Peer DNS on ether1-wan when wireguard tunnel goes down with a script? (2024)

One subnet is going over wireguard, 192.168.99.0/24 and it's the main one I am using for my home network.

I do have control over the other end, it's an rb4011.

Config:

Code: Select all

# 2024-10-28 17:42:50 by RouterOS 7.16.1# software id = Redacted## model = RB5009UG+S+# serial number = (SerNum)/interface bridgeadd disabled=yes name=br-EOIPadd disabled=yes name=br-OVPNadd name=br-VPNadd name=br_PBR port-cost-mode=shortadd admin-mac=(MacAddress) auto-mac=no comment=defconf name=bridge \ port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] name=ether1-WANset [ find default-name=ether2 ] name=ether2-LANset [ find default-name=ether3 ] name=ether3-WG-LANset [ find default-name=ether4 ] name=ether4-VOIPset [ find default-name=ether5 ] name="ether5-IPTV STB"set [ find default-name=ether6 ] name=ether6-IPTV2set [ find default-name=ether8 ] comment=WAN2/interface l2tp-clientadd connect-to=(VPN IP) disabled=no name=l2tp-out1 use-ipsec=\ yes user=l2tp/interface eoipadd disabled=yes mac-address=(MacAddress) name=eoip-tunnel1 \ remote-address=192.168.50.1 tunnel-id=1/interface wireguardadd disabled=yes listen-port=13232 mtu=1420 name=Nameadd listen-port=13231 mtu=1412 name=wg1/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface lte apnset [ find default=yes ] ip-type=ipv4 use-network-apn=no/interface wifi steeringadd disabled=no name=steering1 neighbor-group=dynamic-DOMA-1f2e3a6c rrm=yes \ wnm=yes/interface wifi configurationadd country="North Macedonia" disabled=no mode=ap name=cfg1 \ security.authentication-types=wpa2-psk,wpa3-psk .encryption=ccmp,gcmp \ .ft=yes .ft-over-ds=yes ssid=DOMA steering=steering1/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=dhcp ranges=192.168.98.10-192.168.98.254add name=dhcp_pool2 ranges=192.168.99.10-192.168.99.254/ip dhcp-serveradd address-pool=dhcp interface=bridge lease-time=10m name=defconfadd address-pool=dhcp_pool2 interface=br_PBR lease-time=10m name=dhcp2/ip smb usersset [ find default=yes ] disabled=yes/ppp profileadd bridge=br-OVPN change-tcp-mss=yes name=OVPN use-ipv6=defaultset *FFFFFFFE bridge=br-VPN use-encryption=default use-ipv6=default/interface ovpn-clientadd certificate=cert_export_client.crt_0 cipher=aes256-cbc connect-to=\ (VpnIP) disabled=yes mac-address=(MacAddress) mode=\ ethernet name=ovpn-out1 profile=OVPN user=ovpnclient/queue simpleadd max-limit=3M/30M name="Asus Router" target=192.168.99.155/32/queue typeadd kind=fq-codel name=fq_qodel-defaultadd cake-autorate-ingress=yes kind=cake name=cake/queue treeadd bucket-size=0.01 disabled=yes max-limit=90M name=DOWN parent=br_PBR \ queue=defaultadd disabled=yes name="1. VOIP" packet-mark=VOIP parent=DOWN priority=1 \ queue=defaultadd disabled=yes name="2. MAXTV" packet-mark=MaxTV parent=br-VPN priority=2 \ queue=defaultadd disabled=yes name="2. DNS" packet-mark=DNS parent=DOWN priority=2 queue=\ defaultadd disabled=yes name="3. ACK" packet-mark=ACK parent=DOWN priority=3 queue=\ defaultadd disabled=yes name="4. UDP" packet-mark=UDP parent=DOWN priority=3 queue=\ defaultadd disabled=yes name="5. ICMP" packet-mark=ICMP parent=DOWN priority=4 \ queue=defaultadd disabled=yes name="6. HTTP" packet-mark=HTTP parent=DOWN priority=5 \ queue=defaultadd disabled=yes name="7. HTTP_BIG" packet-mark=HTTP_BIG parent=DOWN \ priority=6 queue=defaultadd disabled=yes name="8. QUIC" packet-mark=QUIC parent=DOWN priority=7 \ queue=defaultadd disabled=yes name="9. OTHER" packet-mark=OTHER parent=DOWN queue=defaultadd bucket-size=0.01 disabled=yes max-limit=15M name=UP parent=br_PBR queue=\ defaultadd disabled=yes name="1. VOIP_" packet-mark=VOIP parent=UP priority=1 queue=\ defaultadd disabled=yes name="2. DNS_" packet-mark=DNS parent=UP priority=2 queue=\ defaultadd disabled=yes name="3. ACK_" packet-mark=ACK parent=UP priority=3 queue=\ defaultadd disabled=yes name="4. UDP_" packet-mark=UDP parent=UP priority=3 queue=\ defaultadd disabled=yes name="5. ICMP_" packet-mark=ICMP parent=UP priority=4 queue=\ defaultadd disabled=yes name="6. HTTP_" packet-mark=HTTP parent=UP priority=5 queue=\ defaultadd disabled=yes name="7. HTTP_BIG_" packet-mark=HTTP_BIG parent=UP priority=\ 6 queue=defaultadd disabled=yes name="8. QUIC_" packet-mark=QUIC parent=UP priority=7 queue=\ defaultadd disabled=yes name="9. OTHER_" packet-mark=OTHER parent=UP queue=defaultadd disabled=yes max-limit=15M name=cake-queue-upload parent=wg1 queue=cakeadd disabled=yes name=cake-queue-download parent=wg1 queue=cake/routing bgp templateset default disabled=no output.network=bgp-networks/routing ospf instanceadd disabled=no name=default-v2/routing ospf areaadd disabled=yes instance=default-v2 name=backbone-v2/routing tableadd disabled=no fib name=wg/zerotierset zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \ disabled=yes disabled=yes name=zt1 port=9993/zerotier interfaceadd allow-default=no allow-global=no allow-managed=yes disabled=yes instance=\ zt1 name=zerotier1 network=(NetworkID)/interface bridge portadd bridge=bridge comment=defconf ingress-filtering=no interface=ether2-LAN \ internal-path-cost=10 path-cost=10add bridge=br_PBR comment=defconf ingress-filtering=no interface=\ ether3-WG-LAN internal-path-cost=10 path-cost=10add bridge=br_PBR comment=defconf ingress-filtering=no interface=ether4-VOIP \ internal-path-cost=10 path-cost=10add bridge=br-VPN comment=defconf ingress-filtering=no interface=\ "ether5-IPTV STB" internal-path-cost=10 path-cost=10add bridge=bridge disabled=yes ingress-filtering=no interface=ether1-WAN \ internal-path-cost=10 path-cost=10add bridge=br-OVPN disabled=yes interface=eoip-tunnel1add bridge=br-VPN interface=ether6-IPTV2add bridge=br-EOIP interface=eoip-tunnel1/ip firewall connection trackingset udp-timeout=1m/ip neighbor discovery-settingsset discover-interface-list=all/ipv6 settingsset disable-ipv6=yes max-neighbor-entries=8192/interface detect-internetset detect-interface-list=WAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1-WAN list=WANadd interface=wg1 list=LANadd comment=defconf interface=br_PBR list=LANadd comment=defconf interface=ether8 list=WAN/interface ovpn-server serverset auth=sha1,md5/interface wifi capsmanset enabled=yes package-path=/ require-peer-certificate=no upgrade-policy=\ none/interface wifi provisioningadd action=create-dynamic-enabled disabled=no master-configuration=cfg1/interface wireguard peersadd allowed-address="0.0.0.0/0,192.168.50.0/24,192.168.88.0/24,AllowedAddresses" endpoint-address=\ (VpnIP) endpoint-port=13231 interface=wg1 name=peer8 \ persistent-keepalive=25s public-key=\ "PublicKey"add allowed-address=192.168.60.0/24 disabled=yes endpoint-address=\ (RedactedIP) endpoint-port=13232 interface=Name name=peer12 \ persistent-keepalive=1s private-key=\ "PublicKey" public-key=\ "PrivateKey"/ip addressadd address=192.168.98.1/24 comment=defconf interface=bridge network=\ 192.168.98.0add address=10.0.0.2/24 disabled=yes interface=ether1-WAN network=10.0.0.0add address=192.168.50.2/24 interface=wg1 network=192.168.50.0add address=192.168.99.1/24 interface=br_PBR network=192.168.99.0add address=192.168.60.2/24 interface=Name network=192.168.60.0/ip cloudset ddns-enabled=yes/ip dhcp-clientadd add-default-route=no interface=ether1-WAN use-peer-dns=noadd add-default-route=no interface=br-VPNadd add-default-route=no interface=ether8 use-peer-dns=no/ip dhcp-server leaseadd address=192.168.99.7 client-id=(Mac) comment=\ "Grandstream HT801" mac-address=(Mac) server=dhcp2add address=192.168.99.183 client-id=(Mac) comment=\ "Alienware PC" mac-address=(Mac) server=dhcp2add address=192.168.99.151 client-id=(Mac) mac-address=\ (Mac) server=dhcp2add address=192.168.99.155 client-id=(Mac) comment=\ "ASUS Router" mac-address=(Mac) server=dhcp2add address=192.168.99.190 client-id=(Mac) comment=\ "AVM Fritz Powerline 1260" mac-address=(Mac) server=dhcp2add address=192.168.99.91 client-id=(Mac) comment=PS5 \ mac-address=(Mac) server=dhcp2add address=192.168.99.21 client-id=1(Mac) comment=\ MAXTV-Android-Box mac-address=(Mac) server=dhcp2add address=192.168.99.14 client-id=(Mac) comment=SONY-TV-77 \ mac-address=(Mac) server=dhcp2add address=192.168.99.169 mac-address=(Mac) server=dhcp2add address=192.168.99.35 comment="Motorola Nettvplus" mac-address=\ (Mac) server=dhcp2add address=192.168.99.23 client-id=(Mac) mac-address=\ (Mac) server=dhcp2/ip dhcp-server networkadd address=192.168.98.0/24 comment=defconf dns-server=192.168.98.1 gateway=\ 192.168.98.1add address=192.168.99.0/24 dns-server=192.168.99.1 gateway=192.168.99.1/ip dnsset allow-remote-requests=yes servers=192.168.50.1/ip dns staticadd address=192.168.88.1 comment=defconf disabled=yes name=router.lan type=Aadd address=192.168.50.1 name=mk.wg type=A/ip firewall address-listadd address=192.168.98.0/24 list=localadd address=192.168.50.0/24 list=Trustedadd address=(VpnIP) list=Trustedadd address=192.168.60.0/24 list=Trusted/ip firewall filteradd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related disabled=yes hw-offload=yesadd action=drop chain=output comment="TEST WAN1 Failover to WAN2" disabled=\ yes dst-address=8.8.8.8add action=accept chain=forward connection-state=established,relatedadd action=accept chain=input dst-port=8291 in-interface-list=WAN protocol=\ tcp src-address-list=Trustedadd action=accept chain=input src-address-list=Trusted# zerotier1 not ready# zerotier1 not readyadd action=accept chain=forward in-interface=zerotier1# zerotier1 not ready# zerotier1 not readyadd action=accept chain=input in-interface=zerotier1add action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment="Accept IGMP" in-interface=br-VPN \ protocol=udpadd action=accept chain=forward comment="Forward IGMP" in-interface=br-VPN \ protocol=udpadd action=accept chain=input comment="Accept GRE" protocol=greadd action=accept chain=input in-interface-list=WAN protocol=ipsec-espadd action=accept chain=input in-interface-list=WAN protocol=ipsec-ahadd action=accept chain=input dst-port=500 in-interface-list=WAN protocol=tcpadd action=accept chain=input dst-port=4500 in-interface-list=WAN protocol=\ tcpadd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall mangleadd action=change-mss chain=forward disabled=yes new-mss=1300 out-interface=\ wg1 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1301-65535add action=mark-routing chain=prerouting disabled=yes in-interface=br-VPN \ log=yes new-routing-mark=wg passthrough=yesadd action=change-mss chain=forward comment="WG Required Rule (First One)" \ disabled=yes new-mss=clamp-to-pmtu passthrough=no protocol=tcp tcp-flags=\ synadd action=change-mss chain=forward comment="WG Required Rule 1/2" new-mss=\ 1372 out-interface=wg1 passthrough=no protocol=tcp tcp-flags=syn tcp-mss=\ 1373-65535add action=change-mss chain=forward comment="WG Required Rule 2/2" disabled=\ yes new-mss=clamp-to-pmtu passthrough=yes protocol=tcp tcp-flags=synadd action=change-mss chain=forward comment="Change MSS on L2TP bridge" \ disabled=yes new-mss=clamp-to-pmtu out-interface=br-VPN passthrough=yes \ protocol=tcp tcp-flags=synadd action=change-mss chain=forward disabled=yes new-mss=1380 passthrough=yes \ protocol=tcp tcp-flags=syn tcp-mss=1381-65535add action=mark-connection chain=prerouting comment=MaxTV disabled=yes \ in-interface=br-VPN new-connection-mark=MaxTV passthrough=yesadd action=mark-packet chain=prerouting connection-mark=MaxTV disabled=yes \ new-packet-mark=MaxTV passthrough=noadd action=mark-connection chain=prerouting