Hello group!
I am a new RouterOS user, and I’ve inherented a mess that I am unable to resolve.
I have two routers that are unable to establish a connection: 6.44(Mauá) and 6.43(ceclim). I’ve successfully created vpn tunnels between Maua and Draytek routers at three other sites. Can someone help me with the configuration? I feel it might be a routing issue
Take a moment, read your post and imagine yourself as someone else who wants to help you. There isn’t much to work with, is it?
Hey. Why you think so?
Hello.
I apologize for the lack of information. I will try to explain - if I’m missing anything, please let me know.
Mauá has vpn connections to three other remote sites via IPSEC. These three sites use DrayTec routers, and I’ve configured a script (Mauá side, obviously) to auto resolve the external IP address when it changes. Ceclin and Mauá both have Static IP addresses- but for no reason, the connection failed and hasn’t reconnected. No one onsite has moved anything, the ISP says they didn’t close the ports… so I’m lost as to why. I’m also unable to access ceclim remotely via Winbox AND Dyndns address.
I deleted / readded the configurations on both routers, and it’s still not connecting. Error log: phase 1 negotiation failed due to time out.
Ceclim and maua are both MikroTik, just different versions. I configured them side by side, to match configurations.
Is there any other relevant information I should add? As I mentioned, I’m new to this position
Do you mean only from this other router, or from anywhere? If only from this one, then it could have something to do with routing. I’d start with simple traceroute, to make sure that it goes where it should. Other than that (if routing is correct), packets could be either blocked by firewall on target router or on the way between them. You can use packet sniffer to see what’s coming in. If you see your packets, then check firewall. If not, someone else must be blocking them.
I can only access Ceclin site from the LAN side - all WAN attempts are unsuccessful. ISP techs came to confirm the modem is in bridge mode… so ports shouldnt be an issue.
Today, slightly separate issue, I noticed that I can no longer ping from MAUA to any other site… even tho the IPSEC proposals say established. What would be a good print out to show my running config?
Thanks,
What IP address do you get from your ISP? Is it from private range or global? Or from 100.64.0.0/12? And yeah can you simply ping another router? Or can you ping yourself from other side?
I was told that it was a private range… I restarted the router, and now it has a totally different External address. MAUA has three ISP… ViVo, NET, and American. I believe that when the router restarted, it switched to NET and recieved a different IP. I reconnected to the other three sites with the new IP address, and IPSEC tunnel
I can’t ping from MAUA to any other site… but I can ping to MAUA from all sites (except ceclim)