What is ZIMA connection script?

Tutorials and Guides
1

Briefly, Zima connection script instructs your router to connect to Zima Cloud.

You can totally use Zima without the need to get into the technicality of it. However if you’d like to know what it is all about, here is the breakdown of the different components of the script and what each part is responsible of:

1. RouterOS Version Check

{put “\n\n\n\n\n\n\n\r================================\r\n ZIMA Connection Script\r\n================================\n”; :local ver [tostr [system package get system version]]; :local verstr “”; :for i from=0 to=([:len $ver] -1) step=1 do={ :local char value=[:pick $ver $i]; :if ($char = “.”) do={ :set char value=“,” }; :set verstr value=($verstr.$char); }; :local verarr [toarray $verstr]; :local major [pick $verarr 0]; :local minor [pick $verarr 1]; if ((major < 6) || (major = 6 && minor < 14)) do= { put “Checking RouterOS version… Update Required! ($ver)”; return “\n=============================================\n\rERROR! Your RouterOS version is outdated! \n\rPlease upgrade to version 6.14 or newer.\n\r=============================================\r\n\n”;} else={ put “Checking RouterOS version… Pass! ($ver)”;

  • Checks for the correct version of RouterOS.
  • If the current version is outdated, and error message is displayed and the script stops.
  • The minimum required is 6.14.

2. ZimaVPN setup

/ip firewall filter remove [/ip firewall filter find where in-interface=“ZimaVPN”]; /interface ovpn-client remove [find where user~“zima”]; /interface ovpn-client add name=ZimaVPN user=zima3WWCCgevtK4____ password=zimaVZ9c9gd1RA____ connect-to=vpn.zima.cloud port=1190 cipher=aes128 auth=sha1; put “Configuring VPN… Done!”;

  • Removes any existing Firewall rule related to ZimaVPN.
  • Recreates ZimaVPN client.

3.API Credentials

/user remove [find where name ~“zima”]; /user add name=zimaEpP6TMbYL1K____ password=zimaAthXOEuzKmW____ group=full; put “Adding API Credentials… Done!”;

  • Removes any existing credentials.
  • Adds the correct credentials.
    Note: This step requires an admin login with type full.

4. Firewall Rule

if ([:len [tostr [/ip firewall filter find]]]>0) do={/ip firewall filter add chain=input src-address=10.214.0.0/16 in-interface=ZimaVPN action=accept place-before=0 comment=ZimaVPN;} else={/ip firewall filter add chain=input src-address=10.214.0.0/16 in-interface=ZimaVPN action=accept comment=ZimaVPN; }; put “Adding Firewall rule… Done!”;

  • Adds an accept rule for ZimaVPN using the VPN IP range 10.214.0.0/16
  • Rule is added at the top of filter rules.

5. API Service

/ip service set api port=8728 disabled=no; :local avfarr [/ip service get api address]; :local avfrom [tostr [/ip service get api address]]; :local avf value=“”; :if (([:len $avfrom] > 0) && ([:find $avfarr “10.214.0.0/16” -1] < 0)) do={set avf ($avfrom.“;10.214.0.0/16”);}; :local newavf value=“”; :if ([:find $avf “;” -1] > 0) do={ :for i from=0 to=([:len $avf] -1) step=1 do={ :local char value=[:pick $avf $i]; :if ($char = “;”) do={ :set char value=“,” }; :set newavf value=($newavf.$char); }; /ip service set api address=$newavf; }; put “Configuring API Access… Done!”;

  • Enables the API Service.
  • Adjusts “Available From” field to accept traffic from the VPN range 10.214.0.0/16
  • If “Available From” is empty, it remains that way.

6. Disable Fasttrack

if ([len [tostr [/ip firewall filter find action=fasttrack-connection disabled=no]]]>0) do={put “Disabling Fasttrack rules… Reboot Recommended”; /ip firewall filter disable [/ip firewall filter find action=fasttrack-connection];} else={ /ip firewall filter disable [/ip firewall filter find action=fasttrack-connection]; put “Disabling Fasttrack rules… Done!”;}; put “\r\n================================================================\r\nSUCCESS!! Your Router has been configured successfully!\r\n================================================================\r\n\n\n\n”; }}

  • Checks for existing Fasttrack rules and disables them.
  • If any rule is found, a reboot is recommended for quota control to work.
  • Script success message.

To uninstall the connection script from the router check the following link: How do I uninstall Zima from my router?