Hi there,
I’m trying to get IPSec working between my RB450 and my linux VPN concentrator running OpenS/WAN.
It almost works. I’m doing it policy based, as I only want to tunnel private ip adresses. I’ve made two policies, one matching src 10.1.3.64/27 (my lan ip) dst 10.0.0.0/8 and one matching src 10.1.3.64/27 dst 172.16.0.0/12.
What is working:
The basic ipsec stuff is working. If I generate traffic from my router towards an ip address matched by the 10.0.0.0/8 policy it works.
It also works if I flush my installed SA’s, wait a little and ping something matched by the 172.16.0.0/12 policy.
So basically each policy work, just not at the same time.
I can see if I do a /ip ipsec policy print that the policy not working is declared invalid.
Has anyone ever tried this before, and is anybody able to help me out?