Setting up a GRE over IPsec tunnel between Teltonika Networks and Mikrotik devices

From Teltonika Networks Wiki
Main Page > General Information > Configuration Examples > VPN > Setting up a GRE over IPsec tunnel between Teltonika Networks and Mikrotik devices

Introduction

This article provides a configuration example with details on how to configure a GRE over IPsec connection between MikroTik and RUTOS devices.

Prerequisites

  • Teltonika Networks router (RUTX11 will be used in this case).
  • MikroTik device.
  • Both devices must have WAN access with a static public IP.
  • At least one end device (PC, Laptop) to configure the routers.

Configuration scheme

RUTOS device configuration

  1. Login to the router's WebUI, navigate to the Services → VPN → GRE page.
  2. Add a new GRE instance by entering custom New configuration name and clicking Add button.

  1. A configuration window should appear. Configure the GRE instance accordingly:
    1. Enabled - ON.
    2. Tunnel source - select the network interface with Public IP which is used to establish GRE tunnel.
    3. Remote endpoint IP address - Public IP address of MikroTik device.
    4. MTU - 1476
    5. Keep alive - ON
    6. Local GRE interface IP address - 10.0.0.1
    7. Local GRE interface IP netmask - 255.255.255.0
    8. Remote subnet IP address - 192.168.88.0
    9. Remote subnet netmask - 255.255.255.0

  1. Navigate to Services → VPN → IPsec and create a new instance.
  2. A configuration window should appear. Configure the IPsec instance accordingly:
    1. Enabled - ON
    2. Remote endpoint - 192.168.1.138
    3. Pre shared key - ipsec123
    4. Type - Transport.
    5. Bind to - GRE1 (GRE).

  1. In the same configuration window, navigate to Connection Settings → Advanced Settings:
    1. Locally allowed protocol - gre
    2. Remotely allowed protocol - gre

  1. Proposal Settings must match values configured on MikroTik device.

MikroTik configuration

  1. First we'll create GRE tunnel with PSK which will automatically generate IPsec instance as well. To create GRE interface access WebFig of your MikroTik device and navigate to Interfaces → GRE Tunnel and click on Add New button.
  2. Configure the instance accordingly:
    1. Name - gre-tunnel1
    2. MTU - 1476
    3. Local Address - Public IP of MikroTik device
    4. Remote address - Public IP of RUTOS device
    5. IPsec secret - ipsec123

  1. Navigate to WebFig → IP → IPsec and configure Proposals and Profiles to match proposal settings configured on RUTOS device.

  1. Navigate to WebFig → IP → Addresses and add an IP address to GRE interface by clicking Add New:
    1. Address - 10.0.0.2/24
    2. Network - 10.0.0.0
    3. Interface - gre-tunnel1

  1. Finally, navigate to WebFig → IP → Routes and add a static route via GRE interface by clicking Add New:

Testing configuration

Connect to RUTOS CLI and use command ipsec status, you should see IPsec tunnel via GRE interface being established.

You should be able to reach the remote device's GRE tunnel IP and LAN IP and vice-versa. RUTOS CLI:

MikroTik terminal: