Community discussions

MikroTik App
 
own3r1138
just joined
Topic Author
Posts: 7
Joined: Sun Feb 14, 2021 12:33 am

IKEv2 NAT And Routing Problem, Help Needed <3

Mon Feb 15, 2021 5:30 pm

Hi guys,
Can someone please help me out I have no idea how to route VPN Connection to access the Internet I'm trying to use 0.0.0.0/0 so all the traffic goes to the ESP tunnel.
I try both Static DNS and system DNS.
at the first connection to the server, I had full access to the internet but after a retry, that was gone too.
Image
Image

/interface bridge
add name=vpn-bridge
/ip ipsec policy group
add name=ike2-policies
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=ike2
/ip ipsec peer
add exchange-mode=ike2 name=ike2 passive=yes profile=ike2
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=ike2 pfs-group=none
/ip pool
add name=ike2-pool ranges=192.168.77.2-192.168.77.250
/ip ipsec mode-config
add address-pool=ike2-pool address-prefix-length=32 name=ike2-conf \
    split-include=0.0.0.0/0
/tool user-manager customer
set admin access=\
    own-routers,own-users,own-profiles,own-limits,config-payment-gw
/ip address
add address=54.38.217.***/24 interface=ether1 network=54.38.217.0
add address=192.168.77.1/24 comment="VPN Bridge IP" interface=vpn-bridge \
    network=192.168.77.0
add address=192.168.77.1/24 interface=ether1 network=192.168.77.0
/ip cloud
set update-time=no
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec identity
add auth-method=digital-signature certificate=serverikev2 generate-policy=\
    port-strict mode-config=ike2-conf peer=ike2 policy-template-group=\
    ike2-policies remote-id=ignore
/ip ipsec policy
add dst-address=192.168.77.0/24 group=ike2-policies proposal=ike2 src-address=\
    0.0.0.0/0 template=yes
/ip route
add distance=1 gateway=54.38.217.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=*
set api disabled=yes
set winbox port=*
set api-ssl disabled=yes
/system identity
set name=RouterOS
/system logging
add topics=ipsec
/tool user-manager database
set db-path=user-manager
[admin@RouterOS] > 
 
own3r1138
just joined
Topic Author
Posts: 7
Joined: Sun Feb 14, 2021 12:33 am

Re: IKEv2 NAT And Routing Problem, Help Needed <3

Tue Feb 16, 2021 2:04 pm

Is there a problem with how I ask my Q ? or nobody knows? :(
 
own3r1138
just joined
Topic Author
Posts: 7
Joined: Sun Feb 14, 2021 12:33 am

Re: IKEv2 NAT And Routing Problem, Help Needed <3

Wed Feb 17, 2021 2:05 pm

up up up
 
egrhtj
just joined
Posts: 2
Joined: Thu Feb 18, 2021 12:38 pm

Re: IKEv2 NAT And Routing Problem, Help Needed <3

Thu Feb 18, 2021 1:05 pm

i have the same problem !!






192.168.100.1 192.168.1.1
 
own3r1138
just joined
Topic Author
Posts: 7
Joined: Sun Feb 14, 2021 12:33 am

Re: IKEv2 NAT And Routing Problem, Help Needed <3

Thu Feb 25, 2021 10:04 pm

i have the same problem !!


I check this with datacenter and local ISPs they say the government Blocks the Public IP for some reason they offer a new public IP to resolve this but I couldn't risk that. I change my datacenter.
I hope you find your Answer too.





192.168.100.1 192.168.1.1

Who is online

Users browsing this forum: boocko and 52 guests