Got a request to connect two Mikrotik's together.
"We want any device on one Tik to be able to talk to the Other."
Set up an IPSec profile for each router and scripts to check for IP changes.
Both sites can reach devices on the other side by entering the IP address of the device they want to communicate with.
Now enter the issue of the IP phone.
The phone server is at the office. The Phone is at the house.
From the house router I can ping the phone server on at the office.
The clients state that they can see cameras at the office from the house.
BUT... the phone won' connect.
I have watched in torch and sure enough the phone is sending packets to the phone server over the tunnel. But nothing is coming back from the Phone Server.
They have confirmed that the phone works when on site with the server (at office). I wonder if the phone system is set up not to allow connections from outside its subnet.
EoIP for the phone to a port.
But the client wants to be able to move the phone around. (I said tag the phone output to force it to a VLAN. Then include that VLAN in a bridge that has the EoIP tunnel.)
My question is... if I establish the EoIP tunnel... I can now encrypt that with IPSec.
Should I make a route that allows the 2 subnets to communicate over the EoIP tunnel?
Do I keep the current IPSec connection and have the EoIP tunnel aswell.