Is it possible to do this, and is it recommended? How do you recommend terminating these and routing the traffic to customers?
Cheers.
ok, it seems to work fine… however, two separate tunnels can talk to each other. Suggestions?
What filters do you have in the forwarding chain? RouterOS routes all interfaces by default.
none at the moment. Could you give an example of what I would need?
If there are no rules in the forwarding chain the router will route all paths. You can either treat the device as a firewall type device or a router type device.
If you are treating it as a firewall device place a “drop all” rule in the forwarding chain (action = drop, no selection criteria) then above that place rules for the traffic that is to be allowed.
If you are treating it as a router then you can simply enter “drop” rules in the forwarding chain for traffic paths that you wish to block.
We got this working. Basically I had subnets defined in the address list. You need single /32’s. I was not aware of this.