电子灵魂

golang,go,C#,JAVA,PYTHON,PHP

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理
# IPSec Peer/Policy Updater for Dynamic WAN addresses

# ==================================================

# CONFIGURATION START

# ==================================================

:local localfqdn "local.fqdn-or-ip.domain.tld"

:local remotefqdn "remote.fqdn-or-ip.domain.tld"

:local peertag "peer-comment"

:local policytag "policy-comment"

# ==================================================

# CONFIGURATION END

# ==================================================

/ip dns cache flush

:local localsite "0.0.0.0"

:local remotesite "0.0.0.0"

:if ( [ :tostr [ :toip $localfqdn ] ] != $localfqdn ) do={

:set localsite [ :resolve $localfqdn ]

} else={

:set localsite $localfqdn

}

:if ( [ :tostr [ :toip $remotefqdn ] ] != $remotefqdn ) do={

:set remotesite [ :resolve $remotefqdn ]

} else={

:set remotesite $remotefqdn

}

:log info ( "IPSec: setting local to ". $localsite ." and remote to ". $remotesite ."." )

/ip ipsec policy set [ /ip ipsec policy find comment="$policytag" ] sa-src-address=$localsite sa-dst-address=$remotesite

/ip ipsec peer set [ /ip ipsec peer find comment="$peertag" ] address="$remotesite/32"

# ==================================================

# END OF SCRIPT

# ==================================================
posted on 2015-04-14 00:10  conncent  阅读(337)  评论(0编辑  收藏  举报