diff options
| author |  Christian Hesse <mail@eworm.de> | 2018-12-19 17:22:36 +0100 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2018-12-19 17:22:36 +0100 |
| commit | ee49fe31848d4e2d2990679e47d9abb033d8c337 (patch) | |
| tree | d1f522047662723d6f1399acebabe53ced757124 | |
| parent | 9f077ab8bfdb6e2a5eeb62d83cfacc2b9e73d46b (diff) | |
update-gre-address: remove settings from global-config
Instead read infos from gre interface comment.
| -rw-r--r-- | global-config | 5 | ||||
| -rw-r--r-- | update-gre-address | 25 |
2 files changed, 9 insertions, 21 deletions
diff --git a/global-config b/global-config index 61933e5..be0392a 100644 --- a/global-config +++ b/global-config @@ -37,11 +37,6 @@ # This controls what configuration is activated by bridge-port-to-default. :global "bridge-port-to" "default"; -# These settings are used to update gre interface settings based on -# remote peer configuration. -:global "gre-cert-prefix" "ikev2-"; -:global "gre-int-prefix" "gre-"; - # Access-list entries matching this comment are updated # with daily pseudo-random PSK. :global "daily-psk-match-comment" "Daily PSK"; diff --git a/update-gre-address b/update-gre-address index e548f56..5261a4e 100644 --- a/update-gre-address +++ b/update-gre-address @@ -5,27 +5,20 @@ # update gre interface remote address with dynamic address from # ipsec remote peer -:global "gre-cert-prefix"; -:global "gre-int-prefix"; - / interface gre set remote-address=0.0.0.0 disabled=yes [ find where !running !disabled ]; :foreach peer in=[ / ip ipsec remote-peers find ] do={ :local id [ / ip ipsec remote-peers get $peer id ]; - - :if ([ :pick $id 0 [ :len $"gre-cert-prefix" ] ] = $"gre-cert-prefix") do={ - :local name [ :pick $id [ :len $"gre-cert-prefix" ] [ :len $id ] ]; + :local greint [ / interface gre find where comment=$id ]; + :if ([ :len $greint ] > 0) do={ + :local grename [ / interface gre get $greint name ]; + :local addrold [ / interface gre get $greint remote-address ]; + :local disabled [ / interface gre get $greint disabled ]; :local addrnew [ / ip ipsec remote-peers get $peer dynamic-address ]; - :local grename ($"gre-int-prefix" . $name); - :local greint [ / interface gre find where name=$grename ]; - :if ([ :len $greint ] > 0) do={ - :local addrold [ / interface gre get $greint remote-address ]; - :local disabled [ / interface gre get $greint disabled ]; - :if ($addrnew != $addrold || $disabled = true) do={ - :log info ("Update remote address for interface " . $grename . " to " . $addrnew); - / interface gre set remote-address=0.0.0.0 disabled=yes [ find where remote-address=$addrnew name!=$grename ]; - / interface gre set $greint remote-address=$addrnew disabled=no; - } + :if ($addrnew != $addrold || $disabled = true) do={ + :log info ("Update remote address for interface " . $grename . " to " . $addrnew); + / interface gre set remote-address=0.0.0.0 disabled=yes [ find where remote-address=$addrnew name!=$grename ]; + / interface gre set $greint remote-address=$addrnew disabled=no; } } } |