [/tool netwatch get value-name=comment [find host=\$HOST]]\r\
    \n:local HostStatus [/tool netwatch get value-name=status [find host=\$HOST]]\r\
    \n#:log info \$HostStatus\r\
    \n:if (\$HostStatus=\"down\") do= {\r\
    \n    :interface wireguard peers disable 0\r\
    \n    :delay 3000ms\r\
    \n    :log warning \"\$NameHost(\$host) Conexion perdida\"\r\
    \n    :interface wireguard peers enable 0\r\
    \n    :delay 3000ms\r\
    \n}" type=simple up-script=""
cleaner code in the Test tab
:local HOST $host
:local NameHost [/tool netwatch get value-name=comment [find host=$HOST]]
:local HostStatus [/tool netwatch get value-name=status [find host=$HOST]]
:if ($HostStatus="down") do= {
    :interface wireguard peers disable 0
    :delay 3000ms
    :log warning "$NameHost($host) Conexion perdida"
    :interface wireguard peers enable 0
    :delay 3000ms
}

Who is online

Users browsing this forum: No registered users and 23 guests