My name is Hilton and I’m from South Africa. I’m pretty new to RouterOS (still on the first installation) but I’m hoping to climb on the steep learning curve quickly.
I’ve noticed that whenever you insert a FQDN into any IP address field, the Mikrotik router automatically resolves the name to an IP address. Now this is great except when you are using dynamic IP addresses. Here in South Africa fixed IPs are very expensive to much of the business world with the exception of the large corporates use dynamic dns to get access to their internal websites/firewalls etc.
My question is this, does the Mikrotik OS handles DDNS nicely for example when adding a dst NAT rule? I’ve seen the changeip script for DDNS but I’ve haven’t had the courage to install it yet. Am I wasting my time or should I insist on my clients working with static IP addresses? A lot of the time it’s not just connecting to a client’s firewall to do remote maintenance, rather quite a few VPN connections and branch LAN to LAN VPN connections that are used.
I am also from SA and had the exact same situation (having to connect branches via VPN’s, considering the pricing of static IP’s in SA, DDNS address was the cheaper choice). I succeeded in creating a script which helped me in my situation. Maybe if you could explain your setup/situation more clearly I could help you generate your own script…
The ChangeIP ddns script will update the dns system with new IP addresses that your router receives. If you wish to have PPP tunnels, IPSec, etc, you will need to write a small script to enter the resolved address periodically… routeros fields store IP addresses only. Use something like the following (scheduler) in combination with dynamic dns to accomplish what you need:
/interface l2tp-client set X connect-to=[:resolve your.dynamic.dns.hostname.tld]
I need to connect a few branches together using an IPSec VPN so I would need to able to reference the WAN IP address but being dynamic this changes (often here). I will play with your script Sam and give feedback.
I also have a script very similar to Sam’s one and it works perfectly, except I use encrypted PPTP tunnels. How would you use IPSec in such a solution?
Good question Leon. I’m just trying to replicate an existing WAN system where we have a bunch of Draytek routers and for the Lan2Lan VPN it uses IPSec.
I have zero experience with IPSec so I can’t really give you an educated comparison between IPsec and PPTP, but the encrypted PPTP tunnel works like a charm with a affiliate of that script here.
Strangely enough, I have a dusty Draytek that someone put on my table here but I haven’t looked at it. Currently for the PPTP solution, I have RB150 at each branch, and a RB532A handling the PPTP server at the office
