我正在尝试在两个 MikroTik 设备之间建立一个 GRE over IPSec 隧道。当我嗅探 WAN 接口时,一切似乎都正常工作,我可以清楚地看到理论上我不应该看到的 GRE 数据包。
我在这上面花了几天时间,我对缺少的东西一无所知。
1.1.1.1 是数据中心 WAN,而 2.2.2.2 是家庭 WAN。
路由器 1:
/interface gre
add allow-fast-path=no !keepalive local-address=1.1.1.1 name=\
gre-tunnel-home remote-address=2.2.2.2
/ip ipsec peer
add address=2.2.2.2/32 dh-group=modp8192 enc-algorithm=blowfish \
hash-algorithm=sha512 lifetime=30m local-address=1.1.1.1 \
nat-traversal=no proposal-check=strict secret=secretcode
/ip ipsec policy
add dst-address=2.2.2.2/32 proposal=proposal1 sa-dst-address=2.2.2.2 \
sa-src-address=1.1.1.1 src-address=1.1.1.1/32 tunnel=yes
路由器 2:
/interface gre
add allow-fast-path=no !keepalive local-address=2.2.2.2 name=\
gre-tunnel-datacenter remote-address=1.1.1.1
/ip ipsec peer
add address=1.1.1.1/32 dh-group=modp8192 enc-algorithm=blowfish \
hash-algorithm=sha512 lifetime=30m local-address=2.2.2.2 \
nat-traversal=no proposal-check=strict secret=secretcode
/ip ipsec policy
add dst-address=1.1.1.1/32 proposal=proposal1 sa-dst-address=\
1.1.1.1 sa-src-address=2.2.2.2 src-address=2.2.2.2/32 \
tunnel=yes