Hello,
I have multiple gre-tunnels with ipsec secret enabled. In gre-tunnel i cannot select custom ipsec proposal.
I created custom IPsec Policy Template (priority#0) for Protocol:47 and custom proposal, but my gre-tunnels still use default proposal.
Why?
Because it doesn’t work as you think. Proposal is linked to policy and policy is linked to peer. Not the other way around. So what you created just sits there and does nothing, because automatically created peer won’t use it.
GRE’s IPSec option is just a handy shortcut, when you need simple config. If you need something more complex, you currently have to create whole IPSec config manually.
You are wrong.
Dynamic policies are generated from a template policy: http://forum.mikrotik.com/t/how-to-change-defaults-for-auto-generated-ipsec-policies/98874/1
Yes, they are generated from template, when you enable generate-policy in peer’s identity. But GRE’s automatic config doesn’t have that. It seems to simply add dynamic policy itself, with hardcoded proposal=default.