Hello,
I've got a problem with building site-to-site IPSec VPN when one of the peers has dynamic address (both RBs). L2TP VPN works fine, but I need to use IPSec.
I've found a script in archive which looks through assigned IP-adreesses on RB (pppoe client) and when it finds the correct, it assigns it to the sa-src-address property of the ipsec policy. But the problem is that it doesn't work in 3.х, it has been developed for 2.x

I would configure something like the following:


/ip ipsec peer add address=1.1.1.2 secret=qazwsxedc generate-policy=no
/ip ipsec policy add sa-src-address=0.0.0.0 sa-dst-address=1.1.1.2 action=encrypt tunnel=yes <src- and dst- addresses as appropriate>
/system script add name=addr-refresh source={:foreach i in=[find] do {:if ([/ip address find address=[/ip route get $i preferred-source]]!="") do {:if([/ip address get [/ip address find address=[/ip route get $i preferred-source]] address]=[/ip dhcp-client lease get address]) do {:if ( [/ip ipsec policy get [/ip ipsec policy find sa-dst-address=1.1.1.2] sa-src-address] != [/ip route get $i preferred-source]) do {/ip ipsec policy set [/ip ipsec policy find sa-dst-address=1.1.1.2] sa-src-address=[/ip route get $i preferred-source] }}} }}

I 've added some modifications - assigned global variables, changed preferred-source to pref-src, made "do={" instead of "do {" but it still doesn't work.
Can anybody help with transforming it into 3.x of may be there is another way to accompish the task?

Regards, Dinar.