[web server] ↔ [ eth1 Mktk-2.9.13 eth0(pppoe-out1)] <== internet ==> [ eth0(fiber) Mktk-2.9.13 eth1 ] ↔ LAN
I have configured IPsec according to the documentation (http://www.mikrotik.com/docs/ros/2.9/ip/ipsec - “IPsec Between two Masquerading MikroTik Routers”) with the following problem:
I got a tunnel between Mikrotik routers and I was able to ping my ‘web-server’ from my LAN location (laptop with configured local IP). I could also access my ‘web-server’ by a web-browser.
The problem is ping from Mktk DSL router - I wasn’t able to ping and access my LAN from my ‘web-server’ location through DSL connection !
I have tried to change MTU size and Mangle-Forward firewall rules to solve the problem but without results.
However, the only possible way to ping my LAN from my Mktk DSL router was a command prompt ping:
/ping xxx.yyy.zzz src-address=111.222.333 (xxx.yyy.zzz is a local IP address in my LAN and 111.222.333 is a local IP address of my Mktk DSL router - eth1)
Does anybody know which configuration or setup is necessary to be applied on DSL Mkt router to get a normal communication with another IPsec peer and Local network (additioanl routing or …) ?
I have tried using transport + tunnel scenario but without positive results.
I have also tried to install and test 2.9.14 but have got the same result.
Even worse I tried to make testing IPsec VPN between 2 Mkt routers through local router (testing env.) and experienced the similar problems as those in PPPoE scenario.
In comparison with other IPsec software (FreeSWan or Racoon implementations) I got positive results and such systems are working well.
Maybe I am doing something wrong during configuration process.