-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.rsc
338 lines (313 loc) · 16.7 KB
/
config.rsc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
/system package enable ipv6
/system package enable wireless
:global number
:if ([:len [/ip address find where interface=loopback]] > 0) do={
:local loopbackip [/ip address get value-name=address [/ip address find where interface=loopback]]
:set number ([:toip [:pick $loopbackip 0 [:find $loopbackip "/"]]]-172.16.0.0)
} else={
:if ($number < 1) do={
:error "no loopback found"
}
}
:put ("Number: ".$number)
:global maxIfCount 20
:global v6prefix "fd7e:907d:34ab"
#:global v6prefix "fd58:9c23:3615"
/interface wireless cap set enabled=no
:if ([:len [/interface wireless find]]>0) do={
/interface wireless set country=switzerland [find] frequency-mode=regulatory-domain
}
/certificate
remove [find]
/interface ethernet
# set master-port=none [find]
:put "setup ospfv3"
/routing ospf-v3 instance
remove [find default=no]
set [ find default=yes ] distribute-default=never router-id=(172.16.0.0+$number)
:put "create loopback"
/interface bridge
remove [find name=loopback]
remove [find name=wlan-client]
add name=loopback auto-mac=no admin-mac=01:00:00:00:01:00
add name=wlan-client
/ipv6 address
remove [find dynamic=no ]
add address=($v6prefix."::".$number."/128") advertise=no interface=loopback
/ip address
remove [find]
add address=(172.16.0.0+$number."/32") interface=loopback
/routing ospf-v3 interface
remove [find]
add area=backbone interface=loopback passive=yes
:foreach interf in=[/interface ethernet find master-port=none] do={
add area=backbone interface=$interf
}
:put "setup ospf"
/routing ospf instance
set [ find default=yes ] distribute-default=if-installed-as-type-1 redistribute-connected=as-type-1 router-id=(172.16.0.0+$number)
/routing ospf network
remove [find]
add area=backbone network=((10.0.0.0+$number*256*256)."/16")
add area=backbone network=((172.16.0.0+$number)."/32")
:put "cleanup gre6 and eoipv6"
/interface gre6 remove [find]
/interface eoipv6 remove [find]
:put "setup wlan"
{
:local myWlanIp (10.0.252.1+$number*256*256)
:local myWlanNet ((10.0.252.0+$number*256*256)."/22")
/ip address
add interface=wlan-client address=((10.0.252.1+$number*256*256)."/22")
/ip pool
remove [find]
add name=wlan-client-pool ranges=((10.0.253.0+$number*256*256)."-".(10.0.255.254+$number*256*256))
/ip dhcp-server
remove [find]
add disabled=no interface=wlan-client name=dhcp-client-wlan address-pool=wlan-client-pool
/ip dhcp-server network
remove [find]
add address=($myWlanNet."") dns-server=(10.0.252.1+$number*256*256) gateway=(10.0.252.1+$number*256*256)
}
:put "setup dns"
/ip dns
set allow-remote-requests=yes servers=($v6prefix."::fffe,172.16.255.1")
static remove [find where address=($v6prefix."::".$number)]
static add address=($v6prefix."::".$number) name=("station-".$number.".lan")
:put "setup ethernet interfaces"
/ip dhcp-client remove [find where add-default-route=no]
{
:local index 0
:foreach interf in=[/interface ethernet find where !slave] do={
:if ($index<$maxIfCount) do={
:local ifname [/interface get value-name=name $interf]
:local poolname ($ifname."-pool")
:local dhcpname ("dhcp-".$ifname)
:local ifNetIp [:toip (10.0.0.0+(256*(256*$number+$index)))]
/ip address remove [find dynamic=no interface=$ifname]
/ip pool remove [find name=$poolname]
/ip dhcp-server remove [find interface=$ifname]
/ip dhcp-server network remove [find gateway=($ifNetIp+1)]
:put (($ifNetIp+1)."/24")
/ip address add address=(($ifNetIp+1)."/24") interface=$interf
/ip pool add name=$poolname ranges=(($ifNetIp+50)."-".($ifNetIp+254))
/ip dhcp-server add disabled=no interface=$ifname name=$dhcpname address-pool=$poolname
/ip dhcp-server network add address=($ifNetIp."/24") dns-server=($ifNetIp+1) gateway=($ifNetIp+1)
}
:set $index ($index+1)
