Routing between two IPSec Tunnels

Argon · April 11, 2014, 10:22am

I have a setup like this

Network 1 Network 2 Network 3

RB750GL is in network 2.

I can communicate between Net 1 and Net 2, Net 2 and Net 3.

But no communication between Net 1 and Net 3?

Is it possible to crate policies for communication between 1 and 3?

I’ve tried to enable Generate Policy feture in IPsec Peers options. After some delay it creates very interesting rules like src:net1 dst=net3, sa src=mikrotik, sa dst=net1 gw. The traffic from Net 1 to Net 3 begins to flow for some time. But traffic Net 1 and Net 2, Net 2 and Net 3 stops to flow. After some time, all traffic stops to flow.

What should I do to make all traffic directions possible?

efaden · April 11, 2014, 12:27pm

I don’t believe so. On RouterOS IPSec tunnels are not routable. You would have to use a IPIP/GRE/EOIP etc over IPSec setup.

andriys · April 11, 2014, 1:01pm

Yes, it’s possible.

Don’t use “Generate policy” option here, it is not needed in your case.

I remember myself replying to a similar question some time ago. Have a look at this thread, it contains a working example of what you’re asking for.

Argon · April 11, 2014, 3:37pm

Thanks a lot, it really works! You made my day! Also a had to set ‘level=unique’ instead of ‘require’ to make it work.

efaden · April 11, 2014, 4:11pm

Thats actually really good to know…