A GRE Tunnel is a very quick and easy way to setup a, optionally encrypted, tunnel between 2 endpoints whose WAN IP Addresses are known and static. The GRE tunnel does NOT work with dynamic IP addresses.
Setup the following on both endpoints, swapping remote and local where applicable.
/interfacegre addallow-fast-path=nocomment="Site 2 Site Network"ipsec-secret="VERY_STRONG_PASSWORD"keepalive=5s,5local-address=LOCAL_WAN_IP_ADDRESS name=gre-tunnel-location1 remote-address=REMOTE_WAN_IP_ADDRESS
/iproute adddistance=1dst-address=REMOTE_LAN_IP_SUBNET gateway=gre-tunnel-location1
/iproute adddistance=1dst-address=REMOTE_L2TP_VPN_IP_SUBNET gateway=gre-tunnel-location1
LOCAL_WAN_IP_ADDRESS - External STATIC IP Address assigned by your ISP to the local router.
REMOTE_WAN_IP_ADDRESS - External STATIC IP Address assigned by your ISP to the remote router.
GRE_INTERFACE_IP_ADDRESS - is an arbitary ip address, not in use anywhere else in your network(s) AND the other end of the GRE tunnel is in the same subnet. eg: one end is 10.1.1.1/32, the other is 10.1.1.2/32
REMOTE_LAN_IP_SUBNET - is the LAN subnet of the remote LAN eg: 192.168.1.0/24
- is the LAN subnet of the remote L2TP VPN network, if any. eg: 192.168.2.0/24. See Mikrotik L2TP-IPSec Server
Adding this will allow VPN clients to route packets to/from the other end of the GRE tunnel.
N.B. Including the ipsec-secret= option requires the allow-fast-path=no option.