Noah's IPSEC for Mikrotik
IPSec
Head Office Configuration
GRE Tunnels
/interface gre
add comment=BranchOffice !keepalive name=”To Branch” remote-address=192.168.0.2
OSPF Routing
/routing ospf area
add area-id=0.0.0.1 name=”Area 1″
add area-id=0.0.0.2 name=”Area 2″
add area-id=0.0.0.3 name=”Area 3″
add area-id=0.0.0.4 name=”Area 4″
/routing ospf network
add area=”Area 1″ network=192.168.0.0/30
add area=”Area 1″ network=192.168.1.0/24
add area=”Area 2″ network=192.168.0.4/30
add area=”Area 3″ network=192.168.0.8/30
add area=”Area 4″ network=192.168.0.12/30
IP Addresses
/ip address
add address=192.168.0.1/30 comment=Branch interface=”To Branch”
NAT Bypass for IPSEC ( MUST BE DRAGGED TO THE TOP OF NAT RULES! )
/ip firewall nat
add chain=srcnat dst-address=192.168.0.2 src-address=192.168.0.1
add chain=srcnat dst-address=192.168.0.6 src-address=192.168.0.5
add chain=srcnat dst-address=192.168.0.10 src-address=192.168.0.9
add chain=srcnat dst-address=192.168.0.14 src-address=192.168.0.13
IPSEC to Branches
/ip ipsec peer
add address=1.1.1.1 comment=”To Branch” enc-algorithm=aes-128 nat-traversal=no secret=
/ip ipsec policy
add comment=”To Branch” dst-address=192.168.0.2/32 sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=192.168.0.1/32 tunnel=yes
/ip ipsec peer
Set hostname
/system identity
set name=HeadOffice
Branch Office Configuration
GRE Tunnel
/interface gre
add comment=”To Headoffice” !keepalive name=”To Headoffice” remote-address=192.168.0.9
OSPF Routing
/routing ospf area
add area-id=0.0.0.3 name=”Area 3″
/routing ospf network
add area=”Area 3″ network=192.168.0.8/30
add area=”Area 3″ network=192.168.4.0/24
static route for vpn
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.0.9
NAT Bypass for IPSEC ( MUST BE DRAGGED TO THE TOP OF NAT RULES! )
/ip firewall nat
add chain=srcnat dst-address=192.168.0.9 src-address=192.168.0.10
IPSEC to Heritage
/ip ipsec peer
add address=2.2.2.2 comment=”To headoffice” enc-algorithm=aes-128 nat-traversal=no secret=
/ip ipsec policy
add comment=”To Headoffice” dst-address=192.168.0.9/32 sa-dst-address=2.2.2.2 > sa-src-address=1.1.1.1 src-address=192.168.0.10/32 tunnel=yes
ntp settings
/system
ntp client set enabled=yes > server-dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
Set hostname
/system identity
set name=BranchOffice