Hi guys, i have a very big problem and i need your help.
i have Site2Site Ipsec VPN between 2 mikrotik (Site A & B).
I can ping , i can see the clients in both sides. (Site A subnet 192.168.130.0/24 , Site B subnet 192.168.100.0/24)
I have enable OPENVPN in mikrotik (Site A) and with my laptop (Site C) i have create my OPENVPN client (192.168.252.0/24).
II can ping and i can see clients in mikrotik (Site A).
But i can't ping clients or Mikrotik in Site B
Any idea?
Thanks in advance.
Re: OpenVPN + IpSec
Does Site B have a route to 192.168.252.0/24 via Site A?
-Chris
-Chris
Re: OpenVPN + IpSec
Site A and B are connected with IpSec.
i have Nat and Filter Rules
i dont have a route for (192.168.252.0/24)in route table in Site B
how i can have this kind of route in this table ?
i dont know the gateway for 192.168.252.0/24 because is ipsec connection.
i have Nat and Filter Rules
i dont have a route for (192.168.252.0/24)in route table in Site B
how i can have this kind of route in this table ?
i dont know the gateway for 192.168.252.0/24 because is ipsec connection.
Re: OpenVPN + IpSec
i will export firewall and route settings in few minutes.
maybe this helps.
my English is not so good.
sorry.
maybe this helps.
my English is not so good.
sorry.
Re: OpenVPN + IpSec [SOLVED]
Simply create second IPsec Policy on both routers: 192.168.252.0/24 <-> 192.168.100.0/24
Re: OpenVPN + IpSec
Emils, i will do it now and i will return with my results.
By the way ,
Site B
/ip firewall filter
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.100.0/24 src-address=192.168.130.0/24
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.130.0/24 src-address=192.168.100.0/24
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.252.0/24 src-address=192.168.100.0/24
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.100.0/24 src-address=192.168.252.0/24
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.102.0/24 src-address=\
192.168.100.0/24
add action=accept chain=srcnat dst-address=192.168.130.0/24 src-address=\
192.168.100.0/24
add action=accept chain=srcnat dst-address=192.168.252.0/24 src-address=\
192.168.100.0/24
print routes
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 pppoe-out1 0
1 ADC xxx.xxx.xxx.xxx/32 xxx.xxx.xxx.xxx pppoe-out1 0
6 ADC 192.168.100.0/24 192.168.100.1 bridge 0
By the way ,
Site B
/ip firewall filter
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.100.0/24 src-address=192.168.130.0/24
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.130.0/24 src-address=192.168.100.0/24
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.252.0/24 src-address=192.168.100.0/24
add action=accept chain=forward connection-state=established,related \
dst-address=192.168.100.0/24 src-address=192.168.252.0/24
/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.102.0/24 src-address=\
192.168.100.0/24
add action=accept chain=srcnat dst-address=192.168.130.0/24 src-address=\
192.168.100.0/24
add action=accept chain=srcnat dst-address=192.168.252.0/24 src-address=\
192.168.100.0/24
print routes
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 pppoe-out1 0
1 ADC xxx.xxx.xxx.xxx/32 xxx.xxx.xxx.xxx pppoe-out1 0
6 ADC 192.168.100.0/24 192.168.100.1 bridge 0
Re: OpenVPN + IpSec
Emils, your idea works, thank you very much.
Who is online
Users browsing this forum: No registered users and 18 guests