Strongswan Server (Selfhost vpn internet) IP:20.20.20.20 (VPN Internal IP pool 172.10.10.0)
Mikrotik as vpn client (IKEv2 ) 192.168.88.1
Peers (Mikrotik internal devices using a specific connection mark in some VLAN) Example: 192.168.1.2
Two scenario:
-Peer 192.168.1.2 configured directly without using mikrotik as vpn client:
All OK, internal vpn network ping between 192.168.1.2 and 172.10.10.1 ok, works like a charm fast and very stable
-Peer 192.168.1.2 without vpn configuration, mikrotik as vpn client:
No internal ping in vpn network between 192.168.1.2 and 172.10.10.1, connection is fast but i can't post in forums or login in websites.
Dynamic address and routes are generated:
Code: Select all
D 172.10.10.1/24 172.10.10.0 PPPoE
Code: Select all
ADC 172.10.10.1/24 172.10.10.0 PPPoE
Code: Select all
D ;;; ipsec mode-config
chain=srcnat action=src-nat to-addresses=172.10.10.2 connection-mark=strongswan
Any idea?