I use a script to check that the connection is established through the right channel (because the backup channel is with limited traffic). Additionally, a recursive routes check, so that two routes go to each wan "through the dns server".
Please tell me how to add a situation to this script to check if an IKE connection exists, and if not, to disable and enable the peer.
I did this, but it doesn't work well:
Code: Select all
:if ([/ip/ipsec/active-peers print count-only]=0) do={
:local ikeaddr "0"
} else={
:local ikeaddr [/ip/ipsec/active-peers get [/ip/ipsec/active-peers find] local-address];
}
:if ($ikeaddr != "192.168.1.2") do={
:if ($ikeaddr = "192.168.2.17") do={
:log warning "Wrong IKEv2 way";
:if ([ip route get [find routing-table="Out WAN1" gateway=8.8.4.4] active]||[ip route get [find routing-table="Out WAN1" gateway=1.0.0.1] active]) do={
:log warning "reconnect IKEv2";
/ip ipsec active-peers kill-connections;
} else={
:log warning "WAN1 is dead"
}
} else={
:log warning "Reset IKE2 peer";
/ip/ipsec/peer/disable "peer ike2";
/ip/ipsec/peer/enable "peer ike2";
}
}
192.168.2.17 - backup WAN IP
1. I don't know how to properly check if a connection exists. My version not works.
2. I can’t figure out how to write a script correctly so that the peer does not turn off while creating a connection (reconnection).