Tricky tunneling/IPsec behind NAT

Hello,

I am looking for a bes solution for a comunity VPN consisting with mainly mikrotik (RB450) among me, my cousin a few friends.

We have to this date used OpenVPN on our home linux boxes or low cost servers (or atleast we call this way our ITX machines running 24/7). However, most of us are making these boxes going offline these days more offten (power consumtion, disk failures, upgrades … ) and yet we would like to remain in VPN mesh. So we are looking on our mikrotiks to create a secondary VPN connectivity. The problem is that openvpn server on mikrotik is only TCP based what somewhat sux on performance basis (and for UDP based apps running above).

Is there other VPN/tunneling solution that could make vpn in these curcomstances betwean two mikrotic (v4.4)
site1 to site2 where

site1 is behind nat with dynamic global IP on its ISP side (ergo no ip peer IP definable)
site2 has a dynamic IP with a hostname to resolve to (ergo IPsec ip peer on mikrotik wants an IP address and hostname is not an option somehow)

Any ideas or solutions? (Looked into IPsec and IPIP but these cannot withstand these curcomstances, or atleast I cannot define IP peers whitch these technologies require)

Any help is highly appreciated.

Allroght, so I am probably getting some ideas. Currently I am trying to incorporate L2TP. I didn’t know L2TP uses UDP for transport and server-client architecture, som this is probabli what I want.

However, one thing bugs me.

/interface l2tp-client> add user=testUser password=testPassword0 add-default-route=no disabled=no connect-to=[?]
ConnectTo ::= A.B.C.D (IP address)

Is there any way how to change this to resolve hostnames ? For example some scripting or something? l2tp server has a dynamic IP and i am running dyndns service to give me hostname for resolving.

I didn’t learn mikrotik scripting yet, so if anyone can confirm that this is solvable by it, it would be much appreciated.