mikrotik/IPSec Dynamic End points Updater.rsc

# IPSec Peer/Policy Updater for Dynamic WAN addresses



# ==================================================



# CONFIGURATION START



# ==================================================



:local localfqdn "local.fqdn-or-ip.domain.tld"



:local remotefqdn "remote.fqdn-or-ip.domain.tld"



:local peertag "peer-comment"



:local policytag "policy-comment"



# ==================================================



# CONFIGURATION END



# ==================================================



/ip dns cache flush



:local localsite "0.0.0.0"



:local remotesite "0.0.0.0"



:if ( [ :tostr [ :toip $localfqdn ] ] != $localfqdn ) do={



:set localsite [ :resolve $localfqdn ]



} else={



:set localsite $localfqdn



}



:if ( [ :tostr [ :toip $remotefqdn ] ] != $remotefqdn ) do={



:set remotesite [ :resolve $remotefqdn ]



} else={



:set remotesite $remotefqdn



}



:log info ( "IPSec: setting local to ". $localsite ." and remote to ". $remotesite ."." )



/ip ipsec policy set [ /ip ipsec policy find comment="$policytag" ] sa-src-address=$localsite sa-dst-address=$remotesite



/ip ipsec peer set [ /ip ipsec peer find comment="$peertag" ] address="$remotesite/32"



# ==================================================



# END OF SCRIPT



# ==================================================