Hi all,
I am having a problem that I couldn’t fix regardless how many guides I have read, I have 2 sites with similar setup, in both sites the mikrotik R750GL resides behind an FTTH modem/router which in turn gets a public dynamic IP from ISP and then there is a LAN behind the mikrotik. I am trying to setup an IPsec tunnel between the 2 mikrotik. I have made my own scripts to get the IP address of the remote site using an online DDNS service. I want to be able to connect from PC A (10.0.1.10) to PC B (10.0.2.10) and vice versa
here is my setup on site A:
IPsec peer
Flags: X - disabled
0 address=BB.BB.BB.BB/32 port=500 auth-method=pre-shared-key secret="test" generate-policy=no
exchange-mode=main send-initial-contact=yes nat-traversal=yes my-id-user-fqdn="" proposal-check=obey
hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m
dpd-maximum-failures=5
IPsec policy
Flags: X - disabled, D - dynamic, I - inactive
0 src-address=10.0.1.0/24 src-port=any dst-address=10.0.2.0/24 dst-port=any protocol=all action=encrypt
level=require ipsec-protocols=esp tunnel=yes sa-src-address=AA.AA.AA.AA sa-dst-address=BB.BB.BB.BB
proposal=default priority=0
Site B has the same setup with ip addresses inverted.
please help me I am planning to make a full GUI guide to shoe the setup and publish it for everyone who has the same problem and couldn’t find a working guide, the best I could find has static IP on one side and dynamic on the other. this doesn’t work
