Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mikrotik script to update a dynamic DNS host and IPsec policy
##############Script Settings##################
:local DDNSUser "username"
:local DDNSPass "password"
:local DDNSDomain "yourhost.ddns.net"
:local DDNSServer "https://members.dyndns.org/v3/update"
:local WANInter "pppoe-out1"
###############################################
:local IpCurrent [/ip address get [find interface=$WANInter] address];
:for i from=( [:len $IpCurrent] - 1) to=0 do={
:if ( [:pick $IpCurrent $i] = "/") do={
:local NewIP [:pick $IpCurrent 0 $i];
:if ([:resolve $DDNSDomain] != $NewIP) do={
/tool fetch mode=https user=$DDNSUser password=$DDNSPass url="$DDNSServer\3Fhostname=$DDNSDomain&myip=$NewIP" keep-result=no
:log info "DDNS Update: $DDNSDomain - $NewIP"
:log info "IPsec: Updating IPsec Policy."
/ip ipsec policy set [find comment="myIPsec"] sa-src-address=$NewIP
:log info "IPsec: IPsec Policy updated."
}
}
}
@fastzombies

This comment has been minimized.

Copy link

@fastzombies fastzombies commented Nov 23, 2016

Hello, what version of RouterOS is this for? Will it work with 6.37.x? Thanks.

@adrianmo

This comment has been minimized.

Copy link
Owner Author

@adrianmo adrianmo commented Apr 18, 2017

Yes, it should work fine.

@Sreeharshan77

This comment has been minimized.

Copy link

@Sreeharshan77 Sreeharshan77 commented Jan 6, 2020

Hello...do you have script using MikroTIks cloud ID service? I need to setup a IPSEC /GRE VPN using Dynamic IP in both ends.

@adrianmo

This comment has been minimized.

Copy link
Owner Author

@adrianmo adrianmo commented Feb 13, 2020

No, I don't have a script for Mikrotik's Cloud ID service since it was not available when I created this script. If you use Cloud ID, I guess you don't need to update the DNS record as this will be done automatically by the service. However, you still have to make sure to update the IPsec policy when the IP changes. Just compare the IP configured in IPsec with the current IP resolved by the DNS and update the IPsec config if they are different.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.