comment=DNS connection-state=new \ disabled=yes new-connection-mark=DNS passthrough=yes port=53 protocol=udpadd action=mark-packet chain=prerouting connection-mark=DNS disabled=yes \ new-packet-mark=DNS passthrough=noadd action=mark-connection chain=postrouting connection-state=new disabled=\ yes new-connection-mark=DNS passthrough=yes port=53 protocol=udpadd action=mark-packet chain=postrouting connection-mark=DNS disabled=yes \ new-packet-mark=DNS passthrough=noadd action=mark-connection chain=prerouting comment=VOIP disabled=yes \ new-connection-mark=VOIP passthrough=yes port=5060-5062,8560,10000-10050 \ protocol=udpadd action=mark-packet chain=prerouting connection-mark=VOIP disabled=yes \ new-packet-mark=VOIP passthrough=noadd action=mark-connection chain=prerouting comment=QUIC connection-state=new \ disabled=yes new-connection-mark=QUIC passthrough=yes port=80,443 \ protocol=udpadd action=mark-packet chain=prerouting connection-mark=QUIC disabled=yes \ new-packet-mark=QUIC passthrough=noadd action=mark-connection chain=prerouting comment=UDP connection-state=new \ disabled=yes new-connection-mark=UDP passthrough=yes protocol=udpadd action=mark-packet chain=prerouting connection-mark=UDP disabled=yes \ new-packet-mark=UDP passthrough=noadd action=mark-connection chain=prerouting comment=ICMP connection-state=new \ disabled=yes new-connection-mark=ICMP passthrough=yes protocol=icmpadd action=mark-packet chain=prerouting connection-mark=ICMP disabled=yes \ new-packet-mark=ICMP passthrough=noadd action=mark-connection chain=postrouting connection-state=new disabled=\ yes new-connection-mark=ICMP passthrough=yes protocol=icmpadd action=mark-packet chain=postrouting connection-mark=ICMP disabled=yes \ new-packet-mark=ICMP passthrough=noadd action=mark-packet chain=postrouting comment=ACK disabled=yes \ new-packet-mark=ACK packet-size=0-123 passthrough=no protocol=tcp \ tcp-flags=ackadd action=mark-packet chain=prerouting disabled=yes new-packet-mark=ACK \ packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ackadd action=mark-connection chain=prerouting comment=HTTP connection-mark=\ no-mark connection-state=new disabled=yes new-connection-mark=HTTP \ passthrough=yes port=80,443 protocol=tcpadd action=mark-connection chain=prerouting connection-bytes=5000000-0 \ connection-mark=HTTP connection-rate=2M-100M disabled=yes \ new-connection-mark=HTTP_BIG passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=HTTP_BIG disabled=yes \ new-packet-mark=HTTP_BIG passthrough=noadd action=mark-packet chain=prerouting connection-mark=HTTP disabled=yes \ new-packet-mark=HTTP passthrough=noadd action=mark-connection chain=prerouting comment=OTHER connection-state=\ new disabled=yes new-connection-mark=POP3 passthrough=yes port=\ 995,465,587 protocol=tcpadd action=mark-packet chain=prerouting connection-mark=POP3 disabled=yes \ new-packet-mark=OTHER passthrough=noadd action=mark-connection chain=prerouting connection-mark=no-mark disabled=\ yes new-connection-mark=OTHER passthrough=yesadd action=mark-packet chain=prerouting connection-mark=OTHER disabled=yes \ new-packet-mark=OTHER passthrough=no/ip firewall natadd action=masquerade chain=srcnat disabled=yes out-interface=loadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=masquerade chain=srcnat disabled=yes out-interface=br_PBRadd action=masquerade chain=srcnat disabled=yes out-interface=wg1/ip firewall rawadd action=drop chain=output disabled=yes dst-address=8.8.4.4 src-address=\ 192.168.120.0/24/ip ipsec profileset [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5/ip routeadd disabled=no distance=1 dst-address=192.168.88.0/24 gateway=wg1 \ routing-table=main scope=10 suppress-hw-offload=noadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=wg1 pref-src="" \ routing-table=wg scope=30 suppress-hw-offload=no