Community discussions

MikroTik App
 
Valdis7
just joined
Topic Author
Posts: 5
Joined: Tue Feb 09, 2021 4:02 pm

IPSec only works when I am in my own WiFI.

Sat Jul 31, 2021 1:29 am

Hi,

I have "hap ac lite" device for home usage with default configuration (QuickSet).
I want to access my home LAN from my android phone so I configured "Road Warrior setup using IKEv2 with RSA authentication"
https://help.mikrotik.com/docs/display/ ... entication

and it works but only when I am on Wi-Fi on my home network.
When I switch my android to use mobile network it cannot establish VPN connection.
I use correct IP of my router, etc. Still no success.

What could go wrong? I followed all the steps in the wiki.

Thanks,
> /ip firewall filter print  
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward action=passthrough 

 1    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked 

 2    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid 

 3    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp 

 4    ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 

 5    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 

 6    ;;; defconf: accept in ipsec policy
      chain=forward action=accept ipsec-policy=in,ipsec 

 7    ;;; defconf: accept out ipsec policy
      chain=forward action=accept ipsec-policy=out,ipsec 

 8    ;;; defconf: fasttrack
      chain=forward action=fasttrack-connection connection-state=established,related 

 9    ;;; defconf: accept established,related, untracked
      chain=forward action=accept connection-state=established,related,untracked 

10    ;;; defconf: drop invalid
      chain=forward action=drop connection-state=invalid 

11    ;;; defconf: drop all from WAN not DSTNATed
      chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN

Who is online

Users browsing this forum: morphema and 39 guests