Hello
So atm I have an IPsec tunnel between my home and my friend’s home mikrotik here FortiGate there
atm my config looks like this
Flags: T - TEMPLATE; A - ACTIVE; * - DEFAULT
Columns: PEER, TUNNEL, SRC-ADDRESS, DST-ADDRESS, PROTOCOL, ACTION, LEVEL, PH2-COUNT
# PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT
0 T * ::/0 ::/0 all
1 A to-rotorua yes 192.168.19.0/24 10.0.0.0/24 all encrypt require 1
2 A to-rotorua yes 192.168.200.0/24 10.0.0.0/24 all encrypt require 1
3 A to-rotorua yes 192.168.20.0/27 10.0.0.0/24 all encrypt require 1
4 A to-rotorua yes 10.8.0.0/24 10.0.0.0/24 all encrypt require 1
I have vlans at home for some little NUCs
Wifi vlan
servers vlan
MGMT vlan
then my Mikrotik config below
at my friend’s house, I have an IBM server and VMS just on 10.0.0.0/24 subnet no vlans
the FortiGate config below
now this works I can ping end-to-end from the hosts and whatnot, but the routers can’t ping each other unless I pick a source address to ping from
But I would like to make this better I would like it to be able to have all subnets at both sites
I don’t think this is possible with the IPsec tunnel as it says to get here come through us
but I have been learning about GRE tunnels and Junos have the option to do layer 2 tunnels so my question is this a better way to do it have my IPsec tunnel then and the GRE tunnel going on top of this
I am open to any ideas just using this as a way to learn how it all works
the end goal is to have my Mikrotik router be the source of everything and have the devices in Rotorua talk to the Mikrotik for DHCP leases and everything forward all their traffic that way
I just want to learn and know the best way to set this up
thanks for any help
alex