OSPF and IPSec tunnels

wa4zlw · January 13, 2013, 2:08am

Hi there

I’ve got OSPF running and it seems to be ok but we have an IPSec tunnel to a friends house which terminates on a fortinet firewall and we can’t get OSPF working.
I do have OSPF working over a PPTP link to another mikrotik and two mikrotiks in the house. all in same area.

any ideas?

Thanks Leon

faisali · January 19, 2013, 10:02pm

Speaking in general..

What do you want to accomplish by running OSPF to the Fortinet via IPSec Tunnel ?

When running dynamic protocols in a tunnel, one has to pay attention to a few key items.

You have to setup the External Routing as static, so that when you activate the dynamic routing protocol, the external routes don’t get overridden by the routes being exchanged via the dynamic routes.
If you have a multi-homed connection, you need to have a mechanism to make sure packets entering the router via one interface go back out via the same interface / connection.

Of course there is more to it ..
so back to the first question.. What are you trying to accomplish ?

nz_monkey · January 20, 2013, 4:13am

You need to run GRE over IPSEC to the Fortigate. This is CLI only on the FortiGate.

Normally you would just run VTI but Mikrotik do not support it

I have been lobbying Mikrotik for 5 years now to get them to add VTI support to their IPSEC implementation, so far with no success (Hi Janis). Maybe one day…

mrz · January 24, 2013, 4:48pm

You can run IPIP tunnel over ipsec and set OSPF on IPIP.