search

tomaae / homeassistant-mikrotik_router

Mikrotik router integration for Home Assistant
Apache License 2.0
292 stars 48 forks source link

[Feature] Add Route sensors and\or Netwatch sensors #289

Closed enselerizer closed 8 months ago

enselerizer commented 1 year ago

Is your feature request related to a problem? Please describe.

I have a multi-WAN setup with two ISPs (main and backup) and switch between them using Netwatch rule that enables and disables corresponding default routes. I want to use information about currently selected ISP in Home Assistant automations.

Describe the solution you'd like

An ability to monitor Netwatch rule status and\or to monitor enabled and disabled routes.

tomaae commented 1 year ago

Can you provide me with more infor about netwatch? best would be print terse outputs of your setup with explanation and what is important information to see. Routes are out of question. we tried that once, but there can be thousands on routes depending on device use. netwatch could be doable tho.

vbakh commented 1 year ago

Plus 1 ask for enabled/disabled routes. I have a similar scenario: cable ISP as a primary provider + cellular as a backup, but use the recursive routing method for determining which route to activate.

I guess for such relatively simple routing scenarios the integration would need to poll the route list from Mikrotik (/ip/route print) and probably parse the statuses (even though it can be done in HA templates), The monitoring/notification itself can be done in HA automations.

BTW, as a workaround, I check my external IP address via DNS IP/myip integration. It helps in primary/backup route scenario when I know what IPs or IP ranges to expect, but probably won't help in the load balancing cases.

enselerizer commented 1 year ago

Can you provide me with more infor about netwatch? best would be print terse outputs of your setup with explanation and what is important information to see.

I'm sorry, I don't understand exactly what information is required. I'm using a Netwatch rule that regularly pings a certain known WAN address, such as 8.8.8.8. After that, the rule macro is executed, if the address becomes unavailable ("down" status), the following is executed: /ip route disable [find comment="ISP-Main"] /ip route enable [find comment="ISP-Backup"] :foreach i in=[/ip firewall connection find protocol~"tcp"] do={ /ip firewall connection remove $i } :foreach i in=[/ip firewall connection find protocol~"udp"] do={ /ip firewall connection remove $i }

If the address becomes available ("up" status), the following is performed: /ip route disable [find comment="ISP-Backup"] /ip route enable [find comment="ISP-Main"] :foreach i in=[/ip firewall connection find protocol~"tcp"] do={ /ip firewall connection remove $i } :foreach i in=[/ip firewall connection find protocol~"udp"] do={ /ip firewall connection remove $i }

The static routes mentioned in the macros are the default routes (0.0.0.0/0) directed either to the gateway of the first ISP or to the gateway of the second ISP. The firewall has a rule that only allows ICMP requests for address 8.8.8.8 to be sent through the first ISP.

Routes are out of question. we tried that once, but there can be thousands on routes depending on device use.

I'm only interested in the status of static routes, their number doesn't change over time without manual reconfiguration. Maybe that will be possible?

I have a similar scenario: cable ISP as a primary provider + cellular as a backup

Same.

BTW, as a workaround, I check my external IP address via DNS IP/myip integration. It helps in primary/backup route scenario when I know what IPs or IP ranges to expect, but probably won't help in the load balancing cases.

Unfortunately it won't work in my case. On my main ISP, I have a public IP address that is used for remote access to home assistant and other home services. But on the second ISP, I need a VPN connection to access home assistant. I want to use the received information to turn VPN on and off on my home server. But as long as the tunnel is up, any IP address check will show me the IP address of my VPN server.

P.S. sorry for the poor english, i use google translate

tomaae commented 1 year ago

I didnt mean routes, but netwatch you mentioned. I dont know anythign about it, so I need to see output from configuration and live data to implement it properly. Probably something like /tool/netwatch/print terse or just /tool/netwatch/print if terse wont work. You can mask (replace with stars or similar) any private data if there are some, I just need to know columns and what kind of relevant info I can find there. Also mark for me any of columns that are important/nice to have visible in HA. For reference, here is documentation: https://help.mikrotik.com/docs/display/ROS/Netwatch

Problem with routes is that you need to query them. It was causing nonstop high load when it was implemented for ISP/semi-ISP setups as that query took long time and significant cpu resources. I may consider implementing as optional feature in future if there is demand for it. But lets focus on netwatch now, dont want to mix things up

Dont worry about english, its good.

enselerizer commented 1 year ago

The output looks like this: [admin@Router - MikroTik hEX S] >> /tool netwatch print
Flags: X - disabled # HOST TIMEOUT INTERVAL STATUS SINCE 0 ;;; Auto ISP change 8.8.8.8 1s 5s up jun/23/2023 05:45:05

I'm primarily interested in the STATUS and HOST columns, and also comment (if it is possible).

vbakh commented 1 year ago

But on the second ISP, I need a VPN connection to access home assistant. I want to use the received information to turn VPN on and off on my home server. But as long as the tunnel is up, any IP address check will show me the IP address of my VPN server.

I use Home Assistant Cloud, it works fine via a cellular connection (including SSH to Mikrotik using internal IP). Another option would be ZeroTier VPN (or a similar service) - it would allow to access internal IPs in such scenario as well.

Sorry for offtopic :-)

enselerizer commented 1 year ago

But on the second ISP, I need a VPN connection to access home assistant. I want to use the received information to turn VPN on and off on my home server. But as long as the tunnel is up, any IP address check will show me the IP address of my VPN server.

I use Home Assistant Cloud, it works fine via a cellular connection (including SSH to Mikrotik using internal IP). Another option would be ZeroTier VPN (or a similar service) - it would allow to access internal IPs in such scenario as well.

Sorry for offtopic :-)

I use my personal VPS with OpenVPN server and iptables port forwarding, costs me about 1$/month, so it suits all my needs :).

lfdominguez commented 1 year ago

The output looks like this: [admin@Router - MikroTik hEX S] >> /tool netwatch print Flags: X - disabled # HOST TIMEOUT INTERVAL STATUS SINCE 0 ;;; Auto ISP change 8.8.8.8 1s 5s up jun/23/2023 05:45:05

I'm primarily interested in the STATUS and HOST columns, and also comment (if it is possible).

Here another example (/tool/netwatch/print terse), has some scripts too:

0 host=10.11.10.1 type=icmp interval=2s up-script= down-script=:log warning "Restarting VPN"r
nrn/interface/wireguard/peers/disable [find interface="test"]rn/tool/netwatch/disable [find host=
"10.11.10.1"]rnrn:delay 60srnrn/interface/wireguard/peers/enable [find interface="test"]rn/tool/n
etwatch/enable [find host="10.11.10.1"] test-script= http-codes= status=up
1 host=192.168.150.1 type=icmp interval=10s up-script=:log warning "ANOTHER VPN UP" down-script=:log wa
rning "ANOTHER VPN DOWN" test-script= http-codes= status=down
tomaae commented 1 year ago

that is what I was looking for, thanks. From looking at this, host (or comment if set) would be ideal as entity name, with status as value. in this case probably binary sensor since I think there can be only up and down. type and interval as attributes probably.

lfdominguez commented 1 year ago

that is what I was looking for, thanks. From looking at this, host (or comment if set) would be ideal as entity name, with status as value. in this case probably binary sensor since I think there can be only up and down. type and interval as attributes probably.

There are another status, unknown that is set when you start the netwatch.

tomaae commented 1 year ago

e another status, unknown that is set when you start the net

can you give me more info on that?

L2jLiga commented 10 months ago

e another status, unknown that is set when you start the net

can you give me more info on that?

Disabled ``` > /tool/netwatch/print terse 0 X comment=CloudFlare host=1.1.1.1 type=tcp-conn up-script= down-script= test-script= port=443 http-codes= status=unknown ```
Just enabled ``` > /tool/netwatch/print terse 0 comment=CloudFlare host=1.1.1.1 type=tcp-conn up-script= down-script= test-script= port=443 http-codes= status=unkown ```
Host reachable ``` > /tool/netwatch/print terse 0 comment=CloudFlare host=1.1.1.1 type=tcp-conn up-script= down-script= test-script= port=443 http-codes= status=up ```
Host unreachable ``` > /tool/netwatch/print terse 0 comment=CloudFlare host=1.1.1.1 type=tcp-conn up-script= down-script= test-script= port=443 http-codes= status=down ```
defaultsecurity commented 9 months ago

When will the netwatch feature be included?

emilianogetino commented 9 months ago

Hopefully soon, it would be very good for me too 8-).

L2jLiga commented 9 months ago

@defaultsecurity @emilianogetino I guess you can safely install version from master, it contains only netwatch feature comparing to 2.1.4

emilianogetino commented 8 months ago

@defaultsecurity @emilianogetinoSupongo que puedes instalar de forma segura la versión desde master, solo contiene la función netwatch en comparación con 2.1.4

Forgive my ignorance, I am still very new to homeasisstant, how can I install that master version? thank you

tomaae commented 8 months ago

select "master" from version list in HACS