I installed a new router today. It had fasttrack enabled.
among other things I set up a ipsec connection to my home.
It didn’t work properly. icmp did work, ftp did work, telnet to port 22 showed me the message of the ssh deamon.. but I wasn’t able to connect with ssh, nor with telnet, nor getting webserver connections (to my ipsec net).
I tried and tried for hours… till I had the idea to disable fasttrack and booom… everything works as expected.
I use SSH through my IPSec tunnel daily and fasttrack hasn’t been an issue. Have you verified that your MTU is correct? I have seen a lot of SSH issues when packets get fragmented.
I will run some tests on my setup and see if I can duplicate your issue.
Good hint. I hadn’t set the mtu at all - it has always been correct so far. (1500/1520). But not on this router, when leaving it empty it takes all kind of strange values 1598, and something other.
I corrected that, but this didn’t change my problem. Fasttrack on → nothing reachabel, fasttrack off → everything works as expected. It’s also not only ssh, i.E. a telnet to port 80 of a webserver gave ‘no route to host’ with fasttrack on.
PS: RB750 with Router OS 6.30.1, on my side a 450G with the same version.
On all my other routers, the forward rule was enough to allow access to the whole subnet. On this router, without the input rule I can access the whole subnet minus the router (which has it’s own logic, but…)
Oh, and that:
add action=drop chain=input comment=“default configuration” in-interface=Swisscable
should prob. go to the very bottom. But then, my traffic is already allowed further up, so prob. it doesn’t makt a difference. But I’ll try that right away.
Oh the otherhand this is the default: