Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik_vpn_ipsec [2022/02/24 11:18]
gcooper
+++ networking:router:mikrotik_vpn_ipsec [2023/06/21 15:26] (current)
gcooper
@@ Line 74: / Line 74: @@
 /ip ipsec policy
 add dst-address=$SubnetBehindRouter2 sa-dst-address=$Router2WanAddr sa-src-address=$Router1WanAddr \
-  src-address=$SubnetBehindRouter1 tunnel=yes
+  src-address=$SubnetBehindRouter1 peer=$Site2Name tunnel=yes
 # NAT bypass rule
@@ Line 110: / Line 110: @@
 /ip ipsec policy
 add dst-address=$SubnetBehindRouter1 sa-dst-address=$Router1WanAddr sa-src-address=$Router2WanAddr \
-  src-address=$SubnetBehindRouter2 tunnel=yes
+  src-address=$SubnetBehindRouter2 peer=$Site1Name tunnel=yes
 # NAT bypass rule
@@ Line 150: / Line 150: @@
 <note tip>To convert a S2S VPN connection from **two-sides-static** to **one-side-dynamic**:
-  * Modify the (dynamic IP) peer on the router with static WAN IP:
+  * Modify the (dynamic IP) peer definition on the router with static WAN IP:
     * Set the IP address to ''0.0.0.0/0''
     * Select ''Passive''
     * Deselect ''Send INITIAL_CONTACT''
     * Responder
-  * Modify the (static IP) peer on the router with dynamic WAN IP:
+  * Modify the (static IP) peer definition on the router with dynamic WAN IP:
     * Set the IP address to the static WAN IP address of the other router
     * Deselect ''Passive''
@@ Line 169: / Line 169: @@
 /ip ipsec peer
 add name=peername passive=yes
-/ip ipsec profile
-set [ find default=yes ] enc-algorithm=aes-256,aes-128,3des
 /ip ipsec identity
 add peer=peername secret=yourpresharedkey

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools