Hi all.
Now I already know how to configure Windows clients to work with Mikrotik’s IPSec VPN. Is there a possibility to work with client’s with dynamic IP adresses?
Thanks in advance,
Dmitri.
Yes, you can use generate-policy setting under /ip ipsec peer submenu. For more information, refer to:
http://www.mikrotik.com/docs/ros/2.8/ip/ipsec.main.3
Eugene
Thanks.
And also what to do, if default forward policy is DROP? How to allow encrypted packets to pass to/out of the LAN?
Enable UDP port 500 and IP protocols 50 and 51 (not TCP/UDP ports but protocols)
I mean that Mikrotik and Windows’s client has build the tunnel, router has created th dynamic policy, but the forward chain of the firewall has a default policy - DROP. I cant add the rules to the firewall that allow communication between IPSec roadwarior because his adress is unknown. Is there a possibility to pass the packets from an to IPSec’s client independetly his IP?
There is a problem with Mikrotik’s IPSec realization (or I can not understand somewhat).
I’v made an IPSec configuration to acept connections from dynamic IP addresses and it works, but what to di with the filters?
I mean I can’t open forwarding for all possible client’s ips because I just don;t know them, default forward policy is DROP, so what to do, how to allow IPSec clients intaract with the LAN?