I would really like to see ipsec tunnels as interfaces instead of ipsec policies. With the current policy system, It is quite difficult to handle site to site ipsec VPNs. I basically have to do a tunnel and policy for a single address on both sides and then an ipip tunnel so I have an interface to route through (using OSPF, or static routes)

I would really like to see ipsec tunnels as interfaces instead of ipsec policies. With the current policy system, It is quite difficult to handle site to site ipsec VPNs. I basically have to do a tunnel and policy for a single address on both sides and then an ipip tunnel so I have an interface to route through (using OSPF, or static routes)

+1 like

No you don't have to create policy then ipip tunnel and then reroute over the tunnel.
You simply need to add policy with option tunnel=yes.
See the configuration example:
http://wiki.mikrotik.com/wiki/Manual:IP ... Sec_Tunnel

I would really like to see ipsec tunnels as interfaces instead of ipsec policies. With the current policy system, It is quite difficult to handle site to site ipsec VPNs. I basically have to do a tunnel and policy for a single address on both sides and then an ipip tunnel so I have an interface to route through (using OSPF, or static routes)

+1

Its long overdue