aboutsummaryrefslogtreecommitdiffstats
path: root/doc/update-gre-address.md
blob: 5bf95bd0588255cb0e7f3ef9368d3adde52f41a6 (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Update GRE configuration with dynamic addresses
===============================================

[⬅️ Go back to main README](../README.md)

> ℹ️ **Info**: This script can not be used on its own but requires the base
> installation. See [main README](../README.md) for details.

Description
-----------

Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is
easy to configure on client, but has an issue on server side: client IP
addresses are assigned dynamically via mode-config and have to be updated
for GRE interface.

This script handles the address updates and disables the interface if the
client is disconnected.

Requirements and installation
-----------------------------

Just install the script:

    $ScriptInstallUpdate update-gre-address;

... and add a scheduler to run the script periodically:

    /system/scheduler/add interval=30s name=update-gre-address on-event="/system/script/run update-gre-address;" start-time=startup;

Configuration
-------------

The configuration goes to interface's comment. Add the client's IKEv2
certificate CN into the comment:

    /interface/gre/set comment="ikev2-client1" gre-client1;

---
[⬅️ Go back to main README](../README.md)  
[⬆️ Go back to top](#top)