Hi,
I’m trying to setup ipsec tunnel between 2 MikroTik’s where only one has publicIP on the WAN port - the other is behind ISP router without possibility to add any port forwarding and I’m wondering if it is possible?
At least when using L2TP/IPsec you do not need any special tricks.
Put the L2TP server on the site with the public IP and connect it from the other site. That one can even have a dynamic IP.
The same is true for much easier VPN wireguard. As long as one side has public IP you are good to go…
Thanks, sounds very promising … is there any guide or manual how to achieve that ?
Yes, that should work. Search the forum for “NAT-T” and “NAT traversal”.