Hi,
I recently started using Mikrotiks Hex S routers to connect two sites together. I used to have one Site, Site A, however I also have a server room elsewhere. For the record, configuration is the following:
Site A - VLAN 11,21,31,41 etc.
Site B - VLAN 12,22,32,42 etc.
I connected both sites with an OpenVPN tunnel. Site A functions as the OpenVPN Server and Site B as an OpenVPN Client. Both can communicatie, and both are able to route all my packages. By default, before I started implementing my secondary site B, I used to block all form of routing between VLANS unless I specified an allow in the firewall. This still works on Site A locally and this also works on Site B locally, however I’m able to reach Site A unrestricted from Site B and vice versa.
I figured this is because both routers are not able at this point to see what the source traffic is besides that it is originating from the other gateway.
I’m looking for any tips to restrict all traffic unless I specify an allow. For example, I want VLAN 11 on Site A to communicate with VLAN 12 on Site B and vice versa, however I am unable to find what is best practice and secure by searching online.
I would be extremely gratefull if someone grants me a few tips on how I should go further from here.