[MT]: Multiwan dynamic DHCP/PPPoE

1. # OUTPUT LOADBALANCE / SERVICE PUBLICATION
2. # DYNAMIC IP ADDRESSES
3.  
4. # [INTERNAL]
5. NET: 192.168.99.0/24
6. GW-MT: 192.168.99.1/24
7. IFACE: lan-bridge
8. HOST: 192.168.99.100
9. PROTOCOL/PORT: TCP/51234
10.  
11. # [FIREWALL ADDRESS-LIST]
12. # LOCAL-NETWORKS
13. /ip firewall address-list add address=192.168.99.0/24 list=alst-LOCAL-NETS
14. # CHECK-GATEWAY HOSTS (one per ISP)
15. /ip firewall address-list add address=8.8.4.4 list=alst-wan1-CHKGW
16. /ip firewall address-list add address=8.8.8.8 list=alst-wan2-CHKGW
17.  
18. # [IFACE-LIST]
19. /interface list add comment="userconf: contains pppoe connected interfaces" name=pppoe-conn
20. /interface list add comment="userconf: contains wan interfaces" include=pppoe-conn name=wan
21.  
22. # [ISP1]
23. # 1. WAN1 (PPPoE-client)
24. # 1.1 Interface configuration
25. /interface ethernet set [ find default-name=ether1 ] comment="=EXT1-LNK="
26.  
27. /ppp profile add address-list=alst-PPPOE-CONN change-tcp-mss=yes interface-list=pppoe-conn name=pppoe-wan1 remote-address=10.64.64.64 use-compression=no use-encryption=no use-mpls=no use-upnp=no
28.  
29. # 1.2 Scripts
30. # 1.2.1 --- PPP-UP-SCRIPT ---
31. # Copy to on-up="" section of /ppp profile configuration
32.  
33. # Main
34. :local DEBUG 0;
35.  
36. :local pppAddr $"local-address" ;
37. :local pppGateWay $"remote-address" ;
38. :local pppIfaceNum $"interface" ;
39. :local pppIface [ interface get $pppIfaceNum name ];
40. :local rtName ( "rt-" . $pppIface );
41. :local rtRuleComment ( "pppoe-" . $pppIface );
42. :local alstRoutesName ("alst-" . $pppIface . "-CHKGW" );
43.  
44. # Debug info
45. :log info ( "ppp-up: running custom script on interface up" );
46. :if ( $DEBUG=1 ) do={
47.     :log info ( "ppp-up: address - $pppAddr / gateway - $pppGateWay / iface - $pppIface" );
48.     :log info ( "ppp-up: rt - $rtName / comment - $rtRuleComment / alst - $alstRoutesName" );
49. }
50. # Load functions
51. :do { /system script run ros-functions } on-error={
52.     :log error ( "ppp-up: can't load necessery functions" );
53.     :error "[ERR]: can't load necessery functions - inconsistent list of scrips" ;
54. }
55. # Add route rules for connected routes
56. :global funcAddRouteRuleConn;
57. $funcAddRouteRuleConn $pppAddr $rtName $rtRuleComment
58. # Add static routes if address-list present
59. :global funcAddStaticRoute;
60. :if ( [ len [ /ip firewall address-list find list="$alstRoutesName" ] ] !=0 ) do={
61.     foreach number in=[ /ip firewall address-list find list="$alstRoutesName" ] do={
62.         :local dst [ ip firewall address-list get $number address ];
63.         $funcAddStaticRoute $dst $pppGateWay 1 10 $rtRuleComment
64.     }
65. }
66. # Environment cleanup
67. :do { /system script environment remove [ find name~"func" ] } on-error={
68.     :log warning ( "ppp-up: script environment cleanup is failed" );
69. }
70. # End
71.  
72. # 1.2.2 --- PPP-DOWN-SCRIPT ---
73. # Copy to on-down="" section of /ppp profile configuration
74.  
75. # Main
76. :local DEBUG 0;
77.  
78. :local pppAddr $"local-address" ;
79. :local pppGateWay $"remote-address" ;
80. :local pppIfaceNum $"interface" ;
81. :local pppIface [ interface get $pppIfaceNum name ];
82. :local rtName ( "rt-" . $pppIface );
83. :local rtRuleComment ( "pppoe-" . $pppIface );
84.  
85. # Debug info
86. :log info ( "ppp-down: running custom script on interface down" );
87. :if ( $DEBUG=1 ) do={
88.     :log info ( "ppp-down: address - $pppAddr / gateway - $pppGateWay / iface - $pppIface" );
89.     :log info ( "ppp-down: rt - $rtName / comment - $rtRuleComment" );
90. }
91. # Clean-up route rules
92. /ip route rule remove [ find comment~"$rtRuleComment" ] ;
93. # Clean-up static routes
94. /ip route remove [ find comment~"$rtRuleComment" ];
95. # End
96.  
97. # 1.3 PPPoE-client configuration
98. /interface pppoe-client add allow=mschap2 comment="pppoe-client::wan1=" disabled=no interface=ether1 max-mru=1492 max-mtu=1492 mrru=1614 name=wan1 password=qwe345 profile=pppoe-wan1 user=vpn-acc02
99.  
100. # [ISP2]
101. # 2. WAN2 (DHCP-client)
102. # 2.1 Interface configuration
103. /interface ethernet set [ find default-name=ether2 ] comment="=EXT2=" name=wan2
104. /interface list member add interface=wan2 list=wan
105.  
106. /ip dhcp-client add add-default-route=no comment="dhcp-client::wan2" dhcp-options=hostname,clientid disabled=no interface=wan2
107.  
108. # 2.2 Scripts
109. # 2.2.1 --- DHCP-LEASE SCRIPT ---
110. # Copy to script="" section of /ip dhcp-client configuration
111.  
112. # Main
113. :local DEBUG 0;
114.  
115. :local dhcpAddr $"lease-address" ;
116. :local dhcpGateWay $"gateway-address" ;
117. :local dhcpIface $"interface" ;
118. :local rtName ( "rt-" . $dhcpIface );
119. :local rtRuleComment ( "dhcp-" . $dhcpIface );
120. :local alstRoutesName ("alst-" . $dhcpIface . "-CHKGW" );
121.  
122. :if ($bound=1) do={
123.     :log info ( "dhcp-lease: running custom script on address bound" );
124.     # Debug info
125.     :if ( $DEBUG=1 ) do={      
126.         :log info ( "dhcp-lease: address - $dhcpAddr / gateway - $dhcpGateWay / iface - $dhcpIface" );
127.         :log info ( "dhcp-lease: rt - $rtName / comment - $rtRuleComment" );
128.     }
129.     # Load functions
130.     :do { /system script run ros-functions } on-error={
131.         :log error ( "dhcp-lease: can't load necessery functions" );
132.         :error "[ERR]: can't load necessery functions - inconsistent list of scrips" ;
133.     }
134.     # Add route rules for connected routes
135.     :global funcAddRouteRuleConn;
136.     $funcAddRouteRuleConn $dhcpAddr $rtName $rtRuleComment
137.     # Add static routes if address-list present
138.     :global funcAddStaticRoute;
139.     :if ( [ len [ /ip firewall address-list find list="$alstRoutesName" ] ] !=0 ) do={
140.         foreach number in=[ /ip firewall address-list find list="$alstRoutesName" ] do={
141.             :local dst [ ip firewall address-list get $number address ];
142.             $funcAddStaticRoute $dst $dhcpGateWay 1 10 $rtRuleComment
143.         }
144.     }  
145.     # Environment cleanup
146.     :do { /system script environment remove [ find name~"func" ] } on-error={
147.         :log warning ( "dhcp-lease: script environment cleanup is failed" );
148.     }
149. } else {
150.     :log info ( "dhcp-lease: running custom script on address release" );
151.     # Debug info
152.     :if ( $DEBUG=1 ) do={
153.         :log info ( "dhcp-lease: address - $dhcpAddr / gateway - $dhcpGateWay / iface - $dhcpIface" );
154.         :log info ( "dhcp-lease: rt - $rtName / comment - $rtRuleComment" );
155.     }
156.     # Clean-up route rules
157.     /ip route rule remove [ find comment~"$rtRuleComment" ];
158.     # Clean-up static routes
159.     /ip route remove [ find comment~"$rtRuleComment" ];
160. };
161. # End
162.  
163. # [SCRIPTS-MAGIC]
164. # 3. Scripts are mentioned above loads /system script which contains necesserry functions
165. # 3.1 Script settings
166. /system script add comment="=ROS-FUNCTIONS=" dont-require-permissions=no name=ros-functions owner=admin policy=ftp,reboot,read,write,policy,test,sniff
167.  
168. # 3.2 --- ROS-FUNCTIONS ---
169. # 3.2.1 Add route rule for wan iface's ip addresses in custom routing table
170. :global funcAddRouteRuleConn do={
171.     :local DEBUG 0;
172.    
173.     :local Ip $1;
174.     :local Self;
175.     :if ( [ :len $Ip ] != 0 ) do={ :set Self ( $Ip . "/32" ); }
176.     :local Table $2;
177.     :local CommentPrfx $3;
178.     :local Comment;
179.     :if ( [ :len $CommentPrfx ] != 0 ) do={ :set Comment ( $CommentPrfx . "::connected" ); }
180.    
181.     :local Action "lookup-only-in-table";
182.     :if ( $DEBUG=1 ) do={
183.         :log info ( "functions: self - $Self / table - $Table / comment - $Comment" );
184.         :log info ("functions: /ip route rule add comment=$Comment dst-address=0.0.0.0/0 src-address=$Self action=$Action table=$Table");
185.     }
186.    
187.     :local count [ /ip route rule print count-only where !disabled and comment=$Comment and table=$Table ];
188.    
189.     :if ($count = 0) do={
190.         # No route rules - add new one to the top of the list
191.         do { /ip route rule add comment=$Comment dst-address=0.0.0.0/0 src-address=$Self action=$Action table=$Table } on-error={
192.             :log error ("functions: cannot add route rule - params error? (funcAddRouteRuleConn)");
193.             :error "functions: cannot add route rule - params error? (funcAddRouteRuleConn)"
194.         };
195.     } else={
196.         :if ($count = 1) do={
197.             # Update existing route rule if it's required
198.             :local ruleNum [ /ip route rule find where !disabled and comment=$Comment and table=$Table ];
199.             :if ( [ /ip route rule get $ruleNum src-address ] != $Self ) do={
200.                 do { /ip route rule set $ruleNum src-address=$Self } on-error={
201.                     :log error ("functions: cannot update route rule - params error? (funcAddRouteRuleConn)");
202.                     :error "functions: cannot update route rule - params error? (funcAddRouteRuleConn)" };
203.             }
204.         } else={
205.             # More then two route rules with same comment and rt - abnormal condition (???)
206.             :log warn ("functions: multiple route rules for connected addresses in rt $Table (funcAddRouteRuleConn)");
207.             # Clean up & recreate single one
208.             do { /ip route rule remove [ find where !disabled and comment=$Comment and table=$Table ] } on-error={
209.                 :log error ("functions: cannot remove duplicate route rules - params error? (funcAddRouteRuleConn)");
210.                 :error "functions: cannot remove duplicate route rules - params error? (funcAddRouteRuleConn)"
211.             }
212.             do { /ip route rule add comment=$Comment dst-address=0.0.0.0/0 src-address=$Self action=$Action table=$Table } on-error={
213.                 :log error ("functions: cannot add route rule - params error? (funcAddRouteRuleConn)");
214.                 :error "functions: cannot add route rule - params error? (funcAddRouteRuleConn)"
215.             }
216.         }
217.     }
218. }
219. # 3.2.2 Add static route in given routing table
220. :global funcAddStaticRoute do={
221.     :local DEBUG 0;
222.    
223.     :local Dst $1;
224.     if ( $Dst ~ "^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$" ) do={ :set $Dst ( $Dst . "/32" )};
225.     :local Gateway $2;
226.     :local Distance $3;
227.     :if ( [ :len $Distance ] = 0 ) do={ :set Distance 255 };
228.     :local Scope $4;
229.     :if ( [ :len $Scope ] = 0 ) do={ :set Scope 30 };
230.     :local CommentPrfx $5;
231.     :local Comment;
232.     :if ( [ :len $CommentPrfx ] != 0 ) do={ :set Comment ( $CommentPrfx . "::userconf-scripts" ); } else {
233.         :set Comment ( $Dst . "::userconf-scripts" );
234.     }
235.     :local Table $6;
236.     :if ( [ :len $Table ] = 0 ) do={ :set $Table "main" };
237.    
238.     :if ( $DEBUG=1 ) do={
239.         :log info ( "functions: dst - $Dst / gw - $Gateway / dist - $Distance / scope - $Scope / comment - $Comment / table - $Table" );
240.     }
241.    
242.     :local count;
243.     :if ( $Table = "main" ) do={
244.         :set count [ /ip route print count-only where dst-address=$Dst and comment=$Comment ];
245.     } else={
246.         :set count [ /ip route print count-only where dst-address=$Dst and comment=$Comment and routing-mark=$Table ];
247.     }
248.    
249.     :if ($count = 0) do={
250.         # No routes - add new one
251.         do { /ip route add comment=$Comment dst-address=$Dst gateway=$Gateway distance=$Distance routing-mark=$Table scope=$Scope } on-error={
252.             :log error ("functions: cannot add route - params error? (funcAddRoute)");
253.             :error "functions: cannot add route - params error? (funcAddRoute)"
254.         };
255.     } else={
256.         :if ($count = 1) do={
257.             # Update existing route rule if it's required
258.             :local routeNum;
259.             :if ( $Table = "main" ) do={
260.                 :set routeNum [ /ip route find where dst-address=$Dst and comment=$Comment ];
261.             } else={
262.                 :set routeNum [ /ip route find where dst-address=$Dst and comment=$Comment and routing-mark=$Table ];
263.             }
264.             # Gateway
265.             :if ( [ /ip route get $routeNum gateway ] != $Gateway ) do={
266.                 do { /ip route set $routeNum gateway=$Gateway } on-error={
267.                     :log error ("functions: cannot update route gateway - params error? (funcAddRoute)");
268.                     :error "functions: cannot update route gateway - params error? (funcAddRoute)" };
269.             }
270.             # Distance
271.             :if ( [ /ip route get $routeNum distance ] != $Distance ) do={
272.                 do { /ip route set $routeNum distance=$Distance } on-error={
273.                     :log error ("functions: cannot update route distance - params error? (funcAddRoute)");
274.                     :error "functions: cannot update route distance - params error? (funcAddRoute)" };
275.             }
276.             # Scope
277.             :if ( [ /ip route get $routeNum scope ] != $Scope ) do={
278.                 do { /ip route set $routeNum distance=$Distance } on-error={
279.                     :log error ("functions: cannot update route distance - params error? (funcAddRoute)");
280.                     :error "functions: cannot update route distance - params error? (funcAddRoute)" };
281.             }
282.         } else={
283.             # More then two route rules with same comment and rt - abnormal condition (???)
284.             :log warn ("functions: multiple route to given destination in rt $Table (funcAddRoute)");
285.             # Clean up & recreate single one
286.             :if ( $Table = "main" ) do={
287.                 do { /ip route remove [ find where dst-address=$Dst comment=$Comment ] } on-error={
288.                     :log error ("functions: cannot remove duplicate routes - params error? (funcAddRoute)");
289.                     :error "functions: cannot remove duplicate route rules - params error? (funcAddRoute)"
290.                 }
291.             } else={
292.                 do { /ip route remove [ find where dst-address=$Dst comment=$Comment and routing-mark=$Table ] } on-error={
293.                     :log error ("functions: cannot remo`e duplicate routes - params error? (funcAddRoute)");
294.                     :error "functions: cannot remove duplicate route rules - params error? (funcAddRoute)"
295.                 }
296.             }
297.             do { /ip route add comment=$Comment dst-address=$Dst gateway=$Gateway distance=$Distance routing-mark=$Table scope=$Scope } on-error={
298.                 :log error ("functions: cannot add route - params error? (funcAddRoute)");
299.                 :error "functions: cannot add route - params error? (funcAddRoute)"
300.             }
301.         }
302.     }
303. }
304.  
305. # [ROUTES]
306. # All specific recursive routes will be added using scripts
307. # MAIN
308. /ip route add check-gateway=ping comment="main::default" distance=11 gateway=8.8.4.4
309. /ip route add check-gateway=ping comment="main::default" distance=15 gateway=8.8.8.8
310. # rt-WAN1
311. /ip route add comment="wan1::default" distance=11 gateway=8.8.4.4 routing-mark=rt-wan1
312. /ip route add comment="wan1::default" distance=15 gateway=8.8.8.8 routing-mark=rt-wan1
313. # rt-WAN2
314. /ip route add comment="wan2::default" distance=11 gateway=8.8.8.8 routing-mark=rt-wan2
315. /ip route add comment="wan2::default" distance=15 gateway=8.8.4.4 routing-mark=rt-wan2
316.  
317. # [ROUTE RULES]
318. # All look-up-only rules will be added using scripts
319. /ip route rule add comment="ext1::checkgateway" dst-address=8.8.8.4/32 table=main
320. /ip route rule add comment="ext2::checkgateway" dst-address=8.8.8.8/32 table=main
321. /ip route rule add dst-address=192.168.99.0/24 table=main
322.  
323. # [MANGLE]
324. # PORT-FORWARDING
325. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan1-in" connection-state=new dst-port=51234 in-interface=wan1 new-connection-mark=cin-wan1 passthrough=yes protocol=tcp
326. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan1-in" connection-mark=cin-wan1 new-routing-mark=rt-wan1 passthrough=no
327. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan2-in" connection-state=new dst-port=51234 in-interface=wan2 new-connection-mark=cin-wan2 passthrough=yes protocol=tcp
328. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan2-in" connection-mark=cin-wan2 new-routing-mark=rt-wan2 passthrough=no
329. # LOAD-BALANCE
330. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan1-out" connection-state=related,new dst-address-list=!alst-LOCAL-NETS in-interface=lan-bridge new-connection-mark=cout-wan1 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0
331. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan1-out" connection-mark=cout-wan1 new-routing-mark=rt-wan1 passthrough=no
332. /ip firewall mangle add action=mark-connection chain=prerouting comment="cmark::wan2-out" connection-state=related,new dst-address-list=!alst-LOCAL-NETS in-interface=lan-bridge new-connection-mark=cout-wan2 passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1
333. /ip firewall mangle add action=mark-routing chain=prerouting comment="lan::wan2-out" connection-mark=cout-wan2 new-routing-mark=rt-wan2 passthrough=no
334.  
335. # [NAT]
336. # PORT-FORWARDING
337. /ip firewall nat add action=dst-nat chain=dstnat comment="pfwd::wan-all" dst-port=51234 in-interface-list=wan protocol=tcp to-addresses=192.168.99.100
338. # SRC-NAT
339. /ip firewall nat add action=masquerade chain=srcnat comment="masquerade::wan-all" out-interface-list=wan src-address-list=alst-LOCAL-NETS