These are the screenshots of the test results.
Android phone
Win10 PC
Below are some of the codes i extract from my router. I would like to seek for your advice what could be wrong in my settings. Thank you
Code: Select all
/ip ipsec mode-config
add connection-mark="PV MY" name="PV MY" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV HK" name="PV HK" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV SG" name="PV SG" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV BN" name="PV BN" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="PV US" name="PV US" responder=no src-address-list=local1 \
use-responder-dns=no
add connection-mark="IKE MY" name="IKE MY" responder=no src-address-list=\
local1 use-responder-dns=no
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=3des
add dh-group="ecp256,ecp384,ecp521,ec2n185,ec2n155,modp8192,modp6144,modp4096,\
modp3072,modp2048,modp1536,modp1024,modp768" enc-algorithm="aes-256,camell\
ia-256,aes-192,camellia-192,aes-128,camellia-128,3des,blowfish,des" name=\
pointtoserver.com
add dh-group=ecp256,modp2048 dpd-interval=disable-dpd enc-algorithm=aes-256 \
hash-algorithm=sha256 name=IKEV2
/ip ipsec peer
add address=MY2-auto-ikev.ptoserver.com exchange-mode=ike2 name="IKE MY" \
profile=IKEV2
add address=bn-ikev.ptoserver.com exchange-mode=ike2 name="IKE BN" profile=\
IKEV2
add address=bn-ipsec.ptoserver.com disabled=yes name="PV BN" profile=\
pointtoserver.com
add address=hk-ipsec.ptoserver.com disabled=yes name="PV HK" profile=\
pointtoserver.com
add address=my2-auto-ikev.ptoserver.com disabled=yes name="PV MY" profile=\
pointtoserver.com
add address=sg2-auto-ipsec.ptoserver.com disabled=yes name="PV SG" profile=\
pointtoserver.com
add address=us2-ipsec.ptoserver.com disabled=yes name="PV US" profile=\
pointtoserver.com
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des pfs-group=none
add auth-algorithms=sha512,sha256,sha1,md5 enc-algorithms="aes-256-cbc,aes-256\
-ctr,aes-256-gcm,camellia-256,aes-192-cbc,aes-192-ctr,aes-192-gcm,camellia\
-192,aes-128-cbc,aes-128-ctr,aes-128-gcm,camellia-128,3des,blowfish,twofis\
h,des" name=pointtoserver.com pfs-group=none
add auth-algorithms=sha512,sha256,sha1 enc-algorithms=\
aes-256-cbc,aes-192-cbc,aes-128-cbc,3des,des lifetime=0s name=IKEV2 \
pfs-group=none
/ip firewall mangle
add action=mark-routing chain=prerouting comment=NOTE8 disabled=yes \
dst-address-list=!local dst-address-type=!local,broadcast,multicast \
new-routing-mark=note8 passthrough=yes src-address=192.168.88.254
add action=mark-connection chain=prerouting comment=NOTE8 disabled=yes \
dst-address-list=!local log-prefix=note8 new-connection-mark="IKE MY" \
passthrough=no routing-mark=note8
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
add dst-address=0.0.0.0/0 group=pointtoserver.com proposal=pointtoserver.com \
src-address=0.0.0.0/0 template=yes
add dst-address=0.0.0.0/0 group=IKEV2 proposal=IKEV2 src-address=0.0.0.0/0 \
template=yes