Hi everyone-
I have a main office with a public /24 and a branch office behind a cable modem/router with NAT and a public IP. I'm trying to do a site-to-site VPN so that I can use a public IP from the /24 at the branch office and tunnel *all* traffic behind a RB4011 at the branch to/via the main office. Here's my setup hopefully a little more clearly:
Main office:
CCR1016 with a public/static WAN IP
A public /24 block statically routed to the WAN IP
Branch location:
A cable modem/router combo with NAT and a dynamic WAN IP that I don't have control over.
My RB4011 with a private WAN IP (192.168.x.x) from the cable modem/router.
I followed https://mum.mikrotik.com/presentations/ ... 420263.pdf and got the IPSec/IKE2 site-to-site VPN up and running, but the configuration (IPSec/IKEv2 + IPIP) seems overly complicated and I have been unsuccessful in adapting the config to tunnel all traffic from my branch connection through the main office (currently only traffic destined for the main office subnet goes over the VPN).
Should I abandon IPSec/IKE2 and try a less complicated method? Is there a straightforward guide for what I'm trying to do that someone could point me to or even just better search keywords that anyone can suggest?