Hi all,
I have a Mikrotik CCR I would like to use as central IPsec hub for site-to-site VPNs for multiple customers. In order to isolate the different customers, I would like to place them in different VRFs. For each customer, I have a VLAN interface I place in that VRF. The customers in question don’t support GRE tunnels, so I can only use simple IPsec VPNs.
The Internet-facing interface is in the default VRF so all encrypted traffic which enters and leaves the router is decrypted and encrypted there.
Since there is no link between VRFs and IPsec peers or policies, I guess there is no “clean” way to do this, what is the “cleanest” way to achieve this? I have thought of using “/ip route rule” settings. Is there any other way to achieve this?
Thanks for any hints!
Oliver