I have a Routerboard RB4011iGS+ and directly connected a wAP ac (RBwAPG-5HacT2HnD).
Routerboard hosts CAPSMAN as well as a hotspot - wAP is only used as "antenna".
Both Boards using FW 6.49.2 (all other before also worked as well for nearly 2 years).
Now I updated both devices to ROS 7.1 - the wAP ac couldn't connect to capsman anymore (logfiles told me about timeout).
I downgraded wAP ac back to 6.49.2 (RB4011 still 7.1) and it could connect to CAPSMAN immediatelly. Only the wireless internet connection drops after half a minute (I tested with my cellphone and started playback of a youtube video - it stuck after some minutes and the android wlan icon showed me no connection to internet (but still to wlan).
I also downgraded RB4011 to 6.49.2 and everything worked fine, just as before the upgrade - wlan & internet connection is stable.
I tested to upgrade wAP ac again to 7.1 (RB4011 still 6.49.2) and immediatelly no connection to CAPSMAN anymore - after downgrade it worked again.
I doesn't change anything else in configuration - only upgrade and downgrade procedure. So I think there is still something broken.
(just to become weird - at home I use also an wAP ac and a CAPSMAN on a CHR running on VMWare ESXi - there the update worked without problems).
RB4011:
Code: Select all
# dec/12/2021 15:12:28 by RouterOS 6.49.2
# software id = XXX
#
# model = RB4011iGS+
# serial number = XXX
/caps-man channel
add band=2ghz-g/n name=2GHz
add band=5ghz-a/n/ac extension-channel=Ce name=5GHz
/interface bridge
add name="bridge - HotSpot"
add name=bridge_WLAN_APs
/interface ethernet
set [ find default-name=ether1 ] name="ether1 - XXX"
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] name="ether6 - Uplink Modem"
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
set [ find default-name=ether10 ] name="ether10 - wAP ac Marktplatz" \
power-cycle-ping-address=172.16.0.10 power-cycle-ping-enabled=yes \
power-cycle-ping-timeout=30m
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/caps-man datapath
add bridge="bridge - HotSpot" client-to-client-forwarding=no name=\
Datapath_Bridge_HotSpot
/caps-man security
add name=free_wifi
/caps-man configuration
add channel=2GHz country=germany datapath=Datapath_Bridge_HotSpot \
installation=outdoor mode=ap name=free_wifi_2GHz security=free_wifi ssid=\
XXX
add channel=5GHz country=germany datapath=Datapath_Bridge_HotSpot \
installation=outdoor mode=ap name=free_wifi_5GHz security=free_wifi ssid=\
XXXXX
/caps-man interface
add configuration=free_wifi_2GHz disabled=no l2mtu=1600 mac-address=\
XXX master-interface=none name=WLAN_Marktplatz1_2GHz \
radio-mac=XXX radio-name=XXX
add configuration=free_wifi_5GHz disabled=no l2mtu=1600 mac-address=\
XXX master-interface=none name=WLAN_Marktplatz1_5GHz \
radio-mac=XXX radio-name=XX
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=Management_Interfaces
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=hotspot.atgl hotspot-address=172.20.0.1 html-directory=\
hotspot_atgl http-cookie-lifetime=12h1m login-by=cookie,http-pap name=\
HS_Marktplatz
/ip ipsec mode-config
add connection-mark=VPN_Pflicht name=NordVPN responder=no
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
add dh-group=modp8192,modp6144,modp4096,modp3072,modp2048 enc-algorithm=\
aes-256,aes-192 hash-algorithm=sha512 name=NordVPN
/ip ipsec peer
add address=ch137.nordvpn.com disabled=yes exchange-mode=ike2 name=\
NordVPN_Peer_2_Schweiz profile=NordVPN
add address=de1008.nordvpn.com exchange-mode=ike2 name=\
NordVPN_Peer_1_Deutschland profile=NordVPN
add address=de743.nordvpn.com comment="Phase 1 IPSec zu NordVPN" disabled=yes \
exchange-mode=ike2 name=NordVPN_Peer_Deutschland profile=NordVPN
/ip ipsec proposal
add auth-algorithms=sha512,sha256 enc-algorithms=aes-256-cbc,aes-192-cbc \
name=NordVPN pfs-group=none
/ip pool
add name=hs-pool-12 ranges=172.20.0.2-172.20.15.254
/ip dhcp-server
add address-pool=hs-pool-12 disabled=no interface="bridge - HotSpot" \
lease-time=1h name=dhcp1
/ip hotspot
add address-pool=hs-pool-12 disabled=no interface="bridge - HotSpot" name=\
"HotSpot Marktplatz" profile=HS_Marktplatz
/ip hotspot user profile
add address-pool=hs-pool-12 mac-cookie-timeout=12h30m name=\
Marktplatz_BenutzerProfil rate-limit=1000k/2500k shared-users=unlimited
/system logging action
set 3 bsd-syslog=yes remote=10.1.0.100
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/caps-man access-list
add allow-signal-out-of-range=10s ap-tx-limit=70000 comment=\
"XXX" disabled=no mac-address=\
10:44:00:DC:88:D9 ssid-regexp=""
add allow-signal-out-of-range=10s ap-tx-limit=70000 comment=\
"XXX" disabled=no mac-address=\
00:18:41:0B:F3:4D ssid-regexp=""
add allow-signal-out-of-range=10s ap-tx-limit=100000 comment=\
"Test Stefan S10 - Telefon-MAC" disabled=yes mac-address=\
6C:C7:EC:AD:6C:C8 ssid-regexp=""
/caps-man manager
set ca-certificate="CapsMan Zertifikat CA" certificate="CapsMan Zertifikat" \
enabled=yes require-peer-certificate=yes
/caps-man manager interface
add disabled=no interface=bridge_WLAN_APs
/interface bridge port
add bridge=bridge_WLAN_APs interface="ether10 - wAP ac Marktplatz"
/interface bridge settings
set use-ip-firewall=yes
/ip neighbor discovery-settings
set discover-interface-list=!Management_Interfaces
/interface list member
add interface="ether1 - XXX" list=Management_Interfaces
/ip address
add address=172.20.0.1/20 interface="bridge - HotSpot" network=172.20.0.0
add address=172.16.0.1/24 interface=bridge_WLAN_APs network=172.16.0.0
/ip dhcp-client
add add-default-route=no !dhcp-options disabled=no interface=\
"ether1 - XXX" use-peer-dns=no use-peer-ntp=no
add !dhcp-options disabled=no interface="ether6 - Uplink Modem"
/ip dhcp-server network
add address=172.20.0.0/20 comment="hotspot network" gateway=172.20.0.1
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=10.28.30.1-10.28.30.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=private_IPs
add address=172.16.0.0/12 comment=RFC6890 list=private_IPs
add address=192.168.0.0/16 comment=RFC6890 list=private_IPs
add address=10.0.0.0/8 comment=RFC6890 list=private_IPs
add address=169.254.0.0/16 comment=RFC6890 list=private_IPs
add address=127.0.0.0/8 comment=RFC6890 list=private_IPs
add address=224.0.0.0/4 comment=Multicast list=private_IPs
add address=198.18.0.0/15 comment=RFC6890 list=private_IPs
add address=192.0.0.0/24 comment=RFC6890 list=private_IPs
add address=192.0.2.0/24 comment=RFC6890 list=private_IPs
add address=198.51.100.0/24 comment=RFC6890 list=private_IPs
add address=203.0.113.0/24 comment=RFC6890 list=private_IPs
add address=100.64.0.0/10 comment=RFC6890 list=private_IPs
add address=240.0.0.0/4 comment=RFC6890 list=private_IPs
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
private_IPs
add address=172.20.0.0/20 list=HotSpot_Subnet
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Drop SMTP" dst-port=25 in-interface=\
