Skip to content

IPSec site-to-site configuration guide with Mikrotik

1.1 Go to Networks section and create a new network.

1.2 Define the network name.

1.3 Select the region and gateways number.

1.4 Choose the subnet.

1.5 Activate gateways for all users section is active by default. If you want to disable this function - just remove the mark.

2.1 Go to Networks section and click on the subnet that you created in Step-1.

2.2 Click on Gateway and add a Tunnel. Choose IPSec Site-to-Site Tunnel and press to continue.

2.3 Choose between a Single-Tunnel and Dual-Tunnel.

2.4 General Settings Values

  • Name

  • Public IP

  • Vipilink Side Subnets

  • Pre-Shared Key

  • Remote ID

  • Remote Side Subnets

2.5 Advanced Settings Values

  • Ike Version

  • Tunnel Lifetime

  • Encryption (Phase 1)

  • Integrity (Phase 1)

  • Diffie-Helman Groups (Phase 1)

  • Ike Lifetime

  • Dead Peer Detection Delay

  • Dead Peer Detection Timeout

  • Encryption (Phase 2)

  • Integrity (Phase 2)

  • Diffie-Helman Groups (Phase 2)

2.6 You can also manage a Network, Regions, Access, Firewall Rules, Routes Table, enable Split Tunneling and Private DNS.

3. Create the IPsec tunnel on Mikrotik.

3.1 Open the Winbox and login to Mikrotik. Navigate to IP/IPsec. Configure Phase 1. Add a Profile.

Profile Values

  • Name

  • Hash Algorithms

  • PRF Algorithms

  • Encryption Algorithm

  • DH Group

  • Proposal Check

  • Lifetime

  • NAT Traversal

  • DPD Interval

  • DPD Maximum Failures

3.2 Add a new Peer

Ipsec Peer Values

  • Name

  • Address

  • Port

  • Exchange Mode

3.3 Add a new Identity. Here you have to define authentication method (PSK) and secret.

Ipsec Identity Values

  • Peer

  • Auth. Method

  • Policy Template Group

  • Secret

  • Remote ID Type

  • Match By

  • Generate Policy

3.4 Configure Phase 2. Add a new Proposal.

Proposal Values

  • Name

  • Auth. Algorithms

  • Encr. Algorithms

  • Lifetime

  • PFS Group

3.5 Configure the new Policy.

Policy Values

General

  • Peer

  • Tunnel

  • Src. Address

  • Src. Port

  • Dst. Address

  • Dst. Port

  • Protocol

Action

  • Action

  • Level

  • IPsec Protocols

  • Proposal

3.5 Configure firewall NAT policy. Go to IP/Firewall/NAT and add a rule. Define a Src. Address and Dst. Address. In Action choose accept.