hello I wonder how to set up gre tunnel with ipsec on mikrotik to ubuntu with a public ip that should work on ubuntu?

hello I wonder how to set up gre tunnel with ipsec on mikrotik to ubuntu with a public ip that should work on ubuntu?

If you specify the ipsec-secret parameter when configuring a GRE interface in RouterOS, RouterOS creates the necessary IPsec setup (namely the peer, identity, and policy items) dynamically, which may not be enough if the WAN address which the RouterOS initiates the IPsec connection is changing, because in such a case the peer needs some other kind of identity than the IP address of Mikrotik's WAN to properly identify the peer. Moreover, it may be complicated to keep adjusting the address of the remote peer on the Ubuntu side to the changes, so it may be necessary to use tunnel mode of the IPsec SA rather than the transport one. So basically unless the Mikrotik itself is also on a fixed public address, you have to set up the IPsec manually, in tunnel mode, and configure the GRE interface accordingly without specifying the ipsec-secret parameter. Configuring IPsec manually also allows you to use IKEv2 and/or certificate authentication - the dynamically created peer uses IKE (v1) and PSK authentication. RouterOS also uses the default profile to create the peer and the default policy template group (which links to the default proposal) to create the policy.

Or maybe I got you wrong and it's actually the Mikrotik that has the public address, and you want the tunnel to allow incoming connections from the internet to the Ubuntu machine?