add action=notrack chain=prerouting src-address=10.1.101.0/24 dst-address=10.1.202.0/24
It's possible to setup a site-to-site VPN between 2 locations with the same IP addressing, 192.168.100.0/24 in your case. That said, configuration complexity jumps a notch. There is a technique called double NAT that can solve your issue. Essentially what you do is either masquerade everything from each site to a single IP, like the IP of the tunnel on each side or you declare a network for each side that isn't in use on either side and NAT to that network.For my simple setup of a home office to home office does the MTU advantage of IPIP over GRE make much difference?
My understanding is that a larger MTU gives more bandwidth due to greater % of data passing by not needing so much overhead due to few packet required.
I just noticed that Greg's example has 2 different network addresses, I'm using 192.168.100.0/24 on both ends so I don't think I can make his work.
What do you suggest for static IPv4 sites?
thanks
The MTU is not an issue when it is properly adjusted, but when this is not done each packet has to be split in two fragments by the router andFor my simple setup of a home office to home office does the MTU advantage of IPIP over GRE make much difference?
My understanding is that a larger MTU gives more bandwidth due to greater % of data passing by not needing so much overhead due to few packet required.
That is a *really bad* idea! Renumber one of the networks.I just noticed that Greg's example has 2 different network addresses, I'm using 192.168.100.0/24 on both ends so I don't think I can make his work.
This is the advice to follow it seems, definitely. I'll be implementing one now, although not sure about GRE Vs EoIP. I'd just go with EoIP I guess since I don't plan to use non Mikrotik gearMy advise: forget about direct IPsec tunnels and use this: https://wiki.mikrotik.com/wiki/Manual:Interface/Gre
(note you can set the ipsec-secret and have IPsec below the GRE tunnel so it still is secure)
Much simpler and easier to understand, no tricks with NAT required, easily extendible to more than 2 offices.
Post a drawing and the relevant configurations. It's also likely a local firewall on the laptop is blocking anything other than ICMP.Hello everybody! I have got 2 LAN networks, IPSec and GRE tunnel is working fine.
But there is a problem. There is a laptop in the another LAN and i can not access to it, but i can ping it.
I can access the other side from this laptop by the way. So i can access my 951G, and behind my PC, ssh, ftp.....and so on.
The firewall rules are the same both of the side. I am trying to figure out what could be the problem but i am lost.