Code: Select all
12:16:16 ipsec,info initiate new phase 1 (Identity Protection): mikrotik_ip[500]<=>strongswan_ip[500]
12:16:17 ipsec,info ISAKMP-SA established mikrotik_ip[4500]-strongswan_ip[4500] spi:61b688aed15cdf77:76b9804f6176c4bc
12:16:17 ipsec,info ISAKMP-SA deleted mikrotik_ip[4500]-strongswan_ip[4500] spi:61b688aed15cdf77:76b9804f6176c4bc rekey:1
strongswan side:
Code: Select all
Dec 5 12:17:26 srv2 ipsec[32066]: 10[NET] sending packet: from strongswan_private_ip[4500] to mikrotik_ip[4500] (76 bytes)
Dec 5 12:17:26 srv2 ipsec[32066]: 06[NET] received packet: from mikrotik_ip[4500] to strongswan_private_ip[4500] (92 bytes)
Dec 5 12:17:26 srv2 ipsec[32066]: 06[ENC] parsed INFORMATIONAL_V1 request 3391131250 [ HASH D ]
Dec 5 12:17:26 srv2 ipsec[32066]: 06[IKE] received DELETE for IKE_SA skynet[80]
Dec 5 12:17:26 srv2 ipsec[32066]: 06[IKE] deleting IKE_SA skynet[80] between strongswan_private_ip[strongswan_public_ip]...mikrotik_ip[mikrotik_ip]
ipsec.conf:
Code: Select all
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn skynet
dpdaction=clear
dpddelay=120s
authby=secret
pfs=no
auto=add
keyingtries=3
auto=start
forceencaps=yes
rekey=no
type=tunnel
keyexchange=ike
ike=aes256-sha1;modp2048
phase2=esp
phase2alg=aes256-sha1;modp2048
left=%defaultroute
leftid=strongswan_public_ip
leftsourceip=strongswan_public_ip
leftprotoport=17/1701
right=mikrotik_ip
rightprotoport=17/%any
mikoritk:
Code: Select all
/ip ipsec peer add address=strongswan_public_ip/32 enc-algorithm=aes-256,aes-128,3des lifetime=1h secret=key
/ip ipsec policy add dst-address=strongswan_public_ip/32 dst-port=1701 protocol=udp sa-dst-address=strongswan_public_ip sa-src-address=mikrotik_ip src-address=mikrotik_ip/32 \
src-port=1701 tunnel=yes
I will be grateful for the any help