I’m trying to set up a basic IPSec VPN between 2 metarouters and it does not work with MODE-CFG/XAUTH/Generate Policy (Road Warrior setup with Mode Conf)
I saw some reports of this problem on the forum. Did anyone experience the same problem?
I followed the steps described on http://wiki.mikrotik.com/wiki/Manual:IP/IPsec (Road Warrior setup with Mode Conf)
Config
Router 1 (Office) (the /ip ipsec user config is done, just didn’t get exported)
[admin@mr-office] > export
jan/02/1970 00:14:41 by RouterOS 6.5
software id = 1QEK-D04N
/interface ethernet
set 0 name=ether1
set 1 name=ether2
set 2 name=ether3
/ip ipsec policy group
add name=RoadWarrior
/ip pool
add name=ipsec-RW ranges=192.168.55.2-192.168.55.254
/ip ipsec mode-cfg
add address-pool=ipsec-RW name=RW-cfg split-include=10.5.8.0/24,192.168.55.0/24
/ip address
add address=2.2.2.2/24 interface=ether1 network=2.2.2.0
add address=192.168.55.1/24 interface=ether2 network=192.168.55.0
add address=10.5.8.1/24 interface=ether3 network=10.5.8.0
/ip ipsec peer
add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-cfg=RW-cfg passive=
yes policy-group=RoadWarrior secret=123
/ip ipsec policy
add dst-address=192.168.55.0/24 group=RoadWarrior src-address=10.5.8.0/24 template=yes
add dst-address=192.168.55.0/24 group=RoadWarrior src-address=192.168.55.0/24 template=
yes
/system identity
set name=mr-office
Router 2 - Branch
[admin@mr-branch] > export
jan/02/1970 00:22:40 by RouterOS 6.5
software id = 1QEK-D04N
/interface ethernet
set 0 name=ether1
add address=2.2.2.254/24 interface=ether1 network=2.2.2.0
/ip ipsec peer
add address=2.2.2.2/32 auth-method=pre-shared-key-xauth generate-policy=port-strict
secret=123 xauth-login=user1 xauth-password=123
/system identity
set name=mr-branch