Simple script problem

RouterOS Scripting
1

Hello.

I’m using DDNS + VPN at my MikroTik routers.
DDNS script used to update IP at my IPSec VPN.
VPN works fine.

My script:

#--------------Local variables--------------------------------------------------------------------
:local UserNoip "andrichenko"
:local PassNoip "1qaz!QAZ"
:local LocHost "f478.ddns.net"
#:local LocCurIP "10.33.62.132"
:local RemHost "f301.ddns.net"
#:local RemCurIP "10.33.237.65"
:local LocInetInt "WAN"
:local RemInetInt "WAN"
#--------------Global variables-------------------------------------------------------------------
:global LocPrevIP
:global RemPrevIP
#--------------Local IP update block--------------------------------------------------------------
:if ([/interface get $LocInetInt value-name=running]) do={
	:local LocCurIP [/ip address get [find interface="$LocInetInt" disabled=no] address]
	:for i from=( [:len $LocCurIP] - 1) to=0 do={
		:if ( [:pick $LocCurIP $i] = "/") do={
			:set LocCurIP [:pick $LocCurIP 0 $i]
		}
	}
	:if ($LocCurIP != $LocPrevIP) do={
		:log info "VPN+DDNS: Current local IP $LocCurIP is not equal to previous local IP, update needed"
		:set LocPrevIP $LocCurIP
		:local url "http://dynupdate.no-ip.com/nic/update\3Fmyip=$LocCurIP"
		:local noiphostarray
		:set noiphostarray [:toarray $LocHost]
		:foreach host in=$noiphostarray do={
			:log info "VPN+DDNS: Sending update for $host"
			/tool fetch url=($url . "&hostname=$host") user=$UserNoip password=$PassNoip mode=http dst-path=("no-ip_ddns_update-" . $host . ".txt")
			:log info "VPN+DDNS: Host $host updated on No-IP with IP $LocCurIP"
		}
		/ip ipsec policy set sa-src-address=$LocCurIP numbers=1
	} else={
		:log info "VPN+DDNS: Previous local IP $LocPrevIP is equal to current local IP, no update needed"
	}
} else={
	:log info "VPN+DDNS: $LocInetInt is not currently running, so therefore will not update"
}
#--------------Remote IP update block-------------------------------------------------------------
:local RemCurIP [:resolve $RemHost]
:if ($RemCurIP != $RemPrevIP) do={
	:log info "VPN+DDNS: Current remote IP $RemCurIP is not equal to previous remote IP, update needed"
	/ip ipsec policy set sa-dst-address=$RemCurIP numbers=1
	/ip ipsec peer set address=$RemCurIP numbers=0
	:set RemPrevIP $RemCurIP
	:log info "VPN+DDNS: Host $RemHost updated with IP $RemCurIP"
} else={
	:log info "VPN+DDNS: Previous remote IP $RemCurIP is equal to current remote IP, no update needed"
}

It works, but this rows does not work:

...
/ip ipsec policy set sa-src-address=$LocCurIP numbers=1
...
/ip ipsec policy set sa-dst-address=$RemCurIP numbers=1
/ip ipsec peer set address=$RemCurIP numbers=0
...

If i check them and try to execute via CLI, they works.
What is the problem?

2

up..