"bridge - HotSpot" protocol=tcp
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
log-prefix=invalid
add action=accept chain=forward comment=\
"Established, Related - Antwortpakete zulassen" connection-state=\
established,related
add action=drop chain=forward dst-address-list=private_IPs in-interface=\
"bridge - HotSpot"
add action=accept chain=forward dst-address-list=!private_IPs in-interface=\
"bridge - HotSpot"
add action=accept chain=forward in-interface="ether1 - XXX" \
out-interface=bridge_WLAN_APs
add action=accept chain=forward comment="erlaubt NTP Client" dst-port=123 \
in-interface=bridge_WLAN_APs protocol=udp
add action=accept chain=forward comment="diese Regel erlaubt Zugriff von WLAN_\
APs zu anderen Netzen! (z.B. Updates)" disabled=yes in-interface=\
bridge_WLAN_APs
add action=accept chain=forward comment="erlaubt Emailversand" dst-port=25 \
in-interface=bridge_WLAN_APs protocol=tcp
add action=reject chain=forward in-interface="ether1 - XX" \
reject-with=icmp-network-unreachable
add action=reject chain=forward in-interface="ether6 - Uplink Modem" \
reject-with=icmp-network-unreachable
add action=reject chain=forward reject-with=icmp-network-unreachable
add action=drop chain=input comment="Drop Winbox !ManagementInterface" \
dst-port=8291 in-interface-list=!Management_Interfaces protocol=tcp
add action=drop chain=input comment="Drop SSH !ManagementInterface" dst-port=\
2200 in-interface-list=!Management_Interfaces protocol=tcp
add action=accept chain=input in-interface="ether1 - X"
add action=accept chain=input dst-address=172.16.0.1 in-interface=\
bridge_WLAN_APs
add action=accept chain=input dst-address=172.20.0.1 in-interface=\
"bridge - HotSpot"
add action=accept chain=input connection-state=established,related
add action=accept chain=output comment=syslog dst-address=10.1.0.100 \
dst-port=514 protocol=udp
add action=drop chain=input
/ip firewall mangle
add action=change-mss chain=forward comment="MTU Workaround f\FCr IPSec" \
new-mss=1200 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=\
1201-65535
add action=mark-connection chain=forward hotspot=from-client \
new-connection-mark=VPN_Pflicht passthrough=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment=\
"masquerade hotspot network ; l\E4uft gegen IPSec" disabled=yes log=yes \
log-prefix=MASQ src-address=172.20.0.0/20
add action=masquerade chain=srcnat src-address=172.16.0.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip hotspot user
add name=admin
add name=freewifi profile=Marktplatz_BenutzerProfil server=\
"HotSpot Marktplatz"
/ip ipsec identity
add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=\
port-strict mode-config=NordVPN peer=NordVPN_Peer_1_Deutschland \
policy-template-group=NordVPN username=XXX
/ip ipsec policy
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=\
0.0.0.0/0 template=yes
/ip route
add distance=1 dst-address=10.1.0.100/32 gateway=192.168.56.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2200
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MikroTik_Router_Marktplatz
/system logging
set 0 action=remote prefix=Mikrotik-Marktplatz
set 1 action=remote prefix=Mikrotik-Marktplatz
set 2 action=remote prefix=Mikrotik-Marktplatz
/system ntp client
set enabled=yes primary-ntp=192.53.103.108 secondary-ntp=192.53.103.104
/system scheduler
add interval=12h name=schedule1 on-event="Usage Report" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=mar/07/2020 start-time=09:00:00
add interval=2w name="Backup and Update" on-event=\
"/system script run BackupAndUpdate;" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/10/2021 start-time=01:00:00
/system script
add dont-require-permissions=no name="Usage Report" owner=st.wiessalla \
policy=ftp,reboot,read,write,test,password,sniff,sensitive,romon source=":\
local date ([:pick [/system clock get date] 0 3] [:pick [/system clock get\
\_date] 4 6] [:pick [/system clock get date] 7 11]);\r\
\n:local fileName (.\$date.\"Usage Report.txt\")\r\
\n:local logger [/log warning message=\"Creating Usage Report\"]\r\
\n:local usage [/ip hotspot user print bytes file=\"\$fileName\"]\r\
\n:local contents [/file get \$fileName contents]\r\
\n:local usage [/ip hotspot cookie print file=\"\$fileName\"]\r\
\n:local contents1 [/file get \$fileName contents]\r\
\n:local usage [/ip ipsec active-peers print file=\"\$fileName\"]\r\
\n:local contents2 [/file get \$fileName contents]\r\
\n:set contents (\$contents . \$contents1 . \$contents2)\r\
\n/file set \$fileName contents=\$contents\r\
\n:delay 5s\r\
\n:local logd [/log warning message=\"Usage Report Complete,Sending Email\
\"]\r\
\n:local time [/system clock get time]\r\
\n:local dater [/system clock get date]\r\
\n/tool e-mail send to=\"XXX\" subject=\"D\
aily Usage report\" file=\"\$fileName\" body=\"Site Usage report Runtime:\
\_\$dater \$time\r\
\n\
\n Usage Report is attached,Old Statistics have been cleared.\
\n\r\
\nRegards,\r\
\nChris@broadnetworks.co.za\"\r\
\n:delay 5s\r\
\n:local ecomplete [/log warning message=\"Email Sent\"]\r\
\n:local logclear [/log warning message=\"Clearing Usage Statistics\"]\r\
\n:local clearsession [/ip hotspot user reset-counters]\r\
\n:delay 5s\r\
\n:local sescomplete [/log warning message=\"Usage Statistics Cleared\"]"
add dont-require-permissions=no name=BackupAndUpdate owner=st.wiessalla \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="# Script name: BackupAndUpdate\r\
\n#\r\
\n#----------SCRIPT INFORMATION-------------------------------------------\
--------\r\
\n#\r\
\n# Script: Mikrotik RouterOS automatic backup & update\r\
\n# Version: 21.09.27\r\
\n# Created: 07/08/2018\r\
\n# Updated: 27/09/2021\r\
\n# Author: Alexander Tebiev\r\
\n# Website: https://github.com/beeyev\r\
\n# You can contact me by e-mail at tebiev@mail.com\r\
\n#\r\
\n# IMPORTANT!\r\
\n# Minimum supported RouterOS version is v6.43.7\r\
\n#\r\
\n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
--------\r\
\n## Notification e-mail\r\
\n## (Make sure you have configurated Email settings in Tools -> Email)\r\
\n:local emailAddress \"XXX\";\r\
\n\r\
\n## Script mode, possible values: backup, osupdate, osnotify.\r\
\n# backup \t- \tOnly backup will be performed. (default value, if none pr\
ovided)\r\
\n#\r\
\n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\
le.\r\
\n#\t\t\t\tIt will also create backups before and after update process (do\
es not matter what value is set to `forceBackup`)\r\
\n#\t\t\t\tEmail will be sent only if a new RouterOS version is available.\
\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs (even when no updates).\r\
\n#\r\
\n# osnotify \t- \tThe script will send email notification only (without b\
ackups) if a new RouterOS is available.\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs.\r\
\n:local scriptMode \"backup\";\r\
\n\r\
\n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
fy`\r\
\n# Set `true` if you want the script to perform backup every time it's fi\
red, whatever script mode is set.\r\
\n:local forceBackup false;\r\
\n\r\
\n## Backup encryption password, no encryption if no password.\r\
\n:local backupPassword \"\"\r\
\n\r\
\n## If true, passwords will be included in exported config.\r\
\n:local sensetiveDataInConfig true;\r\
\n\r\
\n## Update channel. Possible values: stable, long-term, testing, developm\
ent\r\
\n:local updateChannel \"stable\";\r\
\n\r\
\n## Install only patch versions of RouterOS updates.\r\
\n## Works only if you set scriptMode to \"osupdate\"\r\
\n## Means that new update will be installed only if MAJOR and MINOR versi\
on numbers remained the same as currently installed RouterOS.\r\
\n## Example: v6.43.6 => major.minor.PATCH\r\
\n## Script will send information if new version is greater than just patc\
h.\r\
\n:local installOnlyPatchUpdates\tfalse;\r\
\n\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
\_YOU ARE DOING !!!! #\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n\r\
\n#Script messages prefix\r\
\n:local SMP \"Bkp&Upd:\"\r\
\n\r\
\n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
update\\\" started.\";\r\
\n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
\";\r\
\n\r\
\n#Check proper email config\r\
\n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
or [:len [/tool e-mail get from]] = 0) do={\r\
\n\t:log error (\"\$SMP Email configuration is not correct, please check T\
ools -> Email. Script stopped.\"); \r\
\n\t:error \"\$SMP bye!\";\r\
\n}\r\
\n\r\
\n#Check if proper identity name is set\r\
\nif ([:len [/system identity get name]] = 0 or [/system identity get name\
] = \"MikroTik\") do={\r\
\n\t:log warning (\"\$SMP Please set identity name of your device (System \
-> Identity), keep it short and informative.\"); \r\
\n};\r\
\n\r\
\n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
\n# Function converts standard mikrotik build versions to the number.\r\
\n# Possible arguments: paramOsVer\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
rrent-RouterOS]];\r\
\n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
\n:global buGlobalFuncGetOsVerNum do={\r\
\n\t:local osVer \$paramOsVer;\r\
\n\t:local osVerNum;\r\
\n\t:local osVerMicroPart;\r\
\n\t:local zro 0;\r\
\n\t:local tmp;\r\
\n\t\r\
\n\t# Replace word `beta` with dot\r\
\n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
\n\t:if (\$isBetaPos > 1) do={\r\
\n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\
\$isBetaPos + 4) [:len \$osVer]]);\r\
\n\t}\r\
\n\t# Replace word `rc` with dot\r\
\n\t:local isRcPos [:tonum [:find \$osVer \"rc\" 0]];\r\
\n\t:if (\$isRcPos > 1) do={\r\
\n\t\t:set osVer ([:pick \$osVer 0 \$isRcPos] . \".\" . [:pick \$osVer (\$\
isRcPos + 2) [:len \$osVer]]);\r\
\n\t}\r\
\n\t\r\
\n\t:local dotPos1 [:find \$osVer \".\" 0];\r\
\n\r\
\n\t:if (\$dotPos1 > 0) do={ \r\
\n\r\
\n\t\t# AA\r\
\n\t\t:set osVerNum [:pick \$osVer 0 \$dotPos1];\r\
\n\t\t\r\
\n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
\n\t\t\t\t#Taking minor version, everything after first dot\r\
\n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\
1) [:len \$osVer]];}\r\
\n\t\t#Taking minor version, everything between first and second dots\r\
\n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \
\$dotPos2];}\r\
\n\t\t\r\
\n\t\t# AA 0B\r\
\n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t# AA BB\r\
\n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t\r\
\n\t\t:if (\$dotPos2 > 0) do={ \r\
\n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
\n\t\t\t# AA BB 0C\r\
\n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t\t# AA BB CC\r\
\n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t} else={\r\
\n\t\t\t# AA BB 00\r\
\n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\
\n\t\t}\r\
\n\t} else={\r\
\n\t\t# AA 00 00\r\
\n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
\n\t}\r\
\n\r\
\n\t:return \$osVerNum;\r\
\n}\r\
\n\r\
\n# Function creates backups (system and config) and returns array with na\
mes\r\
\n# Possible arguments: \r\
\n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\
\n#\t`backupPassword`\t\t| string \t|\r\
\n#\t`sensetiveDataInConfig`\t| boolean \t|\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
\n:global buGlobalFuncCreateBackups do={\r\
\n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\
as fired.\"); \r\
\n\t\r\
\n\t:local backupFileSys \"\$backupName.backup\";\r\
\n\t:local backupFileConfig \"\$backupName.rsc\";\r\
\n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\
\n\r\
\n\t## Make system backup\r\
\n\t:if ([:len \$backupPassword] = 0) do={\r\
\n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\
\n\t} else={\r\
\n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP System backup created. \$backupFileSys\"); \r\
\n\r\
\n\t## Export config file\r\
\n\t:if (\$sensetiveDataInConfig = true) do={\r\
\n\t\t/export compact file=\$backupName;\r\
\n\t} else={\r\
\n\t\t/export compact hide-sensitive file=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\"); \
\r\
\n\r\
\n\t#Delay after creating backups\r\
\n\t:delay 5s;\t\r\
\n\t:return \$backupNames;\r\
\n}\r\
\n\r\
\n:global buGlobalVarUpdateStep;\r\
\n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
\n\r\
\n#Current date time in format: 2020jan15-221324 \r\
\n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
\_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
. [:pick [/system clock get time] 6 8]);\r\
\n\r\
\n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\
on];\r\
\n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\
viceOsVerInst];\r\
\n:local deviceOsVerAvail \t\t\"\";\r\
\n:local deviceOsVerAvailNum \t\t0;\r\
\n:local deviceRbModel\t\t\t[/system routerboard get model];\r\
\n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\
\n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\
\r\
\n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\
\r\
\n:local deviceIdentityName \t\t[/system identity get name];\r\
\n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\
\n:local deviceUpdateChannel \t\t[/system package update get channel];\r\
\n\r\
\n:local isOsUpdateAvailable \tfalse;\r\
\n:local isOsNeedsToBeUpdated\tfalse;\r\
\n\r\
\n:local isSendEmailRequired\ttrue;\r\
\n\r\
\n:local mailSubject \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\
\r\
\n:local mailBody \t \t\t\"\";\r\
\n\r\
\n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\
ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\
: \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\
stem package update get channel]) \$[/system resource get build-time] \\r\
\\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
stem resource get uptime]\";\r\
\n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\
kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\
ackup-and-update\";\r\
\n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\
om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
\n\r\
\n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\
bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\
\n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\
\n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\
\n\r\
\n:local backupNameFinal\t\t\$backupName;\r\
\n:local mailAttachments\t\t[:toarray \"\"];\r\
\n\r\
\n:local updateStep \$buGlobalVarUpdateStep;\r\
\n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
{}\r\
\n:if ([:len \$updateStep] = 0) do={\r\
\n\t:set updateStep 1;\r\
\n}\r\
\n\r\
\n\r\
\n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\
ending email with backups,\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 1) do={\r\
\n\t:log info (\"\$SMP Performing the first step.\"); \r\
\n\r\
\n\t# Checking for new RouterOS version\r\
\n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\
\n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\
\_is: \$deviceOsVerInst\");\r\
\n\t\t/system package update set channel=\$updateChannel;\r\
\n\t\t/system package update check-for-updates;\r\
\n\t\t:delay 5s;\r\
\n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\
\n\r\
\n\t\t# If there is a problem getting information about available RouterOS\
\_from server\r\
\n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\
\n\t\t\t:log warning (\"\$SMP There is a problem getting information about\
\_new RouterOS from server.\");\r\
\n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\
terOS!\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\
uldn't get any information about new RouterOS from server! \\r\\nWatch add\
itional information in device logs.\")\r\
\n\t\t} else={\r\
\n\t\t\t#Get numeric version of OS\r\
\n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\
eviceOsVerAvail];\r\
\n\r\
\n\t\t\t# Checking if OS on server is greater than installed one.\r\
\n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
\n\t\t\t\t:set isOsUpdateAvailable true;\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\
\");\r\
\n\t\t\t} else={\r\
\n\t\t\t\t:set isSendEmailRequired false;\r\
\n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\
\n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\
\n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\
\r\
\n\t\t\t}\r\
\n\t\t};\r\
\n\t} else={\r\
\n\t\t:set scriptMode \"backup\";\r\
\n\t};\r\
\n\r\
\n\tif (\$forceBackup = true) do={\r\
\n\t\t# In this case the script will always send email, because it has to \
create backups\r\
\n\t\t:set isSendEmailRequired true;\r\
\n\t}\r\
\n\r\
\n\t# if new OS version is available to install\r\
\n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\
{\r\
\n\t\t# If we only need to notify about new available version\r\
\n\t\tif (\$scriptMode = \"osnotify\") do={\r\
\n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \
v.\$deviceOsVerAvail.\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\
e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\
\")\r\
\n\t\t}\r\
\n\r\
\n\t\t# if we need to initiate RouterOs update process\r\
\n\t\tif (\$scriptMode = \"osupdate\") do={\r\
\n\t\t\t:set isOsNeedsToBeUpdated true;\r\
\n\t\t\t# if we need to install only patch updates\r\
\n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\
\n\t\t\t\t#Check if Major and Minor builds are the same.\r\
\n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\
2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\
={\r\
\n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\
vailable.\"); \r\
\n\t\t\t\t} else={\r\
\n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\
ware is available. You need to update it manually.\");\r\
\n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\
eOsVerAvail needs to be installed manually.\");\r\
\n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \
version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \
\\r\\nYou chose to automatically install only patch updates, so this major\
\_update you need to install manually. \\r\\n\$changelogUrl\");\r\
\n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t}\r\
\n\t\t\t}\r\
\n\r\
\n\t\t\t#Check again, because this variable could be changed during checki\
ng for installing only patch updats\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\
viceOsVerInst -> v.\$deviceOsVerAvail\");\r\
\n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\
e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
\n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \
to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\
il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \
information will be sent when update process is completed. \\r\\nIf you ha\
ve not received second email in the next 5 minutes, then probably somethin\
g went wrong. (Check your device logs)\");\r\
\n\t\t\t\t#!! There is more code connected to this part and first step at \
the end of the script.\r\
\n\t\t\t}\r\
\n\t\t\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t## Checking If the script needs to create a backup\r\
\n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\
;\r\
\n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\
BeUpdated = true) do={\r\
\n\t\t:log info (\"\$SMP Creating system backups.\");\r\
\n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\
\n\t\t};\r\
\n\t\tif (\$scriptMode != \"backup\") do={\r\
\n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
\n\t\t};\r\
\n\r\
\n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\
\n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\
ached to this email.\");\r\
\n\r\
\n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\
veDataInConfig];\r\
\n\t} else={\r\
\n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\
\n\t}\r\
\n\r\
\n\t# Combine fisrst step email\r\
\n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\
);\r\
\n}\r\
\n\r\
\n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 2) do={\r\
\n\t:log info (\"\$SMP Performing the second step.\"); \r\
\n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\
re\r\
\n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
\n\t\t:set isSendEmailRequired false;\r\
\n\t\t:delay 10s;\r\
\n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\
rrentFw to v.\$deviceRbUpgradeFw\";\r\
\n\t\t## Start the upgrading process\r\
\n\t\t/system routerboard upgrade;\r\
\n\t\t## Wait until the upgrade is completed\r\
\n\t\t:delay 5s;\r\
\n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\
o reboot in a moment!\";\r\
\n\t\t## Set scheduled task to send final report on the next boot, task wi\
ll be deleted when is is done. (That is why you should keep original scrip\
t name)\r\
\n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\
lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\
