{"id":551,"date":"2024-03-28T23:00:08","date_gmt":"2024-03-28T20:00:08","guid":{"rendered":"https:\/\/im-cloud.site\/?p=551"},"modified":"2024-03-29T14:06:13","modified_gmt":"2024-03-29T11:06:13","slug":"%d0%bd%d0%b0%d1%81%d1%82%d1%80%d0%be%d0%b9%d0%ba%d0%b0-ikev2-mikrotik","status":"publish","type":"post","link":"https:\/\/cloud-life.site\/?p=551","title":{"rendered":"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 IKEv2 MikroTik"},"content":{"rendered":"\n

\u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c \u0447\u0430\u0441\u043e\u0432\u043e\u0439 \u043f\u043e\u044f\u0441, NTP-\u043a\u043b\u0438\u0435\u043d\u0442\u0430.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\/system clock set time-zone-autodetect=no time-zone-name=Europe\/Moscow\n\/system ntp client set enabled=yes servers=0.ru.pool.ntp.org,1.ru.pool.ntp.org<\/code><\/pre>\n\n\n\n
\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0431\u0440\u0438\u0434\u0436 \u0438 \u0432\u0435\u0448\u0430\u0435\u043c \u043f\u0443\u043b \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u043d\u0430 \u043d\u0435\u0433\u043e \u0436\u0435<\/p>\n\n\n\n
<\/p>\n\n\n\n
\/interface bridge add name=IKE2-loopback\n\/ip address add address=10.0.100.1\/24 interface=IKE2-loopback network=10.0.100.0\n\/ip pool add name=\"IKE2\" ranges=10.0.100.100-10.0.100.200<\/code><\/pre>\n\n\n\n
\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 DNS \u0432\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0432\u0430\u0448\u0435\u0439 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0438, \u043d\u043e \u0432 \u0438\u0442\u043e\u0433\u0435 \u043d\u0430\u043c \u043d\u0443\u0436\u043d\u043e, \u0447\u0442\u043e\u0431\u044b \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 cloud-life.site<\/a> \u043f\u0438\u043d\u0433\u043e\u0432\u0430\u043b\u0441\u044f IP-\u0430\u0434\u0440\u0435\u0441 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c\u043e\u0433\u043e VPN-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 66.66.66.66.<\/p>\n\n\n\n
\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 \u0448\u0430\u0433 — \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432. \u042f \u0440\u0430\u0437\u0431\u0438\u043b \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0431\u043b\u043e\u043a\u0438 \u043d\u0435 \u0441\u043b\u0443\u0447\u0430\u0439\u043d\u043e. \u041e\u0448\u0438\u0431\u043a\u0438 \u043f\u0440\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u043d\u0430\u043c \u043d\u0435 \u043d\u0443\u0436\u043d\u044b. \u0412\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u043f\u043e \u043f\u043e\u0440\u044f\u0434\u043a\u0443, \u0434\u043e\u0436\u0438\u0434\u0430\u044f\u0441\u044c \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0430 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u0438\u044f, \u043d\u0435 \u043f\u0440\u0435\u0440\u044b\u0432\u0430\u0442\u044c!!!!<\/p>\n\n\n\n
\u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u043a\u043e\u0440\u043d\u0435\u0432\u043e\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442:<\/p>\n\n\n\n
<\/p>\n\n\n\n
\/certificate<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
    add name=CA.cloud-life.site country=RU state=MO \\\n    locality=\"Moscow region\" organization=Cloud-life \\\n    common-name=CA.cloud-life.site subject-alt-name=IP:66.66.66.66 \\\n    key-size=2048 days-valid=3650 trusted=yes \\\n    key-usage=digital-signature,key-encipherment,data-encipherment,key-cert-sign,crl-sign<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
sign CA.cloud-life.site<\/code><\/pre>\n\n\n\n
\u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 VPN-\u0441\u0435\u0440\u0432\u0435\u0440\u0430:<\/p>\n\n\n\n
<\/p>\n\n\n\n
add name=ikev2@cloud-life.site country=RU state=MO locality=\"Moscow region\" \\\norganization=Cloud-life common-name=ikev2@cloud-life.site subject-alt-name=DNS:cloud-life.site \\\nkey-size=2048 days-valid=3560 trusted=yes key-usage=tls-server<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
sign ikev2@cloud-life.site ca=CA.cloud-life.site<\/code><\/pre>\n\n\n\n
\u0421\u043e\u0437\u0434\u0430\u0451\u043c \u0448\u0430\u0431\u043b\u043e\u043d \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441 \u0448\u0430\u0431\u043b\u043e\u043d\u0430:
<\/p>\n\n\n\n
