Hi again everyone,
I am trying to setup an IPSec connection between 2 routers. I can get the peers to connect but cannot get any traffic to traverse the tunnel. I am sure it is something I am doing wrong.
It is a very simple setup. We have a wireless LAN between some buildings. Both of these routers are on that LAN. One router, lets call it router one has the address of 10.150.0.1/22 for it’s local lan dhcp network. The other uses 192.168.80.1/24 for it’s local lan.
I turned on debugging in the logs for IPsec and I see the received a valid R-U-THERE, ACK Sent but I do not see any other errors. I cannot ping from one address range to the other. The routers can ping each other on the wireless LAN, and the peers are connected so that part of the connectivity is ok. I am sure it is something I am doing wrong.
The configurations are below, if someone could point out what I am doing wrong that would be awesome. Also, how do you debug connections or check on the status of the connections? I come with a background from another router manufacturer and cannot find similar status or debugging in RouterOS. Also, when it is working, do the ip addresses show up in a routing table, address table, etc?
Router 1 which uses Wireless LAN ip 10.232.1.168:
add address=10.150.0.1/22 interface=v50-MGMT network=10.150.0.0
/ip dhcp-server network
add address=10.150.0.0/22 dns-server=10.44.2.23 gateway=10.150.0.1/ip firewall nat
add chain=srcnat dst-address=192.168.80.0/24 src-address=10.150.0.0/20/ip ipsec peer
add address=10.232.1.125/32 nat-traversal=no secret=xxxxxx/ip ipsec policy
set 0 disabled=yes dst-address=10.150.0.0/20 src-address=192.168.80.0/24
add dst-address=10.150.0.0/20 sa-dst-address=10.232.1.125 sa-src-address=
10.232.1.168 src-address=192.168.80.0/24 tunnel=yes
add dst-address=192.168.80.0/24 sa-dst-address=10.232.1.125 sa-src-address=
10.232.1.168 src-address=10.150.0.0/20 tunnel=yes
Router 2 which uses Wireless LAN address of 10.232.1.125:
/ip address
add address=192.168.80.1/24 comment=“default configuration” interface=
ether2-master-local network=192.168.80.0/ip dhcp-server network
add address=192.168.80.0/24 comment=“default configuration” gateway=
192.168.80.1/ip firewall nat
add chain=srcnat dst-address=10.150.0.0/20 src-address=192.168.80.0/24
add action=masquerade chain=srcnat comment=“default configuration”
out-interface=ether1-gateway/ip ipsec peer
add address=10.232.1.168/32 nat-traversal=no secret=xxxxx
/ip ipsec policy
set 0 dst-address=192.168.80.0/24 src-address=10.150.0.0/20
Any help to point me in the correct direction is greatly appreciated.
Thanks
Mike