Community discussions

 
imperia
just joined
Topic Author
Posts: 14
Joined: Tue Sep 19, 2017 8:15 am

IPSEC IKEv2 setup cannot access LAN. Only can access router.

Sat Sep 23, 2017 9:43 pm

Hello,

I followed wiki instructions and made IPSEC IKEv2 VPN server. I can connect. I have internet and I can access router IP but I cannot access other LAN devices.
I tried putting IPSEC clients in same subnet and I tried different too. No luck. I guess I am missing some firewall rule.
Can somebody help with this issue please.

Thanks.
 
Revelation
Member
Member
Posts: 338
Joined: Fri Dec 25, 2015 5:59 am

Re: IPSEC IKEv2 setup cannot access LAN. Only can access router.

Sat Sep 23, 2017 11:05 pm

Without seeing how you have your VPN service configured and your existing FW rules and their order, we can only provide generalities.

You will want to ensure that you have a FW permitting the traffic from your VPN IPs to "talk" to your LAN IPs.
 
imperia
just joined
Topic Author
Posts: 14
Joined: Tue Sep 19, 2017 8:15 am

Re: IPSEC IKEv2 setup cannot access LAN. Only can access router.

Sun Sep 24, 2017 12:50 am

 0    chain=input action=accept protocol=icmp 
 1    chain=input action=accept connection-state=established 
 2    chain=input action=accept connection-state=related 
 3    chain=input action=accept in-interface=ether1 log=no log-prefix="" ipsec-policy=in,ipsec 
 4    chain=input action=accept protocol=udp in-interface=ether1 dst-port=500,4500 log=no log-prefix="" 
 5    chain=input action=accept protocol=ipsec-esp in-interface=ether1 log=no log-prefix="" 
 6    chain=input action=drop src-address-list=shodan in-interface=ether1 log=no log-prefix="" 
 7    chain=input action=drop src-address-list=facebook in-interface=ether1 log=no log-prefix="" 
 8    chain=input action=drop src-address-list=blacklist in-interface=ether1 log=yes log-prefix="" 
 9    chain=input action=drop in-interface=ether1 
these are my fw rules. my vpn IPs are same as local network 192.168.0.x or i tried also 192.168.1.x. same result. I only can connect to 192.168.0.1
 
User avatar
cyon
newbie
Posts: 30
Joined: Tue Apr 29, 2014 12:58 pm

Re: IPSEC IKEv2 setup cannot access LAN. Only can access router.

Tue Sep 03, 2019 11:15 am

Hi Imperia

Did you come right with this?
I can connect to the VPN and ping only the router but none of my services on the LAN.
 I love Mikrotik!

Who is online

Users browsing this forum: No registered users and 13 guests