routeros-scripts/update-tunnelbroker

#!rsc
# RouterOS script: update-tunnelbroker
# Copyright (c) 2013-2019 Christian Hesse <mail@eworm.de>
#                         Michael Gisbers <michael@gisbers.de>

:global CertificateAvailable;

:if ([ / ip cloud get ddns-enabled ] != true) do={
  :log error "IP cloud DDNS is not enabled.";
  :error "Error: See log for details.";
}

# Get the current ip address from cloud
/ ip cloud force-update;
:while ([ / ip cloud get status ] != "updated") do={
  :delay 1s;
}
:local PublicAddress [ / ip cloud get public-address ];

:foreach Interface in=[ / interface 6to4 find where comment~"^tunnelbroker" !disabled ] do={
  :local IntName [ / interface 6to4 get $Interface name ];
  :local LastAddress [ / interface 6to4 get $Interface local-address ];

  :if ($PublicAddress != $LastAddress) do={
    :local Comment [ :toarray [ / interface 6to4 get $Interface comment ] ];
    :local User [ :pick ($Comment->1) 5 99 ];
    :local Pass [ :pick ($Comment->2) 5 99 ];
    :local Id [ :pick ($Comment->3) 3 99 ];

    $CertificateAvailable "Starfield Secure Certificate Authority - G2" "starfield";
    :log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $PublicAddress);
    / tool fetch check-certificate=yes-without-crl \
        ("https://ipv4.tunnelbroker.net/nic/update\?hostname=" . $Id) \
        user=$User password=$Pass keep-result=no;
    / interface 6to4 set $Interface local-address=$PublicAddress;
  } else={
    :log debug ("All tunnelbroker configuration is up to date for interface " . $IntName . ".");
  }
}
start scripts with a magic token / shebang 2018-09-26 22:18:43 +00:00			`#!rsc`
add scripts 2018-07-05 13:29:26 +00:00			`# RouterOS script: update-tunnelbroker`
update copyright for 2019 2019-01-01 20:19:19 +00:00			`# Copyright (c) 2013-2019 Christian Hesse <mail@eworm.de>`
update-tunnelbroker: move configuration to global-config... ... and get the external ip address from cloud. Signed-off-by: Michael Gisbers <michael@gisbers.de> Signed-off-by: Christian Hesse <mail@eworm.de> 2019-01-02 10:25:45 +00:00			`# Michael Gisbers <michael@gisbers.de>`
add scripts 2018-07-05 13:29:26 +00:00
update-tunnelbroker: verify certificate 2019-01-02 12:16:23 +00:00			`:global CertificateAvailable;`

