Category: Scripts


Now that we have lots of 4G dongles providing clients a failover when their ADSL dies (crappy copper means when not if) We need to monitor the status of the routes.

For this to work you need to do a few things first.

View full article »

This method never worked as planned. The IPSEC tunnel left a hidden route in the route table, so it just got messy. Try this one instead.

 

http://blog.greypuddles.net/?p=258

 

I needed a way to fail over from an IPSEC tunnel with static IPs at each end, to a PPTP tunnel from a site with a non routable address.

The main problem is that I have the remote subnet listed as accessible Via bridge.local to allow the IPSEC traffic and to allow NetWatch to monitor the remote sites.

The solution is as follows

  • Setup and test IPSEC Tunnel
  • Setup the PPTP tunnel as needed to the remote site.
  • Add a route with a lower preference than the normal route.
  • Add a comment to the remote site route

/ip route
add check-gateway=ping comment=”over ipsec” distance=1 dst-address=10.4.44.0/24 \
gateway=bridge.Local
add distance=10 dst-address=10.4.44.0/24 gateway=pptp-out1
add distance=1 dst-address=192.168.1.1/32 gateway=”ether1-ADSL Modem”

In this setup, the local subnet is 10.4.40.0/24 and the remote subnet is 10.4.44.0/24

We put in the netwatch scripts Red below 1.2.3.4 is the STATIC IP address of the main interface.

/tool netwatch
add host=10.4.44.253
add down-script=\
“/ip route set [/ip route find where comment=\”over ipsec\”] disabled=yes” \
host=1.2.3.4 up-script=\
“/ip route set [/ip route find where comment=\”over ipsec\”] disabled=no”

The red “over ipsec” is used to identify the rule that’s going to get changes.

 

When the main interface goes down, NetWatch will disable the route Via bridge.local and allow the PPTP distance 10 route to kick in.
The PPTP interface should redial as needed to get connection over the second internet connection and all should just work. I will be testing that tomorrow.

In testing now with only one interface. When the “over IPSEC” rule is enabled, all traffic goes over the IPSEC tunnel, when that route gets disabled, traffic will flow over the PPTP.

If you have a dynamic WAN IP address, then you will have to get more creating running a lookup using /IP address print and putting that into this NetWatch host

 

I’m sure there are much cleaner ways of doing this, as this will not fail over in the event of the IPSEC tunnel failing but the ADSL staying alive, but thats a topic for another day

I needed a way of resolving DNS Names to IPs to use in firewall rules.

 

/ip firewall address-list
add address=216.58.220.100 comment=www.google.com list=dns_list
add address=1.2.3.4 comment=www.website1.com list=dns_list
add address=157.56.242.98 comment=outlook.com list=dns_list

 

/system scheduler
add interval=9m1s name=DNSLookup on-event=DNSLookupScrip policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/01/1970 start-time=00:00:01

/system script
add name=DNSLookupScrip policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=”:foreach \
dnsitems in=[ /ip firewall address-list find where list=\”dns_list\” ] do={\
\r\
\n /ip firewall address-list set \$dnsitems address=[:resolve [/ip firewall \
address-list get \$dnsitems comment]];\r\
\n};”

OR

:foreach dnsitems in=[ /ip firewall address-list find where list=”dns_list” ] do={
/ip firewall address-list set $dnsitems address=[:resolve [/ip firewall address-list get $dnsitems comment]];
};

 

 

We needed a way of creating 200+ mailboxes in an Exchange 2010 – Office 365 Hybrid. The best way was to create the accounts locally, let the AD sync tool create the accounts into Office 365 then assign a licence to the users (I’m sure we could automate that too, but this will not be a huge issue)

So you need a few things to make it all work

 

View full article »

I needed a script to find out the status of Windows Task Scheduler. If one has a problem, to echo it out as a problem and exit on an error code

 

View full article »

We have all had problems with users saving files where we don’t want them. Like saving files to their desktop on a laptop, or saving files to the local my document folder. Today, I found the solution!

 

I have created a script

View full article »

The final script i needed to get all emails addresses out there was for 2003, google helped me.

With help from http://exchangepedia.com/2005/09/how-to-export-all-email-addresses-from-a-domain.html i managed to get the script working.

View full article »

I came across this problem late last night. I needed to change the recovery model of a SharePoint DB, but came up with this error

After a bit of searching i managed to find out how to fix it.

View full article »

I needed a way of listing access rights for users on shared mailboxes.

Google helped me out along with a little playing.

So I now have two PowerShell lines. One that lists users with full access to a mailbox, the other shows all users with the send as role.

View full article »

Use .pipeMSSQL$MICROSOFT##SSEEsqlquery as the server name string.