# apr/12/2016 10:02:10 by RouterOS 6.34.4 # software id = DSCZ-MV3L # /system script add name=ampr_gw owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#\r\ \n# RIPv2 based AMPR Tunnel setup script for RouterOS v1.6\r\ \n#\r\ \n# by YO2LOJ, Marius \r\ \n#\r\ \n\r\ \n# ======================================================================\ ==============\r\ \n# Warning: This will take some time and create a full cpu load on single\ \_core routers.\r\ \n# I would really recommend a multicore router...\r\ \n# ======================================================================\ ==============\r\ \n# On a RB1100AHx2 it hogs one core and takes 2-3 minutes fo complete.\r\ \n# Routing speed is slightly affected, but using fastpath improves things\ .\r\ \n# For PPPoE uplinks, use ROS 6.35+ for fastpath.\r\ \n#\r\ \n# RIP routes from AMPR GW go into an unused routing table\r\ \n# All dynamic tunnel names start with \"ampr-\"\r\ \n# Make sure you have no other IPIP tunnels using such names.\r\ \n#\r\ \n\r\ \n# Setup example - please adapt\r\ \n# ============================\r\ \n# (public ip is 89.122.215.236, router's ampr ip 44.182.21.254, WAN inte\ rface is PPPoE-In):\r\ \n#\r\ \n# You need to set up a initial tunnel to amprgw\r\ \n# /interface ipip\r\ \n# add !keepalive clamp-tcp-mss=yes local-address=89.122.215.2\ 36 \\\r\ \n# remote-address=169.228.66.251 name=ucsd-gw\r\ \n#\r\ \n# Add an accept filter on the input chain for RIP:\r\ \n# /ip firewall filter\r\ \n# add chain=input comment=RIP dst-port=520 in-interface=ucsd-\ gw protocol=udp \\\r\ \n# src-address=44.0.0.1 src-port=520\r\ \n#\r\ \n# To be safe accept IP encap protocol on WAN by settinf an accept filter\ \_on the input chain:\r\ \n# add chain=input comment=\"IP Encap\" in-interface=PPPoE-In \ protocol=ipencap\r\ \n#\r\ \n# (make sure they are on the top of the filter list) \r\ \n#\r\ \n# Add a local AMPR IP with netmask /8:\r\ \n# /ip address\r\ \n# add address=44.182.21.254/8 interface=ucsd-gw network=44.0.\ 0.0\r\ \n#\r\ \n# To be able to receive RIPv2 broadcasts into a specific table, first cr\ eate a VRF:\r\ \n# /ip route vrf\r\ \n# add interfaces=ucsd-gw routing-mark=44rip\r\ \n#\r\ \n# Remember: all traffic from this interface will be marked with routing \ mark \"44rip\"\r\ \n#\r\ \n# Activate passive RIP for that routing table:\r\ \n# (use the real password - get it from your coordinator or a friend):\r\ \n# /routing rip\r\ \n# set garbage-timer=20m routing-table=44rip timeout-timer=10m\ \_update-timer=5m\r\ \n# /routing rip interface\r\ \n# add authentication=simple authentication-key= \\\ \r\ \n# in-prefix-list=all interface=ucsd-gw out-prefix-list= n\ one passive=yes receive=v2\r\ \n# /routing rip network\r\ \n# add network=44.0.0.0/8\r\ \n#\r\ \n# Now wait 5 minutes. You should see RIP routes in your RIP route list a\ nd in your routing table\r\ \n# These are in routing table \"44rip\", and will not affect other routin\ g unless explicitly used.\r\ \n#\r\ \n# In Winbow, create a new script called \"ampr_gw\" and paste the conten\ t of this file into the text\r\ \n# field and press apply.\r\ \n#\r\ \n# ----------------------------------------------------------------\r\ \n# Now run this script. It should create some 325 tunnel interfaces\r\ \n# and some 510 routes in the main table. Be patient...\r\ \n# ----------------------------------------------------------------\r\ \n#\r\ \n# To get internet traffic from ucsd-gw into the main routing table and e\ nsure reply via ucsd-gw,\r\ \n# some mangle rules and one route are needed.\r\ \n# We will use connection mark \"c-44net\" and routing mark \"44net\":\r\ \n# /ip firewall mangle\r\ \n# add action=mark-connection chain=prerouting comment=\"Mark inco\ ming Inet to AMPR\" \\\r\ \n# in-interface=ucsd-gw new-connection-mark=c-44net passthroug\ h=yes\r\ \n# add action=mark-routing chain=prerouting comment=\"Mark connect\ ion Inet to AMPR\" \\\r\ \n# in-interface=ucsd-gw new-routing-mark=main passthrough=no\r\ \n# add action=mark-routing chain=prerouting comment=\"Mark replies\ \_AMPR to Inet\" \\\r\ \n# connection-mark=c-44net new-routing-mark=44net passthrough=\ no\r\ \n# /ip route\r\ \n# add comment=\"Default UCSD reply route\" distance=250 gateway=\ ucsd-gw routing-mark=44net\r\ \n#\r\ \n#\r\ \n# If everything checks out, schedule the script to be executed every 5 m\ inutes, 1 minute afer the\r\ \n# 5 minute mark. Let's say the script is called \"ampr_gw\"...\r\ \n#\r\ \n# If you have a slow router, set it to run on a multiple of 5 minutes, b\ ut 1 min after the 5 min mark\r\ \n# (interval should be 5, 10m, 15m...):\r\ \n# /system scheduler\r\ \n# add interval=5m name=\"ampr update\" on-event=ampr_gw \\\r\ \n# policy=read,write,policy,test,password,sniff,sensitive star\ t-time=00:06:00\r\ \n#\r\ \n\r\ \n\r\ \n# -------------------------------------------------------------\r\ \n# Setup parameters (change as needed)\r\ \n# -------------------------------------------------------------\r\ \n# your gateway IP\r\ \n:local myip \"192.168.1.1\" ;\r\ \n# router local AMPR IP\r\ \n:local myampr \"44.128.1.1\" ;\r\ \n# routing distance for AMPR routes\r\ \n:local mydistance 50 ;\r\ \n# global delay between steps\r\ \n: local delay \"10ms\" ;\r\ \n# -------------------------------------------------------------\r\ \n\r\ \n :global AmprPhase\r\ \n\r\ \n :local date [/system clock get date] ;\r\ \n :local time [/system clock get time] ;\r\ \n :local runtime (\$date . \" \" . \$time) ;\r\ \n\r\ \n #\r\ \n # process tunnels from RIPv2 information\r\ \n #\r\ \n :set \$AmprPhase \"Add new tunnels and add/update routes\" ;\r\ \n\r\ \n :foreach tunnel in=[/routing rip route find from=44.0.0.1] do={\r\ \n :local subnet [/routing rip route get \$tunnel dst-address] ;\r\ \n :local gw [/routing rip route get \$tunnel gateway] ;\r\ \n :local ifname (\"ampr-\" . \$gw) ;\r\ \n\r\ \n :delay \$delay\r\ \n\r\ \n # create tunnel if it doesn't exist\r\ \n :if ([/interface ipip find name=\$ifname] = \"\") do={\r\ \n /interface ipip add !keepalive clamp-tcp-mss=yes local-addres\ s=\$myip remote-address=\$gw name=\$ifname comment=(\"Added on \". \$runti\ me)\r\ \n /ip neighbor discovery set \$ifname discover=no\r\ \n }\r\ \n\r\ \n # change/add route\r\ \n :local amprupd false ;\r\ \n # we can have nore than one route\r\ \n :foreach myroute in=[/ip route find dst-address=\$subnet !routin\ g-mark] do={\r\ \n :delay \$delay\r\ \n # gateway is an array !!! Get the first string\r\ \n :local intf [:pick [/ip route get \$myroute gateway] 0] ;\r\ \n # check if the interface starts with 'ampr-'\r\ \n :if ([:find \$intf \"ampr-\" -1 ] = 0) do={\r\ \n # update if needed\r\ \n :if ( \$intf != \$ifname) do={\r\ \n /ip route set \$myroute gateway=\$ifname comment=(\"\ Updated on \". \$runtime)\r\ \n }\r\ \n # route is up to date\r\ \n :set \$amprupd true ;\r\ \n }\r\ \n }\r\ \n\r\ \n # if not updated previously add the route\r\ \n :if (\$amprupd = false) do={\r\ \n /ip route add dst-address=\$subnet gateway=\$ifname distance\ =\$mydistance pref-src=\$myampr comment=(\"Added on \". \$runtime)\r\ \n }\r\ \n }\r\ \n\r\ \n # check obsolete stuff only if RIP data is available\r\ \n :if ([/routing rip route find from=44.0.0.1] != \"\") do={\r\ \n\r\ \n # this array will hold all AMPR route interfaces\r\ \n :local tunarray \"\";\r\ \n\r\ \n # check and remove obsolete routes\r\ \n :set \$AmprPhase \"Remove obsolete routes\" ;\r\ \n :foreach myroute in=[/ip route find pref-src=\$myampr] do={\r\ \n :delay \$delay\r\ \n # gateway is an array !!! Get the first string\r\ \n :local intf [:pick [/ip route get \$myroute gateway] 0] ;\r\ \n # check if the interface starts with 'ampr-'\r\ \n :if ([:find \$intf \"ampr-\" -1 ] = 0) do={\r\ \n :local mysubnet ([/ip route get \$myroute dst-address]) \ ;\r\ \n # check if the subnet is in RIP data, remove if not ther\ e\r\ \n :if ([/routing rip route find dst-address=\$mysubnet] = \ \"\") do={\r\ \n /ip route remove \$myroute\r\ \n } else={\r\ \n # the route is valid. Add the interface to the tunne\ l array\r\ \n # we don't care about dupes\r\ \n :set \$tunarray (\$tunarray, \$intf) ;\r\ \n }\r\ \n }\r\ \n }\r\ \n\r\ \n # check and remove obsolete interfaces\r\ \n :set \$AmprPhase \"Remove obsolete tunnels\" ;\r\ \n :foreach mytunnel in=[/interface ipip find] do={\r\ \n :delay \$delay\r\ \n # check if the interface starts with 'ampr-'\r\ \n :local intf [/interface ipip get \$mytunnel name] ;\r\ \n :if ([:find \$intf \"ampr-\" -1 ] = 0) do={\r\ \n # check if tunnel is used by any route\r\ \n :if ([:find \$tunarray \$intf -1] < 0) do={\r\ \n /interface ipip remove \$mytunnel \r\ \n }\r\ \n }\r\ \n }\r\ \n }\r\ \n :set \$AmprPhase \"Idle\" ;" add name=update_amprgw owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global\ \_AmprRunning ;\r\ \n:global AmprFailCount ;\r\ \n\r\ \n:local RipEntries [:len [/routing rip route find from=44.0.0.1]] ;\r\ \n\r\ \n:if ( \$RipEntries > 100 ) do={\r\ \n\r\ \n :if (\$AmprRunning = true) do={\r\ \n :set \$AmprFailCount (\$AmprFailCount + 1) ;\r\ \n }\r\ \n\r\ \n if (\$AmprFailCount > 3) do={\r\ \n :set \$AmprFailCount 0 ;\r\ \n :set \$AmprRunning false ;\r\ \n }\r\ \n\r\ \n :if (\$AmprRunning != true) do={\r\ \n :set \$AmprRunning true ;\r\ \n /system script run ampr_gw\r\ \n :set \$AmprRunning false ;\r\ \n :set \$AmprFailCount 0 ;\r\ \n }\r\ \n\r\ \n} else={\r\ \n :log error \"To few RIP entries available\" ;\r\ \n}\r\ \n" /system scheduler add comment="AMPR update" disabled=yes interval=30m name="ampr update" \ on-event=update_amprgw policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\ apr/12/2016 start-time=00:21:00