Hi,
I have “hap ac lite” device for home usage with default configuration (QuickSet).
I want to access my home LAN from my android phone so I configured “Road Warrior setup using IKEv2 with RSA authentication”
https://help.mikrotik.com/docs/display/ROS/IPsec#IPsec-RoadWarriorsetupusingIKEv2withRSAauthentication
and it works but only when I am on Wi-Fi on my home network.
When I switch my android to use mobile network it cannot establish VPN connection.
I use correct IP of my router, etc. Still no success.
What could go wrong? I followed all the steps in the wiki.
Thanks,
> /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
4 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
5 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
6 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
7 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
8 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
9 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
10 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
11 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN