Using a dynamic dns name for a VPN server

The short of it

I’ve had a few times where I’ve wanted to make a secure tunnel between 2 locations but have only had connections with dynamic IP addresses to work with.

Sure it’s easy enough to setup a dynamic dns script for each router, but how about getting one to connect back to the other on its new IP address?

This little script can be used for just that.

:local "vpn-interface-name" "pptp-interface"
:local "vpn-dns-name" "your_dynamic_address"
:local "new-vpn-ip" [:resolve $"vpn-dns-name"]
:local "current-vpn-ip" [/interface pptp-client get $"vpn-interface-name" connect-to]
:if ($"current-vpn-ip" != $"new-vpn-ip") do={ /interface pptp-client set [find name=$"vpn-interface-name"] connect-to=$"new-vpn-ip"}

How it works

Firstly you need to

1. Create this as a new script, name it and setup a scheduler entry for how often you want it to run. I find 10 minutes works fine for me.

2. Change the variables in the script to suit (your_dynamic_address = the dns name for the remote router, pptp-interface = your pptp client interface name)

Thoughts

This sort of script works for more than just a pptp connection.
The same idea can be applied to EoIP tunnels, IPSec tunnels, etc etc.

The script will then check if the current IP for the dns name matches up with the IP you have set on the pptp client interface.

If it does match the script stops without doing anything (leaving the pptp connection intact)

If it does not match the script will update the interface to connect to the new IP address.

15 thoughts on “Using a dynamic dns name for a VPN server

  1. No problems at all. I plan on having a couple of new posts on the RB1100 in the next couple of days so keep an eye out ;-)

  2. Is there any reason why you used local variables instead of global variables?

    I ask this because what if I have multiple scripts running for various VPN connections.

  3. It’s a fine script. Would it be possible to trigger the execution from a “change of ip” event (like WAN dhcp update)?

    I don’t know if routeros has that kind of event triggering mechanism but if not, it would be a great addition!

  4. You are a genius!

    I was just about to code a similar script, but decided to browse the net for a solution, and found it!

    Great work. I love short and neat code which does exactly what you want it to.

    Thanks!

    G

  5. You’re right it’d be good. I seem to recall something about them introducing the “on-login” and “on-logout” scripts for pppoe a while back but I can’t find anything in the current versions so maybe I’m going crazy (or it could’ve been something that was only available in a beta release).

Leave a Reply