Hi, I think I might have hit a bug in ROS 7.13. I have an installation with 3 hap ax2 devices (2 APs and 1 router). When I add a simple queue to the configuration to limit the bandwidth of the guest network and then reboot the router, the router does not restart. If I restore a previous configuration in which the queue does not appear, the router reboots without any problem. After applying the queue, the queue also functions perfectly. The problem thus occurs after a software reboot or hard reboot. The only way to get the router functional again is to reset it and restore a backup.
The config of my router (without the simple queue implemented) looks like:
The config of my router (without the simple queue implemented) looks like:
Code:
# 2024-02-17 20:12:01 by RouterOS 7.13# software id = 7Z28-IETK## model = C52iG-5HaxD2HaxD# serial number = HEP099KCHF8/interface bridgeadd comment=WAN name=br_WAN_ISP port-cost-mode=shortadd comment=WAN name=br_WAN_LTE port-cost-mode=shortadd comment="Guest network" ingress-filtering=no name=br_guest \ port-cost-mode=short vlan-filtering=yesadd comment="LAN network" ingress-filtering=no name=br_lan port-cost-mode=\ short vlan-filtering=yesadd comment=OOB name=br_local port-cost-mode=short/interface wireguardadd comment=back-to-home-vpn listen-port=43955 mtu=1420 name=back-to-home-vpn/interface vlanadd interface=ether1 name=ether1_vl_GUEST vlan-id=70add interface=ether1 name=ether1_vl_LAN vlan-id=60add interface=ether1 name=ether1_vl_WAN_LTE vlan-id=50add interface=ether3 name=ether3_vl_GUEST vlan-id=70add interface=ether3 name=ether3_vl_LAN vlan-id=60add interface=ether4 name=ether4_vl_GUEST vlan-id=70add interface=ether4 name=ether4_vl_LAN vlan-id=60add interface=ether5 name=ether5_vl_local vlan-id=70add interface=br_guest name="vl_GUEST on br_GUEST" vlan-id=70add interface=br_lan name="vl_LAN on br_LAN" vlan-id=60/interface listadd name=LEASESadd name=UNTRUSTEDadd name=WANadd name=LAN/interface wifi channeladd band=2ghz-ax disabled=no name=ch_2.4Ghz width=20mhzadd band=5ghz-ax disabled=no name=ch_5Ghz width=20/40/80mhz/interface wifi datapathadd bridge=br_lan disabled=no name="br_LAN - VLAN 60" vlan-id=60add bridge=br_guest disabled=no name="br_GUEST - VLAN 70" vlan-id=70/interface wifi securityadd authentication-types=wpa2-psk connect-priority=0 disabled=no ft=yes \ ft-over-ds=yes name=seccfg_Cussangyadd authentication-types=wpa2-psk connect-priority=0 disabled=no name=\ seccfg_Cussangy_guest/interface wifiset [ find default-name=wifi2 ] configuration.country=France .mode=ap .ssid=\ Cussangy datapath.bridge=br_lan disabled=no name=Router_Cussangy_2.4Ghz \ security=seccfg_Cussangy security.connect-priority=0set [ find default-name=wifi1 ] configuration.country=France .mode=ap .ssid=\ Cussangy datapath.bridge=br_lan disabled=no name=Router_Cussangy_5Ghz \ security=seccfg_Cussangy security.connect-priority=0add configuration.mode=ap .ssid=Cussangy_guest datapath.bridge=br_guest \ disabled=no mac-address=7A:9A:18:01:AE:31 master-interface=\ Router_Cussangy_2.4Ghz name=Router_Cussangy_guest_2.4Ghz security=\ seccfg_Cussangy_guest security.connect-priority=0add configuration.mode=ap .ssid=Cussangy_guest datapath.bridge=br_guest \ disabled=no mac-address=7A:9A:18:01:AE:2F master-interface=\ Router_Cussangy_5Ghz name=Router_Cussangy_guest_5Ghz security=\ seccfg_Cussangy_guest security.connect-priority=0/interface wifi configurationadd datapath="br_LAN - VLAN 60" disabled=no mode=ap name=cfg_Cussangy_2.4Ghz \ security=seccfg_Cussangy security.connect-priority=0 ssid=Cussangyadd channel=ch_5Ghz country=France