From a2b009502fb04d8e9421bd11b28903ac0ba05eb4 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 27 Mar 2020 21:51:40 +0100
Subject: add doc/update-gre-address.md

---
 doc/update-gre-address.md | 38 ++++++++++++++++++++++++++++++++++++++
 update-gre-address        |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 doc/update-gre-address.md

diff --git a/doc/update-gre-address.md b/doc/update-gre-address.md
new file mode 100644
index 0000000..870759e
--- /dev/null
+++ b/doc/update-gre-address.md
@@ -0,0 +1,38 @@
+Update GRE configuration with dynamic addresses
+===============================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is
+easy to configure on client, but has an issue on server side: client IP
+addresses are assigned dynamically via mode-config and have to be updated
+for GRE interface.
+
+This script handles the address updates and disables the interface if the
+client is disconnected.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate update-gre-address;
+
+... and add a scheduler to run the script periodically:
+
+    / system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;
+
+Configuration
+-------------
+
+The configuration goes to interface's comment. Add the client's IKEv2
+certificate CN into the comment:
+
+    / interface gre set comment="ikev2-client1" gre-client1;
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)
diff --git a/update-gre-address b/update-gre-address
index fcd0183..8ede500 100644
--- a/update-gre-address
+++ b/update-gre-address
@@ -4,6 +4,7 @@
 #
 # update gre interface remote address with dynamic address from
 # ipsec remote peer
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/update-gre-address.md
 
 / interface gre set remote-address=0.0.0.0 disabled=yes [ find where !running !disabled ];
 
-- 
cgit v1.2.3-54-g00ecf