I have Mikrotik router on server side with static public IP. Other side have dynamic public IP and it is Edgerouter.
The traffic betwen clients works if I create ipsec policy with SA Src. Address and SA Dst. Address.
Because remote side have dynamic IP I like to have dynamic policy, that there is no need to change SA Dst. Address. I create template policy with 0.0.0.0 SA Dst. Address, IPSEC is enstablished but there is no traffic betwen?
Have can I correct set up the ipsec and policy template? Or is there some other configuration if remote peer have dynamic IP?
There is my setup:
/ip ipsec> policy print Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 0 TX* group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes 1 T ;;; VPN1 group=grp-VPN1 src-address=10.99.9.0/24 dst-address=192.168.254.0/24 protocol=all proposal=VPN1 template=yes /ip ipsec> peer print Flags: X - disabled, D - dynamic, R - responder 0 ;;; VPN1 address=ddns.domain.net profile=VPN1 auth-method=pre-shared-key secret="XXXX" generate-policy=port-strict policy-template-group=grp-VPN1 exchange-mode=ike2 send-initial-contact=no