Now I want that ns2 will be automatically updated with the new zones from ns1 but, unfortunately, I wasn’t able to find anything ready on internet.

At the end I wrote a simple script that simply connect [...]]]> My situation, ns1 and ns2, master and slave. On ns1 I’ve installed smbind to simply manage my zones.

Now I want that ns2 will be automatically updated with the new zones from ns1 but, unfortunately, I wasn’t able to find anything ready on internet.

At the end I wrote a simple script that simply connect to the first machine via ssh, take the bind file with zones, and, if anything changed, adapt it for the slave server, copy in the bind directory and reload bind.

Obviously it needs to be adapted to your needs, I run it every hour.

#!/bin/bash

VERSION=”0.1″

# bind_auto_slave
# Author:  info@farlock.org
#
# Description: copy bind file from master server, edit it and reload bind on slave
#
# ChangeLog: 0.1 – 28/04/17 – First Release

MASTER_SERVER=”ns1.xxx.com”
MASTER_SERVER_PORT=”22″
MASTER_SERVER_USER=”root”
MASTER_FILE=”/etc/smbind/smbind.conf”

SLAVE_FILE=”/etc/bind/ns1.conf”
SED_ARGUMENT=”s/master;/slave;\n\t\t\tmasters { servers_name; };/” # Argument that must be passed to sed

#SED_ARGUMENT=”s/master;/slave;/”

# First of all download file from master
TMP_FILE=$(mktemp)
chmod g+r,o+r $TMP_FILE
scp -q -P $MASTER_SERVER_PORT $MASTER_SERVER:$MASTER_FILE $TMP_FILE
if [ $? -ne 0 ] ; then
echo “Error downloading file from $MASTER_SERVER”
exit 11
fi

# Execute sed on it
#echo sed $SED_ARGUMENT $TMP_FILE
sed -i “$SED_ARGUMENT” $TMP_FILE
if [ $? -ne 0 ] ; then
echo “Error executing sed on file $TMP_FILE”
exit 12
fi

# Check differences
diff -q $TMP_FILE $SLAVE_FILE > /dev/null
if [ $? -ne 0 ] ; then # files differ
mv $TMP_FILE $SLAVE_FILE
service bind9 reload
if [ $? -ne 0 ] ; then
echo “Error reloading bind9 on slave server”
exit 13
fi
else
rm $TMP_FILE
fi

exit 0

È possibile rinnovare il certificato della Certification Authority e del server in scadenza e far si che i client continuino a collegarsi. Nel caso di alcuni software (vedi openvpn), il client dispone anche di copia del certificato [...]]]> Esempio classico: il certificato di openvpn dopo 10 anni scade, il certificato originale era stato creato con easy-rsa

È possibile rinnovare il certificato della Certification Authority e del server in scadenza e far si che i client continuino a collegarsi.
Nel caso di alcuni software (vedi openvpn), il client dispone anche di copia del certificato server, purtroppo in questo caso andrà comunque inviata la nuova accoppiata (CA + server) al client.
Potremmo comunque installare sul server i nuovi certificati prima della scadenza e rinnovare man mano tutti i clienti senza che nessuno di essi smetta di funzionare.
Passaggi, in questo caso il vecchio certificato era stato prodotto con easy-rsa:

cd /etc/openvpn/extern-rsa

# carichiamo le variabili di easy-rsa (attenzione ai punti):

. ./vars

# Se non abbiamo la csr originale possiamo ricrearla partendo dal certificato e dalla chiave:

openssl x509 -x509toreq -in keys/ca.crt -signkey keys/ca.key -out keys/ca_2016.csr

# Ricreiamo un nuovo certificato CA con una nuova data di scadenza, estensioni per la CA e seriale 00 (attenzione: se il certificato CA non ha questo seriale openssl lo rifiuta, mentre i sistemi microsoft lo accettano )

openssl ca -config /etc/openvpn/extern-rsa/openssl.cnf -out keys/ca_2016.crt -set_serial 0000 -extensions v3_ca -days 7200 -keyfile keys/ca.key -selfsign -infiles keys/ca_2016.csr

# Ricrieamo ora il certificato per il server, presupponendo che abbiamo ancora il csr, altrimenti possiamo ricrearli con il passaggio sopra.

openssl ca -config /etc/openvpn/extern-rsa/openssl.cnf -out keys/extern_2016.crt -extensions server -days 7200 -infiles keys/extern.csr

Per verificare che tutto sia ok possiamo controllare un certificato già generato e ancora valido con la vecchia CA:

openssl verify -CAfile keys/ca.crt -verbose keys/test.crt

e in seguito con la nuova:

openssl verify -CAfile keys/ca_2016.crt -verbose keys/test.crt

In entrambi i casi il risultato sarà OK.

Possiamo anche controllare il nuovo certificato server con la vecchia CA e viceversa:

openssl verify -CAfile keys/ca.crt -verbose keys/extern_2016.crt
openssl verify -CAfile keys/ca_2016.crt -verbose keys/extern.crt

Il risultato sarà sempre OK, se cosi non fosse c’è stato qualche problema nei passaggi precedenti (attenzione al serial ad esempio)

So I started taking all the scripts and docs found and putting them together…. The result is a working system [...]]]> Searching far and wide on the web looking for a solution to my problem (have a mikrotik router that do load balance and failover), I came to the conclusion that a complete solution doesn’t exist.

So I started taking all the scripts and docs found and putting them together…. The result is a working system that actually I use on some location…. Obviously is not  perfect, it needs improvement and better documentation

I share it, so anyone can use it and refine it, please send it back to me or in the mikrotik wiki!

The code is divided in two parts:

• A script run every X minutes that check wan connections
• Command that you need to write in terminal of your firewall to make it working

Let’s start from the script, please read it carefully!

Open winbox and go to System->Scripts, create a new one and name it “Failover”, copy this content inside it.

