I have two mikrotik, first have one isp and works like ipsec initiator, second works like ipsec responder. I wand install two ipsec connections, but it's don't work. Single ipsec connections are work< but two at same time is no...
Lab scheme and configs: Mikrotik1(init):
Code: Select all
/ip ipsec peer profile
add dh-group=modp1024 enc-algorithm=des name=Test-P1
/ip ipsec policy group
add name=Test
/ip ipsec proposal
add enc-algorithms=des name=Test-P2
/ip address
add address=1.1.1.1/24 interface=ether1 network=1.1.1.0
/ip ipsec peer
add address=2.2.2.2/32 exchange-mode=ike2 policy-template-group=Test profile=Test-P1 secret=test123
add address=3.3.3.3/32 exchange-mode=ike2 policy-template-group=Test profile=Test-P1 secret=test123
/ip route
add distance=1 gateway=1.1.1.254
/system package update
set channel=long-term
Code: Select all
/ip ipsec peer profile
add dh-group=modp1024 enc-algorithm=des name=Test-P1
/ip ipsec policy group
add name=Test
/ip ipsec proposal
add enc-algorithms=des name=Test-P2
/caps-man manager
set enabled=yes
/interface wireless cap
set caps-man-addresses=127.0.0.1 interfaces=wlan1
/ip address
add address=2.2.2.2/24 interface=ether1 network=2.2.2.0
add address=3.3.3.3/24 interface=ether2 network=3.3.3.0
/ip ipsec peer
add address=0.0.0.0/0 exchange-mode=ike2 generate-policy=port-strict passive=yes policy-template-group=Test profile=Test-P1 secret=test123 send-initial-contact=no
/ip ipsec policy
add dst-address=0.0.0.0/0 group=Test proposal=Test-P2 protocol=udp src-address=0.0.0.0/0 template=yes
/ip route
add check-gateway=ping distance=1 gateway=2.2.2.254 routing-mark=isp1
add check-gateway=ping distance=1 gateway=3.3.3.254 routing-mark=isp2
add check-gateway=ping distance=1 gateway=2.2.2.254
add check-gateway=ping distance=2 gateway=3.3.3.254
/ip route rule
add action=lookup-only-in-table src-address=2.2.2.2/32 table=isp1
add action=lookup-only-in-table src-address=3.3.3.3/32 table=isp2
/system package update
set channel=long-term
