Hi,
I am using ROS 6.38.5 and have a working RoadWarrior IPSEC with ModeConf.
https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_with_Mode_Conf
Do not forget to BYPASS FASTTRACK and ajust the Phase1 and Phase2 settings in ShrewClient to match your config!
It is also working with my Windows2008 NPS Radius server!
Routes are beeing pushed as they should but DNS is not.
If I put SystemDNS then the DNS is pushed (ipconfig /all) but nslookup is showing my local DNS
If I set a static DNS it is not pushed to the client at all (not even listed in ipconfig /all)
One more thing /bug:
If I export it in cli there is no Static DNS specifed (I can see it in Winbox!)
/ip ipsec mode-config
add address-pool=ipsec-RW name=RW-cfg split-include=192.168.30.0/24,172.33.0.0/24 system-dns=no
The client gets the static DNS but nslookup is still prefering the local DNS. Is this the Shrewclients fault?
Has anyone else had any probles with DNS in this setup?
Update1:
If I set it in CLI the DNS is applied but in Winbox it stays whatever you put there before or after. It seems that the GUI is not correctly transfered to Mikrotik settings (bug). I have filled a support ticket about that.
ShrewClient problem with local DNS server being preffered remains:
ip ipsec mode-config set RW-cfg static-dns=8.8.4.4
Update2:
DNS Preferenci is ShrewClients Fault! You have to change the metric of your local lan adapter (IPv4 and IPv6 - this is important) and then it is working.
Now if we could only push DNS suffix to the client I have an Inplace replacement for Cisco ASA 