# ——————- header ——————-
# Script improved to check two different hosts and act with PCC Load Balancer
# (Original Script by Tomas Kirnak)
# If you edit this script, please share it with the community!
# Author: Denis Barbazza (denis . barbazza [at] gmail . com)
# VERSION=2.3
# http://www.farlock.org/mikrotik/mikrotik-load-balancer-and-failover-and-traffic-prioritization/
# ChangeLog
# 2.3 – 21/10/16 – Bugfix, when main ISP comes back we close alle the connection on ISP2, not clean but necessary because of some connections not tracked (udp, needs more testing)
# we leave this feature commented out, needs testing.
# we close also connections from outside to lan, sometimes internal initated connection takes this mark, needs testing
# 2.2 – 11/05/16 – If one connection hangs, drop connection on it (udp and tcp), when main connection
# fails or comes back we reset also connections without mark (these because of the default route weight)
# 2.1 – 17/03/16 – Improved ping check based on script made by Gregory Sloop (gregs @ sloop.net)
# 2.0 – 01/03/16 – now we manage also the rule used with PCC load balancer
# 1.5 – 01/12/15 – Check two different hosts, just to be sure
# 1.0.7 – Original Script by Tomas Kirnak (t.kirnak @ atris.sk)

# The script in case of a faulting link increase the default route
# and disable the marking rule based on PCC that it found on mangle/prerouting chain
#
# Use ips for ping target, the script may not work with fqdn
#
# if you want you can disable every marking rule, and not only PCC, simply editing the four line that search for rule to be disabled:
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 && (per-connection-classifier).”” != “”] do=\
# and remove the part of PCC value:
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 ] do=\
# REMEMBER: you must edit the rule in 4 places (enable/disable ISP1 and enable/diable ISP2)
#
# Search in script rule starting with “### OPTIONAL”, here you can enable or disable some features,
# based on your needs.
#
# For more information and details about
# this script please visit the wiki page at
# http://wiki.mikrotik.com/wiki/Failover_Scripting
# ——————- header ——————-

# ————- start editing here ————-
# Edit the variables below to suit your needs

# Please fill the WAN interface names
:local InterfaceISP1 ISP_1
:local InterfaceISP2 ISP_2

# Please fill the gateway IPs (or interface names in case of PPP)
:local GatewayISP1 10.39.1.14
:local GatewayISP2 172.31.29.1

# Routing mark of each interface
:local RoutingMarkISP1 ISP1_Route
:local RoutingMarkISP2 ISP2_Route

# Connection mark of each interface
:local ConnMarkISP1 to_ISP1
:local ConnMarkISP2 to_ISP2

# Connection mark of each interface, from outside to local network
:local ConnMarkISP1_LAN from_ISP1_to_LAN
:local ConnMarkISP2_LAN from_ISP2_to_LAN

# Please fill the ping check host – currently: resolver1.opendns.com
:local PingTarget1 208.67.222.222
# Second ping check host – currently google secondary DNS
:local PingTarget2 8.8.4.4

# This can be used to make sure that the RTT is above this threshold. Ping replies that take longer than
# this to return will be counted as no reply. Adapt it to your lines
:local PingInterval 500ms;
# How many pings to send for our test
:local PingCount 5;
# Size of the pick packets [Don’t make them too large.]
:local PingSize 28;
# How many pings minimum must we get back to consider the pipe “up” – fewer than this – consider it down.
# This is for the single check! So we send PingCount packet and we must receive at least PingReturnThreshold
# to consider the line up
:local PingReturnThreshold 2;

# Please fill how many times the check can fail before fail-over happens,
# In may case I run the script once every 10 minute, so one is enough
# Or you can run it once a minute so increase it
:local FailTreshold 3

# Define the distance increase of a route when it fails
:local DistanceIncrease 20

# Editing the script after this point may break it
# ————– stop editing here ————–

# Declare the global variables
:global PingFailCountISP1
:global PingFailCountISP2

# This inicializes the PingFailCount variables, in case this is the 1st time the script has ran
:if ([:typeof $PingFailCountISP1] = “nothing”) do={:set PingFailCountISP1 0}
:if ([:typeof $PingFailCountISP2] = “nothing”) do={:set PingFailCountISP2 0}

# These variables will be used to keep results of individual ping attempts
:local PingResult1
:local PingResult2

# Check ISP1
# :set PingResult1 [ping $PingTarget1 count=1 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1]
:set PingResult1 [/ping $PingTarget1 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult1
# :set PingResult2 [ping $PingTarget2 count=1 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1]
:set PingResult2 [/ping $PingTarget2 interface=$InterfaceISP1 routing-table=$RoutingMarkISP1 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult2
# If both fails we consider router down
:if (($PingResult1 < $PingReturnThreshold) && ($PingResult2 < $PingReturnThreshold)) do={
:if ($PingFailCountISP1 < ($FailTreshold+2)) do={
:set PingFailCountISP1 ($PingFailCountISP1 + 1)

:if ($PingFailCountISP1 = $FailTreshold) do={
:log warning “ISP1 has a problem en route to $PingTarget1 or $PingTarget2 – increasing distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP1 && static && !routing-mark] do=\
# {:log info “Increase distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] + $DistanceIncrease)}
# Disable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle disable $i }
### OPTIONAL – Disable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 ] do=\
# {/ip firewall mangle disable $i }

:log warning “Route distance increase finished.”
# close ISP1 connection
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP1] do= {/ip firewall connection remove $i }
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP1_LAN] do= {/ip firewall connection remove $i }
# close connection without mark
foreach i in=[/ip firewall connection find (connection-mark).”” = “” ] do= {/ip firewall connection remove $i }
:log warning “Closed connection $ConnMarkISP1 , $ConnMarkISP1_LAN and without mark”
}
}
}
# If almost one is ok we consider the line up
:if (($PingResult1 > $PingReturnThreshold) || ($PingResult2 > $PingReturnThreshold)) do={
:if ($PingFailCountISP1 > 0) do={
:set PingFailCountISP1 ($PingFailCountISP1 – 1)

:if ($PingFailCountISP1 = ($FailTreshold -1)) do={
:log warning “ISP1 can reach $PingTarget1 or $PingTarget2 again – bringing back original distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP1 && static && !routing-mark] do=\
# {:log info “Decrease distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] – $DistanceIncrease)}
# Reenable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle enable $i }
### OPTIONAL – Enable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP1 ] do=\
# {/ip firewall mangle enable $i }

:log warning “Route distance decrease finished.”
# close connection without mark
foreach i in=[/ip firewall connection find (connection-mark).”” = “” ] do= {/ip firewall connection remove $i }
### OPTIONAL – If you want you can close all the connection on the line 2 to force reconnection on line 1
# foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2] do= {/ip firewall connection remove $i }
# foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2_LAN] do= {/ip firewall connection remove $i }

:log warning “Closed connection without mark”
}
}
}

# Check ISP2
# :set PingResult1 [ping $PingTarget1 count=1 interface=$InterfaceISP2 routing-table=$RoutingMarkISP2]
:set PingResult1 [/ping $PingTarget1 interface=$InterfaceISP2 routing-table=$RoutingMarkISP2 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult1
# :set PingResult2 [ping $PingTarget2 count=1 interface=$InterfaceISP2 routing-table=$RoutingMarkISP1]
:set PingResult2 [/ping $PingTarget2 interface=$InterfaceISP2 routing-table=$RoutingMarkISP2 interval=$PingInterval count=$PingCount size=$PingSize];
#:put $PingResult2

:if (($PingResult1 < $PingReturnThreshold) && ($PingResult2 < $PingReturnThreshold)) do={
:if ($PingFailCountISP2 < ($FailTreshold+2)) do={
:set PingFailCountISP2 ($PingFailCountISP2 + 1)

:if ($PingFailCountISP2 = $FailTreshold) do={
:log warning “ISP2 has a problem en route to $PingTarget1 and $PingTarget2 – increasing distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP2 && static && !routing-mark] do=\
# {:log info “Increase distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] + $DistanceIncrease)}
# Disable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle disable $i }
### OPTIONAL – Disable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 ] do=\
# {/ip firewall mangle disable $i }

:log warning “Route distance increase finished.”
# close ISP2 connection
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2] do= {/ip firewall connection remove $i }
foreach i in=[/ip firewall connection find connection-mark=$ConnMarkISP2_LAN] do= {/ip firewall connection remove $i }
:log warning “Closed connection $ConnMarkISP2 and $ConnMarkISP2_LAN”
### OPTIONAL – Close connection without mark to force reopen, should not be necessary
# foreach i in=[/ip firewall connection find (connection-mark).”” = “” ] do= {/ip firewall connection remove $i }
}
}
}
:if (($PingResult1 > $PingReturnThreshold) || ($PingResult2 > $PingReturnThreshold)) do={
:if ($PingFailCountISP2 > 0) do={
:set PingFailCountISP2 ($PingFailCountISP2 – 1)

:if ($PingFailCountISP2 = ($FailTreshold -1)) do={
:log warning “ISP2 can reach $PingTarget1 or $PingTarget2 again – bringing back original distance of routes.”
:foreach i in=[/ip route find gateway=$GatewayISP2 && static && !routing-mark] do=\
# {:log info “Decrease distance route $i”}
{/ip route set $i distance=([/ip route get $i distance] – $DistanceIncrease)}
# Reenable PCC rules
:foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 && (per-connection-classifier).”” != “”] do=\
{/ip firewall mangle enable $i }
### OPTIONAL – Disable all rule, not the only ones regarding PCC
# :foreach i in=[/ip firewall mangle find chain=prerouting && new-connection-mark=$ConnMarkISP2 ] do=\
# {/ip firewall mangle enable $i }

:log warning “Route distance decrease finished.”
}
}
}

Now we will start with all the commands for our Load Balance – Failover, read it carefully! Edit IPs based on your setup! copy text to notepad, edit it and paste commands line by line on terminal.

# ——————- header ——————-
# Author: Denis Barbazza (denis . barbazza [at] gmail . com)
# VERSION=2.3
# http://www.farlock.org/mikrotik/mikrotik-load-balancer-and-failover-and-traffic-prioritization/
# Set of rules to setup a load balancer and failover with mikrotik routeros
#
# Inspired by:
# http://mum.mikrotik.com/presentations/US12/steve.pdf
# https://aacable.wordpress.com/2011/07/27/mikrotik-dual-wan-load-balancing-using-pcc-method-complete-script-by-zaib/
# http://wiki.mikrotik.com/wiki/Failover_Scripting
# http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting
# http://mum.mikrotik.com/presentations/US12/tomas.pdf
#
# Search in script rule starting with “### OPTIONAL”, here you can enable or disable some features,
# based on your needs.
#
# For more information and details about
# this script please visit the wiki page at
# http://wiki.mikrotik.com/wiki/Failover_Scripting
# ——————- header ——————-

# setup our interfaces and addresses, adapt it to your interfaces
/interface ethernet
set 2 name=LAN comment=eth3
set 0 name=ISP_1 comment=eth1
set 1 name=ISP_2 comment=eth2
/ip address
add address=192.168.88.1/24 interface=LAN
add address=1.1.1.32/24 interface=ISP_1
add address=2.2.2.32/24 interface=ISP_2
# Regole di nat per ciascuna interfaccia verso gli ISP
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ISP_1 comment=”NAT packet going through ISPs”
add action=masquerade chain=srcnat out-interface=ISP_2

# Regole di routing con pesi diversi verso ciascun ISP
/ip route
add gateway=1.1.1.1 distance=10 check-gateway=ping comment=”Route to ISPs”
add gateway=2.2.2.2 distance=20 check-gateway=ping

add gateway=1.1.1.1 routing-mark=ISP1_Route distance=10 comment=”Route for marked connection”
add gateway=2.2.2.2 routing-mark=ISP2_Route distance=10

# Not mark packet sent to direct connected network (physical and VPN)
/ip firewall address-list
add address=1.1.1.1/24 list=Connected comment=”List of direct connected network” # ISP_1
add address=2.2.2.2/24 list=Connected # ISP_2
add address=192.168.w.0/24 list=Connected # VPN
add address=192.168.88.0/24 list=Connected # LAN
add address=192.168.88.0/24 list=LAN

/ip firewall mangle
add chain=prerouting src-address-list=Connected dst-address-list=Connected action=accept comment=”Not mark packet directed to direct connected network”

### OPTIONAL
#############
# ATTENTION!
# Eventually remember to filter the traffic allowed from LAN to other networks!
#############

# Mark packet coming through ISP interfaces and put them in the correct routing tables
/ip firewall mangle
add chain=input connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=from_ISP1 comment=”Mark packet coming through ISP interfaces”
add chain=input connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=from_ISP2
add chain=output connection-mark=from_ISP1 action=mark-routing new-routing-mark=ISP1_Route comment=”Put the outbound reply connection in the correct routing table”
add chain=output connection-mark=from_ISP2 action=mark-routing new-routing-mark=ISP2_Route

