Hello,

I am using a script to backup router and user-manager every day but cannot find a way to chose the existing IPSec tunnel for securely uploading this files to ftp server.
The tunnel is working in both directions, can access devices on each LAN in both directions..
The tunnel exists is between a VLAN at Hotspot site to LAN at ftp site.

This is the script in place:

# ftp configuration
:local ftphost “x.x.x.x”
:local ftpuser “xx”
:local ftppassword “xx”
:local ftppath "/site_backups/"


# months array
:local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");

# get time
:local ts [/system clock get time]
:set ts ([:pick $ts 0 2].[:pick $ts 3 5].[:pick $ts 6 8])

# get Date
:local ds [/system clock get date]
# convert name of month to number
:local month [ :pick $ds 0 3 ];
:local mm ([ :find $months $month -1 ] + 1);
:if ($mm < 10) do={ :set mm ("0" . $mm); }
# set $ds to format YYYY-MM-DD
:set ds ([:pick $ds 7 11] . $mm . [:pick $ds 4 6])

# file name for user manager backup - file name will be UMDB-servername-date-time.umb
:local fname ("/UMDB-".[/system identity get name]."-".$ds."-".$ts.".umb")
# file name for system backup - file name will be UMDB-servername-date-time.backup
:local fname1 ("/UMDB-".[/system identity get name]."-".$ds."-".$ts.".backup")
# file name for config export - file name will be UMDB-servername-date-time.rsc
:local fname2 ("/UMDB-".[/system identity get name]."-".$ds."-".$ts.".rsc")

# backup the data
/tool user-manager database save name=$fname
:log info message="User manager backup finished (1/3).";
/system backup save name=$fname1
:log info message="System backup finished (2/3).";
/export compact file=$fname2
:log info message="Config export finished (3/3)."

# upload the user manager backup
:log info message="Uploading user manager backup (1/3)."
/tool fetch address="$ftphost" src-path=$fname user="$ftpuser" mode=ftp password="$ftppassword" dst-path="$ftppath/$fname" upload=yes
# upload the system backup
:log info message="Uploading system backup (2/3)."
/tool fetch address="$ftphost" src-path=$fname1 user="$ftpuser" mode=ftp password="$ftppassword" dst-path="$ftppath/$fname1" upload=yes
# upload the config export
:log info message="Uploading config export (3/3)."
/tool fetch address="$ftphost" src-path=$fname2 user="$ftpuser" mode=ftp password="$ftppassword" dst-path="$ftppath/$fname2" upload=yes

# delay time to finish the upload - increase it if your backup file is big
:delay 60s;
# find file name start with UMDB- then remove
:foreach i in=[/file find] do={ :if ([:typeof [:find [/file get $i name] "UMDB-"]]!="nil") do={/file remove $i}; }
:log info message="Configuration backup finished.";

Sorry for posting the script in this fashion - newbie here.
Any ideas much appreciated!

I assume you are using classic policy-based IPsec. For /tool fetch to go over your IPsec tunnel the source address / destination address pair should match one of your IPsec policies. Unfortunately, /tool fetch does not have any parameters to specify which source address it should use. But you can try using NAT as a workaround.

Thank you for response andriys.

Yes policy-based IPsec tunnel.
If i removed the /tool fetch and entered details manually to each necessay line could that solve the issue? And if so, could you possibly show me an example of what it would look like with source address included?

If the above is not possible how would the nat rule work?

I must solve this, so using a different script is fine if its a better way to achieve result.

Thanks again for advice.

Why not use SSH with DSA key to fetch the config from the router.
More info:
https://wiki.mikrotik.com/wiki/Use_SSH_ ... key_login)

Here is how get data usage:

Thank you for the suggestion but I would need more information to get this working, and automated ... The wiki was empty

Cheers