update-tunnelbroker: move configuration to global-config... ... and get the external ip address from cloud. Signed-off-by: Michael Gisbers <michael@gisbers.de> Signed-off-by: Christian Hesse <mail@eworm.de> 2019-01-02 10:25:45 +00:00			`:if ([ / ip cloud get ddns-enabled ] != true) do={`
always write warnings and errors to log 2019-04-03 19:30:43 +00:00			`:log error "IP cloud DDNS is not enabled.";`
			`:error "Error: See log for details.";`
update-tunnelbroker: move configuration to global-config... ... and get the external ip address from cloud. Signed-off-by: Michael Gisbers <michael@gisbers.de> Signed-off-by: Christian Hesse <mail@eworm.de> 2019-01-02 10:25:45 +00:00			`}`
add scripts 2018-07-05 13:29:26 +00:00
update-tunnelbroker: move configuration to global-config... ... and get the external ip address from cloud. Signed-off-by: Michael Gisbers <michael@gisbers.de> Signed-off-by: Christian Hesse <mail@eworm.de> 2019-01-02 10:25:45 +00:00			`# Get the current ip address from cloud`
			`/ ip cloud force-update;`
global: variable names are CamelCase ___ _ ___ __ / _ )(_)__ _ / _/__ _/ /_ / _ / / _ `/ / _/ _ `/ __/ /____/_/\_, / /_/ \_,_/\__/ _ __ /___/ _ __ \| \| / /___ __________ (_)___ ____ _/ / \| \| /\| / / __ `/ ___/ __ \/ / __ \/ __ `/ / \| \|/ \|/ / /_/ / / / / / / / / / / /_/ /_/ \|__/\|__/\__,_/_/ /_/ /_/_/_/ /_/\__, (_) /____/ RouterOS has some odd behavior when it comes to variable names. Let's have a look at the interfaces: [admin@MikroTik] > / interface print where name=en1 Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 That looks ok. Now we use a script: { :local interface "en1"; / interface print where name=$interface; } And the result... [admin@MikroTik] > { :local interface "en1"; {... / interface print where name=$interface; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 ... still looks ok. We make a little modification to the script: { :local name "en1"; / interface print where name=$name; } And the result: [admin@MikroTik] > { :local name "en1"; {... / interface print where name=$name; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 1 S en2 ether 1500 1598 2 S en3 ether 1500 1598 3 S en4 ether 1500 1598 4 S en5 ether 1500 1598 5 R br-local bridge 1500 1598 Ups! The filter has no effect! That happens whenever the variable name ($name) matches the property name (name=). And another modification: { :local type "en1"; / interface print where name=$type; } And the result: [admin@MikroTik] > { :local type "en1"; {... / interface print where name=$type; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU Ups! Nothing? Even if the variable name ($type) matches whatever property name (type=) things go wrong. The answer from MikroTik support (in Ticket#2019010222000454): > This is how scripting works in RouterOS and we will not fix it. To get around this we use variable names in CamelCase. Let's hope Mikrotik never ever introduces property names in CamelCase... fingers crossed 2019-01-03 16:45:43 +00:00			`:while ([ / ip cloud get status ] != "updated") do={`
update-tunnelbroker: move configuration to global-config... ... and get the external ip address from cloud. Signed-off-by: Michael Gisbers <michael@gisbers.de> Signed-off-by: Christian Hesse <mail@eworm.de> 2019-01-02 10:25:45 +00:00			`:delay 1s;`
			`}`
update-tunnelbroker: get tunnelbroker config from interface comment 2019-01-04 19:20:20 +00:00			`:local PublicAddress [ / ip cloud get public-address ];`

			`:foreach Interface in=[ / interface 6to4 find where comment~"^tunnelbroker" !disabled ] do={`
			`:local IntName [ / interface 6to4 get $Interface name ];`
			`:local LastAddress [ / interface 6to4 get $Interface local-address ];`

			`:if ($PublicAddress != $LastAddress) do={`
			`:local Comment [ :toarray [ / interface 6to4 get $Interface comment ] ];`
update-tunnelbroker: simplify array access 2019-01-15 09:46:35 +00:00			`:local User [ :pick ($Comment->1) 5 99 ];`
			`:local Pass [ :pick ($Comment->2) 5 99 ];`
update-tunnelbroker: fix parsing id 2019-01-15 09:46:54 +00:00			`:local Id [ :pick ($Comment->3) 3 99 ];`
add scripts 2018-07-05 13:29:26 +00:00
update-tunnelbroker: get tunnelbroker config from interface comment 2019-01-04 19:20:20 +00:00			`$CertificateAvailable "Starfield Secure Certificate Authority - G2" "starfield";`
			`:log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $PublicAddress);`
drop deprecated mode= for fetch 2019-04-09 15:53:48 +00:00			`/ tool fetch check-certificate=yes-without-crl \`
update-tunnelbroker: get tunnelbroker config from interface comment 2019-01-04 19:20:20 +00:00			`("https://ipv4.tunnelbroker.net/nic/update\?hostname=" . $Id) \`
			`user=$User password=$Pass keep-result=no;`
			`/ interface 6to4 set $Interface local-address=$PublicAddress;`
			`} else={`
			`:log debug ("All tunnelbroker configuration is up to date for interface " . $IntName . ".");`
			`}`
add scripts 2018-07-05 13:29:26 +00:00			`}`