Home > Articles > Networking > Routing & Switching

  • Print
  • + Share This
From the author of Creating a Site-to-Site Tunnel

Creating a Site-to-Site Tunnel

Now you’ll set up a IPsec VPN tunnel between two RouterOS machines. This is useful when you have multiple offices or locations and you want to share between each of the networks. First you'll configure accept and masquerading rules in SRC-NAT from the command-line.

For Router 1:

ip firewall nat add chain=srcnat src-address=10.1.0.0/24 dst-address=10.2.0.0/24
ip firewall nat add chain=srcnat out-interface=public action=masquerade

For Router 2:

ip firewall nat chain=srcnat add src-address=10.2.0.0/24 dst-address=10.1.0.0/24
ip firewall nat chain=srcnat add out-interface=public action=masquerade

Now you have to configure the IPsec settings on each.

For Router 1:

ip ipsec policy add src-address=10.1.0.0/24 dst-address=10.2.0.0/24 action=encrypt tunnel=yes
 sa-src-address=1.0.0.1 sa-dst-address=1.0.0.2
ip ipsec peer add address=1.0.0.2 exchange-mode=aggressive secret="gvejimezyfopmekun"

For Router 2:

ip ipsec policy add src-address=10.2.0.0/24 dst-address=10.1.0.0/24 action=encrypt
 tunnel=yes sa-src-address=1.0.0.2 sa-dst-address=1.0.0.1
ip ipsec peer add address=1.0.0.1 bexchange-mode=aggressive secret="gvejimezyfopmekun"

Stay tuned—in the second article of this series you'll experiment with the hotspot features of RouterOS.

  • + Share This
  • 🔖 Save To Your Account