I am unable to use a script to modify my IPSec Peer’s address.
I can however modify the port… why is this?
See here:
This works: ip ipsec peer set 0 port=600
But this not: ip ipsec peer set 0 address=10.0.0.1
Any idea?
When using the Find method I get the same result.
This works: ip ipsec peer set [find comment=“EMIPSEC”] port=600
But this not: ip ipsec peer set [find comment=“EMIPSEC”] address=10.0.0.1
Regards!
Remote peer address is defined as ‘sa-dst-address’, not ‘address’.
HTH,
Because it expect not an IP address but a net address. So address=10.0.0.1/32 should do the trick.
Ooops, my bad 
psamsig you are right, ‘sa-dst-address’ should be set in ‘policy’, not ‘peer’.
Of course peer address must be ‘a.b.c.d/32’.
Regards,
Sorry, but I think you’re both wrong.
The Winbox interface allows me to specify a IpAddress and not a NetAddress. Besides, my peer IP’s are WAN IP’s, I don’t even know the subnet size…
My IPSec link works fine when I specify the address without the subnet, but when I attempt to script it, it doesn’t want to change.
When I try to change it by including the subnet, e.g.: 10.0.0.1/32 it successfully changes the Address of the peer, BUT the IPSec link doesn’t work and Winbox reports that it’s not happy with the supplied address.
I’m starting to think this is a bug in RouterOS.
/32 IS a single IP address. It may be that WinBox allows you to enter a single IP, but if you try to enter a terminal and do an export of your IPSec peer configuration, you will see that the script language uses (and requires) the net address notation.