Скрипт создания IPSEC тунеля на микротике

# ipsecadd_atappc

:local ipsecName "atappc";

:local ipsecComment "$ipsecName";

:local peerAddr "1.2.88.186";

:local peerLocalAddr "2.3.195.93";

:local ipsecSecret "54KD1ekHcc3uP2ChqwlKCDlTx";

:local srcList [:toarray "192.168.0.0/22,192.168.7.0/24"];

:local dstList [:toarray "192.168.126.0/24,192.168.135.0/24"];

# удаляем старое

:if ([:len [/ip/ipsec/policy/find where comment="$ipsecName"]] > 0) do={/ip ipsec policy remove [find comment~"$ipsecComment"]}

:if ([:len [/ip/ipsec/identity/find where comment="$ipsecName"]] > 0) do={/ip ipsec identity remove [find comment~"$ipsecComment"]}

:if ([:len [/ip/ipsec/proposal/find where name="$ipsecName"]] > 0) do={/ip ipsec proposal remove $ipsecName}

:if ([:len [/ip/ipsec/peer/find where name="$ipsecName"]] > 0) do={/ip ipsec peer remove $ipsecName}

:if ([:len [/ip/ipsec/profile/find where name="$ipsecName"]] > 0) do={/ip ipsec profile remove $ipsecName}

:if ([:len [/ip/firewall/raw/find where comment="$ipsecName"]] > 0) do={/ip firewall raw remove [find comment~"$ipsecComment"]}

# создаём новое

/ip ipsec profile add dh-group=modp1024 enc-algorithm=aes-256 nat-traversal=yes name=$ipsecName

/ip ipsec peer add address=$peerAddr local-address=$peerLocalAddr name=$ipsecName profile=$ipsecName comment="$ipsecComment vrrp"

/ip ipsec proposal add name=$ipsecName enc-algorithms=aes-256-cbc lifetime=1h  pfs-group=modp1536

/ip ipsec identity add peer=$ipsecName secret=$ipsecSecret comment=$ipsecComment

:foreach dstAddr in $dstList do={

  /ip firewall raw add comment=$ipsecComment action=notrack chain=prerouting disabled=no dst-address=0.0.0.0/0 src-address=$dstAddr place-before=0;

  /ip firewall raw add comment=$ipsecComment action=notrack chain=prerouting disabled=no dst-address=$dstAddr src-address=0.0.0.0/0 place-before=0;

  :foreach srcAddr in $srcList do={

    /ip ipsec policy add dst-address=$dstAddr level=unique peer=$ipsecName proposal=$ipsecName src-address=$srcAddr tunnel=yes comment=$ipsecComment;

  }

}