Hello everybody! I have got a Mikrotik 951G router with IKEv2 remote VPN. Fasttrack is enabled. ICMP works fine, but i can not browsing accross the VPN.
I read about that this is because of the enabled Fasttrack. This is my firewall export now:
https://pastebin.com/MzWXQuiW?fbclid=IwAR0ktil-mU6JQj6WMFOknEWiBqY_UkGzG8VEAeuzZe_QDdRRSGFp7zt6qV0
So is there any firewall rule for IPSec exclude ?
Hey
I would suggest to copy your current config, and then reset to default configuration, and then only selectively add some rules. The default config is “compatible” with vpns, and I think will be the easiest route.
Depending on your rules, you’ll need to add the LT2P interface to your list of allowed interfaces.
L2TP ? But i use IKEv2 now
Sorry, but does it create a dynamic interface? I’ve not used IKEv2.
No, it does not. I know the L2TP, In case of L2TP RouterOS creates an interface, but in IKEv2 does not.
I will give it a try today, with my old 750GL. Thank you for the hint.
So the firewall rule is the following, i did not know this:
ip firewall filter add chain= forward action=accept ipsec-policy=in,ipsec
ip firewall filter add chain=forward action=accept ipsec-policy=out,ipsec
We need to put these rules above the fasttrack rule: ip firewall filter add chain=forward chain=fasttrack-connection connection-state=established,related
I am not an expert, but i like to learn and get to know new things : )
So thank you for the hint again! Have a great day : )
If you need help to setup an IKEv2 server i can help you now : )
I have IKEv2 VPN server on my mikrotik for my iPhone. Apple recommend encryption for phase 1 & 2 to use sha256-CBC, but sometimes it is hard to negotiate and establish phase 1. However if I use 3des for phase 1, everything works perfect, I can roam 4G and wifi anywhere.
Anyone have this problem? Is sha256 in IKEv2 phase 1 bug?