# Now we should take care also of the connection from outside to LAN
/ip firewall mangle
add chain=forward connection-mark=no-mark in-interface=ISP_1 action=mark-connection new-connection-mark=from_ISP1_to_LAN comment=”Mark packet coming through ISP interfaces directed to LAN”
add chain=forward connection-mark=no-mark in-interface=ISP_2 action=mark-connection new-connection-mark=from_ISP2_to_LAN
add chain=prerouting connection-mark=from_ISP1_to_LAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment=”Put the reply connection from LAN in the correct routing table”
add chain=prerouting connection-mark=from_ISP2_to_LAN src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route
# Now you can add the script for Failover under menù System->Scripts, name it “Failover”
# and then we add a schedule that launch it every 2 minutes, we set the date and unix epoch, just in
# case the clock isn’t set
/system scheduler add name=”Check_connectivity” interval=2m on-event=Failover start-date=jan/1/1970 start-time=0:0:0

You can choose load balancing based on PCC (http://wiki.mikrotik.com/wiki/Manual:PCC) or Traffic Monitor (http://mum.mikrotik.com/presentations/US12/tomas.pdf).

If you prefer PCC:

#########################################################################################
# PCC
# With PCC you must take care of bandwidth and number of WAN available, example:
# – Two equal WAN: we need two PCC mangle rule, one with :2/1 mark for ISP1 and the other with :2/0 mark for ISP2
# – Three equal WAN: three rule, :3/0 mark for ISP1 – :3/1 mark for ISP2 – :3/2 mark for ISP3
# – Two disequal wan, first twice bandwidth of the seconf: three rule, :3/0 mark for ISP1 – :3/1 mark for ISP1 – :3/2 mark for ISP2
# As you can see we need to balance the traffic with PCC rule, more powerful WANs need more rules

/ip firewall mangle
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local \
src-address-list=LAN new-connection-mark=to_ISP1 passthrough=yes per-connection-classifier=both-addresses:2/0 comment=”Doing PCC Balancing here”
add chain=prerouting action=mark-connection connection-mark=no-mark connection-state=new dst-address-type=!local \
src-address-list=LAN new-connection-mark=to_ISP2 passthrough=yes per-connection-classifier=both-addresses:2/1

# If we want to balance also traffice generated from the mikrotik itself, actually nothing can be do it’s in the TODO list…

# Now choose the right route based on connection mark
/ip firewall mangle
add chain=prerouting action=mark-routing connection-mark=to_ISP1 src-address-list=LAN new-routing-mark=ISP1_Route comment=”Mark balanced connection to the right routing table”
add chain=prerouting action=mark-routing connection-mark=to_ISP2 src-address-list=LAN new-routing-mark=ISP2_Route

### OPTIONAL
# If we use hotspot and we need balancing
# /ip firewall nat add action=accept chain=pre-hotspot disabled=no dst-address-type=!local hotspot=auth comment=”Rule for Hotspot and PCC”
# Questa regola va testata….
# Invece modificando le regole di PCC aggiungendo hotspot=auth tutto funziona correttamente:
#/ip firewall mangle
#add action=mark-connection chain=prerouting comment=”Doing PCC Balancing here” connection-mark=no-mark connection-state=new dst-address-type=\
# !local hotspot=auth new-connection-mark=to_ISP1 per-connection-classifier=dst-address:2/0 src-address-list=LAN
#add action=mark-connection chain=prerouting connection-mark=no-mark connection-state=new dst-address-type=!local hotspot=auth \
# new-connection-mark=to_ISP2 per-connection-classifier=dst-address:2/1 src-address-list=LAN

#########################################################################################

Or if you prefer Traffic Monitor:

#########################################################################################
# Automated based on bandwidth, switched by Traffic Monitor (thanks to Tomas Kirnak – t.kirnak @ atris.sk)
# Now start marking connection and routing
/ip firewall mangle
add chain=prerouting connection-mark=no-mark src-address-list=LAN dst-address-list=!Connected dst-address-type=!local \
action=mark-connection new-connection-mark=from_LAN_to_WAN comment=”Mark connection for Load Balancing”
add chain=prerouting connection-mark=from_LAN_to_WAN src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment=”Load-Balancing here”

# Now we MUST assure that a connection routed to ISP will always stay there
/ip firewall mangle
add chain=prerouting connection-mark=from_LAN_to_WAN routing-mark=ISP1_Route action=mark-connection new-connection-mark=Sticky_ISP1 comment=”Mark connections as sticky”
add chain=prerouting connection-mark=from_LAN_to_WAN routing-mark=ISP2_Route action=mark-connection new-connection-mark=Sticky_ISP2
add chain=prerouting connection-mark=Sticky_ISP1 src-address-list=LAN action=mark-routing new-routing-mark=ISP1_Route comment=”sticky connections will always go out through same ISP”
add chain=prerouting connection-mark=Sticky_ISP2 src-address-list=LAN action=mark-routing new-routing-mark=ISP2_Route

# Setup Traffic Monitor
/tool traffic-monitor
add interface=ISP_1 name=LB_ISP1_above trigger=above on-event=”:log debug \”Load-Balance Debug: ISP\
1 overloaded, switching to ISP2\”;\r\
\n/ip firewall mangle set [find comment=\”Load-Balancing here\”] new-routing-mark=ISP2_Route” \
threshold=5242880 traffic=received comment=”When ISP1 reaches 5mbit/s switch to ISP2″
add interface=ISP_1 name=LB_ISP1_below trigger=below on-event=”:log debug \”Load-Balance Debug: ISP\
1 back to normal\”;\r\
\n/ip firewall mangle set [find comment=\”Load-Balancing here\”] new-routing-mark=ISP1_Route” \
threshold=5242880 traffic=received comment=”And on less traffic go back again to ISP1″
##############################################################################################

Choose one of the two

And, the end, if you want icing on cake we can prioritize traffic based on its type and contents:

###################################################################################
# Traffic Prioritization – thanks to Rick Frey – support @ rickfreyconsulting.com
# some modification to original script to work correctly with HTTPS traffic
# To act with layer 7 traffic check original script on http://rickfreyconsulting.com

