Mikrotik Router Site to site IPSec VPN Tunnel Configuration

Dear Tania thanks for your great effort and I follow your steps but I end with lose the connection with my router and I had to reset it and reconfigure again but without you fatal mistake which is ::::  in the new IPSEC policy window in General tab you MUST sorc address which is your LAN subnet and in dest address the remote LAN subnet. that is your fatal mistake because if you leave it as 0.0.0.0 as you did in this video it will encrypt every traffic include the traffic inside the LAN it self so it will not accept traffic from PC to its local router unless it is encrypted.

awafa

WARNING - you should NOT use 0.0.0.0/0 as source and destination in the policy - If you do, you will lose your internet connection and any other connections that are NOT supposed to be encrypted.   You will probably also lose connection to your router.   You should specify the source (internal) network and destination (internal) network ranges that you want to communicate over the ipsec tunnel.

keithwaters

I have contracted 2 ISPs in each office. Can you tell me if you can configure 2 VPN simultaneously between the 2 extremes? The idea is that one is primary and the other backup. If you could use the 2 at the same time would be ideal! Thank you.

MAXIMILIANOBOLLINILANDAJO

BEWARE!!! By following this tutorial both routers will loose any access. There is a general mistake made: when setting the policy all dst and src addresses are set to 0.0.0.0. You will lock yourself out from the routers by doing this. Make sure you set the subnet ips for those values.

LE

2:38. Headphones. You hear a rooster. Love this. Assuming one is in the country but learning IT.

fatimak

Dear Tania Thanks for your video. it was really helpful. Just 2 question make my mind busy. One is about Mikrotik and One is Non-Mikrotik question :). Excuse-me if I ask here because no other way for get the answer:
1. Why is the reason for using Masquerade NAT. Without it IPSec face with problem really? Because I think ESP is NAT-Traversal. so Even your network was behind the NAT router, even you should have access.
2. I'm Really apologize but I have thought Tania is the name of girl for many years. But it seems i was in wrong really. Even google couldn't help. I think you be from east of asia. So may we know about which is the country that this name is for different purpose? it was really interesting for me.

aliseven

Hi, I'm trying to create the tunnel, in principle all well in remote parts I get established connection on one side as on the other initiator and responder. but I see the opposite local ips, bone ping the local ip router 1 to the local ip router 2 and vice versa.
any suggestions? if I get Connection established that most need? thanks for the tutorial a greeting.

troyar

Can I use it, even when both site have automatic link?Link with automatic ip.

kadasross

please sombody help after i applied ipsec policy my internet is not working and cant connect to mikrotik router but still getting ip

zubaralhadeed

I think the sound is good and it was prety helpfull, but I still can't get to ping the remote lan, and in the initialised SA, never appears the conections. and please forgive my bad english. Can sombody helpme

datazca

How to configure ???? I need it step by step

kadasross

This is an extremely quiet video, I can't hear anything :(

DethmourneSilvermane

Bad sound, I think you must to record same video again

kadasross

My volume is on full in application and speakers and I still can't hear this guy ... :(

deserttek