Hi,
I have two mikrotik on my desk, where I tested ipsec connection between them. Below I past config of my two MT routers.
I would like send ping from network 1.1.2.0/24 to 1.1.1.0/24 and inversley.
MT1
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
add auth-algorithms=sha1 disabled=no enc-algorithms=des lifetime=23h name=aes128-sha1-23h pfs-group=modp1024
/ip ipsec peer
add address=192.168.1.89/32:500 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=disable-dpd dpd-maximum-failures=5 enc-algorithm=
aes-128 exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=secret
send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=1.1.2.0/24:any ipsec-protocols=esp level=require priority=0 proposal=aes128-sha1-23h protocol=all
sa-dst-address=192.168.1.89 sa-src-address=192.168.1.90 src-address=1.1.1.0/24:any tunnel=yes
MT2
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
add auth-algorithms=sha1 disabled=no enc-algorithms=des lifetime=23h name=aes128-sha1-23h pfs-group=modp1024
/ip ipsec peer
add address=192.168.1.90/32:500 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=disable-dpd dpd-maximum-failures=5 enc-algorithm=
aes-128 exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=secret
send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=1.1.1.0/24:any ipsec-protocols=esp level=require priority=0 proposal=aes128-sha1-23h protocol=all
sa-dst-address=192.168.1.90 sa-src-address=192.168.1.89 src-address=1.1.1.0/24:any tunnel=yes
This config not works, the tunnel not connected. Where is the problem? The both router have the same OS version 3.30.
For@ll
ipsec, pptp, eoip etc just mess up something sometimes.