Community discussions

MikroTik App
 
lga775
just joined
Topic Author
Posts: 1
Joined: Thu Jul 08, 2021 6:54 pm

IKE VPN issue: download is okay but upload is failed.

Thu Jul 08, 2021 7:12 pm

I have issue with IKE vpn in my network, i tried speedtest on win10 PC, it runs fine, but in my android phone, upload is failed.

These are the screenshots of the test results.

Android phone
Image

Win10 PC
Image

Below are some of the codes i extract from my router. I would like to seek for your advice what could be wrong in my settings. Thank you
/ip ipsec mode-config
add connection-mark="PV MY" name="PV MY" responder=no src-address-list=local1 \
    use-responder-dns=no
add connection-mark="PV HK" name="PV HK" responder=no src-address-list=local1 \
    use-responder-dns=no
add connection-mark="PV SG" name="PV SG" responder=no src-address-list=local1 \
    use-responder-dns=no
add connection-mark="PV BN" name="PV BN" responder=no src-address-list=local1 \
    use-responder-dns=no
add connection-mark="PV US" name="PV US" responder=no src-address-list=local1 \
    use-responder-dns=no
add connection-mark="IKE MY" name="IKE MY" responder=no src-address-list=\
    local1 use-responder-dns=no

/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=3des
add dh-group="ecp256,ecp384,ecp521,ec2n185,ec2n155,modp8192,modp6144,modp4096,\
    modp3072,modp2048,modp1536,modp1024,modp768" enc-algorithm="aes-256,camell\
    ia-256,aes-192,camellia-192,aes-128,camellia-128,3des,blowfish,des" name=\
    pointtoserver.com
add dh-group=ecp256,modp2048 dpd-interval=disable-dpd enc-algorithm=aes-256 \
    hash-algorithm=sha256 name=IKEV2

/ip ipsec peer
add address=MY2-auto-ikev.ptoserver.com exchange-mode=ike2 name="IKE MY" \
    profile=IKEV2
add address=bn-ikev.ptoserver.com exchange-mode=ike2 name="IKE BN" profile=\
    IKEV2
add address=bn-ipsec.ptoserver.com disabled=yes name="PV BN" profile=\
    pointtoserver.com
add address=hk-ipsec.ptoserver.com disabled=yes name="PV HK" profile=\
    pointtoserver.com
add address=my2-auto-ikev.ptoserver.com disabled=yes name="PV MY" profile=\
    pointtoserver.com
add address=sg2-auto-ipsec.ptoserver.com disabled=yes name="PV SG" profile=\
    pointtoserver.com
add address=us2-ipsec.ptoserver.com disabled=yes name="PV US" profile=\
    pointtoserver.com

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des pfs-group=none
add auth-algorithms=sha512,sha256,sha1,md5 enc-algorithms="aes-256-cbc,aes-256\
    -ctr,aes-256-gcm,camellia-256,aes-192-cbc,aes-192-ctr,aes-192-gcm,camellia\
    -192,aes-128-cbc,aes-128-ctr,aes-128-gcm,camellia-128,3des,blowfish,twofis\
    h,des" name=pointtoserver.com pfs-group=none
add auth-algorithms=sha512,sha256,sha1 enc-algorithms=\
    aes-256-cbc,aes-192-cbc,aes-128-cbc,3des,des lifetime=0s name=IKEV2 \
    pfs-group=none

/ip firewall mangle
add action=mark-routing chain=prerouting comment=NOTE8 disabled=yes \
    dst-address-list=!local dst-address-type=!local,broadcast,multicast \
    new-routing-mark=note8 passthrough=yes src-address=192.168.88.254
add action=mark-connection chain=prerouting comment=NOTE8 disabled=yes \
    dst-address-list=!local log-prefix=note8 new-connection-mark="IKE MY" \
    passthrough=no routing-mark=note8

/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=0.0.0.0/0 group=pointtoserver.com proposal=pointtoserver.com \
    src-address=0.0.0.0/0 template=yes
add dst-address=0.0.0.0/0 group=IKEV2 proposal=IKEV2 src-address=0.0.0.0/0 \
    template=yes

You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: infabo and 55 guests