Hi
I’ve a tunnel between my home Mikrotik router and StrongSwan office server
I can connect and work with office resources.
But I need to route all traffic to a certain IP address through IPSec and then over office router
I’ve tried to create custom router but had no luck with this task
You need to replace your plain IPsec tunnel with a GRE or IPIP tunnel with IPsec underneath.
Then you can route other traffic through the GRE or IPIP tunnel.
How to setup a gre or ipip tunel with ipsec between ros and a linux server running strongswan?
RouterOS uses ESP over IPSec in transport mode.
So you configure an IPsec transport mode association between the public IP addresses of the systems/routers,
with proto 47 for GRE or proto 4 for IPIP, then you bring up a GRE or IPIP tunnel with iproute2 (ip tunnel add…)
and the public addresses as the tunnel endpoints.
Now you put a /30 network on the tunnel interfaces (one address at either end), and then you can run a routing
protocol like BGP over the tunnel, or set static routes.
Of course when you don’t require protection against wiretap but only a secure tunnel, you can use AH instead
of ESP and save a lot of CPU. However, then you need to manually configure the IPsec association on the
MikroTik as well (just as under LInux) because MikroTik “easy IPsec” config in the GRE and IPIP tunnel interfaces
uses default parameters that you cannot set.
Thx … ended up with moved office VPN to Vigor 2920 … now I got “L2TP-IPSec” tunnel between home and office and can route any IP through office. The idea was to change route to IP cloud service when I have problems with my main ISP. And pass all traffic to my home web server through nginx reverse proxy (LTE modem)