EOIP + IPSEC Update Local IP

gotsprings · March 19, 2019, 11:43am

Needed this the other day.

In Eoip Tunnel you can define the far point (remote-address) to use IPCloud. But the local address does not. This will grab the local WAN IP and add it to a EoIP tunnel with the word “Tunnel” in the name.

/system script
add dont-require-permissions=no name=EoipUpdate owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local TestEoip\r\
    \n:local TestCloud\r\
    \n:local TestEoip [/interface eoip get [find name~\"Tunnel\"] local-addres\
    s]\r\
    \n:local TestCloud [/ip cloud get public-address]\r\
    \n:if (\$TestEoip = \$TestCloud) do= {\r\
    \n    #:log info \"No Change\"\r\
    \n} else= {\r\
    \n    /interface eoip set [find name~\"Tunnel\"] local-address=\"\$TestClo\
    ud\"\r\
    \n}"

anav · March 26, 2019, 5:36pm

Hi gotsprings, just trying to get a handle on the practical nature of the solution.
Is this for the case where ones local WANIP is dynamic vice static?

How does one use IP cloud for the remote site and why do it that way?
Can dyndns names be used for either local or remote??

gotsprings · March 26, 2019, 6:44pm

When you setup EOIP…
You have to have an entry for Local IP and Far IP.

You can place the IP cloud information in the tunnel config. However… the LOCAL IP will RESOLVE AT THE TIME you OK the tunnel.
So if the local address changes… the tunnel’s encryption will fail.

This will update the local IP address on a change.