Page 1 of 1

IPSEC VPN

Posted: Wed Jun 05, 2019 12:21 am
by Boomish
Consider the following scenario


Site To Site VPN

Clients on both networks can speak to each other without a problem
Site A LAN=192.168.2.0/24
Site B LAN=192.168.3.0/24

So from a functional perspective VPN is working just fine.

The problem i'm having is that syslog remote logging traffic sourced from Site B Mikrotik Router is not being sent or encapsulated on the IPSEC Tunnel.

I have a Remote syslog configuration targeting a host on the 192.168.2.0/24 network

Any Hints?

Re: IPSEC VPN

Posted: Wed Jun 05, 2019 9:58 am
by nescafe2002
Common issue. Traffic to 192.168.2.0/24 will be routed to wan initially, therefore the router picks the ip address from the wan interface to initiate the connection.

From there, the connection won't be picked up by ipsec policy. You can create a route to the remote subnet via the lan interface to force the router to pick 192.168.3.x as source address:
/ip route
add dst-address=192.168.2.0/24 gateway=<name of lan interface/bridge>

Re: IPSEC VPN

Posted: Fri Jun 07, 2019 6:37 pm
by Boomish
Thanks

I figured that out about a day after i posted this.

Much appreciated

Consider this topic closed.