Hello,
Is there any tutorial or someone has any idea how to setup a Site-To-Site VPN between two Mikrotik routers but i am talking about two routers in two different countries(RouterA and RouterB) and i want RouterB to go to the Internet having the external IP or RouterA.
Thank you in advance.
It doesn’t matter whether the routers are in different countries or in different rooms of the same apartment. The tutorial is here; I’d recommend to use exchange-mode=ike2 instead of exchange-mode=main right from the start. Once you succeed with this, you can modify the policies so that RouterB has dst-address=0.0.0.0/0 in the policy associated to the peer representing RouterA, and RouterA has src-address=0.0.0.0/0 in the policy associated to the peer representing RouterB. That will make all communication of RouterB flow via RouterA. But before doing this change, for each LAN subnet on router B, you have to add a policy with action=none src-address=0.0.0.0/0 dst-address=the.lan.sub.net/mask before the one with action=encrypt, to prevent the traffic among these LANs and between the router itself and these LANs from being redirected to the tunnel.
Or you can use IPsec just to encrypt an IPIP or GRE tunnel, and use the interface representing that tunnel one as the WAN of RouterB. At RouterB, you’ll need to add a specific route to RouterA’s public IP via the regular WAN’s gateway to be able to make the default route use the tunnel as its gateway, otherwise the tunnel would be coming up and falling down all the time. At RouterA, you’ll ad routes to RouterB’s LAN subnets via the tunnel.
If one of the two routers doesn’t have a public IP on itself, you’ll have to have a look at the Road Warrior setup on the same manual page. If none of them has a public address, it may not be possible to set a tunnel up at all, depending on how the ISP’s NATs at both ends work.