add doc/update-gre-address.md

2024-05-14 08:04:19 +00:00 · 2020-03-27 21:51:40 +01:00 · 2020-03-27 21:51:40 +01:00 · a2b009502f
parent f45dbb3a73
commit a2b009502f
2 changed files with 39 additions and 0 deletions
--- a/doc/update-gre-address.md
+++ b/doc/update-gre-address.md
@ -0,0 +1,38 @@
+Update GRE configuration with dynamic addresses
+===============================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+Running a GRE tunnel over IPSec with IKEv2 is a common scenario. This is
+easy to configure on client, but has an issue on server side: client IP
+addresses are assigned dynamically via mode-config and have to be updated
+for GRE interface.
+
+This script handles the address updates and disables the interface if the
+client is disconnected.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate update-gre-address;
+
+... and add a scheduler to run the script periodically:
+
+    / system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;
+
+Configuration
+-------------
+
+The configuration goes to interface's comment. Add the client's IKEv2
+certificate CN into the comment:
+
+    / interface gre set comment="ikev2-client1" gre-client1;
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)
--- a/1
+++ b/1
@ -4,6 +4,7 @@
 #
 # update gre interface remote address with dynamic address from
 # ipsec remote peer
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/update-gre-address.md

 / interface gre set remote-address=0.0.0.0 disabled=yes [ find where !running !disabled ];