Dinâmica interligando uma Matriz rodando o PFSense e uma Filial com Mikrotik, via VPN IPSEC.
ipsec
VPN IPsec com Mikrotik interligando Matriz e Filial
Nesse vídeo fecharemos uma vpn ipsec entre matriz e filial (ou redes distintas) utilizando Mikrotik
Roteador Matriz
/interface ethernet
set [ find default-name=ether1 ] name=ether1-wan
set [ find default-name=ether2 ] name=ether2-lan
set [ find default-name=ether3 ] disabled=yes name=ether3
set [ find default-name=ether4 ] disabled=yes name=ether4
/ip address
add address=10.10.10.1/30 interface=ether2-lan network=10.10.10.0
/ip firewall nat
add action=accept chain=srcnat dst-address=172.16.10.0/30 src-address=\
10.10.10.0/30
add action=masquerade chain=srcnat out-interface=ether1-wan
/ip ipsec peer
add address=192.168.1.101/32 secret=abc123
/ip ipsec policy
add dst-address=172.16.10.0/30 sa-dst-address=192.168.1.101 sa-src-address=\
192.168.1.100 src-address=10.10.10.0/30 tunnel=yes
/system identity
set name=MATRIZRoteador Filial
/interface ethernet
set [ find default-name=ether4 ] name=ether1-wan
set [ find default-name=ether1 ] name=ether2-lan
set [ find default-name=ether2 ] disabled=yes name=ether3
set [ find default-name=ether3 ] disabled=yes name=ether4
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=172.16.10.1/30 interface=ether2-lan network=172.16.10.0
/ip firewall nat
add action=accept chain=srcnat dst-address=10.10.10.0/30 src-address=\
172.16.10.0/30
add action=masquerade chain=srcnat out-interface=ether1-wan
/ip ipsec peer
add address=192.168.1.100/32 secret=abc123
/ip ipsec policy
add dst-address=10.10.10.0/30 sa-dst-address=192.168.1.100 sa-src-address=\
192.168.1.101 src-address=172.16.10.0/30 tunnel=yes
/system identity
set name=FILIAL