I want to connect a remote site (small network with a Mikrotik) behind a natted router with my home site which is also a Mikrotik. I want to have access to my computers on my home site and beside that I want to route all traffic from the remote site to the internet through the tunnel and my home site. That is for safety reason and to appear with my home site IP.
I tried OpenVPN which works quite ok, but the performance isn’t that good. Second I tried was IPsec over L2TP. Works fine for site2site with good performance, but I was unable to route the internet traffic from the remote site through the home based router.
For remote traffic to go through home, you would need to route that traffic over vpn tunnel → gateway should be the remote ip of the tunnel.
Second, you’ll need to forward traffic from home for remote ip’s over tunnel too → again gateway should be the remote ip of the tunnel.
Note that IPSec + GRE(or IPIP) would be a better option for tunnel.
The GRE documentation ist not the best one at mikrotik. Do I have to use the static addresses generated by L2TP as local/remote address and afterwards the routing is done in the routing table? Where is the encryption defined at GRE?
For the GRE / IPSec / .. tunnel to be encrypted with ipsec just specify the ipsec-secret on both ends (short-cut).
/interface gre add ipsec-secret=...
This will create the gre tunnel, which is encrypted by ipsec. To these interfaces, gre tunnel endpoints, assign ip’s, on both ends, and use these assigned ip’s for routing.
ipsec-secret is with phrase only (was a shortcut to simplify simple setups). If you want to use certs, then you’ll need to configure ipsec manually for that tunnel.
So define tunnel normally “in clear” and define ipsec policy, … for communication between these tunnel endpoints.