I followed instructions from
http://wiki.mikrotik.com/wiki/IPSEC_between_Mikrotik_router_and_a_Shrew_client
Using the prerouting rules to tag IPSec packets. Nothing seems to get tagged and the counter for the prerouting rule is 0.
Any idea why the prerouting chain isn’t getting hit?
Sent from my SCH-I545 using Tapatalk 2
I have the same problem and I’m quite sure I have used that matching before.. so therefor i think they have change something in v6. Before you also had to allow ipsec traffic in input chain, but not anymore..
Have you found any solution or answer to this or do you have any other idea on how to match ipsec traffic?
Interesting.
Well, i would say depressing.. Why can’t MT give an answer or at least a pointer on how to identify ipsec traffic reliable. This thread discusses this quit a bit but most of it is really old and you should think that MT would have solved the vulnerabilites by now. Feels like using ipsec is a no go because of the fact that you open up your self for spoofing attacks.
http://forum.mikrotik.com/t/firewall-filter-on-ipsec-how-to-identify-the-ipsec-intrfce/54082/1