# Actual remote address # IP Cloud has to be enable on both device :local remoterecord "8a2a08d7b2cd.sn.mynetname.net" # Name of GRE-Tunne, name of IPSec Peer and comment of IPSec Policy (all have to be same) :local HOST "GRE-O24-3SOBX" #-------------------No more changes need--------------------------------------------- # Set needed variables and resolve remotedomain and local domain :local RIP [:resolve $remoterecord] :local RIP2 [:pick "$RIP" 0 ([:len $RIP] - 3)] :local LIP [ip cloud get public-address] :local LIP2 [:pick "$LIP" 0 [:len $LIP]] # get actual values of dst-address and src-address :local Remote [/ip ipsec policy get [find comment="$HOST"] dst-address] :local Remote2 [:pick "$Remote" 0 ([:len $Remote] - 3)] :local Local [/ip ipsec peer get $HOST local-address] :local Local2 [:pick "$Local" 0 ([:len $Local] - 3)] # check and turn on IPSec ang GRE-Tunnel if remote host is responsing to ICMP :if ([/ping $RIP interval=1 count=5] = 5) do={ # change peer if remote or local ip changed :if ($RIP !=$Remote2) do={ :log info "Sprawdzam zdalne adresy: Byl adres $Remote2 zaaktualizuje na $RIP" /ip ipsec peer set $HOST address=$RIP :log info "Zaktualizowany peer" :dealy 1s :log info "Uaktualniona polityka" /interface gre set "$HOST" remote-address=$RIP :log info "Zaktualizowano adres remote dla tunelu $HOST" :delay 1s :log info "Aktualizacja adresów zdalnych zakoñczona" /interface gre set $HOST disabled=no /interface gre comment $HOST comment="$HOST" /ip ipsec peer set $HOST disabled=no /ip ipsec peer set $HOST comment="$HOST" /ip ipsec policy set [find comment="$HOST"] disabled=yes /ip ipsec policy set [find comment="$HOST"] disabled=no :log warning "Uruchomiono tunel po zmianie adresow zdalnych" } else={} :if ($LIP !=$Local) do={ :log warning "IPSec Peer $HOST adres lokalny nieprawidlowy: aktualny $Local zaaktualizuje na $LIP2" /ip ipsec peer set $HOST local-address=$LIP2 :log warning "Zaktualizowana polityka" /interface gre set "$HOST" local-address=$LIP :log warning "Zaktualizowano adres lokalny dla tunelu $HOST" :log warning "Lokalne adresy sprawdzone" /interface gre set $HOST disabled=no /interface gre comment $HOST comment="$HOST" /ip ipsec peer set $HOST disabled=no /ip ipsec peer set $HOST comment="$HOST" /ip ipsec policy set [find comment="$HOST"] disabled=yes /ip ipsec policy set [find comment="$HOST"] disabled=no :log warning "Uruchomiono tunel po zmianie adresow lokalnych" } else={} # Automatic turn on IPSec ang GRE Tunnel if above conditions are met :if ([/interface gre get $HOST disabled] = true && \ [/ip ipsec peer get $HOST disabled] = true) do={ /interface gre set $HOST disabled=no /interface gre comment $HOST comment="$HOST enabled, the remote host responds" /ip ipsec peer set $HOST disabled=no /ip ipsec peer set $HOST comment="$HOST enabled, the remote host responds" /ip ipsec policy set [find comment="$HOST"] disabled=no :log warning "Warunki spelnione, wlaczono tunel $HOST"} else={} } else={ # turn off IPSec and GRE Tunnel when remote HOST is not responsing :if ([/interface gre get $HOST disabled] = false && \ [/ip ipsec peer get $HOST disabled] = false) do={ /interface gre set $HOST disabled=yes /interface gre comment $HOST comment="$HOST disabled due to remote host activity" /ip ipsec peer set $HOST disabled=yes /ip ipsec peer set $HOST comment="$HOST disabled due to remote host activity" /ip ipsec policy set [find comment="$HOST"] disabled=yes :log error "Host zdalny $HOST nie odpowiada, wylaczono tunel oraz polityke"} } /ip cloud force-update