datapath="br_LAN - VLAN 60" disabled=no \ mode=ap name=cfg_Cussangy_5Ghz security=seccfg_Cussangy \ security.connect-priority=0 ssid=Cussangyadd channel=ch_2.4Ghz country=France datapath="br_GUEST - VLAN 70" disabled=\ no mode=ap name=cfg_Cussangy_guest_2.4Ghz security=seccfg_Cussangy_guest \ security.connect-priority=0 ssid=Cussangy_guestadd channel=ch_5Ghz country=France datapath="br_GUEST - VLAN 70" disabled=no \ mode=ap name=cfg_Cussangy_guest_5Ghz security=seccfg_Cussangy_guest \ security.connect-priority=0 ssid=Cussangy_guestadd comment=test country=France disabled=no mode=ap name=cfg24Cussangy \ security=seccfg_Cussangy security.connect-priority=0 ssid=Cussangyadd comment=test country=France datapath="br_LAN - VLAN 60" disabled=no mode=\ ap name=cfg5Cussangy security=seccfg_Cussangy security.connect-priority=0 \ ssid=Cussangy/ip ipsec profileadd dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha512 name=\ profile1 proposal-check=strict/ip ipsec peeradd address=bpnet.duckdns.org exchange-mode=ike2 name=bpnet profile=profile1/ip ipsec proposaladd auth-algorithms="" enc-algorithms=aes-128-gcm lifetime=1h name=proposal1 \ pfs-group=modp2048/ip pooladd name=dhcp_local ranges=192.168.77.10-192.168.77.250add name=dhcp_lan ranges=192.168.60.10-192.168.60.250add name=dhcp_guest ranges=192.168.70.10-192.168.70.250/ip dhcp-serveradd address-pool=dhcp_local interface=br_local lease-time=1h name=dhcp_localadd address-pool=dhcp_lan interface=br_lan lease-time=1d name=dhcp_lanadd address-pool=dhcp_guest interface=br_guest name=dhcp_guest/user groupadd name=homeassistant policy="read,test,api,!local,!telnet,!ssh,!ftp,!reboot,\ !write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"/zerotierset zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \ name=zt1 port=9993/zerotier interfaceadd allow-default=no allow-global=no allow-managed=yes disabled=no instance=\ zt1 name=zerotier1 network=XXXX/interface bridge portadd bridge=br_WAN_ISP disabled=yes interface=ether2 internal-path-cost=10 \ path-cost=10add bridge=br_WAN_LTE interface=ether1_vl_WAN_LTE internal-path-cost=10 \ path-cost=10add bridge=br_lan interface=ether3_vl_LAN internal-path-cost=10 path-cost=10add bridge=br_lan interface=ether4_vl_LAN internal-path-cost=10 path-cost=10add bridge=br_local interface=ether5_vl_local internal-path-cost=10 \ path-cost=10add bridge=br_guest interface=ether3_vl_GUEST internal-path-cost=10 \ path-cost=10add bridge=br_guest interface=ether4_vl_GUEST internal-path-cost=10 \ path-cost=10add bridge=br_local disabled=yes interface=ether5 internal-path-cost=10 \ path-cost=10add bridge=br_lan disabled=yes interface=ether3 internal-path-cost=10 \ path-cost=10add bridge=br_lan disabled=yes interface=ether4 internal-path-cost=10 \ path-cost=10add bridge=br_guest interface=ether1_vl_GUEST internal-path-cost=10 \ path-cost=10add bridge=br_lan interface=ether1_vl_LAN internal-path-cost=10 path-cost=10add bridge=br_local interface=ether5 internal-path-cost=10 path-cost=10add bridge=br_lan interface=ether2/ip neighbor discovery-settingsset discover-interface-list=!dynamic/interface detect-internetset wan-interface-list=WAN/interface list memberadd disabled=yes interface=br_guest list=LEASESadd interface=br_WAN_LTE list=UNTRUSTEDadd interface=br_WAN_ISP list=UNTRUSTEDadd disabled=yes interface=br_guest list=UNTRUSTEDadd interface=br_WAN_ISP list=WANadd interface=br_WAN_LTE list=WAN/interface wifi access-listadd action=accept comment="Accept rule" disabled=yes signal-range=-90..-10 \ time=0s-1d,sun,mon,tue,wed,thu,fri,satadd action=reject comment="Reject rule" disabled=yes signal-range=-120..-90 \ time=0s-1d,sun,mon,tue,wed,thu,fri,sat/interface wifi capset caps-man-names=2.4-Cussangy discovery-interfaces=all enabled=yes/interface wifi capsmanset enabled=yes interfaces=all package-path="" require-peer-certificate=no \ upgrade-policy=none/interface wifi provisioningadd action=create-dynamic-enabled comment=APCussangyBureau5Ghz disabled=no \ master-configuration=cfg_Cussangy_5Ghz name-format=AP_Bureau_5Ghz \ radio-mac=48:A9:8A:92:7B:F5 slave-configurations=cfg_Cussangy_guest_5Ghzadd action=create-dynamic-enabled comment=APCussangyBureau2.4Ghz disabled=no \ master-configuration=cfg_Cussangy_2.4Ghz name-format=AP_Bureau_2.4Ghz \ radio-mac=48:A9:8A:92:7B:F6 slave-configurations=\ cfg_Cussangy_guest_2.4Ghzadd action=create-dynamic-enabled comment=APCussangyBoven5Ghz disabled=no \ master-configuration=cfg_Cussangy_5Ghz name-format=AP_Boven_5Ghz \ radio-mac=48:A9:8A:B8:F2:29 slave-configurations=cfg_Cussangy_guest_5Ghzadd action=create-dynamic-enabled comment=APCussangyBoven2.4Ghz disabled=no \ master-configuration=cfg_Cussangy_2.4Ghz name-format=AP_Boven_2.4Ghz \ radio-mac=48:A9:8A:B8:F2:2A slave-configurations=\ cfg_Cussangy_guest_2.4Ghz/interface wireguard peersadd allowed-address=192.168.216.3/32,fc00:0:0:216::3/128 client-address=\ 192.168.216.3/32,fc00:0:0:216::3/128 client-dns=192.168.216.1 \ client-endpoint=XX.vpn.mynetname.net client-keepalive=30s \ comment="RouterCussangy | samsung SM-S901B" interface=back-to-home-vpn \ persistent-keepalive=30s private-key=\ "XX" public-key=\ "XX"add allowed-address=192.168.216.5/32,fc00:0:0:216::5/128 client-address=\ 192.168.216.5/32,fc00:0:0:216::5/128 client-dns=192.168.216.1 \ client-endpoint=XX.vpn.mynetname.net client-keepalive=30s \ comment="BjornPC | samsung SM-S901B" interface=back-to-home-vpn \ persistent-keepalive=30s private-key=\ "XX=" public-key=\ "XX"add allowed-address=192.168.216.4/32,fc00:0:0:216::4/128 client-address=\ 192.168.216.4/32,fc00:0:0:216::4/128 client-dns=192.168.216.1 \ client-endpoint=XX.vpn.mynetname.net client-keepalive=30s \ comment="BjornPC | samsung SM-S901B" interface=back-to-home-vpn \ persistent-keepalive=30s private-key=\ "XX=" public-key=\ "XX="/ip addressadd address=192.168.77.254/24 interface=br_local network=192.168.77.0add address=192.168.60.254/24 interface=br_lan network=192.168.60.0add address=192.168.70.254/24 interface=br_guest network=192.168.70.0add address=192.168.80.1/24 interface=*16 network=192.168.80.0/ip cloudset back-to-home-vpn=enabled ddns-enabled=yes ddns-update-interval=10m/ip dhcp-clientadd interface=br_WAN_ISP use-peer-dns=noadd interface=br_WAN_LTE/ip dhcp-server leaseadd address=192.168.60.250 client-id=1:48:a9:8a:92:7b:f0 mac-address=\ 48:A9:8A:92:7B:F0 server=dhcp_lanadd address=192.168.60.251 client-id=1:48:a9:8a:b8:f2:24 mac-address=\ 48:A9:8A:B8:F2:24 server=dhcp_lanadd address=192.168.60.35 client-id=1:ec:62:60:b5:72:78 mac-address=\ EC:62:60:B5:72:78 server=dhcp_lanadd address=192.168.60.37 mac-address=7C:87:CE:BA:50:71 server=dhcp_lanadd address=192.168.60.38 mac-address=7C:87:CE:B4:B2:A7 server=dhcp_lan/ip dhcp-server networkadd address=192.168.60.0/24 comment=net_lan dns-server=192.168.60.254 domain=\ lan.cussangy.local gateway=192.168.60.254 netmask=24add address=192.168.70.0/24 comment=net_guest dns-server=192.168.70.254 \ domain=guest.cussangy.local gateway=192.168.70.254 netmask=24add address=192.168.77.0/24 comment=net_oob dns-server=192.168.77.1 gateway=\ 192.168.77.1/ip dnsset allow-remote-requests=yes servers=193.190.198.14,1.1.1.1/ip firewall