}
}
:put "setup perdiodical update"
/system script
remove [find name=check-master]
add name=check-master owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=("{\
\n :global loopbackip [/ip address get value-name=address [/ip address find where interface=loopback]]\
\n :global number ([:toip [:pick \$loopbackip 0 [:find \$loopbackip \"/\"]]]-172.16.0.0)\
\n :global v6prefix \"".$v6prefix."\"\
\n :local masterCount 0\
\n :if (\$number>0) do={\
\n :for master from=0 to=(\$number-1) step=1 do={\
\n :local masterIP (\$v6prefix.\"::\".\$master.\"/128\")\
\n #:put \$master\
\n :set \$masterCount (\$masterCount+[:len [/ipv6 route find where dst-address=\$masterIP]])\
\n }\
\n }\
\n :local isMaster 0\
\n :foreach addr in=[/ipv6 address find where interface=loopback] do={\
\n :if ([/ipv6 address get \$addr address]=(\$v6prefix.\"::ffff/128\")) do={ :set \$isMaster \$addr }\
\n }\
\n :if (\$masterCount > 0) do={\
\n #/ip dns set servers=(\$v6prefix.\"::fffe\")\
\n /ip address remove [find where interface~\"^gre6-tunnel\"]\
\n #/ipv6 dhcp-client remove [find where interface=gre6-master-tunnel]\
\n /interface gre6 remove [find where name~\"^gre6-tunnel\"]\
\n /interface eoipv6 remove [find where name~\"^eoipv6-tunnel\"]\
\n :if (\$isMaster!=0) do={/ipv6 address remove \$isMaster}\
\n :foreach addr in=[/ipv6 address find where interface=loopback] do={\
\n :if ([/ipv6 address get \$addr address]=(\$v6prefix.\"::ffff/128\")) do={\
\n /ipv6 address remove \$addr\
\n }\
\n }\
\n :if ([:len [/interface eoipv6 find where name=\"eoipv6-master-tunnel\"]]=0) do={\
\n /interface gre6 add local-address=(\$v6prefix.\"::\".\$number) remote-address=(\$v6prefix.\"::ffff\") name=\"gre6-master-tunnel\"\
\n /interface eoipv6 add local-address=(\$v6prefix.\"::\".\$number) remote-address=(\$v6prefix.\"::ffff\") name=\"eoipv6-master-tunnel\" tunnel-id=\$number\
\n /ip address remove [find address=((172.16.1.2+(\$number-1)*4).\"/30\")]\
\n #/ip address add address=((172.16.1.2+(\$number-1)*4).\"/30\") interface=gre6-master-tunnel\
\n #/routing ospf network remove [find network=((172.16.1.0+(\$number-1)*4).\"/30\")]\
\n #/routing ospf network add area=backbone network=((172.16.1.0+(\$number-1)*4).\"/30\")\
\n /interface wireless cap set caps-man-addresses=\"\" discovery-interfaces=eoipv6-master-tunnel enabled=yes interfaces=[/interface wireless find where interface-type!=virtual] certificate=none\
\n /ipv6 dhcp-client add interface=gre6-master-tunnel pool-name=local-v6-pool pool-prefix-length=60 use-peer-dns=no\
\n }\
\n /ipv6 address set from-pool=local-v6-pool [/ipv6 address find from-pool=public-pool]\
\n /caps-man manager set enabled=no\
\n } else={\
\n /ip address remove [find address=((172.16.1.2+(\$number-1)*4).\"/30\")]\
\n #/routing ospf network remove [find network=((172.16.1.0+(\$number-1)*4).\"/30\")]\
\n /interface gre6 remove [find where name=\"gre6-master-tunnel\"]\
\n /interface eoipv6 remove [find where name=\"eoipv6-master-tunnel\"]\
\n :if (\$isMaster=0) do={\
\n /ipv6 address add address=(\$v6prefix.\"::ffff/128\") interface=loopback\
\n /caps-man radio provision [find where !interface]\
\n /caps-man manager set enabled=yes\
\n /interface wireless cap set discovery-interfaces=loopback\
\n }\
\n :for tunnel from=0 to=100 step=1 do={\
\n #:put (\"Tunnel: \".\$tunnel)\
\n :if (\$number != \$tunnel) do={\
\n :local tunnelPrefix (\$v6prefix.\"::\".\$tunnel.\"/128\")\
\n :local tunnelIP (\$v6prefix.\"::\".\$tunnel)\
\n #:put (\"Check : \".\$tunnelIP)\
\n :if ([:len [/ipv6 route find where dst-address=\$tunnelPrefix]]>0) do={\
\n #:put (\"Found: \".\$tunnel)
\n :if ([:len [/ip dns static find where name=(\"station-\".\$tunnel.\".lan\")]] = 0) do={\
\n /ip dns static add address=\$tunnelIP name=(\"station-\".\$tunnel.\".lan\")\
\n }\
\n :if ([:len [/interface gre6 find remote-address=\$tunnelIP]]=0) do={\
