I have one problem.
I have 2 locations and 2 MT routers both on 5.18 version of ROS.
One location has static, other dynamic ip. So i made peer with generate policy enabled. But now weird thing is, tunnel is connected but policy is bad (at router with static ip which has generate policy enabled)… for instance src local ip has a src external address of other location.
Example lan1 192.168.0.0/24 with external ip 10.1.1.1 and lan2 192.168.1.0/24 with external ip 10.2.2.2. Policy is like this: source address is lan1 but source external address is 10.2.2.2 (wan2) and vice versa for destination and ofc traffic is not passing.
Create an L2TP or PPTP tunnel and use the tunnel to create your IPSec tunnel. The IPs of your tunnel will never change and you can create static policies.
Thanks for answer.
But that is not solution to my problem. That is just way around it. In the end ill use something like that, but what i want to know why is something that is possible not working. I used much worse routers then mikrotik and on all ipsec with 1 dynamic worked perfect. I would like to use the option that is available to me if possible.
That said, if anyone has any idea what can be solution to this, please say it so.
What i was able to found is that, when i switch policy on dynamic ip , that src local is of one router and src wan is of other, then the static one makes correct policy. So i think this is a bug that mikrotik should be able to fix. Its just the way it generates policy.
I hope this bug is reported, if not ill report it now.