Community discussions

 
AlanBrincat
just joined
Topic Author
Posts: 1
Joined: Mon Oct 30, 2017 12:12 pm

Mikrotik to Fortinet VPN using WiFi Interface

Mon Oct 30, 2017 12:19 pm

I have a Mikrotik RB951 series Wireless router and I am trying to setup an IPSEC VPN with a Fortigate Firewall. Whilst trying the configuration the Mikrotik continously crashes and I cannot test alot because of these interruptions. I managed to use WLAN 1 as the WAN interface and when I setup IPSEC all is ok until I configure the IPSEC Policy.

I am new to mikrotiks and first and foremost I would like to have a stable router on which to test. I have version 6.40.4. I was thinking of uninstalling some unwanted packages from it like mpls etc so that maybe could help. Anyone can help out about the stability issue or configuration ??
 
User avatar
horhay
newbie
Posts: 28
Joined: Sat Jun 20, 2015 7:19 pm
Location: Ontario, Canada
Contact:

Re: Mikrotik to Fortinet VPN using WiFi Interface

Mon Nov 06, 2017 1:12 pm

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc pfs-group=modp1536
add enc-algorithms=aes-128-cbc name=sha1-aes128-modp1536 pfs-group=modp1536

/ip ipsec peer
add address=1.1.1.1/32 dh-group=modp1536 dpd-maximum-failures=3 enc-algorithm=aes-128 \
    nat-traversal=no passive=yes secret=presharedkey send-initial-contact=no

/ip ipsec policy
set 0 disabled=yes
add dst-address=1.1.1.1/32 proposal=sha1-aes128-modp1536 src-address=2.2.2.2/32


/interface gre
add dont-fragment=inherit keepalive=10s,3 mtu=1428 name=gre-tunnel10 remote-address=\
    1.1.1.1

/ip address
add address=172.16.2.38/30 interface=gre-tunnel10 network=172.16.2.36

/ip firewall mangle
add action=change-mss chain=forward comment=MSS new-mss=1388 out-interface=gre-tunnel10 \
    passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=!0-1338
config system settings
    set allow-subnet-overlap enable


config vpn ipsec phase1-interface
    edit "TEST"
        set interface "wan"
        set peertype any
        set proposal aes128-sha1
        set dhgrp 5
        set nattraversal disable
        set remote-gw 2.2.2.2
        set psksecret presharedkey
    next
end
config vpn ipsec phase2-interface
    edit "TEST"
        set phase1name "TEST"
        set proposal aes128-sha1
        set dhgrp 5
        set auto-negotiate enable
        set encapsulation transport-mode
        set protocol 47
        set keylifeseconds 1800
    next
end
config system gre-tunnel
    edit "tunnel10"
        set interface "TEST"
        set remote-gw 2.2.2.2
        set local-gw 1.1.1.1
    next
end
config system interface
    edit "TEST"
        set vdom "root"
        set ip 1.1.1.1 255.255.255.255
        set type tunnel
        set remote-ip 2.2.2.2
        set interface "wan"
    next
end
config system interface
    edit "tunnel10"
        set vdom "root"
        set ip 172.16.2.37 255.255.255.255
        set allowaccess ping
        set type tunnel
        set tcp-mss 1388
        set remote-ip 172.16.2.38
        set mtu-override enable
        set mtu 1428
        set interface "TEST"
    next
end

Who is online

Users browsing this forum: No registered users and 32 guests