add name=~clienttemplate@cloud-life.site country=RU state=MO    locality=\"Moscow region\" \\\norganization=Cloud-life common-name=~client-template@cloud-life.site \\\nsubject-alt-name=email:~clienttemplate@cloud-life.site key-size=2048 days-valid=3650 \\\ntrusted=yes key-usage=tls-client<\/code><\/pre>\n\n\n\n
\u0421\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0434\u043b\u044f \u0441\u0445\u0435\u043c\u044b Site 2 Site (\u0434\u043b\u044f \u043c\u0438\u043a\u0440\u043e\u0442\u0438\u043a\u0430 Site-2):<\/p>\n\n\n\n
<\/p>\n\n\n\n
add copy-from=~clienttemplate@cloud-life.site name=s2s@cloud-life.site \\\ncommon-name=s2s@cloud-life.site subject-alt-name=email:s2s@cloud-life.site<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
sign s2s@cloud-life.site ca=CA.cloud-life.site<\/code><\/pre>\n\n\n\n
\u0414\u043b\u044f \u043f\u0435\u0440\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430:<\/p>\n\n\n\n
<\/p>\n\n\n\n
add copy-from=~clienttemplate@cloud-life.site name=client-1@cloud-life.site \\\ncommon-name=client-1@cloud-life.site subject-alt-name=email:client-1@cloud-life.site<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
sign client-1@cloud-life.site ca=CA.cloud-life.site<\/code><\/pre>\n\n\n\n
\u0414\u043b\u044f \u0432\u0442\u043e\u0440\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0430 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u043e \u0442\u043e\u0439 \u0436\u0435 \u0441\u0445\u0435\u043c\u0435:<\/p>\n\n\n\n
<\/p>\n\n\n\n
add copy-from=~clienttemplate@cloud-life.site name=client-2@cloud-life.site \\\ncommon-name=client-2@cloud-life.site subject-alt-name=email:client-2@cloud-life.site<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
sign client-2@cloud-life.site ca=CA.cloud-life.site<\/code><\/pre>\n\n\n\n
\u0414\u0430\u043b\u0435\u0435 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u043c \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u043a\u043b\u044e\u0447\u0438, \u043d\u043e \u043e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u044e\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u043d\u044b\u0445 \u0444\u043e\u0440\u043c\u0430\u0442\u0430\u0445 (pem \u0438 pkcs12). \u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 \u043f\u0430\u0440\u043e\u043b\u044c \u043f\u0440\u0438 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0435, \u0442.\u043a. \u043f\u0440\u0438 \u0435\u0433\u043e \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0438 \u043e\u0448\u0438\u0431\u043e\u043a \u043d\u0435 \u0431\u0443\u0434\u0435\u0442, \u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c VPN \u0442\u043e\u0436\u0435 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442. \u041d\u0438 \u0432 \u043a\u043e\u0435\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0439\u0442\u0435 CA-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0441 \u043f\u0430\u0440\u043e\u043b\u0435\u043c, \u0442.\u043a. \u0442\u043e\u0433\u0434\u0430 \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447.<\/p>\n\n\n\n
<\/p>\n\n\n\n
\/certificate export-certificate CA.cloud-life.site type=pem<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/certificate export-certificate ikev2@cloud-life.site type=pem  export-passphrase=passwordforexport<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/certificate export-certificate s2s@cloud-life.site type=pem  export-passphrase=passwordforexport<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/certificate export-certificate client-1@cloud-life.site type=pkcs12  export-passphrase=passwordforexport<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/certificate export-certificate client-2@cloud-life.site type=pkcs12  export-passphrase=passwordforexport<\/code><\/pre>\n\n\n\n
\u0421\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u043c \u044d\u043a\u0441\u043f\u043e\u0440\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u043c \u0432 \u043e\u0434\u043d\u0443 \u043f\u0430\u043f\u043a\u0443. \u042f \u0435\u0449\u0435 \u0438 \u043f\u0435\u0440\u0435\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043b \u0441\u043a\u0430\u0447\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u0443\u0434\u043e\u0431\u0441\u0442\u0432\u0430, \u0443\u0434\u0430\u043b\u0438\u0432 \u043d\u0430\u0447\u0430\u043b\u043e cert_export_.<\/p>\n\n\n\n
