How to configure Mikrotik ip tunnel ( site to site VPN)

I am going to show you how easy it is to set up an IP tunnel between two locations. This will allow you to access files on a server and share printers between two locations, no matter how far apart. In addition, it enhances data security by encrypting packets as they travel through the tunnel. To accomplish this task, you will need two Mikrotik routers, one at each location, and two public IP addresses. So, I have got two Mikrotik routers, RB750 and two public addresses, now lets jump into the configurations.

To further guide us in this task, lets look at the network diagram below:

From our network diagram, we have two routers, HQ and BO. The HQ router is assigned the public IP while the BO router on the other side is given The subnet has been assigned to the tunnel from where is for the tunnel interface on the HQ router while is for the tunnel interface on router BO.
Our objective is to set up an IP tunnel for users attached to the both LANs to reach one another.
Starting off on router HQ, we assign IPs to the WAN and LAN ports, configure NAT and default route, and confirm that we have access to the internet.

Now, repeat these steps for router BO and confirm that it can access the internet. If it has access to the internet, then you are good for the next phase which is setting up the IP tunnel. First, go to IP>interface. Click on the plus sign and choose IP tunnel. When the window opens, enter your details just like I did below:



You may like: How to configure site-to-site Ipsec VPN tunnel to connect branch office to the HQ

Go to IP>address and assign the tunnel address to the Tunnel interface created above. Mine was assigned as shown below:

Next, we create a static router to forward traffics destined to the branch office LAN to the IP address of the tunnel interface on BO router. Since we configured on the Head office tunnel interface, is given to the tunnel interface on the Branch office router. Find below:

And lastly, we create a NAT rule to accept traffics from HQ LAN to BO LAN as show below:

In the NAT rule list, drag this rule above the masquerade rule created for internet access earlier.
Repeat the configuration on the BO router using the right IP settings and you will have yourself a working Site-to-Site VPN.
To see the video on this and other demonstrations using Mikrotik and Cisco routers, please subscribe to my YouTube channel here
Spread the love

Leave a Comment