Route Certain website through IPSEC tunnel

kenyloveg · December 9, 2018, 2:16pm

Hi, Guys
I’ve done some research this weekend, but still have no idea how to do with this case.
I’ve hosted a CHR image on AWS (with static IPV4 and /ip cloud enabled), and turned all traffic on (inbound and outboud in AWS control pannel) CHR (can pin test 8.8.8.8, also winbox access from my home).

I need to create a IPSEC/IKEV2 link between AWS CHR and my home Mikrotik device (RB750Gr3, dynamic public IPV4), which i can barely find out by searching (or mikrotik wiki page)
Route certain website (like youtube/facebook/twitter or even a address list) traffice through this IPSEC link.
In this case, what kind of tunnel should i use, site to site or road worrior (i suppose it is)? What NAT/DNS/Masquerade rule should be taken care?
Thanks.

sebastia · December 9, 2018, 3:25pm

Hi

Routing through the tunnel would need to take place from the first packet. This means that the choice will need to be made on ip (src or dst) data from first packet or it’s content.

kenyloveg · December 9, 2018, 3:50pm

or even no need to play with CHR image, but use VPC endpoint (AWS private link)?
http://forum.mikrotik.com/t/amazon-aws-vpn-a-working-configuration-example-and-bug/79770/1

Edit, this way need static IP address for my router (to set client gateway IP in AWS VPN setting)
So still go back to CHR

kenyloveg · January 1, 2019, 1:21pm

managed to seprate traffice to pppoe-out1 and l2tp-out1 based on geoIPs.
Thanks guys.