IPSec Policy Dynamic

From MikroTik Wiki
Revision as of 14:09, 8 April 2013 by Tomaskir (talk | contribs)
Jump to: navigation, search
Version.png

Applies to RouterOS: v5

Basic Info

This fixes IPSec policy to work with dynamic WAN IP.

What to configure

Configure the WAN interface name at the annotated line. Schedule the script to run every 2 or 3 seconds.

The script

# ------------------- header -------------------
# Script by Tomas Kirnak, version 1.0.1
# If you use this script, or edit and
# re-use it, please keep the header intact.
#
# For more information and details about
# this script please visit the wiki page at
# http://wiki.mikrotik.com/wiki/IPSec_Policy_Dynamic
# ------------------- header -------------------
{
:global oWANip

# Configure the WAN interface here
:local WANip [/ip address get [find interface="WAN-Interface"] address]

:set WANip [:pick "$WANip" 0 ([:len $WANip] - 3)]

if ($WANip != $oWANip) do={
  :log warning "WAN IP changed, fixing IPSec"
  
  /ip ipsec policy disable 0
  /ip ipsec peer disable 0
  
  /ip ipsec policy set 0 tunnel=yes
  /ip ipsec policy set 0 src-address="$WANip/32"
  /ip ipsec policy set 0 sa-src-address=$WANip
  /ip ipsec policy set 0 tunnel=no
  
  /ip ipsec peer enable 0
  /ip ipsec policy enable 0
  
  :set oWANip $WANip
}
}
Retrieved from "https://wiki.mikrotik.com/index.php?title=IPSec_Policy_Dynamic&oldid=25201"