Hi there,
i wanna ask if there is any common way to configure a vrrp setup (2 routers) with ipsec site to site?
Vrrp is currently running as it should. But now i wanna at ipsec to the virtuell Master. So how is the right way to do that?
Just for information, i will have 2 routers with vrrp in office and some standalone ipsec clients from different vendors where i wanna go site-to-site.
Or do i only need to setup the ipsec policies with the vrrp-master adress?
Thanks in advance!
Nobody got an idea how to do this?
You can’t do this with site-to-site. It’s doable with ppp or ovpn.
Else you need 2 tunnels, to each peer, which renders vrrp useless.
I thought i only need to establish the connection to the vRouter in the vrrp-Cluster?
nope, because your failover router would also try to establish tunnel to your peer.
i guess you could use a script to have disable the whole ipsec config and enable it when the main router goes down.
Ok, but i using passive listening for ipsec on the mikrotik router, so they won’t establishe any connection by them selve.
Should this be the fix?
Yes the script would be the second way. As far as I know i can start a script if the master changes?