/ip firewall mangle
add chain=output comment=”Section Break – Input prioritize rules” disabled=yes
add action=change-dscp chain=input comment=”DSCP – 7 – Winbox Port 8291 (Local Management)” dst-port=8291 new-dscp=7 protocol=tcp
############################################################################################################################
#### This section sets priorities for tunneling methods used by the hosts on your LAN. ####
############################################################################################################################

/ip firewall mangle
add chain=output comment=”Section Break – VPN” disabled=yes
add action=change-dscp chain=forward comment=”DSCP – 5 – PPTP Port 1723 (LAN Traffic)” new-dscp=5 port=1723 protocol=tcp
add action=change-dscp chain=forward comment=”DSCP – 5 – GRE Protocol (LAN Traffic)” new-dscp=5 protocol=gre
add action=change-dscp chain=forward comment=”DSCP – 5 – L2TP UDP Port 500 (LAN Traffic)” new-dscp=5 port=500 protocol=udp
add action=change-dscp chain=forward comment=”DSCP – 5 – L2TP UDP Port 1701 (LAN Traffic)” new-dscp=5 port=1701 protocol=udp
add action=change-dscp chain=forward comment=”DSCP – 5 – L2TP UDP Port 4500 (LAN Traffic)” new-dscp=5 port=4500 protocol=udp
add action=change-dscp chain=forward comment=”DSCP – 5 – OVPN TCP Port 1194 (LAN Traffic)” new-dscp=5 port=1194 protocol=tcp
############################################################################################################################
#### This section sets priorities for VOIP Traffic ####
############################################################################################################################

add chain=output comment=”Section Break – Voip” disabled=yes
add action=change-dscp chain=postrouting comment=”DSCP – 7 – VOIP” disabled=no new-dscp=7 passthrough=yes port=1167,1719,1720,8010 protocol=udp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – VOIP” disabled=no new-dscp=7 passthrough=yes port=1719,1720,8008,8009 protocol=tcp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – SIP” disabled=no new-dscp=7 passthrough=yes port=5060,5061 protocol=tcp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – SIP” disabled=no new-dscp=7 passthrough=yes port=5060,5061 protocol=udp
add action=change-dscp chain=postrouting comment=”DSCP – 7 – SIP 5004″ disabled=no new-dscp=7 passthrough=yes port=5004 protocol=udp
add action=set-priority chain=postrouting comment=”Priority – 7 – Ventrilo VOIP” new-priority=7 port=3784 protocol=tcp
add action=set-priority chain=postrouting comment=”Priority – 7 – Ventrilo VOIP” new-priority=7 port=3784,3785 protocol=udp
add action=set-priority chain=postrouting comment=”Priority – 7 – Windows Live Messenger Voice” new-priority=7 port=6901 protocol=tcp
add action=set-priority chain=postrouting comment=”Priority – 7 – Windows Live Messenger Voice” new-priority=7 port=6901 protocol=udp
############################################################################################################################
#### This section sets priorities for normal LAN Traffic ####
############################################################################################################################

add chain=output comment=”Section Break – Normal traffic” disabled=yes
add action=set-priority chain=prerouting comment=”Priority – 6 – SSH” disabled=no new-priority=6 passthrough=yes port=22 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 6 – Telnet” disabled=no new-priority=6 passthrough=yes port=23 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 6 – ICMP” disabled=no new-priority=6 passthrough=yes protocol=icmp
add action=set-priority chain=prerouting comment=”Priority – 6 – TCP DNS Requests” disabled=no new-priority=6 passthrough=yes port=53 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 6 – UDP DNS & mDNS Requests” disabled=no new-priority=6 passthrough=yes port=53,5353 protocol=udp

add action=set-priority chain=prerouting comment=”Priority – 3 – HTTP Requests” connection-bytes=0-2000000 disabled=no dst-port=80 new-priority=3 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 3 – HTTPS Requests” connection-bytes=0-2000000 disabled=no dst-port=443 new-priority=3 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – ICQ” disabled=no new-priority=5 passthrough=yes port=5190 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – Yahoo IM” disabled=no new-priority=5 passthrough=yes port=5050 protocol=tcp

add action=set-priority chain=prerouting comment=”Priority – 4 – AOL, IRC” disabled=no new-priority=4 passthrough=yes port=531,5190,6660-6669,6679,6697 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – AOL, IRC” disabled=no new-priority=4 passthrough=yes port=531 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 4 – Time” disabled=no new-priority=4 passthrough=yes port=37 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 4 – Time” disabled=no new-priority=4 passthrough=yes port=37,123 protocol=udp

