My goal is to create a site-2-site connection between two networks with GRE Tunnel (to run OSPF on top) and IPsec (for security)
Getting a GRE Tunnel working is pretty straightforward:
GRE Interface has ipsec-secret option which dynamically creates a Policy, Peer & Identify in IPsec
Code: Select all
# West Site /interface gre add local-address=184.108.40.206 name=gre_hq remote-address=220.127.116.11 /ip address add address=172.16.1.2/30 interface=gre_hq network=172.16.1.0 /ip route add distance=1 dst-address 192.168.222.0/24 gateway=172.16.1.1 # East Site /interface gre add local-address=18.104.22.168 name=gre_jedi remote-address=22.214.171.124 /ip address add address=172.16.1.1/30 interface=gre_jedi network=172.16.1.0 /ip route add distance=1 dst-address=192.168.9.0/24 gateway=172.16.1.2
But just activating this option with the same secret on both end kills the tunnel (the GRE keeps running but no traffic goes through)
Is there anything else required?
I tried adding a NAT Accept Rule for the traffic (as per IPsec experiences) but that didn't change anything.
Any help appreciated.