This tutorial is on setting Mikrotik as IPSec concentrator. Road-Warriors will be able to establish secure IPSec connection using the ShrewSoft VPN client.
Setting Mikrotik IPSec parametars
Since Road-Warriors will connect from different locations we need to set peer with address 0.0.0.0/0 and automatically generate polixy
/ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key exchange-mode=main\ secret=123456 hash-algorithm=md5 enc-algorithm=3des generate-policy=yes
Make sure that the default proposal has Authentication algorithm sha1 and Encryption algorithm 3des
Setting ShrewSoft VPN Client
Put the Mikrotik router Public IP address in Remote Host and change the Local Host to Use existing adapter and current address
Disable NAT Traversal and IKE Fragmentation if you are not using NAT Traversal
If you need WINS and Local DNS put it manually, otherwise disable this parameters
Under Authentication set Authentication Method as Mutual PSK, Local Identity as IP Address and put the secret in Credential -> Pre Shared Key
Set the Phase1 Parameters to match Mikrotik Peer configuration: main, group2, 3des, md5, 86400
Set the Phase2 Parameters to match Mikrotik default proposal: esp-3des, sha1, group2, and change the Key Life Time limit to 1800 because in Mikrotik default proposal Lifetime is 00:30:00
Finally we need to add the local network (10.20.30.0/24) that we want to route trough the IPSec VPN connection.
That’s it! You have your 50$ IPSec VPN Concentrator without the need to buy additional licences or expensive routers.