Hello!
I am a newbie to IPSEC and have limited knowledge of networking.
I am trying to set up a IPSEC and as far as that goes it is working, i get established on both ends, but no traffic passes thru.
I have tried to follow countless guides, but no luck.
So what am i doing wrong?
(Is there no need to set up a route on either device?)
On the pfSense i have set a firewall rule on ipsec interface to any-any.
My conf regarding IPSEC on my MikroTik is:
# apr/26/2018 10:19:17 by RouterOS 6.42.1
# software id = EIFW-UCH9
#
# model = RouterBOARD 3011UiAS
# serial number = xxxxxxxxxx
/ip ipsec proposal
set [ find default=yes ] disabled=yes enc-algorithms=aes-256-cbc lifetime=1h pfs-group=none
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=1h name=sha256-aes256cbc pfs-group=modp2048
/ip ipsec peer
add address=1.1.1.1/32 dh-group=modp2048 enc-algorithm=aes-256 exchange-mode=ike2 hash-algorithm=sha256 lifetime=8h notrack-chain=prerouting secret=secret
/ip ipsec policy
set 0 disabled=yes
add dst-address=10.10.2.0/24 proposal=sha256-aes256cbc sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=10.10.1.0/24 tunnel=yes
/ip firewall raw
add action=notrack chain=prerouting dst-address=10.10.2.0/24 src-address=10.10.1.0/24
add action=notrack chain=prerouting dst-address=10.10.1.0/24 src-address=10.10.2.0/24
/ip firewall filter
add action=accept chain=input dst-port=4500 protocol=udp src-address=1.1.1.1
add action=accept chain=input protocol=ipsec-esp src-address=1.1.1.1
/ip firewall nat
add action=accept chain=srcnat dst-address=10.10.2.0/24 src-address=10.10.1.0/24