I want router B to be connected to router A:
- Encrypted connection (IPSEC) using certificates between routers.
- All users who connect to router B will get IP address from router A.
- All users that are connected to router B, their traffic will be routed through router A.
Router A
Code: Select all
/interface bridge add name=loopback
add address=10.22.22.1/24 interface=loopback network=10.22.22.0
/ip ipsec mode-config add address=10.22.22.2 name="My mc" split-include=10.22.22.1/32 system-dns=no
/ip ipsec policy group add name="My group"
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name="My profile"
/ip ipsec peer add exchange-mode=ike2 name="My server" passive=yes profile="My profile"
/ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name="My proposal" pfs-group=none
/ip ipsec identity add auth-method=digital-signature certificate="My server" generate-policy=port-strict mode-config="My mc" peer="My server" policy-template-group="My group" remote-id=ignore
/ip ipsec policy add comment="My policy" dst-address=10.22.22.2/32 group="My group" proposal="My proposal" src-address=10.22.22.1/32 template=yes
Router B
Code: Select all
/ip ipsec mode-config add name="My mc" responder=no use-responder-dns=yes
/ip ipsec policy group add name="My group"
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name="My profile"
/ip ipsec peer add address=<hidden> exchange-mode=ike2 name="My peer" profile="My profile"
/ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name="My proposal" pfs-group=none
/ip ipsec identity add auth-method=digital-signature certificate="My client" generate-policy=port-strict mode-config="My mc" peer="My peer" policy-template-group="My group" remote-id=ignore
/ip ipsec policy add comment="My policy" dst-address=10.22.22.1/32 group="My group" proposal="My proposal" src-address=10.22.22.2/32 template=yes
Anyone have any suggestions why I am not able to ping from router A (10.22.22.1) to router B (10.22.22.2)?