Mikrotik script to update a dynamic DNS host and IPsec policy

ddns_update

##############Script Settings##################
:local DDNSUser "username"
:local DDNSPass "password"
:local DDNSDomain "yourhost.ddns.net"
:local DDNSServer "https://members.dyndns.org/v3/update"
:local WANInter "pppoe-out1"
###############################################

:local IpCurrent [/ip address get [find interface=$WANInter] address];
:for i from=( [:len $IpCurrent] - 1) to=0 do={ 
  :if ( [:pick $IpCurrent $i] = "/") do={ 
    :local NewIP [:pick $IpCurrent 0 $i];
    :if ([:resolve $DDNSDomain] != $NewIP) do={
      /tool fetch mode=https user=$DDNSUser password=$DDNSPass url="$DDNSServer\3Fhostname=$DDNSDomain&myip=$NewIP" keep-result=no
      :log info "DDNS Update: $DDNSDomain - $NewIP"
      :log info "IPsec: Updating IPsec Policy."
      /ip ipsec policy set [find comment="myIPsec"] sa-src-address=$NewIP
      :log info "IPsec: IPsec Policy updated."
     }
   } 
}

Hello, what version of RouterOS is this for? Will it work with 6.37.x? Thanks.

Yes, it should work fine.

Hello...do you have script using MikroTIks cloud ID service? I need to setup a IPSEC /GRE VPN using Dynamic IP in both ends.

No, I don't have a script for Mikrotik's Cloud ID service since it was not available when I created this script. If you use Cloud ID, I guess you don't need to update the DNS record as this will be done automatically by the service. However, you still have to make sure to update the IPsec policy when the IP changes. Just compare the IP configured in IPsec with the current IP resolved by the DNS and update the IPsec config if they are different.