# Actual remote address:local remoterecord "8a2a08d7b2cd.sn.mynetname.net"

1. # Actual remote address
2. :local remoterecord "8a2a08d7b2cd.sn.mynetname.net"
3.  
4. # Name of GRE-Tunne, name of IPSec Peer and comment of IPSec Policy (all have to be same)
5. :local HOST "GRE-PIOTREK"
6.  
7. #-------------------No more changes need---------------------------------------------
8.  
9. # Set needed variables and resolve remotedomain and local domain
10. :local RIP [:resolve $remoterecord]
11. :local RIP2 [:pick "$RIP" 0 ([:len $RIP] - 3)]
12. :local LIP [ip cloud get public-address]
13. :local LIP2 [:pick "$LIP" 0 [:len $LIP]]
14.  
15. # get actual values of dst-address and src-address
16. :local Remote [/ip ipsec policy get [find comment="$HOST"] dst-address]
17. :local Remote2 [:pick "$Remote" 0 ([:len $Remote] - 3)]
18. :local Local [/ip ipsec peer get $HOST local-address]
19. :local Local2 [:pick "$Local" 0 ([:len $Local] - 3)]
20.  
21. # check and turn on IPSec ang GRE-Tunnel if remote host is responsing to ICMP
22. :if ([/ping $RIP interval=1 count=5] = 5) do={
23.  
24. # change peer if remote or local ip changed
25. :if ($RIP !=$Remote2) do={
26. :log info "Sprawdzam zdalne adresy: Byl adres $Remote2 zaaktualizuje na $RIP"
27. /ip ipsec peer set $HOST address=$RIP
28. :log info "Zaktualizowany peer"
29. :dealy 1s
30. :log info "Uaktualniona polityka"
31. /interface gre set "$HOST"  remote-address=$RIP
32. :log info "Zaktualizowano adres remote dla tunelu $HOST"
33. :delay 1s
34. :log info "Aktualizacja adresów zdalnych zakoñczona"
35. /interface gre set $HOST disabled=no
36. /interface gre comment $HOST comment="$HOST"
37. /ip ipsec peer set $HOST disabled=no
38. /ip ipsec peer set $HOST comment="$HOST"
39. /ip ipsec policy set [find comment="$HOST"] disabled=yes
40. /ip ipsec policy set [find comment="$HOST"] disabled=no
41. :log warning "Uruchomiono tunel po zmianie adresow zdalnych"
42. } else={}
43.  
44. :if ($LIP !=$Local) do={
45. :log warning "IPSec Peer $HOST adres lokalny nieprawidlowy: aktualny $Local zaaktualizuje na $LIP2"
46. /ip ipsec peer set $HOST local-address=$LIP2
47. :log warning "Zaktualizowana polityka"
48. /interface gre set "$HOST"  local-address=$LIP
49. :log warning "Zaktualizowano adres lokalny dla tunelu $HOST"
50. :log warning "Lokalne adresy sprawdzone"
51. /interface gre set $HOST disabled=no
52. /interface gre comment $HOST comment="$HOST"
53. /ip ipsec peer set $HOST disabled=no
54. /ip ipsec peer set $HOST comment="$HOST"
55. /ip ipsec policy set [find comment="$HOST"] disabled=yes
56. /ip ipsec policy set [find comment="$HOST"] disabled=no
57. :log warning "Uruchomiono tunel po zmianie adresow lokalnych"
58. } else={}
59.  
60. # Automatic turn on IPSec ang GRE Tunnel if above conditions are met
61.  
62. :if ([/interface gre get $HOST disabled] = true && \
63. [/ip ipsec peer get $HOST disabled] = true) do={
64. /interface gre set $HOST disabled=no
65. /interface gre comment $HOST comment="$HOST enabled, the remote host responds"
66. /ip ipsec peer set $HOST disabled=no
67. /ip ipsec peer set $HOST comment="$HOST enabled, the remote host responds"
68. /ip ipsec policy set [find comment="$HOST"] disabled=no
69. :log warning "Warunki spelnione, wlaczono tunel $HOST"} else={}
70.  
71. } else={
72.  
73. # turn off IPSec and GRE Tunnel when remote HOST is not responsing
74. :if ([/interface gre get $HOST disabled] = false && \
75. [/ip ipsec peer get $HOST disabled] = false) do={
76. /interface gre set $HOST disabled=yes
77. /interface gre comment $HOST comment="$HOST disabled due to remote host activity"
78. /ip ipsec peer set $HOST disabled=yes
79. /ip ipsec peer set $HOST comment="$HOST disabled due to remote host activity"
80. /ip ipsec policy set [find comment="$HOST"] disabled=yes
81. :log error "Host zdalny $HOST nie odpowiada, wylaczono tunel oraz polityke"}
82. }
83.  
84. /ip cloud force-update