Hi everyone!
I have gre tunnel enctypted with ipsec and everything work just fine.
After I added two more ip addresses on interface ipsec become broken. I put access lists for all three IPs on other side of tunnel and I see that mikrotik sends IKE packets using wrong IP address.
I tried 6.27-6.29.1 software, it works same way.
Is there a way to specify which address to use for ipsec?
Yes, using 6.29.1, you can specify IP address used per-peer.
/ip ipsec peer set 0 local-address=x.x.x.x
There is local-address in 6.27 too, I tried that, that doesn’t help…
I also tried to add y.y.y.y/32 route to peer with pref-src=x.x.x.x. It doesn’t work as well.
I tried that, that doesn’t work.
It works correctly for me even with 6.23.
Are you sure other NAT / Mangle rules are not interfering?
Sorry for long delay with answer.
You was right.
I had this only rule for that interface:
chain=srcnat action=masquerade to-addresses=0.0.0.0 out-interface=ether1
after I added following before it
chain=srcnat action=src-nat to-addresses=x.x.x.x src-address=x.x.x.x
tunnel seems to work fine
Thanks a lot for help.