blob: c19e138bdaec2c62ce1ae1ac1d5513c9895e0b17 (
about) (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Update GRE configuration with dynamic addresses
===============================================
[◀ Go back to main README](../README.md)
> ℹ️ **Info**: This script can not be used on its own but requires the base
> installation. See [main README](../README.md) for details.
Description
-----------
Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is
easy to configure on client, but has an issue on server side: client IP
addresses are assigned dynamically via mode-config and have to be updated
for GRE interface.
This script handles the address updates and disables the interface if the
client is disconnected.
Requirements and installation
-----------------------------
Just install the script:
$ScriptInstallUpdate update-gre-address;
... and add a scheduler to run the script periodically:
/ system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;
Configuration
-------------
The configuration goes to interface's comment. Add the client's IKEv2
certificate CN into the comment:
/ interface gre set comment="ikev2-client1" gre-client1;
---
[◀ Go back to main README](../README.md)
[▲ Go back to top](#top)
|