add action=set-priority chain=prerouting comment=”Priority – 0 – SFTP” disabled=no dst-port=22 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – FTP” disabled=no dst-port=20,21 new-priority=0 packet-size=1400-1500 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – HTTP Downloads” connection-bytes=2000000-0 disabled=no new-priority=0 passthrough=yes port=80 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – HTTPS Downloads” connection-bytes=2000000-0 disabled=no new-priority=0 passthrough=yes port=443 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Mail Services” disabled=no port=110,995,143,993,25,57,109,465,587 new-priority=0 passthrough=yes protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – SNMP” disabled=no new-priority=0 passthrough=yes port=161,162 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – SNMP” disabled=no new-priority=0 passthrough=yes port=162 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – IMAP, IMAPS” disabled=no new-priority=0 passthrough=yes port=220,993 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – IMAP” disabled=no new-priority=0 passthrough=yes port=220 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Doom FPS” disabled=no new-priority=0 passthrough=yes port=666 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – America’s Army MMO” disabled=no new-priority=0 passthrough=yes port=1716 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Civilization MMO” disabled=no new-priority=0 passthrough=yes port=2056 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Halo: Combat Evolved MMO” disabled=no new-priority=0 passthrough=yes port=2302 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Dark Ages” disabled=no port=2610 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Xbox Live” disabled=no new-priority=0 passthrough=yes port=3074 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Xbox Live” disabled=no new-priority=0 passthrough=yes port=3074 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Blizzard Games Online” disabled=no new-priority=0 passthrough=yes port=3723,6112 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Blizzard Games Online” disabled=no new-priority=0 passthrough=yes port=3723 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – WoW MMO” disabled=no new-priority=0 passthrough=yes port=3724 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – WoW MMO” disabled=no new-priority=0 passthrough=yes port=3724 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Club Penguin Disney Online” disabled=no new-priority=0 passthrough=yes port=3724,6112,6113,9875 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Diablo II” disabled=no new-priority=0 passthrough=yes port=4000 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Diablo II” disabled=no new-priority=0 passthrough=yes port=4000 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Microsoft Ants MMO” disabled=no new-priority=0 passthrough=yes port=4001 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Google Desktop” disabled=no new-priority=0 passthrough=yes port=4664 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – BZFlag” disabled=no new-priority=0 passthrough=yes port=5154 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – BZFlag” disabled=no new-priority=0 passthrough=yes port=5154 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Freeciv MMO” disabled=no new-priority=0 passthrough=yes port=5556 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Freeciv MMO” disabled=no new-priority=0 passthrough=yes port=5556 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Windows Live Messenger File Transfer” disabled=no new-priority=0 passthrough=yes port=6891-6900 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Enemy Territory: Quake Wars” disabled=no new-priority=0 passthrough=yes port=7133 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Teamspeak” disabled=no new-priority=0 passthrough=yes port=8767-8768 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Teamspeak” disabled=no new-priority=0 passthrough=yes port=9987 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Earthland Relams 2″ disabled=no new-priority=0 passthrough=yes port=8888-8889 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Sony Playstation” disabled=no new-priority=0 passthrough=yes port=9293 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Battlefield 1942 MMO” disabled=no new-priority=0 passthrough=yes port=14567 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Battlefield Vietnam” disabled=no new-priority=0 passthrough=yes port=15567 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Battlefield 2″ disabled=no new-priority=0 passthrough=yes port=16567 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Quake” disabled=no new-priority=0 passthrough=yes port=26000 protocol=tcp
add action=set-priority chain=prerouting comment=”Priority – 0 – Quake” disabled=no new-priority=0 passthrough=yes port=26000,27901,27960 protocol=udp
add action=set-priority chain=prerouting comment=”Priority – 0 – Call of Duty” disabled=no new-priority=0 passthrough=yes port=28960 protocol=udp
add chain=output comment=”Section Break” disabled=yes

#########################################
#### VOIP ####
#########################################

/ip firewall layer7-protocol
add name=sip regexp=\
“^(invite|register|cancel) sip[\t-\r -~]*sip/[0-2]\\.[0-9]”
add name=h323 regexp=\
“^\03..\?\08…\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05″
add name=skypeout regexp=”^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\
\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\
\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?\
.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\t.\?.\?.\?.\?.\?.\?.\?.\
\?\t|\
\n.\?.\?.\?.\?.\?.\?.\?.\?\
\n|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\r.\?.\?.\
\?.\?.\?.\?.\?.\?\r|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\
\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12\
.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?\
.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\
\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\
\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\
\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\
\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F| .\?.\?.\?.\
\?.\?.\?.\?.\? |!.\?.\?.\?.\?.\?.\?.\?.\?!|\”.\?.\?.\?.\?.\?.\?.\?.\?\”|#.\
\?.\?.\?.\?.\?.\?.\?.\?#|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|%.\?.\?.\?.\?.\?\
.\?.\?.\?%|&.\?.\?.\?.\?.\?.\?.\?.\?&|’.\?.\?.\?.\?.\?.\?.\?.\?’|\\(.\?.\?\
.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?\
.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|,.\?.\?.\?.\?.\?.\?.\?.\?,|-.\?.\
\?.\?.\?.\?.\?.\?.\?-|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|/.\?.\?.\?.\?.\?.\?.\
\?.\?/|0.\?.\?.\?.\?.\?.\?.\?.\?0|1.\?.\?.\?.\?.\?.\?.\?.\?1|2.\?.\?.\?.\?\
.\?.\?.\?.\?2|3.\?.\?.\?.\?.\?.\?.\?.\?3|4.\?.\?.\?.\?.\?.\?.\?.\?4|5.\?.\
\?.\?.\?.\?.\?.\?.\?5|6.\?.\?.\?.\?.\?.\?.\?.\?6|7.\?.\?.\?.\?.\?.\?.\?.\?\
7|8.\?.\?.\?.\?.\?.\?.\?.\?8|9.\?.\?.\?.\?.\?.\?.\?.\?9|:.\?.\?.\?.\?.\?.\
\?.\?.\?:|;.\?.\?.\?.\?.\?.\?.\?.\?;|<.\?.\?.\?.\?.\?.\?.\?.\?<|=.\?.\?.\?\
.\?.\?.\?.\?.\?=|>.\?.\?.\?.\?.\?.\?.\?.\?>|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\
\?|@.\?.\?.\?.\?.\?.\?.\?.\?@|A.\?.\?.\?.\?.\?.\?.\?.\?A|B.\?.\?.\?.\?.\?.\
\?.\?.\?B|C.\?.\?.\?.\?.\?.\?.\?.\?C|D.\?.\?.\?.\?.\?.\?.\?.\?D|E.\?.\?.\?\
.\?.\?.\?.\?.\?E|F.\?.\?.\?.\?.\?.\?.\?.\?F|G.\?.\?.\?.\?.\?.\?.\?.\?G|H.\
\?.\?.\?.\?.\?.\?.\?.\?H|I.\?.\?.\?.\?.\?.\?.\?.\?I|J.\?.\?.\?.\?.\?.\?.\?\
.\?J|K.\?.\?.\?.\?.\?.\?.\?.\?K|L.\?.\?.\?.\?.\?.\?.\?.\?L|M.\?.\?.\?.\?.\
\?.\?.\?.\?M|N.\?.\?.\?.\?.\?.\?.\?.\?N|O.\?.\?.\?.\?.\?.\?.\?.\?O|P.\?.\?\
.\?.\?.\?.\?.\?.\?P|Q.\?.\?.\?.\?.\?.\?.\?.\?Q|R.\?.\?.\?.\?.\?.\?.\?.\?R|\
S.\?.\?.\?.\?.\?.\?.\?.\?S|T.\?.\?.\?.\?.\?.\?.\?.\?T|U.\?.\?.\?.\?.\?.\?.\
\?.\?U|V.\?.\?.\?.\?.\?.\?.\?.\?V|W.\?.\?.\?.\?.\?.\?.\?.\?W|X.\?.\?.\?.\?\
.\?.\?.\?.\?X|Y.\?.\?.\?.\?.\?.\?.\?.\?Y|Z.\?.\?.\?.\?.\?.\?.\?.\?Z|\\[.\?\
.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?\
.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|_.\?.\?.\?.\?.\?.\?.\?.\?_|`.\
\?.\?.\?.\?.\?.\?.\?.\?`|a.\?.\?.\?.\?.\?.\?.\?.\?a|b.\?.\?.\?.\?.\?.\?.\?\
.\?b|c.\?.\?.\?.\?.\?.\?.\?.\?c|d.\?.\?.\?.\?.\?.\?.\?.\?d|e.\?.\?.\?.\?.\
\?.\?.\?.\?e|f.\?.\?.\?.\?.\?.\?.\?.\?f|g.\?.\?.\?.\?.\?.\?.\?.\?g|h.\?.\?\
.\?.\?.\?.\?.\?.\?h|i.\?.\?.\?.\?.\?.\?.\?.\?i|j.\?.\?.\?.\?.\?.\?.\?.\?j|\
k.\?.\?.\?.\?.\?.\?.\?.\?k|l.\?.\?.\?.\?.\?.\?.\?.\?l|m.\?.\?.\?.\?.\?.\?.\
\?.\?m|n.\?.\?.\?.\?.\?.\?.\?.\?n|o.\?.\?.\?.\?.\?.\?.\?.\?o|p.\?.\?.\?.\?\
.\?.\?.\?.\?p|q.\?.\?.\?.\?.\?.\?.\?.\?q|r.\?.\?.\?.\?.\?.\?.\?.\?r|s.\?.\
\?.\?.\?.\?.\?.\?.\?s|t.\?.\?.\?.\?.\?.\?.\?.\?t|u.\?.\?.\?.\?.\?.\?.\?.\?\
u|v.\?.\?.\?.\?.\?.\?.\?.\?v|w.\?.\?.\?.\?.\?.\?.\?.\?w|x.\?.\?.\?.\?.\?.\
\?.\?.\?x|y.\?.\?.\?.\?.\?.\?.\?.\?y|z.\?.\?.\?.\?.\?.\?.\?.\?z|\\{.\?.\?.\
\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\
\?.\?\\}|~.\?.\?.\?.\?.\?.\?.\?.\?~|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\
\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\
\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\
\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?\
.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?\
.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\
\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\
\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\
\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\
\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\
\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\
\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?\
.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?\
.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\
\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\
\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\
\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\
\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\
\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\
\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?\
.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?\
.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\
\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\
\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\
\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\
\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\
\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\
\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?\
.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?\
.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\
\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\
\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\
\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\
\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\
\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\
\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?\
.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?\
.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\
\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\
\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\
\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\
\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\
\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\
\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?\
.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?\
.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\
\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\
\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\
\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\
\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\
\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\
\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?\
.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?\
.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\
\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)”
add name=skypetoskype regexp=”^..\02………….”
add name=teamspeak regexp=”^\F4\BE\03.*teamspeak”
add name=ventrilo regexp=”^..\?v\\\$\CF”
add name=stun regexp=”^[\01\02]…………….\?\$”

