MikroTik

If anyone can help please with a guide as to how to create a VPN between two Mikrotik routers?

I am looking to have a host on site A and a client on site B and to be able to tunnel all internet traffic from site B through site A.

Thank you in advance.

Here you can find an example of SSTP VPN https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP

Thank you Zacharias,

Sign certificates and add CRL url. We will use IP address of the server as CRL URL.
/certificate
sign ca-template ca-crl-host=10.5.101.16 name=myCa

In the above Wiki (https://wiki.mikrotik.com/wiki/Manual:C ... rtificates )what does it mean the "IP address of the server"? Should I enter the router's local address or my Wan address from the ISP? My Mik.router is connected to my VDSL modem (modem handles internet and router handles DHCP server). I have a dynamic Wan IP.

You don't need certificates between two mikrotik routers.
You have to use your WAN IP address. Is it static or dynamic ?
Portforward your SSTP's server port from your ISP's router to your Mikrotik router.

Sorry I am confused ...I enabled SSTP server through (winbox) PPP / Interface / SSTP server but now am stuck. I would assume that I need to create a server with a username and password (certificate?) and an I.P. address which then I would enter on a client router and thus I would be able to have a VPN tunnel.

After enabling the SSTP server (I haven't entered anywhere username password IP etc. ) what should I configure next ?

In that link you sent me at the application examples section talks about certificates that's why I got confused...

I am using a dynamic WAN IP address and have a ddns account, can I enter that instead of a x.x.x.x (and if yes where on the client?)

In the link i've sent you there is an example lower in the page for a site to site VPN...

I thought I had followed the directions correctly, but obviously not since the client is not connecting ...

In the attached design the 192.168.80.1:443 I.P. is the vdsl's modem ip from the ISP? I am confused by the three addresses on each mikrotik router . My setup only operates one I.P. address as all ports are bridged so my router listens to 192.168.0.1/24 and the modem on 192.168.0.254. Also because I have a dynamic IP address from the ISP how can I have both routers know when it changes ?

On the server side:
[admin@MikroTik] /certificate> print
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired,
T - trusted
# NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT
0 K L A T myCa myCa 4aa495c07e26ad3c...
1 K A T server server a070aac13b04b84e...
2 K A client1 client1 fa426e8ce0946f1f...

On the client side:

[admin@MikroTik] /certificate> print
Flags: K - private-key, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired,
T - trusted
# NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT
0 L A T cert_exp... myCa 4aa495c07e26ad3...
1 K A T cert_exp... client1 fa426e8ce0946f1...


Thank you.