Hello!
I'm trying to set up a tunnel between the two routers. WAN connection via 3G USB modems (ppp-out1). WAN IP address is dynamic so you must use DynDNS to update them on the router. Interenet works tunnel does not rise, could help me what am I doing wrong?
The script that I have used have listed below. OS Version 5.16
siteA
/system script
add name=dynamic-dns-script policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
# User account info of DNSoMatic\r\
\n:global maticuser \"ххххх\"\r\
\n:global maticpass \"ххххх\"\r\
\n:global matichost \"testtele2sitea.dyndns.org\"\r\
\n# No more changes need\r\
\n\r\
\n:global previousIP\r\
\n\r\
\n# Print values for debug\r\
\n:log info \"DNSoMatic: Updating dynamic IP on DNS for host \$matichost\"\
\r\
\n:log info \"DNSoMatic: User \$maticuser y Pass \$maticpass\"\r\
\n:log info \"DNSoMatic: Last IP \$previousIP\"\r\
\n\r\
\n# get the current IP address from the internet (in case of double-nat)\r\
\n/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" dst-\
path=\"/dyndns.checkip.html\"\r\
\n:local result [/file get dyndns.checkip.html contents]\r\
\n\r\
\n# parse the current IP result\r\
\n:local resultLen [:len \$result]\r\
\n:local startLoc [:find \$result \": \" -1]\r\
\n:set startLoc (\$startLoc + 2)\r\
\n:local endLoc [:find \$result \"</body>\" -1]\r\
\n:global currentIP [:pick \$result \$startLoc \$endLoc]\r\
\n:log info \"DNSoMatic: IP actual \$currentIP\"\r\
\n\r\
\n# Touching the string passed to fetch command on \"src-path\" option\r\
\n:local str \"/nic/update\?hostname=\$matichost&myip=\$currentIP&wildcard\
=NOCHG&mx=NOCHG&backmx=NOCHG\"\r\
\n\r\
\n:if (\$currentIP != \$previousIP) do={\r\
\n:log info \"DNSoMatic: Update need\"\r\
\n:set previousIP \$currentIP\r\
\n:log info \"DNSoMatic: Sending update \$currentIP\"\r\
\n:log info [ :put [/tool fetch host=MT user=\$maticuser password=\$maticp\
ass mode=http address=\"updates.dnsomatic.com\" src-path=\$str dst-path=\$\
matichost]]\r\
\n:log info \"DNSoMatic: Host \$matichost updated on DNSoMatic with IP \$c\
urrentIP\"\r\
\n} else={\r\
\n:log info \"DNSoMatic: Previous IP \$previousIP and current \$currentIP \
equal, no update need\"\r\
\n}"
/system scheduler
add comment="" disabled=no interval=10m name=dynamic-dns-schedule on-event=dynamic-dns-script \
start-date=jan/01/1970 start-time=00:00:01
/ip firewall nat
add action=accept chain=srcnat comment="NAT bypass" disabled=no dst-address=\
192.168.0.0/16 out-interface=ppp-out1
add action=masquerade chain=srcnat comment="default PAT" disabled=no out-interface=\
ppp-out1
/ip ipsec peer
add address=1.1.1.1/32 port=500 auth-method=pre-shared-key dh-group=modp1024 \
disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=\
md5 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=\
test send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=192.168.88.0/24 dst-port=any \
ipsec-protocols=esp level=require priority=0 proposal=default protocol=\
all sa-dst-address=2.2.2.2 sa-src-address=1.1.1.1 src-address=\
192.168.87.0/24 src-port=any tunnel=yes
/system script
add name=dynamic-router-update policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
:global LocalSite [:resolve testtele2sitea.dyndns.org]\r\
\n:global RemoteSite [:resolve testtele2siteb.dyndns.org]\r\
\n/ip ipsec policy set 0 sa-dst-address=\$RemoteSite sa-src-address=\$Loca\
lSite\r\
\n/ip ipsec peer set 0 address=\"\$RemoteSite/32:500\""