Community discussions

 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

EOIP + IPSEC Update Local IP

Tue Mar 19, 2019 1:43 pm

Needed this the other day.

In Eoip Tunnel you can define the far point (remote-address) to use IPCloud. But the local address does not. This will grab the local WAN IP and add it to a EoIP tunnel with the word "Tunnel" in the name.
/system script
add dont-require-permissions=no name=EoipUpdate owner=admin policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    local TestEoip\r\
    \n:local TestCloud\r\
    \n:local TestEoip [/interface eoip get [find name~\"Tunnel\"] local-addres\
    s]\r\
    \n:local TestCloud [/ip cloud get public-address]\r\
    \n:if (\$TestEoip = \$TestCloud) do= {\r\
    \n    #:log info \"No Change\"\r\
    \n} else= {\r\
    \n    /interface eoip set [find name~\"Tunnel\"] local-address=\"\$TestClo\
    ud\"\r\
    \n}"
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: EOIP + IPSEC Update Local IP

Tue Mar 26, 2019 7:36 pm

Hi gotsprings, just trying to get a handle on the practical nature of the solution.
Is this for the case where ones local WANIP is dynamic vice static?

How does one use IP cloud for the remote site and why do it that way?
Can dyndns names be used for either local or remote??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
gotsprings
Forum Veteran
Forum Veteran
Topic Author
Posts: 778
Joined: Mon May 14, 2012 9:30 pm

Re: EOIP + IPSEC Update Local IP

Tue Mar 26, 2019 8:44 pm

When you setup EOIP...
You have to have an entry for Local IP and Far IP.

You can place the IP cloud information in the tunnel config. However... the LOCAL IP will RESOLVE AT THE TIME you OK the tunnel.
So if the local address changes... the tunnel's encryption will fail.

This will update the local IP address on a change.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain

Who is online

Users browsing this forum: No registered users and 18 guests