/ip firewall mangle
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – h323″ layer7-protocol=h323 new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – SIP” layer7-protocol=sip new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – Skypeout” layer7-protocol=skypeout new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – skypetoskype” layer7-protocol=skypetoskype new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – STUN” layer7-protocol=stun new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – Teamspeak” layer7-protocol=teamspeak new-priority=5
add action=set-priority chain=forward comment=”Priority – 5 – VOIP – Ventrilo” layer7-protocol=ventrilo new-priority=5

That’s all!

Try it and share your impression, bugs, everything!

For reference you can download script and commands in text file:

1. Failover Script -> failover-2_3
2. Commands for config -> load-balance-failover-routeros-2_3

I use it to log value from different type of sensors. As you know ADC for raspberry can read [...]]]> On this post I’ll explain you how to grab analog data from an 8-channel, 12 bit ADC. The ADC used is the Custard-PI 3 http://www.sf-innovations.co.uk/custard-pi-3.html . You can buy it directly from them on that page.

I use it to log value from different type of sensors. As you know ADC for raspberry can read only voltage from 0 to 2.5V (or higher with partitor) but lot of industrial sensors are based on 4-20mA range.

With this scripts you will be able to obtain a CSV and graph of the real value with only some easy configuration. You just need to know what’s the range of your sensor (ex: 0-100°C), what’s the range of output value of the sensor (ex: 4-20 mA), what does ADC read when the output value is at minimum and at the maximum. To obtain this last values we need only a simple more step.

The setup is very easy, you just need to connect the board to raspberry, power it on, copy the software on it and everything is done. Let’s go step by step:

1. Connect the board to raspberry and power it on.
2. Connect to PI with ssh, update it and install apache with php:
   # sudo apt-get update && apt-get upgrade# sudo apt-get install libapache2-mod-php5
3. Download the tarball and extract it on root ( / ) directory.
   

   cd /tmp
   wget http://www.farlock.org/wp-content/uploads/2015/04/adc_grabber.tar
   cd /
   tar xvf /tmp/adc_grabber.tar

4. It will extract two files in /etc/init.d and /etc/default ; these are needed for startup at boot.
   It will extract the cpi3adc.py file in /usr/local/bin and the directory cpi3adc in /usr/local/lib (this contains two included file). Every web page is extracted on /var/www/adc
5. We need four more steps manually:
   

   Edit sudoers file with command:
   # sudo visudo
   and add this line at the end:
   www-data ALL=(ALL) NOPASSWD: ALL
   add user www-data to group pi with this:
   # sudo adduser www-data pi
   Enable startup of the logger on boot:
   # sudo update-rc.d cpi3adc defaults
   And finally edit /etc/apache2/sites-enabled/000-default, find the paragraph starting with:
   <Directory /var/www>
   and add these lines inside it:
   Options +ExecCGI
   AddHandler cgi-script .cgi .pl
   RedirectMatch ^/$ /adc/

6. Via web browser connect to your raspberry (you need to know the ip address, ex: 192.168.1.110):
   http://192.168.1.100/adc
7. On this page you can set up global parameters or different ones for each channel (in case you have different sensors).
   In my example I have a thermometer with range 0° – 100°C and output of 4 – 20 mA.
   I have connected it to channel 1 with 100 ohm resistor, look at this image to have an idea:
   The problem now is that the resistor is not usually perfect and we need to make some adjustment.
8. I disconnect my sensor and i connect to analog input a current generator, I set it with 4mA and i click on “Leggi Valori Attuali”, this is the result:
   

   CANALE – Volt Ingresso – Valore Ingresso Puro – Ingresso  mA – Valore Calcolato °C
   CH 1 – Voltage 0.40 – Value 655 – In 4.00 mA – 0.00 °C
   CH 2 – Voltage 0.08 – Value 131 – In 0.80 mA – -20.05 °C
   CH 3 – Voltage 0.05 – Value 81 – In 0.50 mA – -21.96 °C
   CH 4 – Voltage 0.03 – Value 43 – In 0.26 mA – -23.41 °C
   CH 5 – Voltage 0.01 – Value 21 – In 0.13 mV – -12.13 V
   CH 6 – Voltage 0.01 – Value 15 – In 0.09 mA – -24.48 °C
   CH 7 – Voltage 0.01 – Value 11 – In 0.07 mA – -24.64 °C
   CH 8 – Voltage 0.00 – Value 7 – In 0.04 mA – -24.79 °C

   Our interest is for the second line (channel 1) and the second field (value), this is the value that ADC reads with an input of 4mA and our resistor.
   Now the same thing setting the generator to 20mA, change the generator and press F5 to reload the page, this is the output:

   CANALE – Volt Ingresso – Valore Ingresso Puro – Ingresso  mA – Valore Calcolato °C
   CH 1 – Voltage 2.00 – Value 3269 – In 20.0 mA – 100.00 °C

   The second value is 3269, this is the ADC reading with 20mA.

9. Now on the homepage you can set the value needed. And you need how to obtain the value for the third column (ADC).
10. When everything is done you can press “Salva Valori”, and then you can start the logger with “Avvia”.
11. If you want to start automatically the logger at boot check “Avvia automaticamente” and press “Salva Valori”.
12. The logger grab the data every seconds setted in “Intervallo in secondi per letture”, and calculate the average every “Nr di valori per media” setted.
13. You can see the graph in realtime clicking on “Visualizza Grafico”, and download CSV clicking on “Download CSV”.

Download scripts: adc_grabber

Thanks to:
http://www.sf-innovations.co.uk/custard-pi-3.html

Beer monitoring with my Raspberry Pi

http://dygraphs.com/

Linux Machine:

Mikrotik RouterBoard:

CATOP=./personalCA

CAKEY=./cakey.pem

CAREQ=./careq.pem

CACERT=./cacert.pem

cd /etc/ssl

mkdir $CATOP

mkdir $CATOP/certs

mkdir $CATOP/crl

mkdir $CATOP/newcerts

mkdir $CATOP/private

echo “00” > $CATOP/serial

echo “00” > $CATOP/crlnumber

touch $CATOP/index.txt

export OPENSSL_CONF=/etc/ssl/essetigiCA.cnf

copy /etc/ssl/openssl.cnf to personalCA.cnf and edit OrganizationName, Country, State, ecc fields.

Then execute:

openssl req -new -keyout $CATOP/private/$CAKEY -out $CATOP/$CAREQ

write a complex passhprase [...]]]> Launch this commands:

CATOP=./personalCA

CAKEY=./cakey.pem

CAREQ=./careq.pem

CACERT=./cacert.pem

cd /etc/ssl

mkdir $CATOP

mkdir $CATOP/certs

mkdir $CATOP/crl

mkdir $CATOP/newcerts

mkdir $CATOP/private

echo “00” > $CATOP/serial

echo “00” > $CATOP/crlnumber

touch $CATOP/index.txt

export OPENSSL_CONF=/etc/ssl/essetigiCA.cnf

copy /etc/ssl/openssl.cnf to personalCA.cnf and edit OrganizationName, Country, State, ecc fields.

Then execute:

openssl req -new -keyout $CATOP/private/$CAKEY -out $CATOP/$CAREQ

write a complex passhprase and remember it! Without it the CA is completely useless. It asks also for information about the CA.

Now we create our CA, it asks for the passphrase:

openssl ca -out $CATOP/$CACERT $CADAYS -extensions v3_ca -days 36500 -keyfile $CATOP/private/$CAKEY -selfsign -infiles $CATOP/$CAREQ

Server certificate:

openssl req -new -nodes -keyout $CATOP/private/server_key.pem -out $CATOP/certs/server_req.pem

openssl ca -out $CATOP/certs/server_cert.pem -days 13000 -extensions server_cert -infiles $CATOP/certs/server_req.pem

client certificate:

openssl req -new -nodes -keyout $CATOP/private/client01_key.pem -out $CATOP/certs/client01_req.pem

openssl ca -out $CATOP/certs/client01_cert.pem -days 10000  -infiles $CATOP/certs/client01_req.pem

That’s all.

setenv mtdpartitions mtdparts=nand_mtd:0xa0000@0x0(u-boot),0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs)

setenv bootargs_root ubi.mtd=2 root=ubi0:rootfs rootfstype=ubifs

setenv bootargs_console console=ttyS0,115200

setenv bootcmd_nand ‘nand read.e 0x00800000 0x00100000 0x00400000’

setenv bootcmd ‘setenv bootargs $(bootargs_console) $(mtdpartitions) $(bootargs_root); run bootcmd_nand; bootm 0x00800000’

saveenv

This [...]]]> If you previosuly installed Debian on your internal flash and for some reasons your u-boot environment f**k you can simply restore it with this:

setenv mtdpartitions mtdparts=nand_mtd:0xa0000@0x0(u-boot),0x400000@0x100000(uImage),0x1fb00000@0x500000(rootfs)

setenv bootargs_root ubi.mtd=2 root=ubi0:rootfs rootfstype=ubifs

setenv bootargs_console console=ttyS0,115200

setenv bootcmd_nand ‘nand read.e 0x00800000 0x00100000 0x00400000’

setenv bootcmd ‘setenv bootargs $(bootargs_console) $(mtdpartitions) $(bootargs_root); run bootcmd_nand; bootm 0x00800000’

saveenv

This saved me, hope that can help you