IPsec tunnel via 2nd ISP/WAN

Braddock · October 21, 2022, 9:37pm

Hi everyone.

I have a router setup with two WAN connections, one main connection “WAN1” (all traffic on “main” routing table has default route on WAN1), and “WAN2” to which only some specific traffic is routed (using “secondary” routing table which has default route on WAN2).
The method I use to route traffic to WAN2 is by marking connections which need to go to WAN2, and then route-mark the connection-marked traffic to “secondary” routing table.
I have several IPsec tunnels running, which all use WAN1 for communication with peers.

What I want is to establish another IPsec tunnel which uses WAN2 interface for communication.

Is this even possible?

I read somewhere on this forum (can’t remember the topic) that IPsec traffic uses “main” routing table, and that this behavior cannot be changed.

smyers119 · October 21, 2022, 10:56pm

Please make sure search current help documents so your not asking questions already answered.

https://help.mikrotik.com/docs/display/ROS/IPsec#IPsec-Manuallyspecifyinglocal-addressparameterunderPeerconfiguration

Braddock · October 21, 2022, 11:08pm

Thank you very much

Braddock · October 22, 2022, 3:02pm

OK, I just tried to set up the IPsec link according to https://help.mikrotik.com/docs/display/ROS/IPsec#IPsec-Manuallyspecifyinglocal-addressparameterunderPeerconfiguration

IPsec link works fine when using “main” routing table and primary WAN.
Then, I set up NAT bypass and mangle rules and modified IPsec peer to use second WAN IP.
Phase 1 gets established, then under policies “PH2 state” I get “msg 1 sent”, and after approx. 30 seconds “no phase 2”.

I get no errors in the log.

Any ideas?

Braddock · October 22, 2022, 3:48pm

Ignore my previous post. I made a stupid typo.
Everything works fine.