#Script forchanging IPSEC address when DNS changes. #Script'll iterate through all peers looking forAddr_<dnsname>inchThe comments. It'll then#check forChangesinchThe IP forThat DNS nameifThe IP address differs it'll modify the peer# asWell asAny policy with the old IP address asWell . #TODO ADD Log Entries forchanges. #TODO Setup Netwatch Entries forEach tunnel:local ipsecpeer;:local"Vpn-interface-name";: Local"Vpn-dns-name";: Local"Current-vpn-ip";: Local"New-vpn-ip";: local ipsecpolicy;:local iskillneeded;/IP IPSec peer;:foreachIpsecpeerinch={[findwherecomment~"$addr _.*"]} Do={ :Set "Vpn-dns-name"([Get$ipsecpeer comment]); :Set "Vpn-dns-name"([:p Ick $"Vpn-dns-name" 5[: Len $"Vpn-dns-name"]]); :Set "New-vpn-ip"[: Resolve $"Vpn-dns-name"] :Set "Current-vpn-ip"[/IP IPSec peerGet$ipsecpeer Address]:Set "Current-vpn-ip"[:p Ick $"Current-vpn-ip" 0[: Find $"Current-vpn-ip" "/"]] :if($"Current-vpn-ip"!= $"New-vpn-ip") Do={ :Setiskillneededtrue; /IP IPSec peerSet$ipsecpeer address=$"New-vpn-ip"; /IP IPSec policy; :foreachIPSecPolicyinch={[findwheresa-dst-address=$"Current-vpn-ip"]} Do={ Set$ipsecpolicy sa-dst-address=$"New-vpn-ip"; } }}:if($iskillneeded =true) Do={ /IP IPSec remote-peers kill-connections;}
RouterOS Mikrotik Script updates the IP address of the IPSec side from DNS