aboutsummaryrefslogtreecommitdiffstats

Update GRE configuration with dynamic addresses

◀ Go back to main README

Description

Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is easy to configure on client, but has an issue on server side: client IP addresses are assigned dynamically via mode-config and have to be updated for GRE interface.

This script handles the address updates and disables the interface if the client is disconnected.

Requirements and installation

Just install the script:

$ScriptInstallUpdate update-gre-address;

... and add a scheduler to run the script periodically:

/ system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;

Configuration

The configuration goes to interface's comment. Add the client's IKEv2 certificate CN into the comment:

/ interface gre set comment="ikev2-client1" gre-client1;

◀ Go back to main README
▲ Go back to top

generated by cgit v1.2.3-70-g09d2 (git 2.47.0) at 2024-10-28 23:58:43 +0000