aboutsummaryrefslogtreecommitdiffstats
path: root/update-gre-address
diff options
context:
space:
mode:
Diffstat (limited to 'update-gre-address')
-rw-r--r--update-gre-address30
1 files changed, 30 insertions, 0 deletions
diff --git a/update-gre-address b/update-gre-address
new file mode 100644
index 0000000..ea55a9b
--- /dev/null
+++ b/update-gre-address
@@ -0,0 +1,30 @@
+# RouterOS script: update-gre-address
+# Copyright (c) 2013-2018 Christian Hesse <mail@eworm.de>
+#
+# update gre interface remote address with dynamic address from
+# ipsec remote peer
+
+:global "gre-cert-prefix";
+:global "gre-int-prefix";
+
+/ interface gre set remote-address=0.0.0.0 disabled=yes [ find where !running !disabled ];
+
+:foreach peer in=[ / ip ipsec remote-peers find ] do={
+ :local id [ / ip ipsec remote-peers get $peer id ];
+
+ :if ([ :pick $id 0 [ :len $"gre-cert-prefix" ] ] = $"gre-cert-prefix") do={
+ :local name [ :pick $id [ :len $"gre-cert-prefix" ] [ :len $id ] ];
+ :local addrnew [ / ip ipsec remote-peers get $peer dynamic-address ];
+ :local grename ($"gre-int-prefix" . $name);
+ :local greint [ / interface gre find where name=$grename ];
+ :if ([ :len $greint ] > 0) do={
+ :local addrold [ / interface gre get $greint remote-address ];
+ :local disabled [ / interface gre get $greint disabled ];
+ :if ($addrnew != $addrold || $disabled = true) do={
+ :log info ("Update remote address for interface " . $grename . " to " . $addrnew);
+ / interface gre set remote-address=0.0.0.0 disabled=yes [ find where remote-address=$addrnew name!=$grename ];
+ / interface gre set $greint remote-address=$addrnew disabled=no;
+ }
+ }
+ }
+}