Hello all!

I want to connect a remote site (small network with a Mikrotik) behind a natted router with my home site which is also a Mikrotik. I want to have access to my computers on my home site and beside that I want to route all traffic from the remote site to the internet through the tunnel and my home site. That is for safety reason and to appear with my home site IP.

I tried OpenVPN which works quite ok, but the performance isn't that good. Second I tried was IPsec over L2TP. Works fine for site2site with good performance, but I was unable to route the internet traffic from the remote site through the home based router.

Any hints from u, how to solve that problem?

BR Holger

Hi

For remote traffic to go through home, you would need to route that traffic over vpn tunnel -> gateway should be the remote ip of the tunnel.
Second, you'll need to forward traffic from home for remote ip's over tunnel too -> again gateway should be the remote ip of the tunnel.

Note that IPSec + GRE(or IPIP) would be a better option for tunnel.

IPsec works with policies not with routing and 0.0.0.0 is not accept there......

That's why you need a tunnel on top: IPSec will only encrypt the GRE/IPIP/... tunnel. But inside that tunnel you're free of (policy) limitation of IPSec

The GRE documentation ist not the best one at mikrotik. Do I have to use the static addresses generated by L2TP as local/remote address and afterwards the routing is done in the routing table? Where is the encryption defined at GRE?

For the GRE / IPSec / .. tunnel to be encrypted with ipsec just specify the ipsec-secret on both ends (short-cut).
This will create the gre tunnel, which is encrypted by ipsec. To these interfaces, gre tunnel endpoints, assign ip's, on both ends, and use these assigned ip's for routing.

is that only done by a passphrase? no keys possible?

ipsec-secret is with phrase only (was a shortcut to simplify simple setups). If you want to use certs, then you'll need to configure ipsec manually for that tunnel.

So define tunnel normally "in clear" and define ipsec policy, ... for communication between these tunnel endpoints.