We currently have RB1000 and wish to leverage the IPSec offload processor. Since we have particular need we would like to use EoIP as our VPN tunnel architechture.
So we started thinking about building a EoIP tunnel and use IPSec in transport mode over this tunnel. Problem is that remote sites are mainly dynamic. I wish not use another layer such as PPTP or L2TP just to make this thing work. Unless you can confirm that L2TP will also benefits from the specialized hardware offload in the RB1000.
Does anyone created successfully a tunnel using EoIP with a script when remote site are using dynamicaly assign IPs.?
here is a script to update a eoip tunnel if your destination is using a ddns service.
:global “eoipint1” “youreoipinterfacename”
:global “eoipconnectclient1” “yourDDNSdomain”
:global “eoip1hostip” [:resolve $“eoipconnectclient1”]
:global “eoipconnectto” [/interface eoip get $eoipint1 remote-address]
:if ($eoip1hostip != $eoipconnectto) do={
:log info “****** Updating EOIP Tunnel for $eoipint1”
/interface eoip set $“eoipint1” remote-address=$“eoip1hostip”}
:if ($eoip1hostip = $eoipconnectto) do={
:log info “**** No Update necessary for EOIP Tunnel $eoipint1”}
What I have done is just set netwatch to ping an ip at thhe other side of the eoip tunnel and if it gets no response to run this script to update the ddns ip.