Community discussions

MikroTik App
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

IPSEC site to site invalid

Tue Aug 10, 2021 1:40 pm

hello friends,

please i don't know why my VPN IPSec don't work
# aug/10/2021 12:33:48 by RouterOS 6.47.10
# software id = 
#
# model = RBD52G-5HacD2HnD
# serial number = 
/interface bridge
add admin-mac=zz:zz:zz:zz:zz:E6 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-77D1EA wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=MikroTik-77D1EB wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server
add disabled=no interface=bridge name=defconf
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des,des lifetime=6h name=IKE_Crypto
/ip ipsec peer
add address=80.14.XX.XX/32 exchange-mode=aggressive name=OURPEER passive=yes profile=IKE_Crypto
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add enc-algorithms=aes-128-cbc lifetime=1h name=IPSec_Crypto
/ip pool
add name=default-dhcp ranges=10.10.10.15-10.10.10.35
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=10.10.10.10/25 interface=bridge network=10.10.10.9
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.10.10 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=forward dst-address=10.14.10.10/16 src-address=10.10.10.9/25
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=output dst-port=4500 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=output dst-port=4500 protocol=udp
add action=accept chain=output protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input connection-state=established,related,untracked
add action=accept chain=output connection-state=established,related,untracked
/ip firewall nat
add action=accept chain=srcnat dst-address=10.14.10.10/16 src-address=10.10.10.9/25 to-addresses=10.14.10.10/16
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=ether1
/ip ipsec identity
add my-id=user-fqdn:admin@contact.com peer=OURPEER secret=password
/ip ipsec policy
add dst-address=10.14.10.10/16 peer=OURPEER proposal=IPSec_Crypto src-address=10.10.10.9/25 tunnel=yes
set 1 disabled=yes
/system clock
set time-zone-name=Europe/Paris
/system identity
set name=OURPEER
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@OURPEER] > 
advanced thanks
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: IPSEC site to site invalid

Wed Aug 11, 2021 9:34 am

Who is online

Users browsing this forum: mszru, shadarim and 45 guests