Dynamic IPsec Script

martking · February 24, 2019, 9:53pm

Hi All

Please see my Dynamic IPsec script below, this is a customisation of other peoples scripts, The tunnel ID is what you have writen in the comment section. I hope you find it useful.

:local Remoteaddr “urlofremote”
:local TunID “in comment section of peer and policy”

#####DONT EDIT BELOW####################################

:local newremoteaddr [:resolve $Remoteaddr]
:log info “Reverse Lookup Sucsseded for $TunID”
:local oldremoteaddr [/ip ipsec policy get [find comment=“$TunID”] sa-dst-address]
:log info “Old Remote address is $oldremoteaddr”

if ($newremoteaddr !=$oldremoteaddr)
do={ /ip ipsec policy set [find comment=“$TunID”] sa-dst-address=$newremoteaddr;
/ip ipsec peer set [find comment=“$TunID”] address=$newremoteaddr;
:log error “changed Sa-Dst-Address & Peer Address for $TunID Restarting IPSec”;
/ip ipsec installed-sa flush} \

else={:log warning “IP Address is still $oldremoteaddr nothing to do”}

Jotne · February 25, 2019, 6:17am

I do not think you need this script, just use address=urlofremote instead of address=ip

martking · February 25, 2019, 6:24pm

Whilst you are correct I can use the url of the remote site in the IPsec peer configuration, unfortunatly the SA Dst Address has to be an IP address and you are unable to use a url