ate;\" start-time=startup interval=0;\r\
\n\t\t## Reboot system to boot with new firmware\r\
\n\t\t/system reboot;\r\
\n\t} else={\r\
\n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\
ate, skipping this step.\";\r\
\n\t\t:set updateStep 3;\r\
\n\t};\r\
\n}\r\
\n\r\
\n## \tSTEP THREE: Last step (after second reboot) sending final report\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 3) do={\r\
\n\t:log info (\"\$SMP Performing the third step.\"); \r\
\n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\
leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\
\$deviceRbCurrentFw.\";\r\
\n\t## Small delay in case mikrotik needs some time to initialize connecti\
ons\r\
\n\t:log info \"\$SMP The final email with report and backups of upgraded \
system will be sent in a minute.\";\r\
\n\t:delay 1m;\r\
\n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\
ew version: v.\$deviceOsVerInst!\");\r\
\n\t:set mailBody \t \t\"RouterOS and routerboard upgrade process was com\
pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\
are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\
e upgraded system are in the attachment of this email. \$mailBodyDeviceIn\
fo \$mailBodyCopyright\";\r\
\n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\
ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\
iveDataInConfig];\r\
\n}\r\
\n\r\
\n# Remove functions from global environment to keep it fresh and clean.\r\
\n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
r={}\r\
\n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
ror={}\r\
\n\r\
\n##\r\
\n## SENDING EMAIL\r\
\n##\r\
\n# Trying to send email with backups in attachment.\r\
\n\r\
\n:if (\$isSendEmailRequired = true) do={\r\
\n\t:log info \"\$SMP Sending email message, it will take around half a mi\
nute...\";\r\
\n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\
mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t:delay 5s;\r\
\n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\
\_last-status]). Going to try it again in a while.\"\r\
\n\r\
\n\t\t:delay 5m;\r\
\n\r\
\n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
\$mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t\t:delay 5s;\r\
\n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\
et last-status]) for the second time.\"\r\
\n\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t:log warning \"\$SMP script is not going to initialise update pr\
ocess due to inability to send backups to email.\"\r\
\n\t\t\t}\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t:delay 30s;\r\
\n\t\r\
\n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\
\_\"succeeded\") do={\r\
\n\t\t:log info \"\$SMP File system cleanup.\"\r\
\n\t\t/file remove \$mailAttachments; \r\
\n\t\t:delay 2s;\r\
\n\t}\r\
\n\t\r\
\n}\r\
\n\r\
\n\r\
\n# Fire RouterOs update process\r\
\nif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\r\
\n\t## Set scheduled task to upgrade routerboard firmware on the next boot\
, task will be deleted when upgrade is done. (That is why you should keep \
original script name)\r\
\n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\
y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\
alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\
-time=startup interval=0;\r\
\n \r\
\n :log info \"\$SMP everything is ready to install new RouterOS, going \
to reboot in a moment!\"\r\
\n\t## command is reincarnation of the \"upgrade\" command - doing exactly\
\_the same but under a different name\r\
\n\t/system package update install;\r\
\n}\r\
\n\r\
\n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
\\\" completed it's job.\\r\\n\";\r\
\n"
/tool bandwidth-server
set authenticate=no enabled=no
/tool e-mail
set address=smtp.ionos.de from=XXX start-tls=yes \
user=XXX
/tool mac-server
set allowed-interface-list=Management_Interfaces
/tool mac-server mac-winbox
set allowed-interface-list=Management_Interfaces
/tool mac-server ping
set enabled=no
wAP ac:
Code: Select all
# dec/12/2021 15:13:10 by RouterOS 6.49.2
# software id = XXX
#
# model = RBwAPG-5HacT2HnD
# serial number = XXX
/interface bridge
add comment=defconf name=bridge
/interface wireless
# managed by CAPsMAN
# channel: 2442/20-eC/gn(18dBm), SSID: XX, CAPsMAN forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country=germany distance=indoors frequency=auto installation=outdoor \
mode=ap-bridge ssid=MikroTik-1BB8A8 station-roaming=enabled \
wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5660/20-Ce/ac/DP(25dBm), SSID: XXXXX, CAPsMAN forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country=germany distance=indoors frequency=auto \
installation=outdoor mode=ap-bridge ssid=MikroTik-1BB8A7 station-roaming=\
enabled wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=!none
/interface wireless cap
#
set caps-man-addresses=172.16.0.1 caps-man-certificate-common-names=\
"CapsMan Zertifikat" certificate="cert_export_wAP ac Marktplatz 1.crt_0" \
enabled=yes interfaces=wlan1,wlan2 lock-to-caps-man=yes
/ip address
add address=172.16.0.10/24 comment=defconf interface=bridge network=\
172.16.0.0
/ip dns
set servers=172.16.0.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip route
add distance=1 gateway=172.16.0.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=2200
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name="wAP ac Marktplatz 1"
/system logging
add topics=debug
/system ntp client
set enabled=yes primary-ntp=192.53.103.108 secondary-ntp=192.53.103.108
/system package update
set channel=upgrade
/system scheduler
add interval=2w name="Backup and Update" on-event=\
"/system script run BackupAndUpdate;" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=dec/10/2021 start-time=02:00:00
/system script
add dont-require-permissions=no name=BackupAndUpdate owner=st.wiessalla \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="# Script name: BackupAndUpdate\r\
\n#\r\
\n#----------SCRIPT INFORMATION-------------------------------------------\
--------\r\
\n#\r\
\n# Script: Mikrotik RouterOS automatic backup & update\r\
\n# Version: 21.09.27\r\
\n# Created: 07/08/2018\r\
\n# Updated: 27/09/2021\r\
\n# Author: Alexander Tebiev\r\
\n# Website: https://github.com/beeyev\r\
\n# You can contact me by e-mail at tebiev@mail.com\r\
\n#\r\
\n# IMPORTANT!\r\
\n# Minimum supported RouterOS version is v6.43.7\r\
\n#\r\
\n#----------MODIFY THIS SECTION AS NEEDED--------------------------------\
--------\r\
\n## Notification e-mail\r\
\n## (Make sure you have configurated Email settings in Tools -> Email)\r\
\n:local emailAddress \"XXX\";\r\
\n\r\
\n## Script mode, possible values: backup, osupdate, osnotify.\r\
\n# backup \t- \tOnly backup will be performed. (default value, if none pr\
ovided)\r\
\n#\r\
\n# osupdate \t- \tThe Script will install a new RouterOS if it is availab\
le.\r\
\n#\t\t\t\tIt will also create backups before and after update process (do\
es not matter what value is set to `forceBackup`)\r\
\n#\t\t\t\tEmail will be sent only if a new RouterOS version is available.\
\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs (even when no updates).\r\
\n#\r\
\n# osnotify \t- \tThe script will send email notification only (without b\
ackups) if a new RouterOS is available.\r\
\n#\t\t\t\tChange parameter `forceBackup` if you need the script to create\
\_backups every time when it runs.\r\
\n:local scriptMode \"backup\";\r\
\n\r\
\n## Additional parameter if you set `scriptMode` to `osupdate` or `osnoti\
fy`\r\
\n# Set `true` if you want the script to perform backup every time it's fi\
red, whatever script mode is set.\r\
\n:local forceBackup false;\r\
\n\r\
\n## Backup encryption password, no encryption if no password.\r\
\n:local backupPassword \"\"\r\
\n\r\
\n## If true, passwords will be included in exported config.\r\
\n:local sensetiveDataInConfig true;\r\
\n\r\
\n## Update channel. Possible values: stable, long-term, testing, developm\
ent\r\
\n:local updateChannel \"stable\";\r\
\n\r\
\n## Install only patch versions of RouterOS updates.\r\
\n## Works only if you set scriptMode to \"osupdate\"\r\
\n## Means that new update will be installed only if MAJOR and MINOR versi\
on numbers remained the same as currently installed RouterOS.\r\
\n## Example: v6.43.6 => major.minor.PATCH\r\
\n## Script will send information if new version is greater than just patc\
h.\r\
\n:local installOnlyPatchUpdates\tfalse;\r\
\n\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n# !!!! DO NOT CHANGE ANYTHING BELOW THIS LINE, IF YOU ARE NOT SURE WHAT\
\_YOU ARE DOING !!!! #\r\
\n##----------------------------------------------------------------------\
--------------------##\r\
\n\r\
\n#Script messages prefix\r\
\n:local SMP \"Bkp&Upd:\"\r\
\n\r\
\n:log info \"\\r\\n\$SMP script \\\"Mikrotik RouterOS automatic backup & \
update\\\" started.\";\r\
\n:log info \"\$SMP Script Mode: \$scriptMode, forceBackup: \$forceBackup\
\";\r\
\n\r\
\n#Check proper email config\r\
\n:if ([:len \$emailAddress] = 0 or [:len [/tool e-mail get address]] = 0 \
or [:len [/tool e-mail get from]] = 0) do={\r\
\n\t:log error (\"\$SMP Email configuration is not correct, please check T\
ools -> Email. Script stopped.\"); \r\
\n\t:error \"\$SMP bye!\";\r\
\n}\r\
\n\r\
\n#Check if proper identity name is set\r\
\nif ([:len [/system identity get name]] = 0 or [/system identity get name\
] = \"MikroTik\") do={\r\
\n\t:log warning (\"\$SMP Please set identity name of your device (System \
-> Identity), keep it short and informative.\"); \r\
\n};\r\
\n\r\
\n############### vvvvvvvvv GLOBALS vvvvvvvvv ###############\r\
\n# Function converts standard mikrotik build versions to the number.\r\
\n# Possible arguments: paramOsVer\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncGetOsVerNum paramOsVer=[/system routerboard get cu\
rrent-RouterOS]];\r\
\n# result will be: 64301, because current RouterOS version is: 6.43.1\r\
\n:global buGlobalFuncGetOsVerNum do={\r\
\n\t:local osVer \$paramOsVer;\r\
\n\t:local osVerNum;\r\
\n\t:local osVerMicroPart;\r\
\n\t:local zro 0;\r\
\n\t:local tmp;\r\
\n\t\r\
\n\t# Replace word `beta` with dot\r\
\n\t:local isBetaPos [:tonum [:find \$osVer \"beta\" 0]];\r\
\n\t:if (\$isBetaPos > 1) do={\r\
\n\t\t:set osVer ([:pick \$osVer 0 \$isBetaPos] . \".\" . [:pick \$osVer (\
\$isBetaPos + 4) [:len \$osVer]]);\r\
\n\t}\r\
\n\t# Replace word `rc` with dot\r\
\n\t:local isRcPos [:tonum [:find \$osVer \"rc\" 0]];\r\
\n\t:if (\$isRcPos > 1) do={\r\
\n\t\t:set osVer ([:pick \$osVer 0 \$isRcPos] . \".\" . [:pick \$osVer (\$\
isRcPos + 2) [:len \$osVer]]);\r\
\n\t}\r\
\n\t\r\
\n\t:local dotPos1 [:find \$osVer \".\" 0];\r\
\n\r\
\n\t:if (\$dotPos1 > 0) do={ \r\
\n\r\
\n\t\t# AA\r\
\n\t\t:set osVerNum [:pick \$osVer 0 \$dotPos1];\r\
\n\t\t\r\
\n\t\t:local dotPos2 [:find \$osVer \".\" \$dotPos1];\r\
\n\t\t\t\t#Taking minor version, everything after first dot\r\
\n\t\t:if ([:len \$dotPos2] = 0) \tdo={:set tmp [:pick \$osVer (\$dotPos1+\
1) [:len \$osVer]];}\r\
\n\t\t#Taking minor version, everything between first and second dots\r\
\n\t\t:if (\$dotPos2 > 0) \t\t\tdo={:set tmp [:pick \$osVer (\$dotPos1+1) \
\$dotPos2];}\r\
\n\t\t\r\
\n\t\t# AA 0B\r\
\n\t\t:if ([:len \$tmp] = 1) \tdo={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t# AA BB\r\
\n\t\t:if ([:len \$tmp] = 2) \tdo={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t\r\
\n\t\t:if (\$dotPos2 > 0) do={ \r\
\n\t\t\t:set tmp [:pick \$osVer (\$dotPos2+1) [:len \$osVer]];\r\
\n\t\t\t# AA BB 0C\r\
\n\t\t\t:if ([:len \$tmp] = 1) do={:set osVerNum \"\$osVerNum\$zro\$tmp\";\
}\r\
\n\t\t\t# AA BB CC\r\
\n\t\t\t:if ([:len \$tmp] = 2) do={:set osVerNum \"\$osVerNum\$tmp\";}\r\
\n\t\t} else={\r\
\n\t\t\t# AA BB 00\r\
\n\t\t\t:set osVerNum \"\$osVerNum\$zro\$zro\";\r\
\n\t\t}\r\
\n\t} else={\r\
\n\t\t# AA 00 00\r\
\n\t\t:set osVerNum \"\$osVer\$zro\$zro\$zro\$zro\";\r\
\n\t}\r\
\n\r\
\n\t:return \$osVerNum;\r\
\n}\r\
\n\r\
\n# Function creates backups (system and config) and returns array with na\
mes\r\
\n# Possible arguments: \r\
\n#\t`backupName` \t\t\t| string\t| backup file name, without extension!\r\
\n#\t`backupPassword`\t\t| string \t|\r\
\n#\t`sensetiveDataInConfig`\t| boolean \t|\r\
\n# Example:\r\
\n# :put [\$buGlobalFuncCreateBackups name=\"daily-backup\"];\r\
\n:global buGlobalFuncCreateBackups do={\r\
\n\t:log info (\"\$SMP Global function \\\"buGlobalFuncCreateBackups\\\" w\
as fired.\"); \r\
\n\t\r\
\n\t:local backupFileSys \"\$backupName.backup\";\r\
\n\t:local backupFileConfig \"\$backupName.rsc\";\r\
\n\t:local backupNames {\$backupFileSys;\$backupFileConfig};\r\
\n\r\
\n\t## Make system backup\r\
\n\t:if ([:len \$backupPassword] = 0) do={\r\
\n\t\t/system backup save dont-encrypt=yes name=\$backupName;\r\
\n\t} else={\r\
\n\t\t/system backup save password=\$backupPassword name=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP System backup created. \$backupFileSys\"); \r\
\n\r\
\n\t## Export config file\r\
\n\t:if (\$sensetiveDataInConfig = true) do={\r\
\n\t\t/export compact file=\$backupName;\r\
\n\t} else={\r\
\n\t\t/export compact hide-sensitive file=\$backupName;\r\
\n\t}\r\
\n\t:log info (\"\$SMP Config file was exported. \$backupFileConfig\"); \
\r\
\n\r\
\n\t#Delay after creating backups\r\
\n\t:delay 5s;\t\r\
\n\t:return \$backupNames;\r\
\n}\r\
\n\r\
\n:global buGlobalVarUpdateStep;\r\
\n############### ^^^^^^^^^ GLOBALS ^^^^^^^^^ ###############\r\
\n\r\
\n#Current date time in format: 2020jan15-221324 \r\
\n:local dateTime ([:pick [/system clock get date] 7 11] . [:pick [/system\
\_clock get date] 0 3] . [:pick [/system clock get date] 4 6] . \"-\" . [:\
pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5] \
. [:pick [/system clock get time] 6 8]);\r\
\n\r\
\n:local deviceOsVerInst \t\t\t[/system package update get installed-versi\
on];\r\
\n:local deviceOsVerInstNum \t\t[\$buGlobalFuncGetOsVerNum paramOsVer=\$de\
viceOsVerInst];\r\
\n:local deviceOsVerAvail \t\t\"\";\r\
\n:local deviceOsVerAvailNum \t\t0;\r\
\n:local deviceRbModel\t\t\t[/system routerboard get model];\r\
\n:local deviceRbSerialNumber \t[/system routerboard get serial-number];\r\
\n:local deviceRbCurrentFw \t\t[/system routerboard get current-firmware];\
\r\
\n:local deviceRbUpgradeFw \t\t[/system routerboard get upgrade-firmware];\
\r\
\n:local deviceIdentityName \t\t[/system identity get name];\r\
\n:local deviceIdentityNameShort \t[:pick \$deviceIdentityName 0 18]\r\
\n:local deviceUpdateChannel \t\t[/system package update get channel];\r\
\n\r\
\n:local isOsUpdateAvailable \tfalse;\r\
\n:local isOsNeedsToBeUpdated\tfalse;\r\
\n\r\
\n:local isSendEmailRequired\ttrue;\r\
\n\r\
\n:local mailSubject \t\t\"\$SMP Device - \$deviceIdentityNameShort.\";\
\r\
\n:local mailBody \t \t\t\"\";\r\
\n\r\
\n:local mailBodyDeviceInfo\t\"\\r\\n\\r\\nDevice information: \\r\\nIdent\
ity: \$deviceIdentityName \\r\\nModel: \$deviceRbModel \\r\\nSerial number\
: \$deviceRbSerialNumber \\r\\nCurrent RouterOS: \$deviceOsVerInst (\$[/sy\
stem package update get channel]) \$[/system resource get build-time] \\r\
\\nCurrent routerboard FW: \$deviceRbCurrentFw \\r\\nDevice uptime: \$[/sy\
stem resource get uptime]\";\r\
\n:local mailBodyCopyright \t\"\\r\\n\\r\\nMikrotik RouterOS automatic bac\
kup & update \\r\\nhttps://github.com/beeyev/Mikrotik-RouterOS-automatic-b\
ackup-and-update\";\r\
\n:local changelogUrl\t\t\t(\"Check RouterOS changelog: https://mikrotik.c\
om/download/changelogs/\" . \$updateChannel . \"-release-tree\");\r\
\n\r\
\n:local backupName \t\t\t\"\$deviceIdentityName.\$deviceRbModel.\$deviceR\
bSerialNumber.v\$deviceOsVerInst.\$deviceUpdateChannel.\$dateTime\";\r\
\n:local backupNameBeforeUpd\t\"backup_before_update_\$backupName\";\r\
\n:local backupNameAfterUpd\t\"backup_after_update_\$backupName\";\r\
\n\r\
\n:local backupNameFinal\t\t\$backupName;\r\
\n:local mailAttachments\t\t[:toarray \"\"];\r\
\n\r\
\n:local updateStep \$buGlobalVarUpdateStep;\r\
\n:do {/system script environment remove buGlobalVarUpdateStep;} on-error=\
{}\r\
\n:if ([:len \$updateStep] = 0) do={\r\
\n\t:set updateStep 1;\r\
\n}\r\
\n\r\
\n\r\
\n## \tSTEP ONE: Creating backups, checking for new RouterOs version and s\
ending email with backups,\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 1) do={\r\
\n\t:log info (\"\$SMP Performing the first step.\"); \r\
\n\r\
\n\t# Checking for new RouterOS version\r\
\n\tif (\$scriptMode = \"osupdate\" or \$scriptMode = \"osnotify\") do={\r\
\n\t\tlog info (\"\$SMP Checking for new RouterOS version. Current version\
\_is: \$deviceOsVerInst\");\r\
\n\t\t/system package update set channel=\$updateChannel;\r\
\n\t\t/system package update check-for-updates;\r\
\n\t\t:delay 5s;\r\
\n\t\t:set deviceOsVerAvail [/system package update get latest-version];\r\
\n\r\
\n\t\t# If there is a problem getting information about available RouterOS\
\_from server\r\
\n\t\t:if ([:len \$deviceOsVerAvail] = 0) do={\r\
\n\t\t\t:log warning (\"\$SMP There is a problem getting information about\
\_new RouterOS from server.\");\r\
\n\t\t\t:set mailSubject\t(\$mailSubject . \" Error: No data about new Rou\
terOS!\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"Error occured! \\r\\nMikrotik co\
uldn't get any information about new RouterOS from server! \\r\\nWatch add\
itional information in device logs.\")\r\
\n\t\t} else={\r\
\n\t\t\t#Get numeric version of OS\r\
\n\t\t\t:set deviceOsVerAvailNum [\$buGlobalFuncGetOsVerNum paramOsVer=\$d\
eviceOsVerAvail];\r\
\n\r\
\n\t\t\t# Checking if OS on server is greater than installed one.\r\
\n\t\t\t:if (\$deviceOsVerAvailNum > \$deviceOsVerInstNum) do={\r\
\n\t\t\t\t:set isOsUpdateAvailable true;\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is available! \$deviceOsVerAvail\
\");\r\
\n\t\t\t} else={\r\
\n\t\t\t\t:set isSendEmailRequired false;\r\
\n\t\t\t\t:log info (\"\$SMP System is already up to date.\");\r\
\n\t\t\t\t:set mailSubject (\$mailSubject . \" No new OS updates.\");\r\
\n\t\t\t\t:set mailBody \t (\$mailBody . \"Your system is up to date.\");\
\r\
\n\t\t\t}\r\
\n\t\t};\r\
\n\t} else={\r\
\n\t\t:set scriptMode \"backup\";\r\
\n\t};\r\
\n\r\
\n\tif (\$forceBackup = true) do={\r\
\n\t\t# In this case the script will always send email, because it has to \
create backups\r\
\n\t\t:set isSendEmailRequired true;\r\
\n\t}\r\
\n\r\
\n\t# if new OS version is available to install\r\
\n\tif (\$isOsUpdateAvailable = true and \$isSendEmailRequired = true) do=\
{\r\
\n\t\t# If we only need to notify about new available version\r\
\n\t\tif (\$scriptMode = \"osnotify\") do={\r\
\n\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS is available! \
v.\$deviceOsVerAvail.\")\r\
\n\t\t\t:set mailBody \t\t(\$mailBody . \"New RouterOS version is availabl\
e to install: v.\$deviceOsVerAvail (\$updateChannel) \\r\\n\$changelogUrl\
\")\r\
\n\t\t}\r\
\n\r\
\n\t\t# if we need to initiate RouterOs update process\r\
\n\t\tif (\$scriptMode = \"osupdate\") do={\r\
\n\t\t\t:set isOsNeedsToBeUpdated true;\r\
\n\t\t\t# if we need to install only patch updates\r\
\n\t\t\t:if (\$installOnlyPatchUpdates = true) do={\r\
\n\t\t\t\t#Check if Major and Minor builds are the same.\r\
\n\t\t\t\t:if ([:pick \$deviceOsVerInstNum 0 ([:len \$deviceOsVerInstNum]-\
2)] = [:pick \$deviceOsVerAvailNum 0 ([:len \$deviceOsVerAvailNum]-2)]) do\
={\r\
\n\t\t\t\t\t:log info (\"\$SMP New patch version of RouterOS firmware is a\
vailable.\"); \r\
\n\t\t\t\t} else={\r\
\n\t\t\t\t\t:log info (\"\$SMP New major or minor version of RouterOS firm\
ware is available. You need to update it manually.\");\r\
\n\t\t\t\t\t:set mailSubject \t(\$mailSubject . \" New RouterOS: v.\$devic\
eOsVerAvail needs to be installed manually.\");\r\
\n\t\t\t\t\t:set mailBody \t\t(\$mailBody . \"New major or minor RouterOS \
version is available to install: v.\$deviceOsVerAvail (\$updateChannel). \
\\r\\nYou chose to automatically install only patch updates, so this major\
\_update you need to install manually. \\r\\n\$changelogUrl\");\r\
\n\t\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t}\r\
\n\t\t\t}\r\
\n\r\
\n\t\t\t#Check again, because this variable could be changed during checki\
ng for installing only patch updats\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:log info (\"\$SMP New RouterOS is going to be installed! v.\$de\
viceOsVerInst -> v.\$deviceOsVerAvail\");\r\
\n\t\t\t\t:set mailSubject\t(\$mailSubject . \" New RouterOS is going to b\
e installed! v.\$deviceOsVerInst -> v.\$deviceOsVerAvail.\");\r\
\n\t\t\t\t:set mailBody \t\t(\$mailBody . \"Your Mikrotik will be updated \
to the new RouterOS version from v.\$deviceOsVerInst to v.\$deviceOsVerAva\
