Okay so I’m currently trying to make our Network accessible through the use of the Shrew soft VPN client.
So that anyone should be able to use the Shewsoft client, from any PC, to connect to our network.
But as I’m still just a beginner in this networking business I’m seemingly missing something.
And so far I have managed to successfully use the shrewsoft client to enable a tunnel with our Mikrotik router. But even tho both sides tell me the tunnel is established I can’t ping anything from either side.
Local network = 192.168.0.0/24
IP Filter Rules
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 ;;; default configuration
chain=input action=accept protocol=icmp log=no log-prefix=""
2 ;;; default configuration
chain=input action=accept connection-state=established,related log=no
log-prefix=""
3 XI ;;; Router Access from extern
chain=input action=accept protocol=tcp dst-port=80 log=no log-prefix=""
4 chain=input action=accept protocol=tcp dst-port=8291 log=no
5 ;;; allow l2tp
chain=input action=accept protocol=udp dst-port=1701
6 ;;; IPsec + Shrew Soft
chain=input action=accept protocol=tcp dst-port=500 log=no log-prefix=""
7 chain=input action=accept protocol=udp dst-port=500 log=no log-prefix=""
8 chain=input action=accept protocol=udp dst-port=4500 log=no log-prefix=""
9 ;;; allow pptp
chain=input action=accept protocol=tcp dst-port=1723
10 ;;; allow sstp
chain=input action=accept protocol=tcp dst-port=443
11 ;;; default configuration
chain=input action=drop in-interface=ether1-gateway log=no log-prefix=""
12 ;;; default configuration
chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""
13 ;;; default configuration
chain=forward action=accept connection-state=established,related log=no
log-prefix=""
14 ;;; default configuration
chain=forward action=drop connection-state=invalid log=no log-prefix=""
15 ;;; default configuration
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=ether1-gateway log=no
log-prefix=""
NAT Setting
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway log=no
log-prefix=""
IPSec Peer
0 address=0.0.0.0/0 auth-method=pre-shared-key secret="Password"
generate-policy=port-override policy-template-group=default
exchange-mode=main send-initial-contact=yes nat-traversal=yes
proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-128,3des
dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5
As for Shewsoft, i basically copied the configuration from http://wiki.mikrotik.com/wiki/IPSEC_between_Mikrotik_router_and_a_Shrew_client and only changed the Host IP and the Policy Network address.
Tried it with and without nat traversal
So what do I have to do, to actually make those to networks commentate?
Any help would be appreciated!
Thx