Today, I want to share with you one intriguing story about the problem I faced a few days ago. I went to my colleague’s home to work on one project.
Today, I will guide you through the configuration process of a Site to Site IPSec tunnel between two MikroTik routers while using RSA certificates instead commonly used Pre-Shared Keys (PSK).
The advantage is clear – even a weakest certificate is stronger than many PSKs used around. The seed value used for all other computations and crypto-keys is longer and consequently the whole communication is more secure. In addition, when it come to the PSK generation process, many people lost their creativity. Continue reading
In this part of the MikroTik IPSec series, I will discuss about how to use IPSec to protect any other MikroTik tunnel without built-in encryption. I will use in this example an IP-IP tunnel as the reference, but you can apply this method to any other type. I already covered L2TP/IPSec PSK tunnels, as they are different in their nature.
Let’s begin! Continue reading
In this part of the MikroTik IPSec series, I will show you how to establish a Site to Site IPSec tunnel between two routers, when one of them has a dynamic WAN IP address.
This scenario is different than other one described in this article where MikroTik is behind another router, as in this case our MikroTik has a WAN port (like a 3G/4G-LTE or cable modem) with the dynamic IP address, plus there’s a good chance that this address is from the ISP’s private IP address pool.
During the upgrade process of two RouterBoard Crossroads (that I described in details in other post), I successfully finished all steps needed to upgrade RouterOS from 2.9.47 up to 5.26. I used both the serial console connection and the WinBox GUI tool during that process.
However, after the latest step (RouterOS upgrade from 5.26 to 6.33.3) I lost output on the serial console. Let adventure begins!