Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik_sonora [2012/12/07 12:19]
gcooper
+++ — (current)
@@ Line 1: / Line 1: @@
-====== Sonora Comm Default MikroTik Configuration Script ======
-See also **[[networking:router:mikrotik|MikroTik]]**.
-http://wiki.mikrotik.com/wiki/A_script_to_set_up_WAN/LAN/WLAN_to_get_you_started
-===== Configuration Procedure =====
-  - Reset the router to **no configuration**
-    * ''/system reset-configuration no-defaults=yes''
-    * If you don't completely erase the configuration, the script will fail
-  - Copy, edit and save the script as ''configscript.rsc''
-  - Reconnect to the router using Winbox
-  - Drag and drop the script into the File List window
-  - Import the script
-    * ''/import configscript.rsc''
-===== Script =====
-<file>
-# Sonora RouterOS Config
-#
-# Adapted by Gene Cooper from a script by Nick Barnes (www.vitell.co.uk)
-#
-# http://www.sonoracomm.com
-#
-# Save this file as 'configscript.rsc' and drag it to the files window
-# in Winbox. Then at the command line, type '/import configscript.rsc'
-# and read the logs!
-#
-#################################################################
-#
-# The purpose of this script is to create a standard SOHO type
-# configuration which can be built on by the user.
-# It does not provide a complete solution, but should be enough
-# to get you up and running.
-#
-#################################################################
-# WARNING
-# As this script stands, it will trash your existing configuration
-# so don't run it on a router which has been customised or it won't
-# be any more!
-#
-# DO NOT run this on a live production system.
-#
-# We accept absolutely no liability whatsoever. If you choose to run
-# this script, anything bad that happens is entirely your problem.
-#
-# We recommend that your configuration be cleared with the command
-# '/system reset-configuration no-defaults=yes'
-# before this script is run.
-#################################################################
-#
-# Make your changes here:
-##########################
-#
-# Set the 'admin' password
-:local adminpassword "bad1egg!";
-#
-# Set the web management service port
-:local adminport "81";
-#
-#
-# Name servers must be IP addresses (i.e. not a FQDN)
-:local nsa "8.8.8.8";
-:local nsb "8.8.4.4";
-#
-# Use NAT (yes/no) - Set to 'yes' unless you know what you're doing!
-:local natuse "yes";
-#
-# Add all additional ethernet ports to the bridge (yes/no) - Set to 'yes' if you want all
-# other portsto be bridged as in most SOHO routers.
-:local bridgetherest "yes";
-#
-# Fowarding ports with this script is limited to one set of ports to one internal server.
-# Add additional ports manually afterwards.
-#
-# Forward TCP Ports (yes/no) - Set to 'no' unless you know what you're doing!
-:local fwdtcpports "yes";
-:local tcpports "21,25,80,443,465,993,995,2222";
-:local internalserver "192.168.1.2";
-#
-#
-#### Network Time (NTP) Settings
-#
-## NTP Client Settings
-#
-# We use two NTP servers and these must be specified as FQDNs
-# (Fully qualified domain names) - i.e. not IP addresss.
-#
-# Note that NTP we cannot assume that at the time configuration is run you will have an
-# Internet connection and so we cannot set this up with the addresses you choose
-# immediately (if we try to but RouterOS cannot resolve the host names, the script will crash).
-# So we set up dummy IP addresses to start with and then configure a script to run regularly
-# to ensure that the following addresses are used once the Internet connection is up. This
-# sounds long and complicated, but it's actually a better way of doing things anyway.
-# it means that if the IP addresses change for these hosts (as they will do if you use the
-# pool.ntp.org addresses), your RouterOS will always be connected to a working server.
-#
-# The defaults are fine, but you may want to closer servers if you don't live in the US.
-:local ntpa "0.us.pool.ntp.org";
-:local ntpb "1.us.pool.ntp.org";
-#
-# Now we define the temporary IP addresses to use pending resolution of the FQDNs above.
-:local ntptempa "199.241.31.96";
-:local ntptempb "173.244.211.10";
-#
-### NTP Server Settings
-#
-# Offer NTP to LAN (yes/no) - Leave this as 'no' unless you have installed the NTP package.
-# This sets the system up as a NTP server. This probably isn't necessary for simple solutions
-# but can save some bandwidth for larger systems
-:local ntpserver "no";
-#
-#
-#### PPPoE Settings
-#
-# Use PPPoE (yes/no) - Set to 'no' unless you know what you're doing!
-:local pppoeuse "no";
-#
-# Name of PPPoE interface to create if pppoeuse is 'yes'
-# You can safely leave this alone.
-:local pppoeinterface "pppoe1";
-#
-# Your PPPoE login details (ignored if PPPoE is not used)
-# PPPoE is configured on the WAN interface in addition to the WAN IP addresses defined below.
-#
-# Username
-:local pppoeuser "user@a.1";
-# Password
-:local pppoepassword "mypassword";
-#
-# The IP address you expect to have allocated to this interface.
-# Set to empty ("") if your address is allocated dynamically.
-# This is used to determine whether the link has gone down and you
-# have been allocated an incorrect IP address (typically this would
-# be when you have BT broadband in the UK!)
-# Leaving this variable blank means that a monitoring script will not
-# be created.
-:local pppoeipaddress "";
-#
-#
-#### Mail Settings
-#
-# The 'emailserver' must be a FQDN and this setting works in the same way as the NTP servers above
-# (i.e. we cannot assume that we can resolve the name right now)
-:local emailserver "mail.sonoracomm.com";
-#
-# Again, in the same way we did for NTP, above, we'll use the following IP address until we
-# can resolve the FQDN specified above. You're OK leaving this as the default, but doing so
-# may mean that e-mail doesn't work until the FQDN can be resolved.
-:local emailservertempip "209.104.9.39";
-#
-# The default address e-mails will appear to have been sent from.
-:local emailfrom "MT Router <router@client>";
-#
-# The e-mail address which should be notified about things happening on this system.
-:local emailto "router@sonoracomm.com";
-#
-# The e-mail username for SMTP Authentication.
-:local emailusername "smtpuser";
-#
-# The e-mail password for SMTP Authentication.
-:local emailpassword "MailFromMachines!";
-#
-# The SMTP port for mail submission.
-:local emailport "25";
-#
-#
-#### Interfaces
-#
-# You may define one WAN interface plus an ethernet LAN interface and/or a wireless LAN interface.
-# If you want both ethernet and wireless, a bridge is created across the two interfaces.
-#
-# Do we want to have our LAN on Ethernet (yes/no)
-:local useetherlan "yes";
-#
-# Do we want to have our LAN on Wireless (yes/no)
-:local usewlan "yes";
-#
-### Interface Names
-#
-# WAN interface
-:local waninterface "ether1";
-#
-# Ethernet LAN interface
-:local etherlaninterface "ether2";
-#
-# Wireless LAN interface
-:local wlaninterface "wlan1";
-#
-# Name of bridge to create if both useetherlan and usewlan are 'yes'
-:local bridgeinterface "bridge1";
-#
-#
-#### WAN IP Addressing
-#
-# Use DHCP Client on WAN (yes/no) - Set to 'yes' if your WAN IP is assigned via DHCP (cable modem?).
-:local dhcpwan "yes";
-#
-# The WAN address to use (if not using PPPoE or DHCP), the network it's in and
-# the number of bits in the subnet mask.  These are NOT checked!!  Note that even
-# if you are using PPPoE, you will still want to define a WAN network so you can
-# browse the web pages of your ADSL modem!
-:local wanaddress "1.1.1.1";
-:local wannetwork "1.1.1.0";
-:local wanbits "30";
-#
-# Define the external gateway
-# If we are using PPPoE or DHCP, this is not used, otherwise it's our route out to the world
-# and should probably be the address of your ADSL modem/router.
-:local wangateway "1.1.1.2";
-#
-#### LAN IP Addressing
-#
-# Router IP address, network and subnet mask (24 = 255.255.255.0)
-:local lanaddress "192.168.1.1";
-:local lannetwork "192.168.1.0";
-:local lanbits "24";
-#
-#
-#### Wireless Configuration
-#
-# This is only used if usewlan, above is "yes"
-# If you want a wireless LAN, this script sets one up with WPA and WPA2 security.
-# Define the frequency we want to run on. We suggest you leave this at the default and
-# tweak it later if required. '2412' is channel 1.
-#
-:local wlanfreq "2412";
-# Your SSID
-:local wlanssid "MyWIFI";
-# The Key to use.
-:local wlankey "baaaaaaaad";
-#
-#
-#### DHCP Server
-#
-# We must define a pool of addresses and a server to serve out that pool.
