I have test enviroment and for VPN L2TP IPSEC server use RB750. On RB750 I have static IP. Then I have remote side which use 953GS-5HnT and 2x Huawei LTE modems. I want inplement VPN failover but have problem that on server side I must update in ipsec policy sa-dst-address with remote office ip(1xwan + 2xmobile IP).
Im make script which update this setting and put in in scheduler and run every second. Problem is that script usualy work and then usualy do not work...
Code: Select all
{
:local NewWANIP [/ip address get [find interface="ether1-wan"] address]
:local NewWANIP [:pick "$NewWANIP" 0 ([:len $NewWANIP] - 3)]
:global OldWANIP
:local NewRemotePeerIP [/ip ipsec remote-peers get 0 remote-address]
:local OldRemotePeerIP [/ip ipsec policy get [find comment="Test Peer"] sa-dst-address]
if ($NewWANIP != $OldWANIP) do={
:log info "New WAN IP is $NewWANIP"
/ip ipsec policy set [/ip ipsec policy find comment="Test Peer"] sa-src-address=$NewWANIP
:set OldWANIP $NewWANIP
}
if ($NewRemotePeerIP != $OldRemotePeerIP) do={
:log info "New remote IPSEC Peer IP is $NewRemotePeerIP"
/ip ipsec policy set [/ip ipsec policy find comment="Test Peer"] sa-dst-address=$NewRemotePeerIP
}
}
Code: Select all
:put [/ip ipsec remote-peers get 0 remote-address]
Code: Select all
/ip ipsec remote-peers print
Thanks for any help.