Скрипты для Mikrotik

Скрипт определяет какой внешний ip у микротика через 4G и подставляет этот ip в правило политик ipsec

:local WANip [/ip address get [find interface=»lte1″] address]
:local shortWANip [:pick «$WANip» 0 ([:len $WANip] — 3)]
:local IPSECip [/ip ipsec policy get [find comment=»dynamic ip»] SA-Src-Address]
if ($shortWANip != $IPSECip) do={
/ip ipsec policy set [find comment=»dynamic ip»] SA-Src-Address=$shortWANip src-address=$WANip
}

Скрипт для dynDNS

:global ddnsuser «пользователь»
:global ddnspass «пароль»
:global theinterface «lte1»
:global ddnshost myhost.dlinkddns.com
:global ipddns [:resolve $ddnshost];
:global ipfresh [ /ip address get [/ip address find interface=$theinterface ] address ]
:if ([ :typeof $ipfresh ] = nil ) do={
:log info («DynDNS: No ip address on $theinterface .»)
} else={
:for i from=( [:len $ipfresh] — 1) to=0 do={
:if ( [:pick $ipfresh $i] = «/») do={
:set ipfresh [:pick $ipfresh 0 $i];
}
}

:if ($ipddns != $ipfresh) do={
:log info («DynDNS: IP-DynDNS = $ipddns»)
:log info («DynDNS: IP-Fresh = $ipfresh»)
:log info «DynDNS: Update IP needed, Sending UPDATE…!»
:global str «/nic/update\?hostname=$ddnshost&myip=$ipfresh&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG»
/tool fetch address=members.dyndns.org src-path=$str mode=http user=$ddnsuser \
password=$ddnspass dst-path=(«/DynDNS.».$ddnshost)
:delay 1
:global str [/file find name=»DynDNS.$ddnshost»];
/file remove $str
:global ipddns $ipfresh
:log info «DynDNS: IP updated to $ipfresh!»
} else={
:log info «DynDNS: dont need changes»;
}
}

IPSec между Zyxel Zywall 1050 и Mikrotik

zywall USG VPN Gateway (Phase 1 (фаза 1)) = mikrotik ipsec Peer (Phase 1 (фаза 1))
zywall USG VPN L2TP (Phase 2 (фаза 2)) = mikrotik Policy and Proposal (Phase 2 (фаза 2))

Diffie-Hellman Group Name Reference
Group 1 768 bit MODP group RFC 2409
Group 2 1024 bits MODP group RFC 2409
Group 3 EC2N group on GP(2^155) RFC 2409
Group 4 EC2N group on GP(2^185) RFC 2409
Group 5 1536 bits MODP group RFC 3526