target-scope=10add disabled=no distance=1 dst-address=192.5.5.241/32 gateway=192.168.1.1 \ pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ target-scope=31add disabled=no distance=1 dst-address=8.8.4.4/32 gateway=192.168.188.1 \ pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ target-scope=31add check-gateway=ping disabled=no distance=3 dst-address=0.0.0.0/0 gateway=\ 192.5.5.241 pref-src="" routing-table=main scope=30 suppress-hw-offload=\ no target-scope=32add check-gateway=ping disabled=no distance=4 dst-address=0.0.0.0/0 gateway=\ 8.8.4.4 pref-src="" routing-table=main scope=30 suppress-hw-offload=no \ target-scope=32/ip serviceset telnet disabled=yesset ftp disabled=yesset api disabled=yesset api-ssl disabled=yes/ip smb sharesset [ find default=yes ] directory=/pub/ip upnpset enabled=yes/mpls ldpadd disabled=no lsr-id=192.168.12.2 transport-addresses=192.168.12.2/mpls ldp interfaceadd disabled=no interface="ether5-IPTV STB"add disabled=no interface=lo/ppp profileadd bridge=*E name=SITE-TO-SITE-L2VPN/routing bfd configurationadd disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5/routing igmp-proxyset quick-leave=yes/routing igmp-proxy interfaceadd alternative-subnets="(RedactedIPs)" disabled=yes \ interface=wg1 upstream=yesadd disabled=yes interface="ether5-IPTV STB"/routing ruleadd action=lookup-only-in-table disabled=yes src-address=192.168.99.101/32 \ table=mainadd action=lookup comment="Alienware PC VPN Routing (Enable to bypass WG)" \ disabled=yes src-address=192.168.99.183/32 table=mainadd action=lookup comment="ASUS Router" disabled=no src-address=\ 192.168.99.155/32 table=mainadd action=lookup-only-in-table disabled=no dst-address=192.168.99.0/24 \ src-address=192.168.99.0/24 table=mainadd action=lookup-only-in-table disabled=no src-address=192.168.99.0/24 \ table=wgadd action=lookup comment=\ "AVM Fritz Powerline 1260 - Enable to bypass WG VPN" disabled=yes \ src-address=192.168.99.190/32 table=mainadd action=lookup comment="PS5 (Enable to bypass MK WG)" disabled=yes \ src-address=192.168.99.91/32 table=mainadd action=lookup comment="NettvPlus Motorola (Enable to bypass MK WG)" \ disabled=yes src-address=192.168.99.35/32 table=mainadd action=lookup comment="Macbook Pro" disabled=yes src-address=\ 192.168.99.23/32 table=main/system clockset time-zone-autodetect=no time-zone-name=Redacted/system identityset name=RB5009/system noteset show-at-login=no/system scriptadd dont-require-permissions=yes name=UP owner=(Name) policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\ tool fetch url=\"https://api.telegram.org/bot\text=WAN1 is UP\""add dont-require-permissions=yes name=DOWN owner=(Name) policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ delay 20s;\r\ \n/tool fetch url=\"https://api.telegram.org/text=WAN1 is DOWN\""/tool graphing interfaceadd/tool graphing resourceadd/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN/tool netwatchadd disabled=no down-script="/system/script/run DOWN;" host=192.5.5.241 \ http-codes="" interval=1m packet-count=10 packet-interval=1s start-delay=\ 3s startup-delay=2m test-script="" thr-avg=200ms timeout=3s type=icmp \ up-s
Peer DNS on ether1-wan when wireguard tunnel goes down with a script? (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Manual Maggio

Last Updated:

Views: 5683

Rating: 4.9 / 5 (69 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Manual Maggio

Birthday: 1998-01-20

Address: 359 Kelvin Stream, Lake Eldonview, MT 33517-1242

Phone: +577037762465

Job: Product Hospitality Supervisor

Hobby: Gardening, Web surfing, Video gaming, Amateur radio, Flag Football, Reading, Table tennis

Introduction: My name is Manual Maggio, I am a thankful, tender, adventurous, delightful, fantastic, proud, graceful person who loves writing and wants to share my knowledge and understanding with you.