Community discussions

 
Boomish
just joined
Topic Author
Posts: 5
Joined: Wed Jun 05, 2019 12:07 am

IPSEC VPN

Wed Jun 05, 2019 12:21 am

Consider the following scenario


Site To Site VPN

Clients on both networks can speak to each other without a problem
Site A LAN=192.168.2.0/24
Site B LAN=192.168.3.0/24

So from a functional perspective VPN is working just fine.

The problem i'm having is that syslog remote logging traffic sourced from Site B Mikrotik Router is not being sent or encapsulated on the IPSEC Tunnel.

I have a Remote syslog configuration targeting a host on the 192.168.2.0/24 network

Any Hints?
 
nescafe2002
Long time Member
Long time Member
Posts: 624
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: IPSEC VPN

Wed Jun 05, 2019 9:58 am

Common issue. Traffic to 192.168.2.0/24 will be routed to wan initially, therefore the router picks the ip address from the wan interface to initiate the connection.

From there, the connection won't be picked up by ipsec policy. You can create a route to the remote subnet via the lan interface to force the router to pick 192.168.3.x as source address:
/ip route
add dst-address=192.168.2.0/24 gateway=<name of lan interface/bridge>
 
Boomish
just joined
Topic Author
Posts: 5
Joined: Wed Jun 05, 2019 12:07 am

Re: IPSEC VPN

Fri Jun 07, 2019 6:37 pm

Thanks

I figured that out about a day after i posted this.

Much appreciated

Consider this topic closed.

Who is online

Users browsing this forum: No registered users and 47 guests