Created
September 6, 2022 18:41
-
-
Save vladget/1de9aa3f10fe20638cd61356064738fb to your computer and use it in GitHub Desktop.
Mikrotik dual-wan failover with both private DHCP WANs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# sep/04/2022 17:59:15 by RouterOS 6.49.6 | |
/interface bridge | |
add name=bridge | |
/interface ethernet | |
set [ find default-name=ether1 ] name=ether1-wan1 | |
set [ find default-name=ether2 ] name=ether2-wan2 | |
/interface wireless | |
set [ find default-name=wlan1 ] ssid=MikroTik | |
set [ find default-name=wlan2 ] ssid=MikroTik | |
/interface list | |
add name=WAN | |
add name=LAN | |
/interface wireless security-profiles | |
set [ find default=yes ] supplicant-identity=MikroTik | |
/ip pool | |
add name=dhcp_pool0 ranges=10.100.10.2-10.100.10.254 | |
/ip dhcp-server | |
add address-pool=dhcp_pool0 disabled=no interface=bridge name=dhcp1 | |
/interface bridge port | |
add bridge=bridge interface=ether3 | |
add bridge=bridge interface=ether4 | |
add bridge=bridge interface=ether5 | |
/interface list member | |
add interface=bridge list=LAN | |
add interface=ether1-wan1 list=WAN | |
add interface=ether2-wan2 list=WAN | |
/ip address | |
add address=10.100.10.1/24 interface=bridge network=10.100.10.0 | |
/ip dhcp-client | |
add add-default-route=no disabled=no interface=ether1-wan1 script="{\r\ | |
\n:local rmark \"wan1\"\r\ | |
\n:local count [/ip route print count-only where comment=\"wan1\"]\r\ | |
\n:if (\$bound=1) do={\r\ | |
\n:if (\$count = 0) do={\r\ | |
\n/ip route add gateway=\$\"gateway-address\" comment=\"wan1\" distance=1\ | |
\r\ | |
\n/ip route remove [find where comment=\"wan1-hc\"]\r\ | |
\n/ip route add dst-address=8.8.4.4 gateway=\$\"gateway-address\" comment=\ | |
\"wan1-hc\" distance=1\r\ | |
\n} else={\r\ | |
\n:if (\$count = 1) do={\r\ | |
\n:local test [/ip route find where comment=\"wan1\"]\r\ | |
\n:if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\ | |
\n/ip route set \$test gateway=\$\"gateway-address\"\r\ | |
\n}\r\ | |
\n} else={\r\ | |
\n:error \"Multiple routes found\"\r\ | |
\n}\r\ | |
\n}\r\ | |
\n} else={\r\ | |
\n/ip route remove [find comment=\"wan1\"]\r\ | |
\n}\r\ | |
\n}" use-peer-dns=no use-peer-ntp=no | |
add add-default-route=no disabled=no interface=ether2-wan2 script="{\r\ | |
\n:local rmark \"wan2\"\r\ | |
\n:local count [/ip route print count-only where comment=\"wan2\"]\r\ | |
\n:if (\$bound=1) do={\r\ | |
\n:if (\$count = 0) do={\r\ | |
\n/ip route add gateway=\$\"gateway-address\" comment=\"wan2\" distance=2\ | |
\r\ | |
\n} else={\r\ | |
\n:if (\$count = 1) do={\r\ | |
\n:local test [/ip route find where comment=\"wan2\"]\r\ | |
\n:if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\ | |
\n/ip route set \$test gateway=\$\"gateway-address\"\r\ | |
\n}\r\ | |
\n} else={\r\ | |
\n:error \"Multiple routes found\"\r\ | |
\n}\r\ | |
\n}\r\ | |
\n} else={\r\ | |
\n/ip route remove [find comment=\"wan2\"]\r\ | |
\n}\r\ | |
\n}" use-peer-dns=no use-peer-ntp=no | |
/ip dhcp-server network | |
add address=10.100.10.0/24 dns-server=8.8.8.8 gateway=10.100.10.1 | |
/ip dns | |
set servers=8.8.8.8,1.1.1.1 | |
/ip firewall filter | |
add action=drop chain=output comment=Netwatch dst-address=8.8.4.4 \ | |
out-interface=ether2-wan2 protocol=icmp | |
/ip firewall nat | |
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=\ | |
WAN | |
/ip route | |
add comment=wan1 distance=1 gateway=192.168.50.1 | |
add comment=wan2 disabled=yes distance=2 gateway=10.0.173.129 | |
add comment=wan1-hc distance=1 dst-address=8.8.4.4/32 gateway=192.168.50.1 | |
add comment=wan1-hc distance=1 dst-address=8.8.4.4/32 gateway=192.168.50.1 | |
/system clock | |
set time-zone-name=Europe/Kiev | |
/tool netwatch | |
add down-script="/ip route disable [find comment=\"wan1\"]\r\ | |
\n/ip route enable [find comment=\"wan2\"]\r\ | |
\n:foreach i in=[/ip firewall connection find protocol~\"udp\"] do={ /ip f\ | |
irewall connection remove \$i }\r\ | |
\n:foreach i in=[/ip firewall connection find protocol~\"tcp\"] do={ /ip f\ | |
irewall connection remove \$i }\r\ | |
\n" host=8.8.4.4 interval=30s timeout=100ms up-script="/ip route disable [\ | |
find comment=\"wan2\"]\r\ | |
\n/ip route enable [find comment=\"wan1\"]\r\ | |
\n:foreach i in=[/ip firewall connection find protocol~\"udp\"] do={ /ip f\ | |
irewall connection remove \$i }\r\ | |
\n:foreach i in=[/ip firewall connection find protocol~\"tcp\"] do={ /ip f\ | |
irewall connection remove \$i }" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment