I have started a wiki page here:
http://wiki.mikrotik.com/wiki/Routing_through_remote_network_over_IPsec
To describe what I’m trying to do. The short story is that I can get the green path to work, but not the red path.
Basically I want to be able to route traffic not destined for the remote network through the remote gateway out to the general internet. Say for a scenario where you don’t trust the local connection/ISP, and want to encrypt traffic destined for 0.0.0.0/0 up until a more trusted point.
I have an idea that this is going to involve another type of tunnel that will sit on top of the IPsec (and maybe another IPsec in transport mode. I have tried a couple options like EoIP on top of IPsec and attempted to route out that, way, but I can’t even get a response from the far end interface of the EoIP tunnel when it is up.
Like most things the theory of how to do it, is pretty basic, but actually implementing it is a little tricky, which is why I started the wiki so I could end up with a documented reproducible solution for this.
Just to be clear the main goal is to get general 0.0.0.0/0 traffic out over to the far end to be routed on the general internet, AND be hidden in an IPsec tunnel. I know there are many other solutions that involve PPTP or L2TP, but in this case I’m specifically looking for IPsec to carry this.
Thanks for helping.