Community discussions

MikroTik App
 
yottabit
Member Candidate
Member Candidate
Topic Author
Posts: 198
Joined: Thu Feb 21, 2013 5:56 am

IPIP+IPSec, Where are the Firewall Rules?

Thu Nov 15, 2018 5:23 am

So it's completely awesome that the preshared key option was added to IPIP setup, which automatically creates all of the tedious IPSec configuration parameters.

But... how does this work (and it does work*) without 500 (IKE) and 4500 (IPSec NAT) open on the firewall? i.e., everything is configured except the firewall rules. Does preshared key not require the firewall to be opened? Is it because the tunnel attempts to connect from both ends at the same time so the masquerade NAT just handles the incoming connection because of the outgoing connection?

* To be fair, the tunnel is up, and works. But I have not used a sniffer to see that IPSec is actually working as advertised. ;-)

Who is online

Users browsing this forum: karlisi, kivimart, mkx, Omerik, peterda and 102 guests