📘 Documentação de Scripts Avançados - MikroTik RouterOS
Conjunto de scripts úteis para automação de tarefas, segurança e gerenciamento em ambientes com MikroTik RouterOS.
🚀 RouterOS - Scripts e Configurações Avançadas
Documentação com exemplos práticos de configurações RouterOS para redes avançadas, incluindo IPoE, failover, agendamentos e automações.
🚀 Instalar chr no proxmox via script
Clique aqui para ver o script
#!/usr/bin/env bash
# Copyright (c) 2021-2024 tteck
# Author: tteck (tteckster)
# License: MIT
# https://github.com/tteck/Proxmox/raw/main/LICENSE
function header_info {
cat <<"EOF"
__ ____ __ __ _ __ ____ __ ____ _____ ________ ______
/ |/ (_) /___________ / /_(_) /__ / __ \____ __ __/ /____ _____/ __ \/ ___/ / ____/ / / / __ \
/ /|_/ / / //_/ ___/ __ \/ __/ / //_/ / /_/ / __ \/ / / / __/ _ \/ ___/ / / /\__ \ / / / /_/ / /_/ /
/ / / / / ,< / / / /_/ / /_/ / ,< / _, _/ /_/ / /_/ / /_/ __/ / / /_/ /___/ / / /___/ __ / _, _/
/_/ /_/_/_/|_/_/ \____/\__/_/_/|_| /_/ |_|\____/\__,_/\__/\___/_/ \____//____/ \____/_/ /_/_/ |_|
EOF
}
clear
header_info
echo -e "Loading..."
GEN_MAC=$(echo '00 60 2f'$(od -An -N3 -t xC /dev/urandom) | sed -e 's/ /:/g' | tr '[:lower:]' '[:upper:]')
NEXTID=$(pvesh get /cluster/nextid)
YW=$(echo "\033[33m")
BL=$(echo "\033[36m")
HA=$(echo "\033[1;34m")
RD=$(echo "\033[01;31m")
BGN=$(echo "\033[4;92m")
GN=$(echo "\033[1;92m")
DGN=$(echo "\033[32m")
CL=$(echo "\033[m")
BFR="\\r\\033[K"
HOLD="-"
CM="${GN}✓${CL}"
set -o errexit
set -o errtrace
set -o nounset
set -o pipefail
shopt -s expand_aliases
alias die='EXIT=$? LINE=$LINENO error_exit'
trap die ERR
trap cleanup EXIT
function error_exit() {
trap - ERR
local reason="Unknown failure occurred."
local msg="${1:-$reason}"
local flag="${RD}‼ ERROR ${CL}$EXIT@$LINE"
echo -e "$flag $msg" 1>&2
[ ! -z ${VMID-} ] && cleanup_vmid
exit $EXIT
}
function cleanup_vmid() {
if $(qm status $VMID &>/dev/null); then
if [ "$(qm status $VMID | awk '{print $2}')" == "running" ]; then
qm stop $VMID
fi
qm destroy $VMID
fi
}
function cleanup() {
popd >/dev/null
rm -rf $TEMP_DIR
}
TEMP_DIR=$(mktemp -d)
pushd $TEMP_DIR >/dev/null
if ! pveversion | grep -Eq "pve-manager/8.[1-3]"; then
msg_error "This version of Proxmox Virtual Environment is not supported"
echo -e "Requires Proxmox Virtual Environment Version 8.1 or later."
echo -e "Exiting..."
sleep 2
exit
fi
if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "Mikrotik RouterOS CHR VM" --yesno "This will create a New Mikrotik RouterOS CHR VM. Proceed?" 10 58); then
echo "User selected Yes"
else
clear
echo -e "⚠ User exited script \n"
exit
fi
function msg_info() {
local msg="$1"
echo -ne " ${HOLD} ${YW}${msg}..."
}
function msg_ok() {
local msg="$1"
echo -e "${BFR} ${CM} ${GN}${msg}${CL}"
}
function default_settings() {
echo -e "${DGN}Using Virtual Machine ID: ${BGN}$NEXTID${CL}"
VMID=$NEXTID
echo -e "${DGN}Using Hostname: ${BGN}mikrotik-routeros-chr${CL}"
HN=mikrotik-routeros-chr
echo -e "${DGN}Allocated Cores: ${BGN}1${CL}"
CORE_COUNT="2"
echo -e "${DGN}Allocated RAM: ${BGN}256${CL}"
RAM_SIZE="512"
echo -e "${DGN}Using Bridge: ${BGN}vmbr0${CL}"
BRG="vmbr0"
echo -e "${DGN}Using MAC Address: ${BGN}$GEN_MAC${CL}"
MAC=$GEN_MAC
echo -e "${DGN}Using VLAN: ${BGN}Default${CL}"
VLAN=""
echo -e "${DGN}Using Interface MTU Size: ${BGN}Default${CL}"
MTU=""
echo -e "${DGN}Start VM when completed: ${BGN}no${CL}"
START_VM="no"
echo -e "${BL}Creating a Mikrotik RouterOS CHR VM using the above default settings${CL}"
}
function advanced_settings() {
VMID=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Virtual Machine ID" 8 58 $NEXTID --title "VIRTUAL MACHINE ID" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
echo -e "${DGN}Using Virtual Machine ID: ${BGN}$VMID${CL}"
else
exit
fi
VM_NAME=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Hostname" 8 58 mikrotik-routeros-chr --title "HOSTNAME" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
HN=$(echo ${VM_NAME,,} | tr -d ' ')
echo -e "${DGN}Using Hostname: ${BGN}$HN${CL}"
else
exit
fi
CORE_COUNT=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Allocate CPU Cores" 8 58 2 --title "CORE COUNT" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
echo -e "${DGN}Allocated Cores: ${BGN}$CORE_COUNT${CL}"
else
exit
fi
RAM_SIZE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Allocate RAM in MiB" 8 58 512 --title "RAM" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
echo -e "${DGN}Allocated RAM: ${BGN}$RAM_SIZE${CL}"
else
exit
fi
BRG=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set a Bridge" 8 58 vmbr0 --title "BRIDGE" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
echo -e "${DGN}Using Bridge: ${BGN}$BRG${CL}"
else
exit
fi
MAC1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set a MAC Address" 8 58 $GEN_MAC --title "MAC ADDRESS" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
MAC="$MAC1"
echo -e "${DGN}Using MAC Address: ${BGN}$MAC1${CL}"
else
exit
fi
VLAN1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set a Vlan(leave blank for default)" 8 58 --title "VLAN" 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
if [ -z $VLAN1 ]; then
VLAN1="Default" VLAN=""
echo -e "${DGN}Using Vlan: ${BGN}$VLAN1${CL}"
else
VLAN=",tag=$VLAN1"
echo -e "${DGN}Using Vlan: ${BGN}$VLAN1${CL}"
fi
fi
MTU1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Interface MTU Size (leave blank for default)" 8 58 --title "MTU SIZE" --cancel-button Exit-Script 3>&1 1>&2 2>&3)
exitstatus=$?
if [ $exitstatus = 0 ]; then
if [ -z $MTU1 ]; then
MTU1="Default" MTU=""
echo -e "${DGN}Using Interface MTU Size: ${BGN}$MTU1${CL}"
else
MTU=",mtu=$MTU1"
echo -e "${DGN}Using Interface MTU Size: ${BGN}$MTU1${CL}"
fi
fi
if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "START VIRTUAL MACHINE" --yesno "Start Mikrotik RouterOS CHR VM when completed?" 10 58); then
echo -e "${DGN}Start Mikrotik RouterOS CHR VM when completed: ${BGN}yes${CL}"
START_VM="yes"
else
echo -e "${DGN}Start Mikrotik RouterOS CHR VM when completed: ${BGN}no${CL}"
START_VM="no"
fi
if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "ADVANCED SETTINGS COMPLETE" --yesno "Ready to create Mikrotik RouterOS VM?" 10 58); then
echo -e "${RD}Creating Mikrotik RouterOS CHR VM using the above advanced settings${CL}"
else
clear
header_info
echo -e "${RD}Using Advanced Settings${CL}"
advanced_settings
fi
}
function start_script() {
if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "SETTINGS" --yesno "Use Default Settings?" --no-button Advanced 10 58); then
clear
header_info
echo -e "${BL}Using Default Settings${CL}"
default_settings
else
clear
header_info
echo -e "${RD}Using Advanced Settings${CL}"
advanced_settings
fi
}
start_script
msg_info "Validating Storage"
while read -r line; do
TAG=$(echo $line | awk '{print $1}')
TYPE=$(echo $line | awk '{printf "%-10s", $2}')
FREE=$(echo $line | numfmt --field 4-6 --from-unit=K --to=iec --format %.2f | awk '{printf( "%9sB", $6)}')
ITEM=" Type: $TYPE Free: $FREE "
OFFSET=2
if [[ $((${#ITEM} + $OFFSET)) -gt ${MSG_MAX_LENGTH:-} ]]; then
MSG_MAX_LENGTH=$((${#ITEM} + $OFFSET))
fi
STORAGE_MENU+=("$TAG" "$ITEM" "OFF")
done < <(pvesm status -content images | awk 'NR>1')
VALID=$(pvesm status -content images | awk 'NR>1')
if [ -z "$VALID" ]; then
echo -e "\n${RD}⚠ Unable to detect a valid storage location.${CL}"
echo -e "Exiting..."
exit
elif [ $((${#STORAGE_MENU[@]} / 3)) -eq 1 ]; then
STORAGE=${STORAGE_MENU[0]}
else
while [ -z "${STORAGE:+x}" ]; do
STORAGE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Storage Pools" --radiolist \
"Which storage pool you would like to use for the Mikrotik RouterOS CHR VM?\n\n" \
16 $(($MSG_MAX_LENGTH + 23)) 6 \
"${STORAGE_MENU[@]}" 3>&1 1>&2 2>&3) || exit
done
fi
msg_ok "Using ${CL}${BL}$STORAGE${CL} ${GN}for Storage Location."
msg_ok "Virtual Machine ID is ${CL}${BL}$VMID${CL}."
msg_info "Getting URL for Mikrotik RouterOS CHR Disk Image"
URL=https://download.mikrotik.com/routeros/7.15.3/chr-7.15.3.img.zip
sleep 2
msg_ok "${CL}${BL}${URL}${CL}"
wget -q --show-progress $URL
echo -en "\e[1A\e[0K"
FILE=$(basename $URL)
msg_ok "Downloaded ${CL}${BL}$FILE${CL}"
msg_info "Extracting Mikrotik RouterOS CHR Disk Image"
gunzip -f -S .zip $FILE
STORAGE_TYPE=$(pvesm status -storage $STORAGE | awk 'NR>1 {print $2}')
case $STORAGE_TYPE in
nfs | dir)
DISK_EXT=".qcow2"
DISK_REF="$VMID/"
DISK_IMPORT="-format qcow2"
;;
btrfs | zfspool)
DISK_EXT=""
DISK_REF="$VMID/"
DISK_IMPORT="-format raw"
;;
esac
DISK_VAR="vm-${VMID}-disk-0${DISK_EXT:-}"
DISK_REF="${STORAGE}:${DISK_REF:-}${DISK_VAR:-}"
msg_ok "Extracted Mikrotik RouterOS CHR Disk Image"
msg_info "Creating Mikrotik RouterOS CHR VM"
qm create $VMID -tablet 0 -localtime 1 -cores $CORE_COUNT -memory $RAM_SIZE -name $HN \
-tags proxmox-helper-scripts -net0 virtio,bridge=$BRG,macaddr=$MAC$VLAN$MTU \
-onboot 1 -ostype l26 -scsihw virtio-scsi-pci
qm importdisk $VMID ${FILE%.*} $STORAGE ${DISK_IMPORT:-} 1>&/dev/null
qm set $VMID \
-scsi0 "$DISK_REF" \
-boot order=scsi0 \
-description "<div align='center'><a href='https://Helper-Scripts.com'><img src='https://raw.githubusercontent.com/tteck/Proxmox/main/misc/images/logo-81x112.png'/></a>
# Mikrotik RouterOS CHR
<a href='https://ko-fi.com/D1D7EP4GF'><img src='https://img.shields.io/badge/☕-Buy me a coffee-blue' /></a>
</div>" >/dev/null
msg_ok "Mikrotik RouterOS CHR VM ${CL}${BL}(${HN})"
if [ "$START_VM" == "yes" ]; then
msg_info "Starting Mikrotik RouterOS CHR VM"
qm start $VMID
msg_ok "Started Mikrotik RouterOS CHR VM"
fi
msg_ok "Completed Successfully!\n"
🌐 IPoE Server
Configuração de um servidor IPoE com uso de RADIUS.
/ip dhcp-server
add interface=VLAN.2000 name=100.64.0.1 use-radius=yes
/ip dhcp-server config
set interim-update=10m
/ip dhcp-server network
add address=100.64.0.0/19 dns-server=186.233.4.18,8.8.8.8 \
domain=ipoe-router2.infotecms.com.br gateway=100.64.0.1
🔸 O nome do DHCP Server (
name) deve ser o gateway da faixa IP utilizada.
🧠 Script de Manipulação DHCP Server (on DHCP-Server Script)
Este script adiciona ou remove IPs dinamicamente durante o lease do DHCP.
/ip dhcp-server
:local interface;
:do { :set interface "$[ get $leaseServerName interface ]" } on-error={}
:log info ("DHCP Server interface : $interface");
:local gateway;
:do { :set gateway "$[ get $leaseServerName name ]" } on-error={}
:log info ("DHCP Server Gateway : $gateway");
/ip dhcp-server network
:local cidr;
:do { :set cidr [:put "$leaseActIP/32"]}
/ip dhcp-server lease
:local hostname;
:do { :set hostname "$[ get [ find where server=$leaseServerName && address=$leaseActIP && mac-address=$leaseActMAC ] host-name ]" } on-error={}
:local forLease "$hostname / $leaseActIP / $leaseActMAC / $interface"
/ip address
:log info ("Add IP address at DHCP Release : $forLease");
:if ($leaseBound = "1") do={
add address=$gateway network=$leaseActIP interface=$interface comment=$forLease;
} else={
:log info ("Remove IP address at DHCP Release : $forLease");
:foreach n in=[find] do={
:if ([get $n network] = $leaseActIP) do={
remove $n;
}
}
}
🧹 Remover Queue do Cliente ao Logar
:foreach i in=[/queue simple find where name="<pppoe-$user>"] do={
:local qName [/queue simple get $i name];
/queue simple remove "$qName";
}
🔍 Verificar Regra Ativa com Scheduler
Adicione no Scheduler para monitorar e desativar regras automaticamente após 1 hora.
if ($AgendamentoRodando = "SIM") do={/quit}
:global RegraEstaDesativada [/ip firewall filter get [find comment="TESTE"] disabled]
if ($RegraEstaDesativada = false) do={
/log warning message="REGRA ESTA ATIVA E VAI SER DESATIVADA DAQUI 1 HORA"
:global AgendamentoRodando "SIM"
delay 3600
/ip firewall filter disable [find comment="TESTE"]
:global AgendamentoRodando "NÃO"
}
🔄 FailOver com PPPoE
1️⃣ Criar os Perfis PPPoE
/ppp profile
add name=infotec on-down="/ip route remove [find comment=\"ROTA-INFOTEC\"]" \
on-up="/ip route add dst-address=199.9.14.201 gateway=\$remote-address scope=10 comment=ROTA-INFOTEC"
add name=speednet on-down="/ip route remove [find comment=\"ROTA-SPEEDNET\"]" \
on-up="/ip route add dst-address=198.41.0.4 gateway=\$remote-address scope=10 comment=ROTA-SPEEDNET"
2️⃣ Criar PPPoE Clients
/interface pppoe-client
add add-default-route=yes comment=ROTA-INFOTEC default-route-distance=20 \
interface="ether3 - INFOTEC NETWORKS" mrru=1600 name=pppoe-infotec \
password=cidade106 profile=infotec use-peer-dns=yes user=cidade106
add add-default-route=yes comment=ROTA-SPEEDNET default-route-distance=30 \
interface="ether1 - SPEEDNET" name=pppoe-speednet password=12345 \
profile=speednet user=radiocidad@speednet.com.br
3️⃣ Netwatch Scripts
/tool netwatch
add comment=nt-speed host=198.41.0.4 interval=10s \
down-script="/interface pppoe-client set add-default-route=no [find comment=\"ROTA-SPEEDNET\"]\r\n:log error message=\"ROTA SPEEDNET FORA\"" \
up-script="/interface pppoe-client set add-default-route=yes [find comment=\"ROTA-SPEEDNET\"]\r\n:log error message=\"ROTA SPEEDNET NORMALIZADA\""
add comment=nt-infotec host=199.9.14.201 interval=10s \
down-script="/interface pppoe-client set add-default-route=no [find comment=\"ROTA-INFOTEC\"]\r\n:log error message=\"ROTA INFOTEC FORA\"" \
up-script="/interface pppoe-client set add-default-route=yes [find comment=\"ROTA-INFOTEC\"]\r\n:log error message=\"ROTA INFOTEC NORMALIZADA\""
🔁 Alterações em Massa
Substituir interfaces em massa dentro do NAT:
/ip firewall nat set [find where in-interface="lo"] in-interface=ether1
ℹ️ Dica: Use
:log infoe:log warningpara facilitar o debug em ambientes de produção.
📋 Conversão Automática de Leases Dinâmicos em Estáticos
Este script automatiza o processo de conversão de leases DHCP dinâmicos em estáticos, adiciona entradas na tabela ARP e registra logs para rastreabilidade.
🔧 O que o script faz:
- Obtém a data e hora atual do sistema.
- Percorre todos os leases DHCP dinâmicos.
- Para cada lease:
- Coleta IP e MAC do cliente.
- Verifica se já é estático (ignora se for).
- Converte para estático.
- Adiciona data/hora como comentário.
- Adiciona o IP/MAC na tabela ARP da interface
bridge. - Registra a ação no log.
📜 Script
:local currentDate [/system clock get date];
:local currentTime [/system clock get time];
:foreach leaseId in=[/ip dhcp-server lease find where dynamic] do={
:local mac [/ip dhcp-server lease get $leaseId mac-address];
:local ip [/ip dhcp-server lease get $leaseId address];
:if (![/ip dhcp-server lease get $leaseId dynamic]) do={
:log info "Lease já estático para $ip ($mac), ignorando.";
} else={
/ip dhcp-server lease make-static $leaseId;
/ip dhcp-server lease set $leaseId comment=("Adicionado em: " . $currentDate . " " . $currentTime);
:local interfaceName "bridge";
/ip arp add address=$ip mac-address=$mac interface=$interfaceName comment=("Adicionado em: " . $currentDate . " " . $currentTime);
:log info "Cliente fixado: $ip ($mac) em $currentDate $currentTime";
}
}
📬 Relatório Diário de Leases Fixados no Telegram
Script que envia um relatório diário ao Telegram com a quantidade de leases fixados no dia atual. Ideal para execução agendada via scheduler.
🔧 O que o script faz:
- Define variáveis do bot do Telegram.
- Obtém a data atual.
- Conta quantos leases foram fixados no dia com base no comentário.
- Cria a mensagem de relatório.
- Envia a mensagem via Telegram.
- Registra o envio no log.
📜 Script
:local chatID "-4531634909";
:local botToken "8191979208:AAF-tjvEa7TDpggpLhGLFHcvtb1Zm6jFlfs";
:local telegramURL "https://api.telegram.org/bot$botToken/sendMessage";
:local currentDate [/system clock get date];
:local count 0;
:foreach leaseId in=[/ip dhcp-server lease find where !dynamic] do={
:local comment [/ip dhcp-server lease get $leaseId comment];
:if ($comment~$currentDate) do={
:set count ($count + 1);
}
}
:local message ("Relatorio Diario DHCP%0AData: $currentDate%0ALeases fixados hoje: $count");
:/tool fetch url=($telegramURL . "?chat_id=" . $chatID . "&text=" . $message) mode=https keep-result=no;
:log info "Relatorio diario DHCP enviado: $count leases fixados em $currentDate";
💡 Dica: Adicione esse script no
schedulercom execução diária, por exemplo:/system scheduler add name="dhcp-report" interval=1d on-event="/system script run enviar-relatorio-dhcp" start-time=23:00