Hey guys,
I have been having trouble the past few days trying to setup an ipsec vpn to a remote location, somebody might be able to point me in the right direction.
I can get the ipsec connection to establish on phase2 and can ping the remote server from the mikrotik device itself but not from my pc cmd prompt using ping.
Setup
IPSEC is setup on an CPE SXT Lite5 ac (mipsbe),
Static public IP address on the pppoe-out1 interface
Dhcp network is 192.168.0.0/24 running on ether1
My PC is on the ether1 and is direct into the CPE itself.
Internet works fine until I enable the IPSEC VPN and then I have no connection.
I can disable default route 0.0.0.0/0 gateway pppoe-out1 and the IPSEC connection will still establish and I can ping remote server still on the CPE but not on the PC.
As I added the gateway route to the remote server.
Is there a rule that is missing to route the traffic out the tunnel on the ether1 ?
Router firewall rules
Package version is V6.42.4
/ip firewall filter
add action=accept chain=forward ipsec-policy=in,ipsec
add chain=input comment="IPSec ISAKMP" dst-port=500 protocol=udp
add chain=input comment="IPSec ESP" protocol=ipsec-esp
add chain=input comment="IPSec NAT-T" dst-port=4500 protocol=udp
add chain=input comment="IPSec L2TP" dst-port=1701 protocol=udp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="Allow WinBox" dst-port=8291 protocol= tcp
add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=pppoe-out1 log=yes
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log=yes
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=pppoe-out1
add action=accept chain=input comment="Allow DNS for trusted network" dst-port=53 protocol=udp src-address=192.168.0.0/24
add action=accept chain=input comment="Allow DNS for trusted network" dst-port=53 protocol=tcp src-address=192.168.0.0/24
add action=accept chain=input comment="Allow local network" src-address=192.168.0.0/24
add action=drop chain=input connection-state=new dst-port=53 in-interface=pppoe-out1 protocol=udp
add action=drop chain=input connection-state=new dst-port=53 in-interface=pppoe-out1 protocol=tcp
/ip firewall nat
add action=accept chain=srcnat protocol=udp src-port=500,4500 place-before=0
add action=masquerade chain=srcnat out-interface=pppoe-out1
Thanks in advance