On Sun, 2016-07-03 at 23:51 +0000, Alex Samad - Yieldbroker wrote:
Buy another mikrotik !
An AWS Hardware VPN is actually two IPsec tunnels; they terminate on different IP addresses at the AWS end, but on the same address at the customer end.
What about a virtual machine on the mikrotik - or maybe 2 1 for each tunnel and then use bgp/ospf or routing protoclol of choice
Ooh. That sounds interesting. Don't know anything about VMs on the MikroTik. How does that work? And can they share an IP address on an interface?
Vm's will get you around the 1 path per ipsec per device.
Yes - provided they can both have the same address on the same interface. That sounds dubious to me, but I'm ready - nay, eager! - to be amazed. In the meantime I've had another thought (untested). I wonder whether I can have two proposals, identical but with different names, and whether that would differentiate the second VPN enough for the MikroTik. But if different peers don't differentiate the policies enough, I suspect different proposals won't either. Peers and proposals are sort of on the "wrong end" of the deal - they don't help choose packets, they just help choose where and how. Regards, K -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 6D59 8AE6 810D 44E3 7626 7040 4DD6 F89F 3053 4774 Old fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB