Skip to content Skip to sidebar Skip to footer
Home / Mikrotik Tutorial

MikroTik RouterOS VPN Site-to-Site Configuration With IPsec

Post a Comment

Have you ever wondered how to establish a secure and reliable site-to-site tunnel using MikroTik routers? Look no further! In this tutorial, we will dive into the process of setting up an EoIP tunnel with IPsec using MikroTik routers.

MikroTik Site To Site EoIP Tunnel With IPsec

Before we get started, let us first understand what EoIP and IPsec are.

EoIP: Ethernet over Internet Protocol (EoIP) is a tunneling protocol that allows you to connect two or more Ethernet networks over an IP network. Essentially, it's a way to encapsulate Ethernet traffic inside IP packets and transport them across an IP network.

IPsec: IPsec is a protocol suite for securing IP communications by encrypting and authenticating each IP packet involved in a communication session. It provides secure and confidential communication between two sites by creating a virtual private network (VPN).

Now that we have a basic idea about EoIP and IPsec, let's dive into the steps needed to set up an EoIP tunnel with IPsec.

Step 1: Configure IP Addresses

The first step is to configure the IP addresses for the two routers that will establish the site-to-site tunnel. We will assume that you have already configured basic network settings such as IP address and subnet mask.

For this tutorial, we will use the following example IP addresses:

  • Location A: IP address - 192.168.1.1/24
  • Location B: IP address - 192.168.2.1/24

You can use any IP address range that suits your network architecture.

Step 2: Configure EoIP Tunnel

After we have configured the IP addresses, the next step is to create the EoIP tunnel between the two routers.

Location A:

In your MikroTik router, navigate to Interfaces, and select EoIP. Click Add New to add a new EoIP interface. Name it "tunnel1" and set the tunnel ID to 1. Under the "Local Address" field, enter the IP address of the MikroTik router at Location A. Under the "Remote Address" field, enter the IP address of the MikroTik router at Location B.
Create a new EoIP Interface

Location B:

Follow the same steps on the MikroTik router at Location B as before. The only difference is that the "Local Address" will be the IP address of the MikroTik router at Location B, and the "Remote Address" will be the IP address of the MikroTik router at Location A.

Note: Make sure that the Tunnel ID is matching on both ends.

Step 3: Create IPsec Proposal

The next step is to create an IPsec proposal for the site-to-site tunnel. An IPsec proposal consists of several parameters that define the security protocols and algorithms used in the VPN tunnel.

In your MikroTik router, navigate to IP, and select IPsec. Click on the Proposal tab. Click Add New to create a new IPsec proposal. Name it "site-to-site" and configure the following parameters:

  • Encryptions: aes-128-cbc
  • Hash: sha1
  • Diffie-Hellman Group: group5

Create IPsec Proposal

Step 4: Create IPsec Peer

The next step is to create an IPsec peer for the site-to-site tunnel. An IPsec peer defines the remote IP address to which the MikroTik router will connect, along with the parameters of the IPsec proposal to be used.

Location A:

In your MikroTik router, navigate to IP, and select IPsec. Click on the Peers tab. Click Add New to create a new IPsec peer. Configure the following parameters:

  • Address: Enter the IP address of the MikroTik router at Location B
  • Proposal: Select the IPsec proposal that we previously created "site-to-site"
  • Auth Method: Pre-Shared Key
  • Exchange Mode: Aggressive
  • Secret: Create a Secret Key (Example: password)

Create IPsec Peer

Location B:

Follow the same steps on the MikroTik router at Location B as before. The only difference is that the Address will be the IP address of the MikroTik router at Location A.

Step 5: Create IPsec Policy

The final step is to create an IPsec policy for the site-to-site tunnel. An IPsec policy specifies which traffic will be encrypted and sent through the VPN tunnel.

Location A:

In your MikroTik router, navigate to IP, and select IPsec. Click on the Policies tab. Click Add New to create a new IPsec policy. Configure the following parameters:

  • Src Address: Enter the IP address of the MikroTik router at Location A
  • Dst Address: Enter the IP address of the MikroTik router at Location B
  • Protocol: 0 (Means all)
  • Proposal: Select the IPsec proposal that we previously created "site-to-site"
  • Src Port: Optional
  • Dst Port: Optional
  • Tunnel: Select the EoIP tunnel that we previously created "tunnel1"
  • Action: Encrypt

Create IPsec Policy

Location B:

Follow the same steps on the MikroTik router at Location B as before. The only difference is that the Src Address will be the IP address of the MikroTik router at Location B, and the Dst Address will be the IP address of the MikroTik router at Location A.

Conclusion

And there you have it! You have successfully established a secure and reliable site-to-site EoIP tunnel with IPsec using MikroTik routers. By following the five steps outlined in this tutorial, you can create a VPN tunnel that allows you to securely connect two or more networks over the internet.

Remember that this is just the tip of the iceberg when it comes to MikroTik routers. Continue exploring and experimenting to discover even more ways to improve your network infrastructure.

MikroTik Site to Site EoIP Tunnel with IPsec - System Zone
ipsec openvpn mikrotik vpn eoip ipip routeros gre client nordvpn routers configure ikev2 howto konfiguracja navigazione anonima systemzone elektroda blogamico



Post a Comment for "MikroTik RouterOS VPN Site-to-Site Configuration With IPsec"