On Sun, 2016-06-26 at 21:23 +0800, Russell Hurren wrote:
Unfortunately I did it 2 years ago and then wiped out the configuration now I'm not using EC2 anymore. Going through some old emails, I found this: http://rant.gulbrandsen.priv.no/amazon/mikrotik-aws-ipsec
Yes - that's a useful article.
I'll have a closer look at the documentation and see if I can dig up any notes I might have left myself. I do remember that it only works with a single tunnel...
Yes - MikroTik doesn't permit two different policies to apply to the same data. If you try, it disables one. But I found I could switch between the two quite easily by disabling the working one, enabling the disabled one, then flushing the installed security associations. Since the only reason you would ever need to switch would be if the one you were using failed, it's a good candidate for a little script to monitor the remote endpoint and switch if it becomes unreachable. Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160 GPG fingerprint: 6D59 8AE6 810D 44E3 7626 7040 4DD6 F89F 3053 4774 Old fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB