Hello All, this is the client output when I try to stablish the tunnel.
config loaded for site '10.0.0.4'
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
remote id configured
pre-shared key configured
bringing up tunnel ...
negotiation timout occurred
tunnel disabled
detached from key daemon
By the way I’m trying to stablish the tunnel insite my LAN where the router RB2011 which has a DHCP server with the pool 192.168.0.0/24 is connected to other router which has a dhcp server with the next pool 10.0.04. So the router’s WAN interface has the IP 10.0.0.4 and the LAN interface 192.168.0.1
This is the router configuration:
/ip ipsec mode-config
add address-pool=poolIPv4 name=RW-cfg system-dns=yes
/ip ipsec policy group
add name=RoadWarrior
/ip ipsec policy
add dst-address=0.0.0.0 group=RoadWarrior src-address=192.168.0.0/24 template=yes
/ip ipsec user
add name=user1 password=123
add name=user2 password=234
/ip ipsec peer
add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-config=RW-cfg \
policy-template-group=RoadWarrior secret=123 passive=yes
/ip firewall filter
add chain=input comment=IPsec dst-port=500 protocol=udp
add chain=input protocol=ipsec-esp
add chain=input dst-port=4500 protocol=udp
/ip firewall mangle
add action=mark-packet chain=input dst-port=4500 new-packet-mark=vpn protocol=udp
add action=mark-packet chain=input new-packet-mark=vpn protocol=ipsec-esp
Why it’s not working? this is the configuration that I followed for the vpn client
https://wiki.mikrotik.com/wiki/IPSEC_between_Mikrotik_router_and_a_Shrew_client#Allow_only_encrypted_traffic
My doubt is what IPs should be in /ip ipsec peer regarding dst-address and src-address
I can see that there is connection
This is the vpn client
