HI
i have site to site ip sec tunel between two locations.
Configurations of leaned description
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Site_to_Site_IpSec_Tunnel
Works almost all , but i don’t have communication between routers.
Devices in networks have normal communications ( ping etc) , but when i send ping from router to device from a remote network i have “timeout”
what i am doing bad or what i forgot ?
Piotr
Add a (dummy) route for remote subnet to internal interface. I do this for e.g. netwatch to work.
Thanks,partly helped 
I add route 192.168.0.0/24 ( remote subnet ) for eth-master ( internal interface ) .i have communications with devices from remote subnet, but from router to router i don’t have .any sugestion ?
ok, my mistake , all works, thanks
Thanks! I was trying to figure this one out the other day too. Don’t know why I didn’t think of this!
The dummy rule is for the router to pick the correct ‘from’ IP address.
The default (ether-wan) will have wan IP which is different than the IPsec src-address range.
By adding a default route to ether-lan, the router will pick the local LAN ip which will then be ipsec’d to the target subnet.
There is an alternative by adding the correct route (to WAN) with local source address.
Both alternatives:
(I am not sure about pros and cons. First one makes sure local traffic stays internal (e.g. if ipsec policy gets disabled or removed somehow))
/ip route
add dst-address=[target subnet] gateway=ether-lan
/ip route
add dst-address=[target subnet] gateway=ether-wan pref-src=[lan IP address]