Hi,
i have problem with ipsec tunnels.
Here is config and log
213.226.208.xx failed to get valid proposal.
213.226.208.xx failed to pre-process ph1 packet (side: 1, status 1).
konfigurace HQ
/ip ipsec peer
add address=213.226.220.xx/32 name=Kovprojekt
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-256 name=\
Ipsec_Stroje
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add enc-algorithms=aes-256-cbc name=Stroje
/ip ipsec identity
add disabled=yes generate-policy=port-override peer=Dynamic secret=stroje01
add peer=Stroje secret="aaaa"
/ip ipsec policy
add dst-address=192.168.88.0/24 peer=Stroje proposal=Stroje sa-dst-address=77.236.206.xx sa-src-address=213.226.220.xx src-address=10.22.1.0/24 tunnel=yes
add dst-address=192.168.90.0/24 peer=Stroj02 proposal=Stroje sa-dst-address=213.226.208.xx sa-src-address=0.0.0.0 src-address=10.22.1.0/24 tunnel=yes
Client
/ip ipsec peer
add address=213.226.220.xx/32 name=Centrala
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-256 name=\
Ipsec_Stroje
/ip ipsec proposal
add enc-algorithms=aes-256-cbc name=Stroje
/ip ipsec identity
add peer=Centala secret="aaaa"
/ip ipsec policy
add dst-address=10.22.1.0/24 peer=Centrala proposal=Stroje sa-dst-address=\
213.226.220.xx sa-src-address=192.168.1.99 src-address=192.168.90.0/24 \
tunnel=yes
/ip firewall nat
add action=accept chain=srcnat dst-address=10.22.1.0/24 src-address=\
192.168.90.0/24
but i have second client with same config (subnet 88.0/24) - its first policy and this on works.
If you have better way how connect multiple client to HQ give me tip :) i need access all devices behind client (PLC computers etc.)
Thank you
Petr