MikroTik

Community discussions
https://forum.mikrotik.com/

Can multiple S2S VPNs between the same two sites coexist on the router?

https://forum.mikrotik.com/viewtopic.php?t=204624

Page 1 of 1

Can multiple S2S VPNs between the same two sites coexist on the router?

Posted: Thu Feb 15, 2024 6:06 pm
by xtemplarx
Is it feasible to have both IPSEC and Wireguard connections between two office networks? I'm trying to route some internet traffic and not having a good time with the IPSEC Policy method of routing. Wireguard seems to be a bit simpler in terms of routing.

Re: Can multiple S2S VPNs between the same two sites coexist on the router?

Posted: Thu Feb 15, 2024 6:27 pm
by IlKa
It is possible to have several routes between two networks, but why do you need it?
If you already set up Wiregard, why do you need another VPN?

IPSec policy could be pretty complex sometimes, but you could use GRE+IPSec which is pretty simple to configure. It uses IKEv1 (AFAIK) but still works perfectly

https://help.mikrotik.com/docs/display/ROS/GRE

This is probably the most simple way to create VPN between two Mikrotiks with public addresses.

Re: Can multiple S2S VPNs between the same two sites coexist on the router?

Posted: Thu Feb 15, 2024 6:31 pm
by xtemplarx
It is possible to have several routes between two networks, but why do you need it?
If you already set up Wiregard, why do you need another VPN?

IPSec policy could be pretty complex sometimes, but you could use GRE+IPSec which is pretty simple to configure. It uses IKEv1 (AFAIK) but still works perfectly
The environment i've inherited already has an IPSEC policy tunnel established, but we need to route github.com traffic through it, and I'm not grasping very well how to make that work in a simple manner. Wireguard appears to have simpler routing rules, so my thought was to set up a wireguard tunnel alongside the IPSEC and only use it for routing github traffic through.

Re: Can multiple S2S VPNs between the same two sites coexist on the router?

Posted: Thu Feb 15, 2024 6:55 pm
by pe1chl
When you want to route arbitrary traffic over a tunnel, it is easiest when it is a GRE/IPsec (or IPIP/IPsec) tunnel as described above.
When you already have a plain IPsec tunnel it is possible to convert it but you need admin access to both sides.

Re: Can multiple S2S VPNs between the same two sites coexist on the router?

Posted: Thu Feb 15, 2024 8:32 pm
by xtemplarx
When you want to route arbitrary traffic over a tunnel, it is easiest when it is a GRE/IPsec (or IPIP/IPsec) tunnel as described above.
When you already have a plain IPsec tunnel it is possible to convert it but you need admin access to both sides.
I do have full access to both ends of the tunnel, but one is Mikrotik and one is a TPLink router, so while they both may support GRE/IPsec, i'm not certain of that yet.

I'll do some digging to familiarize myself with the differences.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/