il (Update channel: \$updateChannel) \\r\\nFinal report with the detailed \
information will be sent when update process is completed. \\r\\nIf you ha\
ve not received second email in the next 5 minutes, then probably somethin\
g went wrong. (Check your device logs)\");\r\
\n\t\t\t\t#!! There is more code connected to this part and first step at \
the end of the script.\r\
\n\t\t\t}\r\
\n\t\t\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t## Checking If the script needs to create a backup\r\
\n\t:log info (\"\$SMP Checking If the script needs to create a backup.\")\
;\r\
\n\tif (\$forceBackup = true or \$scriptMode = \"backup\" or \$isOsNeedsTo\
BeUpdated = true) do={\r\
\n\t\t:log info (\"\$SMP Creating system backups.\");\r\
\n\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t:set backupNameFinal \$backupNameBeforeUpd;\r\
\n\t\t};\r\
\n\t\tif (\$scriptMode != \"backup\") do={\r\
\n\t\t\t:set mailBody (\$mailBody . \"\\r\\n\\r\\n\");\r\
\n\t\t};\r\
\n\r\
\n\t\t:set mailSubject\t(\$mailSubject . \" Backup was created.\");\r\
\n\t\t:set mailBody\t\t(\$mailBody . \"System backups were created and att\
ached to this email.\");\r\
\n\r\
\n\t\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backu\
pNameFinal backupPassword=\$backupPassword sensetiveDataInConfig=\$senseti\
veDataInConfig];\r\
\n\t} else={\r\
\n\t\t:log info (\"\$SMP There is no need to create a backup.\");\r\
\n\t}\r\
\n\r\
\n\t# Combine fisrst step email\r\
\n\t:set mailBody (\$mailBody . \$mailBodyDeviceInfo . \$mailBodyCopyright\
);\r\
\n}\r\
\n\r\
\n## \tSTEP TWO: (after first reboot) routerboard firmware upgrade\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 2) do={\r\
\n\t:log info (\"\$SMP Performing the second step.\"); \r\
\n\t## RouterOS is the latest, let's check for upgraded routerboard firmwa\
re\r\
\n\tif (\$deviceRbCurrentFw != \$deviceRbUpgradeFw) do={\r\
\n\t\t:set isSendEmailRequired false;\r\
\n\t\t:delay 10s;\r\
\n\t\t:log info \"\$SMP Upgrading routerboard firmware from v.\$deviceRbCu\
rrentFw to v.\$deviceRbUpgradeFw\";\r\
\n\t\t## Start the upgrading process\r\
\n\t\t/system routerboard upgrade;\r\
\n\t\t## Wait until the upgrade is completed\r\
\n\t\t:delay 5s;\r\
\n\t\t:log info \"\$SMP routerboard upgrade process was completed, going t\
o reboot in a moment!\";\r\
\n\t\t## Set scheduled task to send final report on the next boot, task wi\
ll be deleted when is is done. (That is why you should keep original scrip\
t name)\r\
\n\t\t/system schedule add name=BKPUPD-FINAL-REPORT-ON-NEXT-BOOT on-event=\
\":delay 5s; /system scheduler remove BKPUPD-FINAL-REPORT-ON-NEXT-BOOT; :g\
lobal buGlobalVarUpdateStep 3; :delay 10s; /system script run BackupAndUpd\
ate;\" start-time=startup interval=0;\r\
\n\t\t## Reboot system to boot with new firmware\r\
\n\t\t/system reboot;\r\
\n\t} else={\r\
\n\t\t:log info \"\$SMP It appers that your routerboard is already up to d\
ate, skipping this step.\";\r\
\n\t\t:set updateStep 3;\r\
\n\t};\r\
\n}\r\
\n\r\
\n## \tSTEP THREE: Last step (after second reboot) sending final report\r\
\n## \tsteps 2 and 3 are fired only if script is set to automatically upda\
te device and if new RouterOs is available.\r\
\n:if (\$updateStep = 3) do={\r\
\n\t:log info (\"\$SMP Performing the third step.\"); \r\
\n\t:log info \"Bkp&Upd: RouterOS and routerboard upgrade process was comp\
leted. New RouterOS version: v.\$deviceOsVerInst, routerboard firmware: v.\
\$deviceRbCurrentFw.\";\r\
\n\t## Small delay in case mikrotik needs some time to initialize connecti\
ons\r\
\n\t:log info \"\$SMP The final email with report and backups of upgraded \
system will be sent in a minute.\";\r\
\n\t:delay 1m;\r\
\n\t:set mailSubject\t(\$mailSubject . \" RouterOS Upgrade is completed, n\
ew version: v.\$deviceOsVerInst!\");\r\
\n\t:set mailBody \t \t\"RouterOS and routerboard upgrade process was com\
pleted. \\r\\nNew RouterOS version: v.\$deviceOsVerInst, routerboard firmw\
are: v.\$deviceRbCurrentFw. \\r\\n\$changelogUrl \\r\\n\\r\\nBackups of th\
e upgraded system are in the attachment of this email. \$mailBodyDeviceIn\
fo \$mailBodyCopyright\";\r\
\n\t:set mailAttachments [\$buGlobalFuncCreateBackups backupName=\$backupN\
ameAfterUpd backupPassword=\$backupPassword sensetiveDataInConfig=\$senset\
iveDataInConfig];\r\
\n}\r\
\n\r\
\n# Remove functions from global environment to keep it fresh and clean.\r\
\n:do {/system script environment remove buGlobalFuncGetOsVerNum;} on-erro\
r={}\r\
\n:do {/system script environment remove buGlobalFuncCreateBackups;} on-er\
ror={}\r\
\n\r\
\n##\r\
\n## SENDING EMAIL\r\
\n##\r\
\n# Trying to send email with backups in attachment.\r\
\n\r\
\n:if (\$isSendEmailRequired = true) do={\r\
\n\t:log info \"\$SMP Sending email message, it will take around half a mi\
nute...\";\r\
\n\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\$\
mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t:delay 5s;\r\
\n\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail get\
\_last-status]). Going to try it again in a while.\"\r\
\n\r\
\n\t\t:delay 5m;\r\
\n\r\
\n\t\t:do {/tool e-mail send to=\$emailAddress subject=\$mailSubject body=\
\$mailBody file=\$mailAttachments;} on-error={\r\
\n\t\t\t:delay 5s;\r\
\n\t\t\t:log error \"\$SMP could not send email message (\$[/tool e-mail g\
et last-status]) for the second time.\"\r\
\n\r\
\n\t\t\tif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\t\t\t\t:set isOsNeedsToBeUpdated false;\r\
\n\t\t\t\t:log warning \"\$SMP script is not going to initialise update pr\
ocess due to inability to send backups to email.\"\r\
\n\t\t\t}\r\
\n\t\t}\r\
\n\t}\r\
\n\r\
\n\t:delay 30s;\r\
\n\t\r\
\n\t:if ([:len \$mailAttachments] > 0 and [/tool e-mail get last-status] =\
\_\"succeeded\") do={\r\
\n\t\t:log info \"\$SMP File system cleanup.\"\r\
\n\t\t/file remove \$mailAttachments; \r\
\n\t\t:delay 2s;\r\
\n\t}\r\
\n\t\r\
\n}\r\
\n\r\
\n\r\
\n# Fire RouterOs update process\r\
\nif (\$isOsNeedsToBeUpdated = true) do={\r\
\n\r\
\n\t## Set scheduled task to upgrade routerboard firmware on the next boot\
, task will be deleted when upgrade is done. (That is why you should keep \
original script name)\r\
\n\t/system schedule add name=BKPUPD-UPGRADE-ON-NEXT-BOOT on-event=\":dela\
y 5s; /system scheduler remove BKPUPD-UPGRADE-ON-NEXT-BOOT; :global buGlob\
alVarUpdateStep 2; :delay 10s; /system script run BackupAndUpdate;\" start\
-time=startup interval=0;\r\
\n \r\
\n :log info \"\$SMP everything is ready to install new RouterOS, going \
to reboot in a moment!\"\r\
\n\t## command is reincarnation of the \"upgrade\" command - doing exactly\
\_the same but under a different name\r\
\n\t/system package update install;\r\
\n}\r\
\n\r\
\n:log info \"\$SMP script \\\"Mikrotik RouterOS automatic backup & update\
\\\" completed it's job.\\r\\n\";\r\
\n"
/tool e-mail
set address=smtp.ionos.de from=XX start-tls=yes \
user=XX
