Hi, I’m trying to setup IPSEC between two Mikrotiks. I have the IPSEC working great, but the one MK is on a dynamic IP. It rarely changes, but it still does. What I’m trying to do is make a script that will take the WAN ip and put in in place of one of the properties of the IPSEC. Here’s what I have so far, I just don’t know what I’m doing wrong, thanks for any help!

/ip ipsec policy set 0 sa-dst-address=[/ip address get [/ip address find where interface=WAN] address];

I have other scripts such as

/ip ipsec peer set 0 address=[:resolve xxx.xxx.xxx.com]

and they work great. It’s just the first one that has issues.

Any tips?

The Mikrotik appends the subnet to the result of [/ip address get [/ip address find where interface=WAN] address], so you may need to remove it first.

This is what I’ve used:

:local currentIP
:local externalInterface “ether1-wan”

get the current IP address from the external interface

:set currentIP [/ip address get [find interface=“$externalInterface”] address]

Strip netmask

:for i from=( [:len $currentIP] - 1) to=0 step=-1 do={
:if ( [:pick $currentIP $i] = “/”) do={
:set currentIP [:pick $currentIP 0 $i]
}
}


Then a modification of your script should work:

/ip ipsec policy set 0 sa-dst-address=$currentIP

-zeb

Thanks for the reply, I couldn’t get your script to work. I have still have the issue with the network mask being in there. Here’s what I have working so far. (I just started scripting with RouterOS today so I’m kinda bad.. lol.)

:global  WANIP [/ip address get [/ip address find where interface=WAN] address];

/ip ipsec policy set 0 src-address=$WANIP

EDIT: NVM, it seems to be working right now. I’ll keep you posted on how it goes. Thanks.