VPN IPSec

Hi folks,

I have been with Mikrotik for a short time and I have a problem that I cannot solve.
I have an IPsec VPN between 2 Mikrotik (Site1:192.168.50.0 and Site2:172.16.2.0). Everything seems to work perfectly; firewalls connect fine, ping between machines from both sites … etc

I have some connection problems. Some examples;

Example 1
I have a NAS at Site1 with port 22 open. I cannot connect from a Site2 PC through Putty. If the PC is in Site1 there are no problems

Example 2
At Site1 I have an ESXi with IP 192.168.50.100. I can ping it from Site2 but I cannot connect from Site2 through a PC web browser (https://192.168.50.100). If the PC is in Site1 there are no problems
I have other devices on Site1 that if I have access via https from Site2

If I connect to Site1 through an OVPN client I don’t have these problems

I appreciate any help you can give me.

Thanks and regards

I don’t understand what “firewalls connect fine” means.

When you say “pings between machines”, do you have in mind the two routers as “machines” or other devices in their LANs? I.e. can the Site2 PC, which cannot connect to the NAS using Putty, ping the NAS successfully?

OpenVPN uses virtual tunnel interfaces; IPsec, at least the implementation in current RouterOS, doesn’t. Hence the firewall rules may block the IPsec payload whilst they don’t block the OpenVPN one, as the payload traffic decapsulated from the IPsec transport packet inherits the in-interface from the transport packet, i.e. in your case, the WAN one.

If this hint is not sufficient, post the configuration export of both routers involved, following my automatic signature.