hEX VPN cliet to site (Shrew) established connection but no trafic
Posted: Thu Feb 04, 2021 7:25 pm
Hi,
I set up a VPN site to client connection using Shrew VPN as the client:
Shrew VPN config:
VPN connection established, Shrew inform that "tunnel enabled", policy generator working ...
srcnat with masquarade
... but not trafic. I cant ping to any host from subnet 192.168.100.0/24
Help me!!! Please!!!
I set up a VPN site to client connection using Shrew VPN as the client:
Code: Select all
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des hash-algorithm=md5 name=phase1 nat-traversal=no
/ip ipsec peer
add name=VPN passive=yes profile=phase1
/ip ipsec proposal
add enc-algorithms=3des name=phase2
/ip ipsec identity
add generate-policy=port-override peer=VPN secret=123
/ip ipsec policy
set 0 proposal=phase2
Code: Select all
n:version:4
s:network-host:xxx.xxx.xxx.xxx ### VPN SERVER ADDRESS ###
n:network-ike-port:500
s:client-auto-mode:pull
n:network-mtu-size:1380
s:client-iface:direct
n:client-addr-auto:1
s:network-natt-mode:disable
n:network-natt-port:4500
n:network-natt-rate:15
s:network-frag-mode:disable
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-dns-used:0
n:client-dns-auto:1
n:client-dns-suffix-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:client-wins-used:0
n:client-wins-auto:1
s:auth-method:mutual-psk
s:ident-client-type:address
s:ident-server-type:any
b:auth-mutual-psk:123
s:phase1-exchange:main
n:phase1-dhgroup:2
s:phase1-cipher:3des
s:phase1-hash:md5
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
s:phase2-transform:esp-3des
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
n:phase2-pfsgroup:2
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
s:policy-level:require
n:policy-nailed:1
n:policy-list-auto:0
s:policy-list-include:192.168.100.0 / 255.255.255.0
VPN connection established, Shrew inform that "tunnel enabled", policy generator working ...
Code: Select all
[admin@MikroTik] /ip ipsec policy> print
Flags: T - template, B - backup, X - disabled, D - dynamic, I - invalid, A - active, * - default
# PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT
0 T * ::/0 ::/0 all
1 DA VPN yes 192.168.100.0/24 10.83.88.30/32 all encrypt unique 1
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat
Help me!!! Please!!!