Hi,
we need to migrate a few vpn clients to a new vpn server (Ac). This must be done in a safe way so I’d like to make sure the client migration script I did is correct.
The vpn is l2tp/ipsec based.
{
# l2tp/ipsec migration script
:local Ac_OLD_IP "1.2.3.4"
:local Ac_NEW_IP "5.6.7.8"
/ip ipsec peer
set [/ip ipsec peer find address=($Ac_OLD_IP . "/32")] address=$Ac_NEW_IP
:log info "IPsec peer modified"
/ip ipsec policy
set [/ip ipsec policy find dst-address=($Ac_OLD_IP . "/32")] dst-address=($Ac_NEW_IP . "/32") sa-dst-address=$Ac_NEW_IP
:log info "IPsec policy modified"
/interface l2tp-client
set [find connect-to=$Ac_OLD_IP] connect-to=$Ac_NEW_IP
:log info "Interface l2tp-client modified"
}
Anything else I should take care of?
Any suggestion or improvement is very welcomed.