Community discussions

 
mumbles202
just joined
Topic Author
Posts: 17
Joined: Wed Jul 31, 2019 7:13 pm

GRE Tunnel Inside IPsec

Wed Jul 31, 2019 7:20 pm

I'm new to MikroTik but I'm looking to setup the following:

Site 1
WAN 1.1.1.1
Loopback 192.168.30.1/30
Tunnel IP 172.16.1.1
LAN 172.16.20.0/24

Site 2
WAN 2.2.2.2
Loopback 192.168.30.2/30
Tunnel IP 172.16.1.2
LAN 172.16.25.0/24

I'd like to setup an ipsec tunnel from site 1 to site 2, then have a GRE tunnel w/in that finally setup an OSPF pairing between the 2 ends. Site A will have a router where the GRE tunnel will terminate and the WAN ip will belong on a firewall so I need to create the IPSEC tunnel in order for the GRE tunnel to come up. I'm ok w/ the Site A configuration on the devices. Site B is where I'm trying to figure out how I would accomplish this. This tunnel is a backup connection to a location (i already have a dedicated point to point connection in which the primary OSPF routing will take place) so i'd need to influence this traffic to have a higher Metric or only come-up when the point to point is down if that's doable?
 
mumbles202
just joined
Topic Author
Posts: 17
Joined: Wed Jul 31, 2019 7:13 pm

Re: GRE Tunnel Inside IPsec

Fri Aug 02, 2019 8:34 pm

so I'm setting this up in the lab and i've gotten the ipsec tunnel up and i can ping across my tunnel interfaces, but I can't get OSPF working properly. I have the following configured on the MikroTik side:

/interface gre
add comment=HQ !keepalive local-address=172.16.200.2 name="HQ GRE" remote-address=172.16.200.1

/ip address
add address=1.1.1.2/30 comment=WAN interface=ether1 network=1.1.1.0
add address=192.168.100.1/24 comment=LAN1 interface=ether2 network=192.168.100.0
add address=172.16.100.2/27 comment="e-lan interface" interface="VLAN 252 - e-lan" network=172.16.100.0
add address=172.16.200.2 interface=LoopBack1 network=172.16.200.2
add address=10.10.10.2/30 interface="HQ GRE" network=10.10.10.0


/routing ospf interface
add interface="HQ GRE"
add interface="VLAN 252 - e-lan"


/routing ospf network
add area=backbone network=192.168.100.0/24
add area=backbone network=172.16.100.0/27
add area=backbone network=172.16.200.2/32
add area=backbone network=10.10.10.0/30

And I can see the relationship is established, but i'm not getting routes in either direction.


[admin@MikroTik] /routing ospf neighbor> print
0 instance=default router-id=172.16.200.1 address=172.16.100.1 interface=VLAN 252 - e-lan priority=1
dr-address=172.16.100.1 backup-dr-address=0.0.0.0 state="Init" state-changes=1 ls-retransmits=0 ls-requests=0
db-summaries=0

1 instance=default router-id=172.16.200.1 address=10.10.10.1 interface=HQ GRE priority=1 dr-address=0.0.0.0
backup-dr-address=0.0.0.0 state="ExStart" state-changes=14 ls-retransmits=0 ls-requests=0 db-summaries=0

Far end is a Cisco router w/ this configuration:


interface Tunnel1
description GRE tunnel to MikroTik
ip address 10.10.10.1 255.255.255.252
ip tcp adjust-mss 1360
delay 100000
tunnel source 172.16.200.1
tunnel destination 172.16.200.2
tunnel path-mtu-discovery

router ospf 100
router-id 172.16.200.1
log-adjacency-changes
passive-interface default
no passive-interface FastEthernet0/0.252
no passive-interface Loopback1
no passive-interface Tunnel1
network 10.10.10.0 0.0.0.3 area 0
network 172.16.100.0 0.0.0.31 area 0
network 172.16.200.1 0.0.0.0 area 0
network 192.168.25.0 0.0.0.255 area 0


Everything works fine when going over vlan 252.
 
mumbles202
just joined
Topic Author
Posts: 17
Joined: Wed Jul 31, 2019 7:13 pm

Re: GRE Tunnel Inside IPsec

Tue Aug 06, 2019 4:21 pm

I was able to figure it out after adjusting the Cisco configuration and changing the mtu's so they matched better and able to confirm working in the lab. I'll move it to production and test again.

Who is online

Users browsing this forum: No registered users and 31 guests