\n /interface gre6 add local-address=(\$v6prefix.\"::ffff\") remote-address=\$tunnelIP name=(\"gre6-tunnel\".\$tunnel)\
\n #/ip address remove [find address=((172.16.1.1+(\$tunnel-1)*4).\"/30\")]\
\n #/ip address add address=((172.16.1.1+(\$tunnel-1)*4).\"/30\") interface=(\"gre6-tunnel\".\$tunnel)\
\n #/routing ospf network remove [find network=((172.16.1.0+(\$tunnel-1)*4).\"/30\")]\
\n #/routing ospf network add area=backbone network=((172.16.1.0+(\$tunnel-1)*4).\"/30\")\
\n }\
\n :if ([:len [/interface eoipv6 find remote-address=\$tunnelIP]]=0) do={\
\n /interface eoipv6 add local-address=(\$v6prefix.\"::ffff\") remote-address=\$tunnelIP name=(\"eoipv6-tunnel\".\$tunnel) tunnel-id=\$tunnel\
\n }\
\n }\
\n }\
\n }\
\n }\
\n :foreach interf in=[/interface ethernet find master-port=none] do={\
\n :local hasOtherMaster 0\
\n :local hasClient 0\
\n :local interfName [/interface ethernet get value-name=name \$interf]\
\n :foreach neighbor in=[/routing ospf-v3 neighbor find where interface=\$interfName] do={\
\n :local neighborId [/routing ospf-v3 neighbor get value-name=router-id \$neighbor]\
\n :local myId [/routing ospf-v3 instance get value-name=router-id [/routing ospf-v3 neighbor get value-name=instance \$neighbor]]\
\n :if (\$myId>\$neighborId) do={:set \$hasOtherMaster 1}\
\n :if (\$myId<\$neighborId) do={:set \$hasClient 1}\
\n }\
\n :if (\$hasOtherMaster > 0) do={\
\n # ensure dhcp-client is activated and network is in ospf range\
\n #:put (\"Go client: \".\$interfName)\
\n :if ([:len [/ip dhcp-client find where interface=\$interfName]] < 1) do={\
\n /ip dhcp-client add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=\$interfName use-peer-dns=no use-peer-ntp=no\
\n } \
\n /ip address set disabled=yes [/ip address find where dynamic=no disabled=no interface=\$interfName]\
\n /ip dhcp-server set disabled=yes [/ip dhcp-server find where disabled=no interface=\$interfName]\
\n /ip dhcp-client set disabled=no [/ip dhcp-client find where disabled=yes interface=\$interfName]\
\n :local localIpAddress [/ip address find where dynamic=yes interface=\$interfName]\
\n :if ([:len \$localIpAddress]=1) do={\
\n\t :local network [/ip address get value-name=network \$localIpAddress]\
\n\t :local ipAddress [/ip address get value-name=address \$localIpAddress]\
\n\t :local slashPos [:find \$ipAddress \"/\"]\
\n\t #:put \$network\
\n\t #:put \$ipAddress\
\n\t :local ospfNet (\$network.[:pick \$ipAddress \$slashPos [:len \$ipAddress]])\
\n\t #:put \$ospfNet\
\n\t :if ([:len [/routing ospf network find where network=\$ospfNet]]<1) do={\
\n\t\t/routing ospf network add network=\$ospfNet disabled=no area=backbone\
\n\t }\
\n\t} else={\
\n\t\t/ip dhcp-client release [find where interface=\$interfName]\
\n\t}\
\n } else={\
\n # ensure dhcp-sever is activated and network is in ospf range\
\n #:put (\"Go server: \".\$interfName)\
\n :if ([:len [/ip dhcp-client find where add-default-route=yes ]]<1) do={\
\n /ip address set disabled=no [/ip address find where dynamic=no disabled=yes interface=\$interfName]\
\n /ip dhcp-server set disabled=no [/ip dhcp-server find where disabled=yes interface=\$interfName]\
\n /ip dhcp-client set disabled=yes [/ip dhcp-client find where disabled=no interface=\$interfName]\
\n :if (\$hasClient > 0) do={\
\n :local network [/ip address get value-name=network [/ip address find where dynamic=no interface=\$interfName]] \
\n :local ipAddress [/ip address get value-name=address [/ip address find where dynamic=no interface=\$interfName]] \
\n :local slashPos [:find \$ipAddress \"/\"]\
\n #:put \$network\
\n #:put \$ipAddress\
\n :local ospfNet (\$network.[:pick \$ipAddress \$slashPos [:len \$ipAddress]])\
\n #:put \$ospfNet\
\n :if ([:len [/routing ospf network find where network=\$ospfNet]]<1) do={\