-#
-# Act as DHCP server to LAN (yes/no)
-:local dhcpuse "yes";
-#
-# Define the start and end addresses of the pool to offer.
-:local dhcppoolstart "192.168.1.65";
-:local dhcppoolend "192.168.1.199";
-#
-# If required, define the domain. You can probably leave this as the default.
-:local dhcpdomain "";
-#
-#
-################################################################
-# Don't change anything below this line.
-################################################################
-#
-:put "";
-#
-# Set up logging so we get more than the standard 100 lines.
-/system logging action set memory memory-lines=500
-#
-:log info "Starting pre-flight checks";
-#
-:local failedtests "0";
-#
-# Check that if we're using an ethernet LAN, the interface defined exists.
-:if ($useetherlan = "yes" and [/interface find name=$etherlaninterface] = "") do={
-    :log error "Specified Ethernet LAN interface '$etherlaninterface' doesn't exist.";
-	:set failedtests "1";
-  }
-# Check that if we're using a wireless LAN, we have the wireless package installed.
-:if ($usewlan = "yes" and [/system package find name=wireless disabled=no] = "") do={
-    :log error "\$usewlan=\"yes\", but wireless package is not installed.";
-	:set failedtests "1";
-  }
-# Check that if we're using a wireless LAN, the interface exists.
-:if ($usewlan = "yes" and [/interface find name=$wlaninterface] = "") do={
-    :log error "Specified Wireless LAN interface '$wlaninterface' doesn't exist.";
-	:set failedtests "1";
-  }
-# Check that the WAN interface exists
-:if ([/interface find name=$waninterface] = "") do={
-    :log error "Specified WAN interface '$waninterface' doesn't exist.";
-	:set failedtests "1";
-  }
-# Check that we aren't using the same interface for different purposes
-:if ((($useetherlan = "yes") and ($usewlan = "yes") and ($etherlaninterface = $wlaninterface)) or \
-  (($useetherlan = "yes") and ($etherlaninterface = $waninterface)) or \
-  (($usewlan = "yes") and ($wlaninterface = $waninterface))) do={
-    :log error "two or all of eLAN, wLAN and WAN interfaces are set to the same value";
-	:set failedtests "1";
-	}
-# If we want PPPoE, we need the PPP package.
-:if ($pppoeuse = "yes" and [/system package find name=ppp disabled=no] = "") do={
-    :log error "\$pppoeuse=\"yes\", but PPP package is not installed.";
-	:set failedtests "1";
-  }
-# If we want to be a NTP server, we need the NTP package.
-:if ($ntpserver = "yes" and [/system package find name=ntp disabled=no] = "") do={
-    :log error "\$ntpserver=\"yes\", but NTP package is not installed.";
-	:set failedtests "1";
-  }
-#
-# If we've failed any of the tests above, die!
-:if ($failedtests != "0") do={
-  :put "";
-  :put "";
-  :error "Script execution stopped under error condition. Please see the system log for details.";
-  }
-#
-# Clearing out the garbage.
-/system scheduler remove [find];
-/interface bridge remove [find];
-/interface bridge port remove [find];
-/ip address remove [find];
-/ip route remove [find dst-address=0.0.0.0/0];
-/ip dhcp-server remove [find];
-/ip pool remove [find];
-/ip dhcp-server network remove [find];
-/system script remove [find];
-/ip firewall address-list remove [find];
-/ip firewall nat remove [find];
-/ip firewall filter remove [find];
-#
-# Set admin password
-:log info "Setting admin password";
-/user set admin password="$adminpassword";
-#
-# Configure e-mail
-:log info "Configuring e-mail details";
-/tool e-mail set from="$emailfrom" password="$emailpassword" address="$emailservertempip"\
-   port="$emailport" user="$emailusername";
-#
-#
-# Get wireless working if required.
-:if ($usewlan = "yes") do={
-  :log info "Setting Wireless LAN security";
-  /interface wireless reset-configuration $wlaninterface;
-  /interface wireless security-profiles remove [find name!=default];
-  /interface wireless security-profiles add \
-    authentication-types=wpa-psk,wpa2-psk group-ciphers=aes-ccm \
-    unicast-ciphers=aes-ccm mode=dynamic-keys name=autoconfig \
-    wpa-pre-shared-key=$wlankey wpa2-pre-shared-key=$wlankey;
-  /interface wireless set $wlaninterface band=2ghz-b/g/n \
-    default-authentication=yes default-forwarding=yes disabled=no \
-    frequency=$wlanfreq mode=ap-bridge wireless-protocol=any\
-    security-profile=autoconfig channel-width=20/40mhz-ht-above\
-    ssid=$wlanssid ht-txchains=0,1 ht-rxchains=0,1 arp=enabled l2mtu=2290\
-    mtu=1500 distance=indoors country="united states";
-  }
-#
-# If using an Ethernet as the WAN interface and the bridge interface as the LAN,
-# we add the wireless and other Ethernet ports to the LAN bridge.
-#
-:local internalinterface;
-:if ($useetherlan = "yes") do={
-  :if ($usewlan = "yes") do={
-    :set internalinterface "$bridgeinterface";
-    } else={
-	:set internalinterface "$etherlaninterface";
-	}
-  } else={
-  :if ($usewlan = "yes") do={
-    :set internalinterface "$wlaninterface";
-    } else={
-	:set internalinterface "$bridgeinterface";
-	}
-  }
-#
-# Set up the bridge and add the interfaces if required.
-#
-:if ( $internalinterface = $bridgeinterface ) do={
-  /interface bridge add comment="LAN Bridge" disabled=no name=$bridgeinterface;
-#
-  /interface bridge port add bridge=$bridgeinterface comment="Master Bridge Port" disabled=no\
-    edge=auto external-fdb=auto horizon=none interface=$etherlaninterface path-cost=10\
-    point-to-point=auto priority=0x80;
-#
-  :if ( $bridgetherest = "yes" ) do={
-     :local etherports [ /interface ethernet find ];
-     :local totaletherports [ len $etherports ];
-     :local ethername "";
-     :foreach etherport in=$etherports do={
-       :set ethername [/interface get $etherport name];
-       :if (( $ethername != "$waninterface" ) and ( $ethername != "$etherlaninterface" )) do={
-         /interface bridge port add bridge=$bridgeinterface comment="Bridged Port" disabled=no\
-            interface=$ethername;
-         :log info "Added $ethername to $bridgeinterface";
-         }
-       }
-     }
-# Add the wireless LAN to the bridge
-  /interface bridge port add bridge=$bridgeinterface comment="Wireless Bridge Port" disabled=no\
-     interface=$wlaninterface;
-  }
-#
-:log info "Using $internalinterface as the internal interface.";
-#
-# Set up interfaces with the correct addresses
-#
-:if ($dhcpwan = "yes") do={
-  /ip dhcp-client add comment="DHCP on WAN" disabled=no interface=$waninterface;
-  :log info "Setting WAN IP address dynamically";
-  } else={
-      :log info "Setting WAN IP address to $wanaddress/$wanbits on interface $waninterface";
-      /ip address add address="$wanaddress/$wanbits" comment="WAN" disabled=no interface=$waninterface;
-      }
-#
-# Set LAN address
-:log info "Setting LAN IP address to $lanaddress/$lanbits on interface $internalinterface";
-/ip address add address="$lanaddress/$lanbits" comment="LAN" disabled=no interface=$internalinterface;
-#
-#
-# Sort out gateway
-:if (($pppoeuse != "yes") and ($dhcpwan != "yes")) do={
-  :log info "Setting gateway to $wangateway";
-  /ip route add comment="Default route" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=$wangateway;
-} else={
-  :log info "Not setting gateway as this will be provided by PPPoE or DHCP.";
-}
-#
-#
-# And DNS
-:log info "Setting DNS servers to $nsa and $nsb"
-/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
-    max-udp-packet-size=512 servers="$nsa,$nsb";
-#
-#
-# Set up DHCP server if required
-:if ($dhcpuse = "yes") do={
-  :log info "Setting DHCP server on interface $internalinterface, pool $dhcppoolstart-$dhcppoolend";
-  /ip pool add name=DHCPpool ranges="$dhcppoolstart-$dhcppoolend";
-  /ip dhcp-server network add address="$lannetwork/$lanbits" comment="DHCP" \
-    dns-server="$lanaddress,$nsa" domain=$dhcpdomain gateway=$lanaddress;
-  /ip dhcp-server add address-pool=DHCPpool authoritative=yes disabled=no \
-    interface=$internalinterface lease-time=3d name=DHCPserver;
-} else={
-  :log info "Skipping DHCP server configuration.";
-}
-#
-#
-# Set up PPPoE if required
-:if ($pppoeuse = "yes") do={
-  /interface pppoe-client remove [find];
-  :log info "Setting up PPPoE";
-  /interface pppoe-client add add-default-route=yes allow=chap comment="PPPoE" \
-    dial-on-demand=no disabled=no interface=$waninterface max-mru=1492 max-mtu=1492 \
-    mrru=disabled name="$pppoeinterface" password=$pppoepassword profile=default \
-    service-name="" use-peer-dns=no user=$pppoeuser;
-  } else={
-    :log info "Skipping PPPoE configuration.";
-  }
-#
-#
-# Set up NTP client (doesn't matter what addresses we specify here as long as there's something there)
-:log info "Setting up NTP client with dummy addresses.";
-/system ntp client set enabled=yes mode=unicast primary-ntp="$ntptempa" secondary-ntp="$ntptempb";
-:log info "Creating script to update with NTP servers $ntpa and $ntpb";
-/system script add name=setntpip policy=ftp,write,winbox source="# Get the current client status\r\
-\n:local ntpclientstatus [/system ntp client get status];\r\
-\n:if (\$ntpclientstatus=\"synchronized\") do={:error \"Already synchronised\"};\r\
-\n# Resolve the two ntp hostnames\r\
-    \n:local ntpipa [:resolve \"$ntpa\"];\r\
-    \n:local ntpipb [:resolve \"$ntpb\"];\r\
-    \n/system ntp client set primary-ntp=\"\$ntpipa\" secondary-ntp=\"\$ntpipb\";";
-:log info "Scheduling script.";
-/system scheduler add comment="Set the correct NTP addresses" disabled=no interval=1h name=setntpservers\
-   on-event=setntpip policy=write,test start-date=jan/01/1970 start-time=12:34:56;
-:log info "Running script on the offchance all interfaces are set up and it will work."
-:execute setntpip;
-#
-#
-# Set up as NTP server
-:if ($ntpserver = "yes") do={
-  :log info "Setting up NTP server";
-  /system ntp server set broadcast=no enabled=yes manycast=yes multicast=no;
-  } else={
-    :log info "Skipping NTP server configuration.";
-  }
-#
-#
-# Start with the firewall stuff.
-# First, define local addresses.
-:log info "Adding $lannetwork/$lanbits to local address list.";
-/ip firewall address-list add address="$lannetwork/$lanbits" comment="LAN" disabled=no list=local
-#
-#
-# Set up NAT if required. We need to know which interface to use (PPPoE or WAN)
-:local natinterface;
-:if ($natuse = "yes") do={
-  :if ($pppoeuse = "yes") do={
-    :log info "Using PPPoE interface for NAT";
-    :set natinterface "$pppoeinterface";
-  } else={
-    :log info "Using WAN interface for NAT";
-    :set natinterface "$waninterface";
-  }
-  :log info "NATting to interface $natinterface";
-  /ip firewall nat add action=masquerade chain=srcnat comment="NAT" disabled=no out-interface="$natinterface"
-} else={
-  :log info "Skipping NAT configuration.";
-}
-#
-# Enable connection tracking
-#
-:log info "Enabling connection tracking";
-#
-/ip firewall connection tracking
-set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s tcp-close-wait-timeout=10s\
-    tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s\
-    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s;
-#
-# Add filter rules
-:log info "Setting firewall rules";
-#
-/ip firewall filter
-add chain=input comment="Allow limited ICMP" limit=50/5s,2 protocol=icmp;
-add chain=input comment="Drop excess ICMP" protocol=icmp action=drop;
-add chain=input comment="Allow established connections" connection-state=established;
-add chain=input comment="Allow related connections" connection-state=related;
-add chain=input protocol=udp action=accept comment="Allow all UDP";
-add chain=input comment="Allow all from Sonora Comm" src-address=209.193.64.248/29;
-add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else";
-add action=drop chain=input comment="Drop everything else from outside"\
- in-interface=$waninterface;
-#
-#
-# Configure Port Forwarding
-#
-:if ($fwdtcpports = "yes") do={
-  /ip firewall nat add chain=dstnat in-interface=$waninterface protocol=tcp action=dst-nat\
-     dst-port=$tcpports to-addresses=$internalserver;
-  }
-#
-#
-#### Set up some useful scripts
-#
-/system script
-#
-:log info "Creating automatic mail server setting script";
-/system script add name=setmail policy=ftp,write,winbox source="# Resolve the mail server hostname\r\
-  \n:local emailserverip [:resolve \"$emailserver\"];\r\
-  \n/tool e-mail set server=\"\$emailserverip\";"
-:log info "Scheduling automatic mail server setting script to run hourly.";
-/system scheduler add comment="Set the correct mail server addresses" disabled=no interval=1h name=setmailserver\
-   on-event=setmail policy=reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970\
-   start-time=12:34:56;
-:log info "Running script on the offchance all interfaces are set up and it will work."
-:execute setmail;
-#
-# Automatic backup
-:log info "Creating automatic backup script";
-/system script add name=makebackup policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive\
-    source="\r\n:log info \"Starting Backup Script\";\r\
-    \n:local SYSname [/system identity get name];\r\
-    \n:put \"\$SYSname\";\r\
-    \n/export file=\"\$SYSname\";\r\
-    \n:log info \"Finished exporting configuration\";\r\
-    \n/tool e-mail send to=\"$emailto\" tls=yes subject=(\$SYSname . \" backup\") file=(\$SYSname . \".rsc\");\r\
-	\n:delay 10s;\r\
-    \n/file remove (\$SYSname . \".rsc\");\r\
-    \n:log info \"Finished Backup Script\"";
-:log info "Scheduling automatic backup script to run weekly.";
-/system scheduler add comment="Set the correct mail server addresses" disabled=no interval=7d name=runbackup\
-    on-event=makebackup policy=reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970\
-    start-time=12:34:56;
-#
-# System startup notification
-:log info "Creating system startup notification script";
-/system script add name=Systemstartupnotification policy=ftp,reboot,read,write,policy,test,winbox,sniff source="\r\
-    \n:local date ([:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]);\r\
-    \n\r\
-    \n:log info \"Running system startup script\";\r\
-    \n\r\
-    \n:local filename ([/system identity get name] . \"Log-\" . \$date);\r\
-    \n:local fullfilename (\$filename . \".txt\");\r\
-    \n\r\
-    \n/log print file=\$fullfilename;\r\
-    \n\r\
-    \n/tool e-mail send to=\"$emailto\" subject=(\"Routerboard reboot - \" . \$filename) file=\$filename \\\r\
-	\n  body=\"RouterOS was restarted (RB rebooted?). Recent logs attached.\";\r\
-    \n\r\
-    \n:delay 10s;\r\
-    \n\r\
-    \n/file remove \$fullfilename;\r\
-    \n\r\
-    \n:log info (\"System Log emailed at \" . [/system clock get time] . \" \" . \$date);\r\
-    \n";
-:log info "Scheduling system startup notification script to run on startup.";
-/system scheduler add comment="We've been rebooted" disabled=no interval=0s name=reboot on-event=Systemstartupnotification \
-    policy=reboot,read,write,policy,test,password,sniff,sensitive start-time=startup;
-#
-#
-# Restart PPPoE if the IP address isn't what we expect
-:if ($pppoeuse = "yes" and $pppoeipaddress != "") do={
-/system script add name=checkpppoe policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\r\
-    \n# Define the following two\r\
-    \n#\r\
-    \n# Name of the PPPoE interface\r\
-    \n:local pppoeint \"$pppoeinterface\";\r\
-    \n:local expectedip \"$pppoeipaddress/32\";\r\
-    \n\r\
-    \n:local curip [/ip address get [find interface=\$pppoeint] address];\r\
-    \n\r\
-    \n:if (\$curip != \$expectedip) do={\r\
-    \n  /interface disable \"\$pppoeint\";\r\
-    \n  :delay 1s;\r\
-    \n  /interface enable \"\$pppoeint\";\r\
-    \n}\r\
-    \n\r\
-    \n"
-/system scheduler add comment="Check PPPoE" disabled=no interval=2m name=checkpppoe on-event=checkpppoe \
-    policy=reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/01/1970 start-time=12:34:56;
-}
-#
-# Change the admin service port for web browser management
-/ip service set www port=$adminport;
-#
-:log info "Auto configuration ended.";
-:put "";
-:put "";
-:put "Auto configuration ended. Please check the system log.";
-:put "";
-:put "To access the router with a web browser, you must now use port $adminport";
-:put "";
-</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools