URGENT IPSEC problems

Hi –

We have deployed RouterOS 3.28 – a fairly basic setup on a routed network – no NAT involved.

Internet → Backbone provider → Our RouterOS box → routed client networks

Using real IP everywhere. RouterOS box has replaced a previous OpenBSD box used as a router.

When anyone outside on the Internet tries to establish an IPSEC connection to anything on the routed networks, the IPSEC fails. If anyone on the routed networks tries to establish an IPSEC connection to anything on the Internet it fails as well…

Nothing is being firewalled at the RouterOS level but we are unable to establish VPN connections through the RouterOS box.

If we pull the RouterOS box and put the OpenBSD box back in place the IPSEC VPNs come right back up…So there appears to be something on the RouterOS side of things that is interfering with the IPSEC connections.

Does anyone have any ideas? This is an urgent situation for us and we’re trying to get it working ASAP…

To be clear – we are NOT using the RouterOS IPSEC capabilities…

Thoughts? Ideas? Solutions?

Thanks,

Quark

probably misconfigured something. Show your configuration

It wasn’t a misconfiguration – Apparently the default configuration in RouterOS isn’t to pass ALL traffic like most routers usually do…I had to set explicit rules to allow IPSEC protocols through…

If you are talking about firewall, then by default nothing is blocked. If Ipsec protocols were blocked, then you have some drop rules in your firewall.

Using 3.28, there were NO drop rules. Once I added two allow rules for the two IPSEC protocol items, the problems went away.

Hi, we also have the same problem.
We have a RB-1000 as Border Router to the Internet.
Behind the RB-1000 is a Sonic-Wall. The Sonic Wall create a IPSEC Tunnel to another System over the Internet. In Version 3.28 the Tunnel failed.
When i install Version 3.23 the tunnel comes up.
Is this a Bug in 3.28? The Firewall Rules are all the same!
Servus, experde