VPN Update

aldoir · June 19, 2013, 11:11pm

Folks,

Since RouterOS doesn’t allow specifying a hostname for remote peers on VPN connections, I’ve made a single script that can be used for almost any type of VPN (tested with L2TP, PPTP and OVPN)

Suggestions are welcome

#************************************************************************************************
# Parameters
#************************************************************************************************
:local hostname "remote.hostname.com"
:local interface "pptp-vpn"
#************************************************************************************************

:global setupIp
:local resolvedIp [:resolve $hostname]

if ([:len [/interface find name=$interface]] > 0) do={
   :local type [/interface get [find name=$interface] type];
   :set type ([pick $type 0 [find $type "-"]]."-client");
   :local cmd [:parse ":global setupIp; :set setupIp [:interface $type get $interface connect-to]"]; $cmd;

   :if ($setupIp != $resolvedIp) do={
      :set cmd [:parse ":interface $type set $interface connect-to=$resolvedIp"]; $cmd;
      :set cmd [:parse ":interface $type disable $interface"]; $cmd;
      :set cmd [:parse ":interface $type enable $interface"]; $cmd;
      :log warn "$type: Switching interface $interface from IP $setupIp to $resolvedIp"
   }
} else={
   :log error "Interface $interface not found"
}

realdreams · July 2, 2013, 5:31pm

Thanks.
I have a pptp-client set up on RouterOS. So all I need to do is to change the parameters?

#************************************************************************************************
# Parameters
#************************************************************************************************
:local hostname "pptp.example.com"
:local interface "pptp-out1"
#************************************************************************************************

I added it under system/scripts and gave it policy read/write (is this correct?). But it’s not updating the endpoint address.

I am new to RouterOS scripts. When is this script called? On every attempt to establish the corresponding ppp connection? The local DNS caching won’t affect anything (RouterOS is not running DNS service)?

Currently when the VPN server’s ip changes, RouterOS just keeps attempting reconnection every few seconds and generates a huge amount of logs… There seems to be no way to suppress the log or set a retry interval