-
-
Save electropolis/d8f59508bb0ccf6c72048a461117eb7f to your computer and use it in GitHub Desktop.
MikroTik IPsec site-to-site GCP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/ip ipsec profile | |
add dh-group=modp2048 dpd-interval=30s dpd-maximum-failures=3 enc-algorithm=aes-128 lifetime=10h name=GCP_phase1 | |
/ip ipsec peer | |
add address=35.204.160.90/32 comment="Casino GCP s-t-s VPN Tunnel" exchange-mode=ike2 local-address=94.237.40.73 name=ike-gcp_casino profile=GCP_phase1 | |
add address=35.204.116.42/32 comment="Bluebird GCP s-t-s VPN Tunnel" exchange-mode=ike2 local-address=94.237.40.73 name=ike-gcp_bluebird profile=GCP_phase1 | |
/ip ipsec proposal | |
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=3h name=GCP_phase2 pfs-group=modp2048 | |
/ip ipsec policy | |
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes | |
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes | |
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.1.0/24 tunnel=yes | |
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.1.0/24 tunnel=yes | |
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes | |
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes | |
add dst-address=10.190.0.0/16 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes | |
add dst-address=10.222.0.0/23 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes | |
add dst-address=10.224.0.0/23 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes | |
add dst-address=169.254.0.2/32 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=169.254.0.1/32 tunnel=yes | |
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes | |
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes | |
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes | |
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes | |
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes | |
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes | |
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.0.0.0/13 tunnel=yes | |
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.13.50.0/24 tunnel=yes | |
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.99.5.0/24 tunnel=yes | |
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.254.254.0/24 tunnel=yes | |
add dst-address=172.16.0.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.255.254.0/23 tunnel=yes | |
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.13.50.0/24 tunnel=yes | |
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=10.13.50.0/24 tunnel=yes | |
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes | |
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes | |
add dst-address=10.101.0.0/16 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes | |
add dst-address=10.128.0.0/10 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes | |
add dst-address=10.222.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes | |
add dst-address=10.224.0.0/15 level=unique peer=ike-gcp_bluebird proposal=GCP_phase2 sa-dst-address=35.204.116.42 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes | |
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.18.0/24 tunnel=yes | |
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.3.0/24 tunnel=yes | |
add dst-address=172.31.255.0/24 level=unique peer=ike-gcp_casino proposal=GCP_phase2 sa-dst-address=35.204.160.90 sa-src-address=94.237.40.73 src-address=172.16.1.0/24 tunnel=yes | |
## Routing ## | |
/routing bgp peer | |
add hold-time=1m in-filter=casino-in keepalive-time=20s name=up-gcp_casino out-filter=casino-out remote-address=169.254.0.2 remote-as=65502 ttl=default | |
add hold-time=1m in-filter=bb-in instance=up-gcp_bb keepalive-time=20s name=up-gcp_bb out-filter=bb-out remote-address=169.254.0.6 remote-as=65506 ttl=default | |
/routing bgp instance | |
set default as=65500 client-to-client-reflection=no out-filter=casino-out redistribute-ospf=yes router-id=169.254.0.1 | |
add as=65500 client-to-client-reflection=no name=up-gcp_bb out-filter=bb-out redistribute-ospf=yes router-id=169.254.0.5 igp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment