Basic frustrations - VPNs and Firewalls

terminal205 · December 30, 2019, 11:21pm

I’m attempting to setup a RB2011 as a 3rd party VPN access point for a SDWAN network.

I have successfully gotten the IPSec tunnel to connect andI can ping and surf the immediate remote network located on the MT.

My setup is pretty straight forward. SDWAN firewall and MT on a public /29. I have physically connected their LANs together with a patch cord.

IP Routes and ARP tables on both devices show the correct information. However, I cannot PING across the patch cord to the other device.

Both interfaces are on the same subnet. I feel like I’m missing something really basic here. Any thoughts?

eth1 : ISP-IP
bridge (remainging ether ports): 10.10.11.2/24
eth2 : connected to SDWAN device.
SDWAN Device eth port : 10.10.11.1

DHCP on the MT is setup with the following settings :
DNS : 10.10.11.2; 9.9.9.9
Range : .100 - .199

jimbobst · December 31, 2019, 4:51am

Sdwan device is tagging? Perhaps sniff eth2 port with wireshark and see what is going on

Sent from my Mi 9T using Tapatalk

terminal205 · December 31, 2019, 2:15pm

The SDWAN device is tagging using VLAN 0.
Is there something I need to do to enable the MT to pass this traffic? I was under the impression most routers automatically accepted VLAN0

jimbobst · December 31, 2019, 5:49pm

Possibly your problem. See last post here http://forum.mikrotik.com/t/rb2011-how-do-i-strip-tagged-vlan-0/94770/1

Sent from my Mi 9T using Tapatalk

CZFan · December 31, 2019, 6:39pm

Does it work when you connect to ports 6 - 10 on the RB2011?