# # RIPv2 based AMPR Tunnel setup script for RouterOS v1.3 # # by YO2LOJ, Marius # # ==================================================================================== # Warning: This will take some time and create a full cpu load on single core routers. # I would really recommend a multicore router... # ==================================================================================== # On a RB1100AHx2 it hogs one core and takes 2-3 minutes fo complete. # Routing speed is slightly affected, but using fastpath improves things. # For PPPoE uplinks, use ROS 6.35+ for fastpath. # # RIP routes from AMPR GW go into an unused routing table # All dynamic tunnel names start with "ampr-" # Make sure you have no other IPIP tunnels using such names. # # Setup example - please adapt # ============================ # (public ip is 89.122.215.236, router's ampr ip 44.182.21.254, WAN interface is PPPoE-In): # # You need to set up a initial tunnel to amprgw # /interface ipip # add !keepalive clamp-tcp-mss=yes local-address=89.122.215.236 \ # remote-address=169.228.66.251 name=ucsd-gw # # Add an accept filter on the input chain for RIP: # /ip firewall filter # add chain=input comment=RIP dst-port=520 in-interface=ucsd-gw protocol=udp \ # src-address=44.0.0.1 src-port=520 # # To be safe accept IP encap protocol on WAN by settinf an accept filter on the input chain: # add chain=input comment="IP Encap" in-interface=PPPoE-In protocol=ipencap # # (make sure they are on the top of the filter list) # # Add a local AMPR IP with netmask /8: # /ip address # add address=44.182.21.254/8 interface=ucsd-gw network=44.0.0.0 # # To be able to receive RIPv2 broadcasts into a specific table, first create a VRF: # /ip route vrf # add interfaces=ucsd-gw routing-mark=44rip # # Remember: all traffic from this interface will be marked with routing mark "44rip" # # Activate passive RIP for that routing table: # (use the real password - get it from your coordinator or a friend): # /routing rip # set garbage-timer=20m routing-table=44rip timeout-timer=10m update-timer=5m # /routing rip interface # add authentication=simple authentication-key= \ # in-prefix-list=all interface=ucsd-gw out-prefix-list= none passive=yes receive=v2 # /routing rip network # add network=44.0.0.0/8 # # Now wait 5 minutes. You should see RIP routes in your RIP route list and in your routing table # These are in routing table "44rip", and will not affect other routing unless explicitly used. # # In Winbow, create a new script called "ampr_gw" and paste the content of this file into the text # field and press apply. # # ---------------------------------------------------------------- # Now run this script. It should create some 325 tunnel interfaces # and some 510 routes in the main table. Be patient... # ---------------------------------------------------------------- # # To get internet traffic from ucsd-gw into the main routing table and ensure reply via ucsd-gw, # some mangle rules and one route are needed. # We will use connection mark "c-44net" and routing mark "44net": # /ip firewall mangle # add action=mark-connection chain=prerouting comment="Mark incoming Inet to AMPR" \ # in-interface=ucsd-gw new-connection-mark=c-44net passthrough=yes # add action=mark-routing chain=prerouting comment="Mark connection Inet to AMPR" \ # in-interface=ucsd-gw new-routing-mark=main passthrough=no # add action=mark-routing chain=prerouting comment="Mark replies AMPR to Inet" \ # connection-mark=c-44net new-routing-mark=44net passthrough=no # /ip route # add comment="Default UCSD reply route" distance=250 gateway=ucsd-gw routing-mark=44net # # # If everything checks out, schedule the script to be executed every 5 minutes, 1 minute afer the # 5 minute mark. Let's say the script is called "ampr_gw"... # # If you have a slow router, set it to run on a multiple of 5 minutes, but 1 min after the 5 min mark # (interval should be 5, 10m, 15m...): # /system scheduler # add interval=5m name="ampr update" on-event=ampr_gw \ # policy=read,write,policy,test,password,sniff,sensitive start-time=00:06:00 # # ------------------------------------------------------------- # Setup parameters (change as needed) # ------------------------------------------------------------- # your gateway IP :local myip "89.122.215.236" ; # router local AMPR IP :local myampr "44.182.21.254" ; # routing distance for AMPR routes :local mydistance 50 ; # ------------------------------------------------------------- # # process tunnels from RIPv2 information # :foreach tunnel in=[/routing rip route find from=44.0.0.1] do={ :local subnet [/routing rip route get $tunnel dst-address] ; :local gw [/routing rip route get $tunnel gateway] ; :local ifname ("ampr-" . $gw) ; :local runtime [/system clock get date] ; :delay 10ms # only if it is not our gateway :if ($gw != $myip) do={ # create tunnel if it doesn't exist :if ([/interface ipip find name=$ifname] = "") do={ /interface ipip add !keepalive clamp-tcp-mss=yes local-address=$myip remote-address=$gw name=$ifname comment=("Added on ". $runtime) /ip neighbor discovery set $ifname discover=no } # change/add route :local amprupd false ; # we can have nore than one route :foreach myroute in=[/ip route find dst-address=$subnet !routing-mark] do={ :delay 10ms :if ( $myroute != "") do={ # gateway is an array !!! Get the first string :local intf [:pick [/ip route get $myroute gateway] 0] ; # check if the interface starts with 'ampr-' :if ([:pick $intf 0 [:find $intf "-"]] = "ampr") do={ # update if needed :if ( $intf != $ifname) do={ /ip route remove $myroute /ip route add dst-address=$subnet gateway=$ifname distance=$mydistance pref-src=$myampr comment=("Updated on ". $runtime) :set $amprupd true ; } else={ # route is up to date :set $amprupd true ; } } } } # if not updated previously add the route :if ($amprupd = false) do={ /ip route add dst-address=$subnet gateway=$ifname distance=$mydistance pref-src=$myampr comment=("Added on ". $runtime) } } } # check obsolete stuff only if RIP data is available :if ([/routing rip route find from=44.0.0.1] != "") do={ # check and remove obsolete routes :foreach myroute in=[/ip route find pref-src=$myampr] do={ :delay 10ms :if ( $myroute != "") do={ # gateway is an array !!! Get the first string :local intf [:pick [/ip route get $myroute gateway] 0] ; # check if the interface starts with 'ampr-' :if ([:pick $intf 0 [:find $intf "-"]] = "ampr") do={ :local mysubnet ([/ip route get $myroute dst-address]) ; # check if the subnet is in RIP data, remove if not there :if ([/routing rip route find dst-address=$mysubnet] = "") do={ /ip route remove $myroute } } } } # check and remove obsolete interfaces :foreach mytunnel in=[/interface ipip find] do={ :delay 10ms # check if the interface starts with 'ampr-' :local intf [/interface ipip get $mytunnel name] ; :if ([:pick $intf 0 [:find $intf "-"]] = "ampr") do={ # check if tunnel is used by any route :if ([/ip route find gateway=$intf] = "") do={ /interface ipip remove $mytunnel } } } }