GRE over IPsec using MikroTik

How to Port Forward with MikroTik router step by step
February 18, 2015
Bandwidth Merge or Load Balance with Failover step by step
February 28, 2015
Show all

 

Mikrotik-1GRE Tunnel and IP Address Configuration:

MikroTik1> ip address add address=10.10.10.2/30 interface=ether1

MikroTik1> ip address add address=192.168.1.1/24 interface=ether5

MikroTik1> interface gre add name= gre-tunnel1 local-address=10.10.10.2 remote-address=10.10.10.6

MikroTik1> ip address add address=172.16.1.1/30 interface= gre-tunnel1

Mikrotik-1 Router IPSec VPN Configuration: 

MikroTik-1>ip ipsec peer>add address=10.10.10.6/32:500 auth-method=pre-shared-key secret=”password”

generate-policy=no exchange-mode=main send-initial-contact=yes

nat-traversal=no proposal-check=obey hash-algorithm=sha1

enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0

dpd-interval=disable-dpd dpd-maximum-failures=1

MikroTik-1> ip ipsec policy>add src-address=10.10.10.2/32:any dst-address=10.10.10.6/32:any

protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes

sa-src-address=10.10.10.2 sa-dst-address=10.10.10.6 proposal=default

priority=0

MikroTik-1 >ip ipsec proposal>add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m  pfs-group=modp1024

Mikroitk-1 Router OSPF Configuration:

MikroTik-1> routing ospf> network add network=192.168.1.0/24 area=backbone

MikroTik-1> routing ospf> network add network=172.16.1.0/30  area=backbone

Mikrotik-2 GRE Tunnel and IP Address Configuration:

MikroTik2# ip address add address=10.10.10.6/30 interface=ether1

MikroTik2# ip address add address=192.168.2.1/24 interface=ether5

MikroTik2# interface gre add name= gre-tunnel1 local-address=10.10.10.6 remote-address=10.10.10.2

MikroTik2# ip address add address=172.16.1.2/30 interface= gre-tunnel1

Mikrotik-2 Router IPSec VPN Configuration: 

MikroTik-2#ip ipsec peer>add address=10.10.10.2/32:500 auth-method=pre-shared-key secret=”password”

generate-policy=no exchange-mode=main send-initial-contact=yes

nat-traversal=no proposal-check=obey hash-algorithm=sha1

enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0

dpd-interval=disable-dpd dpd-maximum-failures=1

MikroTik-2#ip ipsec policy>add src-address=10.10.10.6/32:any dst-address=10.10.10.2/32:any

protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes

sa-src-address=10.10.10.6 sa-dst-address=10.10.10.2 proposal=default

priority=0

MikroTik-2#ip ipsec proposal>add name=”default” auth-algorithms=sha1 enc-algorithms=3des lifetime=30m  pfs-group=modp1024

Mikroitk-2 Router OSPF Configuration:

MikroTik-2#routing ospf> network add network=192.168.2.0/24 area=backbone

MikroTik-2#routing ospf> network add network=172.16.1.0/30  area=backbone