From 03fb459ea4d1ec6e09d4d87b8c8e94b887f9ed89 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 17 Jan 2023 12:34:05 +0100 Subject: ipsec-to-dns: handle "CN=" from peer's id This was missing in commit bff6689b103287f44c573e3134b9b9a64c36c0a8 and cause the dns entry to be delete and re-created over and over again. --- ipsec-to-dns | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ipsec-to-dns b/ipsec-to-dns index 04ad4b8..530c714 100644 --- a/ipsec-to-dns +++ b/ipsec-to-dns @@ -16,8 +16,9 @@ :global PrefixInZone; :global CharacterReplace; -:global LogPrintExit2; +:global EscapeForRegEx; :global IfThenElse; +:global LogPrintExit2; :local Zone \ ([ $IfThenElse ($PrefixInZone = true) "ipsec." ] . \ @@ -35,7 +36,8 @@ :foreach DnsRecord in=[ /ip/dns/static/find where comment ~ $CommentPrefix ] do={ :local DnsRecordVal [ /ip/dns/static/get $DnsRecord ]; :local PeerId [ $CharacterReplace ($DnsRecordVal->"comment") $CommentPrefix "" ]; - :if ([ :len [ /ip/ipsec/active-peers/find where id=$PeerId dynamic-address=($DnsRecordVal->"address") ] ] > 0) do={ + :if ([ :len [ /ip/ipsec/active-peers/find where id~("^(CN=)?" . [ $EscapeForRegEx $PeerId ] . "\$") \ + dynamic-address=($DnsRecordVal->"address") ] ] > 0) do={ $LogPrintExit2 debug $0 ("Peer " . $PeerId . " (" . $DnsRecordVal->"name" . ") still exists. Not deleting DNS entry.") false; } else={ :local Found false; -- cgit v1.2.3-70-g09d2