I've played with them a little (I assume by VM's you mean MetaRouter), but haven't found them overly useful, as they saturate the CPU on the device very quickly. That said, my only hardware which supports it is my CRS109's. Just booting a metarouter on the CRS109 pins the CPU to 100% for 60 seconds, then more than 10mbps through the VM keeps it at the 100%, and makes things very laggy.. On 4 July 2016 at 10:31, Alex Samad - Yieldbroker < Alex.Samad@yieldbroker.com> wrote:
Oh, the same address might be an issue. You could use NAT on the ipsec end point aslong as the source address is different..
I'm afraid my knowledge of vm's in mik is rather limited - read but not tried ...
A
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Karl Auer Sent: Monday, 4 July 2016 10:22 AM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] quetion re dual VPNs
On Sun, 2016-07-03 at 23:51 +0000, Alex Samad - Yieldbroker wrote:
Buy another mikrotik !
An AWS Hardware VPN is actually two IPsec tunnels; they terminate on different IP addresses at the AWS end, but on the same address at the customer end.
What about a virtual machine on the mikrotik - or maybe 2 1 for each tunnel and then use bgp/ospf or routing protoclol of choice
Ooh. That sounds interesting. Don't know anything about VMs on the MikroTik. How does that work? And can they share an IP address on an interface?
Vm's will get you around the 1 path per ipsec per device.
Yes - provided they can both have the same address on the same interface. That sounds dubious to me, but I'm ready - nay, eager! - to be amazed.
In the meantime I've had another thought (untested). I wonder whether I can have two proposals, identical but with different names, and whether that would differentiate the second VPN enough for the MikroTik. But if different peers don't differentiate the policies enough, I suspect different proposals won't either. Peers and proposals are sort of on the "wrong end" of the deal - they don't help choose packets, they just help choose where and how.
Regards, K
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: 6D59 8AE6 810D 44E3 7626 7040 4DD6 F89F 3053 4774 Old fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- Damien Gardner Jnr VK2TDG. Dip EE. GradIEAust rendrag@rendrag.net - http://www.rendrag.net/ -- We rode on the winds of the rising storm, We ran to the sounds of thunder. We danced among the lightning bolts, and tore the world asunder