romar Posted December 13, 2015 Ребята,прошу помощи со скриптом,не пойму-почему не отрабатывает до конца,пробовал думать с пивом-не помогает ))). В общем картина такая,имеется 2 микротика,на каждом из них по 2 провайдера для резевирования канала IpSec,тоесть при потере основных линков в инет скрипт отключает ненужные IpSec каналы и включает нужные. Скрипт работает,но в случае падения основного канала в инет на обоих микротиках он не включает нужный канал именно на центральном микротике,вот его настройки /ip address add address=192.168.88.1/24 comment="default configuration" interface=ether3-master-local network=192.168.88.0 add address=80.......2/30 disabled=yes interface=ether1-gateway network=80.......0 add address=80.......6/30 interface=ether2-gateway network=80.......4 /ip ipsec peer add address=80.......10/32 nat-traversal=no secret=12345 add address=80.......14/32 nat-traversal=no secret=12345 /ip ipsec policy set 0 disabled=yes add disabled=yes dst-address=192.168.89.0/24 ipsec-protocols=ah-esp sa-dst-address=80.......10 sa-src-address=80.......2 src-address=192.168.88.0/24 tunnel=\ yes add disabled=yes dst-address=192.168.89.0/24 ipsec-protocols=ah-esp sa-dst-address=80.......14 sa-src-address=80.......2 src-address=192.168.88.0/24 tunnel=\ yes add disabled=yes dst-address=192.168.89.0/24 ipsec-protocols=ah-esp sa-dst-address=80.......10 sa-src-address=80.......6 src-address=192.168.88.0/24 tunnel=\ yes add disabled=yes dst-address=192.168.89.0/24 ipsec-protocols=ah-esp sa-dst-address=80.......14 sa-src-address=80.......6 src-address=192.168.88.0/24 tunnel=\ yes вот сам скрипт :local PingCount 3 :local Center2 80.......6 :local Center1 80.......2 :local RemoteA 80.......10 :local RemoteB 80.......14 :local StatusA1 [/ping $RemoteA count=$PingCount src-address=$Center1] :local StatusA2 [/ping $RemoteA count=$PingCount src-address=$Center2] :local StatusB1 [/ping $RemoteB count=$PingCount src-address=$Center1] :local StatusB2 [/ping $RemoteB count=$PingCount src-address=$Center2] :local EnableA1 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center1 sa-dst-address=$RemoteA] disabled]=true) do={/ip ipsec policy set [find sa-src-address=$Center1 sa-dst-address=$RemoteA] disabled=no}")]; :local DisableA1 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center1 sa-dst-address=$RemoteA] disabled]=false) do={/ip ipsec policy set [find sa-src-address=$Center1 sa-dst-address=$RemoteA] disabled=yes}")]; :local EnableA2 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center2 sa-dst-address=$RemoteA] disabled]=true) do={/ip ipsec policy set [find sa-src-address=$Center2 sa-dst-address=$RemoteA] disabled=no}")]; :local DisableA2 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center2 sa-dst-address=$RemoteA] disabled]=false) do={/ip ipsec policy set [find sa-src-address=$Center2 sa-dst-address=$RemoteA] disabled=yes}")]; :local EnableB1 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center1 sa-dst-address=$RemoteB] disabled]=true) do={/ip ipsec policy set [find sa-src-address=$Center1 sa-dst-address=$RemoteB] disabled=no}")]; :local DisableB1 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center1 sa-dst-address=$RemoteB] disabled]=false) do={/ip ipsec policy set [find sa-src-address=$Center1 sa-dst-address=$RemoteB] disabled=yes}")]; :local EnableB2 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center2 sa-dst-address=6$RemoteB] disabled]=true) do={/ip ipsec policy set [find sa-src-address=$Center2 sa-dst-address=$RemoteB] disabled=no}")]; :local DisableB2 [:parse (":if ([/ip ipsec policy get [find sa-src-address=$Center2 sa-dst-address=$RemoteB] disabled]=false) do={/ip ipsec policy set [find sa-src-address=$Center2 sa-dst-address=$RemoteB] disabled=yes}")]; :if ($StatusA1>0) do={ $DisableA2; $DisableB1; $DisableB2; delay 2; :put "A1" $EnableA1; } :if (($StatusA1=0)&&($StatusA2>0)) do={ :put "A2" $DisableA1; $DisableB1; $DisableB2; delay 2; $EnableA2; :put "A2" } :if (($StatusA1=0)&&($StatusA2=0)&&($StatusB1>0)) do={ :put "B1" $DisableA1; $DisableA2; $DisableB2; delay 2; $EnableB1; :put "B1" } :if (($StatusA1=0)&&($StatusA2=0)&&($StatusB1=0)&&($StatusB2>0)) do={ $DisableA1; $DisableA2; $DisableB1; delay 2; $EnableB2; :put "B2" } тоесть когда на центральном микротике остается в работе только интерфейс 80.......6 а на удаленном 80.......14 скрипт должен включить /ip ipsec policy add disabled=yes dst-address=192.168.89.0/24 ipsec-protocols=ah-esp sa-dst-address=80.......14 sa-src-address=80.......6 src-address=192.168.88.0/24 tunnel=\ yes но он этого не делает ((( в чем может быть дело? Вставить ник Quote Ответить с цитированием Share this post Link to post Share on other sites More sharing options...
