SHARE
TWEET

Untitled

a guest Aug 18th, 2019 129 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Actual remote address
  2. :local remoterecord "8a2a08d7b2cd.sn.mynetname.net"
  3.  
  4. # Name of GRE-Tunne, name of IPSec Peer and comment of IPSec Policy (all have to be same)
  5. :local HOST "GRE-PIOTREK"
  6.  
  7. #-------------------No more changes need---------------------------------------------
  8.  
  9. # Set needed variables and resolve remotedomain and local domain
  10. :local RIP [:resolve $remoterecord]
  11. :local RIP2 [:pick "$RIP" 0 ([:len $RIP] - 3)]
  12. :local LIP [ip cloud get public-address]
  13. :local LIP2 [:pick "$LIP" 0 [:len $LIP]]
  14.  
  15. # get actual values of dst-address and src-address
  16. :local Remote [/ip ipsec policy get [find comment="$HOST"] dst-address]
  17. :local Remote2 [:pick "$Remote" 0 ([:len $Remote] - 3)]
  18. :local Local [/ip ipsec peer get $HOST local-address]
  19. :local Local2 [:pick "$Local" 0 ([:len $Local] - 3)]
  20.  
  21. # check and turn on IPSec ang GRE-Tunnel if remote host is responsing to ICMP
  22. :if ([/ping $RIP interval=1 count=5] = 5) do={
  23.  
  24. # change peer if remote or local ip changed
  25. :if ($RIP !=$Remote2) do={
  26. :log info "Sprawdzam zdalne adresy: Byl adres $Remote2 zaaktualizuje na $RIP"
  27. /ip ipsec peer set $HOST address=$RIP
  28. :log info "Zaktualizowany peer"
  29. :dealy 1s
  30. :log info "Uaktualniona polityka"
  31. /interface gre set "$HOST"  remote-address=$RIP
  32. :log info "Zaktualizowano adres remote dla tunelu $HOST"
  33. :delay 1s
  34. :log info "Aktualizacja adresów zdalnych zakoñczona"
  35. /interface gre set $HOST disabled=no
  36. /interface gre comment $HOST comment="$HOST"
  37. /ip ipsec peer set $HOST disabled=no
  38. /ip ipsec peer set $HOST comment="$HOST"
  39. /ip ipsec policy set [find comment="$HOST"] disabled=yes
  40. /ip ipsec policy set [find comment="$HOST"] disabled=no
  41. :log warning "Uruchomiono tunel po zmianie adresow zdalnych"
  42. } else={}
  43.  
  44. :if ($LIP !=$Local) do={
  45. :log warning "IPSec Peer $HOST adres lokalny nieprawidlowy: aktualny $Local zaaktualizuje na $LIP2"
  46. /ip ipsec peer set $HOST local-address=$LIP2
  47. :log warning "Zaktualizowana polityka"
  48. /interface gre set "$HOST"  local-address=$LIP
  49. :log warning "Zaktualizowano adres lokalny dla tunelu $HOST"
  50. :log warning "Lokalne adresy sprawdzone"
  51. /interface gre set $HOST disabled=no
  52. /interface gre comment $HOST comment="$HOST"
  53. /ip ipsec peer set $HOST disabled=no
  54. /ip ipsec peer set $HOST comment="$HOST"
  55. /ip ipsec policy set [find comment="$HOST"] disabled=yes
  56. /ip ipsec policy set [find comment="$HOST"] disabled=no
  57. :log warning "Uruchomiono tunel po zmianie adresow lokalnych"
  58. } else={}
  59.  
  60. # Automatic turn on IPSec ang GRE Tunnel if above conditions are met
  61.  
  62. :if ([/interface gre get $HOST disabled] = true && \
  63. [/ip ipsec peer get $HOST disabled] = true) do={
  64. /interface gre set $HOST disabled=no
  65. /interface gre comment $HOST comment="$HOST enabled, the remote host responds"
  66. /ip ipsec peer set $HOST disabled=no
  67. /ip ipsec peer set $HOST comment="$HOST enabled, the remote host responds"
  68. /ip ipsec policy set [find comment="$HOST"] disabled=no
  69. :log warning "Warunki spelnione, wlaczono tunel $HOST"} else={}
  70.  
  71. } else={
  72.  
  73. # turn off IPSec and GRE Tunnel when remote HOST is not responsing
  74. :if ([/interface gre get $HOST disabled] = false && \
  75. [/ip ipsec peer get $HOST disabled] = false) do={
  76. /interface gre set $HOST disabled=yes
  77. /interface gre comment $HOST comment="$HOST disabled due to remote host activity"
  78. /ip ipsec peer set $HOST disabled=yes
  79. /ip ipsec peer set $HOST comment="$HOST disabled due to remote host activity"
  80. /ip ipsec policy set [find comment="$HOST"] disabled=yes
  81. :log error "Host zdalny $HOST nie odpowiada, wylaczono tunel oraz polityke"}
  82. }
  83.  
  84. /ip cloud force-update
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top