Hi guys, here is the problem

My Mkt is on a DSL Line, then is using Dynamic IP.

The Changeip service works fine, then when I try to find my box, its appere inmediately.

BUT, a problem happends when I have a tunnel working with other box with Dyndns too.

I´ve already tryied with policy and generate policy clicked.

My conclusion is that I need a script to modify the peer and policy every time any end of the line change it IP.

But again I´m not finding HOW.

I relove both ends of the line, with it respective names.

Now, how can chage the peer and the policys on the Ip firewall ipsec?

Any ideas?

Regards,

Fernando

Can you make things easier and use L2TP tunnels ? You could then use a script to simply :resolve the hostname to IP and dial that server each time.

Tks for your time.

I can’t use L2tp, I’m closing the VPN with an equipment that only have IPSEC tunnels, Hot Brick, 401VPN, then I need to use IPSEC.

Then I think, if I’m not wrong that I need an script in order to change peer and policy on the MKT any time each end change the IP

I am correct?

Fernando

Hi guys, anybody there?

Hey FOV,

I’ve got a small solution for you, but I am still working on the “automation” of the script. Right now, this script disconnects and re-connects the VPN every time it runs.

But you are welcome to use it :

:set [/interface pptp-client set nameofVPNinterface connect-to=[:resolve http://www.url.com]

If anyone can help, I’m trying to upgrade this script so that it will check to se if the IP has changed, and will only update if it has changed.

I’ve tried this, but its not working :

:if [/interface pptp-client get nameofVPNinterface connect-to=] = [:resolve http://www.url.com] do nothing else :set [/interface pptp-client set nameofVPNinterface connect-to=[:resolve http://www.url.com]

My syntax is all wrong, any ideas would be appreciated.

Hey Mr ChangeIP… you are really good at this stuff… don’t you have any ideas for me?

I will spend a few minutes to help you with a script for this …

:if ([:resolve pip.changeip.com] != [ /int pptp-client get [/int pptp-client find name=pptp-dyn] connect-to ]) do={
/int pptp-client set [/int pptp-client find name=pptp-dyn] connect-to=[:resolve pip.changeip.com] }

Try this… it resolves DNS and if different than what’s in connect-to it will update it, otherwise nothing happens. Be aware though that if DNS is wrong or unresolvable it might hose things. It might be adviseable to check more parameters first.

Sam

Hi, the problem is not focused on pptp-client.
The problem is on the change on one end of the VPN tunnel but in IPSEC mode.

Then I do not have the chance to check the ppptp-in interface.

I have been working on the following scrip, but the problem is that in some situations, the old IP is not holding properly, changing to 0.0.0.0}

La nueva IP de mi Equipo en ARG

:global dtdns-newd1 [:resolve http://www.url1.dyndns.pro]

La nueva IP del Equipo Remoto 1

:global dtdns-newd2 [:resolve http://www.url2.dyndns.pro]

La vieja IP de mi Equipo en ARG

:global dtdns-oldd1 [:pick $ddns-lastip 0 [:find $ddns-lastip "/"] ]


:if ($dtdns-newd1 != $dtdns-oldd1) do={
:log info ("VPN Info: Actualizando Peer VPN")
/ip ipsec peer set [find address=($dtdns-oldd2 . "/32:500")] address=$dtdns-newd2
/ip ipsec policy set [find sa-dst-address=($dtdns-oldd2)] sa-dst-address=$dtdns-newd2

/tool netwatch set [find host=($dtdns-oldd2)] host=$dtdns-newd2

/system scheduler set [find comment=("Estado_VPN")] disable=no

:global dtdns-oldd2 $dtdns-newd2
/tool e-mail send from=DIRHEL_AR_MKT@dirhel.com to=mail1@domain.com server=TTT.XXX.YYY.ZZZ subject=([/system identity get name] . " " . [/system clock get date] . " " . [/system clock get time] . " PEER VPN ACTUALIZADO") body=("Administrador: La configuracion IPSEC del Equipo central ha sido modificada")

}


But it can be modified or improved.

Any ideas?

Fernando

sam from changeip you da man

this script ‘resolved’ my problems.

thanks

how often would you recommend running this script and your changeip dyndns script?

every 15 minutes is what I currently have it set at?

hi there,

standing in front of the same issue.
has already someone a working solution?

greets