Hi everybody, I’m setting up a basic policy-based VPN to my GCP account - one on-premise subnet to one subnet in a GCP VPC. I ran across this post:
https://hasanuddin-muhamad15.medium.com/create-ipsec-tunnel-between-google-cloud-platform-and-mikrotik-8a8469c0f019
About midway down the author shows creating a IPSEC proposal and following through with some other steps in the MikroTik GUI, but it looks like an older version. I was wondering if there’s an easy to follow document that would show the Terminal commands to do the same thing. It seems like the first step is something like
/ip ipsec proposal add name=gcp auth-algorithms=sha1 enc-algorithms=aes-256-cbc pfs-group=none
…but that’s as far as I get trying to work through it. Wondering if anyone has any pointers for me, or if there’s a better war to do it in the Terminal? Thanks-
Commands should be as follow:
/ip ipsec profile
add dh-group=modp4096 enc-algorithm=aes-256 hash-algorithm=sha512 name=gcp-profile
/ip ipsec proposal
add auth-algorithms=sha512 enc-algorithms=aes-256-gcm name=gcp-proposal pfs-group=modp8192
/ip ipsec group
add name=gcp
/ip ipsec peer
add address="GCP_public_IP" exchange-mode=ike2 name=gcp-peer profile=gcp-profile
/ip ipsec mode-config
add name=gcp-modeconf responder=no
/ip ipsec identity
add auth-method=pre-shared-key generate-policy=port-strict mode-config=gcp-modeconf peer=gcp-peer policy-template-group=gcp secret="PSK"
/ip ipsec policy
add action=encrypt dst-address="GCP_internal_subnet" peer=gcp-peer proposal=gcp-proposal src-address="MT_internal_subnet" tunnel=yes
Change the settings in quotes to the appropriate ones (IP, subnet, password, etc.)