Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Actual remote address
- :local remoterecord "8a2a08d7b2cd.sn.mynetname.net"
- # Name of GRE-Tunne, name of IPSec Peer and comment of IPSec Policy (all have to be same)
- :local HOST "GRE-PIOTREK"
- #-------------------No more changes need---------------------------------------------
- # Set needed variables and resolve remotedomain and local domain
- :local RIP [:resolve $remoterecord]
- :local RIP2 [:pick "$RIP" 0 ([:len $RIP] - 3)]
- :local LIP [ip cloud get public-address]
- :local LIP2 [:pick "$LIP" 0 [:len $LIP]]
- # get actual values of dst-address and src-address
- :local Remote [/ip ipsec policy get [find comment="$HOST"] dst-address]
- :local Remote2 [:pick "$Remote" 0 ([:len $Remote] - 3)]
- :local Local [/ip ipsec peer get $HOST local-address]
- :local Local2 [:pick "$Local" 0 ([:len $Local] - 3)]
- # check and turn on IPSec ang GRE-Tunnel if remote host is responsing to ICMP
- :if ([/ping $RIP interval=1 count=5] = 5) do={
- # change peer if remote or local ip changed
- :if ($RIP !=$Remote2) do={
- :log info "Sprawdzam zdalne adresy: Byl adres $Remote2 zaaktualizuje na $RIP"
- /ip ipsec peer set $HOST address=$RIP
- :log info "Zaktualizowany peer"
- :dealy 1s
- :log info "Uaktualniona polityka"
- /interface gre set "$HOST" remote-address=$RIP
- :log info "Zaktualizowano adres remote dla tunelu $HOST"
- :delay 1s
- :log info "Aktualizacja adresów zdalnych zakoñczona"
- /interface gre set $HOST disabled=no
- /interface gre comment $HOST comment="$HOST"
- /ip ipsec peer set $HOST disabled=no
- /ip ipsec peer set $HOST comment="$HOST"
- /ip ipsec policy set [find comment="$HOST"] disabled=yes
- /ip ipsec policy set [find comment="$HOST"] disabled=no
- :log warning "Uruchomiono tunel po zmianie adresow zdalnych"
- } else={}
- :if ($LIP !=$Local) do={
- :log warning "IPSec Peer $HOST adres lokalny nieprawidlowy: aktualny $Local zaaktualizuje na $LIP2"
- /ip ipsec peer set $HOST local-address=$LIP2
- :log warning "Zaktualizowana polityka"
- /interface gre set "$HOST" local-address=$LIP
- :log warning "Zaktualizowano adres lokalny dla tunelu $HOST"
- :log warning "Lokalne adresy sprawdzone"
- /interface gre set $HOST disabled=no
- /interface gre comment $HOST comment="$HOST"
- /ip ipsec peer set $HOST disabled=no
- /ip ipsec peer set $HOST comment="$HOST"
- /ip ipsec policy set [find comment="$HOST"] disabled=yes
- /ip ipsec policy set [find comment="$HOST"] disabled=no
- :log warning "Uruchomiono tunel po zmianie adresow lokalnych"
- } else={}
- # Automatic turn on IPSec ang GRE Tunnel if above conditions are met
- :if ([/interface gre get $HOST disabled] = true && \
- [/ip ipsec peer get $HOST disabled] = true) do={
- /interface gre set $HOST disabled=no
- /interface gre comment $HOST comment="$HOST enabled, the remote host responds"
- /ip ipsec peer set $HOST disabled=no
- /ip ipsec peer set $HOST comment="$HOST enabled, the remote host responds"
- /ip ipsec policy set [find comment="$HOST"] disabled=no
- :log warning "Warunki spelnione, wlaczono tunel $HOST"} else={}
- } else={
- # turn off IPSec and GRE Tunnel when remote HOST is not responsing
- :if ([/interface gre get $HOST disabled] = false && \
- [/ip ipsec peer get $HOST disabled] = false) do={
- /interface gre set $HOST disabled=yes
- /interface gre comment $HOST comment="$HOST disabled due to remote host activity"
- /ip ipsec peer set $HOST disabled=yes
- /ip ipsec peer set $HOST comment="$HOST disabled due to remote host activity"
- /ip ipsec policy set [find comment="$HOST"] disabled=yes
- :log error "Host zdalny $HOST nie odpowiada, wylaczono tunel oraz polityke"}
- }
- /ip cloud force-update
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement