AWS Site-To-Site VPN with MikroTik, using BGP Dynamic Routing
HTML-код
- Опубликовано: 23 июл 2024
- In this video we are going to see how to connect our MikroTik router to the AWS Site-To-Site VPN service and use BGP TO advertise our IP Prefix to the AWS. This tutorial will help you in navigating the options and configuration at AWS site also.
00:00 Introduction
01:00 Important Note AWS Site-To-Site is a paid service
01:23 AWS Console what we are doing
02:19 CGW, VPG & Site-to-Site VPN setup
04:15 Finding your VPC network details
05:05 Download Configuration for MikroTik
06:12 Configuring IPSEC on MikroTik
11:57 Configure MikroTik Side BGP for advertising Prefix to AWS
15:25 Get routes from AWS Side, attach VPG to VPC
17:18 Install route in AWS route tables by activating propogation
18:30 Outro Наука
Well done. I adapted these steps to work on GCP.
Glad to know that it helped
Thanks a lot, nice video and very precise. Keep up the good work!
Thanks for your feedback
Excellent Tutorial !! Very well done. Keep up the good work.
Thanks, will do!
Thanks a lot, the moment I watched you video saying S2S VPN is paid I checked my billing and surprised myself, my failed attempts with this service for almost a week cost me a good amount. Glad I watched your video and prevented further loss.
Thanks for the feedback. Yes I had left it on for a week so did cost me a little not much though
Excellent man, congrats!
Thank you! Cheers!
Thank you for the video. However, what about the MTU size? From my experience, tunnel-based VPNs could have potential issues if you use the default interface MTU. The problem may not be visible initially, but it could arise when you start sending, for example, SQL queries over the IPsec tunnel. This means a lot of small packets will be transmitted over it, which might cause some issues.
nice video for me
Can we do this via AWS direct connect instead of S2S VPN?
Great. Please another one is needed with static ip.
For sure I will work on this
Good video. What model is the MikroTik you are using?
Do you have a tutorial as well, but using Azure instead of AWS?
Is it possible to connect with the Rest API?
I'm using RouterOS v7.1.5. The BGP > Peer Cache doesn't exist anymore. Also you don't mention any firewall rule required to make this work. Tried here and it just don't work. I see the message "00:21:02 ipsec,info ISAKMP-SA established" in the logs which means Phase 1 is working but on the BGP > Sessions tab I never see a connection which led me to believe the BGP connection was never successful. Can you elaborate more on that or point to some docs/tutorial? Thanks!
Hey I faced a lot of problem with AWS so if you want we can connect via skype/zoom and do this send me email on mail@mankomal.com
Also for BGP changes in v6 and v7 suggest you go thru this video ruclips.net/video/elhj-1n-DD4/видео.html
@@MankomalSingh I've sent you an email. Please share your Skype contact info there :) I appreciate any help!
I'm using soft 7.6 and It dosen't work. in AWS I see 0 BGP routes. I did all configuration like in video but still no success
Same here! Maybe you found solution for this issue?
Hey guys sorry I havent done much work lately on this but will love to work on it. Someone recently emailed me and they faced similar issue
I will look in to this and if need be make an updated video of the same
@@MankomalSingh I too cannot get this to work. Tutorial coming soon?
How to establish `Tunnel 2` if I use tutorial for `Tunnel 1` i have a problem in point with IPsec Policies ?
So tunnel 2 will create problem as the src and dst will remain same and this will always be disabled state. You will need to build a script which actively check and disables 1 and enables 2
@@MankomalSingh Will be awesome if you make a part 2 of this video, configuring tunnel 2, with a sample script. I try here but there is no way to be good like I want. This is one of the few if not the only video tutorials more recent about this very specific subject. And even in the old videos that I found, no one makes a config of tunnel 2.
Is posible to configure P2S in the same vpn
Hi Cristopher, I don’t think so. Can you explain more what you are trying to achieve.
what about aws as a routeros hotspot server?
Hello Khiano, hotspot runs on L2 so do you want to setup a centralised hotspot?
what about vps hosting ?
What's your email address?
mail@mankomal.com
@@MankomalSingh Thank you please check your inbox.