address-listadd address=172.16.0.0/12 list=RFC1918add address=192.168.0.0/16 list=RFC1918add address=10.0.0.0/8 list=RFC1918add address=bpnet.duckdns.org list="VPN sources"/ip firewall filteradd action=accept chain=forward in-interface=zerotier1add action=accept chain=input in-interface=zerotier1add action=passthrough chain=forward comment=\ "special dummy rule to show fasttrack counters"add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=accept chain=input comment="Accept OOB Access" in-interface=\ br_localadd action=accept chain=input comment="General - Established Input"add action=accept chain=input comment="Allow Wireguard VPN" disabled=yes \ src-address=192.168.80.0/24add action=accept chain=input comment="Allow Wireguard VPN" disabled=yes \ dst-port=13231 protocol=udpadd action=accept chain=input comment="VPN - Accept incoming IKE" disabled=\ yes dst-port=500,4500 in-interface=br_WAN_LTE log-prefix=IKE protocol=udp \ src-address-list="VPN sources"add action=accept chain=input disabled=yes in-interface=br_WAN_LTE protocol=\ ipsec-esp src-address-list="VPN sources"add action=accept chain=forward comment=\ "OPENVPN forward to Raspberry Pi static adress" disabled=yes dst-address=\ 192.168.60.33 dst-port=1194 protocol=udpadd action=accept chain=input comment="HomeAssistant Integration" \ dst-address=192.168.60.254 dst-port=8728 in-interface=br_lan protocol=tcpadd action=accept chain=input comment="FW - Accept ICMP to FW" in-interface=\ !br_WAN_ISP protocol=icmp src-address-list=RFC1918add action=accept chain=input comment="FW - Accept ICMP to FW" in-interface=\ !br_WAN_LTE protocol=icmp src-address-list=RFC1918add action=accept chain=input comment="FW - DNS to FW" dst-port=53 \ in-interface=!br_WAN_ISP protocol=udpadd action=accept chain=input comment="FW - DNS to FW" dst-port=53 \ in-interface=!br_WAN_LTE protocol=udpadd action=accept chain=input comment="FW - Accept incoming from LAN" \ dst-address=192.168.60.254 in-interface=br_lan src-address=\ 192.168.60.0/24add action=accept chain=input comment=\ "FW - accept incoming Veemarkt over ISP" disabled=yes dst-address=\ 192.168.60.254 in-interface=br_WAN_ISP src-address=192.168.205.0/24add action=accept chain=input comment=\ "FW - Accept incoming Veemarkt over LTE" disabled=yes dst-address=\ 192.168.60.254 in-interface=br_WAN_LTE src-address=192.168.205.0/24add action=accept chain=input comment=\ "FW - Accept incoming from PBNET over ISP" disabled=yes dst-address=\ 192.168.60.254 in-interface=br_WAN_ISP src-address=192.168.1.0/24add action=accept chain=input comment=\ "FW - Accept incoming from PBNET over LTE" disabled=yes dst-address=\ 192.168.60.254 in-interface=br_WAN_LTE src-address=192.168.1.0/24add action=drop chain=input comment="FW - Drop Input UDP - silent" dst-port=\ 123,137,138 protocol=udpadd action=drop chain=input comment="FW - Drop Incoming WAN over ISP" \ in-interface=br_WAN_ISPadd action=drop chain=input comment="FW - Drop incoming WAN over LTE" \ in-interface=br_WAN_LTEadd action=drop chain=input comment="FW - Drop all IN"add action=drop chain=input comment="General - Broadcast silent drop" \ dst-address=255.255.255.255add action=drop chain=input comment="General - Drop Invalid Input"add action=accept chain=forward comment="Allow Wireguard to LAN" disabled=yes \ in-interface=*16 out-interface="vl_LAN on br_LAN"add action=accept chain=forward comment="VPN: accept incoming IPSEC" \ disabled=yes ipsec-policy=in,ipsecadd action=accept chain=forward comment="VPN: accept outgoing IPSEC" \ disabled=yes ipsec-policy=out,ipsecadd action=accept chain=forward comment="LAN - Allow Internet over ISP" \ dst-address-list=!RFC1918 in-interface=br_lan out-interface=br_WAN_ISP \ src-address=192.168.60.0/24add action=accept chain=forward comment="LAN - Allow Internet over LTE" \ dst-address-list=!RFC1918 in-interface=br_lan out-interface=br_WAN_LTE \ src-address=192.168.60.0/24add action=accept chain=forward comment="GUEST - Allow Internet over ISP" \ dst-address-list=!RFC1918 in-interface=br_guest out-interface=br_WAN_ISP \ src-address=192.168.70.0/24add action=accept chain=forward comment="GUEST - Allow Internet over LTE" \ dst-address-list=!RFC1918 in-interface=all-wireless out-interface=\ br_guest src-address=192.168.70.0/24add action=accept chain=forward comment=Statefull connection-state=\ establishedadd action=accept chain=output comment="Outgoing DNS over ISP" dst-port=53 \ out-interface=br_WAN_ISP protocol=udpadd action=accept chain=output comment="Outgoing DNS over LTE" dst-port=53 \ out-interface=br_WAN_LTE protocol=udpadd action=accept chain=forward comment="VPN IN from PBNET" disabled=yes \ dst-address=192.168.60.0/24 src-address=192.168.1.0/24add action=accept chain=forward comment="VPN IN from Veemarkt" disabled=yes \ dst-address=192.168.60.0/24 src-address=192.168.205.0/24add action=accept chain=forward comment="VPN - LAN out to PBNET" disabled=yes \ dst-address=192.168.1.0/24 src-address=192.168.60.0/24add action=accept chain=forward comment="VPN - LAN out to Veemarkt" disabled=\ yes dst-address=192.168.205.0/24 src-address=192.168.60.0/24add action=accept chain=forward comment=\ "General - Accept established forward"add action=drop chain=forward comment="General - Drop invalid forward"add action=accept chain=forward comment="LAN - ping not ISP" in-interface=\ br_lan out-interface=!br_WAN_ISP protocol=icmp src-address=\ 192.168.60.0/24add action=accept chain=forward comment="LAN - ping not LTE" in-interface=\ br_lan out-interface=!br_WAN_LTE protocol=icmp src-address=\ 192.168.60.0/24add action=accept chain=forward comment="LAN - Allow internet over ISP" \ disabled=yes dst-address-list=!RFC1918 in-interface=br_lan out-interface=\ br_WAN_ISP src-address=192.168.60.0/24add action=accept chain=forward comment="LAN - Allow internet over LTE" \ disabled=yes dst-address-list=!RFC1918 in-interface=br_lan out-interface=\ br_WAN_LTE src-address=192.168.60.0/24add action=accept chain=forward comment="GUEST - Allow internet over ISP" \ disabled=yes dst-address-list=!RFC1918 in-interface=br_guest \ out-interface=br_WAN_ISP src-address=192.168.70.0/24add action=accept chain=forward comment="GUEST - Allow internet over LTE" \ disabled=yes dst-address-list=!RFC1918 in-interface=br_guest \ out-interface=br_WAN_LTE src-address=192.168.70.0/24add action=drop chain=forward comment="DROP ALL - Silent Drop" dst-port=\ 123,137,138 protocol=udpadd action=drop chain=forward comment="DROP ALL"/ip firewall mangleadd action=clear-df chain=postrouting disabled=yes out-interface=br_WAN_ISP \ passthrough=yesadd action=clear-df chain=postrouting disabled=yes out-interface=br_WAN_LTE \ passthrough=yes/ip firewall natadd action=accept chain=srcnat comment="IPsec No-NAT" ipsec-policy=out,ipsecadd action=src-nat chain=srcnat comment="NAT OpenVPN server" disabled=yes \ dst-address=192.168.60.33 dst-port=1194 protocol=udp to-addresses=\ 192.168.60.254add action=dst-nat chain=dstnat comment="NAT OpenVPN server" disabled=yes \ dst-port=1194 protocol=udp to-addresses=192.168.60.33 to-ports=1104add action=masquerade chain=srcnat disabled=yes log=yes out-interface=\ br_WAN_ISPadd action=masquerade chain=srcnat out-interface=br_WAN_LTEadd action=masquerade chain=srcnat comment="Masquerade out LAN to WAN" \ disabled=yes out-interface-list=WAN src-address=192.168.60.0/24add action=masquerade chain=srcnat comment="Masquerade out guest to WAN" \ out-interface-list=WAN src-address=192.168.70.0/24/ip firewall service-portset ftp disabled=yesset tftp disabled=yesset h323 disabled=yesset sip disabled=yesset pptp disabled=yes/ip ipsec identityadd auth-method=digital-signature certificate=cert01-vpn-cussangy \ generate-policy=port-strict match-by=certificate peer=bpnet \ remote-certificate=cert02-vpn-bpnet.crt_0/ip ipsec policyset 0 disabled=yesadd dst-address=192.168.1.0/24 peer=bpnet proposal=proposal1 src-address=\ 192.168.60.0/24 tunnel=yes/ip routeadd comment="Route to PBNET over ISP" disabled=yes distance=1 dst-address=\ 192.168.1.0/24 gateway=br_WAN_ISP pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10add comment="Route to PBNET over LTE" disabled=no distance=2 dst-address=\ 192.168.1.0/24 gateway=br_WAN_LTE pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10add comment="Route to Veemarkt over ISP" disabled=yes distance=1 dst-address=\ 192.168.205.0/24 gateway=br_WAN_ISP pref-src="" routing-table=main scope=\ 30 suppress-hw-offload=no target-scope=10add comment="Route to Veemarkt over LTE" disabled=no distance=2 dst-address=\ 192.168.205.0/24 gateway=br_WAN_LTE pref-src="" routing-table=main scope=\ 30 suppress-hw-offload=no target-scope=10add comment="To WAN over br_WAN_ISP" disabled=yes distance=1 dst-address=\ 0.0.0.0/0 gateway=br_WAN_ISP pref-src="" routing-table=main scope=30 \ suppress-hw-offload=no target-scope=10add comment="To WAN over br_WAN_LTE" disabled=no distance=2 dst-address=\ 0.0.0.0/0 gateway=br_WAN_LTE pref-src="" routing-table=main \ suppress-hw-offload=noadd comment="Recursive routing: check route over WAN_ISP" disabled=yes \ distance=1 dst-address=8.8.8.8/32 gateway=br_WAN_ISP pref-src="" \ routing-table=main scope=10 suppress-hw-offload=no target-scope=10add comment="Recursive routing: check route over WAN_LTE" disabled=yes \ distance=1 dst-address=1.1.1.1/32 gateway=br_WAN_LTE pref-src="" \ routing-table=main scope=30 suppress-hw-offload=no target-scope=10add check-gateway=ping comment="Recursive routing over WAN_ISP" disabled=yes \ distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" \ routing-table=main scope=30 suppress-hw-offload=no target-scope=10add check-gateway=ping comment="Recursive routing over WAN_LTE" disabled=yes \ distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \ routing-table=main scope=10 suppress-hw-offload=no target-scope=10/system clockset time-zone-name=Europe/Brussels/system identityset name=RouterCussangy/system loggingadd topics=wireless,debug/system noteset show-at-login=no/system scheduleradd comment="schedule duckdns cussangylte" interval=1d name=cussangylte \ on-event="DuckDNS CussangyLTE" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2023-11-17 start-time=00:00:00add comment="schedule duckdns cussangyisp" interval=1d name=cussangyisp \ on-event="DuckDNS CussangyISP" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2023-11-17 start-time=00:00:00/system scriptadd dont-require-permissions=no name="DUCKDNS Update CussangyLTE" owner=admin \ policy=read,write,policy,test,password,sniff,sensitive,romon source="# Get\ \_the actual public IP from the br_WAN_LTE interface\ \n:global actualIP value=[/ip address get [find where interface=br_WAN_LTE\ ] value-name=address];\ \n\ \n# Remove the subnet from the result, so only the IP is left\ \n:global actualIP value=[:pick \$actualIP -1 [:find \$actualIP \"/\" -1] \ ];\ \n\ \n# If there is no ipstore.txt file yet, create it\ \n:if ([:len [/file find where name=ipstore.txt]] < 1 ) do={\ \n /file print file=ipstore.txt where name=ipstore.txt;\ \n /delay delay-time=2;\ \n /file set ipstore.txt contents=\"0.0.0.0\";\ \n};\ \n\ \n# Get the previousIP from the ipstore.txt file\ \n:global previousIP value=[/file get [find where name=ipstore.txt ] value\ -name=contents];\ \n\ \n# Compare previousIP with actualIP\ \n# If not the same, update duckdns.org with the new actualIP\ \n# Update ipstore.txt with the new actualIP\ \n:if (\$previousIP != \$actualIP) do={\ \n :log info message=(\"DuckDNS: try to Update DuckDNS with actual IP \"\ .\$actualIP.\" - Previous IP is \".\$previousIP);\ \n \ \n /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt ad\ dress=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=(\ \"/update\?domains=cussangylte&token=5ffed588-8f82-4c38-9db5-6e058a20c5c0&\ ip=\".\$actualIP);\ \n \ \n /delay delay-time=5;\ \n \ \n :global lastChange value=[/file get [find where name=duckdns-result.t\ xt ] value-name=contents];\ \n :global previousIP value=\$actualIP;\ \n /file set ipstore.txt contents=\$actualIP;\ \n \ \n :if (\$lastChange = \"OK\") do={:log warning message=(\"DuckDNS: upda\ te successfull with IP \".\$actualIP);};\ \n :if (\$lastChange = \"KO\") do={:log error message=(\"DuckDNS: failed\ \_to update DuckDNS with new IP \".\$actualIP);};\ \n} else={\ \n :log info message=(\"DuckDNS: no update required. Actual IP: \".\$act\ ualIP);\ \n}"add dont-require-permissions=no name="DUCKDNS Update CussangyISP" owner=admin \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source="# Get the actual public IP from the bridge_PUB interface\ \n:global actualIP value=[/ip address get [find where interface=br_WAN_ISP\ ] value-name=address];\ \n\ \n# Remove the subnet from the result, so only the IP is left\ \n:global actualIP value=[:pick \$actualIP -1 [:find \$actualIP \"/\" -1] \ ];\ \n\ \n# If there is no ipstoreISP.txt file yet, create it\ \n:if ([:len [/file find where name=ipstoreISP.txt]] < 1 ) do={\ \n /file print file=ipstoreISP.txt where name=ipstoreISP.txt;\ \n /delay delay-time=2;\ \n /file set ipstoreISP.txt contents=\"0.0.0.0\";\ \n};\ \n\ \n# Get the previousIP from the ipstore.txt file\ \n:global previousIP value=[/file get [find where name=ipstoreISP.txt ] va\ lue-name=contents];\ \n\ \n# Compare previousIP with actualIP\ \n# If not the same, update duckdns.org with the new actualIP\ \n# Update ipstoreISP.txt with the new actualIP\ \n:if (\$previousIP != \$actualIP) do={\ \n :log info message=(\"DuckDNS: try to Update DuckDNS with actual IP \"\ .\$actualIP.\" - Previous IP is \".\$previousIP);\ \n \ \n /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt ad\ dress=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=(\ \"/update\?domains=cussangyisp&token=5ffed588-8f82-4c38-9db5-6e058a20c5c0&\ ip=\".\$actualIP);\ \n \ \n /delay delay-time=5;\ \n \ \n :global lastChange value=[/file get [find where name=duckdns-result.t\ xt ] value-name=contents];\ \n :global previousIP value=\$actualIP;\ \n /file set ipstoreISP.txt contents=\$actualIP;\ \n \ \n :if (\$lastChange = \"OK\") do={:log warning message=(\"DuckDNS: upda\ te successfull with IP \".\$actualIP);};\ \n :if (\$lastChange = \"KO\") do={:log error message=(\"DuckDNS: failed\ \_to update DuckDNS with new IP \".\$actualIP);};\ \n} else={\ \n :log info message=(\"DuckDNS: no update required. Actual IP: \".\$act\ ualIP);\Statistics: Posted by Willi — Sat Feb 17, 2024 9:20 pm