Routing over IPSec on bonded DSL

Hello,
I’m having an issue, I can’t find an answer to, so I’m here posting it.

I have a Mikrotik 750 that is being used as a dual channel DSL bond. (two DSL modems running as one)
The device is also out client gateway to the net.

I’m trying to setup a IPSec connection between this site and another site.
I actually have the connection established as I can from site A ping anything at site B.

Site A = DFL 210 - 192.1.1.0/24
Site B = MikroTik 750 - 192.168.88.0/24

Site A and B have IPSec initiated and the connection shows up at both ends.

I can ping all LAN devices AT site B from site A using their IP addresses.
I can NOT ping anything AT site A from site B using any method.
It’s strange to me because I’ve done a similar thing before and there is no rhyme or reason why I can’t ping.

Does anyone on here have any knowledge of routing on the MikroTik to allow me to ping devices at site A?

thanks for any direction towards resolve.
JSOTech

Anyone know anything about routing?

HI


Try to do it with 1 line on dsl. And once that work try with 2. If it doesnt work the problem is with using 2 lines.

I hoped that can help a bit.

What is a DFL 210?

Also, you are unclear on the bonding. Is this vendor operated bonding so both DSL appear as a single interface? Or is this two separate DSL lines.


I’m not a big fan of the policy based ipsec in routeros. I would instead to transport mode between SiteA DSL1 ip and SiteB DSL1 ip, same with SiteA DSL2 ip and SiteB DSL2 ip, then do a tunnel of some sort, like an ipip or eoip. Then you can do standard routing across the tunnel interfaces.

I like IPIP tunnels over ipsec best, low overhead and you can specify the local and remote ip so you dont have to do any fancy routing for your wan interface.

oh, lost my train of though. EoIP tunnels can be used in a layer2 bond. You can do a bond-rr for increased capacity and auto failover.