IPsec tunel - 3 MT

KucNT · January 22, 2025, 8:31am

Hi, all

I’m having a big problem configuring an IPSec Site to Site tunnel. I don’t know why, but I can’t configure the tunnel between the 2 MTs correctly, I went through more than a dozen instructions and nothing works as it should. I received information that MT I have some problems with this configuration. Please help me how to configure Mikrotik devices correctly. The diagram below

In my case there is a big problem with connecting 2 MT together. The ping works, but only one way, host A to Host B.

Please help Me guys.
MT Conf.png

BartoszP · January 22, 2025, 8:56am

Could you consider exporting your configurations to check what is already set?

panisk0 · January 22, 2025, 9:44am

probably a NAT problem

on office1
/ip ro add dst-address=192.168.10.0/24 gateway=172.10.20.1 pref-src=192.168.20.1
/ip fi na add action=accept chain=srcnat dst-address=192.168.10.0/24

on office2
/ip ro add dst-address=192.168.10.0/24 gateway=172.10.30.1 pref-src=192.168.30.1
/ip fi na add action=accept chain=srcnat dst-address=192.168.10.0/24

on hq
/ip ro add dst-address=192.168.20.0/24 gateway=172.10.10.1 pref-src=192.168.10.1
/ip ro add dst-address=192.168.30.0/24 gateway=172.10.10.1 pref-src=192.168.10.1
/ip fi na add action=accept chain=srcnat dst-address=192.168.20.0/24
/ip fi na add action=accept chain=srcnat dst-address=192.168.30.0/24

KucNT · February 6, 2025, 8:00am

Bartosz
Masz gdzieś takowe rozwiązanie działające poprawnie łączące 3 lub więcej MT na stałych IP?
Interesuje minie site to site, muszę spiąć oddziały aby pracować na RDP w kilka osób z jednej lokalizacji.

VPN z IP stałego nie działa Windows RDP traktuje 2 różne PC jak jeden (jedna sesja), przez co tylko jeden PC ma dostęp.

“udało się spiąć” połączenie między MT, ale nie mogę puścić pinga w 2 kireunkach PC office ↔ HQ

Bartosz
Do you have such solution that works properly connecting 3 or more MTs on fixed IPs?
I am interested in site to site, I need to connect branches so that RDP connection works properly, several people (PCs) from one location.

VPN from fixed IP does not work Windows RDP treats 2 different PCs as one (one session), making only one PC have access to RDP.

I established a connection, but the ping does not work in both directions PC office ↔ PC HQ

KucNT · February 6, 2025, 8:07am

Panisk0

I’ll check but I think I did it.
As I mentioned earlier (Bartosz Post) I am looking for someone who has implemented such a solution on MT and it works.

gkoleff · February 7, 2025, 12:46pm

Hi,
Take look at this wonderful video
https://www.youtube.com/watch?v=uVag_e475zc&t=1384s