MikroTik Site to Site IPSec with RSA certificates

18.07.202008.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, MikroTik, Networking, Security, VPN IPSec, MikroTik, RouterOS 6.40.x IPSec, RouterOS 6.44.x IPSec, RSA certificates, site to site IPSec connection

Today, I will guide you through the configuration process of a Site to Site IPSec tunnel between two MikroTik routers while using RSA certificates instead commonly used Pre-Shared Keys (PSK).

The advantage is clear – even a weakest certificate is stronger than many PSKs used around. The seed value used for all other computations and crypto-keys is longer and consequently the whole communication is more secure. In addition, when it come to the PSK generation process, many people lost their creativity. Continue reading →

How to protect an IP-IP tunnel with IPSec

09.07.202008.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, MikroTik, Networking, Security, VPN Check Gateway option, how to add IP address to any interface, how to configure IP-IP tunnel, how to configure the static route, how to protect IP-IP traffic with IPSec, IP series, IP-IP tunnel over IPSec, MikroTik

In this part of the MikroTik IPSec series, I will discuss about how to use IPSec to protect any other MikroTik tunnel without built-in encryption. I will use in this example an IP-IP tunnel as the reference, but you can apply this method to any other type. I already covered L2TP/IPSec PSK tunnels, as they are different in their nature.

Let’s begin! Continue reading →

MikroTik Site to Site IPSec when one router has a dynamic WAN IP address

06.07.202008.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, MikroTik, Networking, Security, VPN a Loopback adapter, MikroTik, one side with dynamic WAN IP, RouterOS 6.44.5 IPSec dialogs, site to site IPSec connection

In this part of the MikroTik IPSec series, I will show you how to establish a Site to Site IPSec tunnel between two routers, when one of them has a dynamic WAN IP address.

This scenario is different than other one described in this article where MikroTik is behind another router, as in this case our MikroTik has a WAN port (like a 3G/4G-LTE or cable modem) with the dynamic IP address, plus there’s a good chance that this address is from the ISP’s private IP address pool.

Even better, in this article I will explain you the concept of a Loopback adapter and how you can use it in situations similar to this one. Let’s begin! Continue reading →

Connecting three sites using IPSec tunnels

21.03.201708.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, MikroTik, Networking, Security, VPN connecting road warrios and distant sites, how-to, IPSec, road warriors, three site

So far, we have discussed how to connect the two sites through an IPSec tunnel. Most readers will be satisfied with that, as these scenarios cover most real-life situations. However, we may have a need to interconnect three or more sites using the IPSec tunnels,

Although rare, these scenarios are possible. However, we need to plan everything carefully, as we will need more IPSec policies between routers. Therefore, I will describe here how to connect the “road warrior” users with distant site.

Continue reading →

Mikrotik device as a L2TP/IPSec client

26.01.201708.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, L2TP/IPSec, MikroTik, Networking, PPP, PPP-L2TP, Security, VPN Mikrotik; Mikrotik L2TP/IPSec client; L2TP/IPSec ports and protocols; how-to

In the previous post we have shown a Mikrotik router as a L2TP/IPSec server. In this scenario, we are using either Windows clients or mobile devices based on Android or Apple iOS operating systems. Here is a new scenario – we may have a need to use another Mikrotik device as the VPN client.

The most common scenario is that you want to connect a remote network with a main network. Using the L2TP/IPSec VPN connection, you will have in the same time the routable tunnel and the full power of IPSec encryption.

Continue reading →

MiViLiSNet

MikroTik, virtualisation, Linux, servers, networks and more

IP-IPSec