Community discussions

MikroTik App
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Nov 25, 2015 9:54 pm

vrrp & ipsec

Tue Dec 19, 2017 6:56 pm

Hi there,
i wanna ask if there is any common way to configure a vrrp setup (2 routers) with ipsec site to site?

Vrrp is currently running as it should. But now i wanna at ipsec to the virtuell Master. So how is the right way to do that?

Just for information, i will have 2 routers with vrrp in office and some standalone ipsec clients from different vendors where i wanna go site-to-site.

Or do i only need to setup the ipsec policies with the vrrp-master adress?

Thanks in advance!
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Nov 25, 2015 9:54 pm

Re: vrrp & ipsec

Tue Jan 09, 2018 3:00 pm

Nobody got an idea how to do this?
 
tangram
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Nov 16, 2016 9:55 pm

Re: vrrp & ipsec

Tue Jan 09, 2018 3:47 pm

You can't do this with site-to-site. It's doable with ppp or ovpn.
Else you need 2 tunnels, to each peer, which renders vrrp useless.
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Nov 25, 2015 9:54 pm

Re: vrrp & ipsec

Tue Jan 09, 2018 4:22 pm

I thought i only need to establish the connection to the vRouter in the vrrp-Cluster?
 
tangram
Member Candidate
Member Candidate
Posts: 132
Joined: Wed Nov 16, 2016 9:55 pm

Re: vrrp & ipsec

Tue Jan 09, 2018 5:04 pm

nope, because your failover router would also try to establish tunnel to your peer.
i guess you could use a script to have disable the whole ipsec config and enable it when the main router goes down.
 
n4p
Member Candidate
Member Candidate
Topic Author
Posts: 115
Joined: Wed Nov 25, 2015 9:54 pm

Re: vrrp & ipsec

Tue Jan 09, 2018 5:27 pm

Ok, but i using passive listening for ipsec on the mikrotik router, so they won't establishe any connection by them selve.
Should this be the fix?
Yes the script would be the second way. As far as I know i can start a script if the master changes?

Who is online

Users browsing this forum: EmuAGR, sas2k and 80 guests