Community discussions

 
steveallen1987
just joined
Topic Author
Posts: 14
Joined: Wed Aug 24, 2011 5:58 pm

GRE Tunnel on Dynamic IP address

Sat Feb 23, 2013 5:55 pm

Hi

Is it possible to set up a GRE tunnel when one of the routers have a dynamic public IP Address?

I would like to link the following routers using GRE tunnels in a hub and spoke style topology:
GRE.jpg
The Cisco HQ Router has a static public IP address. Each site router has a dynamic IP public IP address.

If someone could provide me with documentation on how to do this I would be grateful.

Kind regards,

Steve
You do not have the required permissions to view the files attached to this post.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: GRE Tunnel on Dynamic IP address

Sat Feb 23, 2013 5:59 pm

Check out this thread. You can probably modify the script referenced and use DynDNS to make it work:

http://forum.mikrotik.com/viewtopic.php ... +ip+script
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
steveallen1987
just joined
Topic Author
Posts: 14
Joined: Wed Aug 24, 2011 5:58 pm

Re: GRE Tunnel on Dynamic IP address

Sun Feb 24, 2013 10:17 pm

Is it possible to do this without DynDNS?

Most of my site offices have a 3G connection which reports an internet IP address on DynDNS.

Is it possible to do this with loop back address to use as the source IP?

Kind regards,

Steve
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: GRE Tunnel on Dynamic IP address

Tue Feb 26, 2013 2:41 pm

at least as far as RouterOS gre configuration goes - remote-address has to be set to some meaningful address, local address is optional.

On remote end, it is ok, as i understand you can add static main router address as remote, on the main router you have to get the correct remote address to set up the tunnel.

One way is to set up dyndns, so main router resolving dns name gets the address. Other posibility is to make end router to execute remote command via SSH on target host to set ip address somehow (private key login to other router). Not sure you can do that against 3rd party equipment.
 
GeezerGlide
just joined
Posts: 1
Joined: Tue Sep 24, 2013 3:03 pm

Re: GRE Tunnel on Dynamic IP address

Sat Jul 12, 2014 6:52 pm

I realize this is an old thread at the time of my reply, but thought it a good place to post a simple scripting solution to update the GRE tunnel remote-address when that remote-address is dynamic.

This does assume the GRE tunnel is already functional and that the remote-address WAN ip is registered/obtainable via some type of dynamic DNS service, i.e. DynDns, etc.

The script is a one line statement that only updates the remote-address; it affords no testing for needing the update, logging or error checking. Those can be added if needed . . .. .

/interface gre set "gre-tunnel1" remote-address=[:resolve "yournamehere.dyndns.org"]

Hope this may be helpful to some . . .
 
kchuan
just joined
Posts: 1
Joined: Fri Mar 27, 2015 5:41 am

Re: GRE Tunnel on Dynamic IP address

Fri Mar 27, 2015 8:38 am

Hi Is GRE tunnel work on dynamic public ip? i have same problem here in Malaysia using TM Unify and my network guy told me i must have both public static IP.
Can you advice?
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: GRE Tunnel on Dynamic IP address

Sat Mar 28, 2015 3:13 pm

Cisco has GRE multipoint tunnels to handle that specific situation (static server, dynamic client IP), Mikrotik does not offer that possibility. You will have to use L2TP instead, and then either pull the GRE/EoIP tunnel over the L2TP session, or use L2TP without another tunnel on top.
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: GRE Tunnel on Dynamic IP address

Mon Apr 13, 2015 10:16 pm

We have some GRE tunnels with a dynamic IP on one site. We doing this by a more or less dirty hack. The Routers with the dynamic IP using the the fetch command+scheduler to poll at script (php). That php script is using the API to talk to the router with the fixed IP and updates the gre interface config if needed.
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
ucs75
newbie
Posts: 31
Joined: Fri Sep 20, 2013 10:06 pm

Re: GRE Tunnel on Dynamic IP address

Sat Oct 01, 2016 7:21 am

I realize this is an old thread at the time of my reply, but thought it a good place to post a simple scripting solution to update the GRE tunnel remote-address when that remote-address is dynamic.

This does assume the GRE tunnel is already functional and that the remote-address WAN ip is registered/obtainable via some type of dynamic DNS service, i.e. DynDns, etc.

The script is a one line statement that only updates the remote-address; it affords no testing for needing the update, logging or error checking. Those can be added if needed . . .. .

/interface gre set "gre-tunnel1" remote-address=[:resolve "yournamehere.dyndns.org"]

Hope this may be helpful to some . . .
Below is a slightly more complex script that looks for all GRE tunnels with a comment that begins with the string "Host_". The second portion of the comment string must be the fqdn of the dynamic host. With this, it will perform a dns resolution of the dynamic hostname, and ONLY if it differs from the current setting will it update the remote-address of the gre interface.
# define variables
:local list
:local thecomment
:local thecommentlen
:local thename
:local newip
:local oldip


:foreach i in=[ /interface gre find where comment~"^Host_" ] do={ 
   :set thecomment [/interface gre get $i comment]
   :set thecommentlen [ :len $thecomment ]
   :set thename [ :pick $thecomment 5 $thecommentlen ]
   :set oldip [/interface gre get $i remote-address]
   :set newip [:resolve $thename]
   : if ($newip != $oldip) do={ /interface gre set $i remote-address=$newip}
   : if ($newip != $oldip) do={:log info ("Updating " . $thecomment . " from " . $oldip . " to " . $newip . ".")}    
}



So, what if you also have IPSec enabled on the tunnel and it's not using the default policy? (i.e. You can't just enter the PSK in the Gre Interface Definition). In this case, you'll need to extend the script to update your IPSec Peer and Policy. Just follow the same comment rule for both ipsec policy, and ipsec peer. This will allow the below script to locate the correct entries and to update them all.
# define variables
:local list
:local thecomment
:local thecommentlen
:local thename
:local newip
:local newipm
:local oldip


:foreach i in=[ /interface gre find where comment~"^Host_" ] do={ 
   :set thecomment [ /interface gre get $i comment ]
   :set thecommentlen [ :len $thecomment ]
   :set thename [ :pick $thecomment 5 $thecommentlen ]
   :set oldip [ /interface gre get $i remote-address ]
   :set newip [ :resolve $thename ]
   : if ($newip != $oldip) do={ /interface gre set $i remote-address=$newip}
   : if ($newip != $oldip) do={:log info ("gre Interface - Updating " . $thecomment . " from " . $oldip . " to " . $newip . ".")}    
}



:foreach i in=[ /ip ipsec policy find where comment~"^Host_" ] do={ 
   :set thecomment [ /ip ipsec policy get $i comment ]
   :set thecommentlen [ :len $thecomment ]
   :set thename [ :pick $thecomment 5 $thecommentlen ]
   :set oldip [ /ip ipsec policy get $i sa-dst-address]
   :set newip [:resolve $thename ]
   :set newipm ( $newip . "/32" )
   : if ($newip != $oldip) do={ /ip ipsec policy set $i dst-address=$newipm sa-dst-address=$newip }
   : if ($newip != $oldip) do={ :log info ("IPSec Policy - Updating " . $thecomment . " from " . $oldip . " to " . $newip . ".") }    
}



:foreach i in=[ /ip ipsec peer find where comment~"^Host_" ] do={ 
   :set thecomment [ /ip ipsec peer get $i comment ]
   :set thecommentlen [ :len $thecomment ]
   :set thename [ :pick $thecomment 5 $thecommentlen ]
   :set oldip [ /ip ipsec peer get $i address]
   :set newip [:resolve $thename]
   :set newip ( $newip . "/32" )
   : if ($newip != $oldip) do={ /ip ipsec peer set $i address=$newip }
   : if ($newip != $oldip) do={ :log info ("IPSec Peer - Updating " . $thecomment . " from " . $oldip . " to " . $newip . ".")}    
}
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: GRE Tunnel on Dynamic IP address

Sat Oct 21, 2017 9:24 pm

I thought I'd just add an update to this. I am able to set this up using the DDNS hostname on the CORE, and no local IP set on the Client.

Client: Dynamic IP
/interface gre add comment="Dynamic GRE Interface" name=gre-tunnel1 remote-address=1.1.1.1
Core: Static IP
/interface gre add comment="Dynamic GRE Interface" local-address=1.1.1.1 name=gre-tunnel1 remote-address=XXXXXXX.sn.mynetname.net
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME

Who is online

Users browsing this forum: MSN [Bot] and 5 guests