IPSec

LifeGame · October 10, 2022, 8:59am

Hi ..
Mikrotik LAN : 10.10.5.1/24
Mikrotik WAN : Static

IPSec Policy
Source Address : 10.10.5.0/24
Dest. Address : 0.0.0.0/0

With this policy ipsec works as i want. I can route traffic with nat policy..

When ipsec policy enable;

I cant connect mikrotik from 10.10.5.1.. i need to use mac adress for connection.
Mikrotik DNS server is not working.

When I disable ipsec policy, everything goes back to normal… As far as I understand, my problem is 0.0.0.0 in ipsec policy. But i need this for routing.

How can i fix this ?

Sob · October 10, 2022, 12:49pm

You need to exclude this traffic, add another policy before existing one, with both src and dst 10.10.5.0/24 and action set to none.

LifeGame · October 10, 2022, 1:01pm

You are king !!!

/ip ipsec policy
add action=none dst-address=10.10.5.0/24 src-address=10.10.5.0/24
add dst-address=0.0.0.0/0 level=unique peer=onurgroup proposal=IPSec_Crypto
src-address=10.10.5.0/24 tunnel=yes

/ip firewall nat
add action=accept chain=srcnat disabled=yes dst-address=0.0.0.0/0
src-address=10.10.5.0/24
add action=masquerade chain=srcnat out-interface-list=WAN