Make sure you have the same Proposal configuration on both sides. Security should be priority in network communication these days. I would not recommend md5 or sha1 anymore, but will have to decide for yourself. Generally, the more secure alghoritms, the better. Algorithms I’m going to select sha256, for Encr.Alghorithms aes-256 cbc, lifetime will be 30 minutes and PFS Group modp2048. This tab is completely up to you, on how you want to configure it. I’m just going to modify default rule for this tutorial. IP | IPSec | tab Proposals| click on *default configuration to edit it (Office2 – for Office2 this configuration will be – Router1, same Secret as entered in Office 1 on Router 1) Remember this password, as it is needed on both sides of the tunnel.Īlso, if you are using pre shared key in your production IPSec environment, make sure that it is more than 20 signs (letters, numbers, special characters) long. Peer is going to be Router2, Authentication Method – pre shared key, and in Secret field you will enter password.
#Winbox tablet plus
IP | IPSec | tab Identities| click on Plus (+) sign (Office2 – for Office2 this configuration will be – Router1, 192.168.155.131, IKE2) I will also change Exchange Mode: to IKE2. IP | IPSec | tab Peers | click on Plus (+) signįor a name I will enter Router2 (you enter what best describes your situation) and in Address field I will enter WAN IP address of a Router 2 in Office 2 (192.168.155.130).
![winbox tablet winbox tablet](https://scr.wfcdn.de/14449/Odys-Winbox-1453818403-0-0.jpg)
Peer will be router from Office 2 and its public IP address (192.168.155.130).
#Winbox tablet how to
I will show how to configure Office 1 router, same steps have to be done on the Office 2 router.įirst, we will define our Peer.
![winbox tablet winbox tablet](https://1.bp.blogspot.com/-ES7onNjPNGc/XjV5_a-JVfI/AAAAAAAAAuk/XCoCfnki0_ExKVrCgAm0Dg9ZGWrVbo78QCLcBGAsYHQ/s1600/8.jpeg)
I will also mention how should settings for Office 2 look like for every step done during tutorial. I’m going to show configuration for Office 1 and you should repeat these steps on both side. So, I will try to connect local subnets from Office 1 (192.168.11.0/24) with local subnet in Office 2 (10.50.50.0/24) via IPSec Site to Site tunnel. There is only one rule created under Firewall | NAT – on the srcnat chain with masquerade action. Make sure you configure your router safe and secure for production environment, this configuration is just to show in what state can IPSec Site to Site work. So, I don’t have bridges, or firewalls preloaded, and I only have predefined routes created. This configuration is clean configuration, there is no default Mikrotik config preloaded on the routers I’m doing this on. You need to be able to communicate normally (ping if enabled on firewall) all public points on future IPSec tunnel. Make sure you have functional routing and configured networks before trying this. I would recommend creating certificate based IPSec tunnels for production, not ones with pre-shared key (this tutorial is with pre-shared key). This is the configuration I’m only using in testing environments, not in production.
![winbox tablet winbox tablet](https://1.bp.blogspot.com/-xrmNpfcyDzY/V15fP9QWwlI/AAAAAAAAGCs/-BlEWpBgfXorg-2yFc7-xj0E9id071LFACLcB/s1600/tik-app-2.png)
Here is a quick tutorial on how to create IPSec Site To Site VPN tunnel with Mikrotik RB RouterOS 6.46.1 on both sides.īefore we start, here are a few things to have in mind: