Last active
October 4, 2020 09:24
-
-
Save adrianmo/e54fbcd2c9d3cce80260 to your computer and use it in GitHub Desktop.
Mikrotik script to update a dynamic DNS host and IPsec policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##############Script Settings################## | |
| :local DDNSUser "username" | |
| :local DDNSPass "password" | |
| :local DDNSDomain "yourhost.ddns.net" | |
| :local DDNSServer "https://members.dyndns.org/v3/update" | |
| :local WANInter "pppoe-out1" | |
| ############################################### | |
| :local IpCurrent [/ip address get [find interface=$WANInter] address]; | |
| :for i from=( [:len $IpCurrent] - 1) to=0 do={ | |
| :if ( [:pick $IpCurrent $i] = "/") do={ | |
| :local NewIP [:pick $IpCurrent 0 $i]; | |
| :if ([:resolve $DDNSDomain] != $NewIP) do={ | |
| /tool fetch mode=https user=$DDNSUser password=$DDNSPass url="$DDNSServer\3Fhostname=$DDNSDomain&myip=$NewIP" keep-result=no | |
| :log info "DDNS Update: $DDNSDomain - $NewIP" | |
| :log info "IPsec: Updating IPsec Policy." | |
| /ip ipsec policy set [find comment="myIPsec"] sa-src-address=$NewIP | |
| :log info "IPsec: IPsec Policy updated." | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No, I don't have a script for Mikrotik's Cloud ID service since it was not available when I created this script. If you use Cloud ID, I guess you don't need to update the DNS record as this will be done automatically by the service. However, you still have to make sure to update the IPsec policy when the IP changes. Just compare the IP configured in IPsec with the current IP resolved by the DNS and update the IPsec config if they are different.