Community discussions

MikroTik App
 
ericscicluna
just joined
Topic Author
Posts: 11
Joined: Wed Jul 25, 2018 11:20 pm

IPSEC Tunnels + OSPF? Please Help + Recommendations

Mon Apr 26, 2021 12:33 pm

Hi Community,

Thanks for your time first of all.

I am in a bit of a dilemma on which I'm not sure what to do an how.

Basically I have 5 Remote Sites to Interconnect all using a dedicated ISP Connection each + public Static IP Address.

Example:
Location 1
London UK
Public IP - 31.69.134.1
Private Subnet - 192.168.10.0/24

Location 2
Manchester UK
Public IP - 50.255.130.1
Private Subnet - 192.168.20.0/24

Location 3
Liverpool UK
Public IP - 82.132.187.1
Private Subnet - 192.168.30.0/24

Location 4
Preston UK
Public IP - 126.240.113.1
Private Subnet - 192.168.40.0/24

Location 5
Brighton UK
Public IP - 50.201.19.1
Private Subnet - 192.168.50.0/24


The Problem:
Each of these sites have a dedicated ISP as mentioned before and all have a dedicated Public IP Address.
I have a Mikrotik RB4011 Installed at each of the sites and I would like to create tunnels between all the sites.

I was thinking IPSEC but I will end up in needing to create an ipsec from each and to each specific router + many static routes.

What would be the best solution to interconnect these sites together and network between them all?
In such case the CORE router / Office Headquarters is located in London.

Shall I create an IPSEC from London to all the other Routers and then use a routing protocol?
Which is the best way to do this? (Ex. IPSEC + OSPF?)

I really appreciated your help.
Thanks :)
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: IPSEC Tunnels + OSPF? Please Help + Recommendations

Mon Apr 26, 2021 1:47 pm

If you want to use a routing protocol, you'll need an interface and using ipsec by itself won't give you that.

There are several good options to consider which you can secure with ipsec

1. L2TP with IPSEC
2. GRE over ISEC
3. EoIP over IPSEC

It really depends on the traffic between branch sites as to whether or not it's worth building tunnels between all sites or going with a hub/spoke topology where all branches connect to the HQ site.

As far as routing protocols go, I tend to use BGP when dealing with dynamic routing over VPNs. OSPF can be temperamental over VPN connections due to its multicast requirements. BGP is a bit simpler because it's just a TCP connection.
 
ericscicluna
just joined
Topic Author
Posts: 11
Joined: Wed Jul 25, 2018 11:20 pm

Re: IPSEC Tunnels + OSPF? Please Help + Recommendations

Mon Apr 26, 2021 2:19 pm

Thanks for your reply first of all. Appreciated

I will be using L2TP/ipsec

The question remains, what would be ideal to use as a dynamic routing protocol?

I want all sites to communicate with each other (ex ping from site to site)

Thanks a lot

Who is online

Users browsing this forum: No registered users and 12 guests