Hi,
I’ve configured an IPSec tunnel between 2 sites with Mikrotik and Linux OpenSwan 2.6 .
The network diagram is this:
(LAN) 192.168.15.0/24 ----- 192.168.15.254 (MikroTik) xxx.xxx.xxx.xxx ================= yyy.yyy.yyy.yyy (OpenSWan 2.6) 192.168.2.254 ------ 192.168.2.0/24
Tunnel is working good and from network 192.168.2.0/24 I can ping MikroTik remote private ip address 192.168.2.254 . So tunnel is working good.
But if I try to ping from any host on network 192.168.2.0/24 to any remote host of Lan 192.168.15.0/24 (ex: 192.168.2.1 → 192.168.15.1) I cant reach him. Also I cant ping from any host in Lan 192.168.15.0/24 to Remote hosts in Lan 192.168.2.0/24.
The only way to ping it is to add a static route rule in the remote PC (192.168.15.1) to route traffic to network 192.168.2.0/24 to the Gateway 192.168.15.254 .
After adding this rule Im able to ping the remote host (ex: 192.168.2.1 → 192.168.15.1 ). Also Im able to ping from this host to any remote host on Lan 192.168.2.0/24 . (ex: 192.168.15.1 → 192.168.2.1).
I believe I need to add a routing rule in MikroTik but I cant find where.
I try to add it:
ip route add dst-address=192.168.2.0/24 gateway=ether2 pref-src=192.168.15.254
But didnt work
Also try:
ip route add dst-address=192.168.2.0/24 gateway=192.168.15.254
But it says in gateway unreachable
I dont want to add a static rule in all hosts in remote Lan 192.168.15.0/24 to be able to route the traffic for network 192.168.2.0/24, it should be done somewhere in MikroTik.
Anyone can help?
Thanks in advance.