As someone with basic knowledge of switching and routED protocols, I'm asking for some (OK, maybe more ) help.
I have a few personal sites, all of which using MikroTIks. Now I need a secure tunnels between these sites of mine. For that I choose to use GRE in IPsec. My idea is to use GRE for the 'heavy lifting' and use IPsec only for encryption.
Having these 2 below in mind, what approach will work?
- 1 site (site A) is connected via LTE modem. As you know, all inbound traffic is filtered at telco, i.e. I cannot initiate a tunnel TO this site.
- site A sometimes gets its IP changed from telco side, as it's connected to Internet via LTE modem. This will surely break the tunnels (not a biggie) but config-wise it's a bit unclear for me.
I have a mix of SOHO MikroTiks on my sites. Can I use strong crypto while sacrificing performance, as none of my Tiks has built-in HW offload for IPsec?
What are the pitfalls and limitations in my case? How should I configure the sites properly for all this to work? I'll post a Visio drawing later on for some more details.