Community discussions

MikroTik App
just joined
Topic Author
Posts: 15
Joined: Wed Aug 21, 2013 7:01 am

Please fix critical fail in the wiki about IPSec

Mon Feb 08, 2021 3:49 am


Right now the IPSec wiki is missing extremely important info. For example, the default Firewall configuration in modern RouterOS versions doesn't allow IPSEC-ESP on the input chain.

If you try to connect one Mikrotik (initiator) to another Mikrotik (responder), and both of them have public IP addresses, you MUST manually add this line to the default config on the Mikrotik responder:

add action=accept chain=input protocol=ipsec-esp

This is critical info, not mentioned in the wiki. I was stuck for many hours until I finally discovered this.

Also, the section of the wiki called "Road Warrior setup with Mode Conf" still uses the old syntax to define ipsec peers auth methods, which is incorrect and fails in modern RouterOS versions. This is terrible for newbies who are trying to learn from the wiki :(

Who is online

Users browsing this forum: robertschutter and 69 guests