Community discussions

MikroTik App
 
markdutton
newbie
Topic Author
Posts: 47
Joined: Fri Sep 24, 2010 4:59 am

IPIP tunnel with custom keying

Fri Nov 18, 2022 6:54 am

I am sure this has been asked a million times, but is there any way to use custom keying for IPIP tunnels? I can change the default profiles and I don't mind this, but I can't set the tunnel to use IKEV2, which is what I need, as this is a peer setting.

Cheers
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPIP tunnel with custom keying

Fri Nov 18, 2022 9:49 am

Yes and no. Yes, you can use IKEv2 to encrypt an IPIP tunnel, but no, it is not enough to change the default profile and policy template group - instead of just setting the ipsec-secret parameter on the /interfare ipip row to a non-empty string and thus letting RouterOS "dynamically" create the IPsec configuration, you have to configure the peer and policy manually. To make it easier, you can use the dynamic mode first, make a copy of the dynamically created peer and policy with changed key items (name and exchange-mode for the peer, and peer for the policy), and then set the ipsec-secret to an empty string. Peers that only differ in exchange-mode and name can coexist, and two policies that only differ in peer can coexist too, except that the second one will be marked as invalid until the first one disappears.

Who is online

Users browsing this forum: anav, Andrey05, ivicask, rolling and 92 guests