Change IPSEC local-address when PPPOE interface comes up

Problem: Create an IPSEC tunnel from VYOS (Dynamic IP) to Fortigate (Static) The FortiGate supports a DYDNS FQDN on that side.

I have tried scripting a configuration change when the PPPOE interface comes up. My script works when I execute it from the command prompt but not when run from /etc/ppp/ip-up.d/1000-vyos-pppoe-pppoe0

For simplicity, I’m not passing in the local_ip_variable from pppd yet.

#calling script from 1000-vyos-pppoe-pppoe0
sg vyattacfg -c /etc/ppp/ip-up.d/



$cfg begin
$cfg set vpn ipsec site-to-site peer <PEER_ADDRESS> local-address
$cfg commit
$cfg end`

I think it might be a permission issue but not sure how to proceed. I have tried different forms of the scripts and also calling it with sudo. The script is owned by the vyattacfg group and has the same permissions as the parent script.

-rwxr-xr-x 1 root vyattacfg 1273 Feb 15 00:05 1000-vyos-pppoe-pppoe0
-rwxr-xr-x 1 root vyattacfg 204 Feb 14 23:37

Try to add:

if [ $(id -gn) != vyattacfg ]; then
    exec /usr/bin/sg vyattacfg "$0 $*"

export PATH