\u0427\u0443\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043c FireWall \u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u043c MSS. \u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u0440\u0430\u0437\u043c\u0435\u0449\u0430\u0439\u0442\u0435 \u043f\u0435\u0440\u0435\u0434 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u044e\u0449\u0438\u043c\u0438!!!! \u042f \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0443 \u0438\u0445 \u0432 \u0441\u0430\u043c\u043e\u043c \u043d\u0430\u0447\u0430\u043b\u0435 \u0441\u043f\u0438\u0441\u043a\u0430 (place-before=0)<\/p>\n\n\n\n
<\/p>\n\n\n\n
\/ip firewall filter<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=accept chain=input comment=\"IKE2 - Accept UDP 500,4500 IPSec\" \\\n    dst-address=66.66.66.66 dst-port=500,4500 protocol=udp place-before=0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=accept chain=input comment=\"IKE2 - Accept IPSec-esp\" dst-address=\\\n    66.66.66.66 protocol=ipsec-esp place-before=0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=accept chain=input comment=\"Accept - In Ipsec\" ipsec-policy=\\\n    in,ipsec src-address=10.0.100.0\/24 place-before=0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=accept chain=forward comment=\\\n    \"Accept - All Traffic from VPN to ANY\" dst-address=192.168.0.0\/22 \\\n    ipsec-policy=in,ipsec src-address=10.0.100.0\/24 place-before=0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=accept chain=forward comment=\\\n    \"Accept - All Traffic from VPN to ANY\" dst-address=0.0.0.0\/0 \\\n    ipsec-policy=in,ipsec src-address=10.0.100.0\/24 place-before=0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/ip firewall mangle<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=change-mss chain=forward dst-address=10.0.100.0\/24 ipsec-policy=\\\n    in,ipsec new-mss=1360 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=\\\n    !0-1360  place-before=0<\/code><\/pre>\n\n\n\n
\u0414\u043e\u0431\u0430\u0432\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u0430 NAT \u0438 \u043f\u043e\u043c\u0435\u0441\u0442\u0438\u043c \u0438\u0445 \u043d\u0430\u0434 \u043f\u0440\u0430\u0432\u0438\u043b\u043e\u043c \u043e\u0441\u043d\u043e\u0432\u043d\u043e\u0433\u043e \u043c\u0430\u0441\u043a\u0430\u0440\u0430\u0434\u0430:<\/p>\n\n\n\n
<\/p>\n\n\n\n
\/ip firewall nat<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=masquerade chain=srcnat comment=\"ike2 masq non ipsec\" \\\n    ipsec-policy=out,none out-interface-list=\"WAN interfaces\" place-before=0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=masquerade chain=srcnat comment=\"ike2 masq non ipsec\" \\\n    ipsec-policy=out,none out-interface-list=\"WAN interfaces\" src-address=\\\n    10.0.100.0\/24 place-before=0<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add action=src-nat chain=srcnat comment=\"ike2 masq non ipsec\" ipsec-policy=\\\n    out,none out-interface=WAN src-address=10.0.100.0\/24 to-addresses=\\\n    66.66.66.66 place-before=0\n<\/code><\/pre>\n\n\n\n
\u041d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b IPSec. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u0435\u0434\u0438\u043d\u0430 \u043a\u0430\u043a \u0434\u043b\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Client 2 Site, \u0442\u0430\u043a \u0438 \u0434\u043b\u044f Site 2 Site:
<\/p>\n\n\n\n
\/ip ipsec policy group<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add name=\"clients\"\nadd name=\"s2s<\/code><\/pre>\n\n\n\n
«
<\/p>\n\n\n\n
\/ip ipsec profile<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \\\n    hash-algorithm=sha256 name=\"cloud-life.site\"<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/ip ipsec peer<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
    add exchange-mode=ike2 local-address=66.66.66.66 name=\\\n    \"peer VPN\" passive=yes profile=\"cloud-life.site\"<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/ip ipsec proposal<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add auth-algorithms=sha512,sha256,sha1 enc-algorithms=\"aes-256-cbc,aes-256-ctr\\\n    ,aes-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm\" \\\n    lifetime=8h name=\"cloud-life.site\" pfs-group=none<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/ip ipsec mode-config<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add address-pool=IKE2 address-prefix-length=32 name=clients.cloud-life.site split-include=\\\n    0.0.0.0\/0 static-dns=10.0.100.1 system-dns=no<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add address=10.0.100.2 name=s2s.cloud-life.site split-include=10.0.100.1 static-dns=10.0.100.1 \\\n    system-dns=no<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/ip ipsec identity\n    add auth-method=digital-signature certificate=ikev2@cloud-life.site \\\n    generate-policy=port-strict match-by=certificate mode-config=clients.cloud-life.site \\\n    peer=\"peer VPN\" policy-template-group=\"clients\" \\\n    remote-certificate=client-1@cloud-life.site remote-id=user-fqdn:client-1@cloud-life.site<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add auth-method=digital-signature certificate=ikev2@cloud-life.site \\\n    generate-policy=port-strict match-by=certificate mode-config=clients.cloud-life.site \\\n    peer=\"peer VPN\" policy-template-group=\"clients\" \\\n    remote-certificate=client-2@cloud-life.site remote-id=user-fqdn:client-2@cloud-life.site<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add auth-method=digital-signature certificate=ikev2@cloud-life.site \\\n    generate-policy=port-strict match-by=certificate mode-config=s2s.cloud-life.site \\\n    peer=\"peer VPN\" policy-template-group=\"s2s\" \\\n    remote-certificate=s2s@cloud-life.site remote-id=user-fqdn:s2s@cloud-life.site<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/ip ipsec policy<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
add dst-address=10.0.100.2\/32 group=s2s proposal=cloud-life.site src-address=10.0.100.1\/32 template=yes\n    add dst-address=10.0.100.0\/24 group=clients proposal=cloud-life.site src-address=0.0.0.0\/0 template=yes<\/code><\/pre>\n\n\n\n
\u0421\u0440\u0430\u0437\u0443 \u0434\u043e\u0431\u0430\u0432\u0438\u043c GRE-\u0442\u0443\u043d\u043d\u0435\u043b\u044c, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u043c \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043d\u0430\u043c \u043b\u0435\u0433\u043a\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0446\u0438\u044e \u043c\u0435\u0436\u0434\u0443 \u043e\u0444\u0438\u0441\u0430\u043c\u0438:<\/p>\n\n\n\n
<\/p>\n\n\n\n
\/interface gre add local-address=10.0.100.1 name=\"IKEv2-GRE-Tunnel\" remote-address=10.0.100.2<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n
\/ip route add distance=1 dst-address=10.10.10.0\/24 gateway=\"IKEv2-GRE-Tunnel\"<\/code><\/pre>\n\n\n\n
\u041d\u0430 \u044d\u0442\u043e\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 VPN-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043c\u043e\u0436\u043d\u043e \u0441\u0447\u0438\u0442\u0430\u0442\u044c \u0437\u0430\u043a\u043e\u043d\u0447\u0435\u043d\u043d\u043e\u0439 \u0438 \u043f\u043e\u0440\u0430 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u0442\u044c \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0430.<\/p>\n\n\n\n
\u041e\u0431\u0441\u0443\u0434\u0438\u0442\u044c \u0441\u0442\u0430\u0442\u044c\u044e \u043d\u0430 \u0444\u043e\u0440\u0443\u043c\u0435<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
IKEv2 — \u0441\u0430\u043c\u043e\u0435 \u0431\u044b\u0441\u0442\u0440\u043e\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0438 \u043f\u0435\u0440\u0435\u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435. \u0423\u0434\u043e\u0431\u043d\u043e,  \u043f\u0440\u0438 \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432 \u0434\u0432\u0438\u0436\u0435\u043d\u0438\u0438.<\/p>\n","protected":false},"author":1,"featured_media":553,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-551","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mikrotik"],"_links":{"self":[{"href":"https:\/\/cloud-life.site\/index.php?rest_route=\/wp\/v2\/posts\/551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloud-life.site\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloud-life.site\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloud-life.site\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloud-life.site\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=551"}],"version-history":[{"count":6,"href":"https:\/\/cloud-life.site\/index.php?rest_route=\/wp\/v2\/posts\/551\/revisions"}],"predecessor-version":[{"id":831,"href":"https:\/\/cloud-life.site\/index.php?rest_route=\/wp\/v2\/posts\/551\/revisions\/831"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloud-life.site\/index.php?rest_route=\/wp\/v2\/media\/553"}],"wp:attachment":[{"href":"https:\/\/cloud-life.site\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloud-life.site\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=551"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloud-life.site\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}