1. # Actual remote address
2. # IP Cloud has to be enable on both device
3. :local remoterecord "8a2a08d7b2cd.sn.mynetname.net"
4.  
5. # Name of GRE-Tunne, name of IPSec Peer and comment of IPSec Policy (all have to be same)
6. :local HOST "GRE-O24-3SOBX"
7.  
8. #-------------------No more changes need---------------------------------------------
9.  
10. # Set needed variables and resolve remotedomain and local domain
11. :local RIP [:resolve $remoterecord]
12. :local RIP2 [:pick "$RIP" 0 ([:len $RIP] - 3)]
13. :local LIP [ip cloud get public-address]
14. :local LIP2 [:pick "$LIP" 0 [:len $LIP]]
15.  
16. # get actual values of dst-address and src-address
17. :local Remote [/ip ipsec policy get [find comment="$HOST"] dst-address]
18. :local Remote2 [:pick "$Remote" 0 ([:len $Remote] - 3)]
19. :local Local [/ip ipsec peer get $HOST local-address]
20. :local Local2 [:pick "$Local" 0 ([:len $Local] - 3)]
21.  
22. # check and turn on IPSec and GRE-Tunnel if remote host is responsing to ICMP
23. :if ([/ping $RIP interval=1 count=5] = 5) do={
24.  
25. # change peer if remote or local ip changed
26. :if ($RIP !=$Remote2) do={
27. :log info "Checking remote addresses: $Remote2 will update to $RIP"
28. /ip ipsec peer set $HOST address=$RIP
29. :log info "Updated peer"
30. :delay 1s
31. :log info "Updated policy"
32. /interface gre set "$HOST"  remote-address=$RIP
33. :log info "Updated remote address for $HOST tunnel"
34. :delay 1s
35. :log info "Remote address update complete"
36. /interface gre set $HOST disabled=no
37. /interface gre comment $HOST comment="$HOST"
38. /ip ipsec peer set $HOST disabled=no
39. /ip ipsec peer set $HOST comment="$HOST"
40. /ip ipsec policy set [find comment="$HOST"] disabled=yes
41. /ip ipsec policy set [find comment="$HOST"] disabled=no
42. :log warning "Tunnel started after remote addresses changed"
43. } else={}
44.  
45. :if ($LIP !=$Local) do={
46. :log warning "IPSec Peer $HOST local address invalid: current $Local updates to $LIP2"
47. /ip ipsec peer set $HOST local-address=$LIP2
48. :log warning "Updated Policy"
49. /interface gre set "$HOST"  local-address=$LIP
50. :log warning "Local address updated for $HOST tunnel"
51. :log warning "Local addresses checked"
52. /interface gre set $HOST disabled=no
53. /interface gre comment $HOST comment="$HOST"
54. /ip ipsec peer set $HOST disabled=no
55. /ip ipsec peer set $HOST comment="$HOST"
56. /ip ipsec policy set [find comment="$HOST"] disabled=yes
57. /ip ipsec policy set [find comment="$HOST"] disabled=no
58. :log warning "Tunnel started after changing local addresses"
59. } else={}
60.  
61. # Automatic turn on IPSec and GRE Tunnel if above conditions are met
62.  
63. :if ([/interface gre get $HOST disabled] = true && \
64. [/ip ipsec peer get $HOST disabled] = true) do={
65. /interface gre set $HOST disabled=no
66. /interface gre comment $HOST comment="$HOST enabled, the remote host responds"
67. /ip ipsec peer set $HOST disabled=no
68. /ip ipsec peer set $HOST comment="$HOST enabled, the remote host responds"
69. /ip ipsec policy set [find comment="$HOST"] disabled=no
70. :log warning "Conditions met, $HOST tunnel enabled"} else={}
71.  
72. } else={
73.  
74. # turn off IPSec and GRE Tunnel when remote HOST is not responsing
75. :if ([/interface gre get $HOST disabled] = false && \
76. [/ip ipsec peer get $HOST disabled] = false) do={
77. /interface gre set $HOST disabled=yes
78. /interface gre comment $HOST comment="$HOST disabled due to remote host activity"
79. /ip ipsec peer set $HOST disabled=yes
80. /ip ipsec peer set $HOST comment="$HOST disabled due to remote host activity"
81. /ip ipsec policy set [find comment="$HOST"] disabled=yes
82. :log error "$HOST remote host not responding, tunnel and policy disabled"}
83. }
84.  
85.  
86. /ip cloud force-update