We recently purchased our first Mikrotik router for an outlying station. The original plan was that it was a standalone set up and it would be sometime before a vpn connection to be established between our main office and there which gave time to get used to finding our way around RouterOS. Unfortunately they pushed up the VPN connection from “maybe in a year or 2” to right away. I’ve been looking through forums and manuals trying to get an understanding of how to do this but have not had any luck or have fully understood what I was reading. I’ve attached a screenshot of our Barracuda router VPN settings that we have usually used and am hoping someone can help me understand how to configure our Mikrotik to communicate over a tunnel to our main office. Not all traffic needs to be run through the main office, just hoping to have calls to the main office subnet get routed to here and regular internet can go out the internet at the branch office. Currently the branch office does not have a static IP but that will be most likely be changing but the main office does. If someone could either help or point me to an article that can explain how this works using the web or winbox interface would be appreciated. Thank you.
AFAIK ROS support AES/SHA/DH generic combo in IPSec quite well. you just need to properly import certificates into it.
never did site2site on ROS, yet. so can’t be particularaly helpful.
but i hope you find relevant wiki pages helpful somehow.
they also had cute IPSec article/book about (made by Tomas from Atrius):
http://mum.mikrotik.com/presentations/HR13/kirnak.pdf
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
http://wiki.mikrotik.com/wiki/Routing_through_remote_network_over_IPsec
http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP
p.s. there was also some nice threads about IPSec on ROS both in this forum or relevant/similar(to MT consumers/needs). also its quite funny to check youtube about IPSec experience of ROS users to watch/learn, which i suggest aswell.
You can put the information you posted there in the IP->IPsec menu of the MikroTik router in the Policy and Peer tabs.
Peer describes how you connect the remote (the Barracuda) with the Phase 1 parameters and the static passphrase.
You don’t need to use certificates when this is not configured on the Barracuda.
Policy describes your local and remote subnets and how they are to be tunneled/encrypted in Phase2.