A GRE Tunnel is a very quick and easy way to setup a, optionally encrypted, tunnel between 2 endpoints whose WAN IP Addresses are known and static. The GRE tunnel does NOT work with (external) dynamic IP addresses.
Setup the following on both endpoints, swapping remote and local where applicable.
/interface gre add allow-fast-path=no comment="Site 2 Site Network" ipsec-secret="VERY_STRONG_PASSWORD"keepalive=5s,5 local-address=LOCAL_WAN_IP_ADDRESS name=gre-tunnel-location1 remote-address=REMOTE_WAN_IP_ADDRESS
/ip address add address=GRE_INTERFACE_IP_ADDRESSinterface=gre-tunnel-location1
/ip route add distance=1 dst-address=REMOTE_LAN_IP_SUBNET gateway=gre-tunnel-location1
/ip route add distance=1 dst-address=REMOTE_L2TP_VPN_IP_SUBNET gateway=gre-tunnel-location1
Where:
LOCAL_WAN_IP_ADDRESS - External STATIC IP Address assigned by your ISP to the local router.
REMOTE_WAN_IP_ADDRESS - External STATIC IP Address assigned by your ISP to the remote router.
GRE_INTERFACE_IP_ADDRESS - is an arbitary ip address, not in use anywhere else in your network(s) AND the other end of the GRE tunnel is in the same subnet. eg: one end is 10.1.1.1/32, the other is 10.1.1.2/32
REMOTE_LAN_IP_SUBNET - is the LAN subnet of the remote LAN eg: 192.168.1.0/24
REMOTE_VPN_IP_SUBNET - is the LAN subnet of the remote L2TP VPN network, if any. eg: 192.168.2.0/24. See Mikrotik L2TP-IPSec Server.
Adding this will allow VPN clients to route packets to/from the other end of the GRE tunnel.
Adding this will allow VPN clients to route packets to/from the other end of the GRE tunnel.
N.B. Including the ipsec-secret= option requires the allow-fast-path=no option.