Hi, I'm trying to setup IPSEC between two Mikrotiks. I have the IPSEC working great, but the one MK is on a dynamic IP. It rarely changes, but it still does. What I'm trying to do is make a script that will take the WAN ip and put in in place of one of the properties of the IPSEC. Here's what I have so far, I just don't know what I'm doing wrong, thanks for any help!
I have other scripts such as and they work great. It's just the first one that has issues.

Any tips?

The Mikrotik appends the subnet to the result of [/ip address get [/ip address find where interface=WAN] address], so you may need to remove it first.

This is what I've used:

:local currentIP
:local externalInterface "ether1-wan"

# get the current IP address from the external interface
:set currentIP [/ip address get [find interface="$externalInterface"] address]
# Strip netmask
:for i from=( [:len $currentIP] - 1) to=0 step=-1 do={
:if ( [:pick $currentIP $i] = "/") do={
:set currentIP [:pick $currentIP 0 $i]
}
}


Then a modification of your script should work:

/ip ipsec policy set 0 sa-dst-address=$currentIP

-zeb

Thanks for the reply, I couldn't get your script to work. I have still have the issue with the network mask being in there. Here's what I have working so far. (I just started scripting with RouterOS today so I'm kinda bad.. lol.)
EDIT: NVM, it seems to be working right now. I'll keep you posted on how it goes. Thanks.