Hello,
I've created a script to automatically create/update a site2site VPN tunnel between two meraki organizations.
The script requires Dashboard API V1.
usage: org2orgVPN.py [-h] -o1 ORGANIZATION1 -o2 ORGANIZATION2
[-t1 TAGS1 [TAGS1 ...]] [-t2 TAGS2 [TAGS2 ...]] [-p PSK]
[--ike-version IKE_VERSION]
This script will create/update the VPN connection between two meraki
organizations
optional arguments:
-h, --help show this help message and exit
-o1 ORGANIZATION1, --organization1 ORGANIZATION1
the name/id of the first organization
-o2 ORGANIZATION2, --organization2 ORGANIZATION2
the name/id of the second organization
-t1 TAGS1 [TAGS1 ...], --tags1 TAGS1 [TAGS1 ...]
the tags from the first organization to grab the vpn
networks and remote IPs. Leave Empty for all
-t2 TAGS2 [TAGS2 ...], --tags2 TAGS2 [TAGS2 ...]
the tags from the second organization to grab the vpn
networks and remote IPs. Leave Empty for all
-p PSK, --psk PSK the psk for the vpn connection. Use "random" to
generate a random key
--ike-version IKE_VERSION
the IKE version. Must be 1 or 2
What it will exactly do:
- Get all networks with an MX and given network tags for both organizations
- Get all "VPN On" subnets
- Get the public IP of the networks
- Get the "dynamic-m.com" address of the networks
- Update existing third party peers
- It will match the networks based on the remote public IP or the "name" (must xxxxx.dynamic-m.com)
- update all remote subnets
- update "tags" -> only networks with the specified tags will connect to the remote peer
- update name to xxxxx.dynamic-m.com (will be limited to 32 characters as the name field doesn't support more at the moment)
- set IPsec policy to "Default" (recommended by Meraki support for MX2MX tunnels)
- [Optional] update PSK
- [Optional] update ike_version
- Create new third party peers
- PSK must be given
Note: It will NEVER remove an existing third party VPN peer.
In the dashboard the new peers will look like this (nothing unusal):
