Community discussions

MikroTik App
 
mo8a
newbie
Topic Author
Posts: 27
Joined: Thu Aug 05, 2021 5:12 pm

i don't find the error of IPSec

Wed Aug 11, 2021 1:16 pm

hello every body,
am looking for this network, the VPN IPSec is invalid, i don't know where is the error;
the export for router 1 :
[admin@MikroTik] > export
# aug/11/2021 10:13:05 by RouterOS 6.47
# software id =
#
#
#
/interface bridge
add name=bridge_Lan
/interface ethernet
set [ find default-name=ether4 ] name=ether1
set [ find default-name=ether5 ] name=ether2
set [ find default-name=ether1 ] name=ether3
set [ find default-name=ether2 ] name=ether4
set [ find default-name=ether3 ] name=ether5
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des,des lifetime=6h name=IKE_Crypto1
/ip ipsec peer
add address=193.63.53.2/32 exchange-mode=aggressive name=network1 passive=yes \
    profile=IKE_Crypto1
/ip ipsec proposal
add enc-algorithms=aes-128-cbc lifetime=1h name=IPSec_Crypto
/interface bridge port
add bpdu-guard=yes bridge=bridge_Lan interface=ether2
add bridge=bridge_Lan interface=ether3
add bridge=bridge_Lan interface=ether4
add bridge=bridge_Lan interface=ether5
/ip address
add address=10.50.50.2/24 interface=ether2 network=10.50.50.0
add address=163.41.41.2/25 interface=ether1 network=163.41.41.0
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall nat
add action=accept chain=srcnat dst-address=172.21.223.0/25 src-address=\
    10.50.50.0/24
add action=masquerade chain=srcnat
/ip ipsec identity
add my-id=user-fqdn:admin@admin.com peer=network1 secret=123456
/ip ipsec policy
add dst-address=172.21.223.0/25 peer=network1 proposal=IPSec_Crypto \
    src-address=10.50.50.0/24 tunnel=yes
/ip route
add distance=1 gateway=ether1 pref-src=163.41.41.2
[admin@MikroTik] >

the export for router 2 :
[admin@MikroTik] > export
# aug/11/2021 10:13:23 by RouterOS 6.47
# software id =
#
#
#
/interface bridge
add name=bridge_Lan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=3des,des lifetime=6h name=IKE_Crypto2
/ip ipsec peer
add address=163.41.41.2/32 exchange-mode=aggressive name=network2 passive=yes \
    profile=IKE_Crypto2
/ip ipsec proposal
add enc-algorithms=aes-128-cbc lifetime=1h name=IPSec_Crypto2
/interface bridge port
add bpdu-guard=yes bridge=bridge_Lan interface=ether2
add bridge=bridge_Lan interface=ether3
add bridge=bridge_Lan interface=ether4
add bridge=bridge_Lan interface=ether5
/ip address
add address=172.21.223.1/25 interface=ether2 network=172.21.223.0
add address=193.63.53.2/25 interface=ether1 network=193.63.53.0
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat
add action=accept chain=srcnat dst-address=10.50.50.0/24 src-address=\
    172.21.223.0/25
/ip ipsec identity
add my-id=user-fqdn:admin@admin.com peer=network2 secret=123456
/ip ipsec policy
add dst-address=10.50.50.0/24 peer=network2 proposal=IPSec_Crypto2 \
    src-address=172.21.223.0/25 tunnel=yes
/ip route
add distance=1 gateway=ether1 pref-src=193.63.53.2
[admin@MikroTik] >


regards thanks

Who is online

Users browsing this forum: rplant and 43 guests