/ip firewall filter
add action=accept chain=input protocol=tcp dst-port=1723
add action=accept chain=input protocol=47
But at least color contrast was fine 😅
So the name is lo:I get "input does not match any value of interface". I see a lo interface, but not a lo1.
/ip address
add address=192.168.10.1/24 interface=lo
/ip ipsec policy group
add name=ikev2-policies
/ip ipsec policy
add dst-address=192.168.10.0/24 group=ike2-policies proposal=proposal1 src-address=0.0.0.0/0 template=yes
/ip address
add address=192.168.10.1/24 interface=lo1
add address=192.168.170.0/28 interface=openmetallab-management-vlan170 \
network=192.168.170.0
/system logging
add topics=ipsec,!debug
/system logging
add action=memory topic=ipsec,!debug
No need to be, IPsec on MikroTik and overall is a bit finickyalso sorry for maybe dumb questions but im still quite new to thee VPNs in mikrotik.
/ip ipsec policy
add action=encrypt src-address=192.168.1.0/24 dst-address=171.11.153.20
/ip route
add dst-address=192.168.1.116 gateway=<l2tp client interface>
/routing table
add fib name=through_VPN
/ip route
add dst-address=0.0.0.0/0 gateway="remote tunnel IP"
/routing rule
add src-address=192.168.1.116 action=lookup-only-in-table table=through_VPN
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp-sfpplus1
/ip firewall nat
set 1 src-address=192.168.0.18 dst-address="" src-port=9050 dst-port=""
set 11 src-address="" dst-address="WAN_address"
/export file=anynameyouwish
/interface bridge port remove [ find interface=[ find default-name=ether1 ] ]
/ip firewall filter
add action=accept chain=forward comment="VLAN inter-VLAN routing" in-interface-list=VLAN out-interface-list=VLAN log=yes
/ip hotspot walled-garden ip add action=accept server="ether3_server" src-address=192.168.65.0/24
/ip firewall filter
add chain=forward action=drop src-address=192.168.0.0/24 dst-address=10.0.0.0/24
add chain=forward action=drop src-address=10.0.0.0/24 dst-address=192.168.0.0/24
/ip firewall filter add action=accept chain=forward src-address=192.168.65.0/24 dst-address=192.168.70.0/24
/ip firewall filter add action=drop chain=input src-address=192.168.0.0/24 protocol=tcp dst-port=22
/ip ipsec identity
set [find peer=IKEv2] certificate="dns_certificate"