However, … i tried to connect my Fritzbox (Fritz-6490 Cable - OS 07.10) to my Mikrotik Router via VPN (Site 2 Site) over Internet but failed now for several days. Now I tried the above script and have an establish connection but can’t ping or get data from both sides.
What I’m doing wrong ? Do I need additional routes on both sides ? It looks a little bit like both side do not get an IP(?)
See below my latest config - is there something wrong in the IPSEC policy ?
Fritzbox = 192.168.1.1
Mikrotik = 192.168.88.1
Mikrotik over Internet IP = IPfROMmIKROTIK
Fritzbox over Internet IP = IPfROMfRITZBOX
no I did’nt have that rules - adding them didn’t solve my issue. Interesting script you’ve linked. Will try this next week when in front of the mikrotik. Giong to see how much speed I’ll get (Fritz 400/40 - Mikrotik 100/20).
It strongly depends on your MikroTik model, which you haven’t revealed…
The old boxes like RB750r2 or RB2011 will not be able to do more than about 10 Mbps but for newer devices like RB750Gr3 and the 1100/3011/4011/CCR etc it will be no problem to saturate the connection.
You need a native IPv4 connectivity (public IPv4 address) - DS lite does NOT work. I have on both ends IPv4 and IPv6 dual stack. In principle IPv4 on one end (receiver side) should work as well, but it did not work for me before my ISP upgraded me to dual stack.
Currently I’m using the myfritz service for dynDNS, but theoretically any other dynDNS service should work as well (did not test this yet, but might go for it once I upgraded to mikrotik on both ends).
If your mikrotik is behind a fritz box you need to delete all VPN configurations (site-to-site & user VPN connections - just disable them will NOT work) and set forwarding rules for UDP ports 500, 4500 and protocol ESP to your mikrotik. Furthermore add a static route on that fritz box for the remote network to your mikrotik (in Heimnetz->Netzwerk->Netzwerkseinstellungen->Statische Routingtabelle->IPv4-Routen)
Well I tried, but getting massive errors. Peers not found, Aggressive DH mode not allowed twice and so on. I cant manage my vpn with your script as a ‘standard’-user.
Well finally - I got it working with my script posted first !!!
the only thing I changed was on the fritzbox vpn menu → I always gave a name for the vpn there - without giving a name within the fritzbox menu connection is directly established and I can ping
for getting access to webpages (beside fritzbox) I had to add a route in mikrotik to the network (192.168.1.0/24)
What I’m missing now is to get this working also for other networks that I’m running behind the fritzbox (192.168.0.0/192.168.2.0/192.168.3.0). I have different network setup behind the fritz (all of them have a working internet access). How can I realize this from the mikrotik vpn Is there somewhere the possibility to make this possible ?
Actually I deleted the script from the mikrotik (as I was not willing to have an vpn setup and not working).
Log into the MikroTik router interface using the web browser or WinBox application, the IP address of the router is 192.168. 88.1 by default, login is admin with no password if haven’t changed previously. 2. Go to “Interfaces” (left hand side menu), find you VPN connection.
[/quote]
Actually I do not understand what you are willing to say ?
Good question. Actually I’m not using this connection and amount of subnetworks anymore (now FRITZ!Box+Microtik - Mikrotik). I remember it was tricky but can’t remember the steps. It’s easier to bridge a port (FRITZ!Box) and using a second Microtik (however you need dual stack from your inet provider).
finally - I got it working with my script posted first !!!
