Community discussions

MikroTik App
 
User avatar
sjoram
Member Candidate
Member Candidate
Topic Author
Posts: 187
Joined: Sun Feb 10, 2013 8:47 pm
Location: Essex, UK

IPSec with Dynamic IP Peer

Sat May 17, 2014 10:19 pm

Hi,

Apologies, I know this has been asked a number of times before but having read a few threads, I'm struggling to adapt the scripts I need to my scenario.

My RB750 has a static IP address available for its side of the connection, however the remote end is using a Netgear device on a Dynamic IP address. I previously had a Netgear device instead of RB750 and they were able to work with FQDN so it was no issue.

I understand I need 2 scripts on the RB750, one to check the current IP address of the peer and another to amend the IPSec configuration if that IP address has changed.

Can anyone assist with some scripts for this?
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: IPSec with Dynamic IP Peer

Sun May 18, 2014 9:41 am

Hi,
I use ipsec inside eoip tunnel, so my script is not exactly what you need, but you can get ispired:
:global OtherSideIPold [/ip firewall address-list get [find list=OtherSideIPListName] address];
:global OtherSideIP [:resolve "OtherSide.domain.tld"];

:if ($OtherSideIP != $OtherSideIPold) do={
/interface eoip set remote-address=$OtherSideIP eoip-OtherSide
/ip firewall address-list set address=$OtherSideIP [find list=OtherSideIPListName]
:set OtherSideIPold $OtherSideIP
} else={
#:log info ("No change.")
};
I use also firewall rules, to enable traffic from OtherSide, so therefore I use address list for it. In the list there is just one address, corresponding to the last known address. When the script detects the dns change, it changes the address in firewall address list and changes the address also in eoip tunnel setting. then is no need to alter ipsec, as it works inside eoip tunnel.

Who is online

Users browsing this forum: coreshock, johnson73, mkx and 68 guests