aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2020-03-27 21:51:40 +0100
committerGravatar Christian Hesse <mail@eworm.de>2020-03-27 22:12:49 +0100
commita2b009502fb04d8e9421bd11b28903ac0ba05eb4 (patch)
tree5ba3f242fa862ada793aa20c43ecf4affc7a48df
parentf45dbb3a7323a40cf8b8d5b5945bcdc3e80d6286 (diff)
add doc/update-gre-address.md
-rw-r--r--doc/update-gre-address.md38
-rw-r--r--update-gre-address1
2 files changed, 39 insertions, 0 deletions
diff --git a/doc/update-gre-address.md b/doc/update-gre-address.md
new file mode 100644
index 0000000..870759e
--- /dev/null
+++ b/doc/update-gre-address.md
@@ -0,0 +1,38 @@
+Update GRE configuration with dynamic addresses
+===============================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is
+easy to configure on client, but has an issue on server side: client IP
+addresses are assigned dynamically via mode-config and have to be updated
+for GRE interface.
+
+This script handles the address updates and disables the interface if the
+client is disconnected.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+ $ScriptInstallUpdate update-gre-address;
+
+... and add a scheduler to run the script periodically:
+
+ / system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;
+
+Configuration
+-------------
+
+The configuration goes to interface's comment. Add the client's IKEv2
+certificate CN into the comment:
+
+ / interface gre set comment="ikev2-client1" gre-client1;
+
+---
+[◀ Go back to main README](../README.md)
+[▲ Go back to top](#top)
diff --git a/update-gre-address b/update-gre-address
index fcd0183..8ede500 100644
--- a/update-gre-address
+++ b/update-gre-address
@@ -4,6 +4,7 @@
#
# update gre interface remote address with dynamic address from
# ipsec remote peer
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/update-gre-address.md
/ interface gre set remote-address=0.0.0.0 disabled=yes [ find where !running !disabled ];