hello, i have site A, B, C, (3 x mikrotik chr) ipsec is working on A-B, B-C, what is best config to get working connection from A to C site? Shoud i use static route or NAT what NAT rules neet to add?
Thank you
thank you i will check thatWhen you want to resolve this without going into insanity, convert your config from a static IPsec tunnel into a GRE or IPIP tunnel with IPsec.
Then you can use static routing or an autorouting protocol to get the routing correct.
well, in practice we have 6 sites ip sec tunels all with all.. it is lot of config already, the idea was to had ip sec from all to one central site... and then he'll need to add a peer D
slowly this will become an intangible mess.
also, it assumes all traffic from A to C has to pass via B. maybe it is possible to make a direct tunnel from A to C?