Hi all, Ive spotted an issue with my IPSEC policy matching and Im struggling to fix it. Currently traffic that should hit the policy is being sent out the default route. This same configuration is working on another router, and was working previously.
The intention is that a IPSEC tunnel is configured between 70.239.117.128 and 67.192.240.110.
‘Interesting traffic’ from 198.18.0.28 to 198.18.0.1 should route via the IPSEC Tunnel
A GRE Tunnel should be configured between 198.18.0.28 and 198.18.0.1.
The local side of the GRE tunnel should have the IP 198.18.100.158/30 and the remote is 198.18.100.157/30.
However, GRE and pings are going out unencrypted via the default route. Any ideas?
Config is below-
Loopback interface for IPSEC tunnel-
/interface bridge add name=loopback199 protocol-mode=none
IPSEC Config-
/ip ipsec proposal
add enc-algorithms=aes-128-cbc name=FreePeerX pfs-group=modp1536
/ip ipsec peer
add address=67.192.240.110/32 dh-group=modp1536 enc-algorithm=aes-128 nat-traversal=no secret=fpx-hubs-ipsec
/ip ipsec policy
set 0 disabled=yes
add dst-address=198.18.0.1/32 proposal=FreePeerX sa-dst-address=67.192.240.110 sa-src-address=70.239.117.128 src-address=198.18.0.28/32 tunnel=yes
GRE Tunnel
/interface gre add !keepalive local-address=198.18.0.28 name=tun199 remote-address=198.18.0.1
IP Addressing
/ip address add address=198.18.0.28 interface=loopback199 network=198.18.0.28
/ip address add address=198.18.100.158/30 interface=tun199 network=198.18.100.156
Thanks