/ip ipsec peer> print
0 address=0.0.0.0/0 local-address=0.0.0.0 passive=yes port=500 auth-method=rsa-signature
certificate=limbo-ipsec remote-certificate=sip-ipsec generate-policy=no exchange-mode=main
send-initial-contact=no nat-traversal=yes proposal-check=obey hash-algorithm=sha1
enc-algorithm=aes-128 dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m
dpd-maximum-failures=5
/ip ipsec policy> print
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes
1 src-address=0.0.0.0/0 src-port=any dst-address=192.168.35.0/24 dst-port=any protocol=all
action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=195.90.80.70
sa-dst-address=37.107.11.12 proposal=default priority=2
ipsec,debug no policy found: 0.0.0.0/0[0] 192.168.35.0/24[0] proto=any dir=in
Though, generated policy works pretty well:
/ip ipsec peer> print
0 address=0.0.0.0/0 local-address=0.0.0.0 passive=yes port=500 auth-method=rsa-signature
certificate=limbo-ipsec remote-certificate=sip-ipsec generate-policy=port-strict
exchange-mode=main send-initial-contact=no nat-traversal=yes proposal-check=obey
hash-algorithm=sha1 enc-algorithm=aes-128 dh-group=modp1024 lifetime=1d lifebytes=0
dpd-interval=2m dpd-maximum-failures=5
/ip ipsec policy> print
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes
1 src-address=0.0.0.0/0 src-port=any dst-address=192.168.35.0/24 dst-port=any protocol=all
action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=195.90.80.70
sa-dst-address=37.107.11.12 proposal=default priority=2
2 D src-address=0.0.0.0/0 src-port=any dst-address=192.168.35.0/24 dst-port=any protocol=all
action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=195.90.80.70
sa-dst-address=37.107.11.12 priority=2
Why it can’t find policy 1 in case of ‘generate-policy=no’ though it generates exactly same policy?