Hi everyone,
so I try to understand more about networking in general and VPNs in context of Mikrotik,
because 5 min videos showing how to configure a tunnel it’s not enough for me - it works, but I don’t know why.
My lab:
Question:
IKEv2 policy-based tunnel it’s not for me (yet). I very much like an idea of having routable interfaces which represents my
S2S VPN endpoints so I try to configure the IPIP. I understand that it’s not a server-client model like L2TP, so it requires dedicated network for each interface - with 2 sites, no problem. But what about 20, 30 sites? So many server-binding-like interfaces(and networks) and I think many, many firewall rules. Dumb question, but it is a better way of doing this or it has to be like that, because this is how the IPIP is architected?
Thank you.
Have a look at wireguard, it is very good, and handles NAT well.
You will likely need something brisk for 20-30 clients at a good speed.
Perhaps an RB5009 (or low end ccr) would be a good starting point.
IP → IP between MT devices is very easy and my choice for back up to wireguard.
All that is required is an ipsec secret shared between the two devices.
For single users not that easy, but wireguard for sure is, but not sure how it scales for large number of users