Skip to content

Instantly share code, notes, and snippets.

@electropolis
Last active May 29, 2020 09:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save electropolis/d8f59508bb0ccf6c72048a461117eb7f to your computer and use it in GitHub Desktop.
Save electropolis/d8f59508bb0ccf6c72048a461117eb7f to your computer and use it in GitHub Desktop.
MikroTik IPsec site-to-site GCP
/ip ipsec profile
add dh-group=modp2048 dpd-interval=30s dpd-maximum-failures=3 enc-algorithm=aes-128 lifetime=10h name=GCP_phase1
/ip ipsec peer
add address=35.204.160.90/32 comment="Casino GCP s-t-s VPN Tunnel" exchange-mode=ike2 local-address=94.237.40.73 name=ike-gcp_casino profile=GCP_phase1
add address=35.204.116.42/32 comment="Bluebird GCP s-t-s VPN Tunnel" exchange-mode=ike2 local-address=94.237.40.73 name=ike-gcp_bluebird profile=GCP_phase1
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=3h name=GCP_phase2 pfs-group=modp2048
/ip ipsec policy
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.1.0/24 tunnel=yes
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.1.0/24 tunnel=yes
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes
add dst-address=10.190.0.0/16 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes
add dst-address=10.222.0.0/23 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes
add dst-address=10.224.0.0/23 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes
add dst-address=169.254.0.2/32 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=169.254.0.1/32 tunnel=yes
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.13.50.0/24 tunnel=yes
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.254.254.0/24 tunnel=yes
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.255.254.0/23 tunnel=yes
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.13.50.0/24 tunnel=yes
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.13.50.0/24 tunnel=yes
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.1.0/24 tunnel=yes
## Routing ##
/routing bgp peer
add hold-time=1m in-filter=casino-in keepalive-time=20s name=up-gcp_casino out-filter=casino-out remote-address=169.254.0.2 remote-as=65502 ttl=default
add hold-time=1m in-filter=bb-in instance=up-gcp_bb keepalive-time=20s name=up-gcp_bb out-filter=bb-out remote-address=169.254.0.6 remote-as=65506 ttl=default
/routing bgp instance
set default as=65500 client-to-client-reflection=no out-filter=casino-out redistribute-ospf=yes router-id=169.254.0.1
add as=65500 client-to-client-reflection=no name=up-gcp_bb out-filter=bb-out redistribute-ospf=yes router-id=169.254.0.5 igp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment