IPsec VPN - Road Warrior setup with Mode Conf

raivan · July 24, 2015, 5:31pm

Hi,

I tried to configure a IPsec VPN for connecting my iOS devices remotely. I followed this manual:

http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf

Unfortunately I can’t get it working. Does somebody know if this manual is still working with current version of iOS or Mac OS?

Is there any additional firewall rule necessary which is not mentioned in this paragraph?

Basically I configured this:

/ip pool
add name=ipsec-RW ranges=192.168.77.2-192.168.77.254

/ip ipsec mode-config
add address-pool=ipsec-RW name=RW-cfg split-include=\
    10.5.8.0/24,192.168.55.0/24

/ip ipsec policy group
add name=RoadWarrior

/ip ipsec policy
add dst-address=192.168.77.0/24 group=RoadWarrior src-address=192.168.xxx.0/24 \
    template=yes

/ip ipsec user
add name=user1 password=123
add name=user2 password=234

/ip ipsec peer
add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-config=RW-cfg \
    policy-group=RoadWarrior secret=123 passive=yes

/ip ipsec proposal
set default enc-algorithms=aes-128-cbc,aes-256-cbc lifetime=8h \
    pfs-group=none

Thank you!

Nollitik · July 26, 2015, 3:06am

I noticed you didn’t allow IPsec in firewall:
/ip firewall filter
add chain=input comment=established,related connection-state=
established,related in-interface=WAN
add chain=input comment=ESP disabled=yes in-interface=WAN protocol=ipsec-esp
add chain=input comment=“UDP 500,4500” disabled=yes dst-port=500,4500
in-interface=WAN protocol=udp src-port=500,4500

raivan · August 14, 2015, 6:52pm

OK, thanks, I’ll give it a try!