\n /routing ospf network add network=\$ospfNet disabled=no area=backbone\
\n }\
\n }\
\n }\
\n }\
\n }\
\n\
\n}")
/system scheduler
remove [find name=check-master]
add interval=1m name=check-master on-event="/system script run check-master" start-time=startup
:put "configure capsman"
/caps-man channel
remove [find]
add band=2ghz-g/n extension-channel=disabled frequency=2412,2432,2452,2472 name=24-autoselect save-selected=yes
add band=5ghz-onlyn extension-channel=XX frequency=5180,5220,5260,5300 name=5n-autoselect save-selected=yes
add band=5ghz-onlyac extension-channel=XXXX frequency=5180,5260,5500,5580 name=5ac-autoselect save-selected=yes
:if ([:len [/interface wireless find]]>0) do={
/interface wireless cap
set enabled=yes interfaces=[/interface wireless find] certificate=none
}
:if ([:len [/caps-man configuration find]]<1) do={
/caps-man security
:if ([:len [find where name=("default-".$number)]]<1) do={
add name=("default-".$number) passphrase=QK1ga6XtawnxYPQzTULgejI1gm8FTg
}
/caps-man configuration
add name=base-24 channel=24-autoselect security=("default-".$number) ssid=("master-".$number) datapath.bridge=wlan-client country=switzerland datapath.client-to-client-forwarding=yes
add name=base-5n channel=5n-autoselect security=("default-".$number) ssid=("master-".$number) datapath.bridge=wlan-client country=switzerland datapath.client-to-client-forwarding=yes
add name=base-5ac channel=5ac-autoselect security=("default-".$number) ssid=("master-".$number) datapath.bridge=wlan-client country=switzerland datapath.client-to-client-forwarding=yes
}
:if ([:len [/caps-man provisioning find]]<1) do={
/caps-man provisioning
add action=create-dynamic-enabled comment="5 GHz AC" hw-supported-modes=ac master-configuration=base-5ac name-format=prefix-identity name-prefix=cap
add action=create-dynamic-enabled comment="5 GHz N" hw-supported-modes=an master-configuration=base-5n name-format=prefix-identity name-prefix=cap
add action=create-dynamic-enabled comment="2.4 GHz" hw-supported-modes=gn master-configuration=base-24 name-format=prefix-identity name-prefix=cap
}
:do {
/interface ethernet poe set poe-out=auto-on [find]
} on-error={ :put "no poe device"};
/system script add dont-require-permissions=no name=import-keys owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\
\n\t:local user \"koa\"\
\n\t/tool fetch url=\"https://github.com/\$user.keys\" dst-path=keys\
\n\t:local keys [/file get [/file find name=keys] contents] ;\
\n\t:local contentLen [:len \$keys];\
\n\
\n\t:local lineEnd 0;\
\n\t:local line \"\";\
\n\t:local lastEnd 0;\
\n\
\n\t:while (\$lineEnd < \$contentLen) do={\
\n\t\t:set lineEnd [:find \$keys \"\\n\" \$lastEnd];\
\n\t\t# if there are no more line breaks, set this to be the last one\
\n\t\t:if ([:len \$lineEnd] = 0) do={\
\n\t\t\t:set lineEnd \$contentLen;\
\n\t\t}\
\n\t\t# get the current line based on the last line break and next one\
\n\t\t:set line [:pick \$keys \$lastEnd \$lineEnd];\
\n\t\t:set lastEnd (\$lineEnd + 1);\
\n\t\t# don't process blank lines\
\n\t\t:if (\$line != \"\\r\" && [:len \$line] >0) do={\
\n\t\t\t/file print file=key.txt\
\n\t\t\t:delay 2\
\n\t\t\t/file set contents=\"\$line \$user\" key.txt\
\n\t\t\t:do {\
\n\t\t\t\t/user ssh-keys import user=admin public-key-file=key.txt\
\n\t\t\t} on-error={ :put \"cannot import key\"};\
\n\t\t}\
\n\t} \
\n}"
/interface lte apn
remove [find name=ch-swisscom]
remove [find name=ch-sunrise]
remove [find name=ch-salt]
remove [find name=fr-free]
remove [find name=fr-bouygues]
remove [find name=fr-sfr]
remove [find name=fr-orange]
add apn=gprs.swisscom.ch name=ch-swisscom
add apn=internet name=ch-sunrise
add apn=internet name=ch-salt
add apn=free name=fr-free
add apn=mmsbouygtel.com name=fr-bouygues
add apn=websfr name=fr-sfr
add apn=orange.fr authentication=pap name=fr-orange password=orange user=orange