Problem with GRE tunnel

RouterOS General
1

Hi all. I have a trouble with GRE tunnel. I set up this settings on my Mikrotik routes in two sites.
Both tunnels are up. From both routers i can ping another site LAN addresses. From PC in any LAN i can ping both loopback interfaces.
But from PC in LAN1 i cant ping any address in LAN2, same in other side. When i try to use bridge interface, or set ip of my router, in Mikrotik ping tool
and ping another LAN ips i get fails.
All firewall rules are disabled. Port 2-5 mikrotik ports in bridge mode
Please help.

Best Regards.

Site 1
LAN 192.168.101.0/24 GW 192.168.101.1

/interface gre add name=Office2-to-Home remote-address=95.95.95.95 local-address=21.21.21.21

/ip address add address=10.10.2.1/30 interface=Office2-to-Home

/ip route add dst-address=192.168.100.0/24 gateway=10.10.2.2

/ip firewall nat print
0 chain=srcnat action=accept src-address=192.168.101.0/24 dst-address=192.168.100.0/24 log=no log-prefix=""

1 chain=srcnat action=accept src-address=192.168.101.0/24 dst-address=192.168.88.0/24 log=no log-prefix=""

2 chain=srcnat action=accept src-address=192.168.101.0/24 dst-address=192.168.103.0/24 log=no log-prefix=""

3 chain=srcnat action=accept src-address=192.168.101.0/24 dst-address=192.168.200.0/24 log=no log-prefix=""

4 ;;; default configuration
chain=srcnat action=masquerade out-interface=WAN log=no log-prefix=""

5 ;;; Redirect TCP Guest Wi-Fi to Web Proxy
chain=dstnat action=redirect to-ports=3128 protocol=tcp src-address=192.168.102.0/26 dst-address=!192.168.102.0/26 log=no log-prefix=""

6 ;;; Redirect UDP Guest Wi-Fi to Web Proxy
chain=dstnat action=redirect to-ports=3128 protocol=udp src-address=192.168.102.0/26 dst-address=!192.168.102.0/26 log=no log-prefix=""

Site 2
LAN 192.168.100.0/24 GW 192.168.100.1

/interface gre add name=Office2-to-Home remote-address=21.21.21.21 local-address=95.95.95.95

/ip address add address=10.10.2.2/30 interface=Office2-to-Home

/ip route add dst-address=192.168.101.0/24 gateway=10.10.2.1

/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept src-address=192.168.100.0/24 dst-address=192.168.88.0/24 log=no log-prefix=""

1 chain=srcnat action=accept src-address=192.168.100.0/24 dst-address=192.168.101.0/24 log=no log-prefix=""

2 chain=srcnat action=accept src-address=192.168.100.0/24 dst-address=192.168.200.0/24 log=no log-prefix=""

3 ;;; default configuration
chain=srcnat action=masquerade out-interface=WAN log=no log-prefix=""

4 chain=srcnat action=masquerade out-interface=Beeline log=no log-prefix=""

Traceroute from Mikrotik 192.168.101.1
traceroute 192.168.100.246 count=4 protocol=icmp size=64

ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS

1 10.10.2.2 0% 4 2.5ms 2.9 2.5 3.4 0.4
2 192.168.100.246 0% 4 5.4ms 17.1 3.7 49.9 19.1

Traceroute from Windows PC Lan1 (ип клиента 192.168.101.243)
Tracing route to 192.168.100.246 over a maximum of 30 hops
2 * * * Request timed out.
3 * * * Request timed out.

2

Hello,

It’s looks like a drop rule in forward.

Please past your filter rules in order to help you.

3

Do you mean firewall rules? When i test connection between Site1 and Site 2 LAN i turn off all firewall rules and i have nothing in mangle section

4

Problem Was solved. Trouble was in IPsec encription policies between two LAN subnets that i forgot turn off. Change IPsec tunnels to GRE

5

BH Could u plz tell me how u solve this IP sec encryption problem share with me its a request