Community discussions

MikroTik App
 
LifeGame
newbie
Topic Author
Posts: 40
Joined: Mon Sep 26, 2016 5:30 pm

IPSec

Mon Oct 10, 2022 11:59 am

Hi ..
Mikrotik LAN : 10.10.5.1/24
Mikrotik WAN : Static

IPSec Policy
Source Address : 10.10.5.0/24
Dest. Address : 0.0.0.0/0

With this policy ipsec works as i want. I can route traffic with nat policy..

When ipsec policy enable;
- I cant connect mikrotik from 10.10.5.1.. i need to use mac adress for connection.
- Mikrotik DNS server is not working.

When I disable ipsec policy, everything goes back to normal... As far as I understand, my problem is 0.0.0.0 in ipsec policy. But i need this for routing.

How can i fix this ?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: IPSec  [SOLVED]

Mon Oct 10, 2022 3:49 pm

You need to exclude this traffic, add another policy before existing one, with both src and dst 10.10.5.0/24 and action set to none.
 
LifeGame
newbie
Topic Author
Posts: 40
Joined: Mon Sep 26, 2016 5:30 pm

Re: IPSec

Mon Oct 10, 2022 4:01 pm

You need to exclude this traffic, add another policy before existing one, with both src and dst 10.10.5.0/24 and action set to none.
You are king !!!

/ip ipsec policy
add action=none dst-address=10.10.5.0/24 src-address=10.10.5.0/24
add dst-address=0.0.0.0/0 level=unique peer=onurgroup proposal=IPSec_Crypto \
src-address=10.10.5.0/24 tunnel=yes


/ip firewall nat
add action=accept chain=srcnat disabled=yes dst-address=0.0.0.0/0 \
src-address=10.10.5.0/24
add action=masquerade chain=srcnat out-interface-list=WAN

Who is online

Users browsing this forum: kevinds and 45 guests