I need to learn to setup vpn tunnels to my Linksys RV016’s with Mikrotiks , with the end game being the removal of the LinkSys’ .
Here are two screenshots of the VPN setup in a LinkSys RV016. The local being the Linksys and the Mikrotik being the remote.
I am lost setting up the microtik’s IPSEC and dst ,src ip’s exterior and interior in the winbox interface. I have a working WAN Lan Mikrotik setup with the correct WAN address and LAN setup with the correct addy’s, working.
Getting them to tunnel , since it is not a simple menu like the LinkSys.
A basic setup to match these screenshots only reversed i quess, is what i need, only in Mikrotik speak. LOL.
I have 14 tunnels on each linksys to 14 other linksys. If I learn here, I can get them swapped out.
Thanks in advance, I am trying but missing something , for sure.
The below should hopefully work for you. You’ll have to at least adjust the public IP addresses as the middle two octets were blanked out.
In the below the IPsec proposal is roughly equivalent to the parameters in your phase 2 configuration (modp768 is DH group 1). The peer gets the authentication method and pre-shared key together with the phase 1 configuration, as well as parameters such as DPD. Peers can automatically generate policies, but those will blanket all traffic, so automatic policy generation is turned off and a manual policy for traffic between 192.168.18.0/24 (as a destination behind the Linksys) and 192.168.17.0/24 (as a source behind the RB493) is configured to be protected via the tunnel, equivalent to your local and remote group setups. The Linksys doesn’t show if it’s going to use ESP transport or tunnel mode, that’s configured in the policy (tunnel=yes, if set to no or unchecked in the GUI it’ll use transport mode instead).
You can paste the configuration in by clicking on the “New Terminal” button, and then visually inspect the resulting configuration via Winbox in IP > IPSec - it’s just much easier to post text based configuration here than to take screenshots.
If that does not work, turn on on detailed logging (System > Logging > Rules > Add > Topics: ipsec, Action: memory) and watch the logs to debug, if you do post back here please include the logs as they make troubleshooting much simpler.
Edit: It might be nicer to not edit the default IPSec proposal but to create a new one instead, you can then link it to the policy (proposal=ProposalName). If you’re just going to have one tunnel per RB or if all tunnels will use the same phase 2 settings the default one will work fine, though.
I had the same situation, I am successful to create a tunnel using the settings shared, Now the concern is that i am able to ping network from subnet behind linksys to the subnet behind mikrotik however not other way around, Is there some settings that i need to share to enable that
