As the title says, I’ve configured IPsec with the “Road Warrior setup with Mode Conf” guide (https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf) and I can successfully connect devices to it and browse the internet. However, I don’t seem to be able to access devices that are one the router’s local lan.
Here are my IPsec configs:
mode-config print
1 name=“cfg1” system-dns=no static-dns=9.9.9.9,149.112.112.112 address-pool=VPN address-prefix-length=24 split-include=192.168.2.0/24
peer print
0 R address=0.0.0.0/0 passive=yes auth-method=pre-shared-key-xauth secret=“primeraemerda” generate-policy=port-strict policy-template-group=xauth exchange-mode=aggressive mode-config=cfg1 send-initial-contact=yes nat-traversal=yes my-id=key-id:vpnusers proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-128,3des dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5
policy print
0 T group=xauth src-address=192.168.2.0/24 dst-address=192.168.3.0/24 protocol=all proposal=default template=yes
1 T group=xauth src-address=0.0.0.0/0 dst-address=192.168.3.0/24 protocol=all proposal=default template=yes
And the firewall rules related to IPsec:
3 chain=input action=accept protocol=udp in-interface=ether1 dst-port=1701,500,4500 log=no log-prefix=“”
4 chain=input action=accept protocol=ipsec-esp in-interface=ether1 log=no log-prefix=“”