Facebook
From Piotr Wójtowicz i Paweł Kopeć, 3 Months ago, written in Property.
Embed
Download Paste or View Raw
Hits: 477
  1. # Actual remote address
  2. # IP Cloud has to be enable on both device
  3. :local remoterecord "8a2a08d7b2cd.sn.mynetname.net"
  4.  
  5. # Name of GRE-Tunne, name of IPSec Peer and comment of IPSec Policy (all have to be same)
  6. :local HOST "GRE-O24-3SOBX"
  7.  
  8. #-------------------No more changes need---------------------------------------------
  9.  
  10. # Set needed variables and resolve remotedomain and local domain
  11. :local RIP [:resolve $remoterecord]
  12. :local RIP2 [:pick "$RIP" 0 ([:len $RIP] - 3)]
  13. :local LIP [ip cloud get public-address]
  14. :local LIP2 [:pick "$LIP" 0 [:len $LIP]]
  15.  
  16. # get actual values of dst-address and src-address
  17. :local Remote [/ip ipsec policy get [find comment="$HOST"] dst-address]
  18. :local Remote2 [:pick "$Remote" 0 ([:len $Remote] - 3)]
  19. :local Local [/ip ipsec peer get $HOST local-address]
  20. :local Local2 [:pick "$Local" 0 ([:len $Local] - 3)]
  21.  
  22. # check and turn on IPSec ang GRE-Tunnel if remote host is responsing to ICMP
  23. :if ([/ping $RIP interval=1 count=5] = 5) do={
  24.  
  25. # change peer if remote or local ip changed
  26. :if ($RIP !=$Remote2) do={
  27. :log info "Sprawdzam zdalne adresy: Byl adres $Remote2 zaaktualizuje na $RIP"
  28. /ip ipsec peer set $HOST address=$RIP
  29. :log info "Zaktualizowany peer"
  30. :dealy 1s
  31. :log info "Uaktualniona polityka"
  32. /interface gre set "$HOST"  remote-address=$RIP
  33. :log info "Zaktualizowano adres remote dla tunelu $HOST"
  34. :delay 1s
  35. :log info "Aktualizacja adres├│w zdalnych zako├▒czona"
  36. /interface gre set $HOST disabled=no
  37. /interface gre comment $HOST comment="$HOST"
  38. /ip ipsec peer set $HOST disabled=no
  39. /ip ipsec peer set $HOST comment="$HOST"
  40. /ip ipsec policy set [find comment="$HOST"] disabled=yes
  41. /ip ipsec policy set [find comment="$HOST"] disabled=no
  42. :log warning "Uruchomiono tunel po zmianie adresow zdalnych"
  43. } else={}
  44.  
  45. :if ($LIP !=$Local) do={
  46. :log warning "IPSec Peer $HOST adres lokalny nieprawidlowy: aktualny $Local zaaktualizuje na $LIP2"
  47. /ip ipsec peer set $HOST local-address=$LIP2
  48. :log warning "Zaktualizowana polityka"
  49. /interface gre set "$HOST"  local-address=$LIP
  50. :log warning "Zaktualizowano adres lokalny dla tunelu $HOST"
  51. :log warning "Lokalne adresy sprawdzone"
  52. /interface gre set $HOST disabled=no
  53. /interface gre comment $HOST comment="$HOST"
  54. /ip ipsec peer set $HOST disabled=no
  55. /ip ipsec peer set $HOST comment="$HOST"
  56. /ip ipsec policy set [find comment="$HOST"] disabled=yes
  57. /ip ipsec policy set [find comment="$HOST"] disabled=no
  58. :log warning "Uruchomiono tunel po zmianie adresow lokalnych"
  59. } else={}
  60.  
  61. # Automatic turn on IPSec ang GRE Tunnel if above conditions are met
  62.  
  63. :if ([/interface gre get $HOST disabled] = true && \
  64. [/ip ipsec peer get $HOST disabled] = true) do={
  65. /interface gre set $HOST disabled=no
  66. /interface gre comment $HOST comment="$HOST enabled, the remote host responds"
  67. /ip ipsec peer set $HOST disabled=no
  68. /ip ipsec peer set $HOST comment="$HOST enabled, the remote host responds"
  69. /ip ipsec policy set [find comment="$HOST"] disabled=no
  70. :log warning "Warunki spelnione, wlaczono tunel $HOST"} else={}
  71.  
  72. } else={
  73.  
  74. # turn off IPSec and GRE Tunnel when remote HOST is not responsing
  75. :if ([/interface gre get $HOST disabled] = false && \
  76. [/ip ipsec peer get $HOST disabled] = false) do={
  77. /interface gre set $HOST disabled=yes
  78. /interface gre comment $HOST comment="$HOST disabled due to remote host activity"
  79. /ip ipsec peer set $HOST disabled=yes
  80. /ip ipsec peer set $HOST comment="$HOST disabled due to remote host activity"
  81. /ip ipsec policy set [find comment="$HOST"] disabled=yes
  82. :log error "Host zdalny $HOST nie odpowiada, wylaczono tunel oraz polityke"}
  83. }
  84.  
  85. /ip cloud force-update

Replies to Dynamic IPsec Peer Update uses dynamic dyndns rss

Title Name Language When
Re: Dynamic IPsec Peer Update uses dynamic dyndns Scanty Parakeet properties 2 Months ago.