Issues with IPSec scenario

NTXsp · August 12, 2023, 5:57pm

Hi all!

According to this scheme, from the Mikrotik CHR I reach the remote LAN correctly, always, but from the SRV1 and SRV2 servers (virtual machines on an ESXi) sometimes it works and sometimes it doesn’t. Doing a traceroute from the servers I see that sometimes it tries to find the route through 192.168.27.1 instead of 192.168.27.254. It usually works by rebooting the server’s NIC adapter until it fails again. Is IPsec incompatible with this scenario? Could something be done to fix it?

Kentzo · August 12, 2023, 6:17pm

Need to see routing tables.

NTXsp · August 12, 2023, 6:30pm

on CHR only default route 0.0.0.0/0 to 192.168.27.1, and 192.168.27.0/24 (direct connect)

Kentzo · August 12, 2023, 6:34pm

What routes do srv machines learn? What is the route table on rb4011? Compare when it works vs when it doesn’t.

Other than IPsec being down, I do not see what